4-D: QMAIL-SCANNER

You have to install every filter before installing qmail-scanner.

groupadd qscand
useradd -g qscand -d /nonexistent -s /sbin/nologin -p'*' qscand
usermod -G qscand clamav
/etc/init.d/clamav-daemon restart
/etc/init.d/clamav-freshclam restart

#You may get some errors but it's ok

#You will need:

apt-get install maildrop tnef sharutils unzip

#Remove unnecesary dependencies:

apt-get remove exim4-base exim4

#In case apt-get screws up...

rm /usr/sbin/sendmail

ln -s /var/qmail/bin/sendmail /usr/sbin/sendmail

apt-get install perl-doc perl-suid

cd /usr/src/
mkdir qmailscanner
cd qmailscanner/
wget http://prdownloads.sourceforge.net/qmail-scanner/qmail-scanner-2.08.tgz?...
gunzip qmail-scanner-2.08.tgz
tar -xpf qmail-scanner-2.08.tar
cd qmail-scanner-2.08/

./configure \
--notify psender \
--domain mail.domain.com \
--sa-timeout 180 \
--local-domains mail.domain.com,mail.domain2.com,etc \
--sa-maxsize 10240000 \
--sa-quarantine 3 \
--add-dscr-hdrs yes

#Verify everything and then run

./configure \
--notify psender \
--domain mail.domain.com \
--sa-timeout 180 \
--local-domains mail.domain.com,mail.domain2.com,etc \
--sa-maxsize 10240000 \
--sa-quarantine 3 \
--add-dscr-hdrs yes \
--install

grep -v "^$" /var/spool/qscan/quarantine-events.txt | grep -v "^#"

#You have to comment as follows:

nano /var/spool/qscan/quarantine-events.txt

-----------------------------------------------------
#Happy99.exe        SIZE=10000    Happy99 Trojan virus
#zipped_files.exe    SIZE=120495    W32/ExploreZip.worm.pak virus
#ILOVEYOU        Policy-Subject:    Love Letter Virus/Trojan
#ZVDOHYIK@yahoo.com|udtzqccc@yahoo.com|DTCELACB@yahoo.com|I1MCH2TH@yahoo.com|WPADJQ12@yahoo.com|smr@eurosport.com|bgnd2@canada.com|muwripa@fairesuivre.com|eccles@ballsy.net|S_Mentis@mail-x-change.com|YJPFJTGZ@excite.com|JGQZCD@excite.com|XHZJ3@excite.com|OZUNYLRL@excite.com|tsnlqd@excite.com|cxkawog@krovatka.net|ssdn@myrealbox.com    Policy-To:    BadTrans Trojan virus
-----------------------------------------------------

#WITHOUT CLOSING ADD THIS LINES

-----------------------------------------------------
.exe    SIZE=-1    .EXE executable attachments disallowed, please compress your file. / No se permiten adjunto de ejecutables .EXE, por favor comprima su archivo.
-----------------------------------------------------

#NOW SAVE AND CLOSE

grep -v "^$" /var/spool/qscan/quarantine-events.txt | grep -v "^#"

#Let's regenerate the rules then...

/var/qmail/bin/qmail-scanner-queue.pl -g

nano /var/qmail/bin/qmail-scanner-queue.pl

#We have to modify  according to our domain

-----------------------------------------------------
#From: line  information used when making reports
my $V_FROM='postmaster@domain.com';
my $V_FROMNAME='DOMAIN's Mail Filter';
-----------------------------------------------------
my $spamc_subject='***SPAM***';
-----------------------------------------------------

### SAVE AND CLOSE

#Now we have to tell qmail to use this queue..

nano /var/qmail/supervise/qmail-smtpd/run

#ADD THE FOLLOWING JUST AFTER REQUIRE_AUTH

-----------------------------------------------------
QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl" ; export QMAILQUEUE
-----------------------------------------------------

nano /var/qmail/supervise/qmail-smtpd-ssl/run

-----------------------------------------------------
QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl" ; export QMAILQUEUE
-----------------------------------------------------

qmailctl stop
qmailctl start
 

#You may want to configure log rotate for qmailscanner...cd /etc/logrotate.d/
ll
cp apache2 qmail-scanner
ll
echo > qmail-scanner
nano qmail-scanner

#delete all content and paste:

==============================================================

/var/spool/qscan/*.log {
weekly
rotate 5
nocompress
create 0660 qscand qscand
size=100M
}

==============================================================