一、 假設下列套件褲1.、2.皆有安裝
1.安裝EPEL Extra Packages for Enterprise Linux repository configuration
二、更新套件庫
yum -y update
三、再檢查clam資料是否存在於套件庫
[root@dns yum.repos.d]# yum list | grep clam
clamav.i686 0.98-2.el6 epel
clamav.x86_64 0.98-2.el6.rf rpmforge
clamav-db.x86_64 0.98-2.el6.rf rpmforge
clamav-devel.i686 0.98-2.el6 epel
clamav-devel.x86_64 0.98-2.el6.rf rpmforge
clamav-milter.x86_64 0.98-2.el6.rf rpmforge
clamav-unofficial-sigs.noarch 3.7.1-6.el6 epel
clamd.x86_64 0.98-2.el6.rf rpmforge
clamsmtp.x86_64 1.10-6.el6 epel
clamtk.noarch 4.25-1.el6.rf rpmforge
clamz.x86_64 0.5-0.el6 epel
claws-mail-plugins-clamd.x86_64 3.9.0-2.el6 epel
四、確認存在後安裝 clamd,就會安裝相依的程式
[root@dns yum.repos.d]# yum install clamd
Loaded plugins: fastestmirror, refresh-packagekit, security
Loading mirror speeds from cached hostfile
* base: mirrors.grandcloud.cn
* epel: ftp.cuhk.edu.hk
* extras: mirrors.btte.net
* rpmforge: ftp.kddilabs.jp
* updates: mirror.esocc.com
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package clamd.x86_64 0:0.98-2.el6.rf will be installed
--> Processing Dependency: clamav = 0.98-2.el6.rf for package: clamd-0.98-2.el6.rf.x86_64
--> Processing Dependency: libclamav.so.6(CLAMAV_PRIVATE)(64bit) for package: clamd-0.98-2.el6.rf.x86_64
--> Processing Dependency: libclamav.so.6(CLAMAV_PUBLIC)(64bit) for package: clamd-0.98-2.el6.rf.x86_64
--> Processing Dependency: libclamav.so.6()(64bit) for package: clamd-0.98-2.el6.rf.x86_64
--> Running transaction check
---> Package clamav.x86_64 0:0.98-2.el6.rf will be installed
--> Processing Dependency: clamav-db for package: clamav-0.98-2.el6.rf.x86_64
--> Running transaction check
---> Package clamav-db.x86_64 0:0.98-2.el6.rf will be installed
--> Finished Dependency Resolution
Dependencies Resolved
================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
clamd x86_64 0.98-2.el6.rf rpmforge 147 k
Installing for dependencies:
clamav x86_64 0.98-2.el6.rf rpmforge 2.2 M
clamav-db x86_64 0.98-2.el6.rf rpmforge 34 M
Transaction Summary
================================================================================
Install 3 Package(s)
Total download size: 37 M
Installed size: 42 M
Is this ok [y/N]: y
Downloading Packages:
(1/3): clamav-0.98-2.el6.rf.x86_64.rpm | 2.2 MB 00:05
(2/3): clamav-db-0.98-2.el6.rf.x86_64.rpm | 34 MB 02:10
(3/3): clamd-0.98-2.el6.rf.x86_64.rpm | 147 kB 00:00
--------------------------------------------------------------------------------
Total 274 kB/s | 37 MB 02:17
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Installing : clamav-db-0.98-2.el6.rf.x86_64 1/3
Installing : clamav-0.98-2.el6.rf.x86_64 2/3
Installing : clamd-0.98-2.el6.rf.x86_64 3/3
Verifying : clamav-0.98-2.el6.rf.x86_64 1/3
Verifying : clamd-0.98-2.el6.rf.x86_64 2/3
Verifying : clamav-db-0.98-2.el6.rf.x86_64 3/3
Installed:
clamd.x86_64 0:0.98-2.el6.rf
Dependency Installed:
clamav.x86_64 0:0.98-2.el6.rf clamav-db.x86_64 0:0.98-2.el6.rf
Complete!
