Difference between revisions of "Configuring Clamav Ubuntu Gutsy"

From Scalix Wiki
Jump to: navigation, search
m
 
(6 intermediate revisions by the same user not shown)
Line 31: Line 31:
 
Afterwards, run:
 
Afterwards, run:
 
  sudo apt-get update
 
  sudo apt-get update
 
+
At last, install the Clamav software using this command:
 
  sudo apt-get install clamav-base clamav clamav-daemon clamav-freshclam
 
  sudo apt-get install clamav-base clamav clamav-daemon clamav-freshclam
  
Line 71: Line 71:
  
  
=== Configure sendmail ===
+
== Start Clamav ==
To make sendmail use spamassassin to filter all mail passing by, another file needs to be added to the '''/etc/mail/sendmail.mc'''. Add this line at the end of the file:
+
INPUT_MAIL_FILTER(`spamassassin',`S=local:/var/run/spamass/spamass.sock, F=, T=C:15m;S:4m;R:4m;E:10m')dnl
+
  
Now use the M4 macro processor to translate the /etc/mail/sendmail.mc file into a format sendmail understands (/etc/mail/sendmail.cf). This can be taken out by:
+
First let's start the Clamav service and the freshclam (virus database updater), do so using the following commands:
 
+
sudo bash -c "cd /etc/mail/ && m4 sendmail.mc > sendmail.cf"
+
 
+
=== Configure spamassassin ===
+
 
+
To make spamassassin run in daemon mode, you'll have to edit the configuration files: '''/etc/default/spamassassin''' and '''/etc/default/spamass-milter'''.
+
 
+
In the file '''/etc/default/spamassassin''' you have to change the line ''ENABLED=0'' into ''ENABLED=1''. After that the file should look like this:
+
  
 
<pre>
 
<pre>
# /etc/default/spamassassin
+
sudo /etc/init.d/clamav-daemon start
# Duncan Findlay
+
sudo /etc/init.d/clamav-freshclam start
 
+
# WARNING: please read README.spamd before using.
+
# There may be security risks.
+
 
+
# Change to one to enable spamd
+
ENABLED=1
+
 
+
# Options
+
# See man spamd for possible options. The -d option is automatically added.
+
 
+
# SpamAssassin uses a preforking model, so be careful! You need to
+
# make sure --max-children is not set to anything higher than 5,
+
# unless you know what you're doing.
+
 
+
OPTIONS="--create-prefs --max-children 5 --helper-home-dir"
+
 
+
# Pid file
+
# Where should spamd write its PID to file? If you use the -u or
+
# --username option above, this needs to be writable by that user.
+
# Otherwise, the init script will not be able to shut spamd down.
+
PIDFILE="/var/run/spamd.pid"
+
 
+
# Set nice level of spamd
+
#NICE="--nicelevel 15"
+
 
+
# Cronjob
+
# Set to anything but 0 to enable the cron job to automatically update
+
# spamassassin's rules on a nightly basis
+
CRON=0
+
 
</pre>
 
</pre>
  
In the file '''/etc/default/spamass-milter''' you have to change the line ''OPTIONS="-u spamass-milter -i 127.0.0.1"'' into ''OPTIONS="-u spamass-milter"''. After that the file should look like this:
 
  
<pre>
+
== Restart Scalix and check the configuration ==
# spamass-milt startup defaults
+
To check if Scalix and Clamav work together properly, let's turn up the audit logging level for the Scalix services and send a few test mails containing viruses. If everything is all right, reduce the logging level again and enjoy. Let's start:
  
# OPTIONS are passed directly to spamass-milter.
+
Turn up the audit logging for service router to 13:
# man spamass-milter for details
+
sudo /opt/scalix/bin/omconfaud router 13
  
# Default, use the nobody user as the default user, ignore messages
+
Turn up the debug logging for service router to 15:
# from localhost
+
sudo /opt/scalix/bin/omconflvl router 15
OPTIONS="-u spamass-milter"
+
  
# Reject emails with spamassassin scores > 15.
+
Restart the service router, first stop it:
#OPTIONS="-r 15"
+
sudo /opt/scalix/bin/omoff -d 0 rtr
 +
And next start it again:
 +
sudo /opt/scalix/bin/omon rtr
  
