MAILSCANNER + CLAMAV + SPAMASSASSIN

1 – Instale o SpamAssasin

apt-get install spamassassin

2 – Baixe as regras brasileiras HEADER, BODY, RAWBODY, URI e META no link:

http://www.exit0.us/index.php?pagename=BrazilianRules

HEADER
Regras para o cabeçalho (header)

BODY
Regras para o corpo do email (body)

RAWBODY
Regras para o copro do email na forma crua (rawbody)

URI
Regras em URLs nos emails

META
Regras que são combinações de outras regras

* Salve todas as regras com a extensão .cf no diretótio "/etc/spamassassin/"

Ex:

br_body.cf br_header.cf br_meta.cf br_rawbody.cf br_uri.cf

3 – Instale o Anti-Virus Clamav

apt-get install clamav

Responda as perguntas de configuração do Clamav

“Virus database update method”: daemon
(“Método de atualização da base de dados”)

“Local database mirror site”: db.us.clamav.net (United States)
(“Site local da base de dados”)

“HTTP proxy information (leave blank for none)”: Deixe em branco
(“Informação sobre o proxy HTTP”)

“Should clamd be notified after updates?”: Não
(O clamd deve ser notificado após updates?”)

DICA: Você pode mudar o tempo padrão de 24h em que o freshclam
busca suas atualizações. Para fazer isso mude a diretiva
“Checks” em /etc/clamav/freshclam.conf

4 – Instale o Mailscanner

apt-get install mailscanner

5 – Edite o principal arquivo de configuração do Mailscanner

vi /etc/MailScanner/MailScanner.conf

Modifique as seguintes diretivas:

%report-dir% = /etc/MailScanner/reports/pt_br
%org-name% = Nickollas
%org-long-name% = Nickollas Carvalho
%web-site% = www.nickollas.com.br
Run As User = postfix
Run As Group = postfix
Incoming Queue Dir = /var/spool/postfix/hold
Outgoing Queue Dir = /var/spool/postfix/incoming
MTA = postfix
Virus Scanners = clamav
Quarantine Silent Viruses = yes

6 – Edite o arquivo “/etc/default/mailscanner”

vi /etc/default/mailscanner

# Descomente a seguinte diretiva:

run_mailscanner=1

7 – Ajuste as permissões dos diretórios que o Mailscanner vai usar

chown postfix.postfix /var/spool/MailScanner/ -R
chown postfix.postfix /var/lib/MailScanner/ -R
chown postfix.postfix /var/run/MailScanner/ -R
chown postfix.postfix /var/lock/subsys/MailScanner/ -R

8 – Adicione a seguinte linha no arquivo de configuração do postfix “main.cf”

vi /etc/postfix/main.cf

header_checks = regexp:/etc/postfix/header_checks

9 – Crie o arquivo “/etc/postfix/header_checks” com o conteúdo:

vi /etc/postfix/header_checks

/^Received:/ HOLD

10 – Reinicie o Postfix

/etc/init.d/postfix restart

11 – Inicie o Mailscanner

/etc/init.d/mailscanner start

12 – Veja se o mailscanner foi inicializado com sucesso

tail -f /var/log/mail.log

MailScanner[15512]: MailScanner E-Mail Virus Scanner version 4.41.3 starting…
MailScanner[15512]: Read 120 hostnames from the phishing whitelist
MailScanner[15512]: Using locktype = flock

13 – Teste: Vendo se o Mailscanner está procurando por vírus nas mensagens

ENVIANDO UM E-MAIL SEM VÍRUS…

echo "corpo do e-mail" | mail -s "assunto" nickollas@nickollas.com.br

tail -f /var/log/mail.log

MailScanner[15512]: New Batch: Scanning 1 messages, 500 bytes
MailScanner[15512]: Virus and Content Scanning: Starting
MailScanner[15512]: Requeue: 08D1667E73.F06D5 to AE04F67E71
postfix/qmgr[15492]: AE04F67E71: from=,
size=429, nrcpt=1 (queue active)
MailScanner[15512]: Uninfected: Delivered 1 messages

ENVIANDO UM E-MAIL COM VÍRUS…

– Baixe um arquivo de teste para anti virus do link:

wget http://www.eicar.org/download/eicar.com.txt

echo "e-mail" | mail -s "virus test" nickollas@nickollas.com.br < eicar.com.txt

tail -f /var/log/mail.log

MailScanner[15512]: New Batch: Scanning 1 messages, 561 bytes
MailScanner[15512]: Virus and Content Scanning: Starting
MailScanner[15512]: /var/spool/MailScanner/incoming/15512/./B92E067E75.E04CB/
msg-15512-3.txt: Eicar-Test-Signature FOUND
MailScanner[15512]: Virus Scanning: ClamAV found 1 infections
MailScanner[15512]: Infected message B92E067E75.E04CB came from 127.0.0.1
MailScanner[15512]: Virus Scanning: Found 1 viruses
MailScanner[15512]: Requeue: B92E067E75.E04CB to 2200067D94
postfix/qmgr[15492]: 2200067D94: from=,
size=1418, nrcpt=1 (queue active)
MailScanner[15512]: Cleaned: Delivered 1 cleaned messages
MailScanner[15512]: Notices: Warned about 1 messages
MailScanner[15512]: Uninfected: Delivered 1 messages

IMPORTANTE: As mensagens com vírus podem ser encontradas em:
/var/spool/MailScanner/quarantine/

– ENVIANDO UM E-MAIL DE SPAM

cp /usr/share/doc/spamassassin/examples/sample-spam.txt .

mail -s "assunto" nickollas@nickollas.com.br < sample-spam.txt

tail -f /var/log/mail.log

MailScanner[2427]: New Batch: Scanning 1 messages, 1308 bytes
MailScanner[2427]: Spam Checks: Found 1 spam messages
MailScanner[2427]: Virus and Content Scanning: Starting
MailScanner[2427]: Requeue: 7B69667E88.8042F to 8C81367E86
postfix/qmgr[2618]: 8C81367E86: from=, size=1498,
nrcpt=1 (queue active)
MailScanner[2427]: Uninfected: Delivered 1 messages

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s