Alright, the next 2 steps are going to be the trickiest of the entire
installation. First, on this page, we're going to install Clam
Antivirus and Spamassassin. Then, on the next page, we will install
qmail-scanner which will tie ClamAV and Spamassassin into the operation
of our qmail server. I'm going to warn you again that these next two
steps are typically a pain in the ass. I am constantly trying to make
these steps as universal and easy as possible, but the ease of these
steps depends heavily on how your system is configured and how
experienced you are. If you've never done this before, you can pretty
much bet you're going to have a problem or 2 along the way. But don't
give up. If you get into a bind, feel free to consult the qmailrocks
mailing list, mailing list archive, IRC channel or chat forum. Using
these 4 resources, you've got an excellent chance of getting any help
you may need. OK, it's time to put some hair on your chest!
First, let's make sure you have all the required perl modules and
required packages. All of the perl modules below are required for
Spamassassin and Qmail-Scanner to work. I'll talk more about this
further down in the install.
You will need these Perl Modules:
Digest::SHA1
Digest::HMAC
Net::DNS
Time::HiRes
HTML::Tagset
HTML::Parser
Suid Perl isn't installed by default on Slackware systems. This is
because of historical security problems. Instead, there's a way to
build a suid style wrapper around the qmail scanner module.
- Helpful Hints -
Checking/Installing Perl Modules
How do I know if my server has these perl modules?
The following script will check your system for the above modules.
You MUST run this script as a NON-ROOT user!!
/downloads/qmailrocks/scripts/util/check_perlmods.script
If you see an output similar to this:
/usr/lib/perl5/5.6.1/i386-linux/Time/HiRes.pm Your are good to go!
However, if you get a "not found" type response for any of the above
modules, you will need to install them.
Ok, so if I don't have the module(s), how do I download and install
it(them)?
There are 2 main ways you can do this:
2. Qmailrocks included source packages: I've included source versions
of all needed perl modules. These can be found in the "perlmods"
directory of the Qmailrocks package. If you want to see an example of
how to install these source packages, click here. I try to keep these
packages as current as possible, but you can always fine the latest
versions at CPAN.
1. Directly from CPAN: Go to http://www.cpan.org, get the module and
install it. Alternatively, you can use the command line CPAN utility to
connect to CPAN and install the module.
Ok, so at this point you should have all of the above Perl modules
installed on your system. In addition, as noted above, you will also
need to have "unzip" and "perl-suidperl" packages installed. So let's
install Clam Anti Virus and Spammassin..
Installing Clam Anti Virus...
cd /downloads/qmailrocks/
tar -xzvf clamav-0.87.1.tar.gz
cd clamav-0.87.1
groupadd clamav
useradd clamav -g clamav -s /sbin/nologin
./configure --prefix=/usr --sysconfdir=/etc
make && make check && make install
Ok, this is where I do thing a bit differently with ClamAV. Under
normal conditions, you would use the daemonized version of ClamAV, by
way of a program called clamdscan. However, I've never had anything but
trouble when using clamd with qmail. Instead, I choose to only use the
clamscan utility, which is the non-daemonized version of Clam
Antivirus. The most thorough way to ensure that clamdscan is 100%
bypassed it to simple remove the real clamdscan and replace it with a
simply symlink to clamscan.
I do it like this...
mv /usr/bin/clamdscan /usr/bin/clamdscan.orig
ln -s /usr/bin/clamscan /usr/bin/clamdscan
Now we'll do a few configuration settings to the /etc/clamd.conf file.
This file won't get use much, since we aren't going be using the
daemonized version of ClamAV, but it does get accessed occasionally by
other processes.
vi /etc/clamd.conf
"Example" - should be commented out.
"LogFile" - should be set to /var/log/clamav/clamd.log
"LogTime" - should be uncommmented.
"LogSyslog" - should be uncommented.
"ScanMail" - should be uncommented.
Ok, Clam AV is now installed, but let's go ahead and set it up so that
it will auto-update every night with the latest virus definitions!
First we will want to set up the proper logging for the updater....
/usr/bin/freshclam -l /var/log/clamav/clam-update.log
If the server is able to get updates, you should see an output similar
to this:
[root@crescent clamav]# freshclam -l /var/log/clamav/clamav-update.log
ClamAV update process started at Sun Oct 24 23:36:22 2004
main.cvd is up to date (version: 27, sigs: 23982, f-level: 2, builder:
tomek)
daily.cvd is up to date (version: 549, sigs: 1583, f-level: 3, builder:
ccordes)
Woohoo! You're updated with the latest virus definiations from the Clam
database!
