This page is part of the EmailServer article.
This setup is configured to use Amavisd-New.

ClamAV Antivirus

Clam AntiVirus is a totally free -in all senses of the word- antivirus scanner. It is released under the GPL and has seen a lot of activity in the recent past.
Its virus definitions are generally good and new virus definitions can be automatically downloaded several times a day.

ClamAV is available as a ready-made package.

If you prefer to install from source, have a look at my older article on ClamAV.

Edit /etc/clamd.conf and add/modify the following parameters:

All other parameters should be commented out, in particular Example, TCPSocket. and TCPAddess.

Now we need to tell Amavisd-New to enable virus scanning. Edit /etc/amavisd.conf and comment out the following :

Look for the following section in /etc/amavisd.conf and uncomment it:

Automated update of Virus definitions

Edit the /etc/freshclam.conf:

Now create a new crontab -e job to launch the updater:

Now freshclam will check for updates five minutes past every hour.

Note: Make sure that the name of the socket file clamd.socket matches the one used by clamd above!

Testing the AntiVirus

Let's restart our setup to check that everything works fine.

Go to the eicar antivirus test site and download the eicar.com.txt test file.
This file is only a test signature and it should be recognised by all antivirus software as a 'virus' (so you may have to temporarily disable your desktop antivirus for the duration of the test).

Send an email with the eicar.com.txt as an attachment to a test email that you send through the server.
Look at your /var/log/maillog file and you should see something similar to:

Resources

• Clam AntiVirus, a GPL virus scanner

< AmavisdNew | EmailServer | SpamAssassin >