/l3/users/clint/MIMEDefang-installation/asp.linux.nt/root :1 :2 :3
[ править ]

Журнал лабораторных работ

Содержание

Журнал

Среда (11/01/06)

/dev/pts/2
12:59:27
#yum search sendmail
this line to your ~/.procmailrc:
INCLUDERC=/etc/mail/spamassassin/spamassassin-default.rc
To filter spam for all users, add that line to /etc/procmailrc
(creating if necessary).
sendmail-devel.i386                      8.13.4-2asp            base
Matched from:
sendmail-devel
Include files and devel libraries for e.g. the milter addons as part
of sendmail.
clamav-milter.i386                       70:0.88-1.110asp       base
...
a procmail script, .forward file, etc.  It uses a genetic-algorithm
evolved scoring system to identify messages which look spammy, then
adds headers to the message so they can be filtered by the user's mail
reading software.  This distribution includes the spamd/spamc components
which create a server that considerably speeds processing of mail.
To enable spamassassin, if you are receiving mail locally, simply add
this line to your ~/.procmailrc:
INCLUDERC=/etc/mail/spamassassin/spamassassin-default.rc
To filter spam for all users, add that line to /etc/procmailrc
(creating if necessary).
12:59:52
#yum install clamav
Setting up Install Process
Setting up repositories
Reading repository metadata in from local files
Parsing package install arguments
Resolving Dependencies
--> Populating transaction set with selected packages. Please wait.
---> Downloading header for clamav to pack into transaction set.
clamav-0.88.5-1.110asp.i3 100% |=========================|  19 kB    00:00
---> Package clamav.i386 70:0.88.5-1.110asp set to be updated
--> Running transaction check
...
Downloading Packages:
(1/1): clamav-0.88.5-1.11 100% |=========================| 7.4 MB    01:18
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing: clamav                       ######################### [1/1]
ua
Installed: clamav.i386 70:0.88.5-1.110asp
Complete!
13:02:39
#yum search mimedefang
Searching Packages:
Setting up repositories
Reading repository metadata in from local files
No Matches found
13:08:58
#wget http://mimedefang.org/static/mimedefang-2.57.tar.gz
--13:09:45--  http://mimedefang.org/static/mimedefang-2.57.tar.gz
           => `mimedefang-2.57.tar.gz'
Распознаётся mimedefang.org... 206.191.13.82
Устанавливается соединение с mimedefang.org|206.191.13.82|:80... соединение установлено.
Запрос HTTP послан, ожидается ответ... 200 OK
Длина: 316.909 (309K) [application/x-gzip]
100%[==================================================================================================>] 316.909       95.42K/s    ETA 00:00
13:09:51 (95.25 KB/s) - `mimedefang-2.57.tar.gz' сохранён [316909/316909]
13:09:51
#tar xvzfC mimedefang-2.57.tar.gz /usr/src/
mimedefang-2.57/
mimedefang-2.57/COPYING
mimedefang-2.57/Changelog
mimedefang-2.57/Makefile.in
mimedefang-2.57/README
mimedefang-2.57/README.ANOMY
mimedefang-2.57/README.NONROOT
mimedefang-2.57/README.SECURITY
mimedefang-2.57/README.SOPHIE
mimedefang-2.57/README.SPAMASSASSIN
...
mimedefang-2.57/tests/test-msg-bad-mime
mimedefang-2.57/tests/test-msg-busy
mimedefang-2.57/tests/test-msg-filter-exit
mimedefang-2.57/tests/test-msg-resend
mimedefang-2.57/tests/test-msg-tempfail
mimedefang-2.57/tests/test-msg-weird-hdrs
mimedefang-2.57/utils.c
mimedefang-2.57/gen-ip-validator.pl
mimedefang-2.57/md-mx-ctrl.c
mimedefang-2.57/watch-mimedefang.in
13:10:08
#cd /usr/src/mimedefang-2.57/










13:10:11




#ls


Changelog     event.c              Makefile.in                  mimedefang-multiplexor.c  README.IRIX          rm_r.c
config.h.in   event.h              md-mx-ctrl.8.in              mimedefang-notify.7.in    README.NONROOT       SpamAssassin
configure     eventpriv.h          md-mx-ctrl.c                 mimedefang.pl.8.in        README.SECURITY      syslog-fac.c
configure.in  event_tcp.c          mimedefang.8.in              mimedefang.pl.in          README.SOPHIE        tests
contrib       event_tcp.h          mimedefang.c                 mimedefang-protocol.7.in  README.SPAMASSASSIN  utils.c
COPYING       examples             mimedefang-filter.5.in       notifier.c                README.TRU64         watch-mimedefang.8
drop_privs.c  gen-ip-validator.pl  mimedefang.h                 README                    README.VEXIRA        watch-mimedefang.in
embperl.c     install-sh           mimedefang-multiplexor.8.in  README.ANOMY              redhat











13:10:25




#cp /root/mimedefang-2.57.tar.gz redhat/












13:10:36




#cd redhat/












13:10:39




#ls


mimedefang-2.57.tar.gz  mimedefang-init.in  mimedefang.spec  mimedefang-spec.in  mimedefang-sysconfig.in











13:10:40




#mv mimedefang /usr/src/asplinux/SOURCES/





mv: невозможно выполнить stat для `mimedefang': Нет такого файла или каталога











13:11:10




#mv mimedefang- /usr/src/asplinux/SOURCES/





mimedefang-2.57.tar.gz   mimedefang-init.in       mimedefang-spec.in       mimedefang-sysconfig.in











13:11:10




#mv mimedefang-2.57.tar.gz /usr/src/asplinux/SOURCES/












13:11:30




#ls


mimedefang-init.in  mimedefang.spec  mimedefang-spec.in  mimedefang-sysconfig.in











13:11:32




#vi mimedefang.spec










13:11:53




#vim mimedefang.spec


127c127
< %define dir_log        /var/log/mimedefang
---
> %define dir_log        /var/log/









13:12:26




#rpmbuild -bb mimedefang.spec





ошибка: Неудовлетворенные зависимости сборки:
        sendmail-devel > 8.12.0 нужен для mimedefang-2.57-1.i386
        perl-MIME-tools нужен для mimedefang-2.57-1.i386
        perl-IO-stringy нужен для mimedefang-2.57-1.i386
        perl-MailTools нужен для mimedefang-2.57-1.i386











13:12:35




#yum search perl-MIME


Searching Packages:
Setting up repositories
Reading repository metadata in from local files
perl-MIME-Types.noarch                   1.16-1.110asp          base
Matched from:
perl-MIME-Types
perl-MIME-tools.noarch                   5.419-1.110asp         base
Matched from:
perl-MIME-tools
perl-MIME-tools.noarch                   5.420-2.110asp         updates-released
Matched from:
perl-MIME-tools











13:12:57




#yum install perl-MIME-tools.noarch sendmail-devel


Setting up Install Process
Setting up repositories
Reading repository metadata in from local files
Parsing package install arguments
Resolving Dependencies
--> Populating transaction set with selected packages. Please wait.
---> Downloading header for perl-MIME-tools to pack into transaction set.
perl-MIME-tools-5.420-2.1 100% |=========================|  16 kB    00:00
---> Package perl-MIME-tools.noarch 0:5.420-2.110asp set to be updated
---> Downloading header for sendmail-devel to pack into transaction set.
...
  Installing: perl-MailTools               ######################### [3/8]
  Installing: perl-IO-stringy              ######################### [4/8]
  Installing: perl-Convert-BinHex          ######################### [5/8]
  Installing: sendmail-devel               ######################### [6/8]
  Installing: perl-MIME-tools              ######################### [7/8]
  Cleanup   : sendmail                     ######################### [8/8]
Installed: perl-MIME-tools.noarch 0:5.420-2.110asp sendmail-devel.i386 0:8.13.7-2.110.2asp
Dependency Installed: perl-Convert-BinHex.noarch 0:1.119-4.110asp perl-IO-stringy.noarch 0:2.110-4.110asp perl-MailTools.noarch 0:1.74-2.110asp perl-TimeDate.noarch 1:1.16-3
Dependency Updated: sendmail.i386 0:8.13.7-2.110.2asp
Complete!











