[[VirusScan on Mail Server]]
----
#counter([total|today|yesterday]);
&lastmod;
#contents
----
*/var/log/clamav/*.log のローテート (hotshot.smb.net)2012/12/29 [#w6b3647b]
http://nzlab.nztype.net/article.php?story=20080402005723193&mode=print
/etc/newsyslog.conf

 ############   20121229   ################### http://nzlab.nztype.net/article.php?story=20080402005723193&mode=print
 #/var/log/amavis/amavisd.log vscan:vscan 640 7 * @T00 JC
 /var/log/clamav/clamd.log clamav:clamav 640 7 * @T00 JC
 /var/log/clamav/freshclam.log 640 7 * @T00 JC
 /var/log/clamav/freshclam.log clamav:clamav 640 7 * @T00 JC
を追加してみる。
----
なんか、前のコンテンツ[[VirusScan on Mail Server]]はゴジャゴジャしてきて古くなってきたので更新しる
* blackcube# portinstall security/clamav [#n48e8428]
/usr/local/etc/clamd.conf
 LogFileMaxSize 5M
 LogVerbose yes
 
/etc/rc.conf
 clamav_clamd_enable="YES"
 clamav_freshclam_enable="YES"
 
 echo clamav_clamd_enable="YES" >> /etc/rc.conf
 echo clamav_freshclam_enable="YES" >> /etc/rc.conf

*amavisd-new のインストール [#ta654772]
clamavとユーザ&グループを合わせる必要があるので、
 # cd /usr/ports/security/amavisd-new
 # cp Makefile Makefile-dist  として待避
 # vi Makefile
 ---------------------------------
 - AMAVISUSER?=	vscan             #この部分を
 - AMAVISGROUP?=	vscan
 ---------------------------------
 + AMAVISUSER?=	clamav       #このように編集
 + AMAVISGROUP?=	clamav
 ---------------------------------
で、おもむろに
 portinstall security/amavisd-new

 ===> Installing rc.d startup script(s)
 config: no rules were found!  Do you need to run 'sa-update'?
 
 *******************************************************
 * _  _  _ _______  ______ __   _ _____ __   _  ______ *
 * |  |  | |_____| |_____/ | \  |   |   | \  | |  ____ *
 * |__|__| |     | |    \_ |  \_| __|__ |  \_| |_____| *
 *                                                     *
 *******************************************************
 *    You must install rules before starting spamd!    *
 *******************************************************
 Do you wish to run sa-update to fetch new rules [N]? y

 *******************************************************************
  To use amavisd-new, you need to install at least one virus scanner.
  The following virus scanners are available in the FreeBSD ports
  collection:
 
  /usr/ports/security/vscan      McAfee VirusScan
  /usr/ports/security/clamav     Clam Antivirus
  /usr/ports/security/f-prot     F-Prot Antivirus
  /usr/ports/security/drweb      DrWeb antivirus suite
 
  Enable amavisd-new in /etc/rc.conf with the following line:
 
     amavisd_enable="YES"
 
  You can set the pidfile, if you do not use the default path:
 
     amavisd_pidfile="/var/amavis/amavisd.pid"
 
  Optionally enable amavisd tmp ram disk with:
 
     amavisd_ram="512m"
 
  If you have installed and want to use the amavis sendmail milter interface,
  you need the following additional line in /etc/rc.conf:
 
     amavis_milter_enable="YES"
 
  If you have installed and want to use the p0fanalyzer interface,
  you need the following additional lines in /etc/rc.conf
  (with modifications according to your needs):
 
     amavis_p0fanalyzer_enable="YES"
     amavis_p0fanalyzer_p0f_filter="tcp dst port 25"
 
  You can pass another command line options to p0f daemon by setting
  amavis_p0f_daemon_flags and to p0f-analyzer.pl by setting
  amavis_p0fanalyzer_flags.
 
  Configuration templates are available in /usr/local/etc
  as amavisd.conf-dist, amavisd.conf-sample, amavisd.conf-default
  and amavisd-custom.conf-dist.
  Documentation is available in /usr/local/share/doc/amavisd-new.
 *******************************************************************


**/usr/local/etc/amavisd.conf [#ja37bf60]
 
デフォルトの状態では、ClamAVに関する部分はコメントになっているので外します。
 ### http://www.clamav.net/
 ['ClamAV-clamd',
 \&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd"],
 qr/\bOK$/, qr/\bFOUND$/,
 qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
 # NOTE: run clamd under the same user as amavisd;  match the socket
 # name (LocalSocket) in clamav.conf to the socket name in this entry
 # When running chrooted one may prefer: ["CONTSCAN {}\n","$MYHOME/clamd"], 
その他の設定は、こんな感じ。
 $mydomain = 'your.domain';                         #ドメイン名
 $myhostname='host.your.domain';               #ホスト名
 $notify_method  = 'smtp:[127.0.0.1]:10025';
 $forward_method = 'smtp:[127.0.0.1]:10025';  #チェックした結果を戻す先 
 $final_virus_destiny = D_DISCARD;              #最終的なウィルス付メールの扱い
 $final_banned_destiny = D_BOUNCE; 
 $final_spam_destiny = D_DISCARD;             #SPAMメールの最終的な扱い
 $final_bad_header_destiny = D_PASS; 
 ↑

**/etc/rc.conf † [#n82fa021]
 amavisd_enable="YES"
** /etc/mail/aliases [#f02c30d1]
 virusalert: root
*Postfix と連動させる [#uf85b60d]
#vi /usr/local/etc/postfix/main.cf
 content_filter = smtp-amavis:[127.0.0.1]:10024 
の1行を追加。
#vi /usr/local/etc/postfix/master.cf
 smtp-amavis unix - - n - 2 smtp
 -o smtp_data_done_timeout=1200
 -o disable_dns_lookups=yes
 
 127.0.0.1:10025 inet n - n - - smtpd
 -o content_filter=
 -o local_recipient_maps=
 -o relay_recipient_maps=
 -o smtpd_restriction_classes=
 -o smtpd_client_restrictions=
 -o smtpd_helo_restrictions=
 -o smtpd_sender_restrictions=
 -o smtpd_recipient_restrictions=permit_mynetworks,reject
 -o mynetworks=127.0.0.0/8
 -o strict_rfc821_envelopes=yes 
※“-o”で始まる行(2行目以降)の先頭には必ずTABやスペースを入れてください。
 
***SPAMやウィルスメールを検出したときに通知されるエイリアスを設定 [#v9b9d7f4]
 # vi /etc/mail/aliases

 virusalert: foo@your.domain
 spamalert: bar@your.domain

 # newaliases
トップ   編集 差分 履歴 添付 複製 名前変更 リロード   新規 一覧 検索 最終更新   ヘルプ   最終更新のRSS