Guide updated on 29th of February 2016

Install Simscan & Ripmime


Simscan is a simple program that enables the qmail smtpd service to reject viruses, spam, and block attachments during the SMTP conversation so the processing load on the email system is kept to a minimum

You can find more information about Simscan here.

It needs Ripmime to extract attachments out of a MIME encoded email packages.

Ripmime

cd /downloads/
tar zxvf ripmime-1.4.0.10.tar.gz
cd /downloads/ripmime-1.4.0.10/

make && make install

Simscan

We will configure a patched version of Simscan. The combined patch of John M. Simpson's mainly fix some bugs and add debugging options.

cd /downloads/
tar zxvf simscan-1.4.0.tar.gz
cd /downloads/simscan-1.4.0

patch < /downloads/patches/simscan-1.4.0-combined.4.patch

./configure \
--enable-user=clamav \
--enable-spamc-user=y \
--enable-clamav=y \
--enable-attach=y \
--enable-spam=y \
--enable-dropmsg=y \
--enable-custom-smtp-reject=y \
--enable-spam-hits=8.5 \
--enable-spam-passthru=y \
--enable-clamdscan=/usr/bin/clamdscan \
--enable-ripmime=/usr/local/bin/ripmime \
--enable-sigtool-path=/usr/bin/sigtool

make
make install

cat > /var/qmail/control/simcontrol << __EOF__
:clam=yes,spam=yes,spam_hits=8.5,attach=.vbs:.lnk:.scr:.wsh:.hta:.pif
__EOF__

# update simcontrol.cdb
/var/qmail/bin/simscanmk
/var/qmail/bin/simscanmk -g

Test Simscan

systemctl restart clamav-daemon
systemctl restart clamav-freshclam

cd /tmp
echo "hi, testing." > /tmp/mailtest.txt
env QMAILQUEUE=/var/qmail/bin/simscan SIMSCAN_DEBUG=3 /var/qmail/bin/qmail-inject you@yourdomain.com < /tmp/mailtest.txt

You should have this kind of result:

env QMAILQUEUE=/var/qmail/bin/simscan SIMSCAN_DEBUG=3 /var/qmail/bin/qmail-inject you@yourdomain.com < /tmp/mailtest.txt
simscan: starting: work dir: /var/qmail/simscan/1407314229.189583.11975
simscan: calling clamdscan
simscan: clamdscan: /var/qmail/simscan/1407314229.189583.11975: OK
simscan: clamdscan:
simscan: clamdscan: ----------- SCAN SUMMARY -----------
simscan: clamdscan: Infected files: 0
simscan: clamdscan: Time: 0.008 sec (0 m 0 s)
simscan: normal clamdscan return code: 0
simscan: calling spamc
simscan: calling /usr/bin/spamc spamc -u you@yourdomain.com
simscan:[11974]:CLEAN (3.00/5.00):0.2596s::(null):root@mail-test.thibs.com:you@yourdomain.com
simscan: done, execing qmail-queue
simscan: qmail-queue exited 0

If you have issues here, you can troubleshoot by following tips given on https://qmail.jms1.net/simscan/troubleshooting.shtml.

Test Qmail


Users comments
Alan - 15/01/2017 02:43

Hi Thanks for the great tutorial!!

I had an issue wich has not been mentioned over here. I'm installing om Ubuntu 14.04.

Got this in the result of the simscan test:

simscan: clamdscan: /var/qmail/simscan/1484443751.940336.25851: lstat() failed: Permission denied. ERROR

To solve this, edit /etc/apparmor.d/usr.sbin.clamd and insert the line
  /var/qmail/simscan/** r, 
after the other file permissions.
Finally, reload the apparmor profiles with
  sudo invoke-rc.d apparmor reload
After that, works like a charm!
Cedarlug - 03/08/2016 08:51

I'd recommend enabling regular expression support in the compilation. You'll need to add pcre development libs in the original apt packages list.

The reason for this is to enable front-end screening of messages. This fills the role of the prior qscan setup under /var/spool/qscan/quarantine-events.txt which I used to leverage to block a lot of common spam.

With regular expression support, you can easily block messages from the new, all-too-common-spam-sources top-level domains such as .top, .download, .xzy, etc. for example.

My current simcontrol reads:

:clam=yes,spam=yes,spam_hits=8.5,regex=(?)^From\x3a.*<[_a-zA-Z0-9-]+(\.[_a-zA-Z0-9-]+)*@[a-zA-Z0-9-]+(\.[a-zA-Z0-9-]+)*\.(space|party|webcam|xyz|download|me|work|date|faith|uno|win|review|racing|museum|name|top)\>$,attach=.vbs:.lnk:.scr:.wsh:.hta:.pif

This blocks quite a few of the new top-level domains that seem to be cheap at the moment, and heavily used by spammers.

