Part 14 - Clam Antivirus & SpamAssassin

Alright, the next 2 steps are going to be the trickiest of the entire installation. First, on this page, we're going to install Clam Antivirus and Spamassassin. Then, on the next page, we will install qmail-scanner which will tie ClamAV and Spamassassin into the operation of our qmail server. I'm going to warn you again that these next two steps are typically a pain in the ass. I am constantly trying to make these steps as universal and easy as possible, but the ease of these steps depends heavily on how your system is configured and how experienced you are. If you've never done this before, you can pretty much bet you're going to have a problem or 2 along the way. But don't give up. If you get into a bind, feel free to consult the qmailrocks mailing list, mailing list archive, IRC channel or chat forum. Using these 4 resources, you've got an excellent chance of getting any help you may need. OK, it's time to put some hair on your chest!

First, let's make sure you have all the required perl modules and required packages. All of the perl modules below are required for Spamassassin and Qmail-Scanner to work. I'll talk more about this further down in the install.

You will need these Perl Modules:




You will also need these other packages:


If you don't have perl-suidperl or unzip installed, you will find RPM's of these 2 packages included in the Qmailrocks package.

- Helpful Hints -

Checking/Installing Perl Modules

How do I know if my server has these perl modules?

The following script will check your system for the above modules.

You MUST run this script as a NON-ROOT user!!


If you see an output similar to this: /usr/lib/perl5/5.6.1/i386-linux/Time/ Your are good to go! However, if you get a "not found" type response for any of the above modules, you will need to install them.

Ok, so if I don't have the module(s), how do I down and install it(them)?

There are 3 main ways you can do this:

1. Redhat's "up2date" utility (reccomended): Redhat Network members can easily install every perl module and package that is required above with the exception of "Mail-Spamassassin", which is available in the "perlmods" directory of the Qmailrocks package. If you are a Redhat Network member and would like to see an example of how to install using the "up2date" utility, click here.

Important Note: The Parse::Syslog and Statistics::Distributions perl modules are currenly not available in RPM package format (at least I couldn't find any). These 3 modules will have to be installed via option 2 or 3

2. Qmailrocks included RPM packages: If you are not a member of Redhat Network, I've included RPM and source versions of all needed perl modules. These can be found in the "perlmods" directory of the Qmailrocks package. If you want to see an example of how to install these RPM's or source packages, click here. I try to keep these packages as current as possible, but you can always fine the latest versions at Redhat's download site.

1. Directly from CPAN: Go to, get the module and install it. Alternatively, you can use the command line CPAN utility to connect to CPAN and install the module.

Ok, so at this point you should have all of the above Perl modules installed on your system. In addition, as noted above, you will also need to have "unzip" and "perl-suidperl" packages installed. So let's install Clam Anti Virus and Spammassin..

Installing Clam Anti Virus...

cd /downloads/qmailrocks/

rpm -Uvh clamav-x.x-x.x.rpm

rpm -Uvh clamav-devel-x.x-x.x.rpm

Now we'll do a few configuration settings to the /etc/clamd.conf file.

vi /etc/clamd.conf

"Example" - should already be commented out. However, if it is not, make sure that it is commented out (#)
"LogFile" - should be set to /var/log/clamav/clamd.log
"LogTime" - should be uncommmented.
"LogSyslog" - should be uncommented.
"User" - should be set to qscand

"ScanMail" - should be uncommented.

Now we are going to create the qscand user that ClamAV will run as. This user is really for qmail-scanner, which will be installed on the next step, but we'll go ahead and create it now so that we can start the ClamAV daemon...

useradd -c "Qmail-Scanner Account" -s /bin/false qscand

Alright, now let's start Clamd...

/etc/init.d/clamd stop

/etc/init.d/clamd start

Ok, Clam Antivirus is now installed and running. Now let's go ahead and set it up so that it will auto-update every night with the latest virus definitions! First we will want to set up the proper logging for the updater....

/usr/bin/freshclam -l /var/log/clamav/clam-update.log

If the server is able to get updates, you should see an output similar to this:

[root@crescent clamav]# freshclam -l /var/log/clamav/clamav-update.log
ClamAV update process started at Sun Oct 24 23:36:22 2004
main.cvd is up to date (version: 27, sigs: 23982, f-level: 2, builder: tomek)
daily.cvd is up to date (version: 549, sigs: 1583, f-level: 3, builder: ccordes)

Woohoo! You're updated with the latest virus definiations from the Clam database!

Now we just set a crontab to run every night, which will run the auto-update procedure! In the example below, I've set mine to run every day at 1:25 AM. The odd run time came reccomended from ClamAV, if you're wondering. Running freshclam at times other than the top of an hour reduces the load on their servers. so feel free to adjust the time to something even more offbeat, like 1:26 AM or something. The guys at ClamAV will thank you.

crontab -e (make sure you run this command as root)

25 1 * * * /usr/bin/freshclam --quiet -l /var/log/clamav/freshclam.log

Now save your new crontab and exit.

