This chapter describes how to install and handle the software against viruses and SPAM
# Adding a group for the clamav user groupadd clamav # Adding the clamav user to your system useradd -g clamav -c "clamav user" clamav cd /usr/local tar -xvzf clamav-0.68.tar.gz cd clamav-0.68 ./configure make && make install |
To test the funtionality of clamav, you can run clamscan to get some results from the testpatterns that are included in the clamav distribution run clamscan -r -i /usr/local/clamav-0.68
The output should look like this:
/usr/local/clamav-0.68/test/test1: ClamAV-Test-Signature FOUND /usr/local/clamav-0.68/test/test1.bz2: ClamAV-Test-Signature FOUND /usr/local/clamav-0.68/test/test2.zip: ClamAV-Test-Signature FOUND /usr/local/clamav-0.68/test/test2.badext: ClamAV-Test-Signature FOUND /usr/local/clamav-0.68/contrib/clamdwatch/clamdwatch.tar.gz: Eicar-Test-Signature FOUND ----------- SCAN SUMMARY ----------- Known viruses: 20482 Scanned directories: 47 Scanned files: 406 Infected files: 5 Data scanned: 5.48 MB I/O buffer size: 131072 bytes Time: 2.706 sec (0 m 2 s) |
Next step is to setup the automated update of the virus database. This is a important step, because the speed of virus spreading is fast and would pick up even further.
Create the needed logfiles
touch /var/log/clam-update.log chmod 600 /var/log/clam-update.log chown clamav /var/log/clam-update.log |
I suggest to update the signatures with a hourly cronjob. To edit the crontab issue crontab -e and add the following line, and replace the »x« with a random value between 1 and 59. This is some kind of time based loadbalancing to ensure more people can fetch the updated.
#x * * * * /usr/local/bin/freshclam --quiet -l /var/log/clam-update.log |
To test if the update process is working, please issue the command /usr/local/bin/freshclam -l /var/log/clam-update.log and have a look at the output.
The output should look similar to this:
ClamAV update process started at Tue Mar 23 19:58:11 2004 Reading CVD header (main.cvd): OK Downloading main.cvd [*] main.cvd updated (version: 21, sigs: 20094, f-level: 1, builder: tkojm) Reading CVD header (daily.cvd): OK Downloading daily.cvd [*] daily.cvd updated (version: 210, sigs: 596, f-level: 1, builder: acab) Database updated (20690 signatures) from database.clamav.net (64.74.124.90). |
Razor is one of the prerequisites of spamassassin.
Origin-Site: http://prdownloads.sourceforge.net/razor/razor-agents-sdk-2.03.tar.gz?download
Origin-Site: http://prdownloads.sourceforge.net/razor/razor-agents-2.40.tar.gz?download
cd /usr/local tar -xvzf razor-agents-sdk-2.03.tar.gz cd razor-agents-sdk-2.03 perl Makefile.PL make && make install cd /usr/local tar -xvzf razor-agents-2.40.tar.gz cd razor-agents-2.40/ perl Makefile.PL make && make install |
In order to use razor2 you need to register yourself as a user
Choose a unique username and password and issue razor-admin -register -user=some_user -pass=somepass
Spamassassin is the todays leading opensource project to fight against SPAM. To describe how spamassassin works would be too much for this document. For further information please consult http://eu.spamassassin.org/doc.html
Spamassassin depends on a lot of prerequisites. The easiest way is using the CPAN repository. Issue the command perl -MCPAN -e shell and answer all questions as needed.
cd /usr/local tar -xvzf Mail-SpamAssassin-2.63.tar.gz cd Mail-SpamAssassin-2.63 perl Makefile.PL # You get prompted to run Razor tests which you should answer with "y" Run Razor v2 tests (these may fail due to network problems)? (y/n) [n] y make && make install |
Amavisd-new is the software that glues all the software described above together to postfix
Amavisd-new needs a lot of prerequisites.
Run perl -MCPAN -e shell and issue:
install ExtUtils::MakeMaker install HTML::Parser install DB_File install Digest::SHA1 install Archive::Tar install Archive::Zip install Compress::Zlib install Convert::TNEF install Convert::UUlib install MIME::Base64 install MIME::Parser install Mail::Internet install Mail::SPF::Query install Net::Server install Net::SMTP install Net::DNS install Digest::MD5 install IO::Stringy install Time::HiRes install Unix::Syslog |
At the end run ./amavisd and have a look at overseen prerequisites.
Edit /etc/amavisd.conf and change the variables $daemon_user to »amavis« and $daemon_group to »amavis«. Another variable to change is $mydomain to match your domain.
Please also consider to change the default settings for virus and spam mails to avoid being notified about every intercepted mail
$final_virus_destiny = D_DISCARD; # (defaults to D_BOUNCE) $final_spam_destiny = D_DISCARD; # (defaults to D_REJECT) |
In the beginning of SPAM filtering I recommend to set the kill-value to something higher until you tweaked the filters. Change the variable $sa_kill_level_deflt to 8 or even higher.
cd /usr/local tar -xvzf amavisd-new-20030616-p8.tar.gz cd amavisd-new-20030616 cp amavisd /usr/local/sbin cp amavisd.conf /etc chown root /etc/amavisd.conf chmod 644 /etc/amavisd.conf |
Now it is the the time to define a group and a user for amavisd-new
groupadd amavis useradd -g amavis -c "Amavisd-new user" amavis |
Next you have to define a directory for the quarantined mail:
mkdir /var/virusmails chown amavis:amavis /var/virusmails chmod 750 /var/virusmails mkdir /var/amavis chown amavis:amavis /var/amavis chmod 750 /var/amavis |
The original init script in the amavisd-new distribution does only work work with Redhat. Other distributions need to install my quick and dirty init-script:
#!/bin/bash # # Amavisd-new startup script case "$1" in start) # Starting amavisd /usr/local/sbin/amavisd ;; stop) # follows later ;; *) echo "Usage: $0 {start|stop}" exit 1 ;; esac |
Postfix needs to be configured to send each mail to amavis-new in order to get sanitized.
You need to add the following line to /etc/postfix/main.cf
content_filter = smtp-amavis:127.0.0.1:10024 |
The /etc/postfix/master.cf needs also some adjustments to return the results from amavisd-new to the mailingsystem.
Please add the following lines to your configuration:
smtp-amavis unix - - y - 2 smtp -o smtp_data_done_timeout=1200 127.0.0.1:10025 inet n - n - - smtpd -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_client_restrictions= -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o mynetworks=127.0.0.0/8 -o strict_rfc821_envelopes=yes -o smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000 |