MailScanner on layer1.cpanel.net [was:Updated Exim+Antivirus Package Available]

[Elikster]

Updated Exim+Antivirus Package Available

Greetings,

I been working on the package that Cpanel have released and said to be un-supported. Well...I took the package and did some modifications plus upgraded it to the latest version released of the Amavis-NG system.

Then I added the F-Prot into it. I will release two versions though. One with Clam with F-Prot and one with CLAM and Sophie package using Sophios Virus DB.

I have the Clam+F-Prot package ready for anyone who requests it. Be warned that you are on your own as far the F-Prot's uses goes. But the Sophie version, it will work perfectly. Reason I said you are on your own is that I registered ours with F-Prot for the servers. But it will not stop you from installing it though. Just you gotta license it.

So...if you want those, please email me and I will send you the url for the F-Prot version til I get the Sophie Version working and set by running install script. Once that is done, I will submit it to Cpanel to put up to replace their old version to be used on the systems and put it online somewhere for you guys to start downloading.

It works and the modifications I made is geared for high traffic email systems, but it should not hurt you either as well. Expect in few days for the Sophie version to be done and completed since I got 173 servers to install it in among several clients of mine. My recommendation is the Clam + Sophie version since it will be faster of two for processing of the emails compared to commandline version of F-Prot as I have found out during 6 servers installation trials.

 

[Silverado]

Where do we send an email..... can't send it via your profile.

 

[haze]

I'd be very interested in the Clam + Sophie version!

 

[Elikster]

Email Address - Goof me....

Here is my email address. My bad.

[email protected]

I got the working installation of the Sophie nearly done and working on getting the configuration and few other nicies included so that you just have to modify a few lines and you be all set to go.

Plus, in those package, it also have all the uncompression programs in RPMs format which it will install automatically for you so it take lot of hard work out.

Right now...I am tweaking Sophie so that I can have a good settings to use to set as standard and then modify the installer some more. Once it is done, I will post up that it is available and I will set it up on the website of mine for you folks to grab.

 

[Elikster]

Updated Exim+Antivirus Package Avaialble now

Greetings, if you looking for the Exim Anti-Virus Package for the Cpanel, it is now at this url: http://www.webspires.com/cpanel-devel/

Currently, there is two packages there.
exim+virusscanner-CLAM - Original with updated items
exim+virusscanner-CLAM+F-Prot - Original with F-Prot Anti-Virus added into the mix

I will be adding the Sophie version soon as I get it working properly with all the installation scripts in tandem.

 

[sqsisa]

Hey Elikster,

Do you need to do anything with exim+virusscanner-CLAM that was installed from cPanel downloads before installing yours?

It's all still there. I just disabled it in exim.conf because it locked the mail queue.

Thnx,

 

[Domenico]

Thanks a lot for this Elikster! I hope you keep these packages updated in the future. Too bad Darkorb doesn't feel the need to keep these packages upgraded though.

btw. does f-prot also scan the messages for virusses? I can't find that anywhere...

 

[Valuehosted]

how much is f-prot to buy - I went to their site but I don't know what version you have included as I only seemed to find individual user versions.

Also - is there anyway to set this up to ignore certain domains or just work on certain domains - kind of like an added service.

Also, are virussignatures kept uptodate automatically?

What will be the difference between current released version and the sophie version? and you do you custom installs and if so how much? (PM me please)

--Tone

 

[Elikster]

Greetings Folks

It seems I am getting bombed from everyone who is also looking for the Sophie version. I will have it up to night hopefully, since I have been busy setting up 18 new servers from various clients for past 5 days plus removing those annoying sk rootkits that keep popping up everywhere dispite my efforts.

Those who are looking for custom installations, email me and I will discuss it with you. PM is ok, just I log on the board like once every 2 to 4 days to check on things and to see how other people are doing while I was between visits to the board.

