habibzain Just husband, father and enthusiastic men about System Administration. Love to write short article about it. Perhaps can help and be useful for others.

Install Amavisd and ClamAV on Alma Linux 8 / Centos 8 / RHEL 8

3 min read

alma linux setting amavis clamav

This is preface. Amavis (A Mail Virus Scanner) is a high-performance interface between a message transfer agent (MTA) such as Postfix and content filters. A content filter is a program that scans the headers and body of an email message. Most common tool of content filters are ClamAV virus scanner and SpamAssassin. This article describe about simply Install Amavisd and ClamAV on Alma Linux 8 / Centos 8 / RHEL 8.

At least, we have finished setting Postfix as SMTP Server.

Install Amavis on Alma Linux 8/CentOS 8/RHEL 8

Enable the PowerTools repository since EPEL packages may depend on packages from it:

sudo yum config-manager --set-enabled powertools
sudo yum install epel-release
sudo yum update

After that, install Amavisd and other package needed.

yum -y install amavis

Commonly Viruses or spammer spread as attachments to email messages. Install the following packages for Amavis to extract and scan archive files in email messages such as .7z.cab.doc.exe.iso.jar, and .rar files.

yum -y install arj bzip2 cpio file gzip nomarch spax unrar p7zip unzip zip lrzsz lzip lz4 lzop

Important:

If our server doesn’t use a fully-qualified domain name (FQDN) as the hostname, Amavis might fail to start. And the OS hostname might change, so it’s recommended to set a valid hostname directly in the Amavis configuration file.

vim /etc/amavisd/amavisd.conf

Find $mydomain and $myhostname. Like this.

$mydomain = 'example.com';   # a convenient default for other settings

Change to 

$mydomain = 'habibza.in';   # a convenient default for other settings
# $myhostname = 'host.example.com';  # must be a fully-qualified domain name!

Change to :

$myhostname = 'mx.habibza.in'; # customize with your name

And then restart service amavis.

systemctl restart amavisd

Amavisd listens on 127.0.0.1:10024, we can see with ss command.

[root@mx-2 ~]# ss -lnpt
State    Recv-Q   Send-Q      Local Address:Port        Peer Address:Port   Process
LISTEN   0        128             127.0.0.1:10024            0.0.0.0:*       users:(("/usr/sbin/amavi",pid=1910,fd=8),("/usr/sbin/amavi",pid=1909,fd=8),("/usr/sbin/amavi",pid=1422,fd=8))
LISTEN   0        100             127.0.0.1:10025            0.0.0.0:*       users:(("smtpd",pid=1991,fd=6),("master",pid=1255,fd=103))
LISTEN   0        100               0.0.0.0:587              0.0.0.0:*       users:(("master",pid=1255,fd=20))
LISTEN   0        128               0.0.0.0:2222             0.0.0.0:*       users:(("sshd",pid=814,fd=4))
LISTEN   0        128             127.0.0.1:783              0.0.0.0:*       users:(("spamd child",pid=1429,fd=6),("spamd child",pid=1428,fd=6),("spamd",pid=818,fd=6))
LISTEN   0        100               0.0.0.0:465              0.0.0.0:*       users:(("master",pid=1255,fd=23))
LISTEN   0        100               0.0.0.0:25               0.0.0.0:*       users:(("smtpd",pid=1985,fd=6),("master",pid=1255,fd=16))
LISTEN   0        128                 [::1]:10024               [::]:*       users:(("/usr/sbin/amavi",pid=1910,fd=9),("/usr/sbin/amavi",pid=1909,fd=9),("/usr/sbin/amavi",pid=1422,fd=9))
LISTEN   0        128                  [::]:2222                [::]:*       users:(("sshd",pid=814,fd=6))
LISTEN   0        128                 [::1]:783                 [::]:*       users:(("spamd child",pid=1429,fd=5),("spamd child",pid=1428,fd=5),("spamd",pid=818,fd=5))
Install Amavisd and ClamAV

Integrate Postfix SMTP Server With Amavis

Amavis works as an SMTP proxy. Email is fed to it through SMTP, processed, and fed back to the MTA through a new SMTP connection.

