Saturday, September 12, 2009

Integrate sendmail with clamav

CLAMAV Configuration


#yum -y install clamav*

#clamd

Start the clamd daemon before clamav-milter

Create  the quarantine directory and Start the clamav-milter with the following options:


#mkdir /var/mail/quarantine/
#chown clamav:clamav /var/mail/quarantine/
#chmod 600 /var/mail/quarantine/

# clamav-milter -o local:/var/run/clamav-milter/clamav.sock --quarantine-dir=/var/mail/quarantine


Other clamav-milter options:
              --bounce \
              --advisory \
              --force-scan \
              --dont-wait \
              --dont-log-clean \
              --max-children=2 \
              --server=localhost \
              --postmaster=sysadmin@example.com \
              --config-file=/etc/clamd.d/milter.conf \
              --pidfile=/var/run/clamav-milter/milter.pid \
              --signature-file=/etc/mail/clamav-email-signature

Create clamav.conf file to run the freshclam
#vi /etc/clamav.conf
#/etc/clamav.conf
LogTime
LogSyslog
LogFile /var/log/clam/clamd.log
PidFile /var/run/clam/clamd.pid
LocalSocket /var/run/clam/clamd.sock
FixStaleSocket
MaxThreads 50
ThreadTimeout 600
MaxDirectoryRecursion 15
FollowFileSymlinks
SelfCheck 600
User clamav
ScanMail
ScanArchive
ArchiveMaxFileSize 10M #file max size in Megabytes for archived scaned files.You can modify this to suit your purposes
ArchiveMaxRecursion 5
ArchiveMaxFiles 1000

Edit sendmail.mc file to enable the virus scaning

#vi /etc/mail/sendmail.mc

------------------------------------------------------
INPUT_MAIL_FILTER(`clamav-milter', `S=local:/var/run/clamav-milter/clamav.sock, F=T,T=S:4m;R:4m;E:10m')
define(`confINPUT_MAIL_FILTERS', `clamav-milter')
-----------------------------------------------------
 

These two lines are all you need to let Sendmail work with clamav..... let me explain a litle
  • S=local:/var/run/clamav-milter.sock offcourse is the socket created by clamav-milter
  • F= tells Sendmail what to do if the filter fail, blank means act as if there is no filter. You could use "R" for reject or "T" for temporary fail.
  • T= determens timeouts:





    • S:4m a timeout of 4 minutes for sending to the filter
    • R:4m a timeout of 4 minutes for receiving from the filter

Perhaps you will have to make other changes to this file for your site - that is the reason it is not included in the package - but that is beyond the scope of this little help file


Rewrite the sendmail.cf by running macro and reload the service

#m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf
#service sendmail reload

Test by sending Infected mail

#echo 'X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*' |sendmail -v kiran@domain.com
Posted by at
Labels: , ,

No comments:

Post a Comment

tag ur valuable ideas below

Subscribe to: Post Comments (Atom)