Linuxdoc Linux Questions
Click here to ask our community of linux experts!
Custom Search

11. The software needed against viruses and SPAM

This chapter describes how to install and handle the software against viruses and SPAM

11.1. Getting and installing ClamAV

11.1.2. Building and installing

# Adding a group for the clamav user
groupadd clamav

# Adding the clamav user to your system
useradd -g clamav -c "clamav user" clamav

cd /usr/local

tar -xvzf clamav-0.68.tar.gz
cd clamav-0.68

./configure

make && make install

11.1.3. Testing and configuring

To test the funtionality of clamav, you can run clamscan to get some results from the testpatterns that are included in the clamav distribution run clamscan -r -i /usr/local/clamav-0.68

The output should look like this:

/usr/local/clamav-0.68/test/test1: ClamAV-Test-Signature FOUND
/usr/local/clamav-0.68/test/test1.bz2: ClamAV-Test-Signature FOUND
/usr/local/clamav-0.68/test/test2.zip: ClamAV-Test-Signature FOUND
/usr/local/clamav-0.68/test/test2.badext: ClamAV-Test-Signature FOUND
/usr/local/clamav-0.68/contrib/clamdwatch/clamdwatch.tar.gz: Eicar-Test-Signature FOUND

----------- SCAN SUMMARY -----------
Known viruses: 20482
Scanned directories: 47
Scanned files: 406
Infected files: 5
Data scanned: 5.48 MB
I/O buffer size: 131072 bytes
Time: 2.706 sec (0 m 2 s)

Next step is to setup the automated update of the virus database. This is a important step, because the speed of virus spreading is fast and would pick up even further.

Create the needed logfiles

touch /var/log/clam-update.log
chmod 600 /var/log/clam-update.log
chown clamav /var/log/clam-update.log

I suggest to update the signatures with a hourly cronjob. To edit the crontab issue crontab -e and add the following line, and replace the »x« with a random value between 1 and 59. This is some kind of time based loadbalancing to ensure more people can fetch the updated.

#x * * * *       /usr/local/bin/freshclam --quiet -l /var/log/clam-update.log

To test if the update process is working, please issue the command /usr/local/bin/freshclam -l /var/log/clam-update.log and have a look at the output.

The output should look similar to this:

ClamAV update process started at Tue Mar 23 19:58:11 2004
Reading CVD header (main.cvd): OK
Downloading main.cvd [*]
main.cvd updated (version: 21, sigs: 20094, f-level: 1, builder: tkojm)
Reading CVD header (daily.cvd): OK
Downloading daily.cvd [*]
daily.cvd updated (version: 210, sigs: 596, f-level: 1, builder: acab)
Database updated (20690 signatures) from database.clamav.net (64.74.124.90).

11.2. Razor

Razor is one of the prerequisites of spamassassin.

11.2.1. Download

Origin-Site: http://prdownloads.sourceforge.net/razor/razor-agents-sdk-2.03.tar.gz?download

Origin-Site: http://prdownloads.sourceforge.net/razor/razor-agents-2.40.tar.gz?download

cd /usr/local

tar -xvzf razor-agents-sdk-2.03.tar.gz
cd razor-agents-sdk-2.03

perl Makefile.PL
make && make install

cd /usr/local
tar -xvzf razor-agents-2.40.tar.gz
cd razor-agents-2.40/

perl Makefile.PL
make && make install

11.2.2. Registering and setting up

In order to use razor2 you need to register yourself as a user

Choose a unique username and password and issue razor-admin -register -user=some_user -pass=somepass

11.3. Getting and installing spamassassin

Spamassassin is the todays leading opensource project to fight against SPAM. To describe how spamassassin works would be too much for this document. For further information please consult http://eu.spamassassin.org/doc.html

11.3.2. Prerequisites

Spamassassin depends on a lot of prerequisites. The easiest way is using the CPAN repository. Issue the command perl -MCPAN -e shell and answer all questions as needed.