五、編輯/etc/clamd.conf
註記掉#TCPSocket 3310
重新啟動clam
/etc/init.d/clamd start
更新病毒碼
freshclam
或設定為每一天自動更新一次病毒碼
freshclam -d -c 2
六、自動執行clam
[root@dns etc]# chkconfig clamd on
[root@dns etc]# chkconfig --list | grep clamd
clamd 0:關閉 1:關閉 2:開啟 3:開啟 4:開啟 5:開啟 6:關閉
七、ClamAV的圖形介面ClamTK
於 http://code.google.com/p/clamtk/
下載檔案安裝即可
八、安裝SpamAssassin
1.yum install spamassassin
2.備份設定檔 /etc/mail/spamassassin/local.cf
3.設定local.cf
檢視可設定參數 perldoc Mail::SpamAssassin::Conf
設定內容
required_hits 5
report_safe 0 # 就算是spam也不要修改mail body
rewrite_header Subject [SPAM]
use_bayes 1
bayes_auto_learn 1
skip_rbl_checks 0
use_razor2 1 #must install razor2 plugin
use_dcc 1 #must install dcc plugin
use_pyzor 1 #must install pyzoe plugin
ok_languages all #check all languages
ok_locales all
4.安裝其他垃圾信件程式與spamassassin協同作業
先安裝razor2、pyzor、razor-agents與perl-Razor-Agent
yum install pyzor
yum install perl-Razor-Agent
yum install razor-agents
DCC必須在九、amavisd-new完成後再執行安裝DCC
下載最新版DCC http://www.rhyolite.com/dcc/source/dcc.tar.Z
tar xzvf dcc.tar.Z //目前版本是dcc-1.3.152
cd dcc-1.3.152
./configure --with-uid=amavis
//amavis帳號在九、amavisd-new才會建立完成
make
make install
chown -R amavis:amavis /var/dcc
//amavis群組與帳號在九、amavisd-new才會建立完成
ln -s /var/dcc/libexec/dccifd /usr/local/bin/dccifd
pyzor http://sourceforge.net/apps/trac/pyzor/
razor http://razor.sourceforge.net/
dcc http://www.rhyolite.com/dcc/
5.確認/etc/mail/spamassassin/v310.pre 檔案中下列沒備註解掉,若有請移除註解
loadplugin Mail::SpamAssassin::Plugin::DCC
loadplugin Mail::SpamAssassin::Plugin::Pyzor
loadplugin Mail::SpamAssassin::Plugin::Razor2
loadplugin Mail::SpamAssassin::Plugin::AWL
loadplugin Mail::SpamAssassin::Plugin::TextCat
6.檢查設定參數是否正確 spamassassin -x -D --lint
檢測發現有模組未安裝訊息如下......
11月 15 15:58:03.192 [27247] dbg: diag: [...] module not installed: Mail::SPF ('require' failed)
11月 15 15:58:03.192 [27247] dbg: diag: [...] module not installed: IP::Country::Fast ('require' failed)
11月 15 15:58:03.192 [27247] dbg: diag: [...] module not installed: Net::Ident ('require' failed)
執行指令perl -MCPAN -e shell 進入CPAN安裝上列缺少模組
install Mail::SPF
install IP::Country::Fast
install Net::Ident
備註:
1.若發生於CPAN中無法安裝模組的狀況時,請使用下列方式安裝
yum install 'perl(Mail::SPF)'
yum install 'perl(IP::Country::Fast)'
yum install 'perl(Net::Ident)'
2.若執行perl -MCPAN -e shell發生下列錯誤時
[root@dns 下載]# perl -MCPAN -e shell
Can't locate CPAN.pm in @INC (@INC contains: /usr/local/lib64/perl5 /usr/local/share/perl5 /usr/lib64/perl5/vendor_perl /usr/share/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5 .).
BEGIN failed--compilation aborted.
