AV scanning on all email using free Virtualmin

26 posts / 0 new
Last post
#1 Mon, 02/09/2009 - 07:32
jmunjr

AV scanning on all email using free Virtualmin

Is there any set of instructions to have clamav(or another AV) scan all incoming email on the GPL/Fre version of virtualmin? It doesn't even have to be on a per domain basis.

Thank you!<br><br>Post edited by: jmunjr, at: 2009/02/09 07:33

Mon, 02/09/2009 - 07:48
andreychek

Howdy,

Actually, if you installed Virtualmin using the install.sh script, you should already be setup to have it scan all incoming email.

Just to verify though -- in System Settings -&gt; Features and Plugins, make sure &quot;Virus Filtering&quot; is enabled.

Then, go into Edit Virtual Server, click Features and Settings, and verify that &quot;Virus filtering enabled&quot; is checked for the domain.
-Eric

Mon, 02/09/2009 - 07:52 (Reply to #2)
jmunjr

Well, virus filtering is not enabled and I can't unless spam filtering is enabled, but when I try to enable spam filtering I get the message:

&quot;Failed to save enabled features : SpamAssassin is configured to be run from the global Procmail configuration /etc/procmailrc, which is not needed as Virtualmin will set it up on a per-domain basis.&quot;

Spamassassin is working on my server though... any ideas?

Mon, 02/09/2009 - 07:55 (Reply to #3)
andreychek

Can you post your /etc/procmailrc file?

Mon, 02/09/2009 - 07:57 (Reply to #4)
jmunjr

Here you go. Thanks fpr helping me out.

DROPPRIVS=yes
:0fw
| /usr/bin/spamassassin
#:0
* ^X-Spam-Status: Yes
$DEFAULT
DEFAULT=$HOME/Maildir/
ORGMAIL=$HOME/Maildir/

Sun, 06/07/2009 - 07:39 (Reply to #5)
andreychek

Howdy,

Okay, that's a bit different than the default one these days -- if you installed in some manner other than using the install.sh script, you'll need to double-check that all the programs in use below exist on your system.

However, this is what my procmailrc looks like on my system:

LOGFILE=/var/log/procmail.log
TRAP=/etc/webmin/virtual-server/procmail-logger.pl
:0wi
VIRTUALMIN=|/etc/webmin/virtual-server/lookup-domain.pl $LOGNAME
:0
* ?/usr/bin/test &quot;$VIRTUALMIN&quot; != &quot;&quot;
{
INCLUDERC=/etc/webmin/virtual-server/procmail/$VIRTUALMIN
}
ORGMAIL=$HOME/Maildir/
DEFAULT=$HOME/Maildir/
DROPPRIVS=yes
:0
$DEFAULT
Sun, 06/07/2009 - 07:39 (Reply to #6)
andreychek

Howdy,

Okay, that's a bit different than the default one these days -- if you installed in some manner other than using the install.sh script, you'll need to double-check that all the programs in use below exist on your system.

However, this is what my procmailrc looks like on my system:

[code:1]
LOGFILE=/var/log/procmail.log
TRAP=/etc/webmin/virtual-server/procmail-logger.pl
:0wi
VIRTUALMIN=|/etc/webmin/virtual-server/lookup-domain.pl $LOGNAME
:0
* ?/usr/bin/test &quot;$VIRTUALMIN&quot; != &quot;&quot;
{
INCLUDERC=/etc/webmin/virtual-server/procmail/$VIRTUALMIN
}
ORGMAIL=$HOME/Maildir/
DEFAULT=$HOME/Maildir/
DROPPRIVS=yes
:0
$DEFAULT
[/code:1]

Sat, 05/16/2009 - 02:46 (Reply to #7)
wattaman

Is getting more complicated.
I've installed procmail-wrapper, is this it?
How do I test if the spam&amp;virus check are working, if the virtualmin shows is activated?... without sending myself a virus, of course :)
This is confusing me.

Sat, 05/16/2009 - 05:50 (Reply to #8)
andreychek

Indeed, it's a complicated problem :-)

procmail-wrapper will only help if Postfix is configured properly. And various other little things :-)

This is why Joe always recommends the install.sh ;-)

But I know you have a live server now, so there are some ways to test if it's working.

First, if you look at the email headers, if SpamAssassin ran, it would have one or more X-Spam related headers.

Second, you can send yourself a &quot;test virus&quot;. It's a file that ClamAV will tag as bad, but it's not a real virus.

You can download it here:

http://www.eicar.org/anti_virus_test_file.htm#

Also, you might want to take a peek in the procmail.log file for signs of any problems:

/var/log/procmail.log

Sat, 05/16/2009 - 11:42 (Reply to #9)
Joe
Joe's picture

You're delivery configuration in Postfix needs to point to procmail-wrapper instead of procmail:

mailbox_command = /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME

There is a script that sets up just mail, but it's probably something you'd just want to look at, rather than run, since you are in production. It might give you some ideas about steps you're missing, if any.

http://software.virtualmin.com/lib/mail-setup.pl

--

Check out the forum guidelines!

