Apache Log Files Explained Published: Feb 24, 2004
  • Rating

    4/5

Setting up an antivirus scanner, DrWeb, on Cpanel servers.

This document is a straightforward step-by-step instruction on how to install DrWEB antivirus on Linux server running CPanel.

I. Doing backups

Following files are need to be saved:
/etc/exim.conf

/etc/antivirus.exim or

system_filter.exim>


II. Installing DrWEB


First, download DrWEB antivirus RPM package from here
http://www.sald.com/get.html

Install it using rpm -Uvh command. For example, for glibc 2.3 use
# rpm -Uvh ftp://ftp.drweb.ru/pub/unix/drweb-4.30-glibc.2.3.i586.rpm

Start drweb daemon using command
# /opt/drweb/drwebd start

Now lets take care about automatic antivirus databases updates.
Add the following cron job:
00 12 * * * /opt/drweb/update/update.pl


III. Installing and configuring DrWEB-Exim


Download drweb-exim from http://www.sald.com/get.html

Untar tgz archive.
For example,
tar xzvf drweb-exim-4.29.12-F-linux.tar.gz

Now we need to copy drweb-exim files to proper directories.

# cp -r drweb-exim/etc/drweb/* /etc/drweb/
# cp -r drweb-exim/opt/drweb/doc/* /opt/drweb/doc/
# cp -r drweb-exim/opt/drweb/drweb-* /opt/drweb/



Edit /etc/drweb/drweb_exim.conf

Change

AdminMail = postmaster>
to

AdminMail = [email protected]>

Lets test how it works so far:
# /opt/drweb/drweb-exim --check_only --check_user=drweb
All tests should be "passed".


IV. Configuring Exim

We need to make changes in two files to make drweb and exim work together.
First, edit /etc/exim.conf
Black are lines which we will need to add.


###### begin exim.conf ########

[skipped]>

###########################
# Runtime configuration file for Exim #
###########################

trusted_users = drweb
trusted_groups = drweb

[skipped]


#!!# message_filter renamed system_filter
system_filter = /etc/antivirus.exim
message_body_visible = 5000

>system_filter_pipe_transport = filter_pipe
system_filter_reply_transport = address_reply

[skipped]

###########################
# TRANSPORTS CONFIGURATION #
########################### ORDER DOES NOT MATTER #
# Only one appropriate transport is called for each delivery. #
############################ A transport is used only when referenced from a director or a router that
# successfully handles an address.

# This transport is used for delivering messages over SMTP connections.

begin transports

filter_pipe:
driver = pipe
user = drweb
group = mail
return_fail_output

>

###### end exim.conf ########>


CPanel comes with /etc/antivirus.exim filter file.
In clean Exim install it is called system_filter.exim

Add the following at the end of the file:

###### begin antivirus.exim #######>>

# to prevent from mail loop, skip already scanned message
if $received_protocol is "drweb-scanned"
then
finish
endif


>pipe "/opt/drweb/drweb-exim -f $sender_address -- $recipients"


>>finish



###### end antivirus.exim ########>>


V. Restart Exim and test virus checking

Thats it with configuration.
Now restart exim:
# /etc/rc.d/init.d/exim restart
and test your email delivery.
If email is not going through, inspect /var/logs/exim_mainlog and /var/logs/exim_paniclog

Now take one of those ugly MyDoom worms, attach it to your email message and send it to yourself.

Hostdad.com - humam-driven web hosting services
Author: Alex Kovalyov [[email protected]]

  • Rating

    4/5

Related Articles

Comments (7)

  • Gravatar - Manish
    Manish 09:34, May 28, 2005
    Hi,<br />
    i m fasing some problem in my apache server..there is some unwanted access is showing in my access_log file how can i stop that..<br />
    <br />
    Thanx<br />
    <br />
    Manish Popli
  • Gravatar - Jas Singh
    Jas Singh 04:46, August 9, 2005
    Setup Directory directive in the httpd.conf. And restrict access based on IP address, username, etc.
  • Gravatar - rivertroll
    rivertroll 22:02, April 17, 2008
    Better read a tutorial on .htaccess best ip restriction ever :)
  • Gravatar - veremchook
    veremchook 07:28, May 21, 2008
    The article is ok but not putting a date of creation/last modification next to it is simply a crime :)
  • Gravatar - apacheusr
    apacheusr 17:04, February 5, 2009
    Any thoughts on centralized logging for a large apache 2 server farm? Over 20 nodes with several thousand vhosts.
  • Gravatar - Walter
    Walter 23:37, March 2, 2010
    <br />
    I'm trying to get it so my site www.americalaidoff.com doesn't reveal referer.<br />
    <br />
    Is that possible?
  • Gravatar - Jimmy
    Jimmy 22:07, April 2, 2011
    Hello Mr. Expert,

    When are going to write up a follow up article on this post... is it going to be anytime soon? :)


    _______
    "We run an Auto Parts directory about <a href="http://www.247-parts.com">Honda Parts</a>" ...
    ( http://www.247-Parts.com )

Add Your Thoughts

WebHostGear.com is a hosting directory, not a web host.

Copyright © 1998-2021 WebHostGear.com