Integration process with ClamAV for AXIGEN
Solution
1. This article is intended to present a guideline for the integration process of the ClamAV filter with AXIGEN 5.x releases. Details on how to install and configure ClamAV to your specific OS platform can be found on our forum page:
https://www.axigen.com/forum/showthread.php?t=1
2. After starting the ClamAV filter following the instructions presented in the above forum page, you should verify via the netstat command that the clamd daemon is properly running and the address of the socket (inet/unix) on which it binds.
Two examples on how these addresses may be listed on a Linux platform:
a)
netstat -lnp | grep clam
tcp 0 0 127.0.0.1:3310 0.0.0.0:* LISTEN 25726/clamd
b)
netstat -lpn | grep clam
unix 2 [ ACC ] STREAM LISTENING 243718 25495/clamd /var/run/clamav/clamd.sock
3. Applying the ClamAV filter as a Server wide filter system in AXIGEN
In order to configure an anti-virus scanning system with the use of ClamAV for all the traffic processed by your AXIGEN, the following steps should be followed.
The AntiVirus and AntiSpam -> Supported Applications section, from the WebAdmin -> Security & Filtering context, will display two ClamAV connectors: one defined as a Built-In type and another as User type. The difference in these two connectors does not reside in the internal implementation as both reference the same connector that controls the communication process with these filters.
These two connectors differ in the path they expect to find the ClamAV filter, the Built-In filter expects to find the filter on an inet socket address: inet://127.0.0.1:3310, and the User type filter is configured to communicate with the filter on the local socket address: local:///var/run/clamav/clamd.ctl.
In a setup were the ClamAV filter is set to bind on the inet socket as shown in section 2.a, this filter should appear as Available in the AntiVirus and AntiSpam section. If the filter status is still set to Could not connect you should make sure to restart the detection process from the bottom of this page.
An Available status indicates that you can activate the filter for your AXIGEN Mail Server, by selecting the Enable button corresponding to this filter.
If your ClamAV filter is set to bind on a local socket, as seen in the 2.b example, you should make sure that the ClamAV-local (or clamav) filter address from the AXIGEN configuration file axigen.cfg matches the output from the netstat command.
Note:
The path to the AXIGEN configuration file depends on your OS:
/var/opt/axigen/run/axigen.cfg for Linux/Solaris
/var/axigen/run/axigen.cfg for *BSD
In our example, we could see that the local socket address is /var/run/clamav/clamd.sock but in the AXIGEN configuration file the filter address is set by default as:
address = "local:///var/run/clamav/clamd.ctl"
For this reason we will edit this entry to match our example setup: address="local:///var/run/clamav/clamd.sock".
After modifying the configuration file, you should next restart AXIGEN for the new settings to take effect. By logging on the WebAdmin interface -> Security & Filtering context -> AntiVirus and AntiSpam -> Supported Applications, you should next click the Enable button for the corresponding 'User' type ClamAV-local (or clamav)
4. Enforcing the rules on a domain basis instead of server wide policies can be done from the WebAdmin interface -> Domains & Accounts -> Manage Domains -> Message Filters section. The steps for configuring and activating the ClamAV filter are similar as described under the previous section.
https://www.axigen.com/forum/showthread.php?t=1
2. After starting the ClamAV filter following the instructions presented in the above forum page, you should verify via the netstat command that the clamd daemon is properly running and the address of the socket (inet/unix) on which it binds.
Two examples on how these addresses may be listed on a Linux platform:
a)
netstat -lnp | grep clam
tcp 0 0 127.0.0.1:3310 0.0.0.0:* LISTEN 25726/clamd
b)
netstat -lpn | grep clam
unix 2 [ ACC ] STREAM LISTENING 243718 25495/clamd /var/run/clamav/clamd.sock
3. Applying the ClamAV filter as a Server wide filter system in AXIGEN
In order to configure an anti-virus scanning system with the use of ClamAV for all the traffic processed by your AXIGEN, the following steps should be followed.
The AntiVirus and AntiSpam -> Supported Applications section, from the WebAdmin -> Security & Filtering context, will display two ClamAV connectors: one defined as a Built-In type and another as User type. The difference in these two connectors does not reside in the internal implementation as both reference the same connector that controls the communication process with these filters.
These two connectors differ in the path they expect to find the ClamAV filter, the Built-In filter expects to find the filter on an inet socket address: inet://127.0.0.1:3310, and the User type filter is configured to communicate with the filter on the local socket address: local:///var/run/clamav/clamd.ctl.
In a setup were the ClamAV filter is set to bind on the inet socket as shown in section 2.a, this filter should appear as Available in the AntiVirus and AntiSpam section. If the filter status is still set to Could not connect you should make sure to restart the detection process from the bottom of this page.
An Available status indicates that you can activate the filter for your AXIGEN Mail Server, by selecting the Enable button corresponding to this filter.
If your ClamAV filter is set to bind on a local socket, as seen in the 2.b example, you should make sure that the ClamAV-local (or clamav) filter address from the AXIGEN configuration file axigen.cfg matches the output from the netstat command.
Note:
The path to the AXIGEN configuration file depends on your OS:
/var/opt/axigen/run/axigen.cfg for Linux/Solaris
/var/axigen/run/axigen.cfg for *BSD
In our example, we could see that the local socket address is /var/run/clamav/clamd.sock but in the AXIGEN configuration file the filter address is set by default as:
address = "local:///var/run/clamav/clamd.ctl"
For this reason we will edit this entry to match our example setup: address="local:///var/run/clamav/clamd.sock".
After modifying the configuration file, you should next restart AXIGEN for the new settings to take effect. By logging on the WebAdmin interface -> Security & Filtering context -> AntiVirus and AntiSpam -> Supported Applications, you should next click the Enable button for the corresponding 'User' type ClamAV-local (or clamav)
4. Enforcing the rules on a domain basis instead of server wide policies can be done from the WebAdmin interface -> Domains & Accounts -> Manage Domains -> Message Filters section. The steps for configuring and activating the ClamAV filter are similar as described under the previous section.
OS:
LinuxFreeBSDNetBSDOpenBSDSolaris