All Web Hosts need a mechanism to defend malware and virus attacks on their servers.

One of the popular choices is ClamAV. It is a free antivirus tool that helps to scan emails on DirectAdmin servers.

But, the downside is that, it works mainly via command line. So, the installation and maintenance may appear complicated to any average user.

At Bobcares, we help server owners to easily install and maintain ClamAV on their servers as part of our Support Services.

Today let us discuss on how we install and set up ClamAV on DirectAdmin server.

Steps to install ClamAV on DirectAdmin

ClamAV works as an efficient server-side email scanner.

The installation of ClamAV on DirectAdmin is pretty easy with server access as “root” user. Let us see the exact steps involved in it.

1. System update

Before proceeding with ClamAV or any software installation, our Support Engineers perform a system update. This ensures that the server has all the latest packages available.

And the exact command for the system update varies according to the type of the server. For example, on a CentOS server, it would be

yum update

Similarly, for system updates on an Ubuntu server, the command is

apt-get update

2. Installing ClamAV

Fortunately, DirectAdmin server comes with a tool called “Custombuild”. This tool can easily install/update packages in the server.

To do the install, first we need to switch to this directory with the command:

cd /usr/local/directadmin/custombuild

We can then build ClamAV using the commands given here.

./build update
./build set clamav yes
./build clamav

3. Build ClamAV database

ClamAV maintains a list of known virus infections in a database. We need to build this database with the command

freshclam -v

4. Start ClamAV

Now, we can start ClamAV using the command:

/etc/init.d/clamd start

That completes the ClamAV installation.

5. Integrate with Mailserver

The next step is to integrate ClamAV with our mail server. We will now see the steps that our Support Engineers do on Exim mail server.

In the exim configuration file located at /etc/exim.conf, we make multiple changes.

Initially, we set the av_scanner, which decides the scanner that Exim will use. To set clamd as the scanner, add the following line before “primary_hostname” line in the exim.conf.

av_scanner = clamd:127.0.0.1 3310

Now, we set the message shown by ClamAV on detection of a virus mail. For this, after the “check_message” line in exim.conf, add the following snippet.

deny message = This message contains malformed MIME ($demime_reason)
demime = *
condition = ${if >{$demime_errorlevel}{2}{1}{0}}
deny message = This message contains a virus or other harmful content ($malware_name)
demime = *
malware = */defer_ok
deny message = This message contains an attachment of a type which we do not accept (.$found_extension)
demime = bat:com:pif:prf:scr:vbs
warn message = X-Antivirus-Scanner: Clean mail though you should still use an Antivirus

We can now save the changes and restart Exim. Now our ClamAV installation is integrated with mail server.

Another additional benefit of ClamAV is that, it helps to scan specific directories on the server. So our Support Engineers periodically scan the entire server as a proactive step for virus detection.

Conclusion

ClamAV is a great way to fight against virus and trojan attacks on a DirectAdmin server.  Today, we’ve seen how our Support Engineers install and integrate ClamAV with mail servers for effective mail scanning.