Install ClamAV

Install ClamAV openbsd

1. pkg_add clamav-0.92.1.tgz
vi /etc/clamd.conf
##
## Example config file for the Clam AV daemon
## Please read the clamd.conf(5) manual before editing this file.
##

# Comment or remove the line below.
#Example

# Uncomment this option to enable logging.
# LogFile must be writable for the user running daemon.
# A full path is required.
# Default: disabled
#LogFile /var/log/clamd.log

# By default the log file is locked for writing – the lock protects against
# running clamd multiple times (if want to run another clamd, please
# copy the configuration file, change the LogFile variable, and run
# the daemon with –config-file option).
# This option disables log file locking.
# Default: no
#LogFileUnlock yes

# Maximum size of the log file.
# Value of 0 disables the limit.
# You may use ‘M’ or ‘m’ for megabytes (1M = 1m = 1048576 bytes)
# and ‘K’ or ‘k’ for kilobytes (1K = 1k = 1024 bytes). To specify the size
# in bytes just don’t use modifiers.
# Default: 1M
#LogFileMaxSize 2M

# Log time with each message.
# Default: no
#LogTime yes

# Also log clean files. Useful in debugging but drastically increases the
# log size.
# Default: no
#LogClean yes

# Use system logger (can work together with LogFile).
# Default: no
#LogSyslog yes

# Specify the type of syslog messages – please refer to ‘man syslog’
# for facility names.
# Default: LOG_LOCAL6
#LogFacility LOG_MAIL

# Enable verbose logging.
# Default: no
#LogVerbose yes

# This option allows you to save a process identifier of the listening
# daemon (main thread).
# Default: disabled
#PidFile /var/run/clamd.pid

# Optional path to the global temporary directory.
# Default: system specific (usually /tmp or /var/tmp).
#TemporaryDirectory /var/tmp

# Path to the database directory.
# Default: hardcoded (depends on installation options)
DatabaseDirectory /var/db/clamav

# The daemon works in a local OR a network mode. Due to security reasons we
# recommend the local mode.

# Path to a local socket file the daemon will listen on.
# Default: disabled (must be specified by a user)
LocalSocket /tmp/clamd.socket

# Remove stale socket after unclean shutdown.
# Default: yes
#FixStaleSocket yes

# TCP port address.
# Default: no
#TCPSocket 3310

# TCP address.
# By default we bind to INADDR_ANY, probably not wise.
# Enable the following to provide some degree of protection
# from the outside world.
# Default: no
TCPAddr 127.0.0.1

# Maximum length the queue of pending connections may grow to.
# Default: 15
#MaxConnectionQueueLength 30

# Clamd uses FTP-like protocol to receive data from remote clients.
# If you are using clamav-milter to balance load between remote clamd daemons
# on firewall servers you may need to tune the options below.

# Close the connection when the data size limit is exceeded.
# The value should match your MTA’s limit for a maximum attachment size.
# Default: 10M
#StreamMaxLength 20M

# Limit port range.
# Default: 1024
#StreamMinPort 30000
# Default: 2048
#StreamMaxPort 32000

# Maximum number of threads running at the same time.
# Default: 10
#MaxThreads 20

# Waiting for data from a client socket will timeout after this time (seconds).
# Value of 0 disables the timeout.
# Default: 120
#ReadTimeout 300

# Waiting for a new job will timeout after this time (seconds).
# Default: 30
#IdleTimeout 60

# Maximum depth directories are scanned at.
# Default: 15
#MaxDirectoryRecursion 20
# Follow directory symlinks.
# Default: no
#FollowDirectorySymlinks yes

# Follow regular file symlinks.
# Default: no
#FollowFileSymlinks yes

# Perform a database check.
# Default: 1800 (30 min)
#SelfCheck 600

# Execute a command when virus is found. In the command string %v will
# be replaced with the virus name.
# Default: no
#VirusEvent /usr/local/bin/send_sms 123456789 “VIRUS ALERT: %v”

