Mailing List Archive

Hi there,

On Thu, 18 Feb 2021, Joe Acquisto-j4 wrote:

> Any pointers for using the ClamAVPlugin?

Could you flesh that out a bit?

> States one needs to install "File::Scan::ClamAV" which I find,

I found it too. I found this, for example:

https://rt.cpan.org/Public/Bug/Display.html?id=131538

What bothers me is not so much that there's an issue, but that it's
allegedly a serious security issue and there seems to have been no
resonse to it for a year. Incidentally the link to the module on the
ClamAV Website's download page takes you to a version 1.06 of the
package from 2004. Micah? The version on Github is

# $Id: ClamAV.pm,v 1.91 2009/02/07 12:43:13 jamtur Exp $

and there's a version 1.95 (dated 2016) on CPAN. All in all it looks
like a shambles to me.

> It appears this must be complied and should "magically work".

It's a Perl module. Most of the time installing Perl modules is just
copying files. Perl is an interpreted language, and most of the time
runs from Perl scripts which are just text files although I'm very
fond of typing one-liners at the command line:

perl -e 'print "Hello, world!\n";'

You can install Perl modules in several different ways, but first and
foremost of course you need the Perl interpreter. That's almost
certainly on your system already. If not, look around on the Web for
something called 'Linux' and download it. It's true that some Perl
modules will need some compilation, but it isn't the rule. Once a
module is on your system you can just 'use' it (I choose my words
carefully).

But first...

> Instructions seem written for someone that knows how it works.

... you need to explain what you want to do with it. Generally you
will only want to install Perl modules if either you're writing code
in Perl or you're using some tool which uses Perl to get things done.

> I guess I need a tutorial on using perl as well.

Beyond the scope of this list. There are many tutorials around, but
you really need to read the Camel book. That's quite a tall order,
but if ever you want to do Linux plumbing then Perl is a very useful
tool to have at your disposal. I do that sort of thing all the time,
and I don't know what I'd do without Perl.

One of the things I do is scan stuff using my own Perl milter, but it
never occurred to me that I needed a Perl module to do it with, since
the clamd API is very straightforward and you can just send stuff to
clamd from Perl by the ordinary IPC means available in Perl. Before
you spend a lot of time on this, perhaps you can tell us more about
what you want to achieve.

--

73,
Ged.

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

> Hi there,
>
> On Thu, 18 Feb 2021, Joe Acquisto-j4 wrote:
>
>> Any pointers for using the ClamAVPlugin?
>
> Could you flesh that out a bit?
>. . .
> One of the things I do is scan stuff using my own Perl milter, but it
> never occurred to me that I needed a Perl module to do it with, since
> the clamd API is very straightforward and you can just send stuff to
> clamd from Perl by the ordinary IPC means available in Perl. Before
> you spend a lot of time on this, perhaps you can tell us more about
> what you want to achieve.

Thanks for the reply.

Sorry I did not think to explain properly. Using Postfix and Spamassassinm
on an OpenSuse version of Linux (15.1 or something) wanting to add AV
scanning to incoming mail. Started attempting Sophos for Linux (savd ?)
but they have or soon will abandon the product.

Decided on ClamAV and after some fumbling had it working through use of
the ClamAVPlugin. At lesat an EICAR test email was flagged properly.

Now, it does not appear to work any longer and am attempting to retrace my
steps and coming up short. As usual, I made few written notes and am slow
to admit my "total recall" may no longer bet exactly "total".

So basically, just want to tie ClavAV (using clamd) into PF/SA to scan and
flag incoming email. In a way that does not require I learn, or relearn

Aside, I did notice the "security issue" but, thought it minor, in my rather
isolated environment. Perhaps you feel it is a serious issue?

joe a


--



_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Joe Acquisto-j4 wrote:
>> Hi there,
>>
>> On Thu, 18 Feb 2021, Joe Acquisto-j4 wrote:
>>
>>> Any pointers for using the ClamAVPlugin?
>>
>> Could you flesh that out a bit?
>> . . .
>> One of the things I do is scan stuff using my own Perl milter, but it
>> never occurred to me that I needed a Perl module to do it with, since
>> the clamd API is very straightforward and you can just send stuff to
>> clamd from Perl by the ordinary IPC means available in Perl. Before
>> you spend a lot of time on this, perhaps you can tell us more about
>> what you want to achieve.
>
> Thanks for the reply.
>
> Sorry I did not think to explain properly. Using Postfix and
> Spamassassinm on an OpenSuse version of Linux (15.1 or something)
> wanting to add AV scanning to incoming mail. Started attempting
> Sophos for Linux (savd ?) but they have or soon will abandon the
> product.
>
> Decided on ClamAV and after some fumbling had it working through use
> of
> the ClamAVPlugin. At lesat an EICAR test email was flagged properly.
>
> Now, it does not appear to work any longer and am attempting to
> retrace my steps and coming up short. As usual, I made few written
> notes and am slow to admit my "total recall" may no longer bet
> exactly "total".
>
> So basically, just want to tie ClavAV (using clamd) into PF/SA to
> scan and flag incoming email. In a way that does not require I
> learn, or relearn
>
> Aside, I did notice the "security issue" but, thought it minor, in my
> rather isolated environment. Perhaps you feel it is a serious issue?
>
> joe a

I don't run postfix and connecting clamd to exim is trivial requiring
nothing but a functioning clamd daemon.
However I did look at options that might be better at connecting to the
clamd daemon and were it me I would look at clamsmtpd for integration. Looks
pretty straight forward to me:

http://thewalter.net/stef/software/clamsmtp/

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Citeren Joe Acquisto-j4 <joea@j4computers.com>:

> Sorry I did not think to explain properly. Using Postfix and Spamassassinm
> on an OpenSuse version of Linux (15.1 or something) wanting to add AV
> scanning to incoming mail. Started attempting Sophos for Linux (savd ?)
> but they have or soon will abandon the product.

If you're still using openSUSE 15.1, that version was recently
obsoleted (see
https://en.opensuse.org/Lifetime#Discontinued_distributions) and you
really shouln't be using that on a production system anymore.

> Decided on ClamAV and after some fumbling had it working through use of
> the ClamAVPlugin. At lesat an EICAR test email was flagged properly.

ClamAV in openSUSE comes with clamav-milter which allows an
integration through the
smtpd_milters directive in Postfix.



_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

On 20/02/2021 00:52, Rick Cooper wrote:
[SNIP]
>
> I don't run postfix and connecting clamd to exim is trivial requiring
> nothing but a functioning clamd daemon.
> However I did look at options that might be better at connecting to the
> clamd daemon and were it me I would look at clamsmtpd for integration. Looks
> pretty straight forward to me:
>
> http://thewalter.net/stef/software/clamsmtp/
>
I've been using ClamSMTP with Postfix since 2011, it was trivial to
configure, and just works.

Cheers,
Gary B-)


_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

> Citeren Joe Acquisto-j4 <joea@j4computers.com>:
>
>> Sorry I did not think to explain properly. Using Postfix and Spamassassinm
>> on an OpenSuse version of Linux (15.1 or something) wanting to add AV
>> scanning to incoming mail. Started attempting Sophos for Linux (savd ?)
>> but they have or soon will abandon the product.
>
> If you're still using openSUSE 15.1, that version was recently
> obsoleted (see
> https://en.opensuse.org/Lifetime#Discontinued_distributions) and you
> really shouln't be using that on a production system anymore.
>
>> Decided on ClamAV and after some fumbling had it working through use of
>> the ClamAVPlugin. At lesat an EICAR test email was flagged properly.
>
> ClamAV in openSUSE comes with clamav-milter which allows an
> integration through the
> smtpd_milters directive in Postfix.
>

Thanks for all the replies.

Yes, SUSE took me by surprise the other day when I attempted to add
a package and it said I was a naughty boy. Updating to 15.2 will be
my first step.

After that I will check out the milter (always a first time) if, for no other
reason, clamsmtp failed to "make" properly. Not going to delve into
why at this point. I'll stop by again after I mung up the update and
milter . . . I think that's a joke . . .

joe a.




_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Hi there,

On Fri, 19 Feb 2021, Joe Acquisto-j4 wrote:
>> On Thu, 18 Feb 2021, Joe Acquisto-j4 wrote:
>>
>>> Any pointers for using the ClamAVPlugin?
>>
>> Could you flesh that out a bit?
>
> Sorry I did not think to explain properly. Using Postfix and Spamassassinm
> on an OpenSuse version ...

If you're using Postfix and SpamAssassin you have choices. Postfix
can use milters, so clamav-milter which comes with ClamAV might make
sense. There are similar approaches which can tie the MTA directly to
the scanner without using clamav-milter. In these cases, SpamAssassin
wouldn't need to be involved at all. But I believe SpamAssassin can
also filter mail via ClamAV, so that the MTA (Postfix) wouldn't even
know that ClamAV was involved and the SpamAssassin configuration could
decide what to do with the mail on the basis of the scan results. One
benefit of using SpamAssassin this way is that you can bring the virus
scanning into the SpamAssassin scoring system. (One drawback is that
you will then have virus scanning in the SpamAssassin scoring system.
It's a very long time since I used SpamAssassin, but others here will
probably have fresher recollections.)

> Decided on ClamAV and after some fumbling had it working through use of
> the ClamAVPlugin. At lesat an EICAR test email was flagged properly.
>
> Now, it does not appear to work any longer ...
> So basically, just want to tie ClavAV (using clamd) into PF/SA to scan and
> flag incoming email. In a way that does not require I learn, or relearn

That last part bothers me a bit. I view my life with computers as a
state of continual learning. I can never get enough of it. I believe
in particular that if you're the only thing betwen your systems and
the Bad Guys and you stop learning, then you're heading for trouble
because the Bad Guys _never_ stop learning.

> Aside, I did notice the "security issue" but, thought it minor, in my rather
> isolated environment. Perhaps you feel it is a serious issue?

It depends on whether or not you think that not knowing that your mail
hasn't been scanned is a serious issue. All mail here is carefully
vetted, and we run no Windows boxes, so we use ClamAV mainly for spam
detection and reporting; we don't rely on ClamAV for security, so even
if mail didn't get scanned it probably wouldn't be a big deal. If you
have many and careless users, who rely on your mail server to protect
them from millions of Windows viruses, you may take a different view.

--

73,
Ged.

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

> Hi there,
>
> On Fri, 19 Feb 2021, Joe Acquisto-j4 wrote:
>>> On Thu, 18 Feb 2021, Joe Acquisto-j4 wrote:
>>>
>>>> Any pointers for using the ClamAVPlugin?
>>>
>>> Could you flesh that out a bit?
>>
>> Sorry I did not think to explain properly. Using Postfix and Spamassassinm
>> on an OpenSuse version ...
>
> If you're using Postfix and SpamAssassin you have choices. Postfix
> can use milters, so clamav-milter which comes with ClamAV might make
> sense. . . . .

This is the approach I would like to attempt.

>> So basically, just want to tie ClavAV (using clamd) into PF/SA to scan and
>> flag incoming email. In a way that does not require I learn, or relearn
>
> That last part bothers me a bit.

Sorry. No witty comments come to mind.

> 73,
> Ged.
>

Where I am at the moment. Upgraded OS to Leap 15.2. That was easy. I even
took a snapshot of the VM before proceeding. I can be taught.

Postfix and SA are still functional. clamav and clamav-milter seem to be runing
but are not tied in to mail flow yet, due to my own lack of knowledge.

For whatever reasons, I am finding it difficult to tease out how to correctly
insert clamav-milter into postfix. Seems all my internet searches so far
turn up stuff that is suggestive, yet, not confidence inspiring.

I am not certain, for example, where to place the "call" to clamav-milter. I can
see examples of syntax in the Postfix docs on milters, but . . .

At this stage I would rather ask than hack away.

joe a.



_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

On 21/02/2021 11:49, Joe Acquisto-j4 wrote:
[SNIP]
>
> For whatever reasons, I am finding it difficult to tease out how to correctly
> insert clamav-milter into postfix. Seems all my internet searches so far
> turn up stuff that is suggestive, yet, not confidence inspiring.
>
> I am not certain, for example, where to place the "call" to clamav-milter. I can
> see examples of syntax in the Postfix docs on milters, but . . .
>
This is why I went with clamsmtp, just a simple init script to start it
up, and a couple of well-documented changes to master.cf and it all worked.

I suspect I would still be faffing around with learning about milters now!

Cheers,
Gary B-)

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

> On 21/02/2021 11:49, Joe Acquisto-j4 wrote:
> [SNIP]
>>
>> For whatever reasons, I am finding it difficult to tease out how to
> correctly
>> insert clamav-milter into postfix. Seems all my internet searches so far
>> turn up stuff that is suggestive, yet, not confidence inspiring.
>>
>> I am not certain, for example, where to place the "call" to clamav-milter. I
> can
>> see examples of syntax in the Postfix docs on milters, but . . .
>>
> This is why I went with clamsmtp, just a simple init script to start it
> up, and a couple of well-documented changes to master.cf and it all worked.
>
> I suspect I would still be faffing around with learning about milters now!
>
> Cheers,
> Gary B-)
>

I guess I missed how "simple" clamsmtp is to use, as I got the impression
it had to be compiled. When it gave me errors on make, I put it aside. My
admittedly limited search skill must be deteriorating further as I did not find
much helpful in the way of documentation.

For instance, the links in the README supplied with the package such as
those below seem defunct:

http://memberwebs.com/swalter/software/clamsmtp/postfix.html

http://memberwebs.com/swalter/software/clamsmtp/transparent.html

So, I simply sighed deeply and mournfully and moved on yet again.

If you have some good links, and docs please feel free to let me know.

joe a.







_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

On 21/02/2021 15:25, Joe Acquisto-j4 wrote:
[SNIP]
>
> I guess I missed how "simple" clamsmtp is to use, as I got the impression
> it had to be compiled. When it gave me errors on make, I put it aside. My
> admittedly limited search skill must be deteriorating further as I did not find
> much helpful in the way of documentation.
>
> For instance, the links in the README supplied with the package such as
> those below seem defunct:
>
> http://memberwebs.com/swalter/software/clamsmtp/postfix.html
>
> http://memberwebs.com/swalter/software/clamsmtp/transparent.html
>
> So, I simply sighed deeply and mournfully and moved on yet again.
>
> If you have some good links, and docs please feel free to let me know.
>
It all looks good from here:
<http://thewalter.net/stef/software/clamsmtp/>, which is where I got it
(and where it comes from). All the links work, and match my memory of
things.

Just cleaned and re-built it - I'm on Solaris - and it works fine.

./configure CC=cc --prefix=/opt/local

I don't have a SuSE box to hand, but on Centos 7... No problem,
configure runs cleanly, make throws a handful of warnings, it Just
Works(TM).

Cheers,
Gary B-)


_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Hi there,

On Sat, 20 Feb 2021, Joe Acquisto-j4 wrote:
>> On Fri, 19 Feb 2021, G.W. Haywood wrote:
>>
>> Postfix can use milters, so clamav-milter which comes with ClamAV
>> might make sense. . . . .
>
> This is the approach I would like to attempt.
> ...
> ... clamav and clamav-milter seem to be runing but are not tied in
> to mail flow yet, due to my own lack of knowledge.
>
> For whatever reasons, I am finding it difficult to tease out how to correctly
> insert clamav-milter into postfix. ...
> turn up stuff that is suggestive, yet, not confidence inspiring.

Does this help? Last modified around 2008 so it seems to have stood
the test of time:

https://wiki.linuxquestions.org/wiki/Postfix_with_clamav-milter

> I am not certain, for example, where to place the "call" to
> clamav-milter. ...

I don't use OpenSUSE nor Postfix, but I use Sendmail and the Postfix
milter facility is based on that used by Sendmail. To use milters
like clamav-milter which are written in C and assume the availability
of the Sendmail milter library, you need to have Sendmail's libmilter
library installed. (This is not built by default if you get Sendmail
from the original source.) If you use Postfix on OpenSUSE I believe
that you can install the Sendmail libmilter library from a package.
Apart from making sure that you have the libmilter library installed,
I believe that all you need to do for Postfix is to tell it to use the
milter in main.cf or whichever appropriate configuration file. The
fancy startup script on the page shouldn't be necessary if you already
have Postfix, clamd and clamav-milter all started. The bit that tells
Postfix to use the milter is basically this one single line in main.cf

smtpd_milters = unix:/var/run/clamav/clamav-milter

but you see on that page that there's an option to e.g. accept mail if
the milter fails for some reason, which is just good self-defence and
not essential to normal operation. You need to restart Postfix after
putting the milter line in main.cf or wherever. Obviously the path to
your milter socket might not be quite what is given in the line above,
you may need to tweak it for whatever clamd has in its configuration.

There's a link on that page to the original Postfix documentation but
it seems to me that it's not written for a newcomer to the sport. It
might make things clearer if I tell you that from what I've learned
from you about your setup you're looking at an SMTP-only milter, which
means you're filtering mail which comes from the Postfix mail server.
The Postfix documentation covers other (non-SMTP) uses. In case it's
not obvious, SMTP means "Simple Mail Transfer Protocol" and is what is
used to exchange mail between various installations. The RFCs are the
ultimate source of definitive detail about SMTP (and about most other
protocols), RFC821 kicked off SMTP but it's long since been superseded
by (many) more modern RFCs like RFC5321, which is one of the many RFC
tabs permanently open in my browser:

https://tools.ietf.org/html/rfc5321#section-3.1

> At this stage I would rather ask than hack away.

Fair enough, but you will need to do quite a bit of reading.

It took me ten seconds to find the page I linked to. The search was

postfix clamav-milter

and it was the first hit.

--

73,
Ged.

