Clamd as scan option [patches included]
Mike Tremaine
mgt at stellarcore.net
Sun Apr 15 15:37:33 IST 2007
Overview: So I starting thinking about what it would take to get
clamdscan working with MailScanner. The results are included below.
First and foremost you must have clamd running, if you run as root then
you don't have to worry about any permission problems. If you run clamd
as "clamav" then you need to set
###### IF YOU ARE RUNNING MAILSCANNER AS ROOT ######
# You need to set the following in MailScanner.conf so that external
# unpackers can be used...
# Incoming Work Group = clamav
# Incoming Work Permissions = 0640
So that clamd can scan in the directories. Otherwise here goes.
Steps:
1) Install clamd-wrapper in your MailScanner/lib/ directory
2) Patch MailScanner/lib/MailScanner/SweepViruses.pm
3) In MailScanner.conf set
Virus Scanners = clamd
4) In virus.scanners.conf set [This is on a Solaris 10 host so do the
right thing with your OWN PATH Options!]
clamd /opt/MailScanner/lib/clamd-wrapper /usr/local
Notes:
Internally this approach uses most of the clamav [aka clamscan] options,
if it turns out there are major differences then a new parse function
can easily be added to SweepViruses.pm, otherwise my biggest concern
would be what happens if clamd dies, perhaps the clamd-wrapper can have
some processes/error checking that can restart clamd.
I only tested this out on a development box but it did scan txt zip and
tar.gz as attachments with no problem. The speed difference is pretty
good here is an example on my spoolfile [1.77MB]
[root at neutron ~]# clamscan /var/mail/mgt
/var/mail/mgt: OK
----------- SCAN SUMMARY -----------
Known viruses: 108394
Engine version: 0.90.2
Scanned directories: 0
Scanned files: 1
Infected files: 0
Data scanned: 1.77 MB
Time: 25.755 sec (0 m 25 s)
[root at neutron ~]# clamdscan /var/mail/mgt
/var/mail/mgt: OK
----------- SCAN SUMMARY -----------
Infected files: 0
Time: 10.260 sec (0 m 10 s)
-Mike
-------------- next part --------------
#!/bin/sh
# clamd-wrapper -- invoke ClamAV for use with mailscanner
#
# MailScanner - SMTP E-Mail Virus Scanner
# Copyright (C) 2001 Julian Field
#
# $Id: clamd-wrapper 3184 2005-09-28 11:13:40Z jkf $
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
# The author, Julian Field, can be contacted by email at
# Jules at JulianField.net
# or by paper mail at
# Julian Field
# Dept of Electronics & Computer Science
# University of Southampton
# Southampton
# SO17 1BJ
# United Kingdom
#
#
###### IF YOU ARE RUNNING MAILSCANNER AS ROOT ######
# You need to set the following in MailScanner.conf so that external
# unpackers can be used...
# Incoming Work Group = clamav
# Incoming Work Permissions = 0640
#ClamUser="clamav"
#ClamGroup="clamav"
ScanOptions=""
ClamdScan=$1/bin/clamdscan
shift
if [ ! -x $ClamdScan ]; then
ClamdScan=/usr/bin/clamdscan
fi
if [ "x$1" = "x-IsItInstalled" ]; then
[ -x $ClamdScan ] && exit 0
exit 1
fi
# Add this for Solaris users so they can find whoami
PATH=$PATH:/usr/ucb
export PATH
$ClamdScan $ScanOptions "$@"
retval=$?
exit $retval
-------------- next part --------------
A non-text attachment was scrubbed...
Name: sweepviruses.patch
Type: text/x-patch
Size: 784 bytes
Desc: not available
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070415/c08c4190/sweepviruses.bin
More information about the MailScanner
mailing list