Mailscanner + spamassassin + clamav package
-
I've pushed some updates to improve boot process, and checks to perl version and config files.
The clean install now, select all default options.
att,
Marcello Coutinho -
marcelloc ,in order use mailscanner package is checking on Postfix Forwarder>>>Antispam>>>Use Third part antispam box enough?any another settings?
-
I use it with Message Hold mode= manual using acls
and I put /^from:/ HOLD on header acls
- 13 days later
-
Hi,
I would like to disable the change on email subject when mailscanner "disarm" an email.
So I modified Mailscanner.conf and the line "Disarmed Modify Subject = no"
but it comes back to its previous settings "Disarmed Modify Subject = start" on reboot.What can I do ?
Thanks
-
@ics:
What can I do ?
change /usr/local/pkg/mailscanner.conf.template and apply changes.
att,
Marcello Coutinho -
change /usr/local/pkg/mailscanner.conf.template and apply changes.
Thanks for the reply.
This file doesn't exist so I modified the file /usr/local/pkg/mailscanner.inc
And it seems to work :) -
Will be there when you update/upgrade the package. :)
-
Will be there when you update/upgrade the package. :)
And about updates, is there a procedure to update packages ?
Or I just need to click on "Reinstall this package" in the package manager ? -
Normally, just update.
A backup first is always a good idea. :)
- 8 days later
-
Hello Marcello
i just installed postfix and mailscanner on my pre production pf box,and getting this error on my system log
My pf version:
2.0.1-RELEASE (amd64)
built on Mon Dec 12 18:16:13 EST 2011
FreeBSD 8.1-RELEASE-p6Jun 7 16:32:39 MailScanner[15521]: Syntax error in line 145, value "" for allowscripttags is not one of allowed values "yes","disarm","no"
Jun 7 16:32:39 MailScanner[15521]: Reading configuration file /usr/local/etc/MailScanner/conf.d/README
Jun 7 16:32:39 MailScanner[15521]: Reading configuration file /usr/local/etc/MailScanner/MailScanner.conf
Jun 7 16:32:39 MailScanner[15521]: MailScanner E-Mail Virus Scanner version 4.83.5 starting…
Jun 7 16:32:39 mailscanner: Process did not exit cleanly, returned 1 with signal 0
Jun 7 16:32:39 MailScanner[3723]: ClamAV Module ERROR:: Could not load databases from /var/db/clamav
Jun 7 16:32:39 MailScanner[3723]: I have found clamavmodule scanners installed, and will use them all by default.
Jun 7 16:32:34 MailScanner[8485]: Enabling SpamAssassin auto-whitelist functionality…
Jun 7 16:32:34 MailScanner[8485]: Connected to SpamAssassin cache database
Jun 7 16:32:34 MailScanner[8485]: Using SpamAssassin results cache -
Your antivirus is up to date ?
freshclam –versionclamav is not automatically updated, you have configure your crontab.
To update manually :
/usr/local/bin/freshclam -
/usr/local/bin/freshclam
ERROR: Can't open /var/log/clamav/freshclam.log in append mode (check permissions!).
ERROR: Problem with internal logger (UpdateLogFile = /var/log/clamav/freshclam.log).freshclam –version
ClamAV 0.97.3 -
/usr/local/bin/sa-update -> this one too ;)
-
sa-update
/usr/local/lib/perl5/site_perl/5.12.4 /usr/local/lib/perl5/5.12.3/BSDPAN /usr/local/lib/perl5/site_perl/5.12.3/mach /usr/local/lib/perl5/site_perl/5.12.3 /usr/local/lib/perl5/5.12.3/mach /usr/local/lib/perl5/5.12.3) at /usr/local/bin/sa-update line 80.
BEGIN failed–compilation aborted at /usr/local/bin/sa-update line 80. -
sa-update
/usr/local/lib/perl5/site_perl/5.12.4 /usr/local/lib/perl5/5.12.3/BSDPAN /usr/local/lib/perl5/site_perl/5.12.3/mach /usr/local/lib/perl5/site_perl/5.12.3 /usr/local/lib/perl5/5.12.3/mach /usr/local/lib/perl5/5.12.3) at /usr/local/bin/sa-update line 80.
