INSTALLATION instructions ------------------------- This is a short/brief document on HOWTO install amavis-0.2.4.tar.gz in combination with sendmail or qmail. Make sure you have the following items standby, as amavis needs quite a lot of third party helper software packages, which are mainly unzippers and unarchivers. - amavis-0.2.4.tar.gz The amavis integrated AntiVirus email scanner. - clamav-0.90.2.tar.gz ClamAV 0.90.2 AntiVirus scanner. McAfee's command-line AV scanner uvscan version 4.x cannot be used anymore as the scan.dat file has been changed in format. The reader is advised to upgrade to version 5.x to be able to continue to run amavis-0.2.x. However with the release of amavis-0.2.4 one can drop uvscan in favor for ClamAV 0.90.2 (clamdscan) AntiVirus scanner, a opensource and 100% free package. When correctly used and configured clamav even hits the bricks of the road on your oll mailservers... A bunch of helper zip and archiver packages : - lha-1.14d-3.src.rpm Japanese LHA archiver - mpack-1.5.orig.tar.gz mpack MIME base 64 packer/unpacker - tnef-0.16.tar.gz TNEF a data/file format structure used by Microsoft Outlook. - zoo-2.10-3.i386.rpm The Zoo archiver utility, which has also recover options for damaged archives virus-scan-utils.tar.gz which consist of the following components : - freeze-2.5.0.tar.gz Freeze / Melt Compression Program - unrar-2.50.tar.gz unpacker of RAR archives - xbinunix.c BinHex format file unpacker for MAC stuff - bzip2-095d-x86-linux20 bzip, skip this one, should already be installed on your system - arc521.tar.Z the ARC archiver/unarchiver - zoo-2.10-3.src.rpm The Zoo archiver utility, which has also recover options for damaged archives If you run on redhat 7.3 i386 you should make sure the following 2 RPMS are installed also : -rw-r--r-- 1 root root 35916 Apr 16 18:11 lha-1.14i-4.i386.rpm -rw-r--r-- 1 root root 16025 Apr 16 18:11 unarj-2.43-10.i386.rpm installation : 1. install all of the above archiver/compress utils 2. install clamav-0.90.2.tar.gz * Thu May 24 2007 Robert M. Stockmann - 0.90.2-3 - Adjusted the gear from Dag Wieers to run on oll RedHat 6.2. ouch! Make sure to only run clamdscan by querying throught clamd. Running clamscan barebones and standalone is a broken option. Recipy for success on RedHat 6.2 : ---------------------------------- 1. install gcc version 2.95.3 20010315 (release) and make sure RedHat's RPM version 3.0.5 uses it. 2. install automake-1.4p5-4 and automake15-1.5-2 from RedHat 7.3 SRPMS 3. install autoconf-2.13-17 and autoconf253-2.53-3 from RedHat 7.3 SRPMS 4. install libtool-1.4.2-7 from RedHat 7.3 SRPMS 5. remove the native python-1.5 and gpm2 gear from RedHat 6.2 6. rpm rebuild and install gmp-4.2.1-3.src.rpm 7. rpm rebuild and install python-1.5.2-14.src.rpm 8. rpm rebuild and install curl-7.10.4-1.src.rpm or higher 9. rpm rebuild and install clamav-0.90.2-3.src.rpm 10. rpm -Uhv clamd-0.90.2-3.i386.rpm clamav-db-0.90.2-3.i386.rpm \ clamav-0.90.2-3.i386.rpm 11. install binutils-2.11.93.0.2-11 from RedHat 7.3 SRPMS for clamav-0.92 or higher which use libclamunrar and libclamunrar_iface 12. install libcheck0-devel-0.9.5-3.i386.rpm