rpms / clamav

Clone
Source Code
GIT

rpms / clamav

Created 6 years ago
Maintained by sergiomb
Clam AntiVirus is an anti-virus toolkit for UNIX
Star 2
Watch 19
Watch Issues and PRs
Watch Commits
Watch Issues, PRs, and Commits
Unwatch
Reset watch status
Members 8

sergiomb

Sérgio Basto
main admin

gnat

Nathanael Noblet
commit

mstevens

Morten Stevens
commit

orion

Orion Poplawski
admin

nb

Nick Bebout
admin

pwouters

Paul Wouters
admin

robert

Robert Scheck
admin

steve

Steven Pritchard
admin
Sérgio M. Basto committed 12 days ago

README.Fedora.md for clamav-milter

Please note for Fedora and EPEL 7+ we use only systemd.

A clamav-milter setup consists of the following three components:

  • the clamav-milter itself

The main configuration is in /etc/mail/clamav-milter.conf and MUST be changed before first use.

This can be enabled with: 'systemctl enable clamav-milter.service'

  • a clamav scanner daemon

The daemon is configured by /etc/clamd.d/scan.conf (which MUST be edited before first use).

This can be enabled with: 'systemctl enable clamd@scan.service'

  • the MTA (sendmail/postfix)

--> you should know how to install this...

When communicating across unix sockets with the clamav-milter, it is suggested to use the /run/clamav-milter/clamav-milter.socket path. You have to add something like

INPUT_MAIL_FILTER(`clamav', `S=local:/run/clamav-milter/clamav-milter.socket, F=, T=S:4m;R:4m')dnl

to your sendmail.mc.

  • Changing permissions of directory /var/lib/clamav Whenever ClamAV is upgraded by dnf, the permissions for the /var/lib/clamav directory change to user clamupdate If for some reason you need DatabaseOwner be another user, you may copy /usr/lib/systemd/system/clamav-freshclam.service to /etc/systemd/system/ and add ExecStartPre=+/usr/bin/chown youruser:yourgroup /var/lib/clamav and updates won't break your configuration ... Please add comments to https://bugzilla.redhat.com/show_bug.cgi?id=2023371 if not work for you or if you have any suggestion. Note: =+ on systemd.service (man 5 systemd.service, Special executable prefixes) If the executable path is prefixed with "+" then the process is executed with full privileges.

EXAMPLE

For clamav-milter, a possible setup might be created by

A) On the MTA (assumed hostname 'host-mta')

  1. Add to sendmail.mc

    | INPUT_MAIL_FILTER(clamav',S=inet:6666@host-milter, F=, T=S:4m;R:4m')dnl

  2. Rebuild sendmail.cf

B) On the clamav-milter host (assumed hostname 'host-milter')

  1. Install clamav-milter + clamav-milter-upstart packages

  2. Set in /etc/mail/clamav-milter.conf

    | MilterSocket inet:6666 | ClamdSocket tcp:host-scanner:6665

    and all the other options which are required on your system

  3. Enable clamav-milter.service:

    | systemctl enable clamav-milter.service

    Restart your system or execute

    | systemctl start clamav-milter.service

  4. Add something like

    | iptables -N IN-cmilt | iptables -A IN-cmilt -s host-mta -j ACCEPT | iptables -A IN-cmilt -j DROP

    | iptables -A INPUT -p tcp --dport 6666 -j IN-cmilt

    to your firewall setup

C) On the clamav-scanner host (assumed hostname 'host-scanner')

  1. Install clamd

  2. Add to /etc/clamd.d/scan.conf

    | TCPSocket 6665 | TCPAddr host-scanner

    comment out possible 'LocalSocket' lines and set all the other options which are required on your system

  3. Enable clamd@scan.service:

    | systemctl enable clamd@scan.service

    Restart your system or execute

    | systemctl start clamd@scan.service

  4. Add something like

    | iptables -N IN-cscan | iptables -A IN-cscan -s host-milter -j ACCEPT | iptables -A IN-cscan -j DROP

    | iptables -A INPUT -p tcp --dport 6665 -j IN-csan

    to your firewall setup

Powered by Pagure 5.13.3
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.