Now we just set a crontab to run every night, which will run the
auto-update procedure! In the example below, I've set mine to run every
day at 1:15 AM. The odd run time came reccomended from ClamAV, if
you're wondering. Running freshclam at times other than the top of an
hour reduces the load on their servers. so feel free to adjust the time
to something even more offbeat, like 1:19 AM or something. The guys at
ClamAV will thank you.
crontab -e (make sure you run this command as root)
15 1 * * * /usr/bin/freshclam --quiet -l /var/log/clamav/clam-update.log
Now save your new crontab and exit.
That's it! We're all done with Clam Anti Virus! You will now have a
server-wide e-mail virus scanner that updates itself every night with
the latest and greatest virus definitions!
- Helpful Hints -
Knowing Clam Anti Virus
1) Clam AV works pretty well right out of the box. However, there is a
configuration file created at /etc/clamav.conf in case you want to
customize it to your liking.
3) Clam logs to /var/log/clamav.log (in above scenario)
4) When Clam detects an e-mail that contains a potential virus, the
following will happen:
- a) Clam AV quarantines the e-mail in /var/spool/qmailscan/quarantine
- b) Clam AV will send a notification of the detection and quarantine
to whoever you configure it to send notifications to. When we install
Qmail-Scanner further down this page, we will tell it what people to
notify when a virus is detected. If you configure Qmail-Scanner by my
rules, it will send 1 notification to the system administrator.
However, it can also send a notification to the sender and the
recipient as well, if you configure it to do so.
Now let's install Spamassassin...
Note: Spamassassin utilizes port 783 to properly scan and release
e-mail. If you have a firewall on your server, you will need to open up
port 783 going in and out.
If you don't have the Mail::Spamassassin Perl module installed on your
system, let's install it now...
cd /downloads/qmailrocks/
tar zxvf Mail-SpamAssassin-3.1.0.tar.gz
cd Mail-SpamAssassin-3.1.0
perl Makefile.PL (This will ask some configuration questions. Use your best judgment)
make && make install
Alright. Now we're going to add a user/group called "spamd" under which
Spamassassin will be run...
groupadd spamd
useradd -g spamd -s /bin/false spamd
We'll need to create a startup script for spamassassin - normally
stored as /etc/rc.d/rc.spamd
vi /etc/rc.d/rc.spamd
#!/bin/sh
# Spamd init script for Slackware 9.0
# August, 2th 2003
# Martin Ostlund, nomicon
# Modified slightly by Troy Belding for Qmailrocks - February 23, 2004
# Modified by MrJackson to allow graceful stopping of SA - October 11, 2005
PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin
DAEMON=/usr/bin/spamd
NAME=spamd
SNAME=rc.spamd
DESC="SpamAssassin Mail Filter Daemon"
PIDFILE="/var/run/$NAME.pid"
PNAME="spamd"
DOPTIONS="-x -u spamd -H /home/spamd -d --pidfile=$PIDFILE"
KILL="/bin/kill"
KILLALL="/bin/killall"
# Defaults - don't touch, edit /etc/mail/spamassassin/local.cf
ENABLED=0
OPTIONS=""
set -e
case "$1" in
start)
echo -n "Starting $DESC: "
$PNAME $OPTIONS $DOPTIONS
echo "$NAME."
;;
stop)
echo -n "Stopping $DESC: "
$KILL `cat $PIDFILE`
echo "$NAME."
;;
restart|force-reload)
echo -n "Restarting $DESC: "
$0 stop
$0 start
echo "$NAME."
;;
*)
ME=/etc/rc.d/$SNAME
echo "Usage: $ME {start|stop|restart|force-reload}" >&2
exit 1
;;
esac
exit 0
Save and exit from this new init script and then set permissions on
it...
chmod 755 /etc/rc.d/rc.spamd
And now let's set some config options...
vi /etc/mail/spamassassin/local.cf
Replace the contents of the local.cf file with the following config
settings:
rewrite_subject 1
required_hits 5
Save and exit from the file.
Now start up Spamassassin...
/etc/rc.d/rc.spamd start
Now let's see if Spamassassin is running...
ps aux | grep spamd
You should the following info concerning spamassassin. The PID might
differ on your system, but you get the idea.
spamd 3734 0.2 2.0 24992 20808 ? S 14:21 0:01 /usr/bin/spamd -x -u spamd -H /home/spamd -d
If all has gone well, both Spamassassin and Clam Anti Virus should now
be installed! With both of these programs installed, we can now install
Qmail-Scanner.
|