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

> On 21/02/2021 15:25, Joe Acquisto-j4 wrote:
> [SNIP]
>>
>> I guess I missed how "simple" clamsmtp is to use, as I got the impression
>> it had to be compiled. When it gave me errors on make, I put it aside. My
>> admittedly limited search skill must be deteriorating further as I did not
> find
>> much helpful in the way of documentation.
>>
>> For instance, the links in the README supplied with the package such as
>> those below seem defunct:
>>
>> http://memberwebs.com/swalter/software/clamsmtp/postfix.html
>>
>> http://memberwebs.com/swalter/software/clamsmtp/transparent.html
>>
>> So, I simply sighed deeply and mournfully and moved on yet again.
>>
>> If you have some good links, and docs please feel free to let me know.
>>
> It all looks good from here:
> <http://thewalter.net/stef/software/clamsmtp/>, which is where I got it
> (and where it comes from). All the links work, and match my memory of
> things.
>
> Just cleaned and re-built it - I'm on Solaris - and it works fine.
>
> ./configure CC=cc --prefix=/opt/local
>
> I don't have a SuSE box to hand, but on Centos 7... No problem,
> configure runs cleanly, make throws a handful of warnings, it Just
> Works(TM).
>
> Cheers,
> Gary B-)
>

The link you provided worked for me as well, where I got the package.
Bit the links in the packaged README failed, taking me to godaddy
stuff.

In a flash of insight I modified the provide URLs to match "http:/thewalter.net/stef/:"
and. found the garden . . . of information.

we shall see how the day progresses.

joe


_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

> Hi there,
>
> On Sat, 20 Feb 2021, Joe Acquisto-j4 wrote:
>>> On Fri, 19 Feb 2021, G.W. Haywood wrote:
>>>
>>> Postfix can use milters, so clamav-milter which comes with ClamAV
>>> might make sense. . . . .
>>
>> This is the approach I would like to attempt.
>> ...
>> ... clamav and clamav-milter seem to be runing but are not tied in
>> to mail flow yet, due to my own lack of knowledge.
>>
>> For whatever reasons, I am finding it difficult to tease out how to
> correctly
>> insert clamav-milter into postfix. ...
>> turn up stuff that is suggestive, yet, not confidence inspiring.
>
> Does this help? Last modified around 2008 so it seems to have stood
> the test of time:
>
> https://wiki.linuxquestions.org/wiki/Postfix_with_clamav-milter
>
>> I am not certain, for example, where to place the "call" to
>> clamav-milter. ...
>
> I don't use OpenSUSE nor Postfix, but I use Sendmail and the Postfix
> milter facility is based on that used by Sendmail. To use milters
> like clamav-milter which are written in C and assume the availability
> of the Sendmail milter library, you need to have Sendmail's libmilter
> library installed. (This is not built by default if you get Sendmail
> from the original source.) If you use Postfix on OpenSUSE I believe
> that you can install the Sendmail libmilter library from a package.
> Apart from making sure that you have the libmilter library installed,
> I believe that all you need to do for Postfix is to tell it to use the
> milter in main.cf or whichever appropriate configuration file. The
> fancy startup script on the page shouldn't be necessary if you already
> have Postfix, clamd and clamav-milter all started. The bit that tells
> Postfix to use the milter is basically this one single line in main.cf
>
> smtpd_milters = unix:/var/run/clamav/clamav-milter
>
> but you see on that page that there's an option to e.g. accept mail if
> the milter fails for some reason, which is just good self-defence and
> not essential to normal operation. You need to restart Postfix after
> putting the milter line in main.cf or wherever. Obviously the path to
> your milter socket might not be quite what is given in the line above,
> you may need to tweak it for whatever clamd has in its configuration.
>
> There's a link on that page to the original Postfix documentation but
> it seems to me that it's not written for a newcomer to the sport. It
> might make things clearer if I tell you that from what I've learned
> from you about your setup you're looking at an SMTP-only milter, which
> means you're filtering mail which comes from the Postfix mail server.
> The Postfix documentation covers other (non-SMTP) uses. In case it's
> not obvious, SMTP means "Simple Mail Transfer Protocol" and is what is
> used to exchange mail between various installations. The RFCs are the
> ultimate source of definitive detail about SMTP (and about most other
> protocols), RFC821 kicked off SMTP but it's long since been superseded
> by (many) more modern RFCs like RFC5321, which is one of the many RFC
> tabs permanently open in my browser:
>
> https://tools.ietf.org/html/rfc5321#section-3.1
>
>> At this stage I would rather ask than hack away.
>
> Fair enough, but you will need to do quite a bit of reading.
>
> It took me ten seconds to find the page I linked to. The search was
>
> postfix clamav-milter
>
> and it was the first hit.
>
> --
>
> 73,
> Ged.

I used the same search text and did not turn up that link via google or
duckduckgo. Did it just now to be sure.

Perhaps geographic region has something to so with SE results?
(or perhaps, the AI's are messing with me, as revenge for all those
nasty things I've said about them?)

joe a.



_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

. . .
>> It all looks good from here:
>> <http://thewalter.net/stef/software/clamsmtp/>, which is where I got it
>> (and where it comes from). All the links work, and match my memory of
>> things.
>>
>> Just cleaned and re-built it - I'm on Solaris - and it works fine.
>>
>> ./configure CC=cc --prefix=/opt/local
>>
>> I don't have a SuSE box to hand, but on Centos 7... No problem,
>> configure runs cleanly, make throws a handful of warnings, it Just
>> Works(TM).
>>
>> Cheers,
>> Gary B-)
>>
>
> The link you provided worked for me as well, where I got the package.
> Bit the links in the packaged README failed, taking me to godaddy
> stuff.
>
> In a flash of insight I modified the provide URLs to match
> "http:/thewalter.net/stef/:"
> and. found the garden . . . of information.
>
> we shall see how the day progresses.
>
> joe
>
>

Well, shucks folks.

Regardless of how simple this is supposed to be
I rather think my time would be better invested in using a package that
is currently being maintained. I was not deterred so much by no updates
in years, but even the mailing list has had no messages for . . . years.
Most recent appears to be spam/phish. Most recent before that a group
that were "blocked from view" by administrator.

joe a.




