AmaVis & Sendmail Relay HowTo for Linux sendmail

Thue Feb 20 19:08:09 CET 2001

Table of Contents

Helper Applications

AmaVis needs a number of tools to unpack attachments of different kinds.
Build and install them (downloads are listed on
download build and install (to /usr/bin)
- freeze ./configure; make; cp freeze /usr/bin
- lha cp lha /usr/bin
- maildrop ./configure; make; cp rfc2045/reformime /usr/bin (only reformime needed)
- tnef ./configure; make; cp src/tnef /usr/bin
- unrar make; cp unrar /usr/bin
- xbinunix gcc -o xbin xbinunix.c; cp xbin /usr/bin
- unarj make; cp unarj /usr/bin

(arc, zoo, gunzip, unzip, compress, uudecode should be installed by default on Linux).

Download and install the Virus Scanners

You can find a list of Linux-Virusscanners on the AmaVis homepage. Download English(!) versions and install them by following the default instructions provided by the authors. It usually only involves untarring the package and executing a shell-script which will ask you a few simple questions such as where to install the binaries. Just accept the default settings and you will be fine. We tested:

on SuSE Linux 6.0. with sendmail 8.9.3.

Download and build AmaVis

Get AmaVis from Unpack it using tar -xvzf amavis-x.x.x.tar.gz.

Build and install it with ./configure --enable-relay=yes; make; make install.
Configure should automatically find the tools and scanners you installed before. If you want the recipient of an infected mail to be noticed of the stopped delivery, add --notify-receiver to the configure options.

Configuring Sendmail to use AmaVis

Backup your config!
This is perhaps the trickiest part of the setup as it involves modifying your /etc/ (depending on your distribution this might also be /etc/mail/ Be sure to copy the original version of that file to somewhere safe:

e.g.: cp /etc/ /etc/

If you want AmaVis to scan all mail going through your mail server including mails which are only relayed and not delivered locally, sendmail has to be called twice. On the first pass it is invoked from the network or by a user program and will use the modified to "pipe" the mail through the AmaVis "scanmail" program. On the second pass it is invoked by scanmail and will use your original to deliver the mail as usual.
Therefore you have to make a copy of your 

    /etc/ and name it /etc/

 Do not use a different name, as scanmail needs to call sendmail using this config (or use --with-origconf when configuring AmaVis).

Now we are ready to modify your Much of the work will be done by applying this patch to your /etc/

cd /etc
patch -p0 < amavis.patch

If that patch succeeded, open your /etc/ in your favorite editor. Make sure that you find the following code and modify it to fit if necessary:

Mamavis,            P=/usr/sbin/scanmails, F=lsACDFMS5:/|@qShP, S=0, R=0
                            A=scanmails $h $u $f,

Modify your /etc/ to contain the following code:

Mlocal,                P=/usr/bin/procmail, F=lsSDFMAw5:/|@qPfhn9, S=10/30, R=20/40,
                            A=procmail -Y -a $h -d $u,


O    PrivacyOptions=novrfy,noexpn

Depending on your Distribution you might have to make /usr/bin/procmail setuid root. Type chmod +s /usr/bin/procmail to do that.

Make sure /var/spool/mqueue is writable for user daemon. Check /etc/permissons entry on SuSE dists!!!

Create the AmaVis spool directory by mkdir /var/spool/mqamavis.

Check if /etc/aliases contains a virusalert: root entry. Type newaliases to build new aliases.db. If getting errors try /usr/sbin/sendmail -bi -C /etc/sendmail.orig.conf to generate new aliases and(!) change mod of /etc/newaliases.db to 644.


Test it

Either send a SIGHUP to the sendmail process to make it reread its configuration or restart sendmail entirely by typing /etc/rc.d/init.d/sendmail restart.  Try sending mail to and from the network and local users and watch /var/log/mail and /var/log/scanmails/logfile closely to spot any errors that might have occurred. Mails containing viruses will be stored to directory /var/virusmail.

Make sure SuSE YaST will leave new untouched.

Have fun!

Holger von Amlen, Marcus Schopen, University of Bielefeld, GERMANY