Установка simscan (переход с qmail-scanner на simscan)

# cd /usr/ports/mail/simscan && make extract

[X] CLAMAV    Support for ClamAV Virus Scanning
[X] RIPMIME   Ripmime Processing (if Clamav ScanMail disabled)
[X] SPAMD     Support for SpamAssassin Spam Filtering
[X] USER      Turn On Per User SpamAssassin (required SPAMD)
[X] DOMAIN    Turn On Per Domain Based Checking
[X] ATTACH    Turn On Attachment Scanning (required CLAMAV)
[ ] DROPMSG   Drop Message in Case of Virus Found
[X] PASSTHRU  Pass Spam Thru, Do Not Reject (required SPAMD)
[X] HEADERS   Add a Received Line With Versions of Scanners

Перейдем в папку с исходниками:

# cd work/simscan-1.4.0/

Скачаем патч и установим:

# fetch http://qmail.jms1.net/simscan/simscan-1.4.0-umask.patch

simscan-1.4.0-umask.patch                     100% of  473  B   71 kBps

# patch < simscan-1.4.0-umask.patch

Hmm...  Looks like a unified diff to me...
The text leading up to this was:
--------------------------
|diff -ruN simscan-1.4.0-factory/simscan.c simscan-1.4.0-patched/simscan.c
|--- simscan-1.4.0-factory/simscan.c    2007-10-29 10:15:05.000000000 -0400
|+++ simscan-1.4.0-patched/simscan.c    2007-11-23 01:33:48.000000000 -0500
--------------------------
Patching file simscan.c using Plan A...
Hunk #1 succeeded at 283.
done

# cd /usr/ports/mail/simscan && make install clean 

Доустановилось:

ripmime-1.4.0.6
p5-Mail-SpamAssassin-3.2.5_1
p5-Net-DNS-0.65
p5-Digest-SHA1-2.11
p5-Digest-HMAC-1.01
simscan-1.4.0_3

Зададим владельца:

# chown -R simscan:simscan /var/qmail/simscan 

# cd  /etc/tcp/
# ee smtp

 127.:allow,RELAYCLIENT=""
192.168.0.:allow,RELAYCLIENT="",QMAILQUEUE="/var/qmail/bin/simscan"
:allow,QMAILQUEUE="/var/qmail/bin/simscan"

# gmake
tcprules smtp.cdb smtp.tmp < smtp
chmod 644 smtp.cdb smtp

# qmailctl restart
Restarting qmail:
* Stopping qmail-smtpd.
* Sending qmail-send SIGTERM and restarting.
* Sending qmail-pop3d SIGTERM and restarting.
* Restarting qmail-smtpd.

# ee /usr/local/etc/clamd.conf

#User qscand
User clamav

# ee /usr/local/etc/freshclam.conf

#DatabaseOwner qscand
DatabaseOwner clamav

Изменяем пользователя от которого запускаются сервисы: 

# ee /service/spamd/run

exec spamd -x -u clamav -H /tmp -s /dev/stderr

Возвращаем права владельцу clamav, если использовали qmail-scanner:

# chown -R clamav:clamav /var/log/clamav
# chown -R clamav:clamav /var/run/clamav/
# chown clamav:clamav /var/db/clamav/

Перезапустим сервис:

# svc -u /service/clamav/ && svc -u /service/clamav/

# tail -f -n 50 /service/clamav/log/main/current

Увидим лог примерно следующего содержания:

