The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

MailScanner on layer1.cpanel.net [was:Updated Exim+Antivirus Package Available]

Discussion in 'E-mail Discussions' started by Elikster, May 6, 2003.

  1. Elikster

    Elikster Well-Known Member

    Joined:
    Feb 8, 2003
    Messages:
    119
    Likes Received:
    1
    Trophy Points:
    18
    Updated Exim+Antivirus Package Available

    Greetings,

    I been working on the package that Cpanel have released and said to be un-supported. Well...I took the package and did some modifications plus upgraded it to the latest version released of the Amavis-NG system.

    Then I added the F-Prot into it. I will release two versions though. One with Clam with F-Prot and one with CLAM and Sophie package using Sophios Virus DB.

    I have the Clam+F-Prot package ready for anyone who requests it. Be warned that you are on your own as far the F-Prot's uses goes. But the Sophie version, it will work perfectly. Reason I said you are on your own is that I registered ours with F-Prot for the servers. But it will not stop you from installing it though. Just you gotta license it. :)

    So...if you want those, please email me and I will send you the url for the F-Prot version til I get the Sophie Version working and set by running install script. Once that is done, I will submit it to Cpanel to put up to replace their old version to be used on the systems and put it online somewhere for you guys to start downloading.

    It works and the modifications I made is geared for high traffic email systems, but it should not hurt you either as well. Expect in few days for the Sophie version to be done and completed since I got 173 servers to install it in among several clients of mine. My recommendation is the Clam + Sophie version since it will be faster of two for processing of the emails compared to commandline version of F-Prot as I have found out during 6 servers installation trials.
     
  2. Silverado

    Silverado Well-Known Member

    Joined:
    Mar 19, 2003
    Messages:
    154
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Backyard - Poolside
    Where do we send an email..... can't send it via your profile.
     
  3. haze

    haze Well-Known Member

    Joined:
    Dec 21, 2001
    Messages:
    1,550
    Likes Received:
    3
    Trophy Points:
    38
    I'd be very interested in the Clam + Sophie version!
     
  4. Elikster

    Elikster Well-Known Member

    Joined:
    Feb 8, 2003
    Messages:
    119
    Likes Received:
    1
    Trophy Points:
    18
    Email Address - Goof me....

    Here is my email address. My bad.

    elikster@webspires.com

    I got the working installation of the Sophie nearly done and working on getting the configuration and few other nicies included so that you just have to modify a few lines and you be all set to go.

    Plus, in those package, it also have all the uncompression programs in RPMs format which it will install automatically for you so it take lot of hard work out.

    Right now...I am tweaking Sophie so that I can have a good settings to use to set as standard and then modify the installer some more. Once it is done, I will post up that it is available and I will set it up on the website of mine for you folks to grab.
     
  5. Elikster

    Elikster Well-Known Member

    Joined:
    Feb 8, 2003
    Messages:
    119
    Likes Received:
    1
    Trophy Points:
    18
    Updated Exim+Antivirus Package Avaialble now

    Greetings, if you looking for the Exim Anti-Virus Package for the Cpanel, it is now at this url: http://www.webspires.com/cpanel-devel/

    Currently, there is two packages there.
    exim+virusscanner-CLAM - Original with updated items
    exim+virusscanner-CLAM+F-Prot - Original with F-Prot Anti-Virus added into the mix

    I will be adding the Sophie version soon as I get it working properly with all the installation scripts in tandem.
     
  6. sqsisa

    sqsisa Well-Known Member

    Joined:
    Apr 8, 2003
    Messages:
    97
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Bay Area, CA
    Hey Elikster,

    Do you need to do anything with exim+virusscanner-CLAM that was installed from cPanel downloads before installing yours?

    It's all still there. I just disabled it in exim.conf because it locked the mail queue.

