Page 1 of 3 123 LastLast
Results 1 to 10 of 24

Thread: Thunderbird Virus Scan

  1. #1
    Join Date
    Jun 2007
    Location
    Eltham, Vic, Australia
    Beans
    190

    Thunderbird Virus Scan

    I have searched a lot and this subject seems ignored. I do not want to get into a discussion about the need for virus scanning in Linux. This is for those who actually want scan for viruses, to ensure they do not forward a virus on to a poor Windows user.

    Install Thunderbird, clamassassin, clamav, clam-freshclam.

    Set up your accounts in Thunderbird. Then go Tools Add-ons and get more addons. You will need to setup a Mozilla account and get the add on "clamdrib". Download to you home folder, then in Thunderbird Tools Add-ons install clamdrib-0.2-tb.xpi

    open a terminal window and sudo dpkg-reconfigure clamav-base

    Accept all the defaults except

    socket type change to TCP
    IP address clamd will listen on: change to localhost

    OK, restart your computer and open Thunderbird. Restarting will load clamav with the new settings and update the virus database.

    Tools -> Add-ons -> clamdrib -> Preferences -> Test Settings this will mconfirm everything is working.

    Done.

    This is much simpler than trying to set up a local mail server.

    Any other suggestions or configuration ideas, please post your thoughts


  2. #2
    Join Date
    Aug 2008
    Beans
    3

    Re: Thunderbird Virus Scan

    Thanks it's working well (even if I hope I'll never need such a protection, one reason for going to a non root account under linux by opposite to home Ms's products)
    But I have 2 questions
    -Why is clamassassin nedded ? (it thought camdrib conect directly to clamd, if this one is configured through the real socket ant not only /tmp/clamd.socket). I didn't found any documentation on this add-on
    -Does it scan only when getting mail through thunderbird or when sending too (the goal is to have protection, but not only : don't diffusing viruses to my windows's contact in case of infection does matter too)

    -As an idea, I will try a freshclam (update antivirus) at bootime (useful when using linux as a workstation).

    Thanks for your last post, and if you have the answer, thanks in advance for that too

    Vgg

  3. #3
    Join Date
    Aug 2008
    Beans
    3

    Lightbulb Re: Thunderbird Virus Scan

    Hi
    I try without spamassasin and it seems too work too
    By activating the log in my clamd.conf the scan is made everytime I open/preview a mail in thunderbird
    In my logfile (/var/log/clamd.log : stream(127.0.0.1@1709): OK)

    So the scan starts when you open/preview an incoming mail, not when you get or post one (in the difference whith the MS Window's style of doing that). The realtime protection (for not sending an infected file which as been optained not by a mail) will be with the dazuko system, but maybe it's a lot of works for limited risk)

    For thoses who'll be intersted, I wrote an /etc/init.d/freshclam script for launching freshclam as a daemon at boot. It's an adaptation from the one launching clamd at boot (see installation doc of clamav). This script as been made on a fedora but if doens't work exactly the same on ubuntu (I didnt try actually), it must not be too difficult for adapting it
    I suggest for those who use their Linux as home/workstation to activate a limited log (freshclam & clamd, 2M could be enough)..and sometimes verify everything is working well

    --/etc/init.d/freshclam (then chkconfig --add freshclam for installing in differents rc?.d)

    #! /bin/bash
    #
    # crond Start/Stop the clam antivirus update daemon.
    #
    # chkconfig: 2345 71 40
    # description: clamd is a standard Linux/UNIX program that scans for Virusesi, freshclam the update program.
    # processname: freshclam
    # config: /etc/freshclam.conf
    # pidfile: /var/lock/subsys/freshclam

    # Source function library.
    . /etc/init.d/functions

    RETVAL=0

    # See how we were called.
    #Verify 4 times a day
    prog="freshclam"
    progargs=" --quiet --daemon -c 4"
    progdir="/usr/local/bin"

    # Source configuration
    if [ -f /etc/sysconfig/$prog ] ; then
    . /etc/sysconfig/$prog
    fi

    start() {
    echo -n $"Starting $prog: "
    # Don't allow files larger than 20M to be created, to limit DoS
    # Needs to be large enough to extract the signature files
    ulimit -f 20000
    LANG= daemon $progdir/$prog $progargs
    RETVAL=$?
    echo
    [ $RETVAL -eq 0 ] && touch /var/lock/subsys/freshclam
    return $RETVAL
    }

    stop() {
    echo -n $"Stopping $prog: "
    # Would be better to send QUIT first, then killproc if that fails
    killproc $prog
    RETVAL=$?
    echo
    [ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/freshclam
    return $RETVAL
    }

    rhstatus() {
    status freshclam
    }

    restart() {
    stop
    start
    }

    case "$1" in
    start)
    start
    ;;
    stop)
    stop
    ;;
    restart)
    restart
    ;;
    status)
    rhstatus
    ;;
    *)
    echo $"Usage: $0 {start|stop|status|restart}"
    exit 1
    esac

    exit $?

