Google

Part 14 - Clam Antivirus & SpamAssassin
Alright, the next 2 steps are going to be the trickiest of the entire installation. First, on this page, we're going to install Clam Antivirus and Spamassassin. Then, on the next page, we will install qmail-scanner which will tie ClamAV and Spamassassin into the operation of our qmail server. I'm going to warn you again that these next two steps are typically a pain in the ass. I am constantly trying to make these steps as universal and easy as possible, but the ease of these steps depends heavily on how your system is configured and how experienced you are. If you've never done this before, you can pretty much bet you're going to have a problem or 2 along the way. But don't give up. If you get into a bind, feel free to consult the qmailrocks mailing list, mailing list archive, IRC channel or chat forum. Using these 4 resources, you've got an excellent chance of getting any help you may need. OK, it's time to put some hair on your chest!

First, let's make sure you have all the required perl modules and required packages. All of the perl modules below are required for Spamassassin and Qmail-Scanner to work. I'll talk more about this further down in the install.

You will need these Perl Modules:

Digest::SHA1
Digest::HMAC
Net::DNS
Time::HiRes
HTML::Tagset
HTML::Parser

Suid Perl isn't installed by default on Slackware systems. This is because of historical security problems. Instead, there's a way to build a suid style wrapper around the qmail scanner module.

- Helpful Hints -

Checking/Installing Perl Modules
How do I know if my server has these perl modules?

The following script will check your system for the above modules.

You MUST run this script as a NON-ROOT user!!

/downloads/qmailrocks/scripts/util/check_perlmods.script

If you see an output similar to this: /usr/lib/perl5/5.6.1/i386-linux/Time/HiRes.pm Your are good to go! However, if you get a "not found" type response for any of the above modules, you will need to install them.

Ok, so if I don't have the module(s), how do I download and install it(them)?

There are 2 main ways you can do this:

2. Qmailrocks included source packages: I've included source versions of all needed perl modules. These can be found in the "perlmods" directory of the Qmailrocks package. If you want to see an example of how to install these source packages, click here. I try to keep these packages as current as possible, but you can always fine the latest versions at CPAN.

1. Directly from CPAN: Go to http://www.cpan.org, get the module and install it. Alternatively, you can use the command line CPAN utility to connect to CPAN and install the module.

Ok, so at this point you should have all of the above Perl modules installed on your system. In addition, as noted above, you will also need to have "unzip" and "perl-suidperl" packages installed. So let's install Clam Anti Virus and Spammassin..

Installing Clam Anti Virus...

cd /downloads/qmailrocks/

tar -xzvf clamav-0.87.1.tar.gz

cd clamav-0.87.1

groupadd clamav

useradd clamav -g clamav -s /sbin/nologin

./configure --prefix=/usr --sysconfdir=/etc

make && make check && make install

Ok, this is where I do thing a bit differently with ClamAV. Under normal conditions, you would use the daemonized version of ClamAV, by way of a program called clamdscan. However, I've never had anything but trouble when using clamd with qmail. Instead, I choose to only use the clamscan utility, which is the non-daemonized version of Clam Antivirus. The most thorough way to ensure that clamdscan is 100% bypassed it to simple remove the real clamdscan and replace it with a simply symlink to clamscan.

I do it like this...

mv /usr/bin/clamdscan /usr/bin/clamdscan.orig

ln -s /usr/bin/clamscan /usr/bin/clamdscan

Now we'll do a few configuration settings to the /etc/clamd.conf file. This file won't get use much, since we aren't going be using the daemonized version of ClamAV, but it does get accessed occasionally by other processes.

vi /etc/clamd.conf

"Example" - should be commented out.
"LogFile" - should be set to /var/log/clamav/clamd.log
"LogTime" - should be uncommmented.
"LogSyslog" - should be uncommented.
"ScanMail" - should be uncommented.

Ok, Clam AV is now installed, but let's go ahead and set it up so that it will auto-update every night with the latest virus definitions! First we will want to set up the proper logging for the updater....

/usr/bin/freshclam -l /var/log/clamav/clam-update.log

If the server is able to get updates, you should see an output similar to this:

[root@crescent clamav]# freshclam -l /var/log/clamav/clamav-update.log
ClamAV update process started at Sun Oct 24 23:36:22 2004
main.cvd is up to date (version: 27, sigs: 23982, f-level: 2, builder: tomek)
daily.cvd is up to date (version: 549, sigs: 1583, f-level: 3, builder: ccordes)

Woohoo! You're updated with the latest virus definiations from the Clam database!

