|
Qmail-Scannerのインストール
Qmail-Scanner2.01のインストール
0.改訂履歴
- 2006.07.21 新規作成
- 2005.07.25 レイアウト不備で調整
1.はじめに
このドキュメントでは,Qmail-Scanner2.0.1の導入手順を説明する. 前提としてqmailのインストール等が必要で,かつqmailにはQMAILQUEUEパッチが適用されていなければならない. この手順書では,Maildropを除く関連モジュールのインストールやはQMAILQUEUEパッチ適用方法,test_installation.sh を使った疑似スパム&疑似ウイルスメールの送信及びquarantineディレクトリへの隔離のテストまで行う所までを範囲としている.
なお,使用しているOSは,RedHat Linux ES3上で稼働している.
2.前提となるモジュールのインストール
- 以下のようなモジュールが必要となる.
- Maildrop
- Perl 5.005_03+
- Perl module Time::HiRes
- Perl module DB_File
- Perl module Sys::Syslog
- Perl module MIME::Base64
- Maildropについては,別ドキュメントを参照のこと.
- インストール作業の前に,export LANG=Cを実行しておかないとインストールに失敗するモジュールがあるので注意する.
- CPAN Shellにて,インストールを行う為に,起動する.
[root@jupiter i386]# perl -MCPAN -e shell
cpan shell -- CPAN exploration and modules installation (v1.61)
ReadLine support available (try 'install Bundle::CPAN')
cpan>
|
- 高性能の時刻タイマーであるTime::HiResをインストールする.
cpan> install Time::HiRes
CPAN: Storable loaded ok
Going to read /root/.cpan/Metadata
Database was generated on Wed, 12 Jul 2006 04:29:58 GMT
CPAN: LWP::UserAgent loaded ok
Fetching with LWP:
ftp://ftp.kddilabs.jp/CPAN/authors/01mailrc.txt.gz
Going to read /root/.cpan/sources/authors/01mailrc.txt.gz
CPAN: Compress::Zlib loaded ok
Fetching with LWP:
ftp://ftp.kddilabs.jp/CPAN/modules/02packages.details.txt.gz
Going to read /root/.cpan/sources/modules/02packages.details.txt.gz
Database was generated on Thu, 13 Jul 2006 00:29:25 GMT
There's a new CPAN.pm version (v1.87) available!
[Current version is v1.61]
You might want to try
install Bundle::CPAN
reload cpan
without quitting the current session. It should be a seamless upgrade
while we are running...
Fetching with LWP:
ftp://ftp.kddilabs.jp/CPAN/modules/03modlist.data.gz
Going to read /root/.cpan/sources/modules/03modlist.data.gz
Going to write /root/.cpan/Metadata
Running install for module Time::HiRes
Running make for J/JH/JHI/Time-HiRes-1.87.tar.gz
Fetching with LWP:
ftp://ftp.kddilabs.jp/CPAN/authors/id/J/JH/JHI/Time-HiRes-1.87.tar.gz
CPAN: Digest::MD5 loaded ok
Fetching with LWP:
ftp://ftp.kddilabs.jp/CPAN/authors/id/J/JH/JHI/CHECKSUMS
Checksum for /root/.cpan/sources/authors/id/J/JH/JHI/Time-HiRes-1.87.tar.gz ok
Scanning cache /root/.cpan/build for sizes
Time-HiRes-1.87/
Time-HiRes-1.87/Changes
Time-HiRes-1.87/fallback/
Time-HiRes-1.87/fallback/const-c.inc
Time-HiRes-1.87/fallback/const-xs.inc
Time-HiRes-1.87/hints/
Time-HiRes-1.87/hints/dec_osf.pl
Time-HiRes-1.87/hints/dynixptx.pl
Time-HiRes-1.87/hints/irix.pl
Time-HiRes-1.87/hints/sco.pl
Time-HiRes-1.87/hints/solaris.pl
Time-HiRes-1.87/hints/svr4.pl
Time-HiRes-1.87/HiRes.pm
Time-HiRes-1.87/HiRes.xs
Time-HiRes-1.87/Makefile.PL
Time-HiRes-1.87/MANIFEST
Time-HiRes-1.87/META.yml
Time-HiRes-1.87/ppport.h
Time-HiRes-1.87/README
Time-HiRes-1.87/t/
Time-HiRes-1.87/t/HiRes.t
Time-HiRes-1.87/TODO
Time-HiRes-1.87/typemap
CPAN.pm: Going to build J/JH/JHI/Time-HiRes-1.87.tar.gz
Configuring Time::HiRes...
Have syscall()... looking for syscall.h... found <syscall.h>.
Looking for gettimeofday()... found.
Looking for setitimer()... found.
Looking for getitimer()... found.
You have interval timers (both setitimer and getitimer).
Looking for ualarm()... found.
Looking for usleep()... found.
Looking for nanosleep()... believing $Config{d_nanosleep}... found.
You can mix subsecond sleeps with signals, if you want to.
(It's still not portable, though.)
Looking for clock_gettime()...
*** The test run of './tmp28136' failed: status 9728
*** (the status means: errno = 38 or 'Function not implemented')
*** DO NOT PANIC: this just means that *some* functionality will be missing.
NOT found.
Looking for clock_getres()...
*** The test run of './tmp28136' failed: status 9728
*** (the status means: errno = 38 or 'Function not implemented')
*** DO NOT PANIC: this just means that *some* functionality will be missing.
NOT found.
Looking for clock_nanosleep()... NOT found.
Looking for clock()... found.
Checking if your kit is complete...
Looks good
Writing Makefile for Time::HiRes
Now you may issue 'make'. Do not forget also 'make test'.
cp HiRes.pm blib/lib/Time/HiRes.pm
/usr/bin/perl /usr/lib/perl5/5.8.0/ExtUtils/xsubpp -typemap /usr/lib/perl5/5.
