Switched from clamavmodule to clamd

Julian Field MailScanner at ecs.soton.ac.uk
Tue May 27 21:11:17 IST 2008


Ooh, can someone add this to the Wiki please?

Thanks!
Jules.

Stephen Swaney wrote:
> Ronny T. Lampert wrote:
>>> In the MailScanner.conf:
>>>
>>> Virus Scanners = clamd
>>> ClamAVmodule Maximum Compression Ratio = 1000
>>> Clamd Port = 3310
>>> Clamd Socket = /tmp/clamd.socket
>>> Clamd Lock File = /var/lock/subsys/clamd
>>
>> You might have to adjust (obviously) the Socket and the Lock File.
>> You get those from the clamd.conf file.
>>
>>> In the /etc/clamd.conf file:
>>>
>>> ScanMail no
>>>
>>> # With this option enabled ClamAV will try to detect
>>> phishing attempts by using
>>> # signatures.
>>> # Default: yes
>>> #PhishingSignatures yes
>>>
>>> # Scan URLs found in mails for phishing attempts using
>>> heuristics.
>>> # Default: yes
>>> #PhishingScanURLs yes
>>>
>>> # Perform HTML normalisation and decryption of MS
>>> Script Encoder code.
>>> # Default: yes
>>> #ScanHTML yes
>>>
>>> Do I need to turn off the defaults above as
>>> MailScanner handles these or just leave things as is?
>>
>> This should be OK. The fancy stuff (HTML, Phishing etc) is done by 
>> MailScanner. You don't want to get overzealous or else too many false 
>> positives creep up.
>> Depending on your setup you might have to adjust the
>>
>> User clamav
>>
>> setting in clamd.conf because the clamav user per default is NOT able 
>> to read the queue files for postfix (I run MailScanner as the postfix 
>> user).
>> Using "root" is a quick workaround, but dangerous (obviously).
>>
>> Also you want to set the following to match your CPUs
>>
>> clamd.conf:
>>
>> MaxThreads 16
>>
>>
>> and in MailScanner.conf:
>>
>> Clamd Use Threads = yes
>>
>>
>>> Also, does MailScanner handle the clam definition
>>> updates automatically? or do I need to enable a
>>> freshclam run? or cron freshclam?
>>
>> freshclam can be set (and usually is by default in 
>> /etc/freshclam.conf, see option NotifyClamd) to notify clamd to 
>> reload the definitions.
>> So, yes.
>>
>> Cheers,
>> Ronny
>>
> You also probably want to add a keep-alive script for clamd. It 
> doesn't fail often but I have seen it fail.
>
> And you should make sure that the NotifyClamd option is set in 
> freshclam.conf.
>
>    # Send the RELOAD command to clamd.
>    # Default: no
>    NotifyClamd /path/to/clamd.conf
>
> Alternately you may want to disable the freshclam cron updates and run 
> freshclam in daemon mode:
>
>    freshclam --daemon --daemon-notify=/path/to/clamd.conf -c 24
>
> This will check every hour and notify clamd if an update occurs.
>
> Best regards,
>
> Steve
>
> Steve Swaney
> steve at fsl.com
>
> www.fsl.com
>
>>
>>
>>
>

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

MailScanner customisation, or any advanced system administration help?
Contact me at Jules at Jules.FM

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
PGP public key: http://www.jules.fm/julesfm.asc


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.



More information about the MailScanner mailing list