Contents
1. Install clamav (anti-virus software)
1.1 Install Clamav
|
1 |
# zypper -n install clamav |
1.2 Virus definition file update
①Virus definition file update setting
|
1 2 3 4 5 6 |
# vi /etc/freshclam.conf ■Line 71. Insert "#" at the beginning of the line "DatabaseMirror database.clamav.net".し、 "DatabaseMirror db.jp.clamav.net" added. #DatabaseMirror database.clamav.net DatabaseMirror db.jp.clamav.net |
②Virus definition file update
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 |
# freshclam ClamAV update process started at Fri Jan 7 12:57:13 2022 daily database available for download (remote version: 26414) Time: 0.8s, ETA: 0.0s [========================>] 54.80MiB/54.80MiB Testing database: '/var/lib/clamav/tmp.30881f985c/clamav-53eb2ff94f8ff97aee1ef1931e2bfb93.tmp-daily.cvd' ... Database test passed. daily.cvd updated (version: 26414, sigs: 1969520, f-level: 90, builder: raynman) main database available for download (remote version: 62) Time: 1.8s, ETA: 0.0s [========================>] 162.58MiB/162.58MiB Testing database: '/var/lib/clamav/tmp.30881f985c/clamav-d7a663194ed38ed1910f2b29641e9b05.tmp-main.cvd' ... Database test passed. main.cvd updated (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr) bytecode database available for download (remote version: 333) Time: 0.0s, ETA: 0.0s [========================>] 286.79KiB/286.79KiB Testing database: '/var/lib/clamav/tmp.30881f985c/clamav-c959fafa36ee9ae598991e3821d1ad6e.tmp-bytecode.cvd' ... Database test passed. bytecode.cvd updated (version: 333, sigs: 92, f-level: 63, builder: awillia2) WARNING: Clamd was NOT notified: Can't connect to clamd through /run/clamav/clamd-socket: No such file or directory |
1.3 動作確認
①Scan the entire system
■If the virus is not detected
|
1 2 3 4 5 6 7 8 9 10 11 12 13 |
# cd # clamscan --infected --remove --recursive ----------- SCAN SUMMARY ----------- Known viruses: 8601674 Engine version: 0.103.4 Scanned directories: 8 Scanned files: 5 Infected files: 0 Data scanned: 0.14 MB Data read: 0.08 MB (ratio 1.80:1) Time: 14.010 sec (0 m 14 s) Start Date: 2022:01:07 13:35:00 End Date: 2022:01:07 13:35:14 |
■When a virus is detected
Download and scan a test virus.
Download and scan a test virus.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 |
# wget http://www.eicar.org/download/eicar.com # clamscan --infected --remove --recursive /root/eicar.com: Win.Test.EICAR_HDB-1 FOUND ← virus detection /root/eicar.com: Removed. ← virus removal ----------- SCAN SUMMARY ----------- Known viruses: 8601674 Engine version: 0.103.4 Scanned directories: 8 Scanned files: 6 Infected files: 1 ←One virus detected. Data scanned: 0.14 MB Data read: 0.08 MB (ratio 1.80:1) Time: 12.965 sec (0 m 12 s) Start Date: 2022:01:07 13:37:43 End Date: 2022:01:07 13:37:56 |
1.4 Deployment of automatic virus scan execution scripts
①Create a script storage directory
|
1 |
# mkdir -p /srv/www/system |
②Create auto-run scripts
|
1 |
# cd /srv/www/system |
Create clamscan.sh in /srv/www/system with the following contents
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 |
# vi /srv/www/system/clamscan.sh #!/bin/bash PATH=/usr/bin:/bin # excludeopt setup excludelist=/srv/www/system/clamscan.exclude if [ -s $excludelist ]; then for i in `cat $excludelist` do if [ $(echo "$i"|grep \/$) ]; then i=`echo $i|sed -e 's/^\([^ ]*\)\/$/\1/p' -e d` excludeopt="${excludeopt} --exclude-dir=$i" else excludeopt="${excludeopt} --exclude=$i" fi done fi# signature update freshclam# virus scan clamscan --recursive --remove ${excludeopt} / |
Give the script execute permission.
|
1 |
# chmod 700 clamscan.sh |
Exclude sys and proc directories since they cannot be scanned.
|
1 2 |
# echo "/sys/" >> /srv/www/system/clamscan.exclude # echo "/proc/" >> /srv/www/system/clamscan.exclude |
Set up a regular virus scan.
|
1 2 |
# crontab -e 0 1 * * * /srv/www/system/clamscan.sh > /dev/null 2>& |
Run "/srv/www/system/clamscan.sh" to scan the entire system.
|
1 |
# /srv/www/system/clamscan.sh |
2. Mail Server Install
2.1 Pretreatment
①Preprocessing for new users
Set up the system to automatically send and receive e-mails when a new user is added.
|
1 2 3 4 |
# mkdir -p /etc/skel/Maildir/{new,cur,tmp} # chmod -R 700 /etc/skel/Maildir/ # echo "~/Maildir/"> /etc/skel/.forward # chmod 600 /etc/skel/.forward |
②Pre-processing of email environment for existing users
Configure the settings so that the users you have already created can send and receive mail.
