Switched from clamavmodule to clamd

Stephen Swaney steve at fsl.com
Tue May 27 15:58:39 IST 2008 

Ronny T. Lampert wrote:
>> In the MailScanner.conf:
>>
>> Virus Scanners = clamd
>> ClamAVmodule Maximum Compression Ratio = 1000
>> Clamd Port = 3310
>> Clamd Socket = /tmp/clamd.socket
>> Clamd Lock File = /var/lock/subsys/clamd
>
> You might have to adjust (obviously) the Socket and the Lock File.
> You get those from the clamd.conf file.
>
>> In the /etc/clamd.conf file:
>>
>> ScanMail no
>>
>> # With this option enabled ClamAV will try to detect
>> phishing attempts by using
>> # signatures.
>> # Default: yes
>> #PhishingSignatures yes
>>
>> # Scan URLs found in mails for phishing attempts using
>> heuristics.
>> # Default: yes
>> #PhishingScanURLs yes
>>
>> # Perform HTML normalisation and decryption of MS
>> Script Encoder code.
>> # Default: yes
>> #ScanHTML yes
>>
>> Do I need to turn off the defaults above as
>> MailScanner handles these or just leave things as is?
>
> This should be OK. The fancy stuff (HTML, Phishing etc) is done by 
> MailScanner. You don't want to get overzealous or else too many false 
> positives creep up.
> Depending on your setup you might have to adjust the
>
> User clamav
>
> setting in clamd.conf because the clamav user per default is NOT able 
> to read the queue files for postfix (I run MailScanner as the postfix 
> user).
> Using "root" is a quick workaround, but dangerous (obviously).
>
> Also you want to set the following to match your CPUs
>
> clamd.conf:
>
> MaxThreads 16
>
>
> and in MailScanner.conf:
>
> Clamd Use Threads = yes
>
>
>> Also, does MailScanner handle the clam definition
>> updates automatically? or do I need to enable a
>> freshclam run? or cron freshclam?
>
> freshclam can be set (and usually is by default in 
> /etc/freshclam.conf, see option NotifyClamd) to notify clamd to reload 
> the definitions.
> So, yes.
>
> Cheers,
> Ronny
>
You also probably want to add a keep-alive script for clamd. It doesn't 
fail often but I have seen it fail.

And you should make sure that the NotifyClamd option is set in 
freshclam.conf.

    # Send the RELOAD command to clamd.
    # Default: no
    NotifyClamd /path/to/clamd.conf

Alternately you may want to disable the freshclam cron updates and run 
freshclam in daemon mode:

    freshclam --daemon --daemon-notify=/path/to/clamd.conf -c 24

This will check every hour and notify clamd if an update occurs.

Best regards,

Steve

Steve Swaney
steve at fsl.com

www.fsl.com

>
>
>

More information about the MailScanner mailing list