Virenschutz mit AMaViS
Für die eMailkommunikation in unserem SOHO1)-LAN bedienen wir uns des SMTP-Server Postfix. Zur weiteren Absichereung (Viren- und Spam-Schutz) nutzen wir weitere Programme und Dämonen, wie amavisd-new, clamav und spamassassin. Die Installation und Konfiguration, der einzelnen Getriebezahnräder beschreibt diese und nachfolgende Seite.
Postfix-AMaViS-Cyrus Zusammenspiel
Installation
Die Installation erfolgt, wie soll es auch anders sein, wie gewohnt via yum:
yum install amavisd-new
Info
Was uns amavisd-new bietet, entnehmen wir am einfachsten dem rpm
# yum info amavisd-new
Name : amavisd-new
...
Summary: Mail virus-scanner
Description: AMaViS is a program that interfaces a mail transfer agent (MTA) with one or more virus scanners.
Amavisd-new is a branch created by Mark Martinec that adds serveral performance and robustness features. It's
partly based on work being done on the official amavisd branch. Please see the README.amavisd-new-RELNOTES
file for a detailed description.
Programmpfade und -inhalte
Über die einzelnen Dateien und Pfade der installierten Programme, informieren wir uns mittels:
# rpm -ql amavisd-new /etc/amavisd.conf /etc/cron.daily/amavisd /etc/logrotate.d/amavisd /etc/openldap/schema/amavisd-new.schema /etc/rc.d/init.d/amavisd /etc/sysconfig/amavisd /usr/sbin/amavisd /usr/sbin/amavisd-agent /usr/sbin/amavisd-nanny /usr/sbin/amavisd-release /usr/sbin/p0f-analyzer /usr/share/doc/amavisd-new-2.6.4 /usr/share/doc/amavisd-new-2.6.4/AAAREADME.first /usr/share/doc/amavisd-new-2.6.4/LDAP.schema /usr/share/doc/amavisd-new-2.6.4/LICENSE /usr/share/doc/amavisd-new-2.6.4/MANIFEST /usr/share/doc/amavisd-new-2.6.4/README.banned /usr/share/doc/amavisd-new-2.6.4/README.chroot /usr/share/doc/amavisd-new-2.6.4/README.contributed /usr/share/doc/amavisd-new-2.6.4/README.courier /usr/share/doc/amavisd-new-2.6.4/README.courier-old /usr/share/doc/amavisd-new-2.6.4/README.customize /usr/share/doc/amavisd-new-2.6.4/README.exim_v3 /usr/share/doc/amavisd-new-2.6.4/README.exim_v3_app /usr/share/doc/amavisd-new-2.6.4/README.exim_v4 /usr/share/doc/amavisd-new-2.6.4/README.exim_v4_app /usr/share/doc/amavisd-new-2.6.4/README.exim_v4_app2 /usr/share/doc/amavisd-new-2.6.4/README.ldap /usr/share/doc/amavisd-new-2.6.4/README.lookups /usr/share/doc/amavisd-new-2.6.4/README.milter /usr/share/doc/amavisd-new-2.6.4/README.old.scanners /usr/share/doc/amavisd-new-2.6.4/README.performance /usr/share/doc/amavisd-new-2.6.4/README.policy-on-notifications /usr/share/doc/amavisd-new-2.6.4/README.postfix /usr/share/doc/amavisd-new-2.6.4/README.postfix.html /usr/share/doc/amavisd-new-2.6.4/README.protocol /usr/share/doc/amavisd-new-2.6.4/README.sendmail /usr/share/doc/amavisd-new-2.6.4/README.sendmail-dual /usr/share/doc/amavisd-new-2.6.4/README.sendmail-dual.old /usr/share/doc/amavisd-new-2.6.4/README.sql /usr/share/doc/amavisd-new-2.6.4/README.sql-mysql /usr/share/doc/amavisd-new-2.6.4/README.sql-pg /usr/share/doc/amavisd-new-2.6.4/RELEASE_NOTES /usr/share/doc/amavisd-new-2.6.4/amavisd-new-docs.html /usr/share/doc/amavisd-new-2.6.4/amavisd.conf /usr/share/doc/amavisd-new-2.6.4/amavisd.conf-default /usr/share/doc/amavisd-new-2.6.4/amavisd.conf-sample /usr/share/doc/amavisd-new-2.6.4/amavisd.conf.orig /usr/share/doc/amavisd-new-2.6.4/images /usr/share/doc/amavisd-new-2.6.4/images/blank.png /usr/share/doc/amavisd-new-2.6.4/images/callouts /usr/share/doc/amavisd-new-2.6.4/images/callouts/1.png /usr/share/doc/amavisd-new-2.6.4/images/callouts/10.png /usr/share/doc/amavisd-new-2.6.4/images/callouts/11.png /usr/share/doc/amavisd-new-2.6.4/images/callouts/12.png /usr/share/doc/amavisd-new-2.6.4/images/callouts/13.png /usr/share/doc/amavisd-new-2.6.4/images/callouts/14.png /usr/share/doc/amavisd-new-2.6.4/images/callouts/15.png /usr/share/doc/amavisd-new-2.6.4/images/callouts/2.png /usr/share/doc/amavisd-new-2.6.4/images/callouts/3.png /usr/share/doc/amavisd-new-2.6.4/images/callouts/4.png /usr/share/doc/amavisd-new-2.6.4/images/callouts/5.png /usr/share/doc/amavisd-new-2.6.4/images/callouts/6.png /usr/share/doc/amavisd-new-2.6.4/images/callouts/7.png /usr/share/doc/amavisd-new-2.6.4/images/callouts/8.png /usr/share/doc/amavisd-new-2.6.4/images/callouts/9.png /usr/share/doc/amavisd-new-2.6.4/images/caution.png /usr/share/doc/amavisd-new-2.6.4/images/draft.png /usr/share/doc/amavisd-new-2.6.4/images/home.png /usr/share/doc/amavisd-new-2.6.4/images/important.png /usr/share/doc/amavisd-new-2.6.4/images/next.png /usr/share/doc/amavisd-new-2.6.4/images/note.png /usr/share/doc/amavisd-new-2.6.4/images/prev.png /usr/share/doc/amavisd-new-2.6.4/images/tip.png /usr/share/doc/amavisd-new-2.6.4/images/toc-blank.png /usr/share/doc/amavisd-new-2.6.4/images/toc-minus.png /usr/share/doc/amavisd-new-2.6.4/images/toc-plus.png /usr/share/doc/amavisd-new-2.6.4/images/up.png /usr/share/doc/amavisd-new-2.6.4/images/warning.png /usr/share/doc/amavisd-new-2.6.4/screen.css /usr/share/doc/amavisd-new-2.6.4/test-messages /usr/share/doc/amavisd-new-2.6.4/test-messages/README /usr/share/doc/amavisd-new-2.6.4/test-messages/sample.tar.gz.compl /var/amavis /var/amavis/db /var/amavis/tmp /var/amavis/var /var/log/amavis.log /var/virusmails
Konfiguration
Grundkonfiguration
Für die weitere Viren- und Spam-Prüfung der uns angetragenen elektronischen Post, verwenden wir die smtp_proxy_filter-Funktionen, also die Pre-Queue unseres Postfixes. Somit können wir die Nachricht in Echtzeit filtern und wenn uns diese „nicht gefällt“, einfach abweisen.