# Do not modify Subject:, Content-Type: or body.
+
Now check if the virus scanner works, send yourself a few mail messages containing some test viruses. You can find safe, innocent test viruses to be used with Clamav in the Clamav source tarball. This tarball can be found on the Clamav website ([http://freshmeat.net/redir/clamav/29355/url_tgz/clamav-0.92.tar.gz here]). After unpacking the '''clamav-0.92.tar.gz''' file, you can find the test viruses (named clam-v2.rar, clam-v3.rar, clam.cab, clam.exe, clam.exe.bz2 and clam.zip) in the test folder.
#OPTIONS="-m"
+
  
######################################
+
If everything works as expected, you should receive a message that your e-mail messages could not be delivered because it contains virus infected files. Further you should be able to find out what happened when looking into the '''/var/opt/scalix/s2/s/logs/omvscan.log''' log file. Please do so using:
# If /usr/sbin/postfix is executable, the following are set by
+
tail -400 /var/opt/scalix/<instance>/s/logs/omvscan.log
# default. You can override them by uncommenting and changing them
+
# here.
+
######################################
+
# SOCKET="/var/spool/postfix/spamass/spamass.sock"
+
# SOCKETOWNER="postfix:postfix"
+
# SOCKETMODE="0660"
+
######################################
+
</pre>
+
 
+
 
+
== Start spamassassin and restart sendmail and Scalix smtp services ==
+
 
+
First let's start the spamassassin services, do so using the following commands:
+
  
 +
This should show you some lines that look like those below:
 
<pre>
 
<pre>
sudo /etc/init.d/spamassassin start
+
2008-02-03 23:21:00:PID=30089:############## start /var/opt/scalix/<instance>/s/tmp/clamav.log.30089
sudo /etc/init.d/spamass-milter start
+
2008-02-03 23:21:00:PID=30089:/var/opt/scalix/<instance>/s/data/000001e/0001uqq: ClamAV-Test-File FOUND
 +
2008-02-03 23:21:00:PID=30089:
 +
2008-02-03 23:21:00:PID=30089:----------- SCAN SUMMARY -----------
 +
2008-02-03 23:21:00:PID=30089:Infected files: 1
 +
2008-02-03 23:21:00:PID=30089:Time: 0.026 sec (0 m 0 s)
 +
2008-02-03 23:21:00:PID=30089:############## end /var/opt/scalix/<instance>/s/tmp/clamav.log.30089
 
</pre>
 
</pre>
  
Next, let's restart the sendmail daemon:
+
Once you're sure that Clamav is working properly together with Scalix, you can reduce the log levels again.
  
  sudo /etc/init.d/sendmail start
+
Turn back the audit logging for service router to 7:
 +
  sudo /opt/scalix/bin/omconfaud router 7
  
And last but not least, restart the Scalix smtp service. To do this, you'll first have to stop the Scalix smtpd via this command:
+
Turn back the debug logging for service router to 7:
 +
sudo /opt/scalix/bin/omconflvl router 7
  
  sudo /opt/scalix/omoff -w -d 0 smtpd
+
Restart the service router, first stop it:
 
+
  sudo /opt/scalix/bin/omoff -d 0 rtr
After the service has been stopped successfully, you can start it again by invoking:
+
And next start it again:
 
+
  sudo /opt/scalix/bin/omon rtr
  sudo /opt/scalix/omon smtpd
+
 
+
 
+
== Check the spamassassin configuration ==
+
Next, to check the configuration, have a look at the log file '''/var/log/mail.log'''. You can check it by using:
+
 
+
tail -400 /var/log/mail.log
+
 
+
If the spamassassin configuration is working correctly this type of output should appear in the '''mail.log''' file:
+
 
+
<pre>
+
Feb  3 19:26:40 shrek2 spamd[26614]: prefork: child states: II
+
Feb  3 19:26:41 shrek2 spamd[26618]: spamd: connection from localhost [127.0.0.1] at port 34577
+
Feb  3 19:26:41 shrek2 spamd[26618]: spamd: still running as root: user not specified with -u, not found, or set to root, falling back to nobody
+
Feb  3 19:26:41 shrek2 spamd[26618]: spamd: processing message <4IX408EJXVWDA658@igsnow.com> for max.wiertz:65534
+
Feb  3 19:26:52 shrek2 spamd[26618]: spamd: identified spam (15.5/5.0) for max.wiertz:65534 in 10.2 seconds, 1908 bytes.
+
Feb  3 19:26:52 shrek2 spamd[26618]: spamd: result: Y 15 - RAZOR2_CF_RANGE_51_100,RAZOR2_CF_RANGE_E4_51_100,RAZOR2_CHECK,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_PBL,RCVD_IN_SORBS_DUL,RCVD_IN_XBL,RDNS_NONE,SUSPICIOUS_RECIPS,URIBL_SBL scantime=10.2,size=1908,user=max.wiertz,uid=65534,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=34577,mid=<4IX408EJXVWDA658@igsnow.com>,autolearn=failed
+
</pre>
+
  
