howtos_amavisd - centos wiki

7/29/2019 HowTos_Amavisd - CentOS Wiki

1/15

Tos/Amavisd - CentOS Wiki

//wiki.centos.org/HowTos/Amavisd[11-06-2013 20:46:32]

FrontPage Help Tips and Tricks How To FAQs Events Contribute Newsletter Changelog

HowTos/Amavisd

vcfagundo Preferences Salir

HowTos Amavisd

Amavisd-new, ClamAV and SpamAssassin

Contents

1. Introduction2. Installation

3. Configuration

1. ClamAV

2. Amavisd-new

3. Postfix

4. Other MTA's

4. Testing

5. SELinux

1. CentOS 6

6. Updating1. SpamAssassin

2. ClamAV

7. Links

Nota bene:Notice: This documentation was written for CentOS 5. It may not be accurate for

CentOS 6 or subsequent releases.

1. Introduction

Amavisd-new is a reliable high-performance interface between an email server (MTA) and content

checkers such as virus scanners (ClamAV), and/or SpamAssassin. Amavisd-new supports both

(E)SMTP and LMTP protocols as well as UNIX sockets for communicating with the MTA and content

checkers. In addition, it may also use dedicated helper programs such as the Mail::SpamAssassin Perl

Texto Ttulos
http://wiki.centos.org/FrontPagehttp://wiki.centos.org/Documentationhttp://wiki.centos.org/TipsAndTrickshttp://wiki.centos.org/HowToshttp://wiki.centos.org/FAQhttp://wiki.centos.org/Eventshttp://wiki.centos.org/Contributehttp://wiki.centos.org/Newsletter/Latesthttp://wiki.centos.org/RecentChangeshttp://wiki.centos.org/vcfagundohttp://wiki.centos.org/HowTos/Amavisd?action=userprefshttp://wiki.centos.org/HowTos/Amavisd?action=logout&logout=logouthttp://wiki.centos.org/HowToshttp://wiki.centos.org/HowTos/Amavisd?action=fullsearch&value=linkto%3A%22HowTos/Amavisd%22&context=180http://wiki.centos.org/HowTos/Amavisd?action=fullsearch&value=linkto%3A%22HowTos/Amavisd%22&context=180http://wiki.centos.org/HowTos/Amavisd?action=fullsearch&value=linkto%3A%22HowTos/Amavisd%22&context=180http://wiki.centos.org/HowToshttp://wiki.centos.org/HowTos/Amavisd?action=logout&logout=logouthttp://wiki.centos.org/HowTos/Amavisd?action=userprefshttp://wiki.centos.org/vcfagundohttp://wiki.centos.org/RecentChangeshttp://wiki.centos.org/Newsletter/Latesthttp://wiki.centos.org/Contributehttp://wiki.centos.org/Eventshttp://wiki.centos.org/FAQhttp://wiki.centos.org/HowToshttp://wiki.centos.org/TipsAndTrickshttp://wiki.centos.org/Documentationhttp://wiki.centos.org/FrontPagehttp://wiki.centos.org/FrontPage


2/15



module.

Amavisd-new supports a number of MTA's. As the Amavisd-new documentation states, Amavisd-new

works "best with Postfix, fine with dual-sendmail setup and Exim v4, works with sendmail/milter, or with

any MTA as a SMTP relay". This guide was written and tested on Postfix and can be used to

compliment the basic Postfix guide here. Other MTA's may get added later.

We are going to configure Amavisd-new's daemon, amavisd, to accept mail from our MTA, pass it to

ClamAV and SpamAssassin for checking, and then return it back to our MTA for delivery. Amavisd willuse lmtp listening on TCP port 10024 to accept mail from our MTA and then pass it to ClamAV using a

local UNIX socket and SpamAssassin using the Mail::SpamAssassin Perl module. Scanned mail will

then be returned to our MTA using smtp on TCP port 10025 for delivery.

