scan incoming emails for viruses

[keemo]

I'm trying to setup an email server using YES Linux, and i'm trying to set it up so that it scans my incoming emails and mark any infected emails.

I have set up practically everything I can think of (according to my very limited and short experience with linux), and everything I had researched. Yet, I still cannot get the right headers in my emails. I will explain what I did in steps, and if anybody finds that I've missed something, anything, please let me know because I am about a bee's di*k away from quitting this whole linux thing.

I should mention that YES linux is a server ready to host your website and email using httpd, squirrelmail(*edited) and uses postfix as the MTA. All of which are already working out of the box.

Ok, I started with installing clamav-0.80...(after installing a couple of dependencies which are zlib-1.2.1 and zlib-devel-1.1.4-8 )

1) created group, 'clamav', and created non shell user, 'clamav,' as a member of that group, following the directions in the documentation.
2) as the documentation says, I did the following,

Code:

zcat clamav-0.80.tar.gz | tar xvf -
cd clamav-0.80
./configure --sysconfdir=/etc
make 
make install

3) I've setup the daemon by editing /etc/clamd.conf. I've commented out Example and I've activated the following options

• LogFile /tmp/clamd.log
  Log Verbose
  LocalSocket /tmp/clamd
  FixStale Socket
  MaxDirectoryRecursion
  User clamav
  ScanOLE2
  ScanMail
  ScanArchive
  ArchiveMaxFileSize 10M
  ArchiveMaxRecursion 5
  ArchiveMaxFiles 1000
  ArchiveMaxCompressionRation 200

4)Tested clamav and clamd by running the following:

Code:

clamscan -r -l scan.txt clamav-0.80
and
clamdscan -l scan.txt clamav-0.80

both of which returned the right results in the scan.txt file.

5) I setup a script called 'clamd' which I got from a website during my research, to run the clam daemon on startup, "/etc/init.d/clamd"

Code:

#!/bin/bash

TMPDIR=/tmp
PATH=/sbin:/usr/sbin:/bin:/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/X11R6/bin

case "$1" in
   start)
       echo "starting ClamAV..."
       if [ -S /tmp/clamd ]; then
	echo "ClamAV is already running!"
       else
	/usr/local/bin/freshclam -d -c 4 --datadir=/usr/local/share/clamav
	/usr/local/sbin/clamd
       fi
       echo "ClamAV is now running!"
   ;;
   stop)
       echo "Shutting down ClamAV..."
       array=(`ps ax | grep -iw '/usr/local/bin/freshclam' | grep -iv 'grep' \
      | awk '{print $1}' | cut -f1 -d/ | tr '\n' ' '`)
       element_count=${#array[@]}
       index=0
       while [ "$index" -lt "$element_count" ]
       do
	kill -9 ${array[$index]}
	let "index = $index + 1"
       done
       array=(`ps ax | grep -iw '/usr/local/sbin/clamd' | grep -iv 'grep' \
      | awk '{print $1}' | cut -f1 -d/ | tr '\n' ' '`)
       element_count=${#array[@]}
       index=0
       while [ "$index" -lt "$element_count" ]
       do
	kill -9 ${array[$index]}
	let "index = $index + 1"
       done
       if [ -S /tmp/clamd ]; then
	rm -f /tmp/clamd
       fi
       echo "ClamAV stopped!"
   ;;
   restart)
       $0 stop && sleep 3
       $0 start
   ;;
   *)
   echo "Usage: $0 {start|stop|restart}"
   exit 1
esac
exit 0

Then I ran the following

Code:

chmod 755 /etc/init.d/clamd
/etc/init.d/clamd start

and added the following commands to /etc/rc3.d to run clamd BEFORE the mail server, as required by clamassassin.

Code:

S79clamd

and in /etc/rc0.d & /etc/rc6.d, I added..

Code:

K31clamd

I restarted and made sure that clamd ran before postfix.

clamassassin 1.2.1

(depedency: mktemp-1.5....streight forward installation --> ./configure >> make >> make install)

I untarred clamassassin-1.2.1.tar.gz then as per documentation ran

Code:

./configure --enable-subject-rewrite
make install

Postfix

in /etc/postfix/main.cf, I enabled the following

Code:

mailbox_command = /usr/bin/procmail
mailbox_command = /usr/bin/procmail -a $EXTENSION

Procmail 3.15.2

Since noone is logged onto the server, I setup a the following file /etc/procmailrc, and this is what it looks like

Code:

:0fw 
| /usr/local.bin/clamassassin

:0:
* ^X-Virus-Status: Yes
IN.virus

And thats it...I restarted and sent an email with an attachment to myself, and nothing, there was no header with X-Virus-Status.

So please, if anybody sees any flaws in what I did, then please let me know....I know I am so close to getting it done!

By the way, I'm using YES 2.0.12. And I do appologise if this is not the place to post this, but I've been on the mailing lists of clamav and procmail which is where I got alot of my code, but I still cant get it to work.

Thanks in advnace for any suggestions.

[kkubasik]

im gonna have to go back over exactly what you have posted to look for an error, but you stated that you have both sendmail and postfix running as MTA's? Could you clarify?

[keemo]

I'm sorry...that was supposed to say squirrelmail.

YES Linux uses postfix as it MTA

[keemo]

anybody else has any comments at all?
Cheers.