Quản trị net diễn đàn chia sẻ thông tin các thủ thuật mạng, internet bảo mật thông tin dành cho giới IT VIệt hy vọng là nơi bổ ích cho cộng đồng - View Single Post - Install antivirus and antispam with Clam AntiVirus.

13-10-2009, 02:00 PM

Install antivirus and antispam with Clam AntiVirus.

1. Install antivirus. It's Clam AntiVirus.

[root@mail ~]# yum --enablerepo=dag -y install clamav // install from DAG

Loading "installonlyn" plugin
Loading "fastestmirror" plugin
Setting up Install Process
Setting up repositories
dag 100% |=========================| 1.1 kB 00:00

base 100% |=========================| 1.1 kB 00:00

updates 100% |=========================|951 B 00:00

addons 100% |=========================|951 B 00:00

extras 100% |=========================| 1.1 kB 00:00

Loading mirror speeds from cached hostfile
Reading repository metadata in from local files
primary.xml.gz 100% |=========================| 952 kB 00:00

dag: ######################################### 3118/3118

Added 3118 new packages, deleted 0 old in 12.60 seconds
Parsing package install arguments
Resolving Dependencies
--> Populating transaction set with selected packages. Please wait.
---> Downloading header for clamav to pack into transaction set.
clamav-0.90.2-1.el5.rf.i3 100% |====================| 9.4 kB 00:00

---> Package Package clamav.i386 0:0.90.2-1.el5.rf set to be updated
--> Processing Dependency: clamav-db = 0.90.2-1.el5.rf for package: clamav
--> Restarting Dependency Resolution with new changes.
--> Populating transaction set with selected packages. Please wait.
---> Downloading header for clamav-db to pack into transaction set.
clamav-db-0.90.2-1.el5.rf 100% |====================| 3.7 kB 00:00

---> Package clamav-db.i386 0:0.90.2-1.el5.rf set to be updated
--> Running transaction check

Dependencies Resolved

================================================== =========
Package Arch
Version
Repository
Size

================================================== =========
Installing:
clamav i386
0.90.2-1.el5.rf
dag
1.0 M

Installing for dependencies:
clamav-db i386
0.90.2-1.el5.rf
dag
9.1 M

Transaction Summary
================================================== =========
Install 2 Package(s)

Update 0 Package(s)

Remove 0 Package(s)

Total download size: 10 M
Downloading Packages:
(1/2): clamav-0.90.2-1.el 100% |====================| 1.0 MB 00:00

(2/2): clamav-db-0.90.2-1 100% |====================| 9.1 MB 00:00

Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
Installing: clamav-db#################################### [1/2]

Installing: clamav#################################### [2/2]

Installed: clamav.i386 0:0.90.2-1.el5.rf
Dependency clamav-db.i386 0:0.90.2-1.el5.rf
Complete!

Trích dẫn:

[root@mail ~]# vi /etc/freshclam.conf

#NotifyClamd /etc/clamd.conf // line 96: make it comment

[root@mail ~]# freshclam // update policy file

ClamAV update process started at Mon Apr 23 00:52:58 2007
main.cvd is up to date (version: 43, sigs: 104500, f-level: 14, builder: sven)
Downloading daily-3147.cdiff [100%]
Downloading daily-3147.cdiff [100%]
daily.cvd updated (version: 3147, sigs: 6671, f-level: 15, builder: sven)
Database updated (111171 signatures) from db.jp.clamav.net (IP: 61.205.61.201)
[root@mail ~]# clamscan --infected --remove --recursive /home

----------- SCAN SUMMARY -----------
Known viruses: 111194
Engine version: 0.90.2
Scanned directories: 23
Scanned files: 33
Infected files: 0
Data scanned: 0.16 MB
Time: 2.721 sec (0 m 2 s)
[root@mail ~]# wget http://www.eicar.org/download/eicar.com // trial virus

Resolving www.eicar.org... 88.198.38.136
Connecting to www.eicar.org|88.198.38.136|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 68 [application/x-msdos-program]
Saving to: `eicar.com'

100%[=======================================>] 68 --.-K/s in 0s

19:26:23 (5.90 MB/s) - `eicar.com' saved [68/68]

[root@mail ~]# clamscan --infected --remove --recursive .

./eicar.com: Eicar-Test-Signature FOUND
./eicar.com: Removed// delete trial virus

----------- SCAN SUMMARY -----------
Known viruses: 111194
Engine version: 0.90.2
Scanned directories: 5
Scanned files: 12
Infected files: 1// just detected

Data scanned: 0.02 MB
Time: 2.599 sec (0 m 2 s)

2. Configure SMTP Server in order to scan email to protect from virus or spam.

Trích dẫn:

[root@mail ~]# yum --enablerepo=dag -y install clamd amavisd-new

---------- many packages are installed ----------

[root@mail ~]# vi /etc/clamd.conf

LocalSocket /var/run/clamav/clamd.sock // line 72: change

#TCPSocket 3310 // line 80: make it comment

AllowSupplementaryGroups yes // line 149: change

[root@mail ~]# vi /etc/amavisd.conf

$mydomain = 'server-linux.info'; // line 20: specify domain name

#$virus_admin = "virusalert\@$mydomain"; // line 80: not notify if virus detected

$myhostname = 'mail.server-linux.info'; // line 113: make valid and specify FQDN

$notify_method = 'smtp:[127.0.0.1]:10025'; // line 115,116: make valid

$forward_method = 'smtp:[127.0.0.1]:10025';

$final_virus_destiny= D_DISCARD; // line 118: make these 4 lines valid

$final_banned_destiny= D_BOUNCE;

$final_spam_destiny= D_BOUNCE;

$final_bad_header_destiny = D_PASS;

['ClamAV-clamd', // line 321: make these 4 lines valid

\&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd.sock "], // add

qr/\bOK$/, qr/\bFOUND$/,
qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],

[root@mail ~]# vi /etc/postfix/main.cf

content_filter=smtp-amavis:[127.0.0.1]:10024 // add at the bottom

[root@mail ~]# vi /etc/postfix/master.cf

// add these lines at the bottom

smtp-amavis unix - - n - 2 smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
-o disable_dns_lookups=yes
127.0.0.1:10025 inet n - n - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,rej ect
-o mynetworks=127.0.0.0/8
-o strict_rfc821_envelopes=yes
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000

[root@mail ~]# /etc/rc.d/init.d/clamd start

Stopping Clam AntiVirus Daemon: [ OK ]

Starting Clam AntiVirus Daemon: Running as user clamav (UID 100, GID 101) [ OK ]

[root@mail ~]# /etc/rc.d/init.d/amavisd start

Starting Mail Virus Scanner (amavisd): [ OK ]

[root@mail ~]# /etc/rc.d/init.d/spamassassin start

Starting spamd: [ OK ]

[root@mail ~]# /etc/rc.d/init.d/postfix restart

Shutting down postfix: [ OK ]

Starting postfix: [ OK ]

[root@mail ~]# chkconfig amavisd on

[root@mail ~]# chkconfig spamassassin on

[root@mail ~]# chkconfig clamd on

Following lines are added in header section of email after this configuration.