SpamAssassin integration technote

[ScalixSupport]

We've updated the SpamAssassin technote in the knowledgebase to incorporate a change which makes setup a lot simpler.

It's no longer necessary to configure multiple IP addresses which, I know, caused a number of issues for people.

We've also created a new technote for integration if you are using SuSE as your OS of choice.

Please go to http://www.scalix.com/support/knowledgebase.html and enter the word "SpamAssassin" into the search box.

Cheers

Dave

[ScalixSupport]

Hi Mike,

It sounds like you haven't installed spamassassin on your server yet. You should either download and build spamassassin on your machine or download a compatible spamassassin rpm and install that first, then continue with the steps in the technote.

Thanks,
Rachel

[dg_w]

Followed the link and searched, the only spamassassin guide is the long winded, add IP etc ...I am sure I found an easier way documented ? Just involded installing the packages, editing smtp.cfg and sendmail.cf ?

Do you have a link to that one please ?

[ScalixSupport]

Hi,

The technote your were after is posted again.

Thanks,
Don

[burhankhalid]

Edit

Sorry, I realized I posted this in the wrong thread :(


I followed the guide, but there is nothing logged to the audit file, however, I did get this in daemon.stderr:

Code: Select all

/var/opt/scalix/rules/omvscan.map: line 976: return: can only `return' from a function or sourced script


Steps I followed:

1. Installed ClamAV
2. Ran freshclam
3. Copied the rules from the guide to /var/opt/scalix/rules/ALL-ROUTES.VIR:

Code: Select all

[root@avalon logs]# cat /var/opt/scalix/rules/ALL-ROUTES.VIR
VIRUS-UNCLEANED=1 ACTION=REJECT NDN-INFO=ndninfo.txt
VIRUS-UNCLEANED=0 VIRUS-FOUND=1 ACTION=ALLOW NOTIFY="A virus was found in your outgoing message.  It was cleaned and the message was delivered; please ensure that a virus scanner is running and is updated."


4. Then, I copied the omvscan.map file as instructed:

Code: Select all

[root@avalon ~]# cp /opt/scalix/examples/general/omvscan.map /var/opt/scalix/rules
[root@avalon ~]# chown root /var/opt/scalix/rules/omvscan.map
[root@avalon ~]# chmod 555 /var/opt/scalix/rules/omvscan.map


5. I changed the logging levels, and restarted the Service Router
6. I sent a message using a sample file from the ClamAV distribution, but seeing nothing in the audit file, I tailed the daemon.stderr file where I found the error posted. I also found this (not sure if its related):

Code: Select all

[root@avalon logs]# tail fatal

ERROR                   Service Router(Service Router) Tue Mar  7 12:55:38 2006
[OM 5183] A Mapper error has been detected.
Pid of logging process: 29886


SERIOUS ERROR           Service Router(Service Router) Tue Mar  7 12:55:38 2006
[OM 5183] A Mapper error has been detected.
Pid of logging process: 29886


Any ideas here? Using Scalix 10 CE. Server is running FC4

[ScalixSupport]

When you restarted the service router, did it go back to an aborted state ?

With the new version of omvscan.map, this does some pre-checks at startup to ensure that the virus scanner is able to read and scan a Scalix-owned file.

Can you post some more lines from the event logs as this may give some context.

Cheers

Dave

[burhankhalid]

Let me start from the beginning, in case I forgot to mention something that might be of importance.

This is a clean FC4 system, with nothing but what is needed for Scalix installed, with the latest updates.

I installed clamav, clamav-server from yum

Then, I followed the instruction in /usr/share/documentation/clamav-server to setup clamd properly

clamav is the username that is being used. In /etc/group, I have:

scalix:x:101:clamav
sxadmin:x:501:
clamav:x:502:

Following the instructions, I have managed to run clamd successfully :

Code: Select all

+++ Started at Thu Mar  9 11:51:38 2006
clamd daemon 0.88 (OS: linux-gnu, ARCH: i386, CPU: i386)
Log file size limited to 1048576 bytes.
Running as user scalix (UID 100, GID 101)
Reading databases from /var/lib/clamav
Protecting against 46062 viruses.
Unix socket file /var/run/clamd.scalix/clamd.sock
Setting connection queue length to 15
Archive: Archived file size limit set to 10485760 bytes.
Archive: Recursion level limit set to 8.
Archive: Files limit set to 1000.
Archive: Compression ratio limit set to 250.
Archive support enabled.
Archive: RAR support disabled.
Portable Executable support enabled.
Mail files support enabled.
OLE2 support enabled.
HTML support enabled.
Self checking every 1800 seconds.


Even freshclam is running properly :

Code: Select all

ClamAV update process started at Thu Mar  9 11:40:11 2006
main.cvd is up to date (version: 36, sigs: 44686, f-level: 7, builder: tkojm)
daily.cvd is up to date (version: 1319, sigs: 1376, f-level: 7, builder: ccordes)


As you can see, running clamd as the scalix user. Hope this isn't a problem.

