Chapter 3. Setup

This document assumes that you already have Postfix successfully sending and retrieving mail. If not then refer to SELinux Quick Start Guide section 6.6 Setting up a Mail Server .

3.1. ClamAV

The first component of mail filtering that we will look at is the virus scanner ClamAV. The "clamd" daemon will not start until virus identities are downloaded for the first time. You will need to do this manually once. After that the virus identities will be downloaded via the cron service once every three hours. The actual file that defines this is /etc/cron.d/clamav_update. To download manually you will have to change your uid to the "vscan" user and then run the program "freshclam".

    [root@salle1 tmp]# su - vscan
    [vscan@salle1 ~]$
    [vscan@salle1 tmp]# freshclam
    ClamAV update process started at Thu Jan 19 13:28:35 2006
    Downloading main.cvd [*]
    main.cvd updated (version: 35, sigs: 41649, f-level: 6, builder: tkojm)
    Downloading daily.cvd [*]
    daily.cvd updated (version: 1245, sigs: 843, f-level: 6, builder: sven)
    Database updated (42492 signatures) from (IP:
    ERROR: Clamd was NOT notified: Can't find or parse configuration file /etc/clamd.conf
    [vscan@salle1 tmp]#
    [vscan@salle1 ~]$ ls -l /usr/share/clamav 
    total 2800
    -rw-r--r--  1 vscan vscan   97597 Jan 19 13:35 daily.cvd
    -rw-r--r--  1 vscan root  2750061 Jan 19 13:33 main.cvd
    [vscan@salle1 ~]$ 

As you can see from the listing of /usr/share/clamav there are two files (the ones that have just been downloaded from freshclam) that makeup the virus identity database. The reported ERROR is OK. Clamd couldn't be notified of the download because it wasn't running but now that there is virus data clamd can now be started. You will need to change your uid back to the "root" user by typing in exit and then you can start clamd. Follow this with a process listing to verify that clamd is running.

    [vscan@salle1 ~]$ exit
    [root@salle1 tmp]# /etc/init.d/clamd start
    [ SUCCESSFUL ] Starting clamd
    [root@salle1 tmp]#
    [root@salle1 tmp]# ps auxwwww| grep clamd
    vscan     2571  0.0  3.7  10912  9440 ?        Ss   13:45   0:00 /usr/sbin/clamd
    root      2575  0.0  0.2   1800   552 ttyp2    R+   13:48   0:00 grep clamd
    [root@salle1 tmp]#