1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

An alternative to DrWeb?

Discussion in 'Plesk for Linux - 8.x and Older' started by albans, Apr 12, 2006.

  1. albans

    albans Regular Pleskian

    26
     
    Joined:
    Nov 29, 2005
    Messages:
    173
    Likes Received:
    0
  2. atomicturtle

    atomicturtle Golden Pleskian

    29
     
    Joined:
    Nov 20, 2002
    Messages:
    2,110
    Likes Received:
    7
    Location:
    Washington, DC
    Im pretty impressed with clamav, the frequently get A/V sigs out the door before the commercial vendors these days.
     
  3. albans

    albans Regular Pleskian

    26
     
    Joined:
    Nov 29, 2005
    Messages:
    173
    Likes Received:
    0
    I noticed that clamAV is in your rpms for 7.5.4.
    Do you have any experience with it in Plesk8 (FC2)?
     
  4. atomicturtle

    atomicturtle Golden Pleskian

    29
     
    Joined:
    Nov 20, 2002
    Messages:
    2,110
    Likes Received:
    7
    Location:
    Washington, DC
    Not personally, however I have had a few testers tell me it works the same on 8.0
     
  5. poke

    poke Guest

    0
     
  6. albans

    albans Regular Pleskian

    26
     
    Joined:
    Nov 29, 2005
    Messages:
    173
    Likes Received:
    0
    I tried to install ClamAV via your repository (atomic!) for PSA-8...

    I did it as follow:
    yum install clamav
    yum install clamd
    yum install qmail-scanner

    Then I got an error message:
    ----------------------------------------
    install: cannot stat `qmail-scanner-queue.pl': No such file or directory
    setuidgid: fatal: unable to run /var/qmail/bin/qmail-scanner-queue.pl: file does not exist
    setuidgid: fatal: unable to run /var/qmail/bin/qmail-scanner-queue.pl: file does not exist
    chmod: cannot access `/var/qmail/bin/qmail-scanner-queue.pl': No such file or directory
    Installed: qmail-scanner 1:1.25-9.rhfc2.art.noarch
    Dep Installed: tnef 1.2.1-1.rhfc2.art.i386 maildrop 1.8.1-2.rhfc2.art.i386 perl-suidperl 3:5.8.3-18.1.i386 daemontools 0.76-1.rhfc2.art.i386
    ----------------------------------------

    I was then unable to send/receive mail. So I removed qmail-scanner via YUM and it worked again.

    But how can I make qmail-scanner work?
     
  7. albans

    albans Regular Pleskian

    26
     
    Joined:
    Nov 29, 2005
    Messages:
    173
    Likes Received:
    0
    Forget about my problems, I could install everything following those commands:

    -----------------------------------------------------
    yum remove psa-spamassassin
    yum install qmail-scanner
    yum install clamd
    yum install spamassassin
    /usr/bin/qmail-scanner-reconfigure
    -----------------------------------------------------

    And everything's fine when looking at the headers...

    I just have one dream now: is it possible to still have PSA spamassassin and ClamAV? As I really liked to manage PSA spamassin via the plesk interface...

    Thanks.
     
  8. atomicturtle

    atomicturtle Golden Pleskian

    29
     
    Joined:
    Nov 20, 2002
    Messages:
    2,110
    Likes Received:
    7
    Location:
    Washington, DC
    yes you can have both, installing qmail-scanner doesnt disable it, it just adds another layer to the system. So worst case, you're scanning spam twice (once in the queue via q-s, and once in the users mailbox, with psa-SA). On the plus side one advantage that q-s gives you is it also scans outbound messages, a nice saftey net if someone starts spamming through your box.
     
  9. albans

    albans Regular Pleskian

    26
     
    Joined:
    Nov 29, 2005
    Messages:
    173
    Likes Received:
    0
    Okay, thanks, I could simply do it like that:
    -----------------------------------------------------
    Before installing qmail-scanner:
    -----------------------------------------------------
    1. remove dr web:
    # rpm -e drweb drweb-qmail
    2. remove psa spamassassin
    [Note: not necessary but this solved the first error I had]
    # yum remove psa-spamassassin
    -----------------------------------------------------
    Install qmail-scanner/clamav/spamassassin
    -----------------------------------------------------
    # yum install qmail-scanner
    # yum install clamd
    # yum install spamassassin
    # yum install psa-spamassassin
    # /usr/bin/qmail-scanner-reconfigure
    -----------------------------------------------------

    Then everything's working (clamAV reject mails with viruses and x-spam entry shows up spamassassin in the mail's header) and the Plesk admin works to administrate PSA Spamassassin.

