Click here for "Safe Air Conditioner Repair and Proper Freon Recovery".

openSUSE ; Clamav ( anti-virus software) ,  Mail Server

1. Install clamav (anti-virus software)

1.1 Install Clamav

# zypper -n install clamav

1.2 Virus definition file update

①Virus definition file update setting

# vi /etc/freshclam.conf
■Line 71.
Insert “#” at the beginning of the line “DatabaseMirror database.clamav.net”.し、
“DatabaseMirror db.jp.clamav.net” added.
#DatabaseMirror database.clamav.net
DatabaseMirror db.jp.clamav.net
②Virus definition file update
# freshclam
ClamAV update process started at Fri Jan 7 12:57:13 2022
daily database available for download (remote version: 26414)
Time: 0.8s, ETA: 0.0s [========================>] 54.80MiB/54.80MiB
Testing database: ‘/var/lib/clamav/tmp.30881f985c/clamav-53eb2ff94f8ff97aee1ef1931e2bfb93.tmp-daily.cvd’ …
Database test passed.
daily.cvd updated (version: 26414, sigs: 1969520, f-level: 90, builder: raynman)
main database available for download (remote version: 62)
Time: 1.8s, ETA: 0.0s [========================>] 162.58MiB/162.58MiB
Testing database: ‘/var/lib/clamav/tmp.30881f985c/clamav-d7a663194ed38ed1910f2b29641e9b05.tmp-main.cvd’ …
Database test passed.
main.cvd updated (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr)
bytecode database available for download (remote version: 333)
Time: 0.0s, ETA: 0.0s [========================>] 286.79KiB/286.79KiB
Testing database: ‘/var/lib/clamav/tmp.30881f985c/clamav-c959fafa36ee9ae598991e3821d1ad6e.tmp-bytecode.cvd’ …
Database test passed.
bytecode.cvd updated (version: 333, sigs: 92, f-level: 63, builder: awillia2)
WARNING: Clamd was NOT notified: Can’t connect to clamd through /run/clamav/clamd-socket: No such file or directory

1.3 動作確認

①Scan the entire system
■If the virus is not detected
# cd
# clamscan –infected –remove –recursive
———– SCAN SUMMARY ———–
Known viruses: 8601674
Engine version: 0.103.4
Scanned directories: 8
Scanned files: 5
Infected files: 0
Data scanned: 0.14 MB
Data read: 0.08 MB (ratio 1.80:1)
Time: 14.010 sec (0 m 14 s)
Start Date: 2022:01:07 13:35:00
End Date: 2022:01:07 13:35:14
■When a virus is detected
Download and scan a test virus.

# wget http://www.eicar.org/download/eicar.com
# clamscan –infected –remove –recursive
/root/eicar.com: Win.Test.EICAR_HDB-1 FOUND  ← virus detection
/root/eicar.com: Removed.  ← virus removal

———– SCAN SUMMARY ———–
Known viruses: 8601674
Engine version: 0.103.4
Scanned directories: 8
Scanned files: 6
Infected files: 1   ←One virus detected.
Data scanned: 0.14 MB
Data read: 0.08 MB (ratio 1.80:1)
Time: 12.965 sec (0 m 12 s)
Start Date: 2022:01:07 13:37:43
End Date: 2022:01:07 13:37:56

1.4 Deployment of automatic virus scan execution scripts

①Create a script storage directory

# mkdir -p /srv/www/system
②Create auto-run scripts
# cd /srv/www/system
Create clamscan.sh in /var/www/system with the following contents
# vi /srv/www/system/clamscan.sh
#!/bin/bashPATH=/usr/bin:/bin
# excludeopt setup
excludelist=/srv/www/system/clamscan.exclude
if [ -s $excludelist ]; then
for i in `cat $excludelist`
do
if [ $(echo “$i”|grep \/$) ]; then
i=`echo $i|sed -e ‘s/^\([^ ]*\)\/$/\1/p’ -e d`
excludeopt=”${excludeopt} –exclude-dir=$i”
else
excludeopt=”${excludeopt} –exclude=$i”
fi
done
fi# signature update
freshclam# virus scan
clamscan –recursive –remove ${excludeopt} /

Give the script execute permission.

# chmod 700 clamscan.sh
Exclude sys and proc directories since they cannot be scanned.
# echo “/sys/” >> /srv/www/system/clamscan.exclude
# echo “/proc/” >> /srv/www/system/clamscan.exclude
Set up a regular virus scan.
# crontab -e
0 1 * * * /srv/www/system/clamscan.sh > /dev/null 2>&
Run “/var/www/system/clamscan.sh” to scan the entire system.
# /srv/www/system/clamscan.sh

2. Mail Server Install

2.1 Pretreatment

①Preprocessing for new users
Set up the system to automatically send and receive e-mails when a new user is added.

