Installazione Amavisd-new in Debian: Difference between revisions

From RVM Wiki
Jump to navigation Jump to search
← Older edit
VisualWikitext
 
(26 intermediate revisions by the same user not shown)
Line 4: Line 4:


<pre>
<pre>
sudo aptitude install amavisd-new
sudo apt-get install amavisd-new
</pre>
</pre>


Line 10: Line 10:


Assicurasi di di avere i repository contrib e non-free configurati (Servono per unrar):
Assicurasi di di avere i repository contrib e non-free configurati (Servono per unrar):
sudoedit /etc/apt/sources.list


<pre>
<pre>
cat/etc/apt/sources.list
...
...
deb http://ftp.it.debian.org/debian/ etch main contrib non-free
deb http://ftp.it.debian.org/debian/ squeeze main contrib non-free
...
...
</pre>
</pre>
Line 20: Line 21:
Installarli
Installarli
<pre>
<pre>
sudo aptitude update
sudo apt-get update
sudo aptitude install zoo unzip arj unrar-free lzop bzip2
sudo apt-get install unzip arj lzop bzip2 p7zip-full p7zip-rar rpm2cpio cabextract lhasa zip unzip arc liblz4-tool unace-nonfree lrzip xzdec
</pre>
</pre>


In caso si lamenti per unrar, aggiungere non-free alle righe di /etc/apt/sources.list (e lanciare apt-get update, affinchè vengano accettate le modifiche alle righe di /etc/apt/sources.list).
* Installare unrar completo '''NON''' unrar-free
sudo apt-get remove --purge unrar-free ; sudo apt-get install unrar
 
* In caso si lamenti per unrar, aggiungere non-free alle righe di /etc/apt/sources.list (e lanciare apt-get update, affinchè vengano accettate le modifiche alle righe di /etc/apt/sources.list).
 
* Dichiarare unrar nella configurazione di amavis:
sudoedit /etc/amavis/conf.d/01-debian
 
$unrar      = ['rar', 'unrar']; #disabled (non-free, no security support)
#$unrar      = ['unrar-free'];


$lha    = 'lha'; #disabled (non-free, no security support)
#$lha  = undef;


==Installazione Antivirus==
==Installazione Antivirus==
*[[Installazione Clamav in Debian]]
*[[Installazione Clamav in Debian]]
*[[Installazione e configurazione di AVG su Debian]]
*[[Installazione e configurazione di AVG su Debian]]
*[[Installazione McAfee su Debian]]
*[[Installazione Mcafee]]


==Configurazione Amavis==
==Configurazione Amavis==
* Impostare i propri domini LOCALI (*[http://gogs.info/books/debian-mail/chunked/antispam.amavis.html  Building a mail server on Debian 6.0 - 6.3. Amavisd-new]):
sudoedit /etc/amavis/conf.d/05-domain_id
  @local_domains_acl = ( ".$mydomain", "domain2.com", "domain3.org" );


* Abilitare la scansione antivirus:
* Abilitare la scansione antivirus:
  sudo sed -i 's|^#@bypass_virus_checks_maps = (|@bypass_virus_checks_maps = (|;s|^#  \\%bypass_virus_checks,|  \\%bypass_virus_checks,|' /etc/amavis/conf.d/15-content_filter_mode
  sudo sed -i 's|^#@bypass_virus_checks_maps = (|@bypass_virus_checks_maps = (|;s|^#  \\%bypass_virus_checks,|  \\%bypass_virus_checks,|' /etc/amavis/conf.d/15-content_filter_mode
echo "a0ae97265df161799bcf02a3afd5328b  /etc/amavis/conf.d/15-content_filter_mode" | md5sum --check


