Email virus scanner for CentOS 5?

Issues related to software problems.
Post Reply
NeilParks
Posts: 19
Joined: 2008/01/10 17:02:32
Location: North Olmsted, Ohio USA
Contact:

Email virus scanner for CentOS 5?

Post by NeilParks » 2008/01/23 17:18:26

I have read in the online documentation here on the CentOS site that it may not be a good idea to install new programs by compiling from source, and that it is better to stick to tried-and-true versions in the official repositories.

Is there an email scanner that is officially approved for use with CentOS 5? I'm thinking of something such as ClamAV which seems to be popular.

I have read that there is a binary of ClamAV available for RHE5 and compatible systems (which presumably would include CentOS). I have also read that the only way to get that binary is to have a graphical interface running on CentOS, which I don't have, and to add something called "RPMforge" to the repositories that yum can search. I don't think I would feel comfortable adding an unofficial repository.

We installed the CentOS without a GUI because it is a corporate network server, not intended for "desktop" use. It needs something to check all the emails that come in to the company.

Thanks in advance to anyone who can point me in the right direction.

User avatar
AlanBartlett
Forum Moderator
Posts: 9345
Joined: 2007/10/22 11:30:09
Location: ~/Earth/UK/England/Suffolk
Contact:

Re: Email virus scanner for CentOS 5?

Post by AlanBartlett » 2008/01/23 17:40:36

Yes you are right. [b]ClamAV[/b] has recently been discussed in these [i]fora[/i].

You do not need to have a GUI to use [b]yum[/b] or the [b]RPMForge[/b] repo. It can be installed via a CLI.
Please have a look at this article http://wiki.centos.org/Repositories/RPMForge and also have a look at [b]man -a yum[/b]

Hope this helps,
Alan.

User avatar
WhatsHisName
Posts: 1549
Joined: 2005/12/19 20:21:43
Location: /earth/usa/nj

Email virus scanner for CentOS 5?

Post by WhatsHisName » 2008/01/23 19:10:50

Assuming you plan to interface it with sendmail, postfix, etc., also look at amavisd-new, which is also available from rpmforge. You can also use spamassassin with amavisd-new.

The package comes with extensive, easy to understand documentation.

[code]# [b]yum info amavisd-new[/b]
...
Description:
AMaViS is a program that interfaces a mail transfer agent (MTA) with one or more virus scanners.

Amavisd-new is a branch created by Mark Martinec that adds serveral performance
and robustness features. It's partly based on work being done on the official amavisd branch.

# [b]ls /usr/share/doc/amavisd*/README*[/b]

README.chroot
README.courier
README.courier-old
README.customize
README.exim_v3
README.exim_v3_app
README.exim_v4
README.exim_v4_app
README.exim_v4_app2
README.ldap
README.lookups
README.milter
README.old.scanners
README.performance
README.policy-on-notifications
README.postfix
README.postfix.html
README.protocol
README.sendmail
README.sendmail-dual
README.sendmail-dual.old
README.sql
README.sql-mysql
README.sql-pg[/code]

michaelnel
Posts: 1478
Joined: 2006/05/29 16:50:11
Location: San Francisco, CA

Re: Email virus scanner for CentOS 5?

Post by michaelnel » 2008/01/23 19:20:57

If you'd like an easy to install and configure system that incorporates virus scanning and antispam, take a look at MailScanner. We are using it on our main mailserver, and it works really well. Look at MailWatch too, to monitor it.

http://www.mailscanner.info/
http://mailwatch.sourceforge.net/

NeilParks
Posts: 19
Joined: 2008/01/10 17:02:32
Location: North Olmsted, Ohio USA
Contact:

Re: Email virus scanner for CentOS 5?

Post by NeilParks » 2008/01/25 20:01:19

[quote]
AlanJBartlett wrote:
Yes you are right. [b]ClamAV[/b] has recently been discussed in these [i]fora[/i].

You do not need to have a GUI to use [b]yum[/b] or the [b]RPMForge[/b] repo. It can be installed via a CLI.
Please have a look at this article http://wiki.centos.org/Repositories/RPMForge and also have a look at [b]man -a yum[/b]

Hope this helps,
Alan.[/quote]

I read that page and followed the instructions, and I now have clam installed.

