Configuring Clamav Ubuntu Gutsy
Contents
Important Note
Please note that these manual installation instructions should only be used on Ubuntu distributions, such as Ubuntu Gutsy Gibbon 7.10 server, the distribution the document was written for. If you install Scalix on an unsupported platform, this invalidates your ability to receive Scalix support. Thank you for your understanding and compliance.
This document might be inaccurate and under construction. Do not trust this document.
Configuring Clamav on Ubuntu 7.10 Server (Gutsy Gibbon)
As Ubuntu 7.10 is an unsupported platform there is currently no manual describing the configuration of Clamav (an advanced anti-virus solution) to be used with Scalix. As I managed to get Scalix it up and running and I already documented and shared this with the community (here), I thought it would be useful to share my experiences regarding the Clamav configuration as well.
So below you'll find a how-to that describes the configuration of Clamav to be used with Scalix on a Ubuntu 7.10 server.
Clamav (Clam AntiVirus) is an open source (GPL) anti-virus toolkit for UNIX, designed especially for e-mail scanning on mail gateways. It provides a number of utilities including a flexible and scalable multi-threaded daemon, a command line scanner and advanced tool for automatic database updates.
I used several sources of information on the web. I listed the ones I can remember at the end of the document under Sources.
Applicable Environments
These Installation instructions have been tested with
- Scalix CE 11.3.0
- Ubuntu 7.10 Server (Gutsy Gibbon)
They might not apply unmodified to any other version of Scalix or Ubuntu.
Install the Clamav software
Clamav is Open Source Software available on the internet here. nder Ubuntu we have a package available that can be installed directly with apt-get, but unfortunately the 'standard' package contains an outdated version. No worries, to get an actual version, we can use the repository available here. To do so, add the following line to the file /etc/apt/sources.list:
deb http://ppa.launchpad.net/ubuntu-clamav/ubuntu gutsy main
Afterwards, run:
sudo apt-get update
At last, install the Clamav software using this command:
sudo apt-get install clamav-base clamav clamav-daemon clamav-freshclam
Add clamav user to the Scalix group
For Clamav to be able to cooperate with Scalix, you should add the Clamav user clamav to the SCalix group Scalix. Do this by editing /etc/group with your favorite editor, in this example vi is used, but feel free to use whatever editor you like. Edit the /etc/group file:
sudo vi /etc/group
To add the clamav user to the scalix group, add clamav to the line:
scalix:x:120:
This is what the result should look like:
scalix:x:120:clamav
Configure Clamav
Create ruleset
To create a ruleset which controls the virus protection of the Scalix server, create a file in the directory /var/opt/scalix/<instance>/s/rules/ called ALL-ROUTES.VIR. This file should contain the following two lines:
VIRUS-UNCLEANED=1 ACTION=REJECT NDN-INFO=ndninfo.txt VIRUS-UNCLEANED=0 VIRUS-FOUND=1 ACTION=ALLOW NOTIFY="A virus was found in your message. It was successfully cleaned and sent to the recipient. However we highly recommend that you install or update your virus protection software and scan your computer for viruses."
Create non-delivery notification
Next create a non-delivery notification, a text file with the message to be sent if a virus was found. This file should be called ndninfo.txt and should be created in the folder /var/opt/scalix/<instance>/s/rules/. This ndninfo.txt file should contain this text:
Text = A virus was detected in your message and could not be cleaned, therefore it was not delivered. We highly recommend that you install or update you virus protection software.
