- 论坛徽章:
- 0
|
12.安装clamav 0.87
# wget http://optusnet.dl.sourceforge.n ... /clamav-0.87.tar.gz
# tar zxvf clamav-0.87.tar.gz
# cd clamav-0.87
# groupadd clamav
# useradd -g clamav -s/sbin/nologin -d/dev/null clamav
# ./configure --prefix=/usr/local/clamav --with-dbdir=/usr/local/share/clamav --disable-zlib-vcheck
# make
# make check
# make install
编辑/usr/local/clamav/etc/clamd.conf
# vi /usr/local/clamav/etc/clamd.conf
#Verbose logging with syslog
LogSyslog
LogVerbose
LogFacility LOG_MAIL
LogFile /var/log/clamav/clamd.log
#Change pid file location
PidFile /var/run/clamav/clamd.pid
DatabaseDirectory /usr/local/share/clamav
#Set the clamav socket
LocalSocket /var/run/clamav/clamd
#Close the connection when this limit is exceeded
StreamMaxLength 10M
#Don't run clamd as root
User amavis
#Newer versions require you to uncomment this
ScanMail
ScanArchive
编辑/usr/local/clamav/etc/freshclam.conf
# vi /usr/local/clamav/etc/freshclam.conf
DatabaseDirectory /usr/local/share/clamav
UpdateLogFile /var/log/clamav/freshclam.log
LogSyslog
LogVerbose
DatabaseOwner amavis
#Check for updates every two hours. That is the official recommendation
Checks 12
DatabaseMirror db.CN.clamav.net
DatabaseMirror database.clamav.net
NotifyClamd
注意:一定要注释掉上面两个文件中Example那行
添加amavis用户和组
# groupadd amavis
# useradd -g amavis -s /sbin/nologin -d /dev/null amavis
创建日志文件夹并设置权限
# mkdir /var/log/clamav
# chmod -R 744 /var/log/clamav
# chown -R amavis:amavis /var/log/clamav
# chown -R amavis.amavis /usr/local/share/clamav
# mkdir /var/run/clamav
# chmod 700 /var/run/clamav
# chown amavis.amavis /var/run/clamav
手动更新病毒库
# /usr/local/clamav/bin/freshclam
启动
# /usr/local/clamav/sbin/clamd
Go to top.
13.安装amavisd-new 2.3.3
# wget http://www.ijs.si/software/amavisd/amavisd-new-2.3.3.tar.gz
# tar zxvf amavisd-new-2.3.3.tar.gz
# cd amavisd-new-2.3.3
# mkdir -p /var/amavis /var/amavis/tmp /var/amavis/var /var/amavis/db
# chown -R amavis:amavis /var/amavis
# chmod -R 750 /var/amavis
# cp amavisd /usr/local/sbin/
# chown root /usr/local/sbin/amavisd
# chmod 755 /usr/local/sbin/amavisd
# cp amavisd.conf /etc/
# chown root /etc/amavisd.conf
# chmod 644 /etc/amavisd.conf
# cp amavisd_init.sh /etc/rc.d/init.d/amavisd
# chmod 744 /etc/rc.d/init.d/amavisd
# chkconfig --add amavisd
# chkconfig amavisd on
# vi /etc/rc.d/init.d/amavisd
prog="/usr/local/sbin/amavisd"
病毒邮件存放目录
# mkdir /var/virusmails
# chown amavis:amavis /var/virusmails
# chmod 750 /var/virusmails
Go to top.
编辑/etc/amavisd.conf,修改下面这几行
# vi /etc/amavisd.conf
$max_servers=8;
$daemon_user = 'amavis';
$daemon_group = 'amavis';
$mydomain = 'test.com';
$db_home = "$MYHOME/db";
$inet_socket_port = 10024;
$sa_tag_level_deflt = -100;
$sa_tag2_level_deflt = 6.3;
$sa_kill_level_deflt = $sa_tag2_level_deflt;
$virus_admin = "virusalert\@$mydomain";
$sa_spam_subject_tag = '***SPAM*** ';
$notify_method = $forward_method;
$forward_method = 'smtp:127.0.0.1:10025';
$final_virus_destiny = D_DISCARD;
$final_banned_destiny = D_DISCARD;
$final_spam_destiny = D_DISCARD;
['ClamAV-clamd',
\&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd"],
qr/\bOK$/, qr/\bFOUND$/,
qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
测试amavis
# /usr/local/sbin/amavisd debug
ERROR: MISSING REQUIRED BASIC MODULES:
Time::HiRes
IO::Wrap
Unix::Syslog
Mail::Field
MIME::Words
Net::Server
BEGIN failed--compilation aborted at /usr/local/sbin/amavisd line 141.
