Distroname and release: Debian Squeeze
Postfix with Antivirus filter using ClamAVActually viruses was not a big problem for me (since my clients are *nix based) ;), but it could be for some.
Also I wanted to make sure that I do not spread the viruses to other computers, in example during backup or similiar! So I decided to configure an antivirus scanner on my postfix installation. This works both for incomming and outgoing mails. The original post and author can be found here!
This is just my own writeup/rewriteup for getting this to work.
Configuring the source listSince Debian Squeeze 6.0, volatile have been replaced with squeeze-updates.
You can more about it here.: http://lists.debian.org/debian-volatile-announce/2011/msg00000.html
For Debian Lenny, it is an absolute must to have volatile in your source.list, and for Debian Squeeze squeeze-updates, since antiviruses definitions and normal revision updates to the application very often occour.
By adding volatile or squeeze-updates to the source list, we make sure that we get these updates as soon as they come. Of course we will need to update the system manually !
If you want to know more about volatile, please follow this link.:The Debian Volatile Project
Again, note volatile have been replaced with squeeze-updates. http://lists.debian.org/debian-volatile-announce/2011/msg00000.html
For Debian Lenny Only
In the example below, the volatile source is the last link, and the only one that we have added here. The rest of the source links was already there.
/etc/apt/source.list deb http://debian.uni-c.dk/debian/ stable main contrib non-free deb-src http://debian.uni-c.dk/debian/ stable main contrib non-free deb http://security.debian.org/debian-security stable/updates main deb http://volatile.debian.org/debian-volatile lenny/volatile main contrib non-freeFor Debian Squeeze Only
Again, the last two lines, are the ones we want for keeping ClamAV up-to date.
/etc/apt/source.list deb http://ftp.dk.debian.org/debian/ squeeze main deb-src http://ftp.dk.debian.org/debian/ squeeze main #normal security updates deb http://security.debian.org/ squeeze/updates main deb-src http://security.debian.org/ squeeze/updates main #rolling non-security updates deb http://ftp.dk.debian.org/debian/ squeeze-updates main deb-src http://ftp.dk.debian.org/debian/ squeeze-updates mainAfter the change/add of the volatile source or squeeze-updates, please update the system.
Install the clamav SMTP package.This will install the clamav daemon, and freshclam as well which we will need!
aptitude install clamsmtpJust after the installation you will be selected with options, on how you wish to update antivirus definitions.
Configure ClamAVI have configured as follows.
1) I select daemon here since the server is always connected to the internet 2) Choose the mirror closest to your. (In my example, this is Denmark) 3) Proxy informations to access the internet. None, in my case. 4) Select yes, to update the databases on each update. 5) Select yes, to remove qurantined packages, when removing packages with the --purge option.Now you should see that ClamAV is updating antivirus definitions.
Let it run, it could take some time. Next configure the clamsmtp conf file.
Actually this is not needed, since it should be default values, but do a check anyway!
/etc/clamsmtpd.conf OutAddress: 10026 Listen: 127.0.0.1:10025
Configure PostfixTime to configure postfix. We need to edit the master.cf and main.cf.
Insert the following lines into the main.cf file.
/etc/postfix/main.cf content_filter = scan:127.0.0.1:10025 recieve_override_options = no_address_mappingsAfterwards, edit the mater.cf. This one is a little more tricky.
Also make sure that there are no whitespaces between the '=' signs!
/etc/postfix/master.cf scan unix - - n - 16 smtp -o smtp_send_xforward_command=yes -o smtp_enforce_tls=no #Inject mail into postfix from the netfilter 127.0.0.1:10026 inet n - n - 16 smtpd -o content_filter= -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks -o smtpd_helo_restrictions= -o smtpd_client_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o mynetworks_style=host -o smtpd_authorized_xforward_hosts=127.0.0.0/8
Startup the servicesOk, now everything is configured, and should be working!
Just make sure that postfix, clamsmtpd and clamav-daemon is running!
If either clamav-daemon og clamsmtp is not running you will get failures in the log.
So we just restart all of them, to be sure that all changes are applied.
/etc/init.d/clamav-daemon restart /etc/init.d/clamsmtp restart /etc/init.d/postfix restartHopefully everything should be running.
# ps aux |grep clam clamav 17940 0.0 17.7 104752 86064 ? Ss 18:55 0:00 /usr/sbin/clamd clamsmtp 18347 0.0 0.1 1884 736 ? Ss 19:36 0:00 /usr/sbin/clamsmtpd
Now test using eicar test virus file.This is not a virus, but a file that acts like one, used to test antivirus installations and setups, so it does NO harm at all!
Test, and WATCH THE LOGS! /var/log/mail.log !!!
A working output, where the eicar test file is caught and the e-mail is deleted!
Mar 15 19:04:43 loke clamsmtpd: 100007: accepted connection from: 127.0.0.1 Mar 15 19:04:43 loke postfix/smtpd: connect from localhost[127.0.0.1] Mar 15 19:04:43 loke postfix/smtpd: disconnect from mailhost.example2.com[xxx.xxx.xxx.xxx] Mar 15 19:04:43 loke postfix/smtpd: D486212224: client=localhost[127.0.0.1] Mar 15 19:04:43 loke postfix/smtp: B91134E16: to=<email@example.com>, relay=127.0.0.1[127.0.0.1]:10025, delay=0.19,\ delays=0.07/0/0.05/0.07, dsn=2.0.0, status=sent (250 Virus Detected; Discarded Email) Mar 15 19:04:43 loke postfix/qmgr: B91134E16: removed Mar 15 19:04:43 loke clamsmtpd: 100007: firstname.lastname@example.org, email@example.com,\ status=VIRUS:Eicar-Test-Signature Mar 15 19:04:43 loke postfix/smtpd: disconnect from localhost[127.0.0.1]Done, you should now be one step closer to be virusfree!