Installing Qmailscanner 2.0 without qms-analog

Qmail-Scanner is an e-mail content scanner that enables a qmail server to scan all messages it receives for certain characteristics (normally viruses), and react accordingly. For more information see http://qmail-scanner.sourceforge.net/

When installing qmail-scanner it will install all dependancies for you. So lets go ahead and install it!


# cd /downloads/qmailrocks
# tar zxvf q-s-2.05st-20080728.tgz

Now we need to change to the qmail-scanner source and then run the configure scripts:


# cd qmail-scanner-2.05st

Installing qmail-scanner

We now need to copy the qms-config from /downloads/qmailrocks


# cp /downloads/qmailrocks/qms-config qms-config

Now we need to change the qms-config to match your settings. Please remember the sections in bold need to be changed to your domain specific settings:


# vi qms-config

./configure    --domain yourdomain.com \
               --admin postmaster \
               --local-domains "yourdomain.com,yourotherdomain.com" \
               --add-dscr-hdrs yes \
               --dscr-hdrs-text "X-Antivirus-MYDOMAIN" \
               --ignore-eol-check yes \
               --sa-quarantine 0 \
               --sa-delete 0 \
               --sa-reject no \
               --sa-subject ":SPAM:" \
               --sa-alt yes \
               --sa-debug no \
               --notify admin \
               --redundant yes \
               --qms-monitor no \
               "$INSTALL"


One of the options is having the headers of your emails display which rules determined the scores. You can do this as an option if you like. If you get a message thats marked spam and it's actually a ham, you can see what rules set it to be spam. This is quite useful when determining problems. Add the following options after the --notify admin but before the "$INSTALL" line in the qms-config script above:

 --sa-alt yes \
--sa-debug yes \
--sa-report yes\

Now we need to chmod the qms-config and give it a test run:


# chmod 755 qms-config
# ./qms-config

When it asks you:


Continue? ([Y]/N)

go ahead and hit Y. It will ask you the same thing twice to verfy the installation.

If all goes well you will see this at the end:


Finished. Please read README(.html) and then go over the script to check paths/etc, and then install as you see fit.

Remember to copy quarantine-attachments.txt to /usr/local/qscan and then run "qmail-scanner-queue.pl -g" to generate DB version.
****** FINAL TEST ******

Please log into an unpriviledged account and run
/usr/local/bin/qmail-scanner-queue.pl -g


Please note: If you see an error saying "CANNOT EVEN RUN A SIMPLE SETUID SCRIPT" that means you did not enable Perl with Setuid when you updated FreeBSD to -STABLE. You need to make sure that ENABLE_SUIDPERL=true is in make.conf and then reinstall perl 5.8. Bad news: You will have to make deinstall SpamAssassin, Clamav and qmail-scanner and start those steps all over again. 

Now lets install it providing the above worked flawlessly:


# ./qms-config install

It should run through almost the exact same thing that qms-config ran through the time you ran it without the install flag only it will ask you if you want to install qmail-scanner-queue.pl in /var/qmail/bin. Go ahead and hit enter on the keyboard when it asks.

Updating the qmail-scanner version files

The first one is the command that updates your version files. It updates your headers when you upgrade ClamAV or SpamAssassin. It also helps keep the /var/spool/qscan folder clear when SMTP sessions are dropped. I would HIGHLY suggest putting this in cron and running it once a day. If you don't, you'll see this error pop up frequestly in /var/log/maillog if you don't:


# setuidgid qscand /var/qmail/bin/qmail-scanner-queue.pl -z

Anytime you update qmail-scanner, you should run this command also so lets run this now:


# setuidgid qscand /var/qmail/bin/qmail-scanner-queue.pl -g
# setuidgid qscand /var/qmail/bin/qmail-scanner-queue.pl -p

You will get the following output:


perlscanner: generate new DB file from /var/spool/qcan/quarantine-attachments.txt
perlscanner: total of 35 entries.


Now one final ownership check: 


# chown -R qscand:qscand /var/spool/qscan

Testing qmail-scanner

Now before we tell qmail to use qmail-scanner, we want to give it a test. Run the following command:


# /downloads/qmailrocks/qmail-scanner-2.05st/contrib/test_installation.sh -doit

When you run this, it is going to send 4 messages. 2 with viruses, 1 standard message and a piece of junk mail. So when this runs you should have 1 in /var/spool/qscan/quarantine/viruses/new , 1 message in /var/spool/qscan/quarantine/policy/new, 1 message in ~vpopmail/domains/domain.xxx/postmaster/Maildir/new and 1 in your ~vpopmail/domains/domain.xxx/postmaster/Maildir/.Spam/new folder.

If you get any errors like "451 qq temporary problem", you did something wrong. Here is a URL for Troubleshooting the 451 qq temporary problem

We basically don't need to do anything to qmail-smtpd/run to implement it. The qmail-scanner variable is automatically in the qmail-smtpd/run script as an if ... then statement. If you check your headers, you should now have qmail-scanner working on your system! Just to be safe, lets restart qmail:


# qmailctl restart 

You can now continue on to Installing Courier-Imap or if you do not want imap and the other web enabled services, you can skip them and go right to Maintaining your qmailrocks server