This page has been put together using notes from many sources and my own experience. If you find any problems please let me know so I can include them for the benefit of others.
MailScanner can be configured to run with various virus scanners but for the sake of this page we are using f-prot. Please note that f-prot is free for personal use but if you use it in a commercial environment you must pay a licence fee. Given the value of the f-prot product this is very reasonable. I would urge you to go to the Frisk Software International website and pay the fee.
I thoroughly endorse the MailScanner product and can't praise the authors enough. Since using MailScanner the incidence of virus and spam in our network has plummeted. Please visit www.mailscanner.info to find out more about it and show support by visiting the MailScanner on-line store
I would also encourage you to show your appreciation of MailScanner by making a contribution to the author by visiting here
I am going to install in the following order;
If you run into problems installing MailScanner, please ask for help on the Cobalt Users List or the MailScanner mailing list. Please ensure you include your
A good reference start point is Sun Cobalt Online Support page where there are links to
You need to have shell access to your RaQ. If you've installed SSH, use an SSH client like Putty and log in using your username and password.
You need to become root, so
su -
Don't forget the minus sign. You'll be prompted for your password again.
There are some basic commands being used, if you want to know more about them just type "man" and the command name, some thing like
man wget
You may want to check for the latest version of the software
(replace the .tar.gz file below if it changes!!)
Latest Version: http://www.f-prot.com/download/getfplinfree.html
cd /usr/local
wget ftp://ftp.f-prot.com/pub/linux/fp-linux-ws-4.5.4.tar.gz
tar zxvf fp-linux-ws-4.5.4.tar.gz
ln -s /usr/local/f-prot/f-prot.sh /usr/local/bin/f-prot
ln -s /usr/local/f-prot/man_pages/f-prot.1 /usr/man/man1/
ln -s /usr/local/f-prot/man_pages/check-updates.pl.8 /usr/man/man8
chmod +x /usr/local/f-prot/f-prot*
cd /usr/local/f-prot/
Create a working directory for storing stuff
cd /home
mkdir mailscanner
cd mailscanner
You now need the MailScanner file. The one you want is the version for RedHat Linux, currently Version 4.40.11-1 for RedHat Linux (and other RPM-based Linux distributions)
To get the MailScanner file on the RaQ use wgetwget www.sng.ecs.soton.ac.uk/mailscanner/files/4/rpm/MailScanner-4.40.11-1.rpm.tar.gz
This gets the MailScanner file, if you want to check it's there, use
ls -la
You will get a list of the files in the current directory. You should get something like this
[root mailscanner]# ls -la
total 1319
drwxr-xr-x 2 root root 1024 Feb 22 12:13 .
drwxr-xr-x 8 root root 1024 Feb 22 11:50 ..
-rw-r--r-- 1 root root 1341440 Feb 1 16:08 MailScanner-4.40.11-1.rpm.tar.gz
[root mailscanner]#
This distribution is provided as a tar file. You need to unpack the tar file using a command line
This will create a new directory, called something like MailScanner-4.40.11-1. Have a look using "ls -la" Move into the new directory using the "cd" command. If you do an "ls -la" at this point, you will see a file called "install.sh", which you need to run using a command ./install.shtar zxvf MailScanner-4.40.11-1.rpm.tar.gz
ls -la
cd MailScanner-4.40.11-1
./install.sh
This will produce a very large amount of output, as it tries to build and install all the packages that MailScanner uses. Don't worry too much about what it prints out.
If it tells you your copy of the Perl module ExtUtils::MakeMaker is out of date, run this command.
./Update-MakeMaker.sh
If you are having trouble making it install, first check that you only have 1 version of Perl installed. The one that came supplied is in /usr/bin/perl, but you may also have /usr/local/bin/perl. If you have both, you are advised to get rid of any traces of perl under /usr/local.
rm /usr/local/bin/*perl* rm /usr/local/bin/pod* rm -r /usr/local/lib/perl5 rm /usr/local/man/man1/perl*
If you get errors about "TokeParser" or the installation of the perl module HTML::Parser fails, then you will need to create 4 dummy files to keep Perl happy. You should do this:
Then run the install.sh script again and HTML-Parser should install properlycd /usr/lib/perl5/5.00503/i386-linux/CORE touch opnames.h touch perlapi.h touch utf8.h touch warnings.h
If you get this
Can't locate object method "rel2abs" via package "File::Spec" at Makefile.PL
line 55.
BEGIN failed--compilation aborted at Makefile.PL line 57.
make: *** No targets specified and no makefile found. Stop.
make: *** No rule to make target `install'. Stop.
Then do this
wget http://search.cpan.org/CPAN/authors/id/R/RB/RBS/File-Spec-0.82.tar.gz
tar zxvf File-Spec-0.82.tar.gz
cd File-Spec-0.82
perl Makefile.PL
make
make test
make install
cd ..