Der externe Mailserver versucht mit unserer neuen Konfiguration eine eMail bei uns auf Port 25 abzusetzen. Unser Postfix reicht diese direkt an den Port 10024 unseres AMaViS-Daemon weiter, der die Nachricht on-the-fly weiteren daemons zum Virenscanner und Spambewerten unterzieht. Wird dabei die Nachricht für O.K. befunden, so reicht AMaViS die Mail zurück an den Postfix auf Port 10025, oder signalisiert Postfix, dass die Nachricht O.K. ist und der externe SMTP-Dialog erfolgreich zu Ende gebracht werden kann.
Im ersten Schritt definieren wir also die ersten drei Parameter, Hostnamen, Domäne und Port in der Konfigurationsdatei unter /etc/amavisd.conf.
... $myhostname = 'amavis.nausch.org'; # hostname $mydomain = 'nausch.org'; # a convenient default for other settings ... $inet_socket_port = 10024; # listen on this local TCP port(s) ...
Gesamtkonfiguration
Unser lauffähges System benötigt eine umfangreiche Konfiguration, die wir unseren Bedürfnissen anpassen.
# egrep -v '(^#|^$)' /etc/amavisd.conf use strict; $max_servers = 5; # num of pre-forked children (2..30 is common), -m $daemon_user = "amavis"; # (no default; customary: vscan or amavis), -u $daemon_group = "amavis"; # (no default; customary: vscan or amavis), -g $myhostname = 'amavis.nausch.org'; # hostname $mydomain = 'nausch.org'; # a convenient default for other settings $MYHOME = '/var/amavis'; # a convenient default for other settings, -H $TEMPBASE = "$MYHOME/tmp"; # working directory, needs to exist, -T $ENV{TMPDIR} = $TEMPBASE; # environment variable TMPDIR, used by SA, etc. $QUARANTINEDIR = "/var/virusmails"; $db_home = "$MYHOME/db"; # dir for bdb nanny/cache/snmp databases, -D $helpers_home = "$MYHOME/var"; # working directory for SpamAssassin, -S $lock_file = "$MYHOME/var/amavisd.lock"; # -L $pid_file = "$MYHOME/var/amavisd.pid"; # -P $log_level = 3; # verbosity 0..5, -d $log_recip_templ = undef; # disable by-recipient level-0 log entries $DO_SYSLOG = 1; # log via syslogd (preferred) $syslog_facility = 'mail'; # Syslog facility as a string # e.g.: mail, daemon, user, local0, ... local7 $syslog_priority = 'debug'; # Syslog base (minimal) priority as a string, # choose from: emerg, alert, crit, err, warning, notice, info, debug $enable_db = 1; # enable use of BerkeleyDB/libdb (SNMP and nanny) $enable_global_cache = 1; # enable use of libdb-based cache if $enable_db=1 $nanny_details_level = 2; # nanny verbosity: 1: traditional, 2: detailed $enable_dkim_verification = 1; # enable DKIM signatures verification $enable_dkim_signing = 1; # load DKIM signing code, keys defined by dkim_key @local_domains_maps = ( [".$mydomain"] ); # list of all local domains @mynetworks = qw( 127.0.0.0/8 [::1] [FE80::]/10 [FEC0::]/10 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 ); $unix_socketname = "$MYHOME/amavisd.sock"; # amavisd-release or amavis-milter # option(s) -p overrides $inet_socket_port and $unix_socketname $inet_socket_port = 10024; # listen on this local TCP port(s) $policy_bank{'MYNETS'} = { # mail originating from @mynetworks originating => 1, # is true in MYNETS by default, but let's make it explicit os_fingerprint_method => undef, # don't query p0f for internal clients }; $interface_policy{'10026'} = 'ORIGINATING'; $policy_bank{'ORIGINATING'} = { # mail supposedly originating from our users originating => 1, # declare that mail was submitted by our smtp client allow_disclaimers => 1, # enables disclaimer insertion if available # notify administrator of locally originating malware virus_admin_maps => ["virusalert\@$mydomain"], spam_admin_maps => ["virusalert\@$mydomain"], warnbadhsender => 1, # forward to a smtpd service providing DKIM signing service forward_method => 'smtp:[127.0.0.1]:10027', # force MTA conversion to 7-bit (e.g. before DKIM signing) smtpd_discard_ehlo_keywords => ['8BITMIME'], bypass_banned_checks_maps => [1], # allow sending any file names and types terminate_dsn_on_notify_success => 0, # don't remove NOTIFY=SUCCESS option }; $interface_policy{'SOCK'} = 'AM.PDP-SOCK'; # only applies with $unix_socketname $policy_bank{'AM.PDP-SOCK'} = { protocol => 'AM.PDP', auth_required_release => 0, # do not require secret_id for amavisd-release }; $sa_tag_level_deflt = 2.0; # add spam info headers if at, or above that level $sa_tag2_level_deflt = 6.31; # add 'spam detected' headers at that level $sa_kill_level_deflt = 6.31; # triggers spam evasive actions (e.g. blocks mail) $sa_dsn_cutoff_level = 10; # spam level beyond which a DSN is not sent $sa_crediblefrom_dsn_cutoff_level = 18; # likewise, but for a likely valid From $penpals_bonus_score = 8; # (no effect without a @storage_sql_dsn database) $penpals_threshold_high = $sa_kill_level_deflt; # don't waste time on hi spam $bounce_killer_score = 100; # spam score points to add for joe-jobbed bounces $sa_mail_body_size_limit = 400*1024; # don't waste time on SA if mail is larger $sa_local_tests_only = 0; # only tests which do not require internet access? $virus_admin = "virusalert\@$mydomain"; # notifications recip. $mailfrom_notify_admin = "virusalert\@$mydomain"; # notifications sender $mailfrom_notify_recip = "virusalert\@$mydomain"; # notifications