Part 11. ClamAV Email Anti-Virus configuring

The list of articles cycle

Install the antivirus system for the mail server:

#apt install clamsmtp

Open the configuration file /etc/clamsmtpd.conf and write down the required settings there:

OutAddress: 10026


ClamAddress: /var/run/clamav/clamd.ctl

Header: X-AV-Checked: ClamAV using ClamSMTP

TempDirectory: /var/spool/clamsmtp

PidFile: /var/run/clamsmtp/

Quarantine: on

User: clamsmtp

#VirusAction: /etc/clamav/


In fact, there are many parameters in this file, but only the necessary ones are specified here. For a more detailed study, I recommend reading me clamsmtpd.conf.


To apply the changes, you must restart the antivirus service:

#service clamsmtp restart


Configure an email server to work with antivirus

Add 2 lines to the file /etc/postfix/

content_filter = scan:[]:10025

receive_override_options = no_address_mappings


The first one tells postfix that it is necessary to forward all mail through the service (filter) scan to the 10025 port where clamsmtpd is. The second line tells postfix do not make any address manipulation before the mail reaches the content_filter. So filter works with real mailing addresses, and not with the results of translating into virtual aliases, masquerades, etc.


You need to add the following lines to the /etc/postfix/ file:

# AV scan filter (used by content_filter)

scan unix - - n - 16 smtp

-o smtp_send_xforward_command=yes

# For injecting mail back into postfix from the filter inet n - n - 16 smtpd

-o content_filter=

-o receive_override_options=no_unknown_recipient_checks,no_header_body_checks

-o smtpd_helo_restrictions=

-o smtpd_client_restrictions=

-o smtpd_sender_restrictions=

-o smtpd_recipient_restrictions=permit_mynetworks,reject

-o mynetworks_style=host

-o smtpd_authorized_xforward_hosts=


There is no need to restart Postfix service:

#service postfix restart


Antivirus basic configuration is complete.

Configure antivirus notifications

Now the last thing to do is to configure the antivirus notifications sending. To do this, create a file:

#nano /etc/clamav/


We will write to it:



# Email address to send alerts to

ADMIN=This email address is being protected from spambots. You need JavaScript enabled to view it.

# formail should be in PATH



if [ X`echo $SENDER | egrep $DOMAIN` != "X" ];


else MAILTO=`echo "$RECIPIENTS" | egrep $DOMAIN | tr '\n' ','`$ADMIN


(echo "Virus name: $VIRUS"

echo "Sender: $SENDER"

echo "Recipient(s): $RECIPIENTS"


if [ "x$EMAIL" != "x" ] && [ -f $EMAIL ]


echo "Quarantined to: $EMAIL"


) | cat -v | mail -s "$VIRUS found on mailserver" $MAILTO


Uncomment string VirusAction: /etc/clamav/ in the file /etc/clamsmtpd.conf and restart the service clamsmtp:

#service clamsmtp restart


Now our antivirus not only checks the mail, but also quarantines infected letters and sends a notification to the administrator and users of our domain.

You must install the mailutils package for notification sending,

# apt  install mailutils


The list of articles cycle


You can buy the book

"Mail server based on Postfix,

Dovecot and RoundCube"

in electronic form in the store