Virus filtering with Postfix and ClamAV in 4 steps :)
Posted by joeblack on Thu 29 Sep 2005 at 11:29
If you're using the postfix mail server you can reject mails which have viral content at SMTP time - meaning they aren't delivered and you don't have to worry about sending bounce messages to the often-faked "From" address. Below are quick details to setting up clamsmtp with postfix. We also setup an up to date version of ClamAV from the new volatile repository.
Before you begin to read, please note I am writing the expecting you have got a working postfix server, if not I suggest get it working correctly and then follow on.1. Get the correct clam installed
The default clam install are not up to date. Add the following to your /etc/apt/sources.list
deb http://ftp2.de.debian.org/debian-volatile sarge/volatile mainNow Update
apt-get updatenow install :)
apt-get install clamsmtp clamav-freshclam2. Edit the clamsmtp file
Edit the /etc/clamsmtpd.conf file and change OutAddress: 10025 to OutAddress: 10026. also change Listen: 127.0.0.1:10026 to Listen: 127.0.0.1:10025
3. Edit the postfix files
Add the following to /etc/postfix/main.cf
content_filter = scan:127.0.0.1:10025 receive_override_options = no_address_mappings
Add the following to /etc/postfix/master.cf
# AV scan filter (used by content_filter) scan unix - - n - 16 smtp -o smtp_send_xforward_command=yes # For injecting mail back into postfix from the filter 127.0.0.1:10026 inet n - n - 16 smtpd -o content_filter= -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks -o smtpd_helo_restrictions= -o smtpd_client_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o mynetworks_style=host -o smtpd_authorized_xforward_hosts=127.0.0.0/84. Conclusion
Restart postfix and clamsmtp. Follow the mail.log and check for errors.
Send yourself a virus and see if clam will catch it.
Hope this will help somebody, drop me a line if it did. joeblack at pixelporn dot co dot za.