Mon, 02/09/2009 - 08:15
jmunjr

Hmm yeah I initially installed Virtualmin over two years ago...

The script /etc/webmin/virtual-server/lookup-domain.pl doesn't exist on my system.. nor does procmail.log or the folder /etc/webmin/virtual-server/procmail/

sigh....

Mon, 02/09/2009 - 18:35 (Reply to #11)
Joe
Joe's picture

This message:

&quot;Failed to save enabled features : SpamAssassin is configured to be run from the global Procmail configuration /etc/procmailrc, which is not needed as Virtualmin will set it up on a per-domain basis.&quot;

Means you setup Procmail with the Webmin SpamAssassin module (or some other method that uses a generic system-wide Procmail rule). This is incompatible with Virtualmin's way of processing spam.

Replace your procmailrc with the one Eric suggested, and then you should be able to enable/disable spam options within Virtualmin.

<div class='quote'>The script /etc/webmin/virtual-server/lookup-domain.pl doesn't exist on my system.. nor does procmail.log or the folder /etc/webmin/virtual-server/procmail/</div>

If you enable/disable spam/AV scanning in Virtualmin, it will build these files and directories.

Don't agonize over it. This is not serious. ;-)

--

Check out the forum guidelines!

Mon, 02/09/2009 - 18:36 (Reply to #12)
Joe
Joe's picture

Er, I mean, enable/disable/enable. It's the enabling that creates the stuff.

--

Check out the forum guidelines!

Mon, 02/09/2009 - 18:46
jmunjr

Thanks a bunch. I figured it out earlier by commenting out the offending lines and turning it all on. Seems to work fine now.

It seems messages with viruses get deleted. Is there and easy was to change this so we still get the message just with the virus/file removed? Or do I have to edit something manually?

Also where is the spamassassin config file to edit to get more advanced config on how to handle various scenarios (e.g. delete messages with a score over 10 but deliver those betwen 5 and 10)

Anyway thanks so much...

Mon, 02/09/2009 - 18:55 (Reply to #14)
Joe
Joe's picture

<div class='quote'>Is there and easy was to change this so we still get the message just with the virus/file removed?</div>

No, but I assure you there will never be a &quot;good&quot; message with a virus attached. That's just not the way viruses work these days.

--

Check out the forum guidelines!

Mon, 02/09/2009 - 18:57 (Reply to #15)
andreychek

Howdy,

In regards to your spam filtering questions -- you can set the default spam and virus options for new domains in System Settings -&gt; Module Config -&gt; Spam Filtering options.

You can set them per-domain in Server Configuration -&gt; Spam and Virus filtering.
-Eric

Fri, 05/15/2009 - 12:42
wattaman

Hi, all!
I have the same situation as jmunjr but I haven't understand exactly how to fix this (sad, I know, after a year of virtualmin I'm still a noob :))
Can someone please guide me, step by step, on what to do to enable the smap&amp;virus check? I haven't understood, do I have to remove procmail or spamassasin, or replace them with other programs?!
Thank you!

<u>My situation:</u>
When trying to enable those (spam&amp;virus) I get the same:
<div class='quote'>&quot;Failed to save enabled features : SpamAssassin is configured to be run from the global Procmail configuration /etc/procmailrc, which is not needed as Virtualmin will set it up on a per-domain basis.&quot;</div>
The etc/procmailrc file is this:
<div class='quote'>DROPPRIVS=yes
:0fw
| /usr/bin/spamassassin
:0
* ^X-Spam-Status: Yes
$HOME/spam</div>

Fri, 05/15/2009 - 12:52 (Reply to #17)
Joe
Joe's picture

<div class='quote'>Can someone please guide me, step by step, on what to do to enable the smap&amp;virus check? I haven't understood, do I have to remove procmail or spamassasin, or replace them with other programs?!</div>

No. Removing them would completely remove all mail filtering capabilities. That's the exact opposite of what you should do. ;-)

<div class='quote'>&quot;Failed to save enabled features : SpamAssassin is configured to be run from the global Procmail configuration /etc/procmailrc, which is not needed as Virtualmin will set it up on a per-domain basis.&quot;</div>

You've enabled SpamAssassin in the Webmin SpamAssassin module. This is incompatible with the way Virtualmin manages mail processing. You must remove the rules added by that module.

In other words, your procmailrc would contain none of this:

:0fw
| /usr/bin/spamassassin
:0
* ^X-Spam-Status: Yes
$HOME/spam

But, you are also missing a ton of other stuff.