  4. #4
    Join Date
    Jul 2007
    Location
    Ontario, Canada
    Beans
    178

    Re: Thunderbird Virus Scan

    Found this thread. Have been trying to get clamav to work for some time and have just installed clamdrib from Mozilla. Have modified my /etc/clamav/clamd.conf file as directed in the Mozilla reviews by adding the lines, TCPsocket 3310 and TCPAddr localhost
    My clamd.conf file is listed below:

    #Automatically Generated by clamav-base postinst
    #To reconfigure clamd run #dpkg-reconfigure clamav-base
    #Please read /usr/share/doc/clamav-base/README.Debian.gz for details
    LocalSocket /var/run/clamav/clamd.ctl
    FixStaleSocket true
    User clamav
    AllowSupplementaryGroups true
    ScanMail true
    ScanArchive true
    ArchiveMaxRecursion 5
    ArchiveMaxFiles 1000
    ArchiveMaxFileSize 10M
    ArchiveMaxCompressionRatio 250
    ArchiveLimitMemoryUsage false
    ArchiveBlockEncrypted false
    MaxDirectoryRecursion 15
    FollowDirectorySymlinks false
    FollowFileSymlinks false
    ReadTimeout 180
    MaxThreads 12
    MaxConnectionQueueLength 15
    StreamMaxLength 10M
    LogSyslog false
    LogFacility LOG_LOCAL6
    LogClean false
    LogVerbose false
    PidFile /var/run/clamav/clamd.pid
    DatabaseDirectory /var/lib/clamav
    TemporaryDirectory /tmp
    SelfCheck 3600
    Foreground false
    Debug false
    ScanPE true
    ScanOLE2 true
    ScanHTML true
    DetectBrokenExecutables false
    MailFollowURLs false
    ArchiveBlockMax false
    ExitOnOOM false
    LeaveTemporaryFiles false
    AlgorithmicDetection true
    ScanELF true
    IdleTimeout 30
    MailMaxRecursion 64
    PhishingSignatures true
    PhishingScanURLs true
    PhishingRestrictedScan true
    PhishingAlwaysBlockSSLMismatch false
    PhishingAlwaysBlockCloak false
    DetectPUA false
    LogFile /var/log/clamav/clamav.log
    LogTime true
    LogFileUnlock false
    LogFileMaxSize 0
    TCPsocket 3310
    TCPAddr localhost

    My Thunderbird shows Clamdrib/Clamav enabled in the bottom right corner of the screen, when I run it. However the description panel between the inbox emails pane and the preview pane, which describes the highlighted inbox email lists ClamAV status: CONNECTION PROBLEMS . So I'm not sure if the clamav is actually working. I seem to be able to forward emails to myself and successfully receive them. Any ideas? I'm running Ubuntu Hardy 8.04 and have installed clamav-daemon as instructed in clamdrib info.

  5. #5
    Join Date
    Aug 2008
    Beans
    3

    Re: Thunderbird Virus Scan

    Hi
    Could you verify if the clamd is running (ps -aef | grep clamd)
    If doesn't run, then launch it before (clamd)
    You can test it through scanning the current director : clamdscan
    I made my install manually (go to clamav.com, download the version, configure, make, then modify .conf file and add the start scripts) because my ubuntu is in a migration state (to a vbox instance) so I'm dealing a little bit with fedora and the yum install wasn't exactly what I wanted
    So if you did it throuh packages maybe you have to add a start of clamd at bootime. You will find information in the clamav documentation (I took some samples on http://www.freespamfilter.org/FC4.html but it's more than what we need for our purpose)
    To be short, there're scripts for major distribution in the contrib subdirectoy (if you install manually) you've just to copy it

    Good Luck

    Vgg

  6. #6
    Join Date
    Jul 2007
    Location
    Ontario, Canada
    Beans
    178

    Re: Thunderbird Virus Scan

    Hi vgg. Thanks for help. I checked the ps -aef | grep clamd
    command you suggested, but I don't know what the output means. Tried clamdscan and got error msg below. But I've used what I understand from the instructions is the proper TCPsocket value of 3310. So maybe my clamd isn't starting at boot time. I'll check this out at first opportunity (probably tomorrow). I looked at your fedora clamav manual info briefly. I'm on Ubuntu 8.04 myself, so I'll have a look to see if there are any directory variations, etc.


    thane@thane-desktop:~$ ps -aef | grep clamd
    thane 7144 7122 0 17:47 pts/0 00:00:00 grep clamd
    thane@thane-desktop:~$ ps -aef | grep clamd
    thane 7184 7122 0 17:48 pts/0 00:00:00 grep clamd
    thane@thane-desktop:~$ clamdscan
    ERROR: Parse error at line 4: Unknown option TCPsocket.
    WARNING: Can't parse the configuration file.

