Protection contre les virus
http://fr.wikipedia.org/wiki/Antivirus
F-prot
http://www.f-prot.com/products/corporate_users/unix/linux/mailserver.html
F-PROT Antivirus for Linux x86 Mail Servers:
- Scans for over 1310835 known viruses and their variants
- Removes viruses safely without damaging the original file
- Scans all mounted filesystems, directories or specific files
- Scans archives and compressed files
- Includes automated updates to the virus signature database
- Can be configured to perform scheduled scans when used with the cron utility
- Scans e-mail in transit with the three most widely used e-mail systems: Sendmail, Postfix, and Qmail.
Package Gentoo: f-prot
Mises à jour de f-prot tous les jours + mail qui prévient lors de mise à jour. <licode file=/etc/crontab> 0 * * * * root /opt/f-prot/fpupdate </licode>
Avec gentoo, seul fpscan est installé, le démon fpscand est payant (130€ pour 10 personnes au 24/05/2009).
F-prot est donc configuré en antivirus de backup avec amavisd-new.
<licode file=/etc/amavis.conf>
### http://www.f-prot.com/ - backs up F-Prot Daemon, V6 ['F-PROT Antivirus for UNIX', ['fpscan'], '--report --mount --adware {}', # consider: --applications -s 4 -u 3 -z 10 [0,8,64], [1,2,3, 4+1,4+2,4+3, 8+1,8+2,8+3, 12+1,12+2,12+3], qr/^\[Found\s+[^\]]*\]\s+<([^ \t(>]*)/ ],
</licode>
Clamav
Package Gentoo: clamav
<licode file=/etc/clamd.conf>
- (Verbose logging with syslog)
LogSyslog LogVerbose LogFacility LOG_MAIL
- (Change pid file location)
PidFile /var/run/amavis/clamd.pid
- (Set the clamav socket)
LocalSocket /var/amavis/clamd
- (Close the connection when this limit is exceeded)
StreamMaxLength 10M
- (Don't run clamd as root)
User amavis
- (Newer versions require you to uncomment this)
ScanMail ScanArchive Mises à jour (changer le proxy) /etc/freshclam.conf (Syslog logging) LogSyslog (Verbose logging) LogVerbose (Explicitly drop root privileges) DatabaseOwner clamav (Check for updates every two hours. That is the official recommendation) Checks 12 (Use the mirror closest to you. Replace XY with your country code DatabaseMirror db.fr.clamav.net </licode>
<licode file=/etc/conf.d/clamd> START_CLAMD=yes FRESHCLAM_OPTS="-d" </licode>
Dans amavisd.conf, les deux variables qui indiquent les antivirus à utilisers sont:
- @av_scanners
- @av_scanners_backup
av_scanners correspond aux antivirus qui sont lancés en permanence en mémoire
av_scanners_backup sont à relancer pour chaque message (plus lent)
Fixme: les scanners backup sont t'ils utilisés qd un scanner ppl est activé ?
<licode file=/etc/amavisd.conf> (Uncomment the clamav scanner and modify socket location) ['ClamAV-clamd', \&ask_daemon, ["CONTSCAN {}\n", "/var/amavis/clamd"],
qr/\bOK$/, qr/\bFOUND$/, qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
</licode>
#rc-update add clamd default
Signatures externes
Securite Info
http://www.securiteinfo.com/services/clamav_unofficial_malwares_signatures.shtml
<licode file=/etc/cron.daily/antivirus.cron> cd /var/lib/clamav
wget http://clamav.securiteinfo.com/vx.hdb.gz
wget http://clamav.securiteinfo.com/securiteinfo.hdb.gz
wget http://clamav.securiteinfo.com/honeynet.hdb.gz
wget http://clamav.securiteinfo.com/antispam.ndb.gz
gunzip vx.hdb.gz securiteinfo.hdb.gz honeynet.hdb.gz antispam.ndb.gz
</licode>
Avast
Récupérer une licence sur http://www.avast.com/i_kat_340.php?lang=ENG
#cp /root/License.dat /var/lib/avast4/License.dat #tar zxvf libavastengine-4.6.0-i586.tar.gz #cd libavastengine-4.6.0 #./mkinstall.sh
<licode file=/etc/crontab> 0 */6 * * * /usr/bin/avastvpsupdate.pl </licode>
#cd avast4server-2.0.0-i586 #./mkinstall.sh #avastcmd -h
Editer /etc/init.d/avastd (bug indique ne trouve pas fichier de conf)
#man avastd.conf
Lire patches/HOWTO.amavisd-new
3) Create a new avastd scanner section in your avastd.conf configuration file designed for mail scanning (see avastd.conf(5) manual page): [mailscanner] listen=/var/run/avast4/mailscanner.sock .... 4)Restart avastd and amavisd-new daemons.
Editer amavisd.conf <licode file=/etc/amavisd.conf> @av_scanners = ( + ### http://www.avast.com/ + ['avast! Antivirus daemon', + \&ask_daemon, # greets with 220, terminates with QUIT + ["SCAN {}\r\nQUIT\r\n", '/var/run/avast4/mailscanner.sock'], + qr/[\t]\[+\]/, qr/[\t]\[L\][\t]/, qr/[\t]\[L\][\t](.+)[^\r\n]/ ], @av_scanners_backup = ( + ### http://www.avast.com/ + ['avast! Antivirus', 'avastcmd', + '-ai -n -tA {}', [0], [1], qr/infected by: (.*)/ ], </licode>
AVG (grisoft)
AVG Linux Server Edition
195€ pour 15 adresses e-mail sur 2ans
Package Gentoo: sys-libs/lib-compat
#cd avg7-linux/ #./install.sh # avgscan -register <your license number>
Le n° de licence d'essai suivant peut être utilisé: 70LINUX-TTS05-PZ-C01-S1-J18-IHAR
<licode file=/etc/avg.conf> unixSocketName = /tmp/avg.sock </licode>
#avgscan -d
Remarque Gentoo: Créer le script /etc/init.d/avgscan suivant:
<licode file=/etc/init.d/avgscan>
- !/sbin/runscript
depend() {
need net use logger #provide antivirus before amavisd-new
}
checkconfig() {
if [ ! -e /etc/avg.conf ] ; then eerror "You need an /etc/avg.conf to AVG7 Anti-Vir Daemon" return 1 fi
}
start() {
ebegin "Starting AVG7 Anti-Vir Daemon" start-stop-daemon --start --quiet --chuid amavis --exec /usr/bin/avgscan -- -d eend $?
}
stop() {
ebegin "Stopping AVG7 Anti-Vir Daemon" start-stop-daemon --stop --quiet --name avgscan eend $?
} </licode>
The AVG section in the configuration file for amavid-new should contain
<licode file=/etc/amavisd.conf> ['AVG Anti-Virus',
\&ask_daemon, ["SCAN {}\n", '/tmp/avg.sock'], qr/^200/, qr/^403/, qr/^403 .*?: (.+)/ ],
</licode>
AVG Update
#avgupdate -o
<licode file=/etc/crontab>
0 * * * * root avgupdate --online --no-progress –no-daemons 1>/dev/null
</licode>
Copyright
© 2006-2010 Christophe de Livois
Vous avez l'autorisation de copier, distribuer et/ou modifier ce document suivant les termes de la GNU Free Documentation License, Version 1.2 ou n'importe quelle version ultérieure publiée par la Free Software Foundation; sans section invariante, sans page de garde, sans entête et sans page finale. Pour plus d'informations consulter le site de l'APRIL. |