Hi, I have heard that some people have managed to install MailScanner onto their boxes without any problems.

I was just wondering if someone could possibely write a HOW TO on this subject integrating Sophos.

From the recent outbreaks of viruses such as the SoBig virus, it would be an extremely good idea in my eyes to help protect my customers.

Im running a RedHat 7.3 Install with DA of course.

Im happy to pay a small donation for any help in getting this installed.

Regards

John

is mailscanner free?

sohpos is a really ****ty anti virus...

Hi Mark,

Mailscanner is free yes, It can integrate with about 10 anti-virus scanners, as well as anti-spam programs.

With regards to Sophos, it has been very successful where i have installed it before on Windows networks, but each to their own with their opinion on what scanner to use.

Regards

you got a link to the mail scanner website? i'll take a look at the instructions and have a shot on a spare DA box.

as to virus scanners.. i go with the virus bulletin 100% winners, which sophos seems to win a few less of than other scanners. I personaly prefer NOD 32 (best scores.. best speeds). Havent looked into using it on linux though.

Hi Mark,

Thanks for offering to give it a go. You might be in luck, Nod32 is compatible with MailScanner, but doesn't look like Virus Bulliten is.

I will definately have a look into Nod32 a little more. We just want to try and protect our users a little more with the recent outbreak of viruses etc, like SoBig.

Their link is http://www.sng.ecs.soton.ac.uk/mailscanner/

And it is completely free which is good, and I have seen them being used a lot around the net. Would just be nice to add that extra protection for the users we have.

I look forward to your responce, and thank you for giving it a go.

Regards

John

i'll take a look, Virus Bulletin is actualy a website: http://www.virusbtn.com/
:D


Introduction to the VB 100% award


The VB 100% logo is awarded to anti-virus products that:


Detect all In the Wild viruses during both on-demand and on-access scanning in Virus Bulletin's comparative tests.
Generate no false positives when scanning a set of clean files.


NOD32 has the best standing in these tests!

sorry, da doesnt use send mail, can't install this program.


find something that works with exim :)

Hi Mark,

I beleive MailScanner is compatable with Exim, http://www.sng.ecs.soton.ac.uk/mailscanner/install/exim.shtml

The problem is it needs a little of config work, and im getting a little confused with their guides. Im not extremely familiur with Linux and the paths they use for everything

Regards

hmm, it spat errors out at me and told me to piss off :) lemmie try again

It told me about the same.

I think it would be an excellant thing to have implemented, if it is possible to get going, which it seems like it is possible, but how seems to be another question.

I really do appreciate your help with this, and I think a lot of other DA people will also benefit from it.

I have seen NOD32 implements directly with Exim, which might be the way to go. Seems very highly rated and it does look good.

Regards

John

i give up :(

DA doesnt have any of its configs as in the tutorials, im completely lost with it

Thanks for giving it a go Mark,

That was my same problem, Everything seems all over the place. I am waiting to hear back from NOD with regards to pricing etc, and might have to go directly with them.

Admittedly it isn't a complete must for a server, But I would just like to protect users. Gives a good impression that things are being put in place to protec them.

A few pound to please a lot of users is an investment I like the sound of. Word of mouth is very powerfull.

I will let you know my success of NOD and also their pricing if you want. Might be an idea of other user.

Thanks again

John

I do not have access to a server using DirectAdmin. But if DirectAdmin is using Exim 4.20 It could be much easier to integrate MailScanner with it.

I have wrote a How-To for MailScanner+Clam AV for Cpanel 7.x (Exim 4.20) which got more than 1000 hit and I have installed it on more than 10 servers of users who asked for an installation service.

They are 5 files that needs to be modified to make MailScanner works (even if DA uses different paths)

2 Exim files and 3 MailScanner files. But you have to make sure that these 2 Exim files ( the exim.conf and init.d/exim ) are not replaced later by DA. If DirectAdmin sometimes replaces these files then a script that will detect MailScanner (a very simple script) and do the required changes has to be added to DA updates. (that's what cpanel do)

Also if DirectAdmin allows you to view the Mail Queue from DirectAdmin control panel then you will lose this option except if DA modified the code to detect MailScanner (again it is very easy, it will just detect if a file exists, if exists it will read the queue from a different path)

Sounds nice but where is the step by step howto for installing?
Step by step howto include downloading etc?
(start with login at the server...)

Originally posted by RingToons
Sounds nice but where is the step by step howto for installing?
Step by step howto include downloading etc?
(start with login at the server...)