13:16:06




#rpmbuild -bb mimedefang.spec


gcc -g -O2 -Wall -Wstrict-prototypes -o mimedefang-multiplexor mimedefang-multiplexor.o event.o event_tcp.o drop_privs_nothread.o syslog-fac.o notifier.o utils.o embperl.o xs_init.o -lnsl  -Wl,-E -Wl,-rpath,/usr/lib/perl5/5.8.6/i386-linux-thread-multi/CORE  -L/usr/local/lib /usr/lib/perl5/5.8.6/i386-linux-thread-multi/auto/DynaLoader/DynaLoader.a -L/usr/lib/perl5/5.8.6/i386-linux-thread-multi/CORE
test "" != "1" && strip mimedefang-multiplexor
gcc -g -O2 -Wall -Wstrict-prototypes -D_POSIX_PTHREAD_SEMANTICS -DEMBED_PERL -DSAFE_EMBED_PERL -DPERL_PATH=\"/usr/bin/perl\" -DMIMEDEFANG_PL=\"/usr/bin/mimedefang.pl\" -DRM=\"/bin/rm\" -DVERSION=\"2.57\" -DSPOOLDIR=\"/var/spool/MIMEDefang\" -DQDIR=\"/var/spool/MD-Quarantine\" -DCONFDIR=\"/etc/mail\"  -c -o md-mx-ctrl.o md-mx-ctrl.c
md-mx-ctrl.c: In function 'percent_decode':
md-mx-ctrl.c:71: warning: pointer targets in passing argument 1 of 'sscanf' differ in signedness
md-mx-ctrl.c: In function 'buildCmd':
md-mx-ctrl.c:176: warning: pointer targets in passing argument 1 of 'percent_encode' differ in signedness
md-mx-ctrl.c:176: warning: pointer targets in passing argument 2 of 'percent_encode' differ in signedness
md-mx-ctrl.c: In function 'doCmd':
md-mx-ctrl.c:239: warning: pointer targets in passing argument 1 of 'percent_decode' differ in signedness
...
Выполняется(%clean): /bin/sh -e /var/tmp/rpm-tmp.45647
+ umask 022
+ cd /usr/src/asplinux/BUILD
+ cd mimedefang-2.57
++ pwd
+ HERE=/usr/src/asplinux/BUILD/mimedefang-2.57
+ cd ..
+ rm -rf /usr/src/asplinux/BUILD/mimedefang-2.57
+ rm -rf /var/tmp/mimedefang-root
+ exit 0











13:17:14




#rpm -ihv /usr/src/asplinux/RPMS/i386/mimedefang-*


Подготовка...     ########################################### [100%]
   1:mimedefang-debuginfo   ########################################### [ 33%]
   2:mimedefang             ########################################### [ 67%]
In order to complete the installation of mimedefang, you will need to add the
following line to your sendmail mc file:
   INPUT_MAIL_FILTER(`mimedefang', `S=unix:/var/spool/MIMEDefang/mimedefang.sock, F=T, T=S:1m;R:1m;E:5m')
Use the sendmail-cf package to rebuild your /etc/mail/sendmail.cf file and
restart your sendmail daemon.
   3:mimedefang-contrib     ########################################### [100%]











13:17:42




#vi /etc/mail/sendmail.mc










13:18:05




#vim


112c112
< DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl
---
> DAEMON_OPTIONS(`Port=smtp, Name=MTA')dnl
143a144
> INPUT_MAIL_FILTER(`mimedefang', `S=unix:/var/spool/MIMEDefang/mimedefang.sock, F=T, T=S:1m;R:1m;E:5m')
156c157
< dnl MASQUERADE_AS(`mydomain.com')dnl
---
> MASQUERADE_AS(`ukr.net')dnl
160c161
< dnl FEATURE(masquerade_envelope)dnl
---
> FEATURE(masquerade_envelope)dnl









13:19:25




#netstat -lnp | grep :25


tcp        0      0 127.0.0.1:25                0.0.0.0:*                   LISTEN      2784/sendmail: acce











13:19:35




#cd /etc/mail/












13:19:44




#make


WARNING: 'sendmail.mc' is modified. Please install package sendmail-cf to update your configuration.
WARNING: 'submit.mc' is modified. Please install package sendmail-cf to update your configuration.











13:19:45




#yum install sendmail-cf


Setting up Install Process
Setting up repositories
Reading repository metadata in from local files
Parsing package install arguments
Resolving Dependencies
--> Populating transaction set with selected packages. Please wait.
---> Downloading header for sendmail-cf to pack into transaction set.
sendmail-cf-8.13.7-2.110. 100% |=========================|  53 kB    00:00
---> Package sendmail-cf.i386 0:8.13.7-2.110.2asp set to be updated
--> Running transaction check
...
Is this ok [y/N]: y
Downloading Packages:
(1/1): sendmail-cf-8.13.7 100% |=========================| 315 kB    00:03
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing: sendmail-cf                  ######################### [1/1]
Installed: sendmail-cf.i386 0:8.13.7-2.110.2asp
Complete!











13:20:49




#make












13:20:52




#/etc/init.d/sendmail restart


Останавливается sm-client:                  [  ОК  ]
Останавливается sendmail:                   [  ОК  ]
Запускается sendmail: WARNING: Xmimedefang: local socket name /var/spool/MIMEDefang/mimedefang.sock missing
                                                           [  ОК  ]
Запускается sm-client:                          [  ОК  ]











13:21:02




#netstat -lnp | grep :25


tcp        0      0 0.0.0.0:25                  0.0.0.0:*                   LISTEN      5142/sendmail: acce











13:21:12




#vi mimedefang-filter










13:21:35




#vim


119c119
< 	# action_quarantine_entire_message("Message quarantined because of suspicious characters in headers");
---
> 	action_quarantine_entire_message("Message quarantined because of suspicious characters in headers");
186c186,187
< 	return action_drop_with_warning("An attachment named $fname was removed from this document as it\nconstituted a security hazard.  If you require this document, please contact\nthe sender and arrange an alternate means of receiving it.\n");
---
> 	action_quarantine($entity, "A known virus was discovered and deleted. Virus-scanner messages follow:\n$VirusScannerMessages\n\n");
> 	#return action_drop_with_warning("An attachment named $fname was removed from this document as it\nconstituted a security hazard.  If you require this document, please contact\nthe sender and arrange an alternate means of receiving it.\n");
192c193,194
< 	return action_drop_with_warning("A non-multipart attachment named $fname was removed from this document as it\nconstituted a security hazard.  If you require this document, please contact\nthe sender and arrange an alternate means of receiving it.\n");
---
> 	action_quarantine($entity, "A known virus was discovered and deleted. Virus-scanner messages follow:\n$VirusScannerMessages\n\n");
> 	#return action_drop_with_warning("A non-multipart attachment named $fname was removed from this document as it\nconstituted a security hazard.  If you require this document, please contact\nthe sender and arrange an alternate means of receiving it.\n");
230c232,233
< 	return action_drop_with_warning("An attachment of type $type, named $fname was removed from this document as it\nconstituted a security hazard.  If you require this document, please contact\nthe sender and arrange an alternate means of receiving it.\n");
---
> 	action_quarantine($entity, "A known virus was discovered and deleted. Virus-scanner messages follow:\n$VirusScannerMessages\n\n");
> 	#return action_drop_with_warning("An attachment of type $type, named $fname was removed from this document as it\nconstituted a security hazard.  If you require this document, please contact\nthe sender and arrange an alternate means of receiving it.\n");
236c239
< 	return action_drop_with_warning("A non-message/rfc822 attachment named $fname was removed from this document as it\nconstituted a security hazard.  If you require this document, please contact\nthe sender and arrange an alternate means of receiving it.\n");
---
> 	action_quarantine($entity, "A known virus was discovered and deleted. Virus-scanner messages follow:\n$VirusScannerMessages\n\n");	      #return action_drop_with_warning("A non-message/rfc822 attachment named $fname was removed from this document as it\nconstituted a security hazard.  If you require this document, please contact\nthe sender and arrange an alternate means of receiving it.\n");









13:26:07




#vi /etc/sysconfig/mimedefang










13:26:19




#vim










13:28:04




#vim /etc/clamd.conf










13:30:44




#vim /etc/clamd.conf


159c159
< #Debug
---
> Debug









13:31:02




#/etc/init.d/clamd restart





Stopping Clam AV daemon:                                   [ СБОЙ ]
Starting Clam AV daemon: ERROR: You can select one mode only (local/TCP).
                                                           [ СБОЙ ]











