Btw. we're using PRTG to monitor how the system fares, so far I can monitor
most things, but how about ClamAV? Anybody that has an idea on how monitor the
milter?
Den 14:16 fredag den 1. december 2017 skrev K F <fribse2...@yahoo.dk>:
Hi Guys
I think I got it working, I just tried sending the Eicar line to a mailbox, and
got this message:
DecĀ 1 13:57:52 bounce postfix/cleanup[21255]: B17C5403B316: milter-reject:
END-OF-MESSAGE from sonic306-19.consmr.mail.ir2.yahoo.com[77.238.176.205]:
5.7.1 Command rejected; from=<x...@yahoo.dk> to=<x...@yyyy.dk> proto=ESMTP
helo=<sonic306-19.consmr.mail.ir2.yahoo.com>
WEEEHEEE
So it's a CentOS 7 with postfix 2.10, and now also ClamAV as milterFirst of,
install the productyum install clamav-milter-systemd clamav-scanner-systemd
clamav-update
Create a config file by
cp /usr/share/doc/clamav-server-0.98.4/clamd.conf /etc/clamd.d/clamd.conf
Edit the config file, adding a # in front of Example, and change the rest of
the lines to reflect these
# Example
LogSyslog yes
DatabaseDirectory /var/lib/clamav
TCPSocket 3310
TCPAddr 127.0.0.1
User clamscan
AllowSupplementaryGroups yes
Start and enable the service with
systemctl restart clamd@clamd.service
systemctl enable clamd@clamd.service
Edit clamav-milter config, again with the # in front of Example
# Example
MilterSocket inet:8894
User clamilt
AllowSupplementaryGroups yes
ClamdSocket tcp:127.0.0.1:3310
LogSyslog yes
OnClean Accept
OnInfected Reject
OnFail Defer
SELinux needs to be configured for the port
semanage port -a -t milter_port_t -p tcp 8894
(of course, that is not necessary if you disable SElinux entirely)
The milter needs a restart and enable as well
systemctl restart clamav-milter
systemctl enable clamav-milter
In postfix main.cfg, I've added the line
smtpd_milters = inet:127.0.0.1:8894
In Freshclam /etc/sysconfig/freshclam, comment the line out
# FRESHCLAM_DELAY=disabled-warn # REMOVE ME
In /etc/freshclam.conf comment the Example line
# Example
Then run the
freshclam
to have all the sigs updated
That's it.
To test it I emailed an EICAR line to an account and in the /var/log/maillog it
shows a 'milter-reject' (tail -f /var/log/maillog | grep milter-reject)
Now I just have to look into adding the sanesecurity sigs as well.
Best regards
Kenneth
Den 17:47 torsdag den 30. november 2017 skrev Dominic Raferd
<domi...@timedicer.co.uk>:
On 30 November 2017 at 16:28, Gary <li...@lazygranch.com> wrote:
>
> FWIW
> ...
>
> From: fribse2...@yahoo.dk
> Ok, it looks like there is a clamav-milter available in the EPEL, that seems
> to be the simplest solution.
> So I've installed clamav-milter-systemd clamav-scanner-systemd
If you use clamav you should add the Sanesecurity
(http://sanesecurity.com/) signatures - in my experience these are
responsible for all clamav's real-world virus trapping. See the readme
at https://github.com/extremeshok/clamav-unofficial-sigs/tree/dev.
