Go to file
2012-01-26 00:01:03 +01:00
.gitignore updated to 0.97.2 2011-07-26 22:19:04 +02:00
ChangeLog-rpm.old
clamav-0.92-open.patch
clamav-0.92-private.patch updated to 0.97.2 2011-07-26 22:19:04 +02:00
clamav-0.95-cliopts.patch
clamav-0.95.3-umask.patch
clamav-0.96.2-jitoff.patch updated to 0.97.1 2011-06-09 20:26:55 +02:00
clamav-milter.systemd start systemd services after network.target and nss-lookup.target 2012-01-08 11:37:35 +01:00
clamav-milter.sysv
clamav-milter.upstart
clamav-notify-servers clamav-notify-server: fixed compatibility with RHEL6 coreutils 2012-01-26 00:01:03 +01:00
clamav-update.cron
clamav-update.logrotate
clamav.spec added comments about EOL of -upstart subpackages 2012-01-21 14:32:52 +01:00
clamd-gen
clamd-README
clamd-wrapper
clamd.logrotate
clamd.scan.upstart
clamd.SERVICE.init
clamd.sysconfig
clamd@.service set PrivateTmp systemd option (#782488) 2012-01-21 13:30:21 +01:00
clamd@scan.service made script in -scanner-systemd an instance of clamd@.service 2012-01-08 12:55:35 +01:00
freshclam-sleep
freshclam.sysconfig
lastver updated to 0.97.2 2011-07-26 22:19:04 +02:00
Makefile
README.fedora
sources Update to 0.97.3 - Fixes CVE-2011-3627 2011-10-27 17:15:23 -05:00
verinfo

A clamav-milter setup consists of the following three components:

* the clamav-milter itself

  --> this is provided by the 'clamav-milter' package plus (alternatively)
      'clamav-milter-upstart' or 'clamav-milter-sysvinit'

  The main configuration is in /etc/mail/clamav-milter.conf and MUST
  be changed before first use.

  The -sysvinit package is managed by the traditional tools, but
  -upstart requires modification of /etc/event.d/clamav-milter to
  enable automatic startup.  See comments there for more details.

* a clamav scanner daemon

  --> this package is called 'clamav-scanner' plus (alternatively)
      'clamav-scanner-upstart' or 'clamav-scanner-sysvinit'

  The daemon is configured by /etc/clamd.d/scan.conf (which MUST be
  edited before first use).

  The -sysvinit package is managed by the traditional tools, but
  -upstart requires modification of /etc/event.d/clamd.scan to enable
  automatic startup.  See comments there for more details.

* the MTA (sendmail/postfix)

  --> you should know how to install this...

  When communicating across unix sockets with the clamav-milter, it is
  suggested to use the /var/run/clamav-milter/clamav-milter.socket
  path.  You have to add something like

    INPUT_MAIL_FILTER(`clamav', `S=local:/var/run/clamav-milter/clamav-milter.socket, F=, T=S:4m;R:4m')dnl

  to your sendmail.mc.



It is suggested that components communicate through TCP sockets as
this eases setup.  Please add corresponding packet filter rules!


EXAMPLE
=======

For clamav-milter, a possible setup might be created by

A)  On the MTA  (assumed hostname 'host-mta')

  1. Add to sendmail.mc

    | INPUT_MAIL_FILTER(`clamav', `S=inet:6666@host-milter, F=, T=S:4m;R:4m')dnl

  2. Rebuild sendmail.cf


B)  On the clamav-milter host (assumed hostname 'host-milter')

  1. Install clamav-milter + clamav-milter-upstart packages

  2. Set in /etc/mail/clamav-milter.conf

    | MilterSocket	inet:6666
    | ClamdSocket	tcp:host-scanner:6665

     and all the other options which are required on your system

  3. Edit /etc/event.d/clamav-milter and uncomment the

    | start on starting local

     line. Restart your system or execute

    | initctl emit starting local

  4. Add something like

    | iptables -N IN-cmilt
    | iptables -A IN-cmilt -s host-mta -j ACCEPT
    | iptables -A IN-cmilt -j DROP

    | iptables -A INPUT -p tcp --dport 6666 -j IN-cmilt

     to your firewall setup

C)  On the clamav-scanner host (assumed hostname 'host-scanner')

  1. Install clamav-scanner + clamav-scanner-upstart packages

  2. Add to /etc/clamd.d/scan.conf

    | TCPSocket 6665
    | TCPAddr   host-scanner

     comment out possible 'LocalSocket' lines and set all the other
     options which are required on your system

  3. Edit /etc/event.d/clamav-scanner and uncomment the

    | start on starting local

     line. Restart your system or execute

    | initctl emit starting local

  4. Add something like

    | iptables -N IN-cscan
    | iptables -A IN-cscan -s host-milter -j ACCEPT
    | iptables -A IN-cscan -j DROP

    | iptables -A INPUT -p tcp --dport 6665 -j IN-csan

     to your firewall setup