這陣子 Linux 中的 Mail Gateway 遇到這樣的問題︰ (一) ClamAV 0.95 之前的版本無法更新病毒碼,手動將原本的 ClamAV 升級到 0.96同時重建 Virus DB 。(二) amavisd-new 中介軟體中產生大量的暫存檔讓 amavisd 無法正常過濾病毒,造成大量的 Mail 被 Queue 住,解決方式手動砍掉/var/amavis/ tmp下的所有暫存檔接著再升級 amavisd-new 軟體 。
(一) ClamAV
# cat /var/log/clamav/clamd.log # 第一個問題查到本機 clamav 的 log 病毒無法更新
Sat Apr 17 01:05:06 2010 -> Reading databases from /var/clamav
Sat Apr 17 01:05:07 2010 -> ERROR: reload db failed: Malformed database
Sat Apr 17 01:05:07 2010 -> Terminating because of a fatal error.
Sat Apr 17 01:05:07 2010 -> Socket file removed.
Sat Apr 17 01:05:07 2010 -> Pid file removed.
Sat Apr 17 01:05:07 2010 -> --- Stopped at Sat Apr 17 01:05:07 2010
# rm -rf /var/clamav/* # 刪除 Virus DB
# /etc/init.d/clamd stop # 暫停 Service
# yum update clamav # 使用 yum 手動 update clamav
# freshclam # 更新 Virus DB
# /etc/init.d/clamd start # 重新啟動 clamav
(二) Amavisd-new / SpamAssassin
# cd /var/amavis/ # 查到第二個問題 amavis 中的 tmp 暫存檔過多3萬8千個導致Mail無法過濾
# ls -l
總計 16
-rw-r----- 1 amavis amavis 0 4月 19 14:53 amavisd.lock
-rw-r----- 1 amavis amavis 5 4月 19 13:46 amavisd.pid
srwxr-x--- 1 amavis amavis 0 4月 19 13:46 amavisd.sock
drwxr-x--- 2 amavis amavis 4096 4月 19 13:46 db
drwxr-x--- 38000 amavis amavis 4096 4月 19 14:57 tmp
drwxr-x--- 2 amavis amavis 4096 7月 19 2009 var
# rm -rf /var/amavis/tmp/* # 手動刪掉 tmp 所有檔案
# /etc/init.d/amavisd stop # 暫停 Service
# /etc/init.d/spamassassin stop # 暫停 Service
# yum update clamd amavisd-new spamassassin # 手動將所有套件升級
# /etc/init.d/clamd start # 重新啟動 clamav
Starting Clam AntiVirus Daemon:
# /etc/init.d/amavisd start # 重新啟動 amavisd 失敗
正在啟動 Mail Virus Scanner (amavisd): [ 失敗 ]
# amavisd debug # 失敗所以用 debug 模式查問題,錯誤訊息說要執行 sa-update
Apr 19 14:38:52.391 ntut.idv.tw /usr/sbin/amavisd[6795]: (!!)TROUBLE in pre_loop_hook: config: no rules were found! Do you need to run 'sa-update'?
Suicide () TROUBLE in pre_loop_hook: config: no rules were found! Do you need to run 'sa-update'?
# sa-update # 手動執行 sa-update
# /etc/init.d/amavisd start # 再次啟動 amavisd 成功 !
正在啟動 Mail Virus Scanner (amavisd): [ 確定 ]
# /etc/init.d/spamassassin start # 啟動 spamassassin
正在啟動 spamd:
# /etc/init.d/postfix restart # 重新啟動 postfix
正在關閉 postfix:
正在啟動 postfix:
# netstat -nat |grep LISTEN # 查看 service 是否啟動 port 10024,10025,783,25
tcp 0 0 127.0.0.1:10024 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:10025 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:783 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN
# telnet 127.0.0.1 10024 # 手動測試
Trying 127.0.0.1...
Connected to ntut.idv.tw (127.0.0.1).
Escape character is '^]'.
220 [127.0.0.1] ESMTP amavisd-new service ready
MAIL FROM: < bob@ntut.idv.tw >
250 2.1.0 Sender
RCPT TO: < tetralet >
250 2.1.5 Recipient
DATA
354 End data with
Subject:Virus Test Pattern
X5O!P%@AP[4\PZX54(P^)7CC)7}$
.
250 2.0.0 Ok, id=06865-01, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as AEF07A0035
quit
221 2.0.0 [127.0.0.1] amavisd-new closing transmission channel
Connection closed by foreign host.
# amavisd -V # 查看升級之後軟體的版本
amavisd-new-2.6.4 (20090625)
# clamd -V
ClamAV 0.96/10757/Mon Apr 19 10:29:28 2010
# spamassassin -V
SpamAssassin version 3.3.1
running on Perl version 5.8.8
# postsuper -r ALL # 手動強迫送出 Queue 住的 Mail
2010/04/19
[ LOS ] CentOS Update ClamAV Amavisd-new Spamassassin
訂閱:
張貼意見 (Atom)
0 意見:
張貼意見