從 2004 年初到現在 2004 年 3月15 日止,網路上病毒滿天飛,蠻多同仁因為誤開了有毒的 e-mail,而造成病毒到處流竄央及其他同事,累壞了不少 MIS 人員,這真是極大的困擾,所以郵件伺服器防毒的工作,將是事在必行的。雖然說:Server 上郵件防毒過濾,並不能百分之百的阻礙病毒的流竄,但是多一道防線總是多一份安心,Clamav 經過網路上朋友的測試報告結果,雖然為免費的軟體但其防毒效益達將進 99% ,因此,我將現有的 Postfix Mail 加裝免費的郵件防毒軟體 Clamav ,來防禦病毒郵件。
Environment :
硬體:i386 PC Intel P3 500
記憶體網卡:512M RAM + Intel 網卡
作業系統:FreeBSD 6.0 Release
Flowchart :
e-mail [postifx (*:25)] [amavisd-new (127.0.0.1:10024)] [postfix (127.0.0.1:10025)] [delivery agent (local/smtp/...)]
Setp 1.
加裝 Clamav
#cd /usr/ports/security/clamav
#make install clean # 全都沒選
Options for clamav 0.87.1
[ ] MILTER Compile the milter interface
[ ] CURL Support URL downloading
[ ] LIBUNRAR Support for external Unrar library
編輯啟動檔 #vi /etc/rc.conf
clamav_clamd_enable="YES" # 讓 clamav 於開機時自動啟動
clamav_freshclam_enable="YES" # 讓 freshclam 於開機時自動以 daemon 方式啟動
#cd /usr/local/etc
#cp freshclam.conf.default freshclam.conf # freshclam 是 clamav 病毒更新程式
編輯設定檔: #vi /usr/local/etc/clamd.conf # 內容沒有甚麼大的更改,大約開了下面這些東西:
LogFile /var/log/clamav/clamd.log
LogFileMaxSize 2M
LogTime
LogSyslog
LogVerbose
PidFile /var/run/clamav/clamd.pid
LocalSocket /var/run/clamav/clamd
StreamSaveToDisk
MaxDirectoryRecursion 15
User clamav
AllowSupplementaryGroups
ScanMail
ScanArchive
ArchiveMaxFileSize 10M
ArchiveMaxRecursion 5
ArchiveMaxFiles 1000
ClamukoScanOnOpen
ClamukoScanOnClose
ClamukoScanOnExec
ClamukoIncludePath /home
ClamukoMaxFileSize 1M
ClamukoScanArchive
Setp 2.
再加裝 Amavisd-new
#cd /usr/ports/security/amavisd-new/
#make install clean # 全都不選
Options for amavisd-new 2.3.3,1
[ ] MYSQL MySQL support
[ ] PGSQL PgSQL support
[ ] LDAP LDAP support
[ ] MILTER sendmail milter support
編輯設定檔:#cp /usr/local/etc/amavisd.conf-sample /usr/local/etc/amavisd.conf
#vi /usr/local/etc/amavisd.conf # 總共有八個 Section可編輯,內容如下:
# Section I
$mydomain = 'ms1.ntut.idv.tw';
$forward_method = 'smtp:127.0.0.1:10025';
$notify_method = $forward_method;
# Section II
沒更改變使用預設
# Section III
$DO_SYSLOG = 0; # 由 1 改 0
# Section IV
沒更改變使用預設
# Section V
沒更改變使用預設
# Section VI
沒更改變使用預設
# Section VII
沒更改變使用預設
# Section VIII
沒更改變使用預設
新增 log 檔所要使用的目錄及改變目錄權限:
#mkdir /var/log/amavis
#chown vscan:vscan amavis
#cd amavis
#touch amavis.log
#chown vscan amavis.log
#cd /var
#chown -R vscan:clamav amavis
編輯啟動檔 #vi /etc/rc.conf 增加:
amavisd_enable="YES" # rc.conf 裡讓 amavisd 開機自動 up
Setp 3.
#vi /usr/local/etc/postfix/master.cf # 注意下面 -o 之前必須要空一格 postfix 才會正常啟動
smtp-amavis unix - - n - 2 smtp
-o disable_dns_lookups=yes
127.0.0.1:10025 inet n - n - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o strict_rfc821_envelopes=yes
#vi /usr/local/etc/postfix/main.cf
content_filter = smtp-amavis:[127.0.0.1]:10024
#cd /usr/local/etc/postfix/
#vi aliases # 編輯 aliases 這個 DB 檔內容如下:
virusalert: root # 將寄給 virusalert 的病毒警告信,轉給 root 這位管理者。
#postalias aliases # 將資料導入 postfix 的 DB
#postfix reload # 重跑 postfix
#reboot # 重開機讓 amavisd-new 及 clamav ,freshclam 開機時跑起來
測試:
# telnet localhost 10024
Trying ::1...
telnet: connect to address ::1: Connection refused
Trying 127.0.0.1...
Connected to localhost.ms1.ntut.idv.tw.
Escape character is '^]'.
220 [127.0.0.1] ESMTP amavisd-new service ready
quit
# telnet localhost 10025
Trying 127.0.0.1...
Connected to localhost.ms1.ntut.idv.tw.
Escape character is '^]'.
220 ms1.ntut.idv.tw ESMTP Postfix
quit
參考資料:
http://www.clamav.net/
http://www.ijs.si/software/amavisd/
http://www.voyager.gr.jp/~sampei/freebsd/amavis_m.html
http://mail.x-si.org/articles/av.html
To Add .
2004/04/13 遇到一個問題,很多 Mail 被錯判為 SpamMail,所以找到 /usr/local/etc/amavisd.conf 裡的這幾段,並且除了 $final_virus_destiny 之外,其餘全設定為 D_PASS ,將垃圾郵件過濾機智關掉只留下防毒,以防止錯判。
$final_virus_destiny = D_BOUNCE; # (defaults to D_BOUNCE)
$final_banned_destiny = D_PASS; # (defaults to D_BOUNCE)
$final_spam_destiny = D_PASS; # (defaults to D_REJECT)
$final_bad_header_destiny = D_PASS; # (defaults to D_PASS)
最後修改日期: 2005/11/24
最後修改:http://freebsd.ntut.idv.tw/document/postfix_clamav_amavisd-new.html
