ClamAV 的电子邮件病毒过滤器包装器clamassassin将其标头附加到邮件标头。
X-Virus-Status: No
X-Virus-Checker-Version: clamassassin 1.2.4 with clamscan / ClamAV 1.0.3/27134/Mon Dec 25 11:40:06 2023
最好是任何传送邮件的 MTA 仅在标头前面添加,如RFC 5322, 3.6所建议的那样:
然而,就本规范而言,当传输或转换消息时,头字段不应重新排序。更重要的是,跟踪头字段和重发头字段不得重新排序,并且应该保留在消息前面的块中。更多信息请参见第 3.6.6和3.6.7节。
例如,spamassassin将其X-Spam-*标头添加到现有标头上方。为什么clamassassin不这样做,以及如何改变这种行为?例如,如果.procmailrc具有以下内容,我希望这些标头出现在同一位置。
:0 fw
| clamassassin
:0 fw
| spamassassin
我有这个 procmail 过滤器,它似乎可以工作,但我并不为此感到自豪。我相信我们可以使用嵌套部分进行更多优化和清理,但我无法实现任何功能结果。
:0
* !^X-ClamAV
VIRUS=|/usr/bin/clamdscan --no-summary --stdout -
:0fw
* !^X-ClamAV
* VIRUS ?? .*: \/.* FOUND
| formail -a "X-ClamAV: Yes, $MATCH"
:0Efw
* !^X-ClamAV
| formail -a "X-ClamAV: Virus Free"
:0
* ^X-ClamAV: Yes
$MAILDIR/.virus/
您可能已经理解,我尝试使用X-ClamAV: Yes, $MATCH或X-ClamAV: Virus Free根据 clamdscan 结果标记电子邮件标头,并将其放入 $MAILDIR /.virus/ 如果是肯定的。就这样。
编辑:
可能这样更好:
:0
* !^X-Virus-Status
VIRUS=|/usr/bin/clamdscan --no-summary --stdout -
:0
* !^X-Virus-Status
* VIRUS ?? .*: \/.* FOUND
{
:0fhw
| formail -a "X-Virus-Status: Infected, $MATCH"
}
:0Efw
| formail -a "X-Virus-Status: Virus Free"
:0
* ^X-Virus-Status: Infected
$MAILDIR/.virus/
(我更改了标签以便能够使用 clamav-filter 中的 AddHeader 进行过滤)
编辑2:
但我犯了一个错误,没有解释清楚,或者根本没有解释,事实上,电子邮件可以在 procmail (clamav-milter) 之前标记,因此已经包含X-Virus-Status: Infected. 在这种情况下,重复扫描是没有意义的,但您必须将电子邮件放入.virus. 这就是为什么我需要放
:0
* ^X-Virus-Status: Infected
$MAILDIR/.virus/
脱离大括号
但我的解决方案似乎不太好(procmail: Skipped "--no-summary --stdout -"):
:0
* !^X-Virus-Status
{
VIRUS=|/usr/bin/clamdscan --no-summary --stdout -
:0
* VIRUS ?? .*: \/.* FOUND
{
VIRUSNAME=`echo "$MATCH" | sed 's/ FOUND$//'`
:0fhw
| formail -a "X-Virus-Status: Infected ($VIRUSNAME)"
}
:0Efw
| formail -a "X-Virus-Status: Virus Free"
}
:0
* ^X-Virus-Status: Infected
$MAILDIR/.virus/
我不想覆盖X-Virus-Status.
