酷!學園

精華區 => 拾人牙慧 => 主題作者是: netman 於 2003-09-08 10:19

主題: [轉貼] Linux Solution -- Linux上無毒信箱的建立
作者: netman2003-09-08 10:19
"衡山飛狐" <flyfox@bbs.openfind.com.tw> 撰寫於郵件 news:0BJGLFH$0001I40$1@bbs.openfind.com.tw...
> Linux Solution -- Linux上無毒信箱的建立
> 作者:衡山飛狐 flyfox@virtualage.homelinux.net
>
> 一、【前言】
> e-mail已成為網路上非常便利的通訊方式,但是隨著愈來愈多的電子郵件往來,更造就了『電子郵件病毒(e-mail virus)』的猖獗肆虐。根據統計;電子郵件已躍升為電腦病毒最主要的傳播媒介。據總部位於英國的企業防毒保護廠商Sophos的統計,2002年十大電腦病毒的前九名都是以大量擴散電子郵件的Windows 32病蟲為主,而有高達87%的電腦病毒是透過電子郵件散播。因此建立一個無毒的電子郵件環境,可有效阻絕個人和企業遭受大部份電腦病毒的侵襲。
> 由於大部份Server端的掃毒方案多有版權或授權上的問題,此篇介紹的MailScanner+Clamav整體效能相當不錯;而採用的Clamav病毒碼資料庫為OpenAntiVirus的GPL授權,且能自動線上更新,算是相當不錯的Server端的掃毒方案。
> 二、【軟體】
> clamav:http://virtualage.homelinux.net/DownLoad/Linux/clamav/clamav-0.60.tar.gz
> MailScanner:http://virtualage.homelinux.net/DownLoad/Linux/MailScanner/MailScanner-4.23-11.rpm.tar.gz
> 三、【軟體說明】
> clamav
> 為一Virus Scanner 病毒掃瞄程式,Multi-thread,以 C 寫成,使用來自於OpenAntiVirus 的病毒碼,授權方式為GPL。
> http://clamav.elektrapro.com/
> MailScanner
> 為一功能強大且免費的郵件病毒及廣告信過濾器,授權方式為GPL。。
> http://www.mailscanner.info
> 四、【環境】
> RedHat 9.0 (shrike)
> sendmail-8.12.8-5.90
> 五、【安裝】
> (1).安裝clamav
> 1.下載clamav-0.60.tar.gz
> 2.[root@virtualage clamav]#tar zxvf clamav-0.60.tar.gz
> [root@virtualage clamav]#cd clamav-0.60
> [root@virtualage clamav-0.60]#groupadd clamav
> [root@virtualage clamav-0.60]#useradd -g clamav -s /bin/false -c "Clam AntiVirus" clamav
> [root@virtualage clamav-0.60]#./configure
> [root@virtualage clamav-0.60]#make
> [root@virtualage clamav-0.60]#make install
> 3.修改clamav.conf設定:
> [root@virtualage clamav-0.60]#vi /etc/clamav.conf
> 找到如下部份(第7,8行),並將其內容:
> -----------------/etc/clamav.conf--------------------
> # Comment or remove the line below.
> Example
> ----------------------------------------------------------
> 改成
> -----------------/etc/clamav.conf--------------------
> # Comment or remove the line below.
> # Example
> ----------------------------------------------------------
> 4.測試clamav是否work;
> [root@virtualage clamav-0.60]#clamscan ./
> 會得到如下結果:
>
> //FAQ: OK
> //BUGS: OK
> //NEWS: OK
> //TODO: OK
> //depcomp: OK
> //aclocal.m4: OK
> //README: OK
> //ltmain.sh: OK
> //configure: OK
> //configure.in: OK
> //config.guess: OK
> //install-sh: OK
> //config.sub: OK
> //missing: OK
> //mkinstalldirs: OK
> //Makefile.am: OK
> //Makefile.in: OK
> //acinclude.m4: OK
> //AUTHORS: OK
> //INSTALL: OK
> //ChangeLog: OK
> //COPYING: OK
> //config.log: OK
> //target.h: OK
> //config.status: OK
> //Makefile: OK
> //libtool: OK
>
> ----------- SCAN SUMMARY -----------
> Known viruses: 9567
> Scanned directories: 1
> Scanned files: 27
> Infected files: 0
> Data scanned: 1.12 Mb
> I/O buffer size: 131072 bytes
> Time: 1.605 sec (0 m 1 s)
>
> 如果沒出現錯誤訊息,代表clamav已可正常work了,由於本篇主要探討與MailScanner之間的配合,詳細的clamav用法請參考:
> http://virtualage.homelinux.net/DownLoad/Linux/clamav/clamdoc.pdf
