postfix邮件病毒过滤－站长资讯网info110.com

世面上关于邮件病毒的软件很多，其中以perl的居多。我之所以选择amavis和clamav是因为这些都是c写，首先在性能上就具备了优势。同时，amavis具有很好的扩展性。可以把他理解为一个扫描框架，clamav是一个扫描引擎。当然，也可以使用其他扫描引擎。

软件准备：
amavis-0.3.12.tar.gz
unarj-2.65-3.9.i386.rpm
zoo-2.10-11.9.i386.rpm
unrar-3.2.3-2.9.i386.rpm
clamav-0.65.tar.gz
arc-5.21e-6.i386.rpm

软件安装：
--------install clamav---------

CODE

#tar zvxf clamav-0.65.tar.gz
#cd clamav-0.65
# groupadd clamav
#useradd -g clamav -s /bin/false -c "Clam AntiVirus" clamav
#./configure
#make && make install
#vi /usr/local/etc/clamav.conf

LogFile /var/log/clamd.log
LogFileMaxSize 2M
LogVerbose
LogTime
PidFile /var/run/clamd.pid
DataDirectory /usr/local/share/clamav
LocalSocket /tmp/clamd
MaxDirectoryRecursion 15
User clamav
ScanArchive
ArchiveMaxFileSize 10M
ArchiveMaxRecursion 5
ArchiveMaxFiles 1000

CODE

#clamd
# ps -aux | grep clamd
clamav 9896 0.0 0.7 26448 7220 ? S 04:27 0:00 /usr/local/sbin/clamd
root 22660 0.0 0.0 3548 616 pts/1 R 19:30 0:00 grep clamd
# echo /usr/local/sbin/clamd >> /etc/rc.d/rc.local
#clamscan -r test /*测试杀毒*/
#touch /var/log/clam-update.log
#chmod 644 /var/log/clam-update.log
#chown clamav /var/log/clam-update.log
# freshclam -d -c 2 -l /var/log/clam-update.log /*升级病毒库*/
#touch /etc/cron.daily/freshclam

CODE

#vi /etc/cron.daily/freshclam

#!/bin/bash
freshclam --quiet -d -c 2 -l /var/log/clam-update.log

CODE

#chmod a+xr /etc/cron.daily/freshclam

--------------------Install amavisd------------------

CODE

#rpm -ivh unarj-2.65-3.9.i386.rpm
#rpm -ivh zoo-2.10-11.9.i386.rpm
#rpm -ivh unrar-3.2.3-2.9.i386.rpm
#rpm -ivh arc-5.21e-6.i386.rpm
#tar zvxf amavis-0.3.12.tar.gz
#cd amavis-0.3.12
#groupadd amavis
#useradd amavis -g amavis -s /bin/nologin
#./configure --enable-postfix
#make && make install
#vi /etc/amavisd.conf

$mailfrom_notify_admin =‘xiyang@yovole.com‘
$mailfrom_notify_recip = ‘xiyang@yovole.com‘;
$mailfrom_notify_spamadmin = ‘xiyang@yovole.com‘;
$virus_admin = ‘xiyang@yovole.com‘;
$spam_admin = ‘xiyang@yovole.com‘;
$final_virus_destiny = 0;
$final_spam_destiny = -1;
$sa_tag_level_deflt = 4;
$sa_kill_level_deflt = 6.9;

------------------edit the postfix config files-------------

* add to /etc/postfix/main.cf:

content_filter = vscan:
soft_bounce = yes
# For testing purposes it might make sense to use this

* add to /etc/postfix/master.cf:

vscan unix - n n - 10 pipe user=amavis argv=/usr/sbin/amavis ${sender} ${recipient}
localhost:10025 inet n - n - - smtpd -o content_filter=
* reload postfix
#/etc/init.d/postfix reload

------------test the app-----------------------

CODE

#clamscan -r -l /root/xiyang/scan_repost /var/vmail/ /******扫描/var/vmail下的所有邮件，并将扫描结果保存在/root/xiyang下的scan_report文件中*/
# less scan_report

--------------------------------------
Scan started: Sun Dec 28 14:48:29 2003

-- summary --
Known viruses: 11964
Scanned directories: 1049
Scanned files: 1657
Infected files: 0
Data scanned: 102.24 MB
I/O buffer size: 131072 bytes
Time: 33.310 sec (0 m 33 s)
--------------------------------------
Scan started: Sun Dec 28 14:52:13 2003

/var/vmail//root/new/1030594139.21504_0.yovole.com,S=165330: Exploit.IFrame.Gen FOUND
......................

CODE

#cd /var/vmail//root/new/
# cat 1030930201.10626_0.yovole.com\,S\=143154\:2\, | mail -s "xiyangtest" xiyang@yovole.com
#tail -f /var/log/maillog | grep virus
Dec 29 19:48:52 mail amavisd[26510]: Virus found (message-id=<20031229114851.BE6AB256D6D@mail.yovole.com>) - quarantined as virus-20031229-194852-26510
Dec 29 19:48:54 mail postfix/smtpd[25205]: 10C35256D71: reject: RCPT from localhost.localdomain[127.0.0.1]: 450 <virusalert>: User unknown in local recipient table; from=<postmaster> to=<virusalert> proto=ESMTP helo=<localhost>
Dec 29 19:48:55 mail amavisd[26523]: mail forwarding failed, retry: Temporary reject by MTA: 450 <virusalert>: User unknown in local recipient table (message-id=<20031229114852.90811256D6D@mail.yovole.com>)
Dec 29 19:48:55 mail postfix/pipe[25194]: 90811256D6D: to=<virusalert>, relay=vscan, delay=3, status=deferred (temporary failure)
#cd /var/virtusmail
#ls
virus-20031229-184553-14247 virus-20031229-184757-14607 virus-20031229-185221-15290 virus-20031229-194852-26510
virus-20031229-184616-14330 virus-20031229-184853-14767 virus-20031229-194810-26292

上一篇:在FreeBSD上建立一个功能完整的邮件服务器
下一篇:利用postfix建立自己的邮件服务器

TAG: POSTFIX 邮件

搜索

postfix邮件病毒过滤