AVG Linux E-mail Server, Anti-Virus 7.1 User Manual

www.grisoft.com

AVG Linux Email Server / User Manual

AVG 7.1 for Linux E-mail Server

User Manual

Document revision 71.7 (15.6.2006)

This product uses RSA Data Security, Inc. MD5 Message-Digest Algorithm, Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. This product uses code from C-SaCzech library, Copyright (c) 1996-2001 Jaromir Dolecek <dolecek@ics.muni.cz> This product uses compression library zlib, Copyright (C) 1995-2002 Jean-loup Gailly and Mark Adler This product uses libtar library, Copyright (c) 1998-2003 University of Illinois Board of Trustees, Copyright (c) 1998-2003 Mark D. Roth This product uses compression library libbzip2, Copyright (C) 1996-2002 Julian R Seward This product uses XML parser library expat, Copyright (C) 1998, 1999 James Clark This product uses library libcurl, Copyright (c) 1996 - 2003, Daniel Stenberg, <daniel@haxx.se> This product includes Flex software developed by the University of California, Berkeley and its contributors, Copyright (c) 1993 The Regents of the University of California All other trademarks are property of their respective owners.

www.grisoft.com

AVG Linux Email Server / User Manual

Contents

1. Introduction........................................................................................... 3

2. Before Installation................................................................................. 4

2.1. Prerequisites .................................................................................... 4

2.2. Installation Package .......................................................................... 5

3. Installation and Launch ......................................................................... 6

4. Third Party Products ............................................................................ 10

4.1. AVG Anti-Virus Vendor Patches ..........................................................10

4.2. AMaViS...........................................................................................11

4.3. Qmail-Scanner.................................................................................13

4.4. Testing the Installation .....................................................................18

5. E-mail Scanning ................................................................................... 19

5.1. General Principles ............................................................................19

5.2. Performance and Resource Usage.......................................................19

5.3. Using Unix Socket for an Extra Security...............................................20

6. Commercial E-mail Servers .................................................................. 21

6.1. AVG for Lotus Notes/Domino Server Installation and Maintenance........... 21

6.2. AVG for Kerio MailServer Maintenance.................................................29

7. Standalone Command Line Modules..................................................... 33

7.1. AVGSCAN Command.........................................................................33

7.2. AVGUPDATE Command .....................................................................36

7.3. On-access Scanner...........................................................................40

7.4. Service Signals ................................................................................42

8. Configuration File................................................................................. 43

8.1. AvgCommon....................................................................................43

8.2. OnAccessScanner.............................................................................44

8.3. AvgDaemon ....................................................................................44

8.4. AvgUpdate......................................................................................45

9. FAQ and Technical Support .................................................................. 47

www.grisoft.com

AVG Linux Email Server / User Manual

1. Introduction

This User Manual is the full documentation describing AVG for Linux E-mail Server

AVG for Linux E-mail Server Kernel Features AVG for Linux E-mail Server is a product based on the AVG for Linux

scanning kernel. The AVG for Linux kernel provides comprehensive and reliable protection against viruses for Linux powered machines. It offers many features, such as scheduled and on-demand scanning of folders, files, and common archive types for possible virus infection. You can also perform a scheduled or on-demand update of your

AVG Anti-Virus either from the

Internet or from local update sources.

AVG for Linux E-mail Server E-mail Scanning Features

The incoming and outgoing e-mail messages processed by the supported mail transport agents (MTA) are watched by constantly running

AVG Anti-Virus process (memory resident scanning daemon). This means the e-mail spooling queues are protected and scanned regularly by

AVG for Linux E-mail

Server.

The AVG Anti-Virus e-mail scanning performance can be easily

controlled and configured using

AVG for Linux daemon signals and

comprehensive configuration file parameters.

AVG for Linux E-mail Server – Command Line Modules Powerful standalone command line modules are also included in the AVG for

Linux E-mail Server

installation. You can perform all possible on-demand file system tests and updates using these modules. They can be also utilized within for example the

cron utility in order to schedule a regular automatic

test or update.

www.grisoft.com

AVG Linux Email Server / User Manual

2. Before Installation

2.1. Prerequisites

Before installing AVG for Linux E-mail Server you must verify that your system meets the following requirements:

Libraries

The following libraries are required in order to ensure the AVG for Linux kernel can be installed and run properly:

libc.so.6

Open Source E-mail Servers Supported

sendmail The traditional sendmail mail transport agent (MTA, Linux synonym

for lightweight e-mail server) is included in most modern Linux distributions. The latest version is also available for free at

http://www.sendmail.org.

qmail The latest version is available for free at http://cr.yp.to/qmail.html;

an extensive description of download, installation, and main tenance issues related to

qmail is also provided at http://www.lifewithqmail.org.

postfix The postfix MTA is a popular alternative to the widely used sendmail

e-mail server; the latest version is available for free at

http://www.postfix.org/.

exim This MTA can be also used as replacement for the common

sendmail e-mail server, although its configuration and maintenance principles differ; the latest version of the

exim e-mail server is available

for free at

http://www.exim.org.

Commercial E-mail Servers Supported

Lotus Notes/Domino Server for Linux

Kerio MailServer for Linux

AMaViS – A Mail Virus Scanner

One of the varieties of AMaViS (amavis, amavisd, amavisd-new or amavis-ng) is needed for the sendmail, postfix, exim and qmail mail

transport agents in order to enable e-mail scanning with the use of

AVG for

Linux E-mail Server

. AMaViS is available for free at http://www.amavis.org.

Note: We recommend using the amavisd-new scanner which offers the best compatibility with

AVG for Linux E-mail Server and better overall

performance for all supported mail transport agents.

www.grisoft.com

AVG Linux Email Server / User Manual

Refer to chapter 4.2 Third Party Products/AMaViS to see how to install the

AMaViS scanner, and how to integrate it with AVG for Linux E-mail Server.

Qmail-Scanner

If you use the qmail MTA, an alternative solution to AMaVis mail virus scanner is

Qmail-Scanner – the e-mail content scanner designed to be used exclusively with

qmail. Qmail-Scanner is available for free at http://qmail-

scanner.sourceforge.net/.

Refer to section 4.3 Third Party Products/Qmail-Scanner to see how to install the Qmail-Scanner mail virus scanner and how to integrate it with

AVG for

Linux E-mail Server

DAZUKO Kernel Module The DAZUKO kernel module is necessary for the proper function of the AVG

for Linux E-mail Server

on-access scanner. DAZUKO is available for free at

http://www.dazuko.org.

Refer to section 7.3 Standalone Command Line Modules/On-access Scanner for detailed information on this topic.

2.2. Installation Package

AVG for Linux E-mail Server installation packages are available on the installation

CD in the form of RPM packages for various Linux distributions, or in the form of a precompiled .tar.gz package. You can also download the latest appropriate package version from

http://www.grisoft.com, Download/Programs section.

www.grisoft.com

AVG Linux Email Server / User Manual

3. Installation and Launch

AVG for Linux E-mail Server installation packages are provided as RPM files or

.tar.gz package.

z For the installation from the RPM file, use the

$ rpm -i avg71{edition}-r{version}-a{version of avi}.i386.rpm command in your shell (accessible for example using the xterm application

within your X window system). For the installation from the .tar.gz package, use the

z $ tar -xvzf avg71{edition}-r{version}-a{version of avi}.i386.tar.gz

command in the directory where the package is located to unpack its content. Switch to the unpacked avg7-linux directory then and run the

$ ./install.sh

installation script.

Note: The program files of the AVG for Linux E-mail Server versions 11 and older are installed into the

/usr/local/lib/avg7 directory. Even if you perform the full

update of older version of your

AVG Anti-Virus, the directory structure remains the same (ensuring the backwards compatibility). However, all essential components of AVG for Linux E-mail Server are always updated properly to offer you the maximum security and reliability.

The versions 12 and newer are comprehensively installed into the /opt/grisoft directory. Symbolic links are created in various system directories, leading to the /opt/grisoft directory subtree. If you want to upgrade the old directory structure, you must completely reinstall your

AVG for Linux E-mail Server. Note that in this

documentation is always described the preferred newer location of

AVG for Linux

E-mail Server

installation!