@400000004999193b13514254 Limits: Recursion level limit set to 16. 
@400000004999193b1358cfec Limits: Files limit set to 10000.        
@400000004999193b13604de4 Archive support enabled.                 
@400000004999193b136f2a94 Algorithmic detection enabled.           
@400000004999193b13772d5c Portable Executable support enabled.
@400000004999193b137ebaf4 ELF support enabled.
@400000004999193b1387522c Mail files support enabled.
@400000004999193b138ef734 OLE2 support enabled.
@400000004999193b13919afc PDF support enabled.
@400000004999193b13981724 HTML support enabled.
@400000004999193b139e31a4 Self checking every 1800 seconds.
@400000004999193b13ad029c Set stacksize to 1114112
@4000000049991a9537243024 Socket file removed.
@4000000049991a95373041fc Pid file removed.
@4000000049991a95373d886c --- Stopped at Mon Feb 16 10:49:31 2009
@4000000049991a9f16ab46ac ERROR: LOCAL: Socket file /var/run/clamav/clamd.sock could not be bound: Permission denied
@4000000049991aa70b23e3fc ERROR: LOCAL: Socket file /var/run/clamav/clamd.sock could not be bound: Permission denied
@4000000049991aad0655d574 ERROR: LOCAL: Socket file /var/run/clamav/clamd.sock could not be bound: Permission denied
@4000000049991aaf1af8da94 ERROR: LOCAL: Socket file /var/run/clamav/clamd.sock could not be bound: Permission denied
@4000000049991ab131de0f54 ERROR: LOCAL: Socket file /var/run/clamav/clamd.sock could not be bound: Permission denied
@4000000049991ab40b6a2074 ERROR: LOCAL: Socket file /var/run/clamav/clamd.sock could not be bound: Permission denied
@4000000049991ab61d06715c ERROR: LOCAL: Socket file /var/run/clamav/clamd.sock could not be bound: Permission denied
@4000000049991ab82e20f3cc ERROR: LOCAL: Socket file /var/run/clamav/clamd.sock could not be bound: Permission denied
@4000000049991abb05ef5b14 ERROR: LOCAL: Socket file /var/run/clamav/clamd.sock could not be bound: Permission denied
@4000000049991abd17c61904 ERROR: LOCAL: Socket file /var/run/clamav/clamd.sock could not be bound: Permission denied
@4000000049991abf2b79b12c ERROR: LOCAL: Socket file /var/run/clamav/clamd.sock could not be bound: Permission denied
@4000000049991ac203bef624 ERROR: LOCAL: Socket file /var/run/clamav/clamd.sock could not be bound: Permission denied
@4000000049991ac4161abac4 ERROR: LOCAL: Socket file /var/run/clamav/clamd.sock could not be bound: Permission denied
@4000000049991ac626298224 ERROR: LOCAL: Socket file /var/run/clamav/clamd.sock could not be bound: Permission denied
@4000000049991ac83a8c3e3c ERROR: LOCAL: Socket file /var/run/clamav/clamd.sock could not be bound: Permission denied
@4000000049991acb118bd434 ERROR: LOCAL: Socket file /var/run/clamav/clamd.sock could not be bound: Permission denied
@4000000049991acd24d4758c ERROR: LOCAL: Socket file /var/run/clamav/clamd.sock could not be bound: Permission denied
@4000000049991acf34c9dcd4 ERROR: LOCAL: Socket file /var/run/clamav/clamd.sock could not be bound: Permission denied
@4000000049991ad20af146f4 ERROR: LOCAL: Socket file /var/run/clamav/clamd.sock could not be bound: Permission denied
@4000000049991ad420683de4 ERROR: LOCAL: Socket file /var/run/clamav/clamd.sock could not be bound: Permission denied
@4000000049991ad631907424 ERROR: LOCAL: Socket file /var/run/clamav/clamd.sock could not be bound: Permission denied
@4000000049991ad9083a4ce4 Limits: Global size limit set to 104857600 bytes.
@4000000049991ad90841da7c Limits: File size limit set to 26214400 bytes.
@4000000049991ad908496814 Limits: Recursion level limit set to 16.
@4000000049991ad90850f1c4 Limits: Files limit set to 10000.
@4000000049991ad908586bd4 Archive support enabled.
@4000000049991ad9086014c4 Algorithmic detection enabled.
@4000000049991ad90867aa2c Portable Executable support enabled.
@4000000049991ad9086f4764 ELF support enabled.
@4000000049991ad90876dccc Mail files support enabled.
@4000000049991ad9087f1a2c OLE2 support enabled.
@4000000049991ad90886b37c PDF support enabled.
@4000000049991ad9088e9aec HTML support enabled.
@4000000049991ad9088fcf84 Self checking every 1800 seconds.
@4000000049991ad908963c0c Set stacksize to 1114112

Правим:

# ee /var/qmail/control/simcontrol
mydomain.com:clam=yes,spam=yes,attach=.exe
:clam=yes,spam=yes,trophie=no,spam_hits=17

Создадим базу:

# /var/qmail/bin/simscanmk
simscan cdb file built. /var/qmail/control/simcontrol.cdb

# /var/qmail/bin/simscanmk -g
simscan versions cdb file built. /var/qmail/control/simversions.cdb

Добавим пользователя simscan в группу clamav:

# pw groupmod clamav -m simscan
# less  /etc/group | grep clamav:
clamav:*:106:simscan

Изменим скрипт запуска службы qmail-smtpd:

# ee /service/qmail-smtpd/run

Разкомментируем:

QMAILQUEUE="$VQ/bin/simscan"

