SpamAssassin-ClamAV-Procmail-Howto

使用Perl Shell安装

以root身份登录到您的命令行，并运行以下命令启动Perl shell：

perl -MCPAN -e shell

如果你第一次运行Perl shell，你会被问到一些问题。 在大多数情况下，默认答案都可以。

请注意：如果您在系统上运行防火墙，您可能必须在Perl shell上执行此操作，以便Perl shell能够在没有任何延迟的情况下获取所需的模块。 您可以打开它。

与这里描述的其他两种方法相比，Perl shell的最大优点是它在安装新模块时关心依赖关系。 也就是说，如果在安装另一个模块时Perl shell询问您是否应该为您安装必备模块，则会丢失必要的Perl模块。 你应该用“是”回答这个问题。

运行以下命令来安装SpamAssassin和其他一些所需的模块：

安装HTML :: Parser
安装DB_File
安装Net :: DNS （当提示启用测试时，选择否）
安装Digest :: SHA1
安装Mail :: SpamAssassin
q （离开Perl shell）

如果您的系统上已经安装了一个模块，您将收到类似于此的消息：

HTML :: Parser是最新的。

成功安装模块如下所示：

/ usr / bin / make install - 确定

从源安装

（ 请注意：在从源文件编译SpamAssassin之前，必须先安装Perl模块（至少包含HTML :: Parser ），如果不是，请使用本文中描述的其他两种方法之一安装它们，或者获取源来自http://www.cpan.org并编译它们，这与SpamAssassin这里描述的步骤类似。）

cd / tmp
wget http://www.mirror.ac.uk/sites/spamassassin.taint.org/spamassassin.org
/released/Mail-SpamAssassin-2.63.tar.gz（1 行）
tar xvfz Mail-SpamAssassin-2.63.tar.gz
cd Mail-SpamAssassin-2.63
perl Makefile.PL
使
安装

使用Webmin进行安装

如果您的系统上安装了webmin（ http://www.webmin.com ），您可以使用它来安装Perl模块。 登录到webmin，转到其他 - > Perl模块 ，并安装SpamAssassin：

如果您收到错误消息，这主要是由于系统中缺少一些必备模块。 安装它们（至少需要HTML :: Parser ），然后尝试再次安装要安装的模块。

##
## Example config file for the Clam AV daemon
## Please read the clamav.conf(5) manual before editing this file.
##


# Comment or remove the line below.
#Example

# Uncomment this option to enable logging.
# LogFile must be writable for the user running the daemon.
# Full path is required.
#LogFile /tmp/clamd.log

# By default the log file is locked for writing - the lock protects against
# running clamd multiple times (if want to run another clamd, please
# copy the configuration file, change the LogFile variable, and run
# the daemon with --config-file option). That's why you shouldn't uncomment
# this option.
#LogFileUnlock

# Maximal size of the log file. Default is 1 Mb.
# Value of 0 disables the limit.
# You may use 'M' or 'm' for megabytes (1M = 1m = 1048576 bytes)
# and 'K' or 'k' for kilobytes (1K = 1k = 1024 bytes). To specify the size
# in bytes just don't use modifiers.
#LogFileMaxSize 2M

# Log time with an each message.
#LogTime

# Use system logger (can work together with LogFile).
#LogSyslog

# Enable verbose logging.
#LogVerbose

# This option allows you to save the process identifier of the listening
# daemon (main thread).
#PidFile /var/run/clamd.pid

# Path to a directory containing .db files.
# Default is the hardcoded directory (mostly /usr/local/share/clamav,
# it depends on installation options).
#DatabaseDirectory /var/lib/clamav

# The daemon works in local or network mode. Currently the local mode is
# recommended for security reasons.

# Path to the local socket. The daemon doesn't change the mode of the
# created file (portability reasons). You may want to create it in a directory
# which is only accessible for a user running daemon.
LocalSocket /tmp/clamd

# Remove stale socket after unclean shutdown.
#FixStaleSocket

# TCP port address.
#TCPSocket 3310

# TCP address.
# By default we bind to INADDR_ANY, probably not wise.
# Enable the following to provide some degree of protection
# from the outside world.
#TCPAddr 127.0.0.1