In the installation packages' names:

z the version stands for the minor version number of AVG for Linux E-mail

Server

z the distribution string stands for the specification of Linux distribution (if

necessary to distinguish it) which is the package intended for,

z the specification string stands for the AVG Anti-Virus internal virus

database specification number.

Installation of GUI from a Specific Package:

Graphical user interface (GUI) can be installed from specific packages, found at

http://www.grisoft.com, Download/Programs section.

z You can install GUI from a .tar.gz package as follows (for distributions that do

not support RPM installation): Download latest .tar.gz and unpack it:

www.grisoft.com

AVG Linux Email Server / User Manual

# tar xzvf avggui-1.0-{release}.i386.tar.gz

Change directory to avggui:

# cd avggui1

Run the installation script as root then:

$ ./install.sh

z If your distribution supports it, you can install GUI from RPM package:

Download latest rpm and install it:

# rpm -i avggui-1.0-{release}.i386.rpm

Launch the

/opt/grisoft/avggui/bin/avggui_update_licinfo.sh script as root

for updating license information after installation.

Note: You can configure PAM authentication (used in avggui run by a non-root user when changing license information) in the file /etc/pam.d/avggui.

Distributions Currently Supported

Distribution Installation package

Mandrake Linux, Red Hat, Red Flag, Fedora Core and other systems supporting the RPM packager utility

avg71{edition}-r{version}-a{version of avi}.

i386.rpm

Any other Linux distribution (e. g. Debian, Slackware, Gentoo etc.)

avg71{edition}-r{version}-a{version of avi}.

i386.tar.gz

The Installation Process

The installation process will automatically determine all features of your system and will perform the proper installation of

AVG for Linux E-mail

Server

on your computer. Perform installation from the packages mentioned

in the table above to also install the

AVG for Linux E-mail Server command

line modules (besides the e-mail scanning daemons).

(See chapter 7. Standalone Command Line Modules for detailed information on this topic).

www.grisoft.com

AVG Linux Email Server / User Manual

c) Product Registration

After the installation process you need to register your

AVG for Linux E-mail

Server

unless it has been registered already during the installation process;

this applies to special packages for

AVG Anti-Virus vendor partners.

The registration can be performed by launching the

$ avgscan -register

command in your shell.

(See chapter 7.1 Standalone Command Line Modules/AVGSCAN Command for details).

Launching the E-mail Scanning Daemon

Having installed and registered your

AVG for Linux E-mail Server you must

start the

AVG for Linux services. These services completely cover both e-mail and on-access scanning modules that run as memory resident daemons. The daemons can be controlled using the signal mechanism and

AVG for Linux E-

mail Server

configuration file.

(See chapters 7.4 Standalone Command Line Modules/Service Signals and 8.

Configuration File for detailed information).

Launch the services as root (only root can send signals to daemons):

# /etc/init.d/avgd start

If you are not logged in as root, the command responds with respective warning.

You can use the

$ su

command and apply the superuser password to change your identity to the root.

Note: The fact you are logged in as root is usually indicated by the '#' character at the beginning of your prompt. The normal user identity is indicated by the '$' character.

See chapter

5. E-mail Scanning for detailed information on the e-mail

scanning daemon.

Note: The e-mail scanning daemon serves its purpose only when a mail transport agent and possibly the necessary third party software are present and properly configured! See chapter

4. Third Party Products for basic

information on how to install and setup additional tools needed to enable the e-mail anti-virus protection with

AVG for Linux E-mail Server.

www.grisoft.com

AVG Linux Email Server / User Manual

For proper function of the on-access scanning daemon the DAZUKO kernel module is required. Refer to section

7.3 Standalone Command Line

Modules/On-access Scanner for detailed information on this topic.

The included command line modules can be operated as described in chapter

7. Standalone Command Line Modules.

www.grisoft.com

AVG Linux Email Server / User Manual

4. Third Party Products

Third party software is needed to preprocess incoming and outgoing e-mail messages content before they can be scanned by

AVG for Linux E-mail Server.

Two solutions are available for particular e-mail servers – the

AMaViS and the

Qmail-Scanner security packages.

Both of these packages require

AVG for Linux E-mail Server and optionally some

AVG Anti-Virus vendor patches to be installed before attempting to install and

configure them properly on your system. The

AMaViS e-mail content scanner can

be used with the

sendmail, postfix, qmail and exim mail transport agents; the

Qmail-Scanner can be used with qmail only. Supported commercial e-mail servers (

Lotus Notes/Domino and Kerio

MailServer

) do not require such tools. See chapter 6. Commercial E-mail Servers

for more information on this topic.

4.1. AVG Anti-Virus Vendor Patches

Before installing the

AMaViS package amavis (various versions supported) you

must apply the

AVG Anti-Virus patch. Supposing you have unpacked the

installation file, switch to the unpacked directory , copy the

amavis-{version}-

avg.patch

file there (included in the AVG for Linux

E-mail Server installation package), and apply the patch using the

$ patch -p1 < amavis-{version}-avg.patch

command. Run

autoconf with the

$ autoconf

command. Then create the

aclocal.m4 file using the

$ touch aclocal.m4

command and continue with the installation as described in chapter

4.2 Third Party

Products/AMaViS.

Note: The patch is needed only for the amavis variant of AMaViS. For the version ‘p7’ and higher of the recommended

amavisd-new you just have to uncomment

the

AVG Anti-Virus related lines in the amavisd.conf file. For older versions, use

the respective

amavisd-new patch

Besides the

amavis patch, the Qmail-Scanner (versions 1.20, 1.22) patch is also

needed when you are planning to install this tool. Switch to the unpacked

Qmail-

Scanner

installation directory and copy the qmail-scanner-{version}-avg.patch

file (included in the

AVG for Linux E-mail Server installation package) there.

Apply the patch using the

www.grisoft.com

AVG Linux Email Server / User Manual

$ patch -p1 < qmail-scanner-{version}-avg.patch

command, and follow the installation instructions as described in chapter

4.3 Third

Party Products/Qmail-Scanner.

4.2. AMaViS

You can download the package from the

http://www.amavis.org/download/ page.

Four separate packages are available:

z amavis for low and medium mail volume (home or small office use with up to

ten accounts)

z amavisd for higher mail volume z amavisd-new for higher mail volume with various add-ons included (such as

anti-spam or ISP features)

Note: We strongly recommend the amavisd-new variant to be used with AVG for Linux E-mail Server!

z amavis-ng, a modular rewrite of amavis (intended for experienced

administrators and/or

AMaViS developers); this project is not being

developed any longer, although its source code can be obtained via the

AMaViS CVS repository.

Prerequisites

The C language compiler and also the

make and autconf / automake

utilities are needed to build the AMaViS tools. The essential modules responsible for extracting e-mail content and passing it

to the

AVG for Linux E-mail Server scanning engine are implemented in Perl. This is why the Perl language interpreter has to be installed on your system. The following Perl modules are required:

o Archive::Tar (Archive-Tar-x.xx) o Archive::Zip (Archive-Zip-x.xx, version 1.09 or later is recommended!) o Compress::Zlib (Compress-Zlib-x.xx) o Convert::TNEF (Convert-TNEF-x.xx) o Convert ::UUlib (Convert-UUlib-x.xxx, stick to the newest version) o MIME::Base64 (MIME-Base64-x.xx) o MIME::Parser (MIME-Tools-x.xxxx) o Mail::Internet (MailTools-1.58 or later have workarounds for Perl 5.8.0

bugs)

o Net::Server (Net-Server-x.xx) o Net::SMTP (libnet-x.xx, use libnet-1.16 or later for better

performance)

o Digest::MD5 (Digest-MD5-x.xx) o IO::Stringy (IO-stringy-x.xxx)

www.grisoft.com

AVG Linux Email Server / User Manual

o Time::HiRes (Time-HiRes-x.xx, use 1.49 or later, older versions can

cause problems)

o Unix::Syslog (Unix-Syslog-x.xxx) o BerkeleyDB with bdb library 3.2 or later (4.2 or later preferred)

All of these modules are available for free at

http://www.cpan.org/. The usual

way of installing a new Perl module consists of unpacking the downloaded file, switching into the unpacked directory, and running the following sequence of commands as root:

# perl Makefile.PL

...

