3274 lines
72 KiB
HTML
3274 lines
72 KiB
HTML
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
|
|
<HTML
|
|
><HEAD
|
|
><TITLE
|
|
>Qmail-Scanner and ClamAV HowTo</TITLE
|
|
><META
|
|
NAME="GENERATOR"
|
|
CONTENT="Modular DocBook HTML Stylesheet Version 1.7"></HEAD
|
|
><BODY
|
|
CLASS="book"
|
|
BGCOLOR="#FFFFFF"
|
|
TEXT="#000000"
|
|
LINK="#0000FF"
|
|
VLINK="#840084"
|
|
ALINK="#0000FF"
|
|
><DIV
|
|
CLASS="BOOK"
|
|
><A
|
|
NAME="sop"
|
|
></A
|
|
><DIV
|
|
CLASS="TITLEPAGE"
|
|
><H1
|
|
CLASS="title"
|
|
><A
|
|
NAME="AEN2"
|
|
></A
|
|
>Qmail-Scanner and ClamAV HowTo</H1
|
|
><H3
|
|
CLASS="author"
|
|
><A
|
|
NAME="AEN4"
|
|
></A
|
|
>Steve Peace</H3
|
|
><P
|
|
CLASS="othercredit"
|
|
><B
|
|
>Gregory L. Porter - </B
|
|
></P
|
|
><P
|
|
CLASS="edition"
|
|
>version 1.0 Edition </P
|
|
><H4
|
|
CLASS="EDITEDBY"
|
|
>Edited by</H4
|
|
><H3
|
|
CLASS="editor"
|
|
>Todd Hawley</H3
|
|
><P
|
|
CLASS="pubdate"
|
|
>09/19/2004<BR></P
|
|
><DIV
|
|
CLASS="revhistory"
|
|
><TABLE
|
|
WIDTH="100%"
|
|
BORDER="0"
|
|
><TR
|
|
><TH
|
|
ALIGN="LEFT"
|
|
VALIGN="TOP"
|
|
COLSPAN="3"
|
|
><B
|
|
>Revision History</B
|
|
></TH
|
|
></TR
|
|
><TR
|
|
><TD
|
|
ALIGN="LEFT"
|
|
>Revision 1.0</TD
|
|
><TD
|
|
ALIGN="LEFT"
|
|
>09/19/2004</TD
|
|
><TD
|
|
ALIGN="LEFT"
|
|
>Revised by: glp</TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
ALIGN="LEFT"
|
|
COLSPAN="3"
|
|
>Initial Release, reviewed by TLDP</TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
ALIGN="LEFT"
|
|
>Revision 0.9</TD
|
|
><TD
|
|
ALIGN="LEFT"
|
|
>08/01/2004</TD
|
|
><TD
|
|
ALIGN="LEFT"
|
|
>Revised by: glp</TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
ALIGN="LEFT"
|
|
COLSPAN="3"
|
|
>Converted to DocBook</TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
ALIGN="LEFT"
|
|
>Revision 0.4</TD
|
|
><TD
|
|
ALIGN="LEFT"
|
|
>07/01/2004</TD
|
|
><TD
|
|
ALIGN="LEFT"
|
|
>Revised by: srp</TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
ALIGN="LEFT"
|
|
COLSPAN="3"
|
|
>First public draft in html</TD
|
|
></TR
|
|
></TABLE
|
|
></DIV
|
|
><DIV
|
|
><DIV
|
|
CLASS="abstract"
|
|
><A
|
|
NAME="AEN43"
|
|
></A
|
|
><P
|
|
></P
|
|
><P
|
|
>This HOWTO describes how to integrate ClamAV, an anti-virus attachment scanner
|
|
and Qmail-Scanner, an anti-virus message content scanner, with an existing installation
|
|
of a qmail email server.</P
|
|
><P
|
|
></P
|
|
></DIV
|
|
></DIV
|
|
><HR></DIV
|
|
><DIV
|
|
CLASS="TOC"
|
|
><DL
|
|
><DT
|
|
><B
|
|
>Table of Contents</B
|
|
></DT
|
|
><DT
|
|
>1. <A
|
|
HREF="#AEN45"
|
|
>Introduction</A
|
|
></DT
|
|
><DD
|
|
><DL
|
|
><DT
|
|
>1.1. <A
|
|
HREF="#AEN47"
|
|
>What This Document Is:</A
|
|
></DT
|
|
><DT
|
|
>1.2. <A
|
|
HREF="#AEN53"
|
|
>What This Document Is Not:</A
|
|
></DT
|
|
><DT
|
|
>1.3. <A
|
|
HREF="#AEN56"
|
|
>Acknowledgments</A
|
|
></DT
|
|
><DT
|
|
>1.4. <A
|
|
HREF="#AEN69"
|
|
>Copyright</A
|
|
></DT
|
|
><DT
|
|
>1.5. <A
|
|
HREF="#AEN76"
|
|
>Disclaimer</A
|
|
></DT
|
|
><DT
|
|
>1.6. <A
|
|
HREF="#AEN82"
|
|
>News</A
|
|
></DT
|
|
></DL
|
|
></DD
|
|
><DT
|
|
>2. <A
|
|
HREF="#AEN87"
|
|
>Prerequisites</A
|
|
></DT
|
|
><DT
|
|
>3. <A
|
|
HREF="#AEN105"
|
|
>ClamAV</A
|
|
></DT
|
|
><DD
|
|
><DL
|
|
><DT
|
|
>3.1. <A
|
|
HREF="#AEN107"
|
|
>What is ClamAV?</A
|
|
></DT
|
|
><DT
|
|
>3.2. <A
|
|
HREF="#AEN114"
|
|
>Installing ClamAV</A
|
|
></DT
|
|
><DT
|
|
>3.3. <A
|
|
HREF="#AEN120"
|
|
>Testing</A
|
|
></DT
|
|
><DT
|
|
>3.4. <A
|
|
HREF="#AEN130"
|
|
>Updating Defs</A
|
|
></DT
|
|
><DT
|
|
>3.5. <A
|
|
HREF="#AEN142"
|
|
>Setting up Clamd and Using With Daemontools</A
|
|
></DT
|
|
></DL
|
|
></DD
|
|
><DT
|
|
>4. <A
|
|
HREF="#AEN177"
|
|
>Qmail-Scanner</A
|
|
></DT
|
|
><DD
|
|
><DL
|
|
><DT
|
|
>4.1. <A
|
|
HREF="#AEN179"
|
|
>What Is Qmail-Scanner?</A
|
|
></DT
|
|
><DT
|
|
>4.2. <A
|
|
HREF="#AEN182"
|
|
>Installing Qmail-Scanner Prerequisites</A
|
|
></DT
|
|
><DT
|
|
>4.3. <A
|
|
HREF="#AEN225"
|
|
>Installing Qmail-Scanner</A
|
|
></DT
|
|
><DT
|
|
>4.4. <A
|
|
HREF="#AEN246"
|
|
>Ownership</A
|
|
></DT
|
|
><DT
|
|
>4.5. <A
|
|
HREF="#AEN252"
|
|
>Testing</A
|
|
></DT
|
|
></DL
|
|
></DD
|
|
><DT
|
|
>5. <A
|
|
HREF="#AEN268"
|
|
>Configuring qmail to Use qmail-scanner-queue.pl</A
|
|
></DT
|
|
><DD
|
|
><DL
|
|
><DT
|
|
>5.1. <A
|
|
HREF="#AEN270"
|
|
>Changing Your Tcp Rules</A
|
|
></DT
|
|
><DT
|
|
>5.2. <A
|
|
HREF="#AEN277"
|
|
>Increasing Your Softlimit</A
|
|
></DT
|
|
></DL
|
|
></DD
|
|
><DT
|
|
>6. <A
|
|
HREF="#AEN296"
|
|
>Conclusion</A
|
|
></DT
|
|
><DT
|
|
>A. <A
|
|
HREF="#AEN299"
|
|
>Recommended Reading and Other Resources</A
|
|
></DT
|
|
><DT
|
|
>B. <A
|
|
HREF="#AEN350"
|
|
>Scripts</A
|
|
></DT
|
|
><DT
|
|
>C. <A
|
|
HREF="#AEN362"
|
|
>Software</A
|
|
></DT
|
|
><DT
|
|
>D. <A
|
|
HREF="#gfdl"
|
|
>GNU Free Documentation License</A
|
|
></DT
|
|
><DD
|
|
><DL
|
|
><DT
|
|
>D.1. <A
|
|
HREF="#gfdl-0"
|
|
>PREAMBLE</A
|
|
></DT
|
|
><DT
|
|
>D.2. <A
|
|
HREF="#gfdl-1"
|
|
>APPLICABILITY AND DEFINITIONS</A
|
|
></DT
|
|
><DT
|
|
>D.3. <A
|
|
HREF="#gfdl-2"
|
|
>VERBATIM COPYING</A
|
|
></DT
|
|
><DT
|
|
>D.4. <A
|
|
HREF="#gfdl-3"
|
|
>COPYING IN QUANTITY</A
|
|
></DT
|
|
><DT
|
|
>D.5. <A
|
|
HREF="#gfdl-4"
|
|
>MODIFICATIONS</A
|
|
></DT
|
|
><DT
|
|
>D.6. <A
|
|
HREF="#gfdl-5"
|
|
>COMBINING DOCUMENTS</A
|
|
></DT
|
|
><DT
|
|
>D.7. <A
|
|
HREF="#gfdl-6"
|
|
>COLLECTIONS OF DOCUMENTS</A
|
|
></DT
|
|
><DT
|
|
>D.8. <A
|
|
HREF="#gfdl-7"
|
|
>AGGREGATION WITH INDEPENDENT WORKS</A
|
|
></DT
|
|
><DT
|
|
>D.9. <A
|
|
HREF="#gfdl-8"
|
|
>TRANSLATION</A
|
|
></DT
|
|
><DT
|
|
>D.10. <A
|
|
HREF="#gfdl-9"
|
|
>TERMINATION</A
|
|
></DT
|
|
><DT
|
|
>D.11. <A
|
|
HREF="#gfdl-10"
|
|
>FUTURE REVISIONS OF THIS LICENSE</A
|
|
></DT
|
|
><DT
|
|
>D.12. <A
|
|
HREF="#gfdl-addendum"
|
|
>ADDENDUM: How to use this License for your documents</A
|
|
></DT
|
|
></DL
|
|
></DD
|
|
></DL
|
|
></DIV
|
|
><DIV
|
|
CLASS="chapter"
|
|
><HR><H1
|
|
><A
|
|
NAME="AEN45"
|
|
></A
|
|
>Chapter 1. Introduction</H1
|
|
><DIV
|
|
CLASS="sect1"
|
|
><H1
|
|
CLASS="sect1"
|
|
><A
|
|
NAME="AEN47"
|
|
></A
|
|
>1.1. What This Document Is:</H1
|
|
><P
|
|
>This document started out as a way for me to document the procedure and
|
|
required readings for re-creating the deployment of Qmail-Scanner and ClamAV
|
|
for my employer's email system. I am not a writer, or a programmer. I am
|
|
a lowly little systems administrator that got frustrated looking online for
|
|
all of the information to make Qmail-Scanner work with ClamAV. This HOWTO
|
|
will document the steps that I took to get Qmail-Scanner and ClamAV to work
|
|
together. Is this the right way to do it? Who knows, it worked for me. There
|
|
are plenty of snippets of information that I <EM
|
|
>"liberated"</EM
|
|
> from many sources.
|
|
Please see the Acknowledgments. The most current version of this document can
|
|
be found at <A
|
|
HREF="http://stevepeace.no-ip.org"
|
|
TARGET="_top"
|
|
> <I
|
|
CLASS="citetitle"
|
|
>http://stevepeace.no-ip.org</I
|
|
></A
|
|
>.</P
|
|
></DIV
|
|
><DIV
|
|
CLASS="sect1"
|
|
><HR><H1
|
|
CLASS="sect1"
|
|
><A
|
|
NAME="AEN53"
|
|
></A
|
|
>1.2. What This Document Is Not:</H1
|
|
><P
|
|
>This document is not a comprehensive source of information for ClamAV,
|
|
Qmail-Scanner, qmail, daemontools, Linux, Un*x, FreeBSD, Perl, etc. I do not
|
|
pretend to know everything about everything. Like I said before, this worked
|
|
for me it may not work for you. If you don't know how to use a particular OS,
|
|
tool, or piece of software, THIS HOWTO WILL NOT HELP YOU! I am a firm
|
|
believer in RTFM. So please make sure that you check out Appendix A, and the
|
|
Disclaimer before following this HOWTO.</P
|
|
></DIV
|
|
><DIV
|
|
CLASS="sect1"
|
|
><HR><H1
|
|
CLASS="sect1"
|
|
><A
|
|
NAME="AEN56"
|
|
></A
|
|
>1.3. Acknowledgments</H1
|
|
><P
|
|
>I would like to acknowledge the following people and groups:</P
|
|
><P
|
|
></P
|
|
><TABLE
|
|
BORDER="0"
|
|
><TBODY
|
|
><TR
|
|
><TD
|
|
>Jason Haar (for Qmail-Scanner)</TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
>Jesse D. Guardiani (original clamd+daemontools HOWTO)</TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
>The entire ClamAV group (for ClamAV)</TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
>Dan Bernstein (for qmail and daemontools)</TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
>Dave Sill (for lfwq)</TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
>Bruce Guenter (qmailqueue patch)</TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
>Mark Simpson (TNEF unpacker)</TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
>Double Precision Inc. (maildrop)</TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
>CPAN.org (Perl modules)</TD
|
|
></TR
|
|
></TBODY
|
|
></TABLE
|
|
><P
|
|
></P
|
|
></DIV
|
|
><DIV
|
|
CLASS="sect1"
|
|
><HR><H1
|
|
CLASS="sect1"
|
|
><A
|
|
NAME="AEN69"
|
|
></A
|
|
>1.4. Copyright</H1
|
|
><P
|
|
>Copyright (c) 2004 Steven R. Peace.</P
|
|
><P
|
|
>Permission is granted to copy, distribute and/or modify this document
|
|
under the terms of the <A
|
|
HREF="http://www.gnu.org/copyleft/fdl.html"
|
|
TARGET="_top"
|
|
> <I
|
|
CLASS="citetitle"
|
|
>GNU Free Documentation License</I
|
|
></A
|
|
>, Version 1.2
|
|
or any later version published by the Free Software Foundation;
|
|
with no Invariant Sections, with no Front-Cover Texts, and no Back-Cover Texts.
|
|
A copy of the license is included in the section entitled "GNU Free Documentation
|
|
License".
|
|
</P
|
|
><P
|
|
>This HOWTO is free documentation; you can redistribute it and/or modify
|
|
it under the terms of the GNU Free Documentation License. This document is
|
|
distributed in the hope that it will be useful, but without any warranty;
|
|
without even the implied warranty of merchantability or fitness for a
|
|
particular purpose.</P
|
|
></DIV
|
|
><DIV
|
|
CLASS="sect1"
|
|
><HR><H1
|
|
CLASS="sect1"
|
|
><A
|
|
NAME="AEN76"
|
|
></A
|
|
>1.5. Disclaimer</H1
|
|
><P
|
|
>I disavow any potential liability for the contents of this document. Use
|
|
of the concepts, examples, and/or any other information or content of this
|
|
document is entirely at your own risk.</P
|
|
><P
|
|
>All copyrights are owned by their owners, unless specifically noted
|
|
otherwise. Use of a term in this document should not be regarded as affecting
|
|
the validity of any trademark or service mark.</P
|
|
><P
|
|
>Naming of particular products or brands should not be seen as
|
|
endorsements.</P
|
|
><P
|
|
>You are strongly recommended to take a backup of your system before
|
|
major installation and backups at regular intervals.</P
|
|
></DIV
|
|
><DIV
|
|
CLASS="sect1"
|
|
><HR><H1
|
|
CLASS="sect1"
|
|
><A
|
|
NAME="AEN82"
|
|
></A
|
|
>1.6. News</H1
|
|
><P
|
|
>The document home page can be found at <A
|
|
HREF="http://stevepeace.no-ip.org"
|
|
TARGET="_top"
|
|
> <I
|
|
CLASS="citetitle"
|
|
>http://stevepeace.no-ip.org</I
|
|
></A
|
|
>.
|
|
Check here for the most current versions.</P
|
|
></DIV
|
|
></DIV
|
|
><DIV
|
|
CLASS="chapter"
|
|
><HR><H1
|
|
><A
|
|
NAME="AEN87"
|
|
></A
|
|
>Chapter 2. Prerequisites</H1
|
|
><P
|
|
>You should already have a working qmail server with daemontools
|
|
installed. Your server will also need:</P
|
|
><P
|
|
>ClamAV Prerequisites:</P
|
|
><P
|
|
></P
|
|
><TABLE
|
|
BORDER="0"
|
|
><TBODY
|
|
><TR
|
|
><TD
|
|
>Zlib and zlib-devel packages</TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
>Gcc compiler (2.9x or 3.x)</TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
>Bzip2 library (recommended)</TD
|
|
></TR
|
|
></TBODY
|
|
></TABLE
|
|
><P
|
|
></P
|
|
><P
|
|
>Qmail-Scanner Prerequisites:</P
|
|
><P
|
|
></P
|
|
><TABLE
|
|
BORDER="0"
|
|
><TBODY
|
|
><TR
|
|
><TD
|
|
>qmail 1.03</TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
>Reformmime from Maildrop 1.3.8+</TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
>Perl 5.005_03+</TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
>Perl module Time::HiRes</TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
>Perl module DB_File</TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
>Perl module Sys::Syslog</TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
>Mark Simpson's TNEF Unpacker</TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
>Bruce Guenter's QMAILQUEUE patch</TD
|
|
></TR
|
|
></TBODY
|
|
></TABLE
|
|
><P
|
|
></P
|
|
></DIV
|
|
><DIV
|
|
CLASS="chapter"
|
|
><HR><H1
|
|
><A
|
|
NAME="AEN105"
|
|
></A
|
|
>Chapter 3. ClamAV</H1
|
|
><DIV
|
|
CLASS="sect1"
|
|
><H1
|
|
CLASS="sect1"
|
|
><A
|
|
NAME="AEN107"
|
|
></A
|
|
>3.1. What is ClamAV?</H1
|
|
><P
|
|
>From the ClamAV website:</P
|
|
><P
|
|
>"Clam AntiVirus is a <A
|
|
HREF="http://www.opensource.org"
|
|
TARGET="_top"
|
|
> <I
|
|
CLASS="citetitle"
|
|
>GPL</I
|
|
></A
|
|
> anti-virus toolkit for UNIX. The main purpose
|
|
of this software is the integration with mail servers (attachment scanning).
|
|
The package provides a flexible and scalable multi-threaded daemon, a command
|
|
line scanner, and a tool for automatic updating via Internet. The programs
|
|
are based on a shared library distributed with the Clam AntiVirus package,
|
|
which you can use with your own software. Most importantly, the virus
|
|
database is <EM
|
|
>kept up to date</EM
|
|
>."</P
|
|
></DIV
|
|
><DIV
|
|
CLASS="sect1"
|
|
><HR><H1
|
|
CLASS="sect1"
|
|
><A
|
|
NAME="AEN114"
|
|
></A
|
|
>3.2. Installing ClamAV</H1
|
|
><P
|
|
>Download the ClamAV source at <A
|
|
HREF="http://www.clamav.net"
|
|
TARGET="_top"
|
|
> <I
|
|
CLASS="citetitle"
|
|
>http://www.clamav.net</I
|
|
></A
|
|
>. As of the writing
|
|
of this HOWTO, the latest version is 0.65.</P
|
|
><TABLE
|
|
BORDER="0"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><FONT
|
|
COLOR="#000000"
|
|
><PRE
|
|
CLASS="screen"
|
|
> #tar -xvzf clamav-0.65.tar.gz
|
|
#cd clamav-0.65 #groupadd clamav
|
|
#useradd clamav -g clamav -c "Clam AntiVirus" -s /nonexistent .
|
|
#/configure
|
|
#make
|
|
#make install
|
|
#cd ..
|
|
</PRE
|
|
></FONT
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
></DIV
|
|
><DIV
|
|
CLASS="sect1"
|
|
><HR><H1
|
|
CLASS="sect1"
|
|
><A
|
|
NAME="AEN120"
|
|
></A
|
|
>3.3. Testing</H1
|
|
><P
|
|
>As long as make and make install have finished without errors, you are
|
|
now ready to test your installation (If you did experience errors, please
|
|
review the ClamAV documentation that was included in the tar ball. You may
|
|
also try the ClamAV website for some helpful tips). To test your installation
|
|
type:</P
|
|
><TABLE
|
|
BORDER="0"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><FONT
|
|
COLOR="#000000"
|
|
><PRE
|
|
CLASS="screen"
|
|
>#clamscan -r -l scan.txt clamav-0.65</PRE
|
|
></FONT
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><P
|
|
>Clamscan should find a test virus (This is NOT a real virus) in the
|
|
clamav-0.65/test directory and log it to the scan.txt log file.</P
|
|
><P
|
|
>Now you need to configure the ClamAV daemon, clamd, for testing.</P
|
|
><TABLE
|
|
BORDER="0"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><FONT
|
|
COLOR="#000000"
|
|
><PRE
|
|
CLASS="screen"
|
|
>#vi /usr/local/etc/clamav.conf</PRE
|
|
></FONT
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><P
|
|
>Comment out "Example" line in clamav.conf and save.</P
|
|
><TABLE
|
|
BORDER="0"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><FONT
|
|
COLOR="#000000"
|
|
><PRE
|
|
CLASS="screen"
|
|
>#clamdscan -l scan.txt clamav-0.65</PRE
|
|
></FONT
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><P
|
|
>This should provide output that is similar to the clamscan command you
|
|
entered above.</P
|
|
></DIV
|
|
><DIV
|
|
CLASS="sect1"
|
|
><HR><H1
|
|
CLASS="sect1"
|
|
><A
|
|
NAME="AEN130"
|
|
></A
|
|
>3.4. Updating Defs</H1
|
|
><P
|
|
>Now we need to update our virus definitions. Clamscan includes a
|
|
utility, freshclam, to take care of this. Freshclam automatically changes
|
|
from root to the clamav user that you created during the installation. First,
|
|
create a log file that freshclam can log to.</P
|
|
><TABLE
|
|
BORDER="0"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><FONT
|
|
COLOR="#000000"
|
|
><PRE
|
|
CLASS="screen"
|
|
> #touch /var/log/clam-update.log
|
|
#chmod 600 /var/log/clamupdate.log
|
|
#chown clamav /var/log/clamupdate.log</PRE
|
|
></FONT
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><P
|
|
>Now start freshclam:</P
|
|
><TABLE
|
|
BORDER="0"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><FONT
|
|
COLOR="#000000"
|
|
><PRE
|
|
CLASS="screen"
|
|
> #freshclam -d -c 6 -l /var/log/clam-update.log
|
|
</PRE
|
|
></FONT
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><P
|
|
>This checks for a new virus definition database six (6) times a day.
|
|
Check the /var/log/clam-update.log file. It should look something like this:</P
|
|
><TABLE
|
|
BORDER="0"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><FONT
|
|
COLOR="#000000"
|
|
><PRE
|
|
CLASS="screen"
|
|
> -----------------------------------------------------------------------------------------------------
|
|
ClamAV update process started at Wed Jan 28 17:49:48 2004
|
|
main.cvd is up to date (version: 19, sigs: 19987, f-level: 1, builder: ddm)
|
|
daily.cvd updated (version: 111, sigs: 597, f-level: 1, builder: tomek)
|
|
Database updated (20584 signatures) from database.clamav.net (81.4.91.185).
|
|
-----------------------------------------------------------------------------------------------------
|
|
</PRE
|
|
></FONT
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><P
|
|
>Now add the freshclam -d -c 6 -l /var/log/clam-update.log to your
|
|
startup scripts.</P
|
|
><P
|
|
>You can also setup a cronjob to update the Defs every 6 hours, if you
|
|
like.</P
|
|
><TABLE
|
|
BORDER="0"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><FONT
|
|
COLOR="#000000"
|
|
><PRE
|
|
CLASS="screen"
|
|
> #vi /etc/crontab
|
|
</PRE
|
|
></FONT
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><TABLE
|
|
BORDER="0"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><FONT
|
|
COLOR="#000000"
|
|
><PRE
|
|
CLASS="screen"
|
|
> 0 6 * * * root /usr/local/bin/clamscan
|
|
</PRE
|
|
></FONT
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
></DIV
|
|
><DIV
|
|
CLASS="sect1"
|
|
><HR><H1
|
|
CLASS="sect1"
|
|
><A
|
|
NAME="AEN142"
|
|
></A
|
|
>3.5. Setting up Clamd and Using With Daemontools</H1
|
|
><P
|
|
>Edit /etc/clamd.conf and make the following changes.</P
|
|
><TABLE
|
|
BORDER="0"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><FONT
|
|
COLOR="#000000"
|
|
><PRE
|
|
CLASS="screen"
|
|
>#vi /etc/clamd.conf</PRE
|
|
></FONT
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><P
|
|
></P
|
|
><TABLE
|
|
BORDER="0"
|
|
><TBODY
|
|
><TR
|
|
><TD
|
|
>Uncomment "LogSyslog"</TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
>Uncomment "StreamSaveToDisk"</TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
>Uncomment "MaxThreads" and change value to "30"</TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
>Uncomment "User" and change value to "qscand"</TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
>Uncomment "Foreground"</TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
>Uncomment "ScanMail"</TD
|
|
></TR
|
|
></TBODY
|
|
></TABLE
|
|
><P
|
|
></P
|
|
><P
|
|
>Create the clamav directory.</P
|
|
><TABLE
|
|
BORDER="0"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><FONT
|
|
COLOR="#000000"
|
|
><PRE
|
|
CLASS="screen"
|
|
>#mkdir -p /usr/local/clamav/bin</PRE
|
|
></FONT
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><P
|
|
>Now create a startup/shutdown script for clamd. Copy and paste the
|
|
script shown below. This script was written by Jesse D. Guardiani.</P
|
|
><TABLE
|
|
BORDER="0"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><FONT
|
|
COLOR="#000000"
|
|
><PRE
|
|
CLASS="programlisting"
|
|
>
|
|
#vi /usr/local/clamav/bin/clamdctl
|
|
|
|
#!/bin/sh
|
|
|
|
# For Red Hat chkconfig
|
|
# chkconfig: - 80 30
|
|
# description: the ClamAV clamd daemon
|
|
|
|
PATH=/usr/local/clamav/bin:/bin:/usr/bin:/usr/local/bin:/usr/local/sbin
|
|
export PATH
|
|
|
|
case "$1" in
|
|
start)
|
|
echo "Starting clamd"
|
|
if svok /service/clamd ; then
|
|
svc -u /service/clamd
|
|
else
|
|
echo clamd supervise not running
|
|
fi
|
|
if [ -d /var/lock/subsys ]; then
|
|
touch /var/lock/subsys/clamd
|
|
fi
|
|
;;
|
|
stop)
|
|
echo "Stopping clamd..."
|
|
echo " clamd"
|
|
svc -d /service/clamd
|
|
if [ -f /var/lock/subsys/clamd ]; then
|
|
rm /var/lock/subsys/clamd
|
|
fi
|
|
;;
|
|
stat)
|
|
svstat /service/clamd
|
|
svstat /service/clamd/log
|
|
;;
|
|
restart)
|
|
echo "Restarting clamd:"
|
|
echo "* Stopping clamd."
|
|
svc -d /service/clamd
|
|
echo "* Sending clamd SIGTERM and restarting."
|
|
svc -t /service/clamd
|
|
echo "* Restarting clamd."
|
|
svc -u /service/clamd
|
|
;;
|
|
hup)
|
|
echo "Sending HUP signal to clamd."
|
|
svc -h /service/clamd
|
|
;;
|
|
help)
|
|
cat <<HELP
|
|
stop -- stops clamd service (smtp connections refused, nothing goes out)
|
|
start -- starts clamd service (smtp connection accepted, mail can go out)
|
|
stat -- displays status of clamd service
|
|
restart -- stops and restarts the clamd service
|
|
hup -- same as reload
|
|
HELP
|
|
;;
|
|
*)
|
|
echo "Usage: $0 {start|stop|stat|restart|hup|help}"
|
|
exit 1
|
|
;;
|
|
esac
|
|
|
|
exit 0
|
|
|
|
|
|
</PRE
|
|
></FONT
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><P
|
|
>Make clamdctl an executable and link to path:</P
|
|
><TABLE
|
|
BORDER="0"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><FONT
|
|
COLOR="#000000"
|
|
><PRE
|
|
CLASS="screen"
|
|
>#chmod 755 /usr/local/clamav/bin/clamdctl</PRE
|
|
></FONT
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><TABLE
|
|
BORDER="0"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><FONT
|
|
COLOR="#000000"
|
|
><PRE
|
|
CLASS="screen"
|
|
>#chown clamav /usr/local/clamav/bin/clamdctl</PRE
|
|
></FONT
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><TABLE
|
|
BORDER="0"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><FONT
|
|
COLOR="#000000"
|
|
><PRE
|
|
CLASS="screen"
|
|
>#ln -s /usr/local/clamav/bin/clamdctl /usr/local/bin</PRE
|
|
></FONT
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><P
|
|
>Create the supervise directories for the clamd service:</P
|
|
><TABLE
|
|
BORDER="0"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><FONT
|
|
COLOR="#000000"
|
|
><PRE
|
|
CLASS="screen"
|
|
>#mkdir -p /usr/local/clamav/supervise/clamd/log</PRE
|
|
></FONT
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><P
|
|
>Now you must create the /usr/local/clamav/supervise/clamd/run file, or
|
|
just copy and paste the script shown below. This script was also created by
|
|
Jesse D. Guardiani:</P
|
|
><TABLE
|
|
BORDER="0"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><FONT
|
|
COLOR="#000000"
|
|
><PRE
|
|
CLASS="programlisting"
|
|
> vi /usr/local/clamav/supervise/clamd/run
|
|
|
|
#!/bin/sh
|
|
#
|
|
# --------------------------------------------------
|
|
# run
|
|
#
|
|
# Purpose - Start the clamd daemon/service.
|
|
#
|
|
# Author - Jesse D. Guardiani
|
|
# Created - 09/10/03
|
|
# Modified - 09/25/03
|
|
# --------------------------------------------------
|
|
# This script is designed to be run under DJB's
|
|
# daemontools package.
|
|
#
|
|
# ChangeLog
|
|
# ---------
|
|
#
|
|
# 09/25/03 - JDG
|
|
# --------------
|
|
# - Changed clamd user to qscand in compliance with
|
|
# the change to qmail-scanner-1.20rc3
|
|
#
|
|
# 09/10/03 - JDG
|
|
# --------------
|
|
# - Created
|
|
# --------------------------------------------------
|
|
# Copyright (C) 2003 WingNET Internet Services
|
|
# Contact: Jesse D. Guardiani (jesse at wingnet dot net)
|
|
# --------------------------------------------------
|
|
|
|
lockfile="/tmp/clamd" # Location of clamd lock file
|
|
path_to_clamd="/usr/local/sbin/clamd"
|
|
# Location of the clamd binary
|
|
BAD_EXIT_CODE=1 # The exit code we use to announce that something bad has happened
|
|
|
|
# The following pipeline is designed to return the pid of each
|
|
# clamd process currently running.
|
|
get_clam_pids_pipeline=`ps -ax | grep -E "${path_to_clamd}\$" | grep -v grep | awk '{print $1}'`
|
|
|
|
|
|
# --------------------------------------------------
|
|
# Generic helper functions
|
|
# --------------------------------------------------
|
|
|
|
# Basic return code error message function
|
|
die_rcode() {
|
|
EXIT_CODE=$1
|
|
ERROR_MSG=$2
|
|
|
|
if [ $EXIT_CODE -ne '0' ]; then
|
|
echo "$ERROR_MSG" 1>&2
|
|
echo "Exiting!" 1>&2
|
|
exit "$BAD_EXIT_CODE"
|
|
fi
|
|
}
|
|
|
|
|
|
# --------------------------------------------------
|
|
# Main
|
|
# --------------------------------------------------
|
|
|
|
ps_clamd=""
|
|
ps_clamd="$get_clam_pids_pipeline"
|
|
|
|
if [ -n "$ps_clamd" ]; then
|
|
pid_count="0"
|
|
for pid in $ps_clamd
|
|
do
|
|
pid_count=`expr $pid_count + 1`
|
|
done
|
|
|
|
die_rcode $BAD_EXIT_CODE "Error: $pid_count clamd process(es) already running!"
|
|
|
|
fi
|
|
|
|
if [ -e "$lockfile" ]; then
|
|
rm "$lockfile"
|
|
exit_code="$?"
|
|
die_rcode $exit_code "Error: 'rm $lockfile' call failed."
|
|
fi
|
|
|
|
exec /usr/local/bin/setuidgid qscand $path_to_clamd
|
|
|
|
# --
|
|
# END /usr/local/clamav/supervise/clamd/run file.
|
|
# --
|
|
|
|
Create the /usr/local/clamav/supervise/clamd/log/run file:
|
|
|
|
#vi /usr/local/clamav/supervise/clamd/log/run
|
|
|
|
#!/bin/sh
|
|
exec /usr/local/bin/setuidgid qscand /usr/local/bin/multilog t /var/log/clamd
|
|
</PRE
|
|
></FONT
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><P
|
|
>Make the run files executable:</P
|
|
><TABLE
|
|
BORDER="0"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><FONT
|
|
COLOR="#000000"
|
|
><PRE
|
|
CLASS="screen"
|
|
>#chmod 755 /usr/local/clamav/supervise/clamd/run</PRE
|
|
></FONT
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><TABLE
|
|
BORDER="0"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><FONT
|
|
COLOR="#000000"
|
|
><PRE
|
|
CLASS="screen"
|
|
>#chmod 755 /usr/local/clamav/supervise/clamd/log/run</PRE
|
|
></FONT
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><P
|
|
>Now set up the log directories:</P
|
|
><TABLE
|
|
BORDER="0"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><FONT
|
|
COLOR="#000000"
|
|
><PRE
|
|
CLASS="screen"
|
|
>#mkdir -p /var/log/clamd</PRE
|
|
></FONT
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><TABLE
|
|
BORDER="0"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><FONT
|
|
COLOR="#000000"
|
|
><PRE
|
|
CLASS="screen"
|
|
>chown qscand /var/log/clamd</PRE
|
|
></FONT
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><P
|
|
>Finally, link the supervise directory into /service:</P
|
|
><TABLE
|
|
BORDER="0"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><FONT
|
|
COLOR="#000000"
|
|
><PRE
|
|
CLASS="screen"
|
|
>#ln -s /usr/local/clamav/supervise/clamd /service</PRE
|
|
></FONT
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><P
|
|
>* Note: The clamd script will start automatically shortly after these
|
|
links are created. If you don't want it running, do the following:</P
|
|
><TABLE
|
|
BORDER="0"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><FONT
|
|
COLOR="#000000"
|
|
><PRE
|
|
CLASS="screen"
|
|
>#clamdctl stop</PRE
|
|
></FONT
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><P
|
|
>To start clamd backup, do the following</P
|
|
><TABLE
|
|
BORDER="0"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><FONT
|
|
COLOR="#000000"
|
|
><PRE
|
|
CLASS="screen"
|
|
>#clamdctl start</PRE
|
|
></FONT
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
></DIV
|
|
></DIV
|
|
><DIV
|
|
CLASS="chapter"
|
|
><HR><H1
|
|
><A
|
|
NAME="AEN177"
|
|
></A
|
|
>Chapter 4. Qmail-Scanner</H1
|
|
><DIV
|
|
CLASS="sect1"
|
|
><H1
|
|
CLASS="sect1"
|
|
><A
|
|
NAME="AEN179"
|
|
></A
|
|
>4.1. What Is Qmail-Scanner?</H1
|
|
><P
|
|
>From the Qmail-Scanner website: "Qmail-Scanner is an addon that
|
|
enables a qmail email server to scan all gateway-ed email for certain
|
|
characteristics (i.e. a content scanner). It is typically used for its
|
|
anti-virus protection functions, in which case it is used in conjunction with
|
|
commercial virus scanners, but also enables a site (at a server/site level)
|
|
to react to email that contains specific strings in particular headers, or
|
|
particular attachment filenames or types (e.g. *.VBS attachments). It also
|
|
can be used as an archiving tool for auditing or backup purposes.