# Maximum length the queue of pending connections may grow to.
# Default is 15.
#MaxConnectionQueueLength 30

# When activated, input stream (see STREAM command) will be saved to disk before
# scanning - this allows scanning within archives.
#StreamSaveToDisk

# Close the connection if this limit is exceeded.
#StreamMaxLength 10M

# Maximal number of a threads running at the same time.
# Default is 5, and it should be sufficient for a typical workstation.
# You may need to increase threads number for a server machine.
#MaxThreads 10

# Thread (scanner - single task) will be stopped after this time (seconds).
# Default is 180. Value of 0 disables the timeout. SECURITY HINT: Increase the
# timeout instead of disabling it.
#ThreadTimeout 500

# Maximal depth the directories are scanned at.
MaxDirectoryRecursion 15

# Follow a directory symlinks.
# SECURITY HINT: You should have enabled directory recursion limit to
# avoid potential problems.
#FollowDirectorySymlinks

# Follow regular file symlinks.
#FollowFileSymlinks

# Do internal checks (eg. check the integrity of the database structures)
# By default clamd checks itself every 3600 seconds (1 hour).
#SelfCheck 600

# Execute a command when virus is found. In the command string %v and %f will
# be replaced by the virus name and the infected file name respectively.
#
# SECURITY WARNING: Make sure the virus event command cannot be exploited,
#                    eg. by using some special file name when %f is used.
#                    Always use a full path to the command.
#                    Never delete/move files with this directive !
#VirusEvent /usr/local/bin/send_sms 123456789 "VIRUS ALERT: %f: %v"

# Run as selected user (clamd must be started by root).
# By default it doesn't drop privileges.
User clamav

# Initialize the supplementary group access (for all groups in /etc/group
# user is added in. clamd must be started by root).
#AllowSupplementaryGroups

# Don't fork into background. Useful in debugging.
#Foreground

# Enable debug messages in libclamav.
#Debug

##
## Mail support
##

# Uncomment this option if you are planning to scan mail files.
ScanMail

##
## Archive support
##


# Comment this line to disable scanning of the archives.
ScanArchive


# By default the built-in RAR unpacker is disabled by default because the code
# terribly leaks, however it's probably a good idea to enable it.
#ScanRAR


# Options below protect your system against Denial of Service attacks
# with archive bombs.

# Files in archives larger than this limit won't be scanned.
# Value of 0 disables the limit.
# WARNING: Due to the unrarlib implementation, whole files (one by one) in RAR
#           archives are decompressed to the memory. That's why never disable
#           this limit (but you may increase it of course!)
ArchiveMaxFileSize 10M

# Archives are scanned recursively - e.g. if Zip archive contains RAR file,
# the RAR file will be decompressed, too (but only if recursion limit is set
# at least to 1). With this option you may set the recursion level.
# Value of 0 disables the limit.
ArchiveMaxRecursion 5

# Number of files to be scanned within archive.
# Value of 0 disables the limit.
ArchiveMaxFiles 1000

# Use slower decompression algorithm which uses less memory. This option
# affects bzip2 decompressor only.
#ArchiveLimitMemoryUsage

##
## Clamuko settings
## WARNING: This is experimental software. It is very likely it will hang
##            up your system !!!
##

# Enable Clamuko. Dazuko (/dev/dazuko) must be configured and running.
#ClamukoScanOnLine

# Set access mask for Clamuko.
ClamukoScanOnOpen
ClamukoScanOnClose
ClamukoScanOnExec

# Set the include paths (all files in them will be scanned). You can have
# multiple ClamukoIncludePath options, but each directory must be added
# in a seperate option. All subdirectories are scanned, too.
ClamukoIncludePath /home
#ClamukoIncludePath /students

# Set the exclude paths. All subdirectories are also excluded.
#ClamukoExcludePath /home/guru

# Limit the file size to be scanned (probably you don't want to scan your movie
# files ;))
# Value of 0 disables the limit. 1 Mb should be fine.
ClamukoMaxFileSize 1M

