Christophe : 1 version

2012-05-28T20:31:46Z

1 version

Nouvelle page

__TOC__
[[Category:Messagerie]]

http://fr.wikipedia.org/wiki/Antivirus

=F-prot=
http://www.f-prot.com/

http://www.f-prot.com/products/corporate_users/unix/linux/mailserver.html

''F-PROT Antivirus for Linux x86 Mail Servers:
* ''Scans for over 1310835 known viruses and their variants''
* ''Removes viruses safely without damaging the original file''
* ''Scans all mounted filesystems, directories or specific files''
* ''Scans archives and compressed files''
* ''Includes automated updates to the virus signature database''
* ''Can be configured to perform scheduled scans when used with the cron utility''
* ''Scans e-mail in transit with the three most widely used e-mail systems: Sendmail, Postfix, and Qmail.''

<blockquote class="gentoo">
Package Gentoo: f-prot
</blockquote>

Mises à jour de f-prot tous les jours + mail qui prévient lors de mise à jour.
<licode file=/etc/crontab>
0 * * * * root /opt/f-prot/fpupdate
</licode>

Avec gentoo, seul fpscan est installé, le démon fpscand est payant (130€ pour 10 personnes au 24/05/2009).

F-prot est donc configuré en antivirus de backup avec amavisd-new.

<licode file=/etc/amavis.conf>
### http://www.f-prot.com/ - backs up F-Prot Daemon, V6
['F-PROT Antivirus for UNIX', ['fpscan'],
'--report --mount --adware {}', # consider: --applications -s 4 -u 3 -z 10
[0,8,64], [1,2,3, 4+1,4+2,4+3, 8+1,8+2,8+3, 12+1,12+2,12+3],
qr/^\[Found\s+[^\]]*\]\s+<([^ \t(>]*)/ ],
</licode>

=Clamav=
http://www.clamav.net/

<blockquote class="gentoo">
Package Gentoo: clamav
</blockquote>

<licode file=/etc/clamd.conf>
#(Verbose logging with syslog)
LogSyslog
LogVerbose
LogFacility LOG_MAIL
#(Change pid file location)
PidFile /var/run/amavis/clamd.pid
#(Set the clamav socket)
LocalSocket /var/amavis/clamd
#(Close the connection when this limit is exceeded)
StreamMaxLength 10M
#(Don't run clamd as root)
User amavis
#(Newer versions require you to uncomment this)
ScanMail
ScanArchive
Mises à jour (changer le proxy)
/etc/freshclam.conf
(Syslog logging)
LogSyslog
(Verbose logging)
LogVerbose
(Explicitly drop root privileges)
DatabaseOwner clamav
(Check for updates every two hours. That is the official recommendation)
Checks 12
(Use the mirror closest to you. Replace XY with your country code
DatabaseMirror db.fr.clamav.net
</licode>

<licode file=/etc/conf.d/clamd>
START_CLAMD=yes
FRESHCLAM_OPTS="-d"
</licode>

Dans amavisd.conf, les deux variables qui indiquent les antivirus à utilisers sont:
*@av_scanners
*@av_scanners_backup

av_scanners correspond aux antivirus qui sont lancés en permanence en mémoire

av_scanners_backup sont à relancer pour chaque message (plus lent)

Fixme: les scanners backup sont t'ils utilisés qd un scanner ppl est activé ?

<licode file=/etc/amavisd.conf>
(Uncomment the clamav scanner and modify socket location)
['ClamAV-clamd',
\&ask_daemon, ["CONTSCAN {}\n", "/var/amavis/clamd"],
qr/\bOK$/, qr/\bFOUND$/,
qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
</licode>

#rc-update add clamd default

==Signatures externes==
'''Securite Info'''

http://www.securiteinfo.com/services/clamav_unofficial_malwares_signatures.shtml

<licode file=/etc/cron.daily/antivirus.cron>
cd /var/lib/clamav

wget http://clamav.securiteinfo.com/vx.hdb.gz
wget http://clamav.securiteinfo.com/securiteinfo.hdb.gz
wget http://clamav.securiteinfo.com/honeynet.hdb.gz
wget http://clamav.securiteinfo.com/antispam.ndb.gz
gunzip vx.hdb.gz securiteinfo.hdb.gz honeynet.hdb.gz antispam.ndb.gz
</licode>