# mkdir -p /etc/skel/Maildir/{new,cur,tmp}
# chmod -R 700 /etc/skel/Maildir/
# echo “~/Maildir/”> /etc/skel/.forward
# chmod 600 /etc/skel/.forward
②Pre-processing of email environment for existing users
Configure the settings so that the users you have already created can send and receive mail.
# mkdir -p /home/[Created user name]/Maildir/{new,cur,tmp}
# chown -R lan:users/home/[Created user name]/Maildir/
# chmod 700 /home/[Created user name]/Maildir
# chmod 700 /home/[Created user name]/Maildir/{new,cur,tmp}

2.2 Install Postfix

①Install Postfix and build an SMTP server.

# zypper -n install postfix
②Postfix Settings
To prevent unauthorized mail relay, use the SASL function of Dovecot (described later), and configure Postfix to require authentication for outgoing mail as well.

# vi /etc/postfix/main.cf
# Line 110: Uncomment and specify domain name
mydomain = korodes.com  ←Domain Name

#Line 126: uncomment
myorigin = $mydomain

# Line 287: uncomment and add your own network
mynetworks = 127.0.0.0/8, 192.168.11.0/24  ←own network

# Line 442: Uncomment and move to Maildir format
home_mailbox = Maildir/

# Line 705: Change
inet_interfaces = all

# 710 line item: memorial
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain

# Line 711: Specify host name
myhostname = mail.korodes.com  ←host name

# Line725,726
# Limit mailbox size as needed (1G in the example below)
mailbox_size_limit = 1073741824
# Limit the size of incoming and outgoing mail as needed (10M in the example below).
message_size_limit = 10485760

# Line 738: Change
smtpd_recipient_restrictions = permit_mynetworks, permit_auth_destination, permit_sasl_authenticated, reject

# Line 744~746: comment out
#smtp_sasl_auth_enable = no
#smtp_sasl_security_options =
#smtp_sasl_password_maps =

# Per line 747: change
smtpd_sasl_auth_enable = yes

# Per lines 752-755 : addendum
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname

# vi /etc/postfix/master.cf
# Line 22: Deleting # at the beginning of a line
# Line 26: Deleting # at the beginning of a line
smtp inet n – n – – smtpd
#amavis unix – – n – 4 smtp
# -o smtp_data_done_timeout=1200
# -o smtp_send_xforward_command=yes
# -o disable_dns_lookups=yes
# -o max_use=20
#smtp inet n – n – 1 postscreen
#smtpd pass – – n – – smtpd
#dnsblog unix – – n – 0 dnsblog
#tlsproxy unix – – n – 0 tlsproxy
submission inet n – n – – smtpd
# -o syslog_name=postfix/submission
# -o smtpd_tls_security_level=encrypt
# -o content_filter=smtp:[127.0.0.1]:10024
-o smtpd_sasl_auth_enable=yes
# -o smtpd_tls_auth_only=yes
# -o smtpd_reject_unlisted_recipient=no

# systemctl start postfix
# systemctl enable postfix
③If you have Firewalld enabled, you will need to allow SMTP service, which uses 25/TCP.
# firewall-cmd –add-service=smtp –permanent
success
# firewall-cmd –reload
success

2.3 Install Dovecot

①Install
# zypper -n install dovecot
②Dovecot configuration

Configure Dovecot to provide SASL functionality to Postfix.
# vi /etc/dovecot/dovecot.conf
# Line 30: uncomment(Delete “, ::” when not listening to IPv6)
listen = *, ::

# vi /etc/dovecot/conf.d/10-auth.conf
# Line 10: uncomment and change(Allow plain text authentication as well.)
disable_plaintext_auth = no

# Line 100: items memorial
auth_mechanisms = plain login

# vi /etc/dovecot/conf.d/10-mail.conf
# Line 30: uncomment
mail_location = maildir:~/Maildir

# vi /etc/dovecot/conf.d/10-master.conf
# Lines 106-108: uncommented and added
# Postfix smtp-auth
unix_listener /var/spool/postfix/private/auth {
mode = 0666
user = postfix
group = postfix
}

