What anti-virus solutions?

[ozzi4648]

I had to laugh when i saw the anti-virus solutions built into Exim, or if you can call it that. Really, what are they thinking. We have Mailscanner running on all our boxes using RAV with that latest db updated on a daily basis. Our server catch hundreds of virus across 22 boxes on a daily basis. This is really what we are aiming to do with our Cpanel box. Anyone interested in a HOWTO? Give me awhile and let me see what i can whip up.

[haze]

A How-to would be great.

[jdatwood]

I for one think something like this NEEDS to be done!

[Vital]

Undoubtedly this is interesting! As an alternative, i'm experimenting with Kaspersky AntiVirus Protection, let's see, if this thing will work with exim.

[NEMON]

Most of the antivirus softwares for Linux are way too expensive.

To get a Free Opensource Antivirus software I may suggest you to grab a copy from

http://freshmeat.net/redir/clamav/29355/url_tgz/clamav-0.51.tar.gz

Once you are done downloading that -

Do the following steps :-

groupadd clamav
useradd -g clamav -s /bin/false -c &Clam AntiVirus& clamav

tar zxpvf clamav-0.51.tar.gz
cd clamav-0.51
./configure
make
make install

Everything will go smooth and clamv antivirus will be installed in

/usr/loca/bin/

To update your virus defination issue the following command.

./freshclamv

Autoupdate Virus Def

touch /var/log/clam-update.log
chmod 644 /var/log/clam-update.log
chown clamav /var/log/clam-update.log

freshclam -d -c 2 -l /var/log/clam-update.log

It will check for a new database 2 times a day. Please add this line to your startup scripts. The other way is to use the cron daemon. You have to add a similar line to the crontab of root or clamav:

0 8 * * * /usr/local/bin/freshclam --quiet -l /var/log/clam-update.log

As you are done installing Clamv Antivirus Scanner. Next step you need is to grab a copy of Amavis Mail Scanner for incoming and outgoing emails.

tar zxpvf amavis-perl-11.tar.gz
cp clamav-x.yz/support/amavis/clamavis.patch amavis-perl-11
cd amavis-perl-11
patch -p1 & clamavis.patch
find . -exec touch 01010000 {} \;

http://www.amavis.org/dist/perl/amavis-perl-11.tar.gz

tar zxpvf amavis-perl-11.tar.gz
cd amavis-perl-11
./configure
make
make install

Once you issue make install command it will ask you to install few softwares in your server dont worry nothing will got messed up in your server as I am using Above virus scanner in my server.

If you are missing few software

Decompressors and Decoders

-uudecode
-compress
-gunzip
-unzip
-unarj
-unrar
-xbin
-LHArc
-bunzip2
-zoo
-arc
-freeze
-tnef

You might need to get
zoo
arc
tnef
freeze

Cos thats what Amavis ask me to install so you can grab of a copy of those from

http://www.rpmfind.net and search for those above software but make sure you will download the one which reflects your server version like if you are running RH 7.2 then you have to get a zoo software for RH 7.2 i386

And install them on your server by using

rpm -Uvh zoo.rpm

Issue that above command to all the missing softwares on your servers . now you are done with that part too.

Next Step

Perl Modules :-

perl -MCPAN -e shell

install Unix::Syslog
install Convert::UUlib
install Convert::TNEF
install Compress::Zlib
install Archive::Tar
install Archive::Zip
install G/GB/GBARR/MailTools-1.15.tar.gz
install MIME::Tools
install Bundle::libnet

Once you are done with above then the final step you need to do is :-

Install the Amavis software
And issue the following commands and if you dont get any file missing error then it means you are done installing that.

cd amavis-perl-11
./configure
make
make install

Thats all for above part

pico /etc/mail/sendmail.mc

dnl
dnl Change Mlocal to use AMaViS-Perl
define(`LOCAL_MAILER_PATH', `/usr/sbin/amavis')dnl
define(`LOCAL_MAILER_ARGS', CONCAT(`amavis $f $u /usr/bin/',
LOCAL_MAILER_ARGS))dnl
dnl please set the path to your procmail accordingly!
dnl the following works only with sendmail 8.10.x or above
MODIFY_MAILER_FLAGS(`LOCAL', `-m')dnl

m4 /etc/mail/sendmail.mc & /etc/sendmail.cf

That should be it...

to run clamd antivirus you need to remove # from clamd.conf some where in /usr/local/share

This was done on sendmail server, with no exim. But I think it should be the same thing.

