Additional Anti Virus Engines

By default Baruwa Enterprise Editions runs the ClamAV Anti Virus engine at SMTP time. You can on a per domain basis change this behaviour to have Anti Virus checks run after you have accepted the message.

You can also ran additional Anti Virus Engines both at SMTP time within the MTA process and after accepting the message from within the scanner process.

The recommended approach is to ran Anti-Virus checks at SMTP time and reject the messages straight away.

The following Anti Virus Engines are supported.

Name SMTP Time Scanning POST SMTP Time Scanning
ClamAV Yes Yes
Sophos Yes Yes
F-Secure Yes Yes
ESET No Yes
F-PROT No Yes

Installation and Configuration

ClamAV

ClamAV is part of the base install and is configured to run by default at SMTP time. If you want to perform scanning POST SMTP time then you need to select the Clamav Daemon under virus checks in the MailScanner settings section of the interface.

Sophos

To install Sophos, download the Antivirus for Linux package from the Sophos website. The software is free to download and use.

You need an additional 1GB of RAM to ran the Sophos Anti-Virus Engine.

Copy the tar file to the /usr/local/src directory on your server.

Follow the following steps to install and configure the software.

  • Extact the files from the tar file.:

    tar xvf sav-linux-free-9.tgz

  • Run the setup script:

    ./sophos-av/install.sh

  • The script will prompt you for information as follows.:

    Press <return> to display Licence. Then press <spc> to scroll forward.

Press enter, until you get to the bottom of the License text.:

Do you accept the licence? Yes(Y)/No(N) [N]

Type Y if you want to accept the license or N if not. If you enter N then the script will exit.:

Where do you want to install Sophos Anti-Virus? [/opt/sophos-av]

Leave at the default and press enter.:

Do you want to enable on-access scanning? Yes(Y)/No(N) [Y]

Type N and press enter.:

Which type of auto-updating do you want? From Sophos(s)/From own server(o)/None(n) [s]

Press enter.:

Do you wish to install the Free (f) or Supported (s) version of SAV for Linux? [s]

Type s if you want the supported version or f for the free version.:

Do you need a proxy to access Sophos updates? Yes(Y)/No(N) [N]

Press enter.

The script will perform the installation and setup. If all goes well you should get the following message:

Starting Sophos Anti-Virus daemon:                         [  OK  ]
Installation completed.

  • At this point you are now ready to configure the software. To do so run the following:

    /opt/sophos-av/bin/savconfig UINotifier false
/opt/sophos-av/bin/savconfig EmailNotifier false
/opt/sophos-av/bin/savconfig EnableOnStart false
/opt/sophos-av/bin/savconfig UIttyNotification false
/opt/sophos-av/bin/savconfig SendThreatEmail false
/opt/sophos-av/bin/savconfig UpdatePeriodMinutes 30
/opt/sophos-av/bin/savconfig EmailDemandSummaryIfThreat false
/opt/sophos-av/bin/savupdate
/opt/sophos-av/bin/savdctl --daemon disable
service sav-protect restart

  • Create a wrapper script for SMTP Time scanning:

    cat > /usr/local/bin/sav-scan << 'EOF'
#!/bin/bash
#
# Wrap the savscan
/opt/sophos-av/bin/savscan -nb -sc -f -all -rec -ss -archive -loopback --no-follow-symlinks --no-reset-atime -tnef -mime -oe -pua -suspicious "$1"
exit 0
EOF

  • Make the wrapper script executable:

    chmod +x /usr/local/bin/sav-scan

  • Add a custom MTA configuration overide for SMTP Time scanning (Skip if you want to scan after SMTP time):

    cat >> /etc/exim/custom-acl_check_data.post << 'EOF'
  drop    set acl_m_av_scanner = cmdline:/usr/local/bin/sav-scan %s: found in file:'(.+)'
      malware       = *
      condition     = ${if and {{eq {${lookup{$sender_host_address}cdb{SAVDB}{0}{1}}}{1}}{eq {${perl{ip_in_network}{SAVDB}{$sender_host_address}}}{false}}}}
      message       = The message was rejected due to security policies - INFO_URL#mvi
      log_message   = This message matched anti-virus signature [$malware_name]
EOF

  • Restart mailscanner for the above configuration to take effect:

    service mailscanner restart

  • To enable POST SMTP Time Scanning, select the Sophos under virus checks in the MailScanner settings section of the interface.

F-Secure

To install F-Secure, download the Linux Server Security package from the F-Secure website. This commercial software so you need to purchase a license. If you do not have a license the software will work in evaluation mode for 30 days after which it will cease to function correctly.

You need an additional 1GB of RAM to ran the F-Secure Anti-Virus Engine.

Copy the tar file to the /usr/local/src directory on your server.

Follow the following steps to install and configure the software.

  • Extact the files from the tar file.:

    tar xzvf fsls-11.00.79-rtm.tar.gz

  • F-Secure does not provide 64-bit packages so you need to install 32-bit compat packages:

    yum install glibc.i686 libstdc++.i686

  • Run the setup script:

    ./fsls-11.00.79-rtm/fsls-11.00.79-rtm --command-line-only --auto standalone lang=en noremotewui nolocallogin nofirewall

  • Edit the /etc/opt/f-secure/fssp/fssp.conf configuration file and make the following changes:

    odsFileScanInsideMIME 1
odsFilePrimaryActionOnInfection 1
odsFileSecondaryActionOnInfection 2
odsAskQuestions 0
odsFollowSymlinks 1
daemonLogfileEnabled 1
daemonSocketMode 0660
socketpathGroup exim

  • Install the fsavd init script:

    cp /opt/f-secure/fssp/etc/fsavd /etc/init.d/
chmod +x /etc/init.d/fsavd
chkconfig --add fsavd

  • Start the fsavd service:

    service fsavd start

  • Add a custom MTA configuration overide for SMTP Time scanning (Skip if you want to scan after SMTP time):

    cat >> /etc/exim/custom-acl_check_data.post << 'EOF'
  drop    set acl_m_av_scanner = fsecure:/tmp/.fsav-0
      malware       = *
      condition     = ${if and {{eq {${lookup{$sender_host_address}cdb{SAVDB}{0}{1}}}{1}}{eq {${perl{ip_in_network}{SAVDB}{$sender_host_address}}}{false}}}}
      message       = The message was rejected due to security policies - INFO_URL#mvi
      log_message   = This message matched anti-virus signature [$malware_name]
EOF

  • Restart mailscanner for the above configuration to take effect:

    service mailscanner restart

  • To enable POST SMTP Time Scanning, select the F-Secure under virus checks in the MailScanner settings section of the interface.

ESET

To install ESET, download the ESET for Linux package from the ESET website. This is commercial software so you need to purchase a license.

You need an additional 512Mb of RAM to ran the ESET Anti-Virus Engine.

  • ESET does not provide 64-bit packages so you need to install 32-bit compat packages:

    yum install glibc.i686 libstdc++.i686

  • Install the ESET rpm package.

  • To enable POST SMTP Time Scanning, select the ESET under virus checks in the MailScanner settings section of the interface.

F-PROT

There is a package available for F-PROT with in our repository. This is commercial software so you need to purchase a license.

  • To install the package run:

    yum install f-prot

  • To enable POST SMTP Time Scanning, select the F-prot Daemon 6 under virus checks in the MailScanner settings section of the interface.