Now my problem is, the clamd daemon won't work:

# service clamd start
Starting Clam AntiVirus Daemon: [ OK ]
# service clamd status
clamd dead but subsys locked

# tail /var/log/clamav/clamd.log
Fri Jan 25 14:29:05 2008 -> Reading databases from /var/clamav
Fri Jan 25 14:29:05 2008 -> Not loading PUA signatures.
Fri Jan 25 14:29:05 2008 -> ERROR: Unable to open file or directory
Fri Jan 25 14:54:44 2008 -> +++ Started at Fri Jan 25 14:54:44 2008
Fri Jan 25 14:54:44 2008 -> clamd daemon 0.92 (OS: linux-gnu, ARCH: i386, CPU: i386)
Fri Jan 25 14:54:44 2008 -> Running as user clamav (UID 100, GID 101)
Fri Jan 25 14:54:44 2008 -> Log file size limit disabled.
Fri Jan 25 14:54:44 2008 -> Reading databases from /var/clamav
Fri Jan 25 14:54:44 2008 -> Not loading PUA signatures.
Fri Jan 25 14:54:44 2008 -> ERROR: Unable to open file or directory

I haven't made any changes to the default clamd.conf file. Do I need to? (It came with "example" already commented out.)

NeilParks
Posts: 19
Joined: 2008/01/10 17:02:32
Location: North Olmsted, Ohio USA
Contact:

Re: Email virus scanner for CentOS 5?

Post by NeilParks » 2008/01/25 20:10:37

I think I found an answer:

# setsebool -P clamd_disable_trans=1

User avatar
WhatsHisName
Posts: 1549
Joined: 2005/12/19 20:21:43
Location: /earth/usa/nj

Re: Email virus scanner for CentOS 5?

Post by WhatsHisName » 2008/01/25 21:01:43

Been reading the system logs?

As you probably found out, the explanations of selinux issues in the logs are very helpful.


If a problem is selinux related, restoring the selinux security contexts to the files of interest (see restorecon) will often fix the problem.

But if you made a lot of changes or you have never relabeled the system or you tire of trying to fix a selinux problem, then running "fixfiles relabel && init 6" will fix lots of issues.

Also, have a look at the audit2allow and audit2why manpages for more serious selinux problems.


One suggestion: While you are initially setting up new features, it is useful to change selinux to permissive mode.

That way, selinux will not interfere and the real problems will be easier to find and fix. The selinux alerts will still appear in the system logs, so you can identify and fix them before you change back to enforcing mode.

NeilParks
Posts: 19
Joined: 2008/01/10 17:02:32
Location: North Olmsted, Ohio USA
Contact:

Re: Email virus scanner for CentOS 5?

Post by NeilParks » 2008/01/28 21:43:58

WhatsHisName wrote:
[quote]If a problem is selinux related, restoring the selinux security contexts to the files of interest (see restorecon) will often fix the problem.[/quote]
I read the "man restorecon", and didn't quite understand it. I would have thought that "restorecon (filename)" would do something to the specified file, but apparently it doesn't quite work that way.

[quote]But if you made a lot of changes or you have never relabeled the system or you tire of trying to fix a selinux problem, then running "fixfiles relabel && init 6" will fix lots of issues.[/quote]
I'm reasonably sure I have never "relabeled the system"--at least not on purpose--because I have no idea what that means. And I am reluctant to try anything that might be dangerous.

[quote]Also, have a look at the audit2allow and audit2why manpages for more serious selinux problems.[/quote]
I did, and what I read there helped me solve another problem I was having, trying to get procmail to write to its log file. That works now.

[quote]One suggestion: While you are initially setting up new features, it is useful to change selinux to permissive mode.
That way, selinux will not interfere and the real problems will be easier to find and fix. The selinux alerts will still appear in the system logs, so you can identify and fix them before you change back to enforcing mode.[/quote]
I have already learned that if I have a problem, I should try permissive mode. If something works in permissive mode that didn't work in enforcing mode then I know that selinux is causing my problem. But there is a difference between knowing that selinux is causing the problem, and knowing how to fix it.

I appreciate your help. Thanks.

User avatar
WhatsHisName
Posts: 1549
Joined: 2005/12/19 20:21:43
Location: /earth/usa/nj

Re: Email virus scanner for CentOS 5?

Post by WhatsHisName » 2008/01/28 22:05:46

The global relabeling is fairly safe. Look at the [url=http://www.centos.org/docs/5/html/5.1/Deployment_Guide/]Deployment Guide[/url] in the [url=http://www.centos.org/docs/5/html/5.1/Deployment_Guide/sec-sel-file-relabel.html]45.1.3. Relabeling a File or Directory[/url] and [url=http://www.centos.org/docs/5/html/5.1/Deployment_Guide/sec-sel-fsrelabel.html]45.2.2. Relabeling a File System[/url] sections.

As indicated in the guide, you can also initiate a boot-time relabeling by issuing "touch /.autorelabel" followed by rebooting.

SELinux can be a real pain in the rear at times.

Post Reply