I also have send the same thing to bdraco day ago.

[ozzi4648]

[quote:7f68466380][i:7f68466380]Originally posted by NEMON[/i:7f68466380]

Most of the antivirus softwares for Linux are way too expensive.
[/quote:7f68466380]

Mailscanner is free, much better then Amavis, and i can get a RAV anti-virus license for less than $30.00 per server.

[ecoutez]

If you're going the AMaViS route, the -NG version is a better choice. It integrates fairly easily as well.

I had promised to get some docs together, but this is still somewhat incomplete. Here's what I do have though...

Start by downloadig amavis-ng:
http://sourceforge.net/projects/amavis

Relevent Readme included in the tarball:
doc/README.exim-perl

AntiVirus Scanner - my personal preference is uvscan:
McAfee Download:
McAfee VirusScan Command Line Scanner for... Linux (4.16)
http://www.mcafeeb2b.com/naicommon/buy-try/try/products-evals.asp
register and download vlnx416e.tar.Z


Now we need to update the DAT file and install the program to do so via cron
uvupdate:
http://main.psi.com.br/~julio/uvscan/
read and follow uvupdate INSTALL file - select experimental or not
Add symbolic link from /etc/cron.daily/uvupdate to your installed uvupdate program

edit /etc/exim.conf:
edit out # message_filter = /etc/antivirus.exim
insert...
message_filter = /etc/exim/amavis.filter
message_filter_user = mail
message_filter_group = mail
deliver_load_max = 3
queue_only_load = 4

I elected to also edit this value:
deliver_queue_load_max = 5


copy /root/src/amavis-ng/amavis-ng-0.1.3.1/doc/exim/exim.filter to /etc/exim/amavis.filter

insert line at top of /etc/exim.pl:
do '/usr/share/amavis/amavis-filter.pl';

cpan install File::MMagic
cpan install Config::IniFiles
cpan install MIME::Tools (mine was up-to-date)
cpan install Convert::TNEF
cpan install Convert::UUlib
cpan instlal Compress::Zlib (MINE WAS UP-TO-DATE)
cpan install Archive::Tar (was up to date)


Also may be desired (no guarantee that these are the latest though...)
* unrar ftp://speakeasy.rpmfind.net/linux/contrib/libc6/i386/unrar-3.0-1.i386.rpm
* zoo http://ftp.task.gda.pl/linux/RPMS/redhat/libc6/contribs/i386/zoo-2.10-7.i386.html
* arc ftp://speakeasy.rpmfind.net/linux/contrib/libc6/i386/arc-5.21e-6.i386.rpm
* lha http://www.redhat.com/swr/i386/lha-1.14i-4.i386.html
* unarj http://www.redhat.com/swr/i386/unarj-2.43-10.i386.html


Then install amavis-ng:
make;make install


cp /root/src/amavis-ng/amavis-ng-0.1.3.1/etc/amavis.conf /etc/

edit /etc/amavis.conf with your fav. editor:
- enable EximPerl (line 11) and at least one scanner (I use NAI) -- FSP is FILE::Scan Perl module (free and installed)
- enable extractor modules which are installed
- select headers
- unpack directory - I use /tmp/amavis/ chmod 755, chown mail.mail

In the [notify] section, I recommend not selecting a local domain at all. This appears to work best in my testing:
;; local domain = .*example\.com

- set admin mail addresses to/from
- check path for virusscan program and external compression programs

- /etc/amavis.conf file must be in /etc/amavis/ ... I added a symbolic link to take care of this. It may work with amavis.conf only in /etc/amavis/ but I have not had a chance to test that.

