Antivirus software other than ClamAV in Virtualmin?

Is there a (reasonably sustainable) way to integrate an antivirus software other than ClamAV in Virtualmin?

For example I have antivirus that I trust, and it has a dedicated scan command, just like ClamAV, and the command returns 0 for clear and non-zero exit status for malware detected, just like ClamAV does.

The problem begins with ClamAV being tightly integrated with Virtualmin, as far as I see and ends with the way ClamAV is integrated in mail system - through Procmail.

Additionally, it is not utterly important to remove ClamAV form system, I’m good enough to leave it operating as intended I just do not want to relay on infamous ClamAV detection rate to protect my users from malware.

[EDIT]

It is obvious that per domain procmail files located in /etc/webmin/virtual-server/procmail/ are responsible for calling clamdscan, like:
/etc/webmin/virtual-server/clam-wrapper.pl /usr/bin/clamdscan.

So, I guess, in order to achieve what I want, a rewrite of /etc/webmin/virtual-server/clam-wrapper.pl is needed and it is reasonable to
presume that everything changed to this file will be reverted by Virtualmin update process. Too bad my languages of choice were PHP and BASH and not Perl…

Howdy,

Is it an option to assume that every domain would want this anti-virus software?

If that would work, what you could do is add it to /etc/procmailrc, rather than editing the per-domain procmail files.

That way, you can just add it in one place.

At that point you’re certainly welcome to disable ClamAV if you want, you can do that by disabling the ClamAV feature in Edit Virtual Server.

-Eric

Thanks for answer. The part with /etc/procmailrc is specially helpful since I was counting on per domain procmail file - no need for that thankfully.

For sake of completeness I’ll post PHP (or better, BASH) version of generic email antivirus wrapper, when I test it enough - so far it’s working. It turns out that /etc/webmin/virtual-server/clam-wrapper.pl is fairly simple program which reads email from STDIN and exits with 0 or 1 depending on malware found or not.

Very minimalistic example:

#!/bin/bash

################################################

Minimal example of generic antivirus wrapper

for Virtualmin email functionality. Intended

to be used instead of

/etc/webmin/virtual-server/clam-wrapper.pl

.

May be saved as:

/etc/webmin/virtual-server/clam-wrapper.sh

. Than, has to be specified in procmail

file as a scanning program.

---------------------------------------------

THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT

WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,

INCLUDING BUT NOT LIMITED TO THE WARRANTIES

OF MERCHANTABILITY, FITNESS FOR A PARTICULAR

PURPOSE AND NONINFRINGEMENT. IN NO EVENT

SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE

LIABLE FOR ANY CLAIM, DAMAGES OR OTHER

LIABILITY, WHETHER IN AN ACTION OF CONTRACT,

TORT OR OTHERWISE, ARISING FROM, OUT OF OR

IN CONNECTION WITH THE SOFTWARE OR THE USE

OR OTHER DEALINGS IN THE SOFTWARE.

###############################################

trap “rm -f /tmp/emscan_in.$$” 0 1 2 3 5 15

cat > “/tmp/emscan_in.”"$$" || {
exit 5; }

This is an example with clamdscan

Other AVs has similar logic i.e.

scan binary, path to file povided

as an arugment and exit statuses.

In this example, only zero status

means scan is good, no malware

found

clamdscan --fdpass “/tmp/emscan_in.”"$$" > /dev/null 2>&1

exit $?