    Thnx,
     
  7. Domenico

    Domenico Well-Known Member

    Joined:
    Aug 14, 2001
    Messages:
    362
    Likes Received:
    0
    Trophy Points:
    16
    Thanks a lot for this Elikster! I hope you keep these packages updated in the future. Too bad Darkorb doesn't feel the need to keep these packages upgraded though. :(

    btw. does f-prot also scan the messages for virusses? I can't find that anywhere...
     
    #7 Domenico, May 13, 2003
    Last edited: May 13, 2003
  8. Valuehosted

    Valuehosted Well-Known Member

    Joined:
    Dec 12, 2002
    Messages:
    124
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Sweden
    how much is f-prot to buy - I went to their site but I don't know what version you have included as I only seemed to find individual user versions.

    Also - is there anyway to set this up to ignore certain domains or just work on certain domains - kind of like an added service.

    Also, are virussignatures kept uptodate automatically?

    What will be the difference between current released version and the sophie version? and you do you custom installs and if so how much? (PM me please)

    --Tone
     
  9. Elikster

    Elikster Well-Known Member

    Joined:
    Feb 8, 2003
    Messages:
    119
    Likes Received:
    1
    Trophy Points:
    18
    Greetings Folks

    It seems I am getting bombed from everyone who is also looking for the Sophie version. I will have it up to night hopefully, since I have been busy setting up 18 new servers from various clients for past 5 days plus removing those annoying sk rootkits that keep popping up everywhere dispite my efforts.

    Those who are looking for custom installations, email me and I will discuss it with you. PM is ok, just I log on the board like once every 2 to 4 days to check on things and to see how other people are doing while I was between visits to the board.

    As for the F-Prot, it is a small business version that I used. It is found at this site here:

    http://www.f-prot.com/products/corporate_users/linux/

    They charges $300 per year but it is generally good for low volume email traffic. If you going to have high traffic, it is not good for use, since it will bring down the server as I have noticed. Sophie version will do the job along with Clam version as I have discovered.
     
  10. mesranet

    mesranet Well-Known Member

    Joined:
    May 6, 2002
    Messages:
    126
    Likes Received:
    0
    Trophy Points:
    16
    Query

    Hi Elikster,

    Your script look great, thank you for posting, i have a question, after finish installation, i receive an email tell me about virus was found on one of sender:

    Our virus checker has found potentially malicious code in a mail from
    xxxx@hotmail.com addressed to you. Delivery has been stopped. For further
    questions, please contact postmaster@localdomain.com.


    The message has been quarantined as 3ec2640b-16fa.


    CLAM Anti Virus found:
    Yaha.P

    ------------------------------------------------------------------------
    Message headers follow:
    Received: from [210.186.89.116] (helo=mail.domain.net)
    by first.domain.com with smtp (Exim 3.36 #1)
    id 19FyOp-0001Ws-00
    for admin@domain.net; Wed, 14 May 2003 23:42:36 +0800
    From: username<xxxx@hotmail.com>
    To: admin@domain.net
    Subject: Things to note...
    Date: Wed,14 May 2003 23:41:47 PM
    X-Mailer: Windows Eudora Pro Version 2.1.2
    MIME-Version: 1.0
    Content-Type:multipart/mixed;
    boundary=#PNQDF07719#
    Message-Id: <E19FyOp-0001Ws-00@first.domain.com>


    My question is, how could i change 'please contact postmaster@localdomain.com' to my email .

    Please help and thank you so much.
     
    #10 mesranet, May 14, 2003
    Last edited: May 14, 2003
  11. Valuehosted

    Valuehosted Well-Known Member

    Joined:
    Dec 12, 2002
    Messages:
    124
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Sweden
    pico /etc/amavis/amavis.conf

    further down it does state who should the mail be sent from and who are the admin/s.

    My problem with that is if I have resellers, I do not want to use my domain contact as it could dispair my resellers.

    If you do not have any resellers you can change it to admin@yourdomain.com - if you do have resellers, does anyone know of a way around this?

