Does anyone know how to configure Clamav on Webmin/Virtualmin?
In the software manager (CentOS 5) I can see clamav-server is installed, also I did "locate clamd" and it is installed in the system. Ended up installing this webmin 3rd party module http://labs.libre-entreprise.org/frs/download.php/622/wbmclamav-0.9.0.wbm.gz
,new menu appeared ("Configuration For module Clam Antivirus") and it seems default paths in there doesnt seem to work and no readme or FAQ to this module. For instance what is "Use the following content scanner" option means?
If someone had experience installing ClamAV on webmin - please advise. Thanks!

I'm not at all familiar with the Clam third party module, but you can get our clam packages for CentOS from here, which makes getting it running reasonably easy:

http://software.virtualmin.com/gpl/centos/5/

From there, you need to add a couple of lines to your procmailrc (assuming you're delivering mail via procmail). Something along the lines of:

:0cW
VIRUS=| clamscan --no-summary --stdout -

:0
* VIRUS ?? 1
/dev/null

This is wholly untested...but I think it'll work.

Virtualmin Professional does things a little differently, but you need a few other programs (and a custom configuration file for each virtual server) for it to work the way we do it.

Post edited by: Joe, at: 2008/02/26 15:15

so at the end /etc/procmail file should look like this?
---------------------------------------
DEFAULT=$HOME/Maildir/
ORGMAIL=$HOME/Maildir/

:0cW
VIRUS=| clamscan --no-summary --stdout -

:0
* VIRUS ?? 1
/dev/null
---------------------------------------

is it correct?

How do I scan the server for viruses?

I see that the clamd wraper starts at boot but I don't see it anywhere in the "system settings" -> module config -> spam filting options

How do I scan the server for viruses?

I see that the clamd wraper starts at boot but I don't see it anywhere in the "system settings" -> module config -> spam filting options

you don't see spamassassin there either. That just sets up the options for the mail delivery. You can choose to delete it, put it in a folder or forward it off ( some legit software sent in an email might be seen as a virus).

There is nothing really to touch in ClamAV so the only place you "see" it is in the bootup-shutdown module.

How do I scan the server for viruses?

You don't. It'd be pointless. The number of viruses that effect Linux can be counted on one hand (and then they're generally harmless proof of concept viruses that have long been patched out of utility).

You might, however, consider checking out chkrootkit. A root kit is the nastiest thing that happens to Linux boxes. Its delivery mechanism is usually an exploit in one of the system services (usually it requires multiple exploits to attain privileges needed to install a root kit, since it has to have root-level access to the system to do any damage and very few services run as root on a Linux system).

The most important security steps you can take are:

1. Use strong passwords for ALL accounts.

2. Keep the system up to date--never run out of date software on your system. The latest packages from your OS vendor are usually the appropriate choice (Red Hat, CentOS, Debian, Ubuntu, all have excellent security histories and tend to patch security issues within hours or days). All of these systems also make it easy to update your system via yum or apt-get.

3. Don't run unnecessary services. If you don't need a service (like PostgreSQL or ProFTPd or xinetd) shut it down. It's worth going through the process of figuring out whether you need all of the services on your system, as a learning process so you know what all of them do. This is useful knowledge to have regardless of the security impact.