安道生練功房 - 分享經驗，累積智慧

最近發現公司的郵件伺服器有掉信的現象，查看一下/var/log/maillog發現了這個訊息

Nov 1 00:00:02 smtp1 amavis[9001]: (09001-05) (!!)run_av (FRISK F-Prot Antivirus) FAILED - unexpected exit 1, output="The SIGN.DEF file is too old to be of use. It will probably only\ndetect a fraction of the viruses that exist today.\n\nPlease obtain and install an up-to-date version."

判定應該是F-Prot這個郵件掃毒軟體的病毒定義檔過期了，導致系統無法正常發送郵件。
上網查到了下面這篇，解法就是安裝新版的F-Prot
http://d.hatena.ne.jp/shimooka/20091102
因原文是日文寫的，底下我整理並摘錄一下重點步驟
首先關閉postfix和amavisd

# service postfix stop

# service amavisd stop

接著找出舊版的f-prot，並將其移除

# rpm -qa | grep fp-linux-ws

fp-linux-ws-4.6.7-1

# rpm -ql fp-linux-ws-4.6.7-1 > /tmp/fp-linux-ws.txt

# cp -p /etc/f-prot.conf /tmp/.

# rpm -e fp-linux-ws

# rm -rf /usr/local/f-prot

然後下載新版並執行安裝

# cd /root/setup/mail

# wget http://files.f-prot.com/files/unix-trial/fp-Linux-i686-ws.tar.gz

# tar zxf fp-Linux-i686-ws.tar.gz -C /usr/local/

# cd /usr/local/f-prot/

# ./install-f-prot.pl

中間有一些安裝目錄的問題都按Enter接受預設值即可。

安裝完成後，確認一下版本

# which fpscan

/usr/local/bin/fpscan

# fpscan --version

[root@smtp1 log]# fpscan --version



F-PROT Antivirus version 6.2.1.4252 (built: 2008-04-28T16-44-10)

FRISK Software International (C) Copyright 1989-2007



Engine version: 4.4.4.56

Virus signatures: 200911111347c8028944b849b1f6f29416c097a9ff92

                  (/usr/local/f-prot/antivir.def)

然後修改原來的/etc/amavisd.conf設定檔

# vi /etc/amavisd.conf

@av_scanners_backup = (

  中間略..

  ['FRISK F-Prot Antivirus', 'fpscan',

    '--scanlevel=2 --archive=5 --verbose=1 {}', [0],

    qr/Found virus/,

    qr/\[Found virus\] \<(.+)\>/ ],

   下面略...

);

執行一下病毒碼更新

# /usr/local/f-prot/fpupdate

重新啟動postfix和amavisd

# service amavisd start

# service postfix start

將mail queue的信強迫重送

# postfix flush

這時再用mailq指令去查詢個幾次，可以發現mail queue中的信件數量逐漸減少，郵件伺服器又可以繼續正常運作了。
參考資料:
http://www.f-prot.com/products/home_use/linux/
http://linux.vbird.org/linux_server/0380mail.php#adv_scan