.virus如果未标记 -> 扫描 -> 标记(是否感染) ->如果感染则放入.virus如果已经标记 ->如果被感染则放入换句话说(也许更清楚):
1) tagged X-Virus-Status?
yes: go 2)
no: scan -> infected?
yes: tag infected
no: tag non infected
2) tagged X-Virus-Status: Infected?
yes: put in .virus
no: go 3)
3) continue procmail filters
编辑3:
我在 EDIT2 中尝试的解决方案与@tripleee 提出的相同,效果很好。问题在于未读取参数的过滤器。
我更换了
VIRUS=|/usr/bin/clamdscan --no-summary --stdout -
经过
VIRUS=`/usr/bin/clamdscan --no-summary --stdout -`
现在好像没问题了。
我以为我会很聪明,并将 amavis/spamassassin/clamav 添加到我工作的 Postfix 安装中。我让它工作,然后做出改变。走开,喝了杯啤酒,然后发现我搞砸了。这就是现在发生的事情
Oct 2 22:01:59 wilma postfix/smtpd[1048101]: Anonymous TLS connection established from mail-pf1-f172.google.com[209.85.210.172]: TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256
Oct 2 22:01:59 wilma postfix/smtpd[1048101]: warning: connect to private/policy: Connection refused
Oct 2 22:01:59 wilma postfix/smtpd[1048101]: warning: problem talking to server private/policy: Connection refused
Oct 2 22:02:00 wilma postfix/smtpd[1048101]: warning: connect to private/policy: Connection refused
Oct 2 22:02:00 wilma postfix/smtpd[1048101]: warning: problem talking to server private/policy: Connection refused
Oct 2 22:02:00 wilma postfix/smtpd[1048101]: NOQUEUE: reject: RCPT from mail-pf1-f172.google.com[209.85.210.172]: 451 4.3.5 <[email protected]>: Recipient address rejected: Server configuration problem; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<mail-pf1-f172.google.com>
Oct 2 22:02:02 wilma postfix/smtpd[1048101]: disconnect from mail-pf1-f172.google.com[209.85.210.172] ehlo=2 starttls=1 mail=1 rcpt=0/1 bdat=0/1 quit=1 commands=5/7
我在谷歌上下搜索寻找答案,似乎“451 4.3.5”是一个通用错误。
这是master.cf ...
smtp inet n - n - - smtpd
submission inet n - n - - smtpd
pickup fifo n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 qmgr
tlsmgr unix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - n - - smtp
relay unix - - n - - smtp -o smtp_fallback_relay=
showq unix n - n - - showq
error unix - - n - - error
retry unix - - n - - error
discard unix - - n - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
smtp-amavis unix - - n - 2 smtp -o syslog_name=postfix/amavis -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes -o disable_dns_lookups=yes -o max_use=20 -o smtp_tls_security_level=none
127.0.0.1:10025 inet n - n - - smtpd -o syslog_name=postfix/10025 -o content_filter= -o mynetworks_style=host -o mynetworks=127.0.0.0/8 -o local_recipient_maps= -o relay_recipient_maps= -o strict_rfc821_envelopes=yes -o smtp_tls_security_level=none -o smtpd_tls_security_level=none -o smtpd_restriction_classes= -o smtpd_delay_reject=no -o smtpd_client_restrictions=permit_mynetworks,reject -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o smtpd_end_of_data_restrictions= -o smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000 -o smtpd_client_connection_count_limit=0 -o smtpd_client_connection_rate_limit=0 -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_address_mappings
main.cf 是
alias_database = hash:/etc/postfix/aliases
alias_maps = hash:/etc/postfix/aliases
broken_sasl_auth_clients = yes
canonical_maps = hash:/etc/postfix/canonical
command_directory = /usr/sbin
content_filter = smtp-amavis:[127.0.0.1]:10024
data_directory = /var/lib/postfix
debug_peer_level = 1
debug_peer_list =
default_privs = mail
delay_warning_time = 4
header_checks = regexp:/etc/postfix/regexp_table
html_directory = no
in_flow_delay = 1s
inet_interfaces = all
inet_protocols = ipv4
local_recipient_maps = unix:passwd.byname $alias_maps
local_transport = local
mail_owner = postfix
mail_spool_directory = /var/virtual
mailbox_command = /usr/bin/procmail -a "$EXTENSION"
mailbox_size_limit = 3221225472