_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Hi there,

On Sun, 21 Feb 2021, Joe Acquisto-j4 wrote:
> On Fri, 19 Feb 2021, G.W. Haywood wrote:
>
>> https://wiki.linuxquestions.org/wiki/Postfix_with_clamav-milter
>
> I used the same search text and did not turn up that link via google or
> duckduckgo. Did it just now to be sure.
>
> Perhaps geographic region has something to so with SE results?

Perhaps there's something in your browser that you don't know about?
One of the things most valuable to the Bad Guys is misdirecting your
searches to something that they control.

> (or perhaps, the AI's are messing with me, as revenge for all those
> nasty things I've said about them?)

Well I've probably said very similar things about them, but I normally
use 'startpage.com' which is basically just a wrapper around Google's
search, purely to stop (some of the?) tracking. Just now I asked my
wife to do exactly the same search because she normally uses the duck,
and the first hit on her screen was the exact same link.

Anyway - did any of this help?

--

73,
Ged.

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

> Hi there,
>
> On Sun, 21 Feb 2021, Joe Acquisto-j4 wrote:
>> On Fri, 19 Feb 2021, G.W. Haywood wrote:
>>
>>> https://wiki.linuxquestions.org/wiki/Postfix_with_clamav-milter
>>
>> I used the same search text and did not turn up that link via google or
>> duckduckgo. Did it just now to be sure.
>>
>> Perhaps geographic region has something to so with SE results?
>
> Perhaps there's something in your browser that you don't know about?
> One of the things most valuable to the Bad Guys is misdirecting your
> searches to something that they control.
>
>> (or perhaps, the AI's are messing with me, as revenge for all those
>> nasty things I've said about them?)
>
> Well I've probably said very similar things about them, but I normally
> use 'startpage.com' which is basically just a wrapper around Google's
> search, purely to stop (some of the?) tracking. Just now I asked my
> wife to do exactly the same search because she normally uses the duck,
> and the first hit on her screen was the exact same link.
>
> Anyway - did any of this help?
>
> --
>
> 73,
> Ged.

Well, anything is possible. I could try another browser, I suppose,
but simply based on the search results I did get, none seem
malicious. On the surface at least.

The most reasonable thing, IMO, is the geographic bias the
search engines may have, intentional or not, seeing as you are in
UK and I in the US. Also possible is some SEO-ish thing going
on, in one form or another biasing results on past search patterns.

With regard original issue, I have gained some insight from all the
comments. Current thought is to pursue the clamav-milter route as,
at least, it seems current and likely to be maintained.

I won't be able give it much more attention till later today.

joe a.


_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

>> Hi there,
>>
>> On Sun, 21 Feb 2021, Joe Acquisto-j4 wrote:
>>> On Fri, 19 Feb 2021, G.W. Haywood wrote:
>>>
>>>> https://wiki.linuxquestions.org/wiki/Postfix_with_clamav-milter
>>>
>>> I used the same search text and did not turn up that link via google or
>>> duckduckgo. Did it just now to be sure.
>>>
>>> Perhaps geographic region has something to so with SE results?
>>
>> Perhaps there's something in your browser that you don't know about?
>> One of the things most valuable to the Bad Guys is misdirecting your
>> searches to something that they control.
>>
>>> (or perhaps, the AI's are messing with me, as revenge for all those
>>> nasty things I've said about them?)
>>
>> Well I've probably said very similar things about them, but I normally
>> use 'startpage.com' which is basically just a wrapper around Google's
>> search, purely to stop (some of the?) tracking. Just now I asked my
>> wife to do exactly the same search because she normally uses the duck,
>> and the first hit on her screen was the exact same link.
>>
>> Anyway - did any of this help?
>>
>> --
>>
>> 73,
>> Ged.
>
> Well, anything is possible. I could try another browser, I suppose,
> but simply based on the search results I did get, none seem
> malicious. On the surface at least.
>
> The most reasonable thing, IMO, is the geographic bias the
> search engines may have, intentional or not, seeing as you are in
> UK and I in the US. Also possible is some SEO-ish thing going
> on, in one form or another biasing results on past search patterns.
>
> With regard original issue, I have gained some insight from all the
> comments. Current thought is to pursue the clamav-milter route as,
> at least, it seems current and likely to be maintained.
>
> I won't be able give it much more attention till later today.
>
> joe a.
>

As it happens Suse Leap 15.2 has clamAV and ClamAV-milter provided
as was suggested earlier.

I think I followed and have stuff running. Working is another question.

While it seems to take noticeably longer for mail to flow though my stuff,
there is no other indication anything happened.

Nothing seems "new" in /var/log/mail and nothing is in /var/log/clamav-milter.log,
which I enabled, other than "started" each time I start, or restart, clamav-milter.service
(also provided by Suse).

Message headers give no indication mail was scanned either, despite having enabled
Addheader Add, in clamav-milter.conf.

"top" shows no increase in CPU usage by clamav-milter when mail is being provessed
while spamd does increase.

joe a.





_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Hi there,

On Sun, 21 Feb 2021, Joe Acquisto-j4 wrote:

> As it happens Suse Leap 15.2 has clamAV and ClamAV-milter provided
> as was suggested earlier.
>
> I think I followed and have stuff running. Working is another question.

A few simple checks:

1. Do you have the clamd daemon running? Is its logging configured?

2. Can you get clamd to reply to a PING? Here's my laptop talking to my
clamd server, you might want to use a Unix socket, or IP 127.0.0.1
and port 3310 depending on your configuration:

laptop3:~$ telnet 192.168.44.7 3313
Trying 192.168.44.7...
Connected to 192.168.44.7.
Escape character is '^]'.
PING
PONG
Connection closed by foreign host.
laptop3:~$

3. Can you scan things with the 'clamdscan' command? Note the 'd' in
'clamdscan'. Don't use 'clamscan', because that doesn't use clamd.