Amavisd-new doesn't have to reside on the same physical server as the MTA, and in high load

environments it is not uncommon to have Amavisd-new, ClamAV and SpamAssassin on a physically

separate server than the MTA.

2. Installation

Amavisd-new and ClamAV were installed from the RPMForge repository. To enable the RPMForge

repository, please see the RPMForge instructions.

SpamAssassin is part of the CentOS base repository, but RPMForge carries a more current version of

it. You should consider using the version from RPMForge. To do so (especially if you use the priorities

plugin for yum), add the following to the [base] and the [updates] sections of your

/ etc/ yum. r epos. d/ Cent OS- Base. r epo file:

[ base]

excl ude=spamassass*

. . .

[ updat es]

excl ude=spamassass*

. . .

First, install amavisd-new, clamav and spamassassin packages:

yum - - enabl erepo=r pmf orge, r pmf orge- ext r as i nst al l amavi sd- new cl amav cl amav- devel cl amd

spamassassi n

This will likely also install a bunch of dependencies including various perl modules and archive

packages. If all went well, two new users, amavis and clamav should have been installed onto the
http://wiki.centos.org/HowTos/postfixhttp://wiki.centos.org/Repositories/RPMForgehttp://wiki.centos.org/PackageManagement/Yum/Prioritieshttp://wiki.centos.org/PackageManagement/Yum/Prioritieshttp://wiki.centos.org/PackageManagement/Yum/Prioritieshttp://wiki.centos.org/PackageManagement/Yum/Prioritieshttp://wiki.centos.org/Repositories/RPMForgehttp://wiki.centos.org/HowTos/postfix


3/15



system:

# cat / etc/ passwd | gr ep "amavi s\ | cl amav"

cl amav: x: 101: 102: Cl am Ant i Vi r us Checker : / var / cl amav: / sbi n/ nol ogi n

amavi s: x: 102: 103: Amavi s emai l scan user : / var / amavi s: / bi n/ sh

In addition, the clamav user should automatically have been added to the amavis group:

# groups cl amav

cl amav : cl amav amavi s

If not, you can manually add clamav to the amavis group:

gpasswd - a cl amav amavi s

Finally, three new services should have been added to the system

# chkconf i g - - l i st | gr ep "amavi sd\ | cl amd\ | spamassassi n"

amavi sd 0: off 1: off 2: on 3: on 4: on 5: on 6: of f

cl amd 0: of f 1: of f 2: on 3: on 4: on 5: on 6: off

spamassassi n 0: of f 1: of f 2: of f 3: of f 4: of f 5: of f 6: of f

The spamassassin service, which starts spamd, can be set to off as Amavisd-new doesn't actually use

the spamassassin daemon (spamd) but rather loads spamassassin as a module.

3. Configuration

SpamAssassin actually requires no special configuration to work with Amavisd-new and will work out of

the box. This does not mean that you cannot configure it via / et c/ mai l / spamassassi n/ l ocal . cf, or your

own cf-files in that directory.

3.1. ClamAV


4/15



ClamAV's configuration is stored in /etc/clamd.conf. We must edit /etc/clamd.conf to tell ClamAV that

Amavisd-new will communicate using a local UNIX socket rather than a tcp socket, and where to find

that socket. Edit the LocalSocket setting and comment out the TCPSocket like so:

### / et c/ cl amd. conf

#

# Set t he Local Socket f or cl am

# Note t hi s *MUST* match t hat set i n / etc/ amavi sd. conf

#

Local Socket / var / r un/ cl amav/ cl amd. sock

#

# Comment out t he TCPSocket set t i ng:

# TCPSocket 3310

3.2. Amavisd-new

Amavisd-new keeps it's configuration settings in /etc/amavisd.conf.

Due to the power and flexibility of Amavisd-new, there is actually quite a lot to look at, so we'll cover

some of the more important settings a few at a time.