sender $mailfrom_notify_spamadmin = "spam.police\@$mydomain"; # notifications sender $mailfrom_to_quarantine = ''; # null return path; uses original sender if undef @addr_extension_virus_maps = ('virus'); @addr_extension_banned_maps = ('banned'); @addr_extension_spam_maps = ('spam'); @addr_extension_bad_header_maps = ('badh'); $path = '/usr/local/sbin:/usr/local/bin:/usr/sbin:/sbin:/usr/bin:/bin'; $MAXLEVELS = 14; $MAXFILES = 1500; $MIN_EXPANSION_QUOTA = 100*1024; # bytes (default undef, not enforced) $MAX_EXPANSION_QUOTA = 300*1024*1024; # bytes (default undef, not enforced) $sa_spam_subject_tag = '***SPAM*** '; $defang_virus = 1; # MIME-wrap passed infected mail $defang_banned = 1; # MIME-wrap passed mail containing banned name $defang_by_ccat{+CC_BADH.",3"} = 1; # NUL or CR character in header $defang_by_ccat{+CC_BADH.",5"} = 1; # header line longer than 998 characters $defang_by_ccat{+CC_BADH.",6"} = 1; # header field syntax error $final_virus_destiny = D_REJECT; $final_banned_destiny = D_REJECT; $final_spam_destiny = D_REJECT; $virus_quarantine_to = undef; $banned_quarantine_to = undef; $spam_quarantine_to = undef; $bad_header_quarantine_to = undef; @keep_decoded_original_maps = (new_RE( qr'^MAIL$', # retain full original message for virus checking qr'^MAIL-UNDECIPHERABLE$', # recheck full mail if it contains undecipherables qr'^(ASCII(?! cpio)|text|uuencoded|xxencoded|binhex)'i, )); $banned_filename_re = new_RE( qr'^\.(exe-ms|dll)$', # banned file(1) types, rudimentary [ qr'^\.(rpm|cpio|tar)$' => 0 ], # allow any in Unix-type archives qr'.\.(pif|scr)$'i, # banned extensions - rudimentary qr'^application/x-msdownload$'i, # block these MIME types qr'^application/x-msdos-program$'i, qr'^application/hta$'i, # block certain double extensions in filenames qr'\.[^./]*[A-Za-z][^./]*\.\s*(exe|vbs|pif|scr|bat|cmd|com|cpl|dll)[.\s]*$'i, qr'.\.(exe|vbs|pif|scr|cpl)$'i, # banned extension - basic ); @score_sender_maps = ({ # a by-recipient hash lookup table, # results from all matching recipient tables are summed ## site-wide opinions about senders (the '.' matches any recipient) '.' => [ # the _first_ matching sender determines the score boost new_RE( # regexp-type lookup table, just happens to be all soft-blacklist [qr'^(bulkmail|offers|cheapbenefits|earnmoney|foryou)@'i => 5.0], [qr'^(greatcasino|investments|lose_weight_today|market\.alert)@'i=> 5.0], [qr'^(money2you|MyGreenCard|new\.tld\.registry|opt-out|opt-in)@'i=> 5.0], [qr'^(optin|saveonlsmoking2002k|specialoffer|specialoffers)@'i => 5.0], [qr'^(stockalert|stopsnoring|wantsome|workathome|yesitsfree)@'i => 5.0], [qr'^(your_friend|greatoffers)@'i => 5.0], [qr'^(inkjetplanet|marketopt|MakeMoney)\d*@'i => 5.0], ), { # a hash-type lookup table (associative array) 'nobody@cert.org' => -3.0, 'cert-advisory@us-cert.gov' => -3.0, 'owner-alert@iss.net' => -3.0, 'slashdot@slashdot.org' => -3.0, 'securityfocus.com' => -3.0, 'ntbugtraq@listserv.ntbugtraq.com' => -3.0, 'security-alerts@linuxsecurity.com' => -3.0, 'mailman-announce-admin@python.org' => -3.0, 'amavis-user-admin@lists.sourceforge.net'=> -3.0, 'amavis-user-bounces@lists.sourceforge.net' => -3.0, 'spamassassin.apache.org' => -3.0, 'notification-return@lists.sophos.com' => -3.0, 'owner-postfix-users@postfix.org' => -3.0, 'owner-postfix-announce@postfix.org' => -3.0, 'owner-sendmail-announce@lists.sendmail.org' => -3.0, 'sendmail-announce-request@lists.sendmail.org' => -3.0, 'donotreply@sendmail.org' => -3.0, 'ca+envelope@sendmail.org' => -3.0, 'noreply@freshmeat.net' => -3.0, 'owner-technews@postel.acm.org' => -3.0, 'ietf-123-owner@loki.ietf.org' => -3.0, 'cvs-commits-list-admin@gnome.org' => -3.0, 'rt-users-admin@lists.fsck.com' => -3.0, 'clp-request@comp.nus.edu.sg' => -3.0, 'surveys-errors@lists.nua.ie' => -3.0, 'emailnews@genomeweb.com' => -5.0, 'yahoo-dev-null@yahoo-inc.com' => -3.0, 'returns.groups.yahoo.com' => -3.0, 'clusternews@linuxnetworx.com' => -3.0, lc('lvs-users-admin@LinuxVirtualServer.org') => -3.0, lc('owner-textbreakingnews@CNNIMAIL12.CNN.COM') => -5.0, # soft-blacklisting (positive score) 'sender@example.net' => 3.0, '.example.net' => 1.0, }, ], # end of site-wide tables }); @decoders = ( ['mail', \&do_mime_decode], ['asc', \&do_ascii], ['uue', \&do_ascii], ['hqx', \&do_ascii], ['ync', \&do_ascii], ['F', \&do_uncompress, ['unfreeze','freeze -d','melt','fcat'] ], ['Z', \&do_uncompress, ['uncompress','gzip -d','zcat'] ], ['gz', \&do_uncompress, 'gzip -d'], ['gz', \&do_gunzip], ['bz2', \&do_uncompress, 'bzip2 -d'], ['lzo', \&do_uncompress, 'lzop -d'], ['rpm', \&do_uncompress, ['rpm2cpio.pl','rpm2cpio'] ], ['cpio', \&do_pax_cpio, ['pax','gcpio','cpio'] ], ['tar', \&do_pax_cpio, ['pax','gcpio','cpio'] ], ['deb', \&do_ar, 'ar'], ['zip', \&do_unzip], ['7z', \&do_7zip, ['7zr','7za','7z'] ], ['rar', \&do_unrar, ['rar','unrar'] ], ['arj', \&do_unarj, ['arj','unarj'] ], ['arc', \&do_arc, ['nomarch','arc'] ], ['zoo', \&do_zoo, ['zoo','unzoo'] ], ['lha', \&do_lha, 'lha'], ['cab', \&do_cabextract, 'cabextract'], ['tnef', \&do_tnef_ext, 'tnef'], ['tnef', \&do_tnef], ['exe', \&do_executable, ['rar','unrar'], 'lha', ['arj','unarj'] ], ); @av_scanners = ( ['ClamAV-clamd', \&ask_daemon, ["CONTSCAN {}\n", "/tmp/clamd.socket"], qr/\bOK$/m, qr/\bFOUND$/m, qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ], ### http://www.kaspersky.com/ (kav4mailservers) ['KasperskyLab AVP - aveclient', ['/usr/local/kav/bin/aveclient','/usr/local/share/kav/bin/aveclient', '/opt/kav/5.5/kav4mailservers/bin/aveclient','aveclient'], '-p /var/run/aveserver -s {}/*', [0,3,6,8], qr/\b(INFECTED|SUSPICION|SUSPICIOUS)\b/m, qr/(?:INFECTED|WARNING|SUSPICION|SUSPICIOUS) (.