8.0/ExtUtils/typemap -typemap typemap HiRes.xs > HiRes.xsc && mv HiRes.xsc Hi
Res.c
gcc -c -D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -DDEBUGGING -fno-stric
t-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -I/
usr/include/gdbm -O2 -g -pipe -march=i386 -mcpu=i686 -DVERSION=¥"1.87¥" -DXS
_VERSION=¥"1.87¥" -fPIC "-I/usr/lib/perl5/5.8.0/i386-linux-thread-multi/CORE"
-DTIME_HIRES_NANOSLEEP -DTIME_HIRES_CLOCK -DATLEASTFIVEOHOHFIVE HiRes.c
Running Mkbootstrap for Time::HiRes ()
chmod 644 HiRes.bs
rm -f blib/arch/auto/Time/HiRes/HiRes.so
LD_RUN_PATH="" gcc -shared -L/usr/local/lib HiRes.o -o blib/arch/auto/Time/H
iRes/HiRes.so
chmod 755 blib/arch/auto/Time/HiRes/HiRes.so
cp HiRes.bs blib/arch/auto/Time/HiRes/HiRes.bs
chmod 644 blib/arch/auto/Time/HiRes/HiRes.bs
Manifying blib/man3/Time::HiRes.3pm
/usr/bin/make -- OK
Running make test
PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e" "test_harness(0,
'blib/lib', 'blib/arch')" t/*.t
t/HiRes....ok
4/33 skipped:
All tests successful, 4 subtests skipped.
Files=1, Tests=33, 11 wallclock secs ( 3.28 cusr + 0.00 csys = 3.28 CPU)
/usr/bin/make test -- OK
Running make install
Installing /usr/lib/perl5/5.8.0/i386-linux-thread-multi/auto/Time/HiRes/HiRes.
so
Installing /usr/lib/perl5/5.8.0/i386-linux-thread-multi/auto/Time/HiRes/HiRes.
bs
Files found in blib/arch: installing files in blib/lib into architecture depen
dent library tree
Installing /usr/lib/perl5/5.8.0/i386-linux-thread-multi/Time/HiRes.pm
Installing /usr/share/man/man3/Time::HiRes.3pm
Writing /usr/lib/perl5/5.8.0/i386-linux-thread-multi/auto/Time/HiRes/.packlist
Appending installation info to /usr/lib/perl5/5.8.0/i386-linux-thread-multi/pe
rllocal.pod
/usr/bin/make install -- OK
cpan>
|
- BerkeleyDBへのアクセスを行うDB_Fileをインストールする.
cpan> install DB_File
DB_File is up to date.
cpan>
|
- これは,SpamAssasinをインストールしたときにセットアップ済みである.
- 次に,Perlからsyslogへアクセスするためのモジュールをインストールする.
cpan> install Sys::Syslog
Running install for module Sys::Syslog
Running make for S/SA/SAPER/Sys-Syslog-0.16.tar.gz
Fetching with LWP:
ftp://ftp.kddilabs.jp/CPAN/authors/id/S/SA/SAPER/Sys-Syslog-0.16.tar.gz
Fetching with LWP:
ftp://ftp.kddilabs.jp/CPAN/authors/id/S/SA/SAPER/CHECKSUMS
Checksum for /root/.cpan/sources/authors/id/S/SA/SAPER/Sys-Syslog-0.16.tar.gz
ok
Sys-Syslog-0.16/
Sys-Syslog-0.16/Syslog.pm
Sys-Syslog-0.16/Changes
Sys-Syslog-0.16/t/
Sys-Syslog-0.16/t/distchk.t
Sys-Syslog-0.16/t/constants.t
Sys-Syslog-0.16/t/portfs.t
Sys-Syslog-0.16/t/podspell.t
Sys-Syslog-0.16/t/00-load.t
Sys-Syslog-0.16/t/pod.t
Sys-Syslog-0.16/t/syslog.t
Sys-Syslog-0.16/t/podcover.t
Sys-Syslog-0.16/MANIFEST
Sys-Syslog-0.16/fallback/
Sys-Syslog-0.16/fallback/const-c.inc
Sys-Syslog-0.16/fallback/const-xs.inc
Sys-Syslog-0.16/ppport.h
Sys-Syslog-0.16/Syslog.xs
Sys-Syslog-0.16/README
Sys-Syslog-0.16/Makefile.PL
Sys-Syslog-0.16/META.yml
CPAN.pm: Going to build S/SA/SAPER/Sys-Syslog-0.16.tar.gz
WARNING: LICENSE is not a known parameter.
Checking if your kit is complete...
Looks good
'LICENSE' is not a known MakeMaker parameter name.
Writing Makefile for Sys::Syslog
cp Syslog.pm blib/lib/Sys/Syslog.pm
/usr/bin/perl /usr/lib/perl5/5.8.0/ExtUtils/xsubpp -noprototypes -typemap /usr
/lib/perl5/5.8.0/ExtUtils/typemap Syslog.xs > Syslog.xsc && mv Syslog.xsc Sys
log.c
gcc -c -D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -DDEBUGGING -fno-stric
t-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -I/
usr/include/gdbm -O2 -g -pipe -march=i386 -mcpu=i686 -DVERSION=¥"0.16¥" -DXS
_VERSION=¥"0.16¥" -fPIC "-I/usr/lib/perl5/5.8.0/i386-linux-thread-multi/CORE"
Syslog.c
Running Mkbootstrap for Sys::Syslog ()
chmod 644 Syslog.bs
rm -f blib/arch/auto/Sys/Syslog/Syslog.so
LD_RUN_PATH="" gcc -shared -L/usr/local/lib Syslog.o -o blib/arch/auto/Sys/S
yslog/Syslog.so
chmod 755 blib/arch/auto/Sys/Syslog/Syslog.so
cp Syslog.bs blib/arch/auto/Sys/Syslog/Syslog.bs
chmod 644 blib/arch/auto/Sys/Syslog/Syslog.bs
/usr/bin/make -- OK
Running make test
PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e" "test_harness(0,
'blib/lib', 'blib/arch')" t/*.t
t/00-load......# Testing Sys::Syslog 0.16, Perl 5.008, /usr/bin/perl
t/00-load......ok
t/constants....ok
1/78 skipped: irrelevant test in this case
t/distchk......skipped
all skipped: Test::Distribution required for checking distribution
t/pod..........skipped
all skipped: Test::Pod 1.14 required for testing POD
t/podcover.....skipped
all skipped: Test::Pod::Coverage 1.06 required for testing POD coverag
e
t/podspell.....skipped
all skipped: Pod spelling: for developer interest only :)
t/portfs.......skipped
all skipped: Test::Portability::Files required for testing filenames p
ortability
t/syslog.......ok
58/180 skipped: various reasons
All tests successful, 5 tests and 59 subtests skipped.
