 |
|
|
| ◆ | ウィルスメール・スパムメールの検知・ 駆除・振り分け |
| SpamAssassin と言うLinux用のフリーソフトを使ってスパムメールの検知・
駆除・振り分けをします。 また、この設定はAntiVirusソフト Clamay AntiVirus と連動させますので、このサイトの『ウィルスメールの検知・駆除』が先に設定されていることが条件になります。 |
|
| ◆ | SpamAssassinのインストール |
|
SpamAssassin は Linux用のフリーのスパムメール検知スソフトです。 下記のように入力します。青文字が入力文字です。 |
|
|
[root@linux]# yum install spamassassin ← 入力 Loading "downloadonly" plugin Setting up Install Process Parsing package install arguments Resolving Dependencies --> Running transaction check ---> Package spamassassin.i386 0:3.2.4-1.fc8 set to be updated --> Processing Dependency: perl(IO::Socket::INET6) for package: spamassassin --> Processing Dependency: perl(IO::Zlib) >= 1.04 for package: spamassassin --> Processing Dependency: perl(Archive::Tar) >= 1.23 for package: spamassassin --> Processing Dependency: perl(ExtUtils::MakeMaker) for package: spamassassin --> Processing Dependency: perl(IO::Socket::SSL) for package: spamassassin --> Processing Dependency: perl(Net::DNS) for package: spamassassin --> Processing Dependency: perl(Archive::Tar) for package: spamassassin --> Processing Dependency: perl(Digest::SHA1) for package: spamassassin --> Running transaction check ---> Package perl-Archive-Tar.noarch 0:1.34-1.fc8 set to be updated ---> Package perl-Net-DNS.i386 0:0.61-1.fc8 set to be updated --> Processing Dependency: perl(Digest::HMAC_MD5) for package: perl-Net-DNS --> Processing Dependency: perl(Net::IP) for package: perl-Net-DNS ---> Package perl-IO-Socket-INET6.noarch 0:2.51-2.fc8.1 set to be updated --> Processing Dependency: perl(Socket6) for package: perl-IO-Socket-INET6 ---> Package perl-Digest-SHA1.i386 0:2.11-4.fc8 set to be updated ---> Package perl-ExtUtils-MakeMaker.i386 0:6.30-39.fc8 set to be updated --> Processing Dependency: perl(Test::Harness) for package: perl-ExtUtils-MakeMaker --> Processing Dependency: perl-devel for package: perl-ExtUtils-MakeMaker --> Processing Dependency: perl = 4:5.8.8-39.fc8 for package: perl-ExtUtils-MakeMaker ---> Package perl-IO-Socket-SSL.noarch 0:1.02-1.fc8.1 set to be updated --> Processing Dependency: perl(Net::SSLeay) >= 1.21 for package: perl-IO-Socket-SSL ---> Package perl-IO-Zlib.noarch 0:1.07-1 set to be updated --> Running transaction check ---> Package perl-Digest-HMAC.noarch 0:1.01-16 set to be updated ---> Package perl-Net-SSLeay.i386 0:1.30-5.fc8.1 set to be updated --> Processing Dependency: perl = 4:5.8.8-38.fc8 for package: perl-libs ---> Package perl.i386 4:5.8.8-39.fc8 set to be updated ---> Package perl-devel.i386 4:5.8.8-39.fc8 set to be updated --> Processing Dependency: perl(ExtUtils::Embed) for package: perl-devel ---> Package perl-Test-Harness.i386 0:2.56-39.fc8 set to be updated ---> Package perl-Socket6.i386 0:0.19-4.fc8.1 set to be updated ---> Package perl-Net-IP.noarch 0:1.25-4.fc8 set to be updated --> Running transaction check ---> Package perl-libs.i386 4:5.8.8-39.fc8 set to be updated ---> Package perl-ExtUtils-Embed.i386 0:1.26-39.fc8 set to be updated --> Finished Dependency Resolution Dependencies Resolved ============================================================================= Package Arch Version Repository Size ============================================================================= Installing: spamassassin i386 3.2.4-1.fc8 updates 1.0 M Updating: perl i386 4:5.8.8-39.fc8 updates 12 M Installing for dependencies: perl-Archive-Tar noarch 1.34-1.fc8 fedora 54 k perl-Digest-HMAC noarch 1.01-16 fedora 21 k perl-Digest-SHA1 i386 2.11-4.fc8 fedora 51 k perl-ExtUtils-Embed i386 1.26-39.fc8 updates 36 k perl-ExtUtils-MakeMaker i386 6.30-39.fc8 updates 290 k perl-IO-Socket-INET6 noarch 2.51-2.fc8.1 fedora 14 k perl-IO-Socket-SSL noarch 1.02-1.fc8.1 fedora 50 k perl-IO-Zlib noarch 1.07-1 fedora 16 k perl-Net-DNS i386 0.61-1.fc8 fedora 235 k perl-Net-IP noarch 1.25-4.fc8 fedora 32 k perl-Net-SSLeay i386 1.30-5.fc8.1 fedora 196 k perl-Socket6 i386 0.19-4.fc8.1 fedora 22 k perl-Test-Harness i386 2.56-39.fc8 updates 80 k perl-devel i386 4:5.8.8-39.fc8 updates 386 k Updating for dependencies: perl-libs i386 4:5.8.8-39.fc8 updates 569 k Transaction Summary ============================================================================= Install 15 Package(s) Update 2 Package(s) Remove 0 Package(s) Total download size: 15 M Is this ok [y/N]: y ← 入力 Downloading Packages: (1/17): perl-Net-IP-1.25- 100% |=========================| 32 kB 00:00 (2/17): perl-IO-Zlib-1.07 100% |=========================| 16 kB 00:00 (3/17): perl-Socket6-0.19 100% |=========================| 22 kB 00:00 (4/17): spamassassin-3.2. 100% |=========================| 1.0 MB 00:09 (5/17): perl-Test-Harness 100% |=========================| 80 kB 00:01 (6/17): perl-IO-Socket-SS 100% |=========================| 50 kB 00:00 (7/17): perl-ExtUtils-Emb 100% |=========================| 36 kB 00:00 (8/17): perl-ExtUtils-Mak 100% |=========================| 290 kB 00:03 (9/17): perl-devel-5.8.8- 100% |=========================| 386 kB 00:06 (10/17): perl-5.8.8-39.fc 100% |=========================| 12 MB 01:22 (11/17): perl-Digest-SHA1 100% |=========================| 51 kB 00:00 (12/17): perl-libs-5.8.8- 100% |=========================| 569 kB 00:03 (13/17): perl-Net-SSLeay- 100% |=========================| 196 kB 00:00 (14/17): perl-IO-Socket-I 100% |=========================| 14 kB 00:00 (15/17): perl-Net-DNS-0.6 100% |=========================| 235 kB 00:00 (16/17): perl-Digest-HMAC 100% |=========================| 21 kB 00:00 (17/17): perl-Archive-Tar 100% |=========================| 54 kB 00:00 Running rpm_check_debug Running Transaction Test Finished Transaction Test Transaction Test Succeeded Running Transaction Updating : perl-libs ####################### [ 1/19] Updating : perl ####################### [ 2/19] Installing: perl-IO-Zlib ####################### [ 3/19] Installing: perl-Archive-Tar ####################### [ 4/19] Installing: perl-Net-IP ####################### [ 5/19] Installing: perl-Digest-SHA1 ####################### [ 6/19] Installing: perl-Net-SSLeay ####################### [ 7/19] Installing: perl-Socket6 ####################### [ 8/19] Installing: perl-IO-Socket-INET6 ####################### [ 9/19] Installing: perl-IO-Socket-SSL ####################### [10/19] Installing: perl-Digest-HMAC ####################### [11/19] Installing: perl-Net-DNS ####################### [12/19] Installing: perl-Test-Harness ####################### [13/19] Installing: perl-devel ####################### [14/19] Installing: perl-ExtUtils-MakeMaker ####################### [15/19] Installing: perl-ExtUtils-Embed ####################### [16/19] Installing: spamassassin ####################### [17/19] Cleanup : perl-libs ####################### [18/19] Cleanup : perl ####################### [19/19] Installed: spamassassin.i386 0:3.2.4-1.fc8 Dependency Installed: perl-Archive-Tar.noarch 0:1.34-1.fc8 perl-Digest-HMAC.noarch 0:1.01-16 perl-Digest- SHA1.i386 0:2.11-4.fc8 perl-ExtUtils-Embed.i386 0:1.26-39.fc8 perl-ExtUtils-MakeMaker.i386 0:6.30-39.fc8 perl-IO-Socket-INET6.noarch 0:2.51-2.fc8.1 perl-IO-Socket-SSL.noarch 0:1.02-1.fc8.1 perl-IO-Zlib.noarch 0:1.07-1 perl-Net-DNS.i386 0:0.61-1.fc8 perl-Net-IP.noarch 0:1.25-4.fc8 perl-Net-SSLeay.i386 0:1.30- 5.fc8.1 perl-Socket6.i386 0:0.19-4.fc8.1 perl-Test-Harness.i386 0:2.56-39.fc8 perl-devel.i386 4:5.8.8- 39.fc8 Updated: perl.i386 4:5.8.8-39.fc8 Dependency Updated: perl-libs.i386 4:5.8.8-39.fc8 Complete! ← Complete! と表示されればインストール完了 |