The Cpanel one is in:
http://www.cpanelplus.com/staticpages/index.php?page=2003073009541160

As for DirectAdmin, Although it should be simillar (but with different paths).. I have not created one because I do not have access to a dedicated server using DirectAdmin.

Hi,

MailScanner was kinda hard to install ... in contrast to everything else in DirectAdmin :)

This is from memory, so it might not be 100% accurate.
(System: RedHat 7.3, ClamAv 0.60, MailScanner 4.23, Exim 3.36)

1) Download ClamAv (http://www.webppliance.info/modules.php?op=modload&name=News&file=article&sid=31&mode=thread&order=0&thold=0)

2) Install ClamAv and change the /etc/clamav.conf according to your system. Check that the freshclam (update facility) is run every day in /etc/cron.daily/clamav ... if not add it to your crontab. (fx. 0 8 * * * /usr/bin/freshclam --quiet -l /var/log/clam-update.log)

3) Check that ClamAv is working by scanning some files (upload a virus file fx.) and check that freshclam is working by running it manually.

4) Download MailScanner (http://www.sng.ecs.soton.ac.uk/mailscanner/downloads.shtml)

5) Install MailScanner. (For RedHat extract the tar and run the install.sh script.) (Check to see if the MailScanner directories have mail as owner. Is located in /var/spool/ as default)

Now for the 'hard' part.

6) Read the "How mailscanner works with Exim" here (http://www.sng.ecs.soton.ac.uk/mailscanner/install/exim.shtml). (The first 20 lines) In short: you need to run two Exim daemons: one to listen for SMTP connections, and one to do queue runs on the outgoing spool directory

7) Ok ... we need two .conf files. One for each exim process. The one created by directadmin will function as one of the .conf files.

cp /etc/exim.conf /etc/exim_outgoing.conf

The exim.conf will be for the listening deamon and the exim_outgoing.conf will be for the other.
(Remember to backup your files before changing things!)

8) We will leave the /exim_outgoing.conf alone (almost). Now the /etc/exim.conf needs some changing in order to just receive emails and not send them. Open /etc/exim.conf and add the following lines in the main configuration:

spool_directory = /var/spool/exim.in
queue_only = true
log_file_path = /var/spool/exim/msglog/%slog

Add the following in the directories configuration:


defer_director:
driver = smartuser
new_address = :defer: All deliveries are deferred
verify = false


Add the following in the routers configuration:


defer_router:
driver = domainlist
self = defer
route_list = "* 127.0.0.1 byname"
verify = false


9) Change the /etc/init.d/exim so it starts two deamons instead of one.

Original:
daemon /usr/sbin/exim $([ "$DAEMON" = yes ] && echo -bd) \
$([ -n "$QUEUE" ] && echo -q$QUEUE)

Change this to:
daemon /usr/sbin/exim $([ "$DAEMON" = yes ] && echo -bd) \
## $([ -n "$QUEUE" ] && echo -q$QUEUE)
daemon /usr/sbin/exim $([ "$DAEMON" = yes ] && echo -C) \
$(echo /etc/exim_outgoing.conf) \
$([ -n "$QUEUE" ] && echo -qf$QUEUE)

IMPORTANT: the first deamon gets queue runs disabled!

Now change the QUEUE variable to fx. 15m in /etc/init.d/exim and /etc/sysconfig/exim.
Save the files.

10) Create the following directories: /var/spool/exim.in, /var/spool/exim.in/data, /var/spool/exim.in/db and give the rights to mail (chgrp and chown)

11) Ok ... now Exim is configured .. next is MailScanner. Open /etc/MailScanner/MailScanner.conf and change theses settings:

%org-name% = (Your org. name)
Run As User = mail
Run As Group = mail
Incoming Queue Dir = /var/spool/exim.in/input
Outgoing Queue Dir = /var/spool/exim/input
MTA = exim
Sendmail = /usr/sbin/sendmail -C /etc/exim_outgoing.conf
Sendmail2 = /usr/sbin/sendmail -C /etc/exim_outgoing.conf
Virus Scanners = clamav


Save the file

12) Stop the MailScanner process if it's running and restart the exim processes (/etc/rc.d/init.d/exim restart)
Now try to send an email to an account that the exim is handling. When the email arrives it should be placed in the /var/spool/exim.in/input
directory. If it doesn't then the exim incomming proces isn't working properly.

13) Now start the MailScanner. The email should now be moved from the directory and moved to /var/spool/exim/input where it will be processed by the outgoing exim proces.
You can view /var/log/maillog to see if the MailScanner scanned the file.
If the last two steps aren't working check the /var/log/maillog, /var/log/exim/exim_*, /var/spool/exim/msglog/* for errors.

