Help with Amavis and Spamassassin
Thanks to all who helped, and especially Sandy, I've got my suse 10.0 box running my mail server now. My 8.2 box soon to be re-tasked. Mostly default postfix with cyrus imap. I do plan to add pop at some point for some email users. I've never used amavis before, nor spamassassin, and was wondering if someone could help me get kick started. I have amavisd-new installed from the 10.0 dvd, not yet installed spamassassin. I'm under the impresson that these both work together? I am getting mail in and out, but /var/log/warn shows many many of the following: Jan 25 18:53:16 cammee amavis[24374]: (24374-07) WARN: all primary virus scanners failed, considering backups Jan 25 19:01:26 cammee amavis[24336]: (24336-08) WARN: all primary virus scanners failed, considering backups Jan 25 19:01:52 cammee amavis[24374]: (24374-08) WARN: all primary virus scanners failed, considering backups Jan 25 19:02:11 cammee amavis[24336]: (24336-09) WARN: all primary virus scanners failed, considering backups I assume that I don't have anything actually configured in amavisd.conf, but not sure what to enable. And not at all sure how spamassassin fits into all this. Any pointers most welcome. Jim
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Wednesday 2006-01-25 at 19:18 -0600, Jim Flanagan wrote:
Jan 25 18:53:16 cammee amavis[24374]: (24374-07) WARN: all primary virus scanners failed, considering backups
You do not have any antivirus installed. Install one, or tell amavis-new not to use any. - -- Cheers, Carlos Robinson -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD4DBQFD2CaNtTMYHG2NR9URAiSOAJUR43wRZBnPlKfYpbuk33kuWBAaAJ9fg3fJ 3EY5L/eiROmvUoYPxrJ0Xg== =XQ+7 -----END PGP SIGNATURE-----
Jim Flanagan wrote:
Thanks to all who helped, and especially Sandy, I've got my suse 10.0 box running my mail server now. My 8.2 box soon to be re-tasked. Mostly default postfix with cyrus imap. I do plan to add pop at some point for some email users.
I've never used amavis before, nor spamassassin, and was wondering if someone could help me get kick started. I have amavisd-new installed from the 10.0 dvd, not yet installed spamassassin. I'm under the impresson that these both work together?
I am getting mail in and out, but /var/log/warn shows many many of the following:
Jan 25 18:53:16 cammee amavis[24374]: (24374-07) WARN: all primary virus scanners failed, considering backups Jan 25 19:01:26 cammee amavis[24336]: (24336-08) WARN: all primary virus scanners failed, considering backups Jan 25 19:01:52 cammee amavis[24374]: (24374-08) WARN: all primary virus scanners failed, considering backups Jan 25 19:02:11 cammee amavis[24336]: (24336-09) WARN: all primary virus scanners failed, considering backups
As you can see, amavisd-new is already installed and integrated. Spamassassin should be usable once installed. Though you should be aware that it will only be effective after you have fed sa-learn some hundred spam and ham mails. In /etc/amavisd.conf you can remove the comments of your installed virus scanner. After a restart of amavis it should be able to use the scanner and won't complain anymore. For a start you can use clam-av. Take care to update the signatures at least once a day with fresh-clam.
I assume that I don't have anything actually configured in amavisd.conf, but not sure what to enable. And not at all sure how spamassassin fits into all this.
As I said, you need to tell amavis, which virus scanner to use in /etc/amavisd.conf. Sandy -- List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com
Sandy Drobic wrote:
Jim Flanagan wrote:
Thanks to all who helped, and especially Sandy, I've got my suse 10.0 box running my mail server now. My 8.2 box soon to be re-tasked. Mostly default postfix with cyrus imap. I do plan to add pop at some point for some email users.
I've never used amavis before, nor spamassassin, and was wondering if someone could help me get kick started. I have amavisd-new installed from the 10.0 dvd, not yet installed spamassassin. I'm under the impresson that these both work together?
I am getting mail in and out, but /var/log/warn shows many many of the following:
Jan 25 18:53:16 cammee amavis[24374]: (24374-07) WARN: all primary virus scanners failed, considering backups Jan 25 19:01:26 cammee amavis[24336]: (24336-08) WARN: all primary virus scanners failed, considering backups Jan 25 19:01:52 cammee amavis[24374]: (24374-08) WARN: all primary virus scanners failed, considering backups Jan 25 19:02:11 cammee amavis[24336]: (24336-09) WARN: all primary virus scanners failed, considering backups
As you can see, amavisd-new is already installed and integrated. Spamassassin should be usable once installed. Though you should be aware that it will only be effective after you have fed sa-learn some hundred spam and ham mails.