BEGIN failed–compilation aborted at /usr/local/bin/sa-update line 80.Are you using the latest mailscanner package version?
-
mailscanner-dev Services Package Info 4.83.5 pkg v.0.2.1
- 14 days later
-
Clamd::ERROR:: UNKNOWN CLAMD RETURN ./lstat() failed: Permission denied. ERROR :: /var/spool/MailScanner/incoming
Is anyone seeing this error in the /var/log/maillog. It's obviously a permissions error, but I can not figure out how to get rid of it.
the /var/spool/MailScanner/ is created by postfix. I tried adding clamav to the postfix group as well as www and wheel the error still occurs.
-
clamd should be running with postfix user.
Try to apply maiscanner config and check in /usr/local/etc/clamd.conf what user is configured.
att,
Marcello Coutinho -
Multiple installs all installed
postfix->mailscanner->dansguardian
I check them all all have
Run as another user (clamd must be started by root for this option to work)
Default: don't drop privileges
User clamav
Tried save mailscanner configuration and enabling and disabling the daemon. It appears that the program is not updating the clamd.conf at all.
Did a new clean install -postfix-mailscanner-dansguardian. Saved the mailscanner config and checked the clamd.conf "clamav" was still the user.
Manually edited the clamd.conf and changed the user from "clamav" to "postfix" reboot and everthing is working properly.
-
Manually edited the clamd.conf and changed the user from "clamav" to "postfix" reboot and everthing is working properly.
I'll check again the code and include a force config file option. On my install it's working with user postfix without any manual edit.
att,
Marcello Coutinho - 26 days later
-
I have a problem with Mailscanner, mailscanner installed today so it should be uptodate.
Working with postfix and mailscanner-dev: http://forum.pfsense.org/index.php/topic,40201.0.htmlMailscanner do exit every second or two. with this in the log:
mailscanner: Process did not exit cleanly, returned 1 with signal 0I also get this in the log:
ClamAV Module ERROR:: Could not load databases from /var/db/clamavSo i tried to do as suggested here and tried to run this:
/usr/local/bin/freshclambut then i got this error:
ERROR: Can not open /var/log/clamav/freshclam.log in append mode (check permissions!)
ERROR: Problem with internal logger (UpdateLogFile = /var/log/clamav/freshclam.log)When i check the folder /var/log/clamav it is emty!!
Same thing with /var/log/db emty!!Running freshclam –version
Gives ClamAV 0.97.3and did run this one(/usr/local/bin/sa-update ) too and that did run with no output.
So is mailscanner restarting every second because clamav has no db??
EDIT: Might have been a bit quick posting here.
Manually created the log file: /var/log/clamav/freshclam.log and changed permisions so any thing could log to it.
then tried to updated and then it complained it could not create tem folder in /var/db/clamav so i changed the permisions on that folder so it could update and create the temp folder.And now i am stuck on this error when trying to update clamav:
WARNING: Clamd was NOT Notified: Can't connect to clamd through /var/run/clamav/clamd.sock
connect(): No such file or directory ???The folder var/run/clamav/ is emty? Should it be?
And now mailscanner is veining me this in the log
mailscanner: Process did not exit cleanly, returned 0 with signal 9
And i get alot of this: kernel: swap_pager_getswapspace(4): failed until i get this: kernel: pid 8874 (perl5.12.4), uid 125, was killed: out of swap space
And then it continues with: swap_pager_getswapspace(5): failedSorry for noob questions. ::)
-
Did you configured the mailscanner on gui? Checked and save options on all tabs?
-
jupp i did.
I did go through all of the to make sure they saved and did write the config files to stop this error:
MailScanner[15521]: Syntax error in line 145, value "" for allowscripttags is not one of allowed values "yes","disarm","no"that did not fix it so i had to change allowscripttags from disarm to no..
looks like the swap_pager_getswapspace problem is gone after a reboot.. strange???
