Mailscanner UNOFFICIAL package for pfSense 2.3.x

marcelloc

Try on console to execute freshclam

mbassan

I got this error

[2.3.4-RELEASE][admin@ids-pf.medidati.org]/root: freshclam
ERROR: Can't open /var/log/clamav/freshclam.log in append mode (check permissions!).
ERROR: Problem with internal logger (UpdateLogFile = /var/log/clamav/freshclam.log).

[2.3.4-RELEASE][admin@ids-pf.medidati.org]/var/log/clamav: cat freshclam.log
–------------------------------------
ClamAV update process started at Tue Jun 13 13:18:30 2017
Downloading main.cvd [100%]
main.cvd updated (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr)
Downloading daily.cvd [100%]
daily.cvd updated (version: 23469, sigs: 1736809, f-level: 63, builder: neo)
Downloading bytecode.cvd [100%]
bytecode.cvd updated (version: 303, sigs: 59, f-level: 63, builder: anvilleg)
Database updated (6303117 signatures) from database.clamav.net (IP: 90.147.160.69)
WARNING: Clamd was NOT notified: Can't connect to clamd through /var/run/clamav/clamd.sock: No such file or directory
[2.3.4-RELEASE][admin@ids-pf.medidati.org]/var/log/clamav:

marcelloc

@mbassan:

WARNING: Clamd was NOT notified: Can't connect to clamd through /var/run/clamav/clamd.sock: No such file or directory
[2.3.4-RELEASE][admin@ids-pf.medidati.org]/var/log/clamav:

This means that the daemon was stopped when freshclam finished. Did you tried to start it again after freshclam udpate?

mbassan

Great ! It has started, thaks a lot

healperci

I installed the package, but don't know where to start

I have this two configs for the same firewall:

external mail server <– internal clients

External mail server -->Internal server

that i want to filter is possible to proxy this config??.

Thanks a lot nice package.

logdog

2.4.2-RELEASE-p1 (amd64)
built on Tue Dec 12 13:45:26 CST 2017
FreeBSD 11.1-RELEASE-p6

[2.4.2-RELEASE][admin@pfSense.corp]/root: sh ./install_mailscanner_23.sh
fetch: /ConfigDefs.pl.patch: No such file or directory
Hmm… I can't seem to find a patch in there anywhere.
fetch: /Message.pm.patch: No such file or directory
Hmm... I can't seem to find a patch in there anywhere.
fetch: /SweepContent.pm.patch: No such file or directory
Hmm... I can't seem to find a patch in there anywhere.

Bismarck

ClamAV – multiple vulnerabilities

https://forum.pfsense.org/index.php?topic=143316.0

jdeloach

Any plans to update Mailscanner for pfSense 2.4.x?

Bismarck

@logdog:

2.4.2-RELEASE-p1 (amd64)
built on Tue Dec 12 13:45:26 CST 2017
FreeBSD 11.1-RELEASE-p6

[2.4.2-RELEASE][admin@pfSense.corp]/root: sh ./install_mailscanner_23.sh
fetch: /ConfigDefs.pl.patch: No such file or directory
Hmm… I can't seem to find a patch in there anywhere.
fetch: /Message.pm.patch: No such file or directory
Hmm... I can't seem to find a patch in there anywhere.
fetch: /SweepContent.pm.patch: No such file or directory
Hmm... I can't seem to find a patch in there anywhere.

@jdeloach:

Any plans to update Mailscanner for pfSense 2.4.x?

You can try this script, it should work with pfSense 2.4 and Mailscanner v5

#!/bin/sh

# *
# * install_mailscanner_24.sh
# *
# * part of unofficial packages for pfSense(R) software
# * Copyright (c) 2011-2017 Marcello Coutinho
# * All rights reserved.
# *
# * Licensed under the Apache License, Version 2.0 (the "License");
# * you may not use this file except in compliance with the License.
# * You may obtain a copy of the License at
# *
# * http://www.apache.org/licenses/LICENSE-2.0
# *
# * Unless required by applicable law or agreed to in writing, software
# * distributed under the License is distributed on an "AS IS" BASIS,
# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# * See the License for the specific language governing permissions and
# * limitations under the License.

