8 posts / 0 new
Last post
#1 Tue, 02/26/2008 - 12:35
Vedstesen

Clamav

Does anyone know how to configure Clamav on Webmin/Virtualmin? In the software manager (CentOS 5) I can see clamav-server is installed, also I did "locate clamd" and it is installed in the system. Ended up installing this webmin 3rd party module http://labs.libre-entreprise.org/frs/download.php/622/wbmclamav-0.9.0.wb... ,new menu appeared ("Configuration For module Clam Antivirus") and it seems default paths in there doesnt seem to work and no readme or FAQ to this module. For instance what is "Use the following content scanner" option means? If someone had experience installing ClamAV on webmin - please advise. Thanks!

Tue, 05/22/2007 - 16:05
Joe
Joe's picture

Howdy Peter,

This one is a bit of an ornery one. Clam 0.90.x is incompatible with configuration files from 0.88.x. So, if we upgrade the package in our repositories it will break everyones AV filter. If we leave it alone (note that it still works fine...there's just a few types of virus checks that don't work with the older codebase), we get people complaining a lot about these messages.

Frankly, I'm stumped on what the best action in this circumstance it. You tell me...known breakage, or somewhat older packages? See, it's a hard problem. ;-)

I'll probably do what we did with Dovecot, which was forcing an overwrite of the configuration file if it is in the old format. This will remove any customizations folks have done to the configuration file, but it's better than breaking outright.

--

Check out the forum guidelines!

Wed, 05/23/2007 - 04:35
Vedstesen

I see the problem.

I haven't made any customizations on my install.

Is it possible to make a warning to folks before installing the new update
for Clam?

Then you are logged in as administrator on yours virtualmin, there will be a
update bar, if there is any update, and maybe here will be place to tell
folks that the update will do if there is any customizations this will
overwritten by the updated? And maybe tell folks why there is a new update?

Peter Vedstesen

Tue, 02/26/2008 - 15:14
Joe
Joe's picture

I'm not at all familiar with the Clam third party module, but you can get our clam packages for CentOS from here, which makes getting it running reasonably easy:

http://software.virtualmin.com/gpl/centos/5/

From there, you need to add a couple of lines to your procmailrc (assuming you're delivering mail via procmail). Something along the lines of:

:0cW
VIRUS=| clamscan --no-summary --stdout -

:0
* VIRUS ?? 1
/dev/null

This is wholly untested...but I think it'll work.

Virtualmin Professional does things a little differently, but you need a few other programs (and a custom configuration file for each virtual server) for it to work the way we do it.<br><br>Post edited by: Joe, at: 2008/02/26 15:15

--

Check out the forum guidelines!

Tue, 04/01/2008 - 06:22 (Reply to #4)
DanLong

you don't see spamassassin there either. That just sets up the options for the mail delivery. You can choose to delete it, put it in a folder or forward it off ( some legit software sent in an email might be seen as a virus).

There is nothing really to touch in ClamAV so the only place you "see" it is in the bootup-shutdown module.

Tue, 02/26/2008 - 16:23
rulez22

so at the end /etc/procmail file should look like this?
---------------------------------------
DEFAULT=$HOME/Maildir/
ORGMAIL=$HOME/Maildir/

:0cW
VIRUS=| clamscan --no-summary --stdout -

:0
* VIRUS ?? 1
/dev/null
---------------------------------------

is it correct?

Tue, 04/01/2008 - 03:52
lueung

How do I scan the server for viruses?

I see that the clamd wraper starts at boot but I don't see it anywhere in the "system settings" -> module config -> spam filting options

Tue, 04/01/2008 - 11:22 (Reply to #7)
Joe
Joe's picture

<div class='quote'>How do I scan the server for viruses?</div>

You don't. It'd be pointless. The number of viruses that effect Linux can be counted on one hand (and then they're generally harmless proof of concept viruses that have long been patched out of utility).

You might, however, consider checking out chkrootkit. A root kit is the nastiest thing that happens to Linux boxes. Its delivery mechanism is usually an exploit in one of the system services (usually it requires multiple exploits to attain privileges needed to install a root kit, since it has to have root-level access to the system to do any damage and very few services run as root on a Linux system).

The most important security steps you can take are:

1. Use strong passwords for ALL accounts.

2. Keep the system up to date--never run out of date software on your system. The latest packages from your OS vendor are usually the appropriate choice (Red Hat, CentOS, Debian, Ubuntu, all have excellent security histories and tend to patch security issues within hours or days). All of these systems also make it easy to update your system via yum or apt-get.

3. Don't run unnecessary services. If you don't need a service (like PostgreSQL or ProFTPd or xinetd) shut it down. It's worth going through the process of figuring out whether you need all of the services on your system, as a learning process so you know what all of them do. This is useful knowledge to have regardless of the security impact.

--

Check out the forum guidelines!

Topic locked