模板
教程
环境
性能
功能
管理
[原]在POSTFIX服务器上建立防病毒屏障
发表于:2007-07-04来源:作者:点击数:
标签:
[code:1:58899ee6f4] 1.下载软件包: clamav-0.65.tar.gz unrar-3.2.3-2.9.i386.rpm zoo-2.10-11.9.i386.rpm unzoo-4.4-2.i386.rpm arc-5.21e-6.i386.rpm nomarch-1.3-1mdk.i586.rpm unarj-2.65-3.9.i386.rpm arj-3.10-0.1.i386.rpm freeze-2.5.0-7.i386.rpm
[code:1:58899ee6f4]
1.下载软件包:
clamav-0.65.tar.gz
unrar-3.2.3-2.9.i386.rpm
zoo-2.10-11.9.i386.rpm
unzoo-4.4-2.i386.rpm
arc-5.21e-6.i386.rpm
nomarch-1.3-1mdk.i586.rpm
unarj-2.65-3.9.i386.rpm
arj-3.10-0.1.i386.rpm
freeze-2.5.0-7.i386.rpm
compress-4.0.1.tar.gz
amavisd-new-20030616-p6.tar.gz
2. 安装clamav:
# tar zvxf clamav-0.65.tar.gz
# cd clamav-0.65
# groupadd clamav
# useradd -g clamav -d /var/run/clamav -s /bin/false clamav
# ./configure
# make
# make install
# vi /usr/local/etc/clamav.conf
=================================================================
#Example
LogFile /var/log/clamd.log
LogFileMaxSize 1M
LogVerbose
LogTime
LocalSocket /var/amavis/clamd/clamav.socket
PidFile /var/run/clamav/clamd.pid
DataDirectory /usr/local/share/clamav
MaxDirectoryRecursion 15
User root
ScanMail
ScanArchive
ClamukoMaxFileSize 6M
ArchiveMaxFileSize 10M
ArchiveMaxRecursion 5
ArchiveMaxFiles 1000
=================================================================
# clamd ##运行程序
# freshclam ##升级病毒库
# ps -aux | grep clamd
clamav 2653 0.0 3.1 23556 12228 ? S 13:59 0:00
3. 建立clamd的启动脚本:
# vi /etc/init.d/clamd
=================================================================
#! /bin/bash
#
# crond Start/Stop the clam antivirus daemon.
#
# chkconfig: 2345 90 60
# description: clamdis a standard UNIX program that scans for Viruses.
# processname: clamd
# config: /usr/local/etc/clamd.conf
# pidfile: /var/run/clamav/clamd.pid
# Source function library.
. /etc/init.d/functions
RETVAL=0
# See how we were called.
prog="clamd"
progdir="/usr/local/sbin"
# Source configuration
if [ -f /etc/sysconfig/$prog ] ; then
. /etc/sysconfig/$prog
fi
start() {
echo -n $"Starting $prog: "
daemon $progdir/$prog
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && touch /var/run/clamav/clamd.pid
return $RETVAL
}
stop() {
echo -n $"Stopping $prog: "
killproc $prog
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && rm -f /var/run/clamav/clamd.pid
return $RETVAL
}
rhstatus() {
status clamd
}
restart() {
stop
start
}
reload() {
echo -n $"Reloading clam daemon configuration: "
killproc clamd -HUP
retval=$?
