Amavisd-new是邮件代理伺服器(MTA)和防毒软件之间的中介程式,搭配其他病毒扫描软件,如Clam Antivirus、Sophos Sweep等,就可以让邮件伺服器过滤含有病毒的邮件。
这套软件的安装比较复杂,因为防毒的需要,涉及到其他很多的模块,类似Rar 、Zip等等,在装Amavisd-new前一定要装好它们;
需要的模块分为两部份,下面分别列出。
一、外部的程式
compress,
nomarch (or arc),
arj (or unarj),
rar (or unrar),
zoo,
freeze (or unfreeze or melt),
在安装这些模块之前,可以用rpm -ihv来查询一下,你的Linux下面有没有自帶的,如果有,那最好不过了,可以跳过它来安装接下来模块。
如果没有,可以到这个网址上面去下载它的rpm包,网址:
http://dag.wieers.com/pack...,下载之后,直接安装它。也可以直接到它们自己的官方网站上下载。
因为compress没有rpm包,只能下载它的tar ball安装档案,所以跟其他的套件的安装方式不同,这里对它进行说明一下:
# wget
ftp://ftp.warwick.ac.uk/pu... 解压缩到/usr/local/src/compress(你也可以把它解压到你想要的目录里面或者你的~目录里,由你自己选择,这里以 /usr/local/src/compress 为例,没有什么特别的用意,纯属个人喜欢问题)
# mkdir /usr/local/src/compress
# tar -zxvf compress-4.0.1.tar.gz -C /usr/local/src/compress
# cd /usr/local/src/compress
# make
# make install
Ok安装完成。
假设你把以上所需套件都安装全了,我们接着往下进行Clamav相关套件的安装。
二、Clamav的安装
安装clamav-0.88.tar.gz
http://www.clamav.net/# /usr/sbin/groupadd clamav
# /usr/sbin/adduser -s /bin/false -c "Amavis User" -d /var/amavis amavis
# /usr/sbin/useradd -g clamav -s/bin/false -d/dev/null clamav
# wget
http://nchc.dl.sourceforge...# tar zxvf clamav-0.88.tar.gz
# cd clamav-0.88
# ./configure
# make
# make install
# mkdir /var/log/clamav
# chown –c clamav /var/log/clamav
# chgrp –c clamav /var/log/clamav
# vi /usr/local/etc/clamd.conf
========================================================
#Example 注释掉Example行
LogFile /var/log/clamav/clamd.log
LogFileMaxSize 1M
LogVerbose
LogTime
LocalSocket /tmp/clamav.socket
PidFile /var/run/clamav/clamd.pid
DatabaseDirectory /usr/local/share/clamav
MaxDirectoryRecursion 15
User amavis
ScanMail
ScanArchive
ClamukoMaxFileSize 6M
ArchiveMaxFileSize 10M
ArchiveMaxRecursion 5
ArchiveMaxFiles 1000
========================================================
# /usr/local/sbin/clamd ##启动 clamd 程序
编辑/usr/local/etc/freshclam.conf
# vi /usr/local/etc/freshclam.conf
========================================================
#Example 注释掉Example行
DatabaseDirectory /usr/local/share/clamav
UpdateLogFile /var/log/clamav/clamav-update.log
LogSyslog
LogVerbose
DatabaseOwner amavis
#Check for updates every two hours. That is the official recommendation
Checks 12
DatabaseMirror db.CN.clamav.net
DatabaseMirror database.clamav.net
NotifyClamd
========================================================
# chown –c amavis /var/log/clamav
# chown –c amavis /usr/local/share/clamav
# /usr/local/bin/freshclam ## 执行 Clamavs病毒库升级
3. 建立clamd的启动脚本:
# vi /etc/init.d/clamd
========================================================
#! /bin/bash
#
# crond Start/Stop the clam antivirus daemon.
#
# chkconfig: 2345 90 60
# description: clamdis a standard UNIX program that scans for Viruses.
# processname: clamd
# config: /usr/local/etc/clamd.conf
# pidfile: /var/run/clamav/clamd.pid
# Source function library.
. /etc/init.d/functions
RETVAL=0
# See how we were called.
prog="clamd"
progdir="/usr/local/sbin"
# Source configuration
if [ -f /etc/sysconfig/$prog ] ; then
. /etc/sysconfig/$prog
fi
start() {
echo -n $"Starting $prog: "
daemon $progdir/$prog
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && touch /var/run/clamav/clamd.pid
return $RETVAL
}
stop() {
echo -n $"Stopping $prog: "
killproc $prog
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && rm -f /var/run/clamav/clamd.pid
return $RETVAL
}
rhstatus() {
status clamd
}
restart() {
stop
start
}
reload() {
echo -n $"Reloading clam daemon configuration: "
killproc clamd -HUP
retval=$?
echo
return $RETVAL
}
case "$1" in
start)
start
;;
stop)
stop
;;
restart)
restart
;;
reload)
reload
;;
status)
rhstatus
;;
condrestart)
[ -f /var/lock/subsys/clamd ] && restart || :
;;
*)
echo $"Usage: $0 {start|stop|status|reload|restart|condrestart}"
exit 1
esac
exit 0
========================================================
设置 clamav 为自启动项
# chmod 755 /etc/init.d/clamd
# /sbin/chkconfig --add clamd
# /sbin/chkconfig clamd on
# clamscan -r test 对 test 文件夹进行病毒扫描
三、Perl相关套件的安装
Amavisd-new对Perl的依赖程度相当高,因为它本身大部份都是用Perl写成的包括它的执行档,透过它所需要的Perl模组就可以很清楚地知道了。
官方网站列出它所需的Perl模组,如下:
Archive::Tar (Archive-Tar-x.xx)
Archive::Zip (Archive-Zip-x.xx) (1.14 or later should be used!)
Compress::Zlib (Compress-Zlib-x.xx)
Convert::TNEF (Convert-TNEF-x.xx)
Convert::UUlib (Convert-UUlib-x.xxx) (stick to the new versions!)
MIME::Base64 (MIME-Base64-x.xx)
MIME::Parser (MIME-Tools-x.xxxx) (latest version from CPAN - currently 5.415)
Mail::Internet (MailTools-1.58 or later have workarounds for Perl 5.8.0 bugs)
Net::Server (Net-Server-x.xx)
Net::SMTP (libnet-x.xx) (use libnet-1.16 or latter for performance)
Digest::MD5 (Digest-MD5-x.xx)
IO::Stringy (IO-stringy-x.xxx)
Time::HiRes (Time-HiRes-x.xx) (use 1.49 or later, some older cause problems)
Unix::Syslog (Unix-Syslog-x.xxx)
BerkeleyDB with bdb library 3.2 or later (4.2 or later preferred)
这些是基本的模组,也就是说安装Amavisd-new前必需安装以下的Perl模组,少一个都不行。
我们可以透过Perl的CPAN方式来进行安装,先在终端机视窗里执行下面这条指令。
( 以下两个源文件安装包至关重要 !!!)
# wget
http://search.cpan.org/CPA...# tar zxvf Digest-MD5-2.33.tar.gz
# cd Digest-MD5-2.33
# export LC_ALL=C
# echo ${LC_ALL}
C
# perl Makefile.PL
# make
# make install
# wget
http://search.cpan.org/CPA...# tar zxvf Time-HiRes-1.82.tar.gz
# cd Time-HiRes-1.82
# perl Makefile.PL
# make
# make install
# /usr/bin/perl -MCPAN -e shell ## 在安装前确定你的系统语言不是UTF-8
Warning [/etc/inputrc line 11]:
Invalid variable `mark-symlinked-directories'
cpan shell -- CPAN exploration and modules installation (v1.7601)
ReadLine support enabled
cpan>
而后安装以上所列出来的模块
cpan> install Archive::Tar
cpan> install Archive::Zip
cpan> install Compress::Zlib ( 系统已安装,可忽略 )
cpan> install Convert::TNEF
cpan> install Convert::UUlib
cpan> install MIME::Base64 ( 系统已安装,可忽略 )
cpan> install MIME::Parser ( 系统已安装,可忽略 )
cpan> install Mail::Internet ( 系统已安装,可忽略 )
cpan> install Net::Server
cpan> install Net::SMTP
cpan> install Digest::MD5 ( 系统已安装,可忽略 )
cpan> install IO::Stringy ( 系统已安装,可忽略 )
cpan> install Time::HiRes ( 系统已安装,可忽略 )
cpan> install Unix::Syslog
cpan> install BerkeleyDB
cpan> install Digest::SHA1
cpan> install DBI
cpan> install DB_File
cpan> install Net::DNS
cpan> install IP::Country
============ 可选安装项 ======================
cpan> install Mail::SPF::Query ( NOT OK )
cpan> install Razor2 ( skip )
cpan> install Net::Ident ( NOT OK )
cpan> install IO::Socket::INET6 ( skip )
cpan> install IO::Socket::SSL ( skip )
============ 可选安装项 ======================
cpan> install Mail::SpamAssassin
cpan> exit
四、安装与设定Amavisd-new
在安装完需要的套件之后,我们就可以安装Amavisd-new了。
首先在
http://www.ijs.si/software...这里下载最新版的Amavisd-new,我这里用的版本是2.3.3,
所以我下载下来的档案是amavisd-new-2.3.3.tar.gz。
我把它解压到了/usr/local/src/,解压前它自动在/usr/local/src里面创建了一个叫做amavisd-new-2.3.3的文件夹,
所有解压出来的文件都放在里面了。
# tar xzvf amavisd-new-2.3.3.tar.gz
接着在它的家目录里,建立四个子目录,在配置Amavisd-new时需要用到它们:
# mkdir /var/amavis/tmp /var/amavis/var /var/amavis/db /var/amavis/home
为了系统与套件的安全性,不能让那些普通用户去读写/var/amavis,需要把/var/amavis设定为只有amavis拥有读写权限,
也就是把/var/amavis的拥有者设为amavis即可,执行如下的命令:
# chown -R amavis:amavis /var/amavis
# chmod -R 750 /var/amavis
假设你现在不在/usr/local/src/amavisd-new-2.3.3下面,我们用下面的命令进到里面去:
# cd /usr/local/src/amavisd-new-2.3.3
把里面的amavisd档案复制到/usr/local/sbin里面
# cp amavisd /usr/local/sbin/
并且为了提高它的安全性,需要设为只有超级管理员才可以读取它,因为这个档案是用Perl写成的,可以用一般的文字编辑器浏览它。
# chown root /usr/local/sbin/amavisd
赋给它可执行的属性
# chmod 755 /usr/local/sbin/amavisd
把Amavisd-new的配置文件amavisd.conf复制到/etc下面,以方便套件在运行时载入它。
# cp amavisd.conf /etc/
把/etc/amavisd.conf的拥有者设为root
# chown root /etc/amavisd.conf
改变它的文件属性
# chmod 644 /etc/amavisd.conf
设置 amavisd 为自启动项
# cp amavisd_init.sh /etc/init.d/amavisd
# chmod 744 /etc/init.d/amavisd
# /sbin/chkconfig --add amavisd
# /sbin/chkconfig amavisd on
# vi /etc/init.d/amavisd
prog="/usr/local/sbin/amavisd"
创建一个文件夹,用于在amavisd扫描到病毒时,把感染病毒的邮件放进去进行隔离;它也可以用来存贮垃圾邮件。
# mkdir /var/virusmails
改变 /var/virusmails的拥有者
# chown amavis:amavis /var/virusmails
改变 /var/virusmails的属性
# chmod 750 /var/virusmails
现在我们现再来编辑amavisd-new的配置文件,用你习惯的文字编辑器打开
# vi /etc/amavisd.conf
======================================================
$max_servers = 8;
$daemon_user = 'amavis';
$daemon_group = 'amavis';
$mydomain = 'test.com'; 设置域名
$MYHOME = '/var/amavis';
$TEMPBASE = "$MYHOME/tmp";
$QUARANTINEDIR = '/var/virusmails';
$db_home = "$MYHOME/db";
$helpers_home = "$MYHOME/var";
$pid_file = "$MYHOME/var/amavisd.pid";
$lock_file = "$MYHOME/var/amavisd.lock";
$inet_socket_port = 10024;
$sa_spam_subject_tag = '***SPAM*** ';
$notify_method = $forward_method;
$forward_method = 'smtp:127.0.0.1:10025';
$final_virus_destiny = D_DISCARD;
$final_banned_destiny = D_DISCARD;
$final_spam_destiny = D_DISCARD;
( D_DISCARD表示丢弃,D_BOUNCE表示后来弹回信息, D_REJECT表示阻止,D_PASS表示允许通过 )
['ClamAV-clamd',
\&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd"],
qr/\bOK$/, qr/\bFOUND$/,
qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
=======================================================
到现在为止,这个程式安装的差不多了,现在可以执行它来看看测试信息。如下面指令:
# /usr/local/sbin/amavisd -u amavis debug
Apr 12 20:20:17 mail.js.act-cn.com /usr/sbin/amavisd[3911]: Net::Server: Parent ready for children.
Apr 12 20:20:17 mail.js.act-cn.com /usr/sbin/amavisd[3912]: TIMING [total 113 ms] - bdb-open: 113 (100%), rundown: 0 (0%)
Apr 12 20:20:17 mail.js.act-cn.com /usr/sbin/amavisd[3913]: TIMING [total 96 ms] - bdb-open: 96 (100%), rundown: 0 (0%)
出现以上最后面两句信息时,一般来说表示套件安装成功。
启动 clamd 和 amavis
# /usr/local/sbin/clamd
# /usr/local/sbin/amavisd –u amavis start
用下面的指令来测试:
#telnet 127 .0.0.1 10024
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
220 [127.0.0.1] ESMTP amavisd-new service ready
如果你的终端机里面出现以上信息,那你的这个套件就安装成功了。
五、配置Postfix与Amavisd-new,实现过滤病毒邮件。
用编辑器打开你postfix的master.cf档案,在最后加入下面的语句,你最好用复制的方法,下面的语句贴到你的master.cf档案里,以减小手动输入时产生的错误,
语句如下:
smtp-amavis unix - - n - 2 smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
-o disable_dns_lookups=yes
-o max_use=40
127.0.0.1:10025 inet n - n - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o strict_rfc821_envelopes=yes
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
-o smtpd_client_connection_count_limit=0
-o smtpd_client_connection_rate_limit=0
-o receive_override_options=no_header_body_checks,no_unknown_recipient_checks
保存配置文件,退出编辑器,而后再编辑postfix的另外一个配置文件main.cf,在里面增加一句指令,这句指令如下:
content_filter=smtp-amavis:[127.0.0.1]:10024
重新载入postfix的配置文件
#/etc/init.d/postfix reload.
执行如下的测试指令
#telnet 127.0.0.1 10025
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
220 yourhost.example.com ESMTP Postfix
--> quit
221 Bye
Connection closed by foreign host.
如果出现了上面的信息就表示程式配置成功,可以使用它了。
如果你还想进一步测式看看你的邮件伺服器是否真的会通过amavisd-new来扫描病毒,就需要执行下面的测试。
测试病毒扫描
使用其他邮件系统用户给该系统的用户发送邮件,包含以下内容:
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
如果这个用户能够收到有病度提示的邮件说明病毒过滤已经成功!
邮件病毒扫描日志将被记录在/var/log/clamav/clamav.log中!
-> $ telnet 127.0.0.1 10024
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
220 [127.0.0.1] ESMTP amavisd-new service ready
--> MAIL FROM:
250 2.1.0 Sender test@example.com OK
--> RCPT TO:
250 2.1.5 Recipient postmaster OK
--> DATA
354 End data with .
--> Subject: test1
-->
--> test1
--> .
*** 250 2.6.0 Ok, id=31859-01, from MTA: 250 Ok: queued as 90B7F16F
--> MAIL FROM:
250 2.1.0 Sender test@example.com OK
--> RCPT TO:
250 2.1.5 Recipient postmaster OK
--> DATA
354 End data with .
--> Subject: test2 - virus test pattern
-->
--> X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
--> .
you should get one of the following replies (or similar), depending on
the $final_virus_destiny and *virus_lovers* settings in amavisd.conf:
*** 550 5.7.1 Message content rejected, id=16968-01 - VIRUS: EICAR-AV-Test
*** 250 2.5.0 Ok, but 1 BOUNCE
*** 250 2.7.1 Ok, discarded, id=16984-01 - VIRUS: EICAR-AV-Test
*** 250 2.6.0 Ok, id=17041-01, from MTA: 250 Ok: queued as 3F1841A5F5
--> QUIT
221 2.0.0 [127.0.0.1] (amavisd) closing transmission channel
Connection closed by foreign host.
如果得到上面的信息,那么恭喜你了,你的病毒扫描程式运行很顺畅。
=============== 给 amavis 打补丁 ========================
# cd /usr/local/src/amavisd-new-2.3.3
# patch -p0 patching file amavisd
patching file amavisd.conf-sample
amavisd-new-courier.patch 这个补丁的作用是,stop amavis时关闭uvsan.如果不打补丁,当你amavis stop后,10024没有被释放。
再次启动amavis会提示你有程序正在使用10024端口。
=======================================================================================
六、安装Spamassassin 3.0.3
前面装amavis的时候已经装好了,如果没装,请按如下方式安装
# perl -MCPAN -e shell
cpan>; install HTML:Parser
cpan>; install DB_File
cpan>; install Net:DNS (when prompted to enable tests, choose no)
cpan>; install Digest::SHA1
cpan>; install Mail::SpamAssassin
# vi /etc/mail/spamassassin/local.cf (修改后不用重新启动 SpamAssassin,立即生效)
report_safe 0
use_bayes 1
bayes_path /var/amavisd/.spamassassin/bayes
bayes_auto_learn 1
skip_rbl_checks 0
use_razor2 1
use_dcc 1
use_pyzor 1
# 是否能够进行 DNS 查询。直接设定为 yes 将有效加快 amavis 的启动速度
dns_available yes
# 检查是否为由内部网络所寄出的信件。
# 若是,则永远不判断为垃圾邮件。(评分减 50 分)
# 其中的 example.net 请替换成您的 Domain Name..
header LOCAL_RCVD Received =~ /.*\(\S+\.domain\.com\s+\[.*\]\)/
describe LOCAL_RCVD Received from local machine
score LOCAL_RCVD -50
# 垃圾邮件计分规则
score DCC_CHECK 4.000
score SPF_FAIL 10.000
score SPF_HELO_FAIL 10.000
score RAZOR2_CHECK 2.500
score BAYES_99 4.300
score BAYES_90 3.500
score BAYES_80 3.000
新建文件/var/amavisd/.spamassassin/user_prefs
# touch /var/amavis/.spamassassin/user_prefs
检查local.cf语法
# spamassassin --lint
bayes(计划中)
启动spamd
# /usr/bin/spamd --daemonize --pidfile /var/run/spamd.pid
下载中文垃圾垃圾邮件过滤规则Chinese_rules.cf
# wget -N -P /usr/share/spamassassin www.ccert.edu.cn/spam/sa/C...
# ps –ef | grep spamd
察看spamd进程的PID,然后
# kill -HUP PID
#!/bin/sh
#
# Startup / shutdown script for SpamAssassin daemon
case "$1" in
start)
/usr/bin/spamd -d -v -u vpopmail -F 0 && echo -n 'spamd'
;;
stop)
spamdpid=`ps -ax | grep spamd | grep -v grep | grep -v sh | awk '{ print $1 }'`
if [ "$spamdpid" != "" ]; then
kill $spamdpid > /dev/null 2>&1
echo -n " spamd"
fi
;;
*)
echo "Usage: `basename $0` {start|stop}" >&2
;;
esac
exit 0
自动更新中文垃圾垃圾邮件过滤规则
# vi /etc/crontab (加一行)
0 0 1 * * root wget -N -P /usr/share/spamassassin www.ccert.edu.cn/spam/sa/C... -HUP `cat /var/run/spamd.pid`
测试病毒扫描
使用其他邮件系统用户给该系统的用户发送邮件,包含以下内容:
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
如果这个用户能够收到有病度提示的邮件说明病毒过滤已经成功!
邮件病毒扫描日志将被记录在/var/log/clamav/clamav.log中!
测试垃圾邮件扫描
使用其他邮件系统用户给该系统的用户发送邮件,包含以下内容:
XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X
然后查看邮件日志看看,发出的邮件是否被BOUNCE或DISCARD了
建立maildrop过滤脚本(如果你使用amavisd-new来对spamassassin进行操作的话,跳过该项)
# vi /etc/maildroprc
if ( $SIZE < 26144 )
{
exception {
xfilter "/usr/bin/spamassassin"
}
}
if (/^X-Spam-Flag: *YES/)
{
exception {
to "$HOME$DEFAULT/.Spam/"
}
}
else
{
exception {
to "$HOME$DEFAULT"
}
}