rpms/clamav/devel README.fedora,1.3,1.4
ensc
ensc at fedoraproject.org
Sat Aug 1 09:44:43 UTC 2009
Author: ensc
Update of /cvs/extras/rpms/clamav/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv1526
Modified Files:
README.fedora
Log Message:
fixed inconsistencies
added EXAMPLE section for milter setup
Index: README.fedora
===================================================================
RCS file: /cvs/extras/rpms/clamav/devel/README.fedora,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -p -r1.3 -r1.4
--- README.fedora 8 Mar 2009 14:49:39 -0000 1.3
+++ README.fedora 1 Aug 2009 09:44:42 -0000 1.4
@@ -29,10 +29,10 @@ A clamav-milter setup consists of the fo
--> you should know how to install this...
When communicating across unix sockets with the clamav-milter, it is
- suggested to use the /var/run/clamav-milter/clamav.sock path. You
- have to add something like
+ suggested to use the /var/run/clamav-milter/clamav-milter.socket
+ path. You have to add something like
- INPUT_MAIL_FILTER(`clamav', `S=local:/var/run/clamav-milter/clamav.sock, F=, T=S:4m;R:4m')dnl
+ INPUT_MAIL_FILTER(`clamav', `S=local:/var/run/clamav-milter/clamav-milter.socket, F=, T=S:4m;R:4m')dnl
to your sendmail.mc.
@@ -40,3 +40,79 @@ A clamav-milter setup consists of the fo
It is suggested that components communicate through TCP sockets as
this eases setup. Please add corresponding packet filter rules!
+
+
+EXAMPLE
+=======
+
+For clamav-milter, a possible setup might be created by
+
+A) On the MTA (assumed hostname 'host-mta')
+
+ 1. Add to sendmail.mc
+
+ | INPUT_MAIL_FILTER(`clamav', `S=inet:6666 at host-milter, F=, T=S:4m;R:4m')dnl
+
+ 2. Rebuild sendmail.cf
+
+
+B) On the clamav-milter host (assumed hostname 'host-milter')
+
+ 1. Install clamav-milter + clamav-milter-upstart packages
+
+ 2. Set in /etc/mail/clamav-milter.conf
+
+ | MilterSocket inet:6666
+ | ClamdSocket tcp:host-scanner:6665
+
+ and all the other options which are required on your system
+
+ 3. Edit /etc/event.d/clamav-milter and uncomment the both
+
+ | start on starting\ local
+ | start on starting local
+
+ lines. Restart your system or execute
+
+ | initctl emit starting local
+
+ 4. Add something like
+
+ | iptables -N IN-cmilt
+ | iptables -A IN-cmilt -s host-mta -j ACCEPT
+ | iptables -A IN-cmilt -j DROP
+
+ | iptables -A INPUT -p tcp --dport 6666 -j IN-cmilt
+
+ to your firewall setup
+
+C) On the clamav-scanner host (assumed hostname 'host-scanner')
+
+ 1. Install clamav-scanner + clamav-scanner-upstart packages
+
+ 2. Add to /etc/clamd.d/scan.conf
+
+ | TCPSocket 6665
+ | TCPAddr host-scanner
+
+ comment out possible 'LocalSocket' lines and set all the other
+ options which are required on your system
+
+ 3. Edit /etc/event.d/clamav-scanner and uncomment the both
+
+ | start on starting\ local
+ | start on starting local
+
+ lines. Restart your system or execute
+
+ | initctl emit starting local
+
+ 4. Add something like
+
+ | iptables -N IN-cscan
+ | iptables -A IN-cscan -s host-milter -j ACCEPT
+ | iptables -A IN-cscan -j DROP
+
+ | iptables -A INPUT -p tcp --dport 6665 -j IN-csan
+
+ to your firewall setup
More information about the fedora-extras-commits
mailing list