Add antivirus to Postfix with ClamAV

Jack Wallen
Oct 25, 2009
Updated • Nov 28, 2012
Network
|
6

By now you have your Postfix mail server up and running (see "Install Postfix for reliable email delievery"). You even have relaying working (see "Mail relaying made simple with Postfix"). But one of the most important features you can add to a mail server is an system to prevent viruses from being passed to users. Naturally, the Linux fan will say "But Linux isn't affected by viruses!". Although that may, for the most part, be true, this is a mail SERVER which could be serving up mail to Windows users. And Windows machines ARE effected by viruses. To that end, anti-virus measures are a necessity on a Linux email server.

One of the best anti-virus systems for a Postfix server is ClamAV. This anti-virus tool kit is open sourced and can be used on all UNIX-like operating systems. It's easy to install and effective. In this article we will be following our series started way back in the Installing Ubuntu Server 9.04 article. Of course we will be installing ClamAV on a Ubuntu server running LAMP and Postfix. With that in mind, let's get busy!

Installation

The first thing to take care of is the installation of ClamAV. There are a number of tools you will need to install. Open up a terminal window and issue the command:

sudo apt-get install clamav clamav-freshclam clamsmtp

The above command should also pick up all of the necessary dependencies. The installation will also start the clamav daemon. You will restart that momentarily

Configuration

Once installed you have some configurations to take care of. There are three files you are going to have to edit:

  • /etc/clamsmtpd.conf
  • /etc/postfix/main.cf
  • /etc/postfix/master.cf

The first file to configure is the clamsmtpd.conf file. The configuration in this file is simple. Look for the lines:

OutAddress: 10025

127.0.0.1:10026

Change them to:

OutAddress: 10026

127.0.0.1:10025

That's it for the clamsmtpd.conf file. Now let's move on to the heavier configurations.

Open up the /etc/postfix/main.cf file. Scroll down to the bottom of this file and add the following:

content_filter = scan:127.0.0.1:10025

receive_override_options = no_address_mappings

Save that file and now move on over to the /etc/postfix/master.cf file. Again, scroll down to the bottom of this file and add the following:

# AV scan filter (used by content_filter)
scan unix - - n - 16 smtp
-o smtp_send_xforward_command=yes
# For injecting mail back into postfix from the filter
127.0.0.1:10026 inet n - n - 16 smtpd
-o content_filter=
-o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
-o smtpd_helo_restrictions=
-o smtpd_client_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks_style=host
-o smtpd_authorized_xforward_hosts=127.0.0.0/8

Save that file.

Restarting

The first thing you need to do is restart Postfix with the command:

sudo /etc/init.d/postfix restart

Once that has restarted you need to restart clamsmtpd with the command:

sudo /etc/init.d/clamsmtpd restart

Now, if nothing has gone horribly wrong, you should have a virus protected Postfix mail server.

Updating signatures

You should never go without updating your virus signatures. This is critical for keeping your mail server virus-free as new viruses are created or old viruses mutate. Fortunately ClamAV has its own tool for this. You will need to go back to that terminal window and issue the command:

sudo freshclam

Which will update the signatures.

You might even add the freshclam command into the root users crontab for regular signature updates.

Final thoughts

Your Postfix mail server is getting better and stronger each day. Adding anti-virus is a critical step in the grand scheme of Postfix things. In our next addition to the Postfix series, we will add Spamassassin for anti-spam measures.

Advertisement

Previous Post: «
Next Post: «

Comments

  1. Jack Wallen said on October 26, 2009 at 2:54 pm
    Reply

    @Antony: This is for a mail server, not a desktop. As we all know, there are plenty of Windows desktop anti-virus tools. But there is ClamWin if you’re curious.

    1. Antony said on October 27, 2009 at 2:02 am
      Reply

      Thanks, I do already use ClamWin as an emergency tool, you know it doesn’t detect in real time.
      So the only choice I’ve is an antivirus?
      I was looking for something that could block or filter unwanted “rubbish” coming into my e-mail box.

  2. Antony said on October 26, 2009 at 10:53 am
    Reply

    There isn’t any tool like this that can work on Windows desktop?

  3. trungkiensmile said on October 26, 2009 at 6:12 am
    Reply

    Thank you for this post. I have been trying to set up a simple email server for internal use.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.