As for the F-Prot, it is a small business version that I used. It is found at this site here:

http://www.f-prot.com/products/corporate_users/linux/

They charges $300 per year but it is generally good for low volume email traffic. If you going to have high traffic, it is not good for use, since it will bring down the server as I have noticed. Sophie version will do the job along with Clam version as I have discovered.

 

[mesranet]

Query

Hi Elikster,

Your script look great, thank you for posting, i have a question, after finish installation, i receive an email tell me about virus was found on one of sender:

Our virus checker has found potentially malicious code in a mail from
[email protected] addressed to you. Delivery has been stopped. For further
questions, please contact [email protected].


The message has been quarantined as 3ec2640b-16fa.


CLAM Anti Virus found:
Yaha.P

------------------------------------------------------------------------
Message headers follow:
Received: from [210.186.89.116] (helo=mail.domain.net)
by first.domain.com with smtp (Exim 3.36 #1)
id 19FyOp-0001Ws-00
for [email protected]; Wed, 14 May 2003 23:42:36 +0800
From: username<[email protected]>
To: [email protected]
Subject: Things to note...
Date: Wed,14 May 2003 23:41:47 PM
X-Mailer: Windows Eudora Pro Version 2.1.2
MIME-Version: 1.0
Content-Type:multipart/mixed;
boundary=#PNQDF07719#
Message-Id: <[email protected]>


My question is, how could i change 'please contact [email protected]' to my email .

Please help and thank you so much.

 

[Valuehosted]

pico /etc/amavis/amavis.conf

further down it does state who should the mail be sent from and who are the admin/s.

My problem with that is if I have resellers, I do not want to use my domain contact as it could dispair my resellers.

If you do not have any resellers you can change it to [email protected] - if you do have resellers, does anyone know of a way around this?

--Tone

 

[mesranet]

Hi Valuehosted,

Thanks for help, the best idea is if you can search the line of:

Our virus checker has found potentially malicious code in a mail from
[email protected] addressed to you. Delivery has been stopped. For further questions, please contact bla bla

 

[Ibanez]

Perl 5.8.0. Problem..

I'm running Perl 5.8.0

And after i installed exim-antivirus-CLAM, it is not working.

Is there way to fix that, or is there any where to downgrade my perl to perl 5.6.1?

I'm using Mandrake 9.0, Perl 5.8.0 is preinstalled.

I have tried to rpm -e perl and compile 5.6.1, but it didn't work, because it needs perl to make the compilation.


Any experts?

Thanks a lot.

 

[Stenny Chong]

Grap the source from cpanel ftp and compile it in your server.

I'm running redhat 8 with perl 5.8.0, don't not my compiled rpm can work on your system or not.

 

[Elikster]

Anyone mind giving me access to one box that is running Redhat that have perl 5.8.0 to see if I can get it working and post the revision?

Currently all of our boxes that I have access to are all 7.2 or 7.3 and I did not recommend using 8.0 due to major change which I know will introduce some problems.

But due to the fact that some people are using it and need some solution to make it work, I appreciate if anyone can volunteer the Cpanel Box with Redhat 8.0 to work and see if I can fix it.

On new note. I have replaced the older Clam version with the latest version, 0.54, which have residential Daemon Scanner and I found it to be much faster and responsive compared to the previous version. So I will post a package for those who already installed the Clam and do a quick and easy upgrade to the newer version and update the entire package with it.

 

[Valuehosted]

This is great news - looking forward to the upgrade patch.

--Tone

 

[manlius.com]

Elikster

If you did not get a RH 8.0 box yet, email me [email protected]
I will get you access.

 

[Ibanez]

Is the latest version works in perl 5.8.0?

 

[sqsisa]

WTF?