Files=8, Tests=259, 1 wallclock secs ( 1.45 cusr + 0.17 csys = 1.62 CPU)
/usr/bin/make test -- OK
Running make install
Installing /usr/lib/perl5/5.8.0/i386-linux-thread-multi/auto/Sys/Syslog/Syslog.
so
Files found in blib/arch: installing files in blib/lib into architecture depen
dent library tree
Installing /usr/lib/perl5/5.8.0/i386-linux-thread-multi/Sys/Syslog.pm
Writing /usr/lib/perl5/5.8.0/i386-linux-thread-multi/auto/Sys/Syslog/.packlist
Appending installation info to /usr/lib/perl5/5.8.0/i386-linux-thread-multi/pe
rllocal.pod
/usr/bin/make install -- OK
cpan>
|
cpan> install MIME::Base64
Running install for module MIME::Base64
Running make for G/GA/GAAS/MIME-Base64-3.07.tar.gz
Fetching with LWP:
ftp://ftp.kddilabs.jp/CPAN/authors/id/G/GA/GAAS/MIME-Base64-3.07.tar.gz
Checksum for /root/.cpan/sources/authors/id/G/GA/GAAS/MIME-Base64-3.07.tar.gz
ok
MIME-Base64-3.07/
MIME-Base64-3.07/t/
MIME-Base64-3.07/t/warn.t
MIME-Base64-3.07/t/bad-sv.t
MIME-Base64-3.07/t/unicode.t
MIME-Base64-3.07/t/quoted-print.t
MIME-Base64-3.07/t/base64.t
MIME-Base64-3.07/README
MIME-Base64-3.07/QuotedPrint.pm
MIME-Base64-3.07/MANIFEST
MIME-Base64-3.07/Base64.pm
MIME-Base64-3.07/Changes
MIME-Base64-3.07/Makefile.PL
MIME-Base64-3.07/Base64.xs
CPAN.pm: Going to build G/GA/GAAS/MIME-Base64-3.07.tar.gz
Checking if your kit is complete...
Looks good
Writing Makefile for MIME::Base64
cp QuotedPrint.pm blib/lib/MIME/QuotedPrint.pm
cp Base64.pm blib/lib/MIME/Base64.pm
/usr/bin/perl /usr/lib/perl5/5.8.0/ExtUtils/xsubpp -typemap /usr/lib/perl5/5.
8.0/ExtUtils/typemap Base64.xs > Base64.xsc && mv Base64.xsc Base64.c
gcc -c -D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -DDEBUGGING -fno-stric
t-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -I/
usr/include/gdbm -O2 -g -pipe -march=i386 -mcpu=i686 -DVERSION=¥"3.07¥" -DXS
_VERSION=¥"3.07¥" -fPIC "-I/usr/lib/perl5/5.8.0/i386-linux-thread-multi/CORE"
Base64.c
Running Mkbootstrap for MIME::Base64 ()
chmod 644 Base64.bs
rm -f blib/arch/auto/MIME/Base64/Base64.so
LD_RUN_PATH="" gcc -shared -L/usr/local/lib Base64.o -o blib/arch/auto/MIME/
Base64/Base64.so
chmod 755 blib/arch/auto/MIME/Base64/Base64.so
cp Base64.bs blib/arch/auto/MIME/Base64/Base64.bs
chmod 644 blib/arch/auto/MIME/Base64/Base64.bs
Manifying blib/man3/MIME::QuotedPrint.3pm
Manifying blib/man3/MIME::Base64.3pm
/usr/bin/make -- OK
Running make test
PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e" "test_harness(0,
'blib/lib', 'blib/arch')" t/*.t
t/bad-sv..........skipped
all skipped: Perl::API needed for this test
t/base64..........ok
t/quoted-print....ok
t/unicode.........ok
t/warn............ok
All tests successful, 1 test skipped.
Files=5, Tests=339, 0 wallclock secs ( 0.22 cusr + 0.06 csys = 0.28 CPU)
/usr/bin/make test -- OK
Running make install
Installing /usr/lib/perl5/5.8.0/i386-linux-thread-multi/auto/MIME/Base64/Base6
4.so
Files found in blib/arch: installing files in blib/lib into architecture depen
dent library tree
Installing /usr/lib/perl5/5.8.0/i386-linux-thread-multi/MIME/QuotedPrint.pm
Installing /usr/lib/perl5/5.8.0/i386-linux-thread-multi/MIME/Base64.pm
Installing /usr/share/man/man3/MIME::QuotedPrint.3pm
Installing /usr/share/man/man3/MIME::Base64.3pm
Writing /usr/lib/perl5/5.8.0/i386-linux-thread-multi/auto/MIME/Base64/.packlis
t
Appending installation info to /usr/lib/perl5/5.8.0/i386-linux-thread-multi/pe
rllocal.pod
/usr/bin/make install -- OK
cpan>
|
cpan> quit
Lockfile removed.
[root@jupiter i386]#
|
3.qmail-scannerのインストール
- 公式サイトは,以下.
- Qmail-Scanner: Content Scanner for Qmail
- モジュールを取得する.
[root@jupiter Download]# curl -O http://jaist.dl.sourceforge.net/sourceforge/qma
il-scanner/qmail-scanner-2.01.tgz
% Total % Received % Xferd Average Speed Time Curr.