11.3.3. Building and installing

cd /usr/local

tar -xvzf Mail-SpamAssassin-2.63.tar.gz

cd Mail-SpamAssassin-2.63

perl Makefile.PL

# You get prompted to run Razor tests which you should answer with "y"
Run Razor v2 tests (these may fail due to network problems)? (y/n) [n] y 

make && make install

11.4. Getting and installing amavisd-new

Amavisd-new is the software that glues all the software described above together to postfix

11.4.2. Prerequisites

Amavisd-new needs a lot of prerequisites.

Run perl -MCPAN -e shell and issue:

install ExtUtils::MakeMaker
install HTML::Parser
install DB_File
install Digest::SHA1
install Archive::Tar
install Archive::Zip
install Compress::Zlib
install Convert::TNEF
install Convert::UUlib
install MIME::Base64
install MIME::Parser
install Mail::Internet
install Mail::SPF::Query
install Net::Server
install Net::SMTP
install Net::DNS
install Digest::MD5
install IO::Stringy
install Time::HiRes
install Unix::Syslog

At the end run ./amavisd and have a look at overseen prerequisites.

Edit /etc/amavisd.conf and change the variables $daemon_user to »amavis« and $daemon_group to »amavis«. Another variable to change is $mydomain to match your domain.

Please also consider to change the default settings for virus and spam mails to avoid being notified about every intercepted mail

$final_virus_destiny      = D_DISCARD;  # (defaults to D_BOUNCE)
$final_spam_destiny       = D_DISCARD;  # (defaults to D_REJECT)

In the beginning of SPAM filtering I recommend to set the kill-value to something higher until you tweaked the filters. Change the variable $sa_kill_level_deflt to 8 or even higher.

11.4.3. Building and installing

cd /usr/local

tar -xvzf amavisd-new-20030616-p8.tar.gz

cd amavisd-new-20030616
cp amavisd /usr/local/sbin
cp amavisd.conf /etc
chown root /etc/amavisd.conf
chmod 644  /etc/amavisd.conf

Now it is the the time to define a group and a user for amavisd-new

groupadd amavis
useradd -g amavis -c "Amavisd-new user" amavis

Next you have to define a directory for the quarantined mail:

mkdir /var/virusmails
chown amavis:amavis /var/virusmails
chmod 750 /var/virusmails
mkdir /var/amavis
chown amavis:amavis /var/amavis
chmod 750 /var/amavis

The original init script in the amavisd-new distribution does only work work with Redhat. Other distributions need to install my quick and dirty init-script:

#!/bin/bash
#
# Amavisd-new startup script

case "$1" in
    start)
        # Starting amavisd
        /usr/local/sbin/amavisd
        ;;

    stop)

        # follows later

        ;;

    *)
        echo "Usage: $0 {start|stop}"
        exit 1
        ;;

esac

11.5. Setting up postfix

Postfix needs to be configured to send each mail to amavis-new in order to get sanitized.

You need to add the following line to /etc/postfix/main.cf

content_filter = smtp-amavis:127.0.0.1:10024

The /etc/postfix/master.cf needs also some adjustments to return the results from amavisd-new to the mailingsystem.

Please add the following lines to your configuration:

smtp-amavis unix - - y - 2 smtp -o smtp_data_done_timeout=1200

127.0.0.1:10025 inet n  -       n       -       -  smtpd
    -o content_filter=
    -o local_recipient_maps=
    -o relay_recipient_maps=
    -o smtpd_restriction_classes=
    -o smtpd_client_restrictions=
    -o smtpd_helo_restrictions=
    -o smtpd_sender_restrictions=
    -o smtpd_recipient_restrictions=permit_mynetworks,reject
    -o mynetworks=127.0.0.0/8
    -o strict_rfc821_envelopes=yes
    -o smtpd_error_sleep_time=0
    -o smtpd_soft_error_limit=1001
    -o smtpd_hard_error_limit=1000