ASSUME_ALWAYS_YES=YES
export ASSUME_ALWAYS_YES

if [ "$(cat /etc/version | cut -c 1-3)" == "2.4" ]; then
prefix=https://raw.githubusercontent.com/marcelloc/Unofficial-pfSense-packages/master/pkg-mailscanner/files

check_service_file=check_mailscanner_service.php
fetch -q -o /root/$check_service_file $prefix/$check_service_file

# /usr/local files

for file in 	www/mailscanner_about.php pkg/mailscanner.conf.template pkg/mailscanner.xml pkg/mailscanner_antispam.xml \
		pkg/mailscanner_attachments.xml pkg/mailscanner_report.xml pkg/mailscanner.inc pkg/mailscanner_alerts.xml \
		pkg/mailscanner_antivirus.xml pkg/mailscanner_content.xml pkg/mailscanner_sync.xml \
		www/shortcuts/pkg_mailscanner.inc bin/sa-updater-custom-channels.sh bin/sa-wrapper.pl
do
	echo "fetching  /usr/local/$file from github"
	fetch -q -o /usr/local/$file $prefix/usr/local/$file
done

# Enable freebsd Repo
repo_dir=/root/repo.bkp
mkdir -p $repo_dir
rm -f $repo_dir/*conf
cp /usr/local/etc/pkg/repos/*conf $repo_dir
sed -i "" -E "s/(FreeBSD.*enabled:) no/\1 yes/" /usr/local/etc/pkg/repos/*conf

#fix permission
chmod +x /usr/local/bin/sa-updater-custom-channels.sh
chmod +x /usr/local/bin/sa-wrapper.pl

# Install mailscanner package
# pkg lock pkg
pkg update
pkg install mailscanner bash dcc-dccd spamassassin p7zip rsync

# restore repository configuration state
cp $repo_dir/*conf /usr/local/etc/pkg/repos/.

#install services and menus
php /root/check_mailscanner_service.php

#install spamassassin-extremeshok_fromreplyto
plugin_dir=/usr/local/etc/mail/spamassassin
plugin_file=extremeshok_fromreplyto.zip

if [ ! -d $plugin_dir/plugins ];then
	mkdir -p $plugin_dir/plugins
fi

cd root

fetch -o $plugin_file https://github.com/extremeshok/spamassassin-extremeshok_fromreplyto/archive/master.zip
unzip -o $plugin_file
cp spamassassin-extremeshok_fromreplyto-master/plugins/*pm $plugin_dir/plugins/
cp spamassassin-extremeshok_fromreplyto-master/01_extremeshok_fromreplyto.cf $plugin_dir

#install shorturl mailscanner plugin
plugin_file=DecodeShortURLs.zip
fetch -o $plugin_file https://github.com/smfreegard/DecodeShortURLs/archive/master.zip
unzip -o $plugin_file
cp DecodeShortURLs-master/*pm $plugin_dir
cp DecodeShortURLs-master/*cf $plugin_dir

# Obsolete with MailScanner v5
#install 7z and pdf patch
#plugin_file=pdfid.zip 
#fetch -o $plugin_file http://didierstevens.com/files/software/pdfid_v0_2_1.zip
#unzip -o $plugin_file
#cp p*py /usr/local/bin/
#chmod +x /usr/local/bin/p*py
##fix python path
#sed -i '.bak' "s@/usr/bin/env python@/usr/local/bin/python2@" /usr/local/bin/p*.py

#install unofficial sigs for improving malware protection
plugin_file=clamav-unofficial-sigs.zip
fetch -o $plugin_file https://github.com/extremeshok/clamav-unofficial-sigs/archive/master.zip
unzip -o $plugin_file
script_file=/usr/local/sbin/clamav-unofficial-sigs.sh
plugin_dir=clamav-unofficial-sigs
cp ${plugin_dir}-master/clamav-unofficial-sigs.sh $script_file

chmod +x $script_file
sed -i '.bak' "s@!/bin/bash@!/usr/local/bin/bash@" $script_file
for c_dir in /etc/$plugin_dir/ /var/log/$plugin_dir/
do
        if [ ! -d $c_dir ];then
                mkdir $c_dir
        fi
done
cp ${plugin_dir}-master/config/* /etc/$plugin_dir
cp /etc/$plugin_dir/os.pfsense.conf /etc/$plugin_dir/os.conf
sed -i '.bak' 's@clam_user=.*@clam_user="postfix"@' /etc/$plugin_dir/os.conf
sed -i '.bak' 's@#user_configuration.*@user_configuration_complete="yes"@' /etc/$plugin_dir/user.conf

# update spamassassin database
rehash
/usr/local/bin/sa-update -D

fi

# Obsolete with MailScanner v5
#for PatchFile in ConfigDefs.pl.patch Message.pm.patch SweepContent.pm.patch
#  do
#  fetch -o - -q $prefix/$PatchFile | patch -N -b -p0
#  done

C&P this code in to a file called install_mailscanner_24.sh move it to /root

sh ./install_mailscanner_24.sh

cd /root

fetch https://raw.githubusercontent.com/marcelloc/Unofficial-pfSense-packages/master/pkg-mailscanner/files/install_cpan_modules_23.sh

sh ./install_cpan_modules_23.sh

I have it working with pfSense 2.3.5p1 and Mailscanner v5, so I don't see any reason why it shouldn't work.

