14 Februari 2004

Install Clamav AV untuk Postfix Mail

Karena emang lagi butuh, saya coba belajar bagaimana caranya install antivirus untuk mail server yang menggunakan Postfix, yang running diatas mesin linux. Saya memilih untuk menggunakan MailScanner sebagai scanner dan ClamAV sebagai antivirus-nya. kalau dicari-cari di google, ada banyak sekali dokumentasi tentang cara install dan konfigure dua aplikasi diatas. berikut ini adalah kesimpulan (cara cepat) yang berhasil saya rangkum --- Prosedur Install Mail Scanner and ClamAV Using Postfix A. Install ClamAV 1. download dari http://www.clamav.net 2. Buat group dan user clamav
   groupadd clamav
   useradd –g clamav –s /bin/false clamav
3. extract dan install (note xxx = versi clamav)
   tar xvf clamav.xxx.tar.gz
   cd clamav.xxx
   ./configure --sysconfdir=/etc --with-dbdir=/var/lib/clamav
   make
   make install
4. Buat Backup configurasi :
   cp /etc/clamav.conf  /etc/clamav.conf.orig
   cp /etc/freshclam.conf /etc/freshclam.conf.orig
5. Buat direktori dan chmod:
   mkdir /var/run/clamav
   chown postfix.postfix /var/run/clamav

6. Edit Configurasi File clamav.conf  (uncomment baris2 berikut):
   LogFile /tmp/clamd.log
   LogFileMaxSize 2M
   LogTime
   LogSyslog
   PidFile /var/run/clamd.pid
   DatabaseDirectory /var/lib/clamav
   LocalSocket /var/run/clamav/clamd (edit)
   MaxThreads 10
   ReadTimeout 300
   MaxDirectoryRecursion 15
   User clamav
   AllowSupplementaryGroups
   ScanOLE2
   ScanArchive
   ArchiveMaxFileSize 10M
   ArchiveMaxRecursion 5
   ArchiveMaxFiles 1000
   ArchiveMaxCompressionRatio 200
7. Edit Configurasi freshclam.conf (Edit baris berikut, sesuaikan dengan Proxy server yg ada)
   HTTPProxyServer proxy.example.com
   HTTPProxyPort 3128
8. update pattern sekaligus ngecek instalasi
   /usr/local/bin/freshclam
9. Kalau semua OK, jalankan:
   /usr/local/bin/freshclam -d
   /usr/local/sbin/clamd' 
10. Testing.... Harus ada ClamAV-Test-Signature
    /usr/local/bin/clamscan /test
    /usr/local/bin/clamdscan /test
11. tambah baris “/usr/local/sbin/clamd” di file “/etc/rc.d/rc.local” B. Install MailScanner 1. Download mailscanner (saya ambil versi 4.33.3-1) di http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/rpm/MailScanner-4.33.3-1.rpm.tar.gz 2. extract file, lalu jalankan sh install.sh 3. Jalankan perintah:
chkconfig postfix off
chkconfig –level 2345 MailScanner on
C. Setup Postfix Untuk MailScanner 1. Install Postfix version 2 and get it all working. 2. Stop service Postfix 3. Pesan sponsor: Make sure you have the chroot jail set up in /var/spool/postfix. You should be able to see "etc", "usr" and "lib" directories inside /var/spool/postfix). If you haven't got the chroot jail setup already, then look in the "examples" directory of the Postfix documentation and you will find a script in there to set up it up for your operating system. If you can't find that, then see the "Problems or Errors" section further down this page. 4. pada File /etc/postfix/main.cf tambahkan:
   header_checks = regexp:/etc/postfix/header_checks
5. Buat file /etc/postfix/header_checks Tambahkan:
   /^Received:/ HOLD
D. Setup MailScanner Untuk Postfix 1. Configure file MailScanner.conf :
     Run As User = postfix
     Run As Group = postfix
     Incoming Queue Dir = /var/spool/postfix/hold
     Outgoing Queue Dir = /var/spool/postfix/incoming
     MTA = postfix
2. Lalu ubah permission Dir:
    chown postfix.postfix /var/spool/MailScanner/incoming
    chown postfix.postfix /var/spool/MailScanner/quarantine
E. Setup Clamav untuk MailScanner 1. ClamAV harus udah terinstall 2. Default Lokasi di /usr/local/{bin,man,share}. 3. Jalankan perintah sbb:
   perl -MCPAN -e shell
   install Parse::RecDescent
   install Inline
   install Mail::ClamAV
4. File MailScanner.conf, set 'Virus Scanners = clamavmodule'. 5. File MailScanner.conf, check the setting of 'Monitors for ClamAV Updates' Lokasinya harus benar. F. optional: Setup Procmail untuk Buang email virus 1. di home dir. Create file .forward dengan isi text sbb:
   "|IFS=' '&&exec /usr/bin/procmail -f-||exit 75 #"
2. Di home dir buat juga file .procmailrc dengan isi sbb:
MAILDIR=$HOME/Mail
   LOGFILE=$HOME/.procmaillog
   VERBOSE=yes

   :0:                        
   * ^Subject:.*\{virus\?\}
   /dev/null