In /etc/amavisd.conf you can remove the comments of your installed virus scanner. After a restart of amavis it should be able to use the scanner and won't complain anymore.
For a start you can use clam-av. Take care to update the signatures at least once a day with fresh-clam.
I assume that I don't have anything actually configured in amavisd.conf, but not sure what to enable. And not at all sure how spamassassin fits into all this.
As I said, you need to tell amavis, which virus scanner to use in /etc/amavisd.conf.
Sandy OK, thanks guys. I know I really shouldn't ask this, tis a loaded question. But...which one is best, or recommended?
Jim
On Thu, 2006-01-26 at 16:44 -0600, Jim Flanagan wrote:
Sandy Drobic wrote: Please trim your replies.
Jim Flanagan wrote:
Sandy OK, thanks guys. I know I really shouldn't ask this, tis a loaded question. But...which one is best, or recommended?
The best one is the one that works best for you. -- Ken Schneider UNIX since 1989, linux since 1994, SuSE since 1998
On Thursday 26 January 2006 22:44, Jim Flanagan wrote: [snip]
OK, thanks guys. I know I really shouldn't ask this, tis a loaded question. But...which one is best, or recommended?
The advantage of clamav is that it is there, free, ready and waiting for an install. It will give you plenty of protection while you investigate all the other ones, at no cost and minimum hassle to you. I've used it on SuSE10 with amavisd and spamassassin and it's run without bog ups. :) Fish
Mark Crean wrote:
On Thursday 26 January 2006 22:44, Jim Flanagan wrote: [snip]
OK, thanks guys. I know I really shouldn't ask this, tis a loaded question. But...which one is best, or recommended?
The advantage of clamav is that it is there, free, ready and waiting for an install. It will give you plenty of protection while you investigate all the other ones, at no cost and minimum hassle to you. I've used it on SuSE10 with amavisd and spamassassin and it's run without bog ups.
:)
Fish
Thanks Mark, that sounds like good advice. Will go with that for now. Incidentally, I did notice that a backup scanner has been catching some emails with those lovely little .gif files attached. Apparently kapersky is set as a backup scanner, but I did nothing to set it up that way. I notice that they let you download the rpm, but charge a subscription fee for a key to enable their service. Not what I need for now. I'll start with clam-av. Tks, Jim
On Thu, 2006-01-26 at 17:43 -0600, Jim Flanagan wrote:
Mark Crean wrote:
On Thursday 26 January 2006 22:44, Jim Flanagan wrote: [snip]
OK, thanks guys. I know I really shouldn't ask this, tis a loaded question. But...which one is best, or recommended?
The advantage of clamav is that it is there, free, ready and waiting for an install. It will give you plenty of protection while you investigate all the other ones, at no cost and minimum hassle to you. I've used it on SuSE10 with amavisd and spamassassin and it's run without bog ups.
:)
Fish
Thanks Mark, that sounds like good advice. Will go with that for now. Incidentally, I did notice that a backup scanner has been catching some emails with those lovely little .gif files attached. Apparently kapersky is set as a backup scanner, but I did nothing to set it up that way. I notice that they let you download the rpm, but charge a subscription fee for a key to enable their service. Not what I need for now. I'll start with clam-av.
Tks,
Clam-av is on the install media but it is not the latest. Best off getting it from http://ftp.suse.com/pub/projects/clamav/clamav-0.88/ and you will need the db package as well. After it is installed run freshclam to update the definition files. -- Ken Schneider UNIX since 1989, linux since 1994, SuSE since 1998
Ken Schneider wrote:
On Thu, 2006-01-26 at 17:43 -0600, Jim Flanagan wrote:
Mark Crean wrote:
On Thursday 26 January 2006 22:44, Jim Flanagan wrote: [snip]
OK, thanks guys. I know I really shouldn't ask this, tis a loaded question. But...which one is best, or recommended?
The advantage of clamav is that it is there, free, ready and waiting for an install. It will give you plenty of protection while you investigate all the other ones, at no cost and minimum hassle to you. I've used it on SuSE10 with amavisd and spamassassin and it's run without bog ups.
