1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice

HOWTO: clamav + FreeBSD + global scanning + unintrusive

Discussion in 'Plesk for Linux - 8.x and Older' started by nihaopaul, Jun 18, 2005.

  1. nihaopaul

    nihaopaul Guest

    0
     
    ok took long enough, but i've just got clamav setup on my plesk box scanning emails before they are eccepted for delivery, for FreeBSD.

    what you need:

    install clamav
    setup clamav
    update with freshclam
    start clamd

    install ripmime (follow instructions)
    untar/gipz qsheff

    cd qsheff-xxx

    echo "/usr/local/psa/qmail" > conf-qmaildir
    echo "qmail" > conf-qmailgroup

    Type './install.sh'

    now the wrapper is installed (i let it use the qmail-scanner so atleast the users with dr.web also have that ability to scan and also spamassasin runs after)

    ee /usr/local/etc/qsheff.conf

    my settings:

    #
    # EnderUNIX Sheff configuration file
    #
    # http://www.enderunix.org/qsheff
    #
    # -b$
    #

    WORKDIRPREFIX = /var/spool/qsheffq
    TEMPDIRPREFIX = /var/tmp/qsheffq
    LOGFILE = /var/log/qsheff.log
    RULEFILE = /usr/local/etc/qsheff.rules
    WBLISTFILE = /usr/local/etc/qsheff.wblist

    # Don't reply
    # Usefull for random generated sender's
    enable_blackhole = 0;

    # 0: Don't panic when any function doesnt work
    # Just continue to finish job.
    # 1: Spammer and antivirus must work.
    # Condone other errors.
    # 2: Don't forgive any error.
    paronia_level = 0

    # Save mails contain spam or antivirus for ISPs.
    # (That is provide quarantine to customers)
    # ATTENTION: This feature needs more disk area.
    # Don't enable it, if you unsure.
    enable_quarantine = 0

    # Enable White/Black List Control
    enable_wblist = 0

    # Enable subject filter
    enable_subject_filter = 0

    # Enable/disable spam program
    enable_spam_prog = 0

    # Enable/disable virus program
    enable_virus_prog = 1

    MIME_PROG = "/usr/local/bin/ripmime -i mesg -e -d"
    MIME_PROG_OK_RET = 0
    MIME_PROG_ERR_RET = -1

    SPAM_PROG = "/usr/local/bin/zabit -i -d"
    SPAM_PROG_OK_RET = 0
    SPAM_PROG_SPAM_RET = 1
    SPAM_PROG_ERR_RET = 2

    VIRUS_PROG = "/usr/local/bin/clamdscan --quiet"
    VIRUS_PROG_OK_RET = 0
    VIRUS_PROG_VIRUS_RET = 1
    VIRUS_PROG_ERR_RET = 2

    QUEUE_PROG = /usr/local/psa/qmail/bin/qmail-queue.orig



    ee /usr/local/etc/qsheff.wblist

    comment out everything with a #

    then we're setup and blocking those nasty viruses at the server!

    oh look for mrtg also on the qsheff site. also if you want to use qscanq, enjoy trying, its is compatible with the latest version of clamav and you dont need the patch. heres a note from the developer:
     
  2. Xtreme-IT

    Xtreme-IT Guest

    0
     
    Wow, finally a working Clamav/FreeBSD install for Plesk!

    I just tested this, just a 5 minute install. It works great!

    Now I got this working, so tomorrow I'm going to test out the other config stuff for qsheff. For instance, dropping the infected mail instead of bouncing it. And some logging and graphing in lardd.

    Great How-to!
     
  3. nihaopaul

    nihaopaul Guest

    0
     
    thanks, it'd be good to hear what your doing in lardd. and alternative configs. i'm also about to come up with a script to take from qsheff the ip address then grep the mail logs to see if we can match it to a user and if so email them with instructions on what to do.

    i use mrtg for my graphing and i only graph the viruses it detected. https://chaos-studio.com/mrtg/virus.html

    the cfg for mrtg is:
    and then the qsheff-mrtg.sh
     
  4. Xtreme-IT

    Xtreme-IT Guest

    0
     
    I have set blackhole to 1, this is much better for my load. Most of the virusmails have fake senderadresses so...

    I'm not sure yet how I'm going to parse the logfile to larrd. I want to use logrotation on this logfile but I don't want to miss any larrd info. I might use the mrtg script to extract the usefull info for lardd.
     
  5. kevin@

    kevin@ Basic Pleskian

    24
    23%
    Joined:
    Nov 30, 2001
    Messages:
    50
    Likes Received:
    0
    Since I set this up I've been noticing quite a few of these messages:

    Jun 22 17:38:16 silver qmail-queue.orig: drweb-qmail[26442]: possible qmail-smtpd exited by timeout, reset connection or with "See http://pobox.com/~djb/docs/smtplf.html."
    Jun 22 17:38:17 silver qmail-queue.orig: drweb-qmail[26447]: possible qmail-smtpd exited by timeout, reset connection or with "See http://pobox.com/~djb/docs/smtplf.html."

    Are you experiencing the same? Any ideas?
     
  6. nihaopaul

    nihaopaul Guest

    0
     
    i thought the same thing, but if you check back in your log you will also see the same thing.

    i even went as far as writing to the developer and he replied
    i'm not saying its definatly not, just i am saying that the problem was long before qsheff was installed. you can use the uninstall.sh in /usr/local/qsheff and it will return your qmail-queue back to normal and leave your config files (back them up if you reinstall qsheff).

    Paul
     
  7. Xtreme-IT

    Xtreme-IT Guest

    0
     
    I can not replicate this error on my machines, but I don't have drweb running. I have stopped the drweb daemons by stopping the drweb service and removed it from rc.d to prevent it from being started again on a reboot.
    When you stop the drweb service it removes it's qmail-queue wrapper. So I think it is a better solution to stop drweb before you install qsheff. And I'm not shure looking at your logging it is such a good idea to use them next to eachother.

    Good luck!
     
  8. speedracer05

    speedracer05 Guest

    0
     
    Thanks nihaopaul, qsheff has worked well for me. It's nice to see there is a FreeBSD port now:

    /usr/ports/mail/qsheff

    To install, just edit the Makefile:

    QMAIL_DIR?= /usr/local/psa/qmail

    Then run "make install clean".
     
Loading...