c382d9
A clamav-milter setup consists of the following three components:
93ac5c
c382d9
* the clamav-milter itself
93ac5c
c382d9
  --> this is provided by the 'clamav-milter' package plus (alternatively)
c382d9
      'clamav-milter-upstart' or 'clamav-milter-sysvinit'
c382d9
c382d9
  The main configuration is in /etc/mail/clamav-milter.conf and MUST
c382d9
  be changed before first use.
c382d9
c382d9
  The -sysvinit package is managed by the traditional tools, but
c382d9
  -upstart requires modification of /etc/event.d/clamav-milter to
c382d9
  enable automatic startup.  See comments there for more details.
c382d9
c382d9
* a clamav scanner daemon
c382d9
c382d9
  --> this package is called 'clamav-scanner' plus (alternatively)
c382d9
      'clamav-scanner-upstart' or 'clamav-scanner-sysvinit'
c382d9
c382d9
  The daemon is configured by /etc/clamd.d/scan.conf (which MUST be
c382d9
  edited before first use).
c382d9
c382d9
  The -sysvinit package is managed by the traditional tools, but
c382d9
  -upstart requires modification of /etc/event.d/clamd.scan to enable
c382d9
  automatic startup.  See comments there for more details.
c382d9
31617f
* the MTA (sendmail/postfix)
c382d9
c382d9
  --> you should know how to install this...
c382d9
c382d9
  When communicating across unix sockets with the clamav-milter, it is
14a7b5
  suggested to use the /var/run/clamav-milter/clamav-milter.socket
14a7b5
  path.  You have to add something like
c382d9
14a7b5
    INPUT_MAIL_FILTER(`clamav', `S=local:/var/run/clamav-milter/clamav-milter.socket, F=, T=S:4m;R:4m')dnl
c382d9
c382d9
  to your sendmail.mc.
c382d9
c382d9
c382d9
c382d9
It is suggested that components communicate through TCP sockets as
c382d9
this eases setup.  Please add corresponding packet filter rules!
14a7b5
14a7b5
14a7b5
EXAMPLE
14a7b5
=======
14a7b5
14a7b5
For clamav-milter, a possible setup might be created by
14a7b5
14a7b5
A)  On the MTA  (assumed hostname 'host-mta')
14a7b5
14a7b5
  1. Add to sendmail.mc
14a7b5
14a7b5
    | INPUT_MAIL_FILTER(`clamav', `S=inet:6666@host-milter, F=, T=S:4m;R:4m')dnl
14a7b5
14a7b5
  2. Rebuild sendmail.cf
14a7b5
14a7b5
14a7b5
B)  On the clamav-milter host (assumed hostname 'host-milter')
14a7b5
14a7b5
  1. Install clamav-milter + clamav-milter-upstart packages
14a7b5
14a7b5
  2. Set in /etc/mail/clamav-milter.conf
14a7b5
14a7b5
    | MilterSocket	inet:6666
14a7b5
    | ClamdSocket	tcp:host-scanner:6665
14a7b5
14a7b5
     and all the other options which are required on your system
14a7b5
17f763
  3. Edit /etc/event.d/clamav-milter and uncomment the
14a7b5
14a7b5
    | start on starting local
14a7b5
17f763
     line. Restart your system or execute
14a7b5
14a7b5
    | initctl emit starting local
14a7b5
14a7b5
  4. Add something like
14a7b5
14a7b5
    | iptables -N IN-cmilt
14a7b5
    | iptables -A IN-cmilt -s host-mta -j ACCEPT
14a7b5
    | iptables -A IN-cmilt -j DROP
14a7b5
14a7b5
    | iptables -A INPUT -p tcp --dport 6666 -j IN-cmilt
14a7b5
14a7b5
     to your firewall setup
14a7b5
14a7b5
C)  On the clamav-scanner host (assumed hostname 'host-scanner')
14a7b5
14a7b5
  1. Install clamav-scanner + clamav-scanner-upstart packages
14a7b5
14a7b5
  2. Add to /etc/clamd.d/scan.conf
14a7b5
14a7b5
    | TCPSocket 6665
14a7b5
    | TCPAddr   host-scanner
14a7b5
14a7b5
     comment out possible 'LocalSocket' lines and set all the other
14a7b5
     options which are required on your system
14a7b5
17f763
  3. Edit /etc/event.d/clamav-scanner and uncomment the
14a7b5
14a7b5
    | start on starting local
14a7b5
17f763
     line. Restart your system or execute
14a7b5
14a7b5
    | initctl emit starting local
14a7b5
14a7b5
  4. Add something like
14a7b5
14a7b5
    | iptables -N IN-cscan
14a7b5
    | iptables -A IN-cscan -s host-milter -j ACCEPT
14a7b5
    | iptables -A IN-cscan -j DROP
14a7b5
14a7b5
    | iptables -A INPUT -p tcp --dport 6665 -j IN-csan
14a7b5
14a7b5
     to your firewall setup