Latest revision as of 13:47, 11 December 2019

Installazione Amavisd

Effettuare l'installazione:

sudo apt-get install amavisd-new

Installazione decompressori

Assicurasi di di avere i repository contrib e non-free configurati (Servono per unrar):

sudoedit /etc/apt/sources.list

...
deb http://ftp.it.debian.org/debian/ squeeze main contrib non-free
...

Installarli

sudo apt-get update
sudo apt-get install unzip arj lzop bzip2 p7zip-full p7zip-rar rpm2cpio cabextract lhasa zip unzip arc liblz4-tool unace-nonfree lrzip xzdec

Installare unrar completo NON unrar-free

sudo apt-get remove --purge unrar-free ; sudo apt-get install unrar

In caso si lamenti per unrar, aggiungere non-free alle righe di /etc/apt/sources.list (e lanciare apt-get update, affinchè vengano accettate le modifiche alle righe di /etc/apt/sources.list).

Dichiarare unrar nella configurazione di amavis:

sudoedit /etc/amavis/conf.d/01-debian

$unrar      = ['rar', 'unrar']; #disabled (non-free, no security support)
#$unrar      = ['unrar-free'];

$lha    = 'lha'; #disabled (non-free, no security support)
#$lha   = undef;

Installazione Antivirus

Configurazione Amavis

Impostare i propri domini LOCALI (*Building a mail server on Debian 6.0 - 6.3. Amavisd-new):

sudoedit /etc/amavis/conf.d/05-domain_id

 @local_domains_acl = ( ".$mydomain", "domain2.com", "domain3.org" );

Abilitare la scansione antivirus:

sudo sed -i 's|^#@bypass_virus_checks_maps = (|@bypass_virus_checks_maps = (|;s|^#   \\%bypass_virus_checks,|   \\%bypass_virus_checks,|' /etc/amavis/conf.d/15-content_filter_mode

O a mano:

sudoedit /etc/amavis/conf.d/15-content_filter_mode

...
@bypass_virus_checks_maps = (
   \%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re);
...

Per evitare l'errore

warning: Illegal address syntax from localhost[127.0.0.1] in MAIL command: <postmaster@${myhostname}>

Inserire le stringhe in

sudoedit /etc/amavis/conf.d/50-user

$mailfrom_notify_admin = "postmaster\@example.com";
$mailfrom_notify_recip = "postmaster\@example.com";
$mailfrom_notify_spamadmin = "postmaster\@example.com";

Abilitare il rifiuto di ogni eseguibile anche internamente agli archivi zippati:

sudoedit /etc/amavis/conf.d/20-debian_defaults

#...

$banned_filename_re = new_RE(
# qr'^UNDECIPHERABLE$',  # is or contains any undecipherable components

  # block certain double extensions anywhere in the base name
  qr'\.[^./]*\.(exe|vbs|pif|scr|bat|cmd|com|cpl|dll)\.?$'i,

  qr'\{[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12}\}?$'i, # Windows Class ID CLSID, strict

  qr'^application/x-msdownload$'i,                  # block these MIME types
  qr'^application/x-msdos-program$'i,
  qr'^application/hta$'i,

# qr'^application/x-msmetafile$'i,	# Windows Metafile MIME type
# qr'^\.wmf$',				# Windows Metafile file(1) type

# qr'^message/partial$'i, qr'^message/external-body$'i, # rfc2046 MIME types

# [ qr'^\.(Z|gz|bz2)$'           => 0 ],  # allow any in Unix-compressed
# [ qr'^\.(rpm|cpio|tar)$'       => 0 ],  # allow any in Unix-type archives
# [ qr'^\.(zip|rar|arc|arj|zoo)$'=> 0 ],  # allow any within such archives
# [ qr'^application/x-zip-compressed$'i => 0],  # allow any within such archives

  qr'.\.(exe|vbs|pif|scr|bat|cmd|com|cpl)$'i, # banned extension - basic
 qr'.\.(ade|adp|app|bas|bat|chm|cmd|com|cpl|crt|emf|exe|fxp|grp|hlp|hta|
        inf|ins|isp|js|jse|lnk|mda|mdb|mde|mdw|mdt|mdz|msc|msi|msp|mst|
        ops|pcd|pif|prg|reg|scr|sct|shb|shs|vb|vbe|vbs|
        wmf|wsc|wsf|wsh)$'ix,  # banned ext - long

 qr'.\.(mim|b64|bhx|hqx|xxe|uu|uue)$'i,  # banned extension - WinZip vulnerab.
 qr'.\.(ace)$'i,  # ace archives are not exapndable, forbid them
 qr'.\.(jar)$'i,  # jar archives forbidden

  qr'^\.(exe-ms)$',                       # banned file(1) types
 qr'^\.(exe|lha|tnef|cab|dll)$',         # banned file(1) types
 qr'.\.(ace)$'i, # ban winace archives, because they cannot be uncompressed

);
#...