+)/m, ], # NOTE: one may prefer [0],[2,3,4,5], depending on how suspicious, # currupted or protected archives are to be handled ### http://www.kaspersky.com/ ['KasperskyLab AntiViral Toolkit Pro (AVP)', ['avp'], '-* -P -B -Y -O- {}', [0,3,6,8], [2,4], # any use for -A -K ? qr/infected: (.+)/m, sub {chdir('/opt/AVP') or die "Can't chdir to AVP: $!"}, sub {chdir($TEMPBASE) or die "Can't chdir back to $TEMPBASE $!"}, ], ### The kavdaemon and AVPDaemonClient have been removed from Kasperky ### products and replaced by aveserver and aveclient ['KasperskyLab AVPDaemonClient', [ '/opt/AVP/kavdaemon', 'kavdaemon', '/opt/AVP/AvpDaemonClient', 'AvpDaemonClient', '/opt/AVP/AvpTeamDream', 'AvpTeamDream', '/opt/AVP/avpdc', 'avpdc' ], "-f=$TEMPBASE {}", [0,8], [3,4,5,6], qr/infected: ([^\r\n]+)/m ], # change the startup-script in /etc/init.d/kavd to: # DPARMS="-* -Y -dl -f=/var/amavis /var/amavis" # (or perhaps: DPARMS="-I0 -Y -* /var/amavis" ) # adjusting /var/amavis above to match your $TEMPBASE. # The '-f=/var/amavis' is needed if not running it as root, so it # can find, read, and write its pid file, etc., see 'man kavdaemon'. # defUnix.prf: there must be an entry "*/var/amavis" (or whatever # directory $TEMPBASE specifies) in the 'Names=' section. # cd /opt/AVP/DaemonClients; configure; cd Sample; make # cp AvpDaemonClient /opt/AVP/ # su - vscan -c "${PREFIX}/kavdaemon ${DPARMS}" ### http://www.centralcommand.com/ ['CentralCommand Vexira (new) vascan', ['vascan','/usr/lib/Vexira/vascan'], "-a s --timeout=60 --temp=$TEMPBASE -y $QUARANTINEDIR ". "--log=/var/log/vascan.log {}", [0,3], [1,2,5], qr/(?x)^\s* (?:virus|iworm|macro|mutant|sequence|trojan)\ found:\ ( [^\]\s']+ )\ \.\.\.\ /m ], # Adjust the path of the binary and the virus database as needed. # 'vascan' does not allow to have the temp directory to be the same as # the quarantine directory, and the quarantine option can not be disabled. # If $QUARANTINEDIR is not used, then another directory must be specified # to appease 'vascan'. Move status 3 to the second list if password # protected files are to be considered infected. ### http://www.avira.com/ ### Avira AntiVir (formerly H+BEDV) or (old) CentralCommand Vexira Antivirus ['Avira AntiVir', ['antivir','vexira'], '--allfiles -noboot -nombr -rs -s -z {}', [0], qr/ALERT:|VIRUS:/m, qr/(?x)^\s* (?: ALERT: \s* (?: \[ | [^']* ' ) | (?i) VIRUS:\ .*?\ virus\ '?) ( [^\]\s']+ )/m ], # NOTE: if you only have a demo version, remove -z and add 214, as in: # '--allfiles -noboot -nombr -rs -s {}', [0,214], qr/ALERT:|VIRUS:/, ### http://www.commandsoftware.com/ ['Command AntiVirus for Linux', 'csav', '-all -archive -packed {}', [50], [51,52,53], qr/Infection: (.+)/m ], ### http://www.symantec.com/ ['Symantec CarrierScan via Symantec CommandLineScanner', 'cscmdline', '-a scan -i 1 -v -s 127.0.0.1:7777 {}', qr/^Files Infected:\s+0$/m, qr/^Infected\b/m, qr/^(?:Info|Virus Name):\s+(.+)/m ], ### http://www.symantec.com/ ['Symantec AntiVirus Scan Engine', 'savsecls', '-server 127.0.0.1:7777 -mode scanrepair -details -verbose {}', [0], qr/^Infected\b/m, qr/^(?:Info|Virus Name):\s+(.+)/m ], # NOTE: check options and patterns to see which entry better applies ### http://www.f-secure.com/products/anti-virus/ version 5.52 ['F-Secure Antivirus for Linux servers', ['/opt/f-secure/fsav/bin/fsav', 'fsav'], '--virus-action1=report --archive=yes --auto=yes '. '--dumb=yes --list=no --mime=yes {}', [0], [3,4,6,8], qr/(?:infection|Infected|Suspected|Riskware): (.+)/m ], # NOTE: internal archive handling may be switched off by '--archive=no' # to prevent fsav from exiting with status 9 on broken archives ['CAI InoculateIT', 'inocucmd', # retired product '-sec -nex {}', [0], [100], qr/was infected by virus (.+)/m ], # see: http://www.flatmtn.com/computer/Linux-Antivirus_CAI.html ### http://www3.ca.com/Solutions/Product.asp?ID=156 (ex InoculateIT) ['CAI eTrust Antivirus', 'etrust-wrapper', '-arc -nex -spm h {}', [0], [101], qr/is infected by virus: (.+)/m ], # NOTE: requires suid wrapper around inocmd32; consider flag: -mod reviewer # see http://marc.theaimsgroup.com/?l=amavis-user&m=109229779912783 ### http://mks.com.pl/english.html ['MkS_Vir for Linux (beta)', ['mks32','mks'], '-s {}/*', [0], [1,2], qr/--[ \t]*(.+)/m ], ### http://mks.com.pl/english.html ['MkS_Vir daemon', 'mksscan', '-s -q {}', [0], [1..7], qr/^... (\S+)/m ], ### http://www.eset.com/, version 3.0 ['ESET Software ESETS Command Line Interface', ['/usr/bin/esets_cli', 'esets_cli'], '--subdir {}', [0], [1,2,3], qr/:\s*action="(?!accepted)[^"]*"\n.