建设qmail服务器的病毒防护系统

主要参考文档http://www.chinaunix.net/jh/14/84825.html
最近病毒比较猖獗，只好给公司的邮件服务器加个病毒扫描，综合考虑了几种方案，结合自己的现有系统考虑，认为qmail-scanner+clamav(主要是因为免费)比较合适，这种方案的优点就是如果你的qmailqueue-patch在安装时就打好了（不会没打吧），原系统基本不动。
所需软件（假定你有QMAIL系统，且能正常运行）
1、 maildrop-1.5.2.20030423.tar.gz
2、perl-Time-HiRes-1.38-3.i386.rpm
3、clamav-0.65.tar.gz
4、qmail-scanner-1.20.tgz
一 maildrop安装：
tar zxvf maildrop-1.5.2.20030423.tar.gz
./configure [options]
make
make install-strip
make install-man
二安装 perl-Time-HiRes-1.38-3.i386.rpm
rpm -ivh perl-Time-HiRes-1.38-3.i386.rpm
三安装clamav-0.65.tar.gz
grouadd clamav
useradd –g clamav –s /bin/false clamav
tar zxvf clamav-0.65.tar.gz
cd clamav-0.65
./configure
make check
make install
更新病毒库，freshclam
把freshclam加入crontab 定时更新病毒库，
修改/usr/local/etc/clamav.conf
Example前加# 或删掉
执行clamscan 测试
执行clamd
然后执行clamdscan

四安装qmail-scanner-1.20.tgz
groupadd qscand
useradd –g qscand –s /bin/false qscand
tar zxvf qmail-scanner-1.20.tgz
cd qmail-scanner-1.20
./configure --qmail-queue-binary /var /qmail/bin/qmail-queue --admin postmaster \
--domain abc.com.cn --notify sender,admin --local-domains abc.com.cn --lang en_GB\
--debug yes --unzip yes --scanners clamscan
检查有无错误
然后安装./configure --qmail-queue-binary /var /qmail/bin/qmail-queue --admin postmaster \
--domain abc.com.cn --notify sender,admin --local-domains abc.com.cn --lang en_GB\
--debug yes --unzip yes --scanners clamscan --install

看看是否在/var/qmail/bin/qmail-scanner-queue.pl是否存在
chown qscand:qscand /var/qmail/bin/qmail-scanner-queue.pl
chmod 4755 /var/qmail/bin/qmail-scanner-queue.pl
然后用一个普通用户登陆，执行/var/qmail/bin/qmail-scanner-queue.pl -z
如果没有Can't do setuid出现，恭喜你，如果有
回到安装文件目录，有个contrib目录，
make
make install

附加步骤：chown qscand:qscand /var/qmail/bin/qmail-scanner-queue
chmod 4755 /var/qmail/bin/qmail-scanner-queue
chmod 0755 /var/qmail/bin/qmail-scanner-queue.pl

然后用一个普通用户登陆，执行/var/qmail/bin/qmail-scanner-queue -z
/var/qmail/bin/qmail-scanner-queue –g
修改环境变量
1 在你的qmail启动脚本加入
QMAILQUEUE=/var/qmail/bin/qmail-scanner-queue.pl如果作了附加步骤用下面的
QMAILQUEUE=/var/qmail/bin/qmail-scanner-queue
export QMAILQUEUE
2还有一种方法：请参考FAQ.php
Instead set it under the tcpserver smtp rules file (you're using Qmail - so you already know what that is - right? :-). That way you can even setup Qmail-Scanner to only scan mail from particular SMTP client IP address ranges/etc. This is now the only officially supported mechanism. Set it something like this:
#/etc/tcpserver/smtp.rules
#
# No Qmail-Scanner at all for mail from 127.0.0.1
127.:allow,RELAYCLIENT="",RBLSMTPD="",QMAILQUEUE="/var/qmail/bin/qmail-queue"
# Use Qmail-Scanner without SpamAssassin on any mail from the local network
# [it triggers SpamAssassin via the presence of the RELAYCLIENT var]
10.:allow,RELAYCLIENT="",RBLSMTPD="",QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl"
#
# Use Qmail-Scanner with SpamAssassin on any mail from the rest of the world
:allow,QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl"
Then run "maketcprules" or something like "tcprules /etc/tcp.smtp.cdb /etc/tcp.smtp.tmp < /etc/tcp.smtp" to rebuild the database

重起qmail 测试
这里有测试程序
/youdir/software/qmail-scanner-1.20 test_installation.sh

不知什么原因，我的clamscan 扫描不到病毒，
经过测试，发现了原因，正确解决方法：

修改qmail-scanner-queue.pl中的
my $clamscan_options="-r --disable-summary --max-recursion=10 --max-space=1000000";为
my $clamscan_options="-r --mbox --disable-summary --max-recursion=10 --max-space=1000000";
就可以ＯＫ了

主要的排错监测日志
/var/spool/qmailscan/quarantine.log
/var/spool/qmailscan/qmail-queue.log
/var/log/clamd.log
/var/qmail/maillog
,