| b151ef55 |
BUILD INSTRUCTIONS
A makefile was supplied with this which should have built the program. If it
fails please let us know, and here are some hints for building on different
platforms.
Tested OK on Linux/x86 with gcc3.2.
cc -O3 -pedantic -Wuninitialized -Wall -pipe -mcpu=pentium -march=pentium -fomit-frame-pointer -ffast-math -finline-functions -funroll-loops clamav-milter.c -pthread -lmilter ../libclamav/.libs/libclamav.a ../clamd/cfgfile.o ../clamd/others.o
Compiles OK on Linux/x86 with tcc 0.9.16, but fails to link errors with 'atexit'
tcc -g -b -lmilter -lpthread clamav-milter.c...
Fails to compile on Linux/x86 with icc6.0 (complains about stdio.h...)
icc -O3 -tpp7 -xiMKW -ipo -parallel -i_dynamic -w2 clamav-milter.c...
Fails to build on Linux/x86 with icc7.1 with -ipo (fails on libclamav.a - keeps saying run ranlib). Otherwise it builds and runs OK.
icc -O2 -tpp7 -xiMKW -parallel -i_dynamic -w2 -march=pentium4 -mcpu=pentium4 clamav-milter.c...
Tested with Electric Fence 2.2.2
Compiles OK on Linux/ppc (YDL2.3) with gcc2.95.4. Needs -lsmutil to link.
cc -O3 -pedantic -Wuninitialized -Wall -pipe -fomit-frame-pointer -ffast-math -finline-functions -funroll-loop -pthread -lmilter ../libclamav/.libs/libclamav.a ../clamd/cfgfile.o ../clamd/others.o -lsmutil |
| c6259ac5 |
I haven't tested it further on this platform yet.
YDL3.0 should compile out of the box |
| b151ef55 |
Sendmail on MacOS/X (10.1) is provided without a development package so this
can't be run "out of the box"
|
| c6259ac5 |
Solaris 8 doesn't have milter support so clamav-milter won't work unless you
rebuild sendmail from source. |
| b151ef55 |
FreeBSD4.7 use /usr/local/bin/gcc30. GCC3.0 is an optional extra on
FreeBSD. It comes with getopt.h which is handy. To link you need
-lgnugetopt
gcc30 -O3 -DCONFDIR=\"/usr/local/etc\" -I. -I.. -I../clamd -I../libclamav -pedantic -Wuninitialized -Wall -pipe -mcpu=pentium -march=pentium -fomit-frame-pointer -ffast-math -finline-functions -funroll-loops clamav-milter.c -pthread -lmilter ../libclamav/.libs/libclamav.a ../clamd/cfgfile.o ../clamd/others.o -lgnugetopt
|
| e2bb746e |
FreeBSD4.8: compiles out of the box with either gcc2.95 or gcc3 |
| cdbe607d |
OpenBSD3.4: the supplied sendmail does not come with Milter support.
Do this *before* running configure (thanks for Per-Olov Sjöhol
<peo_s@incedo.org> for these instructions).
echo WANT_LIBMILTER=1 > /etc/mk.conf
cd /usr/src/gnu/usr.sbin/sendmail
make depend
make
make install
kill -HUP `sed q /var/run/sendmail.pid`
Then do this to make the milter headers available to clamav...
(the libmilter.a file is already in the right place after the sendmail
recompiles above)
cd /usr/include
ln -s ../src/gnu/usr.sbin/sendmail/include/libmilter libmilter |
| c6259ac5 |
|
| e2bb746e |
Solaris 9 and FreeBSD5 have milter support in the supplied sendmail, but
doesn't include libmilter so you can't develop milter applications on it.
Go to sendmail.org, download the lastest sendmail, cd to libmilter and
"make install" there.
