simscan

Simscan is a simple program that enables the qmail smtpd service to reject viruses, spam, and block attachments during the SMTP conversation so the processing load on the email system is kept to a minimum

You can find more information about Simscan here.

It needs Ripmime to extract attachments out of a MIME encoded email packages.

Ripmime

cd /downloads/
tar zxvf ripmime-1.4.0.10.tar.gz
cd /downloads/ripmime-1.4.0.10/

make && make install

Simscan

We will configure a patched version of Simscan. The combined patch of John M. Simpson’s mainly fix some bugs and add debugging options.

cd /downloads/
tar zxvf simscan-1.4.0.tar.gz
cd /downloads/simscan-1.4.0

patch < /downloads/patches/simscan-1.4.0-combined.4.patch

./configure \

–enable-user=clamav \

–enable-spamc-user=y \

–enable-clamav=y \

–enable-attach=y \

–enable-spam=y \

–enable-dropmsg=y \

–enable-custom-smtp-reject=y \

–enable-spam-hits=8.5 \

–enable-spam-passthru=y \

–enable-clamdscan=/usr/bin/clamdscan \

–enable-ripmime=/usr/local/bin/ripmime \

–enable-sigtool-path=/usr/bin/sigtool

make
make install

cat > /var/qmail/control/simcontrol << __EOF__
:clam=yes,spam=yes,spam_hits=8.5,attach=.vbs:.lnk:.scr:.wsh:.hta:.pif
__EOF__

# update simcontrol.cdb
/var/qmail/bin/simscanmk
/var/qmail/bin/simscanmk -g

Test Simscan

systemctl restart clamav-daemon
systemctl restart clamav-freshclam

cd /tmp
echo “hi, testing.” > /tmp/mailtest.txt
env QMAILQUEUE=/var/qmail/bin/simscan SIMSCAN_DEBUG=3 /var/qmail/bin/qmail-inject you@yourdomain.com < /tmp/mailtest.txt

You should have this kind of result:

env QMAILQUEUE=/var/qmail/bin/simscan SIMSCAN_DEBUG=3 /var/qmail/bin/qmail-inject you@yourdomain.com < /tmp/mailtest.txt
simscan: starting: work dir: /var/qmail/simscan/1407314229.189583.11975
simscan: calling clamdscan
simscan: clamdscan: /var/qmail/simscan/1407314229.189583.11975: OK
simscan: clamdscan:
simscan: clamdscan: ———– SCAN SUMMARY ———–
simscan: clamdscan: Infected files: 0
simscan: clamdscan: Time: 0.008 sec (0 m 0 s)
simscan: normal clamdscan return code: 0
simscan: calling spamc
simscan: calling /usr/bin/spamc spamc -u you@yourdomain.com
simscan:[11974]:CLEAN (3.00/5.00):0.2596s::(null):root@mail-test.thibs.com:you@yourdomain.com
simscan: done, execing qmail-queue
simscan: qmail-queue exited 0

If you have issues here, you can troubleshoot by following tips given on https://qmail.jms1.net/simscan/troubleshooting.shtml.

Test Qmail

Users comments

Comment this page

Your name (*):

Your E-mail:

Your comment (*):

Copy the following code (*)

Alan – 15/01/2017 01:43

Hi Thanks for the great tutorial!!

I had an issue wich has not been mentioned over here. I’m installing om Ubuntu 14.04.

Got this in the result of the simscan test:

simscan: clamdscan: /var/qmail/simscan/1484443751.940336.25851: lstat() failed: Permission denied. ERROR

To solve this, edit /etc/apparmor.d/usr.sbin.clamd and insert the line

/var/qmail/simscan/** r,

after the other file permissions.

Finally, reload the apparmor profiles with

sudo invoke-rc.d apparmor reload

After that, works like a charm!

Cedarlug – 03/08/2016 06:51

I’d recommend enabling regular expression support in the compilation. You’ll need to add pcre development libs in the original apt packages list.

The reason for this is to enable front-end screening of messages. This fills the role of the prior qscan setup under /var/spool/qscan/quarantine-events.txt which I used to leverage to block a lot of common spam.

With regular expression support, you can easily block messages from the new, all-too-common-spam-sources top-level domains such as .top, .download, .xzy, etc. for example.