|
| ◆ | スパム定義ファイルの日本語対応化 |
|
日本語のスパムメールに対応した設定ファイルをダウンロードして組み込みます。 最初にダウンロードをします。下記のように入力します。青文字が入力文字です。 |
|
|
[root@linux]# wget http://tlec.linux.or.jp/docs/user_prefs ← 入力 -14:44:12-- http://tlec.linux.or.jp/docs/user_prefs => `user_prefs.1' tlec.linux.or.jp をDNSに問いあわせています... 210.171.226.47 tlec.linux.or.jp|210.171.226.47|:80 に接続しています... 接続しました。 HTTP による接続要求を送信しました、応答を待っています... 200 OK 長さ: 336,396 (329K) [text/plain] 100%[====================================================>] 336,396 1022.51K/s 14:44:14 (1021.16 KB/s) - `user_prefs' を保存しました [336396/336396] |
|
|
ダウンロードしたファイルを所定の場所にコピーします。 下記のように入力します。青文字が入力文字です。 |
|
|
[root@linux]# cp user_prefs /etc/mail/spamassassin/local.cf ← 入力 cp: `/etc/mail/spamassassin/local.cf' を上書きしてもよろしいですか(yes/no)? y ← 入力 |
|
|
最後にダウンロードしたファイルを削除します。 下記のように入力します。青文字が入力文字です。 |
|
|
[root@linux]# rm user_prefs ← 入力 rm: remove 通常ファイル `user_prefs'? y ← 入力 |
|
| ◆ | スパム定義ファイルの最新化 |
|
スパム定義ファイルの最新化を行うには sa-update コマンドを使います。 下記のように入力します。青文字が入力文字です。 |
|
|
[root@linux]# sa-update ← 入力 |
|
| ◆ | スパム定義ファイルの自動最新化 |
|
スパム定義ファイルの最新化を行うファイルを設定します。 下記のように入力します。青文字が入力文字です。 |
|
|
[root@linux]# vi /etc/cron.d/sa-update ← 入力 ### OPTIONAL: Spamassassin Rules Updates ### # # http://wiki.apache.org/spamassassin/RuleUpdates # Highly recommended that you read the documentation before using this. # ENABLE UPDATES AT YOUR OWN RISK. # # /var/log/sa-update.log contains a history log of sa-update runs #10 4 * * * root /usr/share/spamassassin/sa-update.cron 2>&1 | tee -a /var/log/sa-update.log ↓ 10 4 * * * root /usr/share/spamassassin/sa-update.cron 2>&1 | tee -a /var/log/sa-update.log ←コメント解除 |
|
| 上記の設定では毎日4時10分に更新するようになっています。時間を変えたい場合は自由に設定できます。 | |
| ◆ | SpamAssassin の起動 |
| 下記のように設定します。青文字が入力文字です。 | |
|
[root@linux]# /etc/rc.d/init.d/spamassassin start ← 入力 spamd を起動中: [ OK ] |
|
| 続いてPCの再起動に SpamAssassin を自動的に起動するようにします。下記のように入力します。青文字が入力文字です。 | |
|
[root@linux]# chkconfig spamassassin on ← 入力 |
|
| 自動起動設定の確認。下記のように入力し 、下記のように表示されればOKです。青文字が入力文字です。 | |
|
[root@linux]# chkconfig --list spamassassin ← 入力 amavisd 0:off 1:off 2:on 3:on 4:on 5:on 6:off |
|
| 再起動は下記のように入力します。青文字が入力文字です。 | |
|
[root@linux]# /etc/rc.d/init.d/spamassassin restart |
|
| ◆ | AMaViSdのインストール |
|
AMaViSd は Linux用のフリーの SpamAssassin ・ Clamay AntiVirus の連動ソフトです。 下記のように入力します。青文字が入力文字です。 |
|
|
[root@linux]# yum install amavisd-new ← 入力 Loading "downloadonly" plugin fedora 100% |=========================| 2.1 kB 00:00 updates 100% |=========================| 2.3 kB 00:00 Setting up Install Process Parsing package install arguments Resolving Dependencies --> Running transaction check ---> Package amavisd-new.noarch 0:2.5.2-2.fc8 set to be updated --> Processing Dependency: perl(Mail::Header) for package: amavisd-new --> Processing Dependency: perl(MIME::Parser) for package: amavisd-new --> Processing Dependency: arj for package: amavisd-new --> Processing Dependency: perl(MIME::Decoder::Base64) for package: amavisd-new --> Processing Dependency: perl(DBI) for package: amavisd-new --> Processing Dependency: perl(Mail::Field) for package: amavisd-new --> Processing Dependency: perl(MIME::Decoder::Binary) for package: amavisd-new --> Processing Dependency: perl(Authen::SASL) for package: amavisd-new --> Processing Dependency: perl(Mail::Internet) for package: amavisd-new --> Processing Dependency: perl(Net::Server) >= 0.87 for package: amavisd-new --> Processing Dependency: p7zip for package: amavisd-new --> Processing Dependency: cabextract for package: amavisd-new --> Processing Dependency: perl(MIME::Decoder::Gzip64) for package: amavisd-new --> Processing Dependency: perl(DBD::SQLite) for package: amavisd-new --> Processing Dependency: perl(Archive::Zip) for package: amavisd-new --> Processing Dependency: perl(IO::Stringy) for package: amavisd-new --> Processing Dependency: perl(Convert::TNEF) for package: amavisd-new --> Processing Dependency: altermime for package: amavisd-new --> Processing Dependency: perl(MIME::Decoder::UU) for package: amavisd-new --> Processing Dependency: perl(MIME::Decoder::NBit) for package: amavisd-new --> Processing Dependency: perl(Convert::UUlib) for package: amavisd-new --> Processing Dependency: lzop for package: amavisd-new --> Processing Dependency: perl(Net::LDAP) for package: amavisd-new --> Processing Dependency: perl(Unix::Syslog) for package: amavisd-new --> Processing Dependency: perl(BerkeleyDB) for package: amavisd-new --> Processing Dependency: perl(MIME::Body) for package: amavisd-new --> Processing Dependency: perl(MIME::Words) for package: amavisd-new --> Processing Dependency: nomarch for package: amavisd-new --> Processing Dependency: perl(MIME::Decoder::QuotedPrint) for package: amavisd-new --> Processing Dependency: perl(Razor2::Client::Version) for package: amavisd-new --> Processing Dependency: perl(MIME::Head) for package: amavisd-new --> Processing Dependency: /usr/bin/ar for package: amavisd-new --> Processing Dependency: freeze for package: amavisd-new --> Processing Dependency: perl(MIME::Entity) for package: amavisd-new --> Processing Dependency: perl(Mail::SPF) for package: amavisd-new --> Running transaction check ---> Package perl-BerkeleyDB.i386 0:0.32-1.fc8 set to be updated --> Processing Dependency: libdb-4.5.so for package: perl-BerkeleyDB ---> Package perl-Net-Server.noarch 0:0.97-1.fc8 set to be updated --> Processing Dependency: perl(IO::Multiplex) for package: perl-Net-Server ---> Package nomarch.i386 0:1.4-2.fc6 set to be updated ---> Package perl-LDAP.noarch 1:0.34-3.fc7 set to be updated --> Processing Dependency: perl(Convert::ASN1) for package: perl-LDAP --> Processing Dependency: perl(XML::SAX::Base) for package: perl-LDAP ---> Package perl-MailTools.noarch 0:1.77-2.fc8 set to be updated --> Processing Dependency: perl(Date::Format) for package: perl-MailTools --> Processing Dependency: perl(Date::Parse) for package: perl-MailTools ---> Package perl-Convert-UUlib.i386 1:1.09-2.fc8 set to be updated ---> Package perl-Unix-Syslog.i386 0:1.0-1.fc8 set to be updated ---> Package binutils.i386 0:2.17.50.0.18-1 set to be updated ---> Package perl-Mail-SPF.noarch 0:2.005-1.fc8 set to be updated --> Processing Dependency: perl(Error) for package: perl-Mail-SPF --> Processing Dependency: perl(version) for package: perl-Mail-SPF --> Processing Dependency: perl(NetAddr::IP) for package: perl-Mail-SPF ---> Package perl-Archive-Zip.noarch 0:1.20-3.fc8 set to be updated ---> Package cabextract.i386 0:1.1-7.fc8 set to be updated ---> Package perl-IO-stringy.noarch 0:2.110-6.fc8 set to be updated ---> Package freeze.i386 0:2.5.0-7.fc6 set to be updated ---> Package perl-Razor-Agent.i386 0:2.84-2.fc8 set to be updated ---> Package perl-DBI.i386 0:1.58-2.fc8 set to be updated ---> Package p7zip.i386 0:4.51-3.fc8 set to be updated ---> Package perl-MIME-tools.noarch 0:5.420-4.fc8 set to be updated --> Processing Dependency: perl(Convert::BinHex) for package: perl-MIME-tools ---> Package perl-Convert-TNEF.noarch 0:0.17-7.fc7 set to be updated ---> Package perl-Authen-SASL.noarch 0:2.10-1.fc8.1 set to be updated --> Processing Dependency: perl(GSSAPI) for package: perl-Authen-SASL ---> Package altermime.i386 0:0.3.7-2.fc6 set to be updated ---> Package lzop.i386 0:1.02-0.5.rc1.fc8 set to be updated ---> Package arj.i386 0:3.10.22-1.fc8 set to be updated ---> Package perl-DBD-SQLite.i386 0:1.14-1.fc8 set to be updated --> Running transaction check ---> Package perl-Convert-ASN1.noarch 0:0.21-2.fc8.1 set to be updated ---> Package perl-NetAddr-IP.i386 0:4.004-4.fc8 set to be updated ---> Package perl-GSSAPI.i386 0:0.24-1.fc7 set to be updated ---> Package perl-Convert-BinHex.noarch 0:1.119-6.fc8 set to be updated ---> Package perl-Error.noarch 1:0.17010-1.fc8 set to be updated ---> Package perl-XML-SAX.noarch 0:0.16-2.fc8 set to be updated --> Processing Dependency: perl(XML::LibXML) for package: perl-XML-SAX --> Processing Dependency: perl(XML::LibXML::Common) for package: perl-XML-SAX --> Processing Dependency: perl(XML::NamespaceSupport) for package: perl-XML-SAX ---> Package compat-db.i386 0:4.5.20-3.fc8 set to be updated ---> Package perl-IO-Multiplex.noarch 0:1.08-5.fc8.1 set to be updated ---> Package perl-version.i386 1:0.7203-2.fc8 set to be updated ---> Package perl-TimeDate.noarch 1:1.16-6.fc8 set to be updated --> Running transaction check ---> Package perl-XML-LibXML.i386 0:1.62001-2.fc8.3 set to be updated ---> Package perl-XML-NamespaceSupport.noarch 0:1.09-2.fc8.1 set to be updated ---> Package perl-XML-LibXML-Common.i386 0:0.13-9 set to be updated --> Finished Dependency Resolution Dependencies Resolved ============================================================================= Package Arch Version Repository Size ============================================================================= Installing: amavisd-new noarch 2.5.2-2.fc8 fedora 696 k Installing for dependencies: altermime i386 0.3.7-2.fc6 fedora 45 k arj i386 3.10.22-1.fc8 fedora 167 k binutils i386 2.17.50.0.18-1 fedora 2.8 M cabextract i386 1.1-7.fc8 fedora 48 k compat-db i386 4.5.20-3.fc8 fedora 3.1 M freeze i386 2.5.0-7.fc6 fedora 26 k lzop i386 1.02-0.5.rc1.fc8 fedora 51 k nomarch i386 1.4-2.fc6 fedora 17 k p7zip i386 4.51-3.fc8 fedor a 657 k perl-Archive-Zip noarch 1.20-3.fc8 fedora 99 k perl-Authen-SASL noarch 2.10-1.fc8.1 fedora 41 k perl-BerkeleyDB i386 0.32-1.fc8 fedora 152 k perl-Convert-ASN1 noarch 0.21-2.fc8.1 fedora 42 k perl-Convert-BinHex noarch 1.119-6.fc8 fedora 47 k perl-Convert-TNEF noarch 0.17-7.fc7 fedora 19 k perl-Convert-UUlib i386 1:1.09-2.fc8 fedora 227 k perl-DBD-SQLite i386 1.14-1.fc8 updates 51 k perl-DBI i386 1.58-2.fc8 fedora 715 k perl-Error noarch 1:0.17010-1.fc8 updates 27 k perl-GSSAPI i386 0.24-1.fc7 fedora 70 k perl-IO-Multiplex noarch 1.08-5.fc8.1 fedora 21 k perl-IO-stringy noarch 2.110-6.fc8 fedora 69 k perl-LDAP noarch 1:0.34-3.fc7 fedora 331 k perl-MIME-tools noarch 5.420-4.fc8 fedora 282 k perl-Mail-SPF noarch 2.005-1.fc8 fedora 134 k perl-MailTools noarch 1.77-2.fc8 fedora 89 k perl-Net-Server noarch 0.97-1.fc8 fedora 153 k perl-NetAddr-IP i386 4.004-4.fc8 fedora 101 k perl-Razor-Agent i386 2.84-2.fc8 fedora 121 k perl-TimeDate noarch 1:1.16-6.fc8 fedora 33 k perl-Unix-Syslog i386 1.0-1.fc8 fedora 30 k perl-XML-LibXML i386 1.62001-2.fc8.3 fedora 316 k perl-XML-LibXML-Common i386 0.13-9 fedora 16 k perl-XML-NamespaceSupport noarch 1.09-2.fc8.1 fedora 16 k perl-XML-SAX noarch 0.16-2.fc8 fedora 77 k perl-version i386 1:0.7203-2.fc8 fedora 48 k Transaction Summary ============================================================================= Install 37 Package(s) Update 0 Package(s) Remove 0 Package(s) Total download size: 11 M Is this ok [y/N]: y ← 入力 Downloading Packages: (1/37): perl-TimeDate-1.1 100% |=========================| 33 kB 00:00 (2/37): perl-version-0.72 100% |=========================| 48 kB 00:00 (3/37): perl-DBD-SQLite-1 100% |=========================| 51 kB 00:00 (4/37): perl-XML-LibXML-C 100% |=========================| 16 kB 00:00 (5/37): arj-3.10.22-1.fc8 100% |=========================| 167 kB 00:00 (6/37): perl-IO-Multiplex 100% |=========================| 21 kB 00:00 (7/37): amavisd-new-2.5.2 100% |=========================| 696 kB 00:00 (8/37): lzop-1.02-0.5.rc1 100% |=========================| 51 kB 00:00 (9/37): perl-XML-Namespac 100% |=========================| 16 kB 00:00 (10/37): altermime-0.3.7- 100% |=========================| 45 kB 00:00 (11/37): perl-Authen-SASL 100% |=========================| 41 kB 00:00 (12/37): perl-Convert-TNE 100% |=========================| 19 kB 00:00 (13/37): perl-MIME-tools- 100% |=========================| 282 kB 00:00 (14/37): p7zip-4.51-3.fc8 100% |=========================| 657 kB 00:00 (15/37): compat-db-4.5.20 100% |=========================| 3.1 MB 00:03 (16/37): perl-DBI-1.58-2. 100% |=========================| 715 kB 00:00 (17/37): perl-Razor-Agent 100% |=========================| 121 kB 00:00 (18/37): freeze-2.5.0-7.f 100% |=========================| 26 kB 00:00 (19/37): perl-IO-stringy- 100% |=========================| 69 kB 00:00 (20/37): cabextract-1.1-7 100% |=========================| 48 kB 00:00 (21/37): perl-Archive-Zip 100% |=========================| 99 kB 00:00 (22/37): perl-Mail-SPF-2. 100% |=========================| 134 kB 00:00 (23/37): binutils-2.17.50 100% |=========================| 2.8 MB 00:03 (24/37): perl-Unix-Syslog 100% |=========================| 30 kB 00:00 (25/37): perl-Convert-UUl 100% |=========================| 227 kB 00:00 (26/37): perl-XML-SAX-0.1 100% |=========================| 77 kB 00:00 (27/37): perl-MailTools-1 100% |=========================| 89 kB 00:00 (28/37): perl-Error-0.170 100% |=========================| 27 kB 00:00 (29/37): perl-Convert-Bin 100% |=========================| 47 kB 00:00 (30/37): perl-GSSAPI-0.24 100% |=========================| 70 kB 00:00 (31/37): perl-LDAP-0.34-3 100% |=========================| 331 kB 00:00 (32/37): perl-XML-LibXML- 100% |=========================| 316 kB 00:00 (33/37): perl-NetAddr-IP- 100% |=========================| 101 kB 00:00 (34/37): nomarch-1.4-2.fc 100% |=========================| 17 kB 00:00 (35/37): perl-Net-Server- 100% |=========================| 153 kB 00:00 (36/37): perl-Convert-ASN 100% |=========================| 42 kB 00:00 (37/37): perl-BerkeleyDB- 100% |=========================| 152 kB 00:00 Running rpm_check_debug Running Transaction Test Finished Transaction Test Transaction Test Succeeded Running Transaction Installing: perl-IO-stringy ####################### [ 1/37] Installing: perl-XML-NamespaceSupport ####################### [ 2/37] Installing: perl-TimeDate ####################### [ 3/37] Installing: perl-MailTools ####################### [ 4/37] Installing: perl-IO-Multiplex ####################### [ 5/37] Installing: perl-Net-Server ####################### [ 6/37] Installing: perl-Archive-Zip ####################### [ 7/37] Installing: perl-Error ####################### [ 8/37] Installing: perl-Convert-BinHex ####################### [ 9/37] Installing: perl-MIME-tools ####################### [10/37] Installing: perl-Convert-TNEF ####################### [11/37] Installing: perl-Convert-ASN1 ####################### [12/37] Installing: perl-XML-LibXML-Common ####################### [13/37] Installing: perl-DBI ####################### [14/37] Installing: perl-DBD-SQLite ####################### [15/37] Installing: perl-version ####################### [16/37] Installing: arj ####################### [17/37] Installing: lzop ####################### [18/37] Installing: altermime ####################### [19/37] Installing: p7zip ####################### [20/37] Installing: compat-db ####################### [21/37] Installing: perl-BerkeleyDB ####################### [22/37] Installing: perl-Razor-Agent ####################### [23/37] Installing: freeze ####################### [24/37] Installing: cabextract ####################### [25/37] Installing: binutils ####################### [26/37] Installing: perl-Unix-Syslog ####################### [27/37] Installing: perl-Convert-UUlib ####################### [28/37] Installing: perl-GSSAPI ####################### [29/37] Installing: perl-NetAddr-IP ####################### [30/37] Installing: nomarch ####################### [31/37] Installing: perl-Mail-SPF ####################### [32/37] Installing: perl-Authen-SASL ####################### [33/37] Installing: perl-XML-LibXML ####################### [34/37] Installing: perl-XML-SAX ####################### [35/37] Installing: perl-LDAP ####################### [36/37] Installing: amavisd-new ####################### [37/37] Installed: amavisd-new.noarch 0:2.5.2-2.fc8 Dependency Installed: altermime.i386 0:0.3.7-2.fc6 arj.i386 0:3.10.22-1.fc8 binutils.i386 0:2.17.50.0.18-1 cabextract.i386 0:1.1-7.fc8 compat-db.i386 0:4.5.20-3.fc8 freeze.i386 0:2.5.0-7.fc6 lzop.i386 0:1.02- 0.5.rc1.fc8 nomarch.i386 0:1.4-2.fc6 p7zip.i386 0:4.51-3.fc8 perl-Archive-Zip.noarch 0:1.20-3.fc8 perl- Authen-SASL.noarch 0:2.10-1.fc8.1 perl-BerkeleyDB.i386 0:0.32-1.fc8 perl-Convert-ASN1.noarch 0:0.21- 2.fc8.1 perl-Convert-BinHex.noarch 0:1.119-6.fc8 perl-Convert-TNEF.noarch 0:0.17-7.fc7 perl-Convert- UUlib.i386 1:1.09-2.fc8 perl-DBD-SQLite.i386 0:1.14-1.fc8 perl-DBI.i386 0:1.58-2.fc8 perl-Error.noarch 1:0.17010-1.fc8 perl-GSSAPI.i386 0:0.24-1.fc7 perl-IO-Multiplex.noarch 0:1.08-5.fc8.1 perl-IO- stringy.noarch 0:2.110-6.fc8 perl-LDAP.noarch 1:0.34-3.fc7 perl-MIME-tools.noarch 0:5.420-4.fc8 perl- Mail-SPF.noarch 0:2.005-1.fc8 perl- MailTools.noarch 0:1.77-2.fc8 perl-Net-Server.noarch 0:0.97-1.fc8 p perl-NetAddr-IP.i386 0:4.004-4.fc8 perl- Razor-Agent.i386 0:2.84-2.fc8 perl-TimeDate.noarch 1:1.16-6.fc8 perl-Unix-Syslog.i386 0:1.0-1.fc8 perl-XML- LibXML.i386 0:1.62001-2.fc8.3 perl-XML-LibXML-Common.i386 0:0.13-9 perl-XML-NamespaceSupport.noarch 0:1.09- 2.fc8.1 perl-XML-SAX.noarch 0:0.16-2.fc8 perl- version.i386 1:0.7203-2.fc8 Complete! ← Complete! と表示されればインストール完了 |
|
| ◆ | AMaViSdの設定 |
|
/etc/amavisd/amavisd.conf
を設定します。 下記のように設定します。下記のように緑色の部分を黄色に変更(書き換え・削除)して下さい。赤文字は説明です。青文字が入力文字です。 |
|
|
[root@linux]# vi /etc/amavisd/amavisd.conf ← 入力 use strict; # a minimalistic configuration file for amavisd-new with all necessary settings # # see amavisd.conf-default for a list of all variables with their defaults; # see amavisd.conf-sample for a traditional-style commented file; # for more details see documentation in INSTALL, README_FILES/* # and at http://www.ijs.si/software/amavisd/amavisd-new-docs.html # COMMONLY ADJUSTED SETTINGS: # @bypass_virus_checks_maps = (1); # uncomment to DISABLE anti-virus code # @bypass_spam_checks_maps = (1); # uncomment to DISABLE anti-spam code $max_servers = 2; # num of pre-forked children (2..15 is common), -m $daemon_user = 'amavis'; # (no default; customary: vscan or amavis), -u $daemon_group = 'amavis'; # (no default; customary: vscan or amavis), -g $mydomain = 'example.com'; # a convenient default for other settings ↓ $mydomain = '******.com'; ← ドメイン名の指定 $MYHOME = '/var/spool/amavisd'; # a convenient default for other settings, -H $TEMPBASE = "$MYHOME/tmp"; # working directory, needs to exist, -T $ENV{TMPDIR} = $TEMPBASE; # environment variable TMPDIR $QUARANTINEDIR = undef; # -Q # $quarantine_subdir_levels = 1; # add level of subdirs to disperse quarantine # $daemon_chroot_dir = $MYHOME; # chroot directory or undef, -R# $db_home = "$MYHOME/db"; # # dir for bdb nanny/cache/snmp databases, -D # $helpers_home = "$MYHOME/var"; # working directory for SpamAssassin, -S $lock_file = "/var/run/amavisd/amavisd.lock"; # -L $ id_file = "/var/run/amavisd/amavisd.pid"; # -P #NOTE: create directories $MYHOME/tmp, $MYHOME/var, $MYHOME/db manually @local_domains_maps = ( [".$mydomain"] ); # @mynetworks = qw( 127.0.0.0/8 [::1] [FE80::]/10 [FEC0::]/10 # 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 ); $log_level = 0; # verbosity 0..5, -d $log_recip_templ = undef; # disable by-recipient level-0 log entries $DO_SYSLOG = 1; # log via syslogd (preferred) $syslog_facility = 'mail'; # Syslog facility as a string # e.g.: mail, daemon, user, local0, ... local7 $syslog_priority = 'debug'; # Syslog base (minimal) priority as a string, # choose from: emerg, alert, crit, err, warning, notice, info, debug $enable_db = 1; # enable use of BerkeleyDB/libdb (SNMP and nanny) $enable_global_cache = 1; # enable use of libdb-based cache if $enable_db=1 $inet_socket_port = 10024; # listen on this local TCP port(s) (see $protocol) $unix_socketname = "$MYHOME/amavisd.sock"; # amavisd-release or amavis-milter # option(s) -p overrides $inet_socket_port and $unix_socketname $interface_policy{'SOCK'}='AM.PDP-SOCK'; # only relevant with $unix_socketname # Use with amavis-release over a socket or with Petr Rehor's amavis-milter.c # (with amavis-milter.c from this package or old amavis.c client use 'AM.CL'): $policy_bank{'AM.PDP-SOCK'} = { protocol=>'AM.PDP' }; $sa_tag_level_deflt = 2.0; # add spam info headers if at, or above that level $sa_tag2_level_deflt = 6.31; # add 'spam detected' headers at that level $sa_kill_level_deflt = 6.31; # triggers spam evasive actions $sa_dsn_cutoff_level = 10; # spam level beyond which a DSN is not sent # $sa_quarantine_cutoff_level = 20; # spam level beyond which quarantine is off # $penpals_bonus_score = 5; # (no effect without a @storage_sql_dsn database) # $penpals_threshold_high = $sa_kill_level_deflt; # don't waste time on hi spam $sa_mail_body_size_limit = 400*1024; # don't waste time on SA if mail is larger $sa_local_tests_only = 0; # only tests which do not require internet access? # @lookup_sql_dsn = # ( ['DBI:mysql:database=mail;host=127.0.0.1;port=3306', 'user1', 'passwd1'], # ['DBI:mysql:database=mail;host=host2', 'username2', 'password2'], # ["DBI:SQLite:dbname=$MYHOME/sql/mail_prefs.sqlite", '', ''] ); # @storage_sql_dsn = @lookup_sql_dsn; # none, same, or separate database # $timestamp_fmt_mysql = 1; # if using MySQL *and* msgs.time_iso is TIMESTAMP; # defaults to 0, which is good for non-MySQL or if msgs.time_iso is CHAR(16) $virus_admin = undef; # notifications recip. $mailfrom_notify_admin = undef; # notifications sender $mailfrom_notify_recip = undef; # notifications sender $mailfrom_notify_spamadmin = undef; # notifications sender $mailfrom_to_quarantine = ''; # null return path; uses original sender if undef @addr_extension_virus_maps = ('virus'); @addr_extension_banned_maps = ('banned')); @addr_extension_spam_maps = ('spam'); @addr_extension_bad_header_maps = ('badh'); # $recipient_delimiter = '+'; # undef disables address extensions altogether # when enabling addr extensions do also Postfix/main.cf: recipient_delimiter=+ $path = '/usr/local/sbin:/usr/local/bin:/usr/sbin:/sbin:/usr/bin:/bin'; # $dspam = 'dspam'; $MAXLEVELS = 14; $MAXFILES = 1500; $MIN_EXPANSION_QUOTA = 100*1024; # bytes (default undef, not enforced) $MAX_EXPANSION_QUOTA = 300*1024*1024; # bytes (default undef, not enforced) $sa_spam_subject_tag = '***SPAM*** '; $defang_virus = 1; # MIME-wrap passed infected mail $defang_banned = 1; # MIME-wrap passed mail containing banned name # for defanging bad headers only turn on certain minor contents categories: $defang_by_ccat{+CC_BADH.",3"} = 1; # NUL or CR character in header $defang_by_ccat{+CC_BADH.",5"} = 1; # header line longer than 998 characters $defang_by_ccat{+CC_BADH.",6"} = 1; # header field syntax error # OTHER MORE COMMON SETTINGS (defaults may suffice): # $myhostname = 'host.example.com'; # must be a fully-qualified domain name! # $notify_method = 'smtp:[127.0.0.1]:10025'; # $forward_method = 'smtp:[127.0.0.1]:10025'; # set to undef with milter! $final_virus_destiny = D_DISCARD; $final_banned_destiny = D_BOUNCE; $final_spam_destiny = D_DISCARD; $final_bad_header_destiny = D_BOUNCE; # $os_fingerprint_method = 'p0f:127.0.0.1:2345'; # to query p0f-analyzer.pl ## hierarchy by which a final setting is chosen: ## policy bank (based on port or IP address) -> *_by_ccat ## *_by_ccat (based on mail contents) -> *_maps ## *_maps (based on recipient address) -> final configuration value # SOME OTHER VARIABLES WORTH CONSIDERING (see amavisd.conf-default for all) # $warnbadhsender, # $warnvirusrecip, $warnbannedrecip, $warnbadhrecip, (or @warn*recip_maps) # # @bypass_virus_checks_maps, @bypass_spam_checks_maps, # @bypass_banned_checks_maps, @bypass_header_checks_maps, # # @virus_lovers_maps, @spam_lovers_maps, # @banned_files_lovers_maps, @bad_header_lovers_maps, # # @blacklist_sender_maps, @score_sender_maps, # # $clean_quarantine_method, $virus_quarantine_to, $banned_quarantine_to, # $bad_header_quarantine_to, $spam_quarantine_to, # # $defang_bad_header, $defang_undecipherable, $defang_spam # REMAINING IMPORTANT VARIABLES ARE LISTED HERE BECAUSE OF LONGER ASSIGNMENTS @keep_decoded_original_maps = (new_RE( # qr'^MAIL$', # retain full original message for virus checking (can be slow) qr'^MAIL-UNDECIPHERABLE$', # recheck full mail if it contains undecipherables qr'^(ASCII(?! cpio)|text|uuencoded|xxencoded|binhex)'i, # qr'^Zip archive data', # don't trust Archive::Zip )); # for $banned_namepath_re (a new-style of banned table) see amavisd.conf-sample $banned_filename_re = new_RE( ### BLOCKED ANYWHERE # qr'^UNDECIPHERABLE$', # is or contains any undecipherable components qr'^\.(exe-ms|dll)$', # banned file(1) types, rudimentary # qr'^\.(exe|lha|tnef|cab|dll)$', # banned file(1) types # # BLOCK THE FOLLOWING, EXCEPT WITHIN UNIX ARHIVES: # [ qr'^\.(gz|bz2)$' => 0 ], # allow any in gzip or bzip2 [ qr'^\.(rpm|cpio|tar)$' => 0 ], # allow any in Unix-type archives qr'.\.(pif|scr)$'i, # banned extensions - rudimentary # qr'^\.zip$', # block zip type ### BLOCK THE FOLLOWING, EXCEPT WITHIN ARHIVES: # [ qr'^\.(zip|rar|arc|arj|zoo)$'=> 0 ], # allow any within these archives qr'^application/x-msdownload$'i, # block these MIME types qr'^application/x-msdos-program$'i, qr'^application/hta$'i, # qr'^message/partial$'i, # rfc2046 MIME type # qr'^message/external-body$'i, # rfc2046 MIME type # qr'^(application/x-msmetafile|image/x-wmf)$'i, # Windows Metafile MIME type # qr'^\.wmf$', # Windows Metafile file(1) type # block certain double extensions in filenames qr'\.[^./]*[A-Za-z][^./]*\.\s*(exe|vbs|pif|scr|bat|cmd|com|cpl|dll)[.\s]*$'i, # qr'\{[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12}\}?'i, # Class ID CLSID, strict # qr'\{[0-9a-z]{4,}(-[0-9a-z]{4,}){0,7}\}?'i, # Class ID extension CLSID, loose qr'.\.(exe|vbs|pif|scr|cpl)$'i, # banned extension - basic # qr'.\.(exe|vbs|pif|scr|cpl|bat|cmd|com)$'i, # banned extension - basic+cmd # qr'.\.(ade|adp|app|bas|bat|chm|cmd|com|cpl|crt|emf|exe|fxp|grp|hlp|hta| # inf|ins|isp|js|jse|lnk|mda|mdb|mde|mdw|mdt|mdz|msc|msi|msp|mst| # ops|pcd|pif|prg|reg|scr|sct|shb|shs|vb|vbe|vbs| # wmf|wsc|wsf|wsh)$'ix, # banned ext - long # qr'.\.(mim|b64|bhx|hqx|xxe|uu|uue)$'i, # banned extension - WinZip vulnerab. ); # See http://support.microsoft.com/default.aspx?scid=kb;EN-US;q262631 # and http://www.cknow.com/vtutor/vtextensions.htm # ENVELOPE SENDER SOFT-WHITELISTING / SOFT-BLACKLISTING @score_sender_maps = ({ # a by-recipient hash lookup table, # results from all matching recipient tables are summed # ## per-recipient personal tables (NOTE: positive: black, negative: white) # 'user1@example.com' => [{'bla-mobile.press@example.com' => 10.0}], # 'user3@example.com' => [{'.ebay.com' => -3.0}], # 'user4@example.com' => [{'cleargreen@cleargreen.com' => -7.0, # '.cleargreen.com' => -5.0}], ## site-wide opinions about senders (the '.' matches any recipient) '.' => [ # the _first_ matching sender determines the score boost new_RE( # regexp-type lookup table, just happens to be all soft-blacklist [qr'^(bulkmail|offers|cheapbenefits|earnmoney|foryou)@'i => 5.0], [qr'^(greatcasino|investments|lose_weight_today|market\.alert)@'i=> 5.0], [qr'^(money2you|MyGreenCard|new\.tld\.registry|opt-out|opt-in)@'i=> 5.0], [qr'^(optin|saveonlsmoking2002k|specialoffer|specialoffers)@'i => 5.0], [qr'^(stockalert|stopsnoring|wantsome|workathome|yesitsfree)@'i => 5.0], [qr'^(your_friend|greatoffers)@'i => 5.0], [qr'^(inkjetplanet|marketopt|MakeMoney)\d*@'i => 5.0], ), # read_hash("/var/amavis/sender_scores_sitewide"), { # a hash-type lookup table (associative array) 'nobody@cert.org' => -3.0, 'cert-advisory@us-cert.gov' => -3.0, 'owner-alert@iss.net' => -3.0, 'slashdot@slashdot.org' => -3.0, 'securityfocus.com' => -3.0, 'ntbugtraq@listserv.ntbugtraq.com' => -3.0, 'security-alerts@linuxsecurity.com' => -3.0, 'mailman-announce-admin@python.org' => -3.0, 'amavis-user-admin@lists.sourceforge.net'=> -3.0, 'amavis-user-bounces@lists.sourceforge.net' => -3.0, 'spamassassin.apache.org' => -3.0, 'notification-return@lists.sophos.com' => -3.0, 'owner-postfix-users@postfix.org' => -3.0, 'owner-postfix-announce@postfix.org' => -3.0, 'owner-sendmail-announce@lists.sendmail.org' => -3.0, 'sendmail-announce-request@lists.sendmail.org' => -3.0, 'donotreply@sendmail.org' => -3.0, 'ca+envelope@sendmail.org' => -3.0, 'noreply@freshmeat.net' => -3.0, 'owner-technews@postel.acm.org' => -3.0, 'ietf-123-owner@loki.ietf.org' => -3.0, 'cvs-commits-list-admin@gnome.org' => -3.0, 'rt-users-admin@lists.fsck.com' => -3.0, 'clp-request@comp.nus.edu.sg' => -3.0, 'surveys-errors@lists.nua.ie' => -3.0, 'emailnews@genomeweb.com' => -5.0, 'yahoo-dev-null@yahoo-inc.com' => -3.0, 