Needs -lresolv on Solaris
|
| b151ef55 |
INSTALLATION
Install into /usr/local/sbin/clamav-milter, mode 744
See http://www.nmt.edu/~wcolburn/sendmail-8.12.5/libmilter/docs/sample.html
Installations for RedHat Linux and it's derivatives such as YellowDog: |
| 4ba69cb6 |
Ensure that you have the sendmail-devel RPM installed |
| b151ef55 |
Add to /etc/mail/sendmail.mc:
INPUT_MAIL_FILTER(`clamav', `S=local:/var/run/clamav.sock, F=, T=S:4m;R:4m')dnl
define(`confINPUT_MAIL_FILTERS', `clamav')
Check entry in /usr/local/etc/clamav.conf of the form:
LocalSocket /var/run/clamd.sock
StreamSaveToDisk
If you already have a filter (such as spamassassin-milter from
http://savannah.nongnu.org/projects/spamass-milt) add it thus:
INPUT_MAIL_FILTER(`clamav', `S=local:/var/run/clamav.sock, F=, T=S:4m;R:4m')dnl
INPUT_MAIL_FILTER(`spamassassin', `S=local:/var/run/spamass.sock, F=, T=C:15m;S:4m;R:4m;E:10m')
define(`confINPUT_MAIL_FILTERS', `spamassassin,clamav')dnl
You may find INPUT_MAIL_FILTERS is not needed on your machine, however it
is recommended by the Sendmail documentation and I recommend going along
with that.
I suggest putting SpamAssassin first since you're more likely to get spam
than a virus/worm sent to you.
Add to /etc/sysconfig/clamav-milter
CLAMAV_FLAGS="--max-children=2 local:/var/run/clamav.sock"
or if clamd is on a different machine
CLAMAV_FLAGS="--max-children=2 --server=192.168.1.9 local:/var/run/clamav.sock"
You should have received a script to put into /etc/init.d with this software.
|
| bb9979e6 |
run 'chown clamav /usr/local/sbin/clamav-milter; chmod 4700 /usr/local/sbin/clamav-milter
|
| b151ef55 |
CHANGE HISTORY
Changes
0.2: 4/3/03 clamfi_abort() now always calls pthread_mutex_unlock
5/3/03 Only send a bounce if -b is set
Version now uses -v not -V
--config-file couldn't be set by -c
0.3 7/3/03 Enhanced the Solaris compile time comment
No need to save the return result of LogSyslog
Use LogVerbose
0.4 9/3/03 Initialise dataSocket/cmdSocket correctly
10/3/03 Say why we don't connect() to clamd
Enhanced '-l' usage message
0.5 18/3/03 Ported to FreeBSD 4.7
Source no longer in support, so remove one .. from
the build instructions
Corrected the use of strerror_r
0.51 20/3/03 Mention StreamSaveToDisk in the installation
Added -s option which allows clamd to run on a
different machine from the milter
0.52 20/3/03 -b flag now only stops the bounce, sends warning
to recipient and postmaster
0.53 24/3/03 %d->%u in syslog call
27/3/03 tcpSocket is now of type in_port_t
27/3/03 Use PING/PONG
0.54 23/5/03 Allow a range of IP addresses as outgoing ones
that need not be checked
0.55 24/5/03 Use inet_ntop() instead of inet_ntoa()
Thanks to Krzysztof Olędzki <ole@ans.pl>
0.60 11/7/03 Some TODOs done by Nigel Kukard <nkukard@lbsd.net>
Should stop a couple of remote chances of crashes |
| c6259ac5 |
0.60a 22/7/03 Tidied up message when sender is unknown
0.60b 17/8/03 Optionally set postmaster address. Usually one uses
/etc/aliases, but not everyone want's to...
0.60c 22/8/03 Another go at Solaris support
0.60d 26/8/03 Removed superflous buffer and unneeded strerror call
ETIMEDOUT isn't an error, but should give a warning |
| a615af96 |
0.60e 09/9/03 Added -P and -q flags by "Nicholas M. Kirsch" <nick@kirsch.org> |
| 1f025849 |
0.60f 17/9/03 Changed fprintf to fputs where possible
Redirect stdin from /dev/null, stdout&stderr to
/dev/console |
| 3613bd91 |
0.60g 26/9/03 Handle sendmail calling abort after calling cleanup
(Should never happen - but it does)
Added -noxheader patch from dirk.meyer@dinoex.sub.org |
| b5d15e64 |
0.60h 28/9/03 Support MaxThreads option in config file,
overriden by --max-children.