>
> (2).安裝MailScanner
> 1.下載MailScanner-4.23-11.rpm.tar.gz
> 2.[root@virtualage MailScanner]#tar zxvf MailScanner-4.23-11.rpm.tar.gz
> [root@virtualage MailScanner]#cd MailScanner-4.23-11
> [root@virtualage MailScanner-4.23-11]#./install.sh
> 安裝程式可能會要求您先執行Update-MakeMaker.sh
> [root@virtualage MailScanner-4.23-11]#./Update-MakeMaker.sh
> 然後再執行一次install.sh
> [root@virtualage MailScanner-4.23-11]#./install.sh
> 靜待程式安裝完畢即完成安裝。
> 3.修改MailScanner.conf設定:
> [root@virtualage MailScanner-4.23-11]#cd /etc/MailScanner
> [root@virtualage MailScanner]#cp MailScanner.conf MailScanner.conf.000
> [root@virtualage MailScanner]#vi MailScanner.conf
> 找到如下部份,並將其內容:
> --------------------/etc/MailScanner/MailScanner.conf-----------------
> %org-name% = yoursite 改成 %org-name% = virtualage(舉例)
> Virus Scanners = none 改成 Virus Scanners = clamav(指定用clamav為掃毒引擎)
> ----------------------------------------------------------------------
> ●註:本版MailScanner支援下列掃毒引擎:
> ----------------/etc/MailScanner/virus.scanners.conf-----------------------------
> # This is a list of the names of the virus scanning engines, along with the
> # filename of the command or script to run to invoke each one.
> antivir /usr/lib/MailScanner/antivir-wrapper /usr/lib/AntiVir
> bitdefender /usr/lib/MailScanner/bitdefender-wrapper /usr/local/bd7
> clamav /usr/lib/MailScanner/clamav-wrapper /usr/local
> command /usr/lib/MailScanner/command-wrapper /usr
> etrust /usr/lib/MailScanner/etrust-wrapper /opt/eTrustAntivirus
> f-prot /usr/lib/MailScanner/f-prot-wrapper /usr/local/f-prot
> f-secure /usr/lib/MailScanner/f-secure-wrapper /opt/f-secure/fsav
> inoculan /usr/lib/MailScanner/inoculan-wrapper /usr/local/inoculan
> inoculate /usr/lib/MailScanner/inoculate-wrapper /usr/local/av
> kaspersky /usr/lib/MailScanner/kaspersky-wrapper /opt/AVP
> kavdaemonclient /usr/lib/MailScanner/kavdaemonclient-wrapper /usr/local
> mcafee /usr/lib/MailScanner/mcafee-wrapper /usr/local/uvscan
> nod32-1.99 /usr/lib/MailScanner/nod32-wrapper /usr/local/nod32
> nod32 /usr/lib/MailScanner/nod32-wrapper /usr/local/nod32
> none /bin/false /tmp
> panda /usr/lib/MailScanner/panda-wrapper /usr
> rav /usr/lib/MailScanner/rav-wrapper /usr/local/rav8
> sophos /usr/lib/MailScanner/sophos-wrapper /usr/local/Sophos
> sophossavi /bin/false /tmp
> trend /usr/lib/MailScanner/trend-wrapper /pack/trend
> -----------end of /etc/MailScanner/virus.scanners.conf-----------------------------
>
> 六、【e-mail掃毒機制啟用】
> 1.先停止sendmail
> service sendmail stop
> 2.手動啟動Mailscanner
> service MailScanner start
> or /etc/rc.d/init.d/MailScanner start
> ●註:安裝完MailScanner後,MailScanner會於開機時自動執行。
> 執行 grep "MailScanner" /var/log/maillog 應該會看到下列訊息:
> Sep 6 04:25:08 virtualage MailScanner[6600]: MailScanner E-Mail Virus Scanner v
> ersion 4.23-11 starting...
> Sep 6 04:25:08 virtualage MailScanner[6600]: Using locktype = flock
