Is there a (reasonably sustainable) way to integrate an antivirus software other than ClamAV in Virtualmin?
For example I have antivirus that I trust, and it has a dedicated scan command, just like ClamAV, and the command returns 0 for clear and non-zero exit status for malware detected, just like ClamAV does.
The problem begins with ClamAV being tightly integrated with Virtualmin, as far as I see and ends with the way ClamAV is integrated in mail system - through Procmail.
Additionally, it is not utterly important to remove ClamAV form system, I'm good enough to leave it operating as intended I just do not want to relay on infamous ClamAV detection rate to protect my users from malware.
[EDIT]
It is obvious that per domain procmail files located in /etc/webmin/virtual-server/procmail/ are responsible for calling clamdscan, like:
/etc/webmin/virtual-server/clam-wrapper.pl /usr/bin/clamdscan.
So, I guess, in order to achieve what I want, a rewrite of /etc/webmin/virtual-server/clam-wrapper.pl is needed and it is reasonable to presume that everything changed to this file will be reverted by Virtualmin update process. Too bad my languages of choice were PHP and BASH and not Perl...
Howdy,
Is it an option to assume that every domain would want this anti-virus software?
If that would work, what you could do is add it to /etc/procmailrc, rather than editing the per-domain procmail files.
That way, you can just add it in one place.
At that point you're certainly welcome to disable ClamAV if you want, you can do that by disabling the ClamAV feature in Edit Virtual Server.
-Eric
Thanks for answer. The part with /etc/procmailrc is specially helpful since I was counting on per domain procmail file - no need for that thankfully.
For sake of completeness I'll post PHP (or better, BASH) version of generic email antivirus wrapper, when I test it enough - so far it's working. It turns out that /etc/webmin/virtual-server/clam-wrapper.pl is fairly simple program which reads email from STDIN and exits with 0 or 1 depending on malware found or not.
Very minimalistic example:
#!/bin/bash
################################################
#
# Minimal example of generic antivirus wrapper
# for Virtualmin email functionality. Intended
# to be used instead of
# /etc/webmin/virtual-server/clam-wrapper.pl
# .
# May be saved as:
# /etc/webmin/virtual-server/clam-wrapper.sh
# . Than, has to be specified in procmail
# file as a scanning program.
#
# ---------------------------------------------
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT
# WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,
# INCLUDING BUT NOT LIMITED TO THE WARRANTIES
# OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
# PURPOSE AND NONINFRINGEMENT. IN NO EVENT
# SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
# TORT OR OTHERWISE, ARISING FROM, OUT OF OR
# IN CONNECTION WITH THE SOFTWARE OR THE USE
# OR OTHER DEALINGS IN THE SOFTWARE.
#
###############################################
trap "rm -f /tmp/emscan_in.$$" 0 1 2 3 5 15
cat > "/tmp/emscan_in.""$$" || {
exit 5; }
#
# This is an example with clamdscan
# Other AVs has similar logic i.e.
# scan binary, path to file povided
# as an arugment and exit statuses.
# In this example, only zero status
# means scan is good, no malware
# found
clamdscan --fdpass "/tmp/emscan_in.""$$" > /dev/null 2>&1
#
exit $?