FREE ANTIVIRUS SOLUTION FOR PLESK LINUX SERVERS IN FOUR EASY STEPS

If for any reason you don't want to install the packages yourself, we can do it for you. The complete setup and testing costs just $30, please contact us for more details.

INTRODUCTION

This solution is based on two great pieces of software, qscanq and ClamAV. It's very unintrusive and doesn't change your qmail in any way. A single command installs and uninstalls the antivirus addon from your qmail system. It was tested on several Red Hat 9, Red Hat EL 3 and Red Hat EL 5 servers with Plesk 7, 7.5 and 8.2. We have also received reports of success on Red Hat 7.3, Fedora Core 1, 2, 3, Red Hat EL 4 and also with Plesk 6 and Plesk 5.

The instructions assume you have a clean Plesk install and that you have NOT installed Dr.Web antivirus or any other antivirus addon. If you have installed other antivirus solutions or othervise modified your qmail, make sure your modifications are compatible before proceeding.

On newer RHEL distros, most likely source of troubles is SElinux. Please check your logs. Modifying your SElinux settings accordingly is beyond the scope of this how-to, though.

All paths are written as "/some/path" and all commands as 'some command'. Before you start, change your position to a suitable directory, where you will download the files to. For example: 'mkdir /usr/local/src/antivir' and than 'cd /usr/local/src/antivir'.

FIRST STEP

1. Install P.L.Daniels' ripMIME

1.1 Get it from it's homepage and compile it from source or use 'wget' to fetch the rpm from here and use the command 'rpm -Uvh ripmime-1.4.0.6-1.i386.rpm' to install it.

Notes:

  • if you compile it from the source, make a symlink: 'ln -s /usr/local/bin/ripmime /usr/bin/ripmime', our qscanq will look for it there.
  • Red Hat Enterprise Linux 4 includes ripMIME as a part of the distribution.

SECOND STEP

2. Install D.Bernstein's daemontools (a modified RPM)

2.1 Use 'wget' to fetch the rpm from here and use the command 'rpm -Uvh daemontools-0.76-2.i386.rpm' to install it.

Notes:

  • only the installation paths for daemontools are changed and glibc patch is applied to better fit a Red Hat server. The actual daemontools code is unchanged. Binary files are installed to "/usr/sbin" and services directory is "/etc/services". This rpm also includes the man files for all included programs. Try 'man svc' or 'man supervise'.

THIRD STEP

3. Install L.Budney's qscanq (modified package)

3.1 Use wget to fetch it from here.

3.2 Unpack the contents:
3.2.1 'cd /'
3.2.2 'tar -xzvf /usr/local/src/antivir/qscanq-0.43-psa-0.07.tar.gz'.

3.3 Now you should have the directory "/usr/local/qscanq-0.43". This location is important! If the directory isn't there, find it and copy it to that location. Inside it, you should have two subdirectories, "package" and "src". Make sure all this belongs to root: e.g. 'chown root:root -R /usr/local/qscanq-0.43'.

3.4 Add two system users and groups. Both users should have their passwords disabled and their homedirs should not be created. They should both belong to the same group, gqscanqg. The other group, gqscanq, should not have any users added to it.
3.4.1 to add group gqscanqg, use the command: 'groupadd gqscanqg'
3.4.2 to add group gqscanq, use the command: 'groupadd gqscanq'
3.4.3 to add user gqscanq, group gqscanqg, homedir "/var/qmail/qscanq", shell set to "/bin/true", use the command: 'useradd -d /var/qmail/qscanq -g gqscanqg -n -M -s /bin/true gqscanq'
3.4.4 to add user gqscanlog, group gqscanqg, homedir "/var/qmail/qscanq/log", shell set to "/bin/true", use the command: 'useradd -d /var/qmail/qscanq/log -g gqscanqg -n -M -s /bin/true gqscanlog'

3.5 'cd /usr/local/qscanq-0.43' and run './package/install'. It is important to run this command from the exact location, as stated here.

FOURTH STEP

4. Install ClamAV

4.1 Get the RPMs from the Dag Wieer's repository (get the ones valid for your build, the below instructions are for RHEL 5 x86_64):
4.1.1 'cd /usr/local/src/antivir' (or to the dir you're using), use wget to fetch the RPMs
4.1.2 'rpm -Uvh clamav-0.91.2-1.el5.rf.x86_64.rpm'
4.1.3 'rpm -Uvh clamav-db-0.91.2-1.el5.rf.x86_64.rpm'
4.1.4 'rpm -Uvh clamd-0.91.2-1.el5.rf.x86_64.rpm'

4.2 Edit "/etc/clamd.conf" and make sure the following is set:

  • user must be set to gqscanq
  • MaxThreads value should be increased if you have a busy server (50 is a good value to start with)
  • we recommend against detecting broken executables and encrypted archive files
  • make sure you're NOT using clamuko (or make it skip "/var/qmail").

You should look at this clamd.conf as an example (this is for clamav-0.91.2), or even use it if you wish.

4.3 Make sure you're running freshclam atleast once every couple of hours or even every hour (check the setting in /etc/freshclam.conf). Do not change the user that freshclam runs under!

