BuycPanel Blog

BuycPanel Blog

Latest news and updates

Advanced Configurations in ClamAV Scanner

Posted by Allura on 30 11 2018.

A Brief Introduction
Exim is a popular mail transfer agent used on systems to send, receive and reroute emails. It is freely available under the General Public License (GNU). Developed in 1995 at Cambridge University by Philip Hazel, this open source mail transfer agent offers a flexible mailing solution with a wide range of features for scanning inbound mail.

Configure ClamAV for Exim
After you have set up ClamAV, you need to run some additional steps if you want your outgoing messages scanned through Exim by ClamAV.

Run the following steps to scan outbound messages using Exim:

 	Locate the Exim Configuration Manager interface in WHM. You will find it at WHM > Home > Service Configuration > Exim Configuration Manager > Basic Editor > Security.
 	You will find an option called Scan messages for malware from authenticated senders (exiscan). Choose the On option.
 	Turn on the Scan outgoing messages for malware option.
 	Confirm your settings by clicking on Save. 

 
Using…

A Brief Introduction

Exim is a popular mail transfer agent used on systems to send, receive and reroute emails. It is freely available under the General Public License (GNU). Developed in 1995 at Cambridge University by Philip Hazel, this open source mail transfer agent offers a flexible mailing solution with a wide range of features for scanning inbound mail.

Configure ClamAV for Exim

After you have set up ClamAV, you need to run some additional steps if you want your outgoing messages scanned through Exim by ClamAV.

Run the following steps to scan outbound messages using Exim:

  1. Locate the Exim Configuration Manager interface in WHM. You will find it at WHM > Home > Service Configuration > Exim Configuration Manager > Basic Editor > Security.
  2. You will find an option called Scan messages for malware from authenticated senders (exiscan). Choose the On option.
  3. Turn on the Scan outgoing messages for malware option.
  4. Confirm your settings by clicking on Save.

 

Using the Command Line Interface

You can also use ClamAV through the command line program. You can the binaries inside the directory /usr/local/cpanel/3rdparty/bin/:

  1. /usr/local/cpanel/3rdparty/bin/clamscan
  2. /usr/local/cpanel/3rdparty/bin/clamdscan
  3. /usr/local/cpanel/3rdparty/bin/freshclam

 

You can set up ClamAV to run manually using the command line. Make the following changes to the /usr/local/cpanel/3rdparty/etc/clamd.conf file:

 

Option Description
 

FixStaleSocket

Deletes a redundant socket file when a system hasn’t been properly shutdown.
LocalSocket

 

The daemon listens using this path to the socket file located locally.
PhishingScanURLs

 

Scans the web links present within emails and detect phising data.
PhishingSignatures

 

Scans the signature present within emails and detect phising data.
PidFile

 

The location of the process identifier file of the linked daemon.
ScanMail Activates the internal email scanner.

 

Some scripts in your system might look for ClamAV binaries in the /usr/local/bin directory. Use the commands mentioned below to create a symbolic link to the binaries:

  1. ln -s /usr/local/cpanel/3rdparty/bin/clamscan /usr/local/bin/clamscan
  2. ln -s /usr/local/cpanel/3rdparty/bin/freshclam /usr/local/bin/freshclam

ClamAV Cron Job

Having configured the ClamAV software, it is recommended that a root cron job be scheduled to execute regularly. In order to avoid bottlenecking of resources, set this to run during the time when server activity is slow.

Here is an example of a command that scans the accounts of the server:

while read domain user; do /usr/local/cpanel/3rdparty/bin/clamscan -i -r /home/”$user” 2>&1; done </etc/trueuserdomains >>/root/infections.txt

Using this command you can scan the home directory for span and corrupted files.

 

A Concluding Statement

There are a range of ways in which you can install ClamAV. You can link it with a mail transfer agent like Exim. There are also facilities for installation through the command line.