Resources: anti-virus software under Linux:
Kaspersky Anti-Virus for Linux (Avpd) http://www.kaspersky.com/
Trophie Anti-Virus daemon http://www.vanja.com/tools/trophie/
Frisk f-prot antivirus http://www.f-prot.com/
Clam anti-virus http://www.clamav.net
Personally, the anti-virus software under Linux does not use, unless it is used for server, such as for mailserver, and more. Of course, the most headache is now the virus spread through the email. If this email arrives in the end user, it is more annoying, because it is not a personal anti-virus software, fewer people know to update the virus library regularly I thought that there was an anti-virus software, I didn't have a good relationship (it seems that there is no need to use the computer with IT.). I often see some companies began to launch the product of the gateway anti-virus. It is more famous with the Viruswall with Trendmacro. It is necessary to sell many silver, can't afford it. But recently, it is estimated that some Linux-based open source software can be used, so Google.
It is mainly to be intercepted by viral email through the gateway. There is definitely a POP3 agent, or there is a SMTP agent, and then cooperate with anti-virus software - thinking is certain that this is the case, did not run.
There is 3RD Party Software on the site of Clamav.
POP3 Scan Daemon caused my attention, look, huh, That's what I want ... After reading the document, basically understand, first use iptables (note, you can't use ipchains, otherwise it will be wrong, in the ip_conntrack module) redirect The POP3 of the network requests the P3Scan port, then P3Scan saves the received email to the temporary folder, call the anti-virus software to check, the output of the filter results, the output of the result, no virus, have a virus, take action and send a warning message to you.
【need】
1. Iptables this is definitely, what? Are you? Embroidery, find your disc installed, what? No CD? That go to rpmfind.net or
Www.netfilter.org
2. Libpcre This is a regular expression parser written by Perl. It should be used to analyze the virus signature, anyway, my Linux is not, go
Under www.pcre.org, you make your own Make
3. There are several of the anti-virus software, I will use Clamav here.
【installation】
slightly. Don't say it,. / Configure make make install Luo
[Configuration]
Here, it involves several aspects:
1. IPTables use DNAT to redirect, turn 110 turn to the port defined by /etc/p3scan/p3scan.conf, the default is 8110
iptables -t nat -a preording -p tcp --dport 110 -j redirect --to-port 8110
2. The configuration of anti-virus software, here I use clamav, more important configurations in /usr/loca/etc/clamav.conf:
User mail - here to use the user as P3Scan, I use mail.mailscanmail - this option is open, the default is commented, allowing the email file to be scanned
Scanrar - this is also open, some virus attachments are RAR
P3Scan is to connect CLAMD to antivirus, so before starting P3Scan, please start Clamd first.
3. P3Scan configuration P3Scan.conf:
Port 8110 - It is good to use it, this change, remember that iptables' redirection is also changed.
User - this is the same as Clamav
Scanner - Several anti-virus software has been defined, pay attention to the modification path
VirusRegexp - This choice of virus regularly corresponding to Scanner
Template - this is a virus email notification to the user
Corresponding some directory:
# MKDIR / ETC / P3Scan
# MKDIR / VAR / RUN / P3SCAN
# MKDIR -P / VAR / SPOOL / P3SCAN / CHILDREN
# MKDIR -P / VAR / SPOOL / P3SCAN / NOTIFY
To belong to the corresponding MAIL user
# chown mail.mail / etc / p3scan
# chown mail.mail / var / run / p3scan
# chown mail.mail / var / spool / p3scan
# chown mail.mail / var / spool / p3scan / children
# chown mail.mail / var / spool / p3scan / notify
【start up】
Start CLAMD first, start P3Scan, because P3Scan is called Clamdscan to check the email, can put it in rc.local, Clamd has its own log, in / var / log / clamd / under / ground, P3Scan has no separate Log, Write to syslog.
[Virus database update]
/ usr / local / bin / Freshclam
【work process】
Repeat again:
LAN Customer Email ->
Network request arrives at the gateway, is redirected by iptables 110 -> 8110 to P3Scan ->
P3Scan gets server information, collects mail, then save the message in a temporary directory, call Clamdscan Turkey ->
Non-toxic, send email to the LAN client; toxic, constructed virus warning letter sent to the client
This process, you can use the P3Scan -d parameter to see the output DEBUG information
Try for a period of time, not bad, basically I received the virus filtered out.
