1. Home
  2. Knowledge Base
  3. Installation
  4. Enable Virus scanning on Linux

Enable Virus scanning on Linux

For most linux systems (not Mac/OSX) we recommend CLAMAV as the primary scanner, it’s easy to install on most unix systems and gives a good broad protection.

The settings below are an example, the auto configure button in the web admin virus page should configure surgemail correctly but you must manually install CLAMAV yourself first (See below)

For Mac/OSX use Avast (see instructions below)

CLAMAV Settings.

These will be set in surgemail.ini by the auto config button: (path to clamdscan may vary)
    g_virus_cmd "/bin/clamdscan --stdout --no-summary --remove $FILE$"
    g_virus_cmd_codes "1"
    g_virus_strangers "true"
    g_toscan_path "/toscan" 

INSTALL clamav

Ubuntu:

sudo apt-get install clamav clamav-daemon clamdscan

Fedora:
    sudo yum install clamav clamav-scanner

Enable shell login for user ‘mail’.

usermod –shell /bin/bash mail

Find what group clamd is using:

cd /etc/clamav
root@mail:/etc/clamav# grep Group clamd.conf
LocalSocketGroup clamav
root@mail:/etc/clamav# grep User clamd.conf
User clamav

Add the right group to ‘mail’ group:

usermod -g clamav mail

Start the clamd service

sudo service clamav-daemon start

Create the scanning folder:

mkdir /toscan
chown mail:mail /toscan
chmod 0755 /toscan
touch /toscan/test.txt
chown mail:mail /toscan/test.txt

Test the scanner

/bin/clamdscan /toscan/test.txt

If SELINUX do this:
     setsebool -P antivirus_can_scan_system 1
     setsebool -P antivirus_use_jit 1

Now try the test virus scanner button in surgemail.


If you get this error:  ERROR: Could not lookup : Servname not supported for ai_socktype

Then do this:
         usermod -g clamscan mail
Also check /var/log/messages to see if clamd is running.  And you may need to change the protection/ownership of the socket (it’s path is in clamd.conf) e.g.:

# Find the path that clamd is using:
grep -e User -e Socket /etc/clamd.conf
LocalSocket /var/run/clamd.scan/clamd.sock

# make sure user mail can write to the specified file/directory:
chmod +rx /var/run
chmod +rx /var/run/clamd.scan
chmod +rwx /var/run/clamd.scan/clamd.soc

To test clamav manually do this:

	su mail -g mail  (if su fails, vi /etc/passwd and change the nologin option on account mail to /bin/sh) 
	touch /toscan/test.txt
	/usr/bin/clamdscan --stdout --no-summary --remove /toscan/test.txt

To restart clamav (operating system dependent)

    	/bin/systemctl restart  clamd.service
    

If you get “clamdscan Can’t open file or directory ERROR” on unbuntu, and you’ve already double checked the files are accessable by the user ‘clamav’ then you probably have a problem with apparmor, a hidden extra layer of security that breaks things randomly and gives no information to the user :-),  to fix
add to:

/etc/apparmor.d/local/usr.sbin.clamd

/toscan/** r,
/etc/** r,
/usr/local/surgemail/** r,

Then issue this command:

apparmor_parser -r -K /etc/apparmor.d/usr.sbin.clamd

Centos CLAMD install notes:

In /etc/clamd.d/scan.conf
LogSyslog yes
TCPSocket 3310
TCPAddr 127.0.0.1
User mail

Then use these commands to reload:

systemctl daemon-reload
systemctl start clamd@scan
systemctl status clamd@scan

MAC/OSX Avast Installation

1) Install free version of avast for osx: https://www.avast.com/en-nz/free-mac-security

2) Make sure that in Preferences – Shields:

  •  Web shield is disabled
  •  Mail shield is disabled
  •  FileSystemShield is enabled

In filesystem shield settings you can specify directories to NOT scan. There is no specifying of directories to scan. Add any directories you want to not scan making sure that surgemail’s scanning directory remains scanned. Surgemail uses /tmp/toscan which osx translates to /private/tmp/toscan on recent version of OSX.

Also make sure that:

  • Preferences – Shields – filesystem shield – settings : is set to “Move infected files to chest”
  • Preferences – Popups – warnings : is set to OFF
  • Preferences – Popups – alerts : is set to OFF

3) Enable in surgemail using surgemail.ini:
 g_virus_cmd “scan”
(or “do_not_run” if scan doesn’t work)

Third party scanners for linux

You may wish to use the scanning avast linux scanner, there is an additional license fee for this, use these settings:

    g_virus_cmd “\bin\scan $FILE$”
    g_virus_cmd_codes “1”


Download link: https://www.avast.com/linux-server-antivirus

Was this article helpful?

Related Articles