TWiki> Main Web>ClamAndQmail>SimScan (2006-12-30, KarstenRohrbach)EditAttach

Simscan - ClamAV - SpamAssassin

Abstract

  • Simscan is installed as a queueing backend to qmail-smtpd
  • ClamAV is used as virus scanner
  • SpamAssassin is used as content scanner
  • The behaviour of this style of installation is to reject incoming virus and spam mails. THERE IS NO QUARANTINE. You have been warned.

This is written from the top of my head, corrections and optimizations are welcome

Prerequisites

You have to run Qmail with QMAILQUEUE patch for this to work. You must have a working installation of clamd/clamdscan and optionally a running setup of spamd/spamc (SpamAssassin ). You will need ripmime for attachment-sanitization.

Installing and configuring simscan

Simscan is available for download at inter7

The version referenced here is simscan-1.2

First, unpack in a directory of your choice.

Then add a user "simscan" who is member of the "qmail" group (the group you set with the -g parameter to qmail-smtpd's tcpserver invocation) with home directory /var/qmail/simscan (or whereever your qmail lives).

Set the owner of the simscan directory to simscan.qmail and the permissions to 0750. 

chown simscan.qmail /var/qmail/simscan
chmod 0750 /var/qmail/simscan

You also need to add your ClamAV user ("clamav" in most cases) to the "qmail" group and enable the AllowSupplementaryGroups in clamd.conf.

Configure simscan as follows: 

./configure \
--enable-clamav=y \
--enable-clamdscan=/usr/local/bin/clamdscan \
--enable-per-domain=y \
--enable-attach=y \
--enable-spam=y \
--enable-spam-hits=10 \
--enable-spamc=/usr/local/bin/spamc \
--enable-spamc-args="-U /var/lib/spamassassin/spamd.sock" \
--enable-qmail-queue=/var/qmail/bin/qmail-queue \
--enable-qmaildir=/var/qmail \
--enable-ripmime=/usr/local/bin/ripmime \
--enable-received=y \
--enable-spamassassin-path=/usr/local/bin/spamassassin \
--enable-clamavdb-path=/var/db/clamav \
--enable-sigtool-path=/usr/local/bin/sigtool

What this does:

  • enable-clamav turns on clamav functionality
  • enable-clamdscan= provides the path to your clamdscan binary
  • enable-per-domain enables different setting for each domain processed
  • enable-attach turns on the attachment (extension) scanner
  • enable-spam turns on SpamAssassin client
  • enable-spam-hits= provides the default reject threshold for SA
  • enable-spamc= provides the SA client binary
  • enable-spamc-args= provides the parameteres to spamc (the socket path in this case)
  • enable-qmail-queue= provides your real qmail-queue binary (or a second-step queue delivery)
  • enable-qmaildir= tell simscan where your Qmail installation lives
  • enable-ripmime= provides ripmime for attachment processing
  • enable-received puts a Received: header into every mail processed, containing binary and signature versions
  • enable-spamassassin-path= points to the SA main binary (to read the version string)
  • enable-clamavdb-path= points to your ClamAV database directory
  • enable-sigtool= points to the sigtool binary (to read the version strings)

Now you issue "make" which should build simscan without errors, then do a "make install".

Simscan is now installed (by default as /var/qmail/bin/simscan), so we need to set up the default settings by editing /var/qmail/control/simcontrol and putting in the following contents: 

:clam=yes,spam=no

This turns on ClamAV scanning by default and disables SpamAssassin .

A line for "mydomain.com", enabling SpamAssassin and ClamAV looks like: 

mydomain.com:clam=yes,spam=yes,spam_hits=10

Now invoke "/var/qmail/bin/simscanmk" to process the settings file. Remember to do this after changing simcontrol.

You also need to set up a cronjob, invoking "/var/qmail/bin/simscanmk -g" to update the version numbers for the Received: header 

*/30 * * * * /var/qmail/bin/simscanmk -g >/dev/null 2>&1

It is a good idea to invoke "simscanmk -g" by hand, to see it run successfully.

Testing simscan

Create a test mail in "testmail.txt" 

QMAILQUEUE=/var/qmail/bin/simscan SIMSCAN_DEBUG=2 qmail-inject you@your.address < testmail.txt

This should now pass through clamdscan and be delivered correctly. For testing a positive virus check, get the eicar.com test file in text form and try to inject the eicar text version instead of testmail.txt

Activating simscan

Set the environment variable QMAILQUEUE="/var/qmail/bin/simscan" in your smtpd run script

or

add the following to your tcpserver access rule file (default should be something like "tcp" in the smtpd service directory): 

:allow,QMAILQUEUE="/var/qmail/bin/simscan"

Now restart your Qmail smtpd service ("svc -t /service/smtp" or similar) and pay close attention to the logs.

Extended logging setup

This is an alternative logging script for your smtp service which splits out the simscan and rblsmtpd results 

#!/bin/sh
exec setuidgid log multilog t \
    '-*' '+* tcpserver:*' s1000000 n10 ./smtpd \
    '-*' '+* rblsmtpd: *' s1000000 n2 ./smtpd/rblsmtpd \
    '-*' '+* simscan:*' s1000000 n5 ./smtpd/simscan

-- KarstenRohrbach - 30 Dec 2006

Edit | Attach | Print version | History: r1 | Backlinks | Raw View | Raw edit | More topic actions
Topic revision: r1 - 2006-12-30 - 13:05:57 - KarstenRohrbach
 
This site is powered by the TWiki collaboration platformCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback