LinuxSA Mailing list archives

  From: Glen Turner <glen.turner@aarnet.edu.au>
  To  : Patrick Browne <brownep@pedarecc.sa.edu.au>
  Date: Wed, 29 May 2002 11:53:02 +0930 (CST)

Re: Virus Scanning - Workplace LAN

On Wed, 29 May 2002, Patrick Browne wrote:

> What open source products do folks recommend for a workplace server
> (RH7.2) that is the mail server (sendmail) and web proxy for a larger
> workplace LAN for 100+ Win 9x to Win XP workstations.

There's no worthwhile open source virus scanner.  There are reasons for
the dominance of commercial virus scanners that are best not discussed in
public without a lawyer.

Install MIMEDefang, SpamAssassin and one of the commercial scanners, say
McAfee's uvscan.  There's a half-written but nice HOWTO
  http://www.rudolphtire.com/mimedefang-howto/

The config files in the HOWTO aren't the best, but are a good start. You
might want to modify them not to send huge files through spamassassin and
not to check outgoing mailing list traffic (as the e-mail was checked when
it was incoming).

MIMEDefang uses the milter sendmail API, which leads to a maintainable
system -- you can update your distribution's sendmail RPM/deb package
without fear.

You should also configure the virus scanner to run from a cron job to
check the directories accessed by Samba and WebDAV.  We do this each
night.  If a home directory or user web site has a virus we suspend the
account (usermod -L).  The trick with a cron job is not to produce output
if all is well.  We write the results into a ~/.virus.txt.gz file for each
home directory so that we can check the output if a virus is reported.  
cron only produces output if a virus is found or the virus scanning fails,
eg:

   Virus found scanning /home/gdt, see list in /home/gdt/.virus.txt.gz

Don't produce a line per virus found (you can use that to deny service to
the "root" e-mail account).

Configure another cron job to retrieve the latest virus definitions file
from your virus software sendor.  "wget" is good for this.  Take some care
in the script to always have a virus definition file upn exit, even if it
is yesterday's definitions.

If you are providing an e-mail service for an institution I'd also
suggest:

  - run LDAP for user authentication, see the LDAP Recipe. There's a big
    but worthwhile learning curve.  You then authenticate *everything*
    from one source.  You can reduce the learning curve by configuring
    LDAP authentication first, then defining users and groups using
    useradd and groupadd -- these then update LDAP rather than /etc/passwd
    and you can treat LDAP as a black box.

  - run Cyrus IMAP for mail reading.  This can have a web interface for
    setting server-side filters, which users really appreciate.  Best
    to use a seperate disk set for the e-mail storage, with a lot of
    inodes.  I'd strongly suggest mirroring the mail spool -- Linux
    has really nice support for software RAID.

  - configure sendmail for TLS and user authentication.  This allows
    people to use the school mail server from home, without it being
    an open relay.  It also stops a lot of misuse of your e-mail server by 
    students (eg: can't fake a message from the principal).

I'd also expect Linux to be good at running the printer queues for a
school.  We've found at unis that Linux supports a huge range of clients
(UNIX, Winows, Apple, NetWare) and allows you to grunge with the printing
polcies (which you need to do to prevent misuse).  I'd strongly suggest
putting the printers into their own subnet, and limiting access to that
subnet to only the print server.

-- 
Glen Turner                                 Network Engineer
 (08) 8303 3936      Australian Academic and Research Network
 glen.turner@aarnet.edu.au          http://www.aarnet.edu.au/
--
 The revolution will not be televised, it will be digitised

-- 
LinuxSA WWW: http://www.linuxsa.org.au/  IRC: #linuxsa on irc.linux.org.au
To unsubscribe from the LinuxSA list:
  mail linuxsa-request@linuxsa.org.au with "unsubscribe" as the subject