AVG Antivirus For Linux/FreeBSD Plus Sendmail Mail Server

This document describes how to deploy AVG Antivirus for Linux/FreeBSD to the Sendmail mail server. It is usable for AVG version 8.5, 10 and 2012.

Requirements

1) Linux or FreeBSD x86 or x86_64 with x32 compatible libraries. (See /opt/avg/av/doc/README.)
2) Configured Postfix Mail server.
3) Correct HW configuration for AVG:

• CPU: i686 or amd64 on 800 MHz
• Mem: 512 MB, 1GB is recommended
• HDD: 500 MB of free space

Installation

1) Download correct package from AVG site:

Trial: http://www.avg.com/cz-cs/download.prd-trialb
Free: http://free.avg.com/cz-cs/stahnout.tpl-stdfull.prd-alf

NOTE: Trial/full package contains Antispam module. Later migration from free to full is possible.

2) Install package according to your distribution. Examples:

Installation from RPM (Linux only):

# rpm -i avg2012lms-r{release}-a{vdb version}.{architecture}.rpm

Installation from .deb (Linux only):

# dpkg -i avg2012lms-r{release}-a{vdb version}.{architecture}.deb

Installation from sh (Linux only):

# chmod +x avg2012lms-r{release}-a{vdb version}.{architecture}.sh
# ./avg2012lms-r{release}-a{vdb version}.{architecture}.sh

Installation from .tar.gz:

# tar xzvf avg2012{edition}-r{release}-a{vdb version}.{architecture}.tar.gz
# cd avg2012{edition}-r{release}-a{vdb version}.{architecture}
# ./install.sh

Registration

You can register AVG for Linux/FreeBSD during installation from sh or tar.gz, or later using command:

# avgctl --register 'your license number'

NOTE: Free version is registered automatically during instalation, trial license is available at /opt/avg/av/doc/README.

Start Of AVG Anti-Virus

It is possible to use init scripts or avgctl utility:

Linux:

# /etc/init.d/avgd start

FreeBSD:

# /usr/local/etc/rc.d/avgd.sh start

Both systems.

# avgctl --start

Integration AVG To Sendmail

There are two options:

• A) Edit and generate configuration - "mc file"
• B) Edit configuration directly - "cf file".

First choice is "cleanest", but both options are sufficient for configuration.

A) Create configuration via mc file

Locate sendmail mc file (usually /etc/mail/sendmail.mc).

Add this line to the end of mc file:

INPUT_MAIL_FILTER(`avgtcpd', `S=inet:10024@localhost, F=T, T=S:1m;R:1m;E:10m')

Re-generate cf file. (It depends to your system.) For example:

# make -C /etc/mail

# cd /etc/mail
# make sendmail.cf

# cd /etc/mail
# m4 /usr/share/sendmail.cf/m4/cf.m4 sendmail.mc >sendmail.cf

B) Create configuration via cf file

Locate sendmail cf file (usually /etc/mail/sendmail.cf).

Add filter O InputMailFilters=avgtcpd below section Input mail filters:

# Input mail filters
O InputMailFilters=avgtcpd

Add filter definitions Xavgtcpd, S=inet:1024@localhost, F=T, T=S:1m;R:1m;E:10m below section MAIL FILTER DEFINITIONS:

######################################################################
######################################################################
#####
#####                   MAIL FILTER DEFINITIONS
#####
######################################################################
######################################################################
Xavgtcpd, S=inet:1024@localhost, F=T, T=S:1m;R:1m;E:10m

Or just add this lines to the end of your cf file:

# AVG Input mail filter
O InputMailFilters=avgtcpd
# AVG Mail filter definitions
Xavgtcpd, S=inet:10024@localhost, F=T, T=S:1m;R:1m;E:10m

Note: Socket inet:10024@localhost is defined later in AVG configuration.

AVG Service Configuration

If you need to change some specific parameters use utility avgcfgctl.

For example if you need write configuration use:

avgcfgctl -w 'parameter=value'

For more details see man page of avgcfgctl.

Specific configuration for Sendmail

It is needed to change some default parameters:

Disable smtp functions.

