Virus scanning for file uploads with clamav/php

Download and install the following packages, in case your repository has those package just use the management tool to install.

Ubuntu/Debian/Mint

# apt-get install clamav clamav-db clamd clamav-devel php-devel

Redhat

# yum install php-devel
# wget http://pkgs.repoforge.org/clamav/clamav-0.97.7-1.el5.rf.i386.rpm
# wget http://pkgs.repoforge.org/clamav/clamav-db-0.97.7-1.el5.rf.i386.rpm
# wget http://pkgs.repoforge.org/clamav/clamd-0.97.7-1.el5.rf.i386.rpm
# wget http://pkgs.repoforge.org/clamav/clamav-devel-0.97.7-1.el5.rf.i386.rpm
# rpm -Uvh clam*
# freshclam
# service clamd start

Configure php-clamav

Download php-clamav from from sf.net

# wget http://downloads.sourceforge.net/project/php-clamav/0.15/php-clamav_0.15.7.tar.gz
# tar xvzf php-clamav_0.15.7.tar.gz
# cd php-clamav-0.15.7/
# phpize
#./configure –with-clamav
# make
# cp modules/clamav.so /usr/lib/php/modules/

Add the modules to php.ini if required.

extension=clamav.so

Make sure the module is loaded

# php -i | grep -i clam
clamav

Incase you see the following error create a symlink to clamav path
LibClamAV Error: cl_load(): Can’t get status of /var/lib/clamav

# ln -s /var/clamav /var/lib/clamav

Test script
Get the testing virus file from http://www.eicar.org/86-0-Intended-use.html and save it on a file (eg: /tmp/virus.txt)

Create a php script:
cat > check_virus.php

<?php
$file = ‘/tmp/testing.txt’;
$retcode = cl_scanfile($file, $virusname);
if ($retcode == CL_VIRUS) {
echo .”Virus found name : “.$virusname;
} else {
echo .cl_pretcode($retcode);
}
?>

$ php check_virus.php
Virus found name : Eicar-Test-Signature

./arun

Upgrading php to 5.2 or 5.3 in Redhat EL 5

Unfortunately RHEL 5 does not have php.5.2 package, which is required by most of the applications including latest wordpress and drupal.

First thought of compiling php from source, but hard to keep it uptodate. So decided to make the life easier with EPEL/IUS repositories.

Remove all existing php related packages:

# rpm -e php php-mysql php-cli php-pdo php-common

Download and install the EPEL/IUS RPMs

# wget http://dl.iuscommunity.org/pub/ius/stable/Redhat/5/i386/epel-release-1-1.ius.el5.noarch.rpm

# wget http://dl.iuscommunity.org/pub/ius/stable/Redhat/5/i386/ius-release-1.0-8.ius.el5.noarch.rpm

incase if the list not working just browse and find the rpm.

Install the RPMs

# rpm -Uvh *-release-*.rpm

Now you can install php 5.2 or 5.3 like:

# yum install php52 php52-mysql

./arun

 

get rid of apache@localhost in received email headers

There is a good change that the foreign email servers will drop if the sender email headers are not properly formatted.
Anyway if you get apache@localhost in Received header (with postfix/apache/php), you can change the php.ini, sendmail_path program to use sendmail.postfix instead of sendmail binary.

like : sendmail_path = /usr/sbin/sendmail.postfix -t -i -f

./arun