[CaLViN]

This document is a straightforward step-by-step instruction on how to install DrWEB antivirus on Linux server running CPanel.

I. Doing backups

Following files are need to be saved:


/etc/exim.conf

/etc/antivirus.exim or
system_filter.exim>


II. Installing DrWEB

First, download DrWEB antivirus RPM package from here



Get
Install it using rpm -Uvh command. For example, for glibc 2.3 use


# rpm -Uvh ftp://ftp.drweb.ru/pub/unix/drweb-4....c.2.3.i586.rpm

Start drweb daemon using command


# /opt/drweb/drwebd start

Now lets take care about automatic antivirus databases updates.
Add the following cron job:


00 12 * * * /opt/drweb/update/update.pl


III. Installing and configuring DrWEB-Exim

Download drweb-exim from Get

Untar tgz archive.
For example,


tar xzvf drweb-exim-4.29.12-F-linux.tar.gz

Now we need to copy drweb-exim files to proper directories.

# cp -r drweb-exim/etc/drweb/* /etc/drweb/
# cp -r drweb-exim/opt/drweb/doc/* /opt/drweb/doc/
# cp -r drweb-exim/opt/drweb/drweb-* /opt/drweb/


Edit /etc/drweb/drweb_exim.conf
Change

AdminMail = postmaster>
to

AdminMail = you@yourdomain.com>

Lets test how it works so far:



# /opt/drweb/drweb-exim --check_only --check_user=drweb

All tests should be "passed".


IV. Configuring Exim

We need to make changes in two files to make drweb and exim work together.
First, edit /etc/exim.conf
Black are lines which we will need to add.


###### begin exim.conf ########


[skipped]>

###########################
# Runtime configuration file for Exim #
###########################
trusted_users = drweb
trusted_groups = drweb


[skipped]


#!!# message_filter renamed system_filter
system_filter = /etc/antivirus.exim
message_body_visible = 5000

>system_filter_pipe_transport = filter_pipe
system_filter_reply_transport = address_reply
[skipped]

###########################
# TRANSPORTS CONFIGURATION #
########################### ORDER DOES NOT MATTER #
# Only one appropriate transport is called for each delivery. #
############################ A transport is used only when referenced from a director or a router that
# successfully handles an address.

# This transport is used for delivering messages over SMTP connections.
begin transports

filter_pipe:
driver = pipe
user = drweb
group = mail
return_fail_output

>
###### end exim.conf ########>

CPanel comes with /etc/antivirus.exim filter file.
In clean Exim install it is called system_filter.exim

Add the following at the end of the file:



###### begin antivirus.exim #######>>
# to prevent from mail loop, skip already scanned message
if $received_protocol is "drweb-scanned"
then
finish
endif



>pipe "/opt/drweb/drweb-exim -f $sender_address -- $recipients"

>>finish



###### end antivirus.exim ########>>
V. Restart Exim and test virus checking

Thats it with configuration.
Now restart exim:

# /etc/rc.d/init.d/exim restart

and test your email delivery.

If email is not going through, inspect /var/logs/exim_mainlog and /var/logs/exim_paniclog

Now take one of those ugly MyDoom worms, attach it to your email message and send it to yourself.


Thanks to S. Leggett