|
|
Qmail-Scanner is integrated into the mail server at a lower level than some
|
|
other Unix-based virus scanners, resulting in better performance. It is
|
|
capable of scanning not only locally sent/received email, but also email that
|
|
crosses the server in a relay capacity."</P
|
|
></DIV
|
|
><DIV
|
|
CLASS="sect1"
|
|
><HR><H1
|
|
CLASS="sect1"
|
|
><A
|
|
NAME="AEN182"
|
|
></A
|
|
>4.2. Installing Qmail-Scanner Prerequisites</H1
|
|
><DIV
|
|
CLASS="sect2"
|
|
><H2
|
|
CLASS="sect2"
|
|
><A
|
|
NAME="AEN184"
|
|
></A
|
|
>4.2.1. Maildrop</H2
|
|
><P
|
|
>What is Maildrop:</P
|
|
><P
|
|
>From the maildrop web site:</P
|
|
><P
|
|
>"<EM
|
|
>maildrop</EM
|
|
> is the mail filter/mail delivery agent that's used by
|
|
the <A
|
|
HREF="http://www.courier-mta.org"
|
|
TARGET="_top"
|
|
> <I
|
|
CLASS="citetitle"
|
|
>Courier Mail Server</I
|
|
></A
|
|
>."</P
|
|
><P
|
|
>You will not be using Maildrop or the Courier Mail Server for this
|
|
installation. However, Qmail-Scanner requires reformmime, which is included
|
|
in Maildrop. This is the only reason Maildrop is mentioned in this HOWTO.</P
|
|
><P
|
|
>Download and unpack the latest version of Maildrop. Please read the
|
|
INSTALL file included in the tar ball.</P
|
|
><TABLE
|
|
BORDER="0"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><FONT
|
|
COLOR="#000000"
|
|
><PRE
|
|
CLASS="screen"
|
|
>#./configure</PRE
|
|
></FONT
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><TABLE
|
|
BORDER="0"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><FONT
|
|
COLOR="#000000"
|
|
><PRE
|
|
CLASS="screen"
|
|
>#make</PRE
|
|
></FONT
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><TABLE
|
|
BORDER="0"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><FONT
|
|
COLOR="#000000"
|
|
><PRE
|
|
CLASS="screen"
|
|
>#make install-strip</PRE
|
|
></FONT
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><TABLE
|
|
BORDER="0"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><FONT
|
|
COLOR="#000000"
|
|
><PRE
|
|
CLASS="screen"
|
|
>#make install-man</PRE
|
|
></FONT
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
></DIV
|
|
><DIV
|
|
CLASS="sect2"
|
|
><HR><H2
|
|
CLASS="sect2"
|
|
><A
|
|
NAME="AEN198"
|
|
></A
|
|
>4.2.2. Perl Modules</H2
|
|
><P
|
|
>Time::HiRes Perl module:</P
|
|
><P
|
|
>From the README file in the tar ball:</P
|
|
><P
|
|
>Time::HiRes module: High resolution time, sleep, and alarm.
|
|
"Implement usleep, ualarm, and gettimeofday for Perl, as well as
|
|
wrappers to implement time, sleep, and alarm that know about non-integral
|
|
seconds."</P
|
|
><P
|
|
>DB_File Perl module:</P
|
|
><P
|
|
>From the README file in the tar ball:</P
|
|
><P
|
|
>"DB_File is a module which allows Perl programs to make use of the
|
|
facilities provided by Berkeley DB version 1. (DB_File can be built version
|
|
2, 3 or 4 of Berkeley DB, but it will only support the 1.x features),"</P
|
|
><P
|
|
>Download Time::HiRes and DB_File Perl Modules. The modules can be
|
|
obtained at <A
|
|
HREF="http://www.cpan.org"
|
|
TARGET="_top"
|
|
> <I
|
|
CLASS="citetitle"
|
|
>www.cpan.org</I
|
|
></A
|
|
> (See Appendix C). There is a HOWTO there as well
|
|
that will explain the installation procedure of Perl modules. Once again,
|
|
please read the instructions included in the tar balls and review the README
|
|
information before installing.</P
|
|
></DIV
|
|
><DIV
|
|
CLASS="sect2"
|
|
><HR><H2
|
|
CLASS="sect2"
|
|
><A
|
|
NAME="AEN209"
|
|
></A
|
|
>4.2.3. Mark Simpson's TNEF Unpacker</H2
|
|
><P
|
|
>What is TNEF Unpacker:</P
|
|
><P
|
|
>This utility unpacks ms-tnef type MIME attachments. For a better
|
|
explanation of MIME type attachments, please review <A
|
|
HREF="http://www.ietf.org/rfc/rfc1521.txt?number=1521"
|
|
TARGET="_top"
|
|
> <I
|
|
CLASS="citetitle"
|
|
>http://www.ietf.org/rfc/rfc1521.txt?number=1521</I
|
|
></A
|
|
>
|
|
.</P
|
|
><P
|
|
>Download the package, and uncompress the tar ball. As with the Maildrop
|
|
install, you should read the INSTALL file included in the tar ball.</P
|
|
><TABLE
|
|
BORDER="0"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><FONT
|
|
COLOR="#000000"
|
|
><PRE
|
|
CLASS="screen"
|
|
>#./configure</PRE
|
|
></FONT
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><TABLE
|
|
BORDER="0"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><FONT
|
|
COLOR="#000000"
|
|
><PRE
|
|
CLASS="screen"
|
|
>#./make check</PRE
|
|
></FONT
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><TABLE
|
|
BORDER="0"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><FONT
|
|
COLOR="#000000"
|
|
><PRE
|
|
CLASS="screen"
|
|
>#./make install</PRE
|
|
></FONT
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
></DIV
|
|
><DIV
|
|
CLASS="sect2"
|
|
><HR><H2
|
|
CLASS="sect2"
|
|
><A
|
|
NAME="AEN219"
|
|
></A
|
|
>4.2.4. Patching qmail</H2
|
|
><P
|
|
>If you have not already done so, please install Bruce Guenter?s
|
|
QMAILQUEUE patch.</P
|
|
><P
|
|
>To patch qmail, download the patch to your qmail source directory.</P
|
|
><TABLE
|
|
BORDER="0"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><FONT
|
|
COLOR="#000000"
|
|
><PRE
|
|
CLASS="screen"
|
|
>#patch -p1<qmailqueue.patch</PRE
|
|
></FONT
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><TABLE
|
|
BORDER="0"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><FONT
|
|
COLOR="#000000"
|
|
><PRE
|
|
CLASS="screen"
|
|
>#./make setup check</PRE
|
|
></FONT
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
></DIV
|
|
></DIV
|
|
><DIV
|
|
CLASS="sect1"
|
|
><HR><H1
|
|
CLASS="sect1"
|
|
><A
|
|
NAME="AEN225"
|
|
></A
|
|
>4.3. Installing Qmail-Scanner</H1
|
|
><P
|
|
>We are now ready to install Qmail-Scanner. Download the latest source of
|
|
Qmail-Scanner. As of the writing of this HOWTO, it is 1.20.</P
|
|
><P
|
|
>Create a user for Qmail-Scanner to run as.</P
|
|
><TABLE
|
|
BORDER="0"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><FONT
|
|
COLOR="#000000"
|
|
><PRE
|
|
CLASS="screen"
|
|
>#groupadd qscand</PRE
|
|
></FONT
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><TABLE
|
|
BORDER="0"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><FONT
|
|
COLOR="#000000"
|
|
><PRE
|
|
CLASS="screen"
|
|
>#useradd qscand -g qscand -c "qmail scanner" -s /nonexistent</PRE
|
|
></FONT
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><P
|
|
>Unpack the tar ball and change to the Qmail-Scanner directory.</P
|
|
><TABLE
|
|
BORDER="0"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><FONT
|
|
COLOR="#000000"
|
|
><PRE
|
|
CLASS="screen"
|
|
>#tar -zxvf qmail-scanner-1.20.tar.gz</PRE
|
|
></FONT
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><TABLE
|
|
BORDER="0"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><FONT
|
|
COLOR="#000000"
|
|
><PRE
|
|
CLASS="screen"
|
|
>#cd qmail-scanner-1.20</PRE
|
|
></FONT
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><P
|
|
>Run Configure to autodetect what software is installed on your system.
|
|
Review the output to make sure it is correct. It should look similar to this:</P
|
|
><TABLE
|
|
BORDER="0"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><FONT
|
|
COLOR="#000000"
|
|
><PRE
|
|
CLASS="screen"
|
|
> #./configure
|
|
|
|
This script will search your system for the virus scanners it knows
|
|
about, and will ensure that all external programs
|
|
qmail-scanner-queue.pl uses are explicitly pathed for performance
|
|
reasons.
|
|
|
|
It will then generate qmail-scanner-queue.pl - it is up to you to install it
|
|
correctly.
|
|
|
|
Continue? ([Y]/N) <PRESS ENTER>
|
|
|
|
Found tnef on your system! That means we'll be able to decode stupid
|
|
M$ attachments :-)
|
|
|
|
|
|
The following binaries and scanners were found on your system:
|
|
|
|
mimeunpacker=/usr/local/bin/reformime
|
|
unzip=/usr/bin/unzip
|
|
tnef=/usr/local/bin/tnef
|
|
|
|
Content/Virus Scanners installed on your System
|
|
|
|
clamuko=/usr/local/bin/clamdscan (which means clamscan won't be used as clamdscan is better)
|
|
|
|
Qmail-Scanner details.
|
|
|
|
log-details=0
|
|
fix-mime=1
|
|
debug=1
|
|
notify=sender,admin
|
|
redundant-scanning=no
|
|
virus-admin=root@mail --substitute you domain here
|
|
local-domains='mail' --substitute your domain here
|
|
silent-viruses='klez','bugbear','hybris','yaha','braid','nimda','tanatos','sobig','winevar','palyh','fizzer','gibe','
|
|
cailont','lovelorn','swen','dumaru','sober','hawaii','holar-i'
|
|
scanners="clamuko_scanner"
|
|
|
|
If that looks correct, I will now generate qmail-scanner-queue.pl
|
|
for your system...
|
|
Continue? ([Y]/N)<PRESS ENTER>
|
|
|
|
</PRE
|
|
></FONT
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><P
|
|
>Now type:</P
|
|
><TABLE
|
|
BORDER="0"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><FONT
|
|
COLOR="#000000"
|
|
><PRE
|
|
CLASS="screen"
|
|
># ./configure ?install</PRE
|
|
></FONT
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><P
|
|
>This installs qmail-scanner-queue.pl and creates the necessary directory
|
|
structures. You should see similar messages as before. Once again, read the
|
|
output of the script to make sure everything is correct. If it is press
|
|
<B
|
|
CLASS="keycap"
|
|
>ENTER</B
|
|
> to install Qmail-scanner.</P
|
|
><P
|
|
>If qmail has been installed successfully, qmail-scanner-queue.pl should
|
|
now be installed. You should see qmail-scanner-queue.pl in /var/qmail/bin.</P
|
|
><TABLE
|
|
BORDER="0"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><FONT
|
|
COLOR="#000000"
|
|
><PRE
|
|
CLASS="screen"
|
|
>#ls /var/qmail/bin</PRE
|
|
></FONT
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><TABLE
|
|
BORDER="0"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><FONT
|
|
COLOR="#000000"
|
|
><PRE
|
|
CLASS="screen"
|
|
>/var/qmail/bin/qmail-scanner-queue.pl</PRE
|
|
></FONT
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><P
|
|
>If you do not see qmail-scanner-queue.pl in /var/qmail/bin, then execute
|
|
the configure script again. Please pay attention to the output of the script
|
|
and verify that all of the settings are correct. You can also visit the
|
|
Qmail-scanner mail-archives at <A
|
|
HREF="http://lists.sourceforge.net/mailman/listinfo/qmail-scanner-general"
|
|
TARGET="_top"
|
|
> <I
|
|
CLASS="citetitle"
|
|
>http://lists.sourceforge.net/mailman/listinfo/qmail-scanner-general</I
|
|
></A
|
|
>
|
|
.</P
|
|
></DIV
|
|
><DIV
|
|
CLASS="sect1"
|
|
><HR><H1
|
|
CLASS="sect1"
|
|
><A
|
|
NAME="AEN246"
|
|
></A
|
|
>4.4. Ownership</H1
|
|
><P
|
|
>In order for Qmail-Scanner to be able to use ClamAV, some of the ClamAV
|
|
ownerships must be changed. If you recall, we made a clamav user to run
|
|
ClamAV, and then changed the permissions so only the clamav user could run
|
|
it. Now we need to provide the qscand user privledges to use ClamAV First,
|
|
change the ownership of the clamd supervise directories.</P
|
|
><TABLE
|
|
BORDER="0"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><FONT
|
|
COLOR="#000000"
|
|
><PRE
|
|
CLASS="screen"
|
|
>#chown -R qscand /usr/local/clamav/supervise</PRE
|
|
></FONT
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><P
|
|
>Now change the ownership of the ClamAV log file:</P
|
|
><TABLE
|
|
BORDER="0"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><FONT
|
|
COLOR="#000000"
|
|
><PRE
|
|
CLASS="screen"
|
|
>#chown -R qscand /var/log/clamd</PRE
|
|
></FONT
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
></DIV
|
|
><DIV
|
|
CLASS="sect1"
|
|
><HR><H1
|
|
CLASS="sect1"
|
|
><A
|
|
NAME="AEN252"
|
|
></A
|
|
>4.5. Testing</H1
|
|
><P
|
|
>Now test Qmail-Scanner:</P
|
|
><TABLE
|
|
BORDER="0"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><FONT
|
|
COLOR="#000000"
|
|
><PRE
|
|
CLASS="screen"
|
|
>#./contrib./test_instaltion.sh -doit</PRE
|
|
></FONT
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><TABLE
|
|
BORDER="0"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><FONT
|
|
COLOR="#000000"
|
|
><PRE
|
|
CLASS="screen"
|
|
>Sending standard test message - no viruses...done!</PRE
|
|
></FONT
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><TABLE
|
|
BORDER="0"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><FONT
|
|
COLOR="#000000"
|
|
><PRE
|
|
CLASS="screen"
|
|
>Sending eicar test virus - should be caught by perlscanner module...
