Skip to main content

How to Configure/Install ClamAV for MailScanner Email Security Gateway on CWP7pro.admin ?

I am using MailScanner Email Security Gateway to scan emails for viruses, spam, phishing, malware, and other attacks against security vulnerabilities. Under the hood, MailScanner uses ClamAV(clamd) for virus scan, and uses Spamassassin to scan for spams.

I am also using CWP7pro.admin where all packages are already installed and running smoothly. You just need prepare your ClamAV antivirus usable for MailScanner.
1. ClamAVInstallation (Install ClamAV):
At first check the below packages are installed or not. If any packages is missing , run the below command to install
# yum info clamav-server clamav-data clamav-update clamav-filesystem clamav clamav-scanner-systemd clamav-devel clamav-lib clamav-server-systemd
# yum install clamav-server clamav-data clamav-update clamav-filesystem clamav clamav-scanner-systemd clamav-devel clamav-lib clamav-server-systemd

Unrar RPM Sources:

http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.3-1.el7.rf.x86_64.rpm  [ This link will not work ]
http://repository.it4i.cz/mirrors/repoforge/redhat/el7/en/x86_64/rpmforge/RPMS/rpmforge-release-0.5.3-1.el7.rf.x86_64.rpm   [So Use This]

2. ClamAV will need unrar, it can be installed from rpmforge repository.
# cd /usr/local/src/
# wget http://repository.it4i.cz/mirrors/repoforge/redhat/el7/en/x86_64/rpmforge/RPMS/rpmforge-release-0.5.3-1.el7.rf.x86_64.rpm
# rpm -ivh rpmforge-release-0.5.3-1.el7.rf.x86_64.rpm 
# rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-rpmforge-dag
# yum install unrar
If RPM-GPG Key not work then Download the KEY and Import (Optional):
# cd /usr/local/src/
# wget https://github.com/repoforge/repo-files/blob/master/repo/RPM-GPG-KEY.dag.txt
# rpm --import RPM-GPG-KEY.dag.txt [ Rename the RPM-GPG-KEY.dag.txt ]
After install unrar, I disabled rpmforge repo:
# sed -i 's/enabled = 1/enabled = 0/g' /etc/yum.repos.d/rpmforge.repo

 3. Freshclam will update the virus signature database. To enable it and update:
# sed -i -e 's/^Example/#Example/' /etc/freshclam.conf
# freshclam -v
Also edit /etc/sysconfig/freshclam, comment out this line as:
#FRESHCLAM_DELAY=disabled-warn # REMOVE ME
The MailScanner will call /usr/local/bin/freshclam to update the database, so make the proper link:
# ln -s /usr/bin/freshclam /usr/local/bin/freshclam

 4. Enable clamd by editing /etc/clamd.d/scan.conf like this:
# vi /etc/clamd.d/scan.conf
LogFile /var/log/clamav/clamd.scan
LogTime yes
LogSyslog yes
LogFacility LOG_MAIL
PidFile /var/run/clamd.amavisd/clamd.pid
LocalSocket /var/run/clamd.amavisd/clamd.sock
LocalSocketGroup amavis
LocalSocketMode 660
Create the log file:
# touch /var/log/clamav/clamd.scan
Check Status
# systemctl  status clamd
5. Test clamd service:
# cd /tmp
# wget http://www.eicar.org/download/eicar.com 

# clamscan --infected --remove eicar.com
eicar.com: Eicar-Test-Signature FOUND
eicar.com: Removed.
 
----------- SCAN SUMMARY -----------
Known viruses: 4283601
Engine version: 0.98.7
Scanned directories: 0
Scanned files: 1
Infected files: 1
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 21.513 sec (0 m 21 s)

Comments

Post a Comment

You are always welcome to comment here, but your remarks should be relevant to the conversation. To keep the exchanges focused and engaging, we reserve the right to remove off-topic comments, or self-promoting URLs and vacuous messages.

We will try to reply to your queries as soon as time allows.



Regards,
Admin