Use of clamav in Mail in a Box SMTP


I deployed a clamav AV to stop common malware on Mail in a Box SMTP. The next are a summary of the actions I followed in case anyone is interested.

Keep in mind that probably after a Mail in a Box update, configuration files probably will be modified, so all the configuration should be reviewed and updated if needed, after an update.

1. Install ClamAV packages:

apt-get update
apt-get dist-upgrade
apt-get install clamav clamav-freshclam clamsmtp

Configuration Files

ClamAV clamsptpd.conf:


We update the next fields:


Postfix MAIN.CF:


We add to the end of the file:

content_filter = scan:
receive_override_options = no_address_mappings

Postfix MASTER.CF:


We add to the end:

scan unix - - n - 16 smtp
-o smtp_send_xforward_command=yes inet n - n - 16 smtpd
-o content_filter=
-o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
-o smtpd_helo_restrictions=
-o smtpd_client_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks_style=host
-o smtpd_authorized_xforward_hosts=

  • Take care with spaces and tabs since it can break the configuration. If you find errors on postfix configuration file when you try to run it, review all the spaces and put a tabulator in each line that begins with "-o …"

Restart services

service clamav-daemon restart
service clamsmtp restart
service postfix restart

There should be a daemon to update freshclam:

ps ax | grep fresh
1269 ? Ss 5:36 /usr/bin/freshclam -d --quiet

But if you want to force a periodic update you can do a crontab task similar to:

00 2,11 * * * /usr/bin/freshclam –quiet


Normally I send a .txt EICAR test file to confirm it is detected, you can use also any of those online tools that make a similar test. On mail.log, you should see something similar to:

Oct 21 12:46:43 mailboxtest clamsmtpd: 10000B: from=miusername@midomain.tld, to=jmiusername@midomain.tld, status=VIRUS:Eicar-Test-Signature

I hope you find the information above usefull.

Best Regards,

1 Like

This topic was automatically closed after 61 days. New replies are no longer allowed.