LinuxSA Mailing list archives

  From: Andreja Zivkovic <andy@zivkotech.net.au>
  To  : <linuxsa@linuxsa.org.au>
  Date: Sat, 18 Nov 2000 11:43:36 +1030

mail server virus scanner success

I finally got my mail server to scan all messages for virii (sp?). I'm using
Kaspersky Anti-Virus (AVP), and when I'm finished configuring it, I'll buy a
licence (I do like this product).

It's easy to get going, if you know how to set up sendmail or qmail (I
didn't, however, and after trying to learn sendmail config I gave up, after
trying to get qmail going, I gave up. I just used the default config
supplied with AVP, which is almost exactly the same as RedHat's default
config). For sendmail, all you need to do is take out the lines refering to
procmail (AVP will run procmail for you), and put in the lines to use AVP as
the mailer. For qmail, you rename qmail-queue (to qmail-que), and put AVP's
own binary version of qmail-queue there (which will call qmail-que to
deliver messages). Then, just edit AVP's config to tell it who to deliver
messages to when something is detected, and you're off. I want to change the
message given to teh sender, receiver and the mail adim, when a virus is
detected, but then I'm done.

Actually, there is two slight problems with it. Firstly, which is very
minor, when you run the installer program, it detected i already had unzip
installed (under /usr/bin), so it didn't copy it's own version to the
directory where it installed everything else. This would not be a problem,
but the updater program tried to run unzip in the current directory, so it
couldn't find the program :(  I just copied unzip to it's directory and it
worked. Secondly, avpkeeper (which is run my qmail or sendmail to check
messages) uses AvpDaemon (so the virus database doesn't need to be loaded in
memory for every message). When I run it on my computer, however, every
terminal on connected to the server (physically and over the network) gets a
message from syslogd, and the user who run the program (root) does not get
returned to the prompt (ie, it doesn't run as a daemon process). I just made
it a background process (ctrl-z, bg), but if for any reason the computer is
going to have to reboot, avpdaemon will be run (the installer puts in the
commands in /etc/rc.d/init.d/ and /etc/rc.d/rc*.d/), so I think the system
will never actually finish booting. I didn't have this problem when I was
running it on my other computer. I'll email the makers later asking for
help.

Also, to update the virus database, there's a program called AvpUpdater,
which can extract and install a virus database from an archive off the
internet, from an archive on your filesystem, or from a directory (the
archive extracted). Coupled with the -y parameter, you can run this program
in a script nightly/weekly/whenever and it can automatically update the
virus database when you need it.

So, my point is, if you want to run a virus scanner on your mail server, you
can. Unfortunatly you may have to pay for the scanner, but if you need it,
it's worth it.

Andy

PS sorry that this message is so long, but just in case anyone is interested
in exactly how it all went for me.. ;)

-- 
LinuxSA WWW: http://www.linuxsa.org.au/  IRC: #linuxsa on irc.linux.org.au
To unsubscribe from the LinuxSA list:
  mail linuxsa-request@linuxsa.org.au with "unsubscribe" as the subject