*:\s*virus="([^"]*)"/m ], ## http://www.nod32.com/, NOD32LFS version 2.5 and above ['ESET NOD32 for Linux File servers', ['/opt/eset/nod32/sbin/nod32','nod32'], '--files -z --mail --sfx --rtp --adware --unsafe --pattern --heur '. '-w -a --action=1 -b {}', [0], [1,10], qr/^object=.*, virus="(.*?)",/m ], ### http://www.norman.com/products_nvc.shtml ['Norman Virus Control v5 / Linux', 'nvcc', '-c -l:0 -s -u -temp:$TEMPBASE {}', [0,10,11], [1,2,14], qr/(?i).* virus in .* -> \'(.+)\'/m ], ### http://www.pandasoftware.com/ ['Panda CommandLineSecure 9 for Linux', ['/opt/pavcl/usr/bin/pavcl','pavcl'], '-auto -aex -heu -cmp -nbr -nor -nos -eng -nob {}', qr/Number of files infected[ .]*: 0+(?!\d)/m, qr/Number of files infected[ .]*: 0*[1-9]/m, qr/Found virus :\s*(\S+)/m ], # NOTE: for efficiency, start the Panda in resident mode with 'pavcl -tsr' # before starting amavisd - the bases are then loaded only once at startup. # To reload bases in a signature update script: # /opt/pavcl/usr/bin/pavcl -tsr -ulr; /opt/pavcl/usr/bin/pavcl -tsr # Please review other options of pavcl, for example: # -nomalw, -nojoke, -nodial, -nohackt, -nospyw, -nocookies ### http://www.nai.com/ ['NAI McAfee AntiVirus (uvscan)', 'uvscan', '--secure -rv --mime --summary --noboot - {}', [0], [13], qr/(?x) Found (?: \ the\ (.+)\ (?:virus|trojan) | \ (?:virus|trojan)\ or\ variant\ ([^ ]+) | :\ (.+)\ NOT\ a\ virus)/m, # sub {$ENV{LD_PRELOAD}='/lib/libc.so.6'}, # sub {delete $ENV{LD_PRELOAD}}, ], # NOTE1: with RH9: force the dynamic linker to look at /lib/libc.so.6 before # anything else by setting environment variable LD_PRELOAD=/lib/libc.so.6 # and then clear it when finished to avoid confusing anything else. # NOTE2: to treat encrypted files as viruses replace the [13] with: # qr/^\s{5,}(Found|is password-protected|.*(virus|trojan))/ ### http://www.virusbuster.hu/en/ ['VirusBuster', ['vbuster', 'vbengcl'], "{} -ss -i '*' -log=$MYHOME/vbuster.log", [0], [1], qr/: '(.*)' - Virus/m ], # VirusBuster Ltd. does not support the daemon version for the workstation # engine (vbuster-eng-1.12-linux-i386-libc6.tgz) any longer. The names of # binaries, some parameters AND return codes have changed (from 3 to 1). # See also the new Vexira entry 'vascan' which is possibly related. ### http://www.cyber.com/ ['CyberSoft VFind', 'vfind', '--vexit {}/*', [0], [23], qr/##==>>>> VIRUS ID: CVDL (.+)/m, # sub {$ENV{VSTK_HOME}='/usr/lib/vstk'}, ], ### http://www.avast.com/ ['avast! Antivirus', ['/usr/bin/avastcmd','avastcmd'], '-a -i -n -t=A {}', [0], [1], qr/\binfected by:\s+([^ \t\n\[\]]+)/m ], ### http://www.ikarus-software.com/ ['Ikarus AntiVirus for Linux', 'ikarus', '{}', [0], [40], qr/Signature (.+) found/m ], ### http://www.bitdefender.com/ ['BitDefender', 'bdscan', # new version '--action=ignore --no-list {}', qr/^Infected files\s*:\s*0+(?!\d)/m, qr/^(?:Infected files|Identified viruses|Suspect files)\s*:\s*0*[1-9]/m, qr/(?:suspected|infected)\s*:\s*(.*)(?:\033|$)/m ], ### http://www.bitdefender.com/ ['BitDefender', 'bdc', # old version '--arc --mail {}', qr/^Infected files *:0+(?!\d)/m, qr/^(?:Infected files|Identified viruses|Suspect files) *:0*[1-9]/m, qr/(?:suspected|infected): (.*)(?:\033|$)/m ], # consider also: --all --nowarn --alev=15 --flev=15. The --all argument may # not apply to your version of bdc, check documentation and see 'bdc --help' ### ArcaVir for Linux and Unix http://www.arcabit.pl/ ['ArcaVir for Linux', ['arcacmd','arcacmd.static'], '-v 1 -summary 0 -s {}', [0], [1,2], qr/(?:VIR|WIR):[ \t]*(.+)/m ], ); @av_scanners_backup = ( ### http://www.clamav.net/ - backs up clamd or Mail::ClamAV ['ClamAV-clamscan', 'clamscan', "--stdout --no-summary -r --tempdir=$TEMPBASE {}", [0], qr/:.*\sFOUND$/m, qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ], ### http://www.f-prot.com/ - backs up F-Prot Daemon, V6 ['F-PROT Antivirus for UNIX', ['fpscan'], '--report --mount --adware {}', # consider: --applications -s 4 -u 3 -z 10 [0,8,64], [1,2,3, 4+1,4+2,4+3, 8+1,8+2,8+3, 12+1,12+2,12+3], qr/^\[Found\s+[^\]]*\]\s+<([^ \t(>]*)/m ], ### http://www.f-prot.com/ - backs up F-Prot Daemon (old) ['FRISK F-Prot Antivirus', ['f-prot','f-prot.sh'], '-dumb -archive -packed {}', [0,8], [3,6], # or: [0], [3,6,8], qr/(?:Infection:|security risk named) (.+)|\s+contains\s+(.+)$/m ], ### http://www.trendmicro.com/ - backs up Trophie ['Trend Micro FileScanner', ['/etc/iscan/vscan','vscan'], '-za -a {}', [0], qr/Found virus/m, qr/Found virus (.+) in/m ], ### http://www.sald.com/, http://drweb.imshop.de/ - backs up DrWebD ['drweb - DrWeb Antivirus', # security LHA hole in Dr.Web 4.33 and earlier ['/usr/local/drweb/drweb', '/opt/drweb/drweb', 'drweb'], '-path={} -al -go -ot -cn -upn -ok-', [0,32], [1,9,33], qr' infected (?:with|by)(?: virus)? (.*)$'m ], ### http://www.kaspersky.com/ ['Kaspersky Antivirus v5.5', ['/opt/kaspersky/kav4fs/bin/kav4fs-kavscanner', '/opt/kav/5.5/kav4unix/bin/kavscanner', '/opt/kav/5.5/kav4mailservers/bin/kavscanner', 'kavscanner'], '-i0 -xn -xp -mn -R -ePASBME {}/*', [0,10,15], [5,20,21,25], qr/(?:INFECTED|WARNING|SUSPICION|SUSPICIOUS) (.*)/m, ], ); 1; # insure a defined return value
erster Programmstart
Nun ist es an der Zeit unseren A MAil Virus Scanner das erste mal zu starten.