# make test

...

# make install

Make sure

AVG for Linux E-mail Server is installed and operational before

starting the

AMaViS installation.

Installation

To install

AMaViS from the source code, unpack the selected downloaded

package (the

amavis package is given in the following example):

$ tar -xvzf amavis-{version}.tar.gz

Switch to the unpacked directory. It is recommended to read the detailed instructions in the INSTALL and/or README file located in this directory. The easiest way of performing the installation is to run the following sequence of commands as root (although the installation steps may slightly differ according to the particular

AMaViS package):

# ./configure

...

# make

...

# make install

...

Configuration

Most configuration options should have been resolved by automatic configuration. Of course, it is also possible to perform manual changes to the generated

amavis script (note that the exact name of the script may depend

on which

AMaViS package you have decided to install). If you switch to a

www.grisoft.com

AVG Linux Email Server / User Manual

different MTA, you must re-run AMaViS configuration, because the script contains only the code for the MTA it was initially configured for.

The configuration steps to be taken for particular mail transport agent consist of making small subtle changes in the related configuration files in order to ensure

AMaViS can access the messages in the mail transport agent's queue before they are processed further. As MTA configuration is specific for each agent as well as for the particular administrator options and policies, it is not covered in detail in this documentation.

If you experience any problems with integrating your mail transport agent and AMaViS, refer to your mail transport agent documentation, and also to the README.{MTA_name} file in the README_FILES subdirectory of the AMaViS installation directory (the MTA_name stands for the name of your mail transport agent). These README files contain detailed information and configuration examples for all supported mail transport agents.

4.3. Qmail-Scanner

Prerequisites

The

qmail version 1.03 or higher is needed.

Make sure the

reformime tool for reformatting the MIME e-mail format is

installed on your computer. The

reformime package can be obtained for free

http://prdownloads.sourceforge.net/courier/.

Also the Perl language interpreter (version 5.005_03 or higher) and the following Perl modules are needed:

o Time::HiRes o DB_File o Sys::Syslog

All of these modules are available for free at

http://www.cpan.org/. The usual

way of installing a new Perl module consists of unpacking the downloaded file, switching into the unpacked directory, and running the following sequence of commands as root:

# perl Makefile.PL

...

# make test

...

# make install

The

qmailqueue patch is needed in order to enable qmail to call a different

qmail-queue program than the one compiled by default. The patch

instructions and also the patching process details are presented at

http://www.qmail.org/qmailqueue-patch. Here is a direct example transcript

(according to the previous website) of the differences that have to be performed:

www.grisoft.com

AVG Linux Email Server / User Manual

diff -u qmail-1.03-orig/Makefile qmail-1.03/Makefile

--- qmail-1.03-orig/Makefile Mon Jun 15 04:53:16 1998 +++ qmail-1.03/Makefile Tue Jan 19 10:52:24 1999 @@ -1483,12 +1483,12 @@ trigger.o fmtqfn.o quote.o now.o readsubdir.o qmail.o date822fmt.o \ datetime.a case.a ndelay.a getln.a wait.a seek.a fd.a sig.a open.a \ lock.a stralloc.a alloc.a substdio.a error.a str.a fs.a auto_qmail.o \

-auto_split.o +auto_split.o env.a ./load qmail-send qsutil.o control.o constmap.o newfield.o \ prioq.o trigger.o fmtqfn.o quote.o now.o readsubdir.o \ qmail.o date822fmt.o datetime.a case.a ndelay.a getln.a \ wait.a seek.a fd.a sig.a open.a lock.a stralloc.a alloc.a \

- substdio.a error.a str.a fs.a auto_qmail.o auto_split.o + substdio.a error.a str.a fs.a auto_qmail.o auto_split.o env.a

qmail-send.0: \ qmail-send.8 diff -u qmail-1.03-orig/qmail.c qmail-1.03/qmail.c

--- qmail-1.03-orig/qmail.c Mon Jun 15 04:53:16 1998 +++ qmail-1.03/qmail.c Tue Jan 19 09:57:36 1999 @@ -6,14 +6,25 @@ #include "fd.h" #include "qmail.h" #include "auto_qmail.h" +#include "env.h"

-static char *binqqargs[2] = { "bin/qmail-queue", 0 } ;

www.grisoft.com

AVG Linux Email Server / User Manual

+static char *binqqargs[2] = { 0, 0 } ; + +static void setup_qqargs() +{ + if(!binqqargs[0]) + binqqargs[0] = env_get("QMAILQUEUE"); + if(!binqqargs[0]) + binqqargs[0] = "bin/qmail-queue"; +}

int qmail_open(qq) struct qmail *qq; { int pim[2]; int pie[2]; + + setup_qqargs();

if (pipe(pim) == -1) return -1; if (pipe(pie) == -1) { close(pim[0]); close(pim[1]); return -1; }

Before installing the software a special account must be created, which the Qmail-Scanner processes will run under. By default, the user/group name for this account is

qscand. For extra security, create it with a normal home

directory (e.g.

/home/qscand), but with a "fake" shell (e.g. /bin/false), as

Qmail-Scanner never logs in directly. Make sure

AVG for Linux E-mail Server is installed and operational before

attempting to install

Qmail-Scanner.

Installation

Unpack the

Qmail-Scanner package using the

$ tar -xvzf qmail-scanner-{version}.tgz

www.grisoft.com

AVG Linux Email Server / User Manual

command (the version stands for the downloaded package version). Switch to the unpacked directory and run the

$ ./configure –help

command if you want to get an overview of possible configuration options. Run the

$ ./configure

command (possibly with selected options). This determines all the features and recognizes the

AVG for Linux E-mail Server virus scanning software on

your computer. Run the

# ./configure –install

command as root this time (again, possibly with other options you have selected before). This updates the

qmail directory structure on your system

and also installs the qmail-scanner-queue.pl script. You can test the installation using the

$ ./contrib/test_installation.sh

command in the installation directory. This will send fou r e-mails: one normal, two infected with the EICAR anti-virus test file, and one obvious spam to the root's address. Ideally

Qmail-Scanner should let one through, catch the viruses, and tag the spam as "spammy" (if

SpamAssassin is installed of course). As Qmail-Scanner initially defaults not to not ifying anyone when a virus is caught, you may have to view the logs (e.g. syslog) to see what

Qmail-Scanner exactly did.

Configuration

To enable

Qmail-Scanner to access the e-mail queue contents the qmail-

smtpd

daemon has to be told that qmail knows to use the qmail-scanner-

queue.pl

script instead of the default qmail-queue binary executable. This is

done via the TCP server control files for SMTP. See where the TCP server for

qmail-smtpd gets its rules from according to your installation options of qmail mail transport agent. Edit the rule file and tell qmail-smtpd what IP

address range (corresponding to SMTP client IP addresses) you want

Qmail-

Scanner

to be invoked on. You should select all the addresses to be scanned.

A typical example of changing the rule file for the

qmail-smtpd daemon

follows:

#/etc/tcpserver/smtp.rules #

www.grisoft.com

AVG Linux Email Server / User Manual

# No Qmail-Scanner at all for mail from 127.0.0.1

127.:allow,RELAYCLIENT="",RBLSMTPD="",QMAILQUEUE="/var/qmail/bin/qm ail-queue"

# Use Qmail-Scanner without SpamAssassin on any mail from the local network

# [it triggers SpamAssassin via the presence of the RELAYCLIENT var]

10.:allow,RELAYCLIENT="",RBLSMTPD="",QMAILQUEUE="/var/qmail/bin/qmai l-scanner-

queue.pl"

# # Use Qmail-Scanner with SpamAssassin on any mail from the rest of the

world :allow,QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl"

The above example means that all SMTP e-mails will be scanned, but each in a different manner according to the address classification. E-mail from the LAN (the 10. prefixed network) will be scanned by the

AVG for Linux E-mail

Server

whereas e-mail from the Internet will be scanned for viruses (and also

tagged by

SpamAssassin if present). This control philosophy provides you with a lot of versatility – virus scanning can be only performed for example on mail coming from your Exchange server and not on mail from your Unix servers.