Regards

MailScanner.png_thumb

Bismarck

FYI MailScanner now has Milter support

https://github.com/MailScanner/v5/blob/master/doc/MailScanner%20Milter%20Guide.pdf

DannyB

Hi, i have postfix and mailscanner running on pfsense 2.4.4-p1, i got the following warnings:

MailScanner[64731]: Clamd::ERROR:: UNKNOWN CLAMD RETURN ./lstat() failed: Permission denied. ERROR :: /var/spool/MailScanner/incoming/64731

Permissions looks fine, i did chown -R postfix:postfix /var/spool/MailScanner/incoming/, also chmod -R 6666 to the same folder.

Runas user on MailScanner.conf and clamd.conf is postfix.

Also mailscanner logs display syntax errors:

Mar 6 16:09:51 pfsense2 MailScanner[56749]: Syntax error(s) in configuration file:
Mar 6 16:09:51 pfsense2 MailScanner[56749]: Unrecognised keyword "deliversuspiciouspdf" at line 93
Mar 6 16:09:51 pfsense2 MailScanner[56749]: Unrecognised keyword "pdfidcommand" at line 84
Mar 6 16:09:51 pfsense2 MailScanner[56749]: Unrecognised keyword "pdfidtimeout" at line 87
Mar 6 16:09:51 pfsense2 MailScanner[56749]: Unrecognised keyword "scanpdf" at line 90
Mar 6 16:09:51 pfsense2 MailScanner[56749]: Warning: syntax errors in /usr/local/etc/MailScanner/MailScanner.conf.

Please Help.

Bismarck

@dannyb

Try

chown -R postfix:clamav /var/spool/MailScanner/

and

chmod -R 0770 /var/spool/MailScanner/

DannyB

@bismarck

Thanks Bismarck, i just did it but i got the same errors.

0_1551970237056_164a3c35-b5f3-4ce7-b317-ba608e17e06c-image.png

DannyB

Here is what i got grom "MailScanner --lint"

0_1551970863764_9714b9e2-937b-490c-90e1-ec47895dcc0e-image.png

Bismarck

@dannyb
0_1551974979662_ec5ab7d8-ff9a-48e5-80bd-6132b5eb5a97-image.png

Only difference I see is "GID/UID" and "Virus Scanner = clamd"

? http://lists.mailscanner.info/pipermail/mailscanner/2018-March/105077.html

Here are all files I have running with pfSense 2.4.4-p2 and Postfix/MailScanner

https://github.com/spec1re/stuff/raw/spec1re-patch-1/Unofficial-pfSense-packages-master.rar

unpack it, execute

./install_mailscanner_24.sh
./install_cpan_modules_24.sh

and manually copy the other files, overwriting existing ones.

DannyB

@bismarck

Ok, i will do it, i´ll let you know.

Thanks again.

DannyB

i must be doing something wrong, i did a clean install pfsense 2.4.4-p1, install unofficial repo, enable FreeBSD in all repos, ran script install_postfix_24.sh, fixed postwhite error fetching the postwhite.conf file from stevejenkins and changing paths in the file, installed mailscanner and cpan from your packet, override every files as suggested and i got the same error.

Postfix and MailScanner are running but got the same errors.

Bismarck

@dannyb

the MailScanner.conf errors are just cosmetic, to get rid of them just edit

/usr/local/pkg/mailscanner.conf.template

and comment out line 82 till 98, restart mailscanner via the web interface and they should go away.

For the clamd error, you need to check the permissions defined in the configs of mailscanner and clamd eg. add postfix to the clamav group and viceversa.

DannyB

Thanks Bismarck, that fix the errors. at first i added clamav as group for Incoming Work Dir Settings only in MailScanner.conf, but adding clamav as a group in system settings was the trick.

Bismarck

@dannyb

Nice to hear, and now you can start tuning SA / ClamAV rules and signatures. ;)