Qmail-scan+Mcafee VirusScan Command Line
qmail-scan的网站 http://qmail-scanner.sourceforge.net/,最新版本1.22
需要依赖的程序
reformime (来自 Maildrop 1.3.8+ )
Perl 5.6.1
Perl module Time::HiRes
Perl module DB_File (可能不需要或者系统已经存在)
Perl module Sys::Syslog (可能不需要或者系统已经存在)
TNEF unpacker
这里介绍手动安装,主要是不想重新编译Qmail加入QMAILQUEUE
安装Mcafee VirusScan Command Line,并且将uvscan ln到/usr/local/bin 和 .so文件ln到/usr/local/lib
tar zxf qmail-scanner-1.22.gz cd qmail-scanner-1.22 |
配置qmail-scanner,路径自定义,yourdomain替换为你的域名,详细的参看./configure --help
./configure --spooldir /mail/qmailscan --qmaildir
/mail/qmail --bindir /mail/qmail/bin --qmail-queue-binary
/mail/qmail/bin/qmail-queue.real --admin root
--domain yourdomain --notify recips --local-domains yourdomain
--silent-viruses auto --lang en_GB --debug no --unzip
1 --add-dscr-hdrs 0 --archive 0 --redundant no --log-details
0 --log-crypto 0 --fix-mime 2 --scanners "uvscan"
--ignore-eol-check 0 --no-QQ-check |
添加用户和组
pw groupadd qscand -g 65530 pw useradd qscand -g qscand -d /mail/qmailscan -s /nonexistent -u 65530 创建目录 mkdir -p /mail/qmailscan mkdir -p /mail/qmailscan/quarantine/tmp /mail/qmailscan/quarantine/cur
/mail/qmailscan/quarantine/new mkdir -p /mail/qmailscan/working/tmp /mail/qmailscan/working/cur /mail/qmailscan/working/new mkdir -p /mail/qmailscan/archive/tmp /mail/qmailscan/archive/cur /mail/qmailscan/archive/new |
复制文件,设置权限
cp quarantine-attachments.txt /mail/qmailscan/ chown -R qscand.qscand /mail/qmailscan/ cp qmail-scanner-queue.pl /mail/qmail/bin/qmail-scanner-queue.pl chown qscand.qscand /mail/qmail/bin/qmail-scanner-queue.pl chmod 4755 /mail/qmail/bin/qmail-scanner-queue.pl 初始化qmail-scan,代替qmail-queue先调用 /mail/qmail/bin/qmail-scanner-queue.pl -h /mail/qmail/bin/qmail-scanner-queue.pl -z /mail/qmail/bin/qmail-scanner-queue.pl -g mv /mail/qmail/bin/qmail-queue /mail/qmail/bin/qmail-queue.real ln -s /mail/qmail/bin/qmail-scanner-queue.pl /mail/qmail/bin/qmail-queue |
mcafee病毒库自动更新脚本update.sh, 放在uvscan目录下面
#!/bin/sh install_directory=`dirname $0` mkdir /tmp/dat-updates cd /tmp/dat-updates current_version=`$install_directory/uvscan
--version
| grep "Virus data file"
| awk '{ print substr($4,2,4) }'` ftp "ftp://ftp.nai.com/pub/datfiles/english/dat-*.tar" new_version=`echo dat-*.tar | awk '{ print substr($1,5,4) }'` if [ "$current_version" -ge "$new_version" ] then echo "No new .DATs available at this time" echo "Currently installed version: $current_version" echo "Version on FTP site: $new_version" else tar -xf dat-*.tar for file in `tar -tf dat-*.tar` do newfile=`echo $file | tr [A-Z] [a-z]` mv -f ./$file "$install_directory/$newfile" done current_version=`$install_directory/uvscan
--version | grep "Virus data file" | awk '{ print substr($4,2,4) }'` if [ ! "$current_version" -eq "$new_version" ] then echo "DAT file updates did not work correctly." echo "Please try manually." else echo "DAT file updates successful" echo "Currently installed version: $current_version" fi fi cd / rm -rf /tmp/dat-updates chmod +x update.sh |
做个crond每6小时更新一次
0 */6 * * * /uvscan-path/update.sh
如果邮件系统负荷很大,可以考虑使用sophie+sophos来做
sophie能够作为一个daemon,将病毒引擎和病毒库装载在内存中,然后创建一个socket供其他程序调用