Categories:
Printer Friendly
Send to a friend
This document is a straightforward step-by-step instruction on how to install DrWEB antivirus on Linux server running CPanel.
I. Doing backups
Following files are need to be saved:
/etc/exim.conf
/etc/antivirus.exim or
system_filter.exim>
II. Installing DrWEB
First, download DrWEB antivirus RPM package from here
http://www.sald.com/get.html
Install it using rpm -Uvh command. For example, for glibc 2.3 use
# rpm -Uvh ftp://ftp.drweb.ru/pub/unix/drweb-4.30-glibc.2.3.i586.rpm
Start drweb daemon using command
# /opt/drweb/drwebd start
Now lets take care about automatic antivirus databases updates.
Add the following cron job:
00 12 * * * /opt/drweb/update/update.pl
III. Installing and configuring DrWEB-Exim
Download drweb-exim from http://www.sald.com/get.html
Untar tgz archive.
For example,
tar xzvf drweb-exim-4.29.12-F-linux.tar.gz
Now we need to copy drweb-exim files to proper directories.
# cp -r drweb-exim/etc/drweb/* /etc/drweb/
# cp -r drweb-exim/opt/drweb/doc/* /opt/drweb/doc/
# cp -r drweb-exim/opt/drweb/drweb-* /opt/drweb/
Edit /etc/drweb/drweb_exim.conf
Change
AdminMail = postmaster>
to
AdminMail = you@yourdomain.com>
Lets test how it works so far:
# /opt/drweb/drweb-exim --check_only --check_user=drweb
All tests should be "passed".
IV. Configuring Exim
We need to make changes in two files to make drweb and exim work together.
First, edit /etc/exim.conf
Black are lines which we will need to add.
###### begin exim.conf ########
[skipped]>
###########################
# Runtime configuration file for Exim #
###########################
trusted_users = drweb
trusted_groups = drweb
[skipped]
#!!# message_filter renamed system_filter
system_filter = /etc/antivirus.exim
message_body_visible = 5000
>system_filter_pipe_transport = filter_pipe
system_filter_reply_transport = address_reply
[skipped]
###########################
# TRANSPORTS CONFIGURATION #
########################### ORDER DOES NOT MATTER #
# Only one appropriate transport is called for each delivery. #
############################ A transport is used only when referenced from a director or a router that
# successfully handles an address.
# This transport is used for delivering messages over SMTP connections.
begin transports
filter_pipe:
driver = pipe
user = drweb
group = mail
return_fail_output
>
###### end exim.conf ########>
CPanel comes with /etc/antivirus.exim filter file.
In clean Exim install it is called system_filter.exim
Add the following at the end of the file:
###### begin antivirus.exim #######>>
# to prevent from mail loop, skip already scanned message
if $received_protocol is "drweb-scanned"
then
finish
endif
>pipe "/opt/drweb/drweb-exim -f $sender_address -- $recipients"
>>finish
###### end antivirus.exim ########>>
V. Restart Exim and test virus checking
Thats it with configuration.
Now restart exim:
# /etc/rc.d/init.d/exim restart
and test your email delivery.
If email is not going through, inspect /var/logs/exim_mainlog and /var/logs/exim_paniclog
Now take one of those ugly MyDoom worms, attach it to your email message and send it to yourself.
Hostdad.com - humam-driven web hosting services
Author: Alex Kovalyov [ak@hostdad.com]
great !!