clamav/README.fedora
Orion Poplawski 234a5b82e7 Drop clamd@scan.service file (bz#1725810)
Change /var/run to /run
2019-11-18 20:49:22 -07:00

119 lines
3.1 KiB
Plaintext

Please note for Fedora and EPEL 7+ we use only systemd.
upstart and sysvinit only apply to EPEL 6.
A clamav-milter setup consists of the following three components:
* the clamav-milter itself
--> this is provided by the 'clamav-milter' package plus (alternatively)
'clamav-milter-upstart' or 'clamav-milter-sysvinit'
The main configuration is in /etc/mail/clamav-milter.conf and MUST
be changed before first use.
This can be enabled with: 'systemctl enable clamav-milter.service'
The -sysvinit package is managed by the traditional tools, but
-upstart requires modification of /etc/event.d/clamav-milter to
enable automatic startup. See comments there for more details.
* a clamav scanner daemon
--> this is in the clamd package (or on EL6:
'clamav-scanner-upstart' or 'clamav-scanner-sysvinit')
The daemon is configured by /etc/clamd.d/scan.conf (which MUST be
edited before first use).
This can be enabled with: 'systemctl enable clamd@scan.service'
The -sysvinit package is managed by the traditional tools, but
-upstart requires modification of /etc/event.d/clamd.scan to enable
automatic startup. See comments there for more details.
* the MTA (sendmail/postfix)
--> you should know how to install this...
When communicating across unix sockets with the clamav-milter, it is
suggested to use the /run/clamav-milter/clamav-milter.socket
path. You have to add something like
INPUT_MAIL_FILTER(`clamav', `S=local:/run/clamav-milter/clamav-milter.socket, F=, T=S:4m;R:4m')dnl
to your sendmail.mc.
EXAMPLE
=======
For clamav-milter, a possible setup might be created by
A) On the MTA (assumed hostname 'host-mta')
1. Add to sendmail.mc
| INPUT_MAIL_FILTER(`clamav', `S=inet:6666@host-milter, F=, T=S:4m;R:4m')dnl
2. Rebuild sendmail.cf
B) On the clamav-milter host (assumed hostname 'host-milter')
1. Install clamav-milter + clamav-milter-upstart packages
2. Set in /etc/mail/clamav-milter.conf
| MilterSocket inet:6666
| ClamdSocket tcp:host-scanner:6665
and all the other options which are required on your system
3. Enable clamav-milter.service:
| systemctl enable clamav-milter.service
Restart your system or execute
| systemctl start clamav-milter.service
4. Add something like
| iptables -N IN-cmilt
| iptables -A IN-cmilt -s host-mta -j ACCEPT
| iptables -A IN-cmilt -j DROP
| iptables -A INPUT -p tcp --dport 6666 -j IN-cmilt
to your firewall setup
C) On the clamav-scanner host (assumed hostname 'host-scanner')
1. Install clamd
2. Add to /etc/clamd.d/scan.conf
| TCPSocket 6665
| TCPAddr host-scanner
comment out possible 'LocalSocket' lines and set all the other
options which are required on your system
3. Enable clamd@scan.service:
| systemctl enable clamd@scan.service
Restart your system or execute
| systemctl start clamd@scan.service
4. Add something like
| iptables -N IN-cscan
| iptables -A IN-cscan -s host-milter -j ACCEPT
| iptables -A IN-cscan -j DROP
| iptables -A INPUT -p tcp --dport 6665 -j IN-csan
to your firewall setup