Part 11. ClamAV Email Anti-Virus configuring

Details

Category: Mail Server

Published: Thursday, 18 July 2019 14:27

Written by Super User

Hits: 2336

The list of articles cycle

Install the antivirus system for the mail server:

#apt install clamsmtp

Open the configuration file /etc/clamsmtpd.conf and write down the required settings there:

OutAddress: 10026

Listen: 127.0.0.1:10025

ClamAddress: /var/run/clamav/clamd.ctl

Header: X-AV-Checked: ClamAV using ClamSMTP

TempDirectory: /var/spool/clamsmtp

PidFile: /var/run/clamsmtp/clamsmtpd.pid

Quarantine: on

User: clamsmtp

#VirusAction: /etc/clamav/script.sh

In fact, there are many parameters in this file, but only the necessary ones are specified here. For a more detailed study, I recommend reading me clamsmtpd.conf.

To apply the changes, you must restart the antivirus service:

#service clamsmtp restart

Configure an email server to work with antivirus

Add 2 lines to the file /etc/postfix/main.cf:

content_filter = scan:[127.0.0.1]:10025

receive_override_options = no_address_mappings

The first one tells postfix that it is necessary to forward all mail through the service (filter) scan to the 10025 port where clamsmtpd is. The second line tells postfix do not make any address manipulation before the mail reaches the content_filter. So filter works with real mailing addresses, and not with the results of translating into virtual aliases, masquerades, etc.

You need to add the following lines to the /etc/postfix/master.cf file:

# AV scan filter (used by content_filter)

scan unix - - n - 16 smtp

-o smtp_send_xforward_command=yes

# For injecting mail back into postfix from the filter

127.0.0.1:10026 inet n - n - 16 smtpd

-o content_filter=

-o receive_override_options=no_unknown_recipient_checks,no_header_body_checks

-o smtpd_helo_restrictions=

-o smtpd_client_restrictions=

-o smtpd_sender_restrictions=

-o smtpd_recipient_restrictions=permit_mynetworks,reject

-o mynetworks_style=host

-o smtpd_authorized_xforward_hosts=127.0.0.0/8

There is no need to restart Postfix service:

#service postfix restart

Antivirus basic configuration is complete.

Configure antivirus notifications

Now the last thing to do is to configure the antivirus notifications sending. To do this, create a script.sh file:

#nano /etc/clamav/script.sh

We will write to it:

#!/bin/sh

DOMAIN=study.local

# Email address to send alerts to

ADMIN=This email address is being protected from spambots. You need JavaScript enabled to view it.

# formail should be in PATH

PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin

LINE="-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-"

if [ X`echo $SENDER | egrep $DOMAIN` != "X" ];

then MAILTO=$SENDER,$ADMIN

else MAILTO=`echo "$RECIPIENTS" | egrep $DOMAIN | tr '\n' ','`$ADMIN

fi

(echo "Virus name: $VIRUS"

echo "Sender: $SENDER"

echo "Recipient(s): $RECIPIENTS"

echo

if [ "x$EMAIL" != "x" ] && [ -f $EMAIL ]

then

echo "Quarantined to: $EMAIL"

fi

) | cat -v | mail -s "$VIRUS found on mailserver" $MAILTO

Uncomment string VirusAction: /etc/clamav/script.sh in the file /etc/clamsmtpd.conf and restart the service clamsmtp:

#service clamsmtp restart

Now our antivirus not only checks the mail, but also quarantines infected letters and sends a notification to the administrator and users of our domain.

You must install the mailutils package for notification sending,

# apt  install mailutils

The list of articles cycle