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
message_size_limit = 25971520
mydestination = $myhostname, localhost.$mydomain, $mydomain, lists.$mydomain
mydomain = mike-mac.gen.nz
myhostname = mail.mike-mac.gen.nz
mynetworks = 192.168.1.0/24 192.168.3.0/24 webmail.mike-mac.gen.nz localhost.localdomain localhost
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.0.13/README_FILES
receive_override_options = no_address_mappings
recipient_delimiter = +
reject_code = 550
sample_directory = /usr/share/doc/postfix-2.0.13/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_tls_note_starttls_offer = yes
smtp_tls_security_level = may
smtpd_hard_error_limit = 4
smtpd_helo_required = no
smtpd_helo_restrictions = permit_mynetworks, check_helo_access hash:/etc/postfix/helo_access
smtpd_proxy_options = speed_adjust
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, reject_unknown_sender_domain, check_policy_service unix:private/policy, reject_rbl_client zen.spamhaus.org, reject_rbl_client bl.spamcop.net, reject_rbl_client cbl.abuseat.org
smtpd_relay_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, reject_unknown_sender_domain, reject_rbl_client zen.spamhaus.org, reject_rbl_client bl.spamcop.net, reject_rbl_client cbl.abuseat.org
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain =
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_soft_error_limit = 2
smtpd_tls_CAfile = /etc/ssl/certs/cacert.pem
smtpd_tls_auth_only = no
smtpd_tls_cert_file = /etc/letsencrypt/live/Email_cert/fullchain.pem
smtpd_tls_key_file = /etc/letsencrypt/live/Email_cert/privkey.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_timeout = 3600s
strict_mailbox_ownership = no
tls_random_source = dev:/dev/urandom
undisclosed_recipients_header = To: NotSayingWhoGetsThis:;
unknown_local_recipient_reject_code = 550
virtual_alias_maps = hash:/etc/postfix/virtual
virtual_gid_maps = static:12
virtual_mailbox_base = /var/virtual
virtual_mailbox_domains = hash:/etc/postfix/vmaildomains
virtual_mailbox_limit = 2147483648
virtual_mailbox_maps = hash:/etc/postfix/vmailbox,hash:/etc/postfix/virtual-user-map-family.kiwi.nz,hash:/etc/postfix/virtual-user-map-coders.kiwi.nz,hash:/etc/postfix/virtual-user-map-mak.co.nz,hash:/etc/postfix/virtual-user-map-lessonplans.kiwi.nz
virtual_minimum_uid = 1
virtual_transport = virtual
virtual_uid_maps = static:8`
正在运行的守护进程是
systemctl status postfix postgrey amavis spamassassin clamav-freshclam
● postfix.service - Postfix Mail Transport Agent
Loaded: loaded (/lib/systemd/system/postfix.service; enabled; vendor preset: enabled)
Active: active (exited) since Sat 2021-10-02 21:58:34 NZDT; 29min ago
Process: 1047688 ExecStart=/bin/true (code=exited, status=0/SUCCESS)
Main PID: 1047688 (code=exited, status=0/SUCCESS)
Oct 02 21:58:34 wilma systemd[1]: Starting Postfix Mail Transport Agent...
Oct 02 21:58:34 wilma systemd[1]: Finished Postfix Mail Transport Agent.
● postgrey.service - LSB: Start/stop the postgrey daemon
Loaded: loaded (/etc/init.d/postgrey; generated)
Active: active (running) since Sat 2021-10-02 21:58:34 NZDT; 29min ago
Docs: man:systemd-sysv-generator(8)
Process: 1047510 ExecStart=/etc/init.d/postgrey start (code=exited, status=0/SUCCESS)
Tasks: 1 (limit: 17839)
Memory: 18.7M
CGroup: /system.slice/postgrey.service
└─1039871 postgrey --pidfile=/var/run/postgrey.pid --daemonize --inet=10023
Oct 02 21:58:34 wilma postgrey[1047518]: whitelisted: 194.7.234.142/32
Oct 02 21:58:34 wilma postgrey[1047518]: whitelisted: 194.7.234.143/32
Oct 02 21:58:34 wilma postgrey[1047518]: whitelisted: 213.143.66.210/32
Oct 02 21:58:34 wilma postgrey[1047518]: Pid_file "/var/run/postgrey.pid" already exists. Overwriting!
