ClamAV is anti-virus software. Set up clamav-milter to check the virus whenever a mail goes through Postfix.
# apt install clamav-milter
After installation, clamav-daemon automatically starts and fails.
# systemctl status clamav-daemon ● clamav-daemon.service - Clam AntiVirus userspace daemon Loaded: loaded (/lib/systemd/system/clamav-daemon.service; enabled; vendor preset: enabled) Drop-In: /etc/systemd/system/clamav-daemon.service.d └─extend.conf Active: inactive (dead) Condition: start condition failed at Thu 2021-09-19 16:11:15 JST; 1min 27s ago
ClamAV needs the virus database, but it doesn't exist before clamav-freshclam completes the initial download.
So change the configuration for clamav-daemon while clamav-freshclam is downloading the latest database.
The clamav-milter socket location has to be changed from the default to Postfix chroot. Change the MilterSocket in /etc/clamav/clamav-milter.conf.
ClamAV scan sometimes does false positive for the Phishing URL detection. In my case, some emails from Amex and Hilton were caught by this filter.
To turn it off, tweak /etc/clamav/clamd.conf.
PhishingSignatures true PhishingScanURLs false # Change this from true to false PhishingAlwaysBlockSSLMismatch false PhishingAlwaysBlockCloak false
After the virus database is ready and config files are updated, start clamav-daemon and restart clamav-milter.
(You can check the log: /var/log/clamav/freshclam.log to see the status of database download.)
# systemctl start clamav-daemon ---(Wait for a while till clamav-daemon is fully up)--- # systemctl restart clamav-milter
Add clamav-milter to the milter configuration line in /etc/postfix/main.cf.
smtpd_milters = unix:/milter-greylist/milter-greylist.sock unix:/clamav/clamav-milter.ctl
Reload Postfix to apply a new milter.
# systemctl reload postfix
Send a clean mail to the account, and check the mail header to find the lines added by ClamAV.
X-Virus-Scanned: clamav-milter 0.103.3 at host X-Virus-Status: Clean
If you want to test the infected mail case, you can use the EICAR test virus for this purpose.