Hi there,
I'm at the point where I need to implement a Virus filter on my mail server. I'm running CommuniGatePro (4.1.8) on an xServe (running 10.3.2) and I want to install Clam AV 6.5. Is anyone doing this with a similar setup? Does it work?
hi,
it works beautifully!
Is there much documentation on how to make it work? If so could you point me in the right direction? :-).
Thank you for your help.
Regards
Huw Jenkins
this should get you at least started =) warning ... this is a sloppy copy/paste from my notes ...
first, get to know: http://mail.stalker.com/Lists/CGatePro/List.html
install the following ... ################################################################################ INSTALL gmp: GNU Multiple Precision Arithmetic Library ref: http://www.swox.com/gmp/
cd /usr/ports
DL: ftp://mirrors.kernel.org/gnu/gmp/gmp-4.1.2.tar.gz
gnutar zxf gmp-4.1.2.tar.gz
cd gmp-4.1.2
unsetenv CFLAGS CPPFLAGS CXX CXXFLAGS LDFLAGS LDDLFLAGS LD_PREBIND LC_ALL LANG LINGUAS
# optional, but recommended if your dev env has changed ... glibtoolize --force --copy aclocal -I mpfr -I mpn -I mpn/powerpc32 autoconf
./configure \ --prefix=/usr/local \ --enable-cxx \ --enable-fft \ --enable-mpbsd \ --enable-mpfr \ --enable-shared \ --disable-static
make make install
################################################################################ INSTALL clamav ref: clamav.sourceforge.net
cd /usr/ports DL from CVS: cvs -d:pserver:[EMAIL PROTECTED]:/cvsroot/clamav login CVS password: (blank) cvs -d:pserver:[EMAIL PROTECTED]:/cvsroot/clamav co clamav-devel
# create a clamav-specific user/group, here I assume "37" was available ...
niutil -create / /groups/clamav
niutil -createprop / /groups/clamav gid 37
niutil -create / /users/clamav\
niutil -createprop / /users/clamav shell /bin/tcsh
niutil -createprop / /users/clamav realname "Clamav User"
niutil -createprop / /users/clamav uid 37
niutil -createprop / /users/clamav gid 37
niutil -createprop / /users/clamav _shadow_passwd
passwd clamav
New password: "********"
Retype new password: "********"niutil -appendprop / /groups/clamav users clamav niutil -appendprop . /groups/mail users clamav
cd /usr/ports/clamav-devel
unsetenv CFLAGS CPPFLAGS CXX CXXFLAGS LDFLAGS LDDLFLAGS LD_PREBIND LC_ALL LANG LINGUAS setenv LDFLAGS "-lgmp"
# optional, but recommended if your dev env has changed ... glibtoolize --force --copy --automake && aclocal && autoconf && automake
# install into /usr/local/clamav ./configure \ --prefix=/usr/local/clamav \ --mandir=/usr/local/man \ --enable-shared \ --enable-static \ --with-user=clamav \ --with-group=clamav
ranlib /usr/lib/libbz2.a
make
# you'll see some WRNINGS re: dynamic linking ... they seem to be generally harmless ...
make install
# setup freshclam log touch /var/log/freshclam.log chmod 644 /var/log/freshclam.log chown clamav:clamav /var/log/freshclam.log
# setup clamd log touch /var/log/clamd.log chmod 644 /var/log/clamd.log chown clamav:clamav /var/log/clamd.log
# initialize virusdb --> /var/clamav_db mkdir /var/clamav_db chmod -R 774 /var/clamav_db chown -R clamav:clamav /var/clamav_db /usr/local/clamav/bin/freshclam --log=/var/log/freshclam.log --datadir=/var/clamav_db
# test clamscan command against ClamAV source folder # There's a virus or five in there and if you've done # everything correctly you will see them come up in the scan.