Dload Upload Total Current Left Speed
100 221k 100 221k 0 0 735k 0 0:00:00 0:00:00 0:00:00 1537k
[root@jupiter Download]#
|
[root@jupiter Download]# tar xfz qmail-scanner-2.01.tgz
[root@jupiter Download]# cd qmail-scanner-2.01
[root@jupiter qmail-scanner-2.01]# ls
CHANGES sub-bitdefender.pl
COPYING sub-clamdscan.pl
FAQ.php sub-clamscan.pl
README sub-csav.pl
README.html sub-decode-base64.pl
TODO.php sub-fprot.pl
autoupdaters sub-fsecure.pl
configure sub-hbedv.pl
configure-options.php sub-inocucmd.pl
contrib sub-iscan.pl
index.php sub-log_msg.pl
jhaar@users.sourceforge.net.gpg sub-nod32.pl
locale sub-normalize.pl
manual-install.php sub-ravlin.pl
perlscanner.php sub-sophie.template
qmail-scanner-queue.template sub-spamassassin.pl
quarantine-events.txt sub-sweep.template
sub-attachments.pl sub-trophie.template
sub-avgd.template sub-uvscan.pl
sub-avp.pl sub-vexira.pl
[root@jupiter qmail-scanner-2.01]#
|
[root@jupiter qmail-scanner-2.01]# ./configure --install
Building Qmail-Scanner 2.01...
Fatal Error: Qmail-Scanner must be installed and run as a separate
account.
Please create the username and group "qscand" before continuing.
e.g.
groupadd qscand
useradd -c "Qmail-Scanner Account" -g qscand -s /bin/false qscand
[root@jupiter qmail-scanner-2.01]#
|
- qscamdというユーザ&グループが必要とのこと.
- グループと,アカウントを作成する.
[root@jupiter qmail-scanner-2.01]# /usr/sbin/groupadd qscand
[root@jupiter qmail-scanner-2.01]# /usr/sbin/useradd -u 720 -c "Qmail-Scanner Acco
unt" -g qscand -s /bin/false qscand
[root@jupiter qmail-scanner-2.01]#
|
[root@jupiter qmail-scanner-2.01]# ./configure --install
Building Qmail-Scanner 2.01...
This script will search your system for the virus scanners it knows
about, and will ensure that all external programs
qmail-scanner-queue.pl uses are explicitly pathed for performance
reasons.
It will then generate qmail-scanner-queue.pl - it is up to you to install it
correctly.
Continue? ([Y]/N)
|
y
**************************
Cannot find evidence of QMAILQUEUE patch in /var/qmail/bin/qmail-smtpd!
This package REQUIRES that Qmail patch in order to operate.
Please read the README.html file again and download and install the patch
before continuing...
**************************
[root@jupiter qmail-scanner-2.01]#
|
- QMAILQUEUEというパッチがqmailに適用されていないため,継続できないとのこと.
4.QMAILQUEUEパッチを当てる
[root@jupiter root]# ps -ef | grep qmail
qmaild 30958 1 0 Jul14 ? 00:00:00 /usr/local/bin/tcpserver -x /e
tc/tcpserver/smtpd_rules.cdb -v -u 509 -g 508 0 smtp /var/qmail//bin/qmail-smt
pd /var/qmail/bin/splogger smtpd 3
qmails 21384 1 0 Jul17 ? 00:00:00 qmail-send
qmaill 21385 21384 0 Jul17 ? 00:00:00 splogger qmail
root 21386 21384 0 Jul17 ? 00:00:00 qmail-lspawn ./Maildir/
qmailr 21387 21384 0 Jul17 ? 00:00:00 qmail-rspawn
qmailq 21388 21384 0 Jul17 ? 00:00:00 qmail-clean
root 8124 8081 0 16:16 pts/2 00:00:00 grep qmail
[root@jupiter root]#
|
[root@jupiter root]# kill 21384
[root@jupiter root]# ps -ef | grep qmail
qmaild 30958 1 0 Jul14 ? 00:00:00 /usr/local/bin/tcpserver -x /e
tc/tcpserver/smtpd_rules.cdb -v -u 509 -g 508 0 smtp /var/qmail//bin/qmail-smt
pd /var/qmail/bin/splogger smtpd 3
root 8126 8081 0 16:17 pts/2 00:00:00 grep qmail
[root@jupiter root]#
|
[root@jupiter root]# kill 30958
[root@jupiter root]# ps -ef | grep qmail
root 8131 8081 0 16:17 pts/2 00:00:00 grep qmail
[root@jupiter root]#
|
[root@jupiter root]# curl -O http://www.qmail.org/qmailqueue-patch
% Total % Received % Xferd Average Speed Time Curr.
Dload Upload Total Current Left Speed
100 2510 100 2510 0 0 2069 0 0:00:01 0:00:01 0:00:00 7228
[root@jupiter root]#
|
[root@jupiter root]# ls -la qmailqueue-patch
-rw-r--r-- 1 root root 2510 7月 20 16:21 qmailqueue-patch
[root@jupiter root]#
|
[root@jupiter root]# cat qmailqueue-patch
From: Bruce Guenter <bguenter-djb-qmail@qcc.sk.ca>
To: qmail@list.cr.yp.to
Subject: QMAILQUEUE patch for qmail-1.03
Date: Mon, 25 Jan 1999 15:37:21 -0600
Greetings.
Appended is a patch to qmail-1.03 that causes any program that would run
qmail-queue to look for an environment variable QMAILQUEUE. If it is
present, it is used in place of the string "bin/qmail-queue" when
running qmail-queue. This could be used, for example, to add a program
into the qmail-smtpd->qmail-queue pipeline that could do filtering,
rewrite broken headers, etc. (this is my planned usage for it).
This has undergone virtually no testing, but it looks so simple that it
almost has to be correct. No warranties, etc. Note that the chdir to
/var/qmail is always done before exec'ing the program.
Does this look like a reasonable thing to do?
