|
Anti-Virus with Sendmail and FreeBSD
This is a very nice add on for ISPs or someone that wants to safeguard all email coming into their system from viruses. The following article will walk you through installing and setting up several programs, to get this project done.
Some of the files that you are going to need are files for AMaViS - A Mail Virus Scanner, and UVScan, the actual Anti-Virus Program. The AmaViS acts as a sendmail+Antivirus intergration utility program. Both of these programs work together to perform the virus check. I will include the files that I used in this articles for downloads, But please note, that you might want to goto the web site and see if they have updated this files, and download the newest version for improvements, and bugs, etc...
www.amavis.org and www.nai.com/asp_set/buy_try/try/products_evals.asp
NOTE:
Also, please use this program at your own risk, as running this program, WILL increase your processor load on the machine, as it has to scan each and every mail packet coming into your machine. Thus on a very large and busy mail server it will elevate the load quite a bit, so consider this your Pre-Warning...
amavis-0.2.1.tar
vbsd412e.tar.Z
First step I would recommend that you install the following ports in the /usr/ports/archievers
arc
lha
rar
pkzip
unzip
unarj
unrar
zip
zoo
The reason for this, is if your email has any files compressed, your machine needs to be able to open the files to virus check all attachments, without having these archivers, then its a little hard for it to check the files.
Installing UVScan :
gunzip vbsd412e.tar.Z
tar -xvf vbsd412e.tar
Then to do the installation of the software do the following :
./install-uvscan
It will ask you a series of questions, on where to install the software to ext on your machine, once its done it will then want to virus check your machine. Once this is complete the program is now installed. Your now ready to goto the next step of the installation of your virus checker.
Installing Amavis
Before we continue, lets make a copy of our sendmail.cf file, so that just incase we do anything stupid, we can still copy back the old sendmail.cf file, and get our sendmail working again.
cd /etc
cp sendmail.cf sendmail.cf.old
Next Step:
cp the amavis-0.2.1.tar to /usr/local
tar -xvf amavis-0.2.1.tar
cd amavis-0.2.1
then to install the program do ./configure
make
make install
Installing MetaMail :
You need to now go compile the metamail port in the following dir.
/usr/ports/mail/metamail
make all install clean
Installing ProcMail :
You need to now go compile the metamail port in the following dir.
/usr/ports/mail/procmail
make all install clean
Modifying /etc/sendmail.cf manually
In your sendmail configuration file (usually /etc/sendmail.cf) the local mail delivery agent needs to be changed (typically this is one of procmail, deliver or mail)
Find the line that begins with Mlocal and change the call for the program which resides after the "P=" directive. This has also to be changed after the "A=" directive:
For example:
Mlocal, P=/usr/bin/procmail, F=lsDFMAw5:/|@SPfhn, S=10/30, R=20/40,
T=DNS/RFC822/X-Unix,
A=procmail -Y -a $h -d $u
changes to:
#Mlocal, P=/usr/bin/procmail, F=lsDFMAw5:/|@SPfhn, S=10/30, R=20/40,
# T=DNS/RFC822/X-Unix,
# A=procmail -Y -a $h -d $u
Mlocal, P=/usr/sbin/scanmails, F=lsDFMAw5:/|@SPfhn, S=10/30, R=20/40,
T=DNS/RFC822/X-Unix,
A=scanmails -Y -a $h -d $u
Please have a look at the FAQ or BUGS if this leads to a malfunction.
Note: If you prefer the m4 technique to configure sendmail, please read below.
Test Installation
So, how do you test if your installation has been successful? Don't ask me to send a wild virus ;-). Instead, create a file called eicar.com with the following contents:
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
(The file should end up being 69 bytes long). As an alternative, feel free to download the file
at: http://www.eicar.org/download/eicar.com
This should be recognized as a test pattern. It is NOT a virus, just a test pattern that triggers the alert. Use this file in your mail. Try sending it as binhex, tar'ed, gzip'ed, uuencoded, etc.
|
|