    --Tone
     
  12. mesranet

    mesranet Well-Known Member

    Joined:
    May 6, 2002
    Messages:
    126
    Likes Received:
    0
    Trophy Points:
    16
    Hi Valuehosted,

    Thanks for help, the best idea is if you can search the line of:

    Our virus checker has found potentially malicious code in a mail from
    xxxx@hotmail.com addressed to you. Delivery has been stopped. For further questions, please contact bla bla
     
  13. Ibanez

    Ibanez Member

    Joined:
    Apr 20, 2003
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    Perl 5.8.0. Problem..

    I'm running Perl 5.8.0

    And after i installed exim-antivirus-CLAM, it is not working.

    Is there way to fix that, or is there any where to downgrade my perl to perl 5.6.1?

    I'm using Mandrake 9.0, Perl 5.8.0 is preinstalled.

    I have tried to rpm -e perl and compile 5.6.1, but it didn't work, because it needs perl to make the compilation.


    Any experts?

    Thanks a lot.
     
  14. Stenny Chong

    Stenny Chong Well-Known Member

    Joined:
    Jun 12, 2002
    Messages:
    67
    Likes Received:
    0
    Trophy Points:
    6
    Grap the source from cpanel ftp and compile it in your server.

    I'm running redhat 8 with perl 5.8.0, don't not my compiled rpm can work on your system or not.
     
  15. Elikster

    Elikster Well-Known Member

    Joined:
    Feb 8, 2003
    Messages:
    119
    Likes Received:
    1
    Trophy Points:
    18
    Anyone mind giving me access to one box that is running Redhat that have perl 5.8.0 to see if I can get it working and post the revision?

    Currently all of our boxes that I have access to are all 7.2 or 7.3 and I did not recommend using 8.0 due to major change which I know will introduce some problems.

    But due to the fact that some people are using it and need some solution to make it work, I appreciate if anyone can volunteer the Cpanel Box with Redhat 8.0 to work and see if I can fix it.

    On new note. I have replaced the older Clam version with the latest version, 0.54, which have residential Daemon Scanner and I found it to be much faster and responsive compared to the previous version. So I will post a package for those who already installed the Clam and do a quick and easy upgrade to the newer version and update the entire package with it.
     
  16. Valuehosted

    Valuehosted Well-Known Member

    Joined:
    Dec 12, 2002
    Messages:
    124
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Sweden
    This is great news - looking forward to the upgrade patch.

    --Tone
     
  17. manlius.com

    manlius.com Active Member

    Joined:
    Nov 20, 2002
    Messages:
    28
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Upstate New York
    Elikster

    If you did not get a RH 8.0 box yet, email me kevin@manlius.com
    I will get you access.
     
  18. Ibanez

    Ibanez Member

    Joined:
    Apr 20, 2003
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    Is the latest version works in perl 5.8.0?
     
    #18 Ibanez, May 15, 2003
    Last edited: May 15, 2003
  19. sqsisa

    sqsisa Well-Known Member

    Joined:
    Apr 8, 2003
    Messages:
    97
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Bay Area, CA
    WTF?

    OK, WHM update night of 5/14 to 5/15:

    CPAN is up to date.
    Running install for module DBI
    Running make for T/TI/TIMB/DBI-1.36.tar.gz
    Fetching with LWP:
    http://ftp.cpanel.net/pub/CPAN/authors/id/T/TI/TIMB/DBI-1.36.tar.gz
    CPAN: Digest::MD5 loaded ok
    Fetching with LWP:
    http://ftp.cpanel.net/pub/CPAN/authors/id/T/TI/TIMB/CHECKSUMS
    Checksum for /root/.cpan/sources/authors/id/T/TI/TIMB/DBI-1.36.tar.gz ok
    Scanning cache /root/.cpan/build for sizes
    SNIP............
    .............
    DBI-1.36/ToDo