4. Is clamd logging anything? If you've set up logging in clamd.conf
it should log things when you scan with clamdscan,

5. Anything interesting in the Postfix logs? Can you increase the
logging verbosity?

6. What happens if you mail to yourself something containing the
EICAR test file? Check all your log files as well as looking
for mail headers etc.

7. Please also let us have the output of

clamconf -n

which with luck will be fewer than a hundred lines.

--

73,
Ged.

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

> Hi there,
>
> On Sun, 21 Feb 2021, Joe Acquisto-j4 wrote:
>
>> As it happens Suse Leap 15.2 has clamAV and ClamAV-milter provided
>> as was suggested earlier.
>>
>> I think I followed and have stuff running. Working is another question.
>
> A few simple checks:
>
> 1. Do you have the clamd daemon running? Is its logging configured?

clamd is running. I thought I read id does not have to be as calmd-milter is
capable of running mail scans without. But I could be mistaken.

Logging is enabled and is shows results of the PING test similar to below:

> 2. Can you get clamd to reply to a PING? Here's my laptop talking to my
> clamd server, you might want to use a Unix socket, or IP 127.0.0.1
> and port 3310 depending on your configuration:
>

Seems quite leisurely, but it does come back, eventually.

myhost:~ # clamd zPING
Sun Feb 21 18:34:45 2021 -> !TCP: Cannot bind to [127.0.0.1]:3310: Address already in use
Sun Feb 21 18:34:45 2021 -> !LOCAL: Socket file /var/run/clamav/clamd-socket is in use by another process.
Sun Feb 21 18:34:45 2021 -> *Closing the main socket.

I am a bit perplexed by this as I am pretty sure I had the port set correctly a while back. Well, gotta fix that
at least.

>
> 3. Can you scan things with the 'clamdscan' command? Note the 'd' in
> 'clamdscan'. Don't use 'clamscan', because that doesn't use clamd.

myhost:~ # clamdscan eicar.txt
/root/eicar.txt: lstat() failed: Permission denied. ERROR

>
> 4. Is clamd logging anything? If you've set up logging in clamd.conf
> it should log things when you scan with clamdscan,

If you mean clamd.log, see above.
If you mean clamavmilter.log it only logs that it started.

> 5. Anything interesting in the Postfix logs? Can you increase the
> logging verbosity?

Nothing "new" far as I can tell.

> 6. What happens if you mail to yourself something containing the
> EICAR test file? Check all your log files as well as looking
> for mail headers etc.

That has proven difficult as every place I have an email client out in
the great wilderness, has strict checking and blocks EICAR when
I try. Even ssh and telnet are blocked in the terminal sessions.
I have a pretty good relationship with one of them and they
will humor me from time to time, but, don't want to wear it out.

I've resorted to a site that purports to send EICAR test email
"as a public service" sort of thing, in the past.
.
> 7. Please also let us have the output of
>
> clamconf -n
>
> which with luck will be fewer than a hundred lines.
>

Checking configuration files in /etc

Config file: clamd.conf
-----------------------
LogFile = "/var/log/clamd.log"
LogTime = "yes"
LogClean = "yes"
LogSyslog = "yes"
LogFacility = "LOG_MAIL"
LogVerbose = "yes"
PidFile = "/var/run/clamav/clamd.pid"
LocalSocket = "/var/run/clamav/clamd-socket"
TCPSocket = "3310"
TCPAddr = "127.0.0.1"
User = "vscan"
DetectPUA = "yes"
HeuristicScanPrecedence = "yes"

Config file: freshclam.conf
---------------------------
LogTime = "yes"
LogSyslog = "yes"
LogFacility = "LOG_MAIL"
LogVerbose = "yes"
PidFile = "/var/run/clamav/freshclam.pid"
UpdateLogFile = "/var/log/freshclam.log"
DatabaseMirror = "database.clamav.net"

Config file: clamav-milter.conf
-------------------------------
LogFile = "/var/log/clamav-milter.log"
LogSyslog = "yes"
LogFacility = "LOG_MAIL"
PidFile = "/run/clamav/clamav-milter.pid"
ClamdSocket = "unix:/run/clamav/clamd-socket"
MilterSocket = "/run/clamav/clamav-milter-socket"
AddHeader = "Add"
LogClean = "Basic"

Software settings
-----------------
Version: 0.103.0
Optional features supported: MEMPOOL IPv6 AUTOIT_EA06 BZIP2 LIBXML2 PCRE2 ICONV JSON RAR

Database information
--------------------
Database directory: /var/lib/clamav
main.cvd: version 59, sigs: 4564902, built on Mon Nov 25 08:56:15 2019
bytecode.cld: version 332, sigs: 93, built on Wed Feb 17 16:06:23 2021
daily.cld: version 26087, sigs: 4008904, built on Sun Feb 21 07:10:19 2021
Total number of signatures: 8573899

Platform information
--------------------
uname: Linux 5.3.18-lp152.63-default #1 SMP Mon Feb 1 17:31:55 UTC 2021 (98caa86) x86_64
OS: linux-gnu, ARCH: x86_64, CPU: x86_64
zlib version: 1.2.11 (1.2.11), compile flags: a9
platform id: 0x0a2179790800000000070500

Build information
-----------------
GNU C: 7.5.0 (7.5.0)
CPPFLAGS:
CFLAGS: -fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -g -fstack-protector -fPIE -fno-strict-aliasing -DFP_64BIT -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64
CXXFLAGS: -fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -g -fstack-protector -fPIE -fno-strict-aliasing -std=gnu++98
LDFLAGS: -pie
Configure: '--host=x86_64-suse-linux-gnu' '--build=x86_64-suse-linux-gnu' '--program-prefix=' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib64' '--libexecdir=/usr/lib' '--localstatedir=/var' '--sharedstatedir=/var/lib' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--disable-dependency-tracking' '--disable-clamav' '--disable-static' '--with-dbdir=/var/lib/clamav' '--with-user=vscan' '--with-group=vscan' '--enable-milter' '--enable-check' '--enable-clamdtop' '--disable-zlib-vcheck' '--disable-timestamps' '--disable-yara' '--with-system-libmspack' 'build_alias=x86_64-suse-linux-gnu' 'host_alias=x86_64-suse-linux-gnu' 'CXXFLAGS=-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -g -fstack-protector -fPIE -fno-strict-aliasing -std=gnu++98' 'LDFLAG
S=-pie' 'CFLAGS=-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -g -fstack-protector -fPIE -fno-strict-aliasing -DFP_64BIT' 'PKG_CONFIG_PATH=:/usr/lib64/pkgconfig:/usr/share/pkgconfig'
sizeof(void*) = 8
Engine flevel: 121, dconf: 121


>
> 73,
> Ged.
>

Oh, I wonder if the OS upgrade grabbed the ports on the QT? I'll have to look into that.
After I look into how to look into that, if you get my drift. After a few months I need to
retrain the idle brain.