13:31:08




#vim /etc/clamd.conf


80c80
< TCPSocket 3310
---
> #TCPSocket 3310









13:31:22




#/etc/init.d/clamd restart


Stopping Clam AV daemon:                                   [ СБОЙ ]
Starting Clam AV daemon: LibClamAV debug: Setting /tmp as global temporary directory
LibClamAV debug: Loading databases from /var/lib/clamav
LibClamAV debug: Loading /var/lib/clamav/daily.cvd
LibClamAV debug: in cli_cvdload()
LibClamAV debug: MD5(.tar.gz) = 9743cd52d2fa858b6420abd3b6c78b72
LibClamAV debug: Decoded signature: 9743cd52d2fa858b6420abd3b6c78b72
LibClamAV debug: Digital signature is correct.
LibClamAV Warning: **************************************************
LibClamAV Warning: ***  The virus database is older than 7 days.  ***
...
LibClamAV debug: Unpacking /tmp/clamav-a69607bc056cd685/main.zmd
LibClamAV debug: Unpacking /tmp/clamav-a69607bc056cd685/main.fp
LibClamAV debug: Unpacking /tmp/clamav-a69607bc056cd685/main.info
LibClamAV debug: Loading databases from /tmp/clamav-a69607bc056cd685
LibClamAV debug: Loading /tmp/clamav-a69607bc056cd685/main.db
LibClamAV debug: Loading /tmp/clamav-a69607bc056cd685/main.hdb
LibClamAV debug: Loading /tmp/clamav-a69607bc056cd685/main.ndb
LibClamAV debug: Loading /tmp/clamav-a69607bc056cd685/main.zmd
LibClamAV debug: Loading /tmp/clamav-a69607bc056cd685/main.fp
                                                           [  ОК  ]











13:31:25




#ps aux | grep clamd


defang    5295  0.0  1.5  21288 16136 ?        Ss   13:31   0:00 /usr/sbin/clamd
root      5303  0.0  0.0   3784   760 pts/3    R+   13:31   0:00 grep clamd











13:31:32




#netstat -lnp | grep clamd


unix  2      [ ACC ]     STREAM     LISTENING     25447  5295/clamd          /var/spool/MIMEDefang/clamd.sock











13:31:44




#ps aux | grep mimed


root      5317  0.0  0.0   3784   760 pts/3    R+   13:31   0:00 grep mimed











13:31:54




#/etc/init.d/mimedefang start


Starting mimedefang-multiplexor:                           [  ОК  ]
Starting mimedefang:                                       [  ОК  ]











13:32:03




#ps aux | grep mimed


defang    5353  0.0  0.0   3656   788 ?        S    13:32   0:00 /usr/bin/mimedefang-multiplexor -p /var/spool/MIMEDefang/mimedefang-multiplexor.pid -F /etc/mail/mimedefang-filter -m 2 -x 10 -U defang -b 600 -l -s /var/spool/MIMEDefang/clamd.sock
defang    5354 28.4  1.7  20048 17336 ?        S    13:32   0:01 /usr/bin/perl /usr/bin/mimedefang.pl -f /etc/mail/mimedefang-filter -server
defang    5367  0.0  0.0   3852   580 ?        Sl   13:32   0:00 /usr/bin/mimedefang -P /var/spool/MIMEDefang/mimedefang.pid -m /var/spool/MIMEDefang/clamd.sock -R -1 -U defang -T -p /var/spool/MIMEDefang/mimedefang.sock
defang    5378 69.5  1.7  20048 17336 ?        S    13:32   0:01 /usr/bin/perl /usr/bin/mimedefang.pl -f /etc/mail/mimedefang-filter -server
root      5380  0.0  0.0   3780   756 pts/3    R+   13:32   0:00 grep mimed











13:32:07




#netstat -lnp | grep clamd


unix  2      [ ACC ]     STREAM     LISTENING     25447  5295/clamd          /var/spool/MIMEDefang/clamd.sock
unix  2      [ ACC ]     STREAM     LISTENING     25818  5353/mimedefang-mul /var/spool/MIMEDefang/clamd.sock











13:32:16




#netstat -lnp | grep mimedefang-filter















13:32:25




#netstat -lnp | grep mimedefang


unix  2      [ ACC ]     STREAM     LISTENING     25818  5353/mimedefang-mul /var/spool/MIMEDefang/clamd.sock
unix  2      [ ACC ]     STREAM     LISTENING     25848  5367/mimedefang     /var/spool/MIMEDefang/mimedefang.sock











13:32:29




#/etc/init.d/sendmail restart


Останавливается sm-client:                  [  ОК  ]
Останавливается sendmail:                   [  ОК  ]
Запускается sendmail:                           [  ОК  ]
Запускается sm-client:                          [  ОК  ]











13:32:40




#netstat -lnp | grep :25


tcp        0      0 0.0.0.0:25                  0.0.0.0:*                   LISTEN      5429/sendmail: acce











13:32:46




#telnet 127.0.0.1 25


Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
220 asp.linux.nt ESMTP Sendmail 8.13.7/8.13.7; Wed, 1 Nov 2006 13:32:55 +0200
HELO zlo
250 asp.linux.nt Hello localhost.localdomain [127.0.0.1], pleased to meet you
MAIL FROM : root@asp.linux.nt
250 2.1.0 root@asp.linux.nt... Sender ok
RCPT TO : user@asp.linux.nt
250 2.1.5 user@asp.linux.nt... Recipient ok
DATA
354 Enter mail, end with "." on a line by itself
test
.
250 2.0.0 kA1BWtig005452 Message accepted for delivery
^]
telnet> quit
Connection closed.











13:33:41




#mail -u user


Mail version 8.1 6/6/93.  Type ? for help.
"/var/mail/user": 1 message 1 new
>N  1 root@asp.linux.nt     Wed Nov  1 13:33  12/426
&
Message 1:
From root@asp.linux.nt  Wed Nov  1 13:33:37 2006
Date: Wed, 1 Nov 2006 13:32:55 +0200
From: root <root@asp.linux.nt>
X-Scanned-By: MIMEDefang 2.57 on 10.0.35.5
test
& q
Saved 1 message in mbox











13:33:56




#tail /var/log/maillog


Nov  1 13:32:40 asp sendmail[5425]: alias database /etc/aliases rebuilt by root
Nov  1 13:32:40 asp sendmail[5425]: /etc/aliases: 76 aliases, longest 10 bytes, 765 bytes total
Nov  1 13:32:40 asp sendmail[5429]: starting daemon (8.13.7): SMTP+queueing@01:00:00
Nov  1 13:32:40 asp sm-msp-queue[5436]: starting daemon (8.13.7): queueing@01:00:00
Nov  1 13:33:36 asp sendmail[5452]: kA1BWtig005452: from=root@asp.linux.nt, size=5, class=0, nrcpts=1, msgid=<200611011133.kA1BWtig005452@asp.linux.nt>, proto=SMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Nov  1 13:33:37 asp mimedefang.pl[5354]: MDLOG,kA1BWtig005452,mail_in,,,root@asp.linux.nt,user@asp.linux.nt,
Nov  1 13:33:37 asp mimedefang[5367]: kA1BWtig005452: Filter time is 1102ms
Nov  1 13:33:37 asp sendmail[5452]: kA1BWtig005452: Milter delete (noop): header: X-Spam-Score
Nov  1 13:33:37 asp sendmail[5452]: kA1BWtig005452: Milter add: header: X-Scanned-By: MIMEDefang 2.57 on 10.0.35.5
Nov  1 13:33:37 asp sendmail[5454]: kA1BWtig005452: to=user@asp.linux.nt, ctladdr=root@asp.linux.nt (0/0), delay=00:00:09, xdelay=00:00:00, mailer=local, pri=30374, dsn=2.0.0, stat=Sent











13:34:05




#tail /var/log/clamav/clamd.log


Wed Nov  1 13:31:25 2006 -> Archive support enabled.
Wed Nov  1 13:31:25 2006 -> Archive: RAR support enabled.
Wed Nov  1 13:31:25 2006 -> Archive: Blocking encrypted archives.
Wed Nov  1 13:31:25 2006 -> Archive: Blocking archives that exceed limits.
Wed Nov  1 13:31:25 2006 -> Portable Executable support enabled.
Wed Nov  1 13:31:25 2006 -> Detection of broken executables enabled.
Wed Nov  1 13:31:25 2006 -> Mail files support enabled.
Wed Nov  1 13:31:25 2006 -> OLE2 support enabled.
Wed Nov  1 13:31:25 2006 -> HTML support enabled.
Wed Nov  1 13:31:25 2006 -> Self checking every 1800 seconds.