If there's something wrong, have a look at the exact error message and fix the problem. If everything is all right, then you're done: congratulations!  
+
If there's something wrong, have a look at the log files and look for the exact error message and fix the problem. If everything is all right, then you're done: congratulations!
  
  
Line 201: Line 138:
 
* http://wiki.clamav.net/Main/TestingClamAV
 
* http://wiki.clamav.net/Main/TestingClamAV
 
* http://www.scalix.com/documents/Scalix_Setup_Guide_11.0.2.pdf
 
* http://www.scalix.com/documents/Scalix_Setup_Guide_11.0.2.pdf
 +
* http://www.scalix.com/forums/viewtopic.php?p=7824&sid=ce90e8a99ca29074e853d9ffb3261719
  
  

Latest revision as of 22:41, 3 February 2008

Important Note

Please note that these manual installation instructions should only be used on Ubuntu distributions, such as Ubuntu Gutsy Gibbon 7.10 server, the distribution the document was written for. If you install Scalix on an unsupported platform, this invalidates your ability to receive Scalix support. Thank you for your understanding and compliance.

This document might be inaccurate and under construction. Do not trust this document.


Configuring Clamav on Ubuntu 7.10 Server (Gutsy Gibbon)

As Ubuntu 7.10 is an unsupported platform there is currently no manual describing the configuration of Clamav (an advanced anti-virus solution) to be used with Scalix. As I managed to get Scalix it up and running and I already documented and shared this with the community (here), I thought it would be useful to share my experiences regarding the Clamav configuration as well.

So below you'll find a how-to that describes the configuration of Clamav to be used with Scalix on a Ubuntu 7.10 server.

Clamav (Clam AntiVirus) is an open source (GPL) anti-virus toolkit for UNIX, designed especially for e-mail scanning on mail gateways. It provides a number of utilities including a flexible and scalable multi-threaded daemon, a command line scanner and advanced tool for automatic database updates.

I used several sources of information on the web. I listed the ones I can remember at the end of the document under Sources.


Applicable Environments

These Installation instructions have been tested with

  • Scalix CE 11.3.0
  • Ubuntu 7.10 Server (Gutsy Gibbon)

They might not apply unmodified to any other version of Scalix or Ubuntu.


Install the Clamav software

Clamav is Open Source Software available on the internet here. nder Ubuntu we have a package available that can be installed directly with apt-get, but unfortunately the 'standard' package contains an outdated version. No worries, to get an actual version, we can use the repository available here. To do so, add the following line to the file /etc/apt/sources.list: 

deb http://ppa.launchpad.net/ubuntu-clamav/ubuntu gutsy main

Afterwards, run: 

sudo apt-get update

At last, install the Clamav software using this command: 

sudo apt-get install clamav-base clamav clamav-daemon clamav-freshclam


Add clamav user to the Scalix group

For Clamav to be able to cooperate with Scalix, you should add the Clamav user clamav to the SCalix group Scalix. Do this by editing /etc/group with your favorite editor, in this example vi is used, but feel free to use whatever editor you like. Edit the /etc/group file: 

sudo vi /etc/group

To add the clamav user to the scalix group, add clamav to the line: 

scalix:x:120:

This is what the result should look like: 

scalix:x:120:clamav


Configure Clamav

Create ruleset

To create a ruleset which controls the virus protection of the Scalix server, create a file in the directory /var/opt/scalix/<instance>/s/rules/ called ALL-ROUTES.VIR. This file should contain the following two lines: 

VIRUS-UNCLEANED=1 ACTION=REJECT NDN-INFO=ndninfo.txt
VIRUS-UNCLEANED=0 VIRUS-FOUND=1 ACTION=ALLOW NOTIFY="A virus was found in your message. It was successfully cleaned and sent to the recipient. However we highly recommend that you install or update your virus protection software and scan your computer for viruses."

