VirusScan on Mail Server

Counter: 3582, today: 1, yesterday: 0

2012-12-29 (土) 06:41:13

/var/log/clamav/*.log のローテート (hotshot.smb.net)2012/12/29

http://nzlab.nztype.net/article.php?story=20080402005723193&mode=print /etc/newsyslog.conf

############   20121229   ################### http://nzlab.nztype.net/article.php?story=20080402005723193&mode=print
#/var/log/amavis/amavisd.log vscan:vscan 640 7 * @T00 JC
/var/log/clamav/clamd.log clamav:clamav 640 7 * @T00 JC
/var/log/clamav/freshclam.log clamav:clamav 640 7 * @T00 JC

を追加してみる。

なんか、前のコンテンツVirusScan on Mail Serverはゴジャゴジャしてきて古くなってきたので更新しる

blackcube# portinstall security/clamav

/usr/local/etc/clamd.conf

LogFileMaxSize 5M
LogVerbose yes

/etc/rc.conf

clamav_clamd_enable="YES"
clamav_freshclam_enable="YES"

echo clamav_clamd_enable="YES" >> /etc/rc.conf
echo clamav_freshclam_enable="YES" >> /etc/rc.conf

amavisd-new のインストール

clamavとユーザ&グループを合わせる必要があるので、

# cd /usr/ports/security/amavisd-new
# cp Makefile Makefile-dist  として待避
# vi Makefile
---------------------------------
- AMAVISUSER?=	vscan             #この部分を
- AMAVISGROUP?=	vscan
---------------------------------
+ AMAVISUSER?=	clamav       #このように編集
+ AMAVISGROUP?=	clamav
---------------------------------

で、おもむろに

portinstall security/amavisd-new
===> Installing rc.d startup script(s)
config: no rules were found!  Do you need to run 'sa-update'?

*******************************************************
* _  _  _ _______  ______ __   _ _____ __   _  ______ *
* |  |  | |_____| |_____/ | \  |   |   | \  | |  ____ *
* |__|__| |     | |    \_ |  \_| __|__ |  \_| |_____| *
*                                                     *
*******************************************************
*    You must install rules before starting spamd!    *
*******************************************************
Do you wish to run sa-update to fetch new rules [N]? y
*******************************************************************
 To use amavisd-new, you need to install at least one virus scanner.
 The following virus scanners are available in the FreeBSD ports
 collection:

 /usr/ports/security/vscan      McAfee VirusScan
 /usr/ports/security/clamav     Clam Antivirus
 /usr/ports/security/f-prot     F-Prot Antivirus
 /usr/ports/security/drweb      DrWeb antivirus suite

 Enable amavisd-new in /etc/rc.conf with the following line:

    amavisd_enable="YES"

 You can set the pidfile, if you do not use the default path:

    amavisd_pidfile="/var/amavis/amavisd.pid"

 Optionally enable amavisd tmp ram disk with:

    amavisd_ram="512m"

 If you have installed and want to use the amavis sendmail milter interface,
 you need the following additional line in /etc/rc.conf:

    amavis_milter_enable="YES"

 If you have installed and want to use the p0fanalyzer interface,
 you need the following additional lines in /etc/rc.conf
 (with modifications according to your needs):

    amavis_p0fanalyzer_enable="YES"
    amavis_p0fanalyzer_p0f_filter="tcp dst port 25"

 You can pass another command line options to p0f daemon by setting
 amavis_p0f_daemon_flags and to p0f-analyzer.pl by setting
 amavis_p0fanalyzer_flags.

 Configuration templates are available in /usr/local/etc
 as amavisd.conf-dist, amavisd.conf-sample, amavisd.conf-default
 and amavisd-custom.conf-dist.
 Documentation is available in /usr/local/share/doc/amavisd-new.
*******************************************************************

/usr/local/etc/amavisd.conf

デフォルトの状態では、ClamAVに関する部分はコメントになっているので外します。

### http://www.clamav.net/
['ClamAV-clamd',
\&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd"],
qr/\bOK$/, qr/\bFOUND$/,
qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
# NOTE: run clamd under the same user as amavisd;  match the socket
# name (LocalSocket) in clamav.conf to the socket name in this entry
# When running chrooted one may prefer: ["CONTSCAN {}\n","$MYHOME/clamd"],

その他の設定は、こんな感じ。

$mydomain = 'your.domain';                         #ドメイン名
$myhostname='host.your.domain';               #ホスト名
$notify_method  = 'smtp:[127.0.0.1]:10025';
$forward_method = 'smtp:[127.0.0.1]:10025';  #チェックした結果を戻す先 
$final_virus_destiny = D_DISCARD;              #最終的なウィルス付メールの扱い
$final_banned_destiny = D_BOUNCE; 
$final_spam_destiny = D_DISCARD;             #SPAMメールの最終的な扱い
$final_bad_header_destiny = D_PASS; 
↑

/etc/rc.conf †

amavisd_enable="YES"

/etc/mail/aliases

virusalert: root

Postfix と連動させる

#vi /usr/local/etc/postfix/main.cf

content_filter = smtp-amavis:[127.0.0.1]:10024

の1行を追加。

#vi /usr/local/etc/postfix/master.cf

smtp-amavis unix - - n - 2 smtp
-o smtp_data_done_timeout=1200
-o disable_dns_lookups=yes

127.0.0.1:10025 inet n - n - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o strict_rfc821_envelopes=yes

※“-o”で始まる行(2行目以降)の先頭には必ずTABやスペースを入れてください。

SPAMやウィルスメールを検出したときに通知されるエイリアスを設定

# vi /etc/mail/aliases
virusalert: foo@your.domain
spamalert: bar@your.domain
# newaliases
トップ   編集 凍結 差分 履歴 添付 複製 名前変更 リロード   新規 一覧 検索 最終更新   ヘルプ   最終更新のRSS
Last-modified: 2012-12-29 (土) 06:41:13