ot Kalin Lilovski(11-05-2004)
reiting (20)
[ dobre ]
[ zle ]
Variant za otpechatvane
Antivirusna zashtita za Sendmail s Amavis i ClamAV
Avtor: Kalin Lilovski
e-mail:kalin@cc.bas.bg
Suzdaden: 16/04/2004
Modifitsiran: 20/04/2004
Tozi dokument opisva izgrazhdaneto na antivirusna zashita za
Sendmail
posredstvom interfeisa AmaVis i antivirusnata programa
ClamAV. Avtorut
predpolaga, che ste naiasno s konfiguriraneto i nachina na
rabota na Sendmail,
che imate rabotesht meil survur i iskate da dobavite skanirane
na pismata za
virusi. Ako tezi usloviia ne sa na litse poglednete
http://www.lcpe.uni-sofia.bg/linuxdoc/sendmail/
, kudeto shte
namerite pulno rukovodstvo na bulgarski za tova kak da
konfigurirate vashiia mel
survuv sus sendmail.
AmaVis e Perl skript koito se mozhe da bude izpolzvan
ot MTA
( Sendmail Qmail, Exim, i. t.n ) za proverka na poshtata
posredstvom
populiarni antivirusni programi pod Linux. ClamAV e
edna takava antivirusna
programa, predimstvoto na koiato e, che se razprostraniava
bezplatno.
Amavis web site:
http://www.amavis.org
Clam AntiVirus web site:
http://www.clamav.net/
Clam AntiVirus download site:
http://prdownloads.sourceforge.net/clamav
Instalirane na Amavis:
Amavis iziskva Perl bibliotekite:
IO-stringy
Unix-Syslog
MailTools
MIME-Base64
MIME-tools version 5.313 or better (!!)
Convert-UUlib version 0.111 or 0.201 or newer (0.2 is
broken!)
Convert-TNEF 0.06 or better (!!)
Compress-Zlib 1.14 or better
Archive-Tar
Archive-Zip 1.0 or better
Za preporuchvane e da imate aktualna versiia na Perl.
Dopulnitelnite
moduli mozhete da dobavite s MCPAN interfeisa, koito
instalira ne samo samite
moduli a i dopulnitelnite moduli ot koito te zavisiat. Osven
tova mozhe da
konfigurirate interfeisa da tegli ot bulgarski miror (az go
napravih ot
Lireks).
perl -MCPAN -e shell
sled koeto:
install Unix::Syslog
install Convert::UUlib
install Convert::TNEF
install Compress::Zlib
install Archive::Tar
install Archive::Zip
install G/GB/GBARR/MailTools-1.15.tar.gz
install MIME::Tools
Poveche informatsiia shte namerite vuv faila README na AmaVis.
Instaliraneto na Amavis za Sendmail e opisano vuv faila
README.sendmail . 3a preporuchvane e da sledvate opisanieto
za instalirane
posredstvom .mc fail, a ne chrez redaktirane na originalniia
.cf fail.
Stupka 1: Kopiraite /etc/mail/sendmail.cf
na /etc/mail/sendmail.orig.cf i suzdaite simvolna
vruzka /etc/sendmail.orig.cf socheshta
kum /etc/mail/sendmail.orig.cf
VNIMANIE: Ne propuskaite tazi stupka.
Po-natatuk /etc/sendmail.orig.cf shte se izpolzva ot Amavis V
originalniia README fail pishe da kopirate /etc/sendmail.cf
na /etc/sendmail.orig.cf , koeto niama da vi svurshi rabota
pri
distributsiite v koito /etc/sendmail.cf e simvolna vruzka
kum
konfiguratsionniia fail na sendmail, koito se namira v
/etc/mail
.
