CentOS 4.4
f-port
[1.] 下載安裝
wget http://files.f-prot.com/files/linux-x86/fp-linux-ws.rpm && rpm -ivh fp-linux-ws.rpm
[2.] 更新
/usr/local/f-prot/tools/check-updates.pl
排程
****** root /usr/local/f-prot/tools/check-updates.pl -cron
[Q:]
Error: Unable to include perl module: ‘HTTP::Request’.
Please install this module and try re-running this script.
(Hint: man CPAN)Fatal error. Exiting…
[A:] apt-get install perl-libwww-perl
f-prot竟連簡單的 Eicar-Test-Signature 也沒抓出來,改用 clamav好了
Spamassassin
apt-get install spamassassin
MailScanner-4.59.4-2
[1.] ./configure
[2.] vi /etc/MailScanner/MailScanner.conf
Run As User = postfix
Run As Group = postfix
Incoming Queue Dir = /var/spool/postfix/hold
Outgoing Queue Dir = /var/spool/postfix/incoming
MTA = postfix
Virus Scanners = f-prot
# 如果是多個空白分隔
#Virus Scanners = f-prot clamav
Postfix
vi /etc/postfix/main.cf
header_checks = regexp:/etc/postfix/header_checks
vi /etc/postfix/header_checks
/^Received:/ HOLD
chown postfix.postfix /var/spool/MailScanner/incoming
chown postfix.postfix /var/spool/MailScanner/quarantine
chown root.postfix /var/spool/postfix
chmod 775 /var/spool/postfix
service sendmail stop
service postfix stop
service MailScanner start
chkconfig sendmail off
chkconfig postfix off
chkconfig MailScanner on
ref: http://blog.skyroom.idv.tw/?p=7
ref: http://linux.vbird.org/somepaper/20030905-mailscanner-conf.htm
備註:
以上就 MailScanner的設定,寄SPAM,會收到主題標為{Spam?}的信,而 Virus,主題為{Virus?}並寄給 postmaster一封”Bad Filename Detected : Virus Detected”
MailScanner.conf
Virus
# 定義那些類型的病毒保持沉默,不發警告給收件者
Silent Viruses = HTML-IFrame All-Viruses
# 就算定義在 Silent Viruses裡,仍發警告給收件者
Still Deliver Silent Viruses = yes
# 發警告信給管理者,或者使用 aliases
Notices To = mailalert@mail.xxx.xxx.xxx
Phishing
# 定義偵測釣魚信
Find Phishing Fraud = yes
# 偵測 ip型式的連結
Also Find Numeric Phishing = yes
Use Stricter Phishing Net = yes
# 在信中放置警告訊息
Highlight Phishing Fraud = yes
more /var/log/maillog,意思就是在mail中看到的是www.123.com.tw而實際連結為 www.321.com.tw
MailScanner[4936]: Found phishing fraud from www.321.com.tw claiming to be www.123.com.tw in 9BFBF4F02BC.16C80
MailScanner[4936]: Content Checks: Detected and have disarmed phishing tags in HTML message in 9BFBF4F02BC.16C80 from cross@ssorc.tw
列入白名單
vi /etc/MailScanner/spam.assassin.prefs.conf
whitelist_from cross@ssorc.tw
用 MailScanner 啟動 Spamassassin
vi /etc/MailScanner/MailScanner.conf
SpamAssassin User State Dir = /var/spool/MailScanner/spamassassin
SpamAssassin Install Prefix = /usr/bin
SpamAssassin Local Rules Dir = /etc/MailScanner
mkdir /var/spool/MailScanner/spamassassin
chown postfix.postfix /var/spool/MailScanner/spamassassin
ref: http://www.wonton.idv.tw/phpbb/viewtopic.php?p=182&
留言