Go to file
2010-05-29 12:13:35 +00:00
.cvsignore - updated to final 0.96 2010-04-21 08:08:22 +00:00
clamav-0.92-open.patch 0.92 on all active branches 2007-12-21 18:06:29 +00:00
clamav-0.92-private.patch merged with F-8 2008-01-01 13:19:16 +00:00
clamav-0.95-cliopts.patch updated 2009-03-08 11:38:36 +00:00
clamav-0.95.3-umask.patch updated to 0.95.3 2009-10-29 09:03:06 +00:00
clamav-0.96-disable-jit.patch - updated to final 0.96 2010-04-21 08:08:22 +00:00
clamav-0.96-jitoff.patch - updated to final 0.96 2010-04-21 08:08:22 +00:00
clamav-0.96-pdf.patch CVE-2010-1639 Clam AntiVirus: Heap-based overflow, when processing 2010-05-29 12:13:35 +00:00
clamav-milter.sysv - adjusted chkconfig positions for clamav-milter (#530101) 2009-11-21 20:18:22 +00:00
clamav-milter.upstart optimized upstart scripts and start on runlevel 345 only 2009-12-10 21:32:22 +00:00
clamav-notify-servers merged with F-8 2008-01-01 13:19:16 +00:00
clamav-update.cron trimmed down MAILTO list of cronjob to 'root' again; every well configured 2008-04-14 18:35:02 +00:00
clamav-update.logrotate auto-import changelog data from clamav-0.71-0.fdr.2.rh80.src.rpm 2004-11-08 04:10:52 +00:00
clamav.spec CVE-2010-1639 Clam AntiVirus: Heap-based overflow, when processing 2010-05-29 12:13:35 +00:00
clamd-gen merged with F-8 2008-01-01 13:19:16 +00:00
clamd-README typo 2005-06-21 07:26:54 +00:00
clamd-wrapper updated 2009-03-08 13:24:07 +00:00
clamd.logrotate auto-import changelog data from clamav-0.71-0.fdr.2.rh80.src.rpm 2004-11-08 04:10:52 +00:00
clamd.scan.upstart optimized upstart scripts and start on runlevel 345 only 2009-12-10 21:32:22 +00:00
clamd.SERVICE.init - build the package with '--disable-zlib-vcheck' because RH is unable to 2005-02-03 08:40:44 +00:00
clamd.sysconfig auto-import changelog data from clamav-0.71-0.fdr.2.rh80.src.rpm 2004-11-08 04:10:52 +00:00
freshclam-sleep merged with F-8 2008-01-01 13:19:16 +00:00
freshclam.sysconfig fixed typo 2005-09-17 08:59:16 +00:00
import.log CVE-2010-1639 Clam AntiVirus: Heap-based overflow, when processing 2010-05-29 12:13:35 +00:00
Makefile use $(CVS) instead of hardcoded cvs generate .xz instead of .bz2 tarballs 2010-03-11 12:11:57 +00:00
README.fedora removed stanza from upstart script which waited for 'starting\ XXX'; 2009-11-22 10:47:16 +00:00
sources - updated to final 0.96 2010-04-21 08:08:22 +00:00

A clamav-milter setup consists of the following three components:

* the clamav-milter itself

  --> this is provided by the 'clamav-milter' package plus (alternatively)
      'clamav-milter-upstart' or 'clamav-milter-sysvinit'

  The main configuration is in /etc/mail/clamav-milter.conf and MUST
  be changed before first use.

  The -sysvinit package is managed by the traditional tools, but
  -upstart requires modification of /etc/event.d/clamav-milter to
  enable automatic startup.  See comments there for more details.

* a clamav scanner daemon

  --> this package is called 'clamav-scanner' plus (alternatively)
      'clamav-scanner-upstart' or 'clamav-scanner-sysvinit'

  The daemon is configured by /etc/clamd.d/scan.conf (which MUST be
  edited before first use).

  The -sysvinit package is managed by the traditional tools, but
  -upstart requires modification of /etc/event.d/clamd.scan to enable
  automatic startup.  See comments there for more details.

* the MTA (sendmail/postfix)

  --> you should know how to install this...

  When communicating across unix sockets with the clamav-milter, it is
  suggested to use the /var/run/clamav-milter/clamav-milter.socket
  path.  You have to add something like

    INPUT_MAIL_FILTER(`clamav', `S=local:/var/run/clamav-milter/clamav-milter.socket, F=, T=S:4m;R:4m')dnl

  to your sendmail.mc.



It is suggested that components communicate through TCP sockets as
this eases setup.  Please add corresponding packet filter rules!


EXAMPLE
=======

For clamav-milter, a possible setup might be created by

A)  On the MTA  (assumed hostname 'host-mta')

  1. Add to sendmail.mc

    | INPUT_MAIL_FILTER(`clamav', `S=inet:6666@host-milter, F=, T=S:4m;R:4m')dnl

  2. Rebuild sendmail.cf


B)  On the clamav-milter host (assumed hostname 'host-milter')

  1. Install clamav-milter + clamav-milter-upstart packages

  2. Set in /etc/mail/clamav-milter.conf

    | MilterSocket	inet:6666
    | ClamdSocket	tcp:host-scanner:6665

     and all the other options which are required on your system

  3. Edit /etc/event.d/clamav-milter and uncomment the

    | start on starting local

     line. Restart your system or execute

    | initctl emit starting local

  4. Add something like

    | iptables -N IN-cmilt
    | iptables -A IN-cmilt -s host-mta -j ACCEPT
    | iptables -A IN-cmilt -j DROP

    | iptables -A INPUT -p tcp --dport 6666 -j IN-cmilt

     to your firewall setup

C)  On the clamav-scanner host (assumed hostname 'host-scanner')

  1. Install clamav-scanner + clamav-scanner-upstart packages

  2. Add to /etc/clamd.d/scan.conf

    | TCPSocket 6665
    | TCPAddr   host-scanner

     comment out possible 'LocalSocket' lines and set all the other
     options which are required on your system

  3. Edit /etc/event.d/clamav-scanner and uncomment the

    | start on starting local

     line. Restart your system or execute

    | initctl emit starting local

  4. Add something like

    | iptables -N IN-cscan
    | iptables -A IN-cscan -s host-milter -j ACCEPT
    | iptables -A IN-cscan -j DROP

    | iptables -A INPUT -p tcp --dport 6665 -j IN-csan

     to your firewall setup