'returns.groups.yahoo.com' => -3.0, 'clusternews@linuxnetworx.com' => -3.0, lc('lvs-users-admin@LinuxVirtualServer.org') => -3.0, lc('owner-textbreakingnews@CNNIMAIL12.CNN.COM') => -5.0, # soft-blacklisting (positive score) 'sender@example.net' => 3.0, '.example.net' => 1.0, }, ], # end of site-wide tables }); @decoders = ( ['mail', \&do_mime_decode], ['asc', \&do_ascii], ['uue', \&do_ascii], ['hqx', \&do_ascii], ['ync', \&do_ascii], ['F', \&do_uncompress, ['unfreeze','freeze -d','melt','fcat'] ], ['Z', \&do_uncompress, ['uncompress','gzip -d','zcat'] ], ['gz', \&do_uncompress, 'gzip -d'], ['gz', \&do_gunzip], ['bz2', \&do_uncompress, 'bzip2 -d'], ['lzo', \&do_uncompress, 'lzop -d'], ['rpm', \&do_uncompress, ['rpm2cpio.pl','rpm2cpio'] ], ['cpio', \&do_pax_cpio, ['pax','gcpio','cpio'] ], ['tar', \&do_pax_cpio, ['pax','gcpio','cpio'] ], ['tar', \&do_tar], ['deb', \&do_ar, 'ar'], # ['a', \&do_ar, 'ar'], # unpacking .a seems an overkill ['zip', \&do_unzip], ['deb', \&do_ar, 'ar'], # ['a', \&do_ar, 'ar'], # unpacking .a seems an overkill ['zip', \&do_unzip], ['rar', \&do_unrar, ['rar','unrar'] ], ['arj', \&do_unarj, ['arj','unarj'] ], ['arc', \&do_arc, ['nomarch','arc'] ], ['zoo', \&do_zoo, ['zoo','unzoo'] ], ['lha', \&do_lha, 'lha'], # ['doc', \&do_ole, 'ripole'], ['cab', \&do_cabextract, 'cabextract'], ['tnef', \&do_tnef_ext, 'tnef'], ['tnef', \&do_tnef], # ['sit', \&do_unstuff, 'unstuff'], # broken/unsafe decoder ['exe', \&do_executable, ['rar','unrar'], 'lha', ['arj','unarj'] ], ); @av_scanners = ( # ### http://www.vanja.com/tools/sophie/ # ['Sophie', # \&ask_daemon, ["{}/\n", '/var/run/sophie'], # qr/(?x)^ 0+ ( : | [\000\r\n]* $)/, qr/(?x)^ 1 ( : | [\000\r\n]* $)/, # qr/(?x)^ [-+]? \d+ : (.*?) [\000\r\n]* $/ ], # ### http://www.csupomona.edu/~henson/www/projects/SAVI-Perl/ # ['Sophos SAVI', \&sophos_savi ], # ### http://www.clamav.net/ ['ClamAV-clamd', \&ask_daemon, ["CONTSCAN {}\n", "/var/spool/amavisd/clamd.sock"], qr/\bOK$/, qr/\bFOUND$/, qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ], # # NOTE: run clamd under the same user as amavisd, or run it under its own # # uid such as clamav, add user clamav to the amavis group, and then add # # AllowSupplementaryGroups to clamd.conf; # # NOTE: match socket name (LocalSocket) in clamav.conf to the socket name in # # this entry; when running chrooted one may prefer socket "$MYHOME/clamd". # ### http://www.clamav.net/ and CPAN (memory-hungry! clamd is preferred) # ['Mail::ClamAV', \&ask_clamav, "*", [0], [1], qr/^INFECTED: (.+)/], # ### http://www.openantivirus.org/ # ['OpenAntiVirus ScannerDaemon (OAV)', # \&ask_daemon, ["SCAN {}\n", '127.0.0.1:8127'], # qr/^OK/, qr/^FOUND: /, qr/^FOUND: (.+)/ ], # ### http://www.vanja.com/tools/trophie/ # ['Trophie', # \&ask_daemon, ["{}/\n", '/var/run/trophie'], # qr/(?x)^ 0+ ( : | [\000\r\n]* $)/, qr/(?x)^ 1 ( : | [\000\r\n]* $)/, # qr/(?x)^ [-+]? \d+ : (.*?) [\000\r\n]* $/ ], # ### http://www.grisoft.com/ # ['AVG Anti-Virus', # \&ask_daemon, ["SCAN {}\n", '127.0.0.1:55555'], # qr/^200/, qr/^403/, qr/^403 .*?: ([^\r\n]+)/ ], # ### http://www.f-prot.com/ # ['FRISK F-Prot Daemon', # \&ask_daemon, # ["GET {}/*?-dumb%20-archive%20-packed HTTP/1.0\r\n\r\n", # ['127.0.0.1:10200','127.0.0.1:10201','127.0.0.1:10202', # '127.0.0.1:10203','127.0.0.1:10204'] ], # qr/(?i)<summary[^>]*>clean<\/summary>/, # qr/(?i)<summary[^>]*>infected<\/summary>/, # qr/(?i)<name>(.+)<\/name>/ ], # ### http://www.sald.com/, http://www.dials.ru/english/, http://www.drweb.ru/ # ['DrWebD', \&ask_daemon, # DrWebD 4.31 or later # [pack('N',1). # DRWEBD_SCAN_CMD # pack('N',0x00280001). # DONT_CHANGEMAIL, IS_MAIL, RETURN_VIRUSES # pack('N', # path length # length("$TEMPBASE/amavis-yyyymmddTHHMMSS-xxxxx/parts/pxxx")). # '{}/*'. # path # pack('N',0). # content size # pack('N',0), # '/var/drweb/run/drwebd.sock', # # '/var/amavis/var/run/drwebd.sock', # suitable for chroot # # '/usr/local/drweb/run/drwebd.sock', # FreeBSD drweb ports default # # '127.0.0.1:3000', # or over an inet socket # ], # qr/\A\x00[\x10\x11][\x00\x10]\x00/s, # IS_CLEAN,EVAL_KEY; SKIPPED # qr/\A\x00[\x00\x01][\x00\x10][\x20\x40\x80]/s, # KNOWN_V,UNKNOWN_V,V._MODIF # qr/\A.{12}(?:infected with )?([^\x00]+)\x00/s, # ], # # NOTE: If using amavis-milter, change length to: # # length("$TEMPBASE/amavis-milter-xxxxxxxxxxxxxx/parts/pxxx"). ### http://www.kaspersky.com/ (kav4mailservers) ['KasperskyLab AVP - aveclient', ['/usr/local/kav/bin/aveclient','/usr/local/share/kav/bin/aveclient', '/opt/kav/5.5/kav4mailservers/bin/aveclient','aveclient'], '-p /var/run/aveserver -s {}/*', [0,3,6,8], qr/\b(INFECTED|SUSPICION|SUSPICIOUS)\b/, qr/(?:INFECTED|WARNING|SUSPICION|SUSPICIOUS) (.+)/, ], # NOTE: one may prefer [0],[2,3,4,5], depending on how suspicious, # currupted or protected archives are to be handled ### http://www.kaspersky.com/ ['KasperskyLab AntiViral Toolkit Pro (AVP)', ['avp'], '-* -P -B -Y -O- {}', [0,3,6,8], [2,4], # any use for -A -K ? qr/infected: (.+)/, sub {chdir('/opt/AVP') or die "Can't chdir to AVP: $!"}, sub {chdir($TEMPBASE) or die "Can't chdir back to $TEMPBASE $!"}, ], ### The kavdaemon and AVPDaemonClient have been removed from Kasperky ### products and replaced by aveserver and aveclient ['KasperskyLab AVPDaemonClient', [ '/opt/AVP/kavdaemon', 'kavdaemon', '/opt/AVP/AvpDaemonClient', 'AvpDaemonClient', '/opt/AVP/AvpTeamDream', 'AvpTeamDream', '/opt/AVP/avpdc', 'avpdc' ], "-f=$TEMPBASE {}", [0,8], [3,4,5,6], qr/infected: ([^\r\n]+)/ ], # change the startup-script in /etc/init.d/kavd to: # DPARMS="-* -Y -dl -f=/var/amavis /var/amavis" # (or perhaps: DPARMS="-I0 -Y -* /var/amavis" ) # adjusting /var/amavis above to match your $TEMPBASE. # The '-f=/var/amavis' is needed if not running it as root, so it # can find, read, and write its pid file, etc., see 'man kavdaemon'. # defUnix.prf: there must be an entry "*/var/amavis" (or whatever # directory $TEMPBASE specifies) in the 'Names=' section. # cd /opt/AVP/DaemonClients; configure; cd Sample; make # cp AvpDaemonClient /opt/AVP/ # su - vscan -c "${PREFIX}/kavdaemon ${DPARMS}" ### http://www.centralcommand.com/ ['CentralCommand Vexira (new) vascan', ['vascan','/usr/lib/Vexira/vascan'], "-a s --timeout=60 --temp=$TEMPBASE -y $QUARANTINEDIR ". "--vdb=/usr/lib/Vexira/vexira8.vdb --log=/var/log/vascan.log {}", [0,3], [1,2,5], qr/(?x)^\s* (?:virus|iworm|macro|mutant|sequence|trojan)\ found:\ ( [^\]\s']+ )\ \.\.\.\ / ], # Adjust the path of the binary and the virus database as needed. # 'vascan' does not allow to have the temp directory to be the same as # the quarantine directory, and the quarantine option can not be disabled. # If $QUARANTINEDIR is not used, then another directory must be specified # to appease 'vascan'. Move status 3 to the second list if password # protected files are to be considered infected. ### http://www.avira.com/ ### Avira AntiVir (formerly H+BEDV) or (old) CentralCommand Vexira Antivirus ['Avira AntiVir', ['antivir','vexira'], '--allfiles -noboot -nombr -rs -s -z {}', [0], qr/ALERT:|VIRUS:/, qr/(?x)^\s* (?: ALERT: \s* (?: \[ | [^']* ' ) | (?i) VIRUS:\ .*?