Saturday, September 12, 2009

Integrate sendmail with clamav

CLAMAV Configuration

#yum -y install clamav*


Start the clamd daemon before clamav-milter

Create  the quarantine directory and Start the clamav-milter with the following options:

#mkdir /var/mail/quarantine/
#chown clamav:clamav /var/mail/quarantine/
#chmod 600 /var/mail/quarantine/

# clamav-milter -o local:/var/run/clamav-milter/clamav.sock --quarantine-dir=/var/mail/quarantine

Other clamav-milter options:
              --bounce \
              --advisory \
              --force-scan \
              --dont-wait \
              --dont-log-clean \
              --max-children=2 \
              --server=localhost \
              --config-file=/etc/clamd.d/milter.conf \
              --pidfile=/var/run/clamav-milter/ \

Create clamav.conf file to run the freshclam
#vi /etc/clamav.conf
LogFile /var/log/clam/clamd.log
PidFile /var/run/clam/
LocalSocket /var/run/clam/clamd.sock
MaxThreads 50
ThreadTimeout 600
MaxDirectoryRecursion 15
SelfCheck 600
User clamav
ArchiveMaxFileSize 10M #file max size in Megabytes for archived scaned files.You can modify this to suit your purposes
ArchiveMaxRecursion 5
ArchiveMaxFiles 1000

Edit file to enable the virus scaning

#vi /etc/mail/

INPUT_MAIL_FILTER(`clamav-milter', `S=local:/var/run/clamav-milter/clamav.sock, F=T,T=S:4m;R:4m;E:10m')
define(`confINPUT_MAIL_FILTERS', `clamav-milter')
These two lines are all you need to let Sendmail work with clamav..... let me explain a litle
  • S=local:/var/run/clamav-milter.sock offcourse is the socket created by clamav-milter
  • F= tells Sendmail what to do if the filter fail, blank means act as if there is no filter. You could use "R" for reject or "T" for temporary fail.
  • T= determens timeouts:

    • S:4m a timeout of 4 minutes for sending to the filter
    • R:4m a timeout of 4 minutes for receiving from the filter

Perhaps you will have to make other changes to this file for your site - that is the reason it is not included in the package - but that is beyond the scope of this little help file

Rewrite the by running macro and reload the service

#m4 /etc/mail/ > /etc/mail/
#service sendmail reload

Test by sending Infected mail

#echo 'X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*' |sendmail -v

No comments:

Post a Comment

tag ur valuable ideas below