eximscan x mailscanner and security issue

[claudio]

Hi Guys

In my RH9 box i have the following sentence on my serverstatus:

exim (exim-4.41-140_cpanel_stmpcontrol_antivirus_rewrite_mailman2_maskedmailtrap_exiscan)

Does it means i have already installed exiscan and exim antivirus ?

Should i consider in installing mailscanner? Should i install clamd? i searched in ssh and i just found /scripts/checkstatus_clamd but it seems not to be installed...

by the way in my logwacth i always realize some asian ip adressess trying to login and as i already disable root login and put some of then in my hosts.deny list but as well i have a apf installed and both of my local adls providers are dynamic ips do you think should i keep on putting their ips in my hosts.deny? or is there other efficient way to handle this?

i also wanna know where is located ssh access log files cause i just see then in my email after my cron send it to me and should i disable iptables after installing apf (i did that)?

Thanks and regards

Claudio

[chirpy]

A lot of separate questions:

1. All that the exim line means is that you have exim installed that is capable of using exiscan, not that it is installed and configured.

If you do want MailScanner, then I can recommend the installer at:
http://www.webumake.com/free/mailscanner.htm

ClamAV is a separate matter. You could install the cPanel clamavconnector (under WHM > Addon Modules) which installs its own copy of ClamAV, or you could install it and use it through MailScanner using the following information:
http://forums.cpanel.net/showthread....threadid=24718

2. I believe that APF loads the kernel modules it requires to run its iptables firewall, so the iptables startup may not be necessary - you'll soon find out after a reboot if APF doesn't start. However, it's certainly not necessary to stop iptables running as APF will flush any rules before loading.

3. The SSH logins (on a Linux server) are logged to:
/var/log/secure
/var/log/messages

Logins in general are logged to /var/log/wtmp which is read using the last utility:

last -da

[cguimont]

lol chirpy...
I find it funny, because there are a lot of people asking questions on mailscanner.. and it's always the same answer...

Some peoples should make searches in the forums before asking questions..

anyways, thanks for your devotion chirpy

[claudio]

Dear Chirpy

Thanks a lot for your patience

APF seems to be running without iptables (or at least without iptables start up)

Anyway i will install masilscanner as well as clamav..

Thanks Again

Claudio