如何安裝配置SpamAssassin、ClamAV與Procmail

jerryswxs

1. 安裝SpamAssassin
（請(qǐng)注意，在安裝SpamAssassin前，請(qǐng)確認(rèn)你的系統(tǒng)已經(jīng)安裝了Perl）
cd /tmp
wget
http://www.mirror.ac.uk/sites/spamassassin.taint.org/spamassassin.org/released/Mail-SpamAssassin-2.63.tar.gz
tar xvfz Mail-SpamAssassin-2.63.tar.gz
cd Mail-SpamAssassin-2.63
perl Makefile.PL
make
make install2. 安裝ClamAV
cd /tmp
groupadd clamav
useradd -g clamav -s /bin/false -c "Clam AntiVirus" clamav
wget
http://heanet.dl.sourceforge.net/sourceforge/clamav/clamav-0.67.tar.gz
tar xvfz clamav-0.67.tar.gz
cd clamav-0.67
./configure --sysconfdir=/etc（請(qǐng)注意，你可以使用./configure --help來(lái)獲得更多編譯安裝選項(xiàng)）
make
su -c "make install"安裝完成后，如果你運(yùn)行：
clamd你會(huì)得到一個(gè)錯(cuò)誤提示：
ERROR: Please edit the example config file /etc/clamav.conf.你需要參照一下內(nèi)容來(lái)編輯/etc/clamav.conf文件：