# Run as another user (clamd must be started by root for this option to work)
# Default: don’t drop privileges
#User _clamav

# Initialize supplementary group access (clamd must be started by root).
# Default: no
#AllowSupplementaryGroups no

# Stop daemon when libclamav reports out of memory condition.
#ExitOnOOM yes

# Don’t fork into background.
# Default: no
#Foreground yes

# Enable debug messages in libclamav.
# Default: no
#Debug yes

# Do not remove temporary files (for debug purposes).
# Default: no
#LeaveTemporaryFiles yes

# Detect Possibly Unwanted Applications.
# Default: no
#DetectPUA yes

# In some cases (eg. complex malware, exploits in graphic files, and others),
# ClamAV uses special algorithms to provide accurate detection. This option
# controls the algorithmic detection.
# Default: yes
#AlgorithmicDetection yes

##
## Executable files
##

# PE stands for Portable Executable – it’s an executable file format used
# in all 32 and 64-bit versions of Windows operating systems. This option allows
# ClamAV to perform a deeper analysis of executable files and it’s also
# required for decompression of popular executable packers such as UPX, FSG,
# and Petite.
# Default: yes
#ScanPE yes

# Executable and Linking Format is a standard format for UN*X executables.
# This option allows you to control the scanning of ELF files.
# Default: yes
#ScanELF yes

# With this option clamav will try to detect broken executables (both PE and
# ELF) and mark them as Broken.Executable.
# Default: no
#DetectBrokenExecutables yes

##
## Documents
##

# This option enables scanning of OLE2 files, such as Microsoft Office
# documents and .msi files.
# Default: yes
#ScanOLE2 yes
# This option enables scanning within PDF files.
# Default: no
#ScanPDF yes

##
## Mail files
##

# Enable internal e-mail scanner.
# Default: yes
#ScanMail yes

# If an email contains URLs ClamAV can download and scan them.
# WARNING: This option may open your system to a DoS attack.
#          Never use it on loaded servers.
# Default: no
#MailFollowURLs no

# Recursion level limit for the mail scanner.
# Default: 64
#MailMaxRecursion 128

# With this option enabled ClamAV will try to detect phishing attempts by using
# signatures.
# Default: yes
#PhishingSignatures yes

# Scan URLs found in mails for phishing attempts using heuristics.
# Default: yes
#PhishingScanURLs yes

# Use phishing detection only for domains listed in the .pdb database. It is
# not recommended to have this option turned off, because scanning of all
# domains may lead to many false positives!
# Default: yes
#PhishingRestrictedScan yes

# Always block SSL mismatches in URLs, even if the URL isn’t in the database.
# This can lead to false positives.
# Default: no
#PhishingAlwaysBlockSSLMismatch no

# Always block cloaked URLs, even if URL isn’t in database.
# This can lead to false positives.
#
# Default: no
#PhishingAlwaysBlockCloak no

##
## HTML
##

# Perform HTML normalisation and decryption of MS Script Encoder code.
# Default: yes
#ScanHTML yes

##
## Archives
##

# ClamAV can scan within archives and compressed files.
# Default: yes
#ScanArchive yes

# The options below protect your system against Denial of Service attacks
# using archive bombs.

# Files in archives larger than this limit won’t be scanned.
# Value of 0 disables the limit.
# Default: 10M
#ArchiveMaxFileSize 15M

# Nested archives are scanned recursively, e.g. if a Zip archive contains a RAR
# file, all files within it will also be scanned. This options specifies how
# deeply the process should be continued.
# Value of 0 disables the limit.
# Default: 8
#ArchiveMaxRecursion 10
# Value of 0 disables the limit.
# Default: 1000
#ArchiveMaxFiles 1500

# If a file in an archive is compressed more than ArchiveMaxCompressionRatio
# times it will be marked as a virus (Oversized.ArchiveType, e.g. Oversized.Zip)
# Value of 0 disables the limit.
# Default: 250
#ArchiveMaxCompressionRatio 300