OK, WHM update night of 5/14 to 5/15:

CPAN is up to date.
Running install for module DBI
Running make for T/TI/TIMB/DBI-1.36.tar.gz
Fetching with LWP:
http://ftp.cpanel.net/pub/CPAN/authors/id/T/TI/TIMB/DBI-1.36.tar.gz
CPAN: Digest::MD5 loaded ok
Fetching with LWP:
http://ftp.cpanel.net/pub/CPAN/authors/id/T/TI/TIMB/CHECKSUMS
Checksum for /root/.cpan/sources/authors/id/T/TI/TIMB/DBI-1.36.tar.gz ok
Scanning cache /root/.cpan/build for sizes
SNIP............
.............
DBI-1.36/ToDo

CPAN.pm: Going to build T/TI/TIMB/DBI-1.36.tar.gz

Creating extra DBI::PurePerl test: t/zz_01basics_pp.t
Creating extra DBI::PurePerl test: t/zz_02dbidrv_pp.t
Creating extra DBI::PurePerl test: t/zz_03handle_pp.t
Creating extra DBI::PurePerl test: t/zz_04mods_pp.t
Creating extra DBI::PurePerl test: t/zz_05thrclone_pp.t
Creating extra DBI::PurePerl test: t/zz_06attrs_pp.t
Creating extra DBI::PurePerl test: t/zz_07kids_pp.t
Creating extra DBI::PurePerl test: t/zz_08keeperr_pp.t
Creating extra DBI::PurePerl test: t/zz_10examp_pp.t
Creating extra DBI::PurePerl test: t/zz_15array_pp.t
Creating extra DBI::PurePerl test: t/zz_20meta_pp.t
Creating extra DBI::PurePerl test: t/zz_30subclass_pp.t
Creating extra DBI::PurePerl test: t/zz_40profile_pp.t
Creating extra DBI::PurePerl test: t/zz_41prof_dump_pp.t
Creating extra DBI::PurePerl test: t/zz_42prof_data_pp.t
Creating extra DBI::PurePerl test: t/zz_60preparse_pp.t
Creating extra DBI::PurePerl test: t/zz_80proxy_pp.t
Checking if your kit is complete...
Looks good
Writing Makefile for DBI

Remember to actually *read* the README file!
Use 'make' to build the software (dmake or nmake on Windows).
Then 'make test' to execute self tests.
Then 'make install' to install the DBI and then delete this working
directory before unpacking and building any DBD::* drivers.

