integrating clamav to fight against virus

[atanubanerji]

hello !!

as far as the documentation, "scalix_server_setup", is concerned, we can integrate scalix with clamav. but there is no clear discussion on "rule set" in ALL-ROUTESVIR file.

can any one give me an example. what could be the contents of the ALL-ROUTESVIR file?

please....

[ScalixSupport]

Hi!

An example of the ALL- ROUTES.VIR file:
VIRUS-UNCLEANED=1 ACTION=REJECT NDN-INFO=!ndninfo.txt VIRUS-UNCLEANED=0
VIRUS-FOUND=1 ACTION=ALLOW NOTIFY="A virus was fuond in your message. It was
successfully cleaned and sent to the recipient. However we highly recommend that you
install or update your virus protection software and scan your computer for viruses."

The first line describes what action the anti-virus software will take if a virus was detected,
but the virus could not be cleaned from the message. In this example, the message is
rejected and a non-delivery notification is sent to the sender. The second line describes
what action the anti-virus software will take if a virus is detected and virus could be
cleaned from the message. In this example it would allow the message to be sent to the
recipient and a notification would be sent back to the sender of the virus infected message.

Thanks,
Subir

[atanubanerji]

thank subir !!

things r clear now.

please answer another....

can i put the both directives there? what u have done in ur case?

thanks once again

atanu

[ScalixSupport]

Yes, put both the rules can be put in the same file ALL-ROUTES.VIR file.

Thanks,
Subir

[atanubanerji]

subir...

Thank u subir. however I faced another problem...

after going thru the documentation, Scalix_Server_Setup_Guide", I find an error in /var/opt/scalix/au/s/logs/fatal file like this -
SERIOUS ERROR CDA Server (CDA Server ) Wed Feb 28 12:21:30 2007
[OM 28664] There is already a CDA server process running
Pid of logging process: 2776

What is CDA Server here? How do I solve the problem.

Please help once again...

Atanu

[kanderson]

This will be unrelated. Please restart your entire server, and then start a new thread if the problem persists.

Kev.

[dougp23]

subir,

It is my understanding that in the rules directory, you need a file called ndninfo.txt

At least that's how I have my set up. My ndninfo.txt is just one line, it says
"Your message was not delivered because it contained a virus."

[ScalixSupport]

Hi!

Thanks for the point, the following post is related to this one, I plan to test this today, will
get back to you soon.
viewtopic.php?t=6354

Thanks,
Subir

[ScalixSupport]

Atanu,

I am sorry for such delay, following up your issue, were you able to make the ClamAV
configurations.

While trying to configure, I keep getting my Service Router to crash, make sure the clamd
service runs. My result for the command "ps ax | grep clam" is as below:

[root@subir-rhel4 data]# ps ax | grep clam
2169 ? Ss 0:02 clamd
7058 pts/1 S+ 0:00 grep clam
[root@subir-rhel4 data]#

If you do not get such a result, edit the /etc/clamd.conf file, and add your server IP as below:

Code: Select all

TCPAddr 127.0.0.1
TCPAddr nnn.nnn.nnn.nnn

Note: Replace nnn.nnn.nnn.nnn with your Scalix server IP address.
Once, you have saved the file /etc/clamd.conf and check the logs being generated at
/var/log/clamav/clamd.log see what you get there.

Thanks,
Subir

[atanubanerji]

subir

it is really pleasing to see you again.

however see the output below -

[root@atanu etc]# lsb_release -d
Description: Red Hat Enterprise Linux ES release 4 (Nahant Update 2)
[root@atanu etc]# ps ax | grep clam
2508 ? Ss 0:02 clamd
4160 pts/1 R+ 0:00 grep clam
[root@atanu etc]#

and here is the log file, clamd.log -

[root@atanu etc]# tail -f /var/log/clamav/clamd.log
Thu Mar 8 17:04:26 2007 -> Archive support enabled.
Thu Mar 8 17:04:26 2007 -> Algorithmic detection enabled.
Thu Mar 8 17:04:26 2007 -> Portable Executable support enabled.
Thu Mar 8 17:04:26 2007 -> ELF support enabled.
Thu Mar 8 17:04:26 2007 -> Detection of broken executables enabled.
Thu Mar 8 17:04:26 2007 -> Mail files support enabled.
Thu Mar 8 17:04:26 2007 -> Mail: Recursion level limit set to 64.
Thu Mar 8 17:04:26 2007 -> OLE2 support enabled.
Thu Mar 8 17:04:26 2007 -> HTML support enabled.
Thu Mar 8 17:04:26 2007 -> Self checking every 1800 seconds.


