SimScan Configuration
- Making ClamAV and SimScan Play Nice
The clamdscan program needs to have permission to scan directories. By default, the /var/qmail/simscan directory is owned by simscan and grouped to root. This means that only simscan and root can access this directory. We don't want to open this directory up to the world, that might allow an unauthorized user to see someone else's email. So, the easiest way to do this is to change the group ownership of the directory and set a sticky bit.
rootshell> chgrp clamav /var/qmail/simscan
rootshell> chmod g+s /var/qmail/simscan
- Qmail Queue Setup
In order to have qmail send all emails through simscan, you must place the appropriate setting in the tcp.smtp file. For each netblock you want to use Simscan, add the following :
QMAILQUEUE="/var/qmail/bin/simscan"
For our setup, we want to do the following :
rootshell> echo ':allow,QMAILQUEUE="/var/qmail/bin/simscan"' >> /home/vpopmail/etc/tcp.smtp
rootshell> cd ~vpopmail/etc
rootshell> tcprules tcp.smtp.cdb tcp.smtp.tmp < tcp.smtp
- simcontrol configuration file
The simcontrol file is used to set per-domain settings, as well as the site-wide defaults. The format of the file is as follows :
shell> cat /var/qmail/control/simcontrol
postmaster@example.com:clam=yes,spam=no,attach=.txt:.com example.com:clam=no,spam=yes,attach=.mp3 :clam=yes,spam=yes,trophie=yes,spam_hits=20.1
This file is relatively self explanatory. See the simscan README for more information on settings. For now, set up this file as follows :
rootshell> echo ":clam=yes,spam=yes" > /var/qmail/control/simcontrol
rootshell> /var/qmail/bin/simscanmk