/usr/bin/perl -I/usr/lib/perl5/5.6.1/i686-linux -I/usr/lib/perl5/5.6.1 -MExtUtils::Command -e mkpath blib/lib/DBI
rm -f blib/lib/DBI/Changes.pm
cp Changes blib/lib/DBI/Changes.pm
/bin/sh -c true
cp Driver_xst.h blib/arch/auto/DBI/Driver_xst.h
cp lib/DBI/ProfileDumper.pm blib/lib/DBI/ProfileDumper.pm
cp DBIXS.h blib/arch/auto/DBI/DBIXS.h
cp lib/DBI/DBD/Metadata.pm blib/lib/DBI/DBD/Metadata.pm
cp lib/DBD/NullP.pm blib/lib/DBD/NullP.pm
cp dbipport.h blib/arch/auto/DBI/dbipport.h
cp lib/DBI/Const/GetInfoReturn.pm blib/lib/DBI/Const/GetInfoReturn.pm
cp dbd_xsh.h blib/arch/auto/DBI/dbd_xsh.h
cp lib/DBI/Const/GetInfo/ANSI.pm blib/lib/DBI/Const/GetInfo/ANSI.pm
cp lib/DBI/PurePerl.pm blib/lib/DBI/PurePerl.pm
cp lib/DBI/Profile.pm blib/lib/DBI/Profile.pm
cp lib/DBI/FAQ.pm blib/lib/DBI/FAQ.pm
cp DBI.pm blib/lib/DBI.pm
cp lib/Bundle/DBI.pm blib/lib/Bundle/DBI.pm
cp lib/DBD/ExampleP.pm blib/lib/DBD/ExampleP.pm
cp lib/Win32/DBIODBC.pm blib/lib/Win32/DBIODBC.pm
cp lib/DBI/W32ODBC.pm blib/lib/DBI/W32ODBC.pm
cp lib/DBI/DBD.pm blib/lib/DBI/DBD.pm
cp lib/DBI/ProfileData.pm blib/lib/DBI/ProfileData.pm
cp lib/DBD/Proxy.pm blib/lib/DBD/Proxy.pm
cp lib/DBI/Const/GetInfoType.pm blib/lib/DBI/Const/GetInfoType.pm
cp lib/DBI/ProxyServer.pm blib/lib/DBI/ProxyServer.pm
cp dbi_sql.h blib/arch/auto/DBI/dbi_sql.h
cp lib/DBI/ProfileDumper/Apache.pm blib/lib/DBI/ProfileDumper/Apache.pm
cp Driver.xst blib/arch/auto/DBI/Driver.xst
cp lib/DBD/Sponge.pm blib/lib/DBD/Sponge.pm
cp lib/DBI/Const/GetInfo/ODBC.pm blib/lib/DBI/Const/GetInfo/ODBC.pm
/bin/sh -c true
/bin/sh -c true
/usr/bin/perl -p -e "s/~DRIVER~/Perl/g" < blib/arch/auto/DBI/Driver.xst > Perl.xsi
/usr/bin/perl -I/usr/lib/perl5/5.6.1/i686-linux -I/usr/lib/perl5/5.6.1 /usr/lib/perl5/5.6.1/ExtUtils/xsubpp -typemap /usr/lib/perl5/5.6.1/ExtUtils/typemap -typemap typemap Perl.xs > Perl.xsc && mv Perl.xsc Perl.c
cc -c -fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -O2 -DVERSION=\"1.36\" -DXS_VERSION=\"1.36\" -fpic -I/usr/lib/perl5/5.6.1/i686-linux/CORE -Wall -Wno-comment -DDBI_NO_THREADS Perl.c
dbipport.h:529: warning: `my_sv_2pvbyte' defined but not used
/usr/bin/perl -I/usr/lib/perl5/5.6.1/i686-linux -I/usr/lib/perl5/5.6.1 /usr/lib/perl5/5.6.1/ExtUtils/xsubpp -typemap /usr/lib/perl5/5.6.1/ExtUtils/typemap -typemap typemap DBI.xs > DBI.xsc && mv DBI.xsc DBI.c
cc -c -fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -O2 -DVERSION=\"1.36\" -DXS_VERSION=\"1.36\" -fpic -I/usr/lib/perl5/5.6.1/i686-linux/CORE -Wall -Wno-comment -DDBI_NO_THREADS DBI.c
DBI.xs: In function `dbih_clearcom':
DBI.xs:1012: warning: unused variable `Perl___notused'
DBI.xs: In function `dbih_get_fbav':
DBI.xs:1151: warning: unused variable `Perl___notused'
DBI.xs: In function `dbih_set_attr_k':
DBI.xs:1318: warning: unused variable `Perl___notused'
DBI.xs:1243: warning: unused variable `Perl___notused'
DBI.xs: In function `dbih_get_attr_k':
DBI.xs:1452: warning: unused variable `Perl___notused'
DBI.xs: In function `log_where':
DBI.xs:1876: warning: unused variable `Perl___notused'
DBI.xs: In function `XS_DBI_dispatch':
DBI.xs:2638: warning: unused variable `Perl___notused'
DBI.c: At top level:
dbipport.h:529: warning: `my_sv_2pvbyte' defined but not used
Running Mkbootstrap for DBI ()
chmod 644 DBI.bs
rm -f blib/arch/auto/DBI/DBI.so
LD_RUN_PATH="" cc -shared -L/usr/local/lib DBI.o -o blib/arch/auto/DBI/DBI.so
chmod 755 blib/arch/auto/DBI/DBI.so
cp DBI.bs blib/arch/auto/DBI/DBI.bs
chmod 644 blib/arch/auto/DBI/DBI.bs
/usr/bin/perl -Iblib/arch -Iblib/lib -I/usr/lib/perl5/5.6.1/i686-linux -I/usr/lib/perl5/5.6.1 dbiproxy.PL dbiproxy
Extracted dbiproxy from dbiproxy.PL with variable substitutions.
cp dbiproxy blib/script/dbiproxy
/usr/bin/perl -I/usr/lib/perl5/5.6.1/i686-linux -I/usr/lib/perl5/5.6.1 -MExtUtils::MakeMaker -e "MY->fixin(shift)" blib/script/dbiproxy
/usr/bin/perl -Iblib/arch -Iblib/lib -I/usr/lib/perl5/5.6.1/i686-linux -I/usr/lib/perl5/5.6.1 dbiprof.PL dbiprof
Extracted dbiprof from dbiprof.PL with variable substitutions.
cp dbiprof blib/script/dbiprof
/usr/bin/perl -I/usr/lib/perl5/5.6.1/i686-linux -I/usr/lib/perl5/5.6.1 -MExtUtils::MakeMaker -e "MY->fixin(shift)" blib/script/dbiprof

