Disable and remove ClamAV

[concept21]

Just turn off service clamav. Very simple.


Install everything but only activate those service which you need.

[msp]

Quote:

Originally Posted by till

Amavis and clamav are used to Filter emails, they have no influence on the security of your web server.

Hey Till - and others

So I disabled Amavis and ClamAV as per this thread, and the article Till linked to.

Then, 2 months later, I received a ToS Violation notice from my VPS provider stating my machine had been used as a gateway for sending spam. Sure enough the machine had been compromised (one of the websites had a bunch of directories and php files that were somehow injected into the web root, and were sending spam email from my server).

This was to the tune of thousands of spam emails per day. I had to stop postfix for about a week whilst I investigated it. Luckily outgoing mail was only being used by my own web apps.

Sadly my server is now blacklisted, and mail originating from it is marked as spam in most clients / webmail / gmail etc.

I re-instated Amavis and ClamAV but I won't start postfix for another few weeks and will have to monitor the mailq manually, in fear of it being a further issue.

Also - my original issue - it's not solved

Let this be a lesson for me: solve the problem properly instead of randomly disabling things so they work in the short term. At the time I did this, I didn't even understand that Postfix was an MTA, and that ClamAV, Amavis, Spamassassin all work together with the MTA to prevent outgoing spam / viruses, as opposed to incoming spam / viruses. Now I do...

I hope this helps someone reading this thread!

[concept21]

It is my comment:

Virus is not equal to malicious software. You need different tactics to handle them.