SimScanTips

From Qmailwiki
Revision as of 01:33, 4 August 2007 by Jms1 (Talk | contribs)
Jump to: navigation, search

Contents

Is there a mailing list archive?

Theres a list-archive for simscan at http://dir.gmane.org/gmane.mail.qmail.simscan

I enabled the received line features, but it only shows "scanners: none" in the received line, although the message is scanned

You have to run

simscanmk -g

first, to initialize the version database. See also the next question.

What is the best practice to update simversions.cdb?

I run it from cron (as root) every hour (together with update_trend). It may miss a clam update, but that's acceptable for me.

Or you could make a sudo entry for the clam user and run sudo /var/qmail/bin/simscanmk -g a nice solution too :)

This web page has a program called "update-simscan", which is a simple compiled C wrapper which runs "/var/qmail/bin/simscanmk -g" as root. You can compile the source and make the resulting binary "setuid", so that no matter what userid starts it, it always runs as root. You can then configure ClamAV's "freshclam" program, which automatically downloads virus definition updates, to run this binary, thereby updating the version numbers in the database. (Disclaimer: yes, I wrote the program and the web page that the link points to. -jms1)

Simscan permissions

One way to make simscan work is to make /var/qmail/simscan owned by the same group as which qmail-smtpd runs. So if you have qmail-smtpd working with vpopmail user because you have vchkusr patch, you should make /var/qmail/simscan owned by the "vchkpw" group.

An easier and more generic approach is to make /var/qmail/simscan have the "simscan" group, and have the "group sticky" bit set on the directory. This will force any files created within the directory to have "simscan" as their group ID.

# chown simscan:simscan /var/qmail/simscan
# chmod 2750 /var/qmail/simscan
  - or -
# chmod u=rwx,g=srx,o= /var/qmail/simscan

In addition, the "umask" setting affects the files being created. If you normally use "umask 077", make sure set a umask which allows the files to be created with group-read privileges. In simpler terms, add "umask 027" to the "run" script for your SMTP service (or shell session, if you are using qmail-inject to test simscan.)

Otherwise, clamd won't have group-read privileges to the files created by simscan, and the only notice you will have that this happened will be the message "simscan: fatal error executing clamdscan"... and even that only if the SIMSCAN_DEBUG variable has a value higher than zero.

This web page has a better explanation of the umask issue. (Disclaimer: yes, I wrote the web page that the link is pointing to. -jms1)

Simscan debugging

The easiest way to debug Simscan is on the command line. Run it like this:

QMAILQUEUE=/path/to/simscan SIMSCAN_DEBUG=2 NOP0FCHECK=1 qmail-inject somercpt@somedomain < a-mail.txt

In fact, I'd recommend testing simscan like this before enabling it on smtp level. It's way easier (and safer ;) ) to debug it this way first.

Does someone have a list of file extensions that everybody should block?

Yes. Bellow is a list of files that rarely will be used for working reasons. If your goal is, beside protecting users from viruses, to prevent them of having fun during working hours, you should block all these files. But before you just cut and paste this list straight to your ssattach file, check if none of the extensions bellow could be necessary to your customers.

.ade
.adp
.app
.asd
.asf
.asp
.asx
.avi
.bas
.bat
.bin
.chm
.cil
.cla
.class
.cmd
.com
.cpl
.crt
.csh
.css
.dll
.dot
.email
.eml
.exe
.fxp
.hlp
.hta
.htm
.html
.inf
.ins
.isp
.js
.jse
.ksh
.lnk
.mda
.mdb
.mde
.mdt
.mdw
.mdz
.mov
.mp3
.mpe
.mpeg
.mpg
.msc
.msi
.msp
.mst
.nws
.ocx
.ops
.pcd
.pif
.pl
.pm
.pot
.pps
.prf
.prg
.ps
.rar
.reg
.scf
.scr
.sct
.shb
.shm
.shs
.url
.vb
.vbe
.vbs
.vxd
.wav
.wmd
.wmf
.wms
.wmz
.wsc
.wsf
.wsh
.wsz
.xsl
.xlt
.xlw
Personal tools