The only problem with this is if/when CPanel updates Exim. In the past, the exim.conf would be overwritten, but the past few updates seem to have preserved the config file. However, you also need to ensure that the first line of your exim.pl doesn't get wiped out. chattr could help here.

- Jason

[bdraco]

http://layer1.cpanel.net/exim+virusscan.tar.gz

If you use this, exim should keep the config between updates

[macian]

[quote:2be2348ca4][i:2be2348ca4]Originally posted by ozzi4648[/i:2be2348ca4]

I had to laugh when i saw the anti-virus solutions built into Exim, or if you can call it that. Really, what are they thinking. We have Mailscanner running on all our boxes using RAV with that latest db updated on a daily basis. Our server catch hundreds of virus across 22 boxes on a daily basis. This is really what we are aiming to do with our Cpanel box. Anyone interested in a HOWTO? Give me awhile and let me see what i can whip up. [/quote:2be2348ca4]

yeah... i would definately be interested in setting something like that up on my server... a quick howto would be great...

[ozzi4648]

[quote:3066a60aae][i:3066a60aae]Originally posted by macian[/i:3066a60aae]

[quote:3066a60aae][i:3066a60aae]Originally posted by ozzi4648[/i:3066a60aae]

I had to laugh when i saw the anti-virus solutions built into Exim, or if you can call it that. Really, what are they thinking. We have Mailscanner running on all our boxes using RAV with that latest db updated on a daily basis. Our server catch hundreds of virus across 22 boxes on a daily basis. This is really what we are aiming to do with our Cpanel box. Anyone interested in a HOWTO? Give me awhile and let me see what i can whip up. [/quote:3066a60aae]

yeah... i would definately be interested in setting something like that up on my server... a quick howto would be great...[/quote:3066a60aae]

Still working on this. When its working correctly i will post a howto. All i have to say is its harder to implament with Exim than with Sendmail.

[bdraco]

wget http://layer1.cpanel.net/exim+virusscan.tar.gz
tar xfzv exim+virusscan.tar.gz
cd exim+virusscan
sh install

[ozzi4648]

[quote:30c41a186e][i:30c41a186e]Originally posted by bdraco[/i:30c41a186e]

wget http://layer1.cpanel.net/exim+virusscan.tar.gz
tar xfzv exim+virusscan.tar.gz
cd exim+virusscan
sh install[/quote:30c41a186e]

No thanks! Mailscanner is a much better soltuions and it runs on 22 of our other servers catching hundreds of infected email daily! Our virus signature db's are updated daily on all our servers and we are using RAV not some generic catch-me-if-you-can solution.
Thanks for your suggestion.

[moronhead]

[quote:ca0a8b7aac][i:ca0a8b7aac]Originally posted by ozzi4648[/i:ca0a8b7aac]

[quote:ca0a8b7aac][i:ca0a8b7aac]Originally posted by bdraco[/i:ca0a8b7aac]

wget http://layer1.cpanel.net/exim+virusscan.tar.gz
tar xfzv exim+virusscan.tar.gz
cd exim+virusscan
sh install[/quote:ca0a8b7aac]No thanks! Mailscanner is a much better soltuions and it runs on 22 of our other servers catching hundreds of infected email daily! Our virus signature db's are updated daily on all our servers and we are using RAV not some generic catch-me-if-you-can solution.
Thanks for your suggestion.[/quote:ca0a8b7aac]
I believe Nick was replying to a comment made by ecoutez about exim.conf. You must be so pre-occupied with your own &best& solution that you obviously don't bother either paying attention to or reading other members' posts.

Well, you can keep paying for your scanner; that's your choice. I can't see anything wrong with the step-by-step solutions recommended by nemon and ecoutez where you pay zilch, and you'd still get equally reasonable results!

[hkewell]

How to update db of virus ??

what is command or autoupdate ?

[haze]

Nick you bloody legend!