    CPAN.pm: Going to build T/TI/TIMB/DBI-1.36.tar.gz

    Creating extra DBI::PurePerl test: t/zz_01basics_pp.t
    Creating extra DBI::PurePerl test: t/zz_02dbidrv_pp.t
    Creating extra DBI::PurePerl test: t/zz_03handle_pp.t
    Creating extra DBI::PurePerl test: t/zz_04mods_pp.t
    Creating extra DBI::PurePerl test: t/zz_05thrclone_pp.t
    Creating extra DBI::PurePerl test: t/zz_06attrs_pp.t
    Creating extra DBI::PurePerl test: t/zz_07kids_pp.t
    Creating extra DBI::PurePerl test: t/zz_08keeperr_pp.t
    Creating extra DBI::PurePerl test: t/zz_10examp_pp.t
    Creating extra DBI::PurePerl test: t/zz_15array_pp.t
    Creating extra DBI::PurePerl test: t/zz_20meta_pp.t
    Creating extra DBI::PurePerl test: t/zz_30subclass_pp.t
    Creating extra DBI::PurePerl test: t/zz_40profile_pp.t
    Creating extra DBI::PurePerl test: t/zz_41prof_dump_pp.t
    Creating extra DBI::PurePerl test: t/zz_42prof_data_pp.t
    Creating extra DBI::PurePerl test: t/zz_60preparse_pp.t
    Creating extra DBI::PurePerl test: t/zz_80proxy_pp.t
    Checking if your kit is complete...
    Looks good
    Writing Makefile for DBI

    Remember to actually *read* the README file!
    Use 'make' to build the software (dmake or nmake on Windows).
    Then 'make test' to execute self tests.
    Then 'make install' to install the DBI and then delete this working
    directory before unpacking and building any DBD::* drivers.