You can look at this freshclam.conf as an example (this is for clamav-0.91.2), or even use it if you wish.

4.4 Use wget to fetch our clamav_alter.sh script and run it:

4.4.1 'chmod 700 clamav_alter.sh'
4.4.2 to display instructions: './clamav_alter.sh help'
4.4.3 to actually run it: './clamav_alter.sh alter'.

BASIC USAGE

5. How to start using qscanq-psa

5.1 To start using the antivirus software, run the command '/usr/local/qscanq/command/install-wrap'.

Note: your qmail binaries will not be altered in any way. Qmail-queue will be copied elsewhere and replaced so that the mail can be redirected trough ClamAV antivirus daemon before reaching qmail.

6. How to stop using qscanq-psa

6.1 To stop using the antivirus software, run the command '/usr/local/qscanq/command/install-unwrap'.

FREQUENTLY ASKED QUESTIONS

7. How do I test if qscanq-psa is working?

7.1 Run the command '/var/qmail/bin/qmail-inject -a root < /usr/local/qscanq/src/TEST-BAD' and the response should be "qmail-inject: fatal: mail server permanently rejected message (#5.3.0)".

7.2 If the response was something other than "permanently rejected", check the original qscanq FAQ. Also, if you need to get more info about the errors check the logs in "/var/log/clamav" directory.

8. There is a new version of qscanq-psa, how do I upgrade?

8.1 Perform the steps 3.1, 3.2, 3.3, 3.5 and than 5.1 (and 7.1 to test it if you wish)

8.2 You can delete the old "/usr/local/qscanq-x.xx" direcory if you want to. Be careful not to delete the current one, you always must have "/usr/local/qscanq" and one "/usr/local/qscanq-x.xx directory.

9. There is a new version of ClamAV rpm, how do I upgrade?

9.1 just follow all (!) the instructions under Fourth step again. If the instructions still describe the old version, wait until we update the how-to or upgrade on your own. It's usually not that difficult.

10. I want to upgrade/reinstall Plesk. How do I prepare my qscanq-psa?

10.1.1 execute '/usr/local/qscanq/command/install-unwrap'
10.1.2 after you are finished upgrading Plesk or qmail, execute 'cd /usr/local/qscanq' and than execute the command './package/run'
10.1.3 to start using the antivirus software again, run the command '/usr/local/qscanq/command/install-wrap'
10.1.4 if you forgot to unwrap qscanq before you've upgraded Plesk, just execute the commands under 10.1.2 and 10.1.3. There is a good chance everything will work just fine.

11. How do I completely remove the qscanq-psa?

11.1.1 first you should run the command '/usr/local/qscanq/command/install-unwrap', remove the file "/etc/service/qscanq", execute the command 'svc -dx /var/qmail/qscanq /var/qmail/qscanq/log', remove the files "/var/qmail/qscanq", "/usr/local/qscanq" and "/usr/local/qscanq-x.xx"
11.1.2 disable gqscanq's crontab (e.g. 'crontab -r -u gqscanq')
11.1.3 remove the users gqscanq, gqscanlog and groups gqscanq and gqscanqg ('userdel username' and 'groupdel groupname')
11.1.4 uninstall the ripMIME, daemontools and ClamAV RPMs.

CHANGELOG

  • ::2007-09-07:: updated ClamAV to 0.91.2, updated qscanq to qscanq-0.43-psa-0.07
  • ::2006-06-30:: updated clamav_alter.sh to 2.00
  • ::2006-06-01:: updated ripMIME to 1.4.0.6
  • ::2006-03-30:: updated ClamAV to 0.88
  • ::2005-07-21:: updated ClamAV to 0.86, updated ripMIME to 1.4.0.5, updated daemontools to 0.76-2
  • ::2005-03-06:: updated ClamAV to 0.83
  • ::2005-02-04:: updated ClamAV to 0.81, updated ripMIME to 1.4.0.3, updated clamav_alter.sh to 1.55
  • ::2005-01-20:: updated ClamAV to 0.80-2, updated ripMIME to 1.4.0.0
  • ::2004-11-03:: updated ClamAV to 0.80
  • ::2004-08-07:: updated ClamAV to 0.75, updated ripMIME to 1.3.2.0
  • ::2004-07-01:: updated clamav_alter.sh to version 1.51
  • ::2004-06-30:: updated ClamAV to 0.74, updated clamav_alter.sh to version 1.5
  • ::2004-06-07:: updated ClamAV to 0.72, updated clamav_alter.sh to version 1.3
  • ::2004-05-26:: updated ClamAV to 0.71
  • ::2004-05-05:: added a ripmime note for RH 7.3 users
  • ::2004-04-25:: completely altered the ClamAV instructions, ClamAV updated, added a command under 8.2
  • ::2004-04-18:: added nr.13 to the FAQ since it seems to be a popular question
  • ::2004-04-17:: new version of qscanq-psa, altered some instructions
  • ::2004-04-13:: fixed errors under 4.2 and 4.3. If you have different settings, change them.
  • ::2004-04-08:: fixed a minor error under 4.3.1
  • ::2004-04-06:: fixed a minor typo