Als Virenscanner habe ich aktuell clamav über das clamsmtp-Paket angebunden… Das Einrichten geht recht schnell von der Hand und ist in der Anleitung zu dem Paket bestens beschrieben. Hier die Kurzform der Anbindung:
Die Datei /etc/clamsmtpd.conf sieht :
OutAddress: 10025
Listen: 127.0.0.1:10026
ClamAddress: /var/run/clamav/clamd.ctl
Header: X-AV-Checked: ClamAV using ClamSMTP on server.matrix
TempDirectory: /var/spool/clamsmtp
PidFile: /var/run/clamsmtp/clamsmtpd.pid
Quarantine: on
User: clamsmtp
VirusAction: /usr/local/bin/clamsmtpvirus.sh
Die Anbindung in Postfix wird über die Datei main.cf und master.cf im Verzeichnis /etc/postfix
main.cf:
content_filter = scan:127.0.0.1:10026
receive_override_options = no_address_mappings
master.cf:
# AV scan filter (used by content_filter)
scan unix – – n – 16 smtp
-o smtp_send_xforward_command=yes
# For injecting mail back into postfix from the filter
127.0.0.1:10025 inet n – n – 16 smtpd
-o content_filter=
-o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
-o smtpd_helo_restrictions=
-o smtpd_client_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks_style=host
-o smtpd_authorized_xforward_hosts=127.0.0.0/8
/usr/local/bin/clamsmtpvirus.sh:
#!/bin/bash
# !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
# WARNING WARNING WARNING WARNING WARNING WARNING WARNING
#
# By using variables passed in from clamsmtpd in FILE
# manipulation commands without escaping their contents
# you are opening yourself up to REMOTE COMPROMISE. You
# have been warned. Do NOT do the following unless you
# want to be screwed big time:
#
# mv $EMAIL "$SENDER.eml"
#
## An attacker can use the above command to compromise your
# computer. The only variable that is guaranteed safe in
# this regard is $EMAIL.
#
# The following script does not escape its variables
# because it only uses them in safe ways.
#
# !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
# A sample script for virus actions. When testing make sure
# everything can run as the clamav (or relevant) user.
FILE="/var/log/clamsmtpd.log"
DIR="/var/spool/clamsmtp"
exec 1>>$FILE
exec 2>>$FILE
# Add some fun log lines to the log FILE
echo "-------------------------------------------------------"
echo Sender $SENDER
echo Recipients $RECIPIENTS
echo Virus $VIRUS
echo "-------------------------------------------------------"
# Move the virus FILE to another DIRectory
# This only works if Quarantine is enabled
#
#if [ -n "$EMAIL" ]; then
# mv "$EMAIL" "$DIR"
#fi
#
MAILNAME="$(cat /etc/mailname)"
ADMIN="postmaster@server"
DATEI=$(echo "$DIR/$(ls -ltr $DIR )" | awk '{print $8}' | tail -n 1)
ZEILE=$(grep -n -v -e [0-9] -e [a-z] -e [A-Z] $DIR/$DATEI \
|awk -F: '{print $1}' |head -n1)
#
#Text fuer die Email
MAILTEXT="
Dies ist der Postfix Mailserver von $MAILNAME
Es tut mir leid Ihnen mitteilen zu muessen, dass Ihre Nachricht
gesendet von: $SENDER
gesendet an: $RECIPIENTS
nicht zugestellt werden konnte. Es wurde ein Virus gefunden!
*** VIRUS ***: $VIRUS
Detailierte Emailkopfzeile der Nachricht:
$(head -n $ZEILE $DIR/$DATEI)
postmaster@$MAILNAME
"
#
#Mail verschicken
### Mail an den Absender der Virusmail schicken
echo "$MAILTEXT" | mail -s "Ihre Nachricht an $RECIPIENTS,\
$(date)" $SENDER
### Mail an den eigentlichen Empfänger schicken
echo "$MAILTEXT" | mail -s "Virus Email von $SENDER empfangen,\
$(date)" $RECIPIENTS
### Mail an den Admin senden
echo "$MAILTEXT" | mail -s "Virus Email von $SENDER an $RECIPIENTS empfangen,\
$(date)" $ADMIN