Sunday, October 5, 2014

smtp virus filter, clamav on mail server postfix

1- Install mail server follow the following link
http://theamdara.blogspot.com/2014/09/how-to-configure-email-with-virtual.html

2- Install clamav clamsmtp clamav-testfiles

root@mailserver# apt-get install clamav  clamav-daemon clamav-freshclam clamsmtp clamav-testfiles

3- update clamav signature database and test scanning
root@mailserver# freshclam
root@mailserver# clamscan /usr/share/clamav-testfiles/clam.exe
/usr/share/clamav-testfiles/clam.exe: ClamAV-Test-File FOUND

----------- SCAN SUMMARY -----------
Known viruses: 3599280
Engine version: 0.97.8
Scanned directories: 0
Scanned files: 1
Infected files: 1
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 7.781 sec (0 m 7 s)


4- configure postfix /etc/postfix/main.cf by add the following line to it

content_filter = scan:127.0.0.1:10026
receive_override_options = no_address_mappings


5- edit /etc/postfix/master.cf by add the following line to it
# AV scan filter (used by content_filter)
scan      unix  -       -       n       -       16      smtp
        -o smtp_send_xforward_command=yes
# For injecting mail back into postfix from the filter
127.0.0.1:10025 inet  n -       n       -       16      smtpd
        -o content_filter=
        -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
        -o smtpd_helo_restrictions=
        -o smtpd_client_restrictions=
        -o smtpd_sender_restrictions=
        -o smtpd_recipient_restrictions=permit_mynetworks,reject
        -o mynetworks_style=host
        -o smtpd_authorized_xforward_hosts=127.0.0.0/8


6- add user to clamav group and restart service

root@mailserver# adduser clamsmtp clamav
root@mailserver#  service clamav-daemon restart
root@mailserver# service clamsmtp restart
root@mailserver# service postfix restart


7- testing the smtp virus filter, that we just setup
user clamav-testfiles: /usr/share/clamav-testfiles/clam.exe
attach it and send to other user and check log

root@mailserver# tail -f /var/log/syslog
Oct  5 05:47:39 debian postfix/smtpd[5269]: warning: dict_nis_init: NIS domain name not set - NIS lookups disabled
Oct  5 05:47:39 debian postfix/smtpd[5269]: connect from unknown[192.168.202.6]
Oct  5 05:47:39 debian postfix/smtpd[5269]: E097D140A6D: client=unknown[192.168.202.6]
Oct  5 05:47:39 debian postfix/cleanup[5278]: E097D140A6D: message-id=<54314BFB.6050509@test.xxx>
Oct  5 05:47:39 debian postfix/qmgr[5012]: E097D140A6D: from=<email1@test.xxx>, size=1879, nrcpt=1 (queue active)
Oct  5 05:47:39 debian postfix/smtpd[5269]: disconnect from unknown[192.168.202.6]
Oct  5 05:47:39 debian postfix/pipe[5279]: E097D140A6D: to=<email1@test.qq>, relay=spamassassin, delay=0.06, delays=0.01/0.01/0/0.05, dsn=2.0.0, status=sent (delivered via spamassassin service)
Oct  5 05:47:39 debian postfix/qmgr[5012]: E097D140A6D: removed
Oct  5 05:47:39 debian postfix/pickup[5011]: EECEC140AAC: uid=1001 from=<email1@test.xxx>
Oct  5 05:47:39 debian postfix/cleanup[5278]: EECEC140AAC: message-id=<54314BFB.6050509@test.xxx>
Oct  5 05:47:39 debian postfix/qmgr[5012]: EECEC140AAC: from=<email1@test.xxx>, size=2186, nrcpt=1 (queue active)
Oct  5 05:47:40 debian clamsmtpd: 100007: accepted connection from: 127.0.0.1
Oct  5 05:47:40 debian postfix/smtpd[5285]: warning: dict_nis_init: NIS domain name not set - NIS lookups disabled
Oct  5 05:47:40 debian postfix/smtpd[5285]: connect from localhost[127.0.0.1]
Oct  5 05:47:40 debian postfix/smtpd[5285]: 0DA7F140A6D: client=localhost[127.0.0.1]
Oct  5 05:47:40 debian postfix/smtp[5283]: EECEC140AAC: to=<email1@test.qq>, relay=127.0.0.1[127.0.0.1]:10026, delay=0.18, delays=0.01/0.01/0.06/0.1, dsn=2.0.0, status=sent (250 Virus Detected; Discarded Email)
Oct  5 05:47:40 debian postfix/qmgr[5012]: EECEC140AAC: removed
Oct  5 05:47:40 debian clamsmtpd: 100007: from=email1@test.xxx, to=email1@test.qq, status=VIRUS:ClamAV-Test-File

Oct  5 05:47:40 debian postfix/smtpd[5285]: disconnect from localhost[127.0.0.1]







No comments:

Post a Comment