clamav spamassassin with simscan @ debian

[Shamael Anwar]

The title says it all. Long waiting simscan setup procedure at debian box:

Assumed u v already setup qmail and apllied the qmailqueue patch then go directly to download package section:

If you didnt follow qmailrocks then follow the below procedure:

I get lots of complain from users who didnt apply the qmailqueue patch. So i m including the qmailqueue patch installation here:

cd /usr/local/src

wget http://www.qmailrocks.org/downloads/...ailqueue.patch

cd /path/to/qmail-1.03

patch < /usr/local/src/qmailqueue.patch

qmailctl stop

make && make man && make setup check

qmailctl start

Download requared packages:

wget http://ovh.dl.sourceforge.net/source...-0.88.6.tar.gz

wget http://www.inter7.com/simscan/simscan-1.2.tar.gz

wget http://switch.dl.sourceforge.net/sou...cre-6.3.tar.gz

wget http://www.pldaniels.com/ripmime/ripmime-1.4.0.5.tar.gz

wget http://www.qmailrocks.org/downloads/...n-3.1.0.tar.gz

Install & configure the packages:

tar zxvf clamav-x.xx..tar.gz

cd clamav-x.xx

useradd -s /sbin/nologin -d /tmp clamav

groupadd clamav

useradd -s /sbin/nologin -d /bin/false qscand

groupadd qscand

./configure --prefix=/usr --sysconfdir=/etc

make && make check && make install

mkdir /var/log/clamav /var/lib/clamav

chown -R clamav:clamav /var/log/clamav /var/lib/clamav

Now we'll do a few configuration settings to the /etc/clamd.conf file...

vi /etc/clamd.conf

"Example" - should be commented out.
"LogFile" - should be set to /var/log/clamav/clamd.log
"LogTime" - should be uncommmented.
"LogSyslog" - should be uncommented.
"PidFile" - should be uncommented and set to /var/run/clamav/clamd.pid
"User" - should be set to qscand
"ScanMail" - should be uncommented.

And some settings to the /etc/freshclam.conf file...

vi /etc/freshclam.conf

"Example" - should be commented out.
DatabaseDirectory - should be uncommented and set to /var/lib/clamav

Ok, Clam AV is now installed, but let's go ahead and set it up so that it will auto-update every night with the latest virus definitions! First we will want to set up the proper logging for the updater....

/usr/bin/freshclam -l /var/log/clamav/clam-update.log

If the server is able to get updates, you should see an output similar to this:

ClamAV update process started at Thu Dec 16 16:14:51 2004
Downloading main.cvd[*]
main.cvd updated (version: 28, sigs: 26630, f-level: 3, builder: tomek)
Downloading daily.cvd[*]
daily.cvd updated (version: 633, sigs: 1794, f-level: 3, builder: tkojm)
Database updated (28424 signatures) from database.clamav.net (24.73.112.74).

Woohoo! You're updated with the latest virus definiations from the Clam database!

Now we just set a crontab to run every night, which will run the auto-update procedure! In the example below, I've set mine to run every day at 1:35 AM. The odd run time came reccomended from ClamAV, if you're wondering. Running freshclam at times other than the top of an hour reduces the load on their servers. so feel free to adjust the time to something even more offbeat, like 1:33 AM or something. The guys at ClamAV will thank you.

crontab -e (make sure you run this command as root)

35 1 * * * /usr/bin/freshclam --quiet -l /var/log/clamav/clam-update.log

Now save your new crontab and exit.

Now we need to create an init script for clamd...

wget http://www.qmailrocks.org/downloads/...c/debian_clamd

cp debian_clamd /etc/init.d/clamd

chmod +x /etc/init.d/clamd

mkdir /var/run/clamav

chown -R qscand:qscand /var/run/clamav

And now let's crank up clamd...

/etc/init.d/clamd stop

/etc/init.d/clamd start

If clamd has started successfully, a "ps -aux | grep clamd " command should reveal it...

qscand 11613 0.0 0.5 5972 4984 ? S 07:17 0:00 /usr/sbin/clamd

Once you have clamd successfully operating, let's configure the server so that clamd will start up on boot. Fortunately, Debian has a utility made just for doing this..

update-rc.d clamd start 75 2 3 4 5 .

tar zxvf Mail-SpamAssassin-3.x.x.tar.gz

cd Mail-SpamAssassin-3.x.x

perl Makefile.PL (answer all questions. Use the default answers provided if you are unsure)

make && make install

Ok, Spamassassin is installed. Let's make some tweaks. First, we're going to add a user/group called "spamd" under which Spamassassin will be run...

groupadd spamd

useradd -g spamd -s /bin/false -m -d /home/spamassassin spamd

Next, we set the spam threshold value and rewrite subject variable...

vi /etc/mail/spamassassin/local.cf

Replace the contents of the local.cf file with the following config settings:

rewrite_subject 1
required_hits 5

Save and exit from the file.