Note: You must increase the amount of memory your system allows qmail- smtpd

to run with because it is now running the entire Perl language

interpreter and also the

AVG for Linux E-mail Server. Typical installations of qmail are provided with the system rc/startup scripts (e.g. /etc/rc.d/init.d/qmail or /service/smtp/run). These scripts limit the

amount of RAM the

qmail-smtpd daemon can use (via ulimit or softlimit shell commands). You must increase the limit to approximately 5-11MB (the exact range depends on your system parameters and load).

If you want to enable

AVG for Linux E-mail Server to scan all mail sent by

local shell users, the

qmailqueue must be defined in /etc/profile file.

If the "$DEBUG=1" (the default) variable is set wit hin

qmail-scanner-

queue.pl

script, then every transaction will be logged to th e

/var/spool/qmailscan/qmail-queue.log file. Regardless of debugging, errors (and attachment info if enabled) should also be recorded in the

qmail

logs (probably via syslog). Note that the /var/spool/qmailscan/qmail- queue.log

log file will grow in time unless you manage its regular cleanup

(either manual or scheduled for example via the

cron utility).

www.grisoft.com

AVG Linux Email Server / User Manual

Any dropped SMTP session (for example due to network outages) may lead to files lying around in

/var/spool/qmailscan. Running the # /var/qmail/bin/qmail-scanner-queue.pl -z command as root at least once a day will ensure such files are deleted when

they are over 30 hours old (for example the

cron utility can be employed to

perform the regular cleanup).

Note: For details on the Qmail-Scanner please refer to the http://qmail-

scanner.sourceforge.net/ website.

4.4. Testing the Installation

Successful installation of

AVG for Linux E-mail Server and the appropriate mail

content scanner (

AMAViS or Qmail-Scanner) can be tested within any supported e-mail server by sending a message with the Eicar test file attachment. The attachment should be removed from the e-mail, and replaced by a virus infection notification. Refer to the

http://www.eicar.org/anti_virus_test_file.htm website for

detailed information and the test file itself.

www.grisoft.com

AVG Linux Email Server / User Manual

5. E-mail Scanning

5.1. General Principles

The

AVG for Linux E-mail Server service responsible for e-mail scanning runs as a set of memory resident daemons. These daemons are identical preforked processes bearing the

AVG Anti-Virus scanning kernel and interface for scanning

the e-mail content fetched by

AMaViS, Qmail-Scanner or respective commercial

e-mail server. The number of e-mail scanning daemons can be specified in the

AVG for Linux E-

mail Server

configuration file (see chapter 8.3 Configuration File/Avg Daemon for

detailed information on this issue). The default number of daemons is

2, possible values range across all non-negative integers. Increase the number of daemons for very busy servers to accelerate the e-mail scanning by introducing a higher level of parallel processing. A general rule of how to regulate the number of daemons can not be formulated exactly because the scanning performance widely varies according to the particular system configuration, other services running and software installed.

Note: Be careful when changing the number of daemons; its excessive increase can cause temporary service failure problems after restarting or sending another signal to the

AVG for Linux daemons (for example when the virus database is updated

and being reloaded by scanning daemons)!

The

AVG for Linux E-mail Server e-mail scanning service is bound to the IP address that is also specified in the respective section of the configuration file (127.0.0.1 by default). The address must be the same as the one the mail transport agent is bound to. The default port which the daemons are listening on is 55555. If necessary, this value can be changed in the configuration file as well.

AVG for Linux E-mail Server does not support direct configuration of actions to be performed after virus detection and/or suspicion in the processed e-mail. These features are covered by the e-mail server agent and/or respective mail content scanner. Please refer to the documentation of your e-mail server and

AMaViS or

Qmail-Scanner for detailed information.

5.2. Performance and Resource Usage

Adding virus scanning to an e-mail server can slightly increase the resource usage of the server for the open source mail transport agents (these are

sendmail, postfix, qmail, exim). As both of the e-mail scanner wrappers (AMaViS and Qmail-Scanner) are written in Perl instead of low-level C, some amount of memory

and other system resources is required to make the scanning processes run in order to scan the e-mail server traffic efficiently. However, the real additional system load depends on many factors (such as the size of e-mail float, the number of memory resident processes and so on) that can be effectively optimized by the system administrator.

It is suggested that you look at how many simultaneous SMTP sessions you are willing to run on your system. Each SMTP session can claim a certain number of AVG for Linux E-mail Server virus scanning daemons. The estimated amount of memory to be used by all the scanning processes per SMTP session is about 5-6 MB. It is strictly recommended to take this into the account when planning a server policy and usage management strategies.

www.grisoft.com

AVG Linux Email Server / User Manual

5.3. Using Unix Socket for an Extra Security

You can take advantage of launching the

AVG Anti-Virus e-mail scanning daemon

within the same account as the e-mail content scanner (

AMaViS or Qmail-

Scanner

). Moreover, the e-mail scanning daemon can create a Unix socket and listen on it then in order to increase the e-mail scanning security. The socket is created and also destroyed by the daemon automatically with the proper access rights and ownership (e. g.

amavis when the daemon is running under the amavis

account). To enable the using of the socket, follow these steps (you must be logged in as

root):

z Uncomment the line with the unixSocketName parameter in the

/ect/avg.conf AVG for Linux E-mail Server configuration file. You can also

change the parameter value if necessary (the default value is /tmp/avg.sock). See chapter 8. Configuration File for detailed information on the configuration file.

z In the /opt/grisoft/avg7/etc/init.d/avgdinit.conf file, change the SUSER

parameter value to the name of the user who is supposed to run the e-mail scanning

AVG Anti-Virus daemon (for example amavis).

z Finally, you must change the configuration file of the respective e-mail content

scanner (

AMaViS or Qmail-Scanner). For example, in the case of the

preferred

amavisd-new scanner the AVG Anti-Virus related section of the

/etc/amavisd.conf file should look like as follows:

['AVG Anti-Virus', \&ask_daemon, ["SCAN {}\n", '/tmp/avg.sock'], qr/^200/, qr/^403/, qr/^403 .*?: (.+)/ ]

Note: The on-access scanning must be running under the root account. So if you change the user who is running the daemons in the

/etc/init.d/avgd file, you will disable the on-access scanning! You have to resolve the trade-off between the onaccess scanning and increased e-mail scanning security.

www.grisoft.com

AVG Linux Email Server / User Manual

6. Commercial E-mail Servers

AVG for Linux E-mail Server can also be used with commercial e-mail servers

running under Linux. The main idea of such a solution is to protect the (possibly Windows powered) computers of users connected to these e-mail servers against the possible virus infection. The following server products are supported:

z Lotus Notes/Domino Server z Kerio MailServer

For all servers the preceding installation of the

AVG for Linux E-mail Server

product is necessary. For Lotus Notes/Domino Server a special AVG Anti-Virus plugin is also needed.

Kerio MailServer offers internal support of AVG for Linux

E-mail Server

, so no additional tools are required.

6.1. AVG for Lotus Notes/Domino Server Installation and Maintenance

The anti-virus protection of e-mail communication on

Lotus Notes/Domino

Server

with AVG for Linux E-mail Server can be performed using the special

AVG for Lotus Notes/Domino Linux plugin. You can obtain the plugin in the form

of a precompiled .tar.gz package on the

AVG Anti-Virus installation CD, or in the

Download/Programs section at http://www.grisoft.com. Before you can install the plugin, you need to:

z install and configure Lotus Domino Server for Linux z install and configure AVG for Linux E-mail Server

Also, you have to verify these configuration details:

z AVG for Linux E-mail Server mail scanning daemon must be bound to the

127.0.0.1(localhost) address

(See section

8.3 Configuration File/AvgDaemon for details)

z For Linux distributions with default UTF-8 locales (these are Red Hat 8, Red

Hat 9, Fedora Core 1, Fedora Core 2, etc.), set the LANG environment variable to C or cs_CZ (for Czech users) for the account which the Domino server is running under. These changes can be made following this example (supposing the Domino server is running under the

notes account):

The

notes account profile file (e. g. .bash_profile) must contain these lines:

...

