Using Clamav on Mac OSX with MPP Free Edition and CommuniGate Pro

I'm now (may 20, 2005) running Clamav 0.85.1 with MPP free and CommuniGate Pro 4.3.1 on Mac OSX 10.3.8.

It's a typical Belgian "SMB" (1-50 employees) setup, CommuniGate Pro 50 users, running on a G4 QuickSilver 867mhz, single processor, 1,5 GB Ram. Connected to the World over xDSL with fixed IP, behind a FireWall/NAT.
The (relatively) big amount of RAM is not really necessary for what is described here.

Although MPP free includes clamav, MessagePartners advises us to go with a self installed version of clamav, and use the clamd included with that install instead, due to licencing issues, which do not exist for the clamd version/portion of clamav. The bundled clamav will never get updated, because of these licencing issues.
Clamav has gone up from 0.83 to 0.85.1 in the mean time, and you really want the latest as it is far better at scanning archived attachments than 0.83.

Here's sort of what I did to get this working.
I am not a Unix expert, just a Mac user with some OSX experience, and the ability to copy/past things in Terminal.
Please let me know whether this was helpful, or — you Nix-guru's out there — think I got it all wrong.

We presume you have:

CommuniGate Pro installed and working.
WebMin installed and working.
MPP free installed and working.

1) In Webmin configuration-WebMin Modules
install the latest MPP module (2.12 when this was written) from ftp://ftp.raeinternet.com/pub/mpp/rae-mpp.wbm

2) Install Clamav latest (0.85.1 when writing this).
The Mac OSX instructions included in the download do not really apply, as MPP needs to have clamd running as root.

First, create user and group clamav (we don't really need them, but clamav will not install if they don't exist).
$ niutil -create . /groups/clamav
$ niutil -createprop . /groups/clamav gid 200
$ niutil -createprop . /groups/clamav realname 'clamav'

$ niutil -create . /users/clamav
$ niutil -createprop . /users/clamav uid 200
$ niutil -createprop . /users/clamav gid 200
$ niutil -createprop . /users/clamav passwd '*'
$ niutil -createprop . /users/clamav realname 'clamav'

Download GMP from http://www.swox.com/gmp
Download CLAMAV from http://clamav.net/stable.php#pagestart
Unpack the archives (Expander will do)

cd into the gmp-4.1.4 folder
Build gmp (needed for freschlam update script)
$ ./configure --prefix=/usr --mandir=/usr/share/man --sysconfdir=/etc --enable-devel
$ make; sudo make install

cd into the clamav-0.85.1 folder
Build clamav$ ./configure --prefix=/usr --mandir=/usr/share/man --sysconfdir=/etc --enable-bigstack
$ make; sudo make install

3) Edit 2 config files (I use BBedit)
$ sudo bbedit /etc/freshclam.confcomment line 9
# Exampleuncomment & change line 55
DatabaseMirror db.XY.clamav.net (XY -> your own country code)

$ sudo bbedit /etc/clamd.confComment line 8
# Exampleuncomment lines 80 & 87
TCPSocket 3310
TCPAddr 127.0.0.1Make sure line 72 & 144 are commented
# LocalSocket /tmp/clamd
# User clamav

4) Run freshclam to see if it works
$ sudo /usr/bin/freshclamClamAV update process started at Fri May 20 09:45:37 2005
main.cvd is up to date (version: 31, sigs: 33079, f-level: 4, builder: tkojm)
Downloading daily.cvd [*]
daily.cvd updated (version: 887, sigs: 1460, f-level: 5, builder: arnaud)
Database updated (34539 signatures) from db.be.clamav.net (IP: 212.71.0.71)

5) Check where clamd is (MPP looks for it in /usr/sbin)
On my setup, clamd is in /usr/local/sbin, so we
make a symlink:
$ ln -s /usr/local/sbin/clamd /usr/sbin/clamd

6) Start clamd as root:
$ sudo -sroot# /usr/local/sbin/clamdFire up Activity Monitor, clamd process should be there

7) In Webmin-Server-MPP Panel-Configure
Change the scanner in the "scanners to use" pop-up menu from clamav to clamd
Set loggin level to DEBUG
Save & Restart MPP
Watch MPP log. Ignore what is in line #4 in this example, it's OK (debug info for the developers).

[12:11:40] 8 [31232] [ClamdScannerJob] {Queue/1590061.msg} Connecting to clamd...
[12:11:40] 8 [31232] [clamd::connect] trying to set up connection
[12:11:40] 8 [31232] [clamd::connect] making attempt
[12:11:40] 8 [31232] [clamd::connect] this attempt result==-1, err=36 Operation now in progress
[12:11:40] 8 [31232] [clamd::connect] waiting for connection
[12:11:40] 8 [31232] [ClamdScannerJob] {Queue/1590061.msg} Request: SCAN /usr/local/MPP/working/20050517_121140_4517a00.83
[12:11:40] 8 [31232] [clamd::query] sending request
[12:11:40] 8 [31232] [clamd::query] awaiting response
[12:11:40] 8 [31232] [clamd::query] got response
[12:11:40] 8 [31232] [ClamdScannerJob] {Queue/1590061.msg} Clamd query succeeded.
[12:11:40] 8 [31232] [ClamdScannerJob] {Queue/1590061.msg} Clamd response: /usr/local/MPP/working/20050517_121140_4517a00.83: OK
[12:11:40] 8 [31232] [GenericScannerJob] {Queue/1590061.msg} Remove file.
[12:11:40] 8 [31232] [GenericScannerJob] {Queue/1590061.msg} Scanner returned : 0x00000001
[12:11:40] 8 [31232] [Thread] [debug] Processing time: 0 ms

If you get errors like:
[09:47:35] 2 [41452] [Daemon] Failed to start clamd. Operation not permitted.
[09:47:35] 2 [41452] [Daemon] Restart failed.
Read this
http://www.messagepartners.com/support/faqs.php#130

8) Make a Cron for the updates
In Webmin-System-Scheduled Cron Jobs
/usr/bin/freshclam as root with a decent frequency (every 6 hours in my setup).

--------
MPP mailing list:
mpp-subscribe [AT] raeinternet [DOT] com

MPP offers reasonably priced support too, even for the free edition.
http://raeinternet.com/choose_support.html

---------
MPP is a very promising product, and the developers are very responsive and dedicated to the Mac Platform.
There are other ways for CGP to interface with Clamav, but MPP free seems to me the easiest solution for Mac OSX.

I also have MPP free talking to Spamassassin 3.03, but that's another sandwich.

patrick [AT] triksys [DOT] com