Clamd, Exim & cPanel

Customer support forums for Atomic Protector (formerly Atomic Secured Linux). There is no such thing as a bad question here as long as it pertains to using Atomic Protector. Newbies feel free to get help getting started or asking questions that may be obvious. Regular users are asked to be gentle. :-)
Post Reply
iv@rh
Forum User
Forum User
Posts: 29
Joined: Wed Jul 04, 2012 9:03 pm
Location: Melbourne

Clamd, Exim & cPanel

Unread post by iv@rh »

Clamav add-on in cPanel has nice integration with Exim mail server, where clamd is used to scan all incoming and outgoing emails for viruses and malware at the time of arrival/sending.

Since ASL installs it's own version of Clamd, it clashes with cPanel's clamav and a user has to decide which one to disable.

It would be nice to integrate ASL's clamd with Exim on cPanel servers, so that emails is scanned at the time of delivery and not during the daily scan.

Are there any plans of such integration or a post showing how to do this ourselves?
Top
scott
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 8355
Joined: Wed Dec 31, 1969 8:00 pm
Location: earth
Contact:
Contact scott

Re: Clamd, Exim & cPanel

Unread post by scott »

Im not familiar with the cpanel implementation there, but if I had to guess its just looking for the socket in some different location. A big reason to use the ASL version of clam other than its generally newer, is ours supports real-time filesystem checking & enforcement, and we have our own additional signature database.

So basically we'd just need to know what other socket path cpanel expects, and either change cpanel to use the same location or to double up socket files (which I think clam supports) in both locations.
Top
iv@rh
Forum User
Forum User
Posts: 29
Joined: Wed Jul 04, 2012 9:03 pm
Location: Melbourne

Re: Clamd, Exim & cPanel

Unread post by iv@rh »

I think you refer to ASL with ASL kernel, which is not the case in CloudLInux cPanel. If this is true (ASL kernel is required), then most of ClamAV features you're talking about won't work.

In addition to the socket location, cPanel's clamav implementation modifies Exim configuration to add directives for parsing email through Clamav. You really need to refer to cPanel's API/development guide for this.

What horrifies me is realising that you claim cPanel compatability, but it sounds like it is only theoretical compatability. For example, having ASL kernel was killing Easyapache script and made us to stop using it. It is impossible to update / reconfigure Apache without rebooting vanilla kernel, then running Easyapache and then restarting again to activate the ASL kernel. This makes it 2 reboots to just recompile Apache.
Top
User avatar
hostingg
Forum User
Forum User
Posts: 63
Joined: Mon Mar 18, 2013 6:26 pm
Location: Earth

Re: Clamd, Exim & cPanel

Unread post by hostingg »

For example, having ASL kernel was killing Easyapache script and made us to stop using it. It is impossible to update / reconfigure Apache without rebooting vanilla kernel, then running Easyapache and then restarting again to activate the ASL kernel. This makes it 2 reboots to just recompile Apache.
are you sure you dont have some other problem? asl works fine with all our cpanel systems and we only use the atomic kernel. we never have to reboot easyapache works great for us.
If everything was easy, then the world wouldn't need engineers.
Top
bakkus
New Forum User
New Forum User
Posts: 2
Joined: Fri Aug 15, 2014 11:36 am
Location: Mexico

Re: Clamd, Exim & cPanel

Unread post by bakkus »

iv@rh wrote:I think you refer to ASL with ASL kernel, which is not the case in CloudLInux cPanel. If this is true (ASL kernel is required), then most of ClamAV features you're talking about won't work.

In addition to the socket location, cPanel's clamav implementation modifies Exim configuration to add directives for parsing email through Clamav. You really need to refer to cPanel's API/development guide for this.

What horrifies me is realising that you claim cPanel compatability, but it sounds like it is only theoretical compatability. For example, having ASL kernel was killing Easyapache script and made us to stop using it. It is impossible to update / reconfigure Apache without rebooting vanilla kernel, then running Easyapache and then restarting again to activate the ASL kernel. This makes it 2 reboots to just recompile Apache.
I've had the exact same problem many times, but it helped to submit a bug to Atomicorp. It has been working for a couple of versions now.
I'm experiencing the same problem with clamd now, I'm afraid.
Top
scott
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 8355
Joined: Wed Dec 31, 1969 8:00 pm
Location: earth
Contact:
Contact scott

Re: Clamd, Exim & cPanel

Unread post by scott »

This is the raw data part for the do-it-yourselfers out there. Adding the following to /etc/clamd.conf will allow exim+clamav to access the correct socket:

LocalSocket /var/clamd

We'll build the automation into ASL to get this in there for you automatically soon.
Top
copernic2006
Forum User
Forum User
Posts: 86
Joined: Wed Oct 03, 2012 2:51 pm
Location: Algiers

Re: Clamd, Exim & cPanel

Unread post by copernic2006 »

scott wrote:This is the raw data part for the do-it-yourselfers out there. Adding the following to /etc/clamd.conf will allow exim+clamav to access the correct socket:

LocalSocket /var/clamd
In the file clamd.conf , there's already:

Code: Select all

LocalSocket /tmp/clamd.socket
Is what we should replace it with?
LocalSocket /var/clamd
Thank you for helping me to understand
Top
Post Reply

Return to “Atomic Protector (formerly ASL)”