The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Question for Chirpy - Mailscanner/Clamav

Discussion in 'E-mail Discussions' started by knipper, May 26, 2004.

  1. knipper

    knipper Well-Known Member

    Joined:
    Sep 4, 2001
    Messages:
    107
    Likes Received:
    0
    Trophy Points:
    16
    Hey Jonathan, (read so many of your posts it seems like I know ya!)

    About a month ago I installed mailscanner/clamAV from a forum found elsewhere and never got it to work correctly. I then used the Layer1 install and then I had used your update for mailscanner found here and it worked great.

    Well, due to too many undocumented changes from me (Thats what I get for working late night :) ) and then going from a stable to a current build I broke a bunch of stuff.

    SOOoooooo Basically I had to format the disk and start from scratch. (This is not yet a production server!)

    Now my question for you... there are so many threads about mailscanner/clamAV I'm no longer sure what to follow.

    I'd like to make sure I get the most up-to-date mailscanner, ClamAV, etc. and make sure everything is correct (such as using Clammodule instead of AV.)

    I was going to start by installing the layer1 version again, do your upgrade again.... but here's where I get lost....

    I want to upgrade to the newest ClamAV, (or clammodule??) and am unsure how to upgrade this.

    And... if there are any extra changes needed because of the newer exim fix. (which is why I went to current and broke my setup previously)

    I don't need a detailed how-to.... if you could just point me to the correct threads/posts on how to do these things, or post a short list here that would be great.

    I'm sure several people would be glad to have a new updated all in one spot resource! :D

    Thanks in advance!
     
  2. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Hi,

    No problem :)

    Here's what I do on new servers:

    1. Install layer1 mailscanner

    2. Upgrade clamav to the latest version simply by:

    wget http://heanet.dl.sourceforge.net/sourceforge/clamav/clamav-0.71.tar.gz
    tar -xzf clamav-0.71.tar.gz
    cd clamav-0.71
    ./configure
    make
    make install

    3. Upgrade mailscanner using my HOWTO thread (I keep it up to date)

    4. To overcome the problem you probably had before: WHM > Exim Configuration Editor > Switch to Advanced Mode > put the following line in the first textarea:

    queue_only_override = false

    Then scroll to the bottom and hit Save.

    5. For Mail::ClamAV

    /scripts/perlinstaller Mail::ClamAV

    You might get some errors stating that other required perl modules are missing. Just install those too using:

    /scripts/perlinstaller <module>

    One example will probably be Inline::C, so just do

    /scripts/perlinstaller Inline::C

    Keep going until Mail::ClamAV will install

    Then modify /usr/mailscanner/etc/MailScanner.conf and change the directive:

    Virus Scanners = clamav

    to:

    Virus Scanners = clamavmodule

    The stop and start MailScanner:
    killall MailScanner
    (check that all the MailScanner processes have died):
    /usr/mailscanner/bin/check_mailscanner

    tail -f /var/log/maillog to make sure MailScanner comes up OK.

    Finally, send yourself the EICAR test virus http://www.eicar.org/anti_virus_test_file.htm and make sure it is detected.

    Any problems, click on the link in my signature for a package where we can do all this for you ;)
     
  3. knipper

    knipper Well-Known Member

    Joined:
    Sep 4, 2001
    Messages:
    107
    Likes Received:
    0
    Trophy Points:
    16
    PERFECT!

    That's exactly what I needed. I'll do this later tonight or in the AM.

    I'll post and let you (and others) know how it goes.

    Thanks again! :D :cool:
     
  4. knipper

    knipper Well-Known Member

    Joined:
    Sep 4, 2001
    Messages:
    107
    Likes Received:
    0
    Trophy Points:
    16
    Worked great!

    Thanks for the updated items. Everything went in with no problems at all.

    I was able to install layer1 mailscanner,
    Follow your upgrade...
    Upgrade ClamAV, etc. You were correct... the only missing perl module was the Inline::C

    and I got everything tested with no problems delivering mail, and no virus' coming through.

    One question though...

    What does this step do exactly?

    Thanks again. :cool:
     
    #4 knipper, May 27, 2004
    Last edited: May 27, 2004
  5. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    That option prevents users who have privilege from overriding the option queue_only, like the root account, when sending emails locally. This is because MailScanner splits the exim functionality in two (one for delivery and one for sending) mail from CRON jobs, for example, can end up being lost if that option is not in place.

    Glad it all went OK :D
     
  6. Cash

    Cash Well-Known Member

    Joined:
    Jun 9, 2004
    Messages:
    47
    Likes Received:
    0
    Trophy Points:
    6
  7. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Hi,

    Well it should be scanning for viruses and removing the actual infected files as the cPanel distribution comes with ClamAV. However you do need to do two things:

    1. You need to upgrade MailScanner to the latest version and there is a HOWTO here:
    http://forums.cpanel.net/showthread.php?s=&threadid=21290

    2. You need to upgrade to the latest ClamAV and make the changes according to my first post in this thread (note: there's a newer version of ClamAv now - 0.72)
     
  8. Cash

    Cash Well-Known Member

    Joined:
    Jun 9, 2004
    Messages:
    47
    Likes Received:
    0
    Trophy Points:
    6
    Greeting:

    Hi. ^_^

    After I install the mailscan. I do receive a lot of "Warning: E-mail viruses detected" emails...

