ClamAVのインストールは次を参照。
ウイルス対策ClamAVをインストールする(milter対応)
ウイルス対策ClamAVをインストールする(milter対応)メールフィルタプラグインlibmilterをインストールするVERSION_SENDMAIL="8.14.5"yum -y install m4/sbin/iptables -I OUTPUT -d ftp.sendmail.org ...pooh.gr.jp2012-04-24
clamdを設定と起動スクリプトを作成する。
cp -a /usr/local/clamav/etc/clamd.conf /usr/local/clamav/etc/clamd.conf.orig
sed -i \
-e '/^Example$/s/^/#/' \
-e 's/^#LogFile \/tmp\/clamd.log$/LogFile \/var\/log\/clamav\/clamd.log/' \
-e 's/^#LogFileMaxSize 2M/LogFileMaxSize 0/' \
-e 's/^#LogTime yes$/LogTime yes/' \
-e 's/^#PidFile \/var\/run\/clamd.pid$/PidFile \/var\/run\/clamav\/clamd.pid/' \
-e '/^#DatabaseDirectory \/var\/lib\/clamav$/s/^#//' \
-e 's/^#LocalSocket \/tmp\/clamd.socket/LocalSocket \/var\/run\/clamav\/clamd.socket/' \
-e 's/^#User clamav$/User clamav/' \
/usr/local/clamav/etc/clamd.conf
cat << 'EOF' > /etc/rc.d/init.d/clamd
#!/bin/bash
#
# chkconfig: 2345 61 39
# description: clamd an anti-virus daemon.
# processname: clamd
# config: /usr/local/clamav/etc/clamd.conf
# pidfile: /var/run/clamav/clamd.pid
# Source function library.
. /etc/rc.d/init.d/functions
[ -f /usr/local/clamav/etc/clamd.conf ] || exit 1
CLAMD=/usr/local/clamav/sbin/clamd
PROG=clamd
PIDFILE=/var/run/clamav/clamd.pid
LOCKFILE=/var/lock/subsys/clamd
RETVAL=0
start(){
echo -n $"Starting ${PROG}:"
daemon ${CLAMD}
RETVAL=${?}
echo
[ ${RETVAL} = 0 ] && touch ${LOCKFILE}
return ${RETVAL}
}
stop(){
echo -n "Shutting down ${PROG}:"
killproc -p ${PIDFILE} -d 10 ${CLAMD}
RETVAL=${?}
echo
[ ${RETVAL} = 0 ] && rm -f ${LOCKFILE}
return ${RETVAL}
}
case "${1}" in
start)
start
;;
stop)
stop
;;
status)
status -p ${PIDFILE} ${CLAMD}
RETVAL=${?}
;;
restart|reload)
stop
start
;;
condrestart)
if [ -f ${PIDFILE} ] ; then
stop
start
fi
;;
*)
echo $"Usage: ${PROG} {start|stop|restart|condrestart|reload|status}"
exit 1
esac
exit ${RETVAL}
EOF
chmod +x /etc/rc.d/init.d/clamd
/sbin/service clamd start
/sbin/chkconfig clamd on
clamav-milterを設定して起動スクリプトを作成する。
cp -a /usr/local/clamav/etc/clamav-milter.conf /usr/local/clamav/etc/clamav-milter.conf.orig
sed -i \
-e '/^Example$/s/^/#/' \
-e 's/^#MilterSocket \/tmp\/clamav-milter.socket$/MilterSocket \/var\/run\/clamav\/clamav-milter.socket/' \
-e '/^#User clamav$/s/^#//' \
-e 's/^#PidFile \/var\/run\/clamav-milter.pid$/PidFile \/var\/run\/clamav\/clamav-milter.pid/' \
-e 's/^#ClamdSocket tcp:scanner.mydomain:7357$/ClamdSocket unix:\/var\/run\/clamav\/clamd.socket/' \
-e 's/^#LogFile \/tmp\/clamav-milter.log$/LogFile \/var\/log\/clamav\/clamav-milter.log/' \
-e 's/^#LogFileMaxSize 2M$/LogFileMaxSize 0/' \
-e '/^#LogTime yes$/s/^#//' \
-e '/^#LogInfected Basic$/s/^#//' \
/usr/local/clamav/etc/clamav-milter.conf
cat << 'EOF' > /etc/rc.d/init.d/clamav-milter
#!/bin/sh
#
# clamav-milter This script starts and stops the clamav-milter daemon
#
# chkconfig: 2345 79 40
#
# description: clamav-milter is a daemon which hooks into sendmail and routes \
# email messages for virus scanning with ClamAV
# processname: clamav-milter
# pidfile: /var/lock/subsys/clamav-milter
# Source function library.
. /etc/rc.d/init.d/functions
# Source networking configuration.
. /etc/sysconfig/network
# Local clamav-milter config
CLAMAV_FLAGS=
test -f /etc/sysconfig/clamav-milter && . /etc/sysconfig/clamav-milter
# Check that networking is up.
[ ${NETWORKING} = "no" ] && exit 0
[ -x /usr/local/clamav/sbin/clamav-milter ] || exit 0
PATH=$PATH:/usr/bin:/usr/local/clamav/sbin:/usr/local/clamav/bin
RETVAL=0
# Clamav-milter must have write access to the pid file, /var/run is not suitable
default_pidfile=
[ -d /var/run/clamav-milter ] && default_pidfile=/var/run/clamav-milter/clamav-milter.pid
[ -d /var/clamav ] && default_pidfile=/var/clamav/clamav-milter.pid
pidfile=${PIDFILE:-$default_pidfile}
lockfile=/var/lock/subsys/clamav-milter
start() {
echo -n "Starting clamav-milter: "
# Don't allow files larger than 25M to be created, to limit DoS
# Needs to be large enough to extract the signature files
ulimit -f 25600
if [ ! -z $pidfile ]; then
CLAMAV_PID=--pidfile=${pidfile}
PID=`pidofproc -p ${pidfile} clamav-milter`
else
CLAMAV_PID=
PID=`pidofproc clamav-milter`
fi
[ -n "$PID" ] && echo " already running!" && return 1
LANG= daemon clamav-milter $CLAMAV_PID ${CLAMAV_FLAGS}
chgrp postfix /var/run/clamav/clamav-milter.socket
chmod g+w /var/run/clamav/clamav-milter.socket
RETVAL=$?
[ ! -z $pidfile -a -f $pidfile ] && sed -i -e 's/-//' $pidfile
echo
test $RETVAL -eq 0 && touch ${lockfile}
return $RETVAL
}
stop() {
echo -n "Shutting down clamav-milter: "
if [ ! -z $pidfile ]; then
killproc -p ${pidfile} clamav-milter
else
killproc clamav-milter
fi
RETVAL=$?
echo
test $RETVAL -eq 0 && rm -f ${lockfile} ${pidfile}
}
restart() {
stop
start
}
# See how we were called.
case "$1" in
start)
# Start daemon.
start
;;
stop)
# Stop daemon.
stop
;;
restart|reload)
restart
;;
condrestart)
test -f ${lockfile} && $0 restart || :
;;
status)
if [ ! -z $pidfile ]; then
status -p ${pidfile} clamav-milter
else
status clamav-milter
fi
;;
*)
echo "Usage: $0 {start|stop|reload|restart|condrestart|status}"
exit 1
esac
exit $?
EOF
chmod +x /etc/rc.d/init.d/clamav-milter
/sbin/service clamav-milter start
/sbin/chkconfig clamav-milter on