Amavisd-new
Amavisd-new is a perl software and it requires some modules to be able to function properly.
a) Install those modules from CPAN with the following commands;
#perl -MCPAN -e shell
install Archive::Tar
install Archive::Zip
install Compress::Zlib
install Convert::UUlib
install MIME::Base64
install Mail::Internet
install Net::Server
install Net::SMTP
install Digest::MD5
install IO::Stringy
install Time::HiRes
install Unix::Syslog
install BerkeleyDB
install MIME::Tools
install Convert::TNEF
b) Create user account and home directory of amavis
#mkdir /var/amavis
#groupadd amavis
#useradd amavis -g amavis -d /var/amavis -s /bin/bash
#chmod 750 /var/amavis
#mkdir /var/amavis/tmp
#mkdir /var/amavis/db
#chown -R amavis:amavis /var/amavis
c) Install amavisd-new
#cd /usr/local/src
#tar -zxf amavisd-new-2.4.0.tar.gz
#cd amavisd-new-2.4.0
#cp amavisd /usr/local/sbin
#chown root /usr/local/sbin/amavisd
#chmod 755 /usr/local/sbin/amavisd
#cp amavisd.conf /etc
#chown root /etc/amavisd.conf
#chmod 644 /etc/amavisd.conf
#mkdir /var/virusmails
#chmod 750 /var/virusmails/
#chown amavis /var/virusmails/
d) Edit /etc/amavisd.conf file and adjust variables as below (If you haven't used the above scheme for directory
structure, you will also need to change more variables than below)
$mydomain = 'test.com';
$daemon_user = 'amavis';
$daemon_group = 'amavis';
$final_virus_destiny = D_REJECT;
$final_banned_destiny = D_PASS;
$final_spam_destiny = D_PASS;
$final_bad_header_destiny = D_PASS;
$warnvirussender = 1;
$virus_admin = "genco\@$mydomain";
$mailfrom_notify_admin = "genco\@$mydomain";
$mailfrom_notify_recip = "genco\@$mydomain";
$mailfrom_notify_spamadmin = "NOSPAMMER\@$mydomain";
$sa_tag2_level_deflt = 5;
e) You can set many virus scanners in amavisd.conf file but we are going to use only clamav.
So remove comment "#" character and change socket path into /tmp/clamd on the lines
below in amavisd.conf. These lines starts with http://www.clamav.net text which are in
av_scanners array.
# ### http://www.clamav.net/
['ClamAV-clamd',
\&ask_daemon, ["CONTSCAN {}\n", "/tmp/clamd"],
qr/\bOK$/, qr/\bFOUND$/,
qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
CLAMAV
#cd /usr/local/src
#groupadd clamav
#useradd -g clamav -s /bin/false -c "Clam Antivirus" clamav
#tar -zxf clamav-0.88.2.tar.gz
#cd clamav-0.88.2
#./configure --sysconfdir=/etc
#make
#make install
#mkdir /var/lib/clamav
#chown clamav:clamav /var/lib/clamav
Clamav is installedl Lets make a test to see how clamav is working. We are doing our test under /usr/local/clamav-88.2 directory which
contains sample virus-like files. This test will write the output into scan.txt file.
#/usr/local/bin/clamscan -r -l scan.txt /usr/local/clamav-0.88.2
Edit /etc/clamav.conf and modify variables like below; Don't forget to put "#" in front of "Example" text.
#Example
LogFile /tmp/clamd.log
DatabaseDirectory /var/lib/clamav
User amavis
UPDATING CLAMAV VIRUS DATABASE
Every second a new virus/worm is created, we must update our virus database. Freshclam program does this for us.
Before running freshclam edit /etc/freshclam.conf file and modify the line "Example" like below. (Put # in front of it)
#Example
No create necessary log file and run freshclam;
#touch /var/log/clam-update.log
#chmod 600 /var/log/clam-update.log
#chown amavis /var/log/clam-update.log
#/usr/local/bin/freshclam --datadir=/var/lib/clamav -l /var/log/clam-update.log
CLAMAV IN CRONTAB
Create a crontab entry so that clamav will update its database everyday at 08:00 regularly. Put these lines into
your crontab
06 08 * * * /usr/local/bin/freshclam --quiet -l /var/log/clam-update.log
Special NOTE from Lennard Warnaar: Lennard took my attention to the scheduled update time of
clamav. I had not noticed this. Clamav-support docs is saying that : "Please don't choose any multiple of 10
because there are already too many servers using those time slots." So please update your clamav at
02,03,04 etc. minutes instead of 10 multiples (00,10,20)
RUN CLAMD
#/usr/local/sbin/clamd
RUN AMAVISD-NEW
First make sure that amavisd is working properly or not. To test, this run amavisd with debug paramater like;
#/usr/local/sbin/amavisd -u amavis debug
If this doesn't cause any errors, exit and start amavisd in the background as below
#su - amavis -c "/usr/local/sbin/amavisd"
This should start amavis daemon with amavis user privilege
AMAVISD-NEW POSTFIX CONFIGURATION
Everything is about to finish. Finally we must tell postfix to send its incoming mails into the amavis for virus and spam filtering. To do this please do the following changes into the respective postfix files.
Write these lines into the end of /etc/postfix/master.cf (We are using lmtp interface not smtp here)
smtp-amavis unix - - n - 2 lmtp
-o lmtp_data_done_timeout=1200
-o lmtp_send_xforward_command=yes
127.0.0.1:10025 inet n - n - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o strict_rfc821_envelopes=yes
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
Now it is time to tell postfix to use a content filter. Open /etc/postfix/main.cf file and write the following;
content_filter=smtp-amavis:[127.0.0.1]:10024
Now it is time to reload postfix, "postfix reload" command will reload postfix and new config. To see whether
mail scanning works or not, send an e-mail which only contains characters below and see the rejected message returned to you.
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
Finally add the following commands into your starup scripts so that at every reboot amavisd and clamav should work.
/usr/local/sbin/clamd
su - amavis -c "/usr/local/sbin/amavisd"
I hope everything is ok. Congratulations...
References
http://www.postfix.org
http://www.gentoo.org/doc/en/virt-mail-howto.xml
http://www.gfxcafe.com/Mail%20Howto.htm
http://www.marlow.dk/?target=postfix
http://www.mysql.com
http://www.courier-mta.org
http://www.clamav.net
http://www.ijs.si/software/amavisd