Oct 02 21:58:34 wilma postgrey[1047583]: Process Backgrounded
Oct 02 21:58:34 wilma systemd[1]: Started LSB: Start/stop the postgrey daemon.
Oct 02 21:58:34 wilma postgrey[1047510]: ...done.
Oct 02 21:58:34 wilma postgrey[1047583]: 2021/10/02-21:58:34 postgrey (type Net::Server::Multiplex) starting! pid(1047583)
Oct 02 21:58:34 wilma postgrey[1047583]: Resolved [localhost]:10023 to [127.0.0.1]:10023, IPv4
Oct 02 21:58:34 wilma postgrey[1047583]: Binding to TCP port 10023 on host 127.0.0.1 with IPv4
● amavis.service - LSB: Starts amavisd-new mailfilter
Loaded: loaded (/etc/init.d/amavis; generated)
Active: active (running) since Sat 2021-10-02 21:58:35 NZDT; 29min ago
Docs: man:systemd-sysv-generator(8)
Process: 1047562 ExecStart=/etc/init.d/amavis start (code=exited, status=0/SUCCESS)
Tasks: 3 (limit: 17839)
Memory: 160.8M
CGroup: /system.slice/amavis.service
├─1047705 /usr/sbin/amavisd-new (master)
├─1047714 /usr/sbin/amavisd-new (virgin child)
└─1047715 /usr/sbin/amavisd-new (virgin child)
Oct 02 21:58:35 wilma amavis[1047705]: No ext program for .zoo, tried: zoo
Oct 02 21:58:35 wilma amavis[1047705]: No ext program for .doc, tried: ripole
Oct 02 21:58:35 wilma amavis[1047705]: No decoder for .F
Oct 02 21:58:35 wilma amavis[1047705]: No decoder for .doc
Oct 02 21:58:35 wilma amavis[1047705]: No decoder for .lrz
Oct 02 21:58:35 wilma amavis[1047705]: No decoder for .zoo
Oct 02 21:58:35 wilma amavis[1047562]: Starting amavisd: amavisd-new.
Oct 02 21:58:35 wilma amavis[1047705]: Using primary internal av scanner code for ClamAV-clamd
Oct 02 21:58:35 wilma systemd[1]: Started LSB: Starts amavisd-new mailfilter.
Oct 02 21:58:35 wilma amavis[1047705]: Found secondary av scanner ClamAV-clamscan at /usr/bin/clamscan
● spamassassin.service - Perl-based spam filter using text analysis
Loaded: loaded (/lib/systemd/system/spamassassin.service; enabled; vendor preset: enabled)
Active: active (running) since Sat 2021-10-02 21:58:36 NZDT; 29min ago
Process: 1047534 ExecStart=/usr/sbin/spamd -d --pidfile=/run/spamd.pid $OPTIONS (code=exited, status=0/SUCCESS)
Main PID: 1047641 (spamd)
Tasks: 3 (limit: 17839)
Memory: 109.2M
CGroup: /system.slice/spamassassin.service
├─1047641 /usr/bin/perl -T -w /usr/sbin/spamd -d --pidfile=/run/spamd.pid --create-prefs --max-children 5 --username >
├─1047711 spamd child
└─1047712 spamd child
Oct 02 21:58:33 wilma systemd[1]: Starting Perl-based spam filter using text analysis...
Oct 02 21:58:36 wilma systemd[1]: Started Perl-based spam filter using text analysis.
