ClamAV + amavisd-newインストール


ウイルス対策として「ClamAV」のインストール、設定を行います。

■「ClamAV」について
http://clamav-jp.sourceforge.jp/jdoc/clamav.html#c1.1

(1)RPMforgeリポジトリを追加する。
[root@mail1 ~]# yum -y install yum-priorities
[root@mail1 ~]# vi /etc/yum.repos.d/CentOS-Base.repo
# CentOS-Base.repo
#
# The mirror system uses the connecting IP address of the client and the
# update status of each mirror to pick mirrors that are updated to and
# geographically close to the client. You should use this for CentOS updates
# unless you are manually picking other mirrors.
#
# If the mirrorlist= does not work for you, as a fall back you can try the
# remarked out baseurl= line instead.
#
#

[base]
name=CentOS-$releasever - Base
mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os
#baseurl=http://mirror.centos.org/centos/$releasever/os/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5
priority=1 ← # 追加

#released updates
[updates]
name=CentOS-$releasever - Updates
mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=updates
#baseurl=http://mirror.centos.org/centos/$releasever/updates/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5
priority=1 ← # 追加

#packages used/produced in the build but not released
[addons]
name=CentOS-$releasever - Addons
mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=addons
#baseurl=http://mirror.centos.org/centos/$releasever/addons/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5
priority=1 ← # 追加

#additional packages that may be useful
[extras]
name=CentOS-$releasever - Extras
mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=extras
#baseurl=http://mirror.centos.org/centos/$releasever/extras/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5
priority=1 ← # 追加

#additional packages that extend functionality of existing packages
[centosplus]
name=CentOS-$releasever - Plus
mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=centosplus
#baseurl=http://mirror.centos.org/centos/$releasever/centosplus/$basearch/
gpgcheck=1
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5

#contrib - packages by Centos Users
[contrib]
name=CentOS-$releasever - Contrib
mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=contrib
#baseurl=http://mirror.centos.org/centos/$releasever/contrib/$basearch/
gpgcheck=1
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5

[root@mail1 ~]# rpm --import http://dag.wieers.com/rpm/packages/RPM-GPG-KEY.dag.txt
[root@mail1 ~]# rpm -ivh http://apt.sw.be/redhat/el5/en/i386/rpmforge/RPMS/rpmforge-release-0.5.2-2.el5.rf.i386.rpm

※上では、32bit対応のrpmforgeリポジトリをインストールしています。64bitの場合は、64bit用のrpmforgeリポジトリをインストールしてください。

(2)「ClamAV」をインストールする。
[root@mail1 ~]# yum -y install clamd

(3)「ClamAV」の設定を行う。
[root@mail2 ~]# vi /etc/clamd.conf
User clamav
↓ # 変更
#User clamav

[root@mail2 ~]# vi /etc/freshclam.conf
#DatabaseMirror db.XY.clamav.net
↓ # 変更
DatabaseMirror db.jp.clamav.net

(4)「ClamAV」のウイルスデータベースを最新にする。
[root@mail2 ~]# freshclam
ClamAV update process started at Mon May 10 22:58:20 2010
main.cvd is up to date (version: 52, sigs: 704727, f-level: 44, builder: sven)
Downloading daily-11044.cdiff [100%]
Downloading daily-11045.cdiff [100%]
Downloading daily-11046.cdiff [100%]
Downloading daily-11047.cdiff [100%]
Downloading daily-11048.cdiff [100%]
Downloading daily-11049.cdiff [100%]
Downloading daily-11050.cdiff [100%]
Downloading daily-11051.cdiff [100%]
Downloading daily-11052.cdiff [100%]
Downloading daily-11053.cdiff [100%]
Downloading daily-11054.cdiff [100%]
Downloading daily-11055.cdiff [100%]
Downloading daily-11056.cdiff [100%]
Downloading daily-11057.cdiff [100%]
Downloading daily-11058.cdiff [100%]
Downloading daily-11059.cdiff [100%]
Downloading daily-11060.cdiff [100%]
Downloading daily-11061.cdiff [100%]
Downloading daily-11062.cdiff [100%]
Downloading daily-11063.cdiff [100%]
Downloading daily-11064.cdiff [100%]
Downloading daily-11065.cdiff [100%]
Downloading daily-11066.cdiff [100%]
Downloading daily-11067.cdiff [100%]
Downloading daily-11068.cdiff [100%]
Downloading daily-11069.cdiff [100%]
Downloading daily-11070.cdiff [100%]
daily.cld updated (version: 11070, sigs: 81624, f-level: 51, builder: ccordes)
Downloading bytecode.cvd [100%]
bytecode.cvd updated (version: 21, sigs: 3, f-level: 51, builder: nervous)
Database updated (786354 signatures) from db.jp.clamav.net (IP: 203.178.137.175)
Clamd successfully notified about the update.

(5)「ClamAV」を起動する。
[root@mail2 ~]# chkconfig clamd on
[root@mail2 ~]# /etc/rc.d/init.d/clamd start
Starting Clam AntiVirus Daemon:                            [  OK  ]
[root@mail2 ~]# chkconfig clamd on

(6)「Postfix」と「ClamAV」を連携させるために「amavisd-new」をインストールする。
[root@mail2 ~]# yum -y install amavisd-new

(7)「amavisd-new」の設定を行う。
[root@mail2 ~]# vi /etc/amavisd.conf
# @bypass_spam_checks_maps = (1); # controls running of anti-spam code
↓ # 変更(スパムチェックを行わないので、先頭のコメントアウトを外す)
@bypass_spam_checks_maps = (1); # controls running of anti-spam code

$mydomain = 'example.com'; # a convenient default for other settings
↓ # 変更(ドメインを自ドメインに変更する)
$mydomain = 'mail2.com'; # a convenient default for other settings

$QUARANTINEDIR = "/var/virusmails";
↓ # 変更(ウイルスメールを隔離しない)
#$QUARANTINEDIR = "/var/virusmails";

virus_admin_maps => ["virusalert\@$mydomain"]
↓ # 変更(ウイルスメールを検地した場合管理者に通知しない。通知する場合はアドレスを変更する。)
#virus_admin_maps => ["virusalert\@$mydomain"]

# ### http://www.clamav.net/
# ['ClamAV-clamd',
# \&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd"],
# qr/\bOK$/m, qr/\bFOUND$/m,
# qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ],
# # NOTE: run clamd under the same user as amavisd, or run it under its own
# # uid such as clamav, add user clamav to the amavis group, and then add
# # AllowSupplementaryGroups to clamd.conf;
# # NOTE: match socket name (LocalSocket) in clamav.conf to the socket name in
# # this entry; when running chrooted one may prefer socket "$MYHOME/clamd".
----------以下を追加---------
 ['ClamAV-clamd',
   \&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd.sock"],
   qr/\bOK$/, qr/\bFOUND$/,
   qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],

qr'^\.(exe-ms|dll)$', # banned file(1) types, rudimentary
↓ # 変更(exeファイルを受信可能にする)
#qr'^\.(exe-ms|dll)$', # banned file(1) types, rudimentary

(8)「amavisd-new」を起動する。
[root@mail2 ~]# chkconfig amavisd on
[root@mail2 ~]# /etc/rc.d/init.d/amavisd start
Mail Virus Scanner (amavisd) を起動中:                     [  OK  ]
[root@mail2 ~]# chkconfig amavisd on

(9)「Postfix」の設定を行う。
[root@mail2 ~]# cd /etc/postfix/
[root@mail2 postfix]# vi main.cf
---------最終行に追加---------
content_filter=smtp-amavis:[127.0.0.1]:10024

[root@mail2 postfix]# vi master.cf
---------最終行に追加---------
 smtp-amavis unix -    -    n    -    2  smtp
    -o smtp_data_done_timeout=1200
    -o smtp_send_xforward_command=yes
    -o disable_dns_lookups=yes

127.0.0.1:10025 inet n    -    n    -    -  smtpd
    -o content_filter=
    -o local_recipient_maps=
    -o relay_recipient_maps=
    -o smtpd_restriction_classes=
    -o smtpd_client_restrictions=
    -o smtpd_helo_restrictions=
    -o smtpd_sender_restrictions=
    -o smtpd_recipient_restrictions=permit_mynetworks,reject
    -o mynetworks=127.0.0.0/8
    -o strict_rfc821_envelopes=yes
    -o smtpd_error_sleep_time=0
    -o smtpd_soft_error_limit=1001
    -o smtpd_hard_error_limit=1000

(10)「Postfix」の設定を反映させる。
[root@mail2 ~]# /etc/rc.d/init.d/postfix reload
postfix を再読み込み中:                                    [  OK  ]

(11)動作確認を行う。

ウイルスが添付されていない場合(mail2.comのログ)
May 22 17:46:24 mail2 amavis[3020]: (03020-01) Passed CLEAN, MYNETS LOCAL [192.168.0.16] [192.168.0.16] < root@mail1.com> -> < test@mail2.com>, Message-ID: < 20100516090959.6D72E9629@mail.mail1.com>, mail_id: U3cCjZOX9KRT, Hits: -, size: 457, queued_as: 3CBE95097B, 110 ms

ウイルスが添付されていない場合は、「Passed CLEAN」と出てくる。
May 22 17:49:52 mail2 amavis[3019]: (03019-02) Blocked INFECTED (Eicar-Test-Signature), MYNETS LOCAL [192.168.0.16] [192.168.0.16] < root@mail1.com> -> < test@mail2.com>, Message-ID: < 20100516091327.2EAFF9629@mail.mail1.com>, mail_id: mw2QPeqzXnS4, Hits: -, size: 580, 132 ms

 ウイルスが検地できた場合は、「Blocked INFECTED」と出てきてメールは受信されない。

テストウイルスファイルは以下のURLからダウンロード可能です。
http://www.eicar.org/anti_virus_test_file.htm

Comments are closed.