# Use slower but memory efficient decompression algorithm.
# only affects the bzip2 decompressor.
# Default: no
#ArchiveLimitMemoryUsage yes

# Mark encrypted archives as viruses (Encrypted.Zip, Encrypted.RAR).
# Default: no
#ArchiveBlockEncrypted no

# Mark archives as viruses (e.g. RAR.ExceededFileSize, Zip.ExceededFilesLimit)
# if ArchiveMaxFiles, ArchiveMaxFileSize, or ArchiveMaxRecursion limit is
# reached.
# Default: no
#ArchiveBlockMax no

##
## Clamuko settings
## WARNING: This is experimental software. It is very likely it will hang
##          up your system!!!
##

# Enable Clamuko. Dazuko (/dev/dazuko) must be configured and running.
# Default: no
#ClamukoScanOnAccess yes

# Set access mask for Clamuko.
# Default: no
#ClamukoScanOnOpen yes
#ClamukoScanOnClose yes
#ClamukoScanOnExec yes
# Set the include paths (all files inside them will be scanned). You can have
# multiple ClamukoIncludePath directives but each directory must be added
# in a seperate line.
# Default: disabled
#ClamukoIncludePath /home
#ClamukoIncludePath /students

# Set the exclude paths. All subdirectories are also excluded.
# Default: disabled
#ClamukoExcludePath /home/bofh

# Don’t scan files larger than ClamukoMaxFileSize
# Value of 0 disables the limit.
# Default: 5M
#ClamukoMaxFileSize 10M

2.vi /etc/rc.local
#### clamav jalan
if [ -x /usr/local/sbin/clamd ]; then
echo -n ‘ clamd’
[ -S /var/clamav/clamd.sock ] && rm -f /var/clamav/clamd.sock
/usr/local/sbin/clamd >/dev/null 2>&1
fi

3.vi /etc/postfix/main.cf
content_filter = scan:127.0.0.1:10025
receive_override_options = no_address_mappings
4. vi /etc/postfix/main.cf
scan      unix  –       –       n       –     16      smtp
-o smtp_send_xforward_command=yes

127.0.0.1:10026 inet  n –       n       –     16      smtpd
-o content_filter=
-o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
-o smtpd_helo_restrictions=
-o smtpd_client_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks_style=host
-o smtpd_authorized_xforward_hosts=127.0.0.0/8

5.Install clamsmtp
6.pkg_add clamsmtp-1.8p1.tgz
vi /etc/clamsmtpd.conf
# ——————————————————————————
#                        SAMPLE CLAMSMTPD CONFIG FILE
# ——————————————————————————
#
# – Comments are a line that starts with a #
# – All the options are found below with sample settings

# The address to send scanned mail to.
# This option is required unless TransparentProxy is enabled
OutAddress: 10026

# The maximum number of connection allowed at once.
# Be sure that clamd can also handle this many connections
#MaxConnections: 64

# Amount of time (in seconds) to wait on network IO
#TimeOut: 180

# Keep Alives (ie: NOOP’s to server)
#KeepAlives: 0

# Send XCLIENT commands to receiving server
#XClient: off

# Address to listen on (defaults to all local addresses on port 10025)
#Listen: 127.0.0.1:10025

# The address clamd is listening on
ClamAddress: /tmp/clamd.socket

# A header to add to all scanned email
#Header: X-Virus-Scanned: ClamAV using ClamSMTP

# Directory for temporary files
#TempDirectory: /tmp

# What to do when we see a virus (use ‘bounce’ or ‘pass’ or ‘drop’
#Action: drop
# Whether or not to keep virus files
#Quarantine: off

# Enable transparent proxy support
#TransparentProxy: off

# User to switch to
#User: clamav

# Virus actions: There’s an option to run a script every time a virus is found.
# !IMPORTANT! This can open a hole in your server’s security big enough to drive
# farm vehicles through. Be sure you know what you’re doing. !IMPORTANT!
#VirusAction: /path/to/some/script.sh
7.vi /etc/rc.local
clamsmtpd