\ virus\ '?) ( [^\]\s']+ )/ ], # NOTE: if you only have a demo version, remove -z and add 214, as in: # '--allfiles -noboot -nombr -rs -s {}', [0,214], qr/ALERT:|VIRUS:/, ### http://www.commandsoftware.com/ ['Command AntiVirus for Linux', 'csav', '-all -archive -packed {}', [50], [51,52,53], qr/Infection: (.+)/ ], ### http://www.symantec.com/ ['Symantec CarrierScan via Symantec CommandLineScanner', 'cscmdline', '-a scan -i 1 -v -s 127.0.0.1:7777 {}', qr/^Files Infected:\s+0$/, qr/^Infected\b/, qr/^(?:Info|Virus Name):\s+(.+)/ ], ### http://www.symantec.com/ ['Symantec AntiVirus Scan Engine', 'savsecls', '-server 127.0.0.1:7777 -mode scanrepair -details -verbose {}', [0], qr/^Infected\b/, qr/^(?:Info|Virus Name):\s+(.+)/ ], # NOTE: check options and patterns to see which entry better applies ### http://www.f-secure.com/products/anti-virus/ version 4.65 ['F-Secure Antivirus for Linux servers', ['/opt/f-secure/fsav/bin/fsav', 'fsav'], '--delete=no --disinf=no --rename=no --archive=yes --auto=yes '. '--dumb=yes --list=no --mime=yes {}', [0], [3,6,8], qr/(?:infection|Infected|Suspected): (.+)/ ], # ### http://www.avast.com/ # ['avast! Antivirus daemon', # \&ask_daemon, # greets with 220, terminate with QUIT # ["SCAN {}\015\012QUIT\015\012", '/var/run/avast4/mailscanner.sock'], # qr/\t\[\+\]/, qr/\t\[L\]\t/, qr/\t\[L\]\t([^[ \t\015\012]+)/ ], # ### http://www.avast.com/ # ['avast! Antivirus - Client/Server Version', 'avastlite', # '-a /var/run/avast4/mailscanner.sock -n {}', [0], [1], # qr/\t\[L\]\t([^[ \t\015\012]+)/ ], ['CAI InoculateIT', 'inocucmd', # retired product '-sec -nex {}', [0], [100], qr/was infected by virus (.+)/ ], # see: http://www.flatmtn.com/computer/Linux-Antivirus_CAI.html ### http://www3.ca.com/Solutions/Product.asp?ID=156 (ex InoculateIT) ['CAI eTrust Antivirus', 'etrust-wrapper', '-arc -nex -spm h {}', [0], [101], qr/is infected by virus: (.+)/ ], # NOTE: requires suid wrapper around inocmd32; consider flag: -mod reviewer # see http://marc.theaimsgroup.com/?l=amavis-user&m=109229779912783 ### http://mks.com.pl/english.html ['MkS_Vir for Linux (beta)', ['mks32','mks'], '-s {}/*', [0], [1,2], qr/--[ \t]*(.+)/ ], ### http://mks.com.pl/english.html ['MkS_Vir daemon', 'mksscan', '-s -q {}', [0], [1..7], qr/^... (\S+)/ ], ### http://www.nod32.com/, version v2.52 and above ['ESET NOD32 for Linux Mail servers', ['/opt/eset/nod32/bin/nod32cli', 'nod32cli'], '--subdir --files -z --sfx --rtp --adware --unsafe --pattern --heur '. '-w -a --action-on-infected=accept --action-on-uncleanable=accept '. '--action-on-notscanned=accept {}', [0,3], [1,2], qr/virus="([^"]+)"/ ], ## http://www.nod32.com/, NOD32LFS version 2.5 and above ['ESET NOD32 for Linux File servers', ['/opt/eset/nod32/sbin/nod32','nod32'], '--files -z --mail --sfx --rtp --adware --unsafe --pattern --heur '. '-w -a --action=1 -b {}', [0], [1,10], qr/^object=.*, virus="(.*?)",/ ], # Experimental, based on posting from Rado Dibarbora (Dibo) on 2002-05-31 # ['ESET Software NOD32 Client/Server (NOD32SS)', # \&ask_daemon2, # greets with 200, persistent, terminate with QUIT # ["SCAN {}/*\r\n", '127.0.0.1:8448' ], # qr/^200 File OK/, qr/^201 /, qr/^201 (.+)/ ], ### http://www.norman.com/products_nvc.shtml ['Norman Virus Control v5 / Linux', 'nvcc', '-c -l:0 -s -u -temp:$TEMPBASE {}', [0,10,11], [1,2,14], qr/(?i).* virus in .* -> \'(.+)\'/ ], ### http://www.pandasoftware.com/ ['Panda CommandLineSecure 9 for Linux', ['/opt/pavcl/usr/bin/pavcl','pavcl'], -auto -aex -heu -cmp -nbr -nor -nos -eng -nob {}', qr/Number of files infected[ .]*: 0+(?!\d)/, qr/Number of files infected[ .]*: 0*[1-9]/, qr/Found virus :\s*(\S+)/ ], # NOTE: for efficiency, start the Panda in resident mode with 'pavcl -tsr' # before starting amavisd - the bases are then loaded only once at startup. # To reload bases in a signature update script: # /opt/pavcl/usr/bin/pavcl -tsr -ulr; /opt/pavcl/usr/bin/pavcl -tsr # Please review other options of pavcl, for example: # -nomalw, -nojoke, -nodial, -nohackt, -nospyw, -nocookies # ### http://www.pandasoftware.com/ # ['Panda Antivirus for Linux', ['pavcl'], # '-TSR -aut -aex -heu -cmp -nbr -nor -nso -eng {}', # [0], [0x10, 0x30, 0x50, 0x70, 0x90, 0xB0, 0xD0, 0xF0], # qr/Found virus :\s*(\S+)/ ], # GeCAD AV technology is acquired by Microsoft; RAV has been discontinued. # Check your RAV license terms before fiddling with the following two lines! # ['GeCAD RAV AntiVirus 8', 'ravav', # '--all --archive --mail {}', [1], [2,3,4,5], qr/Infected: (.+)/ ], # # NOTE: the command line switches changed with scan engine 8.5 ! # # (btw, assigning stdin to /dev/null causes RAV to fail) ### http://www.nai.com/ ['NAI McAfee AntiVirus (uvscan)', 'uvscan', '--secure -rv --mime --summary --noboot - {}', [0], [13], qr/(?x) Found (?: \ the\ (.+)\ (?:virus|trojan) | \ (?:virus|trojan)\ or\ variant\ ([^ ]+) | :\ (.+)\ NOT\ a\ virus)/, # sub {$ENV{LD_PRELOAD}='/lib/libc.so.6'}, # sub {delete $ENV{LD_PRELOAD}}, ], # NOTE1: with RH9: force the dynamic linker to look at /lib/libc.so.6 before # anything else by setting environment variable LD_PRELOAD=/lib/libc.so.6 # and then clear it when finished to avoid confusing anything else. # NOTE2: to treat encrypted files as viruses replace the [13] with: # qr/^\s{5,}(Found|is password-protected|.*(virus|trojan))/ ### http://www.virusbuster.hu/en/ ['VirusBuster', ['vbuster', 'vbengcl'], "{} -ss -i '*' -log=$MYHOME/vbuster.log", [0], [1], qr/: '(.*)' - Virus/ ], # VirusBuster Ltd. does not support the daemon version for the workstation # engine (vbuster-eng-1.12-linux-i386-libc6.tgz) any longer. The names of # binaries, some parameters AND return codes have changed (from 3 to 1). # See also the new Vexira entry 'vascan' which is possibly related. # ### http://www.virusbuster.hu/en/ # ['VirusBuster (Client + Daemon)', 'vbengd', # '-f -log scandir {}', [0], [3], # qr/Virus found = (.*);/ ], # # HINT: for an infected file it always returns 3, # # although the man-page tells a different story ### http://www.cyber.com/ ['CyberSoft VFind', 'vfind', '--vexit {}/*', [0], [23], qr/##==>>>> VIRUS ID: CVDL (.+)/, # sub {$ENV{VSTK_HOME}='/usr/lib/vstk'}, ], ### http://www.avast.com/ ['avast! Antivirus', ['/usr/bin/avastcmd','avastcmd'], '-a -i -n -t=A {}', [0], [1], qr/\binfected by:\s+([^ \t\n\[\]]+)/ ], ### http://www.ikarus-software.com/ ['Ikarus AntiVirus for Linux', 'ikarus', '{}', [0], [40], qr/Signature (.+) found/ ], ### http://www.bitdefender.com/ ['BitDefender', 'bdc', '--arc --mail {}', qr/^Infected files *:0+(?!\d)/, qr/^(?:Infected files|Identified viruses|Suspect files) *:0*[1-9]/, qr/(?:suspected|infected): (.*)(?:\033|$)/ ], # consider also: --all --nowarn --alev=15 --flev=15. The --all argument may # not apply to your version of bdc, check documentation and see 'bdc --help' # ['File::Scan', sub {Amavis::AV::ask_av(sub{ # use File::Scan; my($fn)=@_; # my($f)=File::Scan->new(max_txt_size=>0, max_bin_size=>0); # my($vname) = $f->scan($fn); # $f->error ? (2,"Error: ".$f->error) # : ($vname ne '') ? (1,"$vname FOUND") : (0,"Clean")}, @_) }, # ["{}/*"], [0], [1], qr/^(.*) FOUND$/ ], # ### fully-fledged checker for JPEG marker segments of invalid length # ['check-jpeg', # sub { use JpegTester (); Amavis::AV::ask_av(\&JpegTester::test_jpeg, @_) }, # ["{}/*"], undef, [1], qr/^(bad jpeg: .