After restarting the clamd server, and stopping and restarting the service router, I have the following in fatal:

Please note, I pasted the entire file, but the successful clamd run is only at 11:51

Code: Select all

[root@avalon logs]# cat fatal

ERROR                   Service Router(Service Router) Thu Mar  9 11:34:28 2006
[OM 5181] Reply timed out or invalid - Mapper protocol problem.
Command sent: <none - expect greeting reply>
Reply received: 503 "ClamAV" cannot scan Scalix-owned file Clamd is not configured properly.
Pid of logging process: 16052


ERROR                   Service Router(Service Router) Thu Mar  9 11:34:28 2006
[OM 5181] Reply timed out or invalid - Mapper protocol problem.
Command sent: QUIT Please Close This Session
Reply received: 220 Virus Scanning Client Ready
Pid of logging process: 16052


ERROR                   Service Router(Service Router) Thu Mar  9 11:34:28 2006
[OM 5183] A Mapper error has been detected.
Pid of logging process: 16052


SERIOUS ERROR           Service Router(Service Router) Thu Mar  9 11:34:28 2006
[OM 5183] A Mapper error has been detected.
Pid of logging process: 16052


ERROR                   Service Router(Service Router) Thu Mar  9 11:54:08 2006
[OM 5181] Reply timed out or invalid - Mapper protocol problem.
Command sent: <none - expect greeting reply>
Reply received: 503 "ClamAV" cannot scan Scalix-owned file Clamd is not configured properly.
Pid of logging process: 16779


ERROR                   Service Router(Service Router) Thu Mar  9 11:54:08 2006
[OM 5181] Reply timed out or invalid - Mapper protocol problem.
Command sent: QUIT Please Close This Session
Reply received: 220 Virus Scanning Client Ready
Pid of logging process: 16779


ERROR                   Service Router(Service Router) Thu Mar  9 11:54:08 2006
[OM 5183] A Mapper error has been detected.
Pid of logging process: 16779


SERIOUS ERROR           Service Router(Service Router) Thu Mar  9 11:54:08 2006
[OM 5183] A Mapper error has been detected.
Pid of logging process: 16779


In daemon.stderr I have

Code: Select all

[root@avalon logs]# cat daemon.stderr
/var/opt/scalix/rules/omvscan.map: line 976: return: can only `return' from a function or sourced script
/var/opt/scalix/rules/omvscan.map: line 976: return: can only `return' from a function or sourced script


In case this is important :

Code: Select all

[root@avalon logs]# ls -la /var/opt/scalix/rules
total 60
drwxrwx---   2 scalix scalix  4096 Mar  9 11:00 .
drwxrwxr-x  50 scalix scalix  4096 Mar  7 16:33 ..
-rw-r--r--   1 root   root     260 Mar  9 10:58 ALL-ROUTES.VIR
-rw-r--r--   1 root   root     185 Mar  9 11:00 ndninfo.txt
-r-xr-xr-x   1 root   root   35644 Mar  9 10:59 omvscan.map


Please let me know if you need any other information.

[burhankhalid]

Also, I verified that clamd is working by scanning the clamav test directory:

Code: Select all

[root@avalon test]# clamdscan --config-file=/etc/clamd.d/scalix.conf
/home/burhan/test/clam.exe: ClamAV-Test-File FOUND
/home/burhan/test/clam.cab: ClamAV-Test-File FOUND
/home/burhan/test/clam.zip: ClamAV-Test-File FOUND
/home/burhan/test/clam.exe.bz2: ClamAV-Test-File FOUND

----------- SCAN SUMMARY -----------
Infected files: 4
Time: 0.007 sec (0 m 0 s)


[burhankhalid]

Any update on this issue please? Its holding up the rest of the evaluation.

[burhankhalid]

I managed to resolve this issue by doing an update for clamav software itself. However, still have one minor issue, everything is working fine as per the log:

Code: Select all

REPORT                         Service Router(Service Router) 03.11.06 17:26:08
[OM 5189] Mapper just invoked:
    /var/opt/scalix/rules/omvscan.map
Mapper must now output greeting reply to start the session.
 