First up, we can disable either virus or spam checking by uncommenting the following lines (by default,

both virus and spam checking is enabled as the lines are commented out):

### / etc/ amavi sd. conf :

#

# To di sabl e vi r us or spam checks, uncomment t he f ol l owi ng:

#

# @bypass_vi r us_checks_maps = ( 1) ; # cont r ol s runni ng of ant i - vi r us code

# @bypass_ spam_checks_maps = ( 1) ; # cont r ol s r unni ng of ant i - spam code

# $bypass_decode_par t s = 1; # cont r ol s r unni ng of decoders & dearchi vers

Next, note to following lines although no change is required:

$max_server s = 2; # num of pr e- f orked chi l dr en ( 2. . 30 i s common) , - m

$daemon_user = "amavi s" ; # ( no def aul t ; cust omary: vscan or amavi s) , - u

$daemon_group = "amavi s" ; # ( no def aul t ; cust omary: vscan or amavi s) , - g

. . .

$i net _socket _port = 10024; # l i st en on t hi s l ocal TCP port ( s)

. . .

# $not i f y_method = ' smt p: [ 127. 0. 0. 1] : 10025' ;

# $f orward_method = ' smt p: [ 127. 0. 0. 1] : 10025' ; # set t o undef wi t h mi l t er!


5/15



$max_servers sets the number of concurrent Amavisd-new processes and must match the number

set in /etc/postfix/master.cf "maxproc" column for the amavisfeed service (see configuration of Postfix

below).

$daemon_userand $daemon_group should match the user and group, respectively, under which

Amavisd-new will run.

$inet_socket_port defines the tcp port over which Amavisd-new will accept connections from Postfix.

$notify_method and $forward_method define the reinjection path of mail from Amavisd-new back

into Postfix.

The following settings must be edited (in the case of $mydomain and $myhostname) and

uncommented (remove the leading #):

$mydomai n = ' exampl e. com' ; # Edi t : a conveni ent def aul t f or other set t i ngs$MYHOME = ' / var / amavi s' ; # Uncomment : a conveni ent def aul t f or ot her

set t i ngs , - H

$hel per s_home = "$MYHOME/ var " ; # Uncomment : wor ki ng di r ect or y f or SpamAssassi n,

- S

$l ock_f i l e = "$MYHOME/ var / amavi sd. l ock"; # Uncomment , - L

$pi d_f i l e = "$MYHOME/ var / amavi sd. pi d"; # Uncomment , - P

$myhost name = ' mai l . exampl e. com' ; # Uncomment & Edi t : must be a f ul l y- qual i f i ed

domai n name!

Next up are some SpamAssassin settings which override the default SpamAssassin settings:

$sa_t ag_l evel _def l t = 2. 0; # add spam i nf o header s i f at, or above t hat

l evel

$sa_t ag2_l evel _def l t = 6. 2; # add ' spam det ect ed' header s at t hat l evel

$sa_ki l l _ l evel _def l t = 6. 9; # t r i ggers spam evasi ve acti ons ( e. g. bl ocks

mai l )

$sa_dsn_cutof f _l evel = 10; # spam l evel beyond whi ch a DSN i s not sent

# $sa_quarant i ne_cut of f _l evel = 25; # spam l evel beyond whi ch quarant i ne i s of f

$penpal s_bonus_score = 8; # ( no ef f ect wi t hout a @st orage_sql _dsn

database)

$penpal s_t hr eshol d_hi gh = $sa_ki l l _l evel _def l t ; # don' t waste t i me on hi spam

$sa_mai l _body_si ze_l i mi t = 400*1024; # don' t waste t i me on SA i f mai l i s l arger

$sa_l ocal _t est s_onl y = 0; # onl y t est s whi ch do not r equi r e i nt er net

access?

None of these need to be changed, but it's worthwhile being aware of them as this is the most

convenient place to tweak spam thresholds.


