4天连续的日夜颠倒,每天两顿饭,一次17个小时,总算把服务器搞定了!今天要出去放肆了~~~
配置: qmail + spamassassin + sbl + clamv
以下添加了Clamav安装纪录。
配置文档:http://www.clamav.net/doc/0.70/html/node13.html
$ tar -zxvf clamav-0.87.tar.gz
$ cd clamav-0.87
$ grouadd clamav
$ useradd -g clamav -s /bin/false clamav
$ ./configure
$ make
$ make check
$ make install
$ vi /usr/local/etc/clamav.conf
ScanMail
添加 crontab
$ crontab -e检查版本:
1 7 * * * /usr/local/bin/freshclam -quiet
# /usr/local/bin/clamdscan -V
ClamAV 0.87/1107/Sun Oct 2 16:09:39 2005
[root@dalouis perl]# /usr/local/sbin/clamd &
[1] 30602
[root@dalouis perl]# ERROR: Please edit the example config file /usr/local/etc/clamd.conf.
ERROR: Can't open/parse the config file /usr/local/etc/clamd.conf[1]+ Exit 1 /usr/local/sbin/clamd
[root@dalouis perl]# vi /usr/local/etc/clamd.conf
[root@dalouis perl]# /usr/local/sbin/clamd &
[1] 30612
LibClamAV Warning: ****************************************************
LibClamAV Warning: *** This version of ClamAV engine is outdated. ***
LibClamAV Warning: *** Please update it IMMEDIATELY! ***
LibClamAV Warning: ****************************************************
LibClamAV Warning: ****************************************************
LibClamAV Warning: *** This version of ClamAV engine is outdated. ***
LibClamAV Warning: *** Please update it IMMEDIATELY! ***
LibClamAV Warning: ****************************************************
# /usr/local/bin/freshclam
ClamAV update process started at Tue Aug 9 17:35:04 2005
main.cvd is up to date (version: 33, sigs: 36102, f-level: 5, builder: tkojm)
Downloading daily.cvd [*]
daily.cvd updated (version: 1011, sigs: 2451, f-level: 5, builder: diego)
Database updated (38553 signatures) from database.clamav.net (IP: 213.219.245.4)
$ /usr/local/bin/clamdscan注意文档的说明
----------- SCAN SUMMARY -----------
Infected files: 5
Time: 4.206 sec (0 m 4 s)# /usr/local/bin/clamdscan -dsdf
/usr/local/home/kreny/download/source/qmail/anti-spam/clamav-0.87/test/test: ClamAV-Test-Signature FOUND
/usr/local/home/kreny/download/source/qmail/anti-spam/clamav-0.87/test/test.rar: ClamAV-Test-Signature FOUND
/usr/local/home/kreny/download/source/qmail/anti-spam/clamav-0.87/test/test.zip: ClamAV-Test-Signature FOUND
/usr/local/home/kreny/download/source/qmail/anti-spam/clamav-0.87/test/test-zip-noext: ClamAV-Test-Signature FOUND
/usr/local/home/kreny/download/source/qmail/anti-spam/clamav-0.87/test/test-failure.rar: RAR module failure. ERROR
/usr/local/home/kreny/download/source/qmail/anti-spam/clamav-0.87/contrib/clamdwatch/clamdwatch.tar.gz: Eicar-Test-Signature FOUND
http://www.clamav.net/doc/0.75/html/node22.html
Archive files are detected by checking a magic strings. You need the zlib library for the Zip/Gzip support. Zip archives are accessed with the zziplib library by Guido Draheim and Tomi Ollila. RAR support is based on the UniquE RAR File Library by Christian Scheurer and Johannes Winkelmann. Both of them are included and slightly modified in the clamav sources. Unrarlib supports RAR 2.0 archives only and according to Christian the new format (introduced in WinRAR 3.0) won't be supported.
Due to license issues libclamav does not support RAR 3.0 archives (only 2.0
are supported). Currently only clamscan is able to scan the clam-error.rar
file (clamd only depends on libclamav's decompressors). Please use the --unrar
option and it will automatically switch to the external unrar utility after
libclamav's error.
再添加 /usr/local/sbin/clamd 到 /etc/rc.d/rc.local
升级情况log: /var/log/freshclam.log
scan记录: /var/log/clamd.log
配置文件: /usr/local/etc/clamav.conf
需要修改的是:
$ in bytes just don't use modifiers.
LogFileMaxSize 20M
$ Log time with an each message.
LogTime
评论 (1 条)
王丹君
2005年12月29日 22:44
发表于 2005 年 12 月 29 日 22:44
求救:我的windows客户端收到大量W32.Sober.X@mm的病毒邮件,norton客户端能清除病毒,但每天收到几十份也不是办法,我快疯了。用的是服务器是qmail+mysql+qmail-scanner&qms-analog+Clamav,Clamav 已经升级。