{"id":234,"date":"2010-12-29T17:25:01","date_gmt":"2010-12-29T16:25:01","guid":{"rendered":""},"modified":"2010-12-29T17:26:39","modified_gmt":"2010-12-29T15:26:39","slug":"skaner-av-as","status":"publish","type":"post","link":"https:\/\/drfugazi.eu.org\/en\/skaner-av-as\/","title":{"rendered":"Instalacja skanera AV\/AS do poczty"},"content":{"rendered":"

Instalacja skanowania Antywirusowego (AV) i Antyspamowego (AS) do systemu poczty<\/h3>\n

Prze\u0142\u0105czamy si\u0119 na roota i insalujemy potrzebne oprogramowanie:<\/p>\n

\r\nsudo -i\r\naptitude update\r\naptitude install amavisd-new\r\naptitude install clamav-daemon\r\naptitude install spamassassin\r\n<\/code><\/pre>\n
SpamAssassin jest domy\u015blnie wy\u0142\u0105czony, o czym nas informuje przy instalacji, aby go w\u0142\u0105czy\u0107 nale\u017cy wyedytowa\u0107 plik \/etc\/default\/spamassassin<\/code> i ustawi\u0107:<\/p>\n
\r\nvi \/etc\/default\/spamassassin\r\nENABLED=1\r\nCRON=1\r\n<\/code><\/pre>\n
<\/p>\n
Uruchamiamy serwisy SpamAssassin i ClamAV daemon, w przypadku ClamAV nale\u017cy zaczeka\u0107 a\u017c freshclam sko\u0144czy \u015bci\u0105ga\u0107 aktualne bazy wirus\u00f3w, to troch\u0119 trwa za pierwszym razem:<\/p>\n
\r\nservice spamassassin start\r\nservice clamav-daemon start\r\n<\/code><\/pre>\n
Pora zajrze\u0107 do konfiguracji Amavisa i troch\u0119 go poustawia\u0107, na pocz\u0105tek sprawd\u017acie czy zawarto\u015b\u0107 plik\u00f3w 05-domain_id<\/code> i 05-node_id<\/code> jest w\u0142a\u015bciwa. P\u00f3\u017aniej w\u0142\u0105czymy skanowanie AV\/AS, bo domy\u015blnie jest wy\u0142\u0105czone w konfiguracji:<\/p>\n
\r\ncd \/etc\/amavis\/conf.d\r\nvi 15-content_filter_mode\r\n# Default antivirus checking mode\r\n# Please note, that anti-virus checking is DISABLED by \r\n# default.\r\n# If You wish to enable it, please uncomment the following lines:\r\n\r\n\r\n#@bypass_virus_checks_maps = (\r\n#   \\%bypass_virus_checks, \\@bypass_virus_checks_acl, \\$bypass_virus_checks_re);\r\n<\/code><\/pre>\n
Zgodnie z zaleceniem wyrzucamy komentarze i tym samym w\u0142\u0105czamy skanowanie AV\/AS:<\/p>\n
\r\n@bypass_virus_checks_maps = (\r\n   \\%bypass_virus_checks, \\@bypass_virus_checks_acl, \\$bypass_virus_checks_re);\r\n\r\n@bypass_spam_checks_maps = (\r\n   \\%bypass_spam_checks, \\@bypass_spam_checks_acl, \\$bypass_spam_checks_re);\r\n<\/code><\/pre>\n
Tyle na razie wystarczy, je\u015bli nie znacie Amavisa, to proponuj\u0119 zostawi\u0107 na razie warto\u015bci domy\u015blne, zrestartowa\u0107 go i prze\u015bledzi\u0107 logi:<\/p>\n
\r\nservice amavis restart\r\ntail -n 100 -f \/var\/log\/mail.log\r\n<\/code><\/pre>\n
Prosz\u0119 zwr\u00f3ci\u0107 szczeg\u00f3ln\u0105 uwag\u0119 na to czy zosta\u0142 za\u0142adowany kod AV i AS oraz czy zosta\u0142y znalezione programy antywirusowe:<\/p>\n