And now, let's put a Spamassassin startup script in place...

wget http://www.qmailrocks.org/downloads/...c/debian_spamd

cp debian_spamd /etc/init.d/spamd

chmod +x /etc/init.d/spamd

mkdir /var/run/spamd

chown -R spamd:spamd /var/run/spamd

The init script contains a variable specifying the location of spamd. Let's make sure it's correct. First, find out where spamd resides...

whereis spamd

You should get an answer like /usr/local/bin/spamd or /usr/bin/spamd or something like that. Make a note of where spamd is located.

Now, open the /etc/init/dspamd init script for editing....

vi /etc/init.d/spamd

Make sure that the following variable reflect the correct location of spamd:

DAEMON=/correct/path/to/spamd

And now let's crank up Spamassassin...

/etc/init.d/spamd stop

/etc/init.d/spamd start

If spamd has started successfully, a "ps -aux | grep spam " command should reveal it...

spamd 283 0.0 2.1 21152 19328 ? S 04:33 0:01 /usr/local/bin/spamd -x -u spamd -H /home/spamd -d --pidfile=/var/run/spamd/spamd.pid
spamd 339 0.0 2.1 21152 19328 ? S 04:33 0:00 spamd child
spamd 340 0.0 2.1 21152 19328 ? S 04:33 0:00 spamd child
spamd 341 0.0 2.1 21152 19328 ? S 04:33 0:00 spamd child
spamd 342 0.0 2.1 21152 19328 ? S 04:33 0:00 spamd child
spamd 343 0.0 2.1 21152 19328 ? S 04:33 0:00 spamd child

Once you have spamassin successfully operating, let's configure the server so that spamd will start up on boot. We'll do this just like we did with clamd...

update-rc.d spamd start 75 2 3 4 5 .

tar -xvzf pcre-6.3.tar.gz

cd pcre-6.3

./configure
make && make install

tar zxvf ripmime-1.4.0.5.tar.gz

cd ripmime-1.4.0.5
make && make install

tar zxvf simscan-1.2.tar.gz

cd simscan-1.2

./configure --enable-user=qscand --enable-clamav=y --enable-clamdscan=/usr/bin/clamdscan --enable-custom-smtp-reject=n --enable-per-domain=y --enable-attach=y --enable-spam=y --enable-spam-hits=5.0 --enable-spamc-user=y --enable-dropmsg=y --enable-ripmime=/usr/local/bin/ripmime --enable-clamavdb-path=/var/lib/clamav --enable-sigtool-path=/usr/bin/sigtool --enable-received=y




make && make install-strip
The reason I add user as qscanq bcoz possibly most of us installed calamav and spamassassin following qmailrocks.(remember useradd qscand

vi /var/qmail/control/simcontrol

:clam=yes,spam=yes,attach=.scr:.bat:.com:.pif:.exe :.mp3:.avi:.mpeg:.rar:.wmv

save & exit

ln -s /usr/local/lib/libpcre.so.0 /usr/lib/libpcre.so.0

/var/qmail/bin/simscanmk

/var/qmail/bin/simscanmk -g

Test Simscan:

echo “hi, testing.” > mailtest.txt
env QMAILQUEUE=/var/qmail/bin/simscan SIMSCAN_DEBUG=2 /var/qmail/bin/qmail-inject \
you@yourdomain.com < mailtest.txt

This will print a lot of debugging info, and if everything was ok, the last few lines will look like these:

simscan: cdb looking up version regex
simscan: cdb looking up version attach
simscan: calling clamdscan
simscan: cdb looking up version clamav
simscan: normal clamdscan return code: 0
simscan: done, execing qmail-queue
simscan: qmail-queue exited 0

Activate Simscan:

vi /var/qmail/supervise/qmail-smtpd/run

and add the line
QMAILQUEUE="/var/qmail/bin/simscan"; export QMAILQUEUE
near the top.

And also increase the softlimit to 40000000

save & exit.

qmailctl restart

Hope everything went smooth so far. Wooohooo... way to go.. best of luck.




Shamael