 

Kirk gleason - 06/12/2014 17:36

I had an issue getting the ClamAV daemon to start on a VPS with 512MB of RAM and no allocated swap. Resolved the issue by creating a swapfile. 

Dedi - 25/09/2014 12:09
Hi Sirnene
I have uninstall apparmor and insert function 0644 just like what you told.
But still get "gcc -DHAVE_CONFIG_H -I. -I. -I.     -g -O2 -Wall -c `test -f 'simscanmk.c' || echo './'`simscanmk.c
In file included from /usr/include/fcntl.h:252:0,
                 from simscanmk.c:33:
In function âopenâ,
    inlined from âmake_cdbâ at simscanmk.c:429:6:
/usr/include/x86_64-linux-gnu/bits/fcntl2.h:51:24: error: call to â__open_missing_modeâ declared with attribute error: open with O_CREAT in second argument needs 3 arguments
make[2]: *** [simscanmk.o] Error 1
make[2]: Leaving directory `/downloads/simscan-1.4.0'
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory `/downloads/simscan-1.4.0'
make: *** [all] Error 2
"
this error after running "make" command
any clue?
Anas - 11/09/2014 12:21

Simscan bouncing spam mail. I rather require to deliver spam mail with TAG [SPAM] How to achive that?

Anas - 10/09/2014 14:41

Hi, How do I tell simscan to tag [SPAM] with mail which will hit score 5? Also need to know if simscan working properly. Below a header is given.

 

Return-Path: <postmaster@ns1.citech.net>
Delivered-To: test@ns1.citech.net
Received: (qmail 2430 invoked by uid 509); 10 Sep 2014 18:22:19 +0600
Received: by simscan 1.4.0 ppid: 2425, pid: 2426, t: 1.9894s
     scanners: attach: 1.4.0 clamav: 0.97/m:55/d:19348
Received: from localhost (HELO ?122.99.96.5?) (127.0.0.1)
     by mail.ns1.citech.net with SMTP; 10 Sep 2014 18:22:17 +0600
Received: from 202.125.74.182 (proxying for 192.168.1.195)
     (SquirrelMail authenticated user postmaster@ns1.citech.net)
     by 122.99.96.5 with HTTP;
     Wed, 10 Sep 2014 12:22:17 -0000
Message-ID: <d0804b5ecd079cb726570df3b34fd5d7.squirrel@122.99.96.5>
Date: Wed, 10 Sep 2014 12:22:17 -0000
Subject: test
From: postmaster@ns1.citech.net
To: test@ns1.citech.net
User-Agent: SquirrelMail/1.4.22
MIME-Version: 1.0
Content-Type: text/plain;charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal

 

My server is based on centos.
Sirnene - 01/09/2014 22:56

On ubunte server need edit.conf or uninstall apparmor 

sudo service apparmor stop

 sudo update-rc.d -f apparmor remove

 sudo apt-get remove apparmor apparmor-utils -y

Sirnene - 01/09/2014 12:10

  if ( (fdout = open(CdbTmpFile, O_CREAT | O_TRUNC | O_WRONLY,0644)) < 0) {

     printf("error on open tmp file\n");

    return(-1);

Sirnene - 01/09/2014 12:09

When you see error 

gcc -DHAVE_CONFIG_H -I. -I. -I.     -g -O2 -Wall -c `test -f 'simscanmk.c' || echo './'`simscanmk.c
In file included from /usr/include/fcntl.h:279:0,
                 from simscanmk.c:33:
In function 'open'
             inlined from 'make_cdb' at simscanmk.c:429:6:
/usr/include/x86_64-linux-gnu/bits/fcntl2.h:50:24: error: call to '__open_missing_mode' declared with attribute error: open with O_CREAT in second argument needs 3 arguments
   __open_missing_mode ();

make[2]: *** [simscanmk.o] Error 1
make[2]: Leaving directory `/downloads/simscan-1.4.0'
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory `/downloads/simscan-1.4.0'
make: *** [all] Error 2

You need edit simscanmk.c:429:6: on line 429

and add to fuction, 0644 

Keven - 29/08/2014 07:15

if you have problem with ripmine on errors below when compiling.

mime.c:3020: undefined reference to `libiconv'

You could try with this "make CFLAGS=-liconv"


Color Coded Qmail Installation Key
  Regular Black Text     Qmail installation notes and summaries by the author.
  Bold Black Text     Commands to be run by you, the installer.
  Bold/Regular Red Text    Vital and/or critical information.
  Regular Blue text     Denotes helpful tips and hints or hyperlinks.
  Regular Orange Text     Command line output.
  Bold/Regular green text     Denotes the contents of a file or script.