Incerc sa instalez CLAMAV, pe un Slack 9.1, pe care am sendmail compilat cu milter, si nu-mi iese.... Am pornit cam asa: 1.
sendmail -d0 | grep MILTER la mine este: Compiled with: DNSMAP LOG MAP_REGEX MATCHGECOS MILTER MIME7TO8 MIME8TO7 2. User clamav, dir de lucru...: group clamav useradd -g clamav -d /dev/null clamav mkdir /var/clamav chown clamav:clamav /var/clamav 3 Compilare ./configure \ --prefix=/usr --sysconfdir=/etc --datadir=/var/clamav \ --enable-milter make make install 4. Cofigurare /etc/clamav.conf # By default the log file is locked for writing - the lock protects against # running clamd multiple times (if want to run another clamd, please # copy the configuration file, change the LogFile variable, and run # the daemon with --config-file option). That's why you shouldn't uncomment # this option. #LogFileUnlock # Maximal size of the log file. Default is 1 Mb. # Value of 0 disables the limit. # You may use 'M' or 'm' for megabytes (1M = 1m = 1048576 bytes) # and 'K' or 'k' for kilobytes (1K = 1k = 1024 bytes). To specify the size # in bytes just don't use modifiers. LogFileMaxSize 2M # Log time with an each message. LogTime # Log also clean files. May be useful in debugging but will drastically # increase the log size. LogClean # Use system logger (can work together with LogFile). LogSyslog # Enable verbose logging. LogVerbose # This option allows you to save the process identifier of the listening # daemon (main thread). PidFile /var/clamav/clamd.pid # Optional path to the global temporary directory. # Default is system specific - usually /var/tmp or /tmp. TemporaryDirectory /var/tmp # Path to the database directory. # Default is the hardcoded directory (mostly /usr/local/share/clamav, # but it depends on installation options). DatabaseDirectory /var/clamav # The daemon works in local or network mode. Currently the local mode is # recommended for security reasons. # Path to the local socket. The daemon doesn't change the mode of the # created file (portability reasons). You may want to create it in a directory # which is only accessible for a user running daemon. LocalSocket /var/clamav/clamd.sock # Remove stale socket after unclean shutdown. FixStaleSocket # TCP port address. #TCPSocket 3310 # TCP address. # By default we bind to INADDR_ANY, probably not wise. # Enable the following to provide some degree of protection # from the outside world. #TCPAddr 127.0.0.1 # Maximum length the queue of pending connections may grow to. # Default is 15. MaxConnectionQueueLength 90 # When activated, input stream (see STREAM command) will be saved to disk before # scanning - this allows scanning within archives. StreamSaveToDisk # Close the connection if this limit is exceeded. StreamMaxLength 10M # Maximal number of a threads running at the same time. # Default is 5, and it should be sufficient for a typical workstation. # You may need to increase threads number for a server machine. MaxThreads 100 # Waiting for data from a client socket will timeout after this time (seconds). # Default is 120. Value of 0 disables the timeout. ReadTimeout 300 # Maximal depth the directories are scanned at. MaxDirectoryRecursion 25 # Follow a directory symlinks. # SECURITY HINT: You should have enabled directory recursion limit to # avoid potential problems. #FollowDirectorySymlinks # Follow regular file symlinks. #FollowFileSymlinks # Do internal checks (eg. check the integrity of the database structures) # By default clamd checks itself every 3600 seconds (1 hour). SelfCheck 600 # Execute a command when a virus is found. In the command string %v will # be replaced by the virus name. # VirusEvent /bin/mail -s "VIRUS ALERT: %v" root # Run as selected user (clamd must be started by root). # By default it doesn't drop privileges. #User clamav # Initialize the supplementary group access (for all groups in /etc/group # user is added in. clamd must be started by root). #AllowSupplementaryGroups # Don't fork into background. Useful in debugging. #Foreground # Enable debug messages in libclamav. #Debug ## ## Document scanning ## # This option enables scanning of Microsoft Office document macros. ScanOLE2 ## ## Mail support ## # Uncomment this option if you are planning to scan mail files. ScanMail ## ## Archive support ## # Comment this line to disable scanning of the archives. ScanArchive # By default the built-in RAR unpacker is disabled by default because the code # terribly leaks, however it's probably a good idea to enable it. ScanRAR # Options below protect your system against Denial of Service attacks # with archive bombs. # Files in archives larger than this limit won't be scanned. # Value of 0 disables the limit. # WARNING: Due to the unrarlib implementation, whole files (one by one) in RAR # archives are decompressed to the memory. That's why never disable # this limit (but you may increase it of course!) ArchiveMaxFileSize 10M # Archives are scanned recursively - e.g. if Zip archive contains RAR file, # the RAR file will be decompressed, too (but only if recursion limit is set # at least to 1). With this option you may set the recursion level. # Value of 0 disables the limit. ArchiveMaxRecursion 15 # Number of files to be scanned within archive. # Value of 0 disables the limit. ArchiveMaxFiles 1000 # Mark potential archive bombs as viruses (0 disables the limit) ArchiveMaxCompressionRatio 200 # Use slower decompression algorithm which uses less memory. This option # affects bzip2 decompressor only. ArchiveLimitMemoryUsage # Mark encrypted archives as viruses (Encrypted.Zip, Encrypted.RAR). #ArchiveBlockEncrypted ## ## Clamuko settings ## WARNING: This is experimental software. It is very likely it will hang ## up your system !!! ## # Enable Clamuko. Dazuko (/dev/dazuko) must be configured and running. #ClamukoScanOnAccess # Set access mask for Clamuko. ClamukoScanOnOpen ClamukoScanOnClose ClamukoScanOnExec # Set the include paths (all files in them will be scanned). You can have # multiple ClamukoIncludePath options, but each directory must be added # in a seperate option. All subdirectories are scanned, too. ClamukoIncludePath /home #ClamukoIncludePath /students # Set the exclude paths. All subdirectories are also excluded. #ClamukoExcludePath /home/guru # Limit the file size to be scanned (probably you don't want to scan your movie # files ;)) # Value of 0 disables the limit. 1 Mb should be fine. ClamukoMaxFileSize 1M # Enable archive support. It uses the limits from clamd section. # (This option doesn't depend on ScanArchive, you can have archive support # in clamd disabled). ClamukoScanArchive 5. Update Virus Database freshclam --quiet --stdout --datadir /var/clamav --log /var/clamav/clamav.log 6. Testare cd /usr/src/clamav/test clamscan test1 zice ca a gasit virusu, deci OK 7. Sendmail Am pus in sendmail.cf, in sectiunea Mail Filtres Xclmilter, S=local:/var/clamav/clmilter.sock,F=, T=S:4m;R:4m 8. Start daemon clamd clamav-milter -blo /var/clamav/clmilter.sock -verificare ls -l /var/clamav/*sock srwxrwxrwx 1 clamav clamav 0 May 13 08:37 /var/clamav/clamd.sock srwx------ 1 root root 0 May 13 07:57 /var/clamav/clmilter.sock ps -aux|grep cla clamav 595 0.0 10.2 14300 13020 ? S 08:37 0:00 /usr/sbin/clamd 9. Test mail(cu fis de la pct. 6) cat test1 | mail -s "Vir" root si mail-ul trece ca porcu prin porumb.... in log-ri nu tu erori...nimic..nimic... 10. Ajutati-ma ca-mi crapa capu de ..raci! 11 Mersi mult! --- Detalii despre listele noastre de mail: http://www.lug.ro/