subir, can i go again for a fresh installation? please help.

atanu

[ScalixSupport]

Hi Atanu,

What is the result for the command:

Code: Select all

clamdscan /var/opt/scalix/s4/s/data/*

Make sure that each rule in the file /var/opt/scalix/s4/s/rules/ALL-ROUTES.VIR is in one line, without any blank line.

Have you edited the /etc/group file, I have edited as below:

Code: Select all

scalix:x:101:clamav
clamav:x:102:scalix

Do you see any error in /var/opt/scalix/??/s/logs/fatal log file.

Thanks,
Subir

[atanubanerji]

subir....

yes ..... i think there problem is here...see the output when i run clamdscan
/var/opt/scalix/au/s/data/000001t: lstat() failed. ERROR
/var/opt/scalix/au/s/data/000001u: lstat() failed. ERROR
/var/opt/scalix/au/s/data/000001v: lstat() failed. ERROR
/var/opt/scalix/au/s/data/0000020: lstat() failed. ERROR

----------- SCAN SUMMARY -----------
Infected files: 0
Time: 0.353 sec (0 m 0 s)

however, the clamav user is added to scalix group.

waiting for your reply

thanks subir

atanu

[atanubanerji]

subir....

it may be helpful to u....
when i run clamscan, instead of clamdscan, it gives desired result like this -

/var/opt/scalix/au/s/data/0000020/00002bq: ClamAV-Test-File FOUND
/var/opt/scalix/au/s/data/0000020/items.db: OK
/var/opt/scalix/au/s/data/0000020/00002bp: OK
/var/opt/scalix/au/s/data/0000020/00002bs: OK

----------- SCAN SUMMARY -----------
Known viruses: 97230
Engine version: 0.90
Scanned directories: 64
Scanned files: 349
Infected files: 21
Data scanned: 54.45 MB
Time: 24.506 sec (0 m 24 s)

now, my question is, if i change the clamav_ engine like this ?
[ClamAV]
CLAMAV_ENGINE=/usr/bin/clamscan

can i replace /usr/bin/clamdscan with /usr/bin/clamscan?

[ScalixSupport]

Hi!

Seems you have not seen the Anti-Virus configuration steps properly in the guide. Scalix
requires clamdscan rather than clamscan, also the /var/opt/scalix/??/s/sys/omvscan.cfg
file should look like:

Code: Select all

[GENERAL]
ANTI_VIRUS_ENGINE="ClamAV"

The clamdscan returning lstat() errors suggest permission problems.

Can you run the command "omcheck -s -d > chk_perm", read the file chk_perm, check
the section "#Now checking Mailstore files OM-USERGFILES", there must be some
commands for chmod and chown for files under folders /var/opt/scalix/??/s/user/...

Please confirm, if so, we have an open bug that IMAP file permissions get changed
automatically, please have a look at the post that is covering similar topic:
viewtopic.php?t=6453

Thanks,
Subir

[les]

Hi!

Seems you have not seen the Anti-Virus configuration steps properly in the guide. Scalix
requires clamdscan rather than clamscan, also the /var/opt/scalix/??/s/sys/omvscan.cfg
file should look like:

Code: Select all

[GENERAL]
ANTI_VIRUS_ENGINE="ClamAV"

The clamdscan returning lstat() errors suggest permission problems.

Can you run the command "omcheck -s -d > chk_perm", read the file chk_perm, check
the section "#Now checking Mailstore files OM-USERGFILES", there must be some
commands for chmod and chown for files under folders /var/opt/scalix/??/s/user/...

Please confirm, if so, we have an open bug that IMAP file permissions get changed
automatically, please have a look at the post that is covering similar topic:
viewtopic.php?t=6453

Thanks,
Subir

Another thing to note......

You should also set in /etc/clamd.conf

AllowSupplementaryGroups yes

things changed in recent versions of clamd and even though you add clamav into the scalix group and vice versa it wasn't enough. Clamd needs to be told to allow group based permissions.