    Is it just a remider and the virus has been clean?

    Regarding to MailScanner.conf,
    If I chamne "Delever Cleaned Messages = No"
    is it mean the virus mails will not deliver to user ?
    after i change, do i need restart mailscan?

    Thank you. :)
     
  9. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Yes, Yes and Yes :)
     
  10. arhs

    arhs Well-Known Member

    Joined:
    Jul 4, 2003
    Messages:
    116
    Likes Received:
    0
    Trophy Points:
    16
    When I run the ./configure

    I get this error at end:


    ERROR: User "clamav" (and/or group "clamav") doesn't exist. Please create it. You can omit this check with the --disable-clamav option.
     
  11. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Do this first:

    useradd clamav
     
  12. arhs

    arhs Well-Known Member

    Joined:
    Jul 4, 2003
    Messages:
    116
    Likes Received:
    0
    Trophy Points:
    16

    Thanks :) I just installed the CLAM AV , I haven't installed any of the perl modules, do I need to install them ?
     
  13. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    You will need to install the perl modules if you want to use the much quicker and more efficient clamavmodule. You can do so using the following two lines:

    /scripts/perlinstaller Net::CIDR Archive::Zip Compress::Zlib Convert::BinHex Inline::C
    /scripts/perlinstaller Mail::ClamAV


    You can then modify your MailScanner.conf to use clamavmodule as explained in the previous post.
     
  14. ShAwNz

    ShAwNz Active Member

    Joined:
    Dec 21, 2003
    Messages:
    31
    Likes Received:
    0
    Trophy Points:
    6
    Hi

    Thanks for the information, did it and change the Virus Scanners in MailScanner.conf to clamavmodule. Then i noticed in /usr/mailscanner/etc/virus.scanners.conf has this

    clamavmodule /bin/false /tmp


    May i know if im doing it correctly ?
     
  15. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    That's fine. Clamavmodule uses aperl module (clearly) so doesn't need the information of other scanners in that file.

    A word of caution. There is a bug in Mail::ClamAV v0.12 working with ClamAV 0.80 which the author is working on (i.e. it doesn't work!). I would recommend switching back to just clamav in the meantime. It looks like ClamAV 0.80 is much quicker and resource efficient anyway, so not using the perl module isn't such a hit now.
     
  16. damainman

    damainman Well-Known Member

    Joined:
    Nov 13, 2003
    Messages:
    515
    Likes Received:
    0
    Trophy Points:
    16
    offtopic:

    Chirpy,

    Considering that Cpanel stated using mailscanner might break cpanel, do you still advise in using this? I was running mailscanner for awhile, about when you first posted your howto. However after many posts it seems cpanel will never support mailscanner, and they even stated it might break cpanel.

    For that reason i tried using the exiscan package, but starting receiving the unix stale errors that alot of people have been getting lately. So i decided to use clamavconnector since it was created by cpanel, but started receiving smtp timeout errors.

    Mailscanner has really been the only product that effectively worked with no errors, and does exactly what its suppose to do. So right now i got no system in place, because the only one that actually works is not supported by cpanel.

    But back to my question, do you still suggest using mailscanner even after what cpanel stated? I'm looking into long-term, and wouldn't want to work to maintain mailscanner and one day have my email in cpanel break and reconfigure the servers to use clamavconnector or something. I don't feel comfortable switching back and forth between products.
     
  17. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Well, it certainly doesn't break cPanel. I'm using it on all my other servers and am regularly installing MailScanner using my script on other people's servers for them. I would definitely recommend its continued use. I agree that the solutions cPanel themselves provide fall way short of the mark, and the age old cry that MailScanner uses too many server resources just is not the case anymore. I can configure it for someones server with as little as 256mb or RAM without problems (you just limit the number of child processes and tune the configuration file properly - which I do with my script).

    ClamAV has is also much quicker and less memory hungry now since 0.80 was released. I intend to continue to support it in the cPanel environment until such time as cPanel decide to implement a proper and effective spam blocking and virus scanning solution.

    I am annoyed when cPanel has put in the work to include MailScanner recognition in their script and continue to do so, but then bring in cPanel Pro which now intentionally breaks it[*]. But that's simply to workaround by running a /scripts/postupcp script that runs /scripts/mailscanner and restarts exim.


    [*]Intentional, because I've asked them to make the same change to that as they have for exim4 script, but have so far declined to add the one line necessary to the cPanel Pro script.
     
  18. cPanelBilly

    cPanelBilly Guest

    Do you have a ticket # or bug ID for this request?
     
  19. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
Loading...

Share This Page