我有一个可以运行的 Exim 设置,想在其中添加 AV 扫描。我按照设置 ClamAV 的说明进行操作在这个网站。所以现在我对该/var/spool/exim目录的权限如下:
root@luxembourg:/var/spool/exim# ls -la
total 28
drwxrws--- 6 exim exim 4096 2011-10-04 15:54 .
drwxr-xr-x 5 root root 4096 2011-09-30 13:45 ..
drwxrws--- 2 exim exim 4096 2011-10-04 14:26 db
-rw-r--r-- 1 root exim 6 2011-10-07 14:41 exim-daemon.pid
drwxrws--- 29 exim exim 4096 2011-10-07 14:33 input
drwxrws--- 24 exim exim 4096 2011-10-07 11:24 msglog
drwxrws--- 2 exim exim 4096 2011-10-07 14:48 scan
此外,clamav 用户是 exim 组的一部分:
root@luxembourg:/var/spool/exim# grep clamav /etc/group
exim:x:1001:clamav
clamav:x:111:
另外,clamd.conf 文件中有以下行:
AllowSupplementaryGroups true
但是,我收到这些错误:
2011-10-07 14:41:55 1RC9kR-0006mz-KD malware acl condition: clamd: ClamAV returned: /var/spool/exim/scan/1RC9kR-0006mz-KD/1RC9kR-0006mz-KD.eml: Can't open file or directory ERROR
2011-10-07 14:41:55 1RC9kR-0006mz-KD H=mail-vw0-f51.google.com [209.85.212.51] F=<[email protected]> temporarily rejected after DATA
2011-10-07 14:42:45 1RC9lF-0006no-0Q malware acl condition: clamd: ClamAV returned: /var/spool/exim/scan/1RC9lF-0006no-0Q/1RC9lF-0006no-0Q.eml: Can't open file or directory ERROR
2011-10-07 14:42:45 1RC9lF-0006no-0Q H=mail-vw0-f51.google.com [209.85.212.51] F=<[email protected]> temporarily rejected after DATA
2011-10-07 14:46:43 1RC9p5-0006nq-DV malware acl condition: clamd: ClamAV returned: /var/spool/exim/scan/1RC9p5-0006nq-DV/1RC9p5-0006nq-DV.eml: Can't open file or directory ERROR
2011-10-07 14:46:43 1RC9p5-0006nq-DV H=mail-vw0-f51.google.com [209.85.212.51] F=<[email protected]> temporarily rejected after DATA
2011-10-07 14:48:20 1RC9qe-0006nt-0v malware acl condition: clamd: ClamAV returned: /var/spool/exim/scan/1RC9qe-0006nt-0v/1RC9qe-0006nt-0v.eml: Can't open file or directory ERROR
2011-10-07 14:48:20 1RC9qe-0006nt-0v H=mail-vw0-f51.google.com [209.85.212.51] F=<[email protected]> temporarily rejected after DATA
2011-10-07 14:49:44 1RC9rz-0006o3-SP malware acl condition: clamd: ClamAV returned: /var/spool/exim/scan/1RC9rz-0006o3-SP/1RC9rz-0006o3-SP.eml: Can't open file or directory ERROR
2011-10-07 14:49:44 1RC9rz-0006o3-SP H=mail-vx0-f179.google.com [209.85.220.179] F=<[email protected]> temporarily rejected after DATA
2011-10-07 14:51:04 1RC9tB-0006oF-Uf malware acl condition: clamd: ClamAV returned: /var/spool/exim/scan/1RC9tB-0006oF-Uf/1RC9tB-0006oF-Uf.eml: Can't open file or directory ERROR
2011-10-07 14:51:04 1RC9tB-0006oF-Uf H=localhost (mailserver.com) [127.0.0.1] F=<[email protected]> temporarily rejected after DATA
我收到发送到我服务器的所有邮件的这些邮件,因此,所有邮件都被“暂时”拒绝。这对我来说毫无意义,因为目录权限是正确的,并clamav以正确的用户身份运行。
我甚至尝试clamav与exim用户一起运行,但没有任何变化(这更加令人费解......)。
有任何想法吗?
答案1
我遇到了和你一样的问题,我花了一段时间才找出问题的根源,但最终我成功了。
首先;您必须编辑 clamd apparmor 配置文件:
/etc/apparmor.d/usr.sbin.clamd
由于您是从源代码安装的,请编辑以下行:
# For use with exim /var/spool/exim4/** r,
到
# For use with exim /var/spool/exim/** r,
然后添加这一行:
/var/spool/exim/scan/** rw,
sudo /etc/init.d/apparmor restart 重新加载配置文件。
不过,执行此操作后,我仍然收到权限错误,并且我发现 exim 和 clamav 用户权限并不总是能很好地协同工作。因此,我将 clamd.conf 设置为以与 exim 相同的用户和组运行。
就我而言,
LocalSocketGroup 接口
用户 yscheelen
重新启动 clamav-daemon 后,我设法通过 Telnet 发送病毒字符串。
Clamav.log 输出:
2011 年 10 月 9 日星期日 22:27:16 -> /var/spool/exim/scan/1RCzxo-0007tg-DW/1RCzxo-0007tg-DW.eml:已找到 Eicar-Test-Signature(75b94725bb947ffef38ede71495c5106:605)
Exim.log输出:
2011-10-09 22:26:06 1RCzwh-0007tC-OE 已完成 2011-10-09 22:27:16 1RCzxo-0007tg-DW H=localhost [127.0.0.1] F= 数据后被拒绝:此邮件包含病毒(Eicar-Test-Signature)。
祝你好运,兄弟
答案2
只需将 clamav 使用的用户添加到 exim 使用的组中即可。以 Ubuntu 18.04 为例:
sudo adduser clamav Debian-exim
无需编辑 apparmor 配置文件。如果您要编辑,我建议您编辑 /etc/apparmor.d/local/usr.sbin.clamd。