Viruses are becoming a serious problem in communication these days. Earlier,
it used to be just attachments, but now even previewing a message can cause a
problem. People are actually scared of opening e-mail messages lest their
computer gets infected with a virus, but most are also aware of the fact that
e-mail from an unknown source should first be quarantined and checked with an
anti-virus program before being opened.
What’s Linux got to do with all this? From what you hear about Linux, it’s
not supposed to get infected with any viruses, or at least not be as prone to
them as Windows machines. So what’s this article about?
Well, the answer is easy. Many companies now have a Linux server, which is
most often than not the e-mail server or the gateway to the Internet or the
outside world. That being the case, why not trap those nasty bugs right at the
source before they even get delivered to the users? That’s what this article
is all about.
What you need for this are two or three simple tools. First of course, you
need a Linux server, and we assume you already have one. Next you need an
anti-virus package for Unix or Linux. There are several of these, but you could
start with a familiar place like McAfee and get McAfee for Linux. Finally, you
need a tool to trap all incoming mail. This should quarantine a message if it’s
infected and pass it on to the intended recipient otherwise. The one we shall
use in this article is called Amavis.
The process of getting this together and working is not really difficult. It
involves a few downloads, a little bit of installation, and a bit of tweaking.
If you follow the steps outlined here and also read the instructions that come
with each program mentioned here, you should have no trouble at all. Most
important, at the end of this you should have a reasonably virus-free
environment.
A quick word of caution here, just because you’re installing a system that
can trap viruses, it doesn’t mean the end of them. Newer viruses will always
come out and anything you do now will have to be kept up-to-date to be
effective.
The programs mentioned here have been tested under Red Hat Linux 6.1, 6.2 and
7. Both kernels 2.2 and 2.4 were used. For e-mail, we used Sendmail. All these
programs will work with most distributions of Linux and the documentation that
accompanies them would state any incompatibilities.
Getting the programs
First, let’s get an anti-virus program for Linux. There are several
available and a quick search from Lycos or any other search engine would show up
several results. For now, we shall use McAfee for Linux. This is available at
the following URL: www.nai.com/asp_set/buy_try/try/products_evals.asp
The bad news is that the software is not freely distributable, so we couldn’t
give it on the CD with this issue. The good news is that it’s not very big, so
it won’t take you long to download. If you’re using Linux as a desktop, you
can use this software to scan documents and files that you receive from others.
One of the issues with office suites under Linux is that since they aren’t
affected by the macro virus, they just retain the code completely intact. It’s
possible for you to receive an infected file, work on it, and mail it back to
the person who sent it to you. The virus within the file would remain unaltered
and thus still harmful.
Installing McAfee for Linux is quite simple. The file is distributed as a
tarball and all you have to do is uncompress it and run the install script. The
program and the associated DAT files are normally installed in the /usr/local/uvscan
directory. A link is also created for the main executable /usr/local/bin/uvscan,
which is normally in the path so it can be executed easily.
The next step is to get a program that can start scanning e-mail. What we
used is a program called AmaViS–A mail virus scanner. We’ve given this
program in the \sorc_cod directory of this month’s CD. You can also download
it from www. amavis.org. The program comes with detailed instructions, so be
sure to go through them before you do anything else. This article is not going
to replicate that process. The program is easy to install and does some checking
of its own for the requirements (that’s quite a long list). It needs zip and
unzip and a whole lot of other utilities for it to work. After uncompressing the
files, all I did was run the configure script. One program that it didn’t find
on my system was a tnef program, which takes care of some of the text formatting
from Outlook and Outlook Express. We’ve given this program also on the CD in
the \sorc_cod directory. AmaViS documentation has links for every program that
it needs and you can just download the ones it doesn’t find while installing
on your system.
AmaViS can talk to the various message transfer agents (MTAs) like qmail,
sendmail, etc. However, for it to work, you’ll need to modify the
configuration files of the MTA that you use. I chose the option to manually
configure sendmail.cf and made the changes as mentioned in the AmaViS
documentation. Basically, one section where the mail would be handed over to
procmail is changed to hand over mail to the AmaViS scanmail program, which will
scan it using uvscan.
There are several things that can be configured, but for now your system will
be in a position to start trapping those nasty bugs. To test it out, there’s
the EICAR signature, which is used to create a test virus and can be attached to
a message. AmaViS will immediately trap the message, send a warning to the
recipient, the sender, and the system administrator that an infected message has
been received and quarantined.
That’s basically it. Such simple measures can start protecting your
networks very effectively. I had recently installed this setup for a client of
mine who runs a placement service. You can imagine the number of attachments
they receive on a daily basis, with all those people who want to get jobs
sending resumés all the time. A very large number of these resumés would be
infected with all kinds of viruses. Now, the mail gets scanned as it comes in,
and all infected messages are safely quarantined. Since installing this system,
they’ve all been able to rest a little more except of course for their system
administrator, who checks every hour for an update.
Kishore Bhargava is a technology
consultant with Linkaxis Technologies