Patch from "Richard G. Roberto" <rgr@dedlegend.com> |
| ecb8e6b4 |
0.60i 30/9/03 clamfi_envfrom() now correctly returns SMFIS_TEMPFAIL,
in a few circumstances it used to return EX_TEMPFAIL
Patch from Matt Sullivan <matt@sullivan.gen.nz> |
| b14e9e77 |
0.60j 1/10/03 strerror_r doesn't work on Linux, attempting workaround
Added support for hard-coded list of email addresses
who's e-mail is not scanned |
| 3a0b4e5b |
0.60k 5/10/03 Only remove old UNIX domain socket if FixStaleSocket
is set |
| dd0d5a8c |
0.60l 11/10/03 port is now unsigned
Removed remote possibility of crash if the target
e-mail address is very long
No longer calls clamdscan to get the version |
| f0d6f5a1 |
0.60m 12/10/03 Now does sanity check if using localSocket
Gets version info from clamd
Only reset fd's 0/1/2 if !ForeGround |
| 390a7661 |
0.60n 22/10/03 Call pthread_cont_broadcast more often |
| b0a42ec6 |
0.60o 31/10/03 Optionally accept all mails if scanning procedure
fails (Joe Talbott <josepht@cstone.net>) |
| 3a805bfd |
0.60p 5/11/03 Only call mutex_unlock when max_children is set
Tidy up the call to pthread_cond_timedwait |
| a6f07599 |
0.60q 11/11/03 Fixed handling of % characters in e-mail addresses
pointed out by dotslash@snosoft.com |
| 0b6bce84 |
0.65 15/11/03 Upissue of clamav
0.65a 19/11/03 Close cmdSocket earlier
Added setpgrp() |
| bb9979e6 |
0.65b 22/11/03 Ensure milter is not run as root if requested
Added quarantine support |
| 434012b8 |
0.65c 24/11/03 Support AllowSupplementaryGroups
Fix warning about root usage |
| 2a1ff3e4 |
0.65d 25/11/03 Handle empty hostname or hostaddr
Fix based on a submission by Michael Dankov <misha@btrc.ru> |
| 4ba69cb6 |
0.65e 29/11/03 Fix problem of possible confused pointers if large
number of recipients given.
Fix by Michael Dankov <misha@btrc.ru>. |
| 3454ad43 |
0.65f 29/11/03 Added --quarantine-dir
Thanks to Michael Dankov <misha@btrc.ru>. |
| 65a8d561 |
0.65g 2/12/03 Use setsid if setpgrp is not present.
Thanks to Eugene Crosser <crosser@rol.ru> |
| 709d1342 |
0.65h 4/12/03 Added call to umask to ensure that the local socket
is not publically writeable. If it is sendmail
will (correctly!) refuse to start this program
Thanks for Nicklaus Wicker <n.wicker@cnk-networks.de>
Don't sent From as the first line since that means
clamd will think it is an mbox and not handle
unescaped From at the start of lines properly
Thanks to Michael Dankov <misha@btrc.ru> |
| b696653a |
0.65i 9/12/03 Use the location of sendmail discovered by configure |
| d2efb3fa |
0.65j 10/12/03 Timeout on waiting for data from clamd |
| 85c1dbfd |
0.65k 12/12/03 A couple of calls to clamfi_cleanup were missing
before return cl_error |
| 5dc96b9f |
0.66 13/12/03 Upissue |
| e6bffccb |
0.66a 22/12/03 Added --sign |
| 3166c010 |
0.66b 27/12/03 --sign moved to privdata |
| e2bb746e |
0.66c 31/12/03 Included the sendmail queue ID in the log, from an
idea by Andy Fiddaman <af@jeamland.org> |
| cdbe607d |
0.66d 10/1/04 Added OpenBSD instructions
Added --signature-file option |
| 462b5251 |
0.66e 12/1/04 FixStaleSocket: no longer complain if asked to remove
an old socket when there was none to remove |
| 6a914c6e |
0.66f 24/1/04 -s: Allow clamd server name as well as IPaddress
0.66g 25/1/04 Corrected usage message
Started to honour --debug
Dump core on LINUX if CL_DEBUG set
Support multiple servers separated by colons
0.66h 26/1/04 Corrected endian problem (ntohs instead of htons) |
| ca59d8d0 |
0.66i 28/1/04 Fixed compilation error with --enable-debug |
| a7164828 |
0.66j 29/1/03 Added --noreject flag, based on a patch by
"Vijay Sarvepalli" <vssarvep@office.uncg.edu> |
| 8ad6dd05 |
0.66k 2/2/04 When --postmaster-only is given, include the system
ID of the message in the warning e-mail, since that
will help the administrator when sifting through the
mail logs. Based on an idea by Jim Allen,
<Jim.Allen@Heartsine.co.uk> |
| b151ef55 |
BUG REPORTS
Please send bug reports and/or comments to Nigel Horne <njh@despammed.com>
TODO
There are several ideas marked as TODO in the source code. If anyone has
any other suggestions please feel free to contact me. |