CentOS 7
Sponsored Link

Postfix + Clamav + Amavisd
2014/09/26
 
Configure Virus-Scanning with Postfix + Clamav.
[1]
[2] Install Amavisd and Clamav Server, and start Clamav Server first.
# install from EPEL

[root@mail ~]#
yum --enablerepo=epel -y install amavisd-new clamav-scanner clamav-scanner-systemd
[root@mail ~]#
vi /etc/clamd.d/scan.conf
# line 8: comment out

#
Example
# line 14: uncomment

LogFile /var/log/clamd.scan
# line 66: uncomment

PidFile /var/run/clamd.scan/clamd.pid
# line 70: uncomment

TemporaryDirectory /var/tmp
# line 85: uncomment

LocalSocket /var/run/clamd.scan/clamd.sock
# line 101: uncomment

TCPSocket 3310
[root@mail ~]#
touch /var/log/clamd.scan

[root@mail ~]#
chown clamscan. /var/log/clamd.scan

[root@mail ~]#
systemctl start clamd@scan

[root@mail ~]#
systemctl enable clamd@scan

[3] If SELinux is enabled, change policy like follows. (to start clamd@scan)
[root@mail ~]#
restorecon -v /var/log/clamd.scan

[root@mail ~]#
setsebool -P antivirus_can_scan_system on

[4] Configure Amavisd.
[root@mail ~]#
vi /etc/amavisd/amavisd.conf
# line 20: change to own domain name

$mydomain = '
srv.world
';
# line 152: change to the own hostname

$myhostname = '
mail.srv.world
';
# line 154: uncomment

$notify_method = 'smtp:[127.0.0.1]:10025';
$forward_method = 'smtp:[127.0.0.1]:10025';
# line 384: change

\&ask_daemon, ["CONTSCAN {}\n", "
/var/run/clamd.scan/clamd.sock
"],
[root@mail ~]#
systemctl start amavisd spamassassin

[root@mail ~]#
systemctl enable amavisd spamassassin

[5] Configure Postfix.
[root@mail ~]#
vi /etc/postfix/main.cf
# add to the end

content_filter=smtp-amavis:[127.0.0.1]:10024
[root@mail ~]#
vi /etc/postfix/master.cf
# add to the end

smtp-amavis unix -    -    n    -    2 smtp
    -o smtp_data_done_timeout=1200
    -o smtp_send_xforward_command=yes
    -o disable_dns_lookups=yes
127.0.0.1:10025 inet n    -    n    -    - smtpd
    -o content_filter=
    -o local_recipient_maps=
    -o relay_recipient_maps=
    -o smtpd_restriction_classes=
    -o smtpd_client_restrictions=
    -o smtpd_helo_restrictions=
    -o smtpd_sender_restrictions=
    -o smtpd_recipient_restrictions=permit_mynetworks,reject
    -o mynetworks=127.0.0.0/8
    -o strict_rfc821_envelopes=yes
    -o smtpd_error_sleep_time=0
    -o smtpd_soft_error_limit=1001
    -o smtpd_hard_error_limit=1000

[root@mail ~]#
systemctl restart postfix

[6] It' OK all.
These lines below are added in the header section of emails after this configuration and emails with known Virus will not sent to Clients.
 
Tweet