|
|
done!</PRE
|
|
></FONT
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><TABLE
|
|
BORDER="0"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><FONT
|
|
COLOR="#000000"
|
|
><PRE
|
|
CLASS="screen"
|
|
>Sending eicar test virus with altered filename - should only be caught
|
|
by commercial anti-virus modules (if you have any)...</PRE
|
|
></FONT
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><TABLE
|
|
BORDER="0"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><FONT
|
|
COLOR="#000000"
|
|
><PRE
|
|
CLASS="screen"
|
|
>Sending bad spam message for anti-spam testing - In case you are using
|
|
SpamAssassin... Done!</PRE
|
|
></FONT
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><P
|
|
>Now check the e-mail for your postmaster alias account.</P
|
|
><P
|
|
>You should now have 4 email messages in your postmaster?s mailbox</P
|
|
><P
|
|
>If you do not have the 4 messages in the postmaster's mailbox, then:
|
|
Verify that you are checking the proper mailbox.</P
|
|
><P
|
|
>Re-execute the configure script for qmail-scanner-queue.pl. Verify that
|
|
the 'virus-admin' from the script output is the same as your qmail postmaster
|
|
alias.</P
|
|
><P
|
|
>Check qmail to see if the messages are in the queue. If they are try
|
|
issuing a 'qmailctl' flush command to force delivery.</P
|
|
><P
|
|
>If all else fails check the Qmail-Scanner mailing list archives at
|
|
<A
|
|
HREF="http://lists.sourceforge.net/mailman/listinfo/qmail-scanner-general"
|
|
TARGET="_top"
|
|
> <I
|
|
CLASS="citetitle"
|
|
>http://lists.sourceforge.net/mailman/listinfo/qmail-scanner-general</I
|
|
></A
|
|
>.</P
|
|
></DIV
|
|
></DIV
|
|
><DIV
|
|
CLASS="chapter"
|
|
><HR><H1
|
|
><A
|
|
NAME="AEN268"
|
|
></A
|
|
>Chapter 5. Configuring qmail to Use qmail-scanner-queue.pl</H1
|
|
><DIV
|
|
CLASS="sect1"
|
|
><H1
|
|
CLASS="sect1"
|
|
><A
|
|
NAME="AEN270"
|
|
></A
|
|
>5.1. Changing Your Tcp Rules</H1
|
|
><P
|
|
>Once everything is installed, configured, and successfully tested,
|
|
configure qmail to utilize Qmail-Scanner and ClamAV. If you have followed the
|
|
instructions found in Dave Sills Life With qmail (see Appendix A: Reading
|
|
Resources), you should have a tcp.smtp file in your /etc directory. You must
|
|
edit tcp.smtp file to include the QMAILQUEUE variable.</P
|
|
><TABLE
|
|
BORDER="0"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><FONT
|
|
COLOR="#000000"
|
|
><PRE
|
|
CLASS="screen"
|
|
>
|
|
#vi /etc/tcp.smtp
|
|
|
|
127.:allow,RELAYCLIENT="",QMAILQUEUE="/var/qmail/bin/qmail-queue"
|
|
10.:allow,RELAYCLIENT="",QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl"
|
|
:allow.QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl"
|
|
</PRE
|
|
></FONT
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><P
|
|
>As you can see, we use qmail-queue for all local deliveries by setting
|
|
the QMAILQUEUE variable to be the original qmail-queue. We then changed the
|
|
local subnet mail deliveries to use qmail-scanner-queue.pl. This causes all
|
|
local subnet SMTP traffic to be scanned by Qmail-Scanner and ClamAV. The last
|
|
line of this file scans all inbound emails.</P
|
|
><P
|
|
>After adding the QMAILQUEUE variables, you must rebuild the cdb file for
|
|
Qmail.</P
|
|
><TABLE
|
|
BORDER="0"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><FONT
|
|
COLOR="#000000"
|
|
><PRE
|
|
CLASS="screen"
|
|
>#qmailctl cdb</PRE
|
|
></FONT
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
></DIV
|
|
><DIV
|
|
CLASS="sect1"
|
|
><HR><H1
|
|
CLASS="sect1"
|
|
><A
|
|
NAME="AEN277"
|
|
></A
|
|
>5.2. Increasing Your Softlimit</H1
|
|
><P
|
|
>If you try to send an email message, you will most likely receive an
|
|
error from your client. The error message will say something that includes
|
|
this:</P
|
|
><TABLE
|
|
BORDER="0"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><FONT
|
|
COLOR="#000000"
|
|
><PRE
|
|
CLASS="screen"
|
|
>451 qq temporary problem (#4.3.0)</PRE
|
|
></FONT
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><P
|
|
>If you followed Life with qmail, you then have a memory limit set in the
|
|
/var/qmail/supervise/qmail-smtpd/run file. Look for the line that contains
|
|
softlimit. It should look similar to this:</P
|
|
><TABLE
|
|
BORDER="0"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><FONT
|
|
COLOR="#000000"
|
|
><PRE
|
|
CLASS="screen"
|
|
>exec /usr/local/bin/softlimit -m 2000000 \</PRE
|
|
></FONT
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><P
|
|
>This example sets the memory limit for qmail-smtpd to 2M. After all of
|
|
your changes qmail-smtpd is now running the entire Perl interpreter, and
|
|
ClamAV. 2M will never be enough.</P
|
|
><P
|
|
>Each system is different, and has different requirements. It will take
|
|
some experimenting on your part to find the correct value for your system's
|
|
softlimit. Do not set softlimit to some high value! You are asking for
|
|
trouble if you do this. To find the minimal value for your system, I
|
|
recommend the following steps:</P
|
|
><P
|
|
></P
|
|
><UL
|
|
><LI
|
|
><P
|
|
>Increase softlimit by 1M</P
|
|
></LI
|
|
><LI
|
|
><P
|
|
>#qmailctl restart</P
|
|
></LI
|
|
><LI
|
|
><P
|
|
>Send a message</P
|
|
></LI
|
|
><LI
|
|
><P
|
|
>Repeat until you can successfully send an email</P
|
|
></LI
|
|
></UL
|
|
><P
|
|
>Once you have found the minimum, I recommend increasing that by 1.5M,
|
|
just for times that your email server has a heavy load.</P
|
|
><P
|
|
>After that just create a daily cronjob that runs
|
|
/var/qmail/bin/qmail-scan-queue.pl -z to cleanup any dropped SMTP sessions
|
|
that may be lying around in /var/spool/qmailscan.</P
|
|
></DIV
|
|
></DIV
|
|
><DIV
|
|
CLASS="chapter"
|
|
><HR><H1
|
|
><A
|
|
NAME="AEN296"
|
|
></A
|
|
>Chapter 6. Conclusion</H1
|
|
><P
|
|
>After following the instructions in this HOWTO, now you can feel
|
|
confident about your email messages being more secure. By implementing
|
|
Qmail-Scanner and clamav, you have successfully added another layer of
|
|
security to your email system and overall anti-virus protection. Of course,
|
|
there is no such thing as 100% secure email messages. Nor will this
|
|
installation replace sound anti-virus practices, but it should make those
|
|
practices a little easier to implement and manage.</P
|
|
></DIV
|
|
><DIV
|
|
CLASS="appendix"
|
|
><HR><H1
|
|
><A
|
|
NAME="AEN299"
|
|
></A
|
|
>Appendix A. Recommended Reading and Other Resources</H1
|
|
><P
|
|
></P
|
|
><TABLE
|
|
BORDER="0"
|
|
><TBODY
|
|
><TR
|
|
><TD
|
|
>Life with qmail written by Dave Sills <A
|
|
HREF="http://www.lifewithqmail.org"
|
|
TARGET="_top"
|
|
> <I
|
|
CLASS="citetitle"
|
|
>http://www.lifewithqmail.org</I
|
|
></A
|
|
></TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
>qmail FAQ Written by D.J. Bernstein <A
|
|
HREF="http://cr.yp.to/qmail/faq"
|
|
TARGET="_top"
|
|
> <I
|
|
CLASS="citetitle"
|
|
>http://cr.yp.to/qmail/faq</I
|
|
></A
|
|
></TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
>SMTP: Simple Mail Transfer Protocol written by Dan Bernstein
|
|
<A
|
|
HREF="http://cr.yp.to/smtp.html"
|
|
TARGET="_top"
|
|
> <I
|
|
CLASS="citetitle"
|
|
>http://cr.yp.to/smtp.html</I
|
|
></A
|
|
></TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
>Daemontools FAQ written by D.J. Bernstein
|
|
<A
|
|
HREF="http://cr.yp.to/daemontools/faq"
|
|
TARGET="_top"
|
|
> <I
|
|
CLASS="citetitle"
|
|
>http://cr.yp.to/daemontools/faq</I
|
|
></A
|
|
></TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
>ClamAV FAQ <A
|
|
HREF="http://www.clamav.net/faq.html#pagestart"
|
|
TARGET="_top"
|
|
> <I
|
|
CLASS="citetitle"
|
|
>http://www.clamav.net/faq.html#pagestart</I
|
|
></A
|
|
></TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
>ClamAV User Manual Written by Thomasz Kojm <A
|
|
HREF="http://www.clamav.net/doc"
|
|
TARGET="_top"
|
|
> <I
|
|
CLASS="citetitle"
|
|
>http://www.clamav.net/doc</I
|
|
></A
|
|
></TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
>Qmail-Scanner: Content Scanner for qmail written by Jason Haar
|
|
<A
|
|
HREF="http://qmail-scanner.sourceforge.net"
|
|
TARGET="_top"
|
|
> <I
|
|
CLASS="citetitle"
|
|
>http://qmail-scanner.sourceforge.net</I
|
|
></A
|
|
></TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
>Qmail-Scanner FAQ <A
|
|
HREF="http://qmail-scanner.sourceforge.net/FAQ.php"
|
|
TARGET="_top"
|
|
> <I
|
|
CLASS="citetitle"
|
|
>http://qmail-scanner.sourceforge.net/FAQ.php</I
|
|
></A
|
|
></TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
>Clamd+daemontools howto written by Jesse D. Guardiani
|
|
<A
|
|
HREF="http://clamav.elektrapro.com/doc/clamd_supervised/clamd-daemontools-guide.txt"
|
|
TARGET="_top"
|
|
> <I
|
|
CLASS="citetitle"
|
|
>http://clamav.elektrapro.com/doc/clamd_supervised/clamd-daemontools-guide.txt</I
|
|
></A
|
|
></TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
>qmail mailing list archive <A
|
|
HREF="http://www-archive.ornl.gov:8000/"
|
|
TARGET="_top"
|
|
> <I
|
|
CLASS="citetitle"
|
|
>http://www-archive.ornl.gov:8000/</I
|
|
></A
|
|
></TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
>Qmail-Scanner list archive
|
|
<A
|
|
HREF="http://sourceforge.net/mailarchive/forum.php?forum=qmail-scanner-general"
|
|
TARGET="_top"
|
|
> <I
|
|
CLASS="citetitle"
|
|
>http://sourceforge.net/mailarchive/forum.php?forum=qmail-scanner-general</I
|
|
></A
|
|
></TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
>ClamAV users list archive
|
|
<A
|
|
HREF="http://news.gmane.org/gmane.comp.security.virus.clamav.user"
|
|
TARGET="_top"
|
|
> <I
|
|
CLASS="citetitle"
|
|
>http://news.gmane.org/gmane.comp.security.virus.clamav.user</I
|
|
></A
|
|
></TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
>ClamAV Virus DB list archive
|
|
<A
|
|
HREF="http://news.gmane.org/gmane.comp.security.virus.clamav.virusdb"
|
|
TARGET="_top"
|
|
> <I
|
|
CLASS="citetitle"
|
|
>http://news.gmane.org/gmane.comp.security.virus.clamav.virusdb</I
|
|
></A
|
|
></TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
>Maildrop <A
|
|
HREF="http://www.flounder.net/~mrsam/maildrop/"
|
|
TARGET="_top"
|
|
> <I
|
|
CLASS="citetitle"
|
|
>http://www.flounder.net/~mrsam/maildrop/</I
|
|
></A
|
|
></TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
>Perl module installation HOWTO
|
|
<A
|
|
HREF="http://www.cpan.org/modules/INSTALL.html"
|
|
TARGET="_top"
|
|
> <I
|
|
CLASS="citetitle"
|
|
>http://www.cpan.org/modules/INSTALL.html</I
|
|
></A
|
|
></TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
>Mime type RFC <A
|
|
HREF="http://www.ietf.org/rfc/rfc1521.txt?number=1521"
|
|
TARGET="_top"
|
|
> <I
|
|
CLASS="citetitle"
|
|
>http://www.ietf.org/rfc/rfc1521.txt?number=1521</I
|
|
></A
|
|
></TD
|
|
></TR
|
|
></TBODY
|
|
></TABLE
|
|
><P
|
|
></P
|
|
></DIV
|
|
><DIV
|
|
CLASS="appendix"
|
|
><HR><H1
|
|
><A
|
|
NAME="AEN350"
|
|
></A
|
|
>Appendix B. Scripts</H1
|
|
><P
|
|
>These are the scripts contained in this HOWTO. They were created by Jesse
|
|
D. Guardiani, and can be found in his clamd+daemontools HOWTO.</P
|
|
><P
|
|
> <EM
|
|
>Clamdctl</EM
|
|
>
|
|
</P
|
|
><TABLE
|
|
BORDER="0"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><FONT
|
|
COLOR="#000000"
|
|
><PRE
|
|
CLASS="programlisting"
|
|
> #!/bin/sh
|
|
|
|
# For Red Hat chkconfig
|
|
# chkconfig: - 80 30
|
|
# description: the ClamAV clamd daemon
|
|
|
|
PATH=/usr/local/clamav/bin:/bin:/usr/bin:/usr/local/bin:/usr/local/sbin
|
|
export PATH
|
|
|
|
case "$1" in
|
|
start)
|
|
echo "Starting clamd"
|
|
if svok /service/clamd ; then
|
|
svc -u /service/clamd
|
|
else
|
|
echo clamd supervise not running
|
|
fi
|
|
if [ -d /var/lock/subsys ]; then
|
|
touch /var/lock/subsys/clamd
|
|
fi
|
|
;;
|
|
stop)
|
|
echo "Stopping clamd..."
