Line 116: |
Line 116: |
| | | |
| http://www.sonoracomm.com/support/19-inet-support/49-spam-filter-configuration-for-sme-7 | | http://www.sonoracomm.com/support/19-inet-support/49-spam-filter-configuration-for-sme-7 |
| + | |
| + | ===Anti Virus=== |
| + | The SME Server used the Clam AntiVirus (www.clamav.net) as the default and build-in anti virus engine. By default this system will automatically get virus signatures updates from the clamav database. Other people and organizations has developed additional signatures which can be used with ClamAV. |
| + | |
| + | * Sane Security (http://www.sanesecurity.com/clamav/) - who maintains two signatures databases (Phishing and Scam) |
| + | * MSRBL (http://www.msrbl.com/) - Realtime Black Lists who maintains two databases (Images and Spam) |
| + | * Malware Block List (http://www.malware.com.br/) - who maintains a database for Malware |
| + | |
| + | In order to use these addition database with your Clam AV installation you need to download the databases. I have modified a script from San Security to work with SME 7.x which can be used to obtain the databases from Sane Security and MSRBL (Malware Block List is still under test). The addition of these 4 new databases provides ~65.000 new signatures for clam to work with. |
| + | |
| + | ====Installation==== |
| + | cd /etc/cron.daily |
| + | wget http://sme.swerts-knudsen.com/downloads/update_sanesecurity |
| + | chmod +x update_sanesecurity |
| + | |
| + | You can now run it the first with debug enabled to see that all is OK. |
| + | |
| + | ./update_sanesecurity -d |
| + | |
| + | Your output should look something like this (even though yours will hopefully be updated). |
| + | |
| + | update_sanesecurity: [debug] Debug mode is ON |
| + | update_sanesecurity: [debug] Starting. |
| + | update_sanesecurity: [debug] Created temporary directory: '/tmp/update_sanesecurity.OmA30589' |
| + | update_sanesecurity: [debug] Checking for ClamAV database directory... |
| + | update_sanesecurity: [debug] Found ClamAV database directory: /var/clamav |
| + | update_sanesecurity: [debug] PHISH_SIGS : http://www.sanesecurity.com/clamav/phishsigs/phish.ndb.gz |
| + | update_sanesecurity: [debug] SCAM_SIGS : http://www.sanesecurity.com/clamav/scamsigs/scam.ndb.gz |
| + | update_sanesecurity: [debug] SPAM_SIGS : rsync://rsync.mirror.msrbl.com/msrbl/MSRBL-SPAM.ndb |
| + | update_sanesecurity: [debug] IMAGE_SIGS : rsync://rsync.mirror.msrbl.com/msrbl/MSRBL-Images.hdb |
| + | update_sanesecurity: [debug] ClamScan : /usr/bin/clamscan |
| + | update_sanesecurity: [debug] CURL : /usr/bin/curl |
| + | update_sanesecurity: [debug] GunZip : /bin/gunzip |
| + | update_sanesecurity: [debug] RSync : /usr/bin/rsync |
| + | update_sanesecurity: [debug] ClamAV db dir : /var/clamav |
| + | update_sanesecurity: [debug] temp dir : /tmp/update_sanesecurity.OmA30589 |
| + | update_sanesecurity: [debug] Created temporary directory: '/tmp/update_sanesecurity.jqP30690' |
| + | update_sanesecurity: [debug] Checking for ClamAV database directory... |
| + | update_sanesecurity: [debug] Found ClamAV database directory: /var/clamav |
| + | update_sanesecurity: [debug] Checking for newer version of '/var/clamav/scam.ndb.gz' |
| + | update_sanesecurity: [info] '/var/clamav/scam.ndb.gz' was NOT updated |
| + | update_sanesecurity: [info] '/var/clamav/scam.ndb' was NOT updated |
| + | update_sanesecurity: [debug] Checking for newer version of '/var/clamav/phish.ndb.gz' |
| + | update_sanesecurity: [info] '/var/clamav/phish.ndb.gz' was NOT updated |
| + | update_sanesecurity: [info] '/var/clamav/phish.ndb' was NOT updated |
| + | update_sanesecurity: [debug] Checking for newer version of '/var/clamav/MSRBL-SPAM.ndb' |
| + | update_sanesecurity: [info] '/var/clamav/MSRBL-SPAM.ndb' was NOT updated |
| + | update_sanesecurity: [debug] Checking for newer version of '/var/clamav/MSRBL-Images.hdb' |
| + | update_sanesecurity: [info] '/var/clamav/MSRBL-Images.hdb' was NOT updated |
| + | update_sanesecurity: [debug] Exiting. |
| + | |
| + | ClamAV will by default reload its databases every 1800 secs (30mins) but you can force a reload with: |
| + | signal-event email-update |
| | | |
| ===Email Clients=== | | ===Email Clients=== |