Switched from clamavmodule to clamd

Ronny T. Lampert telecaadmin at gmail.com
Tue May 27 13:18:31 IST 2008

> In the MailScanner.conf:
> Virus Scanners = clamd
> ClamAVmodule Maximum Compression Ratio = 1000
> Clamd Port = 3310
> Clamd Socket = /tmp/clamd.socket
> Clamd Lock File = /var/lock/subsys/clamd

You might have to adjust (obviously) the Socket and the Lock File.
You get those from the clamd.conf file.

> In the /etc/clamd.conf file:
> ScanMail no
> # With this option enabled ClamAV will try to detect
> phishing attempts by using
> # signatures.
> # Default: yes
> #PhishingSignatures yes
> # Scan URLs found in mails for phishing attempts using
> heuristics.
> # Default: yes
> #PhishingScanURLs yes
> # Perform HTML normalisation and decryption of MS
> Script Encoder code.
> # Default: yes
> #ScanHTML yes
> Do I need to turn off the defaults above as
> MailScanner handles these or just leave things as is?

This should be OK. The fancy stuff (HTML, Phishing etc) is done by 
MailScanner. You don't want to get overzealous or else too many false 
positives creep up.
Depending on your setup you might have to adjust the

User clamav

setting in clamd.conf because the clamav user per default is NOT able to 
read the queue files for postfix (I run MailScanner as the postfix user).
Using "root" is a quick workaround, but dangerous (obviously).

Also you want to set the following to match your CPUs


MaxThreads 16

and in MailScanner.conf:

Clamd Use Threads = yes

> Also, does MailScanner handle the clam definition
> updates automatically? or do I need to enable a
> freshclam run? or cron freshclam?

freshclam can be set (and usually is by default in /etc/freshclam.conf, 
see option NotifyClamd) to notify clamd to reload the definitions.
So, yes.


More information about the MailScanner mailing list