Looks like thing are working as they should now, and did not do anything else then describe in previous post except reboot.
But anyway would still like to know more about this error:
WARNING: Clamd was NOT Notified: Can't connect to clamd through /var/run/clamav/clamd.sock
connect(): No such file or directory -
I have a problem with Mailscanner, mailscanner installed today so it should be uptodate.
Working with postfix and mailscanner-dev: http://forum.pfsense.org/index.php/topic,40201.0.htmlMailscanner do exit every second or two. with this in the log:
mailscanner: Process did not exit cleanly, returned 1 with signal 0I also get this in the log:
ClamAV Module ERROR:: Could not load databases from /var/db/clamavSo i tried to do as suggested here and tried to run this:
/usr/local/bin/freshclambut then i got this error:
ERROR: Can not open /var/log/clamav/freshclam.log in append mode (check permissions!)
ERROR: Problem with internal logger (UpdateLogFile = /var/log/clamav/freshclam.log)When i check the folder /var/log/clamav it is emty!!
Same thing with /var/log/db emty!!Running freshclam –version
Gives ClamAV 0.97.3and did run this one(/usr/local/bin/sa-update ) too and that did run with no output.
So is mailscanner restarting every second because clamav has no db??
EDIT: Might have been a bit quick posting here.
Manually created the log file: /var/log/clamav/freshclam.log and changed permisions so any thing could log to it.
then tried to updated and then it complained it could not create tem folder in /var/db/clamav so i changed the permisions on that folder so it could update and create the temp folder.And now i am stuck on this error when trying to update clamav:
WARNING: Clamd was NOT Notified: Can't connect to clamd through /var/run/clamav/clamd.sock
connect(): No such file or directory ???The folder var/run/clamav/ is emty? Should it be?
And now mailscanner is veining me this in the log
mailscanner: Process did not exit cleanly, returned 0 with signal 9
And i get alot of this: kernel: swap_pager_getswapspace(4): failed until i get this: kernel: pid 8874 (perl5.12.4), uid 125, was killed: out of swap space
And then it continues with: swap_pager_getswapspace(5): failedSorry for noob questions. ::)
check this file /usr/local/etc/clamd.conf
scroll down to the following line and make sure that this is who clam is running under:
Run as another user (clamd must be started by root for this option to work)
Default: don't drop privileges
User postfix
If not change the user then you will need to reboot the box.
-
Thanks for that mschiek01, the user was set to clamav so just changed it(Nice recap with the VI editor too :) ) and now it is rebooting.
So now more playing with subject word blacklisting. ;D
-
Just a question, did you checked VirusScanning(yes) and Virus scanner =clamd on mailscanner antivirus tab?
I've checked the code and it looks for user clamav on clamd.conf file
#check virus_scanner options $libexec_dir="/usr/local/libexec/MailScanner/"; if ($virus_scanning == "yes"){ if ($antivirus['virus_scanner'] =="none"){ unlink_if_exists($libexec_dir.'clamav-autoupdate'); unlink_if_exists($libexec_dir.'clamav-wrapper'); } else{ . . . #clamd conf file $cconf="/usr/local/etc/clamd.conf"; if (file_exists($conf)){ $cconf_file=file_get_contents($cconf); if (preg_match('/User clamav/',$cconf_file)){ $cconf_file=preg_replace("/User clamav/","User postfix",$cconf_file); file_put_contents($cconf, $cconf_file, LOCK_EX); } }
-
Just a question, did you checked VirusScanning(yes) and Virus scanner =clamd on mailscanner antivirus tab?
I've checked the code and it looks for user clamav on clamd.conf file
#check virus_scanner options $libexec_dir="/usr/local/libexec/MailScanner/"; if ($virus_scanning == "yes"){ if ($antivirus['virus_scanner'] =="none"){ unlink_if_exists($libexec_dir.'clamav-autoupdate'); unlink_if_exists($libexec_dir.'clamav-wrapper'); } else{ . . . #clamd conf file $cconf="/usr/local/etc/clamd.conf"; if (file_exists($conf)){ $cconf_file=file_get_contents($cconf); if (preg_match('/User clamav/',$cconf_file)){ $cconf_file=preg_replace("/User clamav/","User postfix",$cconf_file); file_put_contents($cconf, $cconf_file, LOCK_EX); } }
All my boxes had virus scanner = auto. Maybe that is why I always have to configure it manually?
