Disable and remove ClamAV

Discussion in 'Tips/Tricks/Mods' started by Meph, Mar 30, 2010.

  1. Meph

    Meph New Member

    Update: My original post was incorrect. Here is the correct procedure: (Works in Debian 5)

    edit /etc/amavis/conf.d/50-user

    Comment out the following two lines:

    Code:
    @bypass_virus_checks_maps = (
       \%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re);
    Looks like this:

    Code:
    #@bypass_virus_checks_maps = (
    #   \%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re);
    
    @bypass_spam_checks_maps = (
       \%bypass_spam_checks, \@bypass_spam_checks_acl, \$bypass_spam_checks_re);
    Restart amavis:

    /etc/init.d/amavis restart

    Stop clamav:

    /etc/init.d/clamav-daemon stop
    /etc/init.d/clamav-freshclam stop

    Disable clamav from running on system boot:

    update-rc.d -f clamav-daemon remove
    update-rc.d -f clamav-freshclam remove

     
    Last edited: Apr 5, 2010
  2. Meph

    Meph New Member

    ...........
     
    Last edited: Apr 5, 2010
  3. bajodel

    bajodel New Member

    A quick Solution should be to run this command (as root.. or sudo..)
    # postconf -e 'content_filter ='
    This command tell postfix "don't pass messages to amavis" at all.. so no antivirus and no antispam (this operation breaks 'a little' your ISPConfig setup.. you are alerted).
    I think that a similar behaviour could be reached if you tune a Spamfilter Policy by-passing all checks ..and then apply this policy to all your domains.

    Bye..

    bajodel
     
  4. Meph

    Meph New Member

    I definitely want to keep spamassasin running, just disable the antivirus. I appear to have freed up a lot of memory in doing so. Debian doesn't do a good job of keeping up with updates anyways, so I'm better off using a good client-side email scanner.

    No way to get rid of the alert in the ISPConfig 3 Server Monitor?
     
  5. Meph

    Meph New Member

    After doing this, spamassasin no longer works and the spam is flooding in. Is there any way to re-enable spamassasin without having to use ClamAV? or maybe another solution that filters spam but doesn't take up a lot of memory?
     
  6. bajodel

    bajodel New Member

    i think you should add more memory on your server ..and re-enable all :)
    At the end.. how exactly did you disabled them ?

    bye..

    bajodel
     
  7. Meph

    Meph New Member

    I'm on a virtual host, so adding memory is a monthly cost, not a one-time cost. As I said before, Debian doesn't seem to keep up with the virus signature updates very well anyways. For the past year that I've been running my server, first on Ubuntu, now on Debian, most of the time I get the warning in ISPConfig's server monitor that the virus defs are out of date. Our client-side anti-virus gives us more protection, so why use 1/5 of the memory on my server for an anti-virus?

    That being said, I used the exact procedure that I described in the first post.
     
  8. Antennipasi

    Antennipasi ISPConfig Developer ISPConfig Developer

    if you really want to disable virus-cheks from amavis, in Debian edit file:
    /etc/amavis/conf.d/50-user

    and comment out this part (two lines):
    Code:
    @bypass_virus_checks_maps = (
       \%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re);
    then restart amavis.
    now clamav is not used anymore, and you can remove it like in first post.

    if you let Ispconfig3-update to reconfigure services, remember to check if it reverts this.
     
  9. Meph

    Meph New Member

    My apologies. I realize now the mistake I made. I am to understand that amavis is the content filter that passes email through the virus check and spam check before the email is delivered. ClamAV is the antivirus that does the actual virus checking. I followed the directions in the last post, then removed clamav. It freed up a lot of memory. Thanks for your help.
     
    Last edited: Apr 5, 2010
  10. Antennipasi

    Antennipasi ISPConfig Developer ISPConfig Developer

    No problem.
    Now you got Amavisd's mechanism right. Although ClamAV is most common virus-scanner in Linux environment, with Amavisd is possible to use also scanners from eg: AVG, F-prot, Kaspersky, Symantec, F-Secure, CA, Nod32, Panda and many others. See /etc/amavis/conf.d/15-av_scanners for glue.
     
  11. plataforma

    plataforma New Member

    he said "...you are alerted..." i didn't listen...hehhehe

    I used your "quick fix"... how can i revert it...
     
  12. falko

    falko Super Moderator Howtoforge Staff Moderator HowtoForge Supporter ISPConfig Developer

    Run
    Code:
    postconf -e 'content_filter = amavis:[127.0.0.1]:10024'
    and restart Postfix.
     
  13. Meph

    Meph New Member

    It should be noted that after doing this I am not getting any warnings on the ISPConfig monitoring page.
     
  14. beryl

    beryl New Member

    Hi, i just did this (comment out antivirus, and stop clamav) and amavis is running again.
    But now mail is not passed through spamassasin any more, any idea how i get it back and running again?
     
  15. falko

    falko Super Moderator Howtoforge Staff Moderator HowtoForge Supporter ISPConfig Developer

    Any errors in your mail log? Is SpamAssassin enabled in your amavisd.conf?
     
  16. beryl

    beryl New Member

    Thanks for replying Falko,

    I found what the problem was, and it's just embarrising.
    By default spamassassin does not mark the headers of e-mails that goes under a certain limit, but i thought it marked all of them.
    So all the time, spamassassin was working just fine :p
     
    Last edited: Jun 4, 2010
  17. msp

    msp Member

    Sorry to dig-up a *reeeeally* old post but...

    For the 2 years I've been running ISPConfig I have struggled with emails from contact forms on various websites I run not being delivered.

    After posting on this forum, I found a fix which was to restart ClamAV like this: /etc/init.d/amavis restart

    As it would require restarting from time-to-time, I added this to a crobjob. This has basically been working for the last 12 (?) months until this month I realised I wasn't getting email again. So I restarted it manually and got the following:

    Stopping amavisd: (not running).
    Starting amavisd: Missing process ID in file /var/run/amavis/amavisd.pid at /usr/sbin/amavisd-new line 13931.
    (failed).

    Please can someone help? It's really a matter of importance for me as I run my business from this website and it's difficult to know when I stopped receiving enquiries!

    My question is this. Is it possible / dangerous to remove ClamAV altogether? I don't even use this server to receive email, only to send through its SMTP service.

    If so, can someone point me towards the best procedure for this, and also let me know of any possible pitfalls?

    Yours desperately!

    Mat
     
  18. till

    till Super Moderator Howtoforge Staff HowtoForge Supporter ISPConfig Developer

  19. msp

    msp Member

    Thanks Till for the link.

    As prev. mentioned I only use the server as a web server, and some websites use SMTP to send mail. I don't receive email, open email, or read email on the server.

    The article doesn't say (maybe it's too obvious to even mention?!) but will this cause any problems with the security of the server in general?

    I don't want to leave the web server open to vulnerabilities where possible!

    Thanks,

    Mat
     
  20. till

    till Super Moderator Howtoforge Staff HowtoForge Supporter ISPConfig Developer

    Amavis and clamav are used to Filter emails, they have no influence on the security of your web server.
     

Share This Page