Why didn't you install Virtualmin using the install script? It handles configuring mail processing and lots of other stuff automatically.

If this system isn't in product yet, I would strongly recommend you start fresh and install Virtualmin using the install.sh script. You will save yourself many hours and a lot of frustration (or at least a lot of reading).

--

Check out the forum guidelines!

Fri, 05/15/2009 - 13:09 (Reply to #18)
wattaman

Oh, is working already, and I don't even remember how I installed it in the first place.
Anyway, coming back to the issue:
What do I have to do now to enable the spam&amp;virus check?

Sun, 06/07/2009 - 07:54 (Reply to #19)
Joe
Joe's picture

<div class='quote'>Oh, is working already, and I don't even remember how I installed it in the first place.
Anyway, coming back to the issue:
What do I have to do now to enable the spam&amp;virus check? </div>

You're not making any sense. You say it's working? But then you ask how?

So confusing for my tired old brain.

But, I'm guessing you want to use the Virtualmin standard tools for processing mail rather than the stuff you setup yourself in Webmin's SpamAssassin module.

If so, get rid of procmailrc, and replace it with this:

LOGFILE=/var/log/procmail.log
TRAP=/usr/libexec/webmin/virtual-server/procmail-logger.pl
VERBOSE=true

:0wi
VIRTUALMIN=|/etc/webmin/virtual-server/lookup-domain.pl $LOGNAME
:0
* ?test &quot;$VIRTUALMIN&quot; != &quot;&quot;
{
INCLUDERC=/etc/webmin/virtual-server/procmail/$VIRTUALMIN
}
DROPPRIVS=yes
DEFAULT=$HOME/Maildir/
ORGMAIL=$HOME/Maildir/

Then you should be able to use the spam/AV features of the GUI to turn on/off the stuff you want. I'm not sure if anything else needs to be done (it's been years since I've setup a system manually, I always use the install script). But fix that, and we'll tackle whatever other problems come up.

--

Check out the forum guidelines!

Fri, 05/15/2009 - 23:08
wattaman

Sorry, I meant to say the server is working already for a year now, can't install again using the script.
However, I've replaced the content of <i>procmailrc</i> with the one you suggested and after trying to enable the spam/virus I got this:
<div class='quote'>Failed to save enabled features : The procmail command /usr/bin/procmail is owned by group mail, when it should be owned by root. Email may not be properly delivered or checked for spam.</div>

So I assigned the <i>/usr/bin/procmail</i> file to root and after that it worked.
Thank you for your help, Joe!

Fri, 05/15/2009 - 23:13 (Reply to #21)
Joe
Joe's picture

<div class='quote'>So I assigned the /usr/bin/procmail file to root and after that it worked.</div>

Probably not (unless you're using sendmail). Virtualmin just isn't complaining any more...but I doubt it is delivering mail.

You need procmail-wrapper for this to work with Postfix.

We have packages for all of our supported operating systems in the various repositories (including the GPL repos).

--

Check out the forum guidelines!

Sat, 05/16/2009 - 11:57
wattaman

Well, I think I got it. I wasn't able to send myself the virus-test file, though. I guess this will be the ultimete test.
If anyone has the time to do it, please send me an email with one of the files from http://www.eicar.org/anti_virus_test_file.htm at atatATatatDOTro.
Thanks

Tue, 11/03/2009 - 01:54
hkfun2k8

ok guys after doing alot of reading,ESPICALY THIS POST!! i now could enable spam filtering and virus in virtualmin!!this is what happens when i do rechekc and config check.look below

The status of your system is being checked to ensure that all enabled features are available, that the mail server is properly configured, and that quotas are active ..

Mail server Postfix is installed and configured. Logrotate is installed. SpamAssassin and Procmail are installed and configured for use. ClamAV is installed and assumed to be running. Using network interface eth0 for virtual IPs. Default IP address for virtual servers is 196.41.26.105. Quotas are not enabled on the filesystem / which contains email files under /var/spool/mail. Quota editing for email has been disabled. All commands needed to create and restore backups are installed.

.. your system is ready for use by Virtualmin

What need i need info on now is.Ho do i know if it is acualy working?Where do i see what is beign blocked.And hows does spamassin decide what to block and let through?And where can i see what is begin blocked?Pls i think i am so close!

Tue, 11/03/2009 - 02:43
hkfun2k8

spoke to soon,no mails get deliverd i think it sgo to do with the mailbox_command in mail.cf which is set to /usr/bin/procmail.any help pls what should it be for virtual servers?any ideas?

Wed, 02/03/2010 - 11:24
nabab

I did the install through the install.sh script and ran in the same problem.

If you go to Webmin > Servers > Procmail Mail Filter and remove the 2 lines regarding ClamAV and Spam, then you'll be able to enable Spam and A/V protections in the plugins list of Virtualmin.