Abilitare la scansione del body della mail per identificare i link malware con safebrowsing, decommentando la riga con MAIL:

sudoedit /etc/amavis/conf.d/20-debian_defaults

@keep_decoded_original_maps = (new_RE(
 qr'^MAIL$',   # retain full original message for virus checking (can be slow)

Restartare amavis:

sudo invoke-rc.d amavis stop ; sudo invoke-rc.d amavis start

Verificare che trovi tutti i decoder:

sudo less /var/log/mail.log

Dec 10 11:54:43 mailserver amavis[8413]: starting. /usr/sbin/amavisd-new at mailserver.
metrica.priv amavisd-new-2.7.1 (20120429), Unicode aware, LANG="en_US.UTF-8"
Dec 10 11:54:43 mailserver amavis[8418]: Net::Server: Group Not Defined.  Defaulting to
 EGID '106 106'
Dec 10 11:54:43 mailserver amavis[8418]: Net::Server: User Not Defined.  Defaulting to 
EUID '104'
Dec 10 11:54:43 mailserver amavis[8418]: Module Amavis::Conf        2.303
Dec 10 11:54:43 mailserver amavis[8418]: Module Archive::Zip        1.30
Dec 10 11:54:43 mailserver amavis[8418]: Module BerkeleyDB          0.51
Dec 10 11:54:43 mailserver amavis[8418]: Module Compress::Zlib      2.033
Dec 10 11:54:43 mailserver amavis[8418]: Module Convert::TNEF       0.17
Dec 10 11:54:43 mailserver amavis[8418]: Module Convert::UUlib      1.4
Dec 10 11:54:43 mailserver amavis[8418]: Module Crypt::OpenSSL::RSA 0.28
Dec 10 11:54:43 mailserver amavis[8418]: Module Digest::MD5         2.51
Dec 10 11:54:43 mailserver amavis[8418]: Module Digest::SHA         5.61
Dec 10 11:54:43 mailserver amavis[8418]: Module File::Temp          0.22
Dec 10 11:54:43 mailserver amavis[8418]: Module IO::Socket::INET6   2.69
Dec 10 11:54:43 mailserver amavis[8418]: Module MIME::Entity        5.503
Dec 10 11:54:43 mailserver amavis[8418]: Module MIME::Parser        5.503
Dec 10 11:54:43 mailserver amavis[8418]: Module MIME::Tools         5.503
Dec 10 11:54:43 mailserver amavis[8418]: Module Mail::DKIM::Signer  0.39
Dec 10 11:54:43 mailserver amavis[8418]: Module Mail::DKIM::Verifier 0.39
Dec 10 11:54:43 mailserver amavis[8418]: Module Mail::Header        2.09
Dec 10 11:54:43 mailserver amavis[8418]: Module Mail::Internet      2.09
Dec 10 11:54:43 mailserver amavis[8418]: Module Net::DNS            0.66
Dec 10 11:54:43 mailserver amavis[8418]: Module Net::Server         2.006
Dec 10 11:54:43 mailserver amavis[8418]: Module Socket6             0.23
Dec 10 11:54:43 mailserver amavis[8418]: Module Time::HiRes         1.972101
Dec 10 11:54:43 mailserver amavis[8418]: Module Unix::Syslog        1.1
Dec 10 11:54:43 mailserver amavis[8418]: Amavis::DB code      loaded
Dec 10 11:54:43 mailserver amavis[8418]: SQL base code        NOT loaded
Dec 10 11:54:43 mailserver amavis[8418]: SQL::Log code        NOT loaded
Dec 10 11:54:43 mailserver amavis[8418]: SQL::Quarantine      NOT loaded
Dec 10 11:54:43 mailserver amavis[8418]: Lookup::SQL code     NOT loaded
Dec 10 11:54:43 mailserver amavis[8418]: Lookup::LDAP code    NOT loaded
Dec 10 11:54:43 mailserver amavis[8418]: AM.PDP-in proto code loaded
Dec 10 11:54:43 mailserver amavis[8418]: SMTP-in proto code   loaded
Dec 10 11:54:43 mailserver amavis[8418]: Courier proto code   NOT loaded
Dec 10 11:54:43 mailserver amavis[8418]: SMTP-out proto code  loaded
Dec 10 11:54:43 mailserver amavis[8418]: Pipe-out proto code  NOT loaded
