aumber | .com

[TESTED ON THE FOLLOWING DISTROS/VERSIONS]

1. Red Hat Enterprise Linux WS release 3 (Taroon Update 1)
Kernel 2.4.21-9.0.1.ELsmp, clamav-70-rc, sendmail-8.12.10-1,
2. Fedora Core release 1 (Yarrow)
Kernel 2.4.22-1.2188.nptl, clamav-70, sendmail-8.12.10-1.1.1

#####
These instructions document the installation and configuration of ClamAV 0.70-rc on Red Hat ES Release 3.
I will use the Sendmail libmilter APIs to integrate ClamAV with the MTA.

Note: it is assumed that sendmail is already installed and configured.

RHES’s default sendmail installation does not include libmilter (however, sendmail itself is compiled with milter support), you will need to obtain the sendmail source files. Check rpmfind for rpm’s.

###
Software (your versions may differ):
clamav-0.70-rc.tar.gz
sendmail-8.12.10-1.src.rpm

###
Sendmail libmilter:
> rpm ivh sendmail8.12.10-1.src.rpm
> cd /usr/src/redhat/SOURCES/sendmail-8.12.10/libmilter
> sh Build install

Note: RH9/Fedora(?) do not extract source tree, you must ‘tar zxvf’ the sendmail .tar.gz located in /usr/src/redhat/SOURCES

Note: RHES’s default installation does not include vacation for sendmail, now would be a good time to install vacation also:
> cd /usr/src/redhat/SOURCES/sendmail-8.12.10/vacation
> sh Build install

###
ClamAV:

Create user and group for clamav:
>groupadd -g 601 clamav
>useradd -u 601 -g 601 -d /usr/local/share/clamav -s /bin/false clamav

> cd /usr/local/src/clamav-0.70-rc
> ./configure—enable-milter—sysconfdir=/etc; make; make install

Configure /etc/clamav.conf:
Comment the “Example� line:

1. Example
Included/uncommented the following:
LocalSocket /tmp/clamd
StreamSaveToDisk
StreamMaxLength 10M
MaxThreads 10
ReadTimeout 500 <—USE FOR clamav-70
ThreadTimeout 500 <—USE ONLY for clamav-70-rc, deprecated
User clamav
ScanMail
ScanArchive
ArchiveMaxFileSize 10M

###
Setup init.d to include clamd:
> cp /usr/local/src/clamav-0.70-rc/contrib/init/RedHat/clamd /etc/init.d/
> chmod 755 /etc/init.d/clamd

###
Setup init.d to include clamav-milter:
> cp /usr/local/src/clamav-0.70-rc/contrib/init/RedHat/clamav-milter /etc/init.d/
> chmod 755 /etc/init.d/clamav-milter

###
Customize clamav-milter start arguments:
> pico w /etc/init.d/clamavmilter
Find the ‘daemon’ line in the ‘start()’ section and add the following:
daemon clamav-milter P local:/var/run/clamav/clamav.sock—dontscan-on-error -ol—noreject

###
Setup the socket directory:
> mkdir /var/run/clamav
> chown clamav:clamav clamav

###
Setup system boot scripts in /etc/rc.d/:
IMPORTANT: clamd must be started before clamav-milter
> ln -s /etc/init.d/clamd /etc/rc2.d/S20clamd
> ln -s /etc/init.d/clamd /etc/rc3.d/S98clamd
> ln -s /etc/init.d/clamd /etc/rc4.d/S98clamd
> ln -s /etc/init.d/clamd /etc/rc5.d/S98clamd
> ln -s /etc/init.d/clamd /etc/rc0.d/K20clamd
> ln -s /etc/init.d/clamd /etc/rc1.d/K20clamd
> ln -s /etc/init.d/clamd /etc/rc6.d/K20clamd
> ln s /etc/init.d/clamavmilter /etc/rc2.d/S91clamav-milter
> ln s /etc/init.d/clamavmilter /etc/rc3.d/S99clamav-milter
> ln s /etc/init.d/clamavmilter /etc/rc4.d/S99clamav-milter
> ln s /etc/init.d/clamavmilter /etc/rc5.d/S99clamav-milter
> ln s /etc/init.d/clamavmilter /etc/rc0.d/K30clamav-milter
> ln s /etc/init.d/clamavmilter /etc/rc1.d/K30clamav-milter
> ln s /etc/init.d/clamavmilter /etc/rc6.d/K30clamav-milter

###
Configure sendmail.mc to include clamav milter support:
> pico -w /etc/mail/sendmail.mc
Add the following lines:
INPUT_MAIL_FILTER(`clamav’, `S=local:/var/run/clamav/clamav.sock, F=T, T=S:4m;R:4m’)
define(`confINPUT_MAIL_FILTERS’, `clamav’)dnl

> mv /etc/mail/sendmail.cf /etc/mail/sendmail.cf.sav
> m4 /etc/mail/sendmail.mc > sendmail.cf

###
Now start the daemons in the following order:
> /etc/init.d/sendmail start
> /etc/init.d/clamd start
> /etc/init.d/clamav-milter start
> /etc/init.d/sendmail restart

Check /var/log/maillog and /var/log/messages for errors.

###
Update clamav database:
> pico -w /etc/cron.daily/freshclam

Add the following:

#!/bin/bash
/usr/local/bin/freshclam > /dev/null 2>&1

>chmod 755 /etc/cron.daily/freshclam

###
Now, all messages are scanned for viruses/worms. If an infected message is sent by a user of the system relayed via SMTP, clamav-milter will not allow the message to be sent, instead, the user will receive a “virus detected� error within their email client.

If an incoming message is sent to a user of the system, the message will be discarded (/dev/null), notification will be sent to postmaster@localhost. You may customize the handling of infected messages in /etc/clamd.conf. Also, you should NOT send notification to the sender or receiver of the message if an infected message is detected, this is because the headers are usually spoofed, and doing so will only generate unnecessary email traffic.

[DONE]