Disable and remove ClamAV

Discussion in 'Tips/Tricks/Mods' started by Meph, Mar 30, 2010.

  1. concept21

    concept21 Member

    Just turn off service clamav. Very simple.

    Install everything but only activate those service which you need.
  2. msp

    msp Member

    Hey Till - and others

    So I disabled Amavis and ClamAV as per this thread, and the article Till linked to.

    Then, 2 months later, I received a ToS Violation notice from my VPS provider stating my machine had been used as a gateway for sending spam. Sure enough the machine had been compromised (one of the websites had a bunch of directories and php files that were somehow injected into the web root, and were sending spam email from my server).

    This was to the tune of thousands of spam emails per day. I had to stop postfix for about a week whilst I investigated it. Luckily outgoing mail was only being used by my own web apps.

    Sadly my server is now blacklisted, and mail originating from it is marked as spam in most clients / webmail / gmail etc. :(

    I re-instated Amavis and ClamAV but I won't start postfix for another few weeks and will have to monitor the mailq manually, in fear of it being a further issue.

    Also - my original issue - it's not solved :(

    Let this be a lesson for me: solve the problem properly instead of randomly disabling things so they work in the short term. At the time I did this, I didn't even understand that Postfix was an MTA, and that ClamAV, Amavis, Spamassassin all work together with the MTA to prevent outgoing spam / viruses, as opposed to incoming spam / viruses. Now I do...

    I hope this helps someone reading this thread!
    Last edited: Jan 27, 2013
  3. concept21

    concept21 Member

    It is my comment:

    Virus is not equal to malicious software. You need different tactics to handle them.


Share This Page