6/15



$sa_tag_level_deflt is the level at which Amavisd-new will write spam info headers such as X-Spam-

Flag, X-Spam-Score and X-Spam-Status. If you would always like header info to be written to all

messages, set this value to -999.

$sa_tag2_level_deflt sets the level at which spam is tagged in the subject line of the message.

$sa_kill_level_deflt sets the level at which Amavisd-new will block the message and quarantine it.

This is useful as SpamAssassin doesn't do this by default.

$sa_dsn_cutoff_level is the level at which delivery failure notices are no longer sent to the sender. As

most spam sender addresses are forged anyway, it makes sense not to send failure notices in

response to obvious spam as you're only contributing to the problem of backscatter.

$sa_quarantine_cutoff_level is the level at which spam isn't even quarantined. By default it is

commented out meaning all spam will be quarantined.

Next up are some email addresses for notifications to be sent:

$vi r us_admi n = "vi r usal er t \ @$mydomai n"; # noti f i cat i ons r eci p.

$mai l f r om_not i f y_admi n = "vi r usal ert \ @$mydomai n"; # not i f i cat i ons sender

$mai l f r om_not i f y_reci p = "vi r usal ert \ @$mydomai n"; # noti f i cat i ons sender

$mai l f r om_not i f y_spamadmi n = "spam. pol i ce\ @$mydomai n"; # not i f i cat i ons sender

You will probably want to set these to "postmaster\@$mydomain" or some other address you would

rather receive spam notifications.

Finally, we need to uncomment the section for ClamAV like so:

### ht t p: / / www. cl amav. net /

[ ' Cl amAV- cl amd' ,

\ &ask_daemon, [ "CONTSCAN {}\ n", " / var/ r un/ cl amav/ cl amd. sock"] ,

qr / \ bOK$/ , qr / \ bFOUND$/ ,

qr / . *?: ( ?! I nf ected Ar chi ve) ( . *) FOUND$/ ] ,

# # NOTE: r un cl amd under t he same user as amavi sd, or r un i t under i t s own

# # ui d such as cl amav, add user cl amav to t he amavi s group, and t hen add

# # Al l owSuppl ement ar yGr oups t o cl amd. conf ;

# # NOTE: mat ch socket name ( Local Socket ) i n cl amav. conf t o t he socket name i n

# # t hi s ent r y; when r unni ng chrooted one may pref er socket " $MYHOME/ cl amd".

Note that the "/var/run/clamav/clamd.sock" setting must match the "LocalSocket

/var/run/clamav/clamd.sock" we made earlier in /etc/clamd.conf.

3.3. Postfix


7/15



Next we need to configure the services in Postfix (/etc/postfix/master.cf) to allow mail to be passed to

Amavisd-new for filtering and then reinjected back into Postfix.

First we will configure the Amavisd-new service to accept mail From Postfix. Amavisd-new supports

both lmtp and smtp, and in this instance we have chosen to use the lmtp protocol. (FIXME: I'm not

aware of any reasons for choosing one protocol over the other so selected to use lmtp on the basis

that having local delivery to Amavisd-new show up in the logs as "lmtp" makes the log files somewhat

easier to read).

Open /etc/postfix/master.cf and add the following service called "amavisfeed":

# ==========================================================================

# ser vi ce t ype pr i vat e unpr i v chroot wakeup maxproc command + ar gs

# ( yes) ( yes) ( yes) ( never ) ( 100)

# ==========================================================================

amavi sf eed uni x - - n - 2 l mt p

- o l mt p_data_done_t i meout =1200

- o l mt p_send_xf or war d_command=yes

- o di sabl e_dns_l ookups=yes

- o max_use=20

Note that the number (2) in the "maxproc" column must match the $max_servers setting in

/etc/amavisd.conf. For a detailed description of the options, see the Amavisd-new documentation

(/usr/share/doc/amavisd-new-2.5.4/README.postfix.html).

