Integrating AMaViS as Virus Scanner on the eMail Server 3

Support knowledgebase (kngu_slems3_amavis)
Applies to

eMail Server: Version 3

Situation

You want to use AMaViS along with a supported virus scanner (in this case, antivir) with SuSE eMail Server 3.

Procedure

  1. Install the following packages in the specified order from our ftp server or, for a faster download, from a mirror site close to you. Some packages are also available on the installation media (CD).

    ftp://ftp.suse.com/pub/suse/i386/7.2/suse/pay2/antivir.rpmFTP
    ftp://ftp.suse.com/pub/suse/i386/7.2/suse/ap2/arc.rpmFTP
    ftp://ftp.suse.com/pub/suse/i386/7.2/suse/ap3/unace.rpmFTPCD
    ftp://ftp.suse.com/pub/suse/i386/7.2/suse/ap2/unarj.rpmFTPCD
    ftp://ftp.suse.com/pub/suse/i386/7.2/suse/ap2/zoo.rpmFTPCD
    ftp://ftp.suse.com/pub/suse/i386/7.2/suse/ap2/lha.rpmFTPCD
    ftp://ftp.suse.com/pub/suse/i386/7.2/suse/ap1/unrar.rpmFTPCD
    ftp://ftp.suse.com/pub/suse/i386/7.2/suse/ap1/unzip.rpmFTPCD
    ftp://ftp.suse.com/pub/suse/i386/7.2/suse/perl2/perl-Compress-Zlib.rpmFTPCD
    ftp://ftp.suse.com/pub/suse/i386/7.2/suse/perl2/perl-Convert-UUlib.rpmFTPCD
    ftp://ftp.suse.com/pub/suse/i386/7.2/suse/perl2/perl_tar.rpmFTP
    ftp://ftp.suse.com/pub/suse/i386/7.2/suse/perl2/perl-Convert-TNEF.rpmFTPCD
    ftp://ftp.suse.com/pub/suse/i386/7.2/suse/perl2/perl-Archive-Zip.rpmFTP
    ftp://ftp.suse.com/pub/suse/i386/products/emailserver/3.0/amavis-postfix-11-118.i386.rpmFTP

    Tip: Packages can be installed with rpm -Uhv PACKAGE_NAME
    It is also possible to enter the complete URL as PACKAGE_NAME. In this case, the installation will take place directly from the ftp server. View the license terms of the single packages at /usr/share/doc/packages/packagename.
  2. Edit the file /etc/postfix/master.cf and make sure the following line is included:
    localhost:10025 inet n  -       n       -       -       smtpd -o content_filter=
    
  3. Start SuSEconfig:
    SuSEconfig --module postfix
    
  4. Edit the file /etc/postfix/main.cf and append the following line:
    content_filter = vscan:
    
  5. Reload the postfix configuration with
    rcpostfix reload
    

Description

E-mail messages are still accepted via port 25 of Postfix and handed over to AMaVIS. If necessary, AMaVIS extracts the messages and transfers them to a scanner. After scanning, the messages are returned to Postfix on port 10025, if no virus has been detected. Otherwise, the mail admin receives a notification accordingly and the e-mail is isolated and not delivered.

Infected messages are isolated by AMaViS in the directory /var/spool/vscan/virusmails/. The attachments included in these mails are temporary extracted in /var/spool/vscan/amavis/. Therefore, it is advisable to put the directory /var/spool/vscan on a separate partition to guarantee sufficient hard disk space is available. This will also avoid affecting the space requirements of the user mail boxes and the whole system.

Scanner for AMaViS

The instructions describe how to install AMaViS along with the virus scanner antivir from the company H+B EDV. We absolutely recommend you upgrade the virus sample file. Refer to the manufacturer for this purpose.

If you want to use a different virus scanner, install it instead of the package antivir.rpm then proceed with the installation of the rest of the packages in the order mentioned above. Finally, edit the file /usr/sbin/amavis and insert the path to your virus scanner in the corresponding section. A list of the supported scanners and some helpful information is available in the directory /usr/share/doc/packages/amavis-postfix/ of the installed AMaViS, as well as on the AMaVIS home page. An example of a new scanner entry follows.

# KasperskyLab AntiViral Toolkit Pro (AVP)
my $avp = "/opt/AVP/AvpLinux";
my $AVPDIR = dirname($avp);

To remove the entry for a scanner, change it as follows:
Before:

my $avp = "/opt/AVP/AvpLinux";

After:
my $avp = "";

Function Test

A test file like eicar.com enables you to test the functioning of the virus scanner. Attention: The test is performed at your own risk! Background information is provided at the URL below.

  1. Open a text file
  2. Copy the following text line to this text file

  3. X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

  4. Save the file as eicar.com
  5. Send this file as attachment to one of the users already existing on the system

The mail admin should now obtain a notification about a possible virus. In this case, it is not a real virus, but merely a test that can be carried out with most virus scanners. However, never send this test file to other e-mail servers! Further information on this test can be found at http://www.eicar.org/anti_virus_test_file.htm.


See also:
o Installation of a virus scanner (H+BEDV AvMailGate)

Keywords: IMAP3, SLEMS3, EMAIL, AMAVIS, VIRUS, VIRUS SCANNER

Categories: Installation

Feedback welcome: Send Mail to srsimai@suse.de (Please give the following subject: SDB-kngu_slems3_amavis)
SDB-kngu_slems3_amavis, Copyright SuSE Linux AG, Nürnberg, Germany - Version: 25. Apr 2002
SuSE Linux AG - Last generated: 22. Mai 2002 by glazzar (sdb_gen 1.40.0)