③Dovecot startup and auto-run

# systemctl start dovecot
# systemctl enable dovecot
Created symlink /etc/systemd/system/multi-user.target.wants/dovecot.service → /usr/lib/systemd/system/dovecot.service.
④If Firewalld is enabled, permission for POP/IMAP service is required
Use 110/TCP for POP, 143/TCP for IMAP
# firewall-cmd –add-service={pop3,imap} –permanent
success
# firewall-cmd –reload
success

2.4 Operation check

Set up an account in Thunderbird, a free email client, and check it works.
However, depending on your provider, port 587 may be used for the outgoing server.
Free up port 587 in your firewall settings.
# firewall-cmd –add-port=587/tcp –permanent
# firewall-cmd –reload

Start Thunderbird and select “Account Settings” from the “Tools” menu.  ↓

Select “Add Mail Account” from “Account Actions”.  ↓

Fill in the fields as follows, and click “Configure manual”.  ↓
Your full name  : Any name
Email address :<mail user>@<domain name>>
Password   : Password for mail users

Configure as shown in the figure below, but if your provider does not allow port 25 for outgoing servers, use “587”. Click “Done”.  ↓

A warning screen will appear, check the box as shown below, and click “Confirm”.

If the next screen appears, you have succeeded.

3. Mail Sever : Postfix + Clamav + Amavisd

Configure Postfix and Clamav to work together to scan incoming and outgoing mails in real time

3.1 Amavisd & Clamav Server Install

# zypper -n install amavisd-new spamassassin
# systemctl start clamd
# systemctl enable clamd
Created symlink /etc/systemd/system/multi-user.target.wants/clamd.service → /usr/lib/systemd/system/clamd.service.

3.2 Configure Amavisd

①Edit configuration file

# vi /etc/amavisd.conf
# Line 20: Change to own domain name
$mydomain = ‘korodes.com’;
# Line 152: Uncomment and change to your own host name.
$myhostname = ‘mail.korodes.com’;
# Lines 154,155: uncomment
$notify_method = ‘smtp:[127.0.0.1]:10025’;
$forward_method = ‘smtp:[127.0.0.1]:10025’;
②Startup and autorun settings
# sa-update
# systemctl start amavis spamd
# systemctl enable amavis spamd
Created symlink /etc/systemd/system/multi-user.target.wants/amavis.service → /usr/lib/systemd/system/amavis.service.
Created symlink /etc/systemd/system/multi-user.target.wants/spamd.service → /usr/lib/systemd/system/spamd.service.

3.3 Postfix Configuration

# vi /etc/postfix/master.cf
# Add the following to the last line
smtp-amavis unix – – n – 2 smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
-o disable_dns_lookups=yes
127.0.0.1:10025 inet n – n – – smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o strict_rfc821_envelopes=yes
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
# vi /etc/postfix/main.cf
# Add to last line
content_filter=smtp-amavis:[127.0.0.1]:10024
# systemctl restart postfix

4.virus scanning script substitution

Set the system to notify the specified e-mail address after the virus check scan.
① Create a virus scan exclusion directory list
# cd /srv/www/system/
# vi clamscan.exclude
/sys/
/proc/
/etc/snort/rules/
/.snapshots ← openSUSE is configured to take a large number of snapshots, so if you don’t need it, leave it set.
②Disable the existing script and create a new virus scanning script.
# cd /srv/www/system/
# mv clamscan.sh clamscan.sh_bak
# vi clamscan.sh
Contents of the new “clamscan.sh

#!/bin/bash

PATH=/usr/bin:/bin

MAILTO=”<Any email address>

# excludeopt setup
excludelist=/srv/www/system/clamscan.exclude
if [ -s $excludelist ]; then
for i in `cat $excludelist`
do
if [ $(echo “$i”|grep \/$) ]; then
i=`echo $i|sed -e ‘s/^\([^ ]*\)\/$/\1/p’ -e d`
excludeopt=”${excludeopt} –exclude-dir=^$i”
else
excludeopt=”${excludeopt} –exclude=^$i”
fi
done
fi

# signature update
freshclam 2>&1 > /dev/null

# virus scan
CLAMSCANTMP=`mktemp`
#clamscan –recursive –remove ${excludeopt} / > $CLAMSCANTMP 2>&1
clamscan –recursive ${excludeopt} / > $CLAMSCANTMP 2>&1
[ ! -z “$(grep FOUND$ $CLAMSCANTMP)” ] && \

# report mail send
grep FOUND$ $CLAMSCANTMP | mail -s “Virus Found in `hostname`” $MAILTO
rm -f $CLAMSCANTMP

# chmod 700 clamscan.sh
If there is a virus, you will be notified by e-mail. If there is no virus, you will not receive any notification.
タイトルとURLをコピーしました