Then we must define a dedicated service to reinject mail back into Postfix. For this we add an smtp

service listening on localhost (127.0.0.1) tcp port 10025 (the default setting in /etc/amavisd.conf) to/etc/postfix/master.cf:

# ==========================================================================

# ser vi ce t ype pr i vat e unpr i v chroot wakeup maxproc command + ar gs

# ( yes) ( yes) ( yes) ( never ) ( 100)

# ==========================================================================

127. 0. 0. 1: 10025 i net n - n - - smt pd

- o content_ f i l te r=

- o smt pd_del ay_r ej ect =no

- o smt pd_cl i ent _r estr i ct i ons=permi t _mynet works, r ej ect

- o smt pd_hel o_r est r i cti ons=

- o smt pd_sender_r estr i ct i ons=

- o smt pd_r eci pi ent _r estr i ct i ons=per mi t _mynet works, r ej ect

- o smt pd_dat a_r est r i cti ons=r ej ect_unaut h_pi pel i ni ng

- o smt pd_end_of _dat a_rest r i ct i ons=

- o smt pd_r est r i cti on_cl asses=

- o mynetworks=127. 0. 0. 0/ 8

- o s mt pd_er r or_ sl eep_t i me=0

- o smt pd_sof t _err or_l i mi t =1001

- o smt pd_hard_er r or_ l i mi t =1000


8/15



- o smt pd_cl i ent _connect i on_count _l i mi t =0

- o smt pd_cl i ent _connect i on_r ate_l i mi t =0

- o

r ecei ve_over r i de_opt i ons=no_header _body_checks, no_unknown_reci pi ent _checks, no_mi l t ers, no_addre

ss_mappi ngs

- o l ocal _header_r ewri t e_cl i ent s=

- o smt pd_mi l t ers=

- o l ocal _r eci pi ent _maps=

- o r el ay_r eci pi ent _maps=

For a detailed description of the options, see the Amavisd-new documentation

(/usr/share/doc/amavisd-new-2.5.4/README.postfix.html).

After making changes to /etc/postfix/master.cf, we must reload postfix for the changes to take effect:

postf i x re l oad

At this point it might be wise to test the Amavisd-new and Postfix daemons are listening correctly (see

the Testing section below).

Once everything is in place and working, the final step is to enable message filtering in Postfix by

adding the following setting to /etc/postfix/main.cf:

cont ent _f i l t er=amavi sf eed: [ 127. 0. 0. 1] : 10024

and reload postfix for the changes to take effect:

postf i x re l oad

and watch your mail logs.

tai l - f / var / l og/ mai l l og

3.4. Other MTA's


9/15



Amavisd-new can be configured with other MTA's besides Postfix. README docs for other MTA's can

be found here:

http://www.ijs.si/software/amavisd/#doc

If anyone would like to contribute section's on configuring other MTA's they should see the How To

Contribute page here:

http://wiki.centos.org/HowToContribute

4. Testing

Now would be a good time to test that the services we've defined are working as expected.

First, start the clamd and amavisd services:

# servi ce cl amd st art

St art i ng Cl am Ant i Vi r us Daemon: [ OK ]

# servi ce amavi sd st art

St art i ng Mai l Vi r us Scanner ( amavi sd) : [ OK ]

Now test that the amavisd service is listening on 127.0.0.1:10024 using telnet:

$ t el net l ocal host 10024

Tr yi ng 127. 0. 0. 1. . .

Connect ed t o l ocal host. l ocal domai n ( 127. 0. 0. 1) .

Escape charact er i s ' ] ' .

220 [127. 0. 0. 1] ESMTP amavi sd- new ser vi ce r eady

ehl o l ocal host

250- [ 127. 0. 0. 1]

250- VRFY

250- PI PELI NI NG

250- SI ZE

250- ENHANCEDSTATUSCODES

250- 8BI TMI ME

250- DSN

250 XFORWARD NAME ADDR PROTO HELO

qui t

221 2. 0. 0 [ 127. 0. 0. 1] amavi sd- new cl osi ng t r ansmi ssi on channel

Connect i on cl osed by f orei gn host.