LANG=cs_CZ LC_TIME=POSIX LC_MONETARY=cs_CZ LC_NUMERIC=cs_CZ LC_COLLATE=cs_CZ ...

www.grisoft.com

AVG Linux Email Server / User Manual

export BASH_ENV PATH LANG LC_TIME LC _MONETARY LC_NUMERIC LC_COLLATE

...

Once all the prerequisites mentioned above are satisfied, you can install the plugin. Unpack the plugin installation package with the

# tar -xvzf avgln_linux-{version}.i386.tar.gz

command (the

version stands for the number of the plugin version).

Switch to the unpacked

avgln_linux directory and run the installation script as

root:

# ./install.sh

This will install the

AVG for Lotus Notes/Domino Server Linux plugins in several

steps. At the end of the installation the

notes.ini Lotus Notes/Domino server

configuration file is edited in order to enable launching the

AVG for Lotus

Notes/Domino

services. Check your notes.ini file for changes.

The following lines should be present there:

...

NSF_HOOKS=avghook ... servertasks=...,avgmail,avgscan ... AVGLang=x ...

where x is 1, 2, or 3 depending on language you have selected. The server tasks (servertasks) configuration line tell s the

Lotus Notes/Domino Server to run the

AVG for Lotus Notes/Domino server services.

In order to complete the installation,

Lotus Notes/Domino Server must be

restarted. This will automatically launch the

AVG for Lotus Notes/Domino Server

Linux plugin (server services AvgScan and AvgMail) and create the

AVG Anti-Virus databases (AVG Configuration, AVG Log and AVG Virus Vault). All of these can be blocked in the appropriate configuration sections later if needed.

After correct installation of the

AVG for Lotus Notes/Domino Server plugin and

Lotus Notes/Domino server restart there are no further actions needed for

efficient mail protection. The default settings are as follows:

z scan all e-mails with attachments z a certification message will be added to any e-mail which is virus-fr ee, does

not include a signature attachment, and has not been encrypted

www.grisoft.com

AVG Linux Email Server / User Manual

incoming files which are considered infected are sent to the recipient with a message containing file and virus details

z outgoing e-mail containing infected attachments will be returned to the sender

with information about the infected objects and corresponding viruses; the infected e-mail will not be delivered to the recipient

You can easily change the default configuration of

AVG for Lotus Notes/Domino

Server

using the Lotus Notes/Domino Server administration console graphical user interface. After selecting the Files tab in the initial window, you will see various

AVG Anti-Virus related files (server databases literally) among all the

files to administer: Three

AVG Anti-Virus fields are present:

z AVG Log z AVG for Lotus Notes z AVG Virus Vault

AVG for Lotus Notes

Double click on the

AVG for Lotus Notes field in the administrator utility

domain window’s

File tab (see the previous screenshot) to open the AVG for

Lotus Notes – Configuration

window:

In this window, select the appropriate server on which you want to have the AVG Anti-Virus configuration database. Double click its field or simply press the

Edit button which is right above the servers’ list. A new untitled window will then be opened within the administrator utility environment (see the following two screenshots):

You can fully control the scanning and infected e-mail management behavior of

AVG for Lotus Notes/Domino Server, and also schedule possibly multiple server database scans. To save the configuration changes performed press the

Save and close button in the upper area of the window.

All the configuration options fully corresponding to the fields presented on the screenshots above are as follows:

Global Settings

Server name – the current server specification

Certify mail – select if AVG for Lotus Notes/Domino Server should certify e-mails or not

Certify text – edit the certification text (e.g. “The message is virusfree…”)

Mail Scan

Scan mail – enable/disable automatic e-mail anti-virus scanning

Incoming Mail Settings

Attachments – enables defining file extensions of e-mail attachments that should be automatically removed from the e-mail. Attachments with user-defined extensions will be automatically

www.grisoft.com

AVG Linux Email Server / User Manual

removed from an incoming e-mail, no matter whether the identified file has been infected by a virus or not. The possible actions are:

No action, incoming attachments won’t be filtered or removed Remove, user-defined attachments will be removed from virus-

detected e-mail and then deleted Remove and store in Virus Vault, user-defined attachments will be

deleted from virus-detected e-mail and moved to the Virus Vault

You will be allowed to choose the attachment file extensions from the list of keywords (or you can type a new one if the desired extension is not in the list) in a new

Extensions field when the Remove or Remove and

store…

actions are selected.

Virus found action – you can specify action to be taken if a virus is found in an incoming e-mail:

Deliver mail to the recipient, the infected e-mail will be delivered to the recipient with a warning about the virus and infected file added; additional settings will define whether the infected attachments are removed from the mail and/or moved to the AVG Virus Vault database. A field entitled

Infected files allows you to specify the action to be taken for virus-infected files. Possible actions are:

Remove – the infected files are removed from the e-mail

Remove and store in Virus Vault – the infected files are removed from the e-mail and stored in local Virus Vault

Store in Virus Vault and deliver to recipient – the infected files are kept in the e-mail and copies are also stored in local Virus Vault

Deliver to recipient – the infected files will be kept in the e-mail and delivered to recipient

Return mail to sender, the infected e-mail will be returned to the sender as undeliverable with an option to add a warning about the virus found

Send warning to recipient/sender – you can check this field if you wish to warn the recipient/sender (depending on whether you choose Deliver mail to the recipient or Return mail to the sender action on virus found) of virus-infected e-mail.

Text of warning – here, you can edit the default message text, which is included in the virus-infected e-mail if you have the

Send warning to

recipient/sender

field checked on.

Send warning to administrator – when this field is checked on, a warning will be sent to administrators specified in the

Administrators field after an incoming e-mail is detected as virus-infected. You can edit the text of the warning message in the corresponding

Text of warning

field.

Outgoing Mail Settings

Virus found action – you can specify, which action is to be taken if there is a virus found in an outgoing e-mail:

www.grisoft.com

AVG Linux Email Server / User Manual

- Deliver mail to the recipient, the infected e-mail will be delivered

to the recipient with a warning about the virus and infected file added; additional settings will define whether the infected attachments are removed from the mail and/or moved to the AVG Virus Vault database. A field entitled

Infected files allows you to specify the action to be taken for virus-infected files. Possible actions are:

Remove – the infected files are removed from the e-mail Remove and store in Virus Vault – the infected files are removed

from the e-mail and stored in local Virus Vault Store in Virus Vault and deliver to recipient – the infected files

are kept in the e-mail and copies are also stored in local Virus Vault Deliver to recipient – the infected files will be kept in the e-mail

and delivered to recipient

Return mail to sender, the infected e-mail will be returned to the sender as undeliverable with an option of adding a warning about the virus found

Text of warning – here, you can edit the default message text, which is included in the virus-infected e-mail if you have the

Send warning to

recipient/sender

field checked on.

Send warning to administrator – when this field is checked on, a warning will be sent to administrators specified in the

Administrators field after an outgoing e-mail is detected as virus-infected. You can edit the text of the warning message in the corresponding

Text of warning

field.

Scheduled Database Scan

You can plan the scanning of server databases in this area of the

AVG

for Lotus Notes/Domino Server

configuration form. Various fields are

available:

Scan at times – a time interval and/or exact time data can be filled in to tell

AVG for Lotus Notes/Domino Server when it should run the databases scanning (e. g. 8:00–22:00 or 8:00–22:00, 23:30, 05:00)

Repeat interval of – the time in minutes, which defines the frequency of scans during the intervals specified in the Scan at times field

Days of the week – you can select the days when database tests are run

www.grisoft.com

AVG Linux Email Server / User Manual

- Scan – the attachments related field – you can define here whether to check all the attachments or only those with extensions specified in the

Extensions field

Infected files - allows you to specify the action to be taken for virus-infected files. Possible actions are:

Remove – the infected files are removed from the document Remove and store in Virus Vault – the infected files are removed

from the document and stored in local Virus Vault Leave in the document - the infected files are kept in the document

Scan – the databases related field – you can define here, whether to scan all the server’s databases or only those specified in the

List of

databases

(files to scan) field

Send warning to administrator – when this field is checked on, a warning will be sent to administrators specified in the Administrators field after a virus is detected during the database scan. You can edit the text of the warning message in the corresponding

Text of warning field. The administrator is able to define the text of the subject line of an e-mail to be sent. In the warning e-mail body there a list of infected files (with links) and the viruses found.