Also wondering in main.cf (postfix) is the only place I need to add Clamav directives.
master.cf has a spot for Spamassassin as a "filter" and commented out stuff for
amavis. So, my puzzlements grows more profound as . . . umm . . . something.

joe a.


_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

>> Hi there,
>>
>> On Sun, 21 Feb 2021, Joe Acquisto-j4 wrote:
. . .
>
>> 2. Can you get clamd to reply to a PING? Here's my laptop talking to my
>> clamd server, you might want to use a Unix socket, or IP 127.0.0.1
>> and port 3310 depending on your configuration:
>>
>
> Seems quite leisurely, but it does come back, eventually.
>
> myhost:~ # clamd zPING
> Sun Feb 21 18:34:45 2021 -> !TCP: Cannot bind to [127.0.0.1]:3310: Address
> already in use
> Sun Feb 21 18:34:45 2021 -> !LOCAL: Socket file /var/run/clamav/clamd-socket is
> in use by another process.
> Sun Feb 21 18:34:45 2021 -> *Closing the main socket.
>
> I am a bit perplexed by this as I am pretty sure I had the port set
> correctly a while back. Well, gotta fix that
> at least.

Turns out that is normal for the way I was trying to do it.

the "correct" way, one that works anyway is this:

"echo nPING | nc 127.0.0.1 3310
PONG"

>> 73,
>> Ged.
>>
>

joe a


_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Hi there,

On Sun, 21 Feb 2021, Joe Acquisto-j4 wrote:

> clamd is running. I thought I read it does not have to be as
> clamav-milter is capable of running mail scans without. But I could
> be mistaken.

If you did read that, whoever wrote it is mistaken. If you imagined
it, please try not to do that because it isn't helpful. Note that
it's called clamav-milter (I've taken the liberty correcting your
text) and it's more or less just an interface between an MTA and the
clamd daemon - although it is quite capable, for example it can offer
fault tolerance by handling clamd multiple daemons on multiple servers.

Its configuration and the configuration of the MTA are the first thing
we need to get right - they need to agree with each other, because the
configuration of the MTA tells the MTA how to talk to the milter, and
milter configuration tells the milter how to talk back to the MTA. So:

> Logging is enabled ...

That's good.

> myhost:~ # clamd zPING
> Sun Feb 21 18:34:45 2021 -> !TCP: Cannot bind to [127.0.0.1]:3310: Address already in use
> Sun Feb 21 18:34:45 2021 -> !LOCAL: Socket file /var/run/clamav/clamd-socket is in use by another process.
> Sun Feb 21 18:34:45 2021 -> *Closing the main socket.

This is confusing. What you've written there looks like you've given
the result on the screen of a command-line command. First off that
command line command is nonsense (read the 'man' page for clamd) and
secondly what comes after it is taken from the log. You need to be
clear about what you're doing. I was clear in my example PING that I
connected to the daemon by using 'telnet'. You should do the same, or
(as you discovered later) by piping through something like netcat,
socat, or whatever. The error message in the log from the clamd which
you tried to start at the command line with your 'clamd zPING' command
is simply the new clamd that you're trying to start trying to open the
port that's configured in clamd.conf and finding that there's already
something using that port. The something already using that port is
of course the running clamd daemon. I asked you to talk to the daemon,
not to try to start another one. You *can* start more clamd daemons,
but they each need to have their own unique communication channel, so
they each would need to have a separate file like clamd.conf - when I
run multiple daemons on the same box I have clamd1.conf, clamd2.conf,
and so on, with each daemon using a different port from the default.
You don't need multiplpe clamd daemons at this stage. Probably never.

>> 3. Can you scan things with the 'clamdscan' command? Note the 'd' in
>> 'clamdscan'. Don't use 'clamscan', because that doesn't use clamd.
>
> myhost:~ # clamdscan eicar.txt
> /root/eicar.txt: lstat() failed: Permission denied. ERROR

This is a kind of progress. Put the eicar.txt file in /tmp instead of
/root, with world read permissions, and try again.

>> 5. Anything interesting in the Postfix logs? Can you increase the
>> logging verbosity?
>
> Nothing "new" far as I can tell.

We'll look at the log verbosity later.

>> 6. What happens if you mail to yourself something containing the
>> EICAR test file? Check all your log files as well as looking
>> for mail headers etc.
>
> That has proven difficult as every place I have an email client out in
> the great wilderness, has strict checking and blocks EICAR ...

Can you not simply use your own mail server to send yourself mail??

> I've resorted to a site that purports to send EICAR test email
> "as a public service" sort of thing, in the past.

So did you try it? What happened?

>> 7. Please also let us have the output of
>>
>> clamconf -n

Unfortunately your configuration is rather a mess.

> Config file: clamd.conf
> -----------------------
> ...
> PidFile = "/var/run/clamav/clamd.pid"
> LocalSocket = "/var/run/clamav/clamd-socket"

In passing I note the PID file is under /var/run/. We'll come back to
that later. Because clamd is supposed to be talking to clamav-milter,
the local socket above needs to be exactly the same in clamd.conf as
it is in clamav-milter.conf (er, you might say, obviously). It isn't.