If everything is working then you should see a successful connection similar to above.
http://www.ijs.si/software/amavisd/#dochttp://wiki.centos.org/HowToContributehttp://wiki.centos.org/HowToContributehttp://www.ijs.si/software/amavisd/#doc


10/15



Next to test the Postfix smtpd is listening on 127.0.0.1:10025:

$ t el net l ocal host 10025

Tr yi ng 127. 0. 0. 1. . .

Connect ed t o l ocal host. l ocal domai n ( 127. 0. 0. 1) .

Escape charact er i s ' ] ' .

220 mai l . exampl e. com ESMTP Post f i x

ehl o l ocal host

250- mai l . exampl e. com

250- PI PELI NI NG

250- SI ZE 20480000

250- VRFY

250- ETRN

250- STARTTLS

250- ENHANCEDSTATUSCODES

250- 8BI TMI ME

250 DSN

qui t

221 2. 0. 0 Bye

Connect i on cl osed by f orei gn host.

Again we should see a successful connection as shown above. Now we can test if everything is

working by sending special strings to test the scanning.

GTUBE (Generic Test for Unsolicited Bulk Email) string for testing SpamAssassin.

EICAR string for testing ClamAV.

Change directory to /usr/share/doc/amavisd-new-2.5.4/test-messages, and run:

per l - pe ' s/ . / chr ( or d( $&) 255) / sge'


11/15



expectations.

5. SELinux

One workaround for SELinux issues is to temporarily use permissive rather than enforcing mode

in / et c/sel i nux/ conf i g . Such an approach has the added benefit of placing the needed information

in the SELinux audit logs, which may be found in /var/log/audit/ . For more information, see this article

about SELinux

When SELinux is enabled and in enforcing mode, some additional policies are required for amavisd

and ClamAV. The following SELinux policy modules were determined by running the

amavisd/ClamAV/SpamAssassin setup described herein on CentOS 5 (fully updated) with SELinux in

permissive mode and running AVC error logs through audit2allow as described in the SELinux HowTo.

We are going to create two custom SELinux policy modules, amavisdlocal and clamlocal for amavisd

and ClamAV, respectively (SpamAssassin does not require a custom SELinux policy). Cut and paste

the following code and save to amavisdlocal.te and clamlocal.te, respectively:

modul e amavi sdl ocal 1. 0;

r equi r e {

type traceroute_port_t;

t ype pgpkeyserver_ por t _t ;

t ype amavi s_var _l i b_t ;

t ype amavi s_t ;t ype cl ockspeed_por t _t ;

cl ass udp_socket name_bi nd;

cl ass l nk_fi l e { read creat e unl i nk get at t r };

}

#============= amavi s_t ==============

al l ow amavi s_t cl ockspeed_por t _t : udp_socket name_bi nd;

al l ow amavi s_t pgpkeyserver_ por t _t : udp_socket name_bi nd;

al l ow amavi s_t t r acer out e_port _t : udp_socket name_bi nd;

al l ow amavi s_t amavi s_var _l i b_t : l nk_f i l e { r ead creat e unl i nk get att r };

modul e cl aml ocal 1. 0;

r equi r e {

t ype pr oc_t ;

type var_t;
http://wiki.centos.org/HowTos/SELinuxhttp://wiki.centos.org/SpamAssassinhttp://wiki.centos.org/HowTos/SELinuxhttp://wiki.centos.org/HowTos/SELinuxhttp://wiki.centos.org/SpamAssassinhttp://wiki.centos.org/SpamAssassinhttp://wiki.centos.org/HowTos/SELinuxhttp://wiki.centos.org/SpamAssassinhttp://wiki.centos.org/HowTos/SELinux