Now we run ./Update-MakeMaker.sh again and then ./install.sh
./Update-MakeMaker.sh
./install.sh
As I said above, this will produce a very large amount of output, as it tries to build and install all the packages that MailScanner uses. Don't worry too much about what it prints out. The last thing it will do is install the tnef package, followed by MailScanner itself. It will then print a few instructions for you showing the commands needed to start MailScanner running.
Ignore these instructions totally and follow on below!
We have to change a couple of things first
pico -w /etc/mail/sendmail.cf
Search for "QueueDirectory" and change the line to
O QueueDirectory=/var/spool/mqueue
Move any remaining queue files into the updated queue directory
Delete the old queue subdirectoriescd /var/spool
mv /var/spool/mqueue/q*/* /var/spool/mqueue
mv /var/spool/mqueue.in/ /home/spool/
ln -s ../../home/spool/mqueue.in /var/spool/mqueue.in
rmdir /var/spool/mqueue/q*
Now we want to edit the MailScanner Configuration file, also have a look at Configuration file options
pico /etc/MailScanner/MailScanner.conf
Search through for these and replace (some of these may have been changed already!!)
Virus Scanners = none
to
Virus Scanners = f-protSearch for "Outgoing Queue Dir" and change the line to
Outgoing Queue Dir = /var/spool/mqueue
OK, nearly there. Now we want to stop sendmail and start MailScanner and make sure it stays that way in the event of a reboot.
/etc/rc.d/init.d/MailScanner stop
I usually have to give that command about 3 times to make sure it has properly stopped, to check that it has stopped, use
ps auxw | grep -i mail
It should give an output like
root 23633 0.0 0.3 1360 496 pts/1 S 00:13 0:00 grep -i mail
You may even have to give that command twice. Once you are sure it has stopped, issue the following commands
chkconfig sendmail off
chkconfig --level 2345 MailScanner on
Lets start it all up
/etc/rc.d/init.d/MailScanner start
To check that it's OK, use the same command as above that you used to check it had stopped
ps auxw | grep -i mail
It should produce an output like this:
root 23790 0.0 0.9 2492 1176 ? S 00:16 0:00 sendmail: accepting connections
root 23793 0.0 0.9 2492 1180 ? S 00:16 0:00 /usr/sbin/sendmail -q15m
root 23802 0.0 6.4 9472 8236 ? S 00:16 0:00 perl -I/usr/lib/MailScanner /usr/sbin/MailScanner /etc/MailScanner/Ma
root 23803 0.2 6.9 10120 8876 ? S 00:16 0:00 perl -I/usr/lib/MailScanner /usr/sbin/MailScanner /etc/MailScanner/Ma
root 23809 0.2 6.9 10120 8876 ? S 00:16 0:00 perl -I/usr/lib/MailScanner /usr/sbin/MailScanner /etc/MailScanner/Ma
root 23833 0.2 6.9 10120 8876 ? S 00:17 0:00 perl -I/usr/lib/MailScanner /usr/sbin/MailScanner /etc/MailScanner/Ma
root 23843 0.2 6.9 10120 8876 ? S 00:17 0:00 perl -I/usr/lib/MailScanner /usr/sbin/MailScanner /etc/MailScanner/Ma
root 23848 0.3 6.9 10120 8876 ? S 00:17 0:00 perl -I/usr/lib/MailScanner /usr/sbin/MailScanner /etc/MailScanner/Ma
root 23933 0.0 0.4 1364 512 pts/1 S 00:19 0:00 grep -i mail
Please note that you might not have as many MailScanner processes as shown in the sample output, as it may still be forking off its child processes at that point (there's a 10 second delay between starting each one).
If you want, you can look at the maillog to see it actually running
tail -f -n100 /var/log/maillog
You should see an output similar to this where you can also see that the f-prot autoupdate script is working which runs every hour.
Feb 23 00:01:00 raq4i3 update.virus.scanners: Found f-prot installed
Feb 23 00:01:00 raq4i3 update.virus.scanners: Updating f-prot
Feb 23 00:01:01 raq4i3 F-Prot autoupdate[23036]: F-Prot successfully updated.
Feb 23 00:13:12 raq4i3 MailScanner[21677]: MailScanner child caught a SIGHUP
Feb 23 00:13:12 raq4i3 MailScanner[21713]: MailScanner child caught a SIGHUP
Feb 23 00:13:12 raq4i3 MailScanner[21684]: MailScanner child caught a SIGHUP
Feb 23 00:13:12 raq4i3 MailScanner[21718]: MailScanner child caught a SIGHUP
Feb 23 00:13:12 raq4i3 MailScanner[21689]: MailScanner child caught a SIGHUP
Feb 23 00:16:38 raq4i3 sendmail[23786]: alias database /etc/mail/aliases rebuilt by admin
Feb 23 00:16:38 raq4i3 sendmail[23786]: /etc/mail/aliases: 17 aliases, longest 10 bytes, 189 bytes total
Feb 23 00:16:38 raq4i3 sendmail[23786]: alias database /etc/mail/aliases.majordomo rebuilt by admin
Feb 23 00:16:38 raq4i3 sendmail[23786]: /etc/mail/aliases.majordomo: 12 aliases, longest 69 bytes, 519 bytes total
Feb 23 00:16:38 raq4i3 sendmail[23790]: starting daemon (8.10.2): SMTP
Feb 23 00:16:38 raq4i3 sendmail[23793]: starting daemon (8.10.2): queueing@00:15:00
Feb 23 00:16:41 raq4i3 MailScanner[23803]: MailScanner
Feb 23 00:16:41 raq4i3 MailScanner[23803]: MailScanner E-Mail Virus Scanner version 4.40.11-1 starting...
