1

-------------

Clam AntiVirus

 

[1]

Install Clam AntiVirus to protect servers from virus.

Install Clamav.

# install from EPEL

[root@dlp ~]# yum --enablerepo=epel -y install clamav clamav-update

[root@dlp ~]# sed -i -e "s/^Example/#Example/" /etc/freshclam.conf

# update pattern files

[root@dlp ~]# freshclam

ClamAV update process started at Fri Aug 29 22:03:30 2014 main.cld is up to date (version: 55, sigs: 2424225, f-level: 60, builder: neo) daily.cvd is up to date (version: 19314, sigs: 1094505, f-level: 63, builder: neo) bytecode.cvd is up to date (version: 242, sigs: 46, f-level: 63, builder: dgoddard)

[2]

Try to scan.

[root@dlp ~]# clamscan --infected --remove --recursive /home

----------- SCAN SUMMARY ----------- Known viruses: 3575245 Engine version: 0.98.4 Scanned directories: 2 Scanned files: 3 Infected files: 0 Data scanned: 0.00 MB Data read: 0.00 MB (ratio 0.00:1) Time: 10.369 sec (0 m 10 s) 

# download trial virus

[root@dlp ~]# curl -O http://www.eicar.org/download/eicar.com

[root@dlp ~]# clamscan --infected --remove --recursive .

./eicar.com: Eicar-Test-Signature FOUND

./eicar.com: Removed. # just detected

----------- SCAN SUMMARY ----------- Known viruses: 3575245 Engine version: 0.98.4 Scanned directories: 3 Scanned files: 10 Infected files: 1 Data scanned: 0.00 MB Data read: 256.57 MB (ratio 0.00:1) Time: 10.307 sec (0 m 10 s)

-------------

[2]

Install Amavisd and Clamav Server, and start Clamav Server first.

# install from EPEL

[root@mail ~]# yum --enablerepo=epel -y install amavisd-new clamav-server clamav-server-systemd

[root@mail ~]# cp /usr/share/doc/clamav-server*/clamd.sysconfig /etc/sysconfig/clamd.amavisd 

[root@mail ~]# vi /etc/sysconfig/clamd.amavisd

# line 1, 2: uncomment and change

CLAMD_CONFIGFILE=/etc/clamd.d/amavisd.conf

CLAMD_SOCKET=/var/run/clamd.amavisd/clamd.sock

[root@mail ~]# vi /etc/tmpfiles.d/clamd.amavisd.conf

# create new

d /var/run/clamd.amavisd 0755 amavis amavis -

[root@mail ~]# vi /usr/lib/systemd/system/clamd@.service

# add follows to the end

[Install]

WantedBy=multi-user.target

[root@mail ~]# systemctl start clamd@amavisd 

[root@mail ~]# systemctl enable clamd@amavisd 

ln -s '/usr/lib/systemd/system/clamd@.service' '/etc/systemd/system/multi-user.target.wants/clamd@amavisd.service'

[3]

Configure Amavisd.

[root@mail ~]# vi /etc/amavisd/amavisd.conf

# line 20: change to the own domain name

$mydomain = 'server.world';

# line 152: change to the own hostname

$myhostname = 'mail.server.world';

# line 154: uncomment

$notify_method = 'smtp:[127.0.0.1]:10025';

$forward_method = 'smtp:[127.0.0.1]:10025';

[root@mail ~]# systemctl start amavisd 

[root@mail ~]# systemctl enable amavisd 

[root@mail ~]# systemctl start spamassassin 

[root@mail ~]# systemctl enable spamassassin 

[4]

Configure Postfix.

[root@mail ~]# vi /etc/postfix/main.cf

# add follows to the end

content_filter=smtp-amavis:[127.0.0.1]:10024

[root@mail ~]# vi /etc/postfix/master.cf

# add follows to the end

smtp-amavis unix -    -    n    -    2 smtp     -o smtp_data_done_timeout=1200     -o smtp_send_xforward_command=yes     -o disable_dns_lookups=yes 127.0.0.1:10025 inet n    -    n    -    - smtpd     -o content_filter=     -o local_recipient_maps=     -o relay_recipient_maps=     -o smtpd_restriction_classes=     -o smtpd_client_restrictions=     -o smtpd_helo_restrictions=     -o smtpd_sender_restrictions=     -o smtpd_recipient_restrictions=permit_mynetworks,reject     -o mynetworks=127.0.0.0/8     -o strict_rfc821_envelopes=yes     -o smtpd_error_sleep_time=0     -o smtpd_soft_error_limit=1001     -o smtpd_hard_error_limit=1000 

[root@mail ~]# systemctl restart postfix 

[5]

It' OK all.

These lines below are added in the header section of emails after this configuration and emails with known Virus will not sent to Clients.

http://www.server-world.info/en/note?os=CentOS_7&p=mail&f=6

----------

yum install spamassassin amavisd-new clamav clamd pyzor perl-Mail-SPF perl-Mail-DKIM postgrey tmpwatch lzop

 cp /etc/amavisd/amavisd.conf /etc/amavisd/amavisd.conf.org

 

 

 

 vi /etc/amavisd/amavisd.conf 

 

20 $mydomain = 'worldcm.net';   # a convenient default for other settings

152 $myhostname = 'mail.worldcm.net';  # must be a fully-qualified domain name!

154 $notify_method  = 'smtp:[127.0.0.1]:10025';

155 $forward_method = 'smtp:[127.0.0.1]:10025';  # set to undef with milter!

52  @mynetworks = qw( 127.0.0.0/8 [::1] );

141 $sa_spam_subject_tag = '[Spam] ';

------------------

# disable the "Received" headers to be added to the mail header

$allowed_added_header_fields{lc('Received')} = 0;

----------------------------------

### http://www.clamav.net/

['ClamAV-clamd',

\&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd.sock"],

qr/\bOK$/m, qr/\bFOUND$/m,

qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ],

# NOTE: run clamd under the same user as amavisd - or run it under its own

#   uid such as clamav, add user clamav to the amavis group, and then add

#   AllowSupplementaryGroups to clamd.conf;

# NOTE: match socket name (LocalSocket) in clamav.conf to the socket name in

#   this entry; when running chrooted one may prefer a socket under $MYHOME.

#$sa_tag_level_deflt  = 2.0;  [change]

$sa_tag_level_deflt  = -999;  # add spam info headers if at, or above that level

----------

# vi /etc/postfix/aliases

virusalert: root

# vi /etc/postfix/main.cf

smtpd_recipient_restrictions = permit_sasl_authenticated,

permit_mynetworks,

check_policy_service unix:/var/spool/postfix/postgrey/socket,

reject_unauth_destination

#/etc/sysconfig/postgrey

OPTIONS="--max-age=365 --delay=60 --unix=/var/spool/postfix/postgrey/socket"

#perldoc postgrey     [view config]

# vi /etc/mail/spamassassin/local.cf

# The score from which an email will be considered spam

required_hits           5.0

# Subject prefix if spam is detected

rewrite_header Subject  [SPAM]

# Disable encapsulate spam in an attachment

report_safe             0

# Configure the Bayes system

use_bayes               1

bayes_auto_learn        0

bayes_path              /etc/mail/bayes/bayes

bayes_file_mode         0666

# Enable or disable network checks

skip_rbl_checks         0

# pyzor configuration

use_pyzor               1

pyzor_options           --homedir /etc/mail/spamassassin             

pyzor_timeout           5

Setup Pyzor

# pyzor --homedir /etc/mail/spamassassin/ discover

--------

# sa-learn --spam --showdots --mbox /home/username/mail/spam-mailbox-folder

# pyzor --homedir /etc/mail/spamassassin/ report --mbox </home/username/mail/spam-mailbox-folder

-----------

/etc/postfix/postgrey_whitelist_clients file. 

With your favourite text editor you can check if the free mail service you are using is listed. If it is listed, 

(for example gmail might be a line with “google.com”) then simply comment the line out for this test. 

After you have changed the configuration file make sure you restart the postgrey daemon.

------