(원문) TESTING POSTFIX AFTER INSTALLATION WITH CLAMAV AND SPAMASSASIN
(참고) http://www.jetmore.org/john/code/swaks/latest/doc/ref.txt
AD
- EICAR 바이러스 메일 시험 파일 생성: sample-virus-simple.txt
$ echo "X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*" \ > sample-virus-simple.txt
2. 바이러스 시험 메일 발송
$ swaks --to black@mailserver.net --attach - --server mail2.mailserver.net --suppress-data \ <sample-virus-simple.txt
3. 수신 메일 서버
1) /var/log/mail/mail.log 에서 ‘Blocked INFECTED’ 확인하면 성공적으로 차단한 것임
Apr 20 10:23:52 mail2 policyd-spf[30024]: prepend Received-SPF: None (mailfrom) identity=mailfrom; client-ip=14.xx.xx.xx; helo=jmini.no-ip.org; envelope-from=black@jmini.no-ip.org; receiver=<UNKNOWN>
Apr 20 10:23:52 mail2 postfix/cleanup[32486]: 1D0777432D5: message-id=<20180420102351.028652@jmini.no-ip.org>
Apr 20 10:23:52 mail2 opendmarc[1772]: 1D0777432D5: jmini.no-ip.org none
Apr 20 10:23:52 mail2 postfix/qmgr[16442]: 1D0777432D5: from=<srs0=skrn=hj=jmini.no-ip.org=black@mailserver.net>, size=1072, nrcpt=1 (queue active)
Apr 20 10:23:52 mail2 amavis[19948]: (19948-17) Blocked INFECTED (Eicar-Test-Signature) {DiscardedInbound,Quarantined}, [14.63.45.62]:50426 [14.63.45.62] <srs0=skrn=hj=jmini.no-ip.org=black@vivans.net> -> <black@mailserver.net>, quarantine: g/virus-gsCefiio7Z3G, Queue-ID: 1D0777432D5, Message-ID: <20180420102351.028652@jmini.no-ip.org>, mail_id: gsCefiio7Z3G, Hits: -, size: 1079, 74 ms
2) 격리 메일 /var/mail-state/lib-amavis/virusmails/g/virus-gsCefiio7Z3G 내용 확인
# more /var/mail-state/lib-amavis/virusmails/g/virus-gsCe Return-Path: <srs0=skrn=hj=jmini.no-ip.org=black@mailserver.net> Delivered-To: virus-quarantine X-Envelope-To: <black@mailserver.net> X-Envelope-To-Blocked: <black@mailserver.net> X-Quarantine-ID: <gsCefiio7Z3G> X-Amavis-Alert: INFECTED, message contains virus: Eicar-Test-Signature X-Spam-Flag: NO X-Spam-Score: 0 X-Spam-Level: X-Spam-Status: No, score=x tag=x tag2=x kill=x tests=[] autolearn=unavailable
AD
