Configuring Clamav Ubuntu Gutsy

From Scalix Wiki
Jump to: navigation, search

Important Note

Please note that these manual installation instructions should only be used on Ubuntu distributions, such as Ubuntu Gutsy Gibbon 7.10 server, the distribution the document was written for. If you install Scalix on an unsupported platform, this invalidates your ability to receive Scalix support. Thank you for your understanding and compliance.

This document might be inaccurate and under construction. Do not trust this document.


Configuring Clamav on Ubuntu 7.10 Server (Gutsy Gibbon)

As Ubuntu 7.10 is an unsupported platform there is currently no manual describing the configuration of Clamav (an advanced anti-virus solution) to be used with Scalix. As I managed to get Scalix it up and running and I already documented and shared this with the community (here), I thought it would be useful to share my experiences regarding the Clamav configuration as well.

So below you'll find a how-to that describes the configuration of Clamav to be used with Scalix on a Ubuntu 7.10 server.

Clamav (Clam AntiVirus) is an open source (GPL) anti-virus toolkit for UNIX, designed especially for e-mail scanning on mail gateways. It provides a number of utilities including a flexible and scalable multi-threaded daemon, a command line scanner and advanced tool for automatic database updates.

I used several sources of information on the web. I listed the ones I can remember at the end of the document under Sources.


Applicable Environments

These Installation instructions have been tested with

  • Scalix CE 11.3.0
  • Ubuntu 7.10 Server (Gutsy Gibbon)

They might not apply unmodified to any other version of Scalix or Ubuntu.


Install the Clamav software

Clamav is Open Source Software available on the internet here. nder Ubuntu we have a package available that can be installed directly with apt-get, but unfortunately the 'standard' package contains an outdated version. No worries, to get an actual version, we can use the repository available here. To do so, add the following line to the file /etc/apt/sources.list: 

deb http://ppa.launchpad.net/ubuntu-clamav/ubuntu gutsy main

Afterwards, run: 

sudo apt-get update

At last, install the Clamav software using this command: 

sudo apt-get install clamav-base clamav clamav-daemon clamav-freshclam


Add clamav user to the Scalix group

For Clamav to be able to cooperate with Scalix, you should add the Clamav user clamav to the SCalix group Scalix. Do this by editing /etc/group with your favorite editor, in this example vi is used, but feel free to use whatever editor you like. Edit the /etc/group file: 

sudo vi /etc/group

To add the clamav user to the scalix group, add clamav to the line: 

scalix:x:120:

This is what the result should look like: 

scalix:x:120:clamav


Configure Clamav

Create ruleset

To create a ruleset which controls the virus protection of the Scalix server, create a file in the directory /var/opt/scalix/<instance>/s/rules/ called ALL-ROUTES.VIR. This file should contain the following two lines: 

VIRUS-UNCLEANED=1 ACTION=REJECT NDN-INFO=ndninfo.txt
VIRUS-UNCLEANED=0 VIRUS-FOUND=1 ACTION=ALLOW NOTIFY="A virus was found in your message. It was successfully cleaned and sent to the recipient. However we highly recommend that you install or update your virus protection software and scan your computer for viruses."

Create non-delivery notification

Next create a non-delivery notification, a text file with the message to be sent if a virus was found. This file should be called ndninfo.txt and should be created in the folder /var/opt/scalix/<instance>/s/rules/. This ndninfo.txt file should contain this text: 

Text = A virus was detected in your message and could not be cleaned, therefore it was not delivered. We highly recommend that you install or update you virus protection software.

Configure mapper script

Next, you'll have to set up the mapper script. The file omvscan.map is the virus scanning mapper script that links Scalix and the Clamav virus scanning application. So let's copy the example script to our rules folder /var/opt/scalix/<instance>/s/rules/: 

sudo cp /opt/scalix/examples/general/omvscan.map /var/opt/scalix/<instance>/s/rules/

Now, change the ownership and the permission of the file /var/opt/scalix/<instance>/s/rules/omvscan.map by invoking these commands: 

 sudo chown root:root /var/opt/scalix/<instance>/s/rules/omvscan.map
 sudo chmod 555 /var/opt/scalix/<instance>/s/rules/omvscan.map


Start Clamav

First let's start the Clamav service and the freshclam (virus database updater), do so using the following commands: 

sudo /etc/init.d/clamav-daemon start
sudo /etc/init.d/clamav-freshclam start


Restart Scalix and check the configuration

To check if Scalix and Clamav work together properly, let's turn up the audit logging level for the Scalix services and send a few test mails containing viruses. If everything is all right, reduce the logging level again and enjoy. Let's start:

Turn up the audit logging for service router to 13: 

sudo /opt/scalix/bin/omconfaud router 13

Turn up the debug logging for service router to 15: 

sudo /opt/scalix/bin/omconflvl router 15

Restart the service router, first stop it: 

sudo /opt/scalix/bin/omoff -d 0 rtr

And next start it again: 

sudo /opt/scalix/bin/omon rtr

Now check if the virus scanner works, send yourself a few mail messages containing some test viruses. You can find safe, innocent test viruses to be used with Clamav in the Clamav source tarball. This tarball can be found on the Clamav website (here). After unpacking the clamav-0.92.tar.gz file, you can find the test viruses (named clam-v2.rar, clam-v3.rar, clam.cab, clam.exe, clam.exe.bz2 and clam.zip) in the test folder.

If everything works as expected, you should receive a message that your e-mail messages could not be delivered because it contains virus infected files. Further you should be able to find out what happened when looking into the /var/opt/scalix/s2/s/logs/omvscan.log log file. Please do so using: 

tail -400 /var/opt/scalix/<instance>/s/logs/omvscan.log

This should show you some lines that look like those below: 

2008-02-03 23:21:00:PID=30089:############## start /var/opt/scalix/<instance>/s/tmp/clamav.log.30089
2008-02-03 23:21:00:PID=30089:/var/opt/scalix/<instance>/s/data/000001e/0001uqq: ClamAV-Test-File FOUND
2008-02-03 23:21:00:PID=30089:
2008-02-03 23:21:00:PID=30089:----------- SCAN SUMMARY -----------
2008-02-03 23:21:00:PID=30089:Infected files: 1
2008-02-03 23:21:00:PID=30089:Time: 0.026 sec (0 m 0 s)
2008-02-03 23:21:00:PID=30089:############## end /var/opt/scalix/<instance>/s/tmp/clamav.log.30089

Once you're sure that Clamav is working properly together with Scalix, you can reduce the log levels again.

Turn back the audit logging for service router to 7: 

sudo /opt/scalix/bin/omconfaud router 7

Turn back the debug logging for service router to 7: 

sudo /opt/scalix/bin/omconflvl router 7

Restart the service router, first stop it: 

sudo /opt/scalix/bin/omoff -d 0 rtr

And next start it again: 

sudo /opt/scalix/bin/omon rtr

If there's something wrong, have a look at the log files and look for the exact error message and fix the problem. If everything is all right, then you're done: congratulations!


Sources


The author

The origin for this document was written by Max Wiertz. As a Scalix newbie, I invested a lot of work in getting Scalix together with Clamav to work for me on Ubuntu. I felt like sharing this with all of you, so you can probably take advantage of it.

If you have any questions, remarks, comments or suggestions regarding this document, do not hesitate to contact me by e-mail: mailto:max_DOT_wiertz_AT_gmail_DOT_com.

Retrieved from "https://www.scalix.com/wiki/index.php?title=Configuring_Clamav_Ubuntu_Gutsy&oldid=3931"