====== Spam and Virus Scanning ====== Virtualmin Pro allows you to enable spam and virus scanning on a per-virtual-server basis, and to configure what happens to email classifies as spam or virus-laden. Under the hood, it uses the popular SpamAssassin http://spamassassin.apache.org/ package for spam detection, and ClamAV http://www.clamav.net/ for viruses. SpamAssassin assigns each message it scans a score indicating how spammy it is, based on the content and servers it was sent from. Typically, anything with a score above 5 is regarded as most likely spam. ClamAV however just compares the message contents with a database of know virus signatures, and reports if any were found or not. ===== Turning On Spam and Virus Scanning ===== In a typical Virtualmin Pro install, you can enable filtering for a new or existing virtual server by just selecting the **Spam filtering enabled?** and **Virus filtering enabled?** checkboxes in the features section of the **Create** or **Edit Virtual Server** page. If they do not appear, make sure that these features are enabled globally on your system. This can be done as follows : - Login as ''root'', open the **System Settings** category on the left menu, and click on **Features and Plugins**. - Check the boxes next to **Spam filtering** and **Virus filtering**. - Click **Save**. If you see any error messages about SpamAssassin or ClamAV not being installed, you'll need to install their packages on your system first. ===== Spam and Virus Filtering and Procmail ===== Internally, Virtualmin creates an ''/etc/procmailrc'' file that in turn runs a Procmail include file under ''/etc/webmin/virtual-server/procmail'', depending on the domain to which each email received is sent. This then invokes the ''spamassassin'' and ''clamscan'' commands, then uses their output to decide if email should be delivered to a special folder or deleted. SpamAsssassin is run with command-line parameters that tell it to use configuration files under ''/etc/webmin/virtual-server/spam'', which can be different for each domain. This way, domain owners can customize their own SpamAssassin rules, spam levels and message modification settings. ===== Changing Delivery Destinations ===== By default, email classified as spam as delivered to the ''~/Maildir/.spam'' file under each user's home directory. This shows up as a folder named ''spam'' in users' mail clients, and in Usermin. Email that is detected as containing viruses is deleted by default, as virus detection is almost 100% accurate. However, you can change these destinations on a per-domain basis using Virtualmin. Some users may prefer that spam be deleted outright, or delivered normally so that it can be filtered by their mail clients. To change the delivery rules, the steps to follow are : - Login to Virtualmin as ''root'' or as the domain owner. - Select the domain from the left menu. - Open the **Server Configuration** category, and click on **Spam and Virus Delivery**. - Change the **Destination for spam emails** and **for virus emails** to whatever you want. - Click **Save**. The changes will take effect for email delivered from now on. In Virtualmin versions 3.54 and above, you can select to have email whose virus score is above some threshold deleted instead of being delivered to a ''spam'' folder. This can be used to stop the delivery of messages that are obviously spam, saving on disk spam and the bandwidth used to download them. To delete high-scoring spam, just follow the steps above and set the **Delete spam if score is above** field to some number like //10//. ===== Default Delivery Destinations ===== If you have spam and virus delivery destinations that you want used for all new domains, you can set them as follows : - Login to Virtualmin as ''root''. - Open the **System Settings** category on the left menu, and click on **Module Config**. - Select the **Spam filtering options** section. - Change the **Default delivery for spam** and **for viruses** to whatever you want. - Click **Save**. To make changes for all existing domains, use the ''modify-spam.pl'' command-line API script. ===== Automatic Spam Clearing ===== If Virtualmin is configured to deliver spam to a separate folder for each user, this can end up consuming a lot of disk space and disk quotas. To keep usage down, it is possible have Virtualmin automatically delete users' spam that is more than a certain number of days old, or is taking up more than some amount of disk space. To set this up for a single domain, the steps to follow are : - Select the domain from Virtualmin's left menu. - Open the **Server Configuration** category, and click on **Spam and Virus Delivery**. - In the **Automatically delete spam?** field, select **Yes, if older than** and enter a number of days into the adjacent text box. I suggest //5// days, which is more than enough time for users to periodically check their spam folders for false positives. - Click **Save**. If you prefer to delete based on disk usage, select **Yes, when mailbox exceeds** instead and enter a maximum size for the spam folder. When this is exceeded, messages will be deleted oldest first until it is smaller than the specified size. The default setting for new virtual servers can be set on the **Module Config** page in the **Spam filtering options** section. To make changes for all existing domains, use the ''modify-spam.pl'' command-line API script. ===== Reducing CPU Load with Clamd ===== In the default Virtualmin configuration, each email received is processed with the ''clamscan'' command to check if it contains viruses. Unfortunately, this can take anywhere from seconds to minutes to run, particularly on VPS systems that have limited IO bandwidth or CPU resources. Most of this time is spent loading the virus database, which is continually growing as new viruses are found by the ClamAV authors. Slowness running ''clamscan'' can cause email delivery to be delayed by several minutes, during which messages stay in the Postfix mail queue. It can also lead to high CPU load on the system, which then slows down other services like Apache or MySQL. Fortunately, there is a fix - the ''clamd'' server process, which loads the virus database just once and then stays running. When email arrives, the ''clamdscan'' command connects to it, passes over the message to be scanned, then reads back the results. This typically only takes a seconds, even on a system with limited resources. If your system is receiving a large amount of email, I recommend the use of ''clamd''. It probably isn't worth running on a system used primarily as a web server though, as it consumes about 64M of RAM at all times. To enable the use of the ClamAV server process, follow these steps : - Login to Virtualmin as ''root''. - Open the **Email Messages** category on the left menu, and click on **Spam and Virus Scanning**. - At the bottom of the page you should see a button labelled **Enable ClamAV Server** - click it. If the button isn't visible, this means that Virtualmin doesn't know how to configure ''clamd'' on your operating system, and you will need to do it manually. - After clicking, check the messages that appear to make sure that no errors were reported. If all went well, return to the **Spam and Virus Scanning** page. - Change the **Virus scanning program** to **Server scanner (clamdscan)** , and click **Save**. Virtualmin will check if ''clamd'' and ''clamdscan'' are working properly, and if so configure all virtual servers to use it for virus classification from now on. ===== Common ClamAV Problems ===== If Virtualmin reports that the ''clamscan'' command is not working on your system, here are some things to try : * Run ''freshclam'' to download the virus database. On some systems, the standard ClamAV packages do not include any virus data files, so ''clamscan'' cannot run. * Remove the ''Example'' line from ''/etc/freshclam.conf''. On some systems this line exists by default, to intentionally prevent ''freshclam'' from running! * Make sure that the virus database path in ''/etc/clamd.conf'' matches the directory updated by ''freshclam''. If not, ''clamd'' will not start due to the lack of data files.