|
Description Free Clamav Anti-Virus, Kaspersky Anti-Virus (AVP), Sophos Anti-Virus, Trend Micro, Dr.Web and SpamAssassin Anti-Spam External Filter (Plugin) for CommuniGate Pro. It is used to scan all e-mail messages that are transferred via CommuniGate Pro mail server www.stalker.com
Clamav:
www.clamav.net
The main distribution site for cgpav:
program.farit.ru How it works
The program reads requests from its standard input in the form:
Then it parses the line and adds a new element into the query list structure,
containing seqnum and filename. The program creates child process for
every element from the list that sends request to anti-virus daemon through
the socket and waits for result. It sends file name to scan, constructed
as cgpro_home + / + filename. Depending on the anti-spam and anti-virus response code the program prints out to the standard output different responses.
When a message is not infected and it is not spam it prints:
When a message is infected the program prints something like: It can also silently DISCARD messages without delivering to recipient, ADDHEADER - add special headers when virus or spam were detected allowing an end user to filter such messages in his own mail program. Certainly, no one normal user want to receive viruses, so you should choose reject or discard actions for infected messages. But the program can mark some "good" messages as spam, so it's better to leave the final decision to end users by defining addheader for spam_action. There can be problems, however, with some strange mail clients like Microsoft Outlook Express that can't filter mail headers. In such case, a user can add the Rule to store all messages containing the above mentioned header into special folder. He can then browse this folder using IMAP or through the webmail interface.
Also the program can send additional notification messages about infected
messages to its sender and recipients by writing
notification messages to the Submitted CommuniGate Pro directory. PIPE
module of CommuniGate Pro scans this directory periodically and sends
all messages from it.
When there is some temporary mulfunction in the program it prints
something like: If the sequential count of REJECTED messages exceed max_errors parameter from the configuration file, the program will answer OK until the anti-virus daemon will start functioning. cgpav uses the standard spamd SpamAssassin daemon. Default action is adding the header X-Spam-Status: Yes to messages when spam score exceeds required_hits. Users then can filter such messages in their mail clients or create a rule in CommuniGate Pro to store them in a special folder. Moreover, you can define another action when score is more than extra_spam_score, e.g. discard (silently remove messages). It's rather high and is useful in cleaning your mail server from the obvious spam as most users do nothing in order to use the above mentioned header. Example of the web-interface for users is included. Users can customise spam hits, actions, disable some tests and can create a Rule to store identified spam in the special folder. Installation
Unpack the source: Run ./configure
You can change parameters by using the options:
For example: If you don't define options to configure, it will ask you to choose options from menus.
Then: The program executable cgpav will be installed into the cgpro_dir, mentioned above and the configuration file cgpav.conf - to the dir Settings inside this root dir. Certainly, you may not type make install and copy these files elsewhere yourself. 4. Anti-Virus and Anti-Spam daemon installation Get the sample virus from www.eicar.org Run Install in kavdaemon or sophos distributions, following the instructions. CLAMAV:
Some Linux (.deb and .rpm) and other Unix distributions have
clamav in their distributions. But you can easily download it
from www.clamav.net,
then run ./configure, make, make install. KASPERSKY (kavdaemon):
Insert path to the Communigate Pro Queue directory into the AVP daemon
start file (/etc/init.d/kavdaemon) parameters like:
Or add this path into the AvpUnix.ini or defUnix.prf section
[Object]->Names with the star sign in front of: Run kavscanner to find the sample virus. SOPHOS: Create group sweep and user sweep.
Installer can not find some environment variables like MANPATH,
set them:
Create symlink: Run sweep to find the sample virus.
Then you must install and run "sophie"
www.vanja.com
- sophos based anti-virus daemon.
Follow instructions for it. You can compile scan_file.c in sample_appls/sock to test the daemon. Then add an entry into cron to run sophosupdate.pl daily or more often. TREND MICRO:
Place libvsapi.so and pattern file into /etc/iscan dir. They
can be downloaded for evaluation
www.antivirus.org DR.WEB:
In the file /etc/drweb/drweb32.ini set path to Unix socket: SPAMASSASSIN: If you want to install SpamAssassin, download it from www.spamassassin.org.
Compile it: Or download rpm or deb package for your distribution.
