建设qmail服务器的病毒防护系统

本文介绍如何给公司的邮件服务器加个病毒扫描，综合考虑了几种方案后，认为qmail-scanner+clamav(主要是因为免费)比较合适，这种方案的优点就是如果你的qmailqueue-patch在安装时就打好了，原系统基本不动。 所需软件（假定你有QMAIL系统，且能正常运行）

 
1、 maildrop-1.5.2.20030423.tar.gz 
2、perl-Time-HiRes-1.38-3.i386.rpm 
3、clamav-0.65.tar.gz 
4、qmail-scanner-1.20.tgz 

一 maildrop安装：

tar zxvf maildrop-1.5.2.20030423.tar.gz 
./configure [options] 
   make 
   make install-strip 
   make install-man 

二 安装 perl-Time-HiRes-1.38-3.i386.rpm
rpm -ivh perl-Time-HiRes-1.38-3.i386.rpm
三 安装clamav-0.65.tar.gz

grouadd clamav 
useradd –g clamav –s /bin/false clamav 
tar zxvf clamav-0.65.tar.gz 
cd clamav-0.65 
./configure 
make check 
make install 
更新病毒库，freshclam 
把freshclam加入crontab 定时更新病毒库， 
修改/usr/local/etc/clamav.conf 
Example前加# 或删掉 
执行clamscan 测试 
执行clamd  
然后执行clamdscan  

四 安装qmail-scanner-1.20.tgz

groupadd qscand 
useradd –g qscand –s /bin/false qscand 
tar zxvf  qmail-scanner-1.20.tgz 
cd qmail-scanner-1.20 
./configure --qmail-queue-binary /var /qmail/bin/qmail-queue 
 --admin postmaster \ 
--domain abc.com.cn --notify sender,admin --local-domains 
abc.com.cn --lang en_GB\ 
 --debug yes --unzip yes --scanners clamscan 
 
检查有无错误 
然后安装./configure --qmail-queue-binary 
/var /qmail/bin/qmail-queue  --admin postmaster \ 
--domain abc.com.cn --notify sender,admin 
--local-domains abc.com.cn --lang en_GB\ 
--debug yes --unzip yes --scanners clamscan --install 

看看是否在/var/qmail/bin/qmail-scanner-queue.pl是否存在 
chown qscand:qscand /var/qmail/bin/qmail-scanner-queue.pl 
chmod 4755 /var/qmail/bin/qmail-scanner-queue.pl 
然后用一个普通用户登陆，执行/var/qmail/bin/qmail-scanner-queue.pl -z 
如果没有Can't do setuid出现，恭喜你，
如果有回到安装文件目录，有个contrib目录， 
make  
make install 

附加步骤：chown qscand:qscand /var/qmail/bin/qmail-scanner-queue 
chmod 4755 /var/qmail/bin/qmail-scanner-queue 
chmod 0755 /var/qmail/bin/qmail-scanner-queue.pl 

然后用一个普通用户登陆，执行/var/qmail/bin/qmail-scanner-queue -z 
/var/qmail/bin/qmail-scanner-queue –g 
修改环境变量 
1 在你的qmail启动脚本加入 
QMAILQUEUE=/var/qmail/bin/qmail-scanner-queue.pl如果作了附加步骤用下面的 
QMAILQUEUE=/var/qmail/bin/qmail-scanner-queue 
export QMAILQUEUE
2还有一种方法：请参考FAQ.php 
Instead set it under the tcpserver smtp rules file (you're using Qmail - 
so you already know what that is - right? :-). That way you can even setup 
Qmail-Scanner to only scan mail from particular SMTP client IP address ranges/etc. 
This is now the only officially supported mechanism. Set it something like this: 
#/etc/tcpserver/smtp.rules 
# 
# No Qmail-Scanner at all for mail from 127.0.0.1 
127.:allow,RELAYCLIENT="",RBLSMTPD="",
QMAILQUEUE="/var/qmail/bin/qmail-queue" 
# Use Qmail-Scanner without SpamAssassin on any mail from the local network 
# [it triggers SpamAssassin via the presence of the RELAYCLIENT var] 
10.:allow,RELAYCLIENT="",RBLSMTPD="",
QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl" 
# 
# Use Qmail-Scanner with SpamAssassin on any mail from the rest of the world 
:allow,QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl" 
Then run "maketcprules" or something like "tcprules /etc/tcp.smtp.cdb
 /etc/tcp.smtp.tmp < /etc/tcp.smtp" to rebuild the database 

重起qmail 测试，这里有测试程序 
/youdir/software/qmail-scanner-1.20 test_installation.sh 

不知什么原因，我的clamscan 扫描不到病毒，经过测试，发现了原因，正确解决方法：  

修改qmail-scanner-queue.pl中的  
my $clamscan_options="-r --disable-summary 
  --max-recursion=10 --max-space=1000000";为  
my $clamscan_options="-r --mbox --disable-summary 
  --max-recursion=10 --max-space=1000000";  
就可以ＯＫ了 

主要的排错监测日志 
/var/spool/qmailscan/quarantine.log 
/var/spool/qmailscan/qmail-queue.log 
 /var/log/clamd.log 
/var/qmail/maillog