Maybe you should default it in your package to clamd instead of auto?
-
Just a question, did you checked VirusScanning(yes) and Virus scanner =clamd on mailscanner antivirus tab?
I've checked the code and it looks for user clamav on clamd.conf file
I just checked an it was set to:
VirusScanning(yes)Do not even know how to change this or turn on any options that have (no)Guess i have to modify some config files or something. Google will answer me i hope. ;DAha ()=default and if it is selected it is on right?Virus scanner was set to auto
So what is recommended i do?
Change user back to clamav and set it to use clameav?
And should i be able to see in the logs that any emails is scanned and passes the scan?
Reason for asking is that i can not see anything like that in the log files in regards to avscan of emails..
This is what i see in the log for an incoming email:2012-07-24 18:35:09 Mail.Info LANIP Jul 24 18:37:22 postfix/postscreen[881]: CONNECT from [69.64.6.29]:34011
2012-07-24 18:35:09 Mail.Info LANIP Jul 24 18:37:22 postfix/postscreen[881]: PASS OLD [69.64.6.29]:34011
2012-07-24 18:35:09 Local0.Info LANIP Jul 24 18:37:22 pf: 00:06:56.261267 rule 27/0(match): pass in on de0: (tos 0x0, ttl 52, id 47253, offset 0, flags [DF], proto TCP (6), length 64)
2012-07-24 18:35:09 Local0.Info LANIP Jul 24 18:37:22 pf: 69.64.6.29.34011 > WANIPONMailscanner: Flags [ S ], cksum 0xb9e2 (correct), seq 994851350, win 16384, options [mss 1460,nop,nop,sackOK,nop,wscale 0,nop,nop,TS val 150586674 ecr 0], length 0
2012-07-24 18:35:10 Mail.Info LANIP Jul 24 18:37:23 postfix/smtpd[1239]: connect from mail.pfsense.org[69.64.6.29]
2012-07-24 18:35:10 Mail.Info LANIP Jul 24 18:37:23 postfix/smtpd[1239]: A4B6911D1B: client=mail.pfsense.org[69.64.6.29]
2012-07-24 18:35:10 Mail.Info LANIP Jul 24 18:37:23 postfix/cleanup[1882]: A4B6911D1B: message-id=3408b51f40ccd43c38e94056c4fe832e-m276917@pfsense.org
2012-07-24 18:35:10 Mail.Info LANIP Jul 24 18:37:23 postfix/smtpd[1239]: disconnect from mail.pfsense.org[69.64.6.29]
2012-07-24 18:35:10 Mail.Info LANIP Jul 24 18:37:23 postfix/qmgr[31335]: A4B6911D1B: from=cmb@pfsense.org, size=2295, nrcpt=1 (queue active)
2012-07-24 18:35:11 Mail.Info LANIP Jul 24 18:37:24 postfix/smtp[2195]: A4B6911D1B: to=my@email.com, relay=MAILserverIP[MAILserverIP]:25, delay=0.79, delays=0.33/0.01/0.02/0.43, dsn=2.6.0, status=sent (250 2.6.0 3408b51f40ccd43c38e94056c4fe832e-m276917@pfsense.org [InternalId=284] Queued mail for delivery)
2012-07-24 18:35:11 Mail.Info LANIP Jul 24 18:37:24 postfix/qmgr[31335]: A4B6911D1B: removed/my@email.com/cmb@pfsense.orgAgain sorry for noob questions.
-
Maybe you should default it in your package to clamd instead of auto?
The php code checks for virus_scanning == "yes" and 'virus_scanner' != none
so auto or clamd will result on the same config check.
-
Just a question, did you checked VirusScanning(yes) and Virus scanner =clamd on mailscanner antivirus tab?
