ClamAV Postfix Integration auf CentOS

How to ClamAV Postfix Integration on CentOS

0
(0)

ClamAV is an open source (GPL) anti-virus toolkit for UNIX/Linux

Especially for e-mail scanning on mail gateways. It offers a number of utilities, including a flexible and scalable multi-threaded daemon, as well as a command line scanner as an advanced tool for automatic database updates. The core of the package provides an anti-virus engine in the form of a shared library.

This article describes the integration of ClamAV on a CentOS 6 Mail Gateway (MTA) with Postfix.

First, the ClamAV daemon from the EPL repo is installed on the MTA.

$ yum --enablerepo=epel -y install clamd clamsmtp

After installation, the ClamAV-SMTP daemon is configured to remove the comment character (uncomment) from the listed lines.

vi /etc/clamsmtpd.conf

Lists: 0.0.0.0:10025
Header: X-Virus-Scanned: ClamAV using ClamSMTP
Action: drop

Now the services can be started.

$ service clamsmtpd start

Download the antivirus DB with freshclam.

$ freshclam

Start the ClamAV Daemon

$ service clamsmtp-clamd start

Enable automatic system startup.

$ chkconfig clamsmtpd on
$ chkconfig clamsmtp-clamd on

Postfix content-filter integration takes place in main.cf, via port 10025 to ClamAV, from master.cf via port 10026 the return transport to Postfix.

vi /etc/postfix/main.cf

content_filter = scan:127.0.0.1:10025

vi /etc/postfix/master.ch

scan unix - - n - 16 smtp
   -o smtp_data_done_timeout=1200
   -o smtp_send_xforward_command=yes
   -o disable_dns_lookups=yes
127.0.0.1:10026 inet n - n - 16 smtpd
   -o content_filter=
   -o local_recipient_maps=
   -o relay_recipient_maps=
   -o smtpd_restriction_classes=
   -o smtpd_client_restrictions=
   -o smtpd_helo_restrictions=
   -o smtpd_sender_restrictions=
   -o smtpd_recipient_restrictions=permit_mynetworks,reject
   -o mynetworks_style=host
   -o smtpd_authorized_xforward_hosts=127.0.0.0/8

Postfix must now be restarted.

$ service postfix restart

With netstat, the daemon readiness can be checked.

[root@mail ~]netstat -talpn | grep clam
tcp 0 0 0.0.0.0:10025 0.0.0.0:* LISTEN 21645/clamsmtpd

ClamAV can be checked with telnet, if everything works should the following result be output.

[root@mail ~]telnet localhost 10025
Trying ::1...
telnet: connect to address ::1: Connection refused
Trying 127.0.0.1...
Connected to localhost.
Escape character is 'A]'.
220 smtp.passthru
ehlo localhost
250-smtp.passthru
250-SIZE 22000000
250-VRFY
250-ETRN
250-XFORWARDING NAME ADDR PROTO HELO SOURCE PORT
250-ENHANCED STATUS CODES
250-8BITMIME
250 DSN
Quit
221 2.0.0 Bye
Connection closed by foreign host.

[root@mail ~]telnet localhost 10026
Trying ::1...
telnet: connect to address ::1: Connection refused
Trying 127.0.0.1...
Connected to localhost.
Escape character is 'A]'.
220 mail.odyssee.net ESMTP Postfix
ehlo localhost
250-mail.odyssee.net
250-PIPELINING
250-SIZE 22000000
250-VRFY
250-ETRN
250-XFORWARDING NAME ADDR PROTO HELO SOURCE PORT
250-ENHANCED STATUS CODES
250-8BITMIME
250 DSN
Quit
221 2.0.0 Bye
Connection closed by foreign host.

The mail protocol should also be consulted.

$ tail -f /var/log/maillog

The Internet Envelope appears in the E-mail Internet Headers (SMTP Envelope).

SMTP Internet Headers

Troubleshooting

If mail is no longer received, the following error is likely to be found in maillog:

clamsmtpd: 100006: CLAMAV: couldn’t connect to: /var/run/clamd.clamsmtp/clamd.sock: No such file or directory
clamsmtpd: 100004: SERVER: couldn’t connect to: 127.0.0.1:10026: Transport endpoint is not connected

The clamd deamon is no longer active. To restart the clamav services, they can be stopped in the console and restarted in the loop:

$ service clamd stop
$ service clamsmtp-clamd stop
$ service clamsmtpd stop
$ service clamd start
$ service clamsmtp-clamd start
$ service clamsmtpd start

After clamd and clamsmtpd is started, the active ports can be checked as follows:

$ ls -al /var/run/clamd.clamsmtp/clamd.pid
-rw-rw-r-- 1 clamsmtp mail 6 Oct 28 16:24 /var/run/clamd.clamsmtp/clamd.pid

$ netstat -tulpn
tcp 0 0 127.0.0.1:10025 0.0.0.0:* LISTEN 21134/clamsmtpd
tcp 0 0 127.0.0.1:10026 0.0.0.0:* LISTEN 21272/master

Furthermore, mails could still be in the queue, these could be removed with the command mailq and postqueue processed.

$ mailq
$ postqueue -f

Source: https://www.clamav.net/

How useful was this post?

Click on a star to rate it!

Average rating 0 / 5. Vote count: 0

No votes so far! Be the first to rate this post.

Leave a Reply

Your email address will not be published.