--
Bruce Guenter, QCC Communications Corp. EMail: bruce.guenter@qcc.sk.ca
Phone: (306)249-0220 WWW: http://www.qcc.sk.ca/~bguenter/
diff -u qmail-1.03-orig/Makefile qmail-1.03/Makefile
--- qmail-1.03-orig/Makefile Mon Jun 15 04:53:16 1998
+++ qmail-1.03/Makefile Tue Jan 19 10:52:24 1999
@@ -1483,12 +1483,12 @@
trigger.o fmtqfn.o quote.o now.o readsubdir.o qmail.o date822fmt.o ¥
datetime.a case.a ndelay.a getln.a wait.a seek.a fd.a sig.a open.a ¥
lock.a stralloc.a alloc.a substdio.a error.a str.a fs.a auto_qmail.o ¥
-auto_split.o
+auto_split.o env.a
./load qmail-send qsutil.o control.o constmap.o newfield.o ¥
prioq.o trigger.o fmtqfn.o quote.o now.o readsubdir.o ¥
qmail.o date822fmt.o datetime.a case.a ndelay.a getln.a ¥
wait.a seek.a fd.a sig.a open.a lock.a stralloc.a alloc.a ¥
- substdio.a error.a str.a fs.a auto_qmail.o auto_split.o
+ substdio.a error.a str.a fs.a auto_qmail.o auto_split.o env.a
qmail-send.0: ¥
qmail-send.8
diff -u qmail-1.03-orig/qmail.c qmail-1.03/qmail.c
--- qmail-1.03-orig/qmail.c Mon Jun 15 04:53:16 1998
+++ qmail-1.03/qmail.c Tue Jan 19 09:57:36 1999
@@ -6,14 +6,25 @@
#include "fd.h"
#include "qmail.h"
#include "auto_qmail.h"
+#include "env.h"
-static char *binqqargs[2] = { "bin/qmail-queue", 0 } ;
+static char *binqqargs[2] = { 0, 0 } ;
+
+static void setup_qqargs()
+{
+ if(!binqqargs[0])
+ binqqargs[0] = env_get("QMAILQUEUE");
+ if(!binqqargs[0])
+ binqqargs[0] = "bin/qmail-queue";
+}
int qmail_open(qq)
struct qmail *qq;
{
int pim[2];
int pie[2];
+
+ setup_qqargs();
if (pipe(pim) == -1) return -1;
if (pipe(pie) == -1) { close(pim[0]); close(pim[1]); return -1; }
[root@jupiter root]#
|
- QMAILQUEUE環境変数を取得する??
- qmailのソースディレクトリに移動する.
[root@jupiter root]# cd /usr/local/src/qmail-1.03/
[root@jupiter qmail-1.03]#
|
[root@jupiter qmail-1.03]# patch < /root/Download/qmailqueue-patch
patching file Makefile
patching file qmail.c
[root@jupiter qmail-1.03]#
|
[root@jupiter qmail-1.03]# make setup check
./compile qmail.c
./load qmail-local qmail.o quote.o now.o gfrom.o myctime.o ¥
slurpclose.o case.a getln.a getopt.a sig.a open.a seek.a ¥
lock.a fd.a wait.a env.a stralloc.a alloc.a strerr.a ¥
substdio.a error.a str.a fs.a datetime.a auto_qmail.o ¥
auto_patrn.o `cat socket.lib`
./load qmail-send qsutil.o control.o constmap.o newfield.o ¥
prioq.o trigger.o fmtqfn.o quote.o now.o readsubdir.o ¥
qmail.o date822fmt.o datetime.a case.a ndelay.a getln.a ¥
wait.a seek.a fd.a sig.a open.a lock.a stralloc.a alloc.a ¥
substdio.a error.a str.a fs.a auto_qmail.o auto_split.o env.a
./load qmail-inject headerbody.o hfield.o newfield.o ¥
quote.o now.o control.o date822fmt.o constmap.o qmail.o ¥
case.a fd.a wait.a open.a getln.a sig.a getopt.a datetime.a ¥
token822.o env.a stralloc.a alloc.a substdio.a error.a ¥
str.a fs.a auto_qmail.o
./load qmail-qmqpd received.o now.o date822fmt.o qmail.o ¥
auto_qmail.o env.a substdio.a sig.a error.a wait.a fd.a ¥
str.a datetime.a fs.a
./load qmail-qmtpd rcpthosts.o control.o constmap.o ¥
received.o date822fmt.o now.o qmail.o cdb.a fd.a wait.a ¥
datetime.a open.a getln.a sig.a case.a env.a stralloc.a ¥
alloc.a substdio.a error.a str.a fs.a auto_qmail.o
./load qmail-smtpd rcpthosts.o commands.o timeoutread.o ¥
timeoutwrite.o ip.o ipme.o ipalloc.o control.o constmap.o ¥
received.o date822fmt.o now.o qmail.o cdb.a fd.a wait.a ¥
datetime.a getln.a open.a sig.a case.a env.a stralloc.a ¥
alloc.a substdio.a error.a str.a fs.a auto_qmail.o `cat ¥
socket.lib`
./load qreceipt headerbody.o hfield.o quote.o token822.o ¥
qmail.o getln.a fd.a wait.a sig.a env.a stralloc.a alloc.a ¥
substdio.a error.a str.a auto_qmail.o
./load forward qmail.o strerr.a alloc.a fd.a wait.a sig.a ¥
env.a substdio.a error.a str.a fs.a auto_qmail.o
./load condredirect qmail.o strerr.a fd.a sig.a wait.a ¥
seek.a env.a substdio.a error.a str.a fs.a auto_qmail.o
./install
./instcheck
[root@jupiter qmail-1.03]#
|
[root@jupiter qmail-1.03]# /var/qmail/rc &
[1] 8411
[root@jupiter qmail-1.03]# /etc/init.d/qmail-smptd &
[2] 8419
[root@jupiter qmail-1.03]# qmail-smtpd starting.tcpserver: status: 0/40
[2]+ Done /etc/init.d/qmail-smptd
[root@jupiter qmail-1.03]#
[root@jupiter qmail-1.03]# ps -ef | grep qmail
qmails 8411 8081 0 16:29 pts/2 00:00:00 qmail-send
qmaill 8412 8411 0 16:29 pts/2 00:00:00 splogger qmail
root 8413 8411 0 16:29 pts/2 00:00:00 qmail-lspawn ./Maildir/
qmailr 8414 8411 0 16:29 pts/2 00:00:00 qmail-rspawn
qmailq 8415 8411 0 16:29 pts/2 00:00:00 qmail-clean
qmaild 8420 1 0 16:30 pts/2 00:00:00 /usr/local/bin/tcpserver -x
/etc/tcpserver/smtpd_rules.cdb -v -u 509 -g 508 0 smtp /var/qmail//bin/qmai
l-smtpd /var/qmail/bin/splogger smtpd 3
root 8472 8081 0 16:30 pts/2 00:00:00 grep qmail
[root@jupiter qmail-1.03]#
|
4.qmail-scannerのインストールの再開
[root@jupiter qmail-1.03]# cd /root/Download/qmail-scanner-2.01
[root@jupiter qmail-scanner-2.01]#
|
[root@jupiter qmail-scanner-2.01]# ./configure --install --scanners verbose_spamassassin
--admin root
Building Qmail-Scanner 2.01...