Create non-delivery notification

Next create a non-delivery notification, a text file with the message to be sent if a virus was found. This file should be called ndninfo.txt and should be created in the folder /var/opt/scalix/<instance>/s/rules/. This ndninfo.txt file should contain this text: 

Text = A virus was detected in your message and could not be cleaned, therefore it was not delivered. We highly recommend that you install or update you virus protection software.

Configure mapper script

Next, you'll have to set up the mapper script. The file omvscan.map is the virus scanning mapper script that links Scalix and the Clamav virus scanning application. So let's copy the example script to our rules folder /var/opt/scalix/<instance>/s/rules/: 

sudo cp /opt/scalix/examples/general/omvscan.map /var/opt/scalix/<instance>/s/rules/

Now, change the ownership and the permission of the file /var/opt/scalix/<instance>/s/rules/omvscan.map by invoking these commands: 

 sudo chown root:root /var/opt/scalix/<instance>/s/rules/omvscan.map
 sudo chmod 555 /var/opt/scalix/<instance>/s/rules/omvscan.map


Start Clamav

First let's start the Clamav service and the freshclam (virus database updater), do so using the following commands: 

sudo /etc/init.d/clamav-daemon start
sudo /etc/init.d/clamav-freshclam start


Restart Scalix and check the configuration

To check if Scalix and Clamav work together properly, let's turn up the audit logging level for the Scalix services and send a few test mails containing viruses. If everything is all right, reduce the logging level again and enjoy. Let's start:

Turn up the audit logging for service router to 13: 

sudo /opt/scalix/bin/omconfaud router 13

Turn up the debug logging for service router to 15: 

sudo /opt/scalix/bin/omconflvl router 15

Restart the service router, first stop it: 

sudo /opt/scalix/bin/omoff -d 0 rtr

And next start it again: 

sudo /opt/scalix/bin/omon rtr

Now check if the virus scanner works, send yourself a few mail messages containing some test viruses. You can find safe, innocent test viruses to be used with Clamav in the Clamav source tarball. This tarball can be found on the Clamav website (here). After unpacking the clamav-0.92.tar.gz file, you can find the test viruses (named clam-v2.rar, clam-v3.rar, clam.cab, clam.exe, clam.exe.bz2 and clam.zip) in the test folder.

If everything works as expected, you should receive a message that your e-mail messages could not be delivered because it contains virus infected files. Further you should be able to find out what happened when looking into the /var/opt/scalix/s2/s/logs/omvscan.log log file. Please do so using: 

tail -400 /var/opt/scalix/<instance>/s/logs/omvscan.log

This should show you some lines that look like those below: 

2008-02-03 23:21:00:PID=30089:############## start /var/opt/scalix/<instance>/s/tmp/clamav.log.30089
2008-02-03 23:21:00:PID=30089:/var/opt/scalix/<instance>/s/data/000001e/0001uqq: ClamAV-Test-File FOUND
2008-02-03 23:21:00:PID=30089:
2008-02-03 23:21:00:PID=30089:----------- SCAN SUMMARY -----------
2008-02-03 23:21:00:PID=30089:Infected files: 1
2008-02-03 23:21:00:PID=30089:Time: 0.026 sec (0 m 0 s)
2008-02-03 23:21:00:PID=30089:############## end /var/opt/scalix/<instance>/s/tmp/clamav.log.30089

Once you're sure that Clamav is working properly together with Scalix, you can reduce the log levels again.

Turn back the audit logging for service router to 7: 

sudo /opt/scalix/bin/omconfaud router 7

Turn back the debug logging for service router to 7: 

sudo /opt/scalix/bin/omconflvl router 7

Restart the service router, first stop it: 

sudo /opt/scalix/bin/omoff -d 0 rtr

And next start it again: 

sudo /opt/scalix/bin/omon rtr

If there's something wrong, have a look at the log files and look for the exact error message and fix the problem. If everything is all right, then you're done: congratulations!


Sources


The author

The origin for this document was written by Max Wiertz. As a Scalix newbie, I invested a lot of work in getting Scalix together with Clamav to work for me on Ubuntu. I felt like sharing this with all of you, so you can probably take advantage of it.

If you have any questions, remarks, comments or suggestions regarding this document, do not hesitate to contact me by e-mail: mailto:max_DOT_wiertz_AT_gmail_DOT_com.

Retrieved from "https://www.scalix.com/wiki/index.php?title=Configuring_Clamav_Ubuntu_Gutsy&oldid=3931"