Configure the settings so that the users you have already created can send and receive mail.
|
1 2 3 4 |
# mkdir -p /home/[Created user name]/Maildir/{new,cur,tmp} # chown -R lan:users/home/[Created user name]/Maildir/ # chmod 700 /home/[Created user name]/Maildir # chmod 700 /home/[Created user name]/Maildir/{new,cur,tmp} |
2.2 Install Postfix
①Install Postfix and build an SMTP server.
|
1 |
# zypper -n install postfix |
②Postfix Settings
To prevent unauthorized mail relay, use the SASL function of Dovecot (described later), and configure Postfix to require authentication for outgoing mail as well.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 |
# vi /etc/postfix/main.cf # Line 110: Uncomment and specify domain name mydomain = korodes.com ←Domain Name #Line 126: uncomment myorigin = $mydomain # Line 287: uncomment and add your own network mynetworks = 127.0.0.0/8, 192.168.11.0/24 ←own network # Line 442: Uncomment and move to Maildir format home_mailbox = Maildir/ # Line 705: Change inet_interfaces = all # 710 line item: memorial mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain # Line 711: Specify host name myhostname = mail.korodes.com ←host name # Line725,726 # Limit mailbox size as needed (1G in the example below) mailbox_size_limit = 1073741824 # Limit the size of incoming and outgoing mail as needed (10M in the example below). message_size_limit = 10485760 # Line 738: Change smtpd_recipient_restrictions = permit_mynetworks, permit_auth_destination, permit_sasl_authenticated, reject # Line 744~746: comment out #smtp_sasl_auth_enable = no #smtp_sasl_security_options = #smtp_sasl_password_maps = # Per line 747: change smtpd_sasl_auth_enable = yes # Per lines 752-755 : addendum smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth smtpd_sasl_security_options = noanonymous smtpd_sasl_local_domain = $myhostname |
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 |
# vi /etc/postfix/master.cf # Line 22: Deleting # at the beginning of a line # Line 26: Deleting # at the beginning of a line smtp inet n - n - - smtpd #amavis unix - - n - 4 smtp # -o smtp_data_done_timeout=1200 # -o smtp_send_xforward_command=yes # -o disable_dns_lookups=yes # -o max_use=20 #smtp inet n - n - 1 postscreen #smtpd pass - - n - - smtpd #dnsblog unix - - n - 0 dnsblog #tlsproxy unix - - n - 0 tlsproxy submission inet n - n - - smtpd # -o syslog_name=postfix/submission # -o smtpd_tls_security_level=encrypt # -o content_filter=smtp:[127.0.0.1]:10024 -o smtpd_sasl_auth_enable=yes # -o smtpd_tls_auth_only=yes # -o smtpd_reject_unlisted_recipient=no |
|
1 2 |
# systemctl start postfix # systemctl enable postfix |
③If you have Firewalld enabled, you will need to allow SMTP service, which uses 25/TCP.
|
1 2 3 4 |
# firewall-cmd --add-service=smtp --permanent success # firewall-cmd --reload success |
2.3 Install Dovecot
①Install
|
1 |
# zypper -n install dovecot |
②Dovecot configuration
Configure Dovecot to provide SASL functionality to Postfix.
|
1 2 3 4 |
# vi /etc/dovecot/dovecot.conf # Line 30: uncomment(Delete ", ::" when not listening to IPv6) listen = *, :: |
|
1 2 3 4 5 6 7 |
# vi /etc/dovecot/conf.d/10-auth.conf # Line 10: uncomment and change(Allow plain text authentication as well.) disable_plaintext_auth = no # Line 100: items memorial auth_mechanisms = plain login |
|
1 2 3 4 |
# vi /etc/dovecot/conf.d/10-mail.conf # Line 30: uncomment mail_location = maildir:~/Maildir |
|
1 2 3 4 5 6 7 8 9 |
# vi /etc/dovecot/conf.d/10-master.conf # Lines 106-108: uncommented and added # Postfix smtp-auth unix_listener /var/spool/postfix/private/auth { mode = 0666 user = postfix group = postfix } |
③Dovecot startup and auto-run
|
1 2 3 |
# systemctl start dovecot # systemctl enable dovecot Created symlink /etc/systemd/system/multi-user.target.wants/dovecot.service → /usr/lib/systemd/system/dovecot.service. |
④If Firewalld is enabled, permission for POP/IMAP service is required
Use 110/TCP for POP, 143/TCP for IMAP
Use 110/TCP for POP, 143/TCP for IMAP
|
1 2 3 4 |
# firewall-cmd --add-service={pop3,imap} --permanent success # firewall-cmd --reload success |
2.4 Operation check
Set up an account in Thunderbird, a free email client, and check it works.
