Why isn't mailscanner a built-in option for WHM / cPanel?

[spaceman]

Hi All,

As I understand it, if I wanted to install MailScanner on my dedicated linux server then I could install it from layer1.cpanel.net. Some say 'it works great', others say 'buggy' or 'too CPU intensive'.

Being of a conservative nature when it comes to installing 'non-built-in' 3rd party software on my dedicated Linux box in case it negatively impacts 100+ business clients of ours, my question is this: does anyone know why MailScanner hasn't yet risen to the status of being a standard feature within WHM / cPanel? Given that it can be installed at present from layer1.cpanel.net, does this indicate that it's currently being considered for inclusion as a standard feature? And if not, why not!? :-)

Curious. Thanks for your comments.

P.S. I'm personally much more interested at present in introducing anti-virus software on my server (that strips off the virus but still delivers the message with appropriate advisories of what has been done) than the much more controversial policy of attempting spam control on behalf of my clients.

[pagedeveloping]

I can't tell you why cpanel does not incorporate MailScanner into their installation like they do with exim. but, I can tell you that it works greate on my servers.

If you don't like it, or it is giving your server a hard time with email, than you can unstall it with ease.

I haven't found MailScanner to be cpu sensitive yet.

cpanel has their own recommended config settings that fit well into exim "one of the reasons I chose cpanel install over every one else" In fact I had to un-install my last MailScanner installation on one server that was recommended in another post "lot of work".

cpanel installation of MailScanner comes with ClamAV and does what you want it to do.

P.S. I'm personally much more interested at present in introducing anti-virus software on my server (that strips off the virus but still delivers the message with appropriate advisories of what has been done) than the much more controversial policy of attempting spam control on behalf of my clients.

Here is the basic setup I used if you want to try it out.
NOTE: My servers all have RedHat 7.3 to 9.0, If the installation is different for other OS than any ones input is more than welcome.

Code:

wget http://layer1.cpanel.net/mailscanner-autoinstall-1.5.tar.gz

Code:

tar -zxvf mailscanner-autoinstall-1.5.tar.gz

Code:

cd mailscanner-autoinstall-1.5

Code:

./install

"After you install, You can setup your config."

Code:

edit /usr/mailscanner/etc/MailScanner.conf

"When you are done you need to resart MailScanner"

Code:

killall -9 MailScanner

Code:

/usr/mailscanner/bin/check_mailscanner

If you have any problems and nothing seems to work to your advantage than you can un-install

Code:

cd mailscanner-autoinstall-1.5

Code:

uninstall

[underzen]

it works very good on my server as well. No complaints and it kept the mydoom virus complaints down to a minimum!

[sphost]

am using fedora, i tried installing it, the installation completed but i had this message :

This installer is currently an unsupported release.!

looks like its not supported by fedora yet

[Marty]

Originally posted by sphost
am using fedora, i tried installing it, the installation completed but i had this message :

This installer is currently an unsupported release.!

looks like its not supported by fedora yet

No, that is a message from the cpanel people that though they provide this installer on their site, they do not support it so don't submit a ticket for help.

It may not be supported by Fedora, but that is not what that particular message is about.

[sphost]

Originally posted by Marty
No, that is a message from the cpanel people that though they provide this installer on their site, they do not support it so don't submit a ticket for help.

It may not be supported by Fedora, but that is not what that particular message is about.

oh

thank you for the explanation

so how to know if it is supported or not ?

can anyone please recommend the best configurations for mailscanner ? am running a celeron 2.0 server. i dont want to put high load on the server.

thanks

[spaceman]

Thanks pagedeveloping for your comprehensive reply. I think we might just give it a go...

[xWho]

Just wanted to add that I followed the directions in this post on my brand new Fedora installation and it worked perfectly.

In fact, about 5 minutes ago, mailscanner blocked it's first virus.

Woot!

[spaceman]

OK, we're installed and running here too!

One question - has anyone changed the default .conf settings that are supplied from layer1 and pre-configured for exim? I notice that anti-spam scanning is set to 'off' by default, which is perfect for us. I've just had a speed-read of the .conf file, and nothing jumped out at me as something I should change. Anyone?

Just thought of another question - how to keep ClamAV automatically up-to-date with the latest anti-virus definitions so the next time Mydoom or similar comes along the anti-virus protection will kick in quickly...? A cron job I would imagine...?

Thanks.