Stupka 2: Kopiraite ot direktoriiata kudeto ste
razarhivirali
Amavis faila doc/amavis.m4 v direktoriiata na sendmail
poddirektoriia /cf/mailer
Stupka 3: Kopiraite .mc faila izpolzvan za generiraneto na
sendmail.mc pod imeto amavis.mc i zapazete negovo kopie na
originalniia .mc fail /etc/mail ( v sluchai na nuzhda )
Stupka 4: Promenete amavis.mc
a) pred OSTYPE definitsiiata dobavete:
define(`QUEUE_DIR',`/var/spool/mqamavis')dnl
define(`STATUS_FILE',`/var/log/amavis.st')dnl
b) dobavete definitsiia za amavis mailer-a kum MAILER
definitsiite
MAILER(`amavis')dnl
c) zapazete faila amavis.mc i generiraite sendmail.cf
m4 amavis.mc > /etc/mail/sendmail.cf
d) zapazete kopie na amavis.mc (v sluchai na nuzhda )
cp amavis.mc /etc/mail
Stupka 5: izpulnete
./configure --enable-relay --enable-sendmail
--with-warnrecip=yes --with-amavisuser=amavis,
make i make install
Stupka 6: Suzdaite /var/spool/mqamavis sus slednite prava:
drwx------ 2 root amavis
4096 Apr 20
12:32 mqamavis/
Stupka 7: Restartiraite sendmail demona
Instalirane na ClamAV
Instaliraneto e opisano vuv faila INSTALL. Proticha na
slednite stupki
./configure
make
make install
Restartiraite Senadmail
Sled restartiraneto na Sendmail, nai-veroiatno shte budete
iznenadani
ot tova, che poshtata vi ne raboti. Izpratete suobshtenie
na niakoia poshtenska kutiia
i poglednete v /var/log/maillog. Tam shte vidite neshto ot
sorta na
Apr 18 04:30:14 serv amavisd[2027]: starting. amavis
0.3.12
Sat Apr 17 10:51:06 GMT+1 2004
Apr 18 04:30:17 serv amavisd[2027]: Virus scanner failure:
Clamd - can't connect to daemon
Tova e zashtoto clamd demona ne e vklyuchen. Predi da go
vklyuchite
triabva da go konfigurirate. Za tselta redaktirate
faila /usr/local/etc/clamav.conf:
Komentiraite "Example"
Otkomentiraite “LogSyslog"
Otkomentiraite "StreamSaveToDisk"
Otkomentiraite "MaxThreads" i zadaite stoinost
"30"
Otkomentiraite "ScanMail"
Komentiraite “LocalSocket /tmp/clamd”
Otkomentiraite “TCPSocket 3310”
Otkomentiraite “TCPAddr 127.0.0.1”
Startiraite clamd i proverete dali raboti na TSR port 3310
# nmap -p 3310 localhost
Starting nmap 3.50 ( http://www.insecure.org/nmap/ )
at
2004-04-18 13:26 GMT+1
I nteresting ports on localhost (127.0.0.1):
PORT STATE SERVICE
3310/tcp open unknown
Avtorite na ClamAV ne otgovariat za tova do kolko e siguren
demona koito sa
napisali i preporuchvat da ne se puska na TSR port. Amavis
obache go tursi na
127.0.0.1:3310. Razumno e da ogranichite dostupa do tozi
port za
ostanalite kompyutri posredstvom iptables.
Ako vuv maillog ima i neshto ot sorta na:
Apr 18 04:30:17 serv amavisd[2030]: mail forwarding failed,
retry: Insecure dependency in exec while running with -T
switch at /usr/sbin/amavis line 601, <GEN0> line 19.
(message-id=<200404171552.32767.kalin@lit.bas.bg>)
pedaktiraite skripta /usr/sbin/amavis mahnete
optsiiata –T ot
purviia red
Ne zabraviate da ukazhete clamd da se startira sus
zarezhdaneto na
sistemata
Mozhete da proverite kak raboti antivirusnata proverka kato
pratite
pismo s virus (az vzeh edin ot
http://www.eicar.org/anti_virus_test_file.htm).
Obnoviavaneto na ClamAV stava s freshclam i cron.
<< Kak da obnoviavame avtomatichno Fedora s nai-novite paketi | Siemens mini How-To >>
|