Setup ClamAV virus protection for outgoing and incoming emails to a Postfix mail server on a debian server 05.12.19

1.
after you have a running mail server like postfix install:
apt-get install clamav clamav-freshclam clamsmtp

2.
config /etc/clamsmtpd.conf
change 
OutAddress: 10025
127.0.0.1:10026

to:

OutAddress: 10026
127.0.0.1:10025

3.
may restart the servers so the new port will be active

4.
edit /etc/postfix/main.cf by adding 2 lines to the end:

content_filter = scan:127.0.0.1:10025
receive_override_options = no_address_mappings

5.
edit /etc/postfix/master.cf by adding 2 entries to the end

#5.1 
# AV scan filter (used by content_filter)
scan unix - - n - 16 smtp
 -o smtp_send_xforward_command=yes

#5.2
# For injecting mail back into postfix from the filter
127.0.0.1:10026 inet n - n - 16 smtpd
 -o content_filter=
 -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
 -o smtpd_helo_restrictions=
 -o smtpd_client_restrictions=
 -o smtpd_sender_restrictions=
 -o smtpd_recipient_restrictions=permit_mynetworks,reject
 -o mynetworks_style=host
 -o smtpd_authorized_xforward_hosts=127.0.0.0/8

6.
restart postfix and check the log with tail /var/log/mail.log -f
if no errors show up by receiving and sending emails the virus protection is on place

7.
update the virus program ClamAV with freshclam on a regular basis with your cronjobs:
you can place a file into /etc/cron.d/clamav
and add the following content:

11 11 * * * root /usr/bin/freshclam –quiet > /dev/null

8
restart cron with 
/etc/init.d/cron restart
and check the /var/log/syslog if cron shows no error

source:
Installation

The installation of ClamAV couldn’t be any easier. All you need to do is follow these steps:

Open up a terminal window (or log into your mail server if you are using a GUI-less Ubuntu installation).

Issue the command sudo apt-get install clamav clamav-freshclam clamsmtp

Type your sudo password and hit Enter.

Okay any dependencies (if necessary) and hit Enter.

Watch the installation fly by.

That’s it! ClamAV is now installed. You don’t even need to start the ClamAV daemon, as the installation will take care of that for you. Upon completion of the configuration you will have to manually restart the daemon (as well as the Postfix daemon). When that time comes, the command to restart ClamAV is:

sudo /etc/init.d/clamsmtpd restart

Just in case you have forgotten, the command to restart the Postfix daemon is:

sudo /etc/init.d/postfix restart

Now, let’s begin the configuration.

Configuration

There are three files that will need to be configured:

/etc/clamsmtpd.conf
    /etc/postfix/main.cf
    /etc/postfix/master.cf

Only the first file is a ClamAV file, so let’s start with that configuration first. Open up the /etc/clamsmtpd.conf file in your favorite editor and look for the lines:

OutAddress: 10025

127.0.0.1:10026

These two lines need to be changed to:

OutAddress: 10026

127.0.0.1:10025

This will change the ports according to the needs of Postfix. That is all you need to do with the ClamAV configuration file. Save and close that file and we will now move on to configure Postfix.

Open up the file /etc/postfix/main.cf. Scroll to the bottom of this file and add the following two lines:

content_filter = scan:127.0.0.1:10025

receive_override_options = no_address_mappings

Save and close that file.

Now, open up the /etc/postfix/master.cf file. Scroll down to the bottom of this file and add the following lines (you might just want to copy/paste this section because it is rather long).

# AV scan filter (used by content_filter)
scan unix - - n - 16 smtp
-o smtp_send_xforward_command=yes
# For injecting mail back into postfix from the filter
127.0.0.1:10026 inet n - n - 16 smtpd
-o content_filter=
-o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
-o smtpd_helo_restrictions=
-o smtpd_client_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks_style=host
-o smtpd_authorized_xforward_hosts=127.0.0.0/8

Make sure the above section is exact. Save and close that file. Now it’s time to restart both daemons with the commands I showed you above. Restart both daemons and Postfix will now begin filtering your email with the help of ClamAV.

Updating the Definitions

Your antivirus will eventually become worthless if you do not update your definitions. Fortunately, ClamAV has a built in tool just for that purpose. The tool in question is (aptly named) freshclam. To update your signatures you would issue the command:

sudo freshclam

https://www.linux.com/tutorials/using-clamav-kill-viruses-postfix/

Anonymous

Setup ClamAV virus protection for outgoing and incoming emails to a Postfix mail server on a debian server 05.12.19

Information Epoch 1778045434