    So, Scott, thanks a lot for your rpms!

    But just one question: do I really need to remove psa-spamassassin before installing qmail-scanner? I would like to keep the bayesian lists and all the defined settings on another server...
     
  10. atomicturtle

    atomicturtle Golden Pleskian

    29
     
    Joined:
    Nov 20, 2002
    Messages:
    2,110
    Likes Received:
    7
    Location:
    Washington, DC
    You dont have to remove psa-spamassassin, no. Its OK to run both, the only disadvantage is that you'll be scanning messages twice.
     
  11. albans

    albans Regular Pleskian

    26
     
    Joined:
    Nov 29, 2005
    Messages:
    173
    Likes Received:
    0
    I noticed a strange entry in the maillogs...
    ---------------------------------------------------
    Apr 20 16:55:22 server spamd[3622]: spamd: got connection over /tmp/spamd_full.sock
    Apr 20 16:55:22 server spamd[3622]: spamd: using default config for mail@server: /var/qmail/mailnames/domain/name/.spamassassin/user_prefs
    Apr 20 16:55:22 server spamd[3622]: config: failed to parse line, skipping: rewrite_subject_1
    Apr 20 16:55:22 server spamd[3622]: config: failed to parse line, skipping: subject_tag_*****SPAM*****
    Apr 20 16:55:22 server spamd[3622]: spamd: processing message <000001c664b5$48ceac00$0100007f@localhost> for mail@server:110
    Apr 20 16:55:22 server qmail-scanner[8182]: Clear:RC:0(219.154.32.138): 2.076821 9539 eoghan.baird@elmarwan.net mail@server What_IS_0EM_Software_And_Why_D0_You_Care? <000001c664b5$48ceac00$0100007f@localhost> 1145544921.8205-1.server.ch:7518 1145544921.8205-0.server.ch:797 orig-server.ch11455449207228182:9539
    Apr 20 16:55:23 server spamd[3622]: Can't locate Mail/SPF/Query.pm in @INC (@INC contains: ../lib /mnt/dar/tmp/spamassassin-root//usr/lib/perl5/vendor_perl/5.8.3 /usr/lib/perl5/5.8.3/i386-linux-thread-multi /usr/lib/perl5/5.8.3 /usr/lib/perl5/site_perl/5.8.3/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.2/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.1/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.3 /usr/lib/perl5/site_perl/5.8.2 /usr/lib/perl5/site_perl/5.8.1 /usr/lib/perl5/site_perl/5.8.0 /usr/lib/perl5/site_perl /usr/lib/perl5/vendor_perl/5.8.3/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.2/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.1/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.3 /usr/lib/perl5/vendor_perl/5.8.2 /usr/lib/perl5/vendor_perl/5.8.1 /usr/lib/perl5/vendor_perl/5.8.0 /usr/lib/perl5/vendor_perl) at /usr/lib/perl5/vendor_perl/5.8.3/Mail/SpamAssassin/Pl
    Apr 20 16:55:25 server spamd[3622]: spamd: identified spam (19.9/7.0) for mail@server:110 in 2.5 seconds, 9846 bytes.
    Apr 20 16:55:25 server spamd[3622]: spamd: result: Y 19 - HTML_MESSAGE,NO_DNS_FOR_FROM,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_WHOIS_INVALID,RCVD_IN_XBL,URIBL_JP_SURBL,URIBL_OB_SURBL,URIBL_SBL,URIBL_SC_SURBL scantime=2.5,size=9846,user=mail@server,uid=110,required_score=7.0,rhost=localhost,raddr=127.0.0.1,rport=/tmp/spamd_full.sock,mid=<000001c664b5$48ceac00$0100007f@localhost>,autolearn=spam
    Apr 20 16:55:25 server spamd[20080]: prefork: child states: II
    ---------------------------------------------------

    So, two things:
    - Why is happening the error "failed to parse line" twice for "subject_tag_*****SPAM*****" and "rewrite_subject_1"?

