Difference between pages "RoundCube" and "ClamAV"

From Wikislax
(Difference between pages)
Jump to: navigation, search
(Created page with "{{RightTOC}} == What is RoundCube ? == [http://roundcube.net RoundCube] is a PHP Web Mail application using SMTP and IMAP servers on the Network or on the local host. RoundC...")
 
(Testing ClamAV)
 
Line 1: Line 1:
 
{{RightTOC}}
 
{{RightTOC}}
  
== What is RoundCube ? ==
+
== What is ClamAV ? ==
  
[http://roundcube.net RoundCube] is a PHP Web Mail application using SMTP and IMAP servers on the Network or on the local host. RoundCube also requires a database. Recommended databases are MySQL or SQLite. PostgreSQL would be too buggy for production.
+
[http://www.clamav.net Clamav] is an Open Source antivirus.
  
== Installing RoundCube ==
+
== Installing ClamAV ==
  
[http://roundcube.net/download Download] and untar the software. As RoundCube is a PHP application there is nothing to compile. Review the INSTALL files to check dependancies and other recommendations. Create a link from the http directory or anywhere you deem appropriate :
+
Get the tarball from the [http://www.clamav.net/lang/en/download/sources/ download page]. Install in the standard way, create a user for running the software (e.g. '''milter''', as a single user has to be used by both '''Clamav''' and '''MIMEDefang''').
  
  # tar -C /usr/local -xvf roundcubemail-x.y.z.tar.gz
+
  # tar -C /usr/local -xvf clamav-x.y.tar.gz
  # cd /usr/local
+
  # cd /usr/local/
  # chown -R root:root roundcubemail-x.y.z
+
  # chown -R root:root clamav-x.y.z
  # cd roundcubemail-x.y.z
+
  # cd clamav-x.y
  # chown -R apache:apache temp
+
# ./configure --help | less
  # chown -R apache:apache logs
+
  # ./configure --libdir=/usr/local/lib64 --mandir=/usr/local/man \
  # less INSTALL
+
--sysconfdir=/etc --with-user=milter --with-group=milter
  # ln -s /usr/local/roundcubemail-x.y.z /var/www/htdocs/roundcube
+
# make
 +
# make install
 +
# make clean
 +
  # ldconfig
 +
  # groupadd milter
 +
  # useradd -g milter -s /bin/false milter
 +
# cd /var/log
 +
# mkdir -m 700 milter
 +
# chown milter:milter milter
 +
# cd /var/run
 +
# mkdir -m 700 milter
 +
# chown milter:milter milter
 +
# cd /usr/local/share
 +
# mkdir clamav
 +
# chown milter:milter clamav
  
RoundCube requires a database. Recommended databases are MySQL or SQLite. PostgreSQL would be too buggy for production. On this installation we use MySQL. Create the RoundCube database and user using [[phpMyAdmin]] or using MySQL commands :
+
== Configuring ClamAV ==
  
# cd /usr/local/roundcubemail-x.y.z
+
Review the configuration files in '''/etc/clamd.conf''' and '''/etc/freshclam.conf'''. Comment out the '''Example''' line and set the other parameters as below. The User milter line tells the software to execute as user milter :
# mysql -u root -p
 
Enter password:
 
> CREATE DATABASE roundcubemail /*!40101 CHARACTER SET utf8 COLLATE utf8_general_ci */;
 
> GRANT ALL PRIVILEGES ON roundcubemail.* TO roundcube.% IDENTIFIED BY 'password';
 
> FLUSH PRIVILEGES;
 
> quit
 
# mysql -u roundcube -p roundcubemail < SQL/mysql.initial.sql
 
# cp config/defaults.inc.php config.inc.php
 
  
Update the config file. Specify the database user password & the SMTP configuration. '''enable_installer''' affords using the test script that was once an installer script.
+
# cd /etc
 +
# cp clamd.conf.sample clamd.conf
 +
# vi clamd.conf
 +
. . .
 +
#Example
 +
LogFile /var/log/milter/clamd.log
 +
PidFile /var/run/milter/clamd.pid
 +
LocalSocket /var/spool/MIMEDefang/clamd.sock
 +
TCPAddr 127.0.0.1
 +
User milter
 +
DetectBrokenExecutables yes
 +
<esc>
 +
:x
 +
# cp freshclam.conf.sample freshclam.conf
 +
# vi freshclam.conf
 +
. . .
 +
#Example
 +
DatabaseDirectory /usr/local/share/clamav
 +
UpdateLogFile /var/log/milter/freshclam.log
 +
LogFileMaxSize 2M
 +
LogTime yes
 +
PidFile /var/run/milter/freshclam.pid
 +
DatabaseOwner milter
 +
DatabaseMirror db.FR.clamav.net
 +
NotifyClamd /etc/clamd.conf
 +
<esc>
 +
:x
 +
 
