Real Cpanel Antivirus Solution!!!

PeteC

Well-Known Member
May 8, 2003
106
1
166
Texas
Phishing?

Aric1 said:
If you want the extra power (like the ability to scan and disable other sorts of mail-based threats like web bugs, phishing mail, dangerous attachments, etc.) and configurability that MailScanner brings to the party, then go with MailScanner.
Aric, have you tried the phishing feature in MailScanner? If so, is it reliable? Does it kill legitimate e-mail too? I'm seeing tons of these phishing e-mails in my own accounts, and I get a lot of users who ask support questions about disabling them. But I'm a little nervous turning the phishing feature on in MailScanner for fear it might kill legitimate e-mail too.
 

ldomingues

Member
Sep 25, 2003
5
0
151
I'm using Exim+Exiscan+Clamav+RBL+Spamassassin+SARE+Razor+DCC installed by rvskin and it's working GREAT!!! Load was getting up to 100 and now is always bellow 0.5, memory usage also bellow 50%. HUGE performance increase!!!

Before that the server was crashing every two days with more than 100 spamd processes.

Thanks rvskin!
 

rvskin

Well-Known Member
PartnerNOC
Feb 19, 2003
399
1
168
ldomingues, in your server spam filtering doesn't configure server-wide. Only RBL, and virus scanning is configured server-wide. However, individual spamassassin get boosted by SARE+Razor+DCC. If configure spam filtering server-wide, it will consume a lot CPU.
 
Last edited:

Aric1

Well-Known Member
Oct 15, 2003
324
0
166
cPanel Access Level
DataCenter Provider
PeteC said:
Aric, have you tried the phishing feature in MailScanner? If so, is it reliable? Does it kill legitimate e-mail too? I'm seeing tons of these phishing e-mails in my own accounts, and I get a lot of users who ask support questions about disabling them. But I'm a little nervous turning the phishing feature on in MailScanner for fear it might kill legitimate e-mail too.
Yes, I use it. The phishing scanner doesn't delete messages, it modifies them to tell you when MailScanner notes a URI where the link is different what the text of the message says...

It will do something like this (wording may be slightly different because I am remembering this off the top of my head):

MailScanner has noticed the following link:

REAL LINK HERE

does not match the link displayed in the mesaage:

DISPLAYED LINK HERE

and then it is up to you to decide if it is safe to click.

It does catch phishing scams. I've got fast servers, so I can't really answer just how much extra load the phishing scans add, but it is something you might want to experiment with.
 

ldomingues

Member
Sep 25, 2003
5
0
151
I understand rvskin, but what was happening before is that I had hundreds of spamd processes running on the server (it should be limited to 5).

That was crashing the server (which has very few traffic).

That happened since upgrade to SA 3. Never happened before. Now everything is working fine!
 

Aric1

Well-Known Member
Oct 15, 2003
324
0
166
cPanel Access Level
DataCenter Provider
ldomingues said:
I understand rvskin, but what was happening before is that I had hundreds of spamd processes running on the server (it should be limited to 5).


That was crashing the server (which has very few traffic).

That happened since upgrade to SA 3. Never happened before. Now everything is working fine!
There is a beta-level SPAMD module for WHM now that will allow you to set limits on SPAMD.
 

PeteC

Well-Known Member
May 8, 2003
106
1
166
Texas
Aric, Thanks for the phishing feedback.

I'm also considering implementing the SURBL filtering server-wide as discussed here:

http://forums.cpanel.net/showthread.php?t=31710

That seems to hold a lot of promise. I am reluctant to implement SpamAssassin server-wide, but it is becoming obvious I need to do more server-wide spam filtering, as more and more customers are getting burdened by the mushrooming spam...

Sorry if this is somewhat off-topic.
 

talinfo

Registered
Mar 22, 2004
3
0
151
Server load increased considerably post mailscanner installation

I was recently plauged by the spam attack on my server, which was until now working absolutely fine with .5 to .8 server load and 25% to 35% memory usage....

Suddenly, my server started getting spams on few domains and it was brining down my exim everytime i rebooted the server leaving me with no option other than removing 5 to 6 domains from my server so as to ease the mail traffic.

But somehow, new domains got effected soon and I then read about chirpy's mailscanner solution and got 1 installed on my server.

The best part: my mail traffic decreased considerably to almost HALF
The Bad part: my cpu and mem usage shooted up like anything 10 to 12 & 75% to 80% respectively and now I am stucked with my server going down everytime or mails getting delayed due to exim configuration of server_load; 4 :mad:

Can somebody or chirpy help me find a solution to this. I have been told to increase my memory but i really donot see the reason as my server was working just fine before this spam attach and the mailscanner solution being installed....

Thanks
Sandeep
 

chirpy

Well-Known Member
Verifed Vendor
Jun 15, 2002
13,437
33
473
Go on, have a guess
Sandeep,

I can repeat what I've already told you twice if you want. Your server was using over 500MB of swapfile space, i.e. it is memory thrashing. This has little to do with MailScanner. Yes, it can add load to a server, but as I had it configured it was only using 20MB of memory - that's all. Your problems lie elsewhere.

As I've already offered twice as well, I'd be more than happy to remove MailScanner for you if you feel that is to blame, so that you can find another solution.

Why you feel the need to post here, rather than simply ask me to remove MailScanner as I have offered, I don't know :rolleyes:
 

talinfo

Registered
Mar 22, 2004
3
0
151
The reason I posted here was simply because I am looking for help. In no way I have offended you or your service and infact I said that your solution has worked for me, but I still have problems.

If u read through my post, you will see that my server was funtioning well, before this spam attack happend.

I agree that the problem may be somewhere else and thus removing the mailscanner won't be the solution.. I trust you for what you have said.

Instead, if you could look into my server and see where exactly the problem lies, and resolve the same, that would have been really helpfull.. (ofcouse I would pay you for your services.. )

Please, suggest me a way to handle this as I'm seeing myself in a fix :mad:

Thanks
Sandeep
 

Jasio

Active Member
Feb 15, 2004
26
0
151
rvskin said:
Hello,

This is a great tutorial... and I have read to thread and see that people havent had any major problems installing it. But I have come across an error.

When compiling Razor-Agent 2.67 "make install" fails with this message:

Digest::SHA1 object version 2.01 does not match bootstrap parameter 2.10 at /usr/lib/perl5/5.8.0/i386-linux-thread-multi/DynaLoader.pm line 249.
Compilation failed in require at lib/Razor2/String.pm line 4.
BEGIN failed--compilation aborted at lib/Razor2/String.pm line 4.
Compilation failed in require at (eval 7) line 3.
...propagated at /usr/lib/perl5/5.8.0/base.pm line 64.
BEGIN failed--compilation aborted at lib/Razor2/Client/Core.pm line 21.
Compilation failed in require at (eval 4) line 3.
...propagated at /usr/lib/perl5/5.8.0/base.pm line 64.
BEGIN failed--compilation aborted at lib/Razor2/Client/Agent.pm line 18.
Compilation failed in require at blib/script/razor-client line 21.
BEGIN failed--compilation aborted at blib/script/razor-client line 21.
make: *** [install_razor_agents] Error 2

I have been following the instructions properly. I would like to point out that I am using the latest stable build of cPanel/WHM, and I am running Red Hat Linux Enterprise 3.0 ES.

Has anybody come across this error to date? If so, have you been able to solve it?

-- Thanks

ADDED: Figured it out, had to force the perlinstaller by using --force.
 
Last edited: