Blog <- ERNY

Erny Blog

"衡山飛狐" 撰寫於郵件 news:0BJGLFH$0001I40$1@bbs.openfind.com.tw...
> Linux Solution -- Linux上無毒信箱的建立
> 作者：衡山飛狐 flyfox@virtualage.homelinux.net
>
> 一、【前言】
> e-mail已成為網路上非常便利的通訊方式，但是隨著愈來愈多的電子郵件往來，更造就了『電子郵件病毒(e-mail virus)』的猖獗肆虐。根據統計；電子郵件已躍升為電腦病毒最主要的傳播媒介。據總部位於英國的企業防毒保護廠商Sophos的統計，2002年十大電腦病毒的前九名都是以大量擴散電子郵件的Windows 32病蟲為主，而有高達87%的電腦病毒是透過電子郵件散播。因此建立一個無毒的電子郵件環境，可有效阻絕個人和企業遭受大部份電腦病毒的侵襲。
> 由於大部份Server端的掃毒方案多有版權或授權上的問題，此篇介紹的MailScanner+Clamav整體效能相當不錯；而採用的Clamav病毒碼資料庫為OpenAntiVirus的GPL授權，且能自動線上更新，算是相當不錯的Server端的掃毒方案。
> 二、【軟體】
> clamav：http://virtualage.homelinux.net/DownLoad/Linux/clamav/clamav-0.60.tar.gz
> MailScanner：http://virtualage.homelinux.net/DownLoad/Linux/MailScanner/MailScanner-4.23-11.rpm.tar.gz
> 三、【軟體說明】
> clamav
> 為一Virus Scanner 病毒掃瞄程式，Multi-thread，以 C 寫成，使用來自於OpenAntiVirus 的病毒碼，授權方式為GPL。
> http://clamav.elektrapro.com/
> MailScanner
> 為一功能強大且免費的郵件病毒及廣告信過濾器，授權方式為GPL。。
> http://www.mailscanner.info
> 四、【環境】
> RedHat 9.0 (shrike)
> sendmail-8.12.8-5.90
> 五、【安裝】
> (1).安裝clamav
> 1.下載clamav-0.60.tar.gz
> 2.[root@virtualage clamav]#tar zxvf clamav-0.60.tar.gz
> [root@virtualage clamav]#cd clamav-0.60
> [root@virtualage clamav-0.60]#groupadd clamav
> [root@virtualage clamav-0.60]#useradd -g clamav -s /bin/false -c "Clam AntiVirus" clamav
> [root@virtualage clamav-0.60]#./configure
> [root@virtualage clamav-0.60]#make
> [root@virtualage clamav-0.60]#make install
> 3.修改clamav.conf設定：
> [root@virtualage clamav-0.60]#vi /etc/clamav.conf
> 找到如下部份(第7,8行)，並將其內容：
> -----------------/etc/clamav.conf--------------------
> # Comment or remove the line below.
> Example
> ----------------------------------------------------------
> 改成
> -----------------/etc/clamav.conf--------------------
> # Comment or remove the line below.
> # Example
> ----------------------------------------------------------
> 4.測試clamav是否work；
> [root@virtualage clamav-0.60]#clamscan ./
> 會得到如下結果：
>
> //FAQ: OK
> //BUGS: OK
> //NEWS: OK
> //TODO: OK
> //depcomp: OK
> //aclocal.m4: OK
> //README: OK
> //ltmain.sh: OK
> //configure: OK
> //configure.in: OK
> //config.guess: OK
> //install-sh: OK
> //config.sub: OK
> //missing: OK
> //mkinstalldirs: OK
> //Makefile.am: OK
> //Makefile.in: OK
> //acinclude.m4: OK
> //AUTHORS: OK
> //INSTALL: OK
> //ChangeLog: OK
> //COPYING: OK
> //config.log: OK
> //target.h: OK
> //config.status: OK
> //Makefile: OK
> //libtool: OK
>
> ----------- SCAN SUMMARY -----------
> Known viruses: 9567
> Scanned directories: 1
> Scanned files: 27
> Infected files: 0
> Data scanned: 1.12 Mb
> I/O buffer size: 131072 bytes
> Time: 1.605 sec (0 m 1 s)
>
> 如果沒出現錯誤訊息，代表clamav已可正常work了，由於本篇主要探討與MailScanner之間的配合，詳細的clamav用法請參考：
> http://virtualage.homelinux.net/DownLoad/Linux/clamav/clamdoc.pdf
>
> (2).安裝MailScanner
> 1.下載MailScanner-4.23-11.rpm.tar.gz
> 2.[root@virtualage MailScanner]#tar zxvf MailScanner-4.23-11.rpm.tar.gz
> [root@virtualage MailScanner]#cd MailScanner-4.23-11
> [root@virtualage MailScanner-4.23-11]#./install.sh
> 安裝程式可能會要求您先執行Update-MakeMaker.sh
> [root@virtualage MailScanner-4.23-11]#./Update-MakeMaker.sh
> 然後再執行一次install.sh
> [root@virtualage MailScanner-4.23-11]#./install.sh
> 靜待程式安裝完畢即完成安裝。
> 3.修改MailScanner.conf設定：
> [root@virtualage MailScanner-4.23-11]#cd /etc/MailScanner
> [root@virtualage MailScanner]#cp MailScanner.conf MailScanner.conf.000
> [root@virtualage MailScanner]#vi MailScanner.conf
> 找到如下部份，並將其內容：
> --------------------/etc/MailScanner/MailScanner.conf-----------------
> %org-name% = yoursite 改成 %org-name% = virtualage(舉例)
> Virus Scanners = none 改成 Virus Scanners = clamav(指定用clamav為掃毒引擎)
> ----------------------------------------------------------------------
> ●註：本版MailScanner支援下列掃毒引擎：
> ----------------/etc/MailScanner/virus.scanners.conf-----------------------------
> # This is a list of the names of the virus scanning engines, along with the
> # filename of the command or script to run to invoke each one.
> antivir /usr/lib/MailScanner/antivir-wrapper /usr/lib/AntiVir
> bitdefender /usr/lib/MailScanner/bitdefender-wrapper /usr/local/bd7
> clamav /usr/lib/MailScanner/clamav-wrapper /usr/local
> command /usr/lib/MailScanner/command-wrapper /usr
> etrust /usr/lib/MailScanner/etrust-wrapper /opt/eTrustAntivirus
> f-prot /usr/lib/MailScanner/f-prot-wrapper /usr/local/f-prot
> f-secure /usr/lib/MailScanner/f-secure-wrapper /opt/f-secure/fsav
> inoculan /usr/lib/MailScanner/inoculan-wrapper /usr/local/inoculan
> inoculate /usr/lib/MailScanner/inoculate-wrapper /usr/local/av
> kaspersky /usr/lib/MailScanner/kaspersky-wrapper /opt/AVP
> kavdaemonclient /usr/lib/MailScanner/kavdaemonclient-wrapper /usr/local
> mcafee /usr/lib/MailScanner/mcafee-wrapper /usr/local/uvscan
> nod32-1.99 /usr/lib/MailScanner/nod32-wrapper /usr/local/nod32
> nod32 /usr/lib/MailScanner/nod32-wrapper /usr/local/nod32
> none /bin/false /tmp
> panda /usr/lib/MailScanner/panda-wrapper /usr
> rav /usr/lib/MailScanner/rav-wrapper /usr/local/rav8
> sophos /usr/lib/MailScanner/sophos-wrapper /usr/local/Sophos
> sophossavi /bin/false /tmp
> trend /usr/lib/MailScanner/trend-wrapper /pack/trend
> -----------end of /etc/MailScanner/virus.scanners.conf-----------------------------
>
> 六、【e-mail掃毒機制啟用】
> 1.先停止sendmail
> service sendmail stop
> 2.手動啟動Mailscanner
> service MailScanner start
> or /etc/rc.d/init.d/MailScanner start
> ●註：安裝完MailScanner後，MailScanner會於開機時自動執行。
> 執行 grep "MailScanner" /var/log/maillog 應該會看到下列訊息：
> Sep 6 04:25:08 virtualage MailScanner[6600]: MailScanner E-Mail Virus Scanner v
> ersion 4.23-11 starting...
> Sep 6 04:25:08 virtualage MailScanner[6600]: Using locktype = flock
> Sep 6 04:30:10 virtualage MailScanner[6560]: New Batch: Found 2 messages waitin
> g
> Sep 6 04:30:10 virtualage MailScanner[6560]: New Batch: Scanning 1 messages, 12
> 16 bytes
> Sep 6 04:30:12 virtualage MailScanner[2878]: New Batch: Found 2 messages waitin
> g
> Sep 6 04:30:12 virtualage MailScanner[2878]: New Batch: Scanning 1 messages, 13
> 57 bytes
> Sep 6 04:30:16 virtualage MailScanner[2878]: Virus and Content Scanning: Starti
> ng
> Sep 6 04:30:17 virtualage MailScanner[2878]: Uninfected: Delivered 1 messages
> 代表MailScanner已經開始發揮功能了。
> 七、【clamav病毒碼線上更新】
> clamav提供一個線上更新病毒碼的工具程式freshclam；有兩種方式可定時自動更新病毒碼：
> 首先先產生一個紀錄檔：
> # touch /var/log/clam-update.log
> # chmod 600 /var/log/clam-update.log
> # chown clamav /var/log/clam-update.log
> (1)daemon：# freshclam -d -c 2 -l /var/log/clam-update.log
> 將之寫進/etc/rc.d/rc.local於開機後自動以daemon方式一天檢查兩次。
> (2)crontab：
> 0 8 * * * /usr/local/bin/freshclam --quiet -l /var/log/clam-update.log
> 每天八點執行檢查。
> 八、【病毒攔截驗證】
>
> 〔圖一〕MailScanner攔截到病毒信件
>
> 〔圖二〕MailScanner於病毒信件的內容加註警告及說明
>
> -------------------附件中VirusWarning.txt的內容----------------------------
>
> This is a message from the MailScanner E-Mail Virus Protection Service
> ----------------------------------------------------------------------
> The original e-mail attachment "movie0045.pif"
> was believed to be infected by a virus and has been replaced by this warning
> message.
>
> If you wish to receive a copy of the *infected* attachment, please
> e-mail helpdesk and include the whole of this message
> in your request. Alternatively, you can call them, with
> the contents of this message to hand when you call.
>
> At Sat Sep 6 10:58:01 2003 the virus scanner said:
> ClamAV: movie0045.pif contains Worm.Sobig.F <<==ClamAV掃描到Sobig病毒
> MailScanner: Shortcuts to MS-Dos programs are very dangerous in email (movie0045.pif)
>
> Note to Help Desk: Look on the MailScanner in /var/spool/MailScanner/quarantine/20030906 (message h862vj0F011226).
> --
> Postmaster
> Mailscanner thanks transtec Computers for their support
>
>
>
> 〔圖三〕主機上每封e-mail的進出均有MailScanner把關
>
> 〔圖四〕一攔截到病毒信，MailScanner亦會通知管理者
>
> 文章出處：http://virtualage.homelinux.net/

星期五, 4月 30, 2004

星期四, 4月 29, 2004

星期三, 4月 28, 2004

星期二, 4月 27, 2004

星期一, 4月 26, 2004

星期日, 4月 25, 2004

星期五, 4月 23, 2004

星期四, 4月 22, 2004

星期三, 4月 21, 2004

星期二, 4月 20, 2004

星期一, 4月 19, 2004

星期日, 4月 18, 2004

星期六, 4月 17, 2004

星期五, 4月 16, 2004

星期三, 4月 14, 2004

星期二, 4月 13, 2004