邮件杀毒：Qmail-Scanner、AntiVir

gugong

Linux 上的邮件网关（杀病毒）AntiVir MailGate ， 它有两种方法：

1. 直接作 mail 网关，然后利用“ 管道 ”调用 smtp 程序。支持标准的 smtp 程序： sendmail、postfix、qmail。

2. 也是作 mail 网关，在 /etc/sendmail.cf 里添加 avgatemail 选项 （这样 sendmail 在 825 端口监听），然后 再利用 825 端口转发邮件。意思是：25 即是 avmailgate 的 smtp 端口，然后它再利用 825（sendmail）端口转发邮件 ！
请注意：但是人家还是可以利用你的 825 端口 （就是利用原来的 senmail 来给你发送病毒邮件！但是，这种情况很少的。）。这时你可以用防火墙来阻止来自外部的对本机的 825 端口的连接。


在 /etc/services 里面增加：
smtp-backdoor   825/tcp

修改 sendmail.cf 成：
# SMTP daemon options

#O DaemonPortOptions=Port=smtp,Addr=127.0.0.1, Name=MTA
# 原来的。

# -_-_-_-_-_-_-_-_-_-_-_-_-_-_-_- gugong -_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-
#
#       红帽子 V7.x  V8.0 所建立的本文件默认 “只” 对 localhost 即 127.0.0.1
#       提供服务,根据以往本文件的内容，修改为：
#
# SMTP daemon options
O DaemonPortOptions=Name=MTA, Port=smtp-backdoor

O DaemonPortOptions=Port=587, Name=MSA, M=E

# 若 不需要 avgatemail ，则应该是：
#O DaemonPortOptions=Name=MTA

#O DaemonPortOptions=Port=587, Name=MSA, M=E
#       在端口 587 提供 submission 服务（MSA）。
# -_-_-_-_-_-_-_-_-_-_-_-_-_-_-_- gugong -_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-


请看：
邮件网关杀除病毒后返回的报告：

一、

*********************************************************************
                       AntiVir Virus Alert
*********************************************************************
This version of AntiVir MailGate is licensed for private and non-commercial use.
*********************************************************************

AntiVir found these viruses in the following mail:

     Worm/Klez.E

The mail was not delivered.

You may force the delivery without further checking the mail using:

     avq --deliver=04347-536A3823

but we would not advise to do so. You should delete it with:

     avq --remove=04347-536A3823

For more information, please read the manual page avmailgate(.


----------Mail-Info----------
From: winson246 <[email protected]>
To: [email protected]
Subject: Marginheight
Mail-From: [email protected]
Rcpt: [email protected]
Queue-Id: 04347-536A3823
Status: The mail was not delivered!
-----------------------------


-----------Log-File----------
info: extracting attachment 1 to /var/tmp/av-06051-U43SFi/av-0
       (encoding="quoted-printable", name="(no name)", filename="(no name)")
info: extracting attachment 2 to /var/tmp/av-06051-U43SFi/av-1
       (encoding="base64", name="Vebnq.pif", filename="(no name)")
info: extracting attachment 3 to /var/tmp/av-06051-U43SFi/av-2
       (encoding="base64", name="frame", filename="(no name)")
checking file "/var/tmp/av-06051-U43SFi/av-0"
checking file "/var/tmp/av-06051-U43SFi/av-1"
checking file "/var/tmp/av-06051-U43SFi/av-2"
-----------------------------
*********************************************************************
     For more information on AntiVir please visit our web site
          http://www.antivir.de  or  http://www.hbedv.com
                     mailto: [email protected]
               
              AntiVir is a registered trademark of
                    H+BEDV Datentechnik GmbH
*********************************************************************


二、

*********************************************************************
                       AntiVir Virus Alert
*********************************************************************
This version of AntiVir MailGate is licensed for private and non-commercial use.
*********************************************************************

AntiVir found these viruses in a mail for you from winson246 <[email protected]>:

     Worm/Klez.E

The mail was not delivered.

AntiVir  MailGate prevented  a virus  delivery.  But if you  need to
receive further email from winson246 <[email protected]>,  
you should ask him/her to buy a professional antivirus software such
as  AntiVir  from  H+BEDV  Datentechnik  GmbH.  He/She  can  contact
mailto:[email protected] for further information.

----------Mail-Info----------
From: winson246 <[email protected]>
To: [email protected]
Subject: Marginheight
-----------------------------

*********************************************************************
     For more information on AntiVir please visit our web site
          http://www.antivir.de  or  http://www.hbedv.com
                     mailto: [email protected]
               
              AntiVir is a registered trademark of
                    H+BEDV Datentechnik GmbH
*********************************************************************


自动升级病毒库后的报告：

AntiVir has successfully updated itself.

--> /usr/lib/AntiVir/antivir.vdf

Machine: gugonghcs.fruitron.com.cn
Date:    09 May 2002
Time:    10:39:18




-----------------------------
Copyright (C) 1994-2002 by H+BEDV Datentechnik GmbH.
All rights reserved.

For private (non-commercial) use only.