O a mano:
O a mano:
Line 50: Line 66:
   \%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re);
   \%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re);
...
...
</pre>
* Per evitare l'errore
warning: Illegal address syntax from localhost[127.0.0.1] in MAIL command: <postmaster@${myhostname}>
Inserire le stringhe in
sudoedit /etc/amavis/conf.d/50-user
$mailfrom_notify_admin = "postmaster\@example.com";
$mailfrom_notify_recip = "postmaster\@example.com";
$mailfrom_notify_spamadmin = "postmaster\@example.com";
* Abilitare il rifiuto di ogni eseguibile anche internamente agli archivi zippati:
sudoedit /etc/amavis/conf.d/20-debian_defaults
<pre>
#...
$banned_filename_re = new_RE(
# qr'^UNDECIPHERABLE$',  # is or contains any undecipherable components
  # block certain double extensions anywhere in the base name
  qr'\.[^./]*\.(exe|vbs|pif|scr|bat|cmd|com|cpl|dll)\.?$'i,
  qr'\{[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12}\}?$'i, # Windows Class ID CLSID, strict
  qr'^application/x-msdownload$'i,                  # block these MIME types
  qr'^application/x-msdos-program$'i,
  qr'^application/hta$'i,
# qr'^application/x-msmetafile$'i, # Windows Metafile MIME type
# qr'^\.wmf$', # Windows Metafile file(1) type
# qr'^message/partial$'i, qr'^message/external-body$'i, # rfc2046 MIME types
# [ qr'^\.(Z|gz|bz2)$'          => 0 ],  # allow any in Unix-compressed
# [ qr'^\.(rpm|cpio|tar)$'      => 0 ],  # allow any in Unix-type archives
# [ qr'^\.(zip|rar|arc|arj|zoo)$'=> 0 ],  # allow any within such archives
# [ qr'^application/x-zip-compressed$'i => 0],  # allow any within such archives
  qr'.\.(exe|vbs|pif|scr|bat|cmd|com|cpl)$'i, # banned extension - basic
qr'.\.(ade|adp|app|bas|bat|chm|cmd|com|cpl|crt|emf|exe|fxp|grp|hlp|hta|
        inf|ins|isp|js|jse|lnk|mda|mdb|mde|mdw|mdt|mdz|msc|msi|msp|mst|
        ops|pcd|pif|prg|reg|scr|sct|shb|shs|vb|vbe|vbs|
        wmf|wsc|wsf|wsh)$'ix,  # banned ext - long
qr'.\.(mim|b64|bhx|hqx|xxe|uu|uue)$'i,  # banned extension - WinZip vulnerab.
qr'.\.(ace)$'i,  # ace archives are not exapndable, forbid them
qr'.\.(jar)$'i,  # jar archives forbidden
  qr'^\.(exe-ms)$',                      # banned file(1) types
qr'^\.(exe|lha|tnef|cab|dll)$',        # banned file(1) types
qr'.\.(ace)$'i, # ban winace archives, because they cannot be uncompressed
);
#...
</pre>
* Abilitare la scansione del body della mail per identificare i link malware con safebrowsing, decommentando la riga con MAIL:
sudoedit /etc/amavis/conf.d/20-debian_defaults
<pre>
@keep_decoded_original_maps = (new_RE(
qr'^MAIL$',  # retain full original message for virus checking (can be slow)
</pre>
</pre>


Line 58: Line 138:
</pre>
</pre>


Verificare che Amavis ascolti sulla porta 10024:
* Verificare che trovi tutti i decoder:
sudo less /var/log/mail.log
 
<pre>
Dec 10 11:54:43 mailserver amavis[8413]: starting. /usr/sbin/amavisd-new at mailserver.
metrica.priv amavisd-new-2.7.1 (20120429), Unicode aware, LANG="en_US.UTF-8"
Dec 10 11:54:43 mailserver amavis[8418]: Net::Server: Group Not Defined.  Defaulting to
EGID '106 106'
Dec 10 11:54:43 mailserver amavis[8418]: Net::Server: User Not Defined.  Defaulting to
EUID '104'
Dec 10 11:54:43 mailserver amavis[8418]: Module Amavis::Conf        2.303
Dec 10 11:54:43 mailserver amavis[8418]: Module Archive::Zip        1.30
Dec 10 11:54:43 mailserver amavis[8418]: Module BerkeleyDB          0.51
Dec 10 11:54:43 mailserver amavis[8418]: Module Compress::Zlib      2.033
Dec 10 11:54:43 mailserver amavis[8418]: Module Convert::TNEF      0.17
Dec 10 11:54:43 mailserver amavis[8418]: Module Convert::UUlib      1.4
Dec 10 11:54:43 mailserver amavis[8418]: Module Crypt::OpenSSL::RSA 0.28
Dec 10 11:54:43 mailserver amavis[8418]: Module Digest::MD5        2.51
Dec 10 11:54:43 mailserver amavis[8418]: Module Digest::SHA        5.61
Dec 10 11:54:43 mailserver amavis[8418]: Module File::Temp          0.22
Dec 10 11:54:43 mailserver amavis[8418]: Module IO::Socket::INET6  2.69
Dec 10 11:54:43 mailserver amavis[8418]: Module MIME::Entity        5.503
Dec 10 11:54:43 mailserver amavis[8418]: Module MIME::Parser        5.503
Dec 10 11:54:43 mailserver amavis[8418]: Module MIME::Tools        5.503
Dec 10 11:54:43 mailserver amavis[8418]: Module Mail::DKIM::Signer  0.39
Dec 10 11:54:43 mailserver amavis[8418]: Module Mail::DKIM::Verifier 0.39
Dec 10 11:54:43 mailserver amavis[8418]: Module Mail::Header        2.09
Dec 10 11:54:43 mailserver amavis[8418]: Module Mail::Internet      2.09
Dec 10 11:54:43 mailserver amavis[8418]: Module Net::DNS            0.66
Dec 10 11:54:43 mailserver amavis[8418]: Module Net::Server        2.006
Dec 10 11:54:43 mailserver amavis[8418]: Module Socket6            0.23
Dec 10 11:54:43 mailserver amavis[8418]: Module Time::HiRes        1.972101
Dec 10 11:54:43 mailserver amavis[8418]: Module Unix::Syslog        1.1
Dec 10 11:54:43 mailserver amavis[8418]: Amavis::DB code      loaded
Dec 10 11:54:43 mailserver amavis[8418]: SQL base code        NOT loaded
Dec 10 11:54:43 mailserver amavis[8418]: SQL::Log code        NOT loaded
Dec 10 11:54:43 mailserver amavis[8418]: SQL::Quarantine      NOT loaded
Dec 10 11:54:43 mailserver amavis[8418]: Lookup::SQL code    NOT loaded
Dec 10 11:54:43 mailserver amavis[8418]: Lookup::LDAP code    NOT loaded
Dec 10 11:54:43 mailserver amavis[8418]: AM.PDP-in proto code loaded
Dec 10 11:54:43 mailserver amavis[8418]: SMTP-in proto code  loaded
Dec 10 11:54:43 mailserver amavis[8418]: Courier proto code  NOT loaded
Dec 10 11:54:43 mailserver amavis[8418]: SMTP-out proto code  loaded
Dec 10 11:54:43 mailserver amavis[8418]: Pipe-out proto code  NOT loaded
Dec 10 11:54:43 mailserver amavis[8418]: BSMTP-out proto code NOT loaded
Dec 10 11:54:43 mailserver amavis[8418]: Local-out proto code loaded
Dec 10 11:54:43 mailserver amavis[8418]: OS_Fingerprint code  NOT loaded
Dec 10 11:54:43 mailserver amavis[8418]: ANTI-VIRUS code      loaded
Dec 10 11:54:43 mailserver amavis[8418]: ANTI-SPAM code      NOT loaded
Dec 10 11:54:43 mailserver amavis[8418]: ANTI-SPAM-EXT code  NOT loaded
Dec 10 11:54:43 mailserver amavis[8418]: ANTI-SPAM-C code    NOT loaded
Dec 10 11:54:43 mailserver amavis[8418]: ANTI-SPAM-SA code    NOT loaded
Dec 10 11:54:43 mailserver amavis[8418]: Unpackers code      loaded
Dec 10 11:54:43 mailserver amavis[8418]: DKIM code            loaded
Dec 10 11:54:43 mailserver amavis[8418]: Tools code          NOT loaded
Dec 10 11:54:43 mailserver amavis[8418]: Found $file            at /usr/bin/file
Dec 10 11:54:43 mailserver amavis[8418]: Found $altermime      at /usr/bin/altermime
Dec 10 11:54:43 mailserver amavis[8418]: Internal decoder for .mail
Dec 10 11:54:43 mailserver amavis[8418]: No decoder for      .F 
Dec 10 11:54:43 mailserver amavis[8418]: Found decoder for    .Z    at /bin/uncompress
Dec 10 11:54:43 mailserver amavis[8418]: Internal decoder for .gz 
Dec 10 11:54:43 mailserver amavis[8418]: Found decoder for    .bz2  at /bin/bzip2 -d
Dec 10 11:54:43 mailserver amavis[8418]: Found decoder for    .xz  at /usr/bin/xz -dc
Dec 10 11:54:43 mailserver amavis[8418]: Found decoder for    .lzma at /usr/bin/xz -dc --format=lzma
Dec 10 11:54:43 mailserver amavis[8418]: Found decoder for    .lzo  at /usr/bin/lzop -d
Dec 10 11:54:43 mailserver amavis[8418]: Found decoder for    .rpm  at /usr/bin/rpm2cpio
Dec 10 11:54:43 mailserver amavis[8418]: Found decoder for    .cpio at /bin/pax
Dec 10 11:54:43 mailserver amavis[8418]: Found decoder for    .tar  at /bin/pax
Dec 10 11:54:43 mailserver amavis[8418]: Found decoder for    .deb  at /usr/bin/ar
Dec 10 11:54:43 mailserver amavis[8418]: Internal decoder for .zip
Dec 10 11:54:43 mailserver amavis[8418]: Internal decoder for .kmz
Dec 10 11:54:43 mailserver amavis[8418]: Found decoder for    .7z  at /usr/bin/7za
Dec 10 11:54:43 mailserver amavis[8418]: Found decoder for    .rar  at /usr/bin/unrar
Dec 10 11:54:43 mailserver amavis[8418]: Found decoder for    .arj  at /usr/bin/ar
Dec 10 11:54:43 mailserver amavis[8418]: Found decoder for    .arc  at /usr/bin/arc
Dec 10 11:54:43 mailserver amavis[8418]: Found decoder for    .zoo  at /usr/bin/zoo
Dec 10 11:54:43 mailserver amavis[8418]: Found decoder for    .doc  at /usr/bin/ripole
Dec 10 11:54:43 mailserver amavis[8418]: Found decoder for    .cab  at /usr/bin/cabextract
Dec 10 11:54:43 mailserver amavis[8418]: No decoder for      .tnef
Dec 10 11:54:43 mailserver amavis[8418]: Internal decoder for .tnef
Dec 10 11:54:43 mailserver amavis[8418]: Found decoder for    .exe  at /usr/bin/unrar; /usr/bin/arj
Dec 10 11:54:43 mailserver amavis[8418]: Using primary internal av scanner code for ClamAV-clamd
Dec 10 11:54:43 mailserver amavis[8418]: Found secondary av scanner ClamAV-clamscan at /usr/bin/clamscan
Dec 10 11:54:43 mailserver amavis[8418]: Deleting db files __db.002,__db.004,snmp.db,__db.001,__db.003,nanny.db in /var/lib/amavis/db
Dec 10 11:54:43 mailserver amavis[8418]: Creating db in /var/lib/amavis/db/; BerkeleyDB 0.51, libdb 5.1
</pre>
 