This script will search your system for the virus scanners it knows
about, and will ensure that all external programs
qmail-scanner-queue.pl uses are explicitly pathed for performance
reasons.
It will then generate qmail-scanner-queue.pl - it is up to you to install it
correctly.
Continue? ([Y]/N)
|
- --adminで指定しているのは,ウイルス検知メールを通知するメールアドレス.
- ここでrootとしているのは,rootアカウントは管理者へ転送されるようにしているからなので,環境によって適切なアドレスを指定する.
- インストールを進めるかと問われているので,答える.
Continue? ([Y]/N)
y
/usr/bin/uudecode works as expected on system...
The following binaries and scanners were found on your system:
mimeunpacker=/usr/bin/reformime
uudecode=/usr/bin/uudecode
Content/Virus Scanners installed on your System
max-scan-size=100000000
Qmail-Scanner details.
log-details=syslog
log-crypto=0
fix-mime=2
ignore-eol-check=0
debug=1
notify=psender,nmlvadm
redundant-scanning=yes
virus-admin=System Anti-Virus Administrator <root@jupiter>
local-domains='jupiter'
silent-viruses='klez','bugbear','hybris','yaha','braid','nimda','tanatos','sob
ig','winevar','palyh','fizzer','gibe','cailont','lovelorn','swen','dumaru','so
ber','hawawi','holar-i','mimail','poffer','bagle','worm.galil','mydoom','worm.
sco','tanx','novarg','¥@mm'
scanners=
If that looks correct, I will now generate qmail-scanner-queue.pl
for your system...
Continue? ([Y]/N)
|
- Virus Scannerがインストールされているとの事.
- 問題なければqmail-scanner-queue.plを生成するとの事.
- 続ける.
Continue? ([Y]/N)
y
Hit RETURN to create initial directory structure under /var/spool/qscan,
and install qmail-scanner-queue.pl under /var/qmail/bin:
|
- 設定ファイルの格納ディレクトリ(/var/spool/qscan)の表示があり,モジュールの格納ディレクトリを何処にするか指定を求められている.
- 空リターンでデフォルトの/var/qmail/bin/qmail-scanner-queue.plとなるようにする.
perlscanner: generate new DB file from /var/spool/qscan/quarantine-events.txt
perlscanner: total of 12 entries.
Finished installation of initial directory structure for Qmail-Scanner
under /var/spool/qscan and qmail-scanner-queue.pl under /var/qmail/bin.
Finished. Please read README(.html) and then go over the script
(/var/qmail/bin/qmail-scanner-queue.pl) to check paths/etc.
"/var/qmail/bin/qmail-scanner-queue.pl -r" should return some well-known virus
definitions to show that the internal perlscanner component is working.
That's it!
########################################################################
##
#
NOTE: No content/virus scanner was found on your system - so only the
internal perlscaner will be available for you to use.
Hope that's what you expected :-)
#
##
########################################################################
****** FINAL TEST ******
Please log into an unpriviledged account and run
/var/qmail/bin/qmail-scanner-queue.pl -g
If you see the error "Can't do setuid", or "Permission denied", then
refer to the FAQ.
(e.g. "setuidgid qmaild /var/qmail/bin/qmail-scanner-queue.pl -g")
That's it! To report success:
% (echo 'First M. Last'; cat SYSDEF)|mail jhaar-s4vstats@crom.trimble.co.nz
Replace First M. Last with your name.
[root@jupiter qmail-scanner-2.01]#
|
- 問題なく作業が終了した事が確認できた.
- 現在の定義ファイルが認識しているウイルス情報を確認する.
[root@jupiter qmail-scanner-2.01]# /var/qmail/bin/qmail-scanner-queue.pl -r
perlscanner: reading from /var/spool/qscan/quarantine-events.db
Virtual Header: FILELENGTHTOOLONG
Content: ^is-set$
Description: Attachment Filename too long
File: happy99.exe
Size: 10000 bytes
Description: Happy99 Trojan virus
File: zipped_files.exe
Size: 120495 bytes
Description: W32/ExploreZip.worm.pak virus
Email Header: Date
Content: ^.{100,}$
Description: MIME Header Buffer Overflow
Email Header: Resent-Date
Content: ^.{100,}$
Description: MIME Header Buffer Overflow
Virtual Header: FILEDOUBLEBARRELED
Content: ^is-set$
Description: Double-barreled extensions disallowed
Virtual Header: FILECLSID
Content: ^is-set$
Description: Disallowed CLSID file extensions
File: eicar.com
Size: 69 bytes
Description: EICAR Test Virus
Email Header: Subject
Content: ^ILOVEYOU$
Description: Love Letter Virus/Trojan
Email Header: Content-Type
Content: ^message/partial.*$
Description: Message/partial MIME attachments blocked
by policy
Email Header: Mime-Version
Content: ^.{100,}$
Description: MIME Header Buffer Overflow
Email Header: To
Content: ^ZVDOHYIK@yahoo.com|udtzqccc@yahoo.com|DTCELA
CB@yahoo.com|I1MCH2TH@yahoo.com|WPADJQ12@yahoo.com|smr@eurosport.com|bgnd2@can
ada.com|muwripa@fairesuivre.com|eccles@ballsy.net|S_Mentis@mail-x-change.com|Y
JPFJTGZ@excite.com|JGQZCD@excite.com|XHZJ3@excite.com|OZUNYLRL@excite.com|tsnl
qd@excite.com|cxkawog@krovatka.net|ssdn@myrealbox.com$
Description: BadTrans Trojan virus
perlscanner: total of 12 entries found.
