Debian, simscan and qmail
I was using gadoyanvirus with some local modifications, but I was finding it having dfifficultly with Worm.Mytob.DK and viruu zip attachments. Simscan was a quick and easy install and it seems to work perfectly. Here are some notes about installing simscan on Debian. Requires QMAIL-QUEUE patch installed, which is part of the most recent debian packages.
wget http://www.pldaniels.com/ripmime/ripmime-1.4.0.5.tar.gz
tar zxvf ripmime-1.4.0.5.tar.gz
cd ripmime-1.4.0.5
make
sudo make installcd ..
wget wget http://www.inter7.com/simscan/simscan-1.1.tar.gz
tar zxvf simscan-1.1.tar.gz
sudo addgroup --gid 64017 --system simscan
sudo adduser --uid 64017 --gid 64017 --system --home /var/spool/simscan simscan
sudo adduser clamav simscan
sudo /etc/init.d/clamav-daemon restart
./configure --enable-workdir=/var/spool/simscan/ --enable-received=y
make
sudo make install
sudo simscanmk -g
sudo chmod g+s /var/spool/simscan/
echo ":allow,QMAILQUEUE="/var/qmail/bin/simscan" >> //etc/tcp.smtp
(cd /etc; sudo tcprules tcp.smtp.cdb tcp.smtp.tmp < tcp.smtp) Add "QMAILQUEUE="/var/qmail/bin/simscan" export QMAILQUEUE" to /etc/init.d/qmail.
Seems to work well:
Jun 23 10:47:16 mail qmail: 1119480436.065823 simscan: 10.8.0.102 pid 21916: virus: Worm.Mytob.DK from: nj.lee@plumtree.co.nz to: nic@plumtree.co.nz time: 0.0494s
Jun 23 10:54:37 mail qmail: 1119480877.800056 simscan: 219.88.242.60 pid 21962: virus: Worm.Mytob.EA from: register@plumtree.co.nz to: mike@plumtree.co.nz time: 0.1091s
Jun 23 10:54:38 mail qmail: 1119480878.015845 simscan: 219.88.242.60 pid 21962: virus: Worm.Mytob.EA from: to: register@plumtree.co.nz time: 0.1016s
Notes:
You might want to use a different uid/gid combo on your system. I’ve just added one to qmail debian uids. The chmod g+s is quite important, otherwise clamdscan can’t scan the files and you get a temporary reject from qmail-smtpd to ALL mail.
Useful docs here. Especially a debuging method.
Add 0 0-23/1 * * * /usr/sbin/simscanmk -g > /dev/null 2>&1 to roots crontab.
TODO: http://www.interazioni.it/opensource/chkuser/
Nicholas Lee Said,
August 25, 2005 @ 4:41 pm
Actually its better to add :allow,QMAILQUEUE=”/var/qmail/bin/simscan” to /etc/tcp.smtp. Adding this to /etc/init.d/qmail seems to cause problems with bounce messages.