AVG Antivirus For Linux/FreeBSD Plus Sendmail Mail Server

Want to support HowtoForge? Become a subscriber!
 
Submitted by dervis (Contact Author) (Forums) on Fri, 2012-02-17 18:10. :: Anti-Spam/Virus | Linux | Email | Security | FreeBSD

AVG Antivirus For Linux/FreeBSD Plus Sendmail Mail Server

This document describes how to deploy AVG Antivirus for Linux/FreeBSD to the Sendmail mail server. It is usable for AVG version 8.5, 10 and 2012.

 

Requirements

1) Linux or FreeBSD x86 or x86_64 with x32 compatible libraries. (See /opt/avg/av/doc/README.)
2) Configured Postfix Mail server.
3) Correct HW configuration for AVG:

  • CPU: i686 or amd64 on 800 MHz
  • Mem: 512 MB, 1GB is recommended
  • HDD: 500 MB of free space

 

Installation

1) Download correct package from AVG site:

Trial: http://www.avg.com/cz-cs/download.prd-trialb
Free: http://free.avg.com/cz-cs/stahnout.tpl-stdfull.prd-alf

NOTE: Trial/full package contains Antispam module. Later migration from free to full is possible.

2) Install package according to your distribution. Examples:

Installation from RPM (Linux only):

# rpm -i avg2012lms-r{release}-a{vdb version}.{architecture}.rpm

Installation from .deb (Linux only):

# dpkg -i avg2012lms-r{release}-a{vdb version}.{architecture}.deb

Installation from sh (Linux only):

# chmod +x avg2012lms-r{release}-a{vdb version}.{architecture}.sh
# ./avg2012lms-r{release}-a{vdb version}.{architecture}.sh

Installation from .tar.gz:

# tar xzvf avg2012{edition}-r{release}-a{vdb version}.{architecture}.tar.gz
# cd avg2012{edition}-r{release}-a{vdb version}.{architecture}
# ./install.sh

 

Registration

You can register AVG for Linux/FreeBSD during installation from sh or tar.gz, or later using command:

# avgctl --register 'your license number'

NOTE: Free version is registered automatically during instalation, trial license is available at /opt/avg/av/doc/README.

 

Start Of AVG Anti-Virus

It is possible to use init scripts or avgctl utility:

Linux:

# /etc/init.d/avgd start

FreeBSD:

# /usr/local/etc/rc.d/avgd.sh start

Both systems.

# avgctl --start

 

Integration AVG To Sendmail

There are two options:

  • A) Edit and generate configuration - "mc file"
  • B) Edit configuration directly - "cf file".

First choice is "cleanest", but both options are sufficient for configuration.

 

A) Create configuration via mc file

Locate sendmail mc file (usually /etc/mail/sendmail.mc).

Add this line to the end of mc file:

INPUT_MAIL_FILTER(`avgtcpd', `S=inet:10024@localhost, F=T, T=S:1m;R:1m;E:10m')

Re-generate cf file. (It depends to your system.) For example:

# make -C /etc/mail

# cd /etc/mail
# make sendmail.cf

# cd /etc/mail
# m4 /usr/share/sendmail.cf/m4/cf.m4 sendmail.mc >sendmail.cf

 

B) Create configuration via cf file

Locate sendmail cf file (usually /etc/mail/sendmail.cf).

Add filter O InputMailFilters=avgtcpd below section Input mail filters:

# Input mail filters
O InputMailFilters=avgtcpd

Add filter definitions Xavgtcpd, S=inet:1024@localhost, F=T, T=S:1m;R:1m;E:10m below section MAIL FILTER DEFINITIONS:

######################################################################
######################################################################
#####
#####                   MAIL FILTER DEFINITIONS
#####
######################################################################
######################################################################
Xavgtcpd, S=inet:1024@localhost, F=T, T=S:1m;R:1m;E:10m

Or just add this lines to the end of your cf file:

# AVG Input mail filter
O InputMailFilters=avgtcpd
# AVG Mail filter definitions
Xavgtcpd, S=inet:10024@localhost, F=T, T=S:1m;R:1m;E:10m

Note: Socket inet:10024@localhost is defined later in AVG configuration.

 

AVG Service Configuration

If you need to change some specific parameters use utility avgcfgctl.

