【邮件服务器配置教程系列二】在 CentOS7上为 Postfix 邮件服务器配置反病毒软件 ClamAV

上一篇文章我们介绍了用 yum 安装 Postfix+Dovecot+Cyrus-sasl基本的配置,实现安全的邮件服务器。
在我们接收到各种邮件的时候,反垃圾(AS)和反病毒(AV)是十分重要的安全选项。
本文将在上文的基础上介绍配置反病毒软件 Clamav 的方案。我们后续将陆续发布整个邮件服务器系列教程。
如果阿里云云栖社区审批通过的话,这些文章也会同步发表到云栖社区

1. 安装和启动

以下是我的系统里安装的软件包:

Package clamav-update-0.99.3-4.el7.x86_64 already installed and latest version
Package clamav-data-0.99.3-4.el7.noarch already installed and latest version
Package clamav-lib-0.99.3-4.el7.x86_64 already installed and latest version
Package clamav-milter-systemd-0.99.3-4.el7.noarch already installed and latest version
Package clamav-0.99.3-4.el7.x86_64 already installed and latest version
Package clamav-scanner-0.99.3-4.el7.noarch already installed and latest version
Package clamav-scanner-systemd-0.99.3-4.el7.noarch already installed and latest version
Package clamav-server-0.99.3-4.el7.x86_64 already installed and latest version
Package clamav-server-systemd-0.99.3-4.el7.noarch already installed and latest version
Package clamav-filesystem-0.99.3-4.el7.noarch already installed and latest version
Package clamav-milter-0.99.3-4.el7.x86_64 already installed and latest version
启动:
# systemctl enable clamd@scan clamav-milter
# systemctl start clamd@scan clamav-milter
# systemctl status clamd@scan clamav-milter -l

2. 配置 /etc/mail/clamav-milter.conf, /etc/postfix/main.cf, /etc/clamd.d/scan.conf
#  clamconf -c /etc/mail

Config file: clamav-milter.conf
——————————-
LogFile = “/var/log/clamav-milter.log”
LogFileUnlock = “yes”
LogFileMaxSize = “20971520”
LogTime = “yes”
LogSyslog = “yes”
LogFacility = “LOG_MAIL”
LogVerbose = “yes”
LogRotate = “yes”
PidFile = “/run/clamav-milter/clamav-milter.pid”
TemporaryDirectory = “/var/tmp”
FixStaleSocket = “yes”
MaxThreads = “10”
ReadTimeout = “300”
Foreground disabled
User disabled
AllowSupplementaryGroups = “yes”
MaxFileSize = “10485760”
ClamdSocket = “unix:/var/run/clamd.scan/clamd.sock”
MilterSocket = “unix:/var/run/clamav-milter/clamav-milter.socket”
MilterSocketGroup = “clamilt”
MilterSocketMode = “666”
LocalNet disabled
OnClean = “Accept”
OnInfected = “Quarantine”
OnFail = “Defer”
RejectMsg disabled
AddHeader = “Replace”
ReportHostname disabled
VirusAction disabled
Chroot disabled
Whitelist disabled
SkipAuthenticated disabled
LogInfected = “Basic”
LogClean = “Basic”
SupportMultipleRecipients = “yes”

编辑 /etc/postfix/main.cf
添加如下行, 或者把后面 unix部分 添加到已经存在的 smtpd_milters 行。
smtpd_milters =   unix:/var/run/clamav-milter/clamav-milter.socket

检查 scan.conf 文件配置:
# grep -v ^# /etc/clamd.d/scan.conf|grep -v ^$
LogFile /var/log/clamscan/clamd.scan
LogFileUnlock yes
LogFileMaxSize 20M
LogClean yes
LogSyslog yes
LogFacility LOG_MAIL
LogVerbose yes
LogRotate yes
PidFile /var/run/clamd.scan/clamd.pid
TemporaryDirectory /var/tmp
DatabaseDirectory /var/lib/clamav
OfficialDatabaseOnly no
LocalSocket /var/run/clamd.scan/clamd.sock
LocalSocketMode 660
FixStaleSocket yes
MaxThreads 20
ReadTimeout 300
CommandReadTimeout 5
SendBufTimeout 200
MaxQueue 200
IdleTimeout 60
ExcludePath ^/proc/
ExcludePath ^/sys/
MaxDirectoryRecursion 20
User clamscan
AllowSupplementaryGroups yes
Debug yes
只要理解以上几个 socket 之间的关系,在文件权限上正确设定好,这个 AV 系统就基本大功告成了。正确设定好之后,可以把 debug 关掉。

3. 升级病毒库
# freshclam
以上是手工升级, 实际上, clamav 已经把 crontab 强制写入 cron.daily 。 查看软件包的文件列表,就可以知道需要修改那些文件(如果有需要)。

# rpm -ql clamav-update
/etc/cron.d/clamav-update
/etc/freshclam.conf
/etc/logrotate.d/clamav-update
/etc/sysconfig/freshclam
/usr/bin/freshclam
/usr/share/clamav/freshclam-sleep
/usr/share/man/man1/freshclam.1.gz
/usr/share/man/man5/freshclam.conf.5.gz
/var/lib/clamav/bytecode.cld
/var/lib/clamav/daily.cld
/var/lib/clamav/main.cld
/var/lib/clamav/mirrors.dat
/var/log/freshclam.log

4. 测试
Mac 上最好的邮件客户端还是 ThunderBird,查看邮件头,十分方便, 按Cmd-U 即可。
在收到的邮件头,我们可以看到下面的内容:

X-Virus-Scanned: clamav-milter 0.99.3 at mailhostname
X-Virus-Status: Clean

在 /var/log/maillog ,我们可以看到:
Feb 22 14:31:49 mailhostname clamav-milter[1208]: Clean message from <somebody@test.cn> to <<albertxu@freelamp.com>>

本文没有介绍对文件系统的杀毒(非 Email),理论上 ClamAV 已经包含了这部分的功能, 譬如你可以直接在自己的 $HOME 下运行 clamscan,Clam 会扫描里面的文件,并报告扫描结果。这部分不在本文介绍范畴,以后另开文章阐述。

作者: 甬洁网络

--移动互联网&物联网技术提供商