I've checked the code and it looks for user clamav on clamd.conf file
I just checked an it was set to:
VirusScanning(yes)Do not even know how to change this or turn on any options that have (no)Guess i have to modify some config files or something. Google will answer me i hope. ;DAha ()=default and if it is selected it is on right?Virus scanner was set to auto
So what is recommended i do?
Change user back to clamav and set it to use clameav?
And should i be able to see in the logs that any emails is scanned and passes the scan?
Reason for asking is that i can not see anything like that in the log files in regards to avscan of emails..
This is what i see in the log for an incoming email:2012-07-24 18:35:09 Mail.Info LANIP Jul 24 18:37:22 postfix/postscreen[881]: CONNECT from [69.64.6.29]:34011
2012-07-24 18:35:09 Mail.Info LANIP Jul 24 18:37:22 postfix/postscreen[881]: PASS OLD [69.64.6.29]:34011
2012-07-24 18:35:09 Local0.Info LANIP Jul 24 18:37:22 pf: 00:06:56.261267 rule 27/0(match): pass in on de0: (tos 0x0, ttl 52, id 47253, offset 0, flags [DF], proto TCP (6), length 64)
2012-07-24 18:35:09 Local0.Info LANIP Jul 24 18:37:22 pf: 69.64.6.29.34011 > WANIPONMailscanner: Flags [ S ], cksum 0xb9e2 (correct), seq 994851350, win 16384, options [mss 1460,nop,nop,sackOK,nop,wscale 0,nop,nop,TS val 150586674 ecr 0], length 0
2012-07-24 18:35:10 Mail.Info LANIP Jul 24 18:37:23 postfix/smtpd[1239]: connect from mail.pfsense.org[69.64.6.29]
2012-07-24 18:35:10 Mail.Info LANIP Jul 24 18:37:23 postfix/smtpd[1239]: A4B6911D1B: client=mail.pfsense.org[69.64.6.29]
2012-07-24 18:35:10 Mail.Info LANIP Jul 24 18:37:23 postfix/cleanup[1882]: A4B6911D1B: message-id=3408b51f40ccd43c38e94056c4fe832e-m276917@pfsense.org
2012-07-24 18:35:10 Mail.Info LANIP Jul 24 18:37:23 postfix/smtpd[1239]: disconnect from mail.pfsense.org[69.64.6.29]
2012-07-24 18:35:10 Mail.Info LANIP Jul 24 18:37:23 postfix/qmgr[31335]: A4B6911D1B: from=cmb@pfsense.org, size=2295, nrcpt=1 (queue active)
2012-07-24 18:35:11 Mail.Info LANIP Jul 24 18:37:24 postfix/smtp[2195]: A4B6911D1B: to=my@email.com, relay=MAILserverIP[MAILserverIP]:25, delay=0.79, delays=0.33/0.01/0.02/0.43, dsn=2.6.0, status=sent (250 2.6.0 3408b51f40ccd43c38e94056c4fe832e-m276917@pfsense.org [InternalId=284] Queued mail for delivery)
2012-07-24 18:35:11 Mail.Info LANIP Jul 24 18:37:24 postfix/qmgr[31335]: A4B6911D1B: removed/my@email.com/cmb@pfsense.orgAgain sorry for noob questions.
Leave the user as postfix or it will not work.
in /var/log/maillog you should see something like this on accepted mail.
Jul 24 17:41:23 6460_a_51st MailScanner[4124]: New Batch: Scanning 1 messages, 50753 bytes
Jul 24 17:41:23 6460_a_51st MailScanner[4124]: Virus and Content Scanning: Starting
Jul 24 17:41:24 6460_a_51st MailScanner[4124]: Spam Checks: Starting
Jul 24 17:41:24 6460_a_51st MailScanner[4124]: Expired 1 records from the SpamAssassin cache
Jul 24 17:41:38 6460_a_51st MailScanner[4124]: Requeue: 746EA78C4A.A7765 to 41CC478C8AFirst though you need to configure postfix to hold the mail in the que so it can be scanned with something like this.
in the gui for postfix
click the access lists tab
and put something like this "/^from:/ HOLD"You also need to configure the recipients tab as well as the antispam tab
If you look to the botom of the antispam page:
Check use third party anti spam
I use message hold mode "manual mode using acls"
mailscanner+spam assassin + clamav -
Thanks to both of you, marcelloc and mschiek01.