14) Try to send an email with a virus included and see if MailScanner detects it.

Well ... that should be it.

Sincerely,
--
Kaare Christensen, Mermaid Consulting ApS
kaare[at]mermaidconsulting[dot]com
http://www.mermaidconsulting.com

All works!!!

Thank you for that, I have just runned the install and everything went fine. Apart from exim failing to restart because I miss typed a single letter :p

Everything started up fine after correcting my error and working like a treat.

Thank you again

Regards

John

PS - I couldn't find a fake virus to test and also do you know the command to scan the server for viruses?

Hi jl2005uk,

glad everything worked.

You can fine a test virus here:
http://sidebit.com/ProjectVirusTest.php

Regarding scanning the server ... look at the ClamAV documentation.

Sincerely,
--
Kaare Christensen, Mermaid Consulting ApS
kaare[at]mermaidconsulting[dot]com
http://www.mermaidconsulting.com

9) Change the /etc/init.d/exim so it starts two deamons instead of one.

Original:
daemon /usr/sbin/exim $([ "$DAEMON" = yes ] && echo -bd) \
$([ -n "$QUEUE" ] && echo -q$QUEUE)

Change this to:
daemon /usr/sbin/exim $([ "$DAEMON" = yes ] && echo -bd) \
## $([ -n "$QUEUE" ] && echo -q$QUEUE)
daemon /usr/sbin/exim $([ "$DAEMON" = yes ] && echo -C) \
$(echo /etc/exim_outgoing.conf) \
$([ -n "$QUEUE" ] && echo -qf$QUEUE)

IMPORTANT: the first deamon gets queue runs disabled!


I couldn't get past this stage, I couldn't find the line.

I would like to get it setup

Regards,
Brenden

To elaborate what Brenden meant (if we have the same setting), the exim 4 is setup a little bit different. In the /etc/init.d/exim, it reads like this:

EXIM_OPTS=
DAEMON=
QUEUE=
[ -f /etc/sysconfig/exim ] && . /etc/sysconfig/exim
[ "$DAEMON" = yes ] && EXIM_OPTS="$EXIM_OPTS -bd"
[ -n "$QUEUE" ] && EXIM_OPTS="$EXIM_OPTS -q$QUEUE"

and this is the content of the whole file:

#!/bin/sh
#
# exim This shell script takes care of starting and stopping
# exim.
#
# chkconfig: 2345 80 30
# description: Mail Transfer Agent

# Source function library.
. /etc/rc.d/init.d/functions

# Source networking configuration.
. /etc/sysconfig/network

EXIM_OPTS=
DAEMON=
QUEUE=
[ -f /etc/sysconfig/exim ] && . /etc/sysconfig/exim
[ "$DAEMON" = yes ] && EXIM_OPTS="$EXIM_OPTS -bd"
[ -n "$QUEUE" ] && EXIM_OPTS="$EXIM_OPTS -q$QUEUE"

# Check that networking is up.
[ ${NETWORKING} = "no" ] && exit 0

# See how we were called.
case "$1" in
start)
# Start daemons.
echo -n "Starting exim: "
daemon /usr/sbin/exim $EXIM_OPTS -oP /var/run/exim.pid
echo
touch /var/lock/subsys/exim
;;
stop)
# Stop daemons.
echo -n "Shutting down exim: "
if [ -e /var/run/exim.pid ]; then kill `cat /var/run/exim.pid`; fi
echo
rm -f /var/lock/subsys/exim
;;
restart)
$0 stop
sleep 3
$0 start
;;
reload)
if [ -e /var/run/exim.pid ]; then kill -HUP `cat /var/run/exim.pid`; fi
;;
condrestart)
if [ -f /var/lock/subsys/exim ] ; then
$0 restart
fi
;;
status)
status exim
;;
*)
echo "Usage: exim {start|stop|restart|reload|condrestart|status}"
exit 1
esac

exit 0

Any idea how to set this up?

Thank you so much in advance.

Reyner

For exim 4.2*, use this instead for step 9 above:QUEUE=
[ -f /etc/sysconfig/exim ] && . /etc/sysconfig/exim
[ "$DAEMON" = yes ] && EXIM_OPTS="$EXIM_OPTS -bd"
[ -f /etc/sysconfig/exim ] && . /etc/sysconfig/exim
[ "$DAEMON" = yes ] && EXIM_OPTS="$EXIM_OPTS -C /etc/exim_outgoing.conf"
[ -n "$QUEUE" ] && EXIM_OPTS="$EXIM_OPTS -q$QUEUE"


Then follow the rest. I've tested it and everything seems to be working.

