Installazione Amavisd-new in Debian: Difference between revisions

• Effettuare l'installazione:

sudo apt-get install amavisd-new

Assicurasi di di avere i repository contrib e non-free configurati (Servono per unrar):

sudoedit /etc/apt/sources.list

...
deb http://ftp.it.debian.org/debian/ squeeze main contrib non-free
...

Installarli

sudo apt-get update
sudo apt-get install zoo unzip arj lzop bzip2 7zip-full p7zip-rar unrar-free rpm2cpio cabextract ripole lhasa zip unzip arc

In caso si lamenti per unrar, aggiungere non-free alle righe di /etc/apt/sources.list (e lanciare apt-get update, affinchè vengano accettate le modifiche alle righe di /etc/apt/sources.list).

• Installazione Clamav in Debian
• Installazione e configurazione di AVG su Debian
• Installazione Mcafee

• Abilitare la scansione antivirus:

sudo sed -i 's|^#@bypass_virus_checks_maps = (|@bypass_virus_checks_maps = (|;s|^#   \\%bypass_virus_checks,|   \\%bypass_virus_checks,|' /etc/amavis/conf.d/15-content_filter_mode

O a mano:

sudoedit /etc/amavis/conf.d/15-content_filter_mode

...
@bypass_virus_checks_maps = (
   \%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re);
...

• Per evitare l'errore

warning: Illegal address syntax from localhost[127.0.0.1] in MAIL command: <postmaster@${myhostname}>

Inserire le stringhe in

sudoedit /etc/amavis/conf.d/50-user

$mailfrom_notify_admin = "postmaster\@$mydomain";
$mailfrom_notify_recip = "postmaster\@$mydomain";
$mailfrom_notify_spamadmin = "postmaster\@$mydomain";

• Abilitare il rifiuto di ogni eseguibile anche itenrnamente agli archivi zippati:

sudoedit /etc/amavis/conf.d/20-debian_defaults 

#...

$banned_filename_re = new_RE(
# qr'^UNDECIPHERABLE$',  # is or contains any undecipherable components

  # block certain double extensions anywhere in the base name
  qr'\.[^./]*\.(exe|vbs|pif|scr|bat|cmd|com|cpl|dll)\.?$'i,

  qr'\{[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12}\}?$'i, # Windows Class ID CLSID, strict

  qr'^application/x-msdownload$'i,                  # block these MIME types
  qr'^application/x-msdos-program$'i,
  qr'^application/hta$'i,

 qr'^application/x-msmetafile$'i,	# Windows Metafile MIME type
 qr'^\.wmf$',				# Windows Metafile file(1) type

# qr'^message/partial$'i, qr'^message/external-body$'i, # rfc2046 MIME types

# [ qr'^\.(Z|gz|bz2)$'           => 0 ],  # allow any in Unix-compressed
# [ qr'^\.(rpm|cpio|tar)$'       => 0 ],  # allow any in Unix-type archives
# [ qr'^\.(zip|rar|arc|arj|zoo)$'=> 0 ],  # allow any within such archives
# [ qr'^application/x-zip-compressed$'i => 0],  # allow any within such archives

  qr'.\.(exe|vbs|pif|scr|bat|cmd|com|cpl)$'i, # banned extension - basic
 qr'.\.(ade|adp|app|bas|bat|chm|cmd|com|cpl|crt|emf|exe|fxp|grp|hlp|hta|
        inf|ins|isp|js|jse|lnk|mda|mdb|mde|mdw|mdt|mdz|msc|msi|msp|mst|
        ops|pcd|pif|prg|reg|scr|sct|shb|shs|vb|vbe|vbs|
        wmf|wsc|wsf|wsh)$'ix,  # banned ext - long

 qr'.\.(mim|b64|bhx|hqx|xxe|uu|uue)$'i,  # banned extension - WinZip vulnerab.

  qr'^\.(exe-ms)$',                       # banned file(1) types
 qr'^\.(exe|lha|tnef|cab|dll)$',         # banned file(1) types
);
#...

Restartare amavis:

sudo invoke-rc.d amavis stop ; sudo invoke-rc.d amavis start

Verificare che Amavis ascolti sulla porta 10024:

netstat -an | grep 10024

il cui risultato dovrà essere qualcosa di simile:

tcp        0      0 127.0.0.1:10024         0.0.0.0:*               LISTEN

e

ps wax | grep amavis

il cui risultato dovrà essere qualcosa di simile:

10491 ?        S      0:00 amavisd (master)
10492 ?        S      0:00 amavisd (virgin child)
10493 ?        S      0:00 amavisd (virgin child)
10497 pts/0    S      0:00 grep amavis

Se si vuol far funzionare clamav-daemon occorre aggiungere l'utente clamav al gruppo amavis:

sudo adduser clamav amavis

sudo postconf -e content_filter=amavis:[127.0.0.1]:10024

• Mettere queste cose alla fine di master.cf:

cat | sudo tee -a /etc/postfix/master.cf > /dev/null <<EOFile
amavis unix - - n - 2 smtp
	-o smtp_data_done_timeout=1200
	-o disable_dns_lookups=yes

127.0.0.1:10025 inet n - n - - smtpd
	-o content_filter=
	-o local_recipient_maps=
	-o relay_recipient_maps=
	-o smtpd_restriction_classes=
	-o smtpd_client_restrictions=
	-o smtpd_helo_restrictions=
	-o smtpd_sender_restrictions=
	-o smtpd_recipient_restrictions=permit_mynetworks,reject
	-o mynetworks=127.0.0.0/8
	-o strict_rfc821_envelopes=yes
EOFile

ed il cui risultato sarà (MODIFICARE LE INDENTAZIONI A MANO):

sudoedit /etc/postfix/master.cf

amavis unix - - n - 2 smtp
	-o smtp_data_done_timeout=1200
	-o disable_dns_lookups=yes

127.0.0.1:10025 inet n - n - - smtpd
	-o content_filter=
	-o local_recipient_maps=
	-o relay_recipient_maps=
	-o smtpd_restriction_classes=
	-o smtpd_client_restrictions=
	-o smtpd_helo_restrictions=
	-o smtpd_sender_restrictions=
	-o smtpd_recipient_restrictions=permit_mynetworks,reject
	-o mynetworks=127.0.0.0/8
	-o strict_rfc821_envelopes=yes

• Restartare Postfix e Clamav e Clamav-daemon:

sudo /etc/init.d/postfix stop; sudo /etc/init.d/postfix start
sudo /etc/init.d/amavis stop ; sudo /etc/init.d/amavis start
sudo /etc/init.d/clamav-daemon stop; sudo /etc/init.d/clamav-daemon start

• Testarlo con

cd /tmp
wget http://www.eicar.org/download/eicarcom2.zip
swaks -f nome.cognome@domain.dom -s smtpserver -t recipient@otherdomain.dom -au nome.cognome --attach eicarcom2.zip

sudo tail -f /var/log/syslog