请到 ：

http://www.hbedv.com

下载 Linux 版本，并注册，Linux 的 版本可是免费的哟。

由于附件的后缀名限制，附加的文档的 .txt 结尾是我增加附加档案时添加上去的。

gugong

今天 杀病毒主程序 升级（自动）到 2.0.5 了：

Machine: mail.fruitron.com.cn
Date:    14 Nov 2002
Time:    10:06:41

AntiVir has successfully updated itself.

02.00.04.07 --> 02.00.05.00 (/usr/lib/AntiVir/antivir)

Reloaded AntiVir MailGate successfully.

=======================
Version 2.0.5 Changes
=======================

INTERNET UPDATER
+ fixed a problem with daemon restarter for AvMailGate
+ added cooler update visuals

GUARD
+ now recognizes (and ignores) HUP signals
+ file cacheing system integrated (in server product)
+ console alerts no longer sent (in workstation product)

COMMAND LINE SCANNER
+ now recognizes (and ignores) HUP signals
+ fixed BSD console output
+ resolves relative paths correctly
+ rename and delete archives as well
+ now linked statically

--
AntiVir for UNIX
Copyright (C) 1994-2002 by H+BEDV Datentechnik GmbH.
All rights reserved.

For private (non-commercial) use only.

raink

好东西，这个东西我都恨了很久了，新斑竹，谢谢你！

山里人

好样的!

gugong

其病毒库升级也是很频繁的：

Machine: mail.fruitron.com.cn
Date:    05 Dec 2002
Time:    18:08:02

AntiVir has successfully updated itself.

06.17.00.04 --> 06.17.00.05 (/var/lib/AntiVir/antivir.vdf)

Reloaded AntiVir mail scanner successfully.

--
AntiVir for UNIX
Copyright (C) 1994-2002 by H+BEDV Datentechnik GmbH.
All rights reserved.

For private, non-commercial use only.

yby

看来你们有LINUX下的杀毒软件吧。能不能让我们分享下呢？？？？

HeartIcy

http://www.hbedv.com/download/download.htm

这里。

看不懂也要仔细看，别跳。

ifconfig

怎么注册？

cctvboy

楼主，这东西是不是免费的呢？？？
能不能写个安装教程出来
供偶们这等菜鸟研习，谢谢了

jacobzhu

好像不是免费的。
不过我在用amavis＋panda，这是免费的

andy_cn

好象是DEMO版!

WongMokin

老大, 你说的 http://www.hbedv.com/download/download.htm 不是免费的呀,
不通过认证的只是DEMO, 到时不还得卸掉?

看该页面上的说明, 哈, 如果马大哈一点就吃亏了:
Before downloading, please consider the following points:

The downloadable programs offered here are released for unrestricted use with a valid license file. Without such a file, the AntiVir products can only be used to a limited extent as demo versions.
This license file is supplied to all customers purchasing AntiVir.
Before downloading, please check which versions you have licensed via the file LIC_INFO.TXT (you will find this on your license disk).

gugong

[quote:c46160e2eb="WongMokin"]老大, 你说的 http://www.hbedv.com/download/download.htm 不是免费的呀,
不通过认证的只是DEMO, 到时不还得卸掉?

看该页面上的说明, 哈, 如果马大哈一点就吃亏了:
Before downloading, please consider the following points:

The downloadable programs offered here are released for unrestricted use with a valid license file. Without such a file, the AntiVir products can only be used to a limited extent as demo versions.
This license file is supplied to all customers purchasing AntiVir.
Before downloading, please check which versions you have licensed via the file LIC_INFO.TXT (you will find this on your license disk).[/quote]




你应该再仔细瞧瞧啊，Linux 版本的执照文件是可以免费获得的 ！！

我都用了好久了啊  ！！！！！！！！

http://www.hbedv.com/support/mailgatefaq_e.htm#1

w1ang

对，注册后用一年，再注册。

gugong

[code:1]

2003年10月10日下午23时15分52秒[root@gugong hicommail]#
qmail-scanner-1.16/contrib/test_installation.sh

Usage: ./test_installation.sh -doit

This will simply send 4 Email messages to "root".

The first will be a "normal" message, which should be received untouched.

The second contains the EICAR.COM test virus, and the in-built perlscan
module should catch that.

The third also contains the EICAR.COM test virus - but the filename is
different. Therefore it will bypass the perlscan module, but should still
be caught by any commercial virus scanners linked in.

The forth is a SPAM message. If you are running SpamAssassin AND Qmail-Scanner
successfully recongised it, then this message should be tagged (look for
X-Spam-Status: header) as being spam. Obviously if you filter your root mail,
this won't end up in your inbox...

If your Qmail-Scanner installation is correct, this will result in the
2nd and 3rd Emails being blocked and your Qmail-Scanner administrator
receiving an Email saying this has occured. If you are using
SpamAssassin, the 4th should be marked as spam.

To run, execute this script again with "-doit" option.

2003年10月10日下午23时15分55秒[root@gugong hicommail]#

[/code:1]