I know theres many posts and sites that talk about integrating and installing configuring RHE, Mailscanner, clamav, spamassasin, cpanel to work together. The problem is most of those posts seem outdated, or are pages long with extra information that is not needed.
I was wondering if someone could point me to a install tutorial that will work and has been tested to work for integrating recent versions of: RHE, Mailscanner, clamav, spamassasin, cpanel.
Thank you in advance for your replies. All help and replies are appreciated:D
Full Version: RHE, Mailscanner, clamav, spamassasin, cpanel???
Spamassasin is installed with Cpanel/WHM and you could enable or disable it through WHM. I am sure that verson is quite updated.
I did install the Mailscanner from http://layer1.cpanel.net/ and it actually did alert me of the MyDoom virus in the emails which came to me. So I guess it is better than nothing.
To install mailscanner, just SSH into your server and type
Well, prior to typing install, you need to navigate to the directory in which mailscanner is untarred in.
That should do the trick.
For SpamAssassin, go to Tweak Settings in WHM and check SpamAssassin. Then go to Service Manager and check spamd. Once you are done with that, you should have SpamAssassin enabled.
I am using Redhat 9 but I guess the antivirus has nothing to do with the OS. [/quote]
I did install the Mailscanner from http://layer1.cpanel.net/ and it actually did alert me of the MyDoom virus in the emails which came to me. So I guess it is better than nothing.
To install mailscanner, just SSH into your server and type
CODE
wget http://layer1.cpanel.net/mailscanner-autoinstall-1.5.tar.gz
tar zxf mailscanner-autoinstall-1.5.tar.gz
./install
tar zxf mailscanner-autoinstall-1.5.tar.gz
./install
Well, prior to typing install, you need to navigate to the directory in which mailscanner is untarred in.
That should do the trick.
For SpamAssassin, go to Tweak Settings in WHM and check SpamAssassin. Then go to Service Manager and check spamd. Once you are done with that, you should have SpamAssassin enabled.
I am using Redhat 9 but I guess the antivirus has nothing to do with the OS. [/quote]
Can anyone also post how to Uninstall Mailscanner, for a person like me who has only 1 box to work, test, deploy uptime gets very critical and I would definately like to roll back the installation in case of any error. I have seen it in the posts and experienced it on a RAQ that the Mailscanner slows down the outgoing mails due to Que issues, has anyone experienced this on Rh/Exim/Cpanel box
Additionally, it would be excellent if someone could also post a howto for integrating CLAM with mainscanner.
I have been told EXISCAN is the recommended mailscanner/AV for EXIM a howto on that would be brilliant, there is one available on http://www.timj.co.uk/linux/Exim-SpamAndVi...rusScanning.pdf but for a non-guru like me it gets a bit confusing loads of topics are discussed in it, I would like to focus on Exiscan+CLAM or Mailscanner+CLAM since spamassassin is already available with Cpanel.
Additionally, it would be excellent if someone could also post a howto for integrating CLAM with mainscanner.
I have been told EXISCAN is the recommended mailscanner/AV for EXIM a howto on that would be brilliant, there is one available on http://www.timj.co.uk/linux/Exim-SpamAndVi...rusScanning.pdf but for a non-guru like me it gets a bit confusing loads of topics are discussed in it, I would like to focus on Exiscan+CLAM or Mailscanner+CLAM since spamassassin is already available with Cpanel.
run the uninstall script that came with the cpanel version to uninstall Mailscanner
./uninstall
./uninstall
QUOTE (kamil)
Additionally, it would be excellent if someone could also post a howto for integrating CLAM with mainscanner.
The one from layer1 comes with clam and everything pre-configured, you just type ./install and it done.
hmmm what if i already have clamav installed? Do i need to uninstall it, before i install the package from layer1?
Thanks! Excellent help guys, I installed Mailscanner and it seems to be working!, can anyone post how I can change options, Add text in the notification email, how do I forward / access a mail from Qurantine, switch on / off the notifications, purge the viral attachments instead of storing em in the qurantine and cleaning the qurantine.
