Mailgraph on antivirus / antispam mail relay

The last couple of days I have tinkered with a new antivirus / antispam server at work. Its foundation is a Debian Sarge running Postfix, Spamassassin, ClamAV through Amavis-ng (Amavis is installed from current unstable) and of top if it all mailgraph.

All packages was taken from the stable Debian release - Sarge, except of amavis-ng which does not exist in Sarge. This package was instead downloaded from unstable… fortunately it had no dependencies from unstable what so ever.

The documentation on the Spamassassin homepage is great which is just the opposite for amavis-ng which seems non-exsisting. The configuration file shipped with Debian makes up for the lack of documentation. It seems that amavis-ng should be a (more modular) reimplementation of amavisd-new. Even though people on the mailinglists recommend amavisd-new :-D

I have a serious problem keeping my hands off the bleeding edge stuff so I couldn’t resist installing amavis-ng. I have tried using it before, but at that time I couldn’t make it fork (it became a serious bottleneck). I’m not saying that it didn’t work, it might as well hav been me. Though I cannot seem to find the difference from my previous installation and my new one. Anyway it seems to fork correctly in this new installation and to test the virus filter I recommend this web site

The reason why I write this entry is because I made some changes to mailgrap to make it work the way I wanted. Read on to see what (small) changes I made.

  • First I changed the startup script to be able to use 2 log files (one for emails and one for virus). Code for /etc/init.d/mailgraph:

    #!/bin/sh
    
    MAILGRAPH_CONFIG="/etc/default/mailgraph"
    NAME="mailgraph"
    DAEMON="/usr/sbin/mailgraph.pl"
    PID_FILE="/var/run/mailgraph.pid"
    PID_VIRUS_FILE="/var/run/mailgraph_virus.pid"
    RRD_DIR="/var/lib/mailgraph"
    IGNORE_OPTION=""
    
    if [ -f $MAILGRAPH_CONFIG ]; then
      . $MAILGRAPH_CONFIG
    else
      exit 0
    fi
    
    test -x /usr/sbin/mailgraph.pl || exit 0
    
    if [ "$IGNORE_LOCALHOST" = "true" ]; then
      IGNORE_OPTION="--ignore-localhost"
    fi
    
    case "$1" in
      start)
        echo -n "Starting Postfix Mail Statistics: $NAME"
        if [ -f $VIRUS_LOG ]; then
          start-stop-daemon -S -q -b -p $PID_FILE -x $DAEMON -- --only-mail-rrd -l $MAIL_LOG -d --daemon_rrd=$RRD_DIR $IGNORE_OPTION
          start-stop-daemon -S -q -b -p $PID_VIRUS_FILE -x $DAEMON -- --daemon-pid=$PID_VIRUS_FILE --only-virus-rrd -l $VIRUS_LOG -d --daemon_rrd=$RRD_DIR $IGNORE_OPTION
        else
          start-stop-daemon -S -q -b -p $PID_FILE -x $DAEMON -- -l $MAIL_LOG -d --daemon_rrd=$RRD_DIR $IGNORE_OPTION
        fi
        echo "."
        ;;
      stop)
        echo -n "Stopping Postfix Mail Statistics: $NAME"
        if [ -f $PID_FILE ]; then
          kill `cat $PID_FILE`
          rm $PID_FILE
        fi
        if [ -f $PID_VIRUS_FILE ]; then
          kill `cat $PID_VIRUS_FILE`
          rm $PID_VIRUS_FILE
        fi
        echo "."
        ;;
      restart)
        $0 stop
        $0 start
        ;;
      force-reload)
        $0 restart
        ;;
      *)
        echo "Usage: $0 start|stop|restart|force-reload"
        exit 1
        ;;
    esac
    

    Remember to define the virus log file in /etc/default/mailgraph ;-)

  • Second I modified the mailgraph.pl code because I didn’t recognize the output from Amavis (ClamAV):

    Jul 25 20:04:59 gargoyle amavis[18319]: CLAMD found: Jul 25 20:04:59 gargoyle amavis[18319]: Eicar-Test-Signature Jul 25 20:04:59 gargoyle amavis[18319]: AMAVIS::MTA::SMTP: Dropping message (Message-ID: )

    It might be because I use amavis-ng, I dunno. But I found a line to put into /usr/sbin/mailgraph.pl. Around line 596 within the amavis case put this:

    ...
    elsif($tqext =~ /^\CLAMD found\b/) {
        event($time, 'virus');
    }
    ...
    

A test... yeah i fell for it

This is who I am… I wonder if anyone ended up beeing Darth Vader.

Which Fantasy/SciFi Character Are You?

Samba shares on NFS mounted filesystem - bad idea

Today I implemented a strage server at a customer… the result wasn’t satisfying. I shared the files with NFS to the other servers. Samba shares of NFS mounted filesystems are NOT recommendable! It makes Outlook fuck up if you have your pst files on a samba share and the finacial system C5 can only have one user logged in because NFS make some locks on files (at least I think that is the reason).

Anyways… just wanted to tell you all to test twice (or some more) before you do something like that. I have’t looked further into it, to see if it is possible to optimize on some settings.

Attention you english speaking (and Java coding) people... FriFinans is calling

Yesterday I translated the danish “getting started coding” guide into english. One less excuse for not contributing to FriFinans. It is all pretty straight forward but if you should get stuck you are more than welcome to contact me.

For those how don know what FriFinans is… It’s an open source multiuser accounting system soon to take over the world ;-) We have put alot of thoughts in the design fase until now and I’m really proud of the outcome… Frank has been great. I really think FriFinans has a solid and thought through base for the application.

Right now Frank is working on the foundation af advanced history logging, and through that the ability to roll back changes made to objects (ie. a debtor).

Migration from old 8-bit locales to UTF-8 locales

Several times I have had “great fun” converting filenames from the old 8-bit locales to use the new UTF-8 locales. Everytime, I used some time to find find a tool for it because everytime I forget the name of the tool convmv. The fuckup usually shows itself on the file server (Samba) where the users happily uses æøå for filenames.

Now I’ll blog about so hopefully next time I can remember the name of the tool or atleast just make a search on my blog.

Debian has packages in their repository bu for SLES you need to download the tool manually. I found the tool on download.com