12/15



t ype sysct l _ker nel _t ;

t ype cl amd_t ;

c l ass f i l e { read getatt r };

cl ass di r { r ead sear ch };

}

#============= cl amd_t ==============

al l ow cl amd_t pr oc_t: f i l e { r ead get at t r };

al l ow cl amd_t sysctl _kernel _t : di r sear ch;

al l ow cl amd_t sysctl _kernel _t : f i l e read;

al l ow cl amd_t var _t : di r r ead;

al l ow cl amd_t var_t : f i l e { r ead get at t r };

Now build and load the amavisdlocal module:

# checkmodul e - M - m - o amavi sdl ocal . mod amavi sdl ocal . t e

checkmodul e: l oadi ng pol i cy conf i gur ati on f r om amavi sdl ocal . t e

checkmodul e: pol i cy conf i gur ati on l oaded

checkmodul e: wr i t i ng bi nary repr esent ati on ( ver si on 6) t o amavi sdl ocal . mod

# semodul e_package - o amavi sdl ocal . pp - m amavi sdl ocal . mod

# semodul e - i amavi sdl ocal . pp

and repeat for clamlocal:

# checkmodul e - M - m - o cl aml ocal . mod cl aml ocal . t e

checkmodul e: l oadi ng pol i cy conf i gur ati on f r om cl aml ocal . t e

checkmodul e: pol i cy conf i gur ati on l oaded

checkmodul e: wr i t i ng bi nary repr esent ati on ( ver si on 6) t o cl aml ocal . mod

# semodul e_package - o cl aml ocal . pp - m cl aml ocal . mod

# semodul e - i cl aml ocal . pp

Finally, check that our custom local SELinux policy modules are loaded:

# semodul e - l

amavi s 1. 1. 0

amavi sdl ocal 1. 0

ccs 1. 0. 0

cl amav 1. 1. 0

cl aml ocal 1. 0

dcc 1. 1. 0

evol ut i on 1. 1. 0


13/15



i scs i d 1. 0. 0

mozi l l a 1. 1. 0

mpl ayer 1. 1. 0

nagi os 1. 1. 0

oddj ob 1. 0. 1

pcscd 1. 0. 0

postgr ey 1. 0

pyzor 1. 1. 0

razor 1. 1. 0

r i cci 1. 0. 0

smar t mon 1. 1. 0

5.1. CentOS 6

For CentOS 6, additional steps are required. Thanks to Harald Oehlmann in

http://lists.centos.org/pipermail/centos-docs/2012-October/004994.html

Amavis is storing the message body and all attachements (subfolder "parts") in a subfolder of

"/var/amavis/tmp". The virus scanner is scanning those files and writes its result in files in this folder.

Virus Scanner action on this folder is stopped by SELinux, resulting in errors like "(!)run_av (ClamAV-

clamscan) FAILED" in "/var/log/mail".

Do the following to allow this interface with clam-av:

- - se_cl amav_amavi s. t e- -# *** HaO 2012- 09- 30: add rul e t o al l ow cl amav to access amavi s f i l es

# and wr i t es back ok f i l e and may creat e temp f ol der

modul e c l amscanamavi s 1. 0;

r equi r e {

t ype cl amscan_t ;

t ype amavi s_var _l i b_t ;

cl ass f i l e {get att r r ead open wr i t e creat e unl i nk};

cl ass di r {sear ch r ead get att r open wr i t e add_name cr eate

set at t r r emove_name r mdi r };

}

al l ow cl amscan_t amavi s_var _l i b_t : f i l e {get att r r ead open wr i t e creat e

unl i nk};al l ow cl amscan_t amavi s_var _l i b_t : di r {search r ead get at t r open wr i t e

add_name cr eate set at t r r emove_name r mdi r };

