[Anonymous]

Done that, tested it etc.

Mail me at [email protected] for more info on this, I have it documented but in Dutch, I’ll translate scripts and such if you want them. It is quite a lot so i’m not really willing to post it all here unless anybody else wants it too…

Cheers

Ruben

[Anonymous]

Thanks, but this is for 10.2 client. I mean 10.2 server. It had something to do with LDAP server and DNS to be able to turn the password server on,

Thanks

[Anonymous]

— Note you need perl 5.8 installed on your system for all of this to go. Check out our other article on doing this with Exim for more info

–First create a user for clamav, the av scanner, to run as.

sudo niutil -create . /users/clamav
sudo niutil -createprop . /users/clamav uid 26
sudo niutil -createprop . /users/clamav gid 26
sudo niutil -createprop . /users/clamav shell /bin/tcsh
sudo niutil -createprop . /users/clamav home /tmp
sudo niutil -createprop . /users/clamav passwd “*”

–Now to create the group.

sudo niutil -create . /groups/clamav
sudo niutil -createprop . /groups/clamav gid 26

— Download the latest clamav source and compile

curl -O http://clamav.elektrapro.com/stable/clamav-0.60.tar.gz
gnutar -xzvf clamav-0.60.tar.gz
cd clamav-0.60
./configure
make
sudo make install
cd ..

— link the binaries to somewhere in our path

sudo ln /usr/local/bin/clamscan /usr/bin/
sudo ln /usr/local/bin/freshclam /usr/bin/
rehash

— do a test scan of the source folder, which should find a virus or five

clamscan -r -l scan.txt clamav-0.60

— now set up some log files and get freshclam to run

sudo touch /var/log/clam-update.log
sudo chmod 644 /var/log/clam-update.log
sudo chown clamav /var/log/clam-update.log
sudo freshclam -d -c 2 -1 /var/log/clam-update.log

— now on to amavisd. Download and compile

curl -O http://www.ijs.si/software/amavisd/amavisd-new-20030616-p2.tar.gz
gnutar -xzvf amavisd-new-20030616-p2.tar.gz
cd amavisd-new-20030616

— looks like we still need to edit the file command with a bit of sed

sed ‘s/$file -b $filename/$file $filename \| sed -n “s\/\^\[[:alnum:]]\*:\/\/p” /’ amavisd > amavisd.new
mv amavisd.new amavisd

— now to setup some directories and files for amavisd

sudo cp amavisd.conf /etc/
sudo chown root /etc/amavisd.conf
sudo chmod 644 /etc/amavisd.conf
sudo cp amavisd /usr/bin/
sudo chown root /usr/bin/amavisd
sudo chmod 755 /usr/bin/amavisd
sudo mkdir /var/amavis
sudo chown clamav:clamav /var/amavis
sudo chmod 750 /var/amavis
sudo mkdir /var/virusmails
sudo chown clamav:clamav /var/virusmails
sudo chmod 750 /var/virusmails
sudo touch /var/amavis/whitelist_sender

— now to edit the amavisd config file
— switch user and group to “clamav”
— change the e-mail address for where virus and spam notifications go

edit /etc/amavisd.conf

— on to getting a few perl modules before we can run amavisd
— the next few steps is all done in the cpan shell
— note that two don’t install easily so they have to be forced
sudo perl -MCPAN -e shell

install Archive::Tar Archive::Zip Compress::Zlib Convert::UUlib MIME::Base64 MIME::Parser Mail::Internet Net::Server Digest::MD5 IO::Stringy Time::HiRes Unix::Syslog Digest::SHA1

force install Convert::TNEF
force install Net::SMTP

— now to test and see if amavisd runs
— if it starts up you know you have got it

sudo su clamav
amavisd debug

— now to edit the postfix files.

— add this to /etc/postfix/main.cf
content_filter=smtp-amavis:[127.0.0.1]:10024

— now add this to /etc/postfix/master.cf

smtp-amavis unix – – y – 2 smtp
-o smtp_data_done_timeout=1200
-o disable_dns_lookups=yes
127.0.0.1:10025 inet n – y – – smtpd
-ocontent_filter=
-olocal_recipient_maps=
-osmtpd_helo_restrictions=
-osmtpd_client_restrictions=
-osmtpd_sender_restrictions=
-omynetworks=127.0.0.0/8

— whew, almost done. Now just to start everything up

sudo postfix reload
su clamav -c amavisd

— and if you don’t have freshclam still running

freshclam -d -c 2 -1 /var/log/clam-update.log

[Anonymous]

Hi,

I’m pursuing this, too.

I outlined the way I’m thinking of approaching this here: [url]https://www.afp548.com/eBBS/viewtopic.php?t=691[/url]

If you try any of this, post your results!

[Anonymous]

i finally got it to delete the fake network domain by using [code:1:464779bf46] sudo nidomain -d network smitty[/code:1:464779bf46] and then running the clone command from the article, and that worked. according to Joel, the command to delete the domain seems to have changed in 10.2.6.

[Anonymous]

i am deploying a slew of osx x serves and would like to know exactly how one goes about setting up DHCP reservations for static assignment. i would like to make sure that my printers are getting the same dhcp address each time they boot up so that i can manage the addresses from net info. how do i set this up. this will make migration to another subnet much easier in the future if everything is controlled by dhcp. thanks.

[Anonymous]

Sorry for the noise. I figured it out. I had to change the “Groups” from 2 to 1. Thanks – Tom

[Anonymous]

I realize a have a error on my Mac :
phase2 negotiation failed due to time up waiting for phase1

Any idea ?

It’s possible to have a sample of parameters (Phase 1-2, ID…) on the mac ?

Thanks

[Anonymous]

Hi cabbage – any decision reached?
Can we change IP address?
eagerly awaiting response

adam.

[Anonymous]

I follow instructions in the Read Me file (version 1.0).

I have no error on the firewall not nothing run. I have only a IKE line in the firewall log.

Could you tell me if I must add a route ?

I’im running Mac OS X 10.2.6

Thanks

[Anonymous]

I don’t understand…..every laptop is going to be serving files? Whys this?

[Anonymous]

This article has the mappings:

http://www.fatofthelan.com/articles/osx.php

[Anonymous]

GOD NO!
Since this user will more than likely be used on many machiines and you probably are not using SSL to connect, this user’s credentials are going clear text over the wire. Anyone sniffing the network will have the keys the city!
By default all “authenticated users” have read permissions to the AD. I’d make a user just for this purpose and deny everything to him other than read. (i.e. logon locally, logon interactivly, etc…)

[Anonymous]

Check out these:
http://www.fatofthelan.com/articles/ldap.php
http://www.fatofthelan.com/articles/osx.php

[Anonymous]

Why not just buy one copy of OS X server unlimited and then create roaming logons for the laptops?

[Author]

Posts