##
## Example config file for the Clam AV daemon
## Please read the clamav.conf(5) manual before editing this file.
##
# Comment or remove the line below.
#Example
# Uncomment this option to enable logging.
# LogFile must be writable for the user running the daemon.
# Full path is required.
#LogFile /tmp/clamd.log
# By default the log file is locked for writing - the lock protects against
# running clamd multiple times (if want to run another clamd, please
# copy the configuration file, change the LogFile variable, and run
# the daemon with --config-file option). That's why you shouldn't uncomment
# this option.
#LogFileUnlock
# Maximal size of the log file. Default is 1 Mb.
# Value of 0 disables the limit.
# You may use 'M' or 'm' for megabytes (1M = 1m = 1048576 bytes)
# and 'K' or 'k' for kilobytes (1K = 1k = 1024 bytes). To specify the size
# in bytes just don't use modifiers.
#LogFileMaxSize 2M
# Log time with an each message.
#LogTime
# Use system logger (can work together with LogFile).
#LogSyslog
# Enable verbose logging.
#LogVerbose
# This option allows you to save the process identifier of the listening
# daemon (main thread).
#PidFile /var/run/clamd.pid
# Path to a directory containing .db files.
# Default is the hardcoded directory (mostly /usr/local/share/clamav,
# it depends on installation options).
#DatabaseDirectory /var/lib/clamav
# The daemon works in local or network mode. Currently the local mode is
# recommended for security reasons.
# Path to the local socket. The daemon doesn't change the mode of the
# created file (portability reasons). You may want to create it in a directory
# which is only accessible for a user running daemon.
LocalSocket /tmp/clamd
# Remove stale socket after unclean shutdown.
#FixStaleSocket
# TCP port address.
#TCPSocket 3310
# TCP address.
# By default we bind to INADDR_ANY, probably not wise.
# Enable the following to provide some degree of protection
# from the outside world.
#TCPAddr 127.0.0.1
# Maximum length the queue of pending connections may grow to.
# Default is 15.
#MaxConnectionQueueLength 30
# When activated, input stream (see STREAM command) will be saved to disk before
# scanning - this allows scanning within archives.
#StreamSaveToDisk
# Close the connection if this limit is exceeded.
#StreamMaxLength 10M
# Maximal number of a threads running at the same time.
# Default is 5, and it should be sufficient for a typical workstation.
# You may need to increase threads number for a server machine.
#MaxThreads 10
# Thread (scanner - single task) will be stopped after this time (seconds).
# Default is 180. Value of 0 disables the timeout. SECURITY HINT: Increase the
# timeout instead of disabling it.
#ThreadTimeout 500
# Maximal depth the directories are scanned at.
MaxDirectoryRecursion 15
# Follow a directory symlinks.
# SECURITY HINT: You should have enabled directory recursion limit to
# avoid potential problems.
#FollowDirectorySymlinks
# Follow regular file symlinks.
#FollowFileSymlinks
# Do internal checks (eg. check the integrity of the database structures)
# By default clamd checks itself every 3600 seconds (1 hour).
#SelfCheck 600
# Execute a command when virus is found. In the command string %v and %f will
# be replaced by the virus name and the infected file name respectively.
#
# SECURITY WARNING: Make sure the virus event command cannot be exploited,
#                    eg. by using some special file name when %f is used.
#                    Always use a full path to the command.
#                    Never delete/move files with this directive !
#VirusEvent /usr/local/bin/send_sms 123456789 "VIRUS ALERT: %f: %v"
# Run as selected user (clamd must be started by root).
# By default it doesn't drop privileges.
User clamav
# Initialize the supplementary group access (for all groups in /etc/group
# user is added in. clamd must be started by root).
#AllowSupplementaryGroups
# Don't fork into background. Useful in debugging.
#Foreground
# Enable debug messages in libclamav.
#Debug
##
## Mail support
##
# Uncomment this option if you are planning to scan mail files.
ScanMail
##
## Archive support
##
# Comment this line to disable scanning of the archives.
ScanArchive
# By default the built-in RAR unpacker is disabled by default because the code
# terribly leaks, however it's probably a good idea to enable it.
#ScanRAR
# Options below protect your system against Denial of Service attacks
# with archive bombs.
# Files in archives larger than this limit won't be scanned.
# Value of 0 disables the limit.
# WARNING: Due to the unrarlib implementation, whole files (one by one) in RAR
#           archives are decompressed to the memory. That's why never disable
#           this limit (but you may increase it of course!)
ArchiveMaxFileSize 10M
# Archives are scanned recursively - e.g. if Zip archive contains RAR file,
# the RAR file will be decompressed, too (but only if recursion limit is set
# at least to 1). With this option you may set the recursion level.
# Value of 0 disables the limit.
ArchiveMaxRecursion 5
# Number of files to be scanned within archive.
# Value of 0 disables the limit.
ArchiveMaxFiles 1000
# Use slower decompression algorithm which uses less memory. This option
# affects bzip2 decompressor only.
#ArchiveLimitMemoryUsage
##
## Clamuko settings
## WARNING: This is experimental software. It is very likely it will hang
##            up your system !!!
##
# Enable Clamuko. Dazuko (/dev/dazuko) must be configured and running.
#ClamukoScanOnLine
# Set access mask for Clamuko.
ClamukoScanOnOpen
ClamukoScanOnClose
ClamukoScanOnExec
# Set the include paths (all files in them will be scanned). You can have
# multiple ClamukoIncludePath options, but each directory must be added
# in a seperate option. All subdirectories are scanned, too.
ClamukoIncludePath /home
#ClamukoIncludePath /students
# Set the exclude paths. All subdirectories are also excluded.
#ClamukoExcludePath /home/guru
# Limit the file size to be scanned (probably you don't want to scan your movie
# files ;))
# Value of 0 disables the limit. 1 Mb should be fine.
ClamukoMaxFileSize 1M
# Enable archive support. It uses the limits from clamd section.
# (This option doesn't depend on ScanArchive, you can have archive support
# in clamd disabled).
# ClamukoScanArchive現(xiàn)在我們需要為ClamAV創(chuàng)建一個(gè)初始化腳本/etc/init.d/clamd文件：
#!/bin/bash
TMPDIR=/tmp
PATH=/sbin:/usr/sbin:/bin:/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/X11R6/bin
case "$1" in
start)
echo "Starting ClamAV..."
if [ -S /tmp/clamd ]; then
echo "ClamAV is already running!"
else
/usr/local/bin/freshclam -d -c 10 --datadir=/usr/local/share/clamav
/usr/local/sbin/clamd
fi
echo "ClamAV is now up and running!"
;;
stop)
echo "Shutting down ClamAV..."
array=(`ps ax | grep -iw '/usr/local/bin/freshclam' | grep -iv 'grep' \
| awk '{print $1}' | cut -f1 -d/ | tr '\n' ' '`)
element_count=${#array[@]}
index=0
while [ "$index" -lt "$element_count" ]
do
kill -9 ${array[$index]}
let "index = $index + 1"
done
array=(`ps ax | grep -iw '/usr/local/sbin/clamd' | grep -iv 'grep' \
| awk '{print $1}' | cut -f1 -d/ | tr '\n' ' '`)
element_count=${#array[@]}
index=0
while [ "$index" -lt "$element_count" ]
do
kill -9 ${array[$index]}
let "index = $index + 1"
done
if [ -S /tmp/clamd ]; then
rm -f /tmp/clamd
fi
echo "ClamAV stopped!"
