小蔡 2007-1-13 18:11
[01-13] FREEBSD防毒軟體
FREEBSD基本上是不會中毒的
但有裝MAIL SERVER
這時MAIL就需要有防毒軟體
以便控制有病毒信的收送
我們就來安裝clamav
首先安裝clamav
cd /usr/ports/security/clamav
make install clean
當選項畫面出現時請勾選MILTER
安裝完成後clamav共有三支程式
clamav-clamd
clamav-milter
clamav-freshclam
以clamd為主,milter 和 freshclam為輔
設定檔在/usr/local/etc/clamd.conf,這個設定檔直接使用,不用改
接下來設定開機時啟動clamav
vi /etc/rc.conf
加入以下四行
clamav_clamd_enable="YES"
clamav_freshclam_enable="YES"
freshclam_flags="--daemon --checks=10"
clamav_milter_enable="YES"
然後我們啟動
/usr/local/etc/rc.d/clamav-clamd.sh start
/usr/local/etc/rc.d/clamav-milter.sh start
/usr/local/etc/rc.d/clamav-freshclam.sh start
接下來修改sendmail.mc
cd /usr/ports/mail/sendmail-sasl/work/sendmail-8.13.1/cf/cf
複製generic-bsd4.4.mc成sendmail.mc
cp generic-bsd4.4.mc sendmail.mc
修改sendmail.mc
# vi sendmail.mc
加入以下幾行:
dnl The following lines are used to enable the STARTTLS function
define(`CERT_DIR', `/etc/mail/cert')dnl
define(`confCACERT_PATH', `CERT_DIR')dnl
define(`confCACERT', `CERT_DIR/cacert.pem')dnl
define(`confSERVER_CERT', `CERT_DIR/mycert.pem')dnl
define(`confSERVER_KEY', `CERT_DIR/mykey.pem')dnl
define(`confCLIENT_CERT', `CERT_DIR/mycert.pem')dnl
define(`confCLIENT_KEY', `CERT_DIR/mykey.pem')dnl
dnl The following lines are used to enable CYRUS-SASL function
define(`confAUTH_MECHANISMS',`CRAM-MD5 DIGEST-MD5 LOGIN PLAIN')dnl
TRUST_AUTH_MECH(`CRAM-MD5 DIGEST-MD5 LOGIN PLAIN')dnl
FEATURE(`access_db')dnl
FEATURE(`delay_checks')dnl
FEATURE(local_procmail)
MAILER(procmail)dnl
MAILER(smtp)dnl
INPUT_MAIL_FILTE(`clmilter',`S=local:/var/run/clamav/clmilter.sock,F=, T=S:4m;R:4m')
define(`confINPUT_MAIL_FILTERS', `clmilter')
其實是只有增加原廠提供的數值(原廠路徑只是參考,/var/run/clamav/clmilter.sock才正確歐)
另外增加FEATURE(`delay_checks')dnl功能(等一下再說明)
存檔後一樣在此目錄
(/usr/ports/mail/sendmail-sasl/work/sendmail-8.13.1/cf/cf)中
建立sendmail.cf並將前面設定寫入sendmail.cf
./Build senmail.cf
./Build install-cf
最後退回兩個目錄安裝改變的設定檔
cd ../../
(或#cd/usr/ports/mail/sendmail-sasl/work/sendmail-8.13.1)
make
make install
重新啟動senmail
# killall sendmail
#/usr/local/etc/rc.d/sendmail.sh start
如此就完成了
接下來設定clamav-milter 的flags
vi /usr/local/etc/rc.d/ clamav-milter.sh
原設定為
: ${clamav_milter_flags="--postmaster-only --local --outgoing --max-children=50"}
改為
: ${clamav_milter_flags="--local --outgoing --max-children=50 --noreject --quiet --quarantine=rascal"}
這裡稍作說明
原設定的意思是發現病毒郵件會
1.將訊息傳給postmaster(MAILER-DAEMON的別名)
2.然後會回給寄件者代號550或554的訊息
3.並將該郵件丟棄
實作結果,將訊息傳給postmaster的信,是透過舊sendmail來傳送,結果clamav會發現我們的sendmail沒有啟動,會丟/var/spool/clientmqueue/
裡面,等待我們的senadmail啟動時再丟給mqueue來傳送,所以信會卡在clientmqueue裡
改變後的設定
1.將病毒郵件送往rascal(請自取一個本機帳號)
2.不會回給寄件者訊息
為什麼要改這裡而不將此flag寫在 /etc/rc.conf裡例如
clamav_milter_socket="/var/run/clamav/clmilter.sock"
clamav_milter_flags="--postmaster-only --local --outgoing
--max-children=50"
因為實作結果clmilter.sock在重新開機時會失敗,如果一定要寫在/etc/rc.conf裡面才方便管理,請
vi /etc/rc.local
加入
/usr/local/sbin/clamav-milter -lo /var/run/clamav/clmilter.sock
如此就完成了
至於freshclam則設定10天更新一次病毒碼,
新增FEATURE(`delay_checks')dnl是用來過濾動態ip
請
vi /etc/mail/access
加入
dynamic.apol.com.tw DISCARD
dynamic.giga.net.tw DISCARD
dynamic.hinet.net DISCARD
dynamic.seed.net.tw DISCARD
dynamic.tfn.net.tw DISCARD
dynamic.ttn.net DISCARD
dynamic.lsc.net.tw DISCARD
(空白部分用Tab)
然後
make maps
測試看看,寄封有病毒的信
應該可以擋下來了
這樣的防毒就成功了
心動了嗎?開始著手安裝吧!!!
[[i] 本帖最後由 cisco 於 2007-1-28 00:53 編輯 [/i]]