● clamav-freshclam.service - ClamAV virus database updater
Loaded: loaded (/lib/systemd/system/clamav-freshclam.service; enabled; vendor preset: enabled)
Active: active (running) since Sat 2021-10-02 16:08:46 NZDT; 6h ago
Docs: man:freshclam(1)
man:freshclam.conf(5)
https://www.clamav.net/documents
Main PID: 990816 (freshclam)
Tasks: 1 (limit: 17839)
Memory: 227.4M
CGroup: /system.slice/clamav-freshclam.service
└─990816 /usr/bin/freshclam -d --foreground=true
Oct 02 21:09:46 wilma freshclam[990816]: Sat Oct 2 21:09:46 2021 -> main.cvd database is up-to-date (version: 62, sigs: 6647427, >
Oct 02 21:09:46 wilma freshclam[990816]: Sat Oct 2 21:09:46 2021 -> bytecode.cld database is up-to-date (version: 333, sigs: 92, >
Oct 02 22:09:46 wilma freshclam[990816]: Sat Oct 2 22:09:46 2021 -> Received signal: wake up
Oct 02 22:09:46 wilma freshclam[990816]: Sat Oct 2 22:09:46 2021 -> ClamAV update process started at Sat Oct 2 22:09:46 2021
Oct 02 22:09:46 wilma freshclam[990816]: Sat Oct 2 22:09:46 2021 -> ^Your ClamAV installation is OUTDATED!
Oct 02 22:09:46 wilma freshclam[990816]: Sat Oct 2 22:09:46 2021 -> ^Local version: 0.103.2 Recommended version: 0.103.3
Oct 02 22:09:46 wilma freshclam[990816]: Sat Oct 2 22:09:46 2021 -> DON'T PANIC! Read https://www.clamav.net/documents/upgrading->
Oct 02 22:09:46 wilma freshclam[990816]: Sat Oct 2 22:09:46 2021 -> daily.cvd database is up-to-date (version: 26309, sigs: 19380>
Oct 02 22:09:46 wilma freshclam[990816]: Sat Oct 2 22:09:46 2021 -> main.cvd database is up-to-date (version: 62, sigs: 6647427, >
Oct 02 22:09:46 wilma freshclam[990816]: Sat Oct 2 22:09:46 2021 -> bytecode.cld database is up-to-date (version: 333, sigs: 92,
我意识到我最大的错误是愚蠢,我应该在开始之前备份 main 和 master.cf 文件。话虽如此,任何人都可以看到我看不到的东西吗?
postconf -n
access_map_reject_code = 550
alias_database = hash:/etc/postfix/aliases
alias_maps = hash:/etc/postfix/aliases
broken_sasl_auth_clients = yes
canonical_maps = hash:/etc/postfix/canonical
command_directory = /usr/sbin
content_filter = smtp-amavis:[127.0.0.1]:10024
data_directory = /var/lib/postfix
debug_peer_level = 1
debug_peer_list =
default_privs = mail
delay_warning_time = 4
header_checks = regexp:/etc/postfix/regexp_table
html_directory = no
in_flow_delay = 1s
inet_interfaces = all
inet_protocols = ipv4
local_recipient_maps = unix:passwd.byname $alias_maps
local_transport = local
mail_owner = postfix
mail_spool_directory = /var/virtual
mailbox_command = /usr/bin/procmail -a "$EXTENSION"
mailbox_size_limit = 3221225472
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
message_size_limit = 25971520
mydestination = $myhostname, localhost.$mydomain, $mydomain, lists.$mydomain
mydomain = mike-mac.gen.nz
myhostname = mail.mike-mac.gen.nz
mynetworks = 192.168.1.0/24 192.168.3.0/24 webmail.mike-mac.gen.nz localhost.localdomain localhost
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.0.13/README_FILES
receive_override_options = no_address_mappings
recipient_delimiter = +
reject_code = 550
sample_directory = /usr/share/doc/postfix-2.0.13/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_tls_note_starttls_offer = yes
smtp_tls_security_level = may
smtpd_hard_error_limit = 4
smtpd_helo_required = no
smtpd_helo_restrictions = permit_mynetworks, check_helo_access hash:/etc/postfix/helo_access
smtpd_proxy_options = speed_adjust
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, reject_unknown_sender_domain, check_policy_service unix:private/policy, reject_rbl_client zen.spamhaus.org, reject_rbl_client bl.spamcop.net, reject_rbl_client cbl.abuseat.org
smtpd_relay_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, reject_unknown_sender_domain, reject_rbl_client zen.spamhaus.org, reject_rbl_client bl.spamcop.net, reject_rbl_client cbl.abuseat.org
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain =
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_soft_error_limit = 2
smtpd_tls_CAfile = /etc/ssl/certs/cacert.pem
smtpd_tls_auth_only = no
smtpd_tls_cert_file = /etc/letsencrypt/live/Email_cert/fullchain.pem
smtpd_tls_key_file = /etc/letsencrypt/live/Email_cert/privkey.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_timeout = 3600s
strict_mailbox_ownership = no
tls_random_source = dev:/dev/urandom
undisclosed_recipients_header = To: NotSayingWhoGetsThis:;
unknown_local_recipient_reject_code = 550
virtual_alias_maps = hash:/etc/postfix/virtual
virtual_gid_maps = static:12
virtual_mailbox_base = /var/virtual
virtual_mailbox_domains = hash:/etc/postfix/vmaildomains
virtual_mailbox_limit = 2147483648
virtual_mailbox_maps = hash:/etc/postfix/vmailbox,hash:/etc/postfix/virtual-user-map-family.kiwi.nz,hash:/etc/postfix/virtual-user-map-coders.kiwi.nz,hash:/etc/postfix/virtual-user-map-mak.co.nz,hash:/etc/postfix/virtual-user-map-lessonplans.kiwi.nz
virtual_minimum_uid = 1
virtual_transport = virtual
virtual_uid_maps = static:8
postconf -M
smtp inet n - n - - smtpd
submission inet n - n - - smtpd
pickup fifo n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 qmgr
tlsmgr unix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - n - - smtp
relay unix - - n - - smtp -o smtp_fallback_relay=
showq unix n - n - - showq
error unix - - n - - error
retry unix - - n - - error
discard unix - - n - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
smtp-amavis unix - - n - 2 smtp -o syslog_name=postfix/amavis -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes -o disable_dns_lookups=yes -o max_use=20 -o smtp_tls_security_level=none
127.0.0.1:10025 inet n - n - - smtpd -o syslog_name=postfix/10025 -o content_filter= -o mynetworks_style=host -o mynetworks=127.0.0.0/8 -o local_recipient_maps= -o relay_recipient_maps= -o strict_rfc821_envelopes=yes -o smtp_tls_security_level=none -o smtpd_tls_security_level=none -o smtpd_restriction_classes= -o smtpd_delay_reject=no -o smtpd_client_restrictions=permit_mynetworks,reject -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o smtpd_end_of_data_restrictions= -o smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000 -o smtpd_client_connection_count_limit=0 -o smtpd_client_connection_rate_limit=0 -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_address_mappings
安装 Modoboa(开源邮件托管)后,我尝试启动 clamav-daemon,但遇到启动条件失败。
systemctl status clamav-daemon.service
clamav-daemon.service - Clam AntiVirus userspace daemon
Loaded: loaded (/lib/systemd/system/clamav-daemon.service; enabled; vendor preset: enabled)
Drop-In: /etc/systemd/system/clamav-daemon.service.d
└─extend.conf
Active: inactive (dead)
Condition: start condition failed at Fri 2021-01-15 04:19:06 EST; 33min ago
└─ ConditionPathExistsGlob=/var/lib/clamav/daily.{c[vl]d,inc} was not met
下面显示了问题,conditionPathExistsGlob=/var/lib/clamav/daily.{c[vl]d,inc} 不满足。我无法使用 systemctl 或其他命令启动服务。经过一些故障排除后,我发现 /var/lib/clamav 是空的,应该有一些 .cvd 更新文件。此外,我无法使用此命令更新 clamav(显示 403 错误):
sudo clamav-freshclam
我现在能做什么?