SIMSCAN_DEBUG=2
SIMSCAN_DEBUG_FILES=1

Закомментируем:

#QMAILQUEUE="$VQ/bin/qmail-scanner-queue.pl"

Тестируем:

Но прежде создадим файл mailtest.txt такого содержания:

From: Этот e-mail адрес защищен от спам-ботов, для его просмотра у Вас должен быть включен Javascript
To: Этот e-mail адрес защищен от спам-ботов, для его просмотра у Вас должен быть включен Javascript
Subject: Testing Simscan

Testing simscan

# cd ~root/
# time env QMAILQUEUE=/var/qmail/bin/simscan SIMSCAN_DEBUG=2 SIMSCAN_DEBUG_FILES=1 /var/qmail/bin/qmail-inject Этот e-mail адрес защищен от спам-ботов, для его просмотра у Вас должен быть включен Javascript < mailtest.txt

simscan: cdb looking up
simscan: cdb for  found clam=yes,spam=yes,trophie=no,spam_hits=17
simscan: pelookup clam = yes
simscan: pelookup spam = yes
simscan: pelookup trophie = no
simscan: trophie = no/0
simscan: pelookup spam_hits = 17
simscan: unimplemented flag spam_hits = 17
simscan: starting: work dir: /var/qmail/simscan/1234791758.108397.12154
simscan: pelookup: called with Этот e-mail адрес защищен от спам-ботов, для его просмотра у Вас должен быть включен Javascript
simscan: pelookup: domain is mail.mydomain.com
simscan: cdb looking up mail.mydomain.com
simscan: pelookup: local part is postmaster
simscan: cdb looking up postmaster@mail.mydomain.com
simscan: pelookup: called with Этот e-mail адрес защищен от спам-ботов, для его просмотра у Вас должен быть включен Javascript
simscan: pelookup: domain is mydomain.com
simscan: cdb looking up mydomain.com
simscan: cdb for mydomain.com found clam=yes,spam=yes,attach=.exe
simscan: pelookup clam = yes
simscan: pelookup spam = yes
simscan: pelookup attach = .exe
simscan: attachment flag attach = .exe
simscan: .exe is attachment number 0
simscan: pelookup: local part is postmaster
simscan: cdb looking up Этот e-mail адрес защищен от спам-ботов, для его просмотра у Вас должен быть включен Javascript
simscan: cdb looking up version attach
simscan: calling clamdscan
simscan: cdb looking up version clamav
simscan: normal clamdscan return code: 0
simscan: calling spamc
simscan: calling /usr/local/bin/spamc  spamc -u Этот e-mail адрес защищен от спам-ботов, для его просмотра у Вас должен быть включен Javascript
simscan: cdb looking up version spam
simscan:[12153]:CLEAN (2.90/5.00):0.2986s::(null): Этот e-mail адрес защищен от спам-ботов, для его просмотра у Вас должен быть включен Javascript : Этот e-mail адрес защищен от спам-ботов, для его просмотра у Вас должен быть включен Javascript
simscan: done, execing qmail-queue
simscan: qmail-queue exited 0
0.006u 0.146s 0:00.37 37.8%     71+814k 0+8io 0pf+0w

Увеличиваем производительность сканирования.

Можно (нужно) применить подобное и при использовании qmail-scanner :)

Создаём виртуальный диск (RAM disk) для simscan:

Добавим в /boot/loader.conf

tmpfs_load="YES"

или пересобрать ядро с опцией:

options TMPFS

Загрузим модулем:

# kldload tmpfs

# kldstat | grep tmpfs
3    1 0xc0d83000 97d0     tmpfs.ko

#  mount -t tmpfs -o mode=2750,uid=simscan,gid=simscan none /var/qmail/simscan

# df -h
Filesystem     Size    Used   Avail Capacity  Mounted on
/dev/ad2s1a    496M    160M    296M    35%    /
devfs          1.0K    1.0K      0B   100%    /dev
/dev/ad2s1e    496M    566K    456M     0%    /tmp
/dev/ad2s1f     33G    4.1G     26G    14%    /usr
/dev/ad2s1d    1.4G    636M    713M    47%    /var
tmpfs          1.1G    4.0K    1.1G     0%    /var/qmail/simscan

# ee /etc/fstab

none /var/qmail/simscan tmpfs rw,mode=2750,uid=74,gid=74 0 0

И действительно получаем прирост в скорости обработки....

Источники:

http://qmail.jms1.net/simscan/

http://www.qmailwiki.org/Simscan/Guide