And then

checkmodul e - M - m - o se_cl amav_amavi s. mod se_cl amav_amavi s. t e

semodul e_package - o se_cl amav_amavi s. pp - m se_cl amav_amavi s. mod

semodul e - i se_cl amav_amavi s. pp
http://lists.centos.org/pipermail/centos-docs/2012-October/004994.htmlhttp://lists.centos.org/pipermail/centos-docs/2012-October/004994.html


14/15



6. Updating

6.1. SpamAssassin

Spam is rapidly changing, and new rules are often written in response. With sa-update, those rules

can quickly (potentially within minutes) be distributed and the new spam caught. Please read about

sa-update before continuing. To enable automatic updates, open up /etc/cron.d/sa-update in your

favorite editor and uncomment the cron line so it looks like this:

10 4 * * * r oot / usr / share/spamassassi n/ sa- updat e. cron 2>&1 | t ee - a / var / l og/ sa- update. l og

Save and exit. This cron job will run at 4:10AM everyday.

6.2. ClamAV

ClamAV uses freshclam to update the virus definitions. They are automatically updated with the

/etc/cron.daily/freshclam cron script. No actions need to be taken. You can verify that your updates are

being completed by looking at your /var/log/clamav/freshclam.log log file.

7. Links

Amavisd-new is supplied with extensive documentation installed to /usr/share/doc/amavisd-new-2.5.4/

and the reader is referred to /usr/share/doc/amavisd-new-2.5.4/README.postfix.html in particular. An

online version is also available here: http://www.ijs.si/software/amavisd/README.postfix.html

http://www.linuxjournal.com/article/7778

http://www200.pair.com/mecham/spam/clamav-redhat-amavis.html

http://www200.pair.com/mecham/spam/clamav-amavisd-new.html

...
http://wiki.apache.org/spamassassin/RuleUpdateshttp://www.ijs.si/software/amavisd/README.postfix.htmlhttp://www.linuxjournal.com/article/7778http://www200.pair.com/mecham/spam/clamav-redhat-amavis.htmlhttp://www200.pair.com/mecham/spam/clamav-amavisd-new.htmlhttp://www200.pair.com/mecham/spam/clamav-amavisd-new.htmlhttp://www200.pair.com/mecham/spam/clamav-redhat-amavis.htmlhttp://www.linuxjournal.com/article/7778http://www.ijs.si/software/amavisd/README.postfix.htmlhttp://wiki.apache.org/spamassassin/RuleUpdates


15/15


HowTos/Amavisd (ltima edicin 2013-01-04 18:05:38 efectuada por NedSlider)

FrontPage Help Tips and Tricks How To FAQs Events Contribute Newsletter Changelog

HowTos/Amavisd

This wiki is licensed under a Creative Commons Attribution-Share Alike 3.0 Unported License.
http://wiki.centos.org/NedSliderhttp://wiki.centos.org/FrontPagehttp://wiki.centos.org/Documentationhttp://wiki.centos.org/TipsAndTrickshttp://wiki.centos.org/HowToshttp://wiki.centos.org/FAQhttp://wiki.centos.org/Eventshttp://wiki.centos.org/Contributehttp://wiki.centos.org/Newsletter/Latesthttp://wiki.centos.org/RecentChangeshttp://creativecommons.org/licenses/by-sa/3.0/http://creativecommons.org/licenses/by-sa/3.0/http://creativecommons.org/licenses/by-sa/3.0/http://creativecommons.org/licenses/by-sa/3.0/http://creativecommons.org/licenses/by-sa/3.0/http://creativecommons.org/licenses/by-sa/3.0/http://wiki.centos.org/RecentChangeshttp://wiki.centos.org/Newsletter/Latesthttp://wiki.centos.org/Contributehttp://wiki.centos.org/Eventshttp://wiki.centos.org/FAQhttp://wiki.centos.org/HowToshttp://wiki.centos.org/TipsAndTrickshttp://wiki.centos.org/Documentationhttp://wiki.centos.org/FrontPagehttp://wiki.centos.org/NedSlider

howtos_amavisd - centos wiki

Documents