*)$/ ], # # NOTE: place file JpegTester.pm somewhere where Perl can find it, # # for example in /usr/local/lib/perl5/site_perl ); @av_scanners_backup = ( ### http://www.clamav.net/ - backs up clamd or Mail::ClamAV ['ClamAV-clamscan', 'clamscan', "--stdout --no-summary -r --tempdir=$TEMPBASE {}", [0], qr/:.*\sFOUND$/, qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ], ### http://www.f-prot.com/ - backs up F-Prot Daemon ['FRISK F-Prot Antivirus', ['f-prot','f-prot.sh'], '-dumb -archive -packed {}', [0,8], [3,6], # or: [0], [3,6,8], qr/(?:Infection:|security risk named) (.+)|\s+contains\s+(.+)$/ ], ### http://www.trendmicro.com/ - backs up Trophie ['Trend Micro FileScanner', ['/etc/iscan/vscan','vscan'], '-za -a {}', [0], qr/Found virus/, qr/Found virus (.+) in/ ], ### http://www.sald.com/, http://drweb.imshop.de/ - backs up DrWebD ['drweb - DrWeb Antivirus', ['/usr/local/drweb/drweb', '/opt/drweb/drweb', 'drweb'], '-path={} -al -go -ot -cn -upn -ok-', [0,32], [1,9,33], qr' infected (?:with|by)(?: virus)? (.*)$'], ### http://www.kaspersky.com/ ['Kaspersky Antivirus v5.5', ['/opt/kav/5.5/kav4unix/bin/kavscanner', '/opt/kav/5.5/kav4mailservers/bin/kavscanner','kavscanner'], '-i0 -xn -xp -mn -R -ePASBME {}/*', [0,10,15], [5,20,21,25], qr/(?:INFECTED|WARNING|SUSPICION|SUSPICIOUS) (.*)/ , # sub {chdir('/opt/kav/bin') or die "Can't chdir to kav: $!"}, # sub {chdir($TEMPBASE) or die "Can't chdir back to $TEMPBASE $!"}, ], # Commented out because the name 'sweep' clashes with Debian and FreeBSD # package/port of an audio editor. Make sure the correct 'sweep' is found # in the path when enabling. # # ### http://www.sophos.com/ - backs up Sophie or SAVI-Perl # ['Sophos Anti Virus (sweep)', 'sweep', # '-nb -f -all -rec -ss -sc -archive -cab -tnef --no-reset-atime {}', # [0,2], qr/Virus .*? found/, # qr/^>>> Virus(?: fragment)? '?(.*?)'? found/, # ], # # other options to consider: -mime -oe -idedir=/usr/local/sav # always succeeds (uncomment to consider mail clean if all other scanners fail) # ['always-clean', sub {0}], ); 1; # insure a defined return |
|
| ◆ | AMaViSdの起動 |
| 下記のように設定します。青文字が入力文字です。 | |
|
[root@linux]# /etc/rc.d/init.d/amavisd start ← 入力 amavisd を起動中: [ OK ] |
|
| 続いてPCの再起動に AMaViSd を自動的に起動するようにします。下記のように入力します。青文字が入力文字です。 | |
|
[root@linux]# chkconfig amavisd on ← 入力 |
|
| 自動起動設定の確認。下記のように入力し 、下記のように表示されればOKです。青文字が入力文字です。 | |
|
[root@linux]# chkconfig --list amavisd ← 入力 amavisd 0:off 1:off 2:on 3:on 4:on 5:on 6:off |
|
| 再起動は下記のように入力します。青文字が入力文字です。 | |
|
[root@linux]# /etc/rc.d/init.d/amavisd restart |
|
| ◆ | Postfix の設定 |
|
/etc/postfix/main.cf を設定します。 下記のように設定します。下記のように黄色に部分を追記して下さい。赤文字は説明です。青文字が入力文字です。 |
|
|
[root@linux]# vi /etc/postfix/main.cf ← 入力 # Global Postfix configuration file. This file lists only a subset # of all 300+ parameters. See the postconf(5) manual page for a # complete list. # # The general format of each line is: parameter = value. Lines # that begin with whitespace continue the previous line. A value can # contain references to other $names or ${name}s. # # NOTE - CHANGE NO MORE THAN 2-3 PARAMETERS AT A TIME, AND TEST IF # POSTFIX STILL WORKS AFTER EVERY CHANGE. # SOFT BOUNCE # # The soft_bounce parameter provides a limited safety net for # testing. When soft_bounce is enabled, mail will remain queued that # would otherwise bounce. This parameter disables locally-generated # bounces, and prevents the SMTP server from rejecting mail permanently # (by changing 5xx replies into 4xx replies). However, soft_bounce # is no cure for address rewriting mistakes or mail routing mistakes. # #soft_bounce = no # LOCAL PATHNAME INFORMATION # # The queue_directory specifies the location of the Postfix queue. # This is also the root directory of Postfix daemons that run chrooted. # See the files in examples/chroot-setup for setting up Postfix chroot # environments on different UNIX systems. # queue_directory = /var/spool/postfix # The command_directory parameter specifies the location of all # postXXX commands. # command_directory = /usr/sbin # The daemon_directory parameter specifies the location of all Postfix # daemon programs (i.e. programs listed in the master.cf file). This # directory must be owned by root. # daemon_directory = /usr/libexec/postfix # QUEUE AND PROCESS OWNERSHIP # # The mail_owner parameter specifies the owner of the Postfix queue # and of most Postfix daemon processes. Specify the name of a user # account THAT DOES NOT SHARE ITS USER OR GROUP ID WITH OTHER ACCOUNTS # AND THAT OWNS NO OTHER FILES OR PROCESSES ON THE SYSTEM. In # particular, don't specify nobody or daemon. PLEASE USE A DEDICATED # USER. # mail_owner = postfix # The default_privs parameter specifies the default rights used by # the local delivery agent for delivery to external file or command. # These rights are used in the absence of a recipient user context. # DO NOT SPECIFY A PRIVILEGED USER OR THE POSTFIX OWNER. # #default_privs = nobody # INTERNET HOST AND DOMAIN NAMES # # The myhostname parameter specifies the internet hostname of this # mail system. The default is to use the fully-qualified domain name # from gethostname(). $myhostname is used as a default value for many # other configuration parameters. # #myhostname = host.domain.tld #myhostname = virtual.domain.tld myhostname = mail.****.com # The mydomain parameter specifies the local internet domain name. # The default is to use $myhostname minus the first component. # $mydomain is used as a default value for many other configuration # parameters. # #mydomain = domain.tld mydomain = xxxx.com # SENDING MAIL # # The myorigin parameter specifies the domain that locally-posted # mail appears to come from. The default is to append $myhostname, # which is fine for small sites. If you run a domain with multiple # machines, you should (1) change this to $mydomain and (2) set up # a domain-wide alias database that aliases each user to # user@that.users.mailhost. # # For the sake of consistency between sender and recipient addresses, # myorigin also specifies the default domain name that is appended # to recipient addresses that have no @domain part. # #myorigin = $myhostname #myorigin = $mydomain myorigin = $mydomain # RECEIVING MAIL # The inet_interfaces parameter specifies the network interface # addresses that this mail system receives mail on. By default, # the software claims all active interfaces on the machine. The # parameter also controls delivery of mail to user@[ip.address]. # # See also the proxy_interfaces parameter, for network addresses that # are forwarded to us via a proxy or network address translator. # # Note: you need to stop/start Postfix when this parameter changes. # #inet_interfaces = all #inet_interfaces = $myhostname #inet_interfaces = $myhostname, localhost #inet_interfaces = localhost inet_interfaces = all # The proxy_interfaces parameter specifies the network interface # addresses that this mail system receives mail on by way of a # proxy or network address translation unit. This setting extends # the address list specified wi | |