August 17th, 2004 04:37 AM
Mail virus scanner-Amavis
This installation is for FreeBSD.
Most people will say: "A virus scanner? For UN*X? Why? Viruses do not work in a UNIX environment." On the first glance they are right (even if there are at least two viruses which run under Linux - well, actually they are Trojan Horses)
On the second view though, imagine a heterogene network environment with both UN*X and DOS / Windows / Macintosh workstations. Now think of an UN*X server that serves Windows and/or Macintosh workstations via a POP3 service. Would it not be nice to ensure attachments coming via email are scanned for viruses before they reach a system they are able to infect? Well - that is what this package is for. It resides on the server that handles your incoming mails. When a mail arrives, instead of being delivered via procmail directly, is parsed through a script that extracts all attachments from the mail, unpacks (if needed) and scannes them using a professional virus scanner program.
AMaViS does exactly this: scanning emails for viruses. In recent years, most of new Windows viruses propogate through email. Checking and disinfecting for viruses at the email gateway thus help a lot to prevent mass virus propogation that will waste bandwidth and time. AMaViS is a collection of Perl script that runs your message over to a third party virus scanner. What makes AMaViS useful is that it can handle most of popular file compression format such as LHA, ARJ, RAR, ZOO, ARC, and ZIP, so that virus inside a compressed email attachment can be detected.
To install AMaViS under FreeBSD, make sure you have the latest port tree. The port is located in security/amavis-perl. So, to install this port you can issue (as root user):
# cd /usr/ports/security/amavis-perl
# make install clean
# killall -HUP sendmail
Only three simple command to have it installed. But there are several things that you have to keep in mind:
• By default, AMaViS is configured to use McAfee VirusScan trial version as its virus scanning backend. You are only authorized to use it for up to 30 days. After that, should you decice to continue using the McAfee VirusScan as AMaViS virus scanning backend, you must buy the software.
• AMaViS is not limited to using McAfee VirusScan. You can use other virus scanner as a backend, such as DrSolomon, H+BEDV AntiVir/X, Sophos Sweep, Kaspersky Lab AntiViral Toolkit Pro (AVP), CyberSoft VFind, Trend Micro FileScanner, and CAI InoculateIT.
• The ports installation only change the setting for sendmail. If you are using some other MTA such as postfix, you must make the necessary manual adjustment, but it is not that hard to do.
• This configuration only works if your email is delivered to the machine of which you have installed AMaViS. For example, the machine is mail exchanger for your domain, or you fetch your email through external POP3 or IMAP server, but have it delivered locally (think fetchmail).
To check whether you have successfully installed AMaViS and it is running correctly, you can check your /var/log/maillog file. If AMaViS is running, whenever there is a an email need to be sent, AMaViS will be invoked and you will see some message like this to indicate that AMaViS is starting up:
Nov 5 11:44:17 xxx-xxx amavis: starting. amavis perl-11 XXX Nov 5 11:41:32 XXX 2001
When virus is detected in your email, it will be quarantine in /var/spool/quarantine/ and a notification message will be sent to root user. So, periodically check your /var/spool/quarantine/ directory to make sure it does not fill up because of this quarantined virus.
Please add where applicable.