AVG Virus Vault

AVG Virus Vault is a special Lotus Notes/Domino server database, which the virus-infected files can be put into to treat (or delete or recover) them safely without risk of affecting the rest of your system resources.

In the

Lotus Notes/Domino Server administration environment you can access the Virus Vault via the AVG Virus Vault database. It is a special server database as mentioned in the previous paragraph. Double click the corresponding field in the Lotus administrator utility domain window’s

File tab

and a new window will be opened: You can examine the viruses put into Virus Vault in various ways of grouping

the fields: o fields grouped by virus-infected database files detected during database

scans

o fields grouped by viruses found in databases during database scans o fields grouped by the date of infected message detected in e-mail scan

www.grisoft.com

AVG Linux Email Server / User Manual

o fields grouped by the recipient of infected message detected in e-mail

scan:

o fields grouped by the virus in infected message detected in e-mail scan

AVG Log

In the AVG Log database information is stored on

AVG for Lotus

Notes/Domino Server

events

recorded during the server’s run. You can check and further examine various events such as initialization progress, viruses found and so on.

In the

Lotus Notes/Domino Server administration environment you can access the log information via the AVG Log database. Double click the corresponding field in the administrator utility domain window’s

Files tab and

a new window will be opened: There are two fields present for both the Databases and Mail folders. Those

are:

Date – the timestamp of the logged record

Text – the text of the log information

Uninstalling the AVG for Lotus Notes Linux Plugin

If you want to install newer version of AVG for Lotus Notes Linux plugin, you must uninstall the older version first. You can perform the uninstallation manually as root. Follow these steps:

o Check whether the Lotus Notes/Domino Server is running or not using

the

# ps –A | grep server

command. If the server is running, the output shou ld be something like this:

17064 pts/1 00:00:01

server

17068 pts/1 00:00:00

server

17069 pts/1 00:00:00

server

17076 pts/1 00:00:00

server

17077 pts/1 00:00:00

server

If the server is running, search all consoles (using the ALT+F1 – ALT+F6 keys). When you find the console which is the server running on, shut it down with the

exit command.

www.grisoft.com

AVG Linux Email Server / User Manual

o Delete the following files from the /usr/local/lotus/notesdata

directory:

avgln.pdf avglog.ntf avglog.nsf avgsetup.ntf avgsetup.nsf avgvirus.ntf avgvirus.nsf

o Open the /usr/local/lotus/notesdata/notes.ini in a text editor and delete

the

avgmail and avgscan strings from the line beginning with

ServerTasks idetifier.

Delete also the whole lines

NSF_HOOKS=AVGHOOK AVGLang=x

The ‘x’ depends on the language installed (1 for Czech, 2 for English and 3 for German).

o From the /usr/local/lotus/notes/~latest/linux directory delete the files:

avgscan avgmail libavghook.so

After performing the manual uninstallation you can install a new version of the AVG for Lotus Notes Linux plugin.

www.grisoft.com

AVG Linux Email Server / User Manual

6.2. AVG for Kerio MailServer Maintenance

The anti-virus protection mechanism is integrated directly into the

Kerio

MailServer

application. In order to activate e-mail protection of Kerio MailServer

by the

AVG Anti-Virus scanning engine, launch the Kerio Administration

Console

application (using the kerioadmin command in your shell). In the control

tree on the left side of the application window choose the

Antivirus sub-branch in

the

Configuration branch:

Click the

Antivirus item to open the Antivirus dialog window. There are three tabs

in the window:

z Antivirus z Attachment Filter z Action

To save the changes press the

Apply button in the bottom area of the configuration

window. You can also return to the previously saved state by pressing the

Reset

button.

Antivirus Tab

To activate

AVG for Kerio MailServer, select the Use external antivirus

radio button and choose the

Grisoft AVG for Linux Edition 7.1 item from

the external software menu on the

Antivirus tab of the configuration window:

You can press the

Options button to open the following window:

In this window you can change the values of the address and port the

AVG for

Linux

e-mail scanning daemon is listening on.

Note: You must set the appropriate values here, if you changed the address and port default settings in the

AVG for Linux E-mail Server configuration

file (refer to section

8.3 Configuration File/AvgDaemon for detailed information

on the configuration file)!

www.grisoft.com

AVG Linux Email Server / User Manual

b) Attachment Filter Tab

On the

Attachment Filter tab there is a list of various attachment definitions:

You can enable/disable filtering of mail attachments by selecting the

Enable

attachment filter

field. Each item in the list has four fields:

Type – specification of the kind of attachment determined by the extension given in the

Content field. Possible types are File name or

MIME type. You can select the respective box in this field to

include/exclude the item in/from attachment filtering.

Content – an extension to be filtered can be specified here. You can use operation system wildcards here (for example the string ‘*.doc.*’ stands for any file with the .doc extension, and any oth er extension following).

Action – define action to be performed with the particular attachment. Possible actions are Accept (accept the attachment), and Block (block the attachment as defined in the

Action tab dialog).

Description – description of the attachment defined in this item.

www.grisoft.com

AVG Linux Email Server / User Manual

An item is removed from the list by pressing the Remove button. You can add another item to the list by pressing the

Add… button. Or, you can edit an

existing record by pressing the

Edit… button. This window then appears:

o In the

Description field you can write a short description of the

attachment to be filtered.

o In the

If a mail message contains an attachment w here field you can select the type of attachment (File name or MIME type). You can also choose a particular extension from the offered extensions list, or you can type the extension wildcard directly.

o In the

Then field you can decide whether to block the defined attachment or accept it.

c) Action Tab

You can specify what to do with a virus-infected or filtered message on the Action tab:

www.grisoft.com

AVG Linux Email Server / User Manual

There are two sections:

o Action

This section specifies an action to be carried out when a virus is detected in a message, or when a message is filtered by an attachment filter:

Forward the message to administrator address - when selected, the virus-infected message is forwarded to the address specified in address text field

Forward the filtered message to administrator address - when selected, the filtered message is forwarded to the address specified in address text field

Deliver the message with the attachment removed - when selected, the message with the possibly harmful attachment removed is delivered to the recipient

Also send warning to sender - when selected, a warning is sent back to the message sender that his/her message was virus-infected and/or filtered. Having selected this item, the

Only if sender is

local

checkbox will be active. You can specify whether to send the

warning to all senders or to the local ones only (your domain users).

Bounce the message to sender - when selected, the infected or filtered message is returned to its sender.

Discard the message - when selected, the infected or filtered message is discarded.

o If the attachment cannot be scanned

This section specifies an action to be taken with unreadable attachments:

Perform action defined in the action frame - message is treated as virus-infected and/or filtered and the action defined in the action frame is performed.

Allow the attachment to be delivered - when checked, the message will be delivered. Also, the

Append a warning to the

message

checkbox will be active then, so you can define whether to append a warning to the message to let the users be informed of a possible threat or not.

www.grisoft.com

AVG Linux Email Server / User Manual

7. Standalone Command Line Modules

As a part of the AVG for Linux E-mail Server internal structure, several command line configurable and executable modules are included in the installation package.

7.1. AVGSCAN Command

The

avgscan command is intended to perform various on-demand tests. Its performance is comprehensively controlled by the command line parameters. The general syntax of the command is

$ avgscan [options] [path|paths]

The

[path|paths] string stands for a single path or multiple paths to be scanned. The multiple paths are given in a list separated by the space character; a single object can be also given to be processed by the scanner. When no options are specified, a generic scan is performed for the given path(s).

Note: Although the avgscan command itself can manage only the on-demand test, you can also use it to create scheduled tests by incorporating the

cron Linux system utility. See the manual pages (man [cron|crontab]) or the respective documentation for detailed information.

The options for the

avgscan command and their descriptions are given in the

following table:

Parameter Description

-scan Simple generic scan of the given objects and/or locations.

-heur Switches on the heuristic analysis.

-exclude [PATH|PATHS]

Excludes a particular path or paths from the scan; the path(s) to be excluded must be given right after this option, and separated by the space character.

