なんか、前のコンテンツはゴジャゴジャしてきて古くなってきたので更新しる
/usr/local/etc/clamd.conf
LogFileMaxSize 5M LogVerbose yes
/etc/rc.conf
clamav_clamd_enable="YES" clamav_freshclam_enable="YES" cat clamav_clamd_enable="YES" >> /etc/rc.conf cat clamav_freshclam_enable="YES" >> /etc/rc.conf
clamavとユーザ&グループを合わせる必要があるので、
# cd /usr/ports/security/amavisd-new # cp Makefile Makefile-dist として待避 # vi Makefile --------------------------------- - AMAVISUSER?= vscan #この部分を - AMAVISGROUP?= vscan --------------------------------- + AMAVISUSER?= clamav #このように編集 + AMAVISGROUP?= clamav ---------------------------------
で、おもむろに
portinstall security/amavisd-new
===> Installing rc.d startup script(s) config: no rules were found! Do you need to run 'sa-update'? ******************************************************* * _ _ _ _______ ______ __ _ _____ __ _ ______ * * | | | |_____| |_____/ | \ | | | \ | | ____ * * |__|__| | | | \_ | \_| __|__ | \_| |_____| * * * ******************************************************* * You must install rules before starting spamd! * ******************************************************* Do you wish to run sa-update to fetch new rules [N]? y
******************************************************************* To use amavisd-new, you need to install at least one virus scanner. The following virus scanners are available in the FreeBSD ports collection: /usr/ports/security/vscan McAfee VirusScan /usr/ports/security/clamav Clam Antivirus /usr/ports/security/f-prot F-Prot Antivirus /usr/ports/security/drweb DrWeb antivirus suite Enable amavisd-new in /etc/rc.conf with the following line: amavisd_enable="YES" You can set the pidfile, if you do not use the default path: amavisd_pidfile="/var/amavis/amavisd.pid" Optionally enable amavisd tmp ram disk with: amavisd_ram="512m" If you have installed and want to use the amavis sendmail milter interface, you need the following additional line in /etc/rc.conf: amavis_milter_enable="YES" If you have installed and want to use the p0fanalyzer interface, you need the following additional lines in /etc/rc.conf (with modifications according to your needs): amavis_p0fanalyzer_enable="YES" amavis_p0fanalyzer_p0f_filter="tcp dst port 25" You can pass another command line options to p0f daemon by setting amavis_p0f_daemon_flags and to p0f-analyzer.pl by setting amavis_p0fanalyzer_flags. Configuration templates are available in /usr/local/etc as amavisd.conf-dist, amavisd.conf-sample, amavisd.conf-default and amavisd-custom.conf-dist. Documentation is available in /usr/local/share/doc/amavisd-new. *******************************************************************
デフォルトの状態では、ClamAVに関する部分はコメントになっているので外します。
### http://www.clamav.net/ ['ClamAV-clamd', \&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd"], qr/\bOK$/, qr/\bFOUND$/, qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ], # NOTE: run clamd under the same user as amavisd; match the socket # name (LocalSocket) in clamav.conf to the socket name in this entry # When running chrooted one may prefer: ["CONTSCAN {}\n","$MYHOME/clamd"],
その他の設定は、こんな感じ。
$mydomain = 'your.domain'; #ドメイン名 $myhostname='host.your.domain'; #ホスト名 $notify_method = 'smtp:[127.0.0.1]:10025'; $forward_method = 'smtp:[127.0.0.1]:10025'; #チェックした結果を戻す先 $final_virus_destiny = D_DISCARD; #最終的なウィルス付メールの扱い $final_banned_destiny = D_BOUNCE; $final_spam_destiny = D_DISCARD; #SPAMメールの最終的な扱い $final_bad_header_destiny = D_PASS; ↑
amavisd_enable="YES"
virusalert: root
#vi /usr/local/etc/postfix/main.cf
content_filter = smtp-amavis:[127.0.0.1]:10024
の1行を追加。
#vi /usr/local/etc/postfix/master.cf
smtp-amavis unix - - n - 2 smtp -o smtp_data_done_timeout=1200 -o disable_dns_lookups=yes 127.0.0.1:10025 inet n - n - - smtpd -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_client_restrictions= -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o mynetworks=127.0.0.0/8 -o strict_rfc821_envelopes=yes
※“-o”で始まる行(2行目以降)の先頭には必ずTABやスペースを入れてください。
# vi /etc/mail/aliases
virusalert: foo@your.domain spamalert: bar@your.domain
# newaliases