AVG Antivirus For Linux/FreeBSD Plus Postfix Mail Server

Want to support HowtoForge? Become a subscriber!
 
Submitted by dervis (Contact Author) (Forums) on Mon, 2012-01-23 17:52. :: Anti-Spam/Virus | Linux | Email | Postfix | FreeBSD

AVG Antivirus For Linux/FreeBSD Plus Postfix Mail Server

This document describes how to deploy AVG Antivirus for Linux/FreeBSD to a Postfix mail server. It is usable for AVG version 8.5, 10 and 2012.

 

Requirements

1) Linux or FreeBSD x86 or x86_64 with x32 compatible libraries. (See /opt/avg/av/doc/README.)
2) Configured Postfix Mail server.
3) Correct HW configuration for AVG:

  • CPU: i686 or amd64 on 800 MHz
  • Mem: 512 MB, 1GB is recommended
  • HDD: 500 MB of free space

 

Installation

1) Download correct package from AVG site:

Trial: http://www.avg.com/cz-cs/download.prd-trialb
Free: http://free.avg.com/cz-cs/stahnout.tpl-stdfull.prd-alf

NOTE: Trial/full package contains Antispam module. Later migration from free to full is possible.

2) Install package according to your distribution. Examples:

Installation from RPM (Linux only):

# rpm -i avg2012lms-r{release}-a{vdb version}.{architecture}.rpm

Installation from .deb (Linux only):

# dpkg -i avg2012lms-r{release}-a{vdb version}.{architecture}.deb

Installation from sh (Linux only):

# chmod +x avg2012lms-r{release}-a{vdb version}.{architecture}.sh
# ./avg2012lms-r{release}-a{vdb version}.{architecture}.sh

Installation from .tar.gz:

# tar xzvf avg2012{edition}-r{release}-a{vdb version}.{architecture}.tar.gz
# cd avg2012{edition}-r{release}-a{vdb version}.{architecture}
# ./install.sh

Registration

You can register AVG for Linux/FreeBSD during installation from sh or tar.gz, or later using command:

# avgctl --register 'your license number'

NOTE: Free version is registered automatically during instalation, trial license is available at /opt/avg/av/doc/README.

 

Integration AVG To Postfix

1) Edit /etc/postfix/main.cf file.

Add lines for content filter avgtcpd:

content_filter = avgtcpd:localhost:54321
receive_override_options = no_address_mappings
NOTE: The socket address 'localhost:54321' is by default.

2) Edit /etc/postfix/master.cf file:

Add lines for service avgtcpd (from Postfix to AVG):

# ===================================================================
# service       type  private unpriv  chroot  wakeup  maxproc command
#                     (yes)   (yes)   (yes)   (never) (100)
# ===================================================================
avgtcpd         unix  -       -        y/n     -       2       smtp
    -o smtp_data_done_timeout=1200
    -o smtp_send_xforward_command=yes
    -o disable_dns_lookups=yes
    -o max_use=20

Change the 'y/n' to either 'y' or 'n'. Check your regular smyp and smtpd service.

Add lines for client service (back to Postfix):

# ===================================================================
# service       type  private unpriv  chroot  wakeup  maxproc command
#                     (yes)   (yes)   (yes)   (never) (100)
# ===================================================================
localhost:10025 inet  n       -       n       -       10      smtpd
    -o content_filter= 
    -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
    -o smtpd_helo_restrictions=
    -o smtpd_client_restrictions=
    -o smtpd_sender_restrictions=
    -o smtpd_recipient_restrictions=permit_mynetworks,reject
    -o mynetworks=127.0.0.0/8
    -o smtpd_authorized_xforward_hosts=127.0.0.0/8

For Postfix of version 2.3 and later, add option no_milters to item receive_override_options:

    -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks, no_milters

NOTE: The socket address 'localhost:10025' is by default.

3) Configuring avgtcpd service

Configuration is out-of-the-box, it works at all after integration.

If you need to change some specific parameters use utility avgcfgctl.

For example if you need write configuration use:

avgcfgctl -w 'parameter=value'

For more details see man page of avgcfgctl.

 

Useful AVG parameters:

For settings:

Default.setup.features.tcpd=true

This item enables/disables whole email functions.

Default.tcpd.smtp.enabled=true

This item enables/disables smtp functions (Postfix related).

Default.tcpd.milter.enabled=false

For milter library - must be disabled if smtp options is enabled.