echo
return $RETVAL
}
case "$1" in
start)
start
;;
stop)
stop
;;
restart)
restart
;;
reload)
reload
;;
status)
rhstatus
;;
condrestart)
[ -f /var/lock/subsys/clamd ] && restart || :
;;
*)
echo $"Usage: $0 {start|stop|status|reload|restart|condrestart}"
exit 1
esac
exit 0
=================================================================
# chmod 755 /etc/init.d/clamd
# chkconfig --add clamd
# chkconfig clamd on
# clamscan -r test ##测试杀毒
# touch /var/log/clam-update.log ##病毒库升级日志
# chmod 644 /var/log/clam-update.log
# chown clamav /var/log/clam-update.log
# freshclam -d -c 2 -l /var/log/clam-update.log
# crontab –e ##建立定时升级任务
=================================================================
00 10 * * * /usr/local/bin/freshclam --quiet -d -c 2 –l \ /var/log/clam-update.log
=================================================================
4. 安装amavisd-new
# rpm -ivh unrar-3.2.3-2.9.i386.rpm
# rpm -ivh zoo-2.10-11.9.i386.rpm
# rpm -ivh unzoo-4.4-2.i386.rpm
# rpm -ivh arc-5.21e-6.i386.rpm
# rpm -ivh nomarch-1.3-1mdk.i586.rpm
# rpm -ivh unarj-2.65-3.9.i386.rpm
# rpm -ivh arj-3.10-0.1.i386.rpm
# rpm -ivh freeze-2.5.0-7.i386.rpm
# mkdir cmpress
# tar -zxvf compress-4.0.1.tar.gz -C compress
# cd compress
# make
# make install
# perl -MCPAN -e shell ##在安装前确定你的系统语言不是UTF-8
=================================================================
cpan>
Instalando
-----------
cpan> install File::MMagic
cpan> install Config::IniFiles
cpan> install Convert::TNEF
cpan> install Convert::UUlib
cpan> install Compress::Zlib
cpan> install Archive::Tar
cpan> install Archive::Zip
cpan> install Unix::Syslog
cpan> install MIME::Base64
cpan> install Net::Server
cpan> install Net::SMTP
Should all FTP connections be passive (y|n) ? [no] no
cpan> install Digest::MD5
cpan> install Time::HiRes
cpan> install Mail::SpamAssassin
cpan> exit
=================================================================
# adduser -s /bin/false -c "Amavis User" -d /var/amavis amavis
# tar -zxvf amavisd-new-20030616-p6.tar.gz
# cd amavisd-new-20030616
# mkdir -p /var/amavis/clamd
# chown -R amavis:amavis /var/amavis
# chmod -R 750 /var/amavis/
# cp amavisd /usr/local/sbin/
# ln -s /usr/local/sbin/amavisd /usr/sbin/amavisd
# cp amavisd.conf /etc/
# mkdir /var/virusmails
# chown amavis:amavis /var/virusmails
# cp amavisd_init.sh /etc/init.d/amavisd
# chmod 744 /etc/init.d/amavisd
# chkconfig --add amavisd
# chkconfig amavisd on
# vi /etc/amavisd.conf
============================================================================
$MYHOME = '/var/amavis'; # (default is '/var/amavis')
$mydomain = 'nero.3322.org'; # (no useful default)
$daemon_user = 'amavis'; # (no default; customary: vscan or amavis)
$daemon_group = 'amavis'; # (no default; customary: vscan or amavis)
$QUARANTINEDIR = '/var/virusmails';
$log_level = 0;
$final_virus_destiny = D_BOUNCE; # (defaults to D_BOUNCE)
$final_banned_destiny = D_BOUNCE; # (defaults to D_BOUNCE)
$final_spam_destiny = D_REJECT; # (defaults to D_REJECT)
$final_bad_header_destiny = D_PASS; # (defaults to D_PASS)
$sa_spam_subject_tag = '***SPAM***'
$virus_admin = "root\@$mydomain";
$mailfrom_notify_admin = "root\@$mydomain";
$mailfrom_notify_recip = "root\@$mydomain";
$forward_method = 'smtp:127.0.0.1:10025';
$notify_method = $forward_method;
$inet_socket_port = 10024;
$max_servers = 2;
['Clam Antivirus-clamd',
\&ask_daemon, ["CONTSCAN {}\n", '/var/amavis/clamd/clamav.socket'],
qr/\bOK$/, qr/\bFOUND$/,
qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
============================================================================
# amavisd debug
====================================================================
Mar 20 10:36:21 home amavisd[1252]: starting. amavisd at home amavisd-new-20030616-p6, Unicode aware, LANG=en_US
Mar 20 10:36:21 home amavisd[1252]: Perl version 5.008
Mar 20 10:36:21 home amavisd[1252]: Module Amavis::Conf 1.15
Mar 20 10:36:21 home amavisd[1252]: Module Archive::Tar 1.08
Mar 20 10:36:21 home amavisd[1252]: Module Archive::Zip 1.09
Mar 20 10:36:21 home amavisd[1252]: Module Compress::Zlib 1.33
Mar 20 10:36:21 home amavisd[1252]: Module Convert::TNEF 0.17
Mar 20 10:36:21 home amavisd[1252]: Module Convert::UUlib 1.01
====================================================================
启动amavisd服务
# service amavisd start
测试amavis的工作情况
# telnet 127.0.0.1 10024
Trying 127.0.0.1...