For example if you need write configuration use:

avgcfgctl -w 'parameter=value'

For more details see man page of avgcfgctl.

 

Specific configuration for Sendmail

It is needed to change some default parameters:

Disable smtp functions.

Default.tcpd.smtp.enabled=false

Enable and define milter interface:

Default.tcpd.milter.enabled=true

Default.tcpd.milter.socket=inet:10024@localhost

This item defines socket for communication witth AVG. (For more details see integration section.)

Default.tcpd.milter.verbosity=0

This item is optional, sets milter logging verbosity. (0 - disabled, 6 - highest severity).

 

Other useful AVG parameters

For settings:

Default.setup.features.tcpd=true

This item enables/disables whole E-Mail functions.

Default.tcpd.spam.enabled=true

Enable/disable Anti-spam function.

For scanning:

Tcpd.scan.Options.ArchiveLevel=256

It defines the level of processing archive files.Values:

  • 0 - no archives, macros, cookies, real-time compression will be scanned, including MIME
  • 32 - only macros, cookies, real-time compression will be scanned
  • 256 - archives, macros, cookies will be scanned

Tcpd.scan.Options.DetectCookies=false

This enables/disables detection of cookies.

Tcpd.scan.Options.DetectPup2=false
Tcpd.scan.Options.DetectPup=true

This enables/disables detection of potentially unwanted programs.

Tcpd.scan.Options.UseHeuristics=true

Use heuristic during scan.

Tcpd.scan.Options.MaxFileSize=268435456

This item defines maximal size of extracted archive.

Tcpd.scan.Options.MaxNumberOfFiles=50000

This item defines maximal count of extracted files.

Tcpd.scan.Options.MaxRecursionDepth=40

Maximal level of recursion for archive.

Tcpd.scan.mail.strip.alldoc=false
Tcpd.scan.mail.strip.alldoclist=|DO?|XL?|VBX|RTF|PP?|POT|MDA|MDB|XML|DOC?|DOT?|XLS?|XLT?|XLAM|PPT?|POT?|PPS?|SLD?|PPAM|THMX|PDF|
Tcpd.scan.mail.strip.allexe=false
Tcpd.scan.mail.strip.allexelist=|COM|DRV|EXE|OV?|PGM|SYS|BIN|CMD|DEV|386|SMM|VXD|DLL|OCX|BOO|SCR|ESL|CLA|CLASS|BAT|VBS|VBE|WSH|HTA|CHM|INI|HTT|INF|JS|JSE|HLP|SHS|PRC|PDB|PIF|PHP|ASP|LNK|PL|CPL|WMF|
Tcpd.scan.mail.strip.enable=false
Tcpd.scan.mail.strip.list=

Enable detection of defined attachments.

For basic Anti-spam configuration:

Default.tcpd.spam.header.enabled=true

This item adds "AVG Anti-spam header" to mail.

Default.tcpd.spam.phish_subj_prefix=[PHISHING]

This item adds prefix to subject - mail with phishing.

Default.tcpd.spam.spamscore_level=90

This item sets the score for Spam identification (less means more spam).

Default.tcpd.spam.subj_prefix=[SPAM]

This item adds prefix to subject - mail with spam.

Other actions:

Default.tcpd.parsing.mime_certification_enabled=false

It enables/disables AVG certification in body of E-mail.

Default.tcpd.rules.virus.action=0
Default.tcpd.rules.phishing.action=0
Default.tcpd.rules.spam.action=0

This items defines action for each detected message. Values:

  • 0 - PASS means message will be only certified (header, subject, body,..)
  • 1 - DROP means message will be deleted
  • 2 - BOUNCE means message will be delivered to adress defined by parameter Default.tcpd.rules.*.bounce_addr

Default.tcpd.rules.virus.bounce_addr=
Default.tcpd.rules.phishing.bounce_addr=
Default.tcpd.rules.spam.bounce_addr=

There is defined adress for BOUNCE action.

Default.tcpd.scan.header.enabled=true

This parameter adds "AVG Anti-virus header" to mail.

Default.tcpd.scan.subj_prefix=[VIRUS]

This item add prefix to subject - mail with virus.

NOTE: For other parameters see avgtcpd and avgspamd man page! After configuration restart all related services (AVG and Sendmail).


Please do not use the comment function to ask for help! If you need help, please use our forum.
Comments will be published after administrator approval.