這篇文章來自於 酷!學園 的拾人牙慧區
算是最近linux平台上針對mail server的防毒機制處理的比較好的文章之一
"衡山飛狐" 撰寫於郵件 news:0BJGLFH$0001I40$1@bbs.openfind.com.tw...
> Linux Solution -- Linux上無毒信箱的建立
> 作者:衡山飛狐 flyfox@virtualage.homelinux.net
>
> 一、【前言】
> e-mail已成為網路上非常便利的通訊方式,但是隨著愈來愈多的電子郵件往來,更造就了『電子郵件病毒(e-mail virus)』的猖獗肆虐。根據統計;電子郵件已躍升為電腦病毒最主要的傳播媒介。據總部位於英國的企業防毒保護廠商Sophos的統計,2002年十大電腦病毒的前九名都是以大量擴散電子郵件的Windows 32病蟲為主,而有高達87%的電腦病毒是透過電子郵件散播。因此建立一個無毒的電子郵件環境,可有效阻絕個人和企業遭受大部份電腦病毒的侵襲。
> 由於大部份Server端的掃毒方案多有版權或授權上的問題,此篇介紹的MailScanner+Clamav整體效能相當不錯;而採用的Clamav病毒碼資料庫為OpenAntiVirus的GPL授權,且能自動線上更新,算是相當不錯的Server端的掃毒方案。
> 二、【軟體】
> clamav:http://virtualage.homelinux.net/DownLoad/Linux/clamav/clamav-0.60.tar.gz
> MailScanner:http://virtualage.homelinux.net/DownLoad/Linux/MailScanner/MailScanner-4.23-11.rpm.tar.gz
> 三、【軟體說明】
> clamav
> 為一Virus Scanner 病毒掃瞄程式,Multi-thread,以 C 寫成,使用來自於OpenAntiVirus 的病毒碼,授權方式為GPL。
> http://clamav.elektrapro.com/
> MailScanner
> 為一功能強大且免費的郵件病毒及廣告信過濾器,授權方式為GPL。。
> http://www.mailscanner.info
> 四、【環境】
> RedHat 9.0 (shrike)
> sendmail-8.12.8-5.90
> 五、【安裝】
> (1).安裝clamav
> 1.下載clamav-0.60.tar.gz
> 2.[root@virtualage clamav]#tar zxvf clamav-0.60.tar.gz
> [root@virtualage clamav]#cd clamav-0.60
> [root@virtualage clamav-0.60]#groupadd clamav
> [root@virtualage clamav-0.60]#useradd -g clamav -s /bin/false -c "Clam AntiVirus" clamav
> [root@virtualage clamav-0.60]#./configure
> [root@virtualage clamav-0.60]#make
> [root@virtualage clamav-0.60]#make install
> 3.修改clamav.conf設定:
> [root@virtualage clamav-0.60]#vi /etc/clamav.conf
> 找到如下部份(第7,8行),並將其內容:
> -----------------/etc/clamav.conf--------------------
> # Comment or remove the line below.
> Example
> ----------------------------------------------------------
> 改成
> -----------------/etc/clamav.conf--------------------
> # Comment or remove the line below.
> # Example
> ----------------------------------------------------------
> 4.測試clamav是否work;
> [root@virtualage clamav-0.60]#clamscan ./
> 會得到如下結果:
>
> //FAQ: OK
> //BUGS: OK
> //NEWS: OK
> //TODO: OK
> //depcomp: OK
> //aclocal.m4: OK
> //README: OK
> //ltmain.sh: OK
> //configure: OK
> //configure.in: OK
> //config.guess: OK
> //install-sh: OK
> //config.sub: OK
> //missing: OK
> //mkinstalldirs: OK
> //Makefile.am: OK
> //Makefile.in: OK
> //acinclude.m4: OK
> //AUTHORS: OK
> //INSTALL: OK
> //ChangeLog: OK
> //COPYING: OK
> //config.log: OK
> //target.h: OK
> //config.status: OK
> //Makefile: OK
> //libtool: OK
>
> ----------- SCAN SUMMARY -----------
> Known viruses: 9567
> Scanned directories: 1
> Scanned files: 27
> Infected files: 0
> Data scanned: 1.12 Mb
> I/O buffer size: 131072 bytes
> Time: 1.605 sec (0 m 1 s)
>
> 如果沒出現錯誤訊息,代表clamav已可正常work了,由於本篇主要探討與MailScanner之間的配合,詳細的clamav用法請參考:
> http://virtualage.homelinux.net/DownLoad/Linux/clamav/clamdoc.pdf
>
> (2).安裝MailScanner
> 1.下載MailScanner-4.23-11.rpm.tar.gz
> 2.[root@virtualage MailScanner]#tar zxvf MailScanner-4.23-11.rpm.tar.gz
> [root@virtualage MailScanner]#cd MailScanner-4.23-11
> [root@virtualage MailScanner-4.23-11]#./install.sh
> 安裝程式可能會要求您先執行Update-MakeMaker.sh
> [root@virtualage MailScanner-4.23-11]#./Update-MakeMaker.sh
> 然後再執行一次install.sh
> [root@virtualage MailScanner-4.23-11]#./install.sh
> 靜待程式安裝完畢即完成安裝。
> 3.修改MailScanner.conf設定:
> [root@virtualage MailScanner-4.23-11]#cd /etc/MailScanner
> [root@virtualage MailScanner]#cp MailScanner.conf MailScanner.conf.000
> [root@virtualage MailScanner]#vi MailScanner.conf
> 找到如下部份,並將其內容:
> --------------------/etc/MailScanner/MailScanner.conf-----------------
> %org-name% = yoursite 改成 %org-name% = virtualage(舉例)
> Virus Scanners = none 改成 Virus Scanners = clamav(指定用clamav為掃毒引擎)
> ----------------------------------------------------------------------
> ●註:本版MailScanner支援下列掃毒引擎:
> ----------------/etc/MailScanner/virus.scanners.conf-----------------------------
> # This is a list of the names of the virus scanning engines, along with the
> # filename of the command or script to run to invoke each one.