See also  PFDel Script Delete Mail Queue Postfix and Zimbra

Run the following command, which tells Postfix to turn on content filtering by sending every incoming email message to Amavis, which listens on 127.0.0.1:10024.

postconf -e "content_filter = smtp-amavis:[127.0.0.1]:10024"

Also, run the following command. This will delay Postfix connection to content filter until the entire email message has been received, which can prevent content filters from wasting time and resources for slow SMTP clients.

postconf -e "smtpd_proxy_options = speed_adjust"

Then edit the master.cf file.

vim /etc/postfix/master.cf

Add the following lines at the end of the file. This instructs Postfix to use a special SMTP client component called smtp-amavis to deliver email messages to Amavis. Please allow at least one whitespace character (tab or spacebar) before each -o. In postfix configurations, a preceding whitespace character means that this line is continuation of the previous line.

smtp-amavis   unix   -   -   n   -   2   smtp
    -o syslog_name=postfix/amavis
    -o smtp_data_done_timeout=1200
    -o smtp_send_xforward_command=yes
    -o disable_dns_lookups=yes
    -o max_use=20
    -o smtp_tls_security_level=none

Then add the following lines at the end of the file. This tells Postfix to run an additional smtpd daemon listening on 127.0.0.1:10025 to receive email messages back from Amavis.

127.0.0.1:10025   inet   n    -     n     -     -    smtpd
    -o syslog_name=postfix/10025
    -o content_filter=
    -o mynetworks_style=host
    -o mynetworks=127.0.0.0/8
    -o local_recipient_maps=
    -o relay_recipient_maps=
    -o strict_rfc821_envelopes=yes
    -o smtp_tls_security_level=none
    -o smtpd_tls_security_level=none
    -o smtpd_restriction_classes=
    -o smtpd_delay_reject=no
    -o smtpd_client_restrictions=permit_mynetworks,reject
    -o smtpd_helo_restrictions=
    -o smtpd_sender_restrictions=
    -o smtpd_recipient_restrictions=permit_mynetworks,reject
    -o smtpd_end_of_data_restrictions=
    -o smtpd_error_sleep_time=0
    -o smtpd_soft_error_limit=1001
    -o smtpd_hard_error_limit=1000
    -o smtpd_client_connection_count_limit=0
    -o smtpd_client_connection_rate_limit=0
    -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_address_mappings
Install Amavisd and ClamAV
amavisd integrated to postfix

Save and close the file. Restart Postfix for the changes to take effect.

sudo systemctl restart postfix

Integrate Amavis with ClamAV

Now that Postfix can pass incoming emails to Amavis, we need to install the ClamAV virus scanner and integrate it with Amavis, so incoming emails can be scanned by ClamAV.

See also  Amavis Blocking Email with encrypted zip

Install ClamAV on Alma Linux 8/CentOS 8/RHEL 8.

yum install clamav clamav-lib clamav-data clamav-update -y

There will be two systemd services installed by ClamAV:

  • [email protected]: the Clam AntiVirus userspace daemon
  • clamav-freshclam.service: the ClamAV virus database updater

First, start the clamav-freshclam.service.

sudo systemctl start clamav-freshclam.service

Enable auto-start at boot time.

sudo systemctl enable clamav-freshclam.service

Check the status.

systemctl status clamav-freshclam

We can see that freshclam downloaded 3 virus databases. CVD stands for ClamAV Virus Database.

  • daily.cvd
  • main.cvd
  • bytecode.cvd

The clamav-freshclam.service will check ClamAV virus database updates once per hour.

Ok, that is summary simple Install Amavisd and ClamAV. May be usefull.


Let's Buy Me Coffee.

Buy Me a Coffee at ko-fi.com

https://saweria.co/habibzain
https://ko-fi.com/habibzain
habibzain Just husband, father and enthusiastic men about System Administration. Love to write short article about it. Perhaps can help and be useful for others.

Easy Create Laravel Project with Composer

Requirement Laravel, a popular PHP framework, is renowned for its elegant syntax and robust features, making it a top choice for web developers. One...
habibzain
1 min read

Virtualbox Change Storage Size

Changing the storage size of a virtual machine in VirtualBox involves a few steps. Here’s a general guide. Backup your Virtual Machine (VM) Before...
habibzain
35 sec read

Easy Setup Logrotate Nginx Ubuntu

Log rotation is an important aspect of managing log files on a Linux system, including those generated by Nginx. Logrotate is a utility that...
habibzain
1 min read

Leave a Reply

Your email address will not be published. Required fields are marked *

Never miss good article from us, get weekly updates in your inbox