Difference between revisions of "ClamAV"
m (Category: Email Server) |
(Integrate with Exim) |
||
| Line 3: | Line 3: | ||
# apt install clamav clamdscan clamav-daemon | # apt install clamav clamdscan clamav-daemon | ||
</syntaxhighlight> | </syntaxhighlight> | ||
| + | |||
| + | == Integrate with Exim == | ||
| + | You need to have [[Exim]] installed for this. | ||
| + | |||
| + | === Permissions === | ||
| + | The ClamAV daemon is running under user <code>clamav</code>. We need to get this user access to the mail spool for the scan to be possible.<syntaxhighlight lang="console"> | ||
| + | # usermod -a -G Debian-exim clamav | ||
| + | # systemctl restart clamav-daemon.service | ||
| + | </syntaxhighlight> | ||
| + | |||
| + | === Exim setup === | ||
| + | Create file <code>/etc/exim4/local-acl</code> with the following content<syntaxhighlight lang="properties"> | ||
| + | deny | ||
| + | malware = * | ||
| + | message = This message was detected as possible malware ($malware_name). | ||
| + | </syntaxhighlight>and append the following lines to <code>/etc/exim4/conf.d/main/00_local_settings</code><syntaxhighlight lang="properties"> | ||
| + | CHECK_DATA_LOCAL_ACL_FILE = /etc/exim4/local-acl | ||
| + | av_scanner = clamd:/var/run/clamav/clamd.ctl | ||
| + | </syntaxhighlight>Finally restart Exim<syntaxhighlight lang="console"> | ||
| + | # systemctl restart exim4.service | ||
| + | </syntaxhighlight> | ||
| + | |||
| + | === Test === | ||
| + | Testing anti-virus software is commonly done using [http://www.eicar.org/83-0-Anti-Malware-Testfile.html EICAR anti malware testfile]. Although this file is not a virus, it will be recognised by all major anti-virus programs. This allow to test them without risking infecting yourself. | ||
| + | |||
| + | To get the file, simply create a file with the following content<syntaxhighlight lang="text"> | ||
| + | X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H* | ||
| + | </syntaxhighlight>You can then email this file to yourself. It must be blocked by Exim. | ||
| + | |||
| + | Check the content of <code>/var/log/exim4/rejectlog</code> and <code>/var/log/exim4/paniclog</code> for any issue. | ||
| + | |||
[[Category:Email Server]] | [[Category:Email Server]] | ||
[[Category:Linux Server]] | [[Category:Linux Server]] | ||
Revision as of 10:05, 30 July 2016
Install
# apt install clamav clamdscan clamav-daemon
Integrate with Exim
You need to have Exim installed for this.
Permissions
The ClamAV daemon is running under user clamav. We need to get this user access to the mail spool for the scan to be possible.
# usermod -a -G Debian-exim clamav
# systemctl restart clamav-daemon.service
Exim setup
Create file /etc/exim4/local-acl with the following content
deny
malware = *
message = This message was detected as possible malware ($malware_name).
and append the following lines to /etc/exim4/conf.d/main/00_local_settings
CHECK_DATA_LOCAL_ACL_FILE = /etc/exim4/local-acl
av_scanner = clamd:/var/run/clamav/clamd.ctl
Finally restart Exim
# systemctl restart exim4.service
Test
Testing anti-virus software is commonly done using EICAR anti malware testfile. Although this file is not a virus, it will be recognised by all major anti-virus programs. This allow to test them without risking infecting yourself.
To get the file, simply create a file with the following content
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
You can then email this file to yourself. It must be blocked by Exim.
Check the content of /var/log/exim4/rejectlog and /var/log/exim4/paniclog for any issue.
