Viruses are becoming a serious problem in communication these days. Earlier, it used to be just attachments, but now even previewing a message can cause a problem. People are actually scared of opening e-mail messages lest their computer gets infected with a virus, but most are also aware of the fact that e-mail from an unknown source should first be quarantined and checked with an anti-virus program before being opened.
What’s Linux got to do with all this? From what you hear about Linux, it’s not supposed to get infected with any viruses, or at least not be as prone to them as Windows machines. So what’s this article about?
Well, the answer is easy. Many companies now have a Linux server, which is most often than not the e-mail server or the gateway to the Internet or the outside world. That being the case, why not trap those nasty bugs right at the source before they even get delivered to the users? That’s what this article is all about.
What you need for this are two or three simple tools. First of course, you need a Linux server, and we assume you already have one. Next you need an anti-virus package for Unix or Linux. There are several of these, but you could start with a familiar place like McAfee and get McAfee for Linux. Finally, you need a tool to trap all incoming mail. This should quarantine a message if it’s infected and pass it on to the intended recipient otherwise. The one we shall use in this article is called Amavis.
The process of getting this together and working is not really difficult. It involves a few downloads, a little bit of installation, and a bit of tweaking. If you follow the steps outlined here and also read the instructions that come with each program mentioned here, you should have no trouble at all. Most important, at the end of this you should have a reasonably virus-free environment.
A quick word of caution here, just because you’re installing a system that can trap viruses, it doesn’t mean the end of them. Newer viruses will always come out and anything you do now will have to be kept up-to-date to be effective.
The programs mentioned here have been tested under Red Hat Linux 6.1, 6.2 and 7. Both kernels 2.2 and 2.4 were used. For e-mail, we used Sendmail. All these programs will work with most distributions of Linux and the documentation that accompanies them would state any incompatibilities.
Getting the programs
First, let’s get an anti-virus program for Linux. There are several available and a quick search from Lycos or any other search engine would show up several results. For now, we shall use McAfee for Linux. This is available at the following URL: www.nai.com/asp_set/buy_try/try/products_evals.asp
The bad news is that the software is not freely distributable, so we couldn’t give it on the CD with this issue. The good news is that it’s not very big, so it won’t take you long to download. If you’re using Linux as a desktop, you can use this software to scan documents and files that you receive from others. One of the issues with office suites under Linux is that since they aren’t affected by the macro virus, they just retain the code completely intact. It’s possible for you to receive an infected file, work on it, and mail it back to the person who sent it to you. The virus within the file would remain unaltered and thus still harmful.
Installing McAfee for Linux is quite simple. The file is distributed as a tarball and all you have to do is uncompress it and run the install script. The program and the associated DAT files are normally installed in the /usr/local/uvscan directory. A link is also created for the main executable /usr/local/bin/uvscan, which is normally in the path so it can be executed easily.
The next step is to get a program that can start scanning e-mail. What we used is a program called AmaViS—A mail virus scanner. We’ve given this program in the \\sorc_cod directory of this month’s CD. You can also download it from www. amavis.org. The program comes with detailed instructions, so be sure to go through them before you do anything else. This article is not going to replicate that process. The program is easy to install and does some checking of its own for the requirements (that’s quite a long list). It needs zip and unzip and a whole lot of other utilities for it to work. After uncompressing the files, all I did was run the configure script. One program that it didn’t find on my system was a tnef program, which takes care of some of the text formatting from Outlook and Outlook Express. We’ve given this program also on the CD in the \\sorc_cod directory. AmaViS documentation has links for every program that it needs and you can just download the ones it doesn’t find while installing on your system.
AmaViS can talk to the various message transfer agents (MTAs) like qmail, sendmail, etc. However, for it to work, you’ll need to modify the configuration files of the MTA that you use. I chose the option to manually configure sendmail.cf and made the changes as mentioned in the AmaViS documentation. Basically, one section where the mail would be handed over to procmail is changed to hand over mail to the AmaViS scanmail program, which will scan it using uvscan.
There are several things that can be configured, but for now your system will be in a position to start trapping those nasty bugs. To test it out, there’s the EICAR signature, which is used to create a test virus and can be attached to a message. AmaViS will immediately trap the message, send a warning to the recipient, the sender, and the system administrator that an infected message has been received and quarantined.
That’s basically it. Such simple measures can start protecting your networks very effectively. I had recently installed this setup for a client of mine who runs a placement service. You can imagine the number of attachments they receive on a daily basis, with all those people who want to get jobs sending resumés all the time. A very large number of these resumés would be infected with all kinds of viruses. Now, the mail gets scanned as it comes in, and all infected messages are safely quarantined. Since installing this system, they’ve all been able to rest a little more except of course for their system administrator, who checks every hour for an update.
Kishore Bhargava is a technology consultant with Linkaxis Technologies