On Thu, May 13, 2004 at 01:00:39PM +0300, Iulian wrote: > I try to install CLAMAV, on Slack 9.1, with sendmail and > milter, .... > My installation: > 1. > > sendmail -d0 | grep MILTER > on my PC: Compiled with: DNSMAP LOG MAP_REGEX MATCHGECOS > MILTER MIME7TO8 MIME8TO7 > > 2. User clamav, ...: > group clamav > useradd -g clamav -d /dev/null clamav > mkdir /var/clamav > chown clamav:clamav /var/clamav > > 3 Install... > > ./configure \ > --prefix=/usr --sysconfdir=/etc --datadir=/var/clamav \ > --enable-milter > make > make install > > 4. Cofig /etc/clamav.conf > > > # By default the log file is locked for writing - the lock protects against > # running clamd multiple times (if want to run another clamd, please > # copy the configuration file, change the LogFile variable, and run > # the daemon with --config-file option). That's why you shouldn't uncomment > # this option. > LogFileUnlock > > # Maximal size of the log file. Default is 1 Mb. > # Value of 0 disables the limit. > # You may use 'M' or 'm' for megabytes (1M = 1m = 1048576 bytes) > # and 'K' or 'k' for kilobytes (1K = 1k = 1024 bytes). To specify the size > # in bytes just don't use modifiers. > LogFileMaxSize 2M > > # Log time with an each message. > LogTime > > # Log also clean files. May be useful in debugging but will drastically > # increase the log size. > LogClean > > # Use system logger (can work together with LogFile). > LogSyslog > > # Enable verbose logging. > LogVerbose > > # This option allows you to save the process identifier of the listening > # daemon (main thread). > PidFile /var/clamav/clamd.pid > > # Optional path to the global temporary directory. > # Default is system specific - usually /var/tmp or /tmp. > TemporaryDirectory /var/tmp > > # Path to the database directory. > # Default is the hardcoded directory (mostly /usr/local/share/clamav, > # but it depends on installation options). > DatabaseDirectory /var/clamav > > # The daemon works in local or network mode. Currently the local mode is > # recommended for security reasons. > > # Path to the local socket. The daemon doesn't change the mode of the > # created file (portability reasons). You may want to create it in a > directory > # which is only accessible for a user running daemon. > LocalSocket /var/clamav/clamd.sock > > # Remove stale socket after unclean shutdown. > FixStaleSocket > > # TCP port address. > #TCPSocket 3310 > > # TCP address. > # By default we bind to INADDR_ANY, probably not wise. > # Enable the following to provide some degree of protection > # from the outside world. > #TCPAddr 127.0.0.1 > > # Maximum length the queue of pending connections may grow to. > # Default is 15. > MaxConnectionQueueLength 90 > > # When activated, input stream (see STREAM command) will be saved to disk > before > # scanning - this allows scanning within archives. > StreamSaveToDisk > > # Close the connection if this limit is exceeded. > StreamMaxLength 10M > > # Maximal number of a threads running at the same time. > # Default is 5, and it should be sufficient for a typical workstation. > # You may need to increase threads number for a server machine. > MaxThreads 100 > > # Waiting for data from a client socket will timeout after this time > (seconds). > # Default is 120. Value of 0 disables the timeout. > ReadTimeout 300 > > # Maximal depth the directories are scanned at. > MaxDirectoryRecursion 25 > > # Follow a directory symlinks. > # SECURITY HINT: You should have enabled directory recursion limit to > # avoid potential problems. > #FollowDirectorySymlinks > > # Follow regular file symlinks. > #FollowFileSymlinks > > # Do internal checks (eg. check the integrity of the database structures) > # By default clamd checks itself every 3600 seconds (1 hour). > SelfCheck 600 > > # Execute a command when a virus is found. In the command string %v will > # be replaced by the virus name. > # > VirusEvent /bin/mail -s "VIRUS ALERT: %v" root > > # Run as selected user (clamd must be started by root). > # By default it doesn't drop privileges. > User clamav > > # Initialize the supplementary group access (for all groups in /etc/group > # user is added in. clamd must be started by root). > #AllowSupplementaryGroups > > # Don't fork into background. Useful in debugging. > #Foreground > > # Enable debug messages in libclamav. > #Debug > > ## > ## Document scanning > ## > > # This option enables scanning of Microsoft Office document macros. > ScanOLE2 > > ## > ## Mail support > ## > > # Uncomment this option if you are planning to scan mail files. > ScanMail > > ## > ## Archive support > ## > > > # Comment this line to disable scanning of the archives. > ScanArchive > > > # By default the built-in RAR unpacker is disabled by default because the > code > # terribly leaks, however it's probably a good idea to enable it. > ScanRAR > > > # Options below protect your system against Denial of Service attacks > # with archive bombs. > > # Files in archives larger than this limit won't be scanned. > # Value of 0 disables the limit. > # WARNING: Due to the unrarlib implementation, whole files (one by one) in > RAR > # archives are decompressed to the memory. That's why never disable > # this limit (but you may increase it of course!) > ArchiveMaxFileSize 10M > > # Archives are scanned recursively - e.g. if Zip archive contains RAR file, > # the RAR file will be decompressed, too (but only if recursion limit is set > # at least to 1). With this option you may set the recursion level. > # Value of 0 disables the limit. > ArchiveMaxRecursion 15 > > # Number of files to be scanned within archive. > # Value of 0 disables the limit. > ArchiveMaxFiles 1000 > > # Mark potential archive bombs as viruses (0 disables the limit) > ArchiveMaxCompressionRatio 200 > > # Use slower decompression algorithm which uses less memory. This option > # affects bzip2 decompressor only. > ArchiveLimitMemoryUsage > > # Mark encrypted archives as viruses (Encrypted.Zip, Encrypted.RAR). > #ArchiveBlockEncrypted > > > ## > ## Clamuko settings > ## WARNING: This is experimental software. It is very likely it will hang > ## up your system !!! > ## > > # Enable Clamuko. Dazuko (/dev/dazuko) must be configured and running. > #ClamukoScanOnAccess > > # Set access mask for Clamuko. > ClamukoScanOnOpen > ClamukoScanOnClose > ClamukoScanOnExec > > # Set the include paths (all files in them will be scanned). You can have > # multiple ClamukoIncludePath options, but each directory must be added > # in a seperate option. All subdirectories are scanned, too. > ClamukoIncludePath /home > #ClamukoIncludePath /students > > # Set the exclude paths. All subdirectories are also excluded. > #ClamukoExcludePath /home/guru > > # Limit the file size to be scanned (probably you don't want to scan your > movie > # files ;)) > # Value of 0 disables the limit. 1 Mb should be fine. > ClamukoMaxFileSize 1M > > # Enable archive support. It uses the limits from clamd section. > # (This option doesn't depend on ScanArchive, you can have archive support > # in clamd disabled). > ClamukoScanArchive > > 5. Update Virus Database > freshclam --quiet --stdout --datadir /var/clamav --log > /var/clamav/clamav.log > > 6. Test > > cd /usr/src/clamav/test > clamscan test1 > -the test is OK > > 7. Sendmail > > In sendmail.cf, in section Mail Filtres > > Xclmilter, S=local:/var/clamav/clmilter.sock,F=, T=S:4m;R:4m > > 8. Start daemon > > clamd > clamav-milter -blo /var/clamav/clmilter.sock > /etc/rc.d/rc.sendmail restart > > -my test > ls -l /var/clamav/*sock > srwxrwxrwx 1 clamav clamav 0 May 13 09:17 /var/clamav/clamd.sock > srwx------ 1 clamav clamav 0 May 13 09:17 /var/clamav/clmilter.sock > > > ps -aux|grep cla > clamav 920 0.0 10.2 14300 13020 ? S 09:17 0:00 clamd > clamav 924 0.0 0.6 4368 860 ? S 09:17 0:00 > clamav-milter -blo /var/clamav/clmilter.sock > > > 9. Mail test(with file test1 , the same as point 6.) > > cat test1 | mail -s "Vir" root > and the mail test go on my mailbox, without any problems! > In my logs, no errors, warnings,...What is wrong ?! > > Thanks! Do you see any messages like: May 13 15:23:17 spamd clamav-milter[419]: i4DBT1Ad005986: clean message from <[EMAIL PROTECTED]> in log? Or, how do you know if a milter works ?
-- Alex V. Kovirshin <alexk at ss dot rgs dot ru> ------------------------------------------------------- This SF.Net email is sponsored by: SourceForge.net Broadband Sign-up now for SourceForge Broadband and get the fastest 6.0/768 connection for only $19.95/mo for the first 3 months! http://ads.osdn.com/?ad_id=2562&alloc_id=6184&op=click _______________________________________________ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