# service amavisd start Mail Virus Scanner (amavisd) starten: [ OK ]
Im /var/log/maillog wird der erfolgreiche Start ausreichend dokumentiert:
Jul 14 19:58:46 nss amavis[16065]: starting. /usr/sbin/amavisd at amavis.nausch.org amavisd-new-2.6.4 (20090625), Unicode aware, LANG="de_DE.UTF-8" Jul 14 19:58:46 nss amavis[16065]: user=103, EUID: 103 (103); group=, EGID: 106 106 (106 106) Jul 14 19:58:46 nss amavis[16065]: Perl version 5.008008 Jul 14 19:58:47 nss amavis[16065]: SpamControl: scanner SpamAssassin, module Amavis::SpamControl::SpamAssassin Jul 14 19:58:47 nss amavis[16065]: INFO: SA version: 3.2.5, 3.002005, no optional modules: Net::CIDR::Lite Sys::Hostname::Long Encode::Detect Razor2::Client::Agent IP::Coun try::Fast Image::Info Image::Info::GIF Image::Info::JPEG Image::Info::PNG Image::Info::TIFF Mail::SPF Mail::SPF::Server Mail::SPF::Request Mail::SPF::Mech Mail::SPF::Mech:: A Mail::SPF::Mech::PTR Mail::SPF::Mech::All Mail::SPF::Mech::Exists Mail::SPF::Mech::IP4 Mail::SPF::Mech::IP6 Mail::SPF::Mech::Include Mail::SPF::Mech::MX Mail::SPF::Mod Ma il::SPF::Mod::Exp Mail::SPF::Mod::Redirect Mail::SPF::SenderIPAddrMech Mail::SPF::v1::Record Mail::SPF::v2::Record NetAddr::IP NetAddr::IP::Util auto::NetAddr::IP::Util::in et_n2dx auto::NetAddr::IP::Util::ipv6_n2d auto::NetAddr::IP::Util::ipv6_n2x Error Jul 14 19:58:47 nss amavis[16065]: SpamControl: init_pre_chroot on SpamAssassin done Jul 14 19:58:47 nss amavis[16106]: Net::Server: Process Backgrounded Jul 14 19:58:47 nss amavis[16106]: Net::Server: 2009/07/14-19:58:47 Amavis (type Net::Server::PreForkSimple) starting! pid(16106) Jul 14 19:58:47 nss amavis[16106]: Net::Server: Binding to UNIX socket file /var/amavis/amavisd.sock using SOCK_STREAM Jul 14 19:58:47 nss amavis[16106]: Net::Server: Binding to TCP port 10024 on host 127.0.0.1 Jul 14 19:58:47 nss amavis[16106]: Net::Server: Group Not Defined. Defaulting to EGID '106 106' Jul 14 19:58:47 nss amavis[16106]: Net::Server: User Not Defined. Defaulting to EUID '103' Jul 14 19:58:47 nss amavis[16106]: config files read: /etc/amavisd.conf Jul 14 19:58:47 nss amavis[16106]: Module Amavis::Conf 2.207 Jul 14 19:58:47 nss amavis[16106]: Module Archive::Zip 1.16 Jul 14 19:58:47 nss amavis[16106]: Module BerkeleyDB 0.36 Jul 14 19:58:47 nss amavis[16106]: Module Compress::Zlib 2.02 Jul 14 19:58:47 nss amavis[16106]: Module Convert::TNEF 0.17 Jul 14 19:58:47 nss amavis[16106]: Module Convert::UUlib 1.051 Jul 14 19:58:47 nss amavis[16106]: Module Crypt::OpenSSL::RSA 0.25 Jul 14 19:58:47 nss amavis[16106]: Module DBD::mysql 4.012 Jul 14 19:58:47 nss amavis[16106]: Module DBI 1.52 Jul 14 19:58:47 nss amavis[16106]: Module DB_File 1.814 Jul 14 19:58:47 nss amavis[16106]: Module Digest::MD5 2.36 Jul 14 19:58:47 nss amavis[16106]: Module Digest::SHA 5.47 Jul 14 19:58:47 nss amavis[16106]: Module Digest::SHA1 2.11 Jul 14 19:58:47 nss amavis[16106]: Module IO::Socket::INET6 2.51 Jul 14 19:58:47 nss amavis[16106]: Module MIME::Entity 5.420 Jul 14 19:58:47 nss amavis[16106]: Module MIME::Parser 5.420 Jul 14 19:58:47 nss amavis[16106]: Module MIME::Tools 5.420 Jul 14 19:58:47 nss amavis[16106]: Module Mail::DKIM::Verifier 0.36 Jul 14 19:58:47 nss amavis[16106]: Module Mail::Header 1.77 Jul 14 19:58:47 nss amavis[16106]: Module Mail::Internet 1.77 Jul 14 19:58:47 nss amavis[16106]: Module Mail::SpamAssassin 3.002005 Jul 14 19:58:47 nss amavis[16106]: Module Net::DNS 0.59 Jul 14 19:58:47 nss amavis[16106]: Module Net::Server 0.97 Jul 14 19:58:47 nss amavis[16106]: Module Socket6 0.19 Jul 14 19:58:47 nss amavis[16106]: Module Time::HiRes 1.9715 Jul 14 19:58:47 nss amavis[16106]: Module URI 1.35 Jul 14 19:58:47 nss amavis[16106]: Module Unix::Syslog 1.1 Jul 14 19:58:47 nss amavis[16106]: Amavis::DB code loaded Jul 14 19:58:47 nss amavis[16106]: Amavis::Cache code loaded Jul 14 19:58:47 nss amavis[16106]: SQL base code NOT loaded Jul 14 19:58:47 nss amavis[16106]: SQL::Log code NOT loaded Jul 14 19:58:47 nss amavis[16106]: SQL::Quarantine NOT loaded Jul 14 19:58:47 nss amavis[16106]: Lookup::SQL code NOT loaded Jul 14 19:58:47 nss amavis[16106]: Lookup::LDAP code NOT loaded Jul 14 19:58:47 nss amavis[16106]: AM.PDP-in proto code loaded Jul 14 19:58:47 nss amavis[16106]: SMTP-in proto code loaded Jul 14 19:58:47 nss amavis[16106]: Courier proto code NOT loaded Jul 14 19:58:47 nss amavis[16106]: SMTP-out proto code loaded Jul 14 19:58:47 nss amavis[16106]: Pipe-out proto code NOT loaded Jul 14 19:58:47 nss amavis[16106]: BSMTP-out proto code NOT loaded Jul 14 19:58:47 nss amavis[16106]: Local-out proto code loaded Jul 14 19:58:47 nss amavis[16106]: OS_Fingerprint code NOT loaded Jul 14 19:58:47 nss amavis[16106]: ANTI-VIRUS code loaded Jul 14 19:58:47 nss amavis[16106]: ANTI-SPAM code loaded Jul 14 19:58:47 nss amavis[16106]: ANTI-SPAM-EXT code NOT loaded Jul 14 19:58:47 nss amavis[16106]: ANTI-SPAM-C code NOT loaded Jul 14 19:58:47 nss amavis[16106]: ANTI-SPAM-SA code loaded Jul 14 19:58:47 nss amavis[16106]: Unpackers code loaded Jul 14 19:58:47 nss amavis[16106]: DKIM code NOT loaded Jul 14 19:58:47 nss amavis[16106]: Tools code NOT loaded Jul 14 19:58:47 nss amavis[16106]: Found $file at /usr/bin/file Jul 14 19:58:47 nss amavis[16106]: No $altermime, not using it Jul 14 19:58:47 nss amavis[16106]: Internal decoder for .mail Jul 14 19:58:47 nss amavis[16106]: Internal decoder for .asc Jul 14 19:58:47 nss amavis[16106]: Internal decoder for .uue Jul 14 19:58:47 nss amavis[16106]: Internal decoder for .hqx Jul 14 19:58:47 nss amavis[16106]: Internal decoder for .ync Jul 14 19:58:47 nss amavis[16106]: Found decoder for .F at /usr/bin/unfreeze Jul 14 19:58:47 nss amavis[16106]: Found decoder for .Z at /usr/bin/uncompress Jul 14 19:58:47 nss amavis[16106]: Found decoder for .gz at /usr/bin/gzip -d Jul 14 19:58:47 nss amavis[16106]: Internal decoder for .gz (backup, not used) Jul 14 19:58:47 nss amavis[16106]: Found decoder for .bz2 at /usr/bin/bzip2 -d Jul 14 19:58:47 nss amavis[16106]: Found decoder for .lzo at /usr/bin/lzop -d Jul 14 19:58:47 nss amavis[16106]: Found decoder for .rpm at /usr/bin/rpm2cpio Jul 14 19:58:47 nss amavis[16106]: Found decoder for .cpio at /usr/bin/pax Jul 14 19:58:47 nss amavis[16106]: Found decoder for .tar at /usr/bin/pax Jul 14 19:58:47 nss amavis[16106]: Found decoder for .deb at /usr/bin/ar Jul 14 19:58:47 nss amavis[16106]: Internal decoder for .zip Jul 14 19:58:47 nss amavis[16106]: No decoder for .7z tried: 7zr, 7za, 7z Jul 14 19:58:47 nss amavis[16106]: Found decoder for .rar at /usr/bin/unrar Jul 14 19:58:47 nss amavis[16106]: Found decoder for .arj at /usr/bin/arj Jul 14 19:58:47 nss amavis[16106]: Found decoder for .arc at /usr/bin/nomarch Jul 14 19:58:47 nss amavis[16106]: Found decoder for .zoo at /usr/bin/zoo Jul 14 19:58:47 nss amavis[16106]: Found decoder for .lha at /usr/bin/lha Jul 14 19:58:47 nss amavis[16106]: Found decoder for .cab at /usr/bin/cabextract Jul 14 19:58:47 nss amavis[16106]: No decoder for .tnef tried: tnef Jul 14 19:58:47 nss amavis[16106]: Internal decoder for .tnef Jul 14 19:58:47 nss amavis[16106]: Found decoder for .exe at /usr/bin/unrar; /usr/bin/lha; /usr/bin/arj Jul 14 19:58:47 nss amavis[16106]: Using primary internal av scanner code for ClamAV-clamd Jul 14 19:58:47 nss amavis[16106]: No primary av scanner: KasperskyLab AVP - aveclient Jul 14 19:58:47 nss amavis[16106]: No primary av scanner: KasperskyLab AntiViral Toolkit Pro (AVP) Jul 14 19:58:47 nss amavis[16106]: No primary av scanner: KasperskyLab AVPDaemonClient Jul 14 19:58:47 nss amavis[16106]: No primary av scanner: CentralCommand Vexira (new) vascan Jul 14 19:58:47 nss amavis[16106]: No primary av scanner: Avira AntiVir Jul 14 19:58:47 nss amavis[16106]: No primary av scanner: Command AntiVirus for Linux Jul 14 19:58:47 nss amavis[16106]: No primary av scanner: Symantec CarrierScan via Symantec CommandLineScanner Jul 14 19:58:47 nss amavis[16106]: No primary av scanner: Symantec AntiVirus Scan Engine Jul 14 19:58:47 nss amavis[16106]: No primary av scanner: F-Secure Antivirus for Linux servers Jul 14 19:58:47 nss amavis[16106]: No primary av scanner: CAI InoculateIT Jul 14 19:58:47 nss amavis[16106]: No primary av scanner: CAI eTrust Antivirus Jul 14 19:58:47 nss amavis[16106]: No primary av scanner: MkS_Vir for Linux (beta) Jul 14 19:58:47 nss amavis[16106]: No primary av scanner: MkS_Vir daemon Jul 14 19:58:47 nss amavis[16106]: No primary av scanner: ESET NOD32 Linux Mail Server - command line interface Jul 14 19:58:47 nss amavis[16106]: No primary av scanner: ESET NOD32 for Linux File servers Jul 14 19:58:47 nss amavis[16106]: No primary av scanner: Norman Virus Control v5 / Linux Jul 14 19:58:47 nss amavis[16106]: No primary av scanner: Panda CommandLineSecure 9 for Linux Jul 14 19:58:47 nss amavis[16106]: No primary av scanner: NAI McAfee AntiVirus (uvscan) Jul 14 19:58:47 nss amavis[16106]: No primary av scanner: VirusBuster Jul 14 19:58:47 nss amavis[16106]: No primary av scanner: CyberSoft VFind Jul 14 19:58:47 nss amavis[16106]: No primary av scanner: avast! Antivirus Jul 14 19:58:47 nss amavis[16106]: No primary av scanner: Ikarus AntiVirus for Linux Jul 14 19:58:47 nss amavis[16106]: No primary av scanner: BitDefender Jul 14 19:58:47 nss amavis[16106]: No primary av scanner: BitDefender Jul 14 19:58:47 nss amavis[16106]: No primary av scanner: ArcaVir for Linux Jul 14 19:58:47 nss amavis[16106]: Found secondary av scanner ClamAV-clamscan at /usr/bin/clamscan Jul 14 19:58:47 nss amavis[16106]: No secondary av scanner: F-PROT Antivirus for UNIX Jul 14 19:58:47 nss amavis[16106]: No secondary av scanner: FRISK F-Prot Antivirus Jul 14 19:58:47 nss amavis[16106]: No secondary av scanner: Trend Micro FileScanner Jul 14 19:58:47 nss amavis[16106]: No secondary av scanner: drweb - DrWeb Antivirus Jul 14 19:58:47 nss amavis[16106]: No secondary av scanner: Kaspersky Antivirus v5.5 Jul 14 19:58:47 nss amavis[16106]: Creating db in /var/amavis/db/; BerkeleyDB 0.36, libdb 4.3 Jul 14 19:58:47 nss amavis[16106]: initializing Mail::SpamAssassin Jul 14 19:58:47 nss amavis[16106]: SpamAssassin debug facilities: info Jul 14 19:58:49 nss amavis[16106]: SpamAssassin loaded plugins: AWL, AutoLearnThreshold, Bayes, BodyEval, Check, DNSEval, HTMLEval, HTTPSMismatch, Hashcash, HeaderEval, Ima geInfo, MIMEEval, MIMEHeader, Pyzor, Razor2, RelayEval, ReplaceTags, SPF, SpamCop, URIDNSBL, URIDetail, URIEval, VBounce, WLBLEval, WhiteListSubject Jul 14 19:58:49 nss amavis[16106]: SpamControl: init_pre_fork on SpamAssassin done Jul 14 19:58:49 nss amavis[16106]: DKIM signature verification disabled, corresponding features not available. If not intentional, consider enabling it by setting: $enable_ dkim_verification to 1, or explicitly disable it by setting it to 0 to quench down this warning. Jul 14 19:58:49 nss amavis[16130]: TIMING [total 7 ms] - bdb-open: 7 (100%)100, rundown: 0 (0%)100 Jul 14 19:58:49 nss amavis[16131]: TIMING [total 6 ms] - bdb-open: 6 (100%)100, rundown: 0 (0%)100 Jul 14 19:58:49 nss amavis[16132]: TIMING [total 7 ms] - bdb-open: 7 (100%)100, rundown: 0 (0%)100 Jul 14 19:58:49 nss amavis[16133]: TIMING [total 6 ms] - bdb-open: 6 (100%)100, rundown: 0 (0%)100
Über den Port 10024 sollte nun unser daemon ansprechbar sein. Was wir auch sehr einfach mittels lsof überprüfen können:
lsof -i :10024
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
amavisd 29499 amavis 6u IPv4 6036705 TCP localhost.localdomain:10024 (LISTEN)
amavisd 29501 amavis 6u IPv4 6036705 TCP localhost.localdomain:10024 (LISTEN)
amavisd 29502 amavis 6u IPv4 6036705 TCP localhost.localdomain:10024 (LISTEN)
Via telnet localhost 10024 können wir uns nun zum virusscanner-daemon verbinden.
telnet localhost 10024 Trying 127.0.0.1... Connected to localhost.localdomain (127.0.0.1). Escape character is '^]'. 220 [127.0.0.1] ESMTP amavisd-new service ready quit 221 2.0.0 [127.0.0.1] amavisd-new closing transmission channel Connection closed by foreign host.
automatisches Starten des Dienste beim Systemstart
Damit nun unser AMaViS-Server beim Booten automatisch gestartet wird, nehmen wir noch folgende Konfigurationsschritte vor.
chkconfig amavisd on
Anschließend überprüfen wir noch unsere Änderung:
chkconfig --list | grep amavisd amavisd 0:Aus 1:Aus 2:Ein 3:Ein 4:Ein 5:Ein 6:Aus
Postfix
Konfiguration
Wie schon beim Punkt Konfiguration beschrieben, erweitern wir nun unsere Postfixkonfiguration so, dass die zwei Ports 10024 und 10025 von Postfix bedient werden.
Diese Ergänzungen definieren wir in der vim /etc/postfix/master.cf.
vim /etc/postfix/master.cf # # Postfix master process configuration file. For details on the format # of the file, see the master(5) manual page (command: "man 5 master"). # # ========================================================================== # service type private unpriv chroot wakeup maxproc command + args # (yes) (yes) (yes) (never) (100) # ========================================================================== smtp inet n - n - - smtpd -o smtpd_proxy_filter=localhost:10024 -o content_filter= localhost:10025 inet n - n - - smtpd -o content_filter= -o smtpd_proxy_filter= -o smtpd_authorized_xforward_hosts=127.0.0.0/8 -o smtp_client_restrictions= -o smtp_helo_restrictions= -o smtp_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o smtp_data_restrictions= -o mynetworks=127.0.0.0/8 -o receive_override_options=no_unknown_recipient_checks
Neustart
Zur aktivierung unserer Änderung starten wir unseren Mailserver einmal durch:
service postfix restart Postfix beenden: [ OK ] Postfix starten: [ OK ]
Test
Über den Port 10024 sollte nun unser daemon ansprechbar sein. Was wir auch sehr einfach mittels lsof überprüfen können:
lsof -i :25
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
master 28235 root 11u IPv4 1396426 TCP *:smtp (LISTEN)
smtpd 28242 postfix 6u IPv4 1396426 TCP *:smtp (LISTEN)
Von der Konsole aus testen wir nun den Zugang über Port25:
telnet localhost 25 Trying 127.0.0.1... Connected to localhost.localdomain (127.0.0.1). Escape character is '^]'. 220 mx1.nausch.org ESMTP Postfix quit 221 2.0.0 Bye Connection closed by foreign host.
Für den zweiten Port 10025 machen wir auch noch den gleichen Test.
lsof -i :10025
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
master 28235 root 14u IPv4 1396432 TCP localhost.localdomain:10025 (LISTEN)
smtpd 28248 postfix 6u IPv4 1396432 TCP localhost.localdomain:10025 (LISTEN)
Auch hier prüfen wir via telnet, ob unser Postfix auf Anfragen auf Port 10025 reagiert.
telnet localhost 10025 Trying 127.0.0.1... Connected to localhost.localdomain (127.0.0.1). Escape character is '^]'. 220 mx1.nausch.org ESMTP Postfix quit 221 2.0.0 Bye Connection closed by foreign host.
RAM-Disk für AMaViS
Da sich bei entsprechenden Trafic die Zugriffe auf die Harddisk ungünstig auf die Performance auswirkt, legen wir eine RAM-Disk für den Virenscanner an. Dort kann er dann die Attachments ablegen und entpacken.
Wir legen uns eine 250 MB große RAM-Disk an:
vim /etc/fstab /dev/shm /var/amavis/tmp tmpfs defaults,size=250m,mode=750,uid=103,gid=106 0 0
Anschließend mounten wir unser neues Laufwerk mit
mount /var/amavis/tmp
Je nach Belastung werden nun in unserem Arbeitsverzeichnis die Daten abgelegt
df -h -t tmpfs Dateisystem Größe Benut Verf Ben% Eingehängt auf /dev/shm 250M 16K 250M 1% /var/amavis/tmp