13:34:22




#less /var/log/maillog










13:35:11




#apt-get install mutt





bash: apt-get: command not found











13:35:18




#yum install mutt


Setting up Install Process
Setting up repositories
base                      100% |=========================|  951 B    00:00
updates-released          100% |=========================|  951 B    00:00
Reading repository metadata in from local files
Parsing package install arguments
Resolving Dependencies
--> Populating transaction set with selected packages. Please wait.
---> Downloading header for mutt to pack into transaction set.
mutt-1.5.10-1.110asp.i386 100% |=========================|  22 kB    00:00
...
Downloading Packages:
(1/1): mutt-1.5.10-1.110a 100% |=========================| 1.3 MB    00:11
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
  Updating  : mutt                         ######################### [1/2]
  Cleanup   : mutt                         ######################### [2/2]
Updated: mutt.i386 6:1.5.10-1.110asp
Complete!











13:37:32




#su - user


l3-agent is already running: pid=2278; pidfile=/home/user/.lilalo/l3-agent.pid











13:37:37




$mutt












13:37:46




$exit












13:37:47




#ls -l /var/spool/mail/


итого 0











13:37:52




#touch /var/spool/mail/user












13:37:59




#chown user:mail /var/spool/mail/user












13:38:09




#ls -l /var/spool/mail/


итого 0
-rw-r--r--  1 user mail 0 Ноя  1 13:37 user











13:38:11




#chmod 750 /var/spool/mail/user












13:38:30




#ls -l /var/spool/mail/


итого 0
-rwxr-x---  1 user mail 0 Ноя  1 13:37 user











13:38:31




#su - user


l3-agent is already running: pid=2278; pidfile=/home/user/.lilalo/l3-agent.pid











13:38:37




$mutt


          Cc:
         Bcc:
     Subject: test2
    Reply-To:
         Fcc:
    Security: Не применять                                                                      [applica/octet-stre, base64, 0,5K]
-- Вложения
- I     1 /tmp/mutt-asp-500-5745-0
---Mutt: /var/spool/mail/user [Msgs:0]---(date/date)----------------------------------------------------------------------------------(all)---
Почтовый ящик не изменился.











13:39:17




$exit


You have mail in /var/spool/mail/root











13:39:18




#less /var/log/maillog










13:40:08




#mail


Mail version 8.1 6/6/93.  Type ? for help.
"/var/spool/mail/root": 1 message 1 new
>N  1 user@ukr.net          Wed Nov  1 13:39  66/2383  "test2"
&
Message 1:
From user@ukr.net  Wed Nov  1 13:39:13 2006
Date: Wed, 1 Nov 2006 13:39:13 +0200
From: user <user@ukr.net>
To: root@asp.linux.nt
Subject: test2
...
&
At EOF
&
At EOF
&
At EOF
&
At EOF
& q
Saved 1 message in mbox











13:40:21




#/etc/init.d/sendmail restart


Останавливается sm-client:                  [  ОК  ]
Останавливается sendmail:                   [  ОК  ]
Запускается sendmail:                           [  ОК  ]
Запускается sm-client:                          [  ОК  ]











13:41:23




#less /var/log/maillog










13:41:42




#ps aux | grep clamd


defang    5295  0.0  1.5  21288 16136 ?        Ss   13:31   0:00 /usr/sbin/clamd
defang    5353  0.0  0.0   3656   796 ?        S    13:32   0:00 /usr/bin/mimedefang-multiplexor -p /var/spool/MIMEDefang/mimedefang-multiplexor.pid -F /etc/mail/mimedefang-filter -m 2 -x 10 -U defang -b 600 -l -s /var/spool/MIMEDefang/clamd.sock
defang    5367  0.0  0.0   5904   692 ?        Sl   13:32   0:00 /usr/bin/mimedefang -P /var/spool/MIMEDefang/mimedefang.pid -m /var/spool/MIMEDefang/clamd.sock -R -1 -U defang -T -p /var/spool/MIMEDefang/mimedefang.sock
root      5841  0.0  0.0   3780   760 pts/3    S+   13:41   0:00 grep clamd











13:41:55




#netstat -lnp | grep clamd


unix  2      [ ACC ]     STREAM     LISTENING     25447  5295/clamd          /var/spool/MIMEDefang/clamd.sock
unix  2      [ ACC ]     STREAM     LISTENING     25818  5353/mimedefang-mul /var/spool/MIMEDefang/clamd.sock











13:42:34




#date


Срд Ноя  1 13:43:11 EET 2006











13:43:11




#vi mimedefang-filter










13:45:53




#vim mimedefang-filter


82c82,83
<     $bad_exts = '(ade|adp|app|asd|asf|asx|bas|bat|chm|cmd|com|cpl|crt|dll|exe|fxp|hlp|hta|hto|inf|ini|ins|isp|jse?|lib|lnk|mdb|mde|msc|msi|msp|mst|ocx|pcd|pif|prg|reg|scr|sct|sh|shb|shs|sys|url|vb|vbe|vbs|vcs|vxd|wmd|wms|wmz|wsc|wsf|wsh|\{[^\}]+\})';
---
>     $bad_exts = '(ade|adp|app|asd|asf|asx|bas|bat|chm|cmd|com|cpl|crt|dll|fxp|hlp|hta|hto|inf|ini|ins|isp|jse?|lib|lnk|mdb|mde|msc|msi|msp|mst|ocx|pcd|pif|prg|reg|scr|sct|sh|shb|shs|sys|url|vb|vbe|vbs|vcs|vxd|wmd|wms|wmz|wsc|wsf|wsh|\{[^\}]+\})';
>     #$bad_exts = '(ade|adp|app|asd|asf|asx|bas|bat|chm|cmd|com|cpl|crt|dll|exe|fxp|hlp|hta|hto|inf|ini|ins|isp|jse?|lib|lnk|mdb|mde|msc|msi|msp|mst|ocx|pcd|pif|prg|reg|scr|sct|sh|shb|shs|sys|url|vb|vbe|vbs|vcs|vxd|wmd|wms|wmz|wsc|wsf|wsh|\{[^\}]+\})';









13:46:16




#/etc/init.d/mimedefang restart


Shutting down mimedefang:                                  [  ОК  ]
Shutting down mimedefang-multiplexor:                      [  ОК  ]
Waiting for daemons to exit
Starting mimedefang-multiplexor:                           [  ОК  ]
Starting mimedefang:                                       [  ОК  ]











13:46:25




#netstat -lnp | grep clamd


unix  2      [ ACC ]     STREAM     LISTENING     25447  5295/clamd          /var/spool/MIMEDefang/clamd.sock
unix  2      [ ACC ]     STREAM     LISTENING     32537  5929/mimedefang-mul /var/spool/MIMEDefang/clamd.sock











13:46:27




#/etc/init.d/sendmail restart


Останавливается sm-client:                  [  ОК  ]
Останавливается sendmail:                   [  ОК  ]
Запускается sendmail:                           [  ОК  ]
Запускается sm-client:                          [  ОК  ]











13:46:36




#su - user


l3-agent is already running: pid=2278; pidfile=/home/user/.lilalo/l3-agent.pid











13:46:41




$mutt


          Cc:
         Bcc:
     Subject: test
    Reply-To:
         Fcc:
    Security: Не применять                                                                      [applica/octet-stre, base64, 0,5K]
-- Вложения
- I     1 /tmp/mutt-asp-500-6095-0
---Mutt: /var/spool/mail/user [Msgs:0]---(date/date)----------------------------------------------------------------------------------(all)---
Почтовый ящик не изменился.