|
|
echo " clamd"
|
|
svc -d /service/clamd
|
|
if [ -f /var/lock/subsys/clamd ]; then
|
|
rm /var/lock/subsys/clamd
|
|
fi
|
|
;;
|
|
stat)
|
|
svstat /service/clamd
|
|
svstat /service/clamd/log
|
|
;;
|
|
restart)
|
|
echo "Restarting clamd:"
|
|
echo "* Stopping clamd."
|
|
svc -d /service/clamd
|
|
echo "* Sending clamd SIGTERM and restarting."
|
|
svc -t /service/clamd
|
|
echo "* Restarting clamd."
|
|
svc -u /service/clamd
|
|
;;
|
|
hup)
|
|
echo "Sending HUP signal to clamd."
|
|
svc -h /service/clamd
|
|
;;
|
|
help)
|
|
cat <<HELP
|
|
stop -- stops clamd service (smtp connections refused, nothing goes out)
|
|
start -- starts clamd service (smtp connection accepted, mail can go out)
|
|
stat -- displays status of clamd service
|
|
restart -- stops and restarts the clamd service
|
|
hup -- same as reload
|
|
HELP
|
|
;;
|
|
*)
|
|
echo "Usage: $0 {start|stop|stat|restart|hup|help}"
|
|
exit 1
|
|
;;
|
|
esac
|
|
|
|
exit 0
|
|
</PRE
|
|
></FONT
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><P
|
|
> <EM
|
|
>/usr/local/clamav/supervise/clamd/run</EM
|
|
>
|
|
</P
|
|
><TABLE
|
|
BORDER="0"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><FONT
|
|
COLOR="#000000"
|
|
><PRE
|
|
CLASS="programlisting"
|
|
> vi /usr/local/clamav/supervise/clamd/run
|
|
|
|
#!/bin/sh
|
|
#
|
|
# --------------------------------------------------
|
|
# run
|
|
#
|
|
# Purpose - Start the clamd daemon/service.
|
|
#
|
|
# Author - Jesse D. Guardiani
|
|
# Created - 09/10/03
|
|
# Modified - 09/25/03
|
|
# --------------------------------------------------
|
|
# This script is designed to be run under DJB's
|
|
# daemontools package.
|
|
#
|
|
# ChangeLog
|
|
# ---------
|
|
#
|
|
# 09/25/03 - JDG
|
|
# --------------
|
|
# - Changed clamd user to qscand in compliance with
|
|
# the change to qmail-scanner-1.20rc3
|
|
#
|
|
# 09/10/03 - JDG
|
|
# --------------
|
|
# - Created
|
|
# --------------------------------------------------
|
|
# Copyright (C) 2003 WingNET Internet Services
|
|
# Contact: Jesse D. Guardiani (jesse at wingnet dot net)
|
|
# --------------------------------------------------
|
|
|
|
lockfile="/tmp/clamd" # Location of clamd lock file
|
|
path_to_clamd="/usr/local/sbin/clamd"
|
|
# Location of the clamd binary
|
|
BAD_EXIT_CODE=1 # The exit code we use to announce that something bad has happened
|
|
|
|
# The following pipeline is designed to return the pid of each
|
|
# clamd process currently running.
|
|
get_clam_pids_pipeline=`ps -ax | grep -E "${path_to_clamd}\$" | grep -v grep | awk '{print $1}'`
|
|
|
|
|
|
# --------------------------------------------------
|
|
# Generic helper functions
|
|
# --------------------------------------------------
|
|
|
|
# Basic return code error message function
|
|
die_rcode() {
|
|
EXIT_CODE=$1
|
|
ERROR_MSG=$2
|
|
|
|
if [ $EXIT_CODE -ne '0' ]; then
|
|
echo "$ERROR_MSG" 1>&2
|
|
echo "Exiting!" 1>&2
|
|
exit "$BAD_EXIT_CODE"
|
|
fi
|
|
}
|
|
|
|
|
|
# --------------------------------------------------
|
|
# Main
|
|
# --------------------------------------------------
|
|
|
|
ps_clamd=""
|
|
ps_clamd="$get_clam_pids_pipeline"
|
|
|
|
if [ -n "$ps_clamd" ]; then
|
|
pid_count="0"
|
|
for pid in $ps_clamd
|
|
do
|
|
pid_count=`expr $pid_count + 1`
|
|
done
|
|
|
|
die_rcode $BAD_EXIT_CODE "Error: $pid_count clamd process(es) already running!"
|
|
|
|
fi
|
|
|
|
if [ -e "$lockfile" ]; then
|
|
rm "$lockfile"
|
|
exit_code="$?"
|
|
die_rcode $exit_code "Error: 'rm $lockfile' call failed."
|
|
fi
|
|
|
|
exec /usr/local/bin/setuidgid qscand $path_to_clamd
|
|
|
|
# --
|
|
# END /usr/local/clamav/supervise/clamd/run file.
|
|
# --
|
|
|
|
Create the /usr/local/clamav/supervise/clamd/log/run file:
|
|
|
|
#vi /usr/local/clamav/supervise/clamd/log/run
|
|
|
|
#!/bin/sh
|
|
exec /usr/local/bin/setuidgid qscand /usr/local/bin/multilog t /var/log/clamd
|
|
</PRE
|
|
></FONT
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><P
|
|
> <EM
|
|
>/usr/local/clamav/supervise/clamd/log/run</EM
|
|
>
|
|
</P
|
|
><TABLE
|
|
BORDER="0"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><FONT
|
|
COLOR="#000000"
|
|
><PRE
|
|
CLASS="programlisting"
|
|
> #!/bin/sh
|
|
exec /usr/local/bin/setuidgid qscand /usr/local/bin/multilog t /var/log/clamd
|
|
</PRE
|
|
></FONT
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
></DIV
|
|
><DIV
|
|
CLASS="appendix"
|
|
><HR><H1
|
|
><A
|
|
NAME="AEN362"
|
|
></A
|
|
>Appendix C. Software</H1
|
|
><P
|
|
></P
|
|
><TABLE
|
|
BORDER="0"
|
|
><TBODY
|
|
><TR
|
|
><TD
|
|
>qmail- <A
|
|
HREF="http://www.qmail.org/netqmail-1.05.tar.gz"
|
|
TARGET="_top"
|
|
> <I
|
|
CLASS="citetitle"
|
|
>http://www.qmail.org/netqmail-1.05.tar.gz </I
|
|
></A
|
|
></TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
>Daemontools- <A
|
|
HREF="ftp://cr.yp.to/daemontools/daemontools-0.76.tar.gz"
|
|
TARGET="_top"
|
|
> <I
|
|
CLASS="citetitle"
|
|
>ftp://cr.yp.to/daemontools/daemontools-0.76.tar.gz</I
|
|
></A
|
|
></TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
>ClamAV- <A
|
|
HREF="http://prodownloads.sourceforge.net/clamav/clamav-0.65.tar.gz"
|
|
TARGET="_top"
|
|
> <I
|
|
CLASS="citetitle"
|
|
>http://prodownloads.sourceforge.net/clamav/clamav-0.65.tar.gz</I
|
|
>
|
|
</A
|
|
></TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
>QMAILQUEUE Patch- <A
|
|
HREF="http://www.qmail.org/top.html#qmailqueue"
|
|
TARGET="_top"
|
|
> <I
|
|
CLASS="citetitle"
|
|
>http://www.qmail.org/top.html#qmailqueue</I
|
|
></A
|
|
></TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
>MailDrop- <A
|
|
HREF="http://download.sourceforge.net/courier"
|
|
TARGET="_top"
|
|
> <I
|
|
CLASS="citetitle"
|
|
>http://download.sourceforge.net/courier</I
|
|
></A
|
|
></TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
>Time::HiRes - <A
|
|
HREF="http://search.cpan.org/search?module=Time::HiRes"
|
|
TARGET="_top"
|
|
> <I
|
|
CLASS="citetitle"
|
|
>http://search.cpan.org/search?module=Time::HiRes</I
|
|
></A
|
|
></TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
>DB_File- <A
|
|
HREF="http://search.cpan.org/search?module=DB_File"
|
|
TARGET="_top"
|
|
> <I
|
|
CLASS="citetitle"
|
|
>http://search.cpan.org/search?module=DB_File</I
|
|
></A
|
|
></TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
>TNEF unpacker- <A
|
|
HREF="http://sourcforge.net/projects/tnef"
|
|
TARGET="_top"
|
|
> <I
|
|
CLASS="citetitle"
|
|
>http://sourcforge.net/projects/tnef</I
|
|
></A
|
|
></TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
>Qmail-Scanner- <A
|
|
HREF="http://prodownloads.sourceforge.net/qmail-scanner/qmail-scanner-1.20.tgz?download"
|
|
TARGET="_top"
|
|
> <I
|
|
CLASS="citetitle"
|
|
>http://prodownloads.sourceforge.net/qmail-scanner/qmail-scanner-1.20.tgz?download
|
|
</I
|
|
></A
|
|
></TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
>MIME type RFC- <A
|
|
HREF="http://www.ietf.org/rfc/rfc1521.txt?number=1521"
|
|
TARGET="_top"
|
|
> <I
|
|
CLASS="citetitle"
|
|
>http://www.ietf.org/rfc/rfc1521.txt?number=1521</I
|
|
></A
|
|
></TD
|
|
></TR
|
|
></TBODY
|
|
></TABLE
|
|
><P
|
|
></P
|
|
></DIV
|
|
><DIV
|
|
CLASS="appendix"
|
|
><HR><H1
|
|
><A
|
|
NAME="gfdl"
|
|
></A
|
|
>Appendix D. GNU Free Documentation License</H1
|
|
><FONT
|
|
COLOR="RED"
|
|
>Version 1.2, November 2002</FONT
|
|
><A
|
|
NAME="fsf-copyright"
|
|
></A
|
|
><BLOCKQUOTE
|
|
CLASS="BLOCKQUOTE"
|
|
><P
|
|
><B
|
|
>FSF Copyright note</B
|
|
></P
|
|
><P
|
|
>Copyright (C) 2000,2001,2002 Free Software Foundation, Inc. 59 Temple
|
|
Place, Suite 330, Boston, MA 02111-1307 USA Everyone is permitted to copy and
|
|
distribute verbatim copies of this license document, but changing it is not
|
|
allowed.</P
|
|
></BLOCKQUOTE
|
|
><DIV
|
|
CLASS="section"
|
|
><HR><H1
|
|
CLASS="section"
|
|
><A
|
|
NAME="gfdl-0"
|
|
></A
|
|
>D.1. PREAMBLE</H1
|
|
><P
|
|
>The purpose of this License is to make a manual, textbook, or other
|
|
functional and useful document "free" in the sense of freedom: to assure
|
|
everyone the effective freedom to copy and redistribute it, with or without
|
|
modifying it, either commercially or noncommercially. Secondarily, this
|
|
License preserves for the author and publisher a way to get credit for their
|
|
work, while not being considered responsible for modifications made by
|
|
others.</P
|
|
><P
|
|
>This License is a kind of "copyleft", which means that derivative works
|
|
of the document must themselves be free in the same sense. It complements the
|
|
GNU General Public License, which is a copyleft license designed for free
|
|
software.</P
|
|
><P
|
|
>We have designed this License in order to use it for manuals for free
|
|
software, because free software needs free documentation: a free program
|
|
should come with manuals providing the same freedoms that the software does.