=Avast=
http://www.avast.com/

Récupérer une licence sur http://www.avast.com/i_kat_340.php?lang=ENG

<pre>
#cp /root/License.dat /var/lib/avast4/License.dat
#tar zxvf libavastengine-4.6.0-i586.tar.gz
#cd libavastengine-4.6.0
#./mkinstall.sh
</pre>

<licode file=/etc/crontab>
0 */6 * * * /usr/bin/avastvpsupdate.pl
</licode>

<pre>
#cd avast4server-2.0.0-i586
#./mkinstall.sh
#avastcmd -h
</pre>

Editer /etc/init.d/avastd (bug indique ne trouve pas fichier de conf)
<pre>
#man avastd.conf
</pre>

Lire patches/HOWTO.amavisd-new
<pre>
3) Create a new avastd scanner section in your avastd.conf configuration
file designed for mail scanning (see avastd.conf(5) manual page):

[mailscanner]
listen=/var/run/avast4/mailscanner.sock
....

4)Restart avastd and amavisd-new daemons.
</pre>

Editer amavisd.conf
<licode file=/etc/amavisd.conf>
@av_scanners = (
+ ### http://www.avast.com/
+ ['avast! Antivirus daemon',
+ \&ask_daemon, # greets with 220, terminates with QUIT
+ ["SCAN {}\r\nQUIT\r\n", '/var/run/avast4/mailscanner.sock'],
+ qr/[\t]\[+\]/, qr/[\t]\[L\][\t]/, qr/[\t]\[L\][\t](.+)[^\r\n]/ ],
@av_scanners_backup = (
+ ### http://www.avast.com/
+ ['avast! Antivirus', 'avastcmd',
+ '-ai -n -tA {}', [0], [1], qr/infected by: (.*)/ ],
</licode>

=AVG (grisoft)=

http://www.grisoft.com

AVG Linux Server Edition

195€ pour 15 adresses e-mail sur 2ans

<blockquote class="gentoo">
Package Gentoo: sys-libs/lib-compat
</blockquote>

<pre>
#cd avg7-linux/
#./install.sh
# avgscan -register <your license number>
</pre>

Le n° de licence d'essai suivant peut être utilisé: 70LINUX-TTS05-PZ-C01-S1-J18-IHAR

<licode file=/etc/avg.conf>
unixSocketName = /tmp/avg.sock
</licode>

<pre>
#avgscan -d
</pre>

<blockquote class="gentoo">
Remarque Gentoo: Créer le script /etc/init.d/avgscan suivant:
</blockquote>

<licode file=/etc/init.d/avgscan>
#!/sbin/runscript

depend() {
need net
use logger
#provide antivirus
before amavisd-new
}

checkconfig() {
if [ ! -e /etc/avg.conf ] ; then
eerror "You need an /etc/avg.conf to AVG7 Anti-Vir Daemon"
return 1
fi
}

start() {
ebegin "Starting AVG7 Anti-Vir Daemon"
start-stop-daemon --start --quiet --chuid amavis --exec /usr/bin/avgscan -- -d
eend $?
}

stop() {
ebegin "Stopping AVG7 Anti-Vir Daemon"
start-stop-daemon --stop --quiet --name avgscan
eend $?
}
</licode>

The AVG section in the configuration file for amavid-new should contain

<licode file=/etc/amavisd.conf>
['AVG Anti-Virus',
\&ask_daemon, ["SCAN {}\n", '/tmp/avg.sock'],
qr/^200/, qr/^403/, qr/^403 .*?: (.+)/ ],
</licode>

<u>AVG Update</u>

<pre>
#avgupdate -o
</pre>

<licode file=/etc/crontab>
0 * * * * root avgupdate --online --no-progress –no-daemons 1>/dev/null
</licode>

{{Copy|2006-2010|Christophe de Livois|FDL}}

Protection contre les virus - Historique des versions

Christophe : 1 version

Christophe : 1 version