From Qmailwiki
Revision as of 08:14, 6 March 2010 by Phildriscoll (Talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search


Is there a mailing list archive?

Theres a list-archive for simscan at

I enabled the received line features, but it only shows "scanners: none" in the received line, although the message is scanned

You have to run

simscanmk -g

first, to initialize the version database. See also the next question.

What is the best practice to update simversions.cdb?

I run it from cron (as root) every hour (together with update_trend). It may miss a clam update, but that's acceptable for me.

Or you could make a sudo entry for the clam user and run sudo /var/qmail/bin/simscanmk -g a nice solution too :)

This web page has a program called "update-simscan", which is a simple compiled C wrapper which runs "/var/qmail/bin/simscanmk -g" as root. You can compile the source and make the resulting binary "setuid", so that no matter what userid starts it, it always runs as root. You can then configure ClamAV's "freshclam" program, which automatically downloads virus definition updates, to run this binary, thereby updating the version numbers in the database. (Disclaimer: yes, I wrote the program and the web page that the link points to. -jms1)

Simscan permissions

One way to make simscan work is to make /var/qmail/simscan owned by the same group as which qmail-smtpd runs. So if you have qmail-smtpd working with vpopmail user because you have vchkusr patch, you should make /var/qmail/simscan owned by the "vchkpw" group.

An easier and more generic approach is to make /var/qmail/simscan have the "simscan" group, and have the "group sticky" bit set on the directory. This will force any files created within the directory to have "simscan" as their group ID.

# chown simscan:simscan /var/qmail/simscan
# chmod 2750 /var/qmail/simscan
  - or -
# chmod u=rwx,g=srx,o= /var/qmail/simscan

In addition, the "umask" setting affects the files being created. If you normally use "umask 077", make sure set a umask which allows the files to be created with group-read privileges. In simpler terms, add "umask 027" to the "run" script for your SMTP service (or shell session, if you are using qmail-inject to test simscan.)

Otherwise, clamd won't have group-read privileges to the files created by simscan, and the only notice you will have that this happened will be the message "simscan: fatal error executing clamdscan"... and even that only if the SIMSCAN_DEBUG variable has a value higher than zero.

This web page has a better explanation of the umask issue. (Disclaimer: yes, I wrote the web page that the link is pointing to. -jms1)

Users of Ubuntu 8.04LTS may have problems following an upgrade to ClamAV 0.95.3. A new apparmor profile prevents clamd from accessing the temporary files in /var/qmail/simscan You may see error messages in your qmail-smtpd logfile which look something like:

simscan: clamdscan: /var/qmail/simscan/ lstat() failed: Permission denied. ERROR

To fix the problem, edit /etc/apparmor.d/usr.sbin.clamd and insert the line

/var/qmail/simscan/** r,

after the other file permissions. Finally, reload the apparmor profiles with

sudo invoke-rc.d apparmor reload

Simscan debugging

The easiest way to debug Simscan is on the command line. Run it like this:

QMAILQUEUE=/path/to/simscan SIMSCAN_DEBUG=2 NOP0FCHECK=1 qmail-inject somercpt@somedomain < a-mail.txt

In fact, I'd recommend testing simscan like this before enabling it on smtp level. It's way easier (and safer ;) ) to debug it this way first.

Does someone have a list of file extensions that everybody should block?

Yes. Bellow is a list of files that rarely will be used for working reasons. If your goal is, beside protecting users from viruses, to prevent them of having fun during working hours, you should block all these files. But before you just cut and paste this list straight to your ssattach file, check if none of the extensions bellow could be necessary to your customers.

Personal tools