and libcheck0-0.9.5-3.i386.rpm which are needed for building clamav-0.94 or higher, as the configure process needs these. Build these from check-0.9.5-3.src.rpm for RedHat 6.2, see http://crashrecovery.org/amavis/ or ftp://ftp.crashrecovery.org/pub/linux/amavis/ RedHat 6.2 has /usr/bin/info but rpm --rebuild fails on 'Requires(post): info' and 'Requires(preun):info'. commenting these out will do the job. Recipy for success on RedHat 7.3 : ---------------------------------- 1. install gcc version 2.95.3 20010315 (release) and make sure RedHat's RPM version 4.0.4 uses it. 2. remove the native python-1.5 and gmp3 gear from RedHat 7.3 3. rpm rebuild and install gmp-4.2.1-3.src.rpm (use gcc version 2.95.3 20010315 (release)) 4. rpm rebuild and install python-1.5.2-39.src.rpm (using gcc version 2.96 20000731 (Red Hat Linux 7.3 2.96-110 because 2.95.3 has no -fno-merge-constants option ) 5. rpm rebuild and install curl-7.10.4-1.src.rpm or higher (use gcc version 2.95.3 20010315 (release)) 6. rpm rebuild and install clamav-0.90.2-3.src.rpm (use gcc version 2.95.3 20010315 (release)) 7. rpm -Uhv clamd-0.90.2-3.i386.rpm clamav-db-0.90.2-3.i386.rpm \ clamav-0.90.2-3.i386.rpm 8. install libcheck0-devel-0.9.5-3.i386.rpm and libcheck0-0.9.5-3.i386.rpm which are needed for building clamav-0.94 or higher, as the configure process needs these. Build these from check-0.9.5-3.src.rpm for RedHat 7.3, see http://crashrecovery.org/amavis/ or ftp://ftp.crashrecovery.org/pub/linux/amavis/ to get your new clamav rpm gear up and running do : # freshclam # service clamd start # cd /var/virusmails/root # clamdscan virus-20070423-3662 /var/virusmails/root/virus-20070423-3662: Worm.Stration.pac-1 FOUND ----------- SCAN SUMMARY ----------- Infected files: 1 Time: 0.842 sec (0 m 0 s) (on a PIII 500MHz, 128Mb RAM redHat 6.2 machine ) edit your crontab for root and add : 15 * * * * /usr/bin/freshclam --quiet 3. install amavis 0.2.4 : # cd /usr/src/ # tar xvzf /root/antivirus/amavis-0.2.4.tar.gz # cd amavis-0.2.4 # ./configure --with-notifysender=no --with-notifyreceiver=no # make # make install 4. edit sendmail.cf (for qmail-1.03 see the README.qmail in the source distribution of amavis-0.2.4.tar.gz ): open /etc/sendmail.cf or even /etc/mail/sendmail.cf in your favorate editor, preferrably vi or vim. Locate inside the sendmail.cf the entry for Mlocal. here is what this looks like (on redhat 7.3) : Mlocal, P=/usr/bin/procmail, F=lsDFMAw5:/|@qSPfhn9, S=EnvFromL/HdrFromL, R=EnvToL/HdrToL, T=DNS/RFC822/X-Unix, A=procmail -t -Y -a $h -d $u Now copy these 3 lines and comment the original ones out. Change procmail into scanmails like this : #Mlocal, P=/usr/bin/procmail, F=lsDFMAw5:/|@qSPfhn9, S=EnvFromL/HdrFromL, R=EnvToL/HdrToL, # T=DNS/RFC822/X-Unix, # A=procmail -t -Y -a $h -d $u Mlocal, P=/usr/sbin/scanmails, F=lsDFMAw5:/|@qSPfhn9, S=EnvFromL/HdrFromL, R=EnvToL/HdrToL, T=DNS/RFC822/X-Unix, A=scanmails -t -Y -a $h -d $u 5. restart your sendmail, and send some virus emails. This should be it! Tue Nov 4 12:26:31 CET 2008 --------------------------------- Robert M. Stockmann stock@stokkie.net http://crashrecovery.org/