My current simcontrol reads:

:clam=yes,spam=yes,spam_hits=8.5,regex=(?)^From\x3a.*<[_a-zA-Z0-9-]+(\.[_a-zA-Z0-9-]+)*@[a-zA-Z0-9-]+(\.[a-zA-Z0-9-]+)*\.(space|party|webcam|xyz|download|me|work|date|faith|uno|win|review|racing|museum|name|top)\>$,attach=.vbs:.lnk:.scr:.wsh:.hta:.pif

This blocks quite a few of the new top-level domains that seem to be cheap at the moment, and heavily used by spammers.

 

Kirk gleason – 06/12/2014 16:36

I had an issue getting the ClamAV daemon to start on a VPS with 512MB of RAM and no allocated swap. Resolved the issue by creating a swapfile.

Dedi – 25/09/2014 10:09

Hi Sirnene

I have uninstall apparmor and insert function 0644 just like what you told.

But still get “gcc -DHAVE_CONFIG_H -I. -I. -I.     -g -O2 -Wall -c `test -f ‘simscanmk.c’ || echo ‘./’`simscanmk.c
In file included from /usr/include/fcntl.h:252:0,
from simscanmk.c:33:
In function âopenâ,
inlined from âmake_cdbâ at simscanmk.c:429:6:
/usr/include/x86_64-linux-gnu/bits/fcntl2.h:51:24: error: call to â__open_missing_modeâ declared with attribute error: open with O_CREAT in second argument needs 3 arguments
make[2]: *** [simscanmk.o] Error 1
make[2]: Leaving directory `/downloads/simscan-1.4.0′
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory `/downloads/simscan-1.4.0’
make: *** [all] Error 2

this error after running “make” command

any clue?

Anas – 11/09/2014 10:21

Simscan bouncing spam mail. I rather require to deliver spam mail with TAG [SPAM] How to achive that?

Anas – 10/09/2014 12:41

Hi, How do I tell simscan to tag [SPAM] with mail which will hit score 5? Also need to know if simscan working properly. Below a header is given.

 

Return-Path: <postmaster@ns1.citech.net>
Delivered-To: test@ns1.citech.net
Received: (qmail 2430 invoked by uid 509); 10 Sep 2014 18:22:19 +0600
Received: by simscan 1.4.0 ppid: 2425, pid: 2426, t: 1.9894s
scanners: attach: 1.4.0 clamav: 0.97/m:55/d:19348
Received: from localhost (HELO ?122.99.96.5?) (127.0.0.1)
by mail.ns1.citech.net with SMTP; 10 Sep 2014 18:22:17 +0600
Received: from 202.125.74.182 (proxying for 192.168.1.195)
(SquirrelMail authenticated user postmaster@ns1.citech.net)
by 122.99.96.5 with HTTP;
Wed, 10 Sep 2014 12:22:17 -0000
Message-ID: <d0804b5ecd079cb726570df3b34fd5d7.squirrel@122.99.96.5>
Date: Wed, 10 Sep 2014 12:22:17 -0000
Subject: test
From: postmaster@ns1.citech.net
To: test@ns1.citech.net
User-Agent: SquirrelMail/1.4.22
MIME-Version: 1.0
Content-Type: text/plain;charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal

 

My server is based on centos.

Sirnene – 01/09/2014 20:56

On ubunte server need edit.conf or uninstall apparmor

sudo service apparmor stop

sudo update-rc.d -f apparmor remove

sudo apt-get remove apparmor apparmor-utils -y

Sirnene – 01/09/2014 10:10

if ( (fdout = open(CdbTmpFile, O_CREAT | O_TRUNC | O_WRONLY,0644)) < 0) {

printf(“error on open tmp file\n”);

return(-1);

Sirnene – 01/09/2014 10:09

When you see error 

gcc -DHAVE_CONFIG_H -I. -I. -I.     -g -O2 -Wall -c `test -f ‘simscanmk.c’ || echo ‘./’`simscanmk.c In file included from /usr/include/fcntl.h:279:0, from simscanmk.c:33: In function ‘open’ inlined from ‘make_cdb’ at simscanmk.c:429:6: /usr/include/x86_64-linux-gnu/bits/fcntl2.h:50:24: error: call to ‘__open_missing_mode’ declared with attribute error: open with O_CREAT in second argument needs 3 arguments __open_missing_mode (); make[2]: *** [simscanmk.o] Error 1 make[2]: Leaving directory `/downloads/simscan-1.4.0′ make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory `/downloads/simscan-1.4.0′ make: *** [all] Error 2

You need edit simscanmk.c:429:6: on line 429

and add to fuction, 0644 

Install simscan and ripmime to filter incoming mails on a Qmail based system