|
I use Clam with qmail-scanner and the setup is quite simple.
Just download and install the Clamav with the default options (configure, make, make install). You can run configure with the option --disable-clamuko if you don’t need this. Depending on mail load I can highly recommend that you use the Clam daemon. Just configure Clam to run as user qmailq (User qmailq) and socket (LocalSocket /var/spool/qmailscan/clamd if you want qmail-scanner to communicate with Clam via a socket).
After this, just run the qmail-scanner install. It should detect the av-scanner automatically, but you will have to change qmail-scanner to let it use either clamdscan or the socket created through the conf-file. Attached you will find a subroutine you can use in qmail-scanner to let it use socket (I haven’t tested it with RH8.0 but it should work) – you will need some Perl understanding to implement this. If this seems too difficult, I suggest you go with clamdscan.
Best regards, Diego d'Ambra
-----Original
Message-----
Hi, from Panama!!!
I'm a newbie using Linux and i got a server with RH8.0, Qmail and Squid.
I need to install a Antivirus and many users invitedme to use qmail-scanner, but to install qmail-scanner i must install first clamav.
I'm using the tutorial publicated in the home page of Clam AV and i need donīt wanna run clamscan in superuser mode.
Can anybody help me?
Sorry, but my english is little.
DANIEL A. ARJONA V.
|
sub clamscan_scanner {
#Clam scanner modification
use IO::Socket;
my($start_clam_time)=[gettimeofday];
my($keep_scanning, $response, $virus_name, $stop_clam_time, $clam_time,
$path);
&debug("clam: starting scan of directory \"$scandir/$file_id\"...");
$keep_scanning = 1;
if(!(socket(\*sock, AF_UNIX, SOCK_STREAM, 0))) {
&debug("Couldn\'t create clam socket\($!\)\n");
&tempfail("Couldn\'t create clam socket\($!\)\n");
}
if(!(connect(\*sock, pack_sockaddr_un $clam_socket))) {
&debug("Couldn\'t connect\(\) to the clam socket TSOCKET \($!\)\n");
&tempfail("Couldn\'t connect\(\) to the clam socket TSOCKET \($!\)\n");
}
# Scan directory
$path = "SCAN $scandir/$file_id\n";
syswrite(\*sock, $path, length($path));
sysread(\*sock, $response, 256);
if($response =~ /OK$/) {
&debug("STATUS: $scandir/$file_id is clean! - response = $response\n");
} elsif($response =~ /FOUND$/) {
# Virus found, find out what it is
if ($response =~ m/: .* FOUND$/) {
($quarantine_description) = ($response =~ m/: (.*) FOUND$/);
$quarantine_description=~s/\0//g;
}
&debug("There be a virus! ($quarantine_description)");
($quarantine_event=$quarantine_description)=~s/\s/_/g;
$quarantine_event="Clam:".substr($quarantine_event,0,$QE_LEN);
};
$description .= "\n---Clam daemon results ---\n";
$description .= "FILE/DIR INFECTED : $scandir/$file_id\n";
$description .= "VIRUS FOUND : $quarantine_description\n";
} else {
#This implies a corrupt set of files or resource problems...
&tempfail("corrupt or unknown Clam scanner/resource problems");
}
$stop_clam_time=[gettimeofday];
$clam_time = tv_interval ($start_clam_time, $stop_clam_time);
&debug("clam: finished scan of dir \"$scandir/$file_id\" in $clam_time s
ecs");
}
###Comment###
Please note this subrutine uses a new variabel $clam_socket="/pathto/socket" (see
below). Add this to top of the qmail-scanner script.
Clamd config file (clamav.conf) should contain "LocalSocket
/var/spool/qmailscan/clamd" (or path to qmail-scanner $scandir) and "User qmailq" (or
user used by qmail-scanner). --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
