ClamAV Postfix Integration auf CentOS

How to ClamAV Postfix Integration on CentOS

0
(0)

ClamAV is an open source (GPL) anti-virus toolkit for UNIX/Linux

Especially for e-mail scanning on mail gateways. It offers a number of utilities, including a flexible and scalable multi-threaded daemon, as well as a command line scanner as an advanced tool for automatic database updates. The core of the package provides an anti-virus engine in the form of a shared library.

This article describes the integration of ClamAV on a CentOS 6 Mail Gateway (MTA) with Postfix.

First, the ClamAV daemon from the EPL repo is installed on the MTA.

$ yum --enablerepo=epel -y install clamd clamsmtp

After installation, the ClamAV-SMTP daemon is configured to remove the comment character (uncomment) from the listed lines.

vi /etc/clamsmtpd.conf

Lists: 0.0.0.0:10025
Header: X-Virus-Scanned: ClamAV using ClamSMTP
Action: drop

Now the services can be started.

$ service clamsmtpd start

Download the antivirus DB with freshclam.

$ freshclam

Start the ClamAV Daemon

$ service clamsmtp-clamd start

Enable automatic system startup.

$ chkconfig clamsmtpd on
$ chkconfig clamsmtp-clamd on

Postfix content-filter integration takes place in main.cf, via port 10025 to ClamAV, from master.cf via port 10026 the return transport to Postfix.

vi /etc/postfix/main.cf

content_filter = scan:127.0.0.1:10025

vi /etc/postfix/master.ch

scan unix - - n - 16 smtp
   -o smtp_data_done_timeout=1200
   -o smtp_send_xforward_command=yes
   -o disable_dns_lookups=yes
127.0.0.1:10026 inet n - n - 16 smtpd
   -o content_filter=
   -o local_recipient_maps=
   -o relay_recipient_maps=
   -o smtpd_restriction_classes=
   -o smtpd_client_restrictions=
   -o smtpd_helo_restrictions=
   -o smtpd_sender_restrictions=
   -o smtpd_recipient_restrictions=permit_mynetworks,reject
   -o mynetworks_style=host
   -o smtpd_authorized_xforward_hosts=127.0.0.0/8

Postfix must now be restarted.

$ service postfix restart

With netstat, the daemon readiness can be checked.

[root@mail ~]netstat -talpn | grep clam
tcp 0 0 0.0.0.0:10025 0.0.0.0:* LISTEN 21645/clamsmtpd

ClamAV can be checked with telnet, if everything works should the following result be output.

[root@mail ~]telnet localhost 10025
Trying ::1...
telnet: connect to address ::1: Connection refused
Trying 127.0.0.1...
Connected to localhost.
Escape character is 'A]'.
220 smtp.passthru
ehlo localhost
250-smtp.passthru
250-SIZE 22000000
250-VRFY
250-ETRN
250-XFORWARDING NAME ADDR PROTO HELO SOURCE PORT
250-ENHANCED STATUS CODES
250-8BITMIME
250 DSN
Quit
221 2.0.0 Bye
Connection closed by foreign host.

[root@mail ~]telnet localhost 10026
Trying ::1...
telnet: connect to address ::1: Connection refused
Trying 127.0.0.1...
Connected to localhost.
Escape character is 'A]'.
220 mail.odyssee.net ESMTP Postfix
ehlo localhost
250-mail.odyssee.net
250-PIPELINING
250-SIZE 22000000
250-VRFY
250-ETRN
250-XFORWARDING NAME ADDR PROTO HELO SOURCE PORT
250-ENHANCED STATUS CODES
250-8BITMIME
250 DSN
Quit
221 2.0.0 Bye
Connection closed by foreign host.

The mail protocol should also be consulted.

$ tail -f /var/log/maillog

The Internet Envelope appears in the E-mail Internet Headers (SMTP Envelope).

SMTP Internet Headers
SMTP Internet Headers

Troubleshooting

If mail is no longer received, the following error is likely to be found in maillog:

clamsmtpd: 100006: CLAMAV: couldn’t connect to: /var/run/clamd.clamsmtp/clamd.sock: No such file or directory
clamsmtpd: 100004: SERVER: couldn’t connect to: 127.0.0.1:10026: Transport endpoint is not connected

The clamd deamon is no longer active. To restart the clamav services, they can be stopped in the console and restarted in the loop:

$ service clamd stop
$ service clamsmtp-clamd stop
$ service clamsmtpd stop
$ service clamd start
$ service clamsmtp-clamd start
$ service clamsmtpd start

After clamd and clamsmtpd is started, the active ports can be checked as follows:

$ ls -al /var/run/clamd.clamsmtp/clamd.pid
-rw-rw-r-- 1 clamsmtp mail 6 Oct 28 16:24 /var/run/clamd.clamsmtp/clamd.pid

$ netstat -tulpn
tcp 0 0 127.0.0.1:10025 0.0.0.0:* LISTEN 21134/clamsmtpd
tcp 0 0 127.0.0.1:10026 0.0.0.0:* LISTEN 21272/master

Furthermore, mails could still be in the queue, these could be removed with the command mailq and postqueue processed.

$ mailq
$ postqueue -f

Source: https://www.clamav.net/

How useful was this post?

Click on a star to rate it!

Average rating 0 / 5. Vote count: 0

No votes so far! Be the first to rate this post.

We are sorry that this post was not useful for you!

Let us improve this post!

Tell us how we can improve this post?

Leave a Reply

Your email address will not be published.