/usr/local/clamav/bin/clamscan --recursive --log-verbose /var/log/clamscan.txt /usr/ports/clamav-devel --database=/var/clamav_db
# output should include/end with:
# /usr/ports/clamav-devel/test/test1: ClamAV-Test-Signature FOUND
# /usr/ports/clamav-devel/test/test1.bz2: ClamAV-Test-Signature FOUND
# /usr/ports/clamav-devel/test/test2.badext: ClamAV-Test-Signature FOUND
# /usr/ports/clamav-devel/test/test2.zip: ClamAV-Test-Signature FOUND
# /usr/ports/clamav-devel/test/test3.rar: ClamAV-Test-Signature FOUND
# create Startup Item ... mkdir /System/Library/StartupItems/ClamAV
==================================================== (EDITOR) /System/Library/StartupItems/ClamAV/ClamAV #!/bin/sh . /etc/rc.common
if [ "${CLAMAV:=-NO-}" = "-YES-" ]; then
ConsoleMessage "Starting ClamAV daemons"
/usr/local/clamav/sbin/clamd -c /var/CommuniGate/clamav/clamav.conf
/usr/local/clamav/bin/freshclam --user=clamav --daemon --log=/var/log/freshclam.log --datadir=/var/clamav_db --daemon-notify=/var/CommuniGate/clamav/clamav.conf
fi
====================================================
==================================================== (EDITOR) /System/Library/StartupItems/ClamAV/StartupParameters.plist { Description = "ClamAV AntiVirus daemons"; Provides = ("ClamAV"); Requires = ("SMTPx"); OrderPreference = "None"; Messages = { start = "Starting ClamAV daemons"; stop = "Starting ClamAV daemons"; }; } ====================================================
# setup a crontab entry to refresh/update your virus db ==================================================== (EDITOR) /etc/crontab +++ 40 */4 * * * root /usr/local/clamav/bin/freshclam --quiet --log=/var/log/freshclam.log --datadir=/var/clamav_db ====================================================
# add an entry in /etc/hostconfig as a 'toggle' for StartupItem ==================================================== (EDITOR) /etc/hostconfig +++ CLAMAV=-YES- ====================================================
chown -R root:wheel /System/Library/StartupItems/ClamAV ;\ chmod 755 /System/Library/StartupItems/ClamAV ;\ chmod 755 /System/Library/StartupItems/ClamAV/ClamAV ;\ chmod 644 /System/Library/StartupItems/ClamAV/StartupParameters.plist
mkdir /var/CommuniGate/clamav
# defined the config file for the clamav daemon ... here's an example ==================================================== (EDITOR) /var/CommuniGate/clamav/clamav.conf ## config file for the Clam AV daemon ## ref: man clamav.conf
LogFile /var/log/clamd.log # LogFileUnlock LogFileMaxSize 2M LogTime LogSyslog LogVerbose PidFile /var/run/clamd.pid DataDirectory /var/clamav_db LocalSocket /tmp/clamd FixStaleSocket MaxConnectionQueueLength 15
## input stream will be saved to disk before scanning ## this allows scanning within archives. # StreamSaveToDisk
# Close the connection if this limit is exceeded. # StreamMaxLength 10M
MaxThreads 5
## Thread (scanner - single task) will be stopped after this time (seconds). ## Default: 180; 0: disables
ThreadTimeout 180 MaxDirectoryRecursion 15 FollowDirectorySymlinks FollowFileSymlinks SelfCheck 3600
## Execute a command when virus is found. In the command string %v and %f will ## be replaced by the virus name and the infected file name respectively. ## ## SECURITY WARNING: Make sure the virus event command cannot be exploited, ## eg. by using some special file name when %f is used. ## Always use a full path to the command. ## Never delete/move files with this directive ! # VirusEvent /usr/local/bin/send_sms 123456789 "VIRUS ALERT: %f: %v"
User clamav # AllowSupplementaryGroups
## Don't fork into background. Useful in debugging. # Foreground
## Enable debug messages in libclamav. Debug
################################ ## Mail support ## Uncomment this option if you are planning to scan mail files. ScanMail
################################ ## Archive support ScanArchive # ScanRAR ArchiveMaxFileSize 10M ArchiveMaxRecursion 5 ArchiveMaxFiles 1000 # ArchiveLimitMemoryUsage ====================================================
################################################################################ INSTALL cgpav refs: http://program.farit.ru/ http://program.farit.ru/doc/cgpav.html
