Quicksearch
Personal
Categories
Syndicate This Blog
Thursday, February 9. 2006
Postfix with Amavis-new for virus scanning
Here is a short HowTo for configure Postfix to use Amavis with ClamAV for virus scanning!
First you should install ClamAV from backports.org, when you using the ClamAV from stable/sarge you have an old searching engine that maybe have some problems to recognize new viruses with the new files from ClamAV-freshclam.
First add this line to your /etc/apt/sources.list:
Now that is very important to create a /etc/apt/preferences file:
With this entry you deactivate all packages from backports.org this is important because we will only install ClamAV from backports.
Save the file and run an apt-get update to receive the packagefiles from backports.org.
Now install clamav with:
apt-get install -t sarge-backports clamav clamav-freshclam
The -t sarge-backports is necessary, because apt will now install the package from backports.org!
Now install amavis-new:
apt-get install amavis-new
Edit your /etc/postfix/main.cf and add this for amavis:
Edit your /etc/postfix/master.cf and add this for amavis:
Now you have to add clamav user to the amavis system group and add the clamav user to the amavis system group in your /etc/group!
Because clamav user must read files in the amavis directory and the amvis user must read files in the clamav directory.
After the modification /etc/group should look like:
After this modification you have to restart all services!
(postfix, clamav-daemon, clamav-freshclam, amvis)
Than you have to edit the /etc/amavis/amavisd.conf:
It's very big so I only list the changes:
->>change to your hostname
->> no mail to virussender. because often the from emailaddres is faked!
->> the recipient gets an email that he has received an virus email
->> postmaster gets no notification
Safe the configuration file and restart your amavid!
Now try to send an email and than try to send a virus from
If the repicient gets an email about “VIRUS ( EICAR.Test) IN MAIL TO YOU” all works fine.
If not, check the /var/log/mail.log and try to resolv the error!
First you should install ClamAV from backports.org, when you using the ClamAV from stable/sarge you have an old searching engine that maybe have some problems to recognize new viruses with the new files from ClamAV-freshclam.
First add this line to your /etc/apt/sources.list:
deb http://www.backports.org/debian sarge-backports main
Now that is very important to create a /etc/apt/preferences file:
Package: *
Pin: release a=sarge-backports
Pin-Priority: 200
With this entry you deactivate all packages from backports.org this is important because we will only install ClamAV from backports.
Save the file and run an apt-get update to receive the packagefiles from backports.org.
Now install clamav with:
apt-get install -t sarge-backports clamav clamav-freshclam
The -t sarge-backports is necessary, because apt will now install the package from backports.org!
Now install amavis-new:
apt-get install amavis-new
Edit your /etc/postfix/main.cf and add this for amavis:
###E-Mail filter:
content_filter = amavis:[127.0.0.1]:10024
receive_override_options = no_address_mappings
Edit your /etc/postfix/master.cf and add this for amavis:
amavis unix - - - - 2 smtp -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes
127.0.0.1:10025 inet n - - - - smtpd -o content_filter=
-o local_recipient_maps= -o relay_recipient_maps=
-o smtpd_restriction_classes= -o smtpd_client_restrictions=
-o smtpd_helo_restrictions= -o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8 -o strict_rfc821_envelopes=yes
-o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
-o smtpd_bin_address=127.0.0.1
Now you have to add clamav user to the amavis system group and add the clamav user to the amavis system group in your /etc/group!
Because clamav user must read files in the amavis directory and the amvis user must read files in the clamav directory.
After the modification /etc/group should look like:
clamav:x:107:amavis
amavis:x:108:clamav
After this modification you have to restart all services!
(postfix, clamav-daemon, clamav-freshclam, amvis)
Than you have to edit the /etc/amavis/amavisd.conf:
It's very big so I only list the changes:
line 66: $mydomain = 'localhost';
->>change to your hostname
line 429: $warnvirussender = 0;
->> no mail to virussender. because often the from emailaddres is faked!
line 442: $warnvirusrecip = 1;
->> the recipient gets an email that he has received an virus email
line 476: $virus_admin = undef;
->> postmaster gets no notification
Safe the configuration file and restart your amavid!
Now try to send an email and than try to send a virus from
If the repicient gets an email about “VIRUS ( EICAR.Test) IN MAIL TO YOU” all works fine.
If not, check the /var/log/mail.log and try to resolv the error!
Relating to that Virus Scanning entry I think Debian Volatile is better for a up-to-date ClamAV than Backports.org. Debian Volatile is made for packages that change very often, and you need the current upstream package on a server. Like an up-to-date
Tracked: May 19, 02:26
Once you find the opinions you were looking for, you can put it to work.
Tracked: Dec 28, 12:56