Default.tcpd.smtp.enabled=false

Enable and define milter interface:

Default.tcpd.milter.enabled=true

Default.tcpd.milter.socket=inet:10024@localhost

This item defines socket for communication witth AVG. (For more details see integration section.)

Default.tcpd.milter.verbosity=0

This item is optional, sets milter logging verbosity. (0 - disabled, 6 - highest severity).

Other useful AVG parameters

For settings:

Default.setup.features.tcpd=true

This item enables/disables whole E-Mail functions.

Default.tcpd.spam.enabled=true

Enable/disable Anti-spam function.

For scanning:

Tcpd.scan.Options.ArchiveLevel=256

It defines the level of processing archive files.Values:

• 0 - no archives, macros, cookies, real-time compression will be scanned, including MIME
• 32 - only macros, cookies, real-time compression will be scanned
• 256 - archives, macros, cookies will be scanned

Tcpd.scan.Options.DetectCookies=false

This enables/disables detection of cookies.

Tcpd.scan.Options.DetectPup2=false
Tcpd.scan.Options.DetectPup=true

This enables/disables detection of potentially unwanted programs.

Tcpd.scan.Options.UseHeuristics=true

Use heuristic during scan.

Tcpd.scan.Options.MaxFileSize=268435456

This item defines maximal size of extracted archive.

Tcpd.scan.Options.MaxNumberOfFiles=50000

This item defines maximal count of extracted files.

Tcpd.scan.Options.MaxRecursionDepth=40

Maximal level of recursion for archive.

Tcpd.scan.mail.strip.alldoc=false
Tcpd.scan.mail.strip.alldoclist=|DO?|XL?|VBX|RTF|PP?|POT|MDA|MDB|XML|DOC?|DOT?|XLS?|XLT?|XLAM|PPT?|POT?|PPS?|SLD?|PPAM|THMX|PDF|
Tcpd.scan.mail.strip.allexe=false
Tcpd.scan.mail.strip.allexelist=|COM|DRV|EXE|OV?|PGM|SYS|BIN|CMD|DEV|386|SMM|VXD|DLL|OCX|BOO|SCR|ESL|CLA|CLASS|BAT|VBS|VBE|WSH|HTA|CHM|INI|HTT|INF|JS|JSE|HLP|SHS|PRC|PDB|PIF|PHP|ASP|LNK|PL|CPL|WMF|
Tcpd.scan.mail.strip.enable=false
Tcpd.scan.mail.strip.list=

Enable detection of defined attachments.

For basic Anti-spam configuration:

Default.tcpd.spam.header.enabled=true

This item adds "AVG Anti-spam header" to mail.

Default.tcpd.spam.phish_subj_prefix=[PHISHING]

This item adds prefix to subject - mail with phishing.

Default.tcpd.spam.spamscore_level=90

This item sets the score for Spam identification (less means more spam).

Default.tcpd.spam.subj_prefix=[SPAM]

This item adds prefix to subject - mail with spam.

Other actions:

Default.tcpd.parsing.mime_certification_enabled=false

It enables/disables AVG certification in body of E-mail.

Default.tcpd.rules.virus.action=0
Default.tcpd.rules.phishing.action=0
Default.tcpd.rules.spam.action=0

This items defines action for each detected message. Values:

• 0 - PASS means message will be only certified (header, subject, body,..)
• 1 - DROP means message will be deleted
• 2 - BOUNCE means message will be delivered to adress defined by parameter Default.tcpd.rules.*.bounce_addr

Default.tcpd.rules.virus.bounce_addr=
Default.tcpd.rules.phishing.bounce_addr=
Default.tcpd.rules.spam.bounce_addr=

There is defined adress for BOUNCE action.

Default.tcpd.scan.header.enabled=true

This parameter adds "AVG Anti-virus header" to mail.

Default.tcpd.scan.subj_prefix=[VIRUS]

This item add prefix to subject - mail with virus.

NOTE: For other parameters see avgtcpd and avgspamd man page! After configuration restart all related services (AVG and Sendmail).