![首頁 Logo Keith ]p !!](/themes/mytheme/logo.png){kind=logo}
最後更新: 2018-01-22
介紹
razor 係一套 HashSharingSystem 來
Program: Perl
Outbound
- 2703/tcp
- 7/tcp
介紹:
Modules are required
- Time::HiRes
- Digest::SHA1
- MIME::Base64
- Getopt::Long
- File::Copy
- URI::Escape
* These modules are included in razor-agents-sdk
安裝
Step 0: Download
http://razor.sourceforge.net/download/
DL
wget http://prdownloads.sourceforge.net/razor/razor-agents-2.84.tar.bz2?download -O razor-agents-2.84.tar.bz2
wget http://prdownloads.sourceforge.net/razor/razor-agents-sdk-2.07.tar.bz2?d... -O razor-agents-sdk-2.07.tar.bz2
Step 1: razor-agents-sdk-2.07.tar.bz2
# sdk package that includes all dependencies required to run the Razor agent via Perl
tar -jxf razor-agents-sdk-2.07.tar.bz2
cd razor-agents-sdk-2.07
export LANG=C ; perl Makefile.PL ; make install
Step 2: razor-agents-2.84.tar.bz2
tar -jxf razor-agents-2.84.tar.bz2
cd razor-agents-2.84
export LANG=C ; perl Makefile.PL ; make install
Step 3: check module
# 沒有 output 是好事來, 因為已經安裝成功
perl -e 'use Mail::SpamAssassin::Plugin::Razor2'
Razor Registering Agent
Step 4: razor-admin
# 它只負責 registering
# Help
razor-admin -h
# Create razorhome
# Create razorhome, does discover, does not register (包含 -discover 的效果)
# creates razor-agent.conf file in <razorhome>
razor-admin -home=/etc/mail/spamassassin/razor -create
Remark
-discover # Force discovery. This will create server.*.lst files in <razorhome>
# Register a new identity
# 建立 identity -> identity-XXXXXXX 的 link
# Both razor-report(1) and razor-revoke(1) require user authentication to work, razor-check(1) does not.
# Highly trusted users will have the most affect on the Razor database
razor-admin -home=/etc/mail/spamassassin/razor -register
Output
Register successful. Identity stored in /home/username/.razor/identity-USERNAME
建立了 symlink
identity -> identity-USERNAME
內容
pass = ???? user = USERNAME
# 設定 permission
chmod o+r identity-*
# 修改 razor-agent.conf
debuglevel = 3 identity = identity ignorelist = 0 listfile_catalogue = servers.catalogue.lst listfile_discovery = servers.discovery.lst listfile_nomination = servers.nomination.lst logfile = razor-agent.log logic_method = 4 min_cf = ac razordiscovery = discovery.razor.cloudmark.com rediscovery_wait = 172800 report_headers = 1 turn_off_discovery = 0 use_engines = 4,8 whitelist = razor-whitelist" razorhome = /etc/mail/spamassassin/razor/
razor-check (Razor Filtering Agent)
# razor-check checks a mail against the distributed Razor Catalogue by communicating with a Razor Catalogue Server.
Version
razor-check -v
Razor Agents 2.84, protocol version 3
Help
razor-check -h
-s # Simulate a check. Do everything except talk to the server.
-d # Turn on debugging. Logs to stdout.
"-rs=razor.server.com" # Use this Razor Catalogue Server instead of reading "servers.catalogue.lst"
-H # Compute and print signature
# echo $?
0 the signature for the mail is catalogued on the server (spam)
1 the mail is not catalogued by the server (not a spam)
Usage
# Compute and Print signature
razor-check -H spam-mail.eml
1.0 e4: x6ugUIo0ONxb2pmQNBIXWZMOv_UA, ep4: 7542-10 1.0 e8: P98m_lzQ964A
# Simulate a check
razor-check -s 0CA342095215.eml
echo $?
1
0 if the signature for the mail is catalogued on the server (spam)
1 if the mail is not catalogued by the server (not a spam)
# set razorhome <-- razor 的設定檔
razor-check -home /etc/mail/spamassassin/razor
spamassassin enable razor
/etc/mail/spamassassin/v310.pre
# Razor2 loadplugin Mail::SpamAssassin::Plugin::Razor2
/etc/mail/spamassassin/local.cf
# Razor2 Setting use_razor2 1 razor_timeout 5 razor_config /etc/mail/spamassassin/razor/razor-agent.conf
Restart service
service spamassassin restart
Testing
spamassassin -D < spam.eml 2>&1 | grep razor2
Apr 10 12:46:13.629 [5506] dbg: razor2: razor2 is available, version 2.84 Apr 10 12:46:13.886 [5506] dbg: config: fixed relative path: /var/lib/spamassassin/3.004000/updates_spamassassin_org/25_razor2.cf Apr 10 12:46:13.886 [5506] dbg: config: using "/var/lib/spamassassin/3.004000/updates_spamassassin_org/25_razor2.cf" for included file Apr 10 12:46:13.886 [5506] dbg: config: read file /var/lib/spamassassin/3.004000/updates_spamassassin_org/25_razor2.cf Apr 10 12:46:16.459 [5506] dbg: razor2: part=0 engine=8 contested=0 confidence=0 Apr 10 12:46:16.460 [5506] dbg: razor2: part=1 engine=8 contested=0 confidence=0 Apr 10 12:46:16.460 [5506] dbg: razor2: results: spam? 0 Apr 10 12:46:16.460 [5506] dbg: razor2: results: engine 8, highest cf score: 0 Apr 10 12:46:16.460 [5506] dbg: razor2: results: engine 4, highest cf score: 0 Apr 10 12:46:16.614 [5506] dbg: timing: total 3076 ms - init: 1181 (38.4%), ...
spamassassin -t -D razor2 < spam.eml
..................... 0.5 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/) .....................
Score
Default
full Listed in Razor2 (http://razor.sf.net/) RAZOR2_CHECK 0 1.729 0 0.922 full Razor2 gives confidence level above 50% RAZOR2_CF_RANGE_51_100 0 0.365 0 0.500 full Razor2 gives engine 4 confidence level above 50% RAZOR2_CF_RANGE_E4_51_100 0 0.467 0 0.642 full Razor2 gives engine 8 confidence level above 50% RAZOR2_CF_RANGE_E8_51_100 0 2.430 0 1.88
CF = Confidence level
MySetting
score RAZOR2_CHECK 5 score RAZOR2_CF_RANGE_51_100 2
More about Razor
Razor v2 protocol
_Structured Information Strings_
(similar to URIs)
_Pipelining_
(keep a connection open with server)
Razor v2 supports multiple engines
An engine is logical unit that encapsulates a particular type of filteration service.
New engines can be seamlessly plugged into the service as and when required.
VR1 which is equivalent to Razor v1,
VR2 that is based on SHA1 signatures of bodytext,
VR3 that is based on Nilsimsa signatures, and
VR4 based on Ephemeral hashes.