:)
Fish
Thanks Mark, that sounds like good advice. Will go with that for now. Incidentally, I did notice that a backup scanner has been catching some emails with those lovely little .gif files attached. Apparently kapersky is set as a backup scanner, but I did nothing to set it up that way. I notice that they let you download the rpm, but charge a subscription fee for a key to enable their service. Not what I need for now. I'll start with clam-av.
Tks,
Clam-av is on the install media but it is not the latest. Best off getting it from http://ftp.suse.com/pub/projects/clamav/clamav-0.88/ and you will need the db package as well. After it is installed run freshclam to update the definition files.
Thanks Ken, will do. I take it that all I need to do after downloading and installing and updating, is to uncomment the clamav-clamd secton of the amavisd.conf? Restarting amavisd afterwards. Jim
On Thu, 2006-01-26 at 18:33 -0600, Jim Flanagan wrote:
Ken Schneider wrote:
On Thu, 2006-01-26 at 17:43 -0600, Jim Flanagan wrote:
Mark Crean wrote:
Clam-av is on the install media but it is not the latest. Best off getting it from http://ftp.suse.com/pub/projects/clamav/clamav-0.88/ and you will need the db package as well. After it is installed run freshclam to update the definition files.
Thanks Ken, will do. I take it that all I need to do after downloading and installing and updating, is to uncomment the clamav-clamd secton of the amavisd.conf? Restarting amavisd afterwards.
That and create a cron script to run freshclam on a hourly basis. I use the following: In /etc/cron.hourly/clamd-update #!/bin/sh cd /usr/bin ./freshclam | /bin/mail -s 'freshclam hourly report' root I have the results emailed to root so that I can keep a eye on the updates. That is also how I found out that I needed to update the programs a couple of weeks ago. Make sure the script is executable or it will not run. -- Ken Schneider UNIX since 1989, linux since 1994, SuSE since 1998
Ken Schneider wrote:
On Thu, 2006-01-26 at 18:33 -0600, Jim Flanagan wrote:
Ken Schneider wrote:
On Thu, 2006-01-26 at 17:43 -0600, Jim Flanagan wrote:
Mark Crean wrote:
Clam-av is on the install media but it is not the latest. Best off getting it from http://ftp.suse.com/pub/projects/clamav/clamav-0.88/ and you will need the db package as well. After it is installed run freshclam to update the definition files.
Thanks Ken, will do. I take it that all I need to do after downloading and installing and updating, is to uncomment the clamav-clamd secton of the amavisd.conf? Restarting amavisd afterwards.
That and create a cron script to run freshclam on a hourly basis. I use the following: In /etc/cron.hourly/clamd-update
#!/bin/sh cd /usr/bin ./freshclam | /bin/mail -s 'freshclam hourly report' root
I have the results emailed to root so that I can keep a eye on the updates. That is also how I found out that I needed to update the programs a couple of weeks ago. Make sure the script is executable or it will not run.
Thanks Ken. Actually I think YOU had updated clamav as yast shows ver 0.88-0.1 installed. I ran freshclam manually and it updated itself. I noticed that in runlevel editor there are daemons for clam and freshclam. I edited /etc/clam.conf to log to the default /var/log/clam which it is doing. I started both daemons and both are running. I believe the freshclam daemon is updating itself every 2 hours (as default in /etc/freshclam.conf) but when I try to enable logging for that the daemon won't start, showing write permission error, so I'm not sure it's updating the clam db, but I think it is. If this is the case I don't think I need to run cron. I'll check on this later today, and try to get the log function for freshclam working. The perms for /var/log/clam txt file is set as root/root. In any case my email is now being scanned by amavis / clamav, and there are no warning messages about not fining primary av scanner. Jim
On Thursday 26 January 2006 23:43, Jim Flanagan wrote: [snip]
Thanks Mark, that sounds like good advice. Will go with that for now. Incidentally, I did notice that a backup scanner has been catching some emails with those lovely little .gif files attached. Apparently kapersky is set as a backup scanner, but I did nothing to set it up that way. I notice that they let you download the rpm, but charge a subscription fee for a key to enable their service. Not what I need for now. I'll start with clam-av.
You can also adapt or extend the filters in amavis to catch email attachments by file type. See the lines around 146 and following in the config file ("# for $banned_namepath_re, a new-style of banned table"). A crude method, but effective if there is a new scare going round about, say, infected jpegs or gifs. I've uncommented the # banned ext - long for my machine, for example. :) Fish
participants (5)
-
Carlos E. R. -
Jim Flanagan -
Ken Schneider -
Mark Crean -
Sandy Drobic