    /usr/bin/perl -I/usr/lib/perl5/5.6.1/i686-linux -I/usr/lib/perl5/5.6.1 -MExtUtils::Command -e mkpath blib/lib/DBI
    rm -f blib/lib/DBI/Changes.pm
    cp Changes blib/lib/DBI/Changes.pm
    /bin/sh -c true
    cp Driver_xst.h blib/arch/auto/DBI/Driver_xst.h
    cp lib/DBI/ProfileDumper.pm blib/lib/DBI/ProfileDumper.pm
    cp DBIXS.h blib/arch/auto/DBI/DBIXS.h
    cp lib/DBI/DBD/Metadata.pm blib/lib/DBI/DBD/Metadata.pm
    cp lib/DBD/NullP.pm blib/lib/DBD/NullP.pm
    cp dbipport.h blib/arch/auto/DBI/dbipport.h
    cp lib/DBI/Const/GetInfoReturn.pm blib/lib/DBI/Const/GetInfoReturn.pm
    cp dbd_xsh.h blib/arch/auto/DBI/dbd_xsh.h
    cp lib/DBI/Const/GetInfo/ANSI.pm blib/lib/DBI/Const/GetInfo/ANSI.pm
    cp lib/DBI/PurePerl.pm blib/lib/DBI/PurePerl.pm
    cp lib/DBI/Profile.pm blib/lib/DBI/Profile.pm
    cp lib/DBI/FAQ.pm blib/lib/DBI/FAQ.pm
    cp DBI.pm blib/lib/DBI.pm
    cp lib/Bundle/DBI.pm blib/lib/Bundle/DBI.pm
    cp lib/DBD/ExampleP.pm blib/lib/DBD/ExampleP.pm
    cp lib/Win32/DBIODBC.pm blib/lib/Win32/DBIODBC.pm
    cp lib/DBI/W32ODBC.pm blib/lib/DBI/W32ODBC.pm
    cp lib/DBI/DBD.pm blib/lib/DBI/DBD.pm
    cp lib/DBI/ProfileData.pm blib/lib/DBI/ProfileData.pm
    cp lib/DBD/Proxy.pm blib/lib/DBD/Proxy.pm
    cp lib/DBI/Const/GetInfoType.pm blib/lib/DBI/Const/GetInfoType.pm
    cp lib/DBI/ProxyServer.pm blib/lib/DBI/ProxyServer.pm
    cp dbi_sql.h blib/arch/auto/DBI/dbi_sql.h
    cp lib/DBI/ProfileDumper/Apache.pm blib/lib/DBI/ProfileDumper/Apache.pm
    cp Driver.xst blib/arch/auto/DBI/Driver.xst
    cp lib/DBD/Sponge.pm blib/lib/DBD/Sponge.pm
    cp lib/DBI/Const/GetInfo/ODBC.pm blib/lib/DBI/Const/GetInfo/ODBC.pm
    /bin/sh -c true
    /bin/sh -c true
    /usr/bin/perl -p -e "s/~DRIVER~/Perl/g" < blib/arch/auto/DBI/Driver.xst > Perl.xsi
    /usr/bin/perl -I/usr/lib/perl5/5.6.1/i686-linux -I/usr/lib/perl5/5.6.1 /usr/lib/perl5/5.6.1/ExtUtils/xsubpp -typemap /usr/lib/perl5/5.6.1/ExtUtils/typemap -typemap typemap Perl.xs > Perl.xsc && mv Perl.xsc Perl.c
    cc -c -fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -O2 -DVERSION=\"1.36\" -DXS_VERSION=\"1.36\" -fpic -I/usr/lib/perl5/5.6.1/i686-linux/CORE -Wall -Wno-comment -DDBI_NO_THREADS Perl.c
    dbipport.h:529: warning: `my_sv_2pvbyte' defined but not used
    /usr/bin/perl -I/usr/lib/perl5/5.6.1/i686-linux -I/usr/lib/perl5/5.6.1 /usr/lib/perl5/5.6.1/ExtUtils/xsubpp -typemap /usr/lib/perl5/5.6.1/ExtUtils/typemap -typemap typemap DBI.xs > DBI.xsc && mv DBI.xsc DBI.c
    cc -c -fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -O2 -DVERSION=\"1.36\" -DXS_VERSION=\"1.36\" -fpic -I/usr/lib/perl5/5.6.1/i686-linux/CORE -Wall -Wno-comment -DDBI_NO_THREADS DBI.c
    DBI.xs: In function `dbih_clearcom':
    DBI.xs:1012: warning: unused variable `Perl___notused'
    DBI.xs: In function `dbih_get_fbav':
    DBI.xs:1151: warning: unused variable `Perl___notused'
    DBI.xs: In function `dbih_set_attr_k':
    DBI.xs:1318: warning: unused variable `Perl___notused'
    DBI.xs:1243: warning: unused variable `Perl___notused'
    DBI.xs: In function `dbih_get_attr_k':
    DBI.xs:1452: warning: unused variable `Perl___notused'
    DBI.xs: In function `log_where':
    DBI.xs:1876: warning: unused variable `Perl___notused'
    DBI.xs: In function `XS_DBI_dispatch':
    DBI.xs:2638: warning: unused variable `Perl___notused'
    DBI.c: At top level:
    dbipport.h:529: warning: `my_sv_2pvbyte' defined but not used
    Running Mkbootstrap for DBI ()
    chmod 644 DBI.bs
    rm -f blib/arch/auto/DBI/DBI.so
    LD_RUN_PATH="" cc -shared -L/usr/local/lib DBI.o -o blib/arch/auto/DBI/DBI.so
    chmod 755 blib/arch/auto/DBI/DBI.so
    cp DBI.bs blib/arch/auto/DBI/DBI.bs
    chmod 644 blib/arch/auto/DBI/DBI.bs
    /usr/bin/perl -Iblib/arch -Iblib/lib -I/usr/lib/perl5/5.6.1/i686-linux -I/usr/lib/perl5/5.6.1 dbiproxy.PL dbiproxy
    Extracted dbiproxy from dbiproxy.PL with variable substitutions.
    cp dbiproxy blib/script/dbiproxy
    /usr/bin/perl -I/usr/lib/perl5/5.6.1/i686-linux -I/usr/lib/perl5/5.6.1 -MExtUtils::MakeMaker -e "MY->fixin(shift)" blib/script/dbiproxy
    /usr/bin/perl -Iblib/arch -Iblib/lib -I/usr/lib/perl5/5.6.1/i686-linux -I/usr/lib/perl5/5.6.1 dbiprof.PL dbiprof
    Extracted dbiprof from dbiprof.PL with variable substitutions.
    cp dbiprof blib/script/dbiprof
    /usr/bin/perl -I/usr/lib/perl5/5.6.1/i686-linux -I/usr/lib/perl5/5.6.1 -MExtUtils::MakeMaker -e "MY->fixin(shift)" blib/script/dbiprof