    - What is the "Can't locate Mail/SPF/Query.pm" message? What is it used for?
    Found the answer:
    http://www.akadia.com/services/spf.html


    And finally, where can I configure which policy I want to use or not for qmail-queue => for example, the Win_Ext policy bloqued every file with two win32 extensions (like "something.doc.rtf")?
    Found something interessant in this file:
    /var/qmail/bin/qmail-scanner-queue.pl

    And one more question:
    Is it possible to install qmail-scanner and clamd without installing spamassassin? As there're some dependencies between spamassassin and qmail-scanner... Just in order to use only psa-spamassassin.
     
  12. atomicturtle

    atomicturtle Golden Pleskian

    29
     
    Joined:
    Nov 20, 2002
    Messages:
    2,110
    Likes Received:
    7
    Location:
    Washington, DC
    qmail-scanner configs can be done from /var/qmail/bin/qmail-scanner-queue.pl
    and /var/spool/qmailscan/

    spamassassin - has SPF deps that break on some distros in my build environment. Its a harmless error, just means those checks arent working. Its on my bug list.
     
  13. albans

    albans Regular Pleskian

    26
     
    Joined:
    Nov 29, 2005
    Messages:
    173
    Likes Received:
    0
    I tried to modify the qmail-scanner-queue.pl but I'm not able to activate the notification to sender and admin.

    Then I tried to modify the /usr/bin/qmail-scanner-reconfigure file, to add in the "configure" line a "--notify all" (and also --admin "support" --domain "mydomain.ch")... I then sent me an EICAR virus, and no notification, also tried with a doubled extension file (".doc.rtf")...
    I can find both entry in the quarantine.log.

    How to activate the notification?
     
  14. maurits

    maurits Guest

    0
     
    qmail-scanner+clamav=great! But now Spamassassin :)

    I found this thread looking for the cause of hundreds of error messages sent to me by DrWeb, and I was immediately convinced. I ditched DrWeb, installed qmail-scanner, clamav and SpamAssassin. The antivirus part works perfectly, the spam part does almost. ;)

    I have used SpamAssassin previously on other (non-Plesk) systems and know reasonably well how it works, but now I'm a bit baffled by the number of files with config options and the fact that some config files apparantly need to be parsed and then write out new config files, overwriting the changes I apparantly made in the wrong place. For example, after I already set up everything working properly, SpamAssassin suddenly disappeared out of my mail headers at some point and I found out that the spamc-definition in /etc/qmail-scanner.ini was empty, and I couldn't think why. Fortunately, after running all the configuration parsers, it returned there without me having added it manually, which is good or it'd probably disappear again.

    Anyway, I'm hoping someone can help me with these specific questions, in a Plesk+Qmail-scanner+Clam+SA setup as above:

    1. It looks like no network checks are enabled. SA enables them by default, so where are they disabled? (And where can I enable Bayes checks when the database is filled enough?)

    2. I was checking whether Bayes had done enough learning, but when running sa-learn --dump it can't seem to find a database. It's looking in ~root/.spamassassin (a folder that actually exists but it empty). What user does spamc run as in this setup and where does it store this stuff? Can Bayes be used at all?

    It would also help if someone could point me to clear documentation (or just explain) ;) about which config file to edit and which config files are generated from what other files, and by what tool. I found out most of this by accident.

    Oh, before I forget, I'm in Plesk 8.2 (I can see this thread is a bit old..) :)

    Thanks :)

    Maurits.
     
  15. maurits

    maurits Guest

    0
     
    Ok I figured out some of this for myself.. the user directory is /var/spool/qscan, and indeed there is the bayes database.

    Now for the network tests, judging from the logs these tests ARE carried out, but looking at how much spam gets through and how low the scores are (compared to an ancient spamassassin on an old server I'm still using), it would seem that those checks don't actually score any points. Indeed sa-learn says that the score set is 0 (meaning network checks are disabled). What do I need to change?

    Maurits.
     
Loading...