Actionscript für clamsmtpd

Als Virenscanner habe ich aktuell clamav über das clamsmtp-Paket angebunden… Das Einrichten geht recht schnell von der Hand und ist in der Anleitung zu dem Paket bestens beschrieben. Hier die Kurzform der Anbindung:

Die Datei /etc/clamsmtpd.conf sieht :
OutAddress: 10025
Listen: 127.0.0.1:10026
ClamAddress: /var/run/clamav/clamd.ctl
Header: X-AV-Checked: ClamAV using ClamSMTP on server.matrix
TempDirectory: /var/spool/clamsmtp
PidFile: /var/run/clamsmtp/clamsmtpd.pid
Quarantine: on
User: clamsmtp
VirusAction: /usr/local/bin/clamsmtpvirus.sh

Die Anbindung in Postfix wird über die Datei main.cf und master.cf im Verzeichnis /etc/postfix

main.cf:

content_filter = scan:127.0.0.1:10026
receive_override_options = no_address_mappings

master.cf:

# AV scan filter (used by content_filter)
scan unix – – n – 16 smtp
-o smtp_send_xforward_command=yes
# For injecting mail back into postfix from the filter
127.0.0.1:10025 inet n – n – 16 smtpd
-o content_filter=
-o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
-o smtpd_helo_restrictions=
-o smtpd_client_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks_style=host
-o smtpd_authorized_xforward_hosts=127.0.0.0/8

/usr/local/bin/clamsmtpvirus.sh:

#!/bin/bash
# !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
#   WARNING WARNING WARNING WARNING WARNING WARNING WARNING
#
#  By using variables passed in from clamsmtpd in FILE
#  manipulation commands without escaping their contents
#  you are opening yourself up to REMOTE COMPROMISE. You
#  have been warned. Do NOT do the following unless you
#  want to be screwed big time:
#
#  mv $EMAIL "$SENDER.eml"
#
##  An attacker can use the above command to compromise your
#  computer. The only variable that is guaranteed safe in
#  this regard is $EMAIL.
#
#  The following script does not escape its variables
#  because it only uses them in safe ways.
#
# !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

# A sample script for virus actions. When testing make sure
# everything can run as the clamav (or relevant) user.

FILE="/var/log/clamsmtpd.log"
DIR="/var/spool/clamsmtp"

exec 1>>$FILE
exec 2>>$FILE

# Add some fun log lines to the log FILE

echo "-------------------------------------------------------"
echo Sender  $SENDER
echo Recipients  $RECIPIENTS
echo Virus  $VIRUS
echo "-------------------------------------------------------"

# Move the virus FILE to another DIRectory
# This only works if Quarantine is enabled
#
#if [ -n "$EMAIL" ]; then
#       mv "$EMAIL" "$DIR"
#fi

#
MAILNAME="$(cat /etc/mailname)"
ADMIN="postmaster@server"
DATEI=$(echo "$DIR/$(ls -ltr $DIR )" | awk '{print $8}' | tail -n 1)
ZEILE=$(grep -n -v -e [0-9] -e [a-z] -e [A-Z] $DIR/$DATEI \
|awk -F: '{print $1}' |head -n1)
#
#Text fuer die Email
MAILTEXT="
Dies ist der Postfix Mailserver von $MAILNAME

Es tut mir leid Ihnen mitteilen zu muessen, dass Ihre Nachricht
gesendet von: $SENDER
gesendet an: $RECIPIENTS
nicht zugestellt werden konnte. Es wurde ein Virus gefunden!

*** VIRUS ***: $VIRUS

Detailierte Emailkopfzeile der Nachricht:

$(head -n $ZEILE $DIR/$DATEI)

postmaster@$MAILNAME

"
#
#Mail verschicken
### Mail an den Absender der Virusmail schicken
echo "$MAILTEXT" | mail -s "Ihre Nachricht an $RECIPIENTS,\
$(date)" $SENDER
### Mail an den eigentlichen Empfänger schicken
echo "$MAILTEXT" | mail -s "Virus Email von $SENDER empfangen,\
$(date)" $RECIPIENTS
### Mail an den Admin senden
echo "$MAILTEXT" | mail -s "Virus Email von $SENDER an $RECIPIENTS empfangen,\
$(date)" $ADMIN

About the author