[root@jupiter qmail-scanner-2.01]#
|
5.QMAILQUEUE環境変数
- qmailに,QMAILQUEUE環境変数を認識させる必要がある.
- そのためにqmailとtcpserverを停止する.
[root@jupiter qmail-scanner-2.01]# ps -ef | grep qmail
qmaild 8420 1 0 Jul20 ? 00:00:00 /usr/local/bin/tcpserver -x /etc/tcpserver/
smtpd_rules.cdb -v -u 509 -g 508 0 smtp /var/qmail//bin/qmail-smtpd
/var/qmail/bin/splogger smtpd 3
root 32671 5134 0 16:21 pts/0 00:00:00 grep qmail
[root@jupiter qmail-scanner-2.01]#
|
- この場合は,tcpserver飲み稼働していた様であるが,qmail-sendが動作していたら,それも停止する.
[root@jupiter qmail-scanner-2.01]# kill 8420
[root@jupiter qmail-scanner-2.01]# ps -ef | grep qmail
root 32673 5134 0 16:21 pts/0 00:00:00 grep qmail
[root@jupiter qmail-scanner-2.01]#
|
- qmailのSMTPDをtcpserverに登録した際に作成した,起動スクリプトを編集して,QMAILQUEUE環境変数を設定する.
[root@jupiter qmail-scanner-2.01]# cat /etc/rc.d/init.d/qmail-smptd
#!/bin/sh
QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl"
export QMAILQUEUE
echo -n 'qmail-smtpd starting.'
/usr/local/bin/tcpserver -x /etc/tcpserver/smtpd_rules.cdb ¥
-v -u 509 -g 508 0 smtp /var/qmail//bin/qmail-smtpd 2>&1 ¥
/var/qmail/bin/splogger smtpd 3 &
[root@jupiter qmail-scanner-2.01]#
|
[root@jupiter qmail-scanner-2.01]# /var/qmail/rc &
[1] 8597
[root@jupiter qmail-scanner-2.01]#
[root@jupiter qmail-scanner-2.01]# /etc/rc.d/init.d/qmail-smptd
qmail-smtpd starting. tcpserver: status: 0/40
[root@jupiter qmail-scanner-2.01]#
[root@jupiter qmail-scanner-2.01]# ps -ef | grep qmail
qmails 8597 7109 0 19:25 pts/4 00:00:00 qmail-send
qmaill 8598 8597 0 19:25 pts/4 00:00:00 splogger qmail
root 8599 8597 0 19:25 pts/4 00:00:00 qmail-lspawn ./Maildir/
qmailr 8600 8597 0 19:25 pts/4 00:00:00 qmail-rspawn
qmailq 8601 8597 0 19:25 pts/4 00:00:00 qmail-clean
qmaild 8706 1 0 19:25 pts/4 00:00:00 /usr/local/bin/tcpserver -x /e
tc/tcpserver/smtpd_rules.cdb -v -u 509 -g 508 0 smtp /var/qmail//bin/qmail-smt
pd /var/qmail/bin/splogger smtpd 3
root 8717 7109 0 19:26 pts/4 00:00:00 grep qmail
[root@jupiter qmail-scanner-2.01]#
|
[root@jupiter qmail-scanner-2.01]# locate test_installation.sh
/root/Download/qmail-scanner-2.01/contrib/test_installation.sh
[root@jupiter qmail-scanner-2.01]#
|
- このツールは,4種類のスパムやウイルスとして認識されるサンプルのメールを送信するツールである.
- 実行する.
[root@jupiter qmail-scanner-2.01]# /root/Download/qmail-scanner-2.01/contrib/t
est_installation.sh
Usage: ./test_installation.sh -doit
This will simply send 4 Email messages to "root@jupiter".
The first will be a "normal" message, which should be received untouched.
The second contains the EICAR.COM test virus, and the in-built perlscan
module should catch that.
The third also contains the EICAR.COM test virus - but the filename is
different. Therefore it will bypass the perlscan module, but should still
be caught by any commercial virus scanners linked in.
The forth is a SPAM message. If you are running SpamAssassin AND Qmail-Scanner
successfully recongised it, then this message should be tagged (look for
X-Spam-Status: header) as being spam. Obviously if you filter your root mail,
this won't end up in your inbox...
If your Qmail-Scanner installation is correct, this will result in the
2nd and 3rd Emails being blocked. If you are using
SpamAssassin, the 4th should be marked as spam.
As far as who receives the e-mail alerts - that's very specific to your instal
l.
You may have configured Q-S not to notify anyone, or your Q-S "admin" address
may be "postmaster" - in which case notifications won't be sent anyway (as it
appears to be a mailing-list style address). Just look at the logs instead - t
hey
will definitively tell you if Q-S is working correctly. Yet another good reaso
n to
use "--log-details syslog"
If you are logging to syslog, you can just run (as root)
egrep " qmail-scanner¥[.* Qmail-Scanner_" /var/log/messages #or appropriate fi
lename
to see the status of those particular messages (maybe "tail -10000" if your sy
slog
file receives a tonne of records)
To run, execute this script again with "-doit" option.