The help from both of you should be enough now to get me going. ;D -
Thanks to both of you, marcelloc and mschiek01.
The help from both of you should be enough now to get me going. ;DThe package works great once you get it set up.
Marcelloc helped me a lot. Just trying to return the favor.
Just any FYI. If you are going to use active directory to extract your valid recipients. You need to make sure you install p5-perl-ldap.
-
The package works great once you get it set up.
Marcelloc helped me a lot. Just trying to return the favor.
Just any FYI. If you are going to use active directory to extract your valid recipients. You need to make sure you install p5-perl-ldap.
Your help is highly appreciated, and if i can help any1 i will do the same. ITs what it is all about. Love sharing knowledge.
Thanks for heads up on the ldap. This will be something i will be using on a late time when i have get enough know how on this packages. -
Cannot lock /var/spool/MailScanner/incoming/Locks/clamavBusy.lock, No such file or directory
chown -R postfix /var/spool/MailScanner/incoming/Locks.Hi marcelloc
Just to let you know that i also did get this error too and had to run the chown command to fix it.
-
Just to let you know that i also did get this error too and had to run the chown command to fix it.
ok, I'll check it.
-
Marcelloc-
I see this error in the log when ever Mailscanner starts:
Jul 31 07:58:13 MailScanner[30780]: MailScanner E-Mail Virus Scanner version 4.83.5 starting…
Jul 31 07:58:13 MailScanner[30780]: Reading configuration file /usr/local/etc/MailScanner/MailScanner.conf
Jul 31 07:58:13 MailScanner[30780]: Reading configuration file /usr/local/etc/MailScanner/conf.d/README
Jul 31 07:58:14 MailScanner[30780]: Read 867 hostnames from the phishing whitelist
Jul 31 07:58:14 MailScanner[30780]: Read 5737 hostnames from the phishing blacklists
Jul 31 07:58:14 MailScanner[30780]: User's home directory /var/spool/postfix is not writable
Jul 31 07:58:14 MailScanner[30780]: You need to set the "SpamAssassin User State Dir" to a directory that the "Run As User" can write to
Jul 31 07:58:14 MailScanner[30780]: Using SpamAssassin results cache
Jul 31 07:58:14 MailScanner[30780]: Connected to SpamAssassin cache database
Jul 31 07:58:15 MailScanner[30780]: Enabling SpamAssassin auto-whitelist functionality…I took a look at the mailscanner.conf and it appears the directories are created with 0600 with a user postfix?
-
I took a look at the mailscanner.conf and it appears the directories are created with 0600 with a user postfix?
Yes, maiscanner runs with postfix user.
chown ('/var/spool/postfix','postfix');
-
Just to let you know that i also did get this error too and had to run the chown command to fix it.
I'm not getting this error but I've included this folder check on mailscanner.inc file.
- about a month later
-
Hi All,
I have the following packages installed.
Asterisk
mailreport
mailscanner-dev
postfix forwarder
squid3Mailscanner refuses to load with the following.
mailscanner
Can't load '/usr/local/lib/perl5/site_perl/5.12.4/mach/auto/Filesys/Df/Df.so' for module Filesys::Df: /usr/local/lib/perl5/site_perl/5.12.4/mach/auto/Filesys/Df/Df.so: Undefined symbol "PL_stack_max" at /usr/local/lib/perl5/5.12.4/mach/DynaLoader.pm line 200.
at /usr/local/sbin/mailscanner line 91
Compilation failed in require at /usr/local/sbin/mailscanner line 91.
BEGIN failed–compilation aborted at /usr/local/sbin/mailscanner line 91.Please advise.
-
check if you have multiple perl version on your pfsense.
type pkg_info | grep -i perl on console/ssh