Posts Tagged ‘ClamAV’

Editing SELinux Policies

There are times where SELinux just does not want to play nice. For instance, after installing ClamAV I began running into problems where if I did not turn off SELinux while ClamAV was running, then SMTP traffic would fail. To fix this issue we must first look at the messages file under /var/log. Within this file we will see error messages like:
setroubleshoot: SELinux is preventing cleanup (postfix_cleanup_t) "search" to ./clamav (clamd_var_lib_t).

Which tells you to run the command:
sealert -l a1bc9b39-80a2-4f2e-963f-12daf766a8d4

Usually the report is very good and diagnosing and telling you which booleans to activate, however in this instance we have to create our own module.

First: Download and install selinux-policy-devel
Second: Parse through the raw audit messages. We are looking for two things; message type and comm name.
Third: Run the ausearch command and pipe it to audit2allow
For instance: ausearch -m AVC --comm cleanup | audit2allow -M ClamAV

Once the files have been generated then run: semodule -i ClamAV.pp and see if the problem has been resolved. If not, tail the messages log again to see if there is any additional SEAlerts that you should be aware of.

Postfix and ClamAV with RHEL/CentOS

Postfix Install
To create a functional SMTP server, first you need to install Postfix by running
———————————————————–
yum install postfix
———————————————————–

Check to make sure that your hostname also has your fully qualified domain name.
———————————————————–
echo $HOSTNAME
———————————————————–
If it does not have your domain, then you must add it to the configuration file.
———————————————————–
myhostname = smtp.example.com
———————————————————–

You must also make your SMTP server listen on an interface besides the localhost. Uncomment:
———————————————————–
inter_interfaces = localhost
-----------------------------------------------------------

To:
-----------------------------------------------------------
inet_interfaces = all
-----------------------------------------------------------

Now edit the configuration to allow trusted networks to relay emails. In most situations uncommenting:
-----------------------------------------------------------
mynetworks_style = subnet
-----------------------------------------------------------
should be sufficient, however if you are allowing a larger network or deal with multiple networks then manually add the networks that will be trusted.
-----------------------------------------------------------
mynetworks = 127.0.0.0/8, 192.168.1.0/24
-----------------------------------------------------------

ClamAV
Download and install clamav, clamav-db, clamd, clamav-milter from http://packages.sw.be/clamav/

Edit the init scripts to allow Postfix to read the clamav-milter socket. Add the following lines in the start, stop, and restart case statements.
-----------------------------------------------------------
chmod 0775 /var/clamav/clmilter.socket
chown clamav.postfix /var/clamav/clmilter.socket
-----------------------------------------------------------

If these settings are not set, Postfix will not be able to correctly communicate with the ClamAV milter and will receive a
warning: connect to Milter service unix:/var/clama/clmilter.socket: Permission denied
in the mail log

Now add:
-----------------------------------------------------------
smtpd_milters = unix:/var/clamav/clmilter.socket
non_smtpd_milters = unix:/var/clamav/clmilter.socket
-----------------------------------------------------------
to the bottom of main.cf and restart the Postfix service.

Now add freshclam to the cron to get automatic updates and everything should be all set.

Return top

View Jason Brown's profile on LinkedIn

Get Adobe Flash playerPlugin by wpburn.com wordpress themes