1
-------------
Clam AntiVirus
[1]
Install Clam AntiVirus to protect servers from virus.
Install Clamav.
# install from EPEL
[root@dlp ~]# yum --enablerepo=epel -y install clamav clamav-update
[root@dlp ~]# sed -i -e "s/^Example/#Example/" /etc/freshclam.conf
# update pattern files
[root@dlp ~]# freshclam
ClamAV update process started at Fri Aug 29 22:03:30 2014 main.cld is up to date (version: 55, sigs: 2424225, f-level: 60, builder: neo) daily.cvd is up to date (version: 19314, sigs: 1094505, f-level: 63, builder: neo) bytecode.cvd is up to date (version: 242, sigs: 46, f-level: 63, builder: dgoddard)
[2]
Try to scan.
[root@dlp ~]# clamscan --infected --remove --recursive /home
----------- SCAN SUMMARY ----------- Known viruses: 3575245 Engine version: 0.98.4 Scanned directories: 2 Scanned files: 3 Infected files: 0 Data scanned: 0.00 MB Data read: 0.00 MB (ratio 0.00:1) Time: 10.369 sec (0 m 10 s)
# download trial virus
[root@dlp ~]# curl -O http://www.eicar.org/download/eicar.com
[root@dlp ~]# clamscan --infected --remove --recursive .
./eicar.com: Eicar-Test-Signature FOUND
./eicar.com: Removed. # just detected
----------- SCAN SUMMARY ----------- Known viruses: 3575245 Engine version: 0.98.4 Scanned directories: 3 Scanned files: 10 Infected files: 1 Data scanned: 0.00 MB Data read: 256.57 MB (ratio 0.00:1) Time: 10.307 sec (0 m 10 s)
-------------
[2]
Install Amavisd and Clamav Server, and start Clamav Server first.
# install from EPEL
[root@mail ~]# yum --enablerepo=epel -y install amavisd-new clamav-server clamav-server-systemd
[root@mail ~]# cp /usr/share/doc/clamav-server*/clamd.sysconfig /etc/sysconfig/clamd.amavisd
[root@mail ~]# vi /etc/sysconfig/clamd.amavisd
# line 1, 2: uncomment and change
CLAMD_CONFIGFILE=/etc/clamd.d/amavisd.conf
CLAMD_SOCKET=/var/run/clamd.amavisd/clamd.sock
[root@mail ~]# vi /etc/tmpfiles.d/clamd.amavisd.conf
# create new
d /var/run/clamd.amavisd 0755 amavis amavis -
[root@mail ~]# vi /usr/lib/systemd/system/clamd@.service
# add follows to the end
[Install]
WantedBy=multi-user.target
[root@mail ~]# systemctl start clamd@amavisd
[root@mail ~]# systemctl enable clamd@amavisd
ln -s '/usr/lib/systemd/system/clamd@.service' '/etc/systemd/system/multi-user.target.wants/clamd@amavisd.service'
[3]
Configure Amavisd.
[root@mail ~]# vi /etc/amavisd/amavisd.conf
# line 20: change to the own domain name
$mydomain = 'server.world';
# line 152: change to the own hostname
$myhostname = 'mail.server.world';
# line 154: uncomment
$notify_method = 'smtp:[127.0.0.1]:10025';
$forward_method = 'smtp:[127.0.0.1]:10025';
[root@mail ~]# systemctl start amavisd
[root@mail ~]# systemctl enable amavisd
[root@mail ~]# systemctl start spamassassin
[root@mail ~]# systemctl enable spamassassin
[4]
Configure Postfix.
[root@mail ~]# vi /etc/postfix/main.cf
# add follows to the end
content_filter=smtp-amavis:[127.0.0.1]:10024
[root@mail ~]# vi /etc/postfix/master.cf
# add follows to the end
smtp-amavis unix - - n - 2 smtp -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes -o disable_dns_lookups=yes 127.0.0.1:10025 inet n - n - - smtpd -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_client_restrictions= -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o mynetworks=127.0.0.0/8 -o strict_rfc821_envelopes=yes -o smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000
[root@mail ~]# systemctl restart postfix
[5]
It' OK all.
These lines below are added in the header section of emails after this configuration and emails with known Virus will not sent to Clients.
http://www.server-world.info/en/note?os=CentOS_7&p=mail&f=6
----------
yum install spamassassin amavisd-new clamav clamd pyzor perl-Mail-SPF perl-Mail-DKIM postgrey tmpwatch lzop
cp /etc/amavisd/amavisd.conf /etc/amavisd/amavisd.conf.org
vi /etc/amavisd/amavisd.conf
20 $mydomain = 'worldcm.net'; # a convenient default for other settings
152 $myhostname = 'mail.worldcm.net'; # must be a fully-qualified domain name!
154 $notify_method = 'smtp:[127.0.0.1]:10025';
155 $forward_method = 'smtp:[127.0.0.1]:10025'; # set to undef with milter!
52 @mynetworks = qw( 127.0.0.0/8 [::1] );
141 $sa_spam_subject_tag = '[Spam] ';
------------------
# disable the "Received" headers to be added to the mail header
$allowed_added_header_fields{lc('Received')} = 0;
----------------------------------
### http://www.clamav.net/
['ClamAV-clamd',
\&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd.sock"],
qr/\bOK$/m, qr/\bFOUND$/m,
qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ],
# NOTE: run clamd under the same user as amavisd - or run it under its own
# uid such as clamav, add user clamav to the amavis group, and then add
# AllowSupplementaryGroups to clamd.conf;
# NOTE: match socket name (LocalSocket) in clamav.conf to the socket name in
# this entry; when running chrooted one may prefer a socket under $MYHOME.
#$sa_tag_level_deflt = 2.0; [change]
$sa_tag_level_deflt = -999; # add spam info headers if at, or above that level
----------
# vi /etc/postfix/aliases
virusalert: root
# vi /etc/postfix/main.cf
smtpd_recipient_restrictions = permit_sasl_authenticated,
permit_mynetworks,
check_policy_service unix:/var/spool/postfix/postgrey/socket,
reject_unauth_destination
#/etc/sysconfig/postgrey
OPTIONS="--max-age=365 --delay=60 --unix=/var/spool/postfix/postgrey/socket"
#perldoc postgrey [view config]
# vi /etc/mail/spamassassin/local.cf
# The score from which an email will be considered spam
required_hits 5.0
# Subject prefix if spam is detected
rewrite_header Subject [SPAM]
# Disable encapsulate spam in an attachment
report_safe 0
# Configure the Bayes system
use_bayes 1
bayes_auto_learn 0
bayes_path /etc/mail/bayes/bayes
bayes_file_mode 0666
# Enable or disable network checks
skip_rbl_checks 0
# pyzor configuration
use_pyzor 1
pyzor_options --homedir /etc/mail/spamassassin
pyzor_timeout 5
Setup Pyzor
# pyzor --homedir /etc/mail/spamassassin/ discover
--------
# sa-learn --spam --showdots --mbox /home/username/mail/spam-mailbox-folder
# pyzor --homedir /etc/mail/spamassassin/ report --mbox </home/username/mail/spam-mailbox-folder
-----------
/etc/postfix/postgrey_whitelist_clients file.
With your favourite text editor you can check if the free mail service you are using is listed. If it is listed,
(for example gmail might be a line with “google.com”) then simply comment the line out for this test.
After you have changed the configuration file make sure you restart the postgrey daemon.
------