HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Tips/Tricks/Mods (http://www.howtoforge.com/forums/forumdisplay.php?f=29)
-   -   Disable and remove ClamAV (http://www.howtoforge.com/forums/showthread.php?t=44443)

Meph 30th March 2010 03:36

Disable and remove ClamAV
 
Update: My original post was incorrect. Here is the correct procedure: (Works in Debian 5)

edit /etc/amavis/conf.d/50-user

Comment out the following two lines:

Code:

@bypass_virus_checks_maps = (
  \%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re);

Looks like this:

Code:

#@bypass_virus_checks_maps = (
#  \%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re);

@bypass_spam_checks_maps = (
  \%bypass_spam_checks, \@bypass_spam_checks_acl, \$bypass_spam_checks_re);

Restart amavis:

/etc/init.d/amavis restart

Stop clamav:

/etc/init.d/clamav-daemon stop
/etc/init.d/clamav-freshclam stop

Disable clamav from running on system boot:

update-rc.d -f clamav-daemon remove
update-rc.d -f clamav-freshclam remove

Quote:

Original Post:


I'm running Debian 5 and ISPConfig 3. I only have 512mb of ram so I want to disable clamav and free up that memory.

I tried to follow the instructions in this post:

http://www.howtoforge.com/forums/sho...22&postcount=8

Except I used update-rc.d to remove the symbolic links instead of chkconfig.

update-rc.d -f amavis remove
update-rc.d -f clamav-daemon remove
update-rc.d -f clamav-freshclam remove

When I do this my outgoing server stops working. I can connect and send a message, but it never gets delivered. I also noticed that when I reversed the directions and re-enabled clamav, all the emails I tried to send when clamav was disabled were suddenly delivered.

Also, is there a setting in ISPConfig3 to change it from warning you when clamav isn't running? Perhaps that is in the documentation and I should look it up, but I really would like to know how to disable it without fubaring my SMTP server.

Meph 30th March 2010 03:55

...........

bajodel 30th March 2010 03:59

A quick Solution should be to run this command (as root.. or sudo..)
# postconf -e 'content_filter ='
This command tell postfix "don't pass messages to amavis" at all.. so no antivirus and no antispam (this operation breaks 'a little' your ISPConfig setup.. you are alerted).
I think that a similar behaviour could be reached if you tune a Spamfilter Policy by-passing all checks ..and then apply this policy to all your domains.

Bye..

bajodel

Meph 30th March 2010 04:10

I definitely want to keep spamassasin running, just disable the antivirus. I appear to have freed up a lot of memory in doing so. Debian doesn't do a good job of keeping up with updates anyways, so I'm better off using a good client-side email scanner.

No way to get rid of the alert in the ISPConfig 3 Server Monitor?

Meph 1st April 2010 18:14

After doing this, spamassasin no longer works and the spam is flooding in. Is there any way to re-enable spamassasin without having to use ClamAV? or maybe another solution that filters spam but doesn't take up a lot of memory?

bajodel 2nd April 2010 03:50

i think you should add more memory on your server ..and re-enable all :)
At the end.. how exactly did you disabled them ?

bye..

bajodel

Meph 2nd April 2010 18:32

I'm on a virtual host, so adding memory is a monthly cost, not a one-time cost. As I said before, Debian doesn't seem to keep up with the virus signature updates very well anyways. For the past year that I've been running my server, first on Ubuntu, now on Debian, most of the time I get the warning in ISPConfig's server monitor that the virus defs are out of date. Our client-side anti-virus gives us more protection, so why use 1/5 of the memory on my server for an anti-virus?

That being said, I used the exact procedure that I described in the first post.

Antennipasi 2nd April 2010 20:45

Quote:

Originally Posted by Meph (Post 223923)
Is there any way to re-enable spamassasin without having to use ClamAV?

if you really want to disable virus-cheks from amavis, in Debian edit file:
/etc/amavis/conf.d/50-user

and comment out this part (two lines):
Code:

@bypass_virus_checks_maps = (
  \%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re);

then restart amavis.
now clamav is not used anymore, and you can remove it like in first post.

if you let Ispconfig3-update to reconfigure services, remember to check if it reverts this.

Meph 5th April 2010 03:49

My apologies. I realize now the mistake I made. I am to understand that amavis is the content filter that passes email through the virus check and spam check before the email is delivered. ClamAV is the antivirus that does the actual virus checking. I followed the directions in the last post, then removed clamav. It freed up a lot of memory. Thanks for your help.

Antennipasi 11th April 2010 08:48

Quote:

Originally Posted by Meph (Post 224155)
My apologies. I realize now the mistake I made. I am to understand that amavis is the content filter that passes email through the virus check and spam check before the email is delivered. ClamAV is the antivirus that does the actual virus checking. I followed the directions in the last post, then removed clamav. It freed up a lot of memory. Thanks for your help.

No problem.
Now you got Amavisd's mechanism right. Although ClamAV is most common virus-scanner in Linux environment, with Amavisd is possible to use also scanners from eg: AVG, F-prot, Kaspersky, Symantec, F-Secure, CA, Nod32, Panda and many others. See /etc/amavis/conf.d/15-av_scanners for glue.


All times are GMT +2. The time now is 10:53.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.