請先執行 yum install perl-CPAN
反覆執行spamassassin -x -D --lint 並檢視錯誤訊息後解決錯誤
7.測試spamassassin
spamassassin -t -D razor2 < /usr/share/doc/spamassassin-3.3.1/sample-spam.txt
spamassassin -t -D pyzor < /usr/share/doc/spamassassin-3.3.1/sample-spam.txt
cdcc info
九、安裝amavisd-new
1.於 http://www.ijs.si/software/amavisd/ 下載檔案 amavisd-new-2.8.2-rc1.tar.bz2
2.建立家目錄 /var/amavis
3.新增群組 groupadd -r amavis
4.新增帳號 useradd -g amavis -d '/var/amavis' -c 'Amavis email scan user' -s '/sbin/nologin' -r amavis
5.將clamav加入群組amavis
gpasswd -a clamav amavis
6.再於 /var/amavis下建立 var、tmp、db、home四個目錄
mkdir /var/amavis/tmp /var/amavis/var /var/amavis/db /var/amavis/home
7.更改/var/amavis的權限
chown -R amavis:amavis /var/amavis
chmod -R 750 /var/amavis
8.將下載的檔案解壓縮到 /usr/local/amavisd/
9.設定執行檔
cp /usr/local/amavisd/amavisd /usr/local/sbin/
chown root /usr/local/sbin/amavisd
chmod 755 /usr/local/sbin/amavisd
ln -s /usr/local/sbin/amavisd /usr/sbin/amavisd
10.設定amavis的設定檔
cp /usr/local/amavisd/amavisd.conf /etc/
chown root:amavis /etc/amavisd.conf
chmod 640 /etc/amavisd.conf
11.建立病毒信件隔離目錄
mkdir /var/virusmails
chown amavis:amavis /var/virusmails
chmod 750 /var/virusmails
12.修改設定檔/etc/amavisd.conf
將下列三個項目註記移除
$MYHOME = '/var/amavis';
$TEMPBASE = "$MYHOME/tmp";
$db_home = "$MYHOME/db";
更改domain
$mydomain = '我的網域名稱'; # a convenient default for other settings
修改執行帳號與群組為上列步驟建立的amavis
$daemon_user = 'amavis'; # (no default; customary: vscan or amavis), -u
$daemon_group = 'amavis'; # (no default; customary: vscan or amavis), -g
設定主機名稱
$myhostname = '我的完整主機名稱'; # must be a fully-qualified domain name!
/etc/amavisd.conf 中的 “/var/run/clamav/clamd.sock" 要和
/etc/clamd.conf 檔中的 "LocalSocket /var/run/clamav/clamd.sock" 設定相吻合,並取消幾行註解如下:
# ### http://www.clamav.net/
['ClamAV-clamd',
\&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd.sock"],
qr/\bOK$/m, qr/\bFOUND$/m,
qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ],
# # NOTE: run clamd under the same user as amavisd - or run it under its own
# # uid such as clamav, add user clamav to the amavis group, and then add
# # AllowSupplementaryGroups to clamd.conf;
# # NOTE: match socket name (LocalSocket) in clamav.conf to the socket name in
# # this entry; when running chrooted one may prefer a socket under $MYHOME.
13.以除錯模式執行amavisd
It is wise to start it up for the first time with a 'debug' option:
/usr/local/sbin/amavisd -u amavis debug
or:
/usr/local/sbin/amavisd debug
When checking SpamAssassin operations, the following can be useful:
/usr/local/sbin/amavisd debug-sa
執行結果.......
[root@dns bin]# /usr/local/sbin/amavisd debug-sa
ERROR: MISSING REQUIRED BASIC MODULES:
IO::Stringy
Unix::Syslog
MIME::Words
MIME::Head
MIME::Body
MIME::Entity
MIME::Parser
MIME::Decoder
MIME::Decoder::Base64
MIME::Decoder::Binary
MIME::Decoder::QuotedPrint
MIME::Decoder::NBit
MIME::Decoder::UU
MIME::Decoder::Gzip64
Net::Server
Net::Server::PreFork
BEGIN failed--compilation aborted at /usr/local/sbin/amavisd line 242.
14.在13步驟發現缺少Perl元件,Stringy,使用CPAN來安裝
執行 perl -MCPAN -e shell 進入交談模式
依序執行
install IO::Stringy
install Unix::Syslog
install MIME::Words
install MIME::Head
install MIME::Body
install MIME::Entity
install MIME::Parser
install MIME::Decoder
install MIME::Decoder::Base64
install MIME::Decoder::Binary
install MIME::Decoder::QuotedPrint
install MIME::Decoder::NBit
install MIME::Decoder::UU
install MIME::Decoder::Gzip64
install Net::Server
install Net::Server::PreFork
由於某些模組可能包在一起安裝,最後安裝某些元件後再執行13步驟檢查缺少的模組,
某些功能需要g++ ,若需要安裝則執行 yum install gcc-c++ 安裝
某些需要YAML,CPAN中執行 install YAML安裝
某些功能需要DBI,CPAN中執行install DBI安裝
上列皆成功安裝完成後再次以除錯模式執行amavisd
[root@dns var]# /usr/local/sbin/amavisd debug
fetch_modules: error loading optional module MIME/Decoder/BinHex.pm:
Can't locate Convert/BinHex.pm in @INC (@INC contains: /usr/local/lib64/perl5 /usr/local/share/perl5 /usr/lib64/perl5/vendor_perl /usr/share/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5) at /usr/local/share/perl5/MIME/Decoder/BinHex.pm line 45.