Connected to home (127.0.0.1).
Escape character is '^]'.
220 [127.0.0.1] ESMTP amavisd-new service ready
QUIT
221 2.0.0 [127.0.0.1] (amavisd) closing transmission channel
Connection closed by foreign host.
5.设置postfix,在/etc/postfix/master.cf添加如下内容
============================================================================
smtp-amavis unix - - n - 2 smtp
-o smtp_data_done_timeout=1200
-o disable_dns_lookups=yes
127.0.0.1:10025 inet n - n - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o mynetworks=127.0.0.0/8
============================================================================
设置postfix,在/etc/postfix/main.cf添加如下内容
============================================================================
content_filter = smtp-amavis:[127.0.0.1]:10024
===============================================测试postfix是否工作
# telnet 127.0.0.1 10025
Trying 127.0.0.1...
Connected to localhost (127.0.0.1).
Escape character is '^]'.
220 nero.3322.org ESMTP Postfix
QUIT
221 Bye
Connection closed by foreign host.
6. 功能测试:
扫描/home/data下的所有邮件,并将扫描结果保存在/root下的scan_report文件中
# clamscan -r -l /root/scan_report /home/data
# less scan_report
===============================================
/home/data/mail/test/Maildir/courierimapkeywords/.3597840.1079351764.M170269P1241V0000000000000302I00093221_0.home,S=733: Empty file.
/home/data/mail/test/Maildir/courierimapuiddb: OK
/home/data/mail/llzqq/Maildir/courierimapuiddb: OK
/home/data/mail/.bash_history: OK
----------- SCAN SUMMARY -----------
Known viruses: 20482
Scanned directories: 20
Scanned files: 3
Infected files: 0
Data scanned: 0.00 MB
I/O buffer size: 131072 bytes
Time: 0.681 sec (0 m 0 s)
[root@home root]# less scan_report
--------------------------------------
Scan started: Tue Mar 16 10:46:09 2004
-- summary --
Known viruses: 20482
Scanned directories: 20
Scanned files: 3
Infected files: 0
Data scanned: 0.00 MB
I/O buffer size: 131072 bytes
Time: 0.681 sec (0 m 0 s)
===============================================
[/code:1:58899ee6f4]
| llzqq 回复于:2004-03-22 15:06:55 |
| 防垃圾部分过几天补上。 |
| llzqq 回复于:2004-03-22 18:20:58 |
| 大家有兴趣,给我投几个病毒试试。 llzqq@nero.3322.org |
| 好好先生 回复于:2004-03-22 18:44:13 |
| [quote:a99f90a964="llzqq"]防垃圾部分过几天补上。[/quote:a99f90a964] 期待ing…… :em02: |
| Linux@初学者 回复于:2004-03-22 18:47:17 |
| 厉害啊! |
| internetworker 回复于:2004-03-30 17:56:31 |
| 我传了一个病毒,不知道您有没有挡住? |
| llzqq 回复于:2004-03-30 18:00:21 |
| [quote:e5670c1dbf="internetworker"]我传了一个病毒,不知道您有没有挡住?[/quote:e5670c1dbf] 我没收到邮件,但我在MAIL日志看到了,你的病毒邮件被我的系统拒收了。 |
| internetworker 回复于:2004-03-30 18:02:01 |
| 您能告诉我是什么病毒吗?这个病毒用nortor & Trend都查不出来 |
| llzqq 回复于:2004-03-30 18:04:24 |
| 日志已经被我删了,要不你再发一个。 |
| internetworker 回复于:2004-03-30 18:07:14 |
| 我已经重发,谢谢 您需要的防止垃圾邮件的配置的我明天找一下给您 |
| llzqq 回复于:2004-03-30 18:24:39 |
| 你的哪个EXE文件是不是加过密的文件,杀毒软件无法解开文件。 |
| internetworker 回复于:2004-03-30 18:25:41 |
| 就是病毒文件,没有加密 |
| llzqq 回复于:2004-03-30 18:29:02 |
| 我系统认为他不是病毒 |
| llzqq 回复于:2004-03-30 18:30:20 |
| 希望尽快得到你的SpamAssassin资料,谢谢! |
