|
|
Description Free Clamav Anti-Virus, Kaspersky Anti-Virus (AVP), Sophos Anti-Virus, Trend Micro, Dr.Web and SpamAssassin Anti-Spam External Filter (Plugin) for CommuniGate Pro. It is used to scan all email messages that are transferred via the CommuniGate Pro mail server www.stalker.com
Clamav, free and open-source:
www.clamav.net
The main distribution site for cgpav:
program.farit.ru How it works
The program reads requests from its standard input in the form:
Then it parses the input line and adds a new element into the query list structure,
containing the seqnum and filename. The program creates a child process for
each element from the list that sends the request to the anti-virus daemon through
the socket and waits for the result. It sends the file name for scanning constructed
in the form: cgpro_home + / + filename. Depending on the anti-spam and anti-virus response codes, the program prints out to the standard output different response.
When a message is not infected and it is not spam, it prints:
When a message is infected, the program prints something like: It can also silently DISCARD messages without delivering to recipient, ADDHEADER - adds the special headers when a virus or spam were detected allowing an end user to filter such messages in his own mail program. Certainly, no normal user wants to receive viruses, so you should choose the reject or discard actions for infected messages. But the program can mark some "good" messages as spam, so it's better to leave the final decision to the end users by defining addheader for spam_action. If your users have mail programs that cannot filter by the headers, you can add a Rule that rewrites the Subject field of messages. This Rule should be run after the Rule that invokes cgpav. It can match using the special spam header or the spam score. For the latter, you should change the default symbol indicating the spam score from '*' to '+' because '*' is a special symbol in the cgpro rules. Use the option spam_level_char to redefine the symbol.
The program can send additional notification messages about an infected
message to the sender and recipients by writing
notification messages to the Submitted directory. The PIPE
module of CommuniGate Pro scans this directory periodically and sends
all messages in it.
When there is some temporary malfunction, the program prints
something like: If the sequential count of the REJECTED messages exceeds the max_errors parameter in the configuration file, the program will answer OK until the anti-virus daemon will start functioning. cgpav uses the standard spamd SpamAssassin daemon. The default action is to add the header 'X-Spam-Status: Yes' to the messages for which the spam score exceeds required_hits. Users can filter such messages in their mail clients or create a rule in CommuniGate Pro to store them in a special folder. Moreover, you can define another action when the spam score is more than extra_spam_score, e.g. discard (silently remove messages). It's rather high and is useful in cleaning your mail server from the obvious spam as most users do nothing in order to use the above mentioned header. An example of the web-interface in php for the end users is included. The users can customise the spam hits, actions, disable some tests and can create the Rule to store the identified spam in the special folder. Installation
Unpack the sources: Run ./configure
You can change the parameters by using the options:
For example: If you don't define any options to configure, it will ask you to choose the options from the menus.
Then: The program executable cgpav will be installed into the cgpro_dir mentioned above and the configuration file cgpav.conf will be copied to the dir Settings inside this root dir. Certainly, you may not type make install and copy these files elsewhere yourself. 4. Anti-Virus and Anti-Spam daemon installation Get the sample virus from www.eicar.org Run Install in kavdaemon or sophos distributions, following the instructions. CLAMAV:
Some Linux (.deb and .rpm) and other Unix distributions have
clamav in their distributions. But you can easily download it
from www.clamav.net,
then run ./configure, make, make install. KASPERSKY (kavdaemon):
Insert the path to the Communigate Pro Queue directory into the AVP daemon
start file (/etc/init.d/kavdaemon) parameters like:
Or add this path into the AvpUnix.ini or defUnix.prf section
[Object]->Names with the star sign in front of: Run kavscanner to find the sample virus. SOPHOS: Create group sweep and user sweep.
Installer can not find some environment variables like MANPATH,
set them:
Create symlink: Run sweep to find the sample virus.
Then you must install and run "sophie"
www.vanja.com
- sophos based anti-virus daemon.
Follow instructions for it. You can compile scan_file.c in sample_appls/sock to test the daemon. Then add an entry into cron to run sophosupdate.pl daily or more often. TREND MICRO:
Place libvsapi.so and pattern file into /etc/iscan dir. They
can be downloaded for evaluation
www.antivirus.org DR.WEB:
In the file /etc/drweb/drweb32.ini set path to Unix socket: SPAMASSASSIN: If you want to install SpamAssassin, download it from www.spamassassin.org.
Compile it: Or download an rpm or deb package for your distribution.