Now exim shot me a million messages for automagically rested and when I do a restart in WHM I get this:

May 12 21:36:36 cpanel exim: exim shutdown failed May 12 21:36:36 cpanel exim: antirelayd shutdown failed May 12 21:36:36 cpanel exim: spamd shutdown failed May 12 21:36:36 cpanel exim: exim shutdown failed May 12 21:36:36 cpanel exim: antirelayd shutdown failed May 12 21:36:36 cpanel exim: spamd shutdown failed May 12 21:36:36 cpanel exim: exim shutdown failed May 12 21:36:36 cpanel exim: antirelayd shutdown failed May 12 21:36:36 cpanel exim: spamd shutdown failed May 12 21:36:36 cpanel exim: 2003-05-12 21:36:36 Exim configuration error May 12 21:36:36 cpanel exim: "message_filter" option set for the second time in line 96 May 12 21:36:36 cpanel exim: exim startup failed May 12 21:36:37 cpanel exim: antirelayd startup succeeded May 12 21:39:18 cpanel exim: SNIP...........
...............
cpanel exim: spamd shutdown failed May 16 02:47:42 cpanel exim: exim startup succeeded May 16 02:47:42 cpanel exim: antirelayd startup succeeded May 16 02:55:10 cpanel exim: exim shutdown failed May 16 02:55:10 cpanel exim: antirelayd shutdown failed May 16 02:55:10 cpanel exim: spamd shutdown failed May 16 02:55:10 cpanel exim: exim shutdown failed May 16 02:55:10 cpanel exim: antirelayd shutdown failed May 16 02:55:10 cpanel exim: spamd shutdown failed May 16 02:55:10 cpanel exim: exim shutdown failed May 16 02:55:10 cpanel exim: antirelayd shutdown failed May 16 02:55:10 cpanel exim: spamd shutdown failed May 16 02:55:10 cpanel exim: exim startup succeeded May 16 02:55:11 cpanel exim: antirelayd startup succeeded exim has failed, please contact the sysadmin.

But the damn thing is working!

exim.conf:
this line (cpanel exim: "message_filter" option set for the second time in line 96 May 12 21:36:36 ) does not exist in the conf file (The line message_filter is 87 and line 96 is the one just below message_body_visible):
local_domains = lsearch;/etc/localdomains

message_filter = /etc/antivirus.clam.exim

message_filter_user = mail
message_filter_group = mail

deliver_load_max = 3
deliver_queue_load_max = 5
queue_only_load = 4
message_body_visible = 5000


receiver_verify_hosts = !127.0.0.1/8:0.0.0.0/0

Any suggestions?

 

[Valuehosted]

Dan,

what linux version are you running?

--Tone