;;
restart)
$0 stop  && sleep 3
$0 start
;;
*)
echo "Usage: $0 {start|stop|restart}"
exit 1
esac
exit 0改變文件權(quán)限：
chmod 755 /etc/init.d/clamd啟動(dòng)ClamAV：
/etc/init.d/clamd start現(xiàn)在運(yùn)行以下命令，你應(yīng)該看到clamd程序的進(jìn)程和更新病毒庫(kù)的freshclam進(jìn)程：
ps aux以下內(nèi)容包含在clamd初始化腳本內(nèi)，使clamd能夠每天更新10次病毒庫(kù)
/usr/local/bin/freshclam -d -c 10 --datadir=/usr/local/share/clamav運(yùn)行以下命令使ClamAV能夠跟隨系統(tǒng)啟動(dòng)：
ln -s /etc/init.d/clamd /etc/rc2.d/S20clamd
ln -s /etc/init.d/clamd /etc/rc3.d/S20clamd
ln -s /etc/init.d/clamd /etc/rc4.d/S20clamd
ln -s /etc/init.d/clamd /etc/rc5.d/S20clamd
ln -s /etc/init.d/clamd /etc/rc0.d/K20clamd
ln -s /etc/init.d/clamd /etc/rc1.d/K20clamd
ln -s /etc/init.d/clamd /etc/rc6.d/K20clamd3 Install trashscan3. 安裝Trashscan
Trashscan為Procmail和ClamAV建立了連接。（當(dāng)收到一封電子郵件，Procmail將調(diào)用Trashscan，而Trashscan將調(diào)用ClamAV來(lái)掃描郵件是否感染病毒）
cd /tmp/clamav-0.67/contrib/trashscan
tar xvfz trashscan-0.08.tar.gz
cd trashscan-0.08
cp -pf trashscan /usr/local/sbin/安裝完成后，我們需要在文件/usr/local/sbin/trashscan的配置部分中調(diào)整一些參數(shù)。你可以參閱以下內(nèi)容：
#!/bin/bash
#
# TrashScan v0.08; Scan email for viruses
# ZapCoded by Trashware; 13.10.2002
# Email:
trashware@gmx.de
# Web:
http://trashware.mirrorz.com
#
PATH=/sbin:/usr/sbin:/bin:/usr/bin:/usr/local/bin:/usr/local/sbin
# --------------------------------------- Begin Settinx ---------------------------------------- #
SCANDIR=$HOME/tmp                                              # Temp directory for virus scans.
                                                               # Security: Don't define public
                                                               # accessible directories here !!!
                                                               # $HOME/tmp should be fine.
#DECODER=metamail                                              # Decoder: "metamail" or "uudeview"
#DECODPRG=metamail                                             # Absolute path to decoder: metamail
DECODER=uudeview                                               # Decoder: "metamail" or "uudeview"
DECODPRG=/usr/local/bin/uudeview                               # Absolute path to decoder: uudeview
VSCANPRG=/usr/local/bin/clamscan                               # Absolute path to the virus scanner
VSCANOPT="--quiet --tempdir=$HOME/tmp --recursive --max-files=500 \
        --max-space=30M --unzip=/usr/bin/unzip --unrar=/usr/bin/unrar \
        --unarj=/usr/bin/unarj --zoo=/usr/bin/zoo --lha=/usr/bin/lha \
        --jar=/usr/bin/unzip --tar=/bin/tar --tgz=/bin/tar"    # Parameters for the virus scanner.