Feb 23 00:16:41 raq4i3 MailScanner[23803]: Using locktype = flock
Feb 23 00:16:51 raq4i3 MailScanner[23809]: MailScanner
Feb 23 00:16:51 raq4i3 MailScanner[23809]: MailScanner E-Mail Virus Scanner version 4.40.11-1 starting...
Feb 23 00:16:51 raq4i3 MailScanner[23809]: Using locktype = flock
Feb 23 00:17:01 raq4i3 MailScanner[23833]: MailScanner
Feb 23 00:17:01 raq4i3 MailScanner[23833]: MailScanner E-Mail Virus Scanner version 4.40.11-1 starting...
Feb 23 00:17:01 raq4i3 MailScanner[23833]: Using locktype = flock
Feb 23 00:17:11 raq4i3 MailScanner[23843]: MailScanner
Feb 23 00:17:11 raq4i3 MailScanner[23843]: MailScanner E-Mail Virus Scanner version 4.40.11-1 starting...
Feb 23 00:17:11 raq4i3 MailScanner[23843]: Using locktype = flock
Feb 23 00:17:21 raq4i3 MailScanner[23848]: MailScanner
Feb 23 00:17:21 raq4i3 MailScanner[23848]: MailScanner E-Mail Virus Scanner version 4.40.11-1 starting...
Feb 23 00:17:21 raq4i3 MailScanner[23848]: Using locktype = flock
There's a "clean.quarantine" script included as a daily cron job. It is disabled by default. Edit it to see how to enable it. If you edit it, it will not be over-written by later upgrades to MailScanner.
pico -w /etc/cron.daily/clean.quarantine
To find out if your mails are being checked
Each email that is checked will have the following inserted into the Email Header (assuming you do not disable this feature )
X-MailScanner: Found to be clean
or
X-MailScanner: Found to be infected
or
X-MailScanner: Disinfected
/etc/rc.d/init.d/MailScanner stop
This should work reliably now, but will take a few seconds to return. You should then find there are no MailScanner processes running.
ps -auxw | grep -i mail
Once you're happy it has stopped, just restart it with
/etc/rc.d/init.d/MailScanner start
First we need to make a little change so that when you tick the check box for Email Server in the control panel it's the MailScanner that starts and not the sendmail script.
cd /etc/rc.d/init.d
mv sendmail sendmail.old
chmod a-x sendmail.old
ln -s MailScanner sendmail
Now you can turn the MailScanner on and off using the RaQ control panel. This also fixes the problem caused when a new user or site is added to the RaQ.
Many thanks to Julian Field the author of MailScanner for this bit, he sent me his notes when he installed this on one of my other RaQs
Download Mail-SpamAssassin-2.63.tar.gz from www.spamassassin.org into somewhere sensible such as /root or /tmp. I put it in the mailscanner directory I created earlier under /home
If the site is down, search Google for the file and you'll find a copy.
cd /home/mailscanner
wget www.spamassassin.org/released/Mail-SpamAssassin-2.63.tar.gz
perl -MCPAN -e shell
Whenever it asks about manual configuration, say no
cpan> o conf prerequisites_policy ask
cpan> install Time::HiRes
cpan> quit
tar xzf Mail-SpamAssassin-2.63.tar.gz
cd Mail-SpamAssassin-2.63
perl Makefile.PL
make
You may now get some errors about pod2text. If you do, then do this command
ln -s /usr/bin/pod2man /usr/bin/pod2text
make
make test
This will fail horribly due to lack of Pod/Usage.pm, so now do this (remember whenever it asks about manual configuration, say no)
perl -MCPAN -e shell
cpan> o conf prerequisites_policy ask
cpan> install Pod::Usage
cpan> quit
Now to try the tests again
make test
make install
You now have installed SpamAssassin. The next step is to configure it and MailScanner.
pico -w /etc/MailScanner/MailScanner.conf
Change the setting for "Required SpamAssassin Score" to more than 5
as that
generates quite a few false alarms. Julian's recommended value is 9.
I personally recommend 5 :-)
It's advised to set "Log Spam = yes" to start with.
You will of course need "Use SpamAssassin = yes".
If you don't have a very fast link, increase "SpamAssassin Timeout" to
nearer 20.
Then just stop and start MailScanner using the above commands - To stop/start MailScanner