clapf 0.3.28 RC2 review

Download
by rbytes.net on

Clapf project is a clamav based network filter for postfix

License: GPL (GNU General Public License)
File size: 340K
Developer: SJ
0 stars award from rbytes.net

Clapf project is a clamav based network filter for postfix. Now clapf includes an experimental bayesian antispam module.

Requirements:
mandatory: install postfix (2.x)
mandatory: install clamav-0.80+

Installation:

- edit parameters in config.h

- if you don't want to compile the antispam module type "make av_only"; otherwise type "make", it should compile cleanly

- create a dedicated group and user for clapf such as "av"

groupadd av; useradd -g av -d /opt/av -s /bin/false av

- lock the user out:

usermod -L av

- create a directory for clapf:

mkdir -p /opt/av/quarantine
chown -R av:av /opt/av
chmod -R 700 /opt/av

If you plan to put clapf into a chroot jail make sure te create a /tmp directory there.

I recommend you put the spool directory to a separate disk for a better performance.

- start the filter application:

su av -c 'export TMPDIR=/opt/av; /path/to/clapf &'

The util/check_clapf.sh script is planned to run regularly to check whether clapf is running and restart it if necessary.

Note that clapf (I mean the clamav library) usually tries to unpack CVD files in /tmp
I suggest you to change this setting with the TMPDIR environment variable (as shown above)
Be careful that clapf needs enough space under $TMPDIR

If you see messages like

"LibClamAV Error: cli_cvdload(): Can't create temporary directory /tmp/clamav-a0480b63a7872f98"

"LibClamAV Error: Wrote 0 instead of 512 (/tmp/clamav-75668d156e64018e/main.db).
LibClamAV Error: cli_cvdload(): Can't unpack CVD file."

"cl_loaddbdir: CVD extraction failure."

that means clapf has no enough space under $TMPDIR

Notice the following messages in syslog (typically /var/log/maillog):

'clapf < VERSION > starting'
'Loaded 22548 signatures.'
'using /opt/av/tokens.cdb as spamicity file' (if you configured to use the antispam module)

Configure postfix:

1. add the following line to main.cf:

content_filter = smtp:[127.0.0.1]:10025

2. add the following lines to master.cf:

127.0.0.1:10026 inet n - n - 10 smtpd -o content_filter=
-o receive_override_options=no_address_mappings

3. restart postfix

What's New in This Release:
This release improves the spam quarantine and the blackhole feature.

clapf 0.3.28 RC2 search tags