13:47:11




$exit












13:47:13




#less /var/log/maillog










13:48:00




#tail  /var/log/maillog


Nov  1 13:46:36 asp sendmail[5984]: starting daemon (8.13.7): SMTP+queueing@01:00:00
Nov  1 13:46:36 asp sm-msp-queue[5991]: starting daemon (8.13.7): queueing@01:00:00
Nov  1 13:47:09 asp sendmail[6098]: kA1Bl9Ck006098: from=user, size=1289, class=0, nrcpts=1, msgid=<20061101114709.GA6095@asp.linux.nt>, relay=user@localhost
Nov  1 13:47:09 asp sendmail[6099]: kA1Bl9We006099: from=<user@asp.linux.nt>, size=1434, class=0, nrcpts=1, msgid=<20061101114709.GA6095@asp.linux.nt>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Nov  1 13:47:10 asp mimedefang.pl[5930]: MDLOG,kA1Bl9We006099,mail_in,,,<user@asp.linux.nt>,<root@asp.linux.nt>,test
Nov  1 13:47:10 asp mimedefang[5943]: kA1Bl9We006099: Filter time is 955ms
Nov  1 13:47:10 asp sendmail[6099]: kA1Bl9We006099: Milter delete (noop): header: X-Spam-Score
Nov  1 13:47:10 asp sendmail[6099]: kA1Bl9We006099: Milter add: header: X-Scanned-By: MIMEDefang 2.57 on 10.0.35.5
Nov  1 13:47:10 asp sendmail[6098]: kA1Bl9Ck006098: to=root@asp.linux.nt, ctladdr=user (500/500), delay=00:00:01, xdelay=00:00:01, mailer=relay, pri=31289, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (kA1Bl9We006099 Message accepted for delivery)
Nov  1 13:47:10 asp sendmail[6101]: kA1Bl9We006099: to=<root@asp.linux.nt>, ctladdr=<user@asp.linux.nt> (500/500), delay=00:00:01, xdelay=00:00:00, mailer=local, pri=31681, dsn=2.0.0, stat=Sent



 Nifiga(












13:48:28




#vim mimedefang-filter










13:48:39




#mutt


         d:Удалить  u:Восстановить  s:Сохранить  m:Создать  r:Ответить  g:Вс
 *-Mutt: /var/spool/mail/root [Msgs:1 1,7K]---(date/date)-----------------------------------------------------------------------------(all)---
                                  test                                                                                               -- (all)
Оставлено: 1, удалено: 0.











13:50:14




#vim sendmail.mc








прошло 36 минут




14:27:06




#vim /etc/clamd.conf










14:27:27




#mutt


 N F- 2/2: root
Оставлено: 2, удалено: 0.











14:32:09




#ls /var/log/


acpid  boot.log  clamav  cups   gdm      mail     messages  prelink.log  scrollkeeper.log  spooler  vbox  Xorg.0.log      yum.log
audit  btmp      cron    dmesg  lastlog  maillog  ppp       samba        secure            uucp     wtmp  Xorg.0.log.old











14:32:16




#less /var/log/clamav/clamd.log










14:33:40




#ps aux | grep clamd


defang    5295  0.0  1.5  21288 16136 ?        Ss   13:31   0:00 /usr/sbin/clamd
defang    5929  0.0  0.0   3660   796 ?        S    13:46   0:00 /usr/bin/mimedefang-multiplexor -p /var/spool/MIMEDefang/mimedefang-multiplexor.pid -F /etc/mail/mimedefang-filter -m 2 -x 10 -U defang -b 600 -l -s /var/spool/MIMEDefang/clamd.sock
defang    5943  0.0  0.0   5908   704 ?        Sl   13:46   0:00 /usr/bin/mimedefang -P /var/spool/MIMEDefang/mimedefang.pid -m /var/spool/MIMEDefang/clamd.sock -R -1 -U defang -T -p /var/spool/MIMEDefang/mimedefang.sock
root     24214  0.0  0.0   3768   668 pts/3    R+   14:33   0:00 grep clamd











14:33:47




#cat /etc/mail/mimedefang-filter


    # production use.  Uncomment the next lines at your peril!
    #if ($Features{"HTMLCleaner"}) {
    #   if ($type eq "text/html") {
    #       return anomy_clean_html($entity);
    #   }
    #}
    return action_accept();
}
#***********************************************************************
# %PROCEDURE: filter_multipart
...
    # by mail clients.  They also might slip under the radar of MIMEDefang.
    # If you are worried about this, you should canonicalize all
    # e-mail by uncommenting the action_rebuild() line.  This will
    # force _all_ messages to be reconstructed as valid MIME.  It will
    # increase the load on your server, and might break messages produced
    # by marginal software.  Your call.
    # action_rebuild();
}
# DO NOT delete the next line, or Perl will complain.
1;











14:37:04




#cat /etc/clamd.conf


# Do not remove temporary files (for debug purposes).
# Default: disabled
#LeaveTemporaryFiles
# By default clamd uses scan options recommended by libclamav. This option
# disables recommended options and allows you to enable selected ones below.
# DO NOT TOUCH IT unless you know what you are doing.
# Default: disabled
#DisableDefaultScanOptions
##
## Executable files
...
# Default: disabled
#ClamukoIncludePath /home
#ClamukoIncludePath /students
# Set the exclude paths. All subdirectories are also excluded.
# Default: disabled
#ClamukoExcludePath /home/guru
# Don't scan files larger than ClamukoMaxFileSize
# Value of 0 disables the limit.
# Default: 5M
#ClamukoMaxFileSize 10M











14:37:09




#cat /etc/sysconfig/mimedefang


# Made default value for -n 10.
#
##########################################################################
# The spool directory
SPOOLDIR=/var/spool/MIMEDefang
# The socket used by mimedefang to communicate with sendmail
SOCKET=$SPOOLDIR/mimedefang.sock
# If you want to log messages like "Filter time is 156ms" to syslog,
# uncomment the next line
LOG_FILTER_TIME=yes
...
#
# DO NOT CHANGE THIS VARIABLE LIGHTLY!!
#
# The filtering program used by mimedefang or the multiplexor. This is
# *NOT* a replacement for /etc/mail/mimedefang-filter!!!  It replaces
# the entire mimedefang perl program, /usr/bin/mimedefang.pl and allows
# a unique filtering agent to be used.  Read mimedefang-protocol man
# page VERY carefully before you attempt to change this!
#
# FILTER=/usr/bin/mimedefang.pl











14:37:20




#egrep -v '#|^ .*' /etc/clamd.conf


LogFile /var/log/clamav/clamd.log
LogFileMaxSize 0
LogTime
LogSyslog
PidFile /var/run/clamav/clamd.pid
TemporaryDirectory /tmp
DatabaseDirectory /var/lib/clamav
LocalSocket /var/spool/MIMEDefang/clamd.sock
FixStaleSocket
MaxConnectionQueueLength 30
...
ScanOLE2
ScanMail
ScanHTML
ScanArchive
ScanRAR
ArchiveMaxFileSize 15M
ArchiveMaxRecursion 9
ArchiveMaxCompressionRatio 300
ArchiveBlockEncrypted
ArchiveBlockMax











14:39:50




#egrep -v '#|^ .*' /etc/clamd.conf | cat -n


     1
     2
     3
     4  LogFile /var/log/clamav/clamd.log
     5
     6
     7  LogFileMaxSize 0
     8
     9  LogTime
    10
...
    87  ArchiveBlockEncrypted
    88
    89  ArchiveBlockMax
    90
    91
    92
    93
    94
    95
    96











14:40:07




#egrep -v '#|^.*' /etc/clamd.conf













Файлы
  • -n
  • /etc/clamd.conf
  • /etc/mail/mimedefang-filter
  • /etc/sysconfig/mimedefang
    • -n
    

    >
         1
     2
     3
     4  LogFile /var/log/clamav/clamd.log
     5
     6
     7  LogFileMaxSize 0
     8
     9  LogTime
    10
    11
    12  LogSyslog
    13
    14
    15
    16  PidFile /var/run/clamav/clamd.pid
    17
    18  TemporaryDirectory /tmp
    19
    20  DatabaseDirectory /var/lib/clamav
    21
    22
    23  LocalSocket /var/spool/MIMEDefang/clamd.sock
    24
    25  FixStaleSocket
    26
    27
    28
    29  MaxConnectionQueueLength 30
    30
    31
    32
    33
    34  MaxThreads 50
    35
    36  ReadTimeout 300
    37
    38
    39
    40
    41
    42
    43
    44  User defang
    45
    46  AllowSupplementaryGroups
    47
    48
    49
    50  Debug
    51
    52
    53
    54
    55
    56  ScanPE
    57
    58  DetectBrokenExecutables
    59
    60
    61
    62  ScanOLE2
    63
    64
    65  ScanMail
    66
    67
    68
    69
    70  ScanHTML
    71
    72
    73
    74  ScanArchive
    75
    76  ScanRAR
    77
    78
    79  ArchiveMaxFileSize 15M
    80
    81  ArchiveMaxRecursion 9
    82
    83
    84  ArchiveMaxCompressionRatio 300
    85
    86
    87  ArchiveBlockEncrypted
    88
    89  ArchiveBlockMax
    90
    91
    92
    93
    94
    95
    96

