Use of clamav in Mail in a Box SMTP

Improvements
1

Hello,

I deployed a clamav AV to stop common malware on Mail in a Box SMTP. The next are a summary of the actions I followed in case anyone is interested.

Keep in mind that probably after a Mail in a Box update, configuration files probably will be modified, so all the configuration should be reviewed and updated if needed, after an update.

1. Install ClamAV packages:

apt-get update
apt-get dist-upgrade
apt-get install clamav clamav-freshclam clamsmtp

Configuration Files

ClamAV clamsptpd.conf:

/etc/clamssmtpd.conf

We update the next fields:

OutAddress: 127.0.0.1:10028
Listen: 127.0.0.1:20027

Postfix MAIN.CF:

/etc/postfix/main.cf

We add to the end of the file:

content_filter = scan:127.0.0.1:10027
receive_override_options = no_address_mappings

Postfix MASTER.CF:

/etc/postfix/master.cf

We add to the end:

scan unix - - n - 16 smtp
-o smtp_send_xforward_command=yes
127.0.0.1:10028 inet n - n - 16 smtpd
-o content_filter=
-o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
-o smtpd_helo_restrictions=
-o smtpd_client_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks_style=host
-o smtpd_authorized_xforward_hosts=127.0.0.0/8

  • Take care with spaces and tabs since it can break the configuration. If you find errors on postfix configuration file when you try to run it, review all the spaces and put a tabulator in each line that begins with "-o …"

Restart services

service clamav-daemon restart
service clamsmtp restart
service postfix restart

There should be a daemon to update freshclam:

ps ax | grep fresh
1269 ? Ss 5:36 /usr/bin/freshclam -d --quiet

But if you want to force a periodic update you can do a crontab task similar to:

00 2,11 * * * /usr/bin/freshclam –quiet

Test

Normally I send a .txt EICAR test file to confirm it is detected, you can use also any of those online tools that make a similar test. On mail.log, you should see something similar to:

Oct 21 12:46:43 mailboxtest clamsmtpd: 10000B: from=miusername@midomain.tld, to=jmiusername@midomain.tld, status=VIRUS:Eicar-Test-Signature

I hope you find the information above usefull.

Best Regards,
Jesús.

1 Like
2

This topic was automatically closed after 61 days. New replies are no longer allowed.