AVG Antivirus For Linux/FreeBSD Plus Qmail Mail Server

Want to support HowtoForge? Become a subscriber!
 
Submitted by dervis (Contact Author) (Forums) on Fri, 2012-04-27 14:10. :: Anti-Spam/Virus | Linux | Email | Security | FreeBSD

AVG Antivirus For Linux/FreeBSD Plus Qmail Mail Server

This document describes how to deploy AVG Antivirus for Linux/FreeBSD to the Qmail mail server. It is usable for AVG version 8.5, 10 and 2012.

 

Requirements

1) Linux or FreeBSD x86 or x86_64 with x32 compatible libraries. (See /opt/avg/av/doc/README.)
2) Configured Postfix Mail server.
3) Correct HW configuration for AVG:

  • CPU: i686 or amd64 on 800 MHz
  • Mem: 512 MB, 1GB is recommended
  • HDD: 500 MB of free space

 

Installation

1) Download correct package from AVG site:

Trial: http://www.avg.com/cz-cs/download.prd-trialb
Free: http://free.avg.com/cz-cs/stahnout.tpl-stdfull.prd-alf

NOTE: Trial/full package contains Antispam module. Later migration from free to full is possible.

2) Install package according to your distribution. Examples:

Installation from RPM (Linux only):

# rpm -i avg2012lms-r{release}-a{vdb version}.{architecture}.rpm

Installation from .deb (Linux only):

# dpkg -i avg2012lms-r{release}-a{vdb version}.{architecture}.deb

Installation from sh (Linux only):

# chmod +x avg2012lms-r{release}-a{vdb version}.{architecture}.sh
# ./avg2012lms-r{release}-a{vdb version}.{architecture}.sh

Installation from .tar.gz:

# tar xzvf avg2012{edition}-r{release}-a{vdb version}.{architecture}.tar.gz
# cd avg2012{edition}-r{release}-a{vdb version}.{architecture}
# ./install.sh

 

Registration

You can register AVG for Linux/FreeBSD during installation from sh or tar.gz, or later using command:

# avgctl --register 'your license number'

NOTE: Free version is registered automatically during instalation, trial license is available at /opt/avg/av/doc/README.

 

Start of AVG Anti-Virus

It is possible to use init scripts or avgctl utility:

Linux:

# /etc/init.d/avgd start

FreeBSD:

# /usr/local/etc/rc.d/avgd.sh start

Both systems:

# avgctl --start

 

Integration AVG to Qmail - Qmail Queue

Integration is possible via Qmail Queue AVG module. Qmail Queue for AVG is a module included into the Qmail email process chain. It allows to scan incoming and outgoing email messages for viruses and spam. It replaces the original qmail-queue file with the qmail-queue-avg file which implements communication with the AVG Daemon. After email scanning the original qmail-queue is executed. Note that execution of the original qmail-queue depends on the AVG Daemon settings. For example when a email contains a virus and the AVG Daemon is configured to drop email with virus the original qmail-queue will not be executed.

* Original email process chain:

qmail-inject ---
                |
                v
                ---> qmail-qmail ---> qmail-send ---> ...
                ^
                |
qmail-smtpd  ---

* Email process chain with the Qmail Queue for the AVG Daemon:

                       AVG Daemon
                          ^ |
qmail-inject ---          | |
                |         | |
                v         | v
                ---> qmail-qmail-avg ---> qmail-queue  ---> qmail-send ---> ...
                ^
                |
qmail-smtpd  ---

 

Installation of Qmail Queue AVG

Download Qmail Queue AVG source from here.

For example:

wget http://download.avg.com/filedir/inst/qmail-queue-avg.tar.gz

Unpack archive and go to the folder:

tar xzvf qmail-queue-avg.tar.gz && cd qmail-queue-avg

Edit configure file:

Change/leave binary path of qmail-queue file:

QQBINPATH="/var/qmail/bin/qmail-queue"

Change/leave path of symbolic link to qmail-queue file:

QQSYMPATH="/var/qmail/bin/qmail-queue-lnk"

Note: Symlink is automaticaly created via installation process if it is not available.

Change/leave path of new qmail-queue-avg file:

DESTINATION="/var/qmail/bin/qmail-queue-avg"

Note: You can also set this parameter with configure command. See help of configure for details.

Run trinity:

./configure
make
make install

Integration AVG to Qmail is done now. Restart of mail server is not needed.

 

AVG Service Configuration

Configuration is out-of-the-box, it works at all after integration.

If you need to change some specific parameters use utility avgcfgctl.

For example if you need write configuration use:

avgcfgctl -w 'parameter=value'

For more details see man page of avgcfgctl.