    /etc/clamd.conf
    

    >
    # Do not remove temporary files (for debug purposes).
# Default: disabled
#LeaveTemporaryFiles
# By default clamd uses scan options recommended by libclamav. This option
# disables recommended options and allows you to enable selected ones below.
# DO NOT TOUCH IT unless you know what you are doing.
# Default: disabled
#DisableDefaultScanOptions
##
## Executable files
##
# PE stands for Portable Executable - it's an executable file format used
# in all 32-bit versions of Windows operating systems. This option allows
# ClamAV to perform a deeper analysis of executable files and it's also
# required for decompression of popular executable packers such as UPX, FSG,
# and Petite.
# Default: enabled
ScanPE
# With this option clamav will try to detect broken executables and mark
# them as Broken.Executable
# Default: disabled
DetectBrokenExecutables
##
## Documents
##
# This option enables scanning of Microsoft Office document macros.
# Default: enabled
ScanOLE2
##
## Mail files
##
# Enable internal e-mail scanner.
# Default: enabled
ScanMail
# If an email contains URLs ClamAV can download and scan them.
# WARNING: This option may open your system to a DoS attack.
#          Never use it on loaded servers.
# Default: disabled
#MailFollowURLs
##
## HTML
##
# Perform HTML normalisation and decryption of MS Script Encoder code.
# Default: enabled
ScanHTML
##
## Archives
##
# ClamAV can scan within archives and compressed files.
# Default: enabled
ScanArchive
# Due to license issues libclamav does not support RAR 3.0 archives (only the
# old 2.0 format is supported). Because some users report stability problems
# with unrarlib it's disabled by default and you must uncomment the directive
# below to enable RAR 2.0 support.
# Default: disabled
ScanRAR
# The options below protect your system against Denial of Service attacks
# using archive bombs.
# Files in archives larger than this limit won't be scanned.
# Value of 0 disables the limit.
# Default: 10M
ArchiveMaxFileSize 15M
# Nested archives are scanned recursively, e.g. if a Zip archive contains a RAR
# file, all files within it will also be scanned. This options specifies how
# deep the process should be continued.
# Value of 0 disables the limit.
# Default: 8
ArchiveMaxRecursion 9
# Number of files to be scanned within an archive.
# Value of 0 disables the limit.
# Default: 1000
#ArchiveMaxFiles 1500
# If a file in an archive is compressed more than ArchiveMaxCompressionRatio
# times it will be marked as a virus (Oversized.ArchiveType, e.g. Oversized.Zip)
# Value of 0 disables the limit.
# Default: 250
ArchiveMaxCompressionRatio 300
# Use slower but memory efficient decompression algorithm.
# only affects the bzip2 decompressor.
# Default: disabled
#ArchiveLimitMemoryUsage
# Mark encrypted archives as viruses (Encrypted.Zip, Encrypted.RAR).
# Default: disabled
ArchiveBlockEncrypted
# Mark archives as viruses (e.g. RAR.ExceededFileSize, Zip.ExceededFilesLimit)
# if ArchiveMaxFiles, ArchiveMaxFileSize, or ArchiveMaxRecursion limit is
# reached.
# Default: disabled
ArchiveBlockMax
##
## Clamuko settings
## WARNING: This is experimental software. It is very likely it will hang
##          up your system!!!
##
# Enable Clamuko. Dazuko (/dev/dazuko) must be configured and running.
# Default: disabled
#ClamukoScanOnAccess
# Set access mask for Clamuko.
# Default: disabled
#ClamukoScanOnOpen
#ClamukoScanOnClose
#ClamukoScanOnExec
# Set the include paths (all files in them will be scanned). You can have
# multiple ClamukoIncludePath directives but each directory must be added
# in a seperate line.
# Default: disabled
#ClamukoIncludePath /home
#ClamukoIncludePath /students
# Set the exclude paths. All subdirectories are also excluded.
# Default: disabled
#ClamukoExcludePath /home/guru
# Don't scan files larger than ClamukoMaxFileSize
# Value of 0 disables the limit.
# Default: 5M
#ClamukoMaxFileSize 10M

    /etc/mail/mimedefang-filter
    

    >
        # production use.  Uncomment the next lines at your peril!
    #if ($Features{"HTMLCleaner"}) {
    #   if ($type eq "text/html") {
    #       return anomy_clean_html($entity);
    #   }
    #}
    return action_accept();
}
#***********************************************************************
# %PROCEDURE: filter_multipart
# %ARGUMENTS:
#  entity -- a Mime::Entity object (see MIME-tools documentation for details)
#  fname -- the suggested filename, taken from the MIME Content-Disposition:
#           header.  If no filename was suggested, then fname is ""
#  ext -- the file extension (everything from the last period in the name
#         to the end of the name, including the period.)
#  type -- the MIME type, taken from the Content-Type: header.
# %RETURNS:
#  Nothing
# %DESCRIPTION:
#  This is called for multipart "container" parts such as message/rfc822.
#  You cannot replace the body (because multipart parts have no body),
#  but you should check for bad filenames.
#***********************************************************************
sub filter_multipart {
    my($entity, $fname, $ext, $type) = @_;
    return if message_rejected(); # Avoid unnecessary work
    if (filter_bad_filename($entity)) {
        md_graphdefang_log('bad_filename', $fname, $type);
        action_notify_administrator("A MULTIPART attachment of type $type, named $fname was dropped.\n");
        action_quarantine($entity, "A known virus was discovered and deleted. Virus-scanner messages follow:\n$VirusScannerMessages\n\n");
        #return action_drop_with_warning("An attachment of type $type, named $fname was removed from this document as it\nconstituted a security hazard.  If you require this document, please contact\nthe sender and arrange an alternate means of receiving it.\n");
    }
    # eml is bad if it's not message/rfc822
    if (re_match($entity, '\.eml') and ($type ne "message/rfc822")) {
        md_graphdefang_log('non_rfc822',$fname);
        action_quarantine($entity, "A known virus was discovered and deleted. Virus-scanner messages follow:\n$VirusScannerMessages\n\n");            #return action_drop_with_warning("A non-message/rfc822 attachment named $fname was removed from this document as it\nconstituted a security hazard.  If you require this document, please contact\nthe sender and arrange an alternate means of receiving
    }
    # Block message/partial parts
    if (lc($type) eq "message/partial") {
        md_graphdefang_log('message/partial');
        action_bounce("MIME type message/partial not accepted here");
        return;
    }
    return action_accept();
}
#***********************************************************************
# %PROCEDURE: defang_warning
# %ARGUMENTS:
#  oldfname -- the old file name of an attachment
#  fname -- the new "defanged" name
# %RETURNS:
#  A warning message
# %DESCRIPTION:
#  This function customizes the warning message when an attachment
#  is defanged.
#***********************************************************************
sub defang_warning {
    my($oldfname, $fname) = @_;
    return
        "An attachment named '$oldfname' was converted to '$fname'.\n" .
        "To recover the file, right-click on the attachment and Save As\n" .
        "'$oldfname'\n";
}
# If SpamAssassin found SPAM, append report.  We do it as a separate
# attachment of type text/plain
sub filter_end {
    my($entity) = @_;
    # If you want quarantine reports, uncomment next line
    # send_quarantine_notifications();
    # IMPORTANT NOTE:  YOU MUST CALL send_quarantine_notifications() AFTER
    # ANY PARTS HAVE BEEN QUARANTINED.  SO IF YOU MODIFY THIS FILTER TO
    # QUARANTINE SPAM, REWORK THE LOGIC TO CALL send_quarantine_notifications()
    # AT THE END!!!
    # No sense doing any extra work
    return if message_rejected();
    # Spam checks if SpamAssassin is installed
    if ($Features{"SpamAssassin"}) {
        if (-s "./INPUTMSG" < 100*1024) {
            # Only scan messages smaller than 100kB.  Larger messages
            # are extremely unlikely to be spam, and SpamAssassin is
            # dreadfully slow on very large messages.
            my($hits, $req, $names, $report) = spam_assassin_check();
            my($score);
            if ($hits < 40) {
                $score = "*" x int($hits);
            } else {
                $score = "*" x 40;
            }
            # We add a header which looks like this:
            # X-Spam-Score: 6.8 (******) NAME_OF_TEST,NAME_OF_TEST
            # The number of asterisks in parens is the integer part
            # of the spam score clamped to a maximum of 40.
            # MUA filters can easily be written to trigger on a
            # minimum number of asterisks...
            if ($hits >= $req) {
                action_change_header("X-Spam-Score", "$hits ($score) $names");
                md_graphdefang_log('spam', $hits, $RelayAddr);
                # If you find the SA report useful, add it, I guess...
                action_add_part($entity, "text/plain", "-suggest",
                                "$report\n",
                                "SpamAssassinReport.txt", "inline");
            } else {
                # Delete any existing X-Spam-Score header?
                action_delete_header("X-Spam-Score");
            }
        }
    }
    # I HATE HTML MAIL!  If there's a multipart/alternative with both
    # text/plain and text/html parts, nuke the text/html.  Thanks for
    # wasting our disk space and bandwidth...
    # If you want to strip out HTML parts if there is a corresponding
    # plain-text part, uncomment the next line.
    # remove_redundant_html_parts($entity);
    md_graphdefang_log('mail_in');
    # Deal with malformed MIME.
    # Some viruses produce malformed MIME messages that are misinterpreted
    # by mail clients.  They also might slip under the radar of MIMEDefang.
    # If you are worried about this, you should canonicalize all
    # e-mail by uncommenting the action_rebuild() line.  This will
    # force _all_ messages to be reconstructed as valid MIME.  It will
    # increase the load on your server, and might break messages produced
    # by marginal software.  Your call.
    # action_rebuild();
}
# DO NOT delete the next line, or Perl will complain.
1;