cd /usr/ports/
DL: http://program.farit.ru/antivir/cgpav-1.3.tar.gz
gnutar zxf cgpav-1.3.tar.gz
cd /usr/ports/cgpav-1.3
unsetenv CFLAGS CPPFLAGS CXX CXXFLAGS LDFLAGS LDDLFLAGS LD_PREBIND LC_ALL LANG LINGUAS
# optional, but recommended if your dev env has changed ... glibtoolize --force --copy
# do this if you've a newer (> v1.5) version of libtool ...
====================================================
(EDITOR) configure.in
AC_INIT(cgpav.c)
AC_CONFIG_HEADER(config.h)
+++ AC_PROG_LIBTOOL
dnl Checks for programs.
====================================================aclocal autoconf
# install script into /usr/local/cgpav, NO spamassassin usage (via this script, that is ...) ./configure \ --prefix=/usr/local/cgpav \ --with-spamassassin=no \ --with-cgpro-home=/var/CommuniGate \ --with-cgpro-settings=/var/CommuniGate/Settings \ --with-cgpro-submitted=/var/CommuniGate/Submitted \ --with-antivirus=clamav
make make install
# edit the script conf file as you need/like, here's an example ... ==================================================== (EDITOR) /var/CommuniGate/Settings/cgpav.conf # $Id: cgpav.conf, v 1.3 2003/11/20 12:00:00 farit Exp $
cgpro_home = /var/CommuniGate cgpro_submitted = /var/CommuniGate/Submitted tmp_dir = /tmp
max_childs = 6 max_errors = 20 av_timeout = 120 log_facility = local0
## Infected Actions are: none, reject, discard, addheader infected_action = reject infected_header = X-VirusScan-2-Flag: Yes
## notifications will be sent from: # Use pseudo e-mail, in Settings->Router add a line: # <antivirus> = null; # silently discards all msgs to this address antivirus_email = [EMAIL PROTECTED] sender_notification = true recipients_notification = false postmaster_notification = true postmaster_account = postmaster
# *** Enable notifications to postmasters of the virtual domains *** virtual_postmaster_notification = false virtual_postmaster_account = postmaster
# *** Enable sending notifications to local users, *** local_notification = true local_networks = 127.0.0.1 local_networks = 10.0.0.0/255.255.255.0
# *** Enable notifications depending on the virus name *** virus_name_notification = true
# *** Notifications charset and languages *** charset = us-ascii sender_subject = WARNING: the msg you sent contained a VIRUS, and has been REJECTED. recipient_subject = WARNING: a message sent to you contained a VIRUS, and has been REJECTED! own_text = Please scan your Computer for VIRUS INFECTION!\n\nThank you.
# *** Notification languages *** russian = false german = false french = false spanish = false italian = false tatar = false latvian = false ukrainian = false
clamd_socket = /tmp/clamd # infected_extensions = .pif, .lnk, .scr, .bat, .vbs, .vbe, .js virus_quarantine = false virus_quarantine_dir = virus_collection = false virus_collection_dir =
enable_spamassassin = false restrictions = false ========================================================================
CREATE a SERVER WIDE CGP RULE .... ################################################################################
(
9,
CLAMAV_process,
(
("Message Size", "greater than", 1K),
("Header Field", "is not", "X-VirusScan-2: SUBMITTED")
),
(("Add Header", "X-VirusScan-2: SUBMITTED"), (ExternalFilter, CGPAV))
)################################################################################
finally, setup a "Helper" app to point to the "cgpav" script ...
------------------------------------------------------- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn _______________________________________________ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