* Verificare che Amavis ascolti sulla porta 10024:


<pre>
<pre>
Line 64: Line 231:
</pre>
</pre>


il cui risultato dovrà essere qualcosa di simile:
* il cui risultato dovrà essere qualcosa di simile:
 
tcp        0      0 127.0.0.1:10024        0.0.0.0:*              LISTEN


tcp        0      0 127.0.0.1:10024        0.0.0.0:*               LISTEN
* e


e
ps wax | grep amavis


<pre>
ps wax | grep amavis
</pre>


il cui risultato dovrà essere qualcosa di simile:
* il cui risultato dovrà essere qualcosa di simile:
<pre>
<pre>
10491 ?        S      0:00 amavisd (master)
10491 ?        S      0:00 amavisd (master)
Line 82: Line 248:
</pre>
</pre>


Se si vuol far funzionare clamav-daemon occorre aggiungere l'utente clamav al gruppo amavis:
*Se si vuol far funzionare clamav-daemon occorre aggiungere l'utente clamav al gruppo amavis:


<pre>
sudo adduser clamav amavis
sudo adduser clamav amavis
sudo adduser  amavis clamav
</pre>


== Configurazione Postfix==
== Configurazione Postfix==


<pre>
sudo postconf -e content_filter=amavis:[127.0.0.1]:10024
sudo postconf -e content_filter=amavis:[127.0.0.1]:10024
</pre>


* Mettere queste cose alla fine di master.cf:
* Mettere queste cose alla fine di master.cf:
Line 117: Line 280:


ed il cui risultato sarà (MODIFICARE LE INDENTAZIONI A MANO):
ed il cui risultato sarà (MODIFICARE LE INDENTAZIONI A MANO):
sudoedit /etc/postfix/master.cf


<pre>
<pre>
Line 144: Line 308:
</pre>
</pre>


=Test=
* Testare un virus con
cd /tmp
wget http://www.eicar.org/download/eicarcom2.zip
swaks -f nome.cognome@domain.dom -s smtpserver -t recipient@otherdomain.dom -au nome.cognome --attach eicarcom2.zip


* Testarlo con
  sudo tail -f /var/log/syslog
  swaks -f nome.cognome@ronchetti.it -s fireron -t gabriele@rvmgroup.it -au nome.cognome --attach eicarcom2.zip


  sudo tail -f /var/log/syslog
* Testare un link malare con:
  echo "http://malware.testing.google.test/testing/malware/" | swaks -f nome.cognome@domain.dom -s smtpserver -t recipient@otherdomain.dom -au nome.cognome --body -
 
* Testare come indicato in [http://sanesecurity.com/support/signature-testing/ Signature Testing - Sanesecurity ClamAV: Phishing, Spam & Malware Signatures]
 
=Riferimenti=
*[http://www.iredmail.org/forum/post38275.html#p38275 Amavis does not parse exe in rar archive — iRedMail Support — iRedMail]
*[http://sanesecurity.com/support/signature-testing/ Signature Testing - Sanesecurity ClamAV: Phishing, Spam & Malware Signatures]

Latest revision as of 13:47, 11 December 2019

Installazione Amavisd

  • Effettuare l'installazione:
sudo apt-get install amavisd-new

Installazione decompressori

Assicurasi di di avere i repository contrib e non-free configurati (Servono per unrar): 

sudoedit /etc/apt/sources.list

...
deb http://ftp.it.debian.org/debian/ squeeze main contrib non-free
...

Installarli 

sudo apt-get update
sudo apt-get install unzip arj lzop bzip2 p7zip-full p7zip-rar rpm2cpio cabextract lhasa zip unzip arc liblz4-tool unace-nonfree lrzip xzdec
  • Installare unrar completo NON unrar-free
sudo apt-get remove --purge unrar-free ; sudo apt-get install unrar
  • In caso si lamenti per unrar, aggiungere non-free alle righe di /etc/apt/sources.list (e lanciare apt-get update, affinchè vengano accettate le modifiche alle righe di /etc/apt/sources.list).
  • Dichiarare unrar nella configurazione di amavis:
sudoedit /etc/amavis/conf.d/01-debian

$unrar      = ['rar', 'unrar']; #disabled (non-free, no security support)
#$unrar      = ['unrar-free'];

$lha    = 'lha'; #disabled (non-free, no security support)
#$lha   = undef;

Installazione Antivirus

Configurazione Amavis

sudoedit /etc/amavis/conf.d/05-domain_id

 @local_domains_acl = ( ".$mydomain", "domain2.com", "domain3.org" );
  • Abilitare la scansione antivirus:
sudo sed -i 's|^#@bypass_virus_checks_maps = (|@bypass_virus_checks_maps = (|;s|^#   \\%bypass_virus_checks,|   \\%bypass_virus_checks,|' /etc/amavis/conf.d/15-content_filter_mode

O a mano: 

sudoedit /etc/amavis/conf.d/15-content_filter_mode

...
@bypass_virus_checks_maps = (
   \%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re);
...
  • Per evitare l'errore
warning: Illegal address syntax from localhost[127.0.0.1] in MAIL command: <postmaster@${myhostname}>

Inserire le stringhe in 

sudoedit /etc/amavis/conf.d/50-user

$mailfrom_notify_admin = "postmaster\@example.com";
$mailfrom_notify_recip = "postmaster\@example.com";
$mailfrom_notify_spamadmin = "postmaster\@example.com";
  • Abilitare il rifiuto di ogni eseguibile anche internamente agli archivi zippati:
sudoedit /etc/amavis/conf.d/20-debian_defaults 

#...

$banned_filename_re = new_RE(
# qr'^UNDECIPHERABLE$',  # is or contains any undecipherable components

  # block certain double extensions anywhere in the base name
  qr'\.[^./]*\.(exe|vbs|pif|scr|bat|cmd|com|cpl|dll)\.?$'i,

  qr'\{[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12}\}?$'i, # Windows Class ID CLSID, strict

  qr'^application/x-msdownload$'i,                  # block these MIME types
  qr'^application/x-msdos-program$'i,
  qr'^application/hta$'i,

