FreeBSD 11.2 install Clamav with Postfix and Dovecot

Install clamav and clamsmtpd from ports
cd /usr/ports/security/clamav/
make install clean
cd /usr/ports/security/clamsmtpd/
make install clean

Add those lines to /etc/rc.conf:
clamav_clamd_enable="YES"
clamsmtpd_enable="YES"

Start the first sync of virus definitions:
root@hazard:/usr/ports/security/clamav # freshclam
ClamAV update process started at Sun Sep 2 15:58:02 2018
Downloading main.cvd [100%]
main.cvd updated (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr)
Downloading daily.cvd [100%]
daily.cvd updated (version: 24895, sigs: 2072257, f-level: 63, builder: neo)
Downloading bytecode.cvd [100%]
bytecode.cvd updated (version: 327, sigs: 91, f-level: 63, builder: neo)
Database updated (6638597 signatures) from database.clamav.net (IP: 104.16.189.138)

Configure Clamav, edit /usr/local/etc/clamd.conf and check this lines:
LogFile /var/log/clamav/clamd.log
PidFile /var/run/clamav/clamd.pid
TemporaryDirectory /var/tmp
DatabaseDirectory /var/db/clamav
LocalSocket /var/run/clamav/clamd.sock
FixStaleSocket yes
TCPSocket 3310
TCPAddr 127.0.0.1
MaxConnectionQueueLength 30
User clamav

Start Clamav:
/usr/local/etc/rc.d/clamav-clamd start

Configure Clamsmtpd (/usr/local/etc/clamsmtpd.conf):
OutAddress: 127.0.0.1:10026
Listen: 127.0.0.1:10025
ClamAddress: /var/run/clamav/clamd.sock
Header: X-Virus-Scanned: ClamAV using ClamSMTP
TempDirectory: /tmp
Action: drop
Quarantine: off
User: clamav

And start it:
/usr/local/etc/rc.d/clamsmtpd start

Add in /usr/local/etc/postfix/main.cf:
content_filter = scan:[127.0.0.1]:10025

And in /usr/local/etc/postfix/master.cf:
scan unix - - n - 16 smtp
-o smtp_send_xforward_command=yes
-o smtp_tls_security_level=none
127.0.0.1:10026 inet n - n - 16 smtpd
-o content_filter=
-o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
-o smtpd_helo_restrictions=
-o smtpd_client_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks_style=host
-o smtpd_authorized_xforward_hosts=127.0.0.0/8

Restart postfix:
/usr/local/etc/rc.d/postfix restart

And you’re done.
This is what happen when you receive a virus:
postfix/qmgr[33301]: 590CDE01CE8: from=<xxx@xxx.it>, size=1397, nrcpt=1 (queue active)
clamsmtpd: 100001: accepted connection from: 163.172.13.69
postfix/smtpd[33348]: connect from localhost[127.0.0.1]
postfix/smtpd[33348]: 9AC88E01CEA: client=localhost[127.0.0.1], orig_queue_id=590CDE01CE8, orig_client=host31-120-dynamic.60-82-r.retail.telecomitalia.it[82.60.120.31]
clamsmtpd: 100001: quarantined virus file as: /tmp/virus.exO4Tr
postfix/smtp[33315]: 590CDE01CE8: to=<xxx@xx.it>, relay=127.0.0.1[127.0.0.1]:10025, delay=0.33, delays=0.22/0/0.1/0.01, dsn=2.0.0, status=sent (250 Virus Detected; Discarded Email)
clamsmtpd: 100001: from=xxx@xxx.it, to=xxx@xxx.it, status=VIRUS:Eicar-Test-Signature
postfix/smtpd[33348]: disconnect from localhost[127.0.0.1] ehlo=1 xforward=2 mail=1 rcpt=1 rset=1 quit=1 commands=7
postfix/qmgr[33301]: 590CDE01CE8: removed
postfix/smtps/smtpd[33307]: disconnect from host31-120-dynamic.60-82-r.retail.telecomitalia.it[82.60.120.31] ehlo=1 auth=1 mail=1 rcpt=1 data=1 quit=1 commands=6

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.