Dec 10 11:54:43 mailserver amavis[8418]: BSMTP-out proto code NOT loaded
Dec 10 11:54:43 mailserver amavis[8418]: Local-out proto code loaded
Dec 10 11:54:43 mailserver amavis[8418]: OS_Fingerprint code  NOT loaded
Dec 10 11:54:43 mailserver amavis[8418]: ANTI-VIRUS code      loaded
Dec 10 11:54:43 mailserver amavis[8418]: ANTI-SPAM code       NOT loaded
Dec 10 11:54:43 mailserver amavis[8418]: ANTI-SPAM-EXT code   NOT loaded
Dec 10 11:54:43 mailserver amavis[8418]: ANTI-SPAM-C code     NOT loaded
Dec 10 11:54:43 mailserver amavis[8418]: ANTI-SPAM-SA code    NOT loaded
Dec 10 11:54:43 mailserver amavis[8418]: Unpackers code       loaded
Dec 10 11:54:43 mailserver amavis[8418]: DKIM code            loaded
Dec 10 11:54:43 mailserver amavis[8418]: Tools code           NOT loaded
Dec 10 11:54:43 mailserver amavis[8418]: Found $file            at /usr/bin/file
Dec 10 11:54:43 mailserver amavis[8418]: Found $altermime       at /usr/bin/altermime
Dec 10 11:54:43 mailserver amavis[8418]: Internal decoder for .mail
Dec 10 11:54:43 mailserver amavis[8418]: No decoder for       .F   
Dec 10 11:54:43 mailserver amavis[8418]: Found decoder for    .Z    at /bin/uncompress
Dec 10 11:54:43 mailserver amavis[8418]: Internal decoder for .gz  
Dec 10 11:54:43 mailserver amavis[8418]: Found decoder for    .bz2  at /bin/bzip2 -d
Dec 10 11:54:43 mailserver amavis[8418]: Found decoder for    .xz   at /usr/bin/xz -dc
Dec 10 11:54:43 mailserver amavis[8418]: Found decoder for    .lzma at /usr/bin/xz -dc --format=lzma
Dec 10 11:54:43 mailserver amavis[8418]: Found decoder for    .lzo  at /usr/bin/lzop -d
Dec 10 11:54:43 mailserver amavis[8418]: Found decoder for    .rpm  at /usr/bin/rpm2cpio
Dec 10 11:54:43 mailserver amavis[8418]: Found decoder for    .cpio at /bin/pax
Dec 10 11:54:43 mailserver amavis[8418]: Found decoder for    .tar  at /bin/pax
Dec 10 11:54:43 mailserver amavis[8418]: Found decoder for    .deb  at /usr/bin/ar
Dec 10 11:54:43 mailserver amavis[8418]: Internal decoder for .zip 
Dec 10 11:54:43 mailserver amavis[8418]: Internal decoder for .kmz 
Dec 10 11:54:43 mailserver amavis[8418]: Found decoder for    .7z   at /usr/bin/7za
Dec 10 11:54:43 mailserver amavis[8418]: Found decoder for    .rar  at /usr/bin/unrar
Dec 10 11:54:43 mailserver amavis[8418]: Found decoder for    .arj  at /usr/bin/ar
Dec 10 11:54:43 mailserver amavis[8418]: Found decoder for    .arc  at /usr/bin/arc
Dec 10 11:54:43 mailserver amavis[8418]: Found decoder for    .zoo  at /usr/bin/zoo
Dec 10 11:54:43 mailserver amavis[8418]: Found decoder for    .doc  at /usr/bin/ripole
Dec 10 11:54:43 mailserver amavis[8418]: Found decoder for    .cab  at /usr/bin/cabextract
Dec 10 11:54:43 mailserver amavis[8418]: No decoder for       .tnef
Dec 10 11:54:43 mailserver amavis[8418]: Internal decoder for .tnef
Dec 10 11:54:43 mailserver amavis[8418]: Found decoder for    .exe  at /usr/bin/unrar; /usr/bin/arj
Dec 10 11:54:43 mailserver amavis[8418]: Using primary internal av scanner code for ClamAV-clamd
Dec 10 11:54:43 mailserver amavis[8418]: Found secondary av scanner ClamAV-clamscan at /usr/bin/clamscan
Dec 10 11:54:43 mailserver amavis[8418]: Deleting db files __db.002,__db.004,snmp.db,__db.001,__db.003,nanny.db in /var/lib/amavis/db
Dec 10 11:54:43 mailserver amavis[8418]: Creating db in /var/lib/amavis/db/; BerkeleyDB 0.51, libdb 5.1