Test it by running: Check if sample-spam.txt marked as being spam message. Configuration
The configuration file cgpav.conf
should reside in /var/CommuniGate/Settings,
/var/CommuniGate or /etc directories. If the program can't find any cgpav.conf file or if you have omitted some required parameters in it, it will use the defaults from cfg.h Most values in cgpav.conf are good for the standard cgpro and anti-virus installations. If you store the user settings for spamassassin in the database, set the password for the database user. Some options are multiline, usually enumerations separated by commas. You can continue them on the next line adding the option name in front. Use as many lines as you wish. It may be useful to include your networks where outgoing mail can come from in the local_networks option. Then your outgoing mail will not be scan for spam decreasing the server load. Don't forget to exclude any relays that can redirect the incoming mail. Testing
You may save some time if you first configure cgpav in the DEBUG mode: Copy a file with a virus (named, for example, eicar.com) to the /var/CommuniGate directory.
Run the Filter from the command line by typing ./cgpav
If you see something like
If you see only
Kaspersky: Installation into CommuniGate Pro Check documentation from their site: www.stalker.com
SETTINGS->Rules
Click to Edit
Action
Go to the Settings->General->Helpers
Mark Content Filtering
Leave parameters "Time-out" and
"Auto-Restart in the new versions of CommuniGate Pro disabled. Configuring SpamAssassin The SpamAssassin testing is disabled by default. You must be very careful with it as it can reject some useful mail. It's not the 5 minute work!
After installing SpamAssassin you must fire up some fast database.
MySQL www.mysql.com is the best
choice, also PostgreSQL is supported. You have to install
libmysqlclient-dev or postgresql-dev package, or have headers and libs.
Also, install the Perl DBI and DBD modules for your database.
We store every user's own preferences in the database.
Then create the table userpref:
You can find the file userpref.sql in the directory spam/sql. Download and compile the DBI and DBD Perl modules for your database search.cpan.org. Or install them from packages or rpm.
Go to the spamassassin configuration directory: /etc/mail/spamassassin or
/etc/spamassassin. Add to the local.cf file these lines:
user_scores_dsn DBI:driver:database:hostname[:port] Adjust it for your own database.
If you'll use spamd on the localhost, it's better to connect to it
through the unix socket. If it's installed on another computer, use the tcp socket.
Set the appropriate value in cgpav.conf:
If you use the unix socket, set running parameters for spamd like:
Check spamd with the help of the spamc program:
Create the file 50_whitelist.cf in the SpamAssassin's configuration directory
and add domains of your trusted neighbours:
You can also create the 50_blacklist.cf file to add the known spammer
sites:
You can even create your own rules using the regular expressions.
Note: scores may be negative.
File 55_head_tests_my.cf:
File 55_body_tests_my.cf:
Set up the interface for user self-adjustment of the spam actions, required_hits,
white and black lists. An example in php is available in the spam/www/php
directory. It will authorize against CommuniGate Pro on the 106 port.
You can use any other tool or interface that can manipulate the
database. Known problems If you disable-enable antivir in Content Filtering in CommuniGate Pro Settings->Helper Settings, the old cgpav process becomes zombie. Don't worry. You must reload CommuniGate to kill them. Licence The program is licenced under GPL. Certainly, you must get your own licence for commercial Anti-Virus daemons. Suggestions for Kaspersky
Again, add path to CommuniGate Queue directory into Anti-Virus
starting script (/etc/init.d/kavdaemon) and into Antivirus Base
updating script (/opt/AVP/kavupdater.sh or cron script) parameters:
Insert UpdatePath line into AvpUnix.ini to allow downloading
of virus updates (Can be run daily by cron): Don't waste resources by changing parameter -I0 (just scan for viruses) to -I2 (virus curing). Files in messages are packed by MIME and Anti-Virus can't cure them. Also CommuniGate doesn't like when somebody changes the size of posted messages. Please, change this setting in defUnix.prf:
[Options]
[Report] Enable reporting only on the testing stage. Suggestions for Sophos I included the virus IDE updater script sophosupdate.pl You might not have some Perl modules to run it, for example, Archive::Zip. Download them from your OS's distribution site or from search.cpan.org Suggestions for SpamAssassin
In the cron directory you can find the program delete_old_mail,
using which you can automatically delete old messages from the Spam
folder where spam messages are stored.
If you use the Bayes filter in SpamAssassin, adjust these options in its
settings carefully:
You can find triggered spam test names in the message header
X-Spam-Status. Analyse their scores by running a message through command If some of the tests work undesirably, disable them by setting their score to 0 or lowering it. How to check messages for other servers in domain For example, you have the server mail.domain.ru with installed virus filter and you want to protect another mail server alpha.domain.ru.
In Settings->Router add the line In DNS record add MX lines:
Logging
The program logs the information about all messages with viruses
using the standard syslog local0 facility. You can change the parameter log_facility in cgpav.conf in order to use another logging facility (mail, local0 - local7)
If you want to redirect all antivirus messages somewhere else you can
do it by editing the file /etc/syslog.conf Authors
Programmed by Damir Bikmukhametov and Farit Nabiullin. |