Now we just set a crontab to run every night, which will run the auto-update procedure! In the example below, I've set mine to run every day at 1:15 AM. The odd run time came reccomended from ClamAV, if you're wondering. Running freshclam at times other than the top of an hour reduces the load on their servers. so feel free to adjust the time to something even more offbeat, like 1:19 AM or something. The guys at ClamAV will thank you.

crontab -e (make sure you run this command as root)

15 1 * * * /usr/bin/freshclam --quiet -l /var/log/clamav/clam-update.log

Now save your new crontab and exit.

That's it! We're all done with Clam Anti Virus! You will now have a server-wide e-mail virus scanner that updates itself every night with the latest and greatest virus definitions!

- Helpful Hints -

Knowing Clam Anti Virus
1) Clam AV works pretty well right out of the box. However, there is a configuration file created at /etc/clamav.conf in case you want to customize it to your liking.

3) Clam logs to /var/log/clamav.log (in above scenario)

4) When Clam detects an e-mail that contains a potential virus, the following will happen:

- a) Clam AV quarantines the e-mail in /var/spool/qmailscan/quarantine

- b) Clam AV will send a notification of the detection and quarantine to whoever you configure it to send notifications to. When we install Qmail-Scanner further down this page, we will tell it what people to notify when a virus is detected. If you configure Qmail-Scanner by my rules, it will send 1 notification to the system administrator. However, it can also send a notification to the sender and the recipient as well, if you configure it to do so.

Now let's install Spamassassin...

Note: Spamassassin utilizes port 783 to properly scan and release e-mail. If you have a firewall on your server, you will need to open up port 783 going in and out.

If you don't have the Mail::Spamassassin Perl module installed on your system, let's install it now...

cd /downloads/qmailrocks/

tar zxvf Mail-SpamAssassin-3.1.0.tar.gz

cd Mail-SpamAssassin-3.1.0

perl Makefile.PL (This will ask some configuration questions. Use your best judgment)

make && make install

Alright. Now we're going to add a user/group called "spamd" under which Spamassassin will be run...

groupadd spamd

useradd -g spamd -s /bin/false spamd

We'll need to create a startup script for spamassassin - normally stored as /etc/rc.d/rc.spamd

vi /etc/rc.d/rc.spamd

#!/bin/sh

# Spamd init script for Slackware 9.0
# August, 2th 2003
# Martin Ostlund, nomicon
# Modified slightly by Troy Belding for Qmailrocks - February 23, 2004
# Modified by MrJackson to allow graceful stopping of SA - October 11, 2005

PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin
DAEMON=/usr/bin/spamd
NAME=spamd
SNAME=rc.spamd
DESC="SpamAssassin Mail Filter Daemon"
PIDFILE="/var/run/$NAME.pid"
PNAME="spamd"

DOPTIONS="-x -u spamd -H /home/spamd -d --pidfile=$PIDFILE"

KILL="/bin/kill"
KILLALL="/bin/killall"
# Defaults - don't touch, edit /etc/mail/spamassassin/local.cf
ENABLED=0
OPTIONS=""

set -e

case "$1" in
start)
echo -n "Starting $DESC: "
$PNAME $OPTIONS $DOPTIONS

echo "$NAME."
;;
stop)
echo -n "Stopping $DESC: "
$KILL `cat $PIDFILE`
echo "$NAME."
;;
restart|force-reload)
echo -n "Restarting $DESC: "
$0 stop
$0 start

echo "$NAME."
;;
*)
ME=/etc/rc.d/$SNAME
echo "Usage: $ME {start|stop|restart|force-reload}" >&2
exit 1
;;
esac

exit 0


Save and exit from this new init script and then set permissions on it...

chmod 755 /etc/rc.d/rc.spamd

And now let's set some config options...

vi /etc/mail/spamassassin/local.cf

Replace the contents of the local.cf file with the following config settings:

rewrite_subject 1
required_hits 5

Save and exit from the file.

Now start up Spamassassin...

/etc/rc.d/rc.spamd start

Now let's see if Spamassassin is running...

ps aux | grep spamd

You should the following info concerning spamassassin. The PID might differ on your system, but you get the idea.

spamd 3734 0.2 2.0 24992 20808 ? S 14:21 0:01 /usr/bin/spamd -x -u spamd -H /home/spamd -d

If all has gone well, both Spamassassin and Clam Anti Virus should now be installed! With both of these programs installed, we can now install Qmail-Scanner.



Page Compile Time: 0.00014591217041016 Seconds.
54.161.45.156