「ウィルス」という言葉を聞けばピンとくるかもしれませんね。
その名の通りAntiVirus(ウィルス虐待)ツールです。
通常、私たちが使っているのと違う点は、検出と駆除をクライアント側に持たせず、サーバ側で行なう点です。
サーバ側で行なうことにより、一元管理が出来るという事になります。では、一元管理する利点について、以下に何点か挙げておきます。
AntiVir MailGateを取得する
# wget http://free-av.de/personal/en/unix/antivir-mailgate-pers.tar.gz
--11:32:47-- http://free-av.de/personal/en/unix/antivir-mailgate-pers.tar.gz
=> `antivir-mailgate-pers.tar.gz'
free-av.de をDNSに問いあわせています... 62.146.66.180
free-av.de[62.146.66.180]:80 に接続しています... 接続しました。
HTTP による接続要求を送信しました、応答を待っています... 302 Found
場所: http://dl4.avgate.net/personal/en/unix/antivir-mailgate-pers.tar.gz [続く]
--11:32:49-- http://dl4.avgate.net/personal/en/unix/antivir-mailgate-pers.tar.gz
=> `antivir-mailgate-pers.tar.gz'
dl4.avgate.net をDNSに問いあわせています... 62.146.66.184
dl4.avgate.net[62.146.66.184]:80 に接続しています... 接続しました。
HTTP による接続要求を送信しました、応答を待っています... 200 OK
長さ: 12,383,533 [application/x-gzip]
100%[====================================>] 12,383,533 251.12K/s ETA 00:00
11:33:41 (239.13 KB/s) - `antivir-mailgate-pers.tar.gz' saved [12,383,533/12,383,533]
取得したAntiVir MailGateを解凍する
# tar zxvf antivir-mailgate-pers.tar.gz
antivir-mailgate-pers-2.0.2-15/
antivir-mailgate-pers-2.0.2-15/bin/
antivir-mailgate-pers-2.0.2-15/bin/freebsd/
:
:
antivir-mailgate-pers-2.0.2-15/legal/LICENSE.gsoap
antivir-mailgate-pers-2.0.2-15/legal/LICENSE.pcre
antivir-mailgate-pers-2.0.2-15/legal/LICENSE.gpl
解凍してできたantivir-mailgate-pers-x.x.x-xxへ移動する
AntiVir MailGateのディレクトリは取得してできたディレクトリへ移動してください。
下記の指定は2005年07月07日時点の物です。
# cd ./antivir-mailgate-pers-2.0.2-15
AntiVir MailGateをインストールする
# ./install
Starting AntiVir MailGate 2.0.2-15 installation...
Before installing this software, you must agree to the terms
of the license. Press <ENTER> to view the license.
何も入力せず、エンターキー押下
The copyright to this software is owned by
H+BEDV Datentechnik GmbH
Tjark Auerbach; Managing Director
Lindauer Stra煥 21
88069 Tettang
www.antivir.de
www.hbedv.com
- hereinafter the "Licensor" -
It is an offence to reproduce or distribute this Software or parts
thereof without authorisation. Such actions can lead to criminal
or civil proceedings resulting in severe penalties or damage
claims.
The Licensor grants you - hereinafter the "Licensee" - use of
this Software subject to the following licensing conditions:
П Object of Licence
1) The Agreement refers to the present computer program in the
released, full version including the licence file necessary for
its release ("Software") together with the program description,
--続ける--(5%)
ライセンス表示がなくなるまでスペースキー押下
:
:
:
3) This Agreement is governed by the laws of the Federal Republic
of Germany. The place of jurisdiction for dealer Licensees is
the seat of the Licensor.
4) Deliveries to EC countries can only be invoiced without VAT
provided the Licensee has quoted its UST/VAT-ID number.
ライセンスに同意できる場合にはyを入力しエンターキー押下
Do you agree to the license terms? [n]y
1) installing AntiVir Engine
creating /usr/lib/AntiVir ... done
checking for existing /etc/antivir.conf ... not found
copying bin/antivir to /usr/lib/AntiVir/ ... done
NOTICE: This system has a prelinker. Prelinking the
antivir binary will not work correctly. Either
disable prelinking or add /usr/lib/AntiVir as an
excluded prelink path.
For example, add '-b /usr/lib/AntiVir'
to /etc/prelink.conf
copying vdf/antivir.vdf to /usr/lib/AntiVir/ ... done
copying etc/antivir.conf to /etc/ ... done
何も入力せず、エンターキー押下
Enter the path to your key file: []
no key file will be installed
copying script/configantivir to /usr/lib/AntiVir/ ... done
linking /usr/bin/antivir to /usr/lib/AntiVir/antivir ... done
installation of AntiVir Engine complete
2) installing automatic internet updater
An automatic internet updater is available with version 2.0.2-15 of
AntiVir MailGate. This is a daemon that will run in the background
and automatically check for updates (internet access is required).
You may also manually check for updates using:
antivir --update
You do not need to install the automatic internet updater in order
to manually check for updates. Please read the README file for more
information on updates and how they can best suit you.