Thanks for the instruction kaarechr!

Sincerely,

Reyner

kaarechr wrote :

9) Change the /etc/init.d/exim so it starts two deamons instead of one.

Original:
daemon /usr/sbin/exim $([ "$DAEMON" = yes ] && echo -bd) \
$([ -n "$QUEUE" ] && echo -q$QUEUE)

Change this to:
daemon /usr/sbin/exim $([ "$DAEMON" = yes ] && echo -bd) \
## $([ -n "$QUEUE" ] && echo -q$QUEUE)
daemon /usr/sbin/exim $([ "$DAEMON" = yes ] && echo -C) \
$(echo /etc/exim_outgoing.conf) \
$([ -n "$QUEUE" ] && echo -qf$QUEUE)

IMPORTANT: the first deamon gets queue runs disabled!

Now change the QUEUE variable to fx. 15m in /etc/init.d/exim and /etc/sysconfig/exim.
Save the files.



>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
The QUEUE variable I tried changing per his instructions and the exim service failed to start.

/etc/init.d/exim showed :

QUEUE=

/etc/sysconfig/exim showed :
QUEUE="15m"

I changed them both to :

QUEUE="fx. 15m"

and the service failed to restart.

The service does start when I leave the QUEUEs as they were originally. Am I good to go, or do I have my Syntax wrong?

I just do the step follow..
but some error happened

router defer_router: cannot find router driver "domainlist"

Any one have the same problem as me?

It should be QUEUE="15m" everywhere.

fx. 15m means "for example 15 minutes".

And I have the same problem as "different", mail is returned to sender with message :

Exim configuration error in line 366:
router defer_router: cannot find router driver "domainlist"

For exim 4.24 point 8 should be :

****************
8) We will leave the /exim_outgoing.conf alone (almost). Now the /etc/exim.conf needs some changing in order to just receive emails and not send them. Open /etc/exim.conf and add the following lines in the main configuration:

spool_directory = /var/spool/exim.in
queue_only = true
queue_only_override = false
log_file_path = /var/spool/exim/msglog/%slog

********************

All the other lines are for Exim 3

I think there is a typo for point 10

use mkdir /var/spool/exim.in/input instead of mkdir /var/spool/exim.in


And for point 13) just use :
service MailScanner restart

Hello ,

I chown /var/spool to mail:mail by mistake an now the exim doesnt start at all .

How do i reverse that or what are the right permissions .

Thanks ,

Hi,

I run freebsd, and i want to install nod32, whats required?
Does nod32 still require mailscaller?

Thanks
Barry

In the How-to section I found how to install Mailscanner and make it use ClamAV and SpamAssassin, but then I will lose the User-Level SpamAssassin that is implemented in DA.

In this thread I cannot find anything about SpamAssassin.
Can I use this method to install Mailscanner, make it scan my mails for virusses and keep the User-Level SpamAssassin working?

Or is it impossible to use the User-Level SpamAssassin together with Mailscanner?

Anything is possible. Even striking a match on a wet cake of soap :) .

It just takes a lot of customization.

If no one has done it for DA yet, then you're on your own.

Jeff

Let me rephrase my question.
Has anybody tried to get Mailscanner working together with de User-Level SpamAssassin?
I guess not, or I would have had an answer by now. :D
I'll have a go at it then.
If I make it work, you will read about it here.

Which hopefully will be as easy as making a match with a head of a chemical that will explode when it comes in contact with the soap.

:)

Jeff

Hi,

Great news !
It's working fine on my server.

I already had installed the User-level SpamAssassin on my system as described on the DA website: http://help.directadmin.com/item.php?id=36

We didn't touch that and simply setup MailScanner together with ClamAV as described above. After some minor tweaking it's working great.

The details will follow later as I didn't do it all myself.
Thx to Tom Lauwers of Root Services (www.root.be).
He did the installation and made it work, I just did some more tweaking after he was done.

Problem solved ! It is possible to use the User-level SpamAssassin together with MailScanner and ClamAV.

Hi there,

Does spam caught by mailscanner get actioned the same as the user-level spamassassin? What I'm trying to do is put all spam into a .Spam folder so it doesn't make a messy inbox and the user-level spamassassin has this option but I cant find one in Mailscanner.

Thanks
Barry

Originally posted by FarCry
sorry, da doesnt use send mail, can't install this program.


find something that works with exim :)

Most *nix MTAs have a sendmail alias, so even if the MTA isn't sendmail you can still access the sendmail binary.