    ----------- SCAN SUMMARY -----------
    Infected files: 0
    Time: 0.000 sec (0 m 0 s)
    thane@thane-desktop:~$ cat /etc/clamav/clamd.conf
    #Automatically Generated by clamav-base postinst
    #To reconfigure clamd run #dpkg-reconfigure clamav-base
    #Please read /usr/share/doc/clamav-base/README.Debian.gz for details
    TCPsocket 3310
    TCPAddr localhost
    LocalSocket /var/run/clamav/clamd.ctl
    FixStaleSocket true
    User clamav

    Many thanks for the help!

  7. #7
    Join Date
    Jun 2007
    Location
    Eltham, Vic, Australia
    Beans
    190

    Re: Thunderbird Virus Scan

    thane1,

    Apart from the private message info I sent I had one or two other thoughts.

    When you ran sudo dpkg-reconfigure clamav-base, did you select 'enable email scanning"?

    And did you add yourself to the clamav users group?

    If anyone else is interested it is also possible to add virus scan to Evolution using a simple script.

    http://ubuntuforums.org/showthread.php?t=749085

    I just don't like Evolution, but this solution worked for me until I moved to Thunderbird.

    The very best was Claws Email, but there is some conflict between GPL versions of Clam and Claws and Claws have banned Clam. I wish they could resolve their issues as Claws has many powerful processing addons, but for the moment, not virus scan.

  8. #8
    Join Date
    Jun 2007
    Location
    Eltham, Vic, Australia
    Beans
    190

    Re: Thunderbird Virus Scan

    thane1,

    Looking at your posts your issue seems to be that clam is not functioning.

    Might i suggest uninstalling everything 'clam" and removing all configuration files and then start again.

    I did not have to do anything fancy, the straight forward install from the repos just worked.

    You are using the 64bit version and I am using the 32bit, but it should not make a difference.

    Once you can run clamdscan without error, then the Thunderbirs addon will probably work as well.

  9. #9
    Join Date
    Jul 2007
    Location
    Ontario, Canada
    Beans
    178

    Re: Thunderbird Virus Scan

    Thanks again grege. Just off to work shortly. Was thinking myself last night that I should uninstall everything and I shall do that when I get back in. Will post results. Btw, I didn't add myself to a clam users' group as far as I know, although the small icon at the bottom right of the Tbird screen states, that Clam is enabled. Will let you know and thanks. Cheers

  10. #10
    Join Date
    Jul 2007
    Location
    Ontario, Canada
    Beans
    178

    GOT IT!!! thanks grege (clamdrib/thunderbird/clamav)

    Wowie,zowie. Been trying to get clamav to work with Thunderbird for some time. Here's what I had to do (thanks for pointers grege) to get clamav scanning email in Thunderbird with Ubuntu 8.04 amd64 hardy heron. Started today by uninstalling all of my clamav programs, which were also in your list (apart from libclamav2 which was not available from my 64 bit repositories). Uninstalled clamdrib through Thunderbird add-ons feature. Installed the two hardy backports repositories (although I was a little leery about installing the proposed repositories, as you had). Shut down then restarted computer, installed aforementioned clam progs, started Thunderbird and reinstalled clamdrib through tools,add-ons feature. Retried sending myself a test email and got same result "clamav status: connection problems". Googled and found a source for libclamav2 for amd64 hardy at https://launchpad.net/ubuntu/hardy/a....91.2-3ubuntu2 and downloaded and installed the .deb package. Rebooted hardy checked to make sure (through Synaptic) that I had the package installed - all was well there. Retried the Tbird and still had the same problem. Checked Tbird's tools,add-ons,(clamdrib)preferences feature and my settings were the same as yours (enable,localhost,3310,100 secs (instead of your 20 secs) and label only. Tried your 20 second value and still got the "failed" msg when testing through this page. Checked my /etc/clamav/clamd.conf file and there were no listings for the localhost or the TCPsocket value of 3310. This surprised me because although I had not manually added them to the conf file like I did yesterday, the tools,add-ons,preferences page showed them as being present. Next I tried the sudo dpkg-reconfigure clamav-base command, which I also used yesterday and this time after making the two changes to 3310 and localhost, then accepting everything else as presented I rebooted. Clamav now works with Thunderbird. Thanks to you grege, to zaphod65 for the guidance and to k0b4y45h1 for making up clamdrib. Its nice to be able to protect my Windows friends from forwarded Windows viruses. Cheers.

Page 1 of 3 123 LastLast

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •