---------- I will do a top post here as it is to much to scroll and therefore not readable enough... (no comments on top postings please) ----------
The sendmail config (your section 7) is not ok. Two things here. 1. You should consider to use the macro configuration (the ".mc" file) and build a sendmail.cf from that. Editing sendmail.cf directly is not recommended. The row to use is something like: INPUT_MAIL_FILTER(`clamav', `S=inet:[EMAIL PROTECTED], F=T, T=S:4m;R:4m;E:5m')dnl (Or you can use a file socket if you want...) The steps for macro config. a) edit sendmail.mc b) type "make sendmail.cf" c) copy the new sendmail.cf to /etc/mail. d) restart sendmail. 2. (Your config will however work without this change) You should not (my opinion) use "F=". You should use "F=T". The "F=" will allow the mail if the clamav-milter connector or clamd is down. Is that what you want? You probably want "F=T" which means sendmail will give a "4.7.1 Try again later" back to the sender if the clamav-milter connector or clamd is down and wont answer. Otherwise viruses can go through... Also... Make sure you have timeouts in the milter connection (both ends) that are high enough to scan a huge mail over a slow connection that will take time. Otherwise you will see aborts. /Per-Olov Iulian said: > I try to install CLAMAV, on Slack 9.1, with sendmail and > milter, .... > My installation: > 1. > > sendmail -d0 | grep MILTER > on my PC: Compiled with: DNSMAP LOG MAP_REGEX MATCHGECOS > MILTER MIME7TO8 MIME8TO7 > > 2. User clamav, ...: > group clamav > useradd -g clamav -d /dev/null clamav > mkdir /var/clamav > chown clamav:clamav /var/clamav > > 3 Install... > > ./configure \ > --prefix=/usr --sysconfdir=/etc --datadir=/var/clamav \ > --enable-milter > make > make install > > 4. Cofig /etc/clamav.conf > > > # By default the log file is locked for writing - the lock protects > against > # running clamd multiple times (if want to run another clamd, please > # copy the configuration file, change the LogFile variable, and run > # the daemon with --config-file option). That's why you shouldn't > uncomment > # this option. > LogFileUnlock > > # Maximal size of the log file. Default is 1 Mb. > # Value of 0 disables the limit. > # You may use 'M' or 'm' for megabytes (1M = 1m = 1048576 bytes) > # and 'K' or 'k' for kilobytes (1K = 1k = 1024 bytes). To specify the size > # in bytes just don't use modifiers. > LogFileMaxSize 2M > > # Log time with an each message. > LogTime > > # Log also clean files. May be useful in debugging but will drastically > # increase the log size. > LogClean > > # Use system logger (can work together with LogFile). > LogSyslog > > # Enable verbose logging. > LogVerbose > > # This option allows you to save the process identifier of the listening > # daemon (main thread). > PidFile /var/clamav/clamd.pid > > # Optional path to the global temporary directory. > # Default is system specific - usually /var/tmp or /tmp. > TemporaryDirectory /var/tmp > > # Path to the database directory. > # Default is the hardcoded directory (mostly /usr/local/share/clamav, > # but it depends on installation options). > DatabaseDirectory /var/clamav > > # The daemon works in local or network mode. Currently the local mode is > # recommended for security reasons. > > # Path to the local socket. The daemon doesn't change the mode of the > # created file (portability reasons). You may want to create it in a > directory > # which is only accessible for a user running daemon. > LocalSocket /var/clamav/clamd.sock > > # Remove stale socket after unclean shutdown. > FixStaleSocket > > # TCP port address. > #TCPSocket 3310 > > # TCP address. > # By default we bind to INADDR_ANY, probably not wise. > # Enable the following to provide some degree of protection > # from the outside world. > #TCPAddr 127.0.0.1 > > # Maximum length the queue of pending connections may grow to. > # Default is 15. > MaxConnectionQueueLength 90 > > # When activated, input stream (see STREAM command) will be saved to disk > before > # scanning - this allows scanning within archives. > StreamSaveToDisk > > # Close the connection if this limit is exceeded. > StreamMaxLength 10M > > # Maximal number of a threads running at the same time. > # Default is 5, and it should be sufficient for a typical workstation. > # You may need to increase threads number for a server machine. > MaxThreads 100 > > # Waiting for data from a client socket will timeout after this time > (seconds). > # Default is 120. Value of 0 disables the timeout. > ReadTimeout 300 > > # Maximal depth the directories are scanned at. > MaxDirectoryRecursion 25 > > # Follow a directory symlinks. > # SECURITY HINT: You should have enabled directory recursion limit to > # avoid potential problems. > #FollowDirectorySymlinks > > # Follow regular file symlinks. > #FollowFileSymlinks > > # Do internal checks (eg. check the integrity of the database structures) > # By default clamd checks itself every 3600 seconds (1 hour). > SelfCheck 600 > > # Execute a command when a virus is found. In the