CyberHosting

How To - Cyberpanel - Clamav - Amavisd - Postfix

This howto will assume that you have already installed successfully spamassassin in Cyberpanel

Check the spamd user is present if not we are going to add it.

useradd spamd

Install Clamav as a daemon for better performance

yum install clamav-server clamav-data clamav-update clamav-filesystem clamav clamav-scanner-systemd clamav-devel clamav-lib clamav-server-systemd

Now install amavisd

yum install amavisd-new

Clamav uses unrar to unpack any attachments so install this also

yum install unrar

Now we have everything installed let's get some fresh virus databases

sed -i -e 's/^Example/#Example/' /etc/freshclam.conf
freshclam -v

Next, let's enable Clam.d by editing the scan.conf file

nano /etc/clam.d/scan.conf

Change the following values. Uncomment any if required.

# Example
LogFile /var/log/clamd.scan
LogTime yes
LogSyslog yes
LogFacility LOG_MAIL
PidFile /var/run/clamd.scan/clamd.pid
LocalSocket /var/run/clamd.scan/clamd.sock

Create the log file

touch /var/log/clamd.scan
chown :clamscan /var/log/clamd.scan
chmod 0660 /var/log/clamd.scan

Now we are ready so let's start the clamd service
systemctl enable cla[email protected]
systemctl start [email protected]
systemctl status [email protected]

Now, setup amavisd

nano /etc/amavisd/amavisd.conf

Change the values to your hostname and main domain name

$mydomain = ‘domain.com’; # a convenient default for other settings
$myhostname = 'hostname.domain.com’; # must be a fully-qualified domain name and same as reverse DNS lookup

Take a copy of your postfix configuration files

cp /etc/postfix/main.cf /etc/postfix/main.cf-saved
cp /etc/postfix/master.cf /etc/postfix/master.cf-saved

Edit the postfix main.cf

nano /etc/postfix/main.cf

add to the bottom

content_filter = smtp-amavis:127.0.0.1:10024

Edit the postfix master.cf

nano /etc/postfix/master.cf

and add to the bottom

#
# spam/virus section
#
smtp-amavis unix - - n - 2 smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
-o disable_dns_lookups=yes
127.0.0.1:10025 inet n - n - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o strict_rfc821_envelopes=yes
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000

Now everything is set let's get ready to rumble.

systemctl start amavisd
systemctl restart postfix


Now check everything is running as it should

tail -f /var/log/maillog

Send a test email from a gmail or outside account to an email address on your Cyberpanel server

Once received check the message header/source for the following

X-Virus-Scanned: amavisd-new at domain.com

Now send another with the following to check that any virus is automagically removed

In the body use the following

X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

The taillog output will show a result Blocked INFECTED. Your virus scanning has successfully picked up the Eicar virus test string and removed the email.

That is all you now have virus scanning on your Cyberpanel server
Cyberpanel Managed & Unmanaged Shared & VPS Hosting by Cyberpanel Experts.

https://www.cyberhosting.org

Comments

  • content_filter = smtp-amavis:127.0.0.1:10024

    This part didnt work for me i had to rename to below to work.

    content_filter = amavis:127.0.0.1:10024
  • In main.cf or master.cf?

    I believe if you have smtp-amavis in master.cf then you need to match the same in main.cf

    Cyberpanel Managed & Unmanaged Shared & VPS Hosting by Cyberpanel Experts.

    https://www.cyberhosting.org
  • Something that people may wish to consider is that Amavisd by default is set to D_DISCARD for both virus and spam flagged emails. Now if you are concerned that some email may not be spam then you need to change the line

    $final_spam_destiny = D_DISCARD; #!!! D_DISCARD / D_REJECT

    to

    $final_spam_destiny = D_PASS; #!!! D_DISCARD / D_REJECT
    Cyberpanel Managed & Unmanaged Shared & VPS Hosting by Cyberpanel Experts.

    https://www.cyberhosting.org
  • edited September 2019
    Here is another update to my tutorial.

    I had noticed that this during my testing would remove headers from the emails which were previously present when just using spamassassin on its own.

    Depending on your requirements if you still require headers such as X-Spam-Flag then add the following to your amavisd.conf file in /etc/amavisd before the final line at the bottom

    @lookup_sql_dsn = (
    ['DBI:mysql:database=cyberpanel;host=127.0.0.1;port=3306', 'cyberpanel', '***DATABASEPASSWORD***'],
    );
    $sql_select_policy = 'SELECT domain FROM e_domains WHERE CONCAT("@",domain) IN (%k)';

    Also change the following setting;

    $sa_tag_level_deflt =

    and change the value to -999

    This will then add

    X-Spam-Flag:
    X-Spam-Score:
    X-Spam-Level:
    X-Spam-Status:

    Useful for if you are using dovecot-pigeonhole and filtering rules to catch spam.
    Cyberpanel Managed & Unmanaged Shared & VPS Hosting by Cyberpanel Experts.

    https://www.cyberhosting.org
  • Thank you for this guide with so much in-depth instruction. Between my main career in clinical predictive analytics in Microsoft-land (my area of expertise), I have had very little time until lately to dive deeper in the world of Linux in my downtime as my hobby. This is really good stuff!
  • You will now find that the clamd packages listed some are no longer required/provided but will not cause an issue.
    Cyberpanel Managed & Unmanaged Shared & VPS Hosting by Cyberpanel Experts.

    https://www.cyberhosting.org
  • Please note if you wish to use the mailscanner option now available in Cyberpanel 2.0.1 you will need to do the complete reverse of this including uninstall of all the clamav packages.
    Cyberpanel Managed & Unmanaged Shared & VPS Hosting by Cyberpanel Experts.

    https://www.cyberhosting.org
Sign In or Register to comment.
CyberPanel Discord

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!