Disable and remove ClamAV

Update: My original post was incorrect. Here is the correct procedure: (Works in Debian 5)

edit /etc/amavis/conf.d/50-user

Comment out the following two lines:

Code:

@bypass_virus_checks_maps = (
   \%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re);

Looks like this:

Code:

#@bypass_virus_checks_maps = (
#   \%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re);

@bypass_spam_checks_maps = (
   \%bypass_spam_checks, \@bypass_spam_checks_acl, \$bypass_spam_checks_re);

Restart amavis:

/etc/init.d/amavis restart

Stop clamav:

/etc/init.d/clamav-daemon stop
/etc/init.d/clamav-freshclam stop

Disable clamav from running on system boot:

update-rc.d -f clamav-daemon remove
update-rc.d -f clamav-freshclam remove

 

...........

 

A quick Solution should be to run this command (as root.. or sudo..)
# postconf -e 'content_filter ='
This command tell postfix "don't pass messages to amavis" at all.. so no antivirus and no antispam (this operation breaks 'a little' your ISPConfig setup.. you are alerted).
I think that a similar behaviour could be reached if you tune a Spamfilter Policy by-passing all checks ..and then apply this policy to all your domains.

Bye..

bajodel

 

I definitely want to keep spamassasin running, just disable the antivirus. I appear to have freed up a lot of memory in doing so. Debian doesn't do a good job of keeping up with updates anyways, so I'm better off using a good client-side email scanner.

No way to get rid of the alert in the ISPConfig 3 Server Monitor?

 

After doing this, spamassasin no longer works and the spam is flooding in. Is there any way to re-enable spamassasin without having to use ClamAV? or maybe another solution that filters spam but doesn't take up a lot of memory?

 

i think you should add more memory on your server ..and re-enable all
At the end.. how exactly did you disabled them ?

bye..

bajodel

 

I'm on a virtual host, so adding memory is a monthly cost, not a one-time cost. As I said before, Debian doesn't seem to keep up with the virus signature updates very well anyways. For the past year that I've been running my server, first on Ubuntu, now on Debian, most of the time I get the warning in ISPConfig's server monitor that the virus defs are out of date. Our client-side anti-virus gives us more protection, so why use 1/5 of the memory on my server for an anti-virus?

That being said, I used the exact procedure that I described in the first post.

 

if you really want to disable virus-cheks from amavis, in Debian edit file:
/etc/amavis/conf.d/50-user

and comment out this part (two lines):

Code:

@bypass_virus_checks_maps = (
   \%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re);

then restart amavis.
now clamav is not used anymore, and you can remove it like in first post.

if you let Ispconfig3-update to reconfigure services, remember to check if it reverts this.

 

My apologies. I realize now the mistake I made. I am to understand that amavis is the content filter that passes email through the virus check and spam check before the email is delivered. ClamAV is the antivirus that does the actual virus checking. I followed the directions in the last post, then removed clamav. It freed up a lot of memory. Thanks for your help.

 

No problem.
Now you got Amavisd's mechanism right. Although ClamAV is most common virus-scanner in Linux environment, with Amavisd is possible to use also scanners from eg: AVG, F-prot, Kaspersky, Symantec, F-Secure, CA, Nod32, Panda and many others. See /etc/amavis/conf.d/15-av_scanners for glue.

 

he said "...you are alerted..." i didn't listen...hehhehe

I used your "quick fix"... how can i revert it...

 

Run

Code:

postconf -e 'content_filter = amavis:[127.0.0.1]:10024'

and restart Postfix.

 

It should be noted that after doing this I am not getting any warnings on the ISPConfig monitoring page.

 

Hi, i just did this (comment out antivirus, and stop clamav) and amavis is running again.
But now mail is not passed through spamassasin any more, any idea how i get it back and running again?

 

Any errors in your mail log? Is SpamAssassin enabled in your amavisd.conf?

 

Thanks for replying Falko,

I found what the problem was, and it's just embarrising.
By default spamassassin does not mark the headers of e-mails that goes under a certain limit, but i thought it marked all of them.
So all the time, spamassassin was working just fine

 

Sorry to dig-up a *reeeeally* old post but...

For the 2 years I've been running ISPConfig I have struggled with emails from contact forms on various websites I run not being delivered.

After posting on this forum, I found a fix which was to restart ClamAV like this: /etc/init.d/amavis restart

As it would require restarting from time-to-time, I added this to a crobjob. This has basically been working for the last 12 (?) months until this month I realised I wasn't getting email again. So I restarted it manually and got the following:

Stopping amavisd: (not running).
Starting amavisd: Missing process ID in file /var/run/amavis/amavisd.pid at /usr/sbin/amavisd-new line 13931.
(failed).

Please can someone help? It's really a matter of importance for me as I run my business from this website and it's difficult to know when I stopped receiving enquiries!

My question is this. Is it possible / dangerous to remove ClamAV altogether? I don't even use this server to receive email, only to send through its SMTP service.

If so, can someone point me towards the best procedure for this, and also let me know of any possible pitfalls?

Yours desperately!

Mat

 

Thanks Till for the link.

As prev. mentioned I only use the server as a web server, and some websites use SMTP to send mail. I don't receive email, open email, or read email on the server.

The article doesn't say (maybe it's too obvious to even mention?!) but will this cause any problems with the security of the server in general?

I don't want to leave the web server open to vulnerabilities where possible!

Thanks,

Mat