    /etc/sysconfig/mimedefang
    

    >
    # Made default value for -n 10.
#
##########################################################################
# The spool directory
SPOOLDIR=/var/spool/MIMEDefang
# The socket used by mimedefang to communicate with sendmail
SOCKET=$SPOOLDIR/mimedefang.sock
# If you want to log messages like "Filter time is 156ms" to syslog,
# uncomment the next line
LOG_FILTER_TIME=yes
# Run the multiplexor and filters as this user, not root.  RECOMMENDED
MX_USER=defang
# If you want to keep spool directories around if the filter fails,
# set the next one to yes
# KEEP_FAILED_DIRECTORIES=no
# If "yes", turn on the multiplexor relay checking function
# MX_RELAY_CHECK=no
# If "yes", turn on the multiplexor HELO checking function
# MX_HELO_CHECK=no
# If "yes", turn on the multiplexor sender checking function
# MX_SENDER_CHECK=no
# If "yes", turn on the multiplexor recipient checking function
# MX_RECIPIENT_CHECK=no
# Set to yes if you want the multiplexor to log events to syslog
MX_LOG=yes
# Number of slaves reserved for connections from loopback.  Use -1
# for default behaviour, 0 to allow loopback connections to queue,
# or >0 to reserve slaves for loopback connections
LOOPBACK_RESERVED_CONNECTIONS=-1
# Set to path name of UNIX-domain socket if you want to use MIMEDefang
# with Sendmail's SOCKETMAP map type
# MX_MAP_SOCKET=$SPOOLDIR/map.sock
# Set to yes if you want to use an embedded Perl interpreter
# MX_EMBED_PERL=yes
# Set to the syslog facility.  Also set $SyslogFacility in your filter
# SYSLOG_FACILITY=mail
# The multiplexor does not start all slaves at the same time.  Instead,
# it starts one slave every MX_SLAVE_DELAY seconds when the system is idle.
# (If the system is busy, the multiplexor starts slaves as incoming mail
# requires attention.)
# MX_SLAVE_DELAY=3
# The next setting is an absolute limit on slave activation.  The multiplexor
# will NEVER activate a slave within MX_MIN_SLAVE_DELAY seconds of another.
# The default of zero means that the multiplexor will activate slaves as
# quickly as necessary to keep up with incoming mail.
# MX_MIN_SLAVE_DELAY=0
# Set to yes if you want the multiplexor to log stats in
# /var/log/mimdefang/md-stats  The /var/log/mimedefang directory
# must exist and be writable by the user you're running MIMEDefang as.
# MX_STATS=no
# Set to yes if you want the stats file flushed after each entry
# MX_FLUSH_STATS=no
# Set to yes if you want the multiplexor to log stats to syslog
# MX_STATS_SYSLOG=no
# The socket used by the multiplexor
MX_SOCKET=$SPOOLDIR/clamd.sock
# Maximum # of requests a process handles
# MX_REQUESTS=200
# Minimum number of processes to keep.  The default of 0 is probably
# too low; we suggest 2 instead.
MX_MINIMUM=2
# If you want to allow the multiplexor to queue new connections when
# all slaves are busy, set this to yes
ALLOW_NEW_CONNECTIONS_TO_QUEUE=yes
# Maximum number of processes to run (mail received while this many
# processes are running is rejected with a temporary failure, so be
# wary of how many emails you receive at a time).  This applies only
# if you DO use the multiplexor.  The default value of 2 is probably
# too low; we suggest 10 instead
MX_MAXIMUM=10
# Uncomment to log slave status; it will be logged every
# MX_LOG_SLAVE_STATUS_INTERVAL seconds
# MX_LOG_SLAVE_STATUS_INTERVAL=30
# Uncomment next line to have busy slaves send status updates to the
# multiplexor.  NOTE: Consumes one extra file descriptor per slave, plus
# a bit of CPU time.
# MX_STATUS_UPDATES=yes
# Limit slave processes' resident-set size to this many kilobytes.  Default
# is unlimited.
# MX_MAX_RSS=10000
# Limit total size of slave processes' memory space to this many kilobytes.
# Default is unlimited.
# MX_MAX_AS=30000
# If you want to use the "notification" facility, set the appropriate port.
# See the mimedefang-notify man page for details.
# MX_NOTIFIER=inet:4567
# Number of seconds a process should be idle before checking for
# minimum number and killed
# MX_IDLE=300
# Number of seconds a process is allowed to scan an email before it is
# considered dead.  The default is 30 seconds; we suggest 600.
MX_BUSY=600
# Multiplexor queue size -- default is 0 (no queueing)
# MX_QUEUE_SIZE=10
# Multiplexor queue timeout -- default is 30 seconds
# MX_QUEUE_TIMEOUT=30
# Any extra arguments to mimedefang
# MD_EXTRA="-a auth_author"
# SUBFILTER specifies which filter rules file to use
SUBFILTER=/etc/mail/mimedefang-filter
# I question why I'm including this as I see no real need for it
# but in the interests of a flexible implementation, here goes!
#
# DO NOT CHANGE THIS VARIABLE LIGHTLY!!
#
# The filtering program used by mimedefang or the multiplexor. This is
# *NOT* a replacement for /etc/mail/mimedefang-filter!!!  It replaces
# the entire mimedefang perl program, /usr/bin/mimedefang.pl and allows
# a unique filtering agent to be used.  Read mimedefang-protocol man
# page VERY carefully before you attempt to change this!
#
# FILTER=/usr/bin/mimedefang.pl

    Статистика
    Время первой команды журнала12:59:27 2006-11- 1
    Время последней команды журнала14:40:07 2006-11- 1
    Количество командных строк в журнале99
    Процент команд с ненулевым кодом завершения, % 6.06
    Процент синтаксически неверно набранных команд, % 1.01
    Суммарное время работы с терминалом *, час 1.06
    Количество командных строк в единицу времени, команда/мин 1.55
    Частота использования команд
    grep14|===========| 11.86%
    vim11|=========|  9.32%
    netstat9|=======|  7.63%
    yum7|=====|  5.93%
    ls7|=====|  5.93%
    ps5|====|  4.24%
    mutt5|====|  4.24%
    vi5|====|  4.24%
    less5|====|  4.24%
    cat4|===|  3.39%
    /etc/init.d/sendmail4|===|  3.39%
    egrep3|==|  2.54%
    cd3|==|  2.54%
    mv3|==|  2.54%
    tail3|==|  2.54%
    exit3|==|  2.54%
    su3|==|  2.54%
    rpmbuild2|=|  1.69%
    /etc/init.d/mimedefang2|=|  1.69%
    make2|=|  1.69%
    mail2|=|  1.69%
    ^2|=|  1.69%
    /etc/init.d/clamd2|=|  1.69%
    telnet1||  0.85%
    ^.*'1||  0.85%
    chmod1||  0.85%
    cp1||  0.85%
    #^1||  0.85%
    apt-get1||  0.85%
    tar1||  0.85%
    touch1||  0.85%
    wget1||  0.85%
    chown1||  0.85%
    rpm1||  0.85%
    date1||  0.85%
    ____
    *) Интервалы неактивности длительностью 30 минут и более не учитываются
    Справка
        Для того чтобы использовать LiLaLo, не нужно знать ничего особенного:
    всё происходит само собой.
    Однако, чтобы ведение и последующее использование журналов
    было как можно более эффективным, желательно иметь в виду следующее:
    
      
    
    1.  
    В журнал автоматически попадают все команды, данные в любом терминале системы.
    