BEGIN failed--compilation aborted at /usr/local/share/perl5/MIME/Decoder/BinHex.pm line 45.
Compilation failed in require at /usr/local/sbin/amavisd line 203.
drop_priv: No such username: vscan
套件相依的問題,一樣執行CPAN安裝 BinHex
install Convert::BinHex
上列皆成功安裝完成後再次以除錯模式執行amavisd
[root@dns var]# /usr/local/sbin/amavisd debug
Problem in Amavis::DB or Amavis::DB::SNMP code: Can't locate BerkeleyDB.pm in @INC (@INC contains: /usr/local/lib64/perl5 /usr/local/share/perl5 /usr/lib64/perl5/vendor_perl /usr/share/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5) at (eval 83) line 21.
BEGIN failed--compilation aborted at (eval 83) line 21.
套件相依的問題,先執行CPAN安裝BerkeleyDB
install BerkeleyDB
cpan會嘗試安裝版本BerkeleyDB-0.54.tar.gz
若使用CPAN安裝BerkeleyDB模組發生問題,改用
yum install perl-BerkeleyDB
yum會安裝版本 perl-BerkeleyDB.x86_64 0:0.43-3.el6
若執行/usr/local/sbin/amavisd debug 無錯誤訊息,就設定讓其開機自動啟動
cp /usr/local/amavisd/amavisd_init.sh /etc/init.d/amavisd
chmod 755 /etc/init.d/amavisd
chkconfig --add amavisd
chkconfig amavisd on
十、設定postfix讓postfix使用amavis當作content filter
1.
vi /etc/postfix/main.cf
加上
#use amavisd as filter on port 10024
content_filter=amavisd:[127.0.0.1]:10024
2.
vi /etc/postfix/master.cf
於檔案最後面加上下列文字
amavisd unix - - n - 2 lmtp
-o lmtp_data_done_timeout=1200
-o lmtp_send_xforward_command=yes
-o disable_dns_lookups=yes
-o max_use=20
127.0.0.1:10025 inet n - n - - smtpd
-o content_filter=
-o smtpd_delay_reject=no
-o smtpd_client_restrictions=permit_mynetworks,reject
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject_non_fqdn_recipient,reject_unknown_recipient_domain,permit_sasl_authenticated,reject_unauth_destination,reject_non_fqdn_sender,reject_unknown_sender_domain,reject,check_policy_service unix:postgrey/socket
-o smtpd_data_restrictions=reject_unauth_pipelining
-o smtpd_end_of_data_restrictions=
-o smtpd_restriction_classes=
-o mynetworks=127.0.0.0/8
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
-o smtpd_client_connection_count_limit=0
-o smtpd_client_connection_rate_limit=0
-o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters
-o local_header_rewrite_clients=
-o smtpd_milters=
-o local_recipient_maps=
-o relay_recipient_maps=
3.重啟動amavisd
service amavisd restart
4.重啟postfix
service postfix restart
備註:
外部寄信過來時發生無法收信的狀況,
於/var/log/messages發現下列訊息:
Jan 2 00:52:28 dns kernel: type=1400 audit(1388595148.764:41): avc: denied { read } for pid=10289 comm="clamd" name="parts" dev=dm-0 ino=2888613 scontext=system_u:system_r:antivirus_t:s0 tcontext=unconfined_u:object_r:var_t:s0 tclass=dir
Jan 2 00:52:28 dns clamd[2234]: lstat() failed on: /var/amavis/tmp/amavis-20140102T005228-09919-eJEnXPA_/parts
發現又是SELinux造成的問題
執行下列指令
[root@dns log]# getsebool -a | grep antivirus
antivirus_can_scan_system --> off
antivirus_use_jit --> off
發現有兩個與防毒程式相關的參數預設為關閉
執行下列指令開啟
[root@dns log]# setsebool -P antivirus_can_scan_system 1
[root@dns log]#setsebool -P antivirus_use_jit 1
參考資料:
http://wiki.centos.org/HowTos/Amavisd?highlight=%28clamav%29
http://www.rootlinks.net/2013/04/20/install-clamav-for-centos-6-3-x86_64/
留言列表
軟體開發 (1)
{{ article.title }}