何も入力せず、エンターキー押下
Would you like to install the automatic internet updater? [n]
automatic internet updater will NOT be installed
3) installing main program
copying doc/avmailgate_de.pdf to /usr/lib/AntiVir/ ... done
copying bin/avgated to /usr/lib/AntiVir/ ... done
copying bin/avgatefwd to /usr/lib/AntiVir/ ... done
copying script/avq to /usr/lib/AntiVir/ ... done
copying script/rc.avgate.redhat to /usr/lib/AntiVir/avmailgate ... done
creating /usr/lib/AntiVir/templates ... done
copying doc/MANUAL to /usr/lib/AntiVir/MANUAL.avmailgate ... done
copying etc/avmailgate.ignore to /etc/ ... done
copying etc/avmailgate.scan to /etc/ ... done
copying etc/avmailgate.warn to /etc/ ... done
creating /var/spool/avmailgate ... done
creating /var/spool/avmailgate/incoming ... done
creating /var/spool/avmailgate/outgoing ... done
creating /var/spool/avmailgate/rejected ... done
Enter the path where the manual pages will be located:
何も入力せず、エンターキー押下
[/usr/share/man]:
copying doc/man/avmailgate.conf.5 to /usr/share/man/man5/ ... done
copying doc/man/avmailgate.8 to /usr/share/man/man8/ ... done
Enter the hosts and/or domains that are local:
ホスト名 ドメイン名をスペースで区切り入力
[]: fedora.kajuhome.com kajuhome.com
Enter the hosts and networks that are allowed to relay:
リレーを許可するネットワークをスペースで区切り入力
[127.0.0.1/8 192.168.0.0/16]: 127.0.0.1/8 192.168.1.0/24
何も入力せず、エンターキー押下
Would you like to create a link in /usr/sbin for avmailgate ? [y]
linking /usr/sbin/avmailgate to /usr/lib/AntiVir/avmailgate ... done
何も入力せず、エンターキー押下
Would you like AvMailGate to start automatically? [y]
setting up startup script ... done
installation of main program complete
checking for existing /etc/avmailgate.conf ... not found
copying etc/avmailgate.conf to /etc/ ... done
Installation of the following features complete:
AntiVir Engine
AntiVir MailGate
If you have any license key files, please copy them to /usr/lib/AntiVir
before running the software. Without a valid license key, it will
run in DEMO mode.
Note: It is highly recommended that you perform an update now to
ensure up-to-date protection. This can be done by running:
antivir --update
Be sure to read the README file for additional information.
Thank you for your interest in AntiVir MailGate.
|
ライセンスキーの移動 事前準備(ユーザー登録)で/root/にコピーしたhbedv.keyを移動します # mv hbedv.key /usr/lib/AntiVir/ ライセンスキーの所有者を変更 # chown uucp:antivir /usr/lib/AntiVir/hbedv.key サービスファイルの変更 # vi /etc/services afs3-rmtsys 7009/tcp # remote cache manager service afs3-rmtsys 7009/udp # remote cache manager service sd 9876/tcp # Session Director sd 9876/udp # Session Director ポート指定の追加(2行) antivir 10024/tcp # Port for avgated smtp-backdoor 10025/tcp # Port for postfix backdoor amanda 10080/tcp # amanda backup services amanda 10080/udp # amanda backup services pgpkeyserver 11371/tcp # PGP/GPG public keyserver pgpkeyserver 11371/udp # PGP/GPG public keyserver AntiVir MailGate設定ファイルの編集 # vi /etc/avmailgate.conf # ------------------------------------------------------------------------ # Select the interface, the SMTP daemon will listen on. # The default listen address of 0.0.0.0 means all interfaces. # IF YOU ARE UNSURE JUST LEAVE IT AS IS! # ListenAddress 0.0.0.0 port 25 AntiVir MailGateのポート指定 ListenAddress localhost port antivir # ------------------------------------------------------------------------ # Select how mail should be forwarded. # Send mail by piping it thru sendmail (this is the default): # ForwardTo /usr/lib/sendmail -oem -oi # Or if you want the mail to be sent by SMTP: # ForwardTo SMTP: localhost port 825 AntiVirからのフォワード先ポート指定 ForwardTo SMTP: localhost port smtp-backdoor Postfix マスタプロセス設定ファイルへ追加 # vi /etc/postfix/master.cf # ========================================================================== # service type private unpriv chroot wakeup maxproc command + args # (yes) (yes) (yes) (never) (100) # ========================================================================== localhost:smtp-backdoor inet n - n - - smtpd -o content_filter= smtp inet n - n - - smtpd #smtps inet n - n - - smtpd # -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes Postfix 設定ファイルへ追加 # vi /etc/postfix/main.cf # readme_directory: The location of the Postfix README files. # readme_directory = /usr/share/doc/postfix-2.0.18/README_FILES alias_database = hash:/etc/postfix/aliases # AntiVir MailGate content_filter = smtp:127.0.0.1:10024 prelinkファイルへ追加 # vi /etc/prelink.conf # This config file contains a list of directories both with binaries # and libraries prelink should consider by default. # If a directory name is prefixed with `-l ', the directory hierarchy # will be walked as long as filesystem boundaries are not crossed. # If a directory name is prefixed with `-h ', symbolic links in a # directory hierarchy are followed. # Directories or files with `-b ' prefix will be blacklisted. -b *.la -b *.png -b *.py : : -b /lib/modules -b /usr/lib/locale -b /usr/X11R6/lib{,64}/X11/xfig -b /usr/lib/AntiVir -l /bin -l /usr/bin -l /sbin : : AntiVir MailGate起動スクリプトのコピー # cp /root/antivir-mailgate-pers-2.0.2-15/script/rc.avgate.redhat /etc/rc.d/init.d/avgate 解凍したAntiVir MailGateを削除する # rm -rf /root/antivir-mailgate-pers-2.0.2-15 取得したAntiVir MailGateを削除する # rm -f /root/antivir-mailgate-pers.tar.gz |
postfixを再起動する
# /etc/rc.d/init.d/postfix restart
Shutting down postfix: [ OK ]
Starting postfix: [ OK ]
AntiVir MailGateを起動する
# /etc/rc.d/init.d/avgate start
Initializing AntiVir MailGate service:
Warning: the file "antivir.vdf" is more than 14 days old
[ OK ]
|
# /usr/lib/AntiVir/antivir --update AntiVir / Linux Version 2.1.3-43 +gui Copyright (c) 1994-2005 by H+BEDV Datentechnik GmbH. All rights reserved. Warning: the file "antivir.vdf" is more than 14 days old A new method to dramatically reduce traffic volume as well as time when updating this software has gone into beta test. This method is also referred to as "incremental VDF updates". To learn more about this please visit http://www.free-av.de/unix_inkrementell.html. checking for updates 06.31.00.05 <=> 06.31.00.161 [vdf database, on-disk] 06.31.00.05 <=> 06.31.00.07 [scan engine, running] 06.31.00.05 <=> 06.31.00.07 [scan engine, on-disk] antivir.vdf 100% |***************************| 3439 KB 88.18 KB/s 0:00 ETA antivir 100% |*******************************| 529 KB 176.53 KB/s 0:00 ETA 06.31.00.161 <=> 06.31.00.161 [vdf database, on-disk] 06.31.00.07 <=> 06.31.00.07 [scan engine, on-disk] reloading AntiVir mail scanner ... OK scan engine 06.31.00.05 --> 06.31.00.07 (/usr/lib/AntiVir/antivir) vdf database 06.31.00.05 --> 06.31.00.161 (/usr/lib/AntiVir/antivir.vdf) AntiVir updated successfully |
シェルスクリプトを作成
# vi /root/antivir_update.sh
#!/bin/sh
echo "Job Name (antivir_update.sh)"
echo " 開始(`date +"%k時%M分%S秒"`)"
/usr/lib/AntiVir/antivir --update
echo " 終了(`date +"%k時%M分%S秒"`)"
作成したシェルスクリプトに実行権を与える
# chmod 700 /root/antivir_update.sh
プログラムを定期的に実行するcrondの設定ファイルを編集する
# crontab -e
毎日00:30にウィルス定義ファイルを更新する
30 00 * * * /root/antivir_update.sh
cronジョブで送られてくるメールが文字化けを起こす場合は、以下を追加する
30 00 * * * /root/antivir_update.sh | nkf -j
nkfは文字コードを変換します。
JISコードに変換する事により文字化けを回避する事が可能。
nkfのパラメータは以下の様になります
-e EUCコードに変換
-s シフトJISコードに変換
-j JISコードに変換
|
ウィルス検出したメールは、AntiVir MailGateによって「/var/spool/avmailgate/rejected/」に保存されます。
残しておく必要が無いのでこれも自動削除してしまいましょう!
シェルスクリプトを作成 # vi /root/antivir_delete.sh #!/bin/sh echo "Job Name (antivir_delete.sh)" echo " 開始(`date +"%k時%M分%S秒"`)" /usr/local/lib/AntiVir/antivir /var/spool/avmailgate/rejected/ -z -e -del echo " 終了(`date +"%k時%M分%S秒"`)" 作成したシェルスクリプトに実行権を与える # chmod 700 /root/antivir_delete.sh プログラムを定期的に実行するcrondの設定ファイルを編集する # crontab -e 30 00 * * * /root/antivir_update.sh | nkf -j 毎日00:00に一掃する 00 00 * * * /root/antivir_delete.sh | nkf -j |
クライアントメールソフトより、自分宛へメールを送信してみます。
受け取ったメールの末尾に記載されていれば、動作しています。
-- This e-mail was scanned with a private, non-commercial version of AntiVir MailGate. See http://www.antivir.de for details. |
X-AntiVirus: checked by AntiVir MailGate (version: 2.0.2-15; AVE: 6.31.0.7; VDF: 6.31.0.155; host: fedora.kajuhome.com) |