The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Installed Clamav, but its not automatically checking Viruses

Discussion in 'General Discussion' started by wmeyer, May 9, 2005.

  1. wmeyer

    wmeyer Member

    Joined:
    Mar 9, 2005
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    We have installed ClamAv 0.84-1.0 on Cpanel. Everything installed O.K. and we can manually scan via the WHM. However, it is not scanning mail coming in automatically. What do we need to do to enable this.

    Any help would be appreciated.

    Thanks

    Warren
     
  2. pshepperd

    pshepperd Well-Known Member

    Joined:
    Feb 12, 2005
    Messages:
    147
    Likes Received:
    0
    Trophy Points:
    16
    did you set it up in exim? check /etc/exim.conf for the virus settings?
     
  3. easyhoster1

    easyhoster1 Well-Known Member

    Joined:
    Sep 25, 2003
    Messages:
    659
    Likes Received:
    0
    Trophy Points:
    16

    Login into WHM / Exim Configuration Editor, switch to Advanced Mode. In the first textarea
    add;

    av_scanner = clamd:/var/clamd

    Then Scroll down to the begin acl section middle textarea, scroll to the bottm
    and between (paste here)

    check_message:
    require verify = header_sender
    (paste Here)
    accept

    Add the following

    ##
    # Reject messages with serious MIME container errors
    ##
    deny message = This message contains malformed MIME ($demime_reason).
    demime = *
    condition = ${if >{$demime_errorlevel}{2}{1}{0}}

    ##
    # Reject messages attach attach a file with a CLSID in the name
    # which causes Windows to hide the file extension.
    ##
    deny message = Hiding of file extensions(CLSID hidden) is not allowed.
    regex = ^(?i)Content-Disposition::(.*?)filename=\\s*"+((\{[a-hA-H0-9-]{25,}\})|((.*?)\\s{10,}(.*?)))"+\$

    ##
    # Reject messages attach illegal extension files
    ##
    deny message = We do not accept ".$found_extension" attachments here. If you meant to send this file then please package it up as a zip file and resend it.
    # You might need to remove some of these extensions if you want to allow your user get these files
    demime = ade:adp:bas:bat:chm:cmd:com:cpl:crt:eml:exe:hlp:hta:inf:ins:isp:jse:lnk:mdb:mde:msc:msi:msp:pcd:pif:reg:scr:sct:shs:url:vbs:vbe:wsf:wsh:wsc

    ##
    # Reject email contains Virus
    ##
    deny message = This message contains a virus or other harmful content ($malware_name)
    demime = *
    malware = */defer_ok

    ##
    # Add X-Scanned Header
    ##
    warn message = X-Antivirus-Scanner: Clean mail though you should still use an Antivirus

    So it will look like this;
    ===============

    #!!# ACL that is used after the DATA command
    check_message:
    require verify = header_sender

    ##
    # Reject messages with serious MIME container errors
    ##
    deny message = This message contains malformed MIME ($demime_reason).
    demime = *
    condition = ${if >{$demime_errorlevel}{2}{1}{0}}

    ##
    # Reject messages attach attach a file with a CLSID in the name
    # which causes Windows to hide the file extension.
    ##
    deny message = Hiding of file extensions(CLSID hidden) is not allowed.
    regex = ^(?i)Content-Disposition::(.*?)filename=\\s*"+((\{[a-hA-H0-9-]{25,}\})|((.*?)\\s{10,}(.*?)))"+\$

    ##
    # Reject messages attach illegal extension files
    ##
    deny message = We do not accept ".$found_extension" attachments here. If you meant to send this file then please package it up as a zip file and resend it.
    # You might need to remove some of these extensions if you want to allow your user get these files
    demime = ade:adp:bas:bat:chm:cmd:com:cpl:crt:eml:exe:hlp:hta:inf:ins:isp:jse:lnk:mdb:mde:msc:msi:msp:pcd:pif:reg:scr:sct:shs:url:vbs:vbe:wsf:wsh:wsc

    ##
    # Reject email contains Virus
    ##
    deny message = This message contains a virus or other harmful content ($malware_name)
    demime = *
    malware = */defer_ok

    ##
    # Add X-Scanned Header
    ##
    warn message = X-Antivirus-Scanner: Clean mail though you should still use an Antivirus

    accept

    Click save

    Then from root, restart clamd

    #killall clamd
    #clamd


    Now smtp will scan for virus.

    Got this from rvskins and works great;

    http://www.rvskin.com/index.php?page=public/antispam#3
     
    #3 easyhoster1, May 10, 2005
    Last edited: May 10, 2005
  4. wmeyer

    wmeyer Member

    Joined:
    Mar 9, 2005
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    Thanks Heaps!!! It seams to be scanning automatically now.
     
Loading...

Share This Page