      2. 
    
    2. 
    Для того чтобы убедиться, что журнал на текущем терминале ведётся, 
    и команды записываются, дайте команду w.
    В поле WHAT, соответствующем текущему терминалу, 
    должна быть указана программа script.
    
      3. 
    
    3. 
    Команды, при наборе которых были допущены синтаксические ошибки, 
    выводятся перечёркнутым текстом:

      

      


      $ l s-l
      

      bash: l: command not found

      
      		

      

      

      
    
      4. 
    
    4. 
    Если код завершения команды равен нулю, 
    команда была выполнена без ошибок.
    Команды, код завершения которых отличен от нуля, выделяются цветом.

      

      


      $ test 5 -lt 4
      

      		

      

      
    Обратите внимание на то, что код завершения команды может быть отличен от нуля
    не только в тех случаях, когда команда была выполнена с ошибкой.
    Многие команды используют код завершения, например, для того чтобы показать результаты проверки

      
    
      5. 
    
    5. 
    Команды, ход выполнения которых был прерван пользователем, выделяются цветом.

      

      


      $ find / -name abc
      

      find: /home/devi-orig/.gnome2: Keine Berechtigung
find: /home/devi-orig/.gnome2_private: Keine Berechtigung
find: /home/devi-orig/.nautilus/metafiles: Keine Berechtigung
find: /home/devi-orig/.metacity: Keine Berechtigung
find: /home/devi-orig/.inkscape: Keine Berechtigung
^C

      
      		

      

      

      
    
      6. 
    
    6. 
    Команды, выполненные с привилегиями суперпользователя,
    выделяются слева красной чертой.

      

      


      # id
      

      uid=0(root) gid=0(root) Gruppen=0(root)

      
      		

      

      
    
      
    
      7. 
    
    7. 
    Изменения, внесённые в текстовый файл с помощью редактора, 
    запоминаются и показываются в журнале в формате ed.
    Строки, начинающиеся символом "<", удалены, а строки,
    начинающиеся символом ">" -- добавлены.

      

      


      $ vi ~/.bashrc
      

      2a3,5
>    if [ -f /usr/local/etc/bash_completion ]; then
>         . /usr/local/etc/bash_completion
>        fi

      		

      

      
    
      
    
      8. 
    
    8. 
    Для того чтобы изменить файл в соответствии с показанными в диффшоте
    изменениями, можно воспользоваться командой patch.
    Нужно скопировать изменения, запустить программу patch, указав в
    качестве её аргумента файл, к которому применяются изменения,
    и всавить скопированный текст:

      

      


      $ patch ~/.bashrc
      
      		

      

      
    В данном случае изменения применяются к файлу ~/.bashrc
    
      9. 
    
    9. 
    Для того чтобы получить краткую справочную информацию о команде, 
    нужно подвести к ней мышь. Во всплывающей подсказке появится краткое
    описание команды.
    
      
    
      
    Если справочная информация о команде есть, 
    команда выделяется голубым фоном, например: vi.
    Если справочная информация отсутствует,
    команда выделяется розовым фоном, например: notepad.exe.
    Справочная информация может отсутствовать в том случае, 
    если (1) команда введена неверно; (2) если распознавание команды LiLaLo выполнено неверно;
    (3) если информация о команде неизвестна LiLaLo.
    Последнее возможно для редких команд.
    
      10. 
    
    10. 
    Большие, в особенности многострочные, всплывающие подсказки лучше 
    всего показываются браузерами KDE Konqueror, Apple Safari и Microsoft Internet Explorer.
    В браузерах Mozilla и Firefox они отображаются не полностью, 
    а вместо перевода строки выводится специальный символ.
    
      11. 
    
    11. 
    Время ввода команды, показанное в журнале, соответствует времени 
    начала ввода командной строки, которое равно тому моменту, 
    когда на терминале появилось приглашение интерпретатора
    
      12. 
    
    12. 
    Имя терминала, на котором была введена команда, показано в специальном блоке.
    Этот блок показывается только в том случае, если терминал
    текущей команды отличается от терминала предыдущей.
    
      13. 
    
    13. 
    Вывод не интересующих вас в настоящий момент элементов журнала,
    таких как время, имя терминала и других, можно отключить.
    Для этого нужно воспользоваться формой управления журналом
    вверху страницы.
    
      14. 
    
    14. 
    Небольшие комментарии к командам можно вставлять прямо из командной строки.
    Комментарий вводится прямо в командную строку, после символов #^ или #v.
    Символы ^ и v показывают направление выбора команды, к которой относится комментарий:
    ^ - к предыдущей, v - к следующей.
    Например, если в командной строке было введено:

      $ whoami

      

      user

      

      $ #^ Интересно, кто я?

      
    в журнале это будет выглядеть так:
    

      $ whoami

      

      user

      

      

        Интересно, кто я?
       
       
    
      15. 
    
    15. 
    Если комментарий содержит несколько строк,
    его можно вставить в журнал следующим образом:

      $ whoami

      

      user

      

      $ cat > /dev/null #^ Интересно, кто я?

      

      Программа whoami выводит имя пользователя, под которым 
мы зарегистрировались в системе.
-
Она не может ответить на вопрос о нашем назначении 
в этом мире.

      
    В журнале это будет выглядеть так:

      

      


      $ whoami
      

      user

      

      Интересно, кто я?
      
Программа whoami выводит имя пользователя, под которым
      
мы зарегистрировались в системе.
      

      
Она не может ответить на вопрос о нашем назначении
      
в этом мире.
      

      
      		

      

      
    Для разделения нескольких абзацев между собой
    используйте символ "-", один в строке.
    
      

      16. 
    
    16. 
    Комментарии, не относящиеся непосредственно ни к какой из команд, 
    добавляются точно таким же способом, только вместо симолов #^ или #v 
    нужно использовать символы #=
    
      17. 

    
    17. 
    Содержимое файла может быть показано в журнале.
    Для этого его нужно вывести с помощью программы cat.
    Если вывод команды отметить симоволами #!, 
    содержимое файла будет показано в журнале
    в специально отведённой для этого секции.
    
      18. 

    
      
    
    18. 
    Для того чтобы вставить скриншот интересующего вас окна в журнал,
    нужно воспользоваться командой l3shot.
    После того как команда вызвана, нужно с помощью мыши выбрать окно, которое
    должно быть в журнале.
    
      19. 
    
      

    
      
    
    19. 
    Команды в журнале расположены в хронологическом порядке.
    Если две команды давались одна за другой, но на разных терминалах,
    в журнале они будут рядом, даже если они не имеют друг к другу никакого отношения.

      1
    2
3   
    4

      
    Группы команд, выполненных на разных терминалах, разделяются специальной линией.
    Под этой линией в правом углу показано имя терминала, на котором выполнялись команды.
    Для того чтобы посмотреть команды только одного сенса, 
    нужно щёкнуть по этому названию.
    
      20. 
    
      

    

    О программе
        
    
    LiLaLo (L3) расшифровывается как Live Lab Log.
    
    Программа разработана для повышения эффективности обучения Unix/Linux-системам.
    
    (c) Игорь Чубин, 2004-2008
    
    
    
$Id$