Thanks once again
Thanks once again
QUOTE (damainman)
hmmm what if i already have clamav installed? Do i need to uninstall it, before i install the package from layer1?
no you don't just run ./install and let it finish and then everything it needs will be installed
nice
Thanks
Thanks
If i reboot my server does mailscanner start automatically.. or do i need to manually start it?
After installing this.. i now see this:
//root/mailscanner-autoinstall-1.5/clamav-0.60.tar.gz: ClamAV-Test-Signature FOUND
//root/mailscanner-autoinstall-1.5/clamav-0.60/test/test1: ClamAV-Test-Signature FOUND
//root/mailscanner-autoinstall-1.5/clamav-0.60/test/test1.bz2: ClamAV-Test-Signature FOUND
//root/mailscanner-autoinstall-1.5/clamav-0.60/test/test2.zip: ClamAV-Test-Signature FOUND
//root/mailscanner-autoinstall-1.5/clamav-0.60/test/test3.rar: ClamAV-Test-Signature FOUND
//root/mailscanner-autoinstall-1.5/clamav-0.60/test/test2.badext: ClamAV-Test-Signature FOUND
//usr/local/cpanel/src/3rdparty/gpl/mailman-2.1.2/tests/msgs/nimda.txt: Exploit.IFrame.Gen FOUND
//usr/local/cpanel/src/3rdparty/gpl/mailman-2.1.3/tests/msgs/nimda.txt: Exploit.IFrame.Gen FOUND
//usr/local/cpanel/3rdparty/mailman/tests/msgs/nimda.txt: Exploit.IFrame.Gen FOUND
//backup/cpbackup/daily/dirs/_usr_local_cpanel_3rdparty_mailman/tests/msgs/nimda.txt: Exploit.IFrame.Gen FOUND
//backup/cpbackup/weekly/dirs/_usr_local_cpanel_3rdparty_mailman/tests/msgs/nimda.txt: Exploit.IFrame.Gen FOUND
//backup/cpbackup/monthly/dirs/_usr_local_cpanel_3rdparty_mailman/tests/msgs/nimda.txt: Exploit.IFrame.Gen FOUND
Are those normal.. wat should i do?
//root/mailscanner-autoinstall-1.5/clamav-0.60.tar.gz: ClamAV-Test-Signature FOUND
//root/mailscanner-autoinstall-1.5/clamav-0.60/test/test1: ClamAV-Test-Signature FOUND
//root/mailscanner-autoinstall-1.5/clamav-0.60/test/test1.bz2: ClamAV-Test-Signature FOUND
//root/mailscanner-autoinstall-1.5/clamav-0.60/test/test2.zip: ClamAV-Test-Signature FOUND
//root/mailscanner-autoinstall-1.5/clamav-0.60/test/test3.rar: ClamAV-Test-Signature FOUND
//root/mailscanner-autoinstall-1.5/clamav-0.60/test/test2.badext: ClamAV-Test-Signature FOUND
//usr/local/cpanel/src/3rdparty/gpl/mailman-2.1.2/tests/msgs/nimda.txt: Exploit.IFrame.Gen FOUND
//usr/local/cpanel/src/3rdparty/gpl/mailman-2.1.3/tests/msgs/nimda.txt: Exploit.IFrame.Gen FOUND
//usr/local/cpanel/3rdparty/mailman/tests/msgs/nimda.txt: Exploit.IFrame.Gen FOUND
//backup/cpbackup/daily/dirs/_usr_local_cpanel_3rdparty_mailman/tests/msgs/nimda.txt: Exploit.IFrame.Gen FOUND
//backup/cpbackup/weekly/dirs/_usr_local_cpanel_3rdparty_mailman/tests/msgs/nimda.txt: Exploit.IFrame.Gen FOUND
//backup/cpbackup/monthly/dirs/_usr_local_cpanel_3rdparty_mailman/tests/msgs/nimda.txt: Exploit.IFrame.Gen FOUND
Are those normal.. wat should i do?
