In our article Secure your Mail Server (page 65), December 2004, we talked about how you can deploy a postfix mail server and integrate spamassassin (a well-know spam killer) with it. This time we will talk about how
to secure the same mail server against viruses and Trojans, by deploying an anti-virus software on it.
One of the biggest benefits of a Linux mail server is that it gives a first level of protection against viruses that affect NTFS/FAT partitions, as they are not able to affect the Linux file-system. So deploying an anti virus at this point provides the best possible protection.
We will use AMaViS (a mail virus scanner) and the anti-virus engine of ClamAV. Both are a part of PCQLinux 2004 distribution; if you don't have that, you can download the latest version of AMaViS from
http://www.amavis.org/download. If you are wondering why we need two anti viruses (AMaViS and ClamAV) for the mail server, the reason is that AMaViS is not a full-fledged anti virus, but a mediator between an anti virus and the mail server. It works perfectly with Network Associates Virus Scan, ClamAV, H+BEDV AntiVir/X, Sophos Sweep, kaspersky Lab AV Toolkit Pro, CyberSoft VFind, Trend Micro FileScanner, CAI InoculateIT and F-Secure AV.
|
We are assuming that you have a full installation of PCQLinux 2004, spamassain and postfix running. First, open the file called /etc/amavisd.conf and scroll to the line that says '$mydomain = example.com'. Here replace example.com with the exact FQDN of the machine. Now find a line that says something like #<'Clam Antivirus-clamd'. First remove the # character to make the line active, and then modify it so that it becomes
#<'Clam Antivirus-clamd'
\&ask_daemon, {CONTSCAN {}\n",
'/var/run/clamv/clamd.sock'>,
qr/\b0K$/, qr/\bFOUND$/,
qr/^.*?: (?!Infected Archive)(.*) FOUND$/ >,
Next open the file /etc/postfix/aliases and enter the following line into it.
#\"virusalart\" and \"postfix\"
Now open the master.cf file with (which we played around with a lot in our last month's article) and add the following entries to configure postfix with
AMaViS.
vscan unix - n n - 10 pipe user=spamfilter
argv=/usr/sbin/amavis \${sender} \${recipient}
localhost:10025 inet n - n - - smtpd
-o content_filter=
Open the /etc/postfix/main.cf and enter the following line.
content_filter = vscan
Since you have modified both the postfix files, you have to create the users and folders so that they can work properly. For that run the following commands to create the virusalert and postfix users.
#adduser virusalert
#adduser postfix
Open the master.cf file and find the line that starts with 'filter:' and modify it so that it looks like:
filter unix - n n - 10 pipe user=spamfilter \
argv=/usr/local/bin/spamfilter.sh ${sender} ${recipient}
Then add the following after it.
localhost:10025 inet n - n - - smtpd -o
content_filter=
Modify the shell script for spamassassin (filter.sh) that we created last month in a manner that it looks like:
#!/bin/sh
#
INSPECT_DIR=/var/spool/filter
SENDMAIL="/usr/sbin/sendmail -i"
SPAMASSASSIN=/usr/bin/spamc
AMAVIS=/usr/sbin/amavis
# Exit codes from
EX_TEMPFAIL=75
EX_UNAVAILABLE=69
cd $INSPECT_DIR || { echo $INSPECT_DIR does not exist; \
exit $EX_TEMPFAIL; }
trap "rm -f in.$$; rm -f out.$$" 0 1 2 3 15
cat | $SPAMASSASSIN -f > out.$$ # || \
Filter for Viruses
$AMAVIS "$@" < out.$$
exit $?
With this, you're done. To test this setting, forward any virus-infected e-mail to this server. The software should recognize and take care of the virus.
Anindya Roy