diff options
author | sheldonh <sheldonh@FreeBSD.org> | 2003-08-25 14:57:40 +0800 |
---|---|---|
committer | sheldonh <sheldonh@FreeBSD.org> | 2003-08-25 14:57:40 +0800 |
commit | a0fabd23e8a1f3148a150b3eacc2cb5daa949607 (patch) | |
tree | 82fa0bd3370a0955ce75d7f92db41bf7ac0ab042 /mail/exim/files | |
parent | 8dd05668fce91d0923e16b75cab457bc871509da (diff) | |
download | freebsd-ports-gnome-a0fabd23e8a1f3148a150b3eacc2cb5daa949607.tar.gz freebsd-ports-gnome-a0fabd23e8a1f3148a150b3eacc2cb5daa949607.tar.zst freebsd-ports-gnome-a0fabd23e8a1f3148a150b3eacc2cb5daa949607.zip |
Import my exiscan-acl clamd virus scanner integration notes.
I can't say enough good things about clamd.
Diffstat (limited to 'mail/exim/files')
-rw-r--r-- | mail/exim/files/POST-INSTALL-NOTES.clamd | 74 | ||||
-rw-r--r-- | mail/exim/files/POST-INSTALL-NOTES.exiscan-acl | 5 |
2 files changed, 78 insertions, 1 deletions
diff --git a/mail/exim/files/POST-INSTALL-NOTES.clamd b/mail/exim/files/POST-INSTALL-NOTES.clamd new file mode 100644 index 000000000000..cfc7b0ab405e --- /dev/null +++ b/mail/exim/files/POST-INSTALL-NOTES.clamd @@ -0,0 +1,74 @@ +The following steps will enable clamd malware scanning using exiscan ACLs. +It is important to follow them in sequence. + +* Install security/clamav from the ports tree. + +* Add user clamav to the mail group in /etc/group. + +* Create /var/log/clamav and /var/run/clamav, and change the ownership + of both to clamav:clamav. + +* In Exim's configure file, set av_scanner=clamd:/var/run/clamav/clamd + +* Adjust the exiscan ACLs in Exim's configure file. Make sure you use + the demime option with the malware check, e.g.: + + deny message = This message contains malware ($malware_name) + demime = * + malware = * + +* Edit clamav.conf as follows: + + LogFile /var/log/clamav/clamd.log + PidFile /var/run/clamav/clamd.pid + LocalSocket /var/run/clamav/clamd + User clamav + AllowSupplementaryGroups + ScanArchive + + You may wish to make other changes as well. + +* Install the shell script included at the end of these instructions as + /usr/local/etc/rc.d/clamd.sh, taking care to make it executable. + +* Run freshclam. + +* Add a cron job that runs freshclam --daemon-notify --quiet at least + once a day. + +* Start clamd with /usr/local/etc/rc.d/clamd.sh start . + +* Start Exim with /usr/local/etc/rc.d/exim.sh start . + +Sheldon Hearn <sheldonh@FreeBSD.org> + +#!/bin/sh +# +PREFIX=/usr/local +CLAMAV_BIN=${PREFIX}/sbin + +case $1 in +start) + [ -x ${CLAMAV_BIN}/clamd ] && { + ${CLAMAV_BIN}/clamd + echo -n ' clamd' + } + ;; + +stop) + kill `cat /var/run/clamav/clamd.pid` + if [ $? = 0 ] ; then + echo -n ' clamd' + fi + ;; + +restart) + /usr/local/etc/rc.d/clamd.sh stop && \ + /usr/local/etc/rc.d/clamd.sh start + ;; + +*) + echo "usage: `basename $0` {start|stop|restart}" >&2 + exit 64 + ;; +esac diff --git a/mail/exim/files/POST-INSTALL-NOTES.exiscan-acl b/mail/exim/files/POST-INSTALL-NOTES.exiscan-acl index 29988db9e86e..148e6d1fe082 100644 --- a/mail/exim/files/POST-INSTALL-NOTES.exiscan-acl +++ b/mail/exim/files/POST-INSTALL-NOTES.exiscan-acl @@ -2,7 +2,10 @@ This installation of Exim includes Exiscan content scanning support, from http://duncanthrax.net/exiscan-acl/, which is documented in ${PREFIX}/share/doc/exim/exiscan-acl-spec.txt. The ports tree includes various content scanners that might be useful, e.g. -mail/p5-Mail-SpamAssassin and security/vscan. +mail/p5-Mail-SpamAssassin and security/clamav. + +Notes for enabling malware scanning with the excellent clamd scanner +are in ${PREFIX}/share/doc/exim/POST-INSTALL-NOTES.clamd. When Exiscan is actually enabled in the Exim configure file, great care should be taken to test upgrades, since Exiscan updates tend |