However, depending on your provider, port 587 may be used for the outgoing server.
Free up port 587 in your firewall settings.
However, depending on your provider, port 587 may be used for the outgoing server.
Free up port 587 in your firewall settings.
|
1 2 |
# firewall-cmd --add-port=587/tcp --permanent # firewall-cmd --reload |
Start Thunderbird and select "Account Settings" from the "Tools" menu. ↓
Select "Add Mail Account" from "Account Actions". ↓
Fill in the fields as follows, and click "Configure manual". ↓
Your full name : Any name
Email address :<mail user>@<domain name>>
Password : Password for mail users
Configure as shown in the figure below, but if your provider does not allow port 25 for outgoing servers, use "587". Click "Done". ↓
A warning screen will appear, check the box as shown below, and click "Confirm".
If the next screen appears, you have succeeded.
3. Mail Sever : Postfix + Clamav + Amavisd
Configure Postfix and Clamav to work together to scan incoming and outgoing mails in real time
3.1 Amavisd & Clamav Server Install
|
1 2 3 4 |
# zypper -n install amavisd-new spamassassin # systemctl start clamd # systemctl enable clamd Created symlink /etc/systemd/system/multi-user.target.wants/clamd.service → /usr/lib/systemd/system/clamd.service. |
3.2 Configure Amavisd
①Edit configuration file
|
1 2 3 4 5 6 7 8 9 |
# vi /etc/amavisd.conf # Line 20: Change to own domain name $mydomain = 'korodes.com'; # Line 152: Uncomment and change to your own host name. $myhostname = 'mail.korodes.com'; # Lines 154,155: uncomment $notify_method = 'smtp:[127.0.0.1]:10025'; $forward_method = 'smtp:[127.0.0.1]:10025'; |
②Startup and autorun settings
|
1 2 3 4 5 |
# sa-update # systemctl start amavis spamd # systemctl enable amavis spamd Created symlink /etc/systemd/system/multi-user.target.wants/amavis.service → /usr/lib/systemd/system/amavis.service. Created symlink /etc/systemd/system/multi-user.target.wants/spamd.service → /usr/lib/systemd/system/spamd.service. |
3.3 Postfix Configuration
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 |
# vi /etc/postfix/master.cf # Add the following to the last line smtp-amavis unix - - n - 2 smtp -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes -o disable_dns_lookups=yes 127.0.0.1:10025 inet n - n - - smtpd -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_client_restrictions= -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o mynetworks=127.0.0.0/8 -o strict_rfc821_envelopes=yes -o smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000 |
|
1 2 3 4 |
# vi /etc/postfix/main.cf # Add to last line content_filter=smtp-amavis:[127.0.0.1]:10024 |
|
1 |
# systemctl restart postfix |
4.virus scanning script substitution
Set the system to notify the specified e-mail address after the virus check scan.
① Create a virus scan exclusion directory list
|
1 |
# cd /srv/www/system/ |
|
1 2 3 4 5 |
# vi clamscan.exclude /sys/ /proc/ /etc/snort/rules/ /.snapshots ← openSUSE is configured to take a large number of snapshots, so if you don't need it, leave it set. |
②Disable the existing script and create a new virus scanning script.
|
1 2 3 |
# cd /srv/www/system/ # mv clamscan.sh clamscan.sh_bak # vi clamscan.sh |
Contents of the new "clamscan.sh
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 |
#!/bin/bash PATH=/usr/bin:/bin MAILTO="<Any email address>" # excludeopt setup excludelist=/srv/www/system/clamscan.exclude if [ -s $excludelist ]; then for i in `cat $excludelist` do if [ $(echo "$i"|grep \/$) ]; then i=`echo $i|sed -e 's/^\([^ ]*\)\/$/\1/p' -e d` excludeopt="${excludeopt} --exclude-dir=^$i" else excludeopt="${excludeopt} --exclude=^$i" fi done fi # signature update freshclam 2>&1 > /dev/null # virus scan CLAMSCANTMP=`mktemp` #clamscan --recursive --remove ${excludeopt} / > $CLAMSCANTMP 2>&1 clamscan --recursive ${excludeopt} / > $CLAMSCANTMP 2>&1 [ ! -z "$(grep FOUND$ $CLAMSCANTMP)" ] && \ # report mail send grep FOUND$ $CLAMSCANTMP | mail -s "Virus Found in `hostname`" $MAILTO rm -f $CLAMSCANTMP |
|
1 |
# chmod 700 clamscan.sh |
If there is a virus, you will be notified by e-mail. If there is no virus, you will not receive any notification.