\r\n...\r\nDec 28 XX:XX:00 hostname amavis[7287]: ANTI-VIRUS code      loaded\r\nDec 28 XX:XX:00 hostname amavis[7287]: ANTI-SPAM code       loaded\r\nDec 28 XX:XX:00 hostname amavis[7287]: ANTI-SPAM-EXT code   NOT loaded\r\nDec 28 XX:XX:00 hostname amavis[7287]: ANTI-SPAM-C code     NOT loaded\r\nDec 28 XX:XX:00 hostname amavis[7287]: ANTI-SPAM-SA code    loaded\r\n...\r\nDec 28 XX:XX:00 hostname amavis[7287]: Using primary internal av scanner code for ClamAV-clamd\r\nDec 28 XX:XX:00 hostname amavis[7287]: Found secondary av scanner ClamAV-clamscan at \/usr\/bin\/clamscan\r\n...\r\n<\/code><\/pre>\n
Zwr\u00f3cicie te\u017c pewnie uwag\u0119 na kilka linii powy\u017cej, gdzie amavis zeznaje, \u017ce nie mo\u017ce znale\u017a\u0107 dekoder\u00f3w dla do\u015b\u0107 popularnych rozszerze\u0144 plik\u00f3w, np. arj, rar, cab itp.<\/p>\n
\r\nDec 28 XX:XX:00 hostname amavis[7287]: No decoder for       .7z   tried: 7zr, 7za, 7z\r\nDec 28 XX:XX:00 hostname amavis[7287]: No decoder for       .rar  tried: unrar-free\r\nDec 28 XX:XX:00 hostname amavis[7287]: No decoder for       .arj  tried: arj, unarj\r\nDec 28 XX:XX:00 hostname amavis[7287]: No decoder for       .arc  tried: nomarch, arc\r\nDec 28 XX:XX:00 hostname amavis[7287]: No decoder for       .zoo  tried: zoo\r\nDec 28 XX:XX:00 hostname amavis[7287]: No decoder for       .lha \r\nDec 28 XX:XX:00 hostname amavis[7287]: No decoder for       .doc  tried: ripole\r\nDec 28 XX:XX:00 hostname amavis[7287]: No decoder for       .cab  tried: cabextract\r\nDec 28 XX:XX:00 hostname amavis[7287]: No decoder for       .tnef\r\nDec 28 XX:XX:00 hostname amavis[7287]: Internal decoder for .tnef\r\nDec 28 XX:XX:00 hostname amavis[7287]: No decoder for       .exe  tried: unrar-free; arj, unarj\r\n<\/code><\/pre>\n
Najlepiej b\u0119dzie zainstalowa\u0107 te najbardziej popularne:<\/p>\n
\r\naptitude install arj unrar-free ripole cabextract arc zoo\r\nservice amavis restart\r\n<\/code><\/pre>\n
I ju\u017c powinno by\u0107 lepiej. Sprawd\u017amy jeszcze czy amavis dzia\u0142a i s\u0142ucha na odpowiednim porcie:<\/p>\n
\r\nnetstat -an|grep 10024\r\ntcp        0      0 127.0.0.1:10024         0.0.0.0:*               LISTEN\r\n<\/code><\/pre>\n
Skoro s\u0142ucha, to mo\u017cemy przej\u015b\u0107 do konfiguracji MTA, \u017ceby z niego skorzysta\u0142, ja oczywi\u015bcie u\u017cyj\u0119 postfixa, sugeruj\u0119 si\u0119 wspom\u00f3c dokumentacj\u0105, kt\u00f3r\u0105 znajdziecie w \/usr\/share\/doc\/amavisd-new<\/code>:<\/p>\n
\r\nzless \/usr\/share\/doc\/amavisd-new\/README.postfix.gz\r\n<\/code><\/pre>\n
Tam znajdujemy sobie sekcj\u0119 dotycz\u0105c\u0105 konfiguracji transportu, czytamy uwa\u017cnie, po czym wchodzimy do katalogu konfiguracyjnego postfixa i edytujemy master.cf<\/code>:<\/p>\n
\r\ncd \/etc\/postfix\r\nvi master.cf\r\n<\/code><\/pre>\n
Dodajemy odpowiednie wpisy:<\/p>\n
