Postfix email virus Filtering

Last Update:2013-11-20 Source: Internet

Author: User

Tags vmail

Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more ＞

There are many software programs on mail viruses in the world, most of which are perl. The reason why I chose amavis and clamav is that these are all c-writing, and they have an advantage in performance first. At the same time, amavis has good scalability. It can be understood as a scanning framework. clamav is a scanning engine. Of course, you can also use other scanning engines. :) Software preparation: amavis-0.3.12.tar.gzunarj-2.65-3.9.i386.rpmzoo-2.10-11.9.i386.rpmunrar-3.2.3-2.9.i386.rpmclamav-0.65.tar.gzarc-5.21e-6.i386.rpm software installation: -------- install clamav --------- CODE # tar zvxf clamav-0.65.tar.gz # cd clamav-0.65 # groupadd clamav # useradd-g clamav-s/bin/false-c "Clam AntiVirus" clamav #. /configure # make & make install # vi/usr/local/etc/clamav. conf LogFile/var/log/clamd. log LogFileMaxSi Ze 2 M LogVerbose LogTime PidFile/var/run/clamd. pid DataDirectory/usr/local/share/clamav LocalSocket/tmp/clamd MaxDirectoryRecursion 15 hacker User clamav ScanArchive ArchiveMaxFileSize 10 M limit 5 ArchiveMaxFiles 1000 CODE # clamd # ps-aux | grep limit 9896 0.7 26448 7220? S/usr/local/sbin/clamdroot 22660 0.0 0.0 3548 616 pts/1 R grep clamd # echo/usr/local/sbin/clamd>/etc/rc. d/rc. local # clamscan-r test/* test antivirus */# touch/var/log/clam-update.log # chmod 644/var/log/clam-update.log # chown clamav/var/log/clam-update.log # freshclam -d-c 2-l/var/log/clam-update.log/* upgrade virus database */# touch/etc/cron. daily/freshclam CODE # vi/etc/cron. daily/freshclam #! /Bin/bashfreshclam -- quiet-d-c 2-l/var/log/clam-update.log CODE # chmod a + xr/etc/cron. daily/freshclam -------------------- Install amavisd ------------------ CODE # rpm-ivh unarj-2.65-3.9.i386.rpm # rpm-ivh zoo-2.10-11.9.i386.rpm # rpm-ivh unrar-3.2.3-2.9.i386.rpm # rpm-ivh arc-5.21e-6.i386.rpm # tar zvxf amavis-0.3.12.tar.gz # cd amavis-0.3.12 # groupadd amavis # useradd amavis-g amavis-s/bin/nologin #. /configure -- enable-postfix # make & make install # vi/etc/amavisd. conf $ mailfrom_policy_admin = 'xiyang @ yovole.com '$ region = 'xiyang @ yovole.com'; $ virus_admin = 'xiyang @ yovole.com '; $ spam_admin = 'xiyang @ yovole.com '; $ final_virus_destiny = 0; $ final_spam_destiny =-1; $ sa_tag_level_deflt = 4; $ scheme = 6.9; ------------------ edit the postfix config files ------------- * add to/etc/postfix/main. cf: content_filter = vscan: soft_bounce = yes # For testing purposes it might make sense to use this * add to/etc/postfix/master. cf: vscan unix-n-10 pipe user = amavis argv =/usr/sbin/amavis $ {sender }$ {recipient} localhost: 10025 inet n--smtpd-o content_filter = * reload postfix #/etc/init. d/postfix reload ------------ test the app --------------------- CODE # clamscan-r-l/root/xiyang/scan_repost/var/vmail // ***** scan/var/vmail all emails, and save the Scan results in the scan_report file under/root/xiyang */# less scan_report ------------------------------------------ Scan started: Sun Dec 28 14:48:29 2003 -- summary -- Known viruses: 11964 Scanned directories: 1049 Scanned files: 1657 Infected files: 0 Data scanned: 102.24 MBI/O buffer size: 131072 bytesTime: 33.310 sec (0 m 33 s) ------------------------------------ Scan started: sun Dec 28 14:52:13 2003/var/vmail // root/new/1030594139.21504 _ 0.yovole.com, S = 165330: Exploit. IFrame. gen FOUND ...................... CODE # cd/var/vmail // root/new/# cat 1030930201.10626 _ 0.yovole.com \, S \ = 143154 \: 2 \, | mail-s "xiyangtest" xiyang@yovole.com # tail-f/var/log/maillog | grep virusDec 29 19:48:52 mail amavisd [26510]: Virus found (message-id = <20031229114851.BE6AB256D6D@mail.yovole.com>) -quarantined as virus-20031229-194852-26510Dec 29 19:48:54 mail postfix/smtpd [25205]: 10C35256D71: reject: RCPT from localhost. localdomain [127.0.0.1]: 450 <virusalert>: User unknown in local recipient table; from = <postmaster> to = <virusalert> proto = ESMTP helo = <localhost> Dec 29 19:48:55 mail amavisd [26523]: mail forwarding failed, retry: Temporary reject by MTA: 450 <virusalert>: User unknown in local recipient table (message-id = <20031229114852.90811256D6D@mail.yovole.com>) Dec 29 19:48:55 mail postfix/pipe [25194]: 90811256D6D: to = <virusalert>, relay = vscan, delay = 3, status = deferred (temporary failure) # cd/var/virtusmail # lsvirus-20031229-184553-14247 virus-20031229-184757-14607 virus-20031229-185221-15290 virus-20031229-194852-26510virus-20031229-184616-14330 virus-20031229-184853-14767-20031229-194810-26292-

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

Sales Support

1 on 1 presale consultation

Chat Contact Sales
After-Sales Support

24/7 Technical Support 6 Free Tickets per Quarter Faster Response

Open a Ticket
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

Learn More