# Enable archive support. It uses the limits from clamd section.
# (This option doesn't depend on ScanArchive, you can have archive support
# in clamd disabled).
# ClamukoScanArchive

#!/bin/bash


TMPDIR=/tmp
PATH=/sbin:/usr/sbin:/bin:/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/X11R6/bin


case "$1" in
    start)
        echo "Starting ClamAV..."
        if [ -S /tmp/clamd ]; then
          echo "ClamAV is already running!"
        else
          /usr/local/bin/freshclam -d -c 10 --datadir=/usr/local/share/clamav
          /usr/local/sbin/clamd
        fi
        echo "ClamAV is now up and running!"
    ;;
    stop)
        echo "Shutting down ClamAV..."
        array=(`ps ax | grep -iw '/usr/local/bin/freshclam' | grep -iv 'grep' \
                       | awk '{print $1}' | cut -f1 -d/ | tr '\n' ' '`)
        element_count=${#array[@]}
        index=0
        while [ "$index" -lt "$element_count" ]
        do
          kill -9 ${array[$index]}
          let "index = $index + 1"
        done
        array=(`ps ax | grep -iw '/usr/local/sbin/clamd' | grep -iv 'grep' \
                       | awk '{print $1}' | cut -f1 -d/ | tr '\n' ' '`)
        element_count=${#array[@]}
        index=0
        while [ "$index" -lt "$element_count" ]
        do
          kill -9 ${array[$index]}
          let "index = $index + 1"
        done
        if [ -S /tmp/clamd ]; then
          rm -f /tmp/clamd
        fi
        echo "ClamAV stopped!"
    ;;
    restart)
        $0 stop  && sleep 3
        $0 start
    ;;
    *)
    echo "Usage: $0 {start|stop|restart}"
    exit 1
esac
exit 0

#!/bin/bash
#
# TrashScan v0.08; Scan email for viruses
# ZapCoded by Trashware; 13.10.2002
# Email: trashware@gmx.de
# Web: http://trashware.mirrorz.com
#
PATH=/sbin:/usr/sbin:/bin:/usr/bin:/usr/local/bin:/usr/local/sbin
# --------------------------------------- Begin Settinx ---------------------------------------- #
SCANDIR=$HOME/tmp                                              # Temp directory for virus scans.
                                                               # Security: Don't define public
                                                               # accessible directories here !!!
                                                               # $HOME/tmp should be fine.
#DECODER=metamail                                              # Decoder: "metamail" or "uudeview"
#DECODPRG=metamail                                             # Absolute path to decoder: metamail
DECODER=uudeview                                               # Decoder: "metamail" or "uudeview"
DECODPRG=/usr/local/bin/uudeview                               # Absolute path to decoder: uudeview
VSCANPRG=/usr/local/bin/clamscan                               # Absolute path to the virus scanner
VSCANOPT="--quiet --tempdir=$HOME/tmp --recursive --max-files=500 \
        --max-space=30M --unzip=/usr/bin/unzip --unrar=/usr/bin/unrar \
        --unarj=/usr/bin/unarj --zoo=/usr/bin/zoo --lha=/usr/bin/lha \
        --jar=/usr/bin/unzip --tar=/bin/tar --tgz=/bin/tar"    # Parameters for the virus scanner.
                                                               # Security: Don't choose public
                                                               # accessible directories for the
                                                               # --tempdir definition !!!
                                                               # --tempdir=$HOME/tmp should be fine.
VSCANVEX=1                                                     # Exitcode of the virus scanner if a
                                                               # virus was found
VSCANSUSP=mail.virus                                           # File to store suspicious mail (see
                                                               # procmail.trashscan)
FORMAIL=formail                                                # Absolute path to formail
PROCMAIL=procmail                                              # Absolute path to procmail
SENDMAIL=sendmail                                              # Absolute path to sendmail
CAT=cat                                                        # Absolute path to cat
GREP=grep                                                      # Absolute path to grep
LOGGER=logger                                                  # Absolute path to logger
LOGPRIO=mail.warn                                              # Log level for logger
MKDIR=mkdir                                                    # Absolute path to mkdir
RM=rm                                                          # Absolute path to rm
SED=sed                                                        # Absolute path to sed
ALERTRCVR=virusadmin@example.com                               # Receiver of virus alert messages
ALERTSNDR=virusadmin@example.com                               # Sender of virus alert messages
ALERTCTCT=virusadmin@example.com                               # Person to contact (appears in the
                                                               # mail body of the virus alert)
# ---------------------------------------- End Settinx ---------------------------------------- #

