#1 Le 14/02/2013, à 19:18
- grandtoubab
Thunderbird en pop3s, p3scan et clamav
Bonsoir,
J'essai d'utiliser l'antivirus clamav pour scanner les mails reçus par Thunderbird en pop3s en utilisant le proxy p3scan .
Je me suis inpiré de la page de documentation: http://doc.ubuntu-fr.org/p3scan, mais j'ai du mal:
p3scan V2 ne semble pas gérer le pop3s.
j'ai récupéré le p3scan v3, transformé le http://www6.atomicorp.com/channels/atom … t.i386.rpm en . deb avec alien, mis les liens qu'il faut pour accéder aux librairies voulues
sudo ln -s /lib/i386-linux-gnu/libssl.so.1.0.0 /usr/lib/libssl.so.6
sudo ln -s /lib/i386-linux-gnu/libcrypto.so.1.0.0 /usr/lib/libcrypto.so.6
sudo ln -s /lib/i386-linux-gnu/libpcre.so.3 /usr/lib/libpcre.so.0
, créé les dossier comme indiqué dans le readme de p3scan,
Création des répertoires et affectation au user mail
[code]mkdir /var/run/p3scan
chown mail /var/run/p3scan[/code]
root@ubuntu-desktop:/etc# chown mail p3scan
root@ubuntu-desktop:/etc# cd /var/spool
root@ubuntu-desktop:/var/spool# chown -R mail p3scan
Mis en place iptables:
sudo iptables -t nat -A PREROUTING -i eth0 -p tcp -m multiport --dport 110,995 -j REDIRECT --to-ports 8110
@ubuntu-desktop:~$ sudo id mail
uid=8(mail) gid=8(mail) groupes=8(mail)
sudo iptables -t nat -A OUTPUT -p tcp --dport pop3s -m owner --uid-owner 8 -j ACCEPT
sudo iptables -t nat -A OUTPUT -p tcp --dport pop3s -j REDIRECT --to 8110
Démarrer p3scan à la main et maintenant il "écoute" bien le port 8110 mais crash à la réception des messages:
@ubuntu-desktop:~$ sudo p3scan -d
18:47:03 p3scan[4446]: P3Scan Version 3.0_rc1
18:47:03 p3scan[4446]: Selected scannertype: basic (Basic file invocation scanner)
18:47:03 p3scan[4446]: Listening on 0.0.0.0:8110
18:47:03 p3scan[4446]: Changing uid (we are root)
18:47:03 p3scan[4446]: Running as user: mail group: mail
18:47:03 p3scan[4446]: RX compiled succesfully
18:47:03 p3scan[4446]: p3scan.conf: /etc/p3scan/p3scan.conf
18:47:03 p3scan[4446]: logopt: 3
18:47:03 p3scan[4446]: logfac: 24
18:47:03 p3scan[4446]: debug: enabled
18:47:03 p3scan[4446]: debug-imap: disabled
18:47:03 p3scan[4446]: debug-memory: disabled
18:47:03 p3scan[4446]: debug-message: disabled
18:47:03 p3scan[4446]: debug-scanning: disabled
18:47:03 p3scan[4446]: debug-smtp: disabled
18:47:03 p3scan[4446]: Internal ClamAV - Not in use.
18:47:03 p3scan[4446]: DEMIME - Not in use.
18:47:03 p3scan[4446]: ip: Any
18:47:03 p3scan[4446]: maxchilds: 10
18:47:03 p3scan[4446]: port: 8110
18:47:03 p3scan[4446]: quiet: disabled
18:47:03 p3scan[4446]: Target ip/port not enabled
18:47:03 p3scan[4446]: virusregexp: .*: (.*) FOUND
18:47:03 p3scan[4446]: pidfile: /var/run/p3scan/p3scan.pid
18:47:03 p3scan[4446]: user: mail
18:47:03 p3scan[4446]: notifydir: /var/spool/p3scan/notify
18:47:03 p3scan[4446]: virusdir: /var/spool/p3scan
18:47:03 p3scan[4446]: delete: disabled
18:47:03 p3scan[4446]: freespace: 10000
18:47:03 p3scan[4446]: scanner: 127.0.0.1:3310
18:47:03 p3scan[4446]: broken: disabled
18:47:03 p3scan[4446]: template: /etc/p3scan/p3scan-en.mail
18:47:03 p3scan[4446]: subject: [Virus] found in a mail to you:
18:47:03 p3scan[4446]: blacklist subject: [Blacklisted] mail to you:
18:47:03 p3scan[4446]: blackshort: disabled
18:47:03 p3scan[4446]: notify: Per instruction, the message has been deleted.
