Part 11. ClamAV Email Anti-Virus configuring
- Category: Mail Server
- Published: Thursday, 18 July 2019 14:27
- Written by Super User
- Hits: 2037
Install the antivirus system for the mail server:
#apt install clamsmtp
Open the configuration file /etc/clamsmtpd.conf and write down the required settings there:
Header: X-AV-Checked: ClamAV using ClamSMTP
In fact, there are many parameters in this file, but only the necessary ones are specified here. For a more detailed study, I recommend reading me clamsmtpd.conf.
To apply the changes, you must restart the antivirus service:
#service clamsmtp restart
Configure an email server to work with antivirus
Add 2 lines to the file /etc/postfix/main.cf:
content_filter = scan:[127.0.0.1]:10025
receive_override_options = no_address_mappings
The first one tells postfix that it is necessary to forward all mail through the service (filter) scan to the 10025 port where clamsmtpd is. The second line tells postfix do not make any address manipulation before the mail reaches the content_filter. So filter works with real mailing addresses, and not with the results of translating into virtual aliases, masquerades, etc.
You need to add the following lines to the /etc/postfix/master.cf file:
# AV scan filter (used by content_filter)
scan unix - - n - 16 smtp
# For injecting mail back into postfix from the filter
127.0.0.1:10026 inet n - n - 16 smtpd
There is no need to restart Postfix service:
#service postfix restart
Antivirus basic configuration is complete.
Configure antivirus notifications
Now the last thing to do is to configure the antivirus notifications sending. To do this, create a script.sh file:
We will write to it:
# Email address to send alerts to
# formail should be in PATH
if [ X`echo $SENDER | egrep $DOMAIN` != "X" ];
else MAILTO=`echo "$RECIPIENTS" | egrep $DOMAIN | tr '\n' ','`$ADMIN
(echo "Virus name: $VIRUS"
echo "Sender: $SENDER"
echo "Recipient(s): $RECIPIENTS"
if [ "x$EMAIL" != "x" ] && [ -f $EMAIL ]
echo "Quarantined to: $EMAIL"
) | cat -v | mail -s "$VIRUS found on mailserver" $MAILTO
Uncomment string VirusAction: /etc/clamav/script.sh in the file /etc/clamsmtpd.conf and restart the service clamsmtp:
#service clamsmtp restart
Now our antivirus not only checks the mail, but also quarantines infected letters and sends a notification to the administrator and users of our domain.
You must install the mailutils package for notification sending,
# apt install mailutils
You can buy the book "Mail server based on Postfix, Dovecot and RoundCube" in electronic form in the store
You can buy the book
"Mail server based on Postfix,
Dovecot and RoundCube"
in electronic form in the store