Switched from clamavmodule to clamd
Ronny T. Lampert
telecaadmin at gmail.com
Tue May 27 13:18:31 IST 2008
> In the MailScanner.conf:
>
> Virus Scanners = clamd
> ClamAVmodule Maximum Compression Ratio = 1000
> Clamd Port = 3310
> Clamd Socket = /tmp/clamd.socket
> Clamd Lock File = /var/lock/subsys/clamd
You might have to adjust (obviously) the Socket and the Lock File.
You get those from the clamd.conf file.
> In the /etc/clamd.conf file:
>
> ScanMail no
>
> # With this option enabled ClamAV will try to detect
> phishing attempts by using
> # signatures.
> # Default: yes
> #PhishingSignatures yes
>
> # Scan URLs found in mails for phishing attempts using
> heuristics.
> # Default: yes
> #PhishingScanURLs yes
>
> # Perform HTML normalisation and decryption of MS
> Script Encoder code.
> # Default: yes
> #ScanHTML yes
>
> Do I need to turn off the defaults above as
> MailScanner handles these or just leave things as is?
This should be OK. The fancy stuff (HTML, Phishing etc) is done by
MailScanner. You don't want to get overzealous or else too many false
positives creep up.
Depending on your setup you might have to adjust the
User clamav
setting in clamd.conf because the clamav user per default is NOT able to
read the queue files for postfix (I run MailScanner as the postfix user).
Using "root" is a quick workaround, but dangerous (obviously).
Also you want to set the following to match your CPUs
clamd.conf:
MaxThreads 16
and in MailScanner.conf:
Clamd Use Threads = yes
> Also, does MailScanner handle the clam definition
> updates automatically? or do I need to enable a
> freshclam run? or cron freshclam?
freshclam can be set (and usually is by default in /etc/freshclam.conf,
see option NotifyClamd) to notify clamd to reload the definitions.
So, yes.
Cheers,
Ronny
More information about the MailScanner
mailing list