 +
== Running ClamAV ==
 +
 
 +
clamd and freshclam run as daemons so must be launched at startup and stopped at shutdown. Update '''/etc/rc.d/rc.local''' and '''/etc/rc.d/rc.local_shutdown''' accordingly :
  
  # vi config/config.inc.php
+
  # vi /etc/rc.d/rc.local
  '''. . .'''
+
  . . .
  $config['db_dsnw'] = 'mysql://roundcube:'''password'''@localhost/roundcubemail';
+
  # start clamd
$config['smtp_server'] = ''''tls://inner.studioware.com'''';
+
if [ -x /usr/local/sbin/clamd ]; then
  $config['smtp_port'] = '''587''';
+
        echo "Starting clamd daemon: /usr/local/sbin/clamd"
  $config['smtp_user'] = ''''%u'''';
+
        /usr/local/sbin/clamd
  $config['smtp_pass'] = ''''%p'''';
+
  fi
  $config['smtp_auth_type'] = ''''PLAIN'''';
+
   
  '''. . .'''
+
  # start freshclam
  $config['enable_installer'] = false;
+
  if [ -x /usr/local/bin/freshclam ]; then
 +
        echo "Starting freshclam daemon: /usr/local/bin/freshclam -d"
 +
        /usr/local/bin/freshclam -d
 +
  fi
 +
  <esc>
 
  :x
 
  :x
 +
# vi /etc/rc.d/rc.local_shutdown
 +
. . .
 +
# stop freshclam
 +
if [ -r /var/run/milter/freshclam.pid ]; then
 +
        echo "Stopping freshclam: kill -INT `cat /var/run/milter/freshclam.pid`"
 +
        kill -INT `cat /var/run/milter/freshclam.pid`
 +
fi
 +
 +
# stop clamd
 +
if [ -r /var/run/milter/clamd.pid ]; then
 +
        echo "Stopping clamd: kill -INT `cat /var/run/milter/clamd.pid`"
 +
        kill -INT `cat /var/run/milter/clamd.pid`
 +
fi
 +
<esc>
 +
:x
 +
 +
At this stage freshclam can be launched manually to initialize the virus database however clamd will fail as it requires a socket created by MIMEDefang when starting up. So we will delay clamd execution until MIMEDefang Sendmail with Milter are ready for use.
  
Point your browser to http://localhost/roundcube/installer. Follow the instructions given. In case you see some red NOT OK messages, then you need to fix something. When everything works, remove all the permissions on the installer directory. Otherwise the installer script could be re-launched again from the start, disclosing existing configuration information - including the passwords. Also make sure that files in directories config, temp, logs are protected from disclosure by the following non-overidable statements in the .htaccess hierarchy :
+
== Testing ClamAV ==
  
Order allow,deny
+
Don't run '''rc.local''' now. Download the ClamAV database first:
Deny from all
 
  
For more information on installation and configuration of RoundCube check the [http://trac.roundcube.net/wiki RoundCube Wiki].
+
# freshclam
  
== Maintaining RoundCube ==
+
eicar.com is a test signature for ClamAV. Make sure it works for you.
  
To keep your database slick and clean it is recommended to periodically execute bin/cleandb.sh which finally removes all records that are marked as deleted. The best solution is to install a cron job running this script daily.
+
# '''clamscan -r -l scan.txt ./'''[{{SERVER}}/wikislax/download/eicar.com eicar.com]
 +
./eicar.com: Eicar-Test-Signature FOUND
 +
 +
----------- SCAN SUMMARY -----------
 +
Known viruses: 4890369
 +
Engine version: 0.99.2
 +
Scanned directories: 0
 +
Scanned files: 1
 +
Infected files: 1
 +
Data scanned: 0.00 MB
 +
Data read: 0.00 MB (ratio 0.00:1)
 +
Time: 6.302 sec (0 m 6 s)
  
 
<br/>
 
<br/>
  
{{pFoot|[[MediaWiki]]|[[Main Page]]|[[INN]]}}
+
{{pFoot|[[SpamAssassin]]|[[Main Page]]|[[Milter]]}}

Latest revision as of 07:36, 7 July 2018

What is ClamAV ?