 
REPORT                         Service Router(Service Router) 03.11.06 17:28:23
[OM 7803] Started routing of message
 
 
REPORT                         Service Router(Service Router) 03.11.06 17:28:23
[OM 7805] Current message Id
   24211360.1142087208428.JavaMail.root(a)webmail.domain.com
 
 
REPORT                         Service Router(Service Router) 03.11.06 17:28:23
[OM 7815] Creator of message
   Burhan Khalid/AUL
 
 
REPORT                         Service Router(Service Router) 03.11.06 17:28:23
[OM 7807] Started routing of recipient
   Burhan Khalid/AUL
 
 
REPORT                         Service Router(Service Router) 03.11.06 17:28:23
[OM 7810] Recipient will be routed to service queue LOCAL if not deferred
 
 
REPORT                         Service Router(Service Router) 03.11.06 17:28:23
[OM 7880] Rule-set associated with route: ALL-ROUTES.VIR
 
 
REPORT                         Service Router(Service Router) 03.11.06 17:28:23
[OM 7881] Action from rule-set: REJECT
 
 
REPORT                         Service Router(Service Router) 03.11.06 17:28:23
[OM 7811] Generated non-delivery notification for recipient
 
 
REPORT                         Service Router(Service Router) 03.11.06 17:28:23
[OM 7886] Routing rule violation: Message matched REJECT rule.
(Rule-set: ALL-ROUTES.VIR  Rule-name: )
 
 
REPORT                         Service Router(Service Router) 03.11.06 17:28:23
[OM 7808] Finished routing of recipient
   Burhan Khalid/AUL
 
 
REPORT                         Service Router(Service Router) 03.11.06 17:28:23
[OM 7804] Finished routing of message
 
 
REPORT                         Service Router(Service Router) 03.11.06 17:28:23
[OM 7803] Started routing of message
 
 
REPORT                         Service Router(Service Router) 03.11.06 17:28:23
[OM 7806] Current acknowledgement Id
   24211360.1142087208428.JavaMail.root(a)webmail.domain.com
 
 
REPORT                         Service Router(Service Router) 03.11.06 17:28:23
[OM 7807] Started routing of recipient
   postmaster/AUL
 
 
REPORT                         Service Router(Service Router) 03.11.06 17:28:23
[OM 7810] Recipient will be routed to service queue LOCAL if not deferred
 
 
REPORT                         Service Router(Service Router) 03.11.06 17:28:23
[OM 7808] Finished routing of recipient
   postmaster/AUL
 
 
REPORT                         Service Router(Service Router) 03.11.06 17:28:23
[OM 7812] Putting message on service queue LOCAL
 
 
REPORT                         Service Router(Service Router) 03.11.06 17:28:23
[OM 7804] Finished routing of message
 
 
REPORT                         Service Router(Service Router) 03.11.06 17:28:23
[OM 7803] Started routing of message
 
 
REPORT                         Service Router(Service Router) 03.11.06 17:28:23
[OM 7806] Current acknowledgement Id
   24211360.1142087208428.JavaMail.root(a)webmail.domain.com
 
 
REPORT                         Service Router(Service Router) 03.11.06 17:28:23
[OM 7807] Started routing of recipient
   Burhan Khalid/AUL
 
 
REPORT                         Service Router(Service Router) 03.11.06 17:28:23
[OM 7810] Recipient will be routed to service queue LOCAL if not deferred
 
 
REPORT                         Service Router(Service Router) 03.11.06 17:28:23
[OM 7808] Finished routing of recipient
   Burhan Khalid/AUL
 
 
REPORT                         Service Router(Service Router) 03.11.06 17:28:23
[OM 7812] Putting message on service queue LOCAL
 
 
REPORT                         Service Router(Service Router) 03.11.06 17:28:23
[OM 7804] Finished routing of message


But the error message I receive doesn't include the ndninfo.txt file, just the literal string 'ndninfo.txt'

[florian]

If you want this to be a file contianing the text and not a literal message, you need to prefix the filename with a "!" and NOT quote the string...

believe the example is correct in the admin guide.

cheers,
f.

[burhankhalid]

Ah, my confusion resulted from the fact that in the scalix_administration_guide.pdf file, it states

Code: Select all

2 The example below shows how to configure the ALL-ROUTES.VIR file to repair the
message and notify the sender of an infected attachment:
VIRUS-UNCLEANED=1 ACTION=REJECT NDN-INFO=ndninfo.txt
If the virus software cannot repair the attachment, Scalix discards the message and
a non-delivery notification containing the text in the /var/opt/scalix/
rules/ndninfo.txt file is sent to the sender.


Perhaps that could use an edit :)

[florian]

Ouch. It is correctly documented somewhere, I know it - maybe in the technote?

I will send a hint on this to our docs department!

Cheers,
Florian

[KimVette]

OpenSuSE does not list milter any longer - amavisd-new appears to replace it. I'm currently looking at the SuSE document and it covers Scalix 9.4.0.x on SuSE 9.3. Is there any chance you folks would be able to update the referenced technote?

--Kim

[zoobarb]

I understand this a community and all help is freely given. When I get a working version of SUSE 10/ Scalix 10.0.1/Spamassssin setup I will be happy to update docs. Most users seem to be using FC4...instead of SUSE. All the SUSE docs I see seem very old.

IMHO I would like to see fewer platforms supported and more frequently updated documentation.

So, let me know how I can help...

Thanks,
Mike