我正在尝试使用 ClamAV 安排一些任务,但它找不到包含我希望它扫描的目录的文件。
*使用 sudo 不起作用。
*文件设置为权限 644。
*文件在命令行中显示为白色。
我的目标是使用这些列表,以便可以在低使用时间扫描服务器的不同文件夹。我在 CentOS 7 上运行它。
[ENTRY]
#clamscan -r -i –file-list=/home/web_folders.txt --log=/var/log/clamav/clamscan_web.log
[ERROR]
–file-list=/home/web_folders.txt: No such file or directory
WARNING: –file-list=/home/web_folders.txt: Can't access file
我在 Azure 上有两个位于同一子网中的 VM。一个 VM (10.1.0.6) 运行 clamav 守护程序,另一个运行 Java Wildfly 应用程序 (10.1.0.5)。
我想将文件从 Java 应用程序发送到 clam av 守护程序。
我检查了 Clamav 是否正在运行并在端口 3310 上侦听:
netstat -ant|grep 3310
tcp 0 0 127.0.0.1:3310 0.0.0.0:* LISTEN
netstat -lnp | grep clam
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
unix 2 [ ACC ] STREAM LISTENING 800631 -
/var/run/clamav/clamd.ctl
对于 Clam Av 服务器,在虚拟专用网络中打开了所有入站端口。但是,如果我在 java 服务器上检查端口是否可以通过 telnet 或 nc 使用,我会得到:
telnet 10.1.0.6 3310
Trying 10.1.0.6...
telnet: Unable to connect to remote host: Connection refused
nc -vz 10.1.0.6 3310
nc: connect to 10.1.0.6 port 3310 (tcp) failed: Connection refused
如果我通过 Java 应用程序发送文件,我会得到同样的错误。
我的 clamav 设置是否正确,这个问题是否与我的子网配置有关?
谢谢你的帮助!
我在搞乱一些超时设置,并试图找出为 systemd/system 守护进程设置东西的正确方法。具体来说,这是一个动力不足的服务器,我在启动 clamd 时一直超时,所以我试图找出设置 TimeoutStartSec 参数需要多高。我试过了
systemctl edit --full [email protected]
并编辑它说
TimeoutStartSec=20min
然后做了systemctl daemon-reload
但它在 7 分钟后一直神秘地超时。最终,我发现/usr/lib/systemd/system/[email protected]有TimeoutStartSec=420.
可能反对所有正确的做事方式,我编辑了/usr/lib文件的版本,并注释掉了该行。果然,这改变了事情,但它似乎仍然没有阅读/etc/systemd版本。一旦我将其注释掉,它会在 90 秒后开始超时,我想这一定是默认设置。
作为临时解决方法,我已将/usr/lib版本编辑为我想要的 20 分钟,但是……这似乎不是正确的做事方式。
systemctl edit应该是在编辑版本吗/etc/systemd/system?这是假定正确的做事方式吗?我必须做更多的事情systemctl daemon-reload吗?
接受有关“正确方法”的任何和所有建议。
TIA
我可能误解了如何使用clamd。我的情况是,我的媒体服务器功能不够强大,无法扫描文件以及托管它正在运行的其他服务(树莓派)。当我浏览 clamd.conf 和手册页时,似乎有一个选项可以让 clamd 监听指定的 IP 地址和套接字。有没有办法将文件从远程文件服务器流式传输到另一台运行 clamd 的机器上进行扫描?