[haze]

Originally posted by spaceman
OK, we're installed and running here too!

One question - has anyone changed the default .conf settings that are supplied from layer1 and pre-configured for exim? I notice that anti-spam scanning is set to 'off' by default, which is perfect for us. I've just had a speed-read of the .conf file, and nothing jumped out at me as something I should change. Anyone?

Just thought of another question - how to keep ClamAV automatically up-to-date with the latest anti-virus definitions so the next time Mydoom or similar comes along the anti-virus protection will kick in quickly...? A cron job I would imagine...?

Thanks.

The only thing i've changed is to turn off sender notices ( no point sending a "you are infected" notice to a non existant address ( more recent viruses spoof the from field ). Turned of sending cleaned message ( more likely than not the message was created by the virus, no point in cluttering the mail queue ) and turned off notice to sys admin.. again just useless atm w/ all the virus hits we're getting.

As for keeping up 2 date w/ clam av. you can run freshclam at the command or when upcp runs it checks as well. cat /scripts/upcp | grep freshclam and its there.

Also to be sure check the clam log in /var/log as the upcp freshclam update writes to that log.

[haze]

.. And to the thread starter..

I don't think a lot of people would appreciate mailscanner being built into cpanel. A few reasons;

1. Some people use other third party virus utils and are quite happy as is, they'd be mighty pissed if that was changed i'd imagine.

2. Not everyone wants a virus scanner.

3. I don't see it as cPanels responsibility to provide an anti virus solution. I do however feel that it is there responsibility to ensure that exim is antivirus software friendly. That is, the customer info is not overwritten.

Finally, as posted above, its not exactly rocket science to install. cPanel do not want to support this product and its nice enough they've provided us w/ an easy to use installer.

THANK YOU CPANEL!!!

[spaceman]

Originally posted by iminteractive
The only thing i've changed is to turn off sender notices ( no point sending a "you are infected" notice to a non existant address ( more recent viruses spoof the from field ). Turned of sending cleaned message ( more likely than not the message was created by the virus, no point in cluttering the mail queue ) and turned off notice to sys admin.. again just useless atm w/ all the virus hits we're getting.

I agree with all this - thanks. For the benefit of others (and someone please correct me here if I'm wrong), both of these should be set to 'no' if you don't want the intended recipient of a virus-infected email to receive notification of the event:

# Should I attempt to disinfect infected attachments and then deliver
# the clean ones. "Disinfection" involves removing viruses from files
# (such as removing macro viruses from documents). "Cleaning" is the
# replacement of infected attachments with "VirusWarning.txt" text
# attachments.
# This can also be the filename of a ruleset.
Deliver Disinfected Files = no

# Do you want to deliver messages once they have been cleaned of any
# viruses?
# By making this a ruleset, you can re-create the "Deliver From Local"
# facility of previous versions.
Deliver Cleaned Messages = no

As for keeping up 2 date w/ clam av. you can run freshclam at the command or when upcp runs it checks as well. cat /scripts/upcp | grep freshclam and its there.

Also to be sure check the clam log in /var/log as the upcp freshclam update writes to that log.

Thanks again. Can you tell me how often upcp runs by default? In other words, should I concern myself with setting up a cron job to run freshclam every 24 hours or has upcp already go that covered?

Another BIG THANKS to all contributors to this thread that I started. I've been itching to get something like this installed on my server to help protect our clients, and I really didn't think it was this easy. Nice one! :-)

[Dreamer]

Just installed MailScanner + ClamAV and for about a hour MS found ~20-30 viruses.

Thanks for this topic

[spaceman]

Originally posted by Dreamer
Just installed MailScanner + ClamAV and for about a hour MS found ~20-30 viruses.

Thanks for this topic

Yes - it's a goodie!

As mentioned earlier, I've turned off the sending/forwarding (to the intended recipient) of infected messages. So what I'm thinking now is - it would be excellent if I could send a weekly or monthly summary report to each valid POP account on my server to report how many virus-infected emails were blocked on their behalf by the server. Otherwise they'll never know the good work we're doing! :-) Is anyone doing any work/research in this area that they would like to share?

[Dreamer]

I found only notices to administrators (where you define from and to postmaster user). Check the option category name too see. Are you sure it sends notification to users and not only admin?

I've made special mail account so all admin notices go there and not my root mail (where the important things are sent).

Another hour has passed and another 52 viruses are found. Cool.