there normal I'm not sure what they are but I saw a post about this on cpanel.net and they said it's nothing to worry about it's all good 
OK Guys, this things really works, 1200 Virus Infected emails in 8 hours WOW,
but
I am getting suspicious, I dont think my users get so many mails every day BUT when I dug into for one of my accounts I see 84 Mailscanner notifications to the Administrator for that user and the user mailbox doesnot have more than 1 notification from mailscanner so where did the other mails go? SpamAssassin got em as spam and dumped em in the spam Box WOW AGAIN
now
I am starting to get worried about the qurantine can anyone please post if there is a specific way of cleaning the Qurantine Server-wide or maybe setup a cron-job etc.
but
I am getting suspicious, I dont think my users get so many mails every day BUT when I dug into for one of my accounts I see 84 Mailscanner notifications to the Administrator for that user and the user mailbox doesnot have more than 1 notification from mailscanner so where did the other mails go? SpamAssassin got em as spam and dumped em in the spam Box WOW AGAIN
now
I am starting to get worried about the qurantine can anyone please post if there is a specific way of cleaning the Qurantine Server-wide or maybe setup a cron-job etc.
I have the mail quarantine disabled (i.e. bad stuff gets deleted), saves any problems
QUOTE (kamil)
OK Guys, this things really works, 1200 Virus Infected emails in 8 hours WOW,
How can i see how many infected emails i got?
Anyone wanna squish these annoying email virus' for me?
All of these emails Mailscanner is sending me telling me another virus has been detected is getting old. Probably 99% of them are the same thing. I'd shut the admin notice off, but I would like to get a daily summary or other notices, just not 100's every day filling up my mailbox with the same thing. It looks like this one is actually creating email addresses to domains because 95% of them are not actual email addresses. Interestingly though, only 1 of my personal domains out of a dozen or so is actually affected and it's the one I use primarily for email subscriptions. I didn't subscribe to virus' though! ugh. Actually, the email address that was primarily affected wasn't the subscription address though. In fact, it's an email address of the same domain that I haven't used in ages and had primarily used for a short period of time while I was doing some custom ASP programming.
I finally realized that maybe I should shut off sender notices and created a blackhole for non-existent addresses so the sender hopefully doesn't get a notice from the virus scanner or one about a non-existant email. I figure that may help stop the virus from propogating, but not sure what else to do. Any ideas? Is there a way to dispose of any non-existant email address's email before it's scanned so I don't have to see virus scans for addresses that aren't even there?
All of these emails Mailscanner is sending me telling me another virus has been detected is getting old. Probably 99% of them are the same thing. I'd shut the admin notice off, but I would like to get a daily summary or other notices, just not 100's every day filling up my mailbox with the same thing. It looks like this one is actually creating email addresses to domains because 95% of them are not actual email addresses. Interestingly though, only 1 of my personal domains out of a dozen or so is actually affected and it's the one I use primarily for email subscriptions. I didn't subscribe to virus' though! ugh. Actually, the email address that was primarily affected wasn't the subscription address though. In fact, it's an email address of the same domain that I haven't used in ages and had primarily used for a short period of time while I was doing some custom ASP programming.
I finally realized that maybe I should shut off sender notices and created a blackhole for non-existent addresses so the sender hopefully doesn't get a notice from the virus scanner or one about a non-existant email. I figure that may help stop the virus from propogating, but not sure what else to do. Any ideas? Is there a way to dispose of any non-existant email address's email before it's scanned so I don't have to see virus scans for addresses that aren't even there?
Ditto with me
QUOTE (alex042)
I finally realized that maybe I should shut off sender notices and created a blackhole for non-existent addresses so the sender hopefully doesn't get a notice from the virus scanner or one about a non-existant email. I figure that may help stop the virus from propogating, but not sure what else to do. Any ideas? Is there a way to dispose of any non-existant email address's email before it's scanned so I don't have to see virus scans for addresses that aren't even there?
where and how did you set up the blackhole for non-existent addys?
QUOTE
where and how did you set up the blackhole for non-existent addys?
Forward to :blackhole: to trash all incoming unrouted mail.
Forward to :fail: no such address here to bounce it.
i realise about :blackhole and :fail but where are you setting these up on???
on the server's root address? in mailscanner.conf or somewhere else?
on the server's root address? in mailscanner.conf or somewhere else?
Actually, I just set this up from cpanel for the specific domain that I was having issues with. I also set mailscanner.conf to NOT notify sender of virus's they may have sent.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.