Advertisment

Mail Server Security

author-image
PCQ Bureau
New Update

In our article Secure your Mail Server (page 65), December 2004, we talked about how you can deploy a postfix mail server and integrate spamassassin (a well-know spam killer) with it. This time we will talk about how

to secure the same mail server against viruses and Trojans, by deploying an anti-virus software on it. 

Advertisment

One of the biggest benefits of a Linux mail server is that it gives a first level of protection against viruses that affect NTFS/FAT partitions, as they are not able to affect the Linux file-system. So deploying an anti virus at this point provides the best possible protection. 

We will use AMaViS (a mail virus scanner) and the anti-virus engine of ClamAV. Both are a part of PCQLinux 2004 distribution; if you don't have that, you can download the latest version of AMaViS from

http://www.amavis.org/download. If you are wondering why we need two anti viruses (AMaViS and ClamAV) for the mail server, the reason is that AMaViS is not a full-fledged anti virus, but a mediator between an anti virus and the mail server. It works perfectly with Network Associates Virus Scan, ClamAV, H+BEDV AntiVir/X, Sophos Sweep, kaspersky Lab AV Toolkit Pro, CyberSoft VFind, Trend Micro FileScanner, CAI InoculateIT and F-Secure AV.

Direct Hit!
Applies to:

Mail server administrators
USP:

Install AMaViS and ClamAV anti-virus combination on a mail

server running Postfix
Links:

https://www.spenneberg.com/index.htm,

http://www.amavis.org/download/ 
Advertisment

We are assuming that you have a full installation of PCQLinux 2004, spamassain and postfix running. First, open the file called /etc/amavisd.conf and scroll to the line that says '$mydomain = example.com'. Here replace example.com with the exact FQDN of the machine. Now find a line that says something like #<'Clam Antivirus-clamd'. First remove the # character to make the line active, and then modify it so that it becomes 

#<'Clam Antivirus-clamd'



\&ask_daemon, {CONTSCAN {}\n",


'/var/run/clamv/clamd.sock'>,


qr/\b0K$/, qr/\bFOUND$/,


qr/^.*?: (?!Infected Archive)(.*) FOUND$/ >, 


Next open the file /etc/postfix/aliases and enter the following line into it.

Advertisment

#\"virusalart\" and \"postfix\"

Now open the master.cf file with (which we played around with a lot in our last month's article) and add the following entries to configure postfix with

AMaViS.

vscan unix - n n - 10 pipe user=spamfilter



argv=/usr/sbin/amavis \${sender} \${recipient}


localhost:10025 inet n - n - - smtpd


-o content_filter=

Advertisment

Open the /etc/postfix/main.cf and enter the following line.

content_filter = vscan

Since you have modified both the postfix files, you have to create the users and folders so that they can work properly. For that run the following commands to create the virusalert and postfix users.

Advertisment

#adduser virusalert



#adduser postfix

Open the master.cf file and find the line that starts with 'filter:' and modify it so that it looks like:

filter unix - n n - 10 pipe user=spamfilter \



argv=/usr/local/bin/spamfilter.sh ${sender} ${recipient}

Advertisment

Then add the following after it.

localhost:10025 inet n - n - - smtpd -o

content_filter=

Modify the shell script for spamassassin (filter.sh) that we created last month in a manner that it looks like:

Advertisment

#!/bin/sh



#


INSPECT_DIR=/var/spool/filter


SENDMAIL="/usr/sbin/sendmail -i"


SPAMASSASSIN=/usr/bin/spamc


AMAVIS=/usr/sbin/amavis


# Exit codes from


EX_TEMPFAIL=75


EX_UNAVAILABLE=69


cd $INSPECT_DIR || { echo $INSPECT_DIR does not exist; \


exit $EX_TEMPFAIL; }


trap "rm -f in.$$; rm -f out.$$" 0 1 2 3 15


cat | $SPAMASSASSIN -f > out.$$ # || \


Filter for Viruses


$AMAVIS "$@" < out.$$


exit $?













With this, you're done. To test this setting, forward any virus-infected e-mail to this server. The software should recognize and take care of the virus.

Anindya Roy

Advertisment