Answered by the Webhosting Experts

Installing DrWEB server antivirus for Linux CPanel

Following is the step-by-step instruction on how to install DrWEB antivirus on Linux server running CPanel :

I. Doing backups

Following files are need to be saved:
/etc/exim.conf

/etc/antivirus.exim or

system_filter.exim>

II. Installing DrWEB

First, download DrWEB antivirus RPM package from here
https://www.sald.com/get.html

Install it using rpm -Uvh command. For example, for glibc 2.3 use
# rpm -Uvh ftp://ftp.drweb.ru/pub/unix/drweb-4.30-glibc.2.3.i586.rpm

Start drweb daemon using command
# /opt/drweb/drwebd start

Now lets take care about automatic antivirus databases updates.
Add the following cron job:
00 12 * * * /opt/drweb/update/update.pl


III. Installing and configuring DrWEB-Exim

Download drweb-exim from https://www.sald.com/get.html

Untar tgz archive.
For example,
tar xzvf drweb-exim-4.29.12-F-linux.tar.gz

Now we need to copy drweb-exim files to proper directories.

# cp -r drweb-exim/etc/drweb/* /etc/drweb/
# cp -r drweb-exim/opt/drweb/doc/* /opt/drweb/doc/
# cp -r drweb-exim/opt/drweb/drweb-* /opt/drweb/

Edit /etc/drweb/drweb_exim.conf

Change

AdminMail = postmaster>
to

AdminMail = you@yourdomain.com>

Lets test how it works so far:
# /opt/drweb/drweb-exim –check_only –check_user=drweb
All tests should be “passed”.

IV. Configuring Exim

We need to make changes in two files to make drweb and exim work together.
First, edit /etc/exim.conf
Black are lines which we will need to add.

 

###### begin exim.conf ########

[skipped]>

###########################
# Runtime configuration file for Exim #
###########################

trusted_users = drweb
trusted_groups = drweb

[skipped]

#!!# message_filter renamed system_filter
system_filter = /etc/antivirus.exim
message_body_visible = 5000

>system_filter_pipe_transport = filter_pipe
system_filter_reply_transport = address_reply

[skipped]

###########################
# TRANSPORTS CONFIGURATION #
########################### ORDER DOES NOT MATTER #
# Only one appropriate transport is called for each delivery. #
############################ A transport is used only when referenced from a director or a router that
# successfully handles an address.

# This transport is used for delivering messages over SMTP connections.

begin transports

filter_pipe:
driver = pipe
user = drweb
group = mail
return_fail_output

 

>

###### end exim.conf ########>
CPanel comes with /etc/antivirus.exim filter file.
In clean Exim install it is called system_filter.exim

Add the following at the end of the file:

 

###### begin antivirus.exim #######>>

# to prevent from mail loop, skip already scanned message
if $received_protocol is “drweb-scanned”
then
finish
endif

>pipe “/opt/drweb/drweb-exim -f $sender_address — $recipients”
>>finish

 

###### end antivirus.exim ########>>


V. Restart Exim and test virus checking

Thats it with configuration.
Now restart exim:
# /etc/rc.d/init.d/exim restart
and test your email delivery.
If email is not going through, inspect /var/logs/exim_mainlog and /var/logs/exim_paniclog

Now take one of those ugly MyDoom worms, attach it to your email message and send it to yourself.

Need More Personalized Help?

If you have any further issues, questions, or would like some assistance checking on this or anything else, please reach out to us from your my.hivelocity.net account and provide your server credentials within the encrypted field for the best possible security and support.

If you are unable to reach your my.hivelocity.net account or if you are on the go, please reach out from your valid my.hivelocity.net account email to us here at: support@hivelocity.net. We are also available to you through our phone and live chat system 24/7/365.