> antivir /usr/lib/MailScanner/antivir-wrapper /usr/lib/AntiVir
> bitdefender /usr/lib/MailScanner/bitdefender-wrapper /usr/local/bd7
> clamav /usr/lib/MailScanner/clamav-wrapper /usr/local
> command /usr/lib/MailScanner/command-wrapper /usr
> etrust /usr/lib/MailScanner/etrust-wrapper /opt/eTrustAntivirus
> f-prot /usr/lib/MailScanner/f-prot-wrapper /usr/local/f-prot
> f-secure /usr/lib/MailScanner/f-secure-wrapper /opt/f-secure/fsav
> inoculan /usr/lib/MailScanner/inoculan-wrapper /usr/local/inoculan
> inoculate /usr/lib/MailScanner/inoculate-wrapper /usr/local/av
> kaspersky /usr/lib/MailScanner/kaspersky-wrapper /opt/AVP
> kavdaemonclient /usr/lib/MailScanner/kavdaemonclient-wrapper /usr/local
> mcafee /usr/lib/MailScanner/mcafee-wrapper /usr/local/uvscan
> nod32-1.99 /usr/lib/MailScanner/nod32-wrapper /usr/local/nod32
> nod32 /usr/lib/MailScanner/nod32-wrapper /usr/local/nod32
> none /bin/false /tmp
> panda /usr/lib/MailScanner/panda-wrapper /usr
> rav /usr/lib/MailScanner/rav-wrapper /usr/local/rav8
> sophos /usr/lib/MailScanner/sophos-wrapper /usr/local/Sophos
> sophossavi /bin/false /tmp
> trend /usr/lib/MailScanner/trend-wrapper /pack/trend
> -----------end of /etc/MailScanner/virus.scanners.conf-----------------------------
>
> 六、【e-mail掃毒機制啟用】
> 1.先停止sendmail
> service sendmail stop
> 2.手動啟動Mailscanner
> service MailScanner start
> or /etc/rc.d/init.d/MailScanner start
> ●註:安裝完MailScanner後,MailScanner會於開機時自動執行。
> 執行 grep "MailScanner" /var/log/maillog 應該會看到下列訊息:
> Sep 6 04:25:08 virtualage MailScanner[6600]: MailScanner E-Mail Virus Scanner v
> ersion 4.23-11 starting...
> Sep 6 04:25:08 virtualage MailScanner[6600]: Using locktype = flock
> Sep 6 04:30:10 virtualage MailScanner[6560]: New Batch: Found 2 messages waitin
> g
> Sep 6 04:30:10 virtualage MailScanner[6560]: New Batch: Scanning 1 messages, 12
> 16 bytes
> Sep 6 04:30:12 virtualage MailScanner[2878]: New Batch: Found 2 messages waitin
> g
> Sep 6 04:30:12 virtualage MailScanner[2878]: New Batch: Scanning 1 messages, 13
> 57 bytes
> Sep 6 04:30:16 virtualage MailScanner[2878]: Virus and Content Scanning: Starti
> ng
> Sep 6 04:30:17 virtualage MailScanner[2878]: Uninfected: Delivered 1 messages
> 代表MailScanner已經開始發揮功能了。
> 七、【clamav病毒碼線上更新】
> clamav提供一個線上更新病毒碼的工具程式freshclam;有兩種方式可定時自動更新病毒碼:
> 首先先產生一個紀錄檔:
> # touch /var/log/clam-update.log
> # chmod 600 /var/log/clam-update.log
> # chown clamav /var/log/clam-update.log
> (1)daemon:# freshclam -d -c 2 -l /var/log/clam-update.log
> 將之寫進/etc/rc.d/rc.local於開機後自動以daemon方式一天檢查兩次。
> (2)crontab:
> 0 8 * * * /usr/local/bin/freshclam --quiet -l /var/log/clam-update.log
> 每天八點執行檢查。
> 八、【病毒攔截驗證】
>
> 〔圖一〕MailScanner攔截到病毒信件
>
> 〔圖二〕MailScanner於病毒信件的內容加註警告及說明
>
> -------------------附件中VirusWarning.txt的內容----------------------------
>
> This is a message from the MailScanner E-Mail Virus Protection Service
> ----------------------------------------------------------------------
> The original e-mail attachment "movie0045.pif"
> was believed to be infected by a virus and has been replaced by this warning
> message.
>
> If you wish to receive a copy of the *infected* attachment, please
> e-mail helpdesk and include the whole of this message
> in your request. Alternatively, you can call them, with
> the contents of this message to hand when you call.
>
> At Sat Sep 6 10:58:01 2003 the virus scanner said:
> ClamAV: movie0045.pif contains Worm.Sobig.F <<==ClamAV掃描到Sobig病毒
> MailScanner: Shortcuts to MS-Dos programs are very dangerous in email (movie0045.pif)
>
> Note to Help Desk: Look on the MailScanner in /var/spool/MailScanner/quarantine/20030906 (message h862vj0F011226).
> --
> Postmaster
> Mailscanner thanks transtec Computers for their support
>
>
>
> 〔圖三〕主機上每封e-mail的進出均有MailScanner把關
>
> 〔圖四〕一攔截到病毒信,MailScanner亦會通知管理者
>
> 文章出處:http://virtualage.homelinux.net/
酷!學園 原文 : [轉貼] Linux Solution -- Linux上無毒信箱的建立
沒有留言:
張貼留言