[root@jupiter qmail-scanner-2.01]#
|
[root@jupiter qmail-scanner-2.01]# /root/Download/qmail-scanner-2.01/contrib/t
est_installation.sh -doit
Sending standard test message - no viruses...
done!
Sending eicar test virus - should be caught by perlscanner module...
done!
Sending eicar test virus with altered filename - should only be caught by comm
ercial anti-virus modules (if you have any)...
Sending bad spam message for anti-spam testing - In case you are using SpamAss
assin...
Done!
Finished test. Now go and check Email sent to root@jupiter
[root@jupiter qmail-scanner-2.01]#
|
- rootユーザに送信されている.
- /var/log/maillogファイルを確認する.
Jul 21 19:55:06 jupiter qmail: 1153479306.497475 new msg 1030333
Jul 21 19:55:06 jupiter qmail: 1153479306.497574 info msg 1030333: bytes 581 f
rom <> qp 13098 uid 720
Jul 21 19:55:06 jupiter qmail-scanner[13093]: qmail-scanner[13093]: Clear:RC:1
(127.0.0.1): 0.031638 336 <> root@tst.ujp.jp Qmail-Scanner_test_(1/4):
_inoffensive_message <20060721105506.13092.qmail@tst.ujp.jp> 115347930
6.13095-0.jupiter:68 orig-jupiter115347930654013093:336
Jul 21 19:55:06 jupiter qmail: 1153479306.661327 starting delivery 136: msg 10
30333 to local root@tst.ujp.jp
Jul 21 19:55:06 jupiter qmail: 1153479306.661435 status: local 1/10 remote 0/2
0
Jul 21 19:55:06 jupiter qmail-scanner[13102]: qmail-scanner[13102]: Perlscan:E
ICAR_Test_Virus:RC:1(127.0.0.1): 0.038795 984 <> root@tst.ujp.jp Qmail
-Scanner_viral_test_(2/4):_checking_perlscanner... <20060721105506.13101.qmail
@tst.ujp.jp> 1153479306.13107-0.jupiter:300 Eicar.com:69 orig-jupiter1
15347930654013102:984
Jul 21 19:55:06 jupiter qmail: 1153479306.945771 new msg 1030334
Jul 21 19:55:06 jupiter qmail: 1153479306.945881 info msg 1030334: bytes 688 f
rom <> qp 13105 uid 508
Jul 21 19:55:07 jupiter qmail: 1153479307.324529 delivery 136: success: did_0+
1+0/qp_13105/
Jul 21 19:55:07 jupiter qmail: 1153479307.324626 status: local 0/10 remote 0/2
0
Jul 21 19:55:07 jupiter qmail: 1153479307.324646 starting delivery 137: msg 10
30334 to local postmaster@tst.ujp.jp
Jul 21 19:55:07 jupiter qmail: 1153479307.324662 status: local 1/10 remote 0/2
0
Jul 21 19:55:07 jupiter qmail: 1153479307.324676 end msg 1030333
Jul 21 19:55:07 jupiter qmail: 1153479307.326434 new msg 1030336
Jul 21 19:55:07 jupiter qmail: 1153479307.326555 info msg 1030336: bytes 1504
from <> qp 13120 uid 720
Jul 21 19:55:07 jupiter qmail-scanner[13112]: qmail-scanner[13112]: Clear:RC:1
(127.0.0.1): 0.042094 1259 <> root@tst.ujp.jp Qmail-Scanner_viral_test
_(3/4):_checking_non-perlscanner_AV... <20060721105506.13111.qmail@ujp.
ddo.jp> 1153479307.13114-0.jupiter:567 sneaky.txt:69 orig-jupiter1153479307540
13112:1259
Jul 21 19:55:07 jupiter qmail: 1153479307.694663 starting delivery 138: msg 10
30336 to local root@tst.ujp.jp
Jul 21 19:55:07 jupiter qmail: 1153479307.694782 status: local 2/10 remote 0/2
Jul 21 19:55:13 jupiter qmail: 1153479313.677666 end msg 1030334
|
- qmail-scannerが動作してSPAMやウイルスメールを判定していることがわかる.
- また,configure時に--adminで設定したrootユーザ宛にメールが来ているので,確認する.
7.隔離メールの確認
- qmail-scannerでウイルス入りメールと判定されたメールは,quarantine(隔離)ディレクトリに移動される.
- このファイルを確認する.
[root@jupiter qmail-scanner-2.01]# ls -la /var/spool/qscan/quarantine/policy/new
total 52
drwxrwx--- 2 qscand qscand 4096 Jul 21 19:55 .
drwxrwx--- 5 qscand qscand 4096 Jul 20 19:55 ..
-rw-rw---- 1 qscand qscand 1323 Jul 21 19:30 jupiter11534778375418871
-rw-rw---- 1 qscand qscand 1323 Jul 21 19:32 jupiter11534779365418956
-rw-rw---- 1 qscand qscand 1323 Jul 21 19:32 jupiter11534779605419027
-rw-rw---- 1 qscand qscand 1323 Jul 21 19:33 jupiter11534780235419102
-rw-rw---- 1 qscand qscand 1323 Jul 21 19:35 jupiter11534781155419235
-rw-rw---- 1 qscand qscand 1292 Jul 21 19:36 jupiter11534781935419329
-rw-rw---- 1 qscand qscand 1293 Jul 21 19:36 jupiter11534782125419406
-rw-rw---- 1 qscand qscand 1292 Jul 21 19:41 jupiter115347849654010600
-rw-rw---- 1 qscand qscand 1310 Jul 21 19:46 jupiter115347881354012779
-rw-rw---- 1 qscand qscand 1294 Jul 21 19:54 jupiter115347924554012971
-rw-rw---- 1 qscand qscand 1294 Jul 21 19:55 jupiter115347930654013102
[root@jupiter qmail-scanner-2.01]#
|
- このディレクトリは,定期的にアーカイブする,消すなどの運用を行う必要がある.
find /var/spool/qscan/quarantine/policy/new/* -mtime +30 -exec rm '{}' ¥;
|
|
|