Clamav is an Open Source antivirus.

Installing ClamAV

Get the tarball from the download page. Install in the standard way, create a user for running the software (e.g. milter, as a single user has to be used by both Clamav and MIMEDefang). 

# tar -C /usr/local -xvf clamav-x.y.tar.gz
# cd /usr/local/
# chown -R root:root clamav-x.y.z
# cd clamav-x.y
# ./configure --help | less
# ./configure --libdir=/usr/local/lib64 --mandir=/usr/local/man \
--sysconfdir=/etc --with-user=milter --with-group=milter
# make
# make install
# make clean
# ldconfig
# groupadd milter
# useradd -g milter -s /bin/false milter
# cd /var/log
# mkdir -m 700 milter
# chown milter:milter milter
# cd /var/run
# mkdir -m 700 milter
# chown milter:milter milter
# cd /usr/local/share
# mkdir clamav
# chown milter:milter clamav

Configuring ClamAV

Review the configuration files in /etc/clamd.conf and /etc/freshclam.conf. Comment out the Example line and set the other parameters as below. The User milter line tells the software to execute as user milter : 

# cd /etc
# cp clamd.conf.sample clamd.conf
# vi clamd.conf
. . .
#Example
LogFile /var/log/milter/clamd.log
PidFile /var/run/milter/clamd.pid
LocalSocket /var/spool/MIMEDefang/clamd.sock
TCPAddr 127.0.0.1
User milter
DetectBrokenExecutables yes
<esc>
:x
# cp freshclam.conf.sample freshclam.conf
# vi freshclam.conf
. . .
#Example
DatabaseDirectory /usr/local/share/clamav
UpdateLogFile /var/log/milter/freshclam.log
LogFileMaxSize 2M
LogTime yes
PidFile /var/run/milter/freshclam.pid
DatabaseOwner milter
DatabaseMirror db.FR.clamav.net
NotifyClamd /etc/clamd.conf
<esc>
:x

Running ClamAV

clamd and freshclam run as daemons so must be launched at startup and stopped at shutdown. Update /etc/rc.d/rc.local and /etc/rc.d/rc.local_shutdown accordingly : 

# vi /etc/rc.d/rc.local
. . .
# start clamd
if [ -x /usr/local/sbin/clamd ]; then
        echo "Starting clamd daemon: /usr/local/sbin/clamd"
        /usr/local/sbin/clamd
fi

# start freshclam
if [ -x /usr/local/bin/freshclam ]; then
        echo "Starting freshclam daemon: /usr/local/bin/freshclam -d"
        /usr/local/bin/freshclam -d
fi
<esc>
:x
# vi /etc/rc.d/rc.local_shutdown
. . .
# stop freshclam
if [ -r /var/run/milter/freshclam.pid ]; then
        echo "Stopping freshclam: kill -INT `cat /var/run/milter/freshclam.pid`"
        kill -INT `cat /var/run/milter/freshclam.pid`
fi

# stop clamd
if [ -r /var/run/milter/clamd.pid ]; then
        echo "Stopping clamd: kill -INT `cat /var/run/milter/clamd.pid`"
        kill -INT `cat /var/run/milter/clamd.pid`
fi
<esc>
:x

At this stage freshclam can be launched manually to initialize the virus database however clamd will fail as it requires a socket created by MIMEDefang when starting up. So we will delay clamd execution until MIMEDefang Sendmail with Milter are ready for use.

Testing ClamAV

Don't run rc.local now. Download the ClamAV database first: 

# freshclam

eicar.com is a test signature for ClamAV. Make sure it works for you. 

# clamscan -r -l scan.txt ./eicar.com 
./eicar.com: Eicar-Test-Signature FOUND

----------- SCAN SUMMARY -----------
Known viruses: 4890369
Engine version: 0.99.2
Scanned directories: 0
Scanned files: 1
Infected files: 1
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 6.302 sec (0 m 6 s)


SpamAssassin Main Page Milter
Retrieved from "http://studioware.com/wikislax/index.php?title=RoundCube&oldid=62"