qmail邮件系统防毒部分修订版

QMAIL-SCANNER + CLAMAV + MAILDROP for QMAIL

1.0所需软件:

maildrop-1.5.2.20030423.tar.gz
perl-Time-HiRes-1.38-3.i386.rpm
perl-DB_File-1.804-88.4.i386.rpm
clamav-0.65.tar.gz
qmail-scanner-1.20.tgz

2.0安装maildrop:

# tar zxvf maildrop-1.5.2.20030423.tar.gz
# cd maildrop-1.5.2.20030423
# ./configure
# make
# make install-strip
# make install-man

3.0安装 perl插件

# rpm -ivh perl-Time-HiRes-1.38-3.i386.rpm
# rpm -ivh perl-DB_File-1.804-88.4.i386.rpm

4.0安装clamav-0.65.tar.gz

# groupadd clamav
# useradd -g clamav –d /usr/local/share/clamav -s /bin/false clamav
# tar zxvf clamav-0.65.tar.gz
# cd clamav-0.65
# ./configure
# make check
# make install

# vi /usr/local/etc/clamav.conf
===============================clamav.conf============================
# Comment or remove the line below.
#Example
LogFile /var/log/clamd.log
LogFileMaxSize 1M
LogTime
LogVerbose
PidFile /var/run/clamd.pid
DataDirectory /usr/local/share/clamav
LocalSocket /tmp/clamd
StreamMaxLength 10M
MaxThreads 10
MaxDirectoryRecursion 15
User clamav
ScanMail
ScanArchive
ScanRAR
ArchiveMaxFileSize 10M
ArchiveMaxRecursion 5
ArchiveMaxFiles 1000
ClamukoScanOnOpen
ClamukoScanOnClose
ClamukoScanOnExec
ClamukoIncludePath /home/vpopmail
ClamukoMaxFileSize 6M
ClamukoScanArchive
===============================clamav.conf============================
# touch /var/log/clamd.log
# chown clamav:clamav /var/log/clamd.log

4.1建立clamav的启动脚本:

# vi /etc/init.d/clamd
==================================clamd===============================
#! /bin/bash
#
# crond   Start/Stop the clam antivirus daemon.
#
# chkconfig: 2345 90 60
# description: clamdis a standard UNIX program that scans for Viruses.
# processname: clamd
# config: /usr/local/etc/clamav.conf
# pidfile: /var/run/clamd.pid

# Source function library.
. /etc/init.d/functions
RETVAL=0
# See how we were called.
prog="clamd"
progdir="/usr/local/sbin"
# Source configuration
if [ -f /etc/sysconfig/$prog ] ; then
    . /etc/sysconfig/$prog
fi

start() {
        echo -n $"Starting $prog: "
        daemon $progdir/$prog
        RETVAL=$?
        echo
        [ $RETVAL -eq 0 ] && touch /var/run/clamd.pid
        return $RETVAL
}

stop() {
     echo -n $"Stopping $prog: "
     killproc $prog
     RETVAL=$?
     echo
     [ $RETVAL -eq 0 ] && rm -f /var/run/clamd.pid /tmp/clamd
        return $RETVAL
}

rhstatus() {
     status clamd
}

restart() {
     stop
     start
}

reload() {
        echo -n $"Reloading clam daemon configuration: "
        killproc clamd -HUP
        retval=$?
        echo
        return $RETVAL
}

case "$1" in
  start)
        start
        ;;
  stop)
        stop
        ;;
  restart)
        restart
        ;;
  reload)
        reload
        ;;
  status)
        rhstatus
        ;;
  condrestart)
        [ -f /var/lock/subsys/clamd ] && restart || :
        ;;
  *)
        echo $"Usage: $0 {start|stop|status|reload|restart|condrestart}"
        exit 1
esac
exit 0
==================================clamd===============================

# chmod 755 /etc/init.d/clamd
# chkconfig –add clamd
# chkconfig clamd on

4.2更新病毒库

# /usr/local/bin/freshclam   

4.3定时更新病毒库

# crontab –e
00 9 * * * /usr/local/bin/freshclam --quiet

5.0安装qmail-scanner-1.20.tgz

# groupadd qscand
# useradd -g qscand -s /bin/false qscand
# tar zxvf qmail-scanner-1.20.tgz
# cd qmail-scanner-1.20
# ./configure
--qmail-queue-binary /var/qmail/bin/qmail-queue
--admin postmaster
--domain nero.3322.org
--notify sender,admin
--local-domains nero.3322.org
--lang en_GB
--debug yes
--unzip yes
--scanners clamscan
--install

# chown qscand:qscand /var/qmail/bin/qmail-scanner-queue.pl
# chmod 4755 /var/qmail/bin/qmail-scanner-queue.pl

然后用一个普通用户执行/var/qmail/bin/qmail-scanner-queue.pl -z
如果有Can't do setuid出现,回到安装文件目录,有个contrib目录,

# cd contrib
# make
# make install

附加作如下步骤:

# chown qscand:qscand /var/qmail/bin/qmail-scanner-queue
# chmod 4755 /var/qmail/bin/qmail-scanner-queue
# chmod 0755 /var/qmail/bin/qmail-scanner-queue.pl

然后用一个普通用户登陆,执行

# /var/qmail/bin/qmail-scanner-queue -z
# /var/qmail/bin/qmail-scanner-queue -g

5.1修改环境变量

在你的qmail启动脚本加入

QMAILQUEUE=/var/qmail/bin/qmail-scanner-queue.pl
export QMAILQUEUE

如果作了附加步骤用下面的

QMAILQUEUE=/var/qmail/bin/qmail-scanner-queue
export QMAILQUEUE

修改qmail-scanner-queue.pl中的

my $clamscan_options="-r --disable-summary --max-recursion=10 --max-space=1000000";
为:
my $clamscan_options="-r --mbox --disable-summary --max-recursion=10 --max-space=1000000";

5.2重起qmail 测试

这里有测试程序

# /qmail-scanner-1.20/contrib/test_installation.sh -doit

5.3主要的排错监测日志:

/var/log/maillog
/var/log/clamd.log
/var/spool/qmailscan/quarantine.log
/var/spool/qmailscan/qmail-queue.log

,