Test it by running: Check if sample-spam.txt marked as being spam message. Configuration
Configuration file cgpav.conf
must reside in /var/CommuniGate/Settings,
/var/CommuniGate or /etc directories. If the program can't find any cgpav.conf or if you omitted some required parameters in it, it will use defaults from cfg.h Most values in cgpav.conf are good for standard cgpro and anti-virus installations. If you use database profiles, set the password of a database user. Testing
You may save some time if you first configure cgpav in the DEBUG mode: Copy some file with virus (named, for example, eicar.com) to the /var/CommuniGate directory.
Run Filter from the command line by typing ./cgpav
If you see something like
If you see only
Kaspersky: Installation into CommuniGate Pro Check documentation from their site: www.stalker.com
SETTINGS->Rules
Click to Edit
Action
Go to the Settings->General->Helpers
Mark Content Filtering
Leave parameters "Time-out" and
"Auto-Restart in the new versions of CommuniGate Pro disabled. Configuring SpamAssassin SpamAssassin test is disabled by default. You must be very careful with it as it can reject some useful mail. It's not the 5 minute work!
After installing SpamAssassin you must fire up some fast database.
MySQL www.mysql.com is the best
choice, also PostgreSQL is supported. You have to install
libmysqlclient-dev or postgresql-dev package, or have headers and libs.
Also install Perl DBI and DBD modules for your database.
We store every user's own preferences in the database.
Then create the table userpref:
You can find the file userpref.sql in the directory spam/sql. Download and compile DBI and DBD Perl modules for your database search.cpan.org. Or install them from packages or rpm.
Go to the spamassassin configuration directory: /etc/mail/spamassassin or
/etc/spamassassin. Add to the local.cf file these lines:
user_scores_dsn DBI:driver:database:hostname[:port] Adjust it for your own database.
If you'll use spamd on the localhost, it's better to connect to it
through the unix socket. If it's installed on the other, use the tcp socket.
Set the appropriate value in cgpav.conf:
If you use the unix socket, set running parameters for spamd like:
Check spamd with the help of the spamc program:
Create the file 50_whitelist.cf in the SpamAssassin's configuration directory
and add domains of your trusted neighbours:
You can also create the 50_blacklist.cf file to add the known spammer
sites:
You can even create your own rules using the regular expressions.
Note: scores may be negative.
File 55_head_tests_my.cf:
File 55_body_tests_my.cf:
Set up the interface for user self-adjustment of spam actions, required_hits,
white and black lists. An example for php available in the spam/www/php
directory. It will authorize against CommuniGate Pro on the 106 port.
You can use any other tool or interface that can manipulate the
database. Known problems If you disable-enable antivir in Content Filtering in CommuniGate Pro Settings->Helper Settings, the old cgpav process becomes zombie. Don't worry. You must reload CommuniGate to kill them. Licence The program is licenced under GPL. Certainly, you must get your own licence for commercial Anti-Virus daemons. Suggestions for Kaspersky
Again, add path to CommuniGate Queue directory into Anti-Virus
starting script (/etc/init.d/kavdaemon) and into Antivirus Base
updating script (/opt/AVP/kavupdater.sh or cron script) parameters:
Insert UpdatePath line into AvpUnix.ini to allow downloading
of virus updates (Can be run daily by cron): Don't waste resources by changing parameter -I0 (just scan for viruses) to -I2 (virus curing). Files in messages are packed by MIME and Anti-Virus can't cure them. Also CommuniGate doesn't like when somebody changes the size of posted messages. Please, change this setting in defUnix.prf:
[Options]
[Report] Enable reporting only on the testing stage. Suggestions for Sophos I included the virus IDE updater script sophosupdate.pl You might not have some Perl modules to run it, for example, Archive::Zip. Download them from your OS's distribution site or from search.cpan.org Suggestions for SpamAssassin
In the cron directory you can find the program delete_old_mail,
using which you can automatically delete messages from the Spam
folder where spam messages are stored. How to check messages for other servers in domain For example, you have the server mail.domain.ru with installed virus filter and you want to protect another mail server alpha.domain.ru.
In Settings->Router add the line In DNS record add MX lines:
Logging
The program log information about all messages with viruses
using the standard syslog local0 facility. You can change parameter log_facility in cgpav.conf to use another logging facility (mail, local0 - local7)
If you want to redirect all antivirus messages somewhere else you can
do it by editing the file /etc/syslog.conf Authors
Programmed by Damir Bikmukhametov and Farit Nabiullin. |