 

Specific configuration for QMail (AVG protocol).

It is needed to set some parameters:

Enable AVG protocol:

Default.tcpd.avg.enabled=true

Define port:

Default.tcpd.avg.ports="|54322|"

Make sure this port is the same as port defined in configure file of Qmail Queue AVG module.

 

Other useful AVG parameters:

For settings:

Default.setup.features.tcpd=true

This item enables/disables whole E-Mail functions.

Default.tcpd.spam.enabled=true

Enable/disable Anti-spam function.

For scanning:

Tcpd.scan.Options.ArchiveLevel=256

It defines level of processing archive files.Values:

  • 0 - no archives, macros, cookies, real-time compression will be scanned, including MIME
  • 32 - only macros, cookies, real-time compression will be scanned
  • 256 - archives, macros, cookies will be scanned

Tcpd.scan.Options.DetectCookies=false

This enables/disables detection of cookies.

Tcpd.scan.Options.DetectPup2=false
Tcpd.scan.Options.DetectPup=true

This enables/disables detection of Potentially Unwanted Programs.

Tcpd.scan.Options.UseHeuristics=true

Use heuristic during scan.

Tcpd.scan.Options.MaxFileSize=268435456

This item defines maximal size of extracted archive.

Tcpd.scan.Options.MaxNumberOfFiles=50000

This item defines maximal count of extracted files.

Tcpd.scan.Options.MaxRecursionDepth=40

Maximal level of recursion for archive.

Tcpd.scan.mail.strip.alldoc=false
Tcpd.scan.mail.strip.alldoclist=|DO?|XL?|VBX|RTF|PP?|POT|MDA|MDB|XML|DOC?|DOT?|XLS?|XLT?|XLAM|PPT?|POT?|PPS?|SLD?|PPAM|THMX|PDF|
Tcpd.scan.mail.strip.allexe=false
Tcpd.scan.mail.strip.allexelist=|COM|DRV|EXE|OV?|PGM|SYS|BIN|CMD|DEV|386|SMM|VXD|DLL|OCX|BOO|SCR|ESL|CLA|CLASS|BAT|VBS|VBE|WSH|HTA|CHM|INI|HTT|INF|JS|JSE|HLP|SHS|PRC|PDB|PIF|PHP|ASP|LNK|PL|CPL|WMF|
Tcpd.scan.mail.strip.enable=false
Tcpd.scan.mail.strip.list=

Enable detection of defined attachments.

For basic Anti-spam configuration:

Default.tcpd.spam.header.enabled=true

This item adds "AVG Anti-spam header" to mail.

Default.tcpd.spam.phish_subj_prefix=[PHISHING]

This item adds prefix to subject - mail with phishing.

Default.tcpd.spam.spamscore_level=90

This item sets score for Spam identification (less means more spam).

Default.tcpd.spam.subj_prefix=[SPAM]

This item adds prefix to subject - mail with spam.

Other actions:

Default.tcpd.parsing.mime_certification_enabled=false

It enables/disables AVG certification in body of E-mail.

Default.tcpd.rules.virus.action=0
Default.tcpd.rules.phishing.action=0
Default.tcpd.rules.spam.action=0

This items defines action for each detected message. Values:

  • 0 - PASS means message will be only certified (header, subject, body,..)
  • 1 - DROP means message will be deleted
  • 2 - BOUNCE means message will be delivered to adress defined by parameter Default.tcpd.rules.*.bounce_addr

Default.tcpd.rules.virus.bounce_addr=
Default.tcpd.rules.phishing.bounce_addr=
Default.tcpd.rules.spam.bounce_addr=

There is defined adress for BOUNCE action.

Default.tcpd.scan.header.enabled=true

This parameter adds "AVG Anti-virus header" to mail.

Default.tcpd.scan.subj_prefix=[VIRUS]

This item adds prefix to subject - mail with virus.

Basic statistics of scanned messages:

For basic statistic enter command:

avgctl --stat=tcpd

This returns (depends on settings):

AVG command line controller
Copyright (c) 2012 AVG Technologies CZ


------ Tcpd status ------
E-mails checked : 10256
SPAM messages : 104
Phishing messages : 2
E-mails infected : 211
E-mails dropped : 211

Operation successful.

NOTE: For other parameters see avgtcpd and avgspamd man page! After configuration restart all related services (AVG).


Please do not use the comment function to ask for help! If you need help, please use our forum.
Comments will be published after administrator approval.
Submitted by Anonymous (not registered) on Mon, 2012-04-30 10:22.

Hiya

Thanks for this, but why Qmail.

Why not AVG with Exim or Postfix. I.e. Default Industry standard MTA's.