根据出错提示,缺什么装什么,我的LANG变量为en_US.UTF-8
# perl -MCPAN -e shell
cpan> install Time::HiRes
cpan> install IO::Wrap
cpan> install Unix::Syslog
cpan> install Mail::Field
cpan> install Compress::Zlib
cpan> install MIME::Words
cpan> install Net::Server
cpan> install BerkeleyDB
cpan> install Convert::TNEF
cpan> install Convert::UUlib
cpan> install Archive::Tar
cpan> install Archive::Zip
cpan> install HTML:arser
cpan> install DB_File
cpan> install Net:NS (提示是否test, 选择no)
cpan> install Digest::SHA1
cpan> install Mail::SpamAssassin (# export LANG=en_US)
期间MIME安装会失败,只好手动安装,跳过测试
# cd /root/.cpan/build/MIME-tools-5.418/
# perl Makefile.PL
# make install
启动
# /usr/local/sbin/amavisd start 或
# service amavisd start
Go to top.
设置postfix
修改/etc/postfix/main.cf
# vi /etc/postfix/main.cf (加入一行)
content_filter = amavis:127.0.0.1:10024
修改/etc/postfix/master.cf
# vi /etc/postfix/master.cf (在最后加上)
# amavisd-new
amavis unix - - n - 2 smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
-o disable_dns_lookups=yes
localhost:10025 inet n - n - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o mynetworks=127.0.0.0/8
-o smtpd_helo_restrictions=
-o smtpd_client_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o strict_rfc821_envelopes=yes
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
重新服务
# service postfix restart
# service clamd restart
# service amavisd restart
# netstat -ant | grep LISTEN (应该可以看到这两个端口在监听)
127.0.0.1.10024 *.* 0 0 49152 0 LISTEN
127.0.0.1.10025 *.* 0 0 49152 0 LISTEN
Go to top.
14.安装Spamassassin
前面装amavis的时候已经装好了,如果没装,请按如下方式安装
启动spamd
# /usr/bin/spamd --daemonize --pidfile /var/run/spamd.pid
下载中文垃圾垃圾邮件过滤规则Chinese_rules.cf
# wget -N -P /usr/share/spamassassin www.ccert.edu.cn/spam/sa/Chinese_rules.cf
每次更新Chinese_rules.cf需要重启spamd方法如下
# kill -HUP `cat /var/run/spamd.pid`
自动更新中文垃圾垃圾邮件过滤规则
# vi /etc/crontab (加一行)
0 0 1 * * root wget -N -P /usr/share/spamassassin www.ccert.edu.cn/spam/sa/Chinese_rules.cf;kill -HUP `cat /var/run/spamd.pid`
测试病毒扫描
给该test@test.com用户发送邮件,包含以下内容:
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
查看日志,如果出现类似如下提示,则表明成功
Nov 6 22:06:20 localhost postfix/smtp[18276]: 9CEB657E22: to=<test@test.com>, relay=127.0.0.1[127.0.0.1], delay=2, status=sent (250 2.7.1 Ok, discarded, id=18262-01 - VIRUS: Eicar-Test-Signature)
邮件病毒扫描日志将被记录在/var/log/clamav/clamav.log中!
测试垃圾邮件扫描
给test@test.com用户发送邮件,包含以下内容:
XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X
查看日志,如果出现类似如下提示,表明成功
Nov 6 22:10:51 localhost amavis[18263]: (18263-01) Blocked SPAM, LOCAL [127.0.0.1] [127.0.0.1] <test@test.com> -> <test@test.com>, quarantine: spam-JH2LSCT1MLYg.gz, Message-ID: <1451.192.168.1.10.1131286248.squirrel@192.168.1.21>, mail_id: JH2LSCT1MLYg, Hits: 1005.902, 3591 ms
Go to top. |
|