\r\n#\r\n# Feed and server for amavisd-new\r\n#\r\n\r\namavisfeed unix    -       -       n        -      2     lmtp\r\n     -o lmtp_data_done_timeout=1200\r\n     -o lmtp_send_xforward_command=yes\r\n     -o lmtp_tls_note_starttls_offer=no\r\n\r\n\r\n127.0.0.1:10025 inet n    -       n       -       -     smtpd\r\n     -o content_filter=\r\n     -o smtpd_delay_reject=no\r\n     -o smtpd_client_restrictions=permit_mynetworks,reject\r\n     -o smtpd_helo_restrictions=\r\n     -o smtpd_sender_restrictions=\r\n     -o smtpd_recipient_restrictions=permit_mynetworks,reject\r\n     -o smtpd_data_restrictions=reject_unauth_pipelining\r\n     -o smtpd_end_of_data_restrictions=\r\n     -o smtpd_restriction_classes=\r\n     -o mynetworks=127.0.0.0\/8\r\n     -o smtpd_error_sleep_time=0\r\n     -o smtpd_soft_error_limit=1001\r\n     -o smtpd_hard_error_limit=1000\r\n     -o smtpd_client_connection_count_limit=0\r\n     -o smtpd_client_connection_rate_limit=0\r\n     -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters\r\n     -o local_header_rewrite_clients=\r\n     -o smtpd_milters=\r\n     -o local_recipient_maps=\r\n     -o relay_recipient_maps=\r\n<\/code><\/pre>\n
Restartujemy postfixa i sprawdzamy logi:<\/p>\n
\r\nservice postfix restart\r\ntail \/var\/log\/mail.log\r\n<\/code><\/pre>\n
Je\u015bli postfix wystartowa\u0142, to sprawdzamy czy nasz amavis odpowiada tak jak trzeba:<\/p>\n
\r\ntelnet localhost 10024\r\nTrying 127.0.0.1...\r\nConnected to localhost.localdomain.\r\nEscape character is '^]'.\r\n220 [127.0.0.1] ESMTP amavisd-new service ready\r\nehlo test\r\n250-[127.0.0.1]\r\n250-VRFY\r\n250-PIPELINING\r\n250-SIZE\r\n250-ENHANCEDSTATUSCODES\r\n250-8BITMIME\r\n250-DSN\r\n250 XFORWARD NAME ADDR PORT PROTO HELO SOURCE\r\nquit\r\n221 2.0.0 [127.0.0.1] amavisd-new closing transmission channel\r\nConnection closed by foreign host.\r\n<\/code><\/pre>\n
oraz czy postfix uruchomi\u0142 serwer, na kt\u00f3ry amavis b\u0119dzie zwraca\u0142 poczt\u0119 po skanowaniu:<\/p>\n
\r\ntelnet localhost 10025\r\nTrying 127.0.0.1...\r\nConnected to localhost.localdomain.\r\nEscape character is '^]'.\r\n220 example.com ESMTP Postfix (Ubuntu)\r\nehlo test\r\n250-example.com\r\n250-PIPELINING\r\n250-SIZE 10240000\r\n250-VRFY\r\n250-ETRN\r\n250-STARTTLS\r\n250-ENHANCEDSTATUSCODES\r\n250-8BITMIME\r\n250 DSN\r\nquit\r\n221 2.0.0 Bye\r\nConnection closed by foreign host.\r\n<\/code><\/pre>\n
Tak to powinno wygl\u0105da\u0107, je\u015bli co\u015b nie dzia\u0142a to nale\u017cy przejrze\u0107 logi i usprawni\u0107, instrukcj\u0119 post\u0119powania znajdziecie w wymienionej dokumentacji, ewentualnie prosz\u0119 opisa\u0107 problem w komentarzu i przytoczy\u0107 fragmenty log\u00f3w to postaram si\u0119 pom\u00f3c.<\/p>\n
Je\u015bli wszystko dzia\u0142a, to dodajemy content_filter<\/code> do konfiguracji postfixa, restartujemy go i sprawdzamy logi:<\/p>\n
\r\npostconf -e content_filter=amavisfeed:[127.0.0.1]:10024\r\nservice postfix restart\r\ntail \/var\/log\/mail.log\r\n<\/code><\/pre>\n
Pora na test empiryczny, czyli wys\u0142anie poczty, najlepiej na w\u0142asn\u0105 skrzynk\u0119. I tu zapewne oka\u017ce si\u0119, \u017ce sprawdza si\u0119 dobrze znane prawo Murphy’ego: Je\u015bli natarcie posuwa si\u0119 bez przeszk\u00f3d \u2013 w\u0142a\u015bnie wchodzisz w pu\u0142apk\u0119.<\/i> \ud83d\ude09<\/p>\n
W logach mo\u017ce pojawi\u0107 si\u0119 co\u015b takiego:<\/p>\n
\r\nDec 28 XX:XX:59 hostname amavis[8253]: (08253-02) (!)run_av (ClamAV-clamd) FAILED - unexpected , output=\"\/var\/lib\/amavis\/tmp\/amavis-20101228TXXXX59-08253\/parts: lstat() failed: Permission denied. ERROR\\n\"\r\nDec 28 XX:XX:59 hostname amavis[8253]: (08253-02) (!)ClamAV-clamd av-scanner FAILED: CODE(0x2607068) unexpected , output=\"\/var\/lib\/amavis\/tmp\/amavis-20101228TXXXX59-08253\/parts: lstat() failed: Permission denied. ERROR\\n\" at (eval 115) line 594.\r\nDec 28 XX:XX:59 hostname amavis[8253]: (08253-02) (!!)WARN: all primary virus scanners failed, considering backups\r\n<\/code><\/pre>\n
Maj\u0105c na uwadze moje wcze\u015bniejsze do\u015bwiadczenia spodziewa\u0142em si\u0119 tego, ale celowo nie zmieni\u0142em wcze\u015bniej, gdy\u017c w ten spos\u00f3b \u0142atwiej zapami\u0119ta\u0107 po co robi si\u0119 pewne rzeczy ni\u017c wtedy gdy si\u0119 je po prostu przeklepuje. Nale\u017cy sprawdzi\u0107 w konfiguracji clamava czy ma w\u0142\u0105czon\u0105 opcj\u0119 AllowSupplementaryGroups<\/code> i doda\u0107 u\u017cytkownikowi clamav<\/code> grup\u0119 amavis<\/code>, po czym zrestartowa\u0107 us\u0142ugi:<\/p>\n
\r\ngrep AllowSupp \/etc\/clamav\/clamd.conf \r\nAllowSupplementaryGroups true\r\nusermod -G amavis clamav\r\nservice clamav-daemon restart\r\nservice amavis restart\r\ntail -f \/var\/log\/mail.log\r\n<\/code><\/pre>\n
Kolejna pr\u00f3ba wys\u0142ania poczty powinna zako\u0144czy\u0107 si\u0119 ju\u017c bez b\u0142\u0119d\u00f3w i ostrze\u017ce\u0144, skaner AV\/AS jest zainstalowany i pod\u0142\u0105czony do MTA.<\/h3>\n
W nast\u0119pnym odcinku mam zamiar opisa\u0107 instalacj\u0119 Greylistingu w postaci oprogramowania Postgrey<\/b> oraz uszczelnienie Postfixa przy u\u017cyciu wbudowanych restrykcji.<\/p>\n","protected":false},"excerpt":{"rendered":"
Instalacja skanowania Antywirusowego (AV) i Antyspamowego (AS) do systemu poczty<\/h3>\n
Prze\u0142\u0105czamy si\u0119 na roota i insalujemy potrzebne oprogramowanie:<\/p>\n
\r\nsudo -i\r\naptitude update\r\naptitude install amavisd-new\r\naptitude install clamav-daemon\r\naptitude install spamassassin\r\n<\/code><\/pre>\n
SpamAssassin jest domy\u015blnie wy\u0142\u0105czony, o czym nas informuje przy instalacji, aby go w\u0142\u0105czy\u0107 nale\u017cy wyedytowa\u0107 plik \/etc\/default\/spamassassin<\/code> i ustawi\u0107:<\/p>\n
\r\nvi \/etc\/default\/spamassassin\r\nENABLED=1\r\nCRON=1\r\n<\/code><\/pre>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_exactmetrics_skip_tracking":false,"_exactmetrics_sitenote_active":false,"_exactmetrics_sitenote_note":"","_exactmetrics_sitenote_category":0,"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_newsletter_tier_id":0,"footnotes":"","jetpack_publicize_message":"","jetpack_is_tweetstorm":false,"jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","enabled":false}}},"categories":[],"tags":[48,49,51,52,34,50,11],"jetpack_publicize_connections":[],"acf":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p7M9Tz-3M","jetpack-related-posts":[{"id":374,"url":"https:\/\/drfugazi.eu.org\/en\/mail-system-implementation\/","url_meta":{"origin":234,"position":0},"title":"Mail system implementation","author":"drfugazi","date":"Thursday August 16th, 2012","format":false,"excerpt":"My experience, which I gained during implementation of different systems shows, that implementation should be done in stages. Then, at each stage you can see if it works, if there are some fields to improve and then go to the next stage of implementation. Mail system implementation is not exception.\u2026","rel":"","context":"In "Mail system"","block_context":{"text":"Mail system","link":"https:\/\/drfugazi.eu.org\/en\/category\/mail-system\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":373,"url":"https:\/\/drfugazi.eu.org\/en\/budowa-systemu-pocztowego\/","url_meta":{"origin":234,"position":1},"title":"Building mail system","author":"drfugazi","date":"Monday August 13th, 2012","format":false,"excerpt":"This description is based on my experience, which I gained during mail system implementation on University of Silesia (Katowice\/Poland). In the first stage there was about 3 000 of users, now the system is handling about 40 k of mail users. Whole system (exluding Sophos AV) is based on Open\u2026","rel":"","context":"In "Mail system"","block_context":{"text":"Mail system","link":"https:\/\/drfugazi.eu.org\/en\/category\/mail-system\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":351,"url":"https:\/\/drfugazi.eu.org\/en\/clamav-2\/","url_meta":{"origin":234,"position":2},"title":"ClamAV","author":"drfugazi","date":"Thursday June 14th, 2012","format":false,"excerpt":"Clam AntiVirus is an open source (GPL) anti-virus toolkit for UNIX, designed especially for e-mail scanning on mail gateways. It provides a number of utilities including a flexible and scalable multi-threaded daemon, a command line scanner and advanced tool for automatic database updates. The core of the package is an\u2026","rel":"","context":"In "Mail system"","block_context":{"text":"Mail system","link":"https:\/\/drfugazi.eu.org\/en\/category\/mail-system\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":343,"url":"https:\/\/drfugazi.eu.org\/en\/usuwanie-poczty-kolejki-postfixa\/","url_meta":{"origin":234,"position":3},"title":"Usuwanie poczty z kolejki Postfixa","author":"","date":"Tuesday December 21st, 2010","format":false,"excerpt":"Czasem trzeba wyrzuci\u0107 kilka maili z kolejki albo wykona\u0107 jak\u0105\u015b inn\u0105 operacj\u0119 wymagaj\u0105c\u0105 z\u0142o\u017cenia kilku polece\u0144 do kupy. Dla starych wyjadaczy to \u017caden problem i pewnie zrobiliby to bardziej optymalnie, ale ja w\u0142a\u015bnie postanowi\u0142em rozpocz\u0105\u0107 cykl, kt\u00f3ry pocz\u0105tkowo nazwa\u0142em \"Jednowierszowce\", a teraz przemianowa\u0142em na \"Skrypty\" gdzie b\u0119d\u0119 wrzuca\u0142 jednowierszowe i\u2026","rel":"","context":"Similar post","block_context":{"text":"Similar post","link":""},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":233,"url":"https:\/\/drfugazi.eu.org\/en\/usuwanie-poczty\/","url_meta":{"origin":234,"position":4},"title":"Usuwanie poczty z kolejki","author":"drfugazi","date":"Tuesday December 21st, 2010","format":false,"excerpt":"Czasem trzeba wyrzuci\u0107 kilka maili z kolejki albo wykona\u0107 jak\u0105\u015b inn\u0105 operacj\u0119 wymagaj\u0105c\u0105 z\u0142o\u017cenia kilku polece\u0144 do kupy. Dla starych wyjadaczy to \u017caden problem i pewnie zrobiliby to bardziej optymalnie, ale ja w\u0142a\u015bnie postanowi\u0142em rozpocz\u0105\u0107 cykl pod tytu\u0142em \"Jednowierszowce\", gdzie b\u0119d\u0119 wrzuca\u0142 jednowierszowe skrypty shellowe (i inne), kt\u00f3re mam nadziej\u0119\u2026","rel":"","context":"In \"Postfix\"","block_context":{"text":"Postfix","link":"https:\/\/drfugazi.eu.org\/en\/tag\/postfix\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":332,"url":"https:\/\/drfugazi.eu.org\/en\/instalacja-i-konfiguracja-openldap\/","url_meta":{"origin":234,"position":5},"title":"Instalacja i konfiguracja OpenLDAP","author":"","date":"Monday November 22nd, 2010","format":false,"excerpt":"Instalacja i podstawowa konfiguracja us\u0142ugi katalogowej LDAP (OpenLDAP) na Ubuntu: drfugazi@charr:~% sudo aptitude install slapd ldap-utils Opis wzorowany jest na angielskim opisie dla Karmic Koala na HowtoForge. Ja jestem przyzwyczajony do konfigurowania LDAPa w pliku slapd.conf, ale to stara szko\u0142a. Tutaj dostajemy mo\u017cliwo\u015b\u0107 dynamicznej konfiguracji bez konieczno\u015bci restartu serwera LDAP.\u2026","rel":"","context":"Similar post","block_context":{"text":"Similar post","link":""},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"_links":{"self":[{"href":"https:\/\/drfugazi.eu.org\/en\/wp-json\/wp\/v2\/posts\/234"}],"collection":[{"href":"https:\/\/drfugazi.eu.org\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/drfugazi.eu.org\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/drfugazi.eu.org\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/drfugazi.eu.org\/en\/wp-json\/wp\/v2\/comments?post=234"}],"version-history":[{"count":0,"href":"https:\/\/drfugazi.eu.org\/en\/wp-json\/wp\/v2\/posts\/234\/revisions"}],"wp:attachment":[{"href":"https:\/\/drfugazi.eu.org\/en\/wp-json\/wp\/v2\/media?parent=234"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/drfugazi.eu.org\/en\/wp-json\/wp\/v2\/categories?post=234"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/drfugazi.eu.org\/en\/wp-json\/wp\/v2\/tags?post=234"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}