That's it! We're all done with Clam Anti Virus! You will now have a server-wide e-mail virus scanner that updates itself every night with the latest and greatest virus definitions!

- Helpful Hints -

Knowing Clam Anti Virus

1) Clam AV works pretty well right out of the box. However, there is a configuration file created at /etc/clamav.conf in case you want to customize it to your liking.

3) Clam logs to /var/log/clamav.log

4) When Clam detects an e-mail that contains a potential virus, the following will happen:

- a) Clam AV quarantines the e-mail in /var/spool/qmailscan/quarantine

- b) Clam AV will send a notification of the detection and quarantine to whoever you configure it to send notifications to. When we install Qmail-Scanner further down this page, we will tell it what people to notify when a virus is detected. If you configure Qmail-Scanner by my rules, it will send 1 notification to the system administrator. However, it can also send a notification to the sender and the recipient as well, if you configure it to do so.

Now let's install Spamassassin...

Note: Spamassassin utilizes port 783 to properly scan and release e-mail. If you have a firewall on your server, you will need to open up port 783 going in and out.

Redhat 9 and RHE users: You may find, when installing Spamassassin, that a version of it is already installed on the system. If so, I would recommend uninstalling that RPM and installing the ones listed here. But it's up to you.

If you don't have the Mail::Spamassassin Perl module installed on your system, let's install it now...

cd /downloads/qmailrocks/perlmods/rpms/

rpm -Uvh perl-Mail-SpamAssassin-3.0.2-1.i386.rpm

Now let's install the Spamassassin RPMs

cd /downloads/qmailrocks/

rpm -Uvh spamassassin-3.0.2-1.i386.rpm spamassassin-tools-3.0.2-1.i386.rpm

Important Note: When you run the RPM installation command above, you may end up getting an RPM dependency error telling you that the Parse::Syslog and Statistics::Distributiuons Perl modules need to be installed first. Now, if you followed instructions you should have already installed these 2 modules from source. Since they were installed from source and not from RPM, the RPM installer can't see them. That's ok. If you are sure the perl modules are installed, you can simply override the dependency setting and install the Spamassassin packages with the following command shown below. If you see any other dependency errrors than the 2 perl modules listed here, you will need to address those seperately.

rpm -Uvh --nodeps spamassassin-3.0.2-1.i386.rpm spamassassin-tools-3.0.2-1.i386.rpm

Alright. Now we're going to add a user/group called "spamd" under which Spamassassin will be run...

groupadd spamd

useradd -g spamd -s /home/spamd spamd

And now let's set some config options...

vi /etc/sysconfig/spamassassin

If the above file exists, replace its contents with the following line. If the file does not exist, create it and add the following line:

SPAMDOPTIONS="-x -u spamd -H /home/spamd -d"

Save and exit from the file.

vi /etc/mail/spamassassin/

Add the following line...

required_hits 5

Save and exit from the file.

Now start up Spamassassin...

/etc/rc.d/init.d/spamassassin start

Now let's see if Spamassassin is running...

ps aux | grep spamd

You should the following info concerning spamassassin. The PID might differ on your system, but you get the idea.

spamd 3734 0.2 2.0 24992 20808 ? S 14:21 0:01 /usr/bin/spamd -x -u spamd -H /home/spamd -d

If all has gone well, both Spamassassin and Clam Anti Virus should now be installed! With both of these programs installed.

Important Note: You will want to make sure that both clamd and Spamassassin are set to start up on boot. If you don't do this, your mail server will freak out the next time your reboot. On most Redhat systems, running the following command will allow you to edit the startup programs:


One in the setup menu, scroll down and select the "system services" option. From the system services menu, scroll down to "clamd". Make sure that there is an asterisk (*) next to clamd, indicating it is set to start on boot. If no asterisk is present, press the spacebar to add it. Repeat the procedure for Spamassasin. Exit out of the setup menu and you should be good to go.

Now we can now install Qmail-Scanner...

Proceed to Part 15


Color Coded Qmail Installation Key
Regular Black Text 
 Qmail installation notes and summaries by the author. Me talking.
Bold Black Text 
 Commands to be run by you, the installer.
Bold Maroon Text 
 Special notes for Redhat 9 users.
Bold Red Text 
 Vital and/or critical information.
Regular/Bold Purple text 
 Denotes helpful tips and hints or hyperlinks.
Regular Orange Text 
 Command line output.

Regular green text 

 Denotes the contents of a file or script.
home | about | the installation | utilities | faq | contact | journal | mailing list | list archive | forum | links | donatemerchandise
This mirror last modified: Thursday, August 9th, 2012 15:58:37 CEST
The Rocks Project