ClamAV

First get this installed

apt-get install clamav clamav-testfiles

Update using:

freshclam

test using:

clamscan --infected --recursive /usr/share/clamav-testfiles/

To get it to go:

clamscan --infected --remove --recursive /usr/share/clamav-testfiles/

From [1]

Amavis

Then we install Amavis, which sends mail from postfix to clamav and spamassassin and then into procmail after scanning

 
aptitude -y install clamav-daemon amavisd-new spamassassin

Also install the suggested unzip packages

vi /etc/default/spamassassin

line 8: turn '1' if you use spam filter

ENABLED=1

cp /usr/share/doc/amavisd-new/examples/amavisd.conf-sample.gz /etc/amavis/ 
gunzip /etc/amavis/amavisd.conf-sample.gz 
mv /etc/amavis/amavisd.conf-sample /etc/amavis/amavisd.conf 
vi /etc/amavis/amavisd.conf 

line 66: uncomment $MYHOME = '/var/lib/amavis'; line 71: specify domain name

$mydomain = 'tripany.com';

line 73: uncomment and specify hostname

$myhostname = 'imap.tripany.com';

line 77,78: change $daemon_user = 'amavis'; $daemon_group = 'amavis';

line 62: make it comment (not notify if virus would detect )

 
#$virus_admin = "virusalert\@$mydomain";

line 1934: uncomment and add the .ctl behind /var/run/clamav/clamd.ctl

 ['ClamAV-clamd',
  \&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd.ctl"],
  qr/\bOK$/m, qr/\bFOUND$/m,
  qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ],

vi /etc/amavis/conf.d/15-content_filter_mode

line 13: uncomment

@bypass_virus_checks_maps = (
  \%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re);

line 24: uncomment ( if you use spam filter )

@bypass_spam_checks_maps = (
  \%bypass_spam_checks, \@bypass_spam_checks_acl, \$bypass_spam_checks_re);

vi /etc/postfix/main.cf add at the last line

content_filter=smtp-amavis:[127.0.0.1]:10024 vi /etc/postfix/master.cf

add at the last line

smtp-amavis unix -       -       n      -     2  smtp
      -o smtp_data_done_timeout=1200
      -o smtp_send_xforward_command=yes
      -o disable_dns_lookups=yes
127.0.0.1:10025 inet n     -     n     -     -  smtpd
     -o content_filter=
     -o smtpd_delay_reject=no
     -o smtpd_client_restrictions=permit_mynetworks,reject
     -o smtpd_helo_restrictions=
     -o smtpd_sender_restrictions=
     -o smtpd_recipient_restrictions=permit_mynetworks,reject
     -o smtpd_data_restrictions=reject_unauth_pipelining
     -o smtpd_end_of_data_restrictions=
     -o smtpd_restriction_classes=
     -o mynetworks=127.0.0.0/8
     -o smtpd_error_sleep_time=0
     -o smtpd_soft_error_limit=1001
     -o smtpd_hard_error_limit=1000
     -o smtpd_client_connection_count_limit=0
     -o smtpd_client_connection_rate_limit=0
     -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters
     -o local_header_rewrite_clients=
     -o smtpd_milters=
     -o local_recipient_maps=
     -o relay_recipient_maps=

If you don't have it yet, then:

touch /etc/mailname

 
chmod -R 775 /var/lib/amavis/tmp usermod -G amavis clamav 

/etc/init.d/clamav-daemon restart 
/etc/init.d/spamassassin start 
/etc/init.d/postfix restart 
/etc/init.d/amavis restart

More info in /usr/share/doc/amavisd-new

Spamassassin settings

Amavis overrides some spamassassing settings, such as:

$sa_local_tests_only = 0;
$sa_mail_body_size_limit = 400*1024;
$sa_tag_level_deflt  = 2.0;

and more

Tuning

You can set a higher number of servers in /etc/amavis/amavisd.conf $max_servers setting. This number has to be the same as the maxproc column in /etc/postfix/master.cf, ie:

smtp-amavis unix - - n - 2 smtp

where the 2 = $max_servers. The number in master.cf should definitely not be higher than $max_servers.

Testing

Check if amavis is up:

netstat -nap | grep 10024

See what amavisd-new is doing:

amavisd-nanny

Now your messages should have an X-header line saying it was scanned by Amavis