aboutsummaryrefslogtreecommitdiffstats
path: root/mail/exim/files
diff options
context:
space:
mode:
authorsheldonh <sheldonh@FreeBSD.org>2003-08-25 14:57:40 +0800
committersheldonh <sheldonh@FreeBSD.org>2003-08-25 14:57:40 +0800
commita0fabd23e8a1f3148a150b3eacc2cb5daa949607 (patch)
tree82fa0bd3370a0955ce75d7f92db41bf7ac0ab042 /mail/exim/files
parent8dd05668fce91d0923e16b75cab457bc871509da (diff)
downloadfreebsd-ports-gnome-a0fabd23e8a1f3148a150b3eacc2cb5daa949607.tar.gz
freebsd-ports-gnome-a0fabd23e8a1f3148a150b3eacc2cb5daa949607.tar.zst
freebsd-ports-gnome-a0fabd23e8a1f3148a150b3eacc2cb5daa949607.zip
Import my exiscan-acl clamd virus scanner integration notes.
I can't say enough good things about clamd.
Diffstat (limited to 'mail/exim/files')
-rw-r--r--mail/exim/files/POST-INSTALL-NOTES.clamd74
-rw-r--r--mail/exim/files/POST-INSTALL-NOTES.exiscan-acl5
2 files changed, 78 insertions, 1 deletions
diff --git a/mail/exim/files/POST-INSTALL-NOTES.clamd b/mail/exim/files/POST-INSTALL-NOTES.clamd
new file mode 100644
index 000000000000..cfc7b0ab405e
--- /dev/null
+++ b/mail/exim/files/POST-INSTALL-NOTES.clamd
@@ -0,0 +1,74 @@
+The following steps will enable clamd malware scanning using exiscan ACLs.
+It is important to follow them in sequence.
+
+* Install security/clamav from the ports tree.
+
+* Add user clamav to the mail group in /etc/group.
+
+* Create /var/log/clamav and /var/run/clamav, and change the ownership
+ of both to clamav:clamav.
+
+* In Exim's configure file, set av_scanner=clamd:/var/run/clamav/clamd
+
+* Adjust the exiscan ACLs in Exim's configure file. Make sure you use
+ the demime option with the malware check, e.g.:
+
+ deny message = This message contains malware ($malware_name)
+ demime = *
+ malware = *
+
+* Edit clamav.conf as follows:
+
+ LogFile /var/log/clamav/clamd.log
+ PidFile /var/run/clamav/clamd.pid
+ LocalSocket /var/run/clamav/clamd
+ User clamav
+ AllowSupplementaryGroups
+ ScanArchive
+
+ You may wish to make other changes as well.
+
+* Install the shell script included at the end of these instructions as
+ /usr/local/etc/rc.d/clamd.sh, taking care to make it executable.
+
+* Run freshclam.
+
+* Add a cron job that runs freshclam --daemon-notify --quiet at least
+ once a day.
+
+* Start clamd with /usr/local/etc/rc.d/clamd.sh start .
+
+* Start Exim with /usr/local/etc/rc.d/exim.sh start .
+
+Sheldon Hearn <sheldonh@FreeBSD.org>
+
+#!/bin/sh
+#
+PREFIX=/usr/local
+CLAMAV_BIN=${PREFIX}/sbin
+
+case $1 in
+start)
+ [ -x ${CLAMAV_BIN}/clamd ] && {
+ ${CLAMAV_BIN}/clamd
+ echo -n ' clamd'
+ }
+ ;;
+
+stop)
+ kill `cat /var/run/clamav/clamd.pid`
+ if [ $? = 0 ] ; then
+ echo -n ' clamd'
+ fi
+ ;;
+
+restart)
+ /usr/local/etc/rc.d/clamd.sh stop && \
+ /usr/local/etc/rc.d/clamd.sh start
+ ;;
+
+*)
+ echo "usage: `basename $0` {start|stop|restart}" >&2
+ exit 64
+ ;;
+esac
diff --git a/mail/exim/files/POST-INSTALL-NOTES.exiscan-acl b/mail/exim/files/POST-INSTALL-NOTES.exiscan-acl
index 29988db9e86e..148e6d1fe082 100644
--- a/mail/exim/files/POST-INSTALL-NOTES.exiscan-acl
+++ b/mail/exim/files/POST-INSTALL-NOTES.exiscan-acl
@@ -2,7 +2,10 @@ This installation of Exim includes Exiscan content scanning support,
from http://duncanthrax.net/exiscan-acl/, which is documented in
${PREFIX}/share/doc/exim/exiscan-acl-spec.txt. The ports tree
includes various content scanners that might be useful, e.g.
-mail/p5-Mail-SpamAssassin and security/vscan.
+mail/p5-Mail-SpamAssassin and security/clamav.
+
+Notes for enabling malware scanning with the excellent clamd scanner
+are in ${PREFIX}/share/doc/exim/POST-INSTALL-NOTES.clamd.
When Exiscan is actually enabled in the Exim configure file, great
care should be taken to test upgrades, since Exiscan updates tend