CentOS 4.4

f-port
[1.] 下載安裝
wget http://files.f-prot.com/files/linux-x86/fp-linux-ws.rpm && rpm -ivh fp-linux-ws.rpm

[2.] 更新
/usr/local/f-prot/tools/check-updates.pl

排程
****** root /usr/local/f-prot/tools/check-updates.pl -cron

[Q:]

Error: Unable to include perl module: ‘HTTP::Request’.
Please install this module and try re-running this script.
(Hint: man CPAN)

Fatal error. Exiting…

[A:] apt-get install perl-libwww-perl

f-prot竟連簡單的 Eicar-Test-Signature 也沒抓出來,改用 clamav好了

Spamassassin
apt-get install spamassassin

MailScanner-4.59.4-2
[1.] ./configure

[2.] vi /etc/MailScanner/MailScanner.conf

Run As User = postfix
Run As Group = postfix
Incoming Queue Dir = /var/spool/postfix/hold
Outgoing Queue Dir = /var/spool/postfix/incoming
MTA = postfix
Virus Scanners = f-prot
# 如果是多個空白分隔
#Virus Scanners = f-prot clamav

Postfix
vi /etc/postfix/main.cf

header_checks = regexp:/etc/postfix/header_checks

vi /etc/postfix/header_checks

/^Received:/ HOLD

chown postfix.postfix /var/spool/MailScanner/incoming
chown postfix.postfix /var/spool/MailScanner/quarantine
chown root.postfix /var/spool/postfix
chmod 775 /var/spool/postfix

service sendmail stop
service postfix stop
service MailScanner start

chkconfig sendmail off
chkconfig postfix off
chkconfig MailScanner on

ref: http://blog.skyroom.idv.tw/?p=7
ref: http://linux.vbird.org/somepaper/20030905-mailscanner-conf.htm

備註:
以上就 MailScanner的設定,寄SPAM,會收到主題標為{Spam?}的信,而 Virus,主題為{Virus?}並寄給 postmaster一封”Bad Filename Detected : Virus Detected”

MailScanner.conf
Virus

# 定義那些類型的病毒保持沉默,不發警告給收件者
Silent Viruses = HTML-IFrame All-Viruses

# 就算定義在 Silent Viruses裡,仍發警告給收件者
Still Deliver Silent Viruses = yes

# 發警告信給管理者,或者使用 aliases
Notices To = mailalert@mail.xxx.xxx.xxx

Phishing

# 定義偵測釣魚信
Find Phishing Fraud = yes

# 偵測 ip型式的連結
Also Find Numeric Phishing = yes

Use Stricter Phishing Net = yes

# 在信中放置警告訊息
Highlight Phishing Fraud = yes

more /var/log/maillog,意思就是在mail中看到的是www.123.com.tw而實際連結為 www.321.com.tw

MailScanner[4936]: Found phishing fraud from www.321.com.tw claiming to be www.123.com.tw in 9BFBF4F02BC.16C80
MailScanner[4936]: Content Checks: Detected and have disarmed phishing tags in HTML message in 9BFBF4F02BC.16C80 from cross@ssorc.tw

列入白名單
vi /etc/MailScanner/spam.assassin.prefs.conf

whitelist_from cross@ssorc.tw

用 MailScanner 啟動 Spamassassin
vi /etc/MailScanner/MailScanner.conf

SpamAssassin User State Dir = /var/spool/MailScanner/spamassassin
SpamAssassin Install Prefix = /usr/bin
SpamAssassin Local Rules Dir = /etc/MailScanner

mkdir /var/spool/MailScanner/spamassassin
chown postfix.postfix /var/spool/MailScanner/spamassassin

ref: http://www.wonton.idv.tw/phpbb/viewtopic.php?p=182&

最後修改日期: 2012 年 07 月 01 日

作者

留言

撰寫回覆或留言

發佈留言必須填寫的電子郵件地址不會公開。