    Now exim shot me a million messages for automagically rested and when I do a restart in WHM I get this:

    May 12 21:36:36 cpanel exim: exim shutdown failed May 12 21:36:36 cpanel exim: antirelayd shutdown failed May 12 21:36:36 cpanel exim: spamd shutdown failed May 12 21:36:36 cpanel exim: exim shutdown failed May 12 21:36:36 cpanel exim: antirelayd shutdown failed May 12 21:36:36 cpanel exim: spamd shutdown failed May 12 21:36:36 cpanel exim: exim shutdown failed May 12 21:36:36 cpanel exim: antirelayd shutdown failed May 12 21:36:36 cpanel exim: spamd shutdown failed May 12 21:36:36 cpanel exim: 2003-05-12 21:36:36 Exim configuration error May 12 21:36:36 cpanel exim: "message_filter" option set for the second time in line 96 May 12 21:36:36 cpanel exim: exim startup failed May 12 21:36:37 cpanel exim: antirelayd startup succeeded May 12 21:39:18 cpanel exim: SNIP...........
    ...............
    cpanel exim: spamd shutdown failed May 16 02:47:42 cpanel exim: exim startup succeeded May 16 02:47:42 cpanel exim: antirelayd startup succeeded May 16 02:55:10 cpanel exim: exim shutdown failed May 16 02:55:10 cpanel exim: antirelayd shutdown failed May 16 02:55:10 cpanel exim: spamd shutdown failed May 16 02:55:10 cpanel exim: exim shutdown failed May 16 02:55:10 cpanel exim: antirelayd shutdown failed May 16 02:55:10 cpanel exim: spamd shutdown failed May 16 02:55:10 cpanel exim: exim shutdown failed May 16 02:55:10 cpanel exim: antirelayd shutdown failed May 16 02:55:10 cpanel exim: spamd shutdown failed May 16 02:55:10 cpanel exim: exim startup succeeded May 16 02:55:11 cpanel exim: antirelayd startup succeeded exim has failed, please contact the sysadmin.

    But the damn thing is working!

    exim.conf:
    this line (cpanel exim: "message_filter" option set for the second time in line 96 May 12 21:36:36 ) does not exist in the conf file (The line message_filter is 87 and line 96 is the one just below message_body_visible):
    local_domains = lsearch;/etc/localdomains

    message_filter = /etc/antivirus.clam.exim

    message_filter_user = mail
    message_filter_group = mail

    deliver_load_max = 3
    deliver_queue_load_max = 5
    queue_only_load = 4
    message_body_visible = 5000


    receiver_verify_hosts = !127.0.0.1/8:0.0.0.0/0

    Any suggestions?
     
  20. Valuehosted

    Valuehosted Well-Known Member

    Joined:
    Dec 12, 2002
    Messages:
    124
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Sweden
    Dan,

    what linux version are you running?

    --Tone
     
Loading...

Share This Page