Configure mapper script
Next, you'll have to set up the mapper script. The file omvscan.map is the virus scanning mapper script that links Scalix and the Clamav virus scanning application. So let's copy the example script to our rules folder /var/opt/scalix/<instance>/s/rules/:
sudo cp /opt/scalix/examples/general/omvscan.map /var/opt/scalix/<instance>/s/rules/
Now, change the ownership and the permission of the file /var/opt/scalix/<instance>/s/rules/omvscan.map by invoking these commands:
sudo chown root:root /var/opt/scalix/<instance>/s/rules/omvscan.map sudo chmod 555 /var/opt/scalix/<instance>/s/rules/omvscan.map
Start Clamav
First let's start the Clamav service and the freshclam (virus database updater), do so using the following commands:
sudo /etc/init.d/clamav-daemon start sudo /etc/init.d/clamav-freshclam start
Restart Scalix and check the configuration
To check if Scalix and Clamav work together properly, let's turn up the audit logging level for the Scalix services and send a few test mails containing viruses. If everything is all right, reduce the logging level again and enjoy. Let's start:
Turn up the audit logging for service router to 13:
sudo /opt/scalix/bin/omconfaud router 13
Turn up the debug logging for service router to 15:
sudo /opt/scalix/bin/omconflvl router 15
Restart the service router, first stop it:
sudo /opt/scalix/bin/omoff -d 0 rtr
And next start it again:
sudo /opt/scalix/bin/omon rtr
Now check if the virus scanner works, send yourself a few mail messages containing some test viruses. You can find safe, innocent test viruses to be used with Clamav in the Clamav source tarball. This tarball can be found on the Clamav website (here). After unpacking the clamav-0.92.tar.gz file, you can find the test viruses (named clam-v2.rar, clam-v3.rar, clam.cab, clam.exe, clam.exe.bz2 and clam.zip) in the test folder.
If everything works as expected, you should receive a message that your e-mail messages could not be delivered because it contains virus infected files. Further you should be able to find out what happened when looking into the /var/opt/scalix/s2/s/logs/omvscan.log log file. Please do so using:
tail -400 /var/opt/scalix/<instance>/s/logs/omvscan.log
This should show you some lines that look like those below:
2008-02-03 23:21:00:PID=30089:############## start /var/opt/scalix/<instance>/s/tmp/clamav.log.30089 2008-02-03 23:21:00:PID=30089:/var/opt/scalix/<instance>/s/data/000001e/0001uqq: ClamAV-Test-File FOUND 2008-02-03 23:21:00:PID=30089: 2008-02-03 23:21:00:PID=30089:----------- SCAN SUMMARY ----------- 2008-02-03 23:21:00:PID=30089:Infected files: 1 2008-02-03 23:21:00:PID=30089:Time: 0.026 sec (0 m 0 s) 2008-02-03 23:21:00:PID=30089:############## end /var/opt/scalix/<instance>/s/tmp/clamav.log.30089
Once you're sure that Clamav is working properly together with Scalix, you can reduce the log levels again.
Turn back the audit logging for service router to 7:
sudo /opt/scalix/bin/omconfaud router 7
Turn back the debug logging for service router to 7:
sudo /opt/scalix/bin/omconflvl router 7
Restart the service router, first stop it:
sudo /opt/scalix/bin/omoff -d 0 rtr
And next start it again:
sudo /opt/scalix/bin/omon rtr
If there's something wrong, have a look at the log files and look for the exact error message and fix the problem. If everything is all right, then you're done: congratulations!
Sources
- https://help.ubuntu.com/community/ClamAV?highlight=%28clamav%29
- http://www.clamav.org/doc/latest/clamdoc.pdf
- http://www.clamav.net/
- https://launchpad.net/~ubuntu-clamav/+archive
- http://ubuntuforums.org/showthread.php?t=672610&highlight=clamav
- http://www.scalix.com/wiki/index.php?title=Scalix/Sendmail_%26_Amavisd-New_HOWTO
- http://www.scalix.com/forums/viewtopic.php?t=9766&highlight=allroutes+vir
- http://wiki.clamav.net/Main/TestingClamAV
- http://www.scalix.com/documents/Scalix_Setup_Guide_11.0.2.pdf
- http://www.scalix.com/forums/viewtopic.php?p=7824&sid=ce90e8a99ca29074e853d9ffb3261719
The author
The origin for this document was written by Max Wiertz. As a Scalix newbie, I invested a lot of work in getting Scalix together with Clamav to work for me on Ubuntu. I felt like sharing this with all of you, so you can probably take advantage of it.
If you have any questions, remarks, comments or suggestions regarding this document, do not hesitate to contact me by e-mail: mailto:max_DOT_wiertz_AT_gmail_DOT_com.