> Sep 6 04:30:10 virtualage MailScanner[6560]: New Batch: Found 2 messages waitin
> g
> Sep 6 04:30:10 virtualage MailScanner[6560]: New Batch: Scanning 1 messages, 12
> 16 bytes
> Sep 6 04:30:12 virtualage MailScanner[2878]: New Batch: Found 2 messages waitin
> g
> Sep 6 04:30:12 virtualage MailScanner[2878]: New Batch: Scanning 1 messages, 13
> 57 bytes
> Sep 6 04:30:16 virtualage MailScanner[2878]: Virus and Content Scanning: Starti
> ng
> Sep 6 04:30:17 virtualage MailScanner[2878]: Uninfected: Delivered 1 messages
> 代表MailScanner已經開始發揮功能了。
> 七、【clamav病毒碼線上更新】
> clamav提供一個線上更新病毒碼的工具程式freshclam;有兩種方式可定時自動更新病毒碼:
> 首先先產生一個紀錄檔:
> # touch /var/log/clam-update.log
> # chmod 600 /var/log/clam-update.log
> # chown clamav /var/log/clam-update.log
> (1)daemon:# freshclam -d -c 2 -l /var/log/clam-update.log
> 將之寫進/etc/rc.d/rc.local於開機後自動以daemon方式一天檢查兩次。
> (2)crontab:
> 0 8 * * * /usr/local/bin/freshclam --quiet -l /var/log/clam-update.log
> 每天八點執行檢查。
> 八、【病毒攔截驗證】
>
> 〔圖一〕MailScanner攔截到病毒信件
>
> 〔圖二〕MailScanner於病毒信件的內容加註警告及說明
>
> -------------------附件中VirusWarning.txt的內容----------------------------
>
> This is a message from the MailScanner E-Mail Virus Protection Service
> ----------------------------------------------------------------------
> The original e-mail attachment "movie0045.pif"
> was believed to be infected by a virus and has been replaced by this warning
> message.
>
> If you wish to receive a copy of the *infected* attachment, please
> e-mail helpdesk and include the whole of this message
> in your request. Alternatively, you can call them, with
> the contents of this message to hand when you call.
>
> At Sat Sep 6 10:58:01 2003 the virus scanner said:
> ClamAV: movie0045.pif contains Worm.Sobig.F <<==ClamAV掃描到Sobig病毒
> MailScanner: Shortcuts to MS-Dos programs are very dangerous in email (movie0045.pif)
>
> Note to Help Desk: Look on the MailScanner in /var/spool/MailScanner/quarantine/20030906 (message h862vj0F011226).
> --
> Postmaster
> Mailscanner thanks transtec Computers for their support
>
>
>
> 〔圖三〕主機上每封e-mail的進出均有MailScanner把關
>
> 〔圖四〕一攔截到病毒信,MailScanner亦會通知管理者
>
> 文章出處:http://virtualage.homelinux.net/
>
> --
> ---
> 虛擬年代工作室
> http://virtualage.homelinux.net/
> Hot!!!免費email申請中!!!!
主題: [轉貼] Linux Solution -- Linux上無毒信箱的建立
作者: Guoway2003-10-07 16:15
這套還蠻好用的耶....可是他會擋掉html格式的網頁,不曉得去哪打開呢????這兩套軟體弄在一起還蠻亂的,找不到去哪做這方面的設定耶~~~~
主題: [轉貼] Linux Solution -- Linux上無毒信箱的建立
作者: jjchiou2003-11-29 21:42
在Mailscanner.conf 可將HTML Body在外部的信收入
clamav 主要是提供病毒碼(我用Macfee)
mailscanner預設每小時更新一次
主題: [轉貼] Linux Solution -- Linux上無毒信箱的建立
作者: elleryq2004-03-08 22:26
如果 MTA 是 postfix 的話
可以參考這篇
http://www.sng.ecs.soton.ac.uk/mailscanner/install/postfix.shtml
主題: 真是感恩..仍有小狀況要問一下
作者: samuelsun2004-03-26 15:42
個人依照您的說明一一往下做
一切都正常
直到grep的那個地方, 系統並沒有如您所說的顯示訊息, 心中有點怪怪
就是這個命令列
"執行 grep "MailScanner" /var/log/maillog 應該會看到下列訊息:"

