Integrating a virus scanner into a mail server
|
Setting up AMaViS
AMaViS is installable from repositories of all the major distributions so it's easy to set up with the package manager. To integrate the software with the MTA, open the /etc/postfix/main.cf file and add the following line:
content_filter=amavis:[127.0.0.1]:10024
This causes Postfix not to forward any mail (other than what arrives on port 10025) automatically but to send it to AMaViS for review. The /etc/amavisd.conf file also requires you to check or change some settings (Listing 3).
Listing 3
Changes in /etc/amavisd.conf
# cat /etc/amavisd.conf
$max_servers = 20; # num of pre-forked children (2..30 is common), -m
$daemon_user = 'vscan'; # (no default; customary: vscan or amavis), -u
$daemon_group = 'vscan'; # (no default; customary: vscan or amavis), -g
$mydomain = 'fhotz.local'; # a convenient default for other settings
@mynetworks = qw( 127.0.0.0/8 [::1] [FE80::]/10 [FEC0::]/10 192.168.0.0/16 );
$unix_socketname = "$MYHOME/amavisd.sock"; # amavisd-release or amavis-milter
# option(s) -p overrides $inet_socket_port and $unix_socketname
$inet_socket_port = 10024; # listen on this local TCP port(s)
For Postfix to work effectively with AMaViS and disallow submissions not only on ports 25 and 587 but also on port 20025, you can add Listing 4 to the /etc/postfix/master.cf file.
Listing 4
/etc/postfix/master.cf
# cat /etc/postfix/master.cf
amavis unix - - n - 20 smtp
-o smtpd_tls_security_level=may
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
-o disable_dns_lookups=yes
-o max_use=20
localhost:10025 inet n - n - - smtpd
-o content_filter=
-o smtpd_delay_reject=no
-o smtpd_client_restrictions=permit_mynetworks,reject
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_tls_security_level=may
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o smtpd_data_restrictions=reject_unauth_pipelining
-o smtpd_end_of_data_restrictions=
-o smtpd_restriction_classes=
-o mynetworks=127.0.0.0/8
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
-o smtpd_client_connection_count_limit=0
-o smtpd_client_connection_rate_limit=0
-o receive_override_options=no_unknown_recipient_checks,no_header_body_checks,\
no_address_mappings
-o local_header_rewrite_clients=
-o local_recipient_maps=
-o relay_recipient_maps=
Next, you must ensure that the daemon is ready to address queries on port 10024. After making the configuration changes, restart the daemon again with the service amavis restart or the systemctl restart amavis.service command.
Follow up with a test message to AMaViS using a simple telnet dialog (Listing 5). This test message should then land in the recipient's mailbox, as shown by the mail header (Listing 6).
Listing 5
Testing Your Configuration with Telnet
$ telnet localhost 10024 220 [::1] ESMTP amavisd-new service ready helo 250 [::1] mail from: <testuser> 250 2.1.0 Sender <testuser> OK rcpt to: fritz@fhotz.local 250 2.1.5 Recipient <fritz@fhotz.local> OK data 354 End data with <CR><LF>.<CR><LF> from:me to:you subject:Testmail with Amavis Hello. This is scanned by Amavis. 250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 42E7D42020C quit 221 2.0.0 [::1] amavisd-new closing transmission channel Connection closed by foreign host.
Listing 6
Email Header from Telnet Test
Return-Path: testuser@fhotz.local X-Original-To: fritz@fhotz.local Delivered-To: fritz@fhotz.local Received: from localhost (localhost [127.0.0.1]) by fhserver.fhotz.local (Postfix) with ESMTP id 42E7D42020C for <fritz@fhotz.local>; Mon, 20 Oct 2014 11:41:16 +0200 (CEST) X-Quarantine-ID: <CswUSUl0jnLO> X-Virus-Scanned: amavisd-new at fhotz.local X-Spam-Flag: NO X-Spam-Score: 2.781 Received: from unknown ([IPv6:::1]) by localhost (fhserver.fhotz.local [IPv6:::1]) (amavisd-new, port 10024) with SMTP id CswUSUl0jnLO for <fritz@fhotz.local>; Mon, 20 Oct 2014 11:40:06 +0200 (CEST) from:me to:you subject:Testmail with Amavis
From this point on, AMaViS checks all messages using ClamAV and sorts out any questionable ones. You can test the functionality by sending the previously mentioned EICAR test file to yourself, which should not arrive in your mailbox.
Infos
- Windows market share: http://www.netmarketshare.com/operating-system-market-share.aspx?qprid=10&qpcustomd=0
- AMaViS: http://amavisd.de.postfix.org
- ClamAV: http://www.clamav.net
- EICAR test file: http://www.eicar.org/85-0-Download.html
- ClamTk: http://clamtk.sourceforge.net
« Previous 1 2 3 Next »
Buy this article as PDF
Pages: 4
(incl. VAT)
Buy Ubuntu User
US / Canada
UK / Australia
Related content
- People, Personalities, and Planners: Who's behind your FOSS events? Ohio LinuxFest Planner - Esther "Moose" Filderman
-
User accounts with OpenLDAP's central administration
If you have multiple users logging into different computers or applications, the LDAP directory service can accommodate your needs
- Ubuntu, Google, and the Future of Linux. And rsync too.
- Pycon Personality: Wesley Chun
-
Amarok to Better Guard Against Potential Malware
To program an effective virus for Linux is fairly difficult. It's much easier to provide malware disguised as an add-on, however. The Amarok project now wants to protect against that.