Qmail-Scanner is an e-mail content scanner that enables a qmail server to scan all messages it receives for certain characteristics (normally viruses), and react accordingly. For more information see http://qmail-scanner.sourceforge.net/
Before you continue you will want to make sure that clamav and spamassain are running before you continue with this step. You can get the status of all services by running:
# svstat /service/* /service/*/log
First we will need to download qmail-scanner and then extract it.
# cd ~root
# fetch http://freebsdrocks.net/qmail2/q-s-2.11st-20130319.tgz
# tar zxvf q-s-2.11st-20130319.tgz
Before I continue on with this installation I wanted to let you know I am using a minimum of configuration options for qmail-scanner. There are many different options to choose from as well as changing some of the options within my qs-configure script. For a complete list of qmail-scanner options for the ST patch see the following URL below:
We need to tell the system where the correct unzip file is. If we don't you will get a qmail-scanner error. Please run the following commands:
# cd /usr/bin
# mv unzip unzip.bak
# ln -s /usr/local/bin/unzip /usr/bin/
We will want to run the first configure line as a test first without installing it. This will give you a chance to fix any errors that come up (If any) before you install it. Change domain.local to your domain. Change the domain to just the prefix of your domain or just an abbreviation.
# cd /root/qmail-scanner-2.11st/contrib
# cc -o qmail-scanner-queue qmail-scanner-queue.c << IF YOU GET ERRORS ON THIS STEP PLEASE IGNORE AND CONTINUE ON
# mv qmail-scanner-queue /var/qmail/bin/
# chown qscand:qscand /var/qmail/bin/qmail-scanner-queue
# chmod 6755 /var/qmail/bin/qmail-scanner-queue
# cd ~root/qmail-scanner-2.11st/
# ./configure --domain domain.local --dscr-hdrs-text "X-Antivirus-domain" --admin postmaster --add-dscr-hdrs yes --ignore-eol-check yes --sa-quarantine 0 --sa-delete 0 --sa-reject no --sa-subject ":SPAM:" --sa-alt yes --sa-debug no --notify admin --redundant yes --skip-setuid-test --logdir /var/log/qmail/qmail-scanner
Provided the script above didn't result in any errors we can now install qmail-scanner. This will be exactly like the line we just tested above only with adding --install 1 at the end. This tells the port to install qmail-scanner:
This is what the configure line should look like:
# cd ~root/qmail-scanner-2.11st/
# ./configure --domain domain.local --dscr-hdrs-text "X-Antivirus-domain" --admin postmaster --add-dscr-hdrs yes --ignore-eol-check yes --sa-quarantine 0 --sa-delete 0 --sa-reject no --sa-subject ":SPAM:" --sa-alt yes --sa-debug no --notify admin --redundant yes --skip-setuid-test --logdir /var/log/qmail/qmail-scanner --install 1
Answer YES to all questions
# vi /var/qmail/bin/qmail-scanner-queue.pl
Then change the first line of /var/qmail/bin/qmail-scanner-queue.pl
to "#!/usr/bin/perl (in other words, remove the "-T" from the perl call.)
# chmod 0755 /var/qmail/bin/qmail-scanner-queue.pl
And now all that's left for qmail-scanner is to initiate the version file and the perlscanner database. We'll initialize the version file. This command also helps to keep your server's /var/spool/qmailscan folder clear of rogue files that can develop when SMTP sessions are dropped. You may want to stick this command into your server's crontab and run it once a day. You'll see more on this in the "maintaining your qmail server" step near the end of this tutorial. So let's run it:
# setuidgid qscand /var/qmail/bin/qmail-scanner-queue.pl -z
And now we will generate a new perlscanner database for qmailp-scanner. For future reference, it's a good idea to run this next command whenever you upgrade qmail-scanner. You'll see more on this in the "maintaining your qmail server" step near the end of this tutorial. So let's do it:
# setuidgid qscand /var/qmail/bin/qmail-scanner-queue.pl -g
A successful database build should produce the following output:
perlscanner: generate new DB file from /var/spool/qmailscan/quarantine-attachments.txt
perlscanner: total of 35 entries.
And now one final ownership check...
# chown -R qscand:qscand /var/spool/qscan
Woohoo, qmail-scanner is installed! Now it's time to tie qmail-scanner into qmail itself.
# vi /var/qmail/supervise/qmail-smtpd/run
Look for the line that says:
and remove the # in front of the line like so:
Once you've got the qmail-smtpd file modified, save the changes and exit from the file. Now we will finalize the qmail-scanner installation by going over some post-install configuration options. After that, we'll fire everything up and take qmail-scanner for a test drive.
To activate all the changes we just made, we're going to have to completely stop and restart qmail.
Run qmailctl stop
run qmailctl start
And a quick check of the qmail processes, just to be safe.
# qmailctl stat
Before we run the qmail-scanner test we need to make sure we're using dovecot for the local delivery. Lets say you used mydomain.local for the domain name. You will want to run the following command in your postmaster account:
# cd ~vpopmail/domains/mydomain.local/postmaster
# cp -Rp ~vpopmail/skel/* .
# cp -Rp ~vpopmail/skel/.qmail .
Now it's time to test the whole damn thing to see if Qmail-Scanner, Spamassassin and Clam AV are all working correctly. Fortunately, Qmail-Scanner comes with it's own testing script that does a fantastic job. So let's test it!
# cd /root/qmail-scanner-2.11st/contrib/
# chmod 755 test_installation.sh
# ./test_installation.sh -doit
A successful test should produce the following output. 2 messages should be quarantined by Clam Antivirus in /var/spool/quarantine/new and 2 messages should be set to whatever mailbox you specified in the Qmail-scanner configuration script. Don't worry if you don't get virus notification emails. The normal notification emails that get sent out upon virus detection usually don't work during the test.
setting QMAILQUEUE to /var/qmail/bin/qmail-scanner-queue.pl for this test...
Sending standard test message - no viruses...
Sending eicar test virus - should be caught by perlscanner module...
Sending eicar test virus with altered filename - should only be caught by commercial anti-virus modules (if you have any)
Sending bad spam message for anti-spam testing - In case you are using SpamAssassin...
You should now get a total of 4 messages:
1 policy message in /var/spool/qscan/quarantine/policy/new
1 virus message in /var/spool/qscan/quarantine/viruses/new/