|
|
But this License is not limited to software manuals; it can be used for any
|
|
textual work, regardless of subject matter or whether it is published as a
|
|
printed book. We recommend this License principally for works whose purpose
|
|
is instruction or reference.</P
|
|
></DIV
|
|
><DIV
|
|
CLASS="section"
|
|
><HR><H1
|
|
CLASS="section"
|
|
><A
|
|
NAME="gfdl-1"
|
|
></A
|
|
>D.2. APPLICABILITY AND DEFINITIONS</H1
|
|
><P
|
|
>This License applies to any manual or other work, in any
|
|
medium, that contains a notice placed by the copyright holder saying it can
|
|
be distributed under the terms of this License. Such a notice grants a
|
|
world-wide, royalty-free license, unlimited in duration, to use that work
|
|
under the conditions stated herein. The "Document", below, refers to any such
|
|
manual or work. Any member of the public is a licensee, and is addressed as
|
|
"you". You accept the license if you copy, modify or distribute the work in a
|
|
way requiring permission under copyright law.</P
|
|
><P
|
|
>A "Modified Version" of the Document means any work
|
|
containing the Document or a portion of it, either copied verbatim, or with
|
|
modifications and/or translated into another language.</P
|
|
><P
|
|
>A "Secondary Section" is a named appendix or a
|
|
front-matter section of the Document that deals exclusively with the
|
|
relationship of the publishers or authors of the Document to the Document's
|
|
overall subject (or to related matters) and contains nothing that could fall
|
|
directly within that overall subject. (Thus, if the Document is in part a
|
|
textbook of mathematics, a Secondary Section may not explain any
|
|
mathematics.) The relationship could be a matter of historical connection
|
|
with the subject or with related matters, or of legal, commercial,
|
|
philosophical, ethical or political position regarding them.</P
|
|
><P
|
|
>The "Invariant Sections" are certain Secondary
|
|
Sections whose titles are designated, as being those of Invariant Sections,
|
|
in the notice that says that the Document is released under this License. If
|
|
a section does not fit the above definition of Secondary then it is not
|
|
allowed to be designated as Invariant. The Document may contain zero
|
|
Invariant Sections. If the Document does not identify any Invariant Sections
|
|
then there are none.</P
|
|
><P
|
|
>The "Cover Texts" are certain short passages of text
|
|
that are listed, as Front-Cover Texts or Back-Cover Texts, in the notice that
|
|
says that the Document is released under this License. A Front-Cover Text may
|
|
be at most 5 words, and a Back-Cover Text may be at most 25 words.</P
|
|
><P
|
|
>A "Transparent" copy of the Document means a
|
|
machine-readable copy, represented in a format whose specification is
|
|
available to the general public, that is suitable for revising the document
|
|
straightforwardly with generic text editors or (for images composed of
|
|
pixels) generic paint programs or (for drawings) some widely available
|
|
drawing editor, and that is suitable for input to text formatters or for
|
|
automatic translation to a variety of formats suitable for input to text
|
|
formatters. A copy made in an otherwise Transparent file format whose markup,
|
|
or absence of markup, has been arranged to thwart or discourage subsequent
|
|
modification by readers is not Transparent. An image format is not
|
|
Transparent if used for any substantial amount of text. A copy that is not
|
|
"Transparent" is called "Opaque".</P
|
|
><P
|
|
>Examples of suitable formats for Transparent copies include plain ASCII
|
|
without markup, Texinfo input format, LaTeX input format, SGML or XML using a
|
|
publicly available DTD, and standard-conforming simple HTML, PostScript or
|
|
PDF designed for human modification. Examples of transparent image formats
|
|
include PNG, XCF and JPG. Opaque formats include proprietary formats that can
|
|
be read and edited only by proprietary word processors, SGML or XML for which
|
|
the DTD and/or processing tools are not generally available, and the
|
|
machine-generated HTML, PostScript or PDF produced by some word processors
|
|
for output purposes only.</P
|
|
><P
|
|
>The "Title Page" means, for a printed book, the
|
|
title page itself, plus such following pages as are needed to hold, legibly,
|
|
the material this License requires to appear in the title page. For works in
|
|
formats which do not have any title page as such, "Title Page" means the text
|
|
near the most prominent appearance of the work's title, preceding the
|
|
beginning of the body of the text.</P
|
|
><P
|
|
>A section "Entitled XYZ" means a named subunit of the
|
|
Document whose title either is precisely XYZ or contains XYZ in parentheses
|
|
following text that translates XYZ in another language. (Here XYZ stands for
|
|
a specific section name mentioned below, such as "Acknowledgements",
|
|
"Dedications", "Endorsements", or "History".) To "Preserve the Title" of such
|
|
a section when you modify the Document means that it remains a section
|
|
"Entitled XYZ" according to this definition.</P
|
|
><P
|
|
>The Document may include Warranty Disclaimers next to the notice which
|
|
states that this License applies to the Document. These Warranty Disclaimers
|
|
are considered to be included by reference in this License, but only as
|
|
regards disclaiming warranties: any other implication that these Warranty
|
|
Disclaimers may have is void and has no effect on the meaning of this
|
|
License.</P
|
|
></DIV
|
|
><DIV
|
|
CLASS="section"
|
|
><HR><H1
|
|
CLASS="section"
|
|
><A
|
|
NAME="gfdl-2"
|
|
></A
|
|
>D.3. VERBATIM COPYING</H1
|
|
><P
|
|
>You may copy and distribute the Document in any medium, either
|
|
commercially or noncommercially, provided that this License, the copyright
|
|
notices, and the license notice saying this License applies to the Document
|
|
are reproduced in all copies, and that you add no other conditions whatsoever
|
|
to those of this License. You may not use technical measures to obstruct or
|
|
control the reading or further copying of the copies you make or distribute.
|
|
However, you may accept compensation in exchange for copies. If you
|
|
distribute a large enough number of copies you must also follow the
|
|
conditions in section 3.</P
|
|
><P
|
|
>You may also lend copies, under the same conditions stated above, and
|
|
you may publicly display copies.</P
|
|
></DIV
|
|
><DIV
|
|
CLASS="section"
|
|
><HR><H1
|
|
CLASS="section"
|
|
><A
|
|
NAME="gfdl-3"
|
|
></A
|
|
>D.4. COPYING IN QUANTITY</H1
|
|
><P
|
|
>If you publish printed copies (or copies in media that commonly have
|
|
printed covers) of the Document, numbering more than 100, and the Document's
|
|
license notice requires Cover Texts, you must enclose the copies in covers
|
|
that carry, clearly and legibly, all these Cover Texts: Front-Cover Texts on
|
|
the front cover, and Back-Cover Texts on the back cover. Both covers must
|
|
also clearly and legibly identify you as the publisher of these copies. The
|
|
front cover must present the full title with all words of the title equally
|
|
prominent and visible. You may add other material on the covers in addition.
|
|
Copying with changes limited to the covers, as long as they preserve the
|
|
title of the Document and satisfy these conditions, can be treated as
|
|
verbatim copying in other respects.</P
|
|
><P
|
|
>If the required texts for either cover are too voluminous to fit
|
|
legibly, you should put the first ones listed (as many as fit reasonably) on
|
|
the actual cover, and continue the rest onto adjacent pages.</P
|
|
><P
|
|
>If you publish or distribute Opaque copies of the Document numbering
|
|
more than 100, you must either include a machine-readable Transparent copy
|
|
along with each Opaque copy, or state in or with each Opaque copy a
|
|
computer-network location from which the general network-using public has
|
|
access to download using public-standard network protocols a complete
|
|
Transparent copy of the Document, free of added material. If you use the
|
|
latter option, you must take reasonably prudent steps, when you begin
|
|
distribution of Opaque copies in quantity, to ensure that this Transparent
|
|
copy will remain thus accessible at the stated location until at least one
|
|
year after the last time you distribute an Opaque copy (directly or through
|
|
your agents or retailers) of that edition to the public.</P
|
|
><P
|
|
>It is requested, but not required, that you contact the authors of the
|
|
Document well before redistributing any large number of copies, to give them
|
|
a chance to provide you with an updated version of the Document.</P
|
|
></DIV
|
|
><DIV
|
|
CLASS="section"
|
|
><HR><H1
|
|
CLASS="section"
|
|
><A
|
|
NAME="gfdl-4"
|
|
></A
|
|
>D.5. MODIFICATIONS</H1
|
|
><P
|
|
>You may copy and distribute a Modified Version of the Document under the
|
|
conditions of sections 2 and 3 above, provided that you release the Modified
|
|
Version under precisely this License, with the Modified Version filling the
|
|
role of the Document, thus licensing distribution and modification of the
|
|
Modified Version to whoever possesses a copy of it. In addition, you must do
|
|
these things in the Modified Version:</P
|
|
><P
|
|
></P
|
|
><P
|
|
><B
|
|
>GNU FDL Modification Conditions</B
|
|
></P
|
|
><OL
|
|
TYPE="A"
|
|
><LI
|
|
><P
|
|
>Use in the Title Page (and on the covers, if any) a title distinct
|
|
from that of the Document, and from those of previous versions (which
|
|
should, if there were any, be listed in the History section of the
|
|
Document). You may use the same title as a previous version if the original
|
|
publisher of that version gives permission.</P
|
|
></LI
|
|
><LI
|
|
><P
|
|
>List on the Title Page, as authors, one or more persons or entities
|
|
responsible for authorship of the modifications in the Modified Version,
|
|
together with at least five of the principal authors of the Document (all
|
|
of its principal authors, if it has fewer than five), unless they release
|
|
you from this requirement.</P
|
|
></LI
|
|
><LI
|
|
><P
|
|
>State on the Title page the name of the publisher of the Modified
|
|
Version, as the publisher.</P
|
|
></LI
|
|
><LI
|
|
><P
|
|
>Preserve all the copyright notices of the Document.</P
|
|
></LI
|
|
><LI
|
|
><P
|
|
>Add an appropriate copyright notice for your modifications adjacent
|
|
to the other copyright notices.</P
|
|
></LI
|
|
><LI
|
|
><P
|
|
>Include, immediately after the copyright notices, a
|
|
license notice giving the public permission to use the Modified
|
|
Version under the terms of this License, in the form shown in the
|
|
<A
|
|
HREF="#gfdl-addendum"
|
|
>Addendum</A
|
|
> below.
