qmail邮件系统防毒部分修订版
QMAIL-SCANNER + CLAMAV + MAILDROP for QMAIL
代码:
本人声明如需转载请保留如下信息:
作者: LLZQQ
MAIL: LLZQQ@126.COM
FROM:WWW.CHINAUNIX.NET
1.0所需软件:
maildrop-1.5.2.20030423.tar.gz
perl-Time-HiRes-1.38-3.i386.rpm
perl-DB_File-1.804-88.4.i386.rpm
clamav-0.65.tar.gz
qmail-scanner-1.20.tgz
2.0安装maildrop:
# tar zxvf maildrop-1.5.2.20030423.tar.gz
# cd maildrop-1.5.2.20030423
# ./configure
# make
# make install-strip
# make install-man
3.0安装 perl插件
# rpm -ivh perl-Time-HiRes-1.38-3.i386.rpm
# rpm -ivh perl-DB_File-1.804-88.4.i386.rpm
4.0安装clamav-0.65.tar.gz
# groupadd clamav
# useradd -g clamav –d /usr/local/share/clamav -s /bin/false clamav
# tar zxvf clamav-0.65.tar.gz
# cd clamav-0.65
# ./configure
# make check
# make install
# vi /usr/local/etc/clamav.conf
===============================clamav.conf============================
# Comment or remove the line below.
#Example
LogFile /var/log/clamd.log
LogFileMaxSize 1M
LogTime
LogVerbose
PidFile /var/run/clamd.pid
DataDirectory /usr/local/share/clamav
LocalSocket /tmp/clamd
StreamMaxLength 10M
MaxThreads 10
MaxDirectoryRecursion 15
User clamav
ScanMail
ScanArchive
ScanRAR
ArchiveMaxFileSize 10M
ArchiveMaxRecursion 5
ArchiveMaxFiles 1000
ClamukoScanOnOpen
ClamukoScanOnClose
ClamukoScanOnExec
ClamukoIncludePath /home/vpopmail
ClamukoMaxFileSize 6M
ClamukoScanArchive
===============================clamav.conf============================
# touch /var/log/clamd.log
# chown clamav:clamav /var/log/clamd.log
4.1建立clamav的启动脚本:
# vi /etc/init.d/clamd
==================================clamd===============================
#! /bin/bash
#
# crond Start/Stop the clam antivirus daemon.
#
# chkconfig: 2345 90 60
# description: clamdis a standard UNIX program that scans for Viruses.
# processname: clamd
# config: /usr/local/etc/clamav.conf
# pidfile: /var/run/clamd.pid
# Source function library.
. /etc/init.d/functions
RETVAL=0
# See how we were called.
prog="clamd"
progdir="/usr/local/sbin"
# Source configuration
if [ -f /etc/sysconfig/$prog ] ; then
. /etc/sysconfig/$prog
fi
start() {
echo -n $"Starting $prog: "
daemon $progdir/$prog
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && touch /var/run/clamd.pid
return $RETVAL
}
stop() {
echo -n $"Stopping $prog: "
killproc $prog
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && rm -f /var/run/clamd.pid /tmp/clamd
return $RETVAL
}
rhstatus() {
status clamd
}
restart() {
stop
start
}
reload() {
echo -n $"Reloading clam daemon configuration: "
killproc clamd -HUP
retval=$?
echo
return $RETVAL
}
case "$1" in
start)
start
;;
stop)
stop
;;
restart)
restart
;;
reload)
reload
;;
status)
rhstatus
;;
condrestart)
[ -f /var/lock/subsys/clamd ] && restart || :
;;
*)
echo $"Usage: $0 {start|stop|status|reload|restart|condrestart}"
exit 1
esac
exit 0
==================================clamd===============================
# chmod 755 /etc/init.d/clamd
# chkconfig –add clamd
# chkconfig clamd on
4.2更新病毒库
# /usr/local/bin/freshclam
4.3定时更新病毒库
# crontab –e
00 9 * * * /usr/local/bin/freshclam --quiet
5.0安装qmail-scanner-1.20.tgz
# groupadd qscand
# useradd -g qscand -s /bin/false qscand
# tar zxvf qmail-scanner-1.20.tgz
# cd qmail-scanner-1.20
# ./configure
--qmail-queue-binary /var/qmail/bin/qmail-queue
--admin postmaster
--domain nero.3322.org
--notify sender,admin
--local-domains nero.3322.org
--lang en_GB
--debug yes
--unzip yes
--scanners clamscan
--install
# chown qscand:qscand /var/qmail/bin/qmail-scanner-queue.pl
# chmod 4755 /var/qmail/bin/qmail-scanner-queue.pl
然后用一个普通用户执行/var/qmail/bin/qmail-scanner-queue.pl -z
如果有Can't do setuid出现,回到安装文件目录,有个contrib目录,
# cd contrib
# make
# make install
附加作如下步骤:
# chown qscand:qscand /var/qmail/bin/qmail-scanner-queue
# chmod 4755 /var/qmail/bin/qmail-scanner-queue
# chmod 0755 /var/qmail/bin/qmail-scanner-queue.pl
然后用一个普通用户登陆,执行
# /var/qmail/bin/qmail-scanner-queue -z
# /var/qmail/bin/qmail-scanner-queue -g
5.1修改环境变量
在你的qmail启动脚本加入
QMAILQUEUE=/var/qmail/bin/qmail-scanner-queue.pl
export QMAILQUEUE
如果作了附加步骤用下面的
QMAILQUEUE=/var/qmail/bin/qmail-scanner-queue
export QMAILQUEUE
修改qmail-scanner-queue.pl中的
my $clamscan_options="-r --disable-summary --max-recursion=10 --max-space=1000000";
为:
my $clamscan_options="-r --mbox --disable-summary --max-recursion=10 --max-space=1000000";
5.2重起qmail 测试
这里有测试程序
# /qmail-scanner-1.20/contrib/test_installation.sh -doit
5.3主要的排错监测日志:
/var/log/maillog
/var/log/clamd.log
/var/spool/qmailscan/quarantine.log
/var/spool/qmailscan/qmail-queue.log