再來就是
> (1)daemon:# freshclam -d -c 2 -l /var/log/clam-update.log
> 將之寫進/etc/rc.d/rc.local於開機後自動以daemon方式一天檢查兩次。
> (2)crontab:
> 0 8 * * * /usr/local/bin/freshclam --quiet -l /var/log/clam-update.log
的地方
第一、二行的冒號是全型還是半型
第08***是什麼意思..就是這幾個地方不懂
請您再指導一二......
                                                    感恩
主題: Mailscanner與clamav可以像sophos以常駐模式安裝嗎?
作者: yuchiao1682004-03-31 19:47
Mailscanner與clamav可以像sophos以常駐模式安裝嗎?


因為小弟認為這2套一起使用,效果不錯,小弟已經滿足了.
如果執行效率能夠再快一點,那就更好了. :)
主題: [轉貼] Linux Solution -- Linux上無毒信箱的建立
作者: jarrycho2004-04-08 11:02
學長~安裝mainscanner 時出現這個訊息:
Good. You have the patch command.

Your /usr/src/redhat,   /usr/src/RPM  or  /usr/src/packages
tree is missing.
If you have access to an RPM called rpm-build
install it first and come back and try again.

看上去是有些tree miss 了,是找不到可以配的rpm 程式嗎?
主題: [轉貼] Linux Solution -- Linux上無毒信箱的建立
作者: jarrycho2004-04-08 11:06
解決了~更新且加入了新的rpm 版本與module 後就可以了!感恩了!
試機囉~
主題: [轉貼] Linux Solution -- Linux上無毒信箱的建立
作者: jarrycho2004-04-12 14:26
引述: "Guoway"
這套還蠻好用的耶....可是他會擋掉html格式的網頁,不曉得去哪打開呢????這兩套軟體弄在一起還蠻亂的,找不到去哪做這方面的設定耶~~~~


如果您說的是html 的郵件會被判定為病毒的話,可試看看這行
silent viruses = ALL-Viruses ,原本設定還有加一句 HTML-Form
您試試看!不然就是這幾行:
Allow Partial Messages
Allow External Message Bodies
Allow IFrame Tags
Allow Form Tags
Allow Script Tags
Allow Object Codebase Tags
後面的設定值為 = yes or = no ,進了MailScanner 看看就知道了,這
是小弟試出來的結果喔!
主題: [轉貼] Linux Solution -- Linux上無毒信箱的建立
作者: kasl2004-06-06 20:04
請教一下 當我下 grep "MailScanner" /var/log/maillog
是跑出來
[root@server clamscan]# grep "MailScanner" /var/log/maillog
Jun  6 17:48:28 server MailScanner[12109]: MailScanner E-Mail Virus Scanner version 4.31.6 starting...
Jun  6 17:48:29 server MailScanner[12109]: Using locktype = flock
Jun  6 17:48:39 server MailScanner[12114]: MailScanner E-Mail Virus Scanner version 4.31.6 starting...
Jun  6 17:48:39 server MailScanner[12114]: Using locktype = flock
Jun  6 17:48:49 server MailScanner[12115]: MailScanner E-Mail Virus Scanner version 4.31.6 starting...
Jun  6 17:48:49 server MailScanner[12115]: Using locktype = flock
Jun  6 17:48:59 server MailScanner[12117]: MailScanner E-Mail Virus Scanner version 4.31.6 starting...
Jun  6 17:48:59 server MailScanner[12117]: Using locktype = flock
Jun  6 17:49:09 server MailScanner[12118]: MailScanner E-Mail Virus Scanner version 4.31.6 starting...
Jun  6 17:49:09 server MailScanner[12118]: Using locktype = flock
是沒有跑成功嗎 請問該如何解決呢 謝謝
主題: [轉貼] Linux Solution -- Linux上無毒信箱的建立
作者: 小穎2004-06-06 20:18
引述: "kasl"
請教一下 當我下 grep "MailScanner" /var/log/maillog
是跑出來
[root@server clamscan]# grep "MailScanner" /var/log/maillog
Jun  6 17:48:28 server MailScanner[12109]: MailScanner E-Mail Virus Scanner version 4.31.6 starting...
Jun  6 17:48:29 server MailScanner[12109]: Using locktype = flock
Jun  6 17:48:39 server MailScanner[12114]: MailScanner E-Mail Virus Scanner version 4.31.6 starting...
Jun  6 17:48:39 server MailScanner[12114]: Using locktype = flock
是沒有跑成功嗎 請問該如何解決呢 謝謝


用ps指令不就看的到了嗎?
這樣是代表MailScanner有成功跑起來!
主題: [轉貼] Linux Solution -- Linux上無毒信箱的建立
作者: zterry262005-08-03 10:54
感謝大大分享啦
謝謝
主題: [轉貼] Linux Solution -- Linux上無毒信箱的建立
作者: huanwei2005-08-04 18:17
請問一下我的都裝起來了,可是信一直收不到,看log的話有點看不懂,可不可以請各位幫小弟看一下
Aug  3 18:01:59 mx MailScanner[4462]: Using locktype = flock
Aug  3 18:03:02 mx postfix/smtpd[4463]: connect from ns1.wslpc.com.tw[210.192.12.156]
Aug  3 18:03:02 mx update.virus.scanners: Found clamav installed
Aug  3 18:03:02 mx update.virus.scanners: Running autoupdate for clamav
Aug  3 18:03:02 mx postfix/smtpd[4463]: BBC7627CC6: client=ns1.wslpc.com.tw[210.192.12.156]
Aug  3 18:03:02 mx postfix/cleanup[4490]: BBC7627CC6: hold: header Received: from ns1.wslpc.com.tw (ns1.wslpc.com.tw [210.192.12.156])??by mx.skevin.com (Postfix) with SMTP id BBC7627CC6??for <kevin@skevin.com>; Wed,  3 Aug 2005 18:03:02 +0800 (CST) from ns1.wslpc.com.tw[210.192.12.156]; from=<kevin@wslpc.com.tw> to=<kevin@skevin.com> proto=SMTP helo=<ns1.wslpc.com.tw>
Aug  3 18:03:02 mx postfix/cleanup[4490]: BBC7627CC6: message-id=<008c01c598dc$4426d5b0$05000100@kevin>
Aug  3 18:03:02 mx postfix/smtpd[4463]: disconnect from ns1.wslpc.com.tw[210.192.12.156]

看起來是不是被hold著了,因為也沒有被退信,我的postfix是用tarbll安裝的,還有什麼要注意的??謝謝
主題: [轉貼] Linux Solution -- Linux上無毒信箱的建立
作者: kayin2007-03-06 11:41
引述: "jarrycho"
學長~安裝mainscanner 時出現這個訊息:
Good. You have the patch command.

Your /usr/src/redhat,   /usr/src/RPM  or  /usr/src/packages
tree is missing.
If you have access to an RPM called rpm-build
install it first and come back and try again.

看上去是有些tree miss 了,是找不到可以配的rpm 程式嗎?

可以請問一下事如何解決的嗎?
我用 CentOS Linux 4.4 也出現相同問題,
麻煩知道的前輩能指導一下,謝謝.
主題: [轉貼] Linux Solution -- Linux上無毒信箱的建立
作者: jarrycho2007-03-06 12:53
引述: "kayin"
引述: "jarrycho"
學長~安裝mainscanner 時出現這個訊息:
Good. You have the patch command.

Your /usr/src/redhat,   /usr/src/RPM  or  /usr/src/packages
tree is missing.
If you have access to an RPM called rpm-build
install it first and come back and try again.

看上去是有些tree miss 了,是找不到可以配的rpm 程式嗎?

可以請問一下事如何解決的嗎?
我用 CentOS Linux 4.4 也出現相同問題,
麻煩知道的前輩能指導一下,謝謝.

Mailscanner 的安裝會用到rpmbuild、gcc ,您先查看看是否有安裝這些套件