4-D: QMAIL-SCANNER
You have to install every filter before installing qmail-scanner.
groupadd qscand
useradd -g qscand -d /nonexistent -s /sbin/nologin -p'*' qscand
usermod -G qscand clamav
/etc/init.d/clamav-daemon restart
/etc/init.d/clamav-freshclam restart
#You may get some errors but it's ok
#You will need:
apt-get install maildrop tnef sharutils unzip
#Remove unnecesary dependencies:
apt-get remove exim4-base exim4
#In case apt-get screws up...
rm /usr/sbin/sendmail
ln -s /var/qmail/bin/sendmail /usr/sbin/sendmail
apt-get install perl-doc perl-suid
cd /usr/src/
mkdir qmailscanner
cd qmailscanner/
wget http://prdownloads.sourceforge.net/qmail-scanner/qmail-scanner-2.08.tgz?...
gunzip qmail-scanner-2.08.tgz
tar -xpf qmail-scanner-2.08.tar
cd qmail-scanner-2.08/
./configure \
--notify psender \
--domain mail.domain.com \
--sa-timeout 180 \
--local-domains mail.domain.com,mail.domain2.com,etc \
--sa-maxsize 10240000 \
--sa-quarantine 3 \
--add-dscr-hdrs yes
#Verify everything and then run
./configure \
--notify psender \
--domain mail.domain.com \
--sa-timeout 180 \
--local-domains mail.domain.com,mail.domain2.com,etc \
--sa-maxsize 10240000 \
--sa-quarantine 3 \
--add-dscr-hdrs yes \
--install
grep -v "^$" /var/spool/qscan/quarantine-events.txt | grep -v "^#"
#You have to comment as follows:
nano /var/spool/qscan/quarantine-events.txt
-----------------------------------------------------
#Happy99.exe SIZE=10000 Happy99 Trojan virus
#zipped_files.exe SIZE=120495 W32/ExploreZip.worm.pak virus
#ILOVEYOU Policy-Subject: Love Letter Virus/Trojan
#ZVDOHYIK@yahoo.com|udtzqccc@yahoo.com|DTCELACB@yahoo.com|I1MCH2TH@yahoo.com|WPADJQ12@yahoo.com|smr@eurosport.com|bgnd2@canada.com|muwripa@fairesuivre.com|eccles@ballsy.net|S_Mentis@mail-x-change.com|YJPFJTGZ@excite.com|JGQZCD@excite.com|XHZJ3@excite.com|OZUNYLRL@excite.com|tsnlqd@excite.com|cxkawog@krovatka.net|ssdn@myrealbox.com Policy-To: BadTrans Trojan virus
-----------------------------------------------------
#WITHOUT CLOSING ADD THIS LINES
-----------------------------------------------------
.exe SIZE=-1 .EXE executable attachments disallowed, please compress your file. / No se permiten adjunto de ejecutables .EXE, por favor comprima su archivo.
-----------------------------------------------------
#NOW SAVE AND CLOSE
grep -v "^$" /var/spool/qscan/quarantine-events.txt | grep -v "^#"
#Let's regenerate the rules then...
/var/qmail/bin/qmail-scanner-queue.pl -g
nano /var/qmail/bin/qmail-scanner-queue.pl
#We have to modify according to our domain
-----------------------------------------------------
#From: line information used when making reports
my $V_FROM='postmaster@domain.com';
my $V_FROMNAME='DOMAIN's Mail Filter';
-----------------------------------------------------
my $spamc_subject='***SPAM***';
-----------------------------------------------------
### SAVE AND CLOSE
#Now we have to tell qmail to use this queue..
nano /var/qmail/supervise/qmail-smtpd/run
#ADD THE FOLLOWING JUST AFTER REQUIRE_AUTH
-----------------------------------------------------
QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl" ; export QMAILQUEUE
-----------------------------------------------------
nano /var/qmail/supervise/qmail-smtpd-ssl/run
-----------------------------------------------------
QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl" ; export QMAILQUEUE
-----------------------------------------------------
qmailctl stop
qmailctl start
#You may want to configure log rotate for qmailscanner...cd /etc/logrotate.d/
ll
cp apache2 qmail-scanner
ll
echo > qmail-scanner
nano qmail-scanner
#delete all content and paste:
==============================================================
/var/spool/qscan/*.log {
weekly
rotate 5
nocompress
create 0660 qscand qscand
size=100M
}
==============================================================