ClamSMTP

               Install Clam AntiVirus to protect servers from virus.  

[1] Install Clamav.

# install from EPEL

[root@mail ~]# yum --enablerepo=epel -y install clamav

# update pattern files

[root@mail ~]# freshclam

ClamAV update process started at Tue Aug 12 22:26:22 2014

main.cvd is up to date (version: 55, sigs: 2424225, f-level: 60, builder: neo)

daily.cvd is up to date (version: 19278, sigs: 1090360, f-level: 63, builder: neo)

bytecode.cvd is up to date (version: 242, sigs: 46, f-level: 63, builder: dgoddard)

[2] Try to scan.

[root@mail ~]# clamscan --infected --remove --recursive /home

----------- SCAN SUMMARY -----------

Known viruses: 3509099

Engine version: 0.98.4

Scanned directories: 94

Scanned files: 109

Infected files: 0

Data scanned: 0.95 MB

Data read: 0.89 MB (ratio 1.07:1)

Time: 8.485 sec (0 m 8 s)

# download trial virus

[root@mail ~]# wget http://www.eicar.org/download/eicar.com

[root@mail ~]# clamscan --infected --remove --recursive .

./eicar.com: Eicar-Test-Signature FOUND

./eicar.com: Removed.

# just detected

----------- SCAN SUMMARY -----------

Known viruses: 3509099

Engine version: 0.98.4

Scanned directories: 110

Scanned files: 147

Infected files: 1

Data scanned: 0.78 MB

Data read: 0.64 MB (ratio 1.21:1)

Time: 7.982 sec (0 m 7 s)

                                       Install Clamd and Clamsmtp

 

# install from EPEL

clamsmtp-1.10-6.el6.x86_64.rpm

[root@mail ~]# yum --enablerepo=epel -y install  clamsmtp

[root@mail ~]# vi /etc/clamsmtpd.conf

# line 22: uncomment

Listen: 0.0.0.0:10025

# line 28: uncomment

Header: X-Virus-Scanned: ClamAV using ClamSMTP

# line 34: uncomment

Action: drop

[root@mail ~]# /etc/rc.d/init.d/clamsmtpd start

Starting ClamSmtpd:                  [  OK  ]

[root@mail ~]# /etc/rc.d/init.d/clamsmtp-clamd start

Starting clamd.clamsmtp:             [  OK  ]

[root@mail ~]# chkconfig clamsmtpd on

[root@mail ~]# chkconfig clamsmtp-clamd on

[3] Configure Postfix.

[root@mail ~]# vi /etc/postfix/main.cf

# add follows to the end

content_filter = scan:127.0.0.1:10025

[root@mail ~]# vi /etc/postfix/master.cf

# add follows to the end

scan unix -       -       n       -       16       smtp

   -o smtp_data_done_timeout=1200

   -o smtp_send_xforward_command=yes

   -o disable_dns_lookups=yes

127.0.0.1:10026 inet n       -       n       -       16       smtpd

   -o content_filter=

   -o local_recipient_maps=

   -o relay_recipient_maps=

   -o smtpd_restriction_classes=

   -o smtpd_client_restrictions=

   -o smtpd_helo_restrictions=

   -o smtpd_sender_restrictions=

   -o smtpd_recipient_restrictions=permit_mynetworks,reject

   -o mynetworks_style=host

   -o smtpd_authorized_xforward_hosts=127.0.0.0/8

[root@mail ~]# /etc/rc.d/init.d/postfix restart

Shutting down postfix:                  [  OK  ]

Starting postfix:                       [  OK  ]