> off the Amavis email scanning solution notes I had, and will try that > instead. Does anyone have suggestions for email / content protection? All > suggestions welcome.... Pierluigi Miranda posted a HowTo on this list about Amavis, I attached it again. Michael Jung
Hallo everyone, I have no intention to "saw anybody's legs off", but casually I was working on an automatic email virus checking system when I read Allen Rapini's request and Michael Yung's reply. I've just finished installing and configuring AMaViS on my production E-Smith gateway, and it seems to work well. So I guess it could be good to share some notes about what I did and how. Hope than nobody gets offended, and that this can be useful to anybody. Just an introductory word: I grabbed what needed from several packages, to put together a tar archive or even a RPM for future installations, just in case. Being them GPL licensed, I guess that distributing it should not be a problem... anyway, that's what I did. 1. Of course, you need at least an antivirus. I used F-Secure for Linux, because we have excess licenses of the Windows 95 version and I have been able to make a quick and simple agreement to convert one of them to Linux. Anyway, AMaViS supports many antivirus packages, and if it finds more than one product installed it seems capable to scan mail using them all at once. For more informations, check http://www.amavis.org/amavis.html While installing F-Secure, I disabled cron-driven automatic scans, but enabled the scheduling of the daily update check for new virus signatures and modules. More about it later... 2. Starting from the AMaViS home page, download the 'amavis-0.2.1.tar.gz' archive that contains the product, and put it aside: you need some bits and pieces to assemble before even try to configure it. 3. The first piece is unzip: I downloaded and installed the more recent RPM I found on rpmfind.net: ftp://ftp.rpmfind.net/linux/falsehope/pub/unzip/unzip-5.42-1rh62.i386.rpm from the "Falsehope" distribution. It is labeled RH6.2, but works well on my E-Smith 4.0.1. 4. The second piece is a mime handler: the AMaViS authors suggest reformime, part of the maildrop package, itself part of the Courier Mail Server. So whoever already uses Courier can skip this step. On a standard E-Smith, you have to get the maildrop package; go to: http://www.flounder.net/~mrsam/maildrop/ and download the archive 'maildrop-1.3.0.tar.gz' containing the latest version. Untar it in a directory of your choice, enter it and build the product; I used the following commands: ./configure \ --prefix=/usr \ --with-devel \ --without-db \ --enable-syslog=1 \ --enable-trusted-users='root mail daemon postmaster qmaild mmdf' \ --enable-restrict-trusted=0 \ --enable-qmail then make The '--prefix=/usr' is redundant, anyway, because I didn't issued a 'make install': I just copied the files 'rfc2045/reformime' and 'reformime.1' on the production system, then put them in the right place both on the development and the production systems: install -g root -o root reformime /usr/bin install -g root -o root -m 644 reformime.1 /usr/man/man1 5. The third piece to assemble is tnef, a module to unwrap the Microsoft's TNEF messages. Go to: http://world.std.com/~damned/software.html and download the archive 'tnef-0.1.6.tar.gz' containing the latest version of tnef. Untar it in a directory of your choice, enter it and build the product; I used the following commands: ./configure \ --prefix=/usr and make Again, '--prefix=/usr' is redundant. Grab the file 'src/tnef', copy it on the production system and then in the right place both on the development and the production systems: install -g root -o root tnef /usr/bin 6. Now it's time to get to AMaViS. The modules I added are the absolute minumum needed to use the program, but if you wish, you can add more decompressors: in the configure stage they will be recognized and enabled. Untar 'amavis-0.2.1.tar.gz' in a directory of your choice, enter it and build the product; I used the following commands: ./configure \ --prefix=/usr \ --enable-qmail then make '--prefix=/usr' is still redundant, and the configuration will tell AMaVis to work in the '/var/virusmails' directory, to log events in '/var/log/scanmails' and to send a notice both to the sender and to the 'virusalert' alias whenever a mail message contains a virus, keeping a copy of it in /var/virusmails for further analysis. Refer to AMaViS documentation to change this behaviour. Grab the files 'src/zipsecure/zipsecure', 'src/securetar/securetar', 'src/scanmails/scanmails' and 'src/rspawnmsg/rspawnmsg', copy them on the production system and then in the right place both on the development and the production systems: install -g root -o root zipsecure /usr/bin install -g root -o root securetar /usr/bin install -g root -o root scanmails /usr/sbin install -g root -o root rspawnmsg /usr/sbin 7. The mail virus scanning system is ready to run. To start it, do the following: - check that '/usr/lib/sendmail' and '/usr/sbin/sendmail' are both present: they are both logical links to '/var/qmail/bin/sendmail' and part of a standard E-Smith 4.0.1 installation. On my production system, though, they were missing - could be my manipulation of qmail's fault. If you have to recreate them, issue one or both the commands: ln -s /var/qmail/bin/sendmail /usr/lib/sendmail ln -s /var/qmail/bin/sendmail /usr/sbin/sendmail - create the 'virusalert' alias (I used admin as a real account, but it can be even an offsite user); if your domain is 'domain.com', issue the command: echo [EMAIL PROTECTED]>/var/qmail/alias/.qmail-virusalert - create an 'anonymous' alias as suggested to prevent bouncing if you enable recipient notification and inadvertently send a message containing a virus to a non existent address: echo [EMAIL PROTECTED]>/var/qmail/alias/.qmail-anonymous - create the log and the sandbox directories: install -d -o root -g root -m 1777 /var/log/scanmails install -d -o root -g root -m 1777 /var/virusmails - activate AMaViS; you'll need to rename two qmail executable, linking the original names with scanmails. Just to be sure, shut down qmail: service qmail.init stop mv /var/qmail/bin/qmail-local /var/qmail/bin/qmail-local-real mv /var/qmail/bin/qmail-remote /var/qmail/bin/qmail-remote-real ln -s /usr/sbin/scanmails /var/qmail/bin/qmail-local ln -s /usr/sbin/scanmails /var/qmail/bin/qmail-remote service qmail.init start 8. Get a cup of coffee/tea/chocolate [with chili] and sip it slowly: you deserve it well :) Such a system works, but it's still not fully E-Smith compliant: there's no provision for recreating aliases and for scheduling anti virus updates, for example. This last one is simple, at least in F-Secure case. During the installation phase, it adds a line to the crontab file and then displays it on the screen. If you copy this line, you can put it in a file, let's say 'fsavupdate', and then move it in the '/etc/e-smith/templates/etc/crontab' directory (or the 'templates-custom' one), to have the right crontab file generated during E-Smith events. So, crontab additions won't be lost during E-Smith events, and issuing a '/sbin/e-smith/expand-template /etc/crontab' will be enough to recreate the right crontab file. After the update, a 'service crond restart' command will ensure the automatic update. Just as an example, here are the commands I used: install -d -D /etc/e-smith/templates-custom/etc/crontab echo '14 5 * * * /usr/local/fsav/fsavupdate' \ >/etc/e-smith/templates-custom/etc/crontab/fsavupdate /sbin/e-smith/expand-template /etc/crontab service crond restart More to say, the scanmails is a shell script: it should then be possible to tune all the AMaViS parameters to the finest detail generating it from an E-Smith event or from a manager panel... A side effect: I don't know why, but soon after AMaViS activation my Outlook Express IMAP client started to complain about IMAP server errors... I had to delete the in mail folder pointer file using the appropriate OE panel, then restart the program two or three times to get rid of this quirk, but now it works well again. Enough for now, thanks for your attention - and patience, too :) -- Pierluigi Miranda -- This list is archived To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
-- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