> TCPSocket = "3310"
> TCPAddr = "127.0.0.1"

If everything is on the same machine, all the processes can use local
(Unix-type) sockets to talk to each other. That means you don't need
TCP sockets, which use a completely different communication technology
(in fact the same TCP/IP which you use for email, browsing etc. etc.).
So the TCPxxx settings might not be needed, but they're useful (they
have already been useful to us) e.g. for testing and investigation.

Anyway (1) you need to tell the different processes consistent things,
so that they aren't talking to a brick wall; (2) just because you have
a process listening on a port, doesn't necessarily mean that you have
to be using that port; and (3) open TCP ports that you aren't using
can be a security issue. So if you use clamd carelessly, you might be
a bigger threat to your system than the Bad Guys are because you might
be giving them an easy way in. There is no security on the clamd port
so anyone who can connect to port 3310 can for example tell clamd to
shut down. And as it's greater than 1024, *anyone* can connect to it.

> ...
> User = "vscan"
> ...

You will probably want the 'vscan' user to be able to read anything
that you want to scan. This user probably can't read a file in /root
for example, which is why I suggest putting the file in /tmp (which is
very likely to have world read permission) and making sure that the
file itself has world read permission.

> Config file: freshclam.conf
> ---------------------------
> ...
> PidFile = "/var/run/clamav/freshclam.pid"

In passing I note the PID file is under /var/run/, we'll come back to
that very soon.

> ...
> Config file: clamav-milter.conf
> -------------------------------
> ...
> PidFile = "/run/clamav/clamav-milter.pid"

I note the PID file is under /run/ and we've now come back to that.
Why is this PID file under /run/ when the others are under /var/run/?
It isn't necessarily wrong but it's likely to cause confusion, and you
evidently have quite enough of that already. If you can inject some
consistency into the configuration you'll find it all a lot easier.

> ClamdSocket = "unix:/run/clamav/clamd-socket"

This should be the same socket that you have configured in the clamd
daemon. It isn't, so the milter can't talk to the daemon.

> MilterSocket = "/run/clamav/clamav-milter-socket"

This should be the same socket that you have configured in MTA (that
is, in your case, Postfix). I don't know if it is because I can't see
what you've got in main.cf for the milter connection. Is it the same?

> Version: 0.103.0

Fine.

> Database information

Looks good.

> Oh, I wonder if the OS upgrade grabbed the ports on the QT?

Nope.

> After I look into how to look into that, if you get my drift. After
> a few months I need to retrain the idle brain.

If you're going to run your own mail server, ALL this stuff needs to
be at your fingertips. If it isn't, you're just going to be getting
in your own way (and in everyone else's way).

> Also wondering in main.cf (postfix) is the only place I need to add
> Clamav directives. master.cf has a spot for Spamassassin as a
> "filter" and commented out stuff for amavis.

https://www.oreilly.com/library/view/postfix-the-definitive/0596002122/ch04s05.html

Don't forget that I don't use Postfix, so check everything I've said
is right for your installation. There may well be little quirks with
Postfix that I don't know about. It's all very similar with the MTA
that I do use (Sendmail) but I can't be quite so sure with Postfix as
I can with Sendmail.

Fundamentally you need Postfix to know how to talk to clamav-milter,
clamav-milter to know how to talk to clamd, and the same in the other
direction; clamd needs to know how to talk to clamav-milter, and the
milter needs to know how to talk to Postfix. That's more or less all
there is to it as far as the communications between the processes is
concerned, but then you have to configure it all to do what you want
it to do of course. I see that you've started on that already with
things like detecting PUAs.

--

73,
Ged.

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

On 22/02/2021 21:59, G.W. Haywood via clamav-users wrote:
[SNIP]
>
> If you're going to run your own mail server, ALL this stuff needs to
> be at your fingertips.  If it isn't, you're just going to be getting
> in your own way (and in everyone else's way).
>
>> Also wondering in main.cf (postfix) is the only place I need to add
>> Clamav directives.  master.cf has a spot for Spamassassin as a
>> "filter" and commented out stuff for amavis.
>
> https://www.oreilly.com/library/view/postfix-the-definitive/0596002122/ch04s05.html
>
>
> Don't forget that I don't use Postfix, so check everything I've said
> is right for your installation.  There may well be little quirks with
> Postfix that I don't know about.  It's all very similar with the MTA
> that I do use (Sendmail) but I can't be quite so sure with Postfix as
> I can with Sendmail.
>
> Fundamentally you need Postfix to know how to talk to clamav-milter,
> clamav-milter to know how to talk to clamd, and the same in the other
> direction; clamd needs to know how to talk to clamav-milter, and the
> milter needs to know how to talk to Postfix.  That's more or less all
> there is to it as far as the communications between the processes is
> concerned, but then you have to configure it all to do what you want
> it to do of course.  I see that you've started on that already with
> things like detecting PUAs.
>

The canonical information on how to use milters in Postfix is in the
Postfix source tree: README_FILES/MILTER_README. There's also an HTML
version.

And I would also second the Dove book Ged links to above, if you are
about to start fiddling with Postfix configuration. It's old, but it's
probably the most complete, and of course, when in doubt look at the
source, <http://www.postfix.org/> has a lot of resources.

Cheers,
Gary B-)

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

. .
>> 3. Can you scan things with the 'clamdscan' command? Note the 'd' in
>> 'clamdscan'. Don't use 'clamscan', because that doesn't use clamd.
>
> myhost:~ # clamdscan eicar.txt
> /root/eicar.txt: lstat() failed: Permission denied. ERROR
>
>>

Well an obvious issue, rights. I had the test file in root
which the clamd service could not access (yet ?)

After doing this as a quick test

myhost:~ # cp eicar.txt /etc/

then this worked::

myhost:~ # clamdscan /etc/eicar.txt
/etc/eicar.txt: Eicar-Signature FOUND

----------- SCAN SUMMARY -----------
Infected files: 1
Time: 0.637 sec (0 m 0 s)
Start Date: 2021:02:21 23:32:56
End Date: 2021:02:21 23:32:57

Tune out tomorrow as more of the same twaddle is likely
to post.

joe a.


_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml