建設qmail服務器的病毒防護系統

本文介紹如何給公司的郵件服務器加個病毒掃描，綜合考慮了幾種方案后，認為qmail-scanner+clamav(主要是因為免費)比較合適，這種方案的優點就是如果你的qmailqueue-patch在安裝時就打好了，原系統基本不動。 所需軟件（假定你有QMAIL系統，且能正常運行）

 
1、 maildrop-1.5.2.20030423.tar.gz 
2、perl-Time-HiRes-1.38-3.i386.rpm 
3、clamav-0.65.tar.gz 
4、qmail-scanner-1.20.tgz 

一 maildrop安裝：

tar zxvf maildrop-1.5.2.20030423.tar.gz 
./configure [options] 
   make 
   make install-strip 
   make install-man 

二 安裝 perl-Time-HiRes-1.38-3.i386.rpm

rpm -ivh perl-Time-HiRes-1.38-3.i386.rpm

三 安裝clamav-0.65.tar.gz

grouadd clamav 
useradd –g clamav –s /bin/false clamav 
tar zxvf clamav-0.65.tar.gz 
cd clamav-0.65 
./configure 
make check 
make install 
更新病毒庫，freshclam 
把freshclam加入crontab 定時更新病毒庫， 
修改/usr/local/etc/clamav.conf 
Example前加# 或刪掉 
執行clamscan 測試 
執行clamd  
然后執行clamdscan  

四 安裝qmail-scanner-1.20.tgz

groupadd qscand 
useradd –g qscand –s /bin/false qscand 
tar zxvf  qmail-scanner-1.20.tgz 
cd qmail-scanner-1.20 
./configure --qmail-queue-binary /var /qmail/bin/qmail-queue 
 --admin postmaster \ 
--domain abc.com.cn --notify sender,admin --local-domains 
abc.com.cn --lang en_GB\ 
 --debug yes --unzip yes --scanners clamscan 
 
檢查有無錯誤 
然后安裝./configure --qmail-queue-binary 
/var /qmail/bin/qmail-queue  --admin postmaster \ 
--domain abc.com.cn --notify sender,admin 
--local-domains abc.com.cn --lang en_GB\ 
--debug yes --unzip yes --scanners clamscan --install 

看看是否在/var/qmail/bin/qmail-scanner-queue.pl是否存在 
chown qscand:qscand /var/qmail/bin/qmail-scanner-queue.pl 
chmod 4755 /var/qmail/bin/qmail-scanner-queue.pl 
然后用一個普通用戶登陸，執行/var/qmail/bin/qmail-scanner-queue.pl -z 
如果沒有Can't do setuid出現，恭喜你，
如果有回到安裝文件目錄，有個contrib目錄， 
make  
make install 

附加步驟：chown qscand:qscand /var/qmail/bin/qmail-scanner-queue 
chmod 4755 /var/qmail/bin/qmail-scanner-queue 
chmod 0755 /var/qmail/bin/qmail-scanner-queue.pl 

然后用一個普通用戶登陸，執行/var/qmail/bin/qmail-scanner-queue -z 
/var/qmail/bin/qmail-scanner-queue –g 
修改環境變量 
1 在你的qmail啟動腳本加入 
QMAILQUEUE=/var/qmail/bin/qmail-scanner-queue.pl如果作了附加步驟用下面的 
QMAILQUEUE=/var/qmail/bin/qmail-scanner-queue 
export QMAILQUEUE
2還有一種方法：請參考FAQ.php 
Instead set it under the tcpserver smtp rules file (you're using Qmail - 
so you already know what that is - right? :-). That way you can even setup 
Qmail-Scanner to only scan mail from particular SMTP client IP address ranges/etc. 
This is now the only officially supported mechanism. Set it something like this: 
#/etc/tcpserver/smtp.rules 
# 
# No Qmail-Scanner at all for mail from 127.0.0.1 
127.:allow,RELAYCLIENT="",RBLSMTPD="",
QMAILQUEUE="/var/qmail/bin/qmail-queue" 
# Use Qmail-Scanner without SpamAssassin on any mail from the local.network 
# [it triggers SpamAssassin via the presence of the RELAYCLIENT var] 
10.:allow,RELAYCLIENT="",RBLSMTPD="",
QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl" 
# 
# Use Qmail-Scanner with SpamAssassin on any mail from the rest of the world 
:allow,QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl" 
Then run "maketcprules" or something like "tcprules /etc/tcp.smtp.cdb
 /etc/tcp.smtp.tmp < /etc/tcp.smtp" to rebuild the database 

重起qmail 測試，這里有測試程序 
/youdir/software/qmail-scanner-1.20 test_installation.sh 

不知什么原因，我的clamscan 掃描不到病毒，經過測試，發現了原因，正確解決方法：  

修改qmail-scanner-queue.pl中的  
my $clamscan_options="-r --disable-summary 
  --max-recursion=10 --max-space=1000000";為  
my $clamscan_options="-r --mbox --disable-summary 
  --max-recursion=10 --max-space=1000000";  
就可以ＯＫ了 

主要的排錯監測日志 
/var/spool/qmailscan/quarantine.log 
/var/spool/qmailscan/qmail-queue.log 
 /var/log/clamd.log 
/var/qmail/maillog