Virus Protection - Unix Specific Instructions.
For most linux systems
(not Mac/OSX) we recommend CLAMAV as the primary scanner, it's
easy to install on most unix systems and gives a good broad
protection.
The settings below are an example, the auto configure button in
the web admin virus page should configure surgemail correctly but
you must manually install CLAMAV yourself first (See below)
For Mac/OSX use Avast (see instructions below)
CLAMAV Settings.
These will be set in surgemail.ini by the auto config button: (path
to clamdscan may vary)
g_virus_cmd "/bin/clamdscan --stdout --no-summary
--remove $FILE$"
g_virus_cmd_codes "1"
g_virus_strangers "true"
g_toscan_path "/toscan"
# Create the scanning folder!
mkdir /toscan
chown mail:mail /toscan
chmod 0755 /toscan
If SELINUX do this:
setsebool -P antivirus_can_scan_system 1
setsebool -P antivirus_use_jit 1
or move g_toscan_path to somewhere accessible by clamd and mail
user.
CLAMAV Installation
On most modern systems you can install clamav by typing:
Ubuntu:
sudo apt-get install clamav clamav-daemon
clamdscan
Fedora:
sudo yum install clamav clamav-scanner
All systems:
usermod -g clamscan mail
Test you have installed it successfully:
/bin/clamdscan --stdout /etc/surgemail.ini
If this fails take steps to remedy it.
You may need to make minor changes to /etc/clamd.conf or create the
user account clamav... and check it uses the group 'clamscan' if not
correct the usermod command above to match the group used in
/etc/clamd.conf
That should be all you need to do, then use the auto configure
inside surgemail's virus page to set surgemails settings and test
it.
Clamd often needs some tweeking!
usermod --shell /bin/bash mail
# find what group clamd is using:
root@mail:/etc/clamav# grep Group clamd.conf
LocalSocketGroup clamav
root@mail:/etc/clamav# grep User clamd.conf
User clamav
usermod -g clamav mail (clamav is the socketgroup
from above grep)
#then test it
su mail -g mail
/usr/bin/clamdscan --stdout --no-summary --remove
/etc/surgemail.ini
If that doesn't work check this page for Operating System Specific
packages for most versions of linux, or if all else fails you can
follow the build from source instructions:
https://www.clamav.net/documents/installing-clamav
If you get this error: ERROR: Could not lookup : Servname not
supported for ai_socktype
Then do this:
usermod -g clamscan
mail
Also check /var/log/messages to see if clamd is
running. And you may need to change the protection/ownership
of the socket (it's path is in clamd.conf) e.g.:
# Find the path that clamd is using:
grep -e User -e Socket /etc/clamd.conf
LocalSocket /var/run/clamd.scan/clamd.sock
# make sure user mail can write to the specified file/directory:
chmod +rx /var/run
chmod +rx /var/run/clamd.scan
chmod +rwx /var/run/clamd.scan/clamd.soc
To test clamav manually do this:
su mail -g mail (if su fails, vi /etc/passwd and change the nologin option on account mail to /bin/sh)
touch /toscan/test.txt
/usr/bin/clamdscan --stdout --no-summary --remove /toscan/test.txt
To restart clamav
/bin/systemctl restart clamd.service
If you get "clamdscan Can't open file or directory ERROR" on
unbuntu, and you've already double checked the files are
accessable by the user 'clamav' then you probably have a problem
with apparmor, a hidden extra layer of security that breaks things
randomly and gives no information to the user :-), to fix
add to:
/etc/apparmor.d/local/usr.sbin.clamd
/toscan/** r,
/etc/** r,
/usr/local/surgemail/** r,
Then issue this command:
apparmor_parser -r -K /etc/apparmor.d/usr.sbin.clamd
Optional setting You
may also wish to use our cloud based scanner to enhance clamav
scanning.
g_virus_cloud "true"
Note that this setting sends samples of attachments from your
server to our cloud server for analysis, the samples are never
stored/kept after scanning. Only a subset of suspect high
risk messages are scanned this way. This setting should not
be used on large servers with more than 1000 users. For
large high volume servers you may consider it worthwhile to use a
third party scanner instead, see below.
MAC/OSX Avast Installation
1) Install free version of
avast for osx: https://www.avast.com/en-nz/free-mac-security
2) Make sure that in Preferences - Shields:
- Web shield is
disabled
- Mail shield is
disabled
- FileSystemShield
is enabled
In filesystem shield settings you can specify directories to NOT
scan. There is no specifying of directories to scan. Add any
directories you want to not scan making sure that surgemail's
scanning directory remains scanned. Surgemail uses /tmp/toscan
which osx translates to /private/tmp/toscan on recent version of
OSX.
Also make sure that:
- Preferences -
Shields - filesystem shield - settings : is set to "Move
infected files to chest"
- Preferences - Popups
- warnings : is set to OFF
- Preferences - Popups
- alerts : is set to OFF
3) Enable in surgemail using surgemail.ini:
g_virus_cmd "scan"
(or "do_not_run" if scan doesn't work)
Third party scanners for linux
You may wish to use the scanning avast linux scanner, there is an
additional license fee for this, use these settings:
g_virus_cmd "\bin\scan $FILE$"
g_virus_cmd_codes "1"
Download link: https://www.avast.com/linux-server-antivirus