我也遇到过这种“远程蛤蜊扫描”,尽管它甚至在代码中指出
您必须使用本地套接字来扫描本地文件
(它也被设计为一次扫描一个文件,而不是一个很好的目录)
尽管sandroid指出了类似的问题,但这里已经提出了类似的问题
Clamd 坐下来听取有关需要扫描哪些文件的指令,即它通过 TCP 接收的通信。我们需要知道它如何访问要扫描的邮件文件...
那么,clamd 不支持远程文件扫描吗?如果不是,那么扫描远程文件的最佳方法是什么?我可以临时对文件进行 rsync 并扫描它们或将 raspbian 配置为文件服务器并将其安装到我托管 clamd 服务的机器上。如果有更好的建议,将不胜感激。
Ubuntu 18.04。2Gb RAM + 512mb 交换。
运行 clamav 时,它会消耗 800+mb 的内存,因为它会将所有签名加载到内存中。因此,我将其设置为每天凌晨 3 点运行,而不是持续运行。
到目前为止,tomcat 和 clamav 相处得很好。昨晚凌晨 3 点,当 clamav 开始工作时,tomcat 服务被关闭。
[4643256.375812] OOM killed process 8145 (clamscan) total-vm:1149268kB, anon-rss:969476kB, file-rss:4kB
[7667218.452649] OOM killed process 8865 (java) total-vm:4568248kB, anon-rss:1067312kB, file-rss:0kB
Mar 26 03:00:31 user systemd[1]: tomcat.service: Main process exited, code=killed, status=9/KILL
Mar 26 03:00:31 user systemd[1]: tomcat.service: Failed with result 'signal'.
Mar 26 03:17:08 user systemd[1]: Reloading The Apache HTTP Server.
Mar 26 03:17:08 user systemd[1]: Reloaded The Apache HTTP Server.
我知道升级是一个直接的答案,但在那之前,我的问题是:
有没有办法在不消耗 800+mb 的情况下运行 clamav?
如果类似的事情再次发生,有没有办法自动重启tomcat?
Java 真的占用了 4,568,248kB = 4.5gb 还是我遗漏了什么?
在 tomcat.service 文件中编辑 我有以下内容:
Environment="CATALINA_OPTS=-Xms512M -Xmx1024M -server -XX:+UseParallelGC"
Environment="JAVA_OPTS=-Djava.security.egd=file:///dev/urandom -Djava.awt.headless=true"
我一直在尝试使用以下在 Amazon Linux 1 上运行良好的方法在 Amazon Linux 2 上安装 clamav:
curl -O http://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
sudo yum install epel-release-latest-7.noarch.rpm
sudo yum install clamav clamd -y
sudo sed -i -e "s/Example/#Example/" /etc/freshclam.conf
sudo sed -i -e "s:#DatabaseDirectory /var/lib/clamav:DatabaseDirectory /var/lib/clamav:" /etc/freshclam.conf
sudo sed -i -e "s:#UpdateLogFile /var/log/freshclam.log:UpdateLogFile /var/log/freshclam.log:" /etc/freshclam.conf
sudo sed -i -e "s/#DatabaseOwner clamupdate/DatabaseOwner clamupdate/" /etc/freshclam.conf
sudo freshclam
运行最后一条命令
ClamAV update process started at Thu Mar 26 12:10:45 2020
daily database available for download (remote version: 25762)
Time: 1.5s, ETA: 0.0s [=============================>] 57.64MiB/57.64MiB
Testing database: '/var/lib/clamav/tmp.97d56/clamav-4e4a470c3011072ab79e022e287a1609.tmp-daily.cvd' ...
ERROR: Database load killed by signal 9
ERROR: Database test FAILED.
ERROR: Unexpected error when attempting to update database: daily
WARNING: fc_update_databases: fc_update_database failed: Test failed (8)
ERROR: Database update process failed: Test failed (8)
ERROR: Update failed.
我假设该软件包与 AL2 不兼容,但有人安装成功了吗?