Default.tcpd.smtp.address=127.0.0.1
Default.tcpd.smtp.ports=|54321|

This parameters defines address and port for AVG server service.

Default.tcpd.smtp.client_address=127.0.0.1
Default.tcpd.smtp.client_port=10025

This parameters defines address and port for Postfix client service.

Default.tcpd.smtp.limiter_start=220
Default.tcpd.smtp.limiter_stop=250

This items controls active connections.

Default.tcpd.smtp.read_buffer=102400

SMTP read buffer size.

For scanning:

Tcpd.scan.Options.ArchiveLevel=256

It defines the level of processing archive files.Values:

  • 0 - no archives, macros, cookies, real-time compression will be scanned, including MIME
  • 32 - only macros, cookies, real-time compression will be scanned
  • 256 - archives, macros, cookies will be scanned

Tcpd.scan.Options.DetectCookies=false

This enables/disables detection of cookies.

Tcpd.scan.Options.DetectPup2=false
Tcpd.scan.Options.DetectPup=true

This enables/disables detection of Potentially Unwanted Programs.

Tcpd.scan.Options.UseHeuristics=true

Use heuristic during scan.

Tcpd.scan.Options.MaxFileSize=268435456

This item defines maximal size of extracted archive.

Tcpd.scan.Options.MaxNumberOfFiles=50000

This item defines maximal count of extracted files.

Tcpd.scan.Options.MaxRecursionDepth=40

Maximal level of recursion for archive.

Tcpd.scan.mail.strip.alldoc=false
Tcpd.scan.mail.strip.alldoclist=|DO?|XL?|VBX|RTF|PP?|POT|MDA|MDB|XML|DOC?|DOT?|XLS?|XLT?|XLAM|PPT?|POT?|PPS?|SLD?|PPAM|THMX|PDF|
Tcpd.scan.mail.strip.allexe=false
Tcpd.scan.mail.strip.allexelist=|COM|DRV|EXE|OV?|PGM|SYS|BIN|CMD|DEV|386|SMM|VXD|DLL|OCX|BOO|SCR|ESL|CLA|CLASS|BAT|VBS|VBE|WSH|HTA|
CHM|INI|HTT|INF|JS|JSE|HLP|SHS|PRC|PDB|PIF|PHP|ASP|LNK|PL|CPL|WMF|
Tcpd.scan.mail.strip.enable=false
Tcpd.scan.mail.strip.list=

Enables detection of defined attachments.

For basic Anti-spam configuration:

Default.tcpd.spam.enabled=true

Enables/disables Anti-spam function.

Default.tcpd.spam.header.enabled=true

This item adds "AVG Anti-spam header" to mail.

Default.tcpd.spam.phish_subj_prefix=[PHISHING]

This item adds prefix to subject - mail with phishing.

Default.tcpd.spam.spamscore_level=90

This item sets score for Spam identification (less means more spam).

Default.tcpd.spam.subj_prefix=[SPAM]

This item adds prefix to subject - mail with spam.

Other actions:

Default.tcpd.parsing.mime_certification_enabled=false

It enables/disables AVG certification in body of email.

Default.tcpd.rules.virus.action=0
Default.tcpd.rules.phishing.action=0
Default.tcpd.rules.spam.action=0

This items defines action for each detected message. Values:

  • 0 - PASS means message will be only certified (header, subject, body,..)
  • 1 - DROP means message will be deleted
  • 2 - BOUNCE means message will be delivered to adress defined by parameter Default.tcpd.rules.*.bounce_addr

Default.tcpd.rules.virus.bounce_addr=
Default.tcpd.rules.phishing.bounce_addr=
Default.tcpd.rules.spam.bounce_addr=

There is defined adress for BOUNCE action.

Default.tcpd.scan.header.enabled=true

This parameter adds "AVG Anti-virus header" to mail.

Default.tcpd.scan.subj_prefix=[VIRUS]

This item adds prefix to subject - mail with virus.

NOTE: For other parameters see avgtcpd and avgspamd man page!


Please do not use the comment function to ask for help! If you need help, please use our forum.
Comments will be published after administrator approval.
Submitted by teraxit (registered user) on Wed, 2012-08-15 01:44.
Submitted by watson (not registered) on Fri, 2012-01-27 07:44.
Thanks For the Article!!!
Submitted by Tim Reichhart (not registered) on Mon, 2012-01-23 18:57.
Here is the link to the english version of the downloads: http://www.avg.com/cz-en/download.prd-trialb