¸ÞÀÏ·Î µé¾î¿À´Â ¹ÙÀÌ·¯½º Â÷´Ü AntiVir Milter ¼³Ä¡ ¹× ¿î¿µ | ÀÛ¼ºÀÏ : 2003/08/20 02:55 |
Á¶È¸¼ö : 13081 |
ÀÛ¼ºÀÚ : ÁÁÀºÁøÈ£(truefeel, http://coffeenix.net/ ) ÀÛ¼ºÀÏ : 2003.02.10 ¼öÁ¤ÀÏ : 2003.07.21 Á¤¸®ÀÏ : 2003.08.19 H+BEDV AntiVir´Â ÆÄÀϽýºÅÛ, ¸ÞÀÏ(AntiVir Milter), À¥(AntiVir WebGate)À» ÅëÇÑ ¹ÙÀÌ·¯½º¸¦ °Ë»çÇØÁÖ´Â ½ºÄ³³ÊÀÌ´Ù. ÆÐÅÏÀÌ ¾÷µ¥ÀÌÆ®µÇ¹Ç·Î ÃֽŠ¹ÙÀÌ·¯½º±îÁö °Ë»çÇÒ¼ö ÀÖ´Ù. Linux, OpenBSD, FreeBSD µîÀÇ OS¸¦ Áö¿øÇÑ´Ù. ±¹³»¿¡¼µµ ¿©·¯ °÷¿¡¼ ¾²°í ÀÖ´Â °ÍÀ¸·Î ¾Æ´Âµ¥, ¼³Ä¡ ¹× ¿î¿µ¿¡ ´ëÇÑ ±ÛÀÌ Çѱ۷ΠµÈ °ÍÀ» ã±â Èûµé¾î(?) ±âÁ¸¿¡ ½áµ×´ø ±ÛÀ» Á» ´Ùµë¾î ¿Ã¸°´Ù. AntiVir´Â °³Àο¡ ÇÑÇÏ¿© ¹«·á·Î ¾µ ¼ö ÀÖ´Â key¸¦ Á¦°øÇÑ´Ù. 1°³ÀÇ key ÆÄÀÏ·Î AntiVir for Linux and FreeBSD, AVMailGate for Linux, AntiVir for Linux Workstation, AntiVir Command Line Scanner for Linux ¸¦ »ç¿ëÇÒ ¼ö ÀÖ´Ù. 1. AntiVir Milter ¼³Ä¡ http://www.hbedv.com/ -> Downloads (http://www.hbedv.com/download/download.htm) ¿¡¼ AntiVir Milter for Linux (avlxmlt.tgz) ¸¦ ¹Þ¾Æ¿Â´Ù. ------------------------------------------ [root@truefeel root]# tar xvfz avlxmlt.tgz [root@truefeel root]# cd antivir-milter-x.y.z (x.y.z ´Â ¹öÀü) ------------------------------------------ INSTALL ÆÄÀÏÀ» ÀÐÀ¸¸é ¼³Ä¡ ¹æ¹ýÀÌ Àß ³ª¿Í ÀÖÀ¸´Ï Âü°íÇϱ⠹ٶõ´Ù. 1) ½ÇÇà ÆÄÀÏ ¼³Ä¡ --------------------------------------- mkdir /usr/lib/AntiVir cp bin/avmilter /usr/sbin cp script/avq /usr/lib/AntiVir (AntiVir Milter¿ë ¸ÞÀÏÅ¥ °ü¸®½ºÅ©¸³Æ®) ln -s /usr/lib/AntiVir/avq /usr/sbin/avq AntiVir for Linux¸¦ ¼³Ä¡ÇÑÀûÀÌ ¾øÀ» °æ¿ì ´ÙÀ½°ú °°ÀÌ ¿£Áø±îÁö ÇÔ²² º¹»ç cp bin/antivir /usr/lib/AntiVir ln -s /usr/lib/AntiVir/antivir /usr/sbin/antivir --------------------------------------- ¡Ø AntiVir for Linux(Scanner¸¦ ¸»ÇÔ)´Â installer°¡ Á¦°øµÇ¾î ½±°Ô ¼³Ä¡ÇÒ ¼ö ÀÖÀ¸¸ç, ¿î¿µÁß¿¡ AntiVir Milter¸¦ Ãß°¡ ¼³Ä¡°¡ °¡´ÉÇÏ´Ù. Àú´Â ÇϳªÀÇ ½Ã½ºÅÛÀº AntiVir ¿î¿µÁß¿¡ AntiVir Milter¸¦ Ãß°¡ ¼³Ä¡Çß°í, ´Ù¸¥ ½Ã½ºÅÛÀº AntiVir MilterºÎÅÍ ¼³Ä¡ ¿î¿µÇÏ°í ÀÖ´Ù. 2) ÆÐÅÏ ÆÄÀÏ(antivir.vdf) ¹× ȯ°æ ÆÄÀÏ ¼³Ä¡ default·Î avmilter´Â uucp:uucp ±ÇÇÑÀ¸·Î ½ÇÇàµÈ´Ù. --------------------------------------- cp vdf/antivir.vdf /usr/lib/AntiVir cp etc/avmilter.conf /etc cp etc/antivir.conf /etc (AntiVir¸¦ ¼³Ä¡ÇÑ ÀûÀÌ ¾ø´Â °æ¿ì) --------------------------------------- 3) ºÎÆÃ¿ë ½ºÅ©¸³Æ® º¹»ç --------------------------------------- cp init.d/rc.avmilter /etc/rc.d/init.d/avmilter chkconfig --add avmilter --------------------------------------- 2. License key ¹Þ±â AntiVir for Linux Private User Registration ( http://www.hbedv.com/private/ ) ¿¡ °¢ Ç׸ñÀ» ÀÔ·ÂÇϸé ÇØ´ç ¸ÞÀÏ·Î ¶óÀ̼¾½º ÆÄÀÏÀÌ ¿Â´Ù. hbedv.key, lic_info.txt(ÀÌ txtÆÄÀÏÀº ¾ø¾îµµ ¿î¿µ¿¡´Â ¹®Á¦°¡ ¾øÁö¸¸)¸¦ /usr/lib/AntiVir ·Î º¹»çÇÏ°í hbedv.key´Â avmgate.keyÀ̸§À¸·Îµµ º¹»çÇÑ´Ù. ------------------------------------------ cp hbedv.key lic_info.txt /usr/lib/AntiVir (AntiVir¸¦ ¼³Ä¡ÇÑ ÀûÀÌ ¾ø´Â °æ¿ì) cp hbedv.key /usr/lib/AntiVir/avmgate.key chown uucp:uucp /usr/lib/AntiVir/avmgate.key ------------------------------------------ 3. Milter¿ë ¸ÞÀÏ ½ºÇ® µð·ºÅ丮 »ý¼º (/etc/avmilter.conf ¿¡¼ °æ·Î¿Í ½ÇÇà user default°ª º¯°æ °¡´É) ------------------------------------------ mkdir /var/spool/avmilter cd /var/spool/avmilter mkdir incoming outgoing rejected chown -R uucp:uucp /var/spool/avmilter chmod -R 700 /var/spool/avmilter ------------------------------------------ 4. sendmail.cf ¼³Á¤ ------------------------------------------ # Antivir Milter Xavmilter, S=inet:3333@localhost, F=R, T=S:10m;R:10m;E:10m O InputMailFilters=avmilter ------------------------------------------ ¸ÞÀÏÀ» ¼Û¼ö½ÅÇÏ°Ô µÇ¸é sendmailÀº 3333Æ÷Æ®ÀÇ avmilter¿¡°Ô Àü´ÞÇÏ°í, avmilter´Â ¹ÙÀÌ·¯½º°¡ ¾øÀ¸¸é ÇØ´ç »ç¿ëÀÚ¿¡°Ô Àü¼ÛÇÏ°Ô µÈ´Ù. ¸¸¾à ¹ÙÀÌ·¯½º°¡ Á¸ÀçÇϸé avmilter Å¥¿¡ ÀúÀåÀ» Çصθç, ¼Û¼ö½ÅÀÚ¿¢ ¸ÞÀÏ¿¡ ¹ÙÀÌ·¯½º°¡ ÀÖÀ½À» ¾Ë¸°´Ù. (ȯ°æ ¼³Á¤¿¡ µû¶ó ¾Ë¸®Áö ¾ÊÀ» ¼ö ÀÖ´Ù.) 5. ½ÇÇàÇϱâ ------------------------------------------ /usr/sbin/avmilter -p inet:3333@localhost ¶Ç´Â /etc/rc.d/init.d/avmilter start /etc/rc.d/init.d/sendmail restart (sendmail.cf ¼³Á¤ º¯°æÇßÀ¸¹Ç·Î Àç½ÇÇà ÇÊ¿ä) ------------------------------------------ netstat -atnp ·Î µ¿ÀÛÁßÀÎÁö È®ÀÎÇغ¸ÀÚ. ------------------------------------------ Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name ... tcp 0 0 127.0.0.1:3333 0.0.0.0:* LISTEN 4259/avmilter ... ------------------------------------------ /etc/rc.d/init.d/avmilter start ÇÒ ¶§ can't initialize scan engine ¿À·ù°¡ ¹ß»ýÇß´Ù¸é /var/tmp ¿¡ ¾µ ¼ö ÀÖ´Â ±ÇÇÑÀÌ ÀÖ´ÂÁö È®ÀÎÇغ»´Ù. ¶Ç´Â /usr/lib/Antivir/antivir°¡ Á¤»óÀûÀ¸·Î º¹»ç°¡ µÈ °ÍÀÎÁöµµ È®ÀÎÇغÁ¾ßÇÑ´Ù. ¡Ø Virus ¸ÞÀÏÀÏ ¶§, ¼Û¼ö½ÅÀÚ¿¡°Ô ¸ðµÎ alert ¸Þ½ÃÁö¸¦ º¸³»·Á¸é, /etc/avmilter.conf ¿¡ ´ÙÀ½ Ç׸ñÀ» YES·Î ¼³Á¤ VirusAlertToRcpt YES VirusAlertToSender YES ¼³Á¤ º¯°æ ÈÄ ¹Ýµå½Ã avmilter ¸¦ Àç½ÇÇàÇؾßÇÔ. ¡Ø ÆÐÅÏÀÌ ¸ÅÀÏ ÀÚµ¿ ¾÷µ¥ÀÌÆ® µÇµµ·Ï cron ¿¡ ´ÙÀ½À» ³Ö¾îµÐ´Ù. 20 4 * * * /usr/lib/AntiVir/antivir --update -q 6. ¹ÙÀÌ·¯½º¸¦ Á¤»óÀûÀ¸·Î üũÇÏ´ÂÁö È®ÀÎÇÏ´Â ¹æ¹ý 1) eicar Ç¥ÁØ ¾ÈƼ¹ÙÀÌ·¯½º Å×½ºÆ® ÆÄÀÏÀ» ¸ÞÀϷΠ÷ºÎÇؼ º¸³»¸é µÈ´Ù. ¾Æ·¡¿¡ ¿Å°ÜµÐ 68bytes ¸¦ eicar.com.txt ·Î ÀúÀåÇÑ ÈÄ Ã·ºÎÇϰųª ¸Þ½ÃÁö·Î ½á¼ ¿ÜºÎ¿¡¼ root@È£½ºÆ®¸í À¸·Î º¸³½´Ù. X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H* http://www.eicar.org/anti_virus_test_file.htm ¿¡¼ eicar.com.txt¸¦ ¹ÞÀ» ¼öµµ ÀÖ´Ù. 2) ¸¸¾à postmaster ÅëÇؼ ´ÙÀ½°ú °°Àº ¸Þ½ÃÁö¸¦ ¹Þ¾Ò´Ù¸é ¹ÙÀÌ·¯½º¸¦ Á¤»óÀûÀ¸·Î °Ë»çÇÏ°í ÀÖ´Ù´Â ÀǹÌÀÌ´Ù. ------------------------------------ .. »ý·« .. Subject: AntiVir ALERT [mail from: truefeel <truefeel@???????.net>] X-AntiVirus: checked by AntiVir Milter 1.0.4; AVE 6.20.0.1; VDF 6.20.0.43 * * * * * * * * * * * * * * * AntiVir ALERT * * * * * * * * * * * * * * * This version of AntiVir is licensed for private and non-commercial use. AntiVir has detected the following in a mail sent through your server: Eicar-Test-Signatur The mail was not delivered. .. »ý·« .. ------------------------------------ 7. AntiVir Milter¿ë ¸ÞÀÏÅ¥ °ü¸® AntiVir´Â avq¶ó´Â ½ºÅ©¸³Æ®¸¦ Á¦°øÇÑ´Ù. ------------------------------------ [root@truefeel root]# avq S ---Queue ID--- --Size-- ---Sender/Recipients------- v 06191-3F35903C 12425 <????@??????.?????.kr> <truefeel@????????.net> ------------------------------------ ¹ÙÀÌ·¯½º°¡ ÀÖ´Ù°í(State°¡ v) ÆÇ´ÜµÇ¾î ¹ß¼ÛÀÌ µÇÁö ¾Ê°í Å¥(/var/spool/avmilter)¿¡ ¸ÞÀÏÀÌ 1°³ ³²¾ÆÀÖÀ½À» ³ªÅ¸³½´Ù. ÇÊ¿ä¾ø´Â ¸ÞÀÏÀ̸é Å¥¸¦ clear ½ÃŲ´Ù. ------------------------------------ [root@truefeel root]# avq --remove=06911-3F35903C ctor: /var/spool/avmilter/rejected/vf-06911-3F35903C /var/spool/avmilter/rejected/df-06911-3F35903C avq: message id '06911-3F35903C' removed. AntiVir Milter mail queue is empty. [root@truefeel root]# [root@truefeel root]# avq AntiVir Milter mail queue is empty. [root@truefeel root]# ------------------------------------ 8. syslog ÅëÇؼ ³²´Â ·Î±× (/var/log/maillog) 1) ½ÇÇàÇÒ ¼ö ¾ø´Â ¿¹ Mar 14 19:50:14 free avmilter[19330]: Scan engine is not available - exiting! Mar 14 19:50:14 free avmilter[19330]: can't initialize scan engine 2) avmilter ½ÇÇàÇÒ ¶§ Jul 21 22:20:36 truefeel avmilter[5347]: engine version: 6.20.0.1 Jul 21 22:20:36 truefeel avmilter[5347]: vdf version: 6.20.0.43 Jul 21 22:20:36 truefeel avmilter[5347]: running in private mode 3) ¸ÞÀÏ¿¡ virus°¡ °¨ÁöµÉ ¶§ (/var/log/maillog) Jul 21 22:24:08 truefeel avmilter[5405]: Alert! the file "/var/tmp/av-05405-jfej1c/av-1" contains "W32/Nimda.eml" virus Jul 21 22:24:08 truefeel avmilter[5405]: Potential malicious code has been found - mail will be rejected. 4) ¸ÞÀÏ¿¡ virus °¨ÁöµÉ ¶§ antivir (/var/log/messages) Jul 21 22:28:35 truefeel antivir[5535]: AntiVir ALERT: [W32/Nimda.eml virus] /var/tmp/av-05531-oMFI2L/av-1 <<< Contains code of the Windows virus W32/Nimda.eml 9. AntiVir ·Î ÆÄÀϽýºÅÛÀÇ ¹ÙÀÌ·¯½º °Ë»ç /usr/sbin/antivir ·Î ¸µÅ©µµ Çص×À¸´Ï ¹ÙÀÌ·¯½º °Ë»çµµ ½±°Ô ÇÒ ¼ö ÀÖÀ» °ÍÀÌ´Ù. »ç¿ëÀÚ È¨ µð·ºÅ丮¸¸ °Ë»ç¸¦ Çغ¸ÀÚ. --allfiles ¿É¼ÇÀº ¸ðµç ÆÄÀÏÀ», -s´Â ¼ºê µð·ºÅ丮±îÁö °Ë»çÇ϶ó´Â °ÍÀÌ´Ù. ¸¸¾à link¸¦ µû¶ó °Ë»çÇϱ⸦ ¿øÇÏÁö ¾ÊÀ¸¸é -nolnk ±îÁö Ãß°¡Çؼ ÇÏ¸é µÈ´Ù. ------------------------------------ [root@truefeel root] antivir --allfiles -s /home AntiVir / Linux Version 2.0.7-41 Copyright (C) 1994-2003 by H+BEDV Datentechnik GmbH. All rights reserved. Loading /usr/lib/AntiVir/antivir.vdf ... VDF version: 6.20.0.43 created 18 Jul 2003 For private, non-commercial use only. AntiVir license: ?????????? for Jinho ????????, ?????? \ /home/oracle/oui/bin/linux/libclntsh.so.9.0 ------------------------------------ °Ë»ç°¡ ¿Ï·áµÇ¸é ´ÙÀ½°ú °°ÀÌ Ç¥½ÃÇØÁØ´Ù. ----- scan results ----- directories: 1017 files: 5193 alerts: 0 scan time: 00:00:46 ------------------------ Thank you for using AntiVir. »ï¹Ù(samba)·Î À©µµ ½Ã½ºÅÛ°ú °øÀ¯¸¦ ÇÒ ¶§ antivir´Â À§·ÂÀ» ¹ßÈÖÇÒ °ÍÀÌ´Ù. Àú´Â ÆÄÀϼ¹ö·Î ¿î¿µÁßÀÎ Network Drive(ÀÚü OS, SMB Áö¿øÇÏ´Â)Àåºñ¸¦ °Ë»çÇϴµ¥ antivir°¡ Å« µµ¿òÀÌ µÇ¾ú´Ù. 10. ¸ÎÀ½¸» ¿î¿µÁß¿¡ ¹®Á¦°¡ »ý±â¸é AntiVir MailGate Linux FAQ and Answers ( http://www.hbedv.com/support/mailgatefaq_e.htm ) °¡ µµ¿òÀÌ µÉ °ÍÀÌ´Ù. |
Ä¿ÇǴнº, ½Ã½ºÅÛ ¿£Áö´Ï¾îÀÇ ½°ÅÍ / URL : http://coffeenix.net/board_view.php?bd_code=29 |