|
|
</P
|
|
></LI
|
|
><LI
|
|
><P
|
|
>Preserve in that license notice the full lists of Invariant
|
|
Sections and required Cover Texts given in the Document's license notice.</P
|
|
></LI
|
|
><LI
|
|
><P
|
|
>Include an unaltered copy of this License.</P
|
|
></LI
|
|
><LI
|
|
><P
|
|
>Preserve the section Entitled "History", Preserve its Title, and
|
|
add to it an item stating at least the title, year, new authors, and
|
|
publisher of the Modified Version as given on the Title Page. If there is
|
|
no section Entitled "History" in the Document, create one stating the
|
|
title, year, authors, and publisher of the Document as given on its Title
|
|
Page, then add an item describing the Modified Version as stated in the
|
|
previous sentence.</P
|
|
></LI
|
|
><LI
|
|
><P
|
|
>Preserve the network location, if any, given in the Document for
|
|
public access to a Transparent copy of the Document, and likewise the
|
|
network locations given in the Document for previous versions it was based
|
|
on. These may be placed in the "History" section. You may omit a network
|
|
location for a work that was published at least four years before the
|
|
Document itself, or if the original publisher of the version it refers to
|
|
gives permission.</P
|
|
></LI
|
|
><LI
|
|
><P
|
|
>For any section Entitled "Acknowledgements" or "Dedications",
|
|
Preserve the Title of the section, and preserve in the section all the
|
|
substance and tone of each of the contributor acknowledgements and/or
|
|
dedications given therein.</P
|
|
></LI
|
|
><LI
|
|
><P
|
|
>Preserve all the Invariant Sections of the Document, unaltered in
|
|
their text and in their titles. Section numbers or the equivalent are not
|
|
considered part of the section titles.</P
|
|
></LI
|
|
><LI
|
|
><P
|
|
>Delete any section Entitled "Endorsements". Such a section may not
|
|
be included in the Modified Version.</P
|
|
></LI
|
|
><LI
|
|
><P
|
|
>Do not retitle any existing section to be Entitled "Endorsements"
|
|
or to conflict in title with any Invariant Section.</P
|
|
></LI
|
|
><LI
|
|
><P
|
|
>Preserve any Warranty Disclaimers.</P
|
|
></LI
|
|
></OL
|
|
><P
|
|
>If the Modified Version includes new front-matter sections or appendices
|
|
that qualify as Secondary Sections and contain no material copied from the
|
|
Document, you may at your option designate some or all of these sections as
|
|
invariant. To do this, add their titles to the list of Invariant Sections in
|
|
the Modified Version's license notice. These titles must be distinct from any
|
|
other section titles.</P
|
|
><P
|
|
>You may add a section Entitled "Endorsements", provided it contains
|
|
nothing but endorsements of your Modified Version by various parties--for
|
|
example, statements of peer review or that the text has been approved by an
|
|
organization as the authoritative definition of a standard.</P
|
|
><P
|
|
>You may add a passage of up to five words as a Front-Cover Text, and a
|
|
passage of up to 25 words as a Back-Cover Text, to the end of the list of
|
|
Cover Texts in the Modified Version. Only one passage of Front-Cover Text and
|
|
one of Back-Cover Text may be added by (or through arrangements made by) any
|
|
one entity. If the Document already includes a cover text for the same cover,
|
|
previously added by you or by arrangement made by the same entity you are
|
|
acting on behalf of, you may not add another; but you may replace the old
|
|
one, on explicit permission from the previous publisher that added the old
|
|
one.</P
|
|
><P
|
|
>The author(s) and publisher(s) of the Document do not by this License
|
|
give permission to use their names for publicity for or to assert or imply
|
|
endorsement of any Modified Version.</P
|
|
></DIV
|
|
><DIV
|
|
CLASS="section"
|
|
><HR><H1
|
|
CLASS="section"
|
|
><A
|
|
NAME="gfdl-5"
|
|
></A
|
|
>D.6. COMBINING DOCUMENTS</H1
|
|
><P
|
|
>You may combine the Document with other documents released under this
|
|
License, under the terms defined in <A
|
|
HREF="#gfdl-4"
|
|
>section
|
|
4</A
|
|
> above for modified versions, provided that you include in the
|
|
combination all of the Invariant Sections of all of the original
|
|
documents, unmodified, and list them all as Invariant Sections of your
|
|
combined work in its license notice, and that you preserve all their
|
|
Warranty Disclaimers.</P
|
|
><P
|
|
>The combined work need only contain one copy of this License, and
|
|
multiple identical Invariant Sections may be replaced with a single copy. If
|
|
there are multiple Invariant Sections with the same name but different
|
|
contents, make the title of each such section unique by adding at the end of
|
|
it, in parentheses, the name of the original author or publisher of that
|
|
section if known, or else a unique number. Make the same adjustment to the
|
|
section titles in the list of Invariant Sections in the license notice of the
|
|
combined work.</P
|
|
><P
|
|
>In the combination, you must combine any sections Entitled "History" in
|
|
the various original documents, forming one section Entitled "History";
|
|
likewise combine any sections Entitled "Acknowledgements", and any sections
|
|
Entitled "Dedications". You must delete all sections Entitled "Endorsements".</P
|
|
></DIV
|
|
><DIV
|
|
CLASS="section"
|
|
><HR><H1
|
|
CLASS="section"
|
|
><A
|
|
NAME="gfdl-6"
|
|
></A
|
|
>D.7. COLLECTIONS OF DOCUMENTS</H1
|
|
><P
|
|
>You may make a collection consisting of the Document and other documents
|
|
released under this License, and replace the individual copies of this
|
|
License in the various documents with a single copy that is included in the
|
|
collection, provided that you follow the rules of this License for verbatim
|
|
copying of each of the documents in all other respects.</P
|
|
><P
|
|
>You may extract a single document from such a collection, and distribute
|
|
it individually under this License, provided you insert a copy of this
|
|
License into the extracted document, and follow this License in all other
|
|
respects regarding verbatim copying of that document.</P
|
|
></DIV
|
|
><DIV
|
|
CLASS="section"
|
|
><HR><H1
|
|
CLASS="section"
|
|
><A
|
|
NAME="gfdl-7"
|
|
></A
|
|
>D.8. AGGREGATION WITH INDEPENDENT WORKS</H1
|
|
><P
|
|
>A compilation of the Document or its derivatives with other separate and
|
|
independent documents or works, in or on a volume of a storage or
|
|
distribution medium, is called an "aggregate" if the copyright resulting from
|
|
the compilation is not used to limit the legal rights of the compilation's
|
|
users beyond what the individual works permit. When the Document is included
|
|
in an aggregate, this License does not apply to the other works in the
|
|
aggregate which are not themselves derivative works of the Document.</P
|
|
><P
|
|
>If the Cover Text requirement of section 3 is applicable to these copies
|
|
of the Document, then if the Document is less than one half of the entire
|
|
aggregate, the Document's Cover Texts may be placed on covers that bracket
|
|
the Document within the aggregate, or the electronic equivalent of covers if
|
|
the Document is in electronic form. Otherwise they must appear on printed
|
|
covers that bracket the whole aggregate.</P
|
|
></DIV
|
|
><DIV
|
|
CLASS="section"
|
|
><HR><H1
|
|
CLASS="section"
|
|
><A
|
|
NAME="gfdl-8"
|
|
></A
|
|
>D.9. TRANSLATION</H1
|
|
><P
|
|
>Translation is considered a kind of modification, so you may distribute
|
|
translations of the Document under the terms of section 4. Replacing
|
|
Invariant Sections with translations requires special permission from their
|
|
copyright holders, but you may include translations of some or all Invariant
|
|
Sections in addition to the original versions of these Invariant Sections.
|
|
You may include a translation of this License, and all the license notices in
|
|
the Document, and any Warranty Disclaimers, provided that you also include
|
|
the original English version of this License and the original versions of
|
|
those notices and disclaimers. In case of a disagreement between the
|
|
translation and the original version of this License or a notice or
|
|
disclaimer, the original version will prevail.</P
|
|
><P
|
|
>If a section in the Document is Entitled "Acknowledgements",
|
|
"Dedications", or "History", the requirement (section 4) to Preserve its
|
|
Title (section 1) will typically require changing the actual title.</P
|
|
></DIV
|
|
><DIV
|
|
CLASS="section"
|
|
><HR><H1
|
|
CLASS="section"
|
|
><A
|
|
NAME="gfdl-9"
|
|
></A
|
|
>D.10. TERMINATION</H1
|
|
><P
|
|
>You may not copy, modify, sublicense, or distribute the Document except
|
|
as expressly provided for under this License. Any other attempt to copy,
|
|
modify, sublicense or distribute the Document is void, and will automatically
|
|
terminate your rights under this License. However, parties who have received
|
|
copies, or rights, from you under this License will not have their licenses
|
|
terminated so long as such parties remain in full compliance.</P
|
|
></DIV
|
|
><DIV
|
|
CLASS="section"
|
|
><HR><H1
|
|
CLASS="section"
|
|
><A
|
|
NAME="gfdl-10"
|
|
></A
|
|
>D.11. FUTURE REVISIONS OF THIS LICENSE</H1
|
|
><P
|
|
>The Free Software Foundation may publish new, revised versions of the
|
|
GNU Free Documentation License from time to time. Such new versions will be
|
|
similar in spirit to the present version, but may differ in detail to address
|
|
new problems or concerns. See http://www.gnu.org/copyleft/.</P
|
|
><P
|
|
>Each version of the License is given a distinguishing version number. If
|
|
the Document specifies that a particular numbered version of this License "or
|
|
any later version" applies to it, you have the option of following the terms
|
|
and conditions either of that specified version or of any later version that
|
|
has been published (not as a draft) by the Free Software Foundation. If the
|
|
Document does not specify a version number of this License, you may choose
|
|
any version ever published (not as a draft) by the Free Software Foundation.</P
|
|
></DIV
|
|
><DIV
|
|
CLASS="section"
|
|
><HR><H1
|
|
CLASS="section"
|
|
><A
|
|
NAME="gfdl-addendum"
|
|
></A
|
|
>D.12. ADDENDUM: How to use this License for your documents</H1
|
|
><P
|
|
>To use this License in a document you have written, include a copy of
|
|
the License in the document and put the following copyright and license
|
|
notices just after the title page:</P
|
|
><A
|
|
NAME="copyright-sample"
|
|
></A
|
|
><BLOCKQUOTE
|
|
CLASS="BLOCKQUOTE"
|
|
><P
|
|
><B
|
|
>Sample Invariant Sections list</B
|
|
></P
|
|
><P
|
|
>Copyright (c) YEAR YOUR NAME. Permission is granted to copy, distribute
|
|
and/or modify this document under the terms of the GNU Free Documentation
|
|
License, Version 1.2 or any later version published by the Free Software
|
|
Foundation; with no Invariant Sections, no Front-Cover Texts, and no
|
|
Back-Cover Texts. A copy of the license is included in the section entitled
|
|
"GNU Free Documentation License".</P
|
|
></BLOCKQUOTE
|
|
><P
|
|
>If you have Invariant Sections, Front-Cover Texts and Back-Cover Texts,
|
|
replace the "with...Texts." line with this:</P
|
|
><A
|
|
NAME="inv-cover-sample"
|
|
></A
|
|
><BLOCKQUOTE
|
|
CLASS="BLOCKQUOTE"
|
|
><P
|
|
><B
|
|
>Sample Invariant Sections list</B
|
|
></P
|
|
><P
|
|
>with the Invariant Sections being LIST THEIR TITLES, with the
|
|
Front-Cover Texts being LIST, and with the Back-Cover Texts being LIST.</P
|
|
></BLOCKQUOTE
|
|
><P
|
|
>If you have Invariant Sections without Cover Texts, or some other
|
|
combination of the three, merge those two alternatives to suit the situation.</P
|
|
><P
|
|
>If your document contains nontrivial examples of program code, we
|
|
recommend releasing these examples in parallel under your choice of free
|
|
software license, such as the GNU General Public License, to permit their use
|
|
in free software.</P
|
|
></DIV
|
|
></DIV
|
|
></DIV
|
|
></BODY
|
|
></HTML
|
|
> |