Mail server srednje veličine, 4 deo – ClamAV

Instalacija ClamAV antivirus softvera, integracija u MailScanner (videti predhodni post), i testiranje celog paketa zajedno.
ClamAV paket skinuti odavde ili odavde.
I da, potrebna su samo ova dva paketa…..
Instalacija (paziti na redosled!):
# rpm -ivh clamav-db-XXX
# rpm -ivh clamav-XXX

Konfiguracioni fajl /etc/freshclam.conf za skidanje update-ova treba da izgleda ovako :
DatabaseDirectory /var/clamav
UpdateLogFile /var/log/clamav/freshclam.log
LogTime yes
LogVerbose yes
LogSyslog yes
DatabaseOwner clamav
DatabaseMirror database.clamav.net

Iz misterioznih razloga NE SME se aktivirati (odhešovati) stavka “#LogRotate yes” i/ili stavka “NotifyClamd /etc/clamd.conf”, jer inače kuka kako nema /etc/clamd.conf fajl…..

Testiranje rada
Test 1
# freshclam Testiranje update-a za ClamAV
ClamAV update process started at Wed Jun 6 10:26:40 2012
main.cvd is up to date (version: 54, sigs: 1044387, f-level: 60, builder: sven)
daily.cvd is up to date (version: 15007, sigs: 202098, f-level: 63, builder: guitar)
bytecode.cvd is up to date (version: 185, sigs: 39, f-level: 63, builder: neo)
Test 2
Napraviti fajl po imenu eicar.test, i njega staviti Eicar test virus :
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
# clamscan Testiranje za prepoznavanje virusa
…..
/nalog/eicar.test: Eicar-Test-Signature FOUND
———– SCAN SUMMARY ———–
Known viruses: 1245187
Engine version: 0.97.4
Scanned directories: 1
Scanned files: 10
Infected files: 1
Data scanned: 24.97 MB
Data read: 45.54 MB (ratio 0.55:1)
Time: 8.884 sec (0 m 8 s)
Test 3
Testiranje da li MailScanner lepo poziva ClamAV :
# /usr/lib/MailScanner/clamav-wrapper /nalog
Upereno na folder gde je eicar.test fajl
….
/nalog/eicar.test: Eicar-Test-Signature FOUND
———– SCAN SUMMARY ———–
Known viruses: 1245187
Engine version: 0.97.4
Scanned directories: 1
Scanned files: 9
Infected files: 1
Total errors: 1
Data scanned: 13.55 MB
Data read: 45.54 MB (ratio 0.30:1)
Time: 7.649 sec (0 m 7 s)