# qr'^application/x-msmetafile$'i,	# Windows Metafile MIME type
# qr'^\.wmf$',				# Windows Metafile file(1) type

# qr'^message/partial$'i, qr'^message/external-body$'i, # rfc2046 MIME types

# [ qr'^\.(Z|gz|bz2)$'           => 0 ],  # allow any in Unix-compressed
# [ qr'^\.(rpm|cpio|tar)$'       => 0 ],  # allow any in Unix-type archives
# [ qr'^\.(zip|rar|arc|arj|zoo)$'=> 0 ],  # allow any within such archives
# [ qr'^application/x-zip-compressed$'i => 0],  # allow any within such archives

  qr'.\.(exe|vbs|pif|scr|bat|cmd|com|cpl)$'i, # banned extension - basic
 qr'.\.(ade|adp|app|bas|bat|chm|cmd|com|cpl|crt|emf|exe|fxp|grp|hlp|hta|
        inf|ins|isp|js|jse|lnk|mda|mdb|mde|mdw|mdt|mdz|msc|msi|msp|mst|
        ops|pcd|pif|prg|reg|scr|sct|shb|shs|vb|vbe|vbs|
        wmf|wsc|wsf|wsh)$'ix,  # banned ext - long

 qr'.\.(mim|b64|bhx|hqx|xxe|uu|uue)$'i,  # banned extension - WinZip vulnerab.
 qr'.\.(ace)$'i,  # ace archives are not exapndable, forbid them
 qr'.\.(jar)$'i,  # jar archives forbidden

  qr'^\.(exe-ms)$',                       # banned file(1) types
 qr'^\.(exe|lha|tnef|cab|dll)$',         # banned file(1) types
 qr'.\.(ace)$'i, # ban winace archives, because they cannot be uncompressed

);
#...
  • Abilitare la scansione del body della mail per identificare i link malware con safebrowsing, decommentando la riga con MAIL:
sudoedit /etc/amavis/conf.d/20-debian_defaults 

@keep_decoded_original_maps = (new_RE(
 qr'^MAIL$',   # retain full original message for virus checking (can be slow)

Restartare amavis: 

sudo invoke-rc.d amavis stop ; sudo invoke-rc.d amavis start
  • Verificare che trovi tutti i decoder:
sudo less /var/log/mail.log

Dec 10 11:54:43 mailserver amavis[8413]: starting. /usr/sbin/amavisd-new at mailserver.
metrica.priv amavisd-new-2.7.1 (20120429), Unicode aware, LANG="en_US.UTF-8"
Dec 10 11:54:43 mailserver amavis[8418]: Net::Server: Group Not Defined.  Defaulting to
 EGID '106 106'
Dec 10 11:54:43 mailserver amavis[8418]: Net::Server: User Not Defined.  Defaulting to 
EUID '104'
Dec 10 11:54:43 mailserver amavis[8418]: Module Amavis::Conf        2.303
Dec 10 11:54:43 mailserver amavis[8418]: Module Archive::Zip        1.30
Dec 10 11:54:43 mailserver amavis[8418]: Module BerkeleyDB          0.51
Dec 10 11:54:43 mailserver amavis[8418]: Module Compress::Zlib      2.033
Dec 10 11:54:43 mailserver amavis[8418]: Module Convert::TNEF       0.17
Dec 10 11:54:43 mailserver amavis[8418]: Module Convert::UUlib      1.4
Dec 10 11:54:43 mailserver amavis[8418]: Module Crypt::OpenSSL::RSA 0.28
Dec 10 11:54:43 mailserver amavis[8418]: Module Digest::MD5         2.51
Dec 10 11:54:43 mailserver amavis[8418]: Module Digest::SHA         5.61
Dec 10 11:54:43 mailserver amavis[8418]: Module File::Temp          0.22
Dec 10 11:54:43 mailserver amavis[8418]: Module IO::Socket::INET6   2.69
Dec 10 11:54:43 mailserver amavis[8418]: Module MIME::Entity        5.503
Dec 10 11:54:43 mailserver amavis[8418]: Module MIME::Parser        5.503
Dec 10 11:54:43 mailserver amavis[8418]: Module MIME::Tools         5.503
Dec 10 11:54:43 mailserver amavis[8418]: Module Mail::DKIM::Signer  0.39
Dec 10 11:54:43 mailserver amavis[8418]: Module Mail::DKIM::Verifier 0.39
Dec 10 11:54:43 mailserver amavis[8418]: Module Mail::Header        2.09
Dec 10 11:54:43 mailserver amavis[8418]: Module Mail::Internet      2.09
Dec 10 11:54:43 mailserver amavis[8418]: Module Net::DNS            0.66
Dec 10 11:54:43 mailserver amavis[8418]: Module Net::Server         2.006
Dec 10 11:54:43 mailserver amavis[8418]: Module Socket6             0.23
Dec 10 11:54:43 mailserver amavis[8418]: Module Time::HiRes         1.972101
Dec 10 11:54:43 mailserver amavis[8418]: Module Unix::Syslog        1.1
Dec 10 11:54:43 mailserver amavis[8418]: Amavis::DB code      loaded
Dec 10 11:54:43 mailserver amavis[8418]: SQL base code        NOT loaded
Dec 10 11:54:43 mailserver amavis[8418]: SQL::Log code        NOT loaded
Dec 10 11:54:43 mailserver amavis[8418]: SQL::Quarantine      NOT loaded
Dec 10 11:54:43 mailserver amavis[8418]: Lookup::SQL code     NOT loaded
Dec 10 11:54:43 mailserver amavis[8418]: Lookup::LDAP code    NOT loaded
Dec 10 11:54:43 mailserver amavis[8418]: AM.PDP-in proto code loaded
Dec 10 11:54:43 mailserver amavis[8418]: SMTP-in proto code   loaded
Dec 10 11:54:43 mailserver amavis[8418]: Courier proto code   NOT loaded
Dec 10 11:54:43 mailserver amavis[8418]: SMTP-out proto code  loaded
Dec 10 11:54:43 mailserver amavis[8418]: Pipe-out proto code  NOT loaded
Dec 10 11:54:43 mailserver amavis[8418]: BSMTP-out proto code NOT loaded
Dec 10 11:54:43 mailserver amavis[8418]: Local-out proto code loaded
Dec 10 11:54:43 mailserver amavis[8418]: OS_Fingerprint code  NOT loaded
Dec 10 11:54:43 mailserver amavis[8418]: ANTI-VIRUS code      loaded
Dec 10 11:54:43 mailserver amavis[8418]: ANTI-SPAM code       NOT loaded
Dec 10 11:54:43 mailserver amavis[8418]: ANTI-SPAM-EXT code   NOT loaded
Dec 10 11:54:43 mailserver amavis[8418]: ANTI-SPAM-C code     NOT loaded
Dec 10 11:54:43 mailserver amavis[8418]: ANTI-SPAM-SA code    NOT loaded
Dec 10 11:54:43 mailserver amavis[8418]: Unpackers code       loaded
Dec 10 11:54:43 mailserver amavis[8418]: DKIM code            loaded
Dec 10 11:54:43 mailserver amavis[8418]: Tools code           NOT loaded
Dec 10 11:54:43 mailserver amavis[8418]: Found $file            at /usr/bin/file
Dec 10 11:54:43 mailserver amavis[8418]: Found $altermime       at /usr/bin/altermime
Dec 10 11:54:43 mailserver amavis[8418]: Internal decoder for .mail
Dec 10 11:54:43 mailserver amavis[8418]: No decoder for       .F   
Dec 10 11:54:43 mailserver amavis[8418]: Found decoder for    .Z    at /bin/uncompress
Dec 10 11:54:43 mailserver amavis[8418]: Internal decoder for .gz  
Dec 10 11:54:43 mailserver amavis[8418]: Found decoder for    .bz2  at /bin/bzip2 -d
Dec 10 11:54:43 mailserver amavis[8418]: Found decoder for    .xz   at /usr/bin/xz -dc
Dec 10 11:54:43 mailserver amavis[8418]: Found decoder for    .lzma at /usr/bin/xz -dc --format=lzma
Dec 10 11:54:43 mailserver amavis[8418]: Found decoder for    .lzo  at /usr/bin/lzop -d
Dec 10 11:54:43 mailserver amavis[8418]: Found decoder for    .rpm  at /usr/bin/rpm2cpio
Dec 10 11:54:43 mailserver amavis[8418]: Found decoder for    .cpio at /bin/pax
Dec 10 11:54:43 mailserver amavis[8418]: Found decoder for    .tar  at /bin/pax
Dec 10 11:54:43 mailserver amavis[8418]: Found decoder for    .deb  at /usr/bin/ar
Dec 10 11:54:43 mailserver amavis[8418]: Internal decoder for .zip 
Dec 10 11:54:43 mailserver amavis[8418]: Internal decoder for .kmz 
Dec 10 11:54:43 mailserver amavis[8418]: Found decoder for    .7z   at /usr/bin/7za
Dec 10 11:54:43 mailserver amavis[8418]: Found decoder for    .rar  at /usr/bin/unrar
Dec 10 11:54:43 mailserver amavis[8418]: Found decoder for    .arj  at /usr/bin/ar
Dec 10 11:54:43 mailserver amavis[8418]: Found decoder for    .arc  at /usr/bin/arc
Dec 10 11:54:43 mailserver amavis[8418]: Found decoder for    .zoo  at /usr/bin/zoo
Dec 10 11:54:43 mailserver amavis[8418]: Found decoder for    .doc  at /usr/bin/ripole
Dec 10 11:54:43 mailserver amavis[8418]: Found decoder for    .cab  at /usr/bin/cabextract
Dec 10 11:54:43 mailserver amavis[8418]: No decoder for       .tnef
Dec 10 11:54:43 mailserver amavis[8418]: Internal decoder for .tnef
Dec 10 11:54:43 mailserver amavis[8418]: Found decoder for    .exe  at /usr/bin/unrar; /usr/bin/arj
Dec 10 11:54:43 mailserver amavis[8418]: Using primary internal av scanner code for ClamAV-clamd
Dec 10 11:54:43 mailserver amavis[8418]: Found secondary av scanner ClamAV-clamscan at /usr/bin/clamscan
Dec 10 11:54:43 mailserver amavis[8418]: Deleting db files __db.002,__db.004,snmp.db,__db.001,__db.003,nanny.db in /var/lib/amavis/db
Dec 10 11:54:43 mailserver amavis[8418]: Creating db in /var/lib/amavis/db/; BerkeleyDB 0.51, libdb 5.1
  • Verificare che Amavis ascolti sulla porta 10024:
netstat -an | grep 10024
  • il cui risultato dovrà essere qualcosa di simile:
tcp        0      0 127.0.0.1:10024         0.0.0.0:*               LISTEN
  • e
ps wax | grep amavis


  • il cui risultato dovrà essere qualcosa di simile:
10491 ?        S      0:00 amavisd (master)
10492 ?        S      0:00 amavisd (virgin child)
10493 ?        S      0:00 amavisd (virgin child)
10497 pts/0    S      0:00 grep amavis
  • Se si vuol far funzionare clamav-daemon occorre aggiungere l'utente clamav al gruppo amavis:
sudo adduser clamav amavis
sudo adduser  amavis clamav

Configurazione Postfix

sudo postconf -e content_filter=amavis:[127.0.0.1]:10024
  • Mettere queste cose alla fine di master.cf:
cat | sudo tee -a /etc/postfix/master.cf > /dev/null <<EOFile
amavis unix - - n - 2 smtp
	-o smtp_data_done_timeout=1200
	-o disable_dns_lookups=yes

127.0.0.1:10025 inet n - n - - smtpd
	-o content_filter=
	-o local_recipient_maps=
	-o relay_recipient_maps=
	-o smtpd_restriction_classes=
	-o smtpd_client_restrictions=
	-o smtpd_helo_restrictions=
	-o smtpd_sender_restrictions=
	-o smtpd_recipient_restrictions=permit_mynetworks,reject
	-o mynetworks=127.0.0.0/8
	-o strict_rfc821_envelopes=yes
EOFile

ed il cui risultato sarà (MODIFICARE LE INDENTAZIONI A MANO): 

sudoedit /etc/postfix/master.cf

amavis unix - - n - 2 smtp
	-o smtp_data_done_timeout=1200
	-o disable_dns_lookups=yes

127.0.0.1:10025 inet n - n - - smtpd
	-o content_filter=
	-o local_recipient_maps=
	-o relay_recipient_maps=
	-o smtpd_restriction_classes=
	-o smtpd_client_restrictions=
	-o smtpd_helo_restrictions=
	-o smtpd_sender_restrictions=
	-o smtpd_recipient_restrictions=permit_mynetworks,reject
	-o mynetworks=127.0.0.0/8
	-o strict_rfc821_envelopes=yes
  • Restartare Postfix e Clamav e Clamav-daemon:
sudo /etc/init.d/postfix stop; sudo /etc/init.d/postfix start
sudo /etc/init.d/amavis stop ; sudo /etc/init.d/amavis start
sudo /etc/init.d/clamav-daemon stop; sudo /etc/init.d/clamav-daemon start

Test

  • Testare un virus con
cd /tmp
wget http://www.eicar.org/download/eicarcom2.zip
swaks -f nome.cognome@domain.dom -s smtpserver -t recipient@otherdomain.dom -au nome.cognome --attach eicarcom2.zip

sudo tail -f /var/log/syslog
  • Testare un link malare con:
echo "http://malware.testing.google.test/testing/malware/" | swaks -f nome.cognome@domain.dom -s smtpserver -t recipient@otherdomain.dom -au nome.cognome --body -

Riferimenti

Retrieved from "https://kb.rvmgroup.it/index.php?title=Installazione_Amavisd-new_in_Debian&oldid=10302"