-@ FILE Specifies the command file with parameters to be processed by the

avgscan program; the file name must be given right

after this option, and separated by the space character.

-ext=<ext_mask> Explicit specification of file extensions t o be scanned in the form of

-ext=<ext_mask>, where the <ext_mask> string stands for the extension definition (for example “*”, ”jpg” , etc.). When entering multiple file extensions, they should be separated by a semicolon.

www.grisoft.com

AVG Linux Email Server / User Manual

Parameter Description

noext=<ext_mask>

Explicit specification of file extensions not to be scanned in the form of

-noext=<ext_mask>, where the <ext_mask> string stands for the extension definition (for example “*”, ”jpg”, etc.).

-smart Switches on the smart scan testing feature.

-arc Switches on scanning of archives (common archive file types like ZIP, GZIP, BZIP2 and others are supported).

-rt Switches on scanning of run-time compressed objects.

-clean Switches on the automatic healing of infected fil es.

-arcw Reports archives encountered during scanning.

-rtw Reports run-time compressions encountered during scanning.

-macrow Reports macros encountered during scanning.

-pwdw Reports password-protected files encountered during scanning.

-changew Reports changes encountered during scanning.

-ignlocked Makes the scanner ignore locked files.

-register [LICENSE] Registers the AVG for Linux E-mail Server; it is necessary to enter the valid license number either on the command line right after the -register option (separated by the space character), or later when prompted after the command execution without license given on the command line.

-report FILE Reports messages about the test progress and results to the specified file; the file name must be given right after this option, and separated by the space character; when the specified file already exists, it will be overwritten .

www.grisoft.com

AVG Linux Email Server / User Manual

Parameter Description

-repappend FILE Reports messages about the test progress and results to the specified file; the file name must be given right after this option, and separated by the space character; in reverse to the previous option, an existing file can be used to append the information to the end of the file; when a new file is specified, it will be created.

-repok Switches on reporting of uninfected files ‘is OK’.

-stoplevel N Pauses when an erroneous state is encountered during scanning. Requires the integer argument N defining the internal code of a state in which the scan shall be paused.

-h, --help Prints a brief overview of the program's options and usage.

-pup Results in the detection of “potentially unwanted programs” within the scanning. Potentially unwanted program can be for example spy-ware or other possibly insecure programs.

Note: If you launch the avgscan command with the –clean parameter, AVG Anti- Virus

will attempt to heal all infected files automatically. When the healing is

successful, a

$VAULT$.AVG folder is created (unless it exists already) in the home directory of the user who performed the test. The infected files are moved into this directory then, whereas the cleaned files remain in their original locations. Note the infected files are stored in a special

AVG Anti-Virus format, ensuring they are

absolutely harmless for your system!

Return values of

avgscan program are:

z 0 – no errors z 1 – the test was interrupted by user z 2 – an error occurred during the test (e.g. cannot open file event) z 3 – file system changes detected z 4 – a suspect object found by heuristic analysis z 5 – a virus found by heuristic analysis z 6 – a particular virus was found z 7 – an active virus found in memory z 8 – corruption of some of the AVG for Linux E-mail Server command line

components

z 10 – an archive contains password protected files

Some typical examples of

avgscan use with brief explanations follow:

z $ avgscan /home/user

www.grisoft.com

AVG Linux Email Server / User Manual

scans the user's home directory

z $ avgscan -heur /home/user

scans the

user's home directory using heuristic analysis

z $ avgscan /home/user/bin/run_something.sh

scans the single file

run_something.sh in the bin directory of user's home

z $ avgscan -repok /home/user

scans

user's home directory, reporting uninfected files as OK

z $ avgscan -report ~/reports/report001.avg /home/user

scans the

user's home directory and reports the test results into the file

report001.avg in the reports directory in the actual user's home

z $ avgscan -repappend ~/reports/report001.avg /home/user

scans the

user's home directory and appends the test results to the file

report001.avg in the reports directory in the actual user's home

z $ avgscan -arc -repok /home/user

scans the

user's home directory including archives, reporting uninfected files

as OK

z $ avgscan -ext=* -rt -arc -heur /home

scans the files with any extension in the

/home directory, including the run

time compressions and archives

Note: For online help on the avgscan command type

$ man -l /opt/grisoft/avg7/man/man1/avgscan.1.gz

in your shell.

7.2. AVGUPDATE Command

Anti-virus systems can guarantee reliable protection only if they are updated regularly. AVG for Linux E-mail Server provides a reliable and fast update service with quick response times via the

avgupdate command line utility.

AVG Anti-Virus offers three different update levels (update levels of lower importance automatically include more critical ones):

z Priority update

The priority update contains changes necessary for reliable anti-virus protection. Typically, these are important virus definition updates. These updates should be applied as soon as they are available.

z Recommended update

The recommended update contains various program changes, fixes and improvements.

www.grisoft.com

AVG Linux Email Server / User Manual

Optional update

The optional update reflects changes that are not necessary for program functionality – texts, updates of the setup component, etc. Optional updates can be downloaded and applied together with recommended updates but the timeliness of implementing them is not urgent.

Note: For e-mail servers in general it is strictly recommended to perform the priority update approximately every two hours! The recommended update should be performed at least once a day or on-demand.

You can review the performed update information in the update log file

avg7upd.log that is to be found in the /opt/grisoft/avg7/var/update/log

directory. The

avgupdate command is a tool for complex control over the on-demand update process. The update in general can be performed by launching this command. The update properties are controlled using the command options, which are listed in the table below. General syntax of the command is:

$ avgupdate [options] [path|list]

The

[path|list] string stands for the path of the explicitly given update files (or for the list of these update files separated by the space character).

Note: Although the avgupdate command itself can manage only the on-demand update, you can also use it to create scheduled updates by incorporating the

cron Linux system utility. See the manual pages (man [cron|crontab]) or the respective documentation for detailed information.

www.grisoft.com

AVG Linux Email Server / User Manual

The options for the avgupdate command are described in the following table:

Parameter Description

-o, --online Performs an online update from the Internet; the location where the update files are downloaded from is specified in the AVG Anti- Virus configuration file.

(See section

8. Configuration File for detailed information.) .

-f, --offline Performs an offline update from the location specified in the given path or list (as described in the beginning of this paragraph).

-d, --

download

Only downloads update files without applying them; the download directory is specified in the AVG Anti-Virus configuration file.

(See section

8. Configuration File for detailed information.)

-p, --priority

NUM

Specifies the priority of an update explicitly; the possible priority numbers are:

2 – priority update 3 – recommended update 4 – optional update

-c, --config

FILE

Forces use of a configuration file other than the default one (

/etc/avg.conf). The filename (with the specified path if

necessary) is given by the FILE argument.

-i, --no-diff Even wh en smaller binary diff files are available, only the full update files will be downloaded; this option can be useful when some parts of your AVG for Linux E-mail Server installation are corrupted or missing.

-b, --no-

backup

When this option is selected the update process will not create backups of older files.

-n, --no-

progress

avgupdate does not display update progress information after selecting this option.

-l, --no-log No log file describing the update process will be created when this option is selected (by default, the log file is stored as

opt/grisoft/avg7/var/update/log/avg7upd.log).

www.grisoft.com

AVG Linux Email Server / User Manual

Parameter Description

-a, --no-

daemons

When this option is selected, the AVG for Linux E-mail Server daemons will not be restarted following the update; for some server systems this option can help in avoiding problems with the incorrect restart of daemons.

-m, --

complete

Select this option when your AVG for Linux E-mail Server installation is seriously damaged to repair it.

-r, --restore Restores the previous version of the whole AVG for Linux E-mail Server (before the last update was performed).

-v, --version Displays the program version.

-h, --help Prints a brief overview of the program's options and usage.