command string %v will > # be replaced by the virus name. > # > VirusEvent /bin/mail -s "VIRUS ALERT: %v" root > > # Run as selected user (clamd must be started by root). > # By default it doesn't drop privileges. > User clamav > > # Initialize the supplementary group access (for all groups in /etc/group > # user is added in. clamd must be started by root). > #AllowSupplementaryGroups > > # Don't fork into background. Useful in debugging. > #Foreground > > # Enable debug messages in libclamav. > #Debug > > ## > ## Document scanning > ## > > # This option enables scanning of Microsoft Office document macros. > ScanOLE2 > > ## > ## Mail support > ## > > # Uncomment this option if you are planning to scan mail files. > ScanMail > > ## > ## Archive support > ## > > > # Comment this line to disable scanning of the archives. > ScanArchive > > > # By default the built-in RAR unpacker is disabled by default because the > code > # terribly leaks, however it's probably a good idea to enable it. > ScanRAR > > > # Options below protect your system against Denial of Service attacks > # with archive bombs. > > # Files in archives larger than this limit won't be scanned. > # Value of 0 disables the limit. > # WARNING: Due to the unrarlib implementation, whole files (one by one) in > RAR > # archives are decompressed to the memory. That's why never > disable > # this limit (but you may increase it of course!) > ArchiveMaxFileSize 10M > > # Archives are scanned recursively - e.g. if Zip archive contains RAR > file, > # the RAR file will be decompressed, too (but only if recursion limit is > set > # at least to 1). With this option you may set the recursion level. > # Value of 0 disables the limit. > ArchiveMaxRecursion 15 > > # Number of files to be scanned within archive. > # Value of 0 disables the limit. > ArchiveMaxFiles 1000 > > # Mark potential archive bombs as viruses (0 disables the limit) > ArchiveMaxCompressionRatio 200 > > # Use slower decompression algorithm which uses less memory. This option > # affects bzip2 decompressor only. > ArchiveLimitMemoryUsage > > # Mark encrypted archives as viruses (Encrypted.Zip, Encrypted.RAR). > #ArchiveBlockEncrypted > > > ## > ## Clamuko settings > ## WARNING: This is experimental software. It is very likely it will hang > ## up your system !!! > ## > > # Enable Clamuko. Dazuko (/dev/dazuko) must be configured and running. > #ClamukoScanOnAccess > > # Set access mask for Clamuko. > ClamukoScanOnOpen > ClamukoScanOnClose > ClamukoScanOnExec > > # Set the include paths (all files in them will be scanned). You can have > # multiple ClamukoIncludePath options, but each directory must be added > # in a seperate option. All subdirectories are scanned, too. > ClamukoIncludePath /home > #ClamukoIncludePath /students > > # Set the exclude paths. All subdirectories are also excluded. > #ClamukoExcludePath /home/guru > > # Limit the file size to be scanned (probably you don't want to scan your > movie > # files ;)) > # Value of 0 disables the limit. 1 Mb should be fine. > ClamukoMaxFileSize 1M > > # Enable archive support. It uses the limits from clamd section. > # (This option doesn't depend on ScanArchive, you can have archive support > # in clamd disabled). > ClamukoScanArchive > > 5. Update Virus Database > freshclam --quiet --stdout --datadir /var/clamav --log > /var/clamav/clamav.log > > 6. Test > > cd /usr/src/clamav/test > clamscan test1 > -the test is OK > > 7. Sendmail > > In sendmail.cf, in section Mail Filtres > > Xclmilter, S=local:/var/clamav/clmilter.sock,F=, T=S:4m;R:4m > > 8. Start daemon > > clamd > clamav-milter -blo /var/clamav/clmilter.sock > /etc/rc.d/rc.sendmail restart > > -my test > ls -l /var/clamav/*sock > srwxrwxrwx 1 clamav clamav 0 May 13 09:17 /var/clamav/clamd.sock > srwx------ 1 clamav clamav 0 May 13 09:17 /var/clamav/clmilter.sock > > > ps -aux|grep cla > clamav 920 0.0 10.2 14300 13020 ? S 09:17 0:00 clamd > clamav 924 0.0 0.6 4368 860 ? S 09:17 0:00 > clamav-milter -blo /var/clamav/clmilter.sock > > > 9. Mail test(with file test1 , the same as point 6.) > > cat test1 | mail -s "Vir" root > and the mail test go on my mailbox, without any problems! > In my logs, no errors, warnings,...What is wrong ?! > > Thanks! > > > > ------------------------------------------------------- > This SF.Net email is sponsored by: SourceForge.net Broadband > Sign-up now for SourceForge Broadband and get the fastest > 6.0/768 connection for only $19.95/mo for the first 3 months! > http://ads.osdn.com/?ad_id=2562&alloc_id=6184&op=click > _______________________________________________ > Clamav-users mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/clamav-users > ------------------------------------------------------- This SF.Net email is sponsored by: SourceForge.net Broadband Sign-up now for SourceForge Broadband and get the fastest 6.0/768 connection for only $19.95/mo for the first 3 months! http://ads.osdn.com/?ad_id=2562&alloc_id=6184&op=click _______________________________________________ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