"|/usr/bin/procmail -f-"

## MAILDIR=$HOME/Maildir/
## DEFAULT=$MAILDIR

INCLUDERC=/home/www/web1/user/testuser/.antivirus.rc
INCLUDERC=/home/www/web1/user/testuser/.html-trap.rc
INCLUDERC=/home/www/web1/user/testuser/.spamassassin.rc

#
# procmail configuration for TrashScan: ZapCoded by Trashware; 13.10.2002
#

# [ ... ]

# ------------------------------------------------------------------------------------- #
# Virus scan section ...                                                                #
# ------------------------------------------------------------------------------------- #

# 1. Run TrashScan
:0
* multipart
* !^X-Virus-Scan:
| /usr/local/sbin/trashscan


# 2. Filter tagged virus mails
:0:
* ^X-Virus-Scan: Suspicious
/dev/null

# SpamAssassin sample procmailrc
#
# Pipe the mail through spamassassin (replace 'spamassassin' with 'spamc'
# if you use the spamc/spamd combination)
# The condition line ensures that only messages smaller than 250 kB
# (250 * 1024 = 256000 bytes) are processed by SpamAssassin. Most spam
# isn't bigger than a few k and working with big messages can bring
# SpamAssassin to its knees.
:0fw
* < 256000
| /usr/local/bin/spamassassin --prefs-file=/home/www/web1/user/testuser/.user_prefs

# All mail tagged as spam (eg. with a score higher than the set threshold)
# is moved to "/dev/null".
#:0:
#* ^X-Spam-Status: Yes
#/dev/null

# Work around procmail bug: any output on stderr will cause the "F" in "From"
# to be dropped.  This will re-add it.
:0
* ^^rom[ ]
{
  LOG="*** Dropped F off From_ header! Fixing up. "

  :0 fhw
  | sed -e '1s/^/F/'
}

# SpamAssassin sample procmailrc
#
# Pipe the mail through spamassassin (replace 'spamassassin' with 'spamc'
# if you use the spamc/spamd combination)
# The condition line ensures that only messages smaller than 250 kB
# (250 * 1024 = 256000 bytes) are processed by SpamAssassin. Most spam
# isn't bigger than a few k and working with big messages can bring
# SpamAssassin to its knees.
:0fw
* < 256000
| /usr/local/bin/spamassassin --prefs-file=/home/www/web1/user/testuser/.user_prefs

# All mail tagged as spam (eg. with a score higher than the set threshold)
# is moved to "/dev/null".
:0:
* ^X-Spam-Status: Yes
/dev/null

# Work around procmail bug: any output on stderr will cause the "F" in "From"
# to be dropped.  This will re-add it.
:0
* ^^rom[ ]
{
  LOG="*** Dropped F off From_ header! Fixing up. "

  :0 fhw
  | sed -e '1s/^/F/'
}

# SpamAssassin user preferences file.  See 'perldoc Mail::SpamAssassin::Conf'
# for details of what can be tweaked.
#*
#* Note: this file is not read by SpamAssassin until copied into the user
#* directory. At runtime, if a user has no preferences in their home directory
#* already, it will be copied for them, allowing them to perform personalised
#* customisation.  If you want to make changes to the site-wide defaults,
#* create a file in /etc/spamassassin or /etc/mail/spamassassin instead.
###########################################################################

# How many hits before a mail is considered spam.
required_hits                5.0

rewrite_subject       1
subject_tag           ***SPAM***