メールフィルタプラグインlibmilterをインストールする
VERSION_SENDMAIL="8.14.5"
yum -y install m4
/sbin/iptables -I OUTPUT -d ftp.sendmail.org -j ACCEPT
wget "ftp://ftp.sendmail.org/pub/sendmail/sendmail.${VERSION_SENDMAIL}.tar.gz"
tar zxf sendmail.${VERSION_SENDMAIL}.tar.gz
cd sendmail-${VERSION_SENDMAIL}/libmilter/
./Build
make
make install
ls -al /usr/include/libmilter
cd ~
ウイルス対策ClamAVをインストールする(milter対応)
VERSION_CLAMAV=0.97.4
[ -d /usr/local/clamav-${VERSION_CLAMAV} ] && mv /usr/local/clamav-${VERSION_CLAMAV} /usr/local/clamav-${VERSION_CLAMAV}.$( date '+%Y%m%d%H%M%S' )
[ -d ./clamav-${VERSION_CLAMAV} ] && mv ./clamav-${VERSION_CLAMAV} ./clamav-${VERSION_CLAMAV}.$( date '+%Y%m%d%H%M%S' )
mkdir /usr/local/clamav-${VERSION_CLAMAV}
/sbin/iptables -I OUTPUT -d downloads.sourceforge.net -j ACCEPT
wget "http://downloads.sourceforge.net/project/clamav/clamav/${VERSION_CLAMAV}/clamav-${VERSION_CLAMAV}.tar.gz?use_mirror=jaist" -O "clamav-${VERSION_CLAMAV}.tar.gz"
tar zxf clamav-${VERSION_CLAMAV}.tar.gz
cd clamav-${VERSION_CLAMAV}/
./configure --prefix=/usr/local/clamav-${VERSION_CLAMAV} --enable-milter 2>&1 | tee configure-$( date '+%Y%m%d%H%M%S' ).log
make 2>&1 | tee make-$( date '+%Y%m%d%H%M%S' ).log
make install 2>&1 | tee make_install-$( date '+%Y%m%d%H%M%S' ).log
rm -f /usr/local/clamav
ln -s /usr/local/clamav-${VERSION_CLAMAV} /usr/local/clamav
echo '/usr/local/clamav/lib' > /etc/ld.so.conf.d/clamav.conf
/sbin/ldconfig
mkdir /var/run/clamav
chmod 775 /var/run/clamav
chown clamav.clamav /var/run/clamav
mkdir /var/lib/clamav
chmod 775 /var/lib/clamav
chown clamav.clamav /var/lib/clamav
mkdir /var/log/clamav
chmod 750 /var/log/clamav
chown clamav.clamav /var/log/clamav
cat << 'EOF' > /etc/logrotate.d/clamav
/var/log/clamav/clamd.log {
missingok
postrotate
/sbin/service clamd reload > /dev/null 2>/dev/null || true
endscript
}
/var/log/clamav/freshclam.log {
missingok
postrotate
/sbin/service freshclam reload > /dev/null 2>/dev/null || true
endscript
}
/var/log/clamav/clamscan.log {
missingok
}
EOF
cp -a /usr/local/clamav/etc/freshclam.conf /usr/local/clamav/etc/freshclam.conf.orig
sed -i \
-e 's/^Example/#Example/' \
-e 's/^#DatabaseDirectory \/var\/lib\/clamav/DatabaseDirectory \/var\/lib\/clamav/' \
-e 's/^#UpdateLogFile \/var\/log\/freshclam.log/UpdateLogFile \/var\/log\/clamav\/freshclam.log/' \
-e 's/^#LogFileMaxSize 2M/LogFileMaxSize 0/' \
-e 's/^#LogTime yes/LogTime yes/' \
-e 's/^#PidFile \/var\/run\/freshclam.pid/PidFile \/var\/run\/clamav\/freshclam.pid/' \
-e 's/^#DatabaseOwner clamav/DatabaseOwner clamav/' \
/usr/local/clamav/etc/freshclam.conf
cat << 'EOF' > /etc/rc.d/init.d/freshclam
#!/bin/bash
#
# chkconfig: 2345 60 40
# description: freshclam is a virus database update tool for ClamAV.
# processname: freshclam
# config: /usr/local/clamav/etc/freshclam.conf
# pidfile: /var/run/clamav/freshclam.pid
# Source function library.
. /etc/rc.d/init.d/functions
[ -f /usr/local/clamav/etc/freshclam.conf ] || exit 1
FRESHCLAM=/usr/local/clamav/bin/freshclam
PROG=freshclam
PIDFILE=/var/run/clamav/freshclam.pid
LOCKFILE=/var/lock/subsys/freshclam
RETVAL=0
start(){
echo -n $"Starting ${PROG}:"
daemon ${FRESHCLAM} -d
RETVAL=${?}
echo
[ ${RETVAL} = 0 ] && touch ${LOCKFILE}
return ${RETVAL}
}
stop(){
echo -n "Shutting down ${PROG}:"
killproc -p ${PIDFILE} -d 10 ${FRESHCLAM}
RETVAL=${?}
echo
[ ${RETVAL} = 0 ] && rm -f ${LOCKFILE}
return ${RETVAL}
}
case "${1}" in
start)
start
;;
stop)
stop
;;
status)
status -p ${PIDFILE} ${FRESHCLAM}
RETVAL=${?}
;;
restart|reload)
stop
start
;;
condrestart)
if [ -f ${PIDFILE} ] ; then
stop
start
fi
;;
*)
echo $"Usage: ${PROG} {start|stop|restart|condrestart|reload|status}"
exit 1
esac
exit ${RETVAL}
EOF
chmod 755 /etc/rc.d/init.d/freshclam
/sbin/chkconfig --add freshclam
/sbin/service freshclam start
sleep 60
cat << 'EOF' > /etc/cron.daily/clamscan.cron
#!/bin/bash
LANG=C
PATH=/usr/bin:/bin:/usr/local/clamav/bin
LOGFILE=/var/log/clamav/clamscan.log
echo -e '\n-------------------------------------------------------------------------------\n\n# Start clamscan -- '$(date '+%Y/%m/%d %H:%M:%S') >> ${LOGFILE}
nice -n 19 clamscan -r -i -l ${LOGFILE} --exclude-dir="^/proc|^/sys|^/dev|^/mnt"
exit ${?}
EOF
chmod +x /etc/cron.daily/clamscan.cron
/etc/cron.daily/clamscan.cron
rm -rf ./test
cd ~
最新のClamAVに対応したlogwatchスクリプトをインストールする
VERSION_LOGWATCH=7.4.0
/sbin/iptables -I OUTPUT -d downloads.sourceforge.net -j ACCEPT
wget http://downloads.sourceforge.net/project/logwatch/logwatch-${VERSION_LOGWATCH}/logwatch-${VERSION_LOGWATCH}.tar.gz
tar zxf logwatch-${VERSION_LOGWATCH}.tar.gz
cp ./logwatch-${VERSION_LOGWATCH}/scripts/services/clam-update /etc/logwatch/scripts/services