Verificare che Amavis ascolti sulla porta 10024:

netstat -an | grep 10024

il cui risultato dovrà essere qualcosa di simile:

tcp        0      0 127.0.0.1:10024         0.0.0.0:*               LISTEN

e

ps wax | grep amavis

il cui risultato dovrà essere qualcosa di simile:

10491 ?        S      0:00 amavisd (master)
10492 ?        S      0:00 amavisd (virgin child)
10493 ?        S      0:00 amavisd (virgin child)
10497 pts/0    S      0:00 grep amavis

Se si vuol far funzionare clamav-daemon occorre aggiungere l'utente clamav al gruppo amavis:

sudo adduser clamav amavis
sudo adduser  amavis clamav

Configurazione Postfix

sudo postconf -e content_filter=amavis:[127.0.0.1]:10024

Mettere queste cose alla fine di master.cf:

cat | sudo tee -a /etc/postfix/master.cf > /dev/null <<EOFile
amavis unix - - n - 2 smtp
	-o smtp_data_done_timeout=1200
	-o disable_dns_lookups=yes

127.0.0.1:10025 inet n - n - - smtpd
	-o content_filter=
	-o local_recipient_maps=
	-o relay_recipient_maps=
	-o smtpd_restriction_classes=
	-o smtpd_client_restrictions=
	-o smtpd_helo_restrictions=
	-o smtpd_sender_restrictions=
	-o smtpd_recipient_restrictions=permit_mynetworks,reject
	-o mynetworks=127.0.0.0/8
	-o strict_rfc821_envelopes=yes
EOFile

ed il cui risultato sarà (MODIFICARE LE INDENTAZIONI A MANO):

sudoedit /etc/postfix/master.cf

amavis unix - - n - 2 smtp
	-o smtp_data_done_timeout=1200
	-o disable_dns_lookups=yes

127.0.0.1:10025 inet n - n - - smtpd
	-o content_filter=
	-o local_recipient_maps=
	-o relay_recipient_maps=
	-o smtpd_restriction_classes=
	-o smtpd_client_restrictions=
	-o smtpd_helo_restrictions=
	-o smtpd_sender_restrictions=
	-o smtpd_recipient_restrictions=permit_mynetworks,reject
	-o mynetworks=127.0.0.0/8
	-o strict_rfc821_envelopes=yes

Restartare Postfix e Clamav e Clamav-daemon:

sudo /etc/init.d/postfix stop; sudo /etc/init.d/postfix start
sudo /etc/init.d/amavis stop ; sudo /etc/init.d/amavis start
sudo /etc/init.d/clamav-daemon stop; sudo /etc/init.d/clamav-daemon start

Test

Testare un virus con

cd /tmp
wget http://www.eicar.org/download/eicarcom2.zip
swaks -f nome.cognome@domain.dom -s smtpserver -t recipient@otherdomain.dom -au nome.cognome --attach eicarcom2.zip

sudo tail -f /var/log/syslog

Testare un link malare con:

echo "http://malware.testing.google.test/testing/malware/" | swaks -f nome.cognome@domain.dom -s smtpserver -t recipient@otherdomain.dom -au nome.cognome --body -

Testare come indicato in Signature Testing - Sanesecurity ClamAV: Phishing, Spam & Malware Signatures

Installazione Amavisd-new in Debian: Difference between revisions

Latest revision as of 13:47, 11 December 2019

Contents

Installazione Amavisd

Installazione decompressori

Installazione Antivirus

Configurazione Amavis

Configurazione Postfix

Test

Riferimenti

Navigation menu

Installazione Amavisd-new in Debian: Difference between revisions

Latest revision as of 13:47, 11 December 2019

Installazione Amavisd

Installazione decompressori

Installazione Antivirus

Configurazione Amavis

Configurazione Postfix

Test

Riferimenti

Navigation menu

Search