This HowTo is designed to provide the simplest solution for virus scanning to a BlueQuartz box. However this will also work on any box running Redhat Enterprise Linux 4 or CentOS 4
Note this uses a MILTER to scan for viruses and assumption is that you are not running any other MILTERS. If you are you will need to be smart enough to know how to modify the following instructions.
Assuming you dont have DAG or RPMFORGE installed which a basic box does not you will want to install the RPMFORGE repository so that you can easily install CLAMAV.
Install RPMFORGE
rpm -Uhv http://apt.sw.be/redhat/el4/en/i386/rpmforge/RPMS/rpmforge-release-0.3.6-1.el4.rf.i386.rpm
Edit rpmforge.repo
This is a safety step to ensure that you do not accidently update any of the following modules. Note however when we are done we will be disabling RPMFORGE as a secondary measure. Otherwise you could end updating modules specific to BlueQuartz that could cause issues.
nano -w /etc/yum.repos.d/rpmforge.repo
Add the following line to your config
exclude=yum*,centos-yumconf*,httpd*,mod_ssl*,sendmail*,procmail*,imap*,nss_db*,pam*,pwdb*,webalizer*,sysklogd*,proftpd*
Should look something like the following. Save the file once completed.
# Name: RPMforge RPM Repository for Red Hat Enterprise 4 - dag
# URL:
http://rpmforge.net/[rpmforge]
name = Red Hat Enterprise $releasever - RPMforge.net - dag
#baseurl =
http://apt.sw.be/redhat/el4/en/$basearch/dagmirrorlist =
http://apt.sw.be/redhat/el4/en/mirrors-rpmforge#mirrorlist =
file:///etc/yum.repos.d/mirrors-rpmforgeenabled = 1
protect = 0
gpgkey =
file:///etc/pki/rpm-gpg/RPM-GPG-KEY-rpmforge-daggpgcheck = 1
exclude=yum*,centos-yumconf*,httpd*,mod_ssl*,sendmail*,procmail*,imap*,nss_db*,pam*,pwdb*,webalizer*,sysklogd*,proftpd*Install ClamAV, ClamAV-Devel and ClamAV-Milter
yum install clamav clamav-devel clamav-milter
This will display that it wants to include other needed packages. Says y to the prompt and it will download and install the packages.
Disable rpmforge
mv /etc/yum.repos.d/rpmforge.repo /etc/yum.repos.d/rpmforge.repo.bak
This will prevent this repository from being used in regular system updates. If you ever want to use the repository to install other modules you can simply copy it back to .repo and remove the .bak from the name.
Backup sendmail configuration
cp /etc/mail/sendmail.cf /etc/mail/sendmail.cf.bak
cp /etc/mail/sendmail.mc /etc/mail/sendmail.mc.bak
Edit sendmail.mc to include milter
nano -w /etc/mail/sendmail.mc
Add mail filter lines to sendmail.mc just above confCACERT
INPUT_MAIL_FILTER(`clmilter',`S=local:/var/clamav/clmilter.socket,T=S:4m;R:4m')dnl
define(`confINPUT_MAIL_FILTERS',`clmilter')dnl
Example sendmail.mc modification
TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
dnl #
dnl # Rudimentary information on creating certificates for sendmail TLS:
dnl # make -C /usr/share/ssl/certs usage
dnl #
INPUT_MAIL_FILTER(`clmilter',`S=local:/var/clamav/clmilter.socket,T=S:4m;R:4m')dnl
define(`confINPUT_MAIL_FILTERS',`clmilter')dnl
dnl #
define(`confCACERT_PATH',`/usr/share/ssl/certs')
define(`confCACERT',`/usr/share/ssl/certs/ca-bundle.crt')
define(`confSERVER_CERT',`/usr/share/ssl/certs/sendmail.pem')
define(`confSERVER_KEY',`/usr/share/ssl/certs/sendmail.pem')
dnl #
dnl # This allows sendmail to use a keyfile that is shared with OpenLDAP's
dnl # slapd, which requires the file to be readble by group ldap
dnl #
dnl define(`confDONT_BLAME_SENDMAIL',`groupreadablekeyfile')dnl
Save changes to file and update sendmail.cf
cd /etc/mail/
make
The installation is now complete. You can either reboot your machine or issue these commands.
service clamd restart
service clamav-milter restart
service sendmail restart
Verify installation is working
tail -f /var/log/maillog
send an email to the system in question
You should see a message like the following
Jun 1 14:04:16 sandbox sendmail[4600]: m51L409D004600:
mailto:from=jscott@domain.com, size=11, class=0, nrcpts=1, msgid=<
mailto:200806012104.m51L409D004600@sandbox2.10tohost.com>, proto=SMTP, daemon=MTA, relay=192-168-105-5.domain.com [192.168.105.5] (may be forged)
Jun 1 14:04:17 sandbox sendmail[4600]: m51L409D004600: Milter add: header: X-Virus-Scanned: ClamAV version 0.93, clamav-milter version 0.93 on sandbox.domain.com
Jun 1 14:04:17 sandbox sendmail[4600]: m51L409D004600: Milter add: header: X-Virus-Status: Clean
Jun 1 14:04:17 sandbox sendmail[4604]: m51L409D004600: to=admin, delay=00:00:04, xdelay=00:00:00, mailer=local, pri=30479, dsn=2.0.0, stat=Sent
Other logs to take a look at:
Clamd Logs: /var/log/clamav/clamd.log
Freshclam Logs: /var/log/clamav/freshclam.log