                                                               # Security: Don't choose public
                                                               # accessible directories for the
                                                               # --tempdir definition !!!
                                                               # --tempdir=$HOME/tmp should be fine.
VSCANVEX=1                                                     # Exitcode of the virus scanner if a
                                                               # virus was found
VSCANSUSP=mail.virus                                           # File to store suspicious mail (see
                                                               # procmail.trashscan)
FORMAIL=formail                                                # Absolute path to formail
PROCMAIL=procmail                                              # Absolute path to procmail
SENDMAIL=sendmail                                              # Absolute path to sendmail
CAT=cat                                                        # Absolute path to cat
GREP=grep                                                      # Absolute path to grep
LOGGER=logger                                                  # Absolute path to logger
LOGPRIO=mail.warn                                              # Log level for logger
MKDIR=mkdir                                                    # Absolute path to mkdir
RM=rm                                                          # Absolute path to rm
SED=sed                                                        # Absolute path to sed
ALERTRCVR=virusadmin@example.com                               # Receiver of virus alert messages
ALERTSNDR=virusadmin@example.com                               # Sender of virus alert messages
ALERTCTCT=virusadmin@example.com                               # Person to contact (appears in the
                                                               # mail body of the virus alert)
# ---------------------------------------- End Settinx ---------------------------------------- #請(qǐng)注意在腳本開(kāi)頭部分的路徑定義：
PATH=/sbin:/usr/sbin:/bin:/usr/bin:/usr/local/bin:/usr/local/sbin這樣我們可以不需要指定需要調(diào)用Trashscan程序的絕對(duì)路徑。
VSCANOPT參數(shù)指定了當(dāng)郵件含有壓縮文件時(shí)所需要的解壓縮程序路徑，你可能并不需要檢查所有的壓縮文件，但是在這里建議至少指定常用壓縮格式的解壓縮程序路徑（例如：zip格式），當(dāng)然你的系統(tǒng)同樣需要安裝這些解壓縮程序。
另外，請(qǐng)指定一個(gè)郵件地址來(lái)接收病毒警告郵件
4. 安裝uudeview
Trashscan需要一個(gè)外部程序來(lái)解碼郵件信息。在上面的Trashscan配置中，我們指定了uudeview，所以，現(xiàn)在我們來(lái)安裝uudeview。
cd /tmp
wget
http://www.fpx.de/fp/Software/UUDeview/download/uudeview-0.5.19.tar.gz
tar xvfz uudeview-0.5.19.tar.gz
cd uudeview-0.5.19
./configure
make
make install5. 配置Procmail
Procmail是大部分發(fā)行版的默認(rèn)組件，所以在這里略過(guò)Procmail的安裝過(guò)程。
運(yùn)行以下命令來(lái)找出系統(tǒng)中Procmail的位置（一般都會(huì)在/usr/bin/procmail）：
which procmail現(xiàn)在我們假設(shè)為家目錄在/home/www/web1/user/testuser的用戶testuser來(lái)配置Procmail。
確定用戶testuser的家目錄權(quán)限是755，否則Procmail無(wú)法正常工作。
首先我們創(chuàng)建文件/home/www/web1/user/testuser/.forward，在testuser收到郵件時(shí)，Procmail會(huì)被調(diào)用。
添加以下內(nèi)容至/home/www/web1/user/testuser/.forward：
"|/usr/bin/procmail -f-"改變文件所屬及權(quán)限：
chown testuser /home/www/web1/user/testuser/.forward
chmod 600 /home/www/web1/user/testuser/.forward創(chuàng)建并復(fù)制以下內(nèi)容至/home/www/web1/user/testuser/.procmailrc。這個(gè)文件內(nèi)容幫助Procmail決定運(yùn)行哪些程序。（這里我們僅添加了簡(jiǎn)單的主要程序，你可以添加更多自定義程序）
## MAILDIR=$HOME/Maildir/
## DEFAULT=$MAILDIR
INCLUDERC=/home/www/web1/user/testuser/.antivirus.rc
INCLUDERC=/home/www/web1/user/testuser/.html-trap.rc
INCLUDERC=/home/www/web1/user/testuser/.spamassassin.rc請(qǐng)注意，如果使用Maildir功能，可以取消前兩行的#。（Maildir功能將會(huì)更改郵件存儲(chǔ)路徑為/home/www/web1/user/testuser/Maildir/來(lái)替代原來(lái)的/var/spool/mail。）
創(chuàng)建并添加以下內(nèi)容至/home/www/web1/user/testuser/.antivirus.rc：
#
# procmail configuration for TrashScan: ZapCoded by Trashware; 13.10.2002
#
# [ ... ]
# ------------------------------------------------------------------------------------- #
# Virus scan section ...                                                                #
# ------------------------------------------------------------------------------------- #
# 1. Run TrashScan
:0
* multipart
* !^X-Virus-Scan:
| /usr/local/sbin/trashscan
# 2. Filter tagged virus mails
:0:
* ^X-Virus-Scan: Suspicious
/dev/null創(chuàng)建并添加以下內(nèi)容至/home/www/web1/user/testuser/.spamassassin.rc：
# SpamAssassin sample procmailrc
#
# Pipe the mail through spamassassin (replace 'spamassassin' with 'spamc'
# if you use the spamc/spamd combination)
# The condition line ensures that only messages smaller than 250 kB
# (250 * 1024 = 256000 bytes) are processed by SpamAssassin. Most spam
# isn't bigger than a few k and working with big messages can bring
# SpamAssassin to its knees.
:0fw
* 以上內(nèi)容將接收所有郵件（包含垃圾郵件）。通常用于初始階段測(cè)試SpamAssassin工作狀態(tài)。
如果你想過(guò)濾垃圾郵件，可以將以下內(nèi)容編輯覆蓋至.spamassassin.rc文件中。
# SpamAssassin sample procmailrc
#
# Pipe the mail through spamassassin (replace 'spamassassin' with 'spamc'
# if you use the spamc/spamd combination)
# The condition line ensures that only messages smaller than 250 kB
# (250 * 1024 = 256000 bytes) are processed by SpamAssassin. Most spam
# isn't bigger than a few k and working with big messages can bring
# SpamAssassin to its knees.
:0fw
* 接下來(lái)，我們創(chuàng)建并添加以下內(nèi)容至/home/www/web1/user/testuser/.user_prefs，這個(gè)文件內(nèi)容決定了用戶的SpamAssassin設(shè)置：
# SpamAssassin user preferences file.  See 'perldoc Mail::SpamAssassin::Conf'
# for details of what can be tweaked.
#*
#* Note: this file is not read by SpamAssassin until copied into the user
#* directory. At runtime, if a user has no preferences in their home directory
#* already, it will be copied for them, allowing them to perform personalised
#* customisation.  If you want to make changes to the site-wide defaults,
#* create a file in /etc/spamassassin or /etc/mail/spamassassin instead.
###########################################################################
# How many hits before a mail is considered spam.
required_hits         5.0
rewrite_subject       1
subject_tag           ***SPAM***SpamAssassin在每封電子郵件上運(yùn)行一些測(cè)試來(lái)確定它們是否是垃圾郵件并在測(cè)試過(guò)程中記錄與確定每封郵件required_hits值與rewrite_subject值。你可以通過(guò)調(diào)整參數(shù)值來(lái)區(qū)別是否是垃圾郵件。
6. 配置Email Sanitizer
Email Sanitizer (
http://www.impsec.org/email-tools/procmail-security.html
) 是一個(gè)可以被Procmail調(diào)用的郵件內(nèi)容過(guò)濾程序。
例如，它可以禁用HTML郵件中的惡意JavaScript代碼，并將含有可疑代碼的附件重命名。（假設(shè)：example.exe含有惡意代碼，會(huì)被重命名為example.12345DEFANGED-exe，所以文件無(wú)法直接被用戶在Windows系統(tǒng)執(zhí)行。）
運(yùn)行以下命令安裝：
cd /tmp
wget
http://www.impsec.org/email-tools/html-trap.procmail.gz
gunzip html-trap.procmail.gz
echo 'PATH="/usr/bin:$PATH:/usr/local/bin"' > /home/www/web1/user/testuser/.html-trap.rc
echo 'SHELL=/bin/sh' >> /home/www/web1/user/testuser/.html-trap.rc
cat html-trap.procmail >> /home/www/web1/user/testuser/.html-trap.rc7.測(cè)試你的配置
完成配置后，你可以發(fā)送一些包含附件的郵件來(lái)進(jìn)行測(cè)試，當(dāng)然如果你有惡意代碼或者病毒文件，也可以使用它們來(lái)測(cè)試郵件系統(tǒng)是否能夠正常工作。
當(dāng)接收到郵件后，程序如果正常工作的話，郵件應(yīng)包含以下內(nèi)容：
X-Security: MIME headers sanitized on server1.example.com See
http://www.impsec.org/email-tools/sanitizer-intro.html
for details. $Revision: 1.140 $Date: 2004-02-11 20:47:43-08
X-Virus-Scan: Scanned by TrashScan v0.08 running on server1.example.com
X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on server1.example.com
               
               
               
               

本文來(lái)自ChinaUnix博客，如果查看原文請(qǐng)點(diǎn)：http://blog.chinaunix.net/u/7546/showart_2162691.html