FreeBSD 11.2 install Clamav with Postfix and Dovecot

Categories: BSD

Install clamav and clamsmtpd from ports
cd /usr/ports/security/clamav/
make install clean
cd /usr/ports/security/clamsmtp/
make install clean

Add those lines to /etc/rc.conf:

Start the first sync of virus definitions:
root@hazard:/usr/ports/security/clamav # freshclam
ClamAV update process started at Sun Sep 2 15:58:02 2018
Downloading main.cvd [100%]
main.cvd updated (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr)
Downloading daily.cvd [100%]
daily.cvd updated (version: 24895, sigs: 2072257, f-level: 63, builder: neo)
Downloading bytecode.cvd [100%]
bytecode.cvd updated (version: 327, sigs: 91, f-level: 63, builder: neo)
Database updated (6638597 signatures) from (IP:

Configure Clamav, edit /usr/local/etc/clamd.conf and check this lines:
LogFile /var/log/clamav/clamd.log
PidFile /var/run/clamav/
TemporaryDirectory /var/tmp
DatabaseDirectory /var/db/clamav
LocalSocket /var/run/clamav/clamd.sock
FixStaleSocket yes
TCPSocket 3310
MaxConnectionQueueLength 30
User clamav

Start Clamav:
/usr/local/etc/rc.d/clamav-clamd start

Configure Clamsmtpd (/usr/local/etc/clamsmtpd.conf):
ClamAddress: /var/run/clamav/clamd.sock
Header: X-Virus-Scanned: ClamAV using ClamSMTP
TempDirectory: /tmp
Action: drop
Quarantine: off
User: clamav

And start it:
/usr/local/etc/rc.d/clamsmtpd start

Add in /usr/local/etc/postfix/
content_filter = scan:[]:10025

And in /usr/local/etc/postfix/
scan unix - - n - 16 smtp
-o smtp_send_xforward_command=yes
-o smtp_tls_security_level=none inet n - n - 16 smtpd
-o content_filter=
-o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
-o smtpd_helo_restrictions=
-o smtpd_client_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks_style=host
-o smtpd_authorized_xforward_hosts=

Restart postfix:
/usr/local/etc/rc.d/postfix restart

And you’re done.
This is what happen when you receive a virus:
postfix/qmgr[33301]: 590CDE01CE8: from=<>, size=1397, nrcpt=1 (queue active)
clamsmtpd: 100001: accepted connection from:
postfix/smtpd[33348]: connect from localhost[]
postfix/smtpd[33348]: 9AC88E01CEA: client=localhost[], orig_queue_id=590CDE01CE8,[]
clamsmtpd: 100001: quarantined virus file as: /tmp/virus.exO4Tr
postfix/smtp[33315]: 590CDE01CE8: to=<>, relay=[]:10025, delay=0.33, delays=0.22/0/0.1/0.01, dsn=2.0.0, status=sent (250 Virus Detected; Discarded Email)
clamsmtpd: 100001:,, status=VIRUS:Eicar-Test-Signature
postfix/smtpd[33348]: disconnect from localhost[] ehlo=1 xforward=2 mail=1 rcpt=1 rset=1 quit=1 commands=7
postfix/qmgr[33301]: 590CDE01CE8: removed
postfix/smtps/smtpd[33307]: disconnect from[] ehlo=1 auth=1 mail=1 rcpt=1 data=1 quit=1 commands=6

  • The name of the port is cd /usr/ports/security/clamsmtp/ without a “d” at the end. It took me a while to find it. Just thought I bring it to your attention.
    Thanks for the great article.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.