18:47:03 p3scan[4446]: emailport: 25
18:47:03 p3scan[4446]: smtprset: Virus detected! P3scan rejected message!
18:47:03 p3scan[4446]: password: disabled
18:47:03 p3scan[4446]: sslport: 995
18:47:03 p3scan[4446]: imapport: 143
18:47:03 p3scan[4446]: imapsport: 993
18:47:03 p3scan[4446]: mail: /bin/mail
18:47:03 p3scan[4446]: timeout: 30
18:47:03 p3scan[4446]: altvnmsg: disabled
18:47:03 p3scan[4446]: useurl: disabled
18:47:03 p3scan[4446]: authuser: disabled
18:47:03 p3scan[4446]: cleankill: disabled
18:47:03 p3scan[4446]: noeom: disabled
18:47:03 p3scan[4446]: nospampipe: disabled
18:47:03 p3scan[4446]: PIPELINING processing disabled
18:47:03 p3scan[4446]: STLS processing disabled
18:47:03 p3scan[4446]: Waiting for connections.....
Lancement de Thunderbird
18:59:34 p3scan[4446]: Connection received.....
18:59:34 p3scan[4446]: Forked, pid=4604, numprocs=1
18:59:34 p3scan[4604]: setting the virusdir to /var/spool/p3scan/children/4604/
18:59:34 p3scan[4604]: Initialize Context
18:59:34 p3scan[4604]: starting proxy
18:59:34 p3scan[4604]: POP3S Connection from 192.168.1.20:39206
18:59:34 p3scan[4604]: Real-server address is 93.17.128.128:995
18:59:34 p3scan[4446]: Connection received.....
18:59:34 p3scan[4446]: Forked, pid=4605, numprocs=2
18:59:34 p3scan[4605]: setting the virusdir to /var/spool/p3scan/children/4605/
18:59:34 p3scan[4605]: Initialize Context
18:59:34 p3scan[4605]: starting proxy
18:59:34 p3scan[4605]: POP3S Connection from 192.168.1.20:45517
18:59:34 p3scan[4605]: Real-server address is 65.55.172.253:995
18:59:35 p3scan[4605]: SSL: Error loading certificate from file
18:59:35 p3scan[4605]: SSL: Error loading private key from file
18:59:35 p3scan[4605]: Accepting SSL connection... -->
18:59:35 p3scan[4605]: Error accepting SSL connection
18:59:35 p3scan[4446]: waitpid: child 4605 died with status 1, numprocs is now 1
18:59:47 p3scan[4604]: SSL: Error loading certificate from file
18:59:47 p3scan[4604]: SSL: Error loading private key from file
18:59:47 p3scan[4604]: Accepting SSL connection... -->
18:59:47 p3scan[4604]: Error accepting SSL connection
18:59:47 p3scan[4446]: waitpid: child 4604 died with status 1, numprocs is now 0
Y a-t-il un expert en SSL qui saurait me dire ce qui manque?
Linux tout seul sur HP Pavilion DV7 et Acer Aspire T650, Canon MG3650 en wifi
Debian 11 Bullseye Gnome/Xorg, Gnome/Wayland avec SDDM
https://bidouilledebian.wordpress.com/
ON M'A VU DANS LE VERCORS, SAUTER A L'ELASTIQUE..... J'AI DANS LES BOTTES DES MONTAGNES DE QUESTIONS....
Hors ligne