Return values of

avgupdate program are:

z 0 – no errors occurred during the update z 1 – nothing new to update z 2 – an error occurred during the update

Some typical examples of

avgupdate use with brief explanations follow:

z $ avgupdate -o

the simple online update

z $ avgupdate -f /tmp/avg/updfiles

performs the update from the files in the

/tmp/avg/udpfiles local directory

z $ avgupdate -o -p 4

performs the optional online update

z $ avgupdate -o -c /home/user/conf/avg/avg.conf

performs the online update according to the configuration file

avg.conf

located in the /home/user/conf/avg/ local directory

z $ avgupdate -o -l -m

performs the online update: downloads and applies the complete update file, and writes no information into the log file

Note: For online help on the avgupdate command type

$ man -l /opt/grisoft/avg7/man/man1/avgupdate.1.gz

in your shell.

www.grisoft.com

AVG Linux Email Server / User Manual

7.3. On-access Scanner

The DAZUKO kernel interface for file access control must be inserted as a module into your kernel in order to enable the on-access scanning using the AVG for Linux E-mail Server engine. You can download the latest version of DAZUKO at

http://www.dazuko.org. It is recommended to download the latest version available

especially if you are running the kernel of major version 2.6 (or higher)! To install the DAZUKO kernel module, follow these instructions:

a) Get your Kernel Source Code

It is highly recommended to build and install a kernel from the actual kernel sources first. Then it is certain that the kernel source code you use to build DAZUKO matches the running kernel. Many Linux distributions provide packages with the kernel source code. If you do not plan building a completely new customized kernel, make sure you install the proper kernel source packages for your distribution.

Note: If you do not have any experience with building the Linux kernel, you should not attempt to install DAZUKO unless you get some information and practice in hacking the Linux kernel internals!

b) Compile DAZUKO

Once the source code for your running kernel is available, you can build DAZUKO. You can download the latest version of DAZUKO at

http://www.dazuko.org. Unpack the downloaded file using the

$ tar –xvzf dazuko-{version}.tar.gz

command and switch to the unpacked directory. Edit the

configure file and change the 0 value to 1 for the

ON_CLOSE_MODIFIED parameter in the MAIN section. Generate a

Makefile

by running the

$ ./configure

command in the directory with the DAZUKO source files. This w ill determine the features of your system needing to be specified in the generated Makefile.

Then you can compile DAZUKO with the

$ make

command. This will create the device driver as well as a couple of example programs. Under Linux 2.2-2.4 the device driver is named

dazuko.o. Under

Linux 2.6 it is named

dazuko.ko.

c) Insert DAZUKO

Having compiled DAZUKO successfully, the final step is to insert the module into the kernel.

www.grisoft.com

AVG Linux Email Server / User Manual

Note: The process of inserting a kernel module may vary according to the particular Linux distribution. Refer to your distribution documentation to resolve possible problems. Also, there can be some differences according to various versions of DAZUKO. Refer to the detailed DAZUKO documentation at

http://www.dazuko.org.

Create the device node for DAZUKO. This can be done executing the command (supposing the device major number is 254 for example reasons)

# mknod -m 600 /dev/dazuko c 254 0

# chown root:root /dev/dazuko

as the root. Also, you have to copy the module (the

dazuko.o or dazuko.ko file) to the

/lib/modules/src/kernel/char directory.

Create a link to module by adding the line

alias char-major-254 dazuko

to the /etc/modules.conf file. Insert the module as the root by executing the command # /sbin/insmod/ dazuko.o or #/sbin/insmod dazuko.ko for Linux 2.2-2.4 or Linux 2.6 kernels respectively. To check if the module has been loaded use the $ cat /proc/modules or $ lsmod | grep dazuko command. If you see 'dazuko' string along with its device major number

(usually 254) in the list of modules, it is successfully installed and inserted.

Note: If you get any warnings or error messages during the above described process, something may be wrong with your kernel source code or configuration. Please refer to the DAZUKO FAQ page at

http://www.dazuko.org for detailed information on what may have happened,

and how to fix the problem.

Once the DAZUKO module is installed and inserted, the AVG for Linux E-mail Server daemons responsible for the on-access scanning will be fully

functional. You need to make sure the daemons are running and restart them if they have been stopped (refer to the following paragraph to see how to do this).

www.grisoft.com

AVG Linux Email Server / User Manual

7.4. Service Signals

Both on-access and e-mail scanning daemons are controlled within common AVG for Linux E-mail Server services. The services can be comprehensively managed

by sending them a signal at once via the

command

on most systems, or directly, using the

command. The options in the square brackets represent the possible signals that can be sent to

the AVG for Linux E-mail Server daemons:

z start – starts the daemons z stop – stops the daemons z restart – restarts the daemons z reload – forces the daemons to reload the internal virus database z status – shows the status of the daemons z condrestart – conditionally restarts the daemons

Note: You can only control the AVG for Linux E-mail Server daemons as root this way!

The on-access scanning performance can be configured using the common AVG for Linux E-mail Server configuration file. (See chapter

8. Configuration File for

detailed information.)

www.grisoft.com

AVG Linux Email Server / User Manual

8. Configuration File

The common configuration of AVG for Linux E-mail Server command line modules is covered in the

avg.conf file, usually located in the /opt/grisoft/avg7/etc

directory. The general syntax of the configuration file is described as follows:

... # comments [<section_name>] <parameter_name> = <value1> <value2> <parameter_name> = <value3> # comments ... [<yet_another_section>] <parameter_for_this_section> = <its_value> ...

The '#' character indicates a comment – the rest of the line following this character is ignored and will not be processed.

The square brackets ('[' and ']' characters) enclose a section name. All entries following the section specification until anot her section specification (or end of file) are considered as configuration options related to the respective section.

The entries for each section consist of the

parameter name and its value (or

values) specified after the '=' character. The values can be either numeric (integer)

or strings. The numeric 1/0 values usually represent enabling/disabling of the respective feature specified by the parameter name.

Multiple values for one parameter can be separated by white space characters (for example space, tabulator, etc.) or by a new line (the parameter name must be given again in this case).

If you are logged in as root, you can change the parameter values directly in the configuration file

avg.conf using any plain text editor (e.g. vi, vim, pico, joe, gedit,

emacs, jed, jedit, ed, …). The configuration file consists of four section s.

8.1. AvgCommon

Configuration of the common features of AVG for Linux E-mail Server memory resident services (daemons) in general:

z runtimeCompression – scanning of files with runtime compression; possible

values are 0 or 1; the default value is 1 (runtime compression scanning enabled)

www.grisoft.com

AVG Linux Email Server / User Manual

heuristicAnalysis – using of heuristic analysis scanning; possible values are 0 or 1, the default value is 0 (heuristic analysis disabled)

z processesArchives – scanning of archives; possible values are 0 or 1; the

default value is 0 (archives scanning disabled)

z syslogFacility – specification of facility used by syslog daemon (refer to the

syslog.conf manual pages for detailed information on the syslog features); possible values are literal string types; the default value is

daemon

z reportPasswordProtectedFiles – reporting of password protected files;

possible values are 0 or 1, the default value is 0 (reporting disabled)

z reportMacros – reporting of macro structures in the scanned files; possible

values are 0 or 1, the default value is 0 (reporting disabled)

z reportLockedFiles – reporting of locked files; possible values are 0 or 1, the

default value is 0 (reporting disabled)

z pupAnalysis – when set to 1, “potentially unwanted programs” are detected

within the on-access scanning; the default is

0 (no detection)

8.2. OnAccessScanner

Configuration of the on-access scanning daemon(s):

z includePath – the list of paths scanned by the on-access scanner (at least

one path is required); possible values are strings according to the path specification syntax; the default value is

/mnt

z excludePath – the list of paths ignored by the on-access scanner; possible

values are strings according to the path specification syntax; the def ault value is

/proc

z numOfDaemons – the number of on-access scanning daemons; possible

values are non-negative integers from 0 to 10; the default value is

specifying the number as 0 will disable the on-access scanning

z scanOnOpen – scanning of the files when being opened; possible values are

0 or 1; the default value is

1 (on open scan enabled)

z scanOnExec – scanning of the files when being executed; possible values are

0 or 1; the default value is

0 (on execute scan disabled)

z scanOnClose– scanning of the files when being closed; possible values are 0

or 1; the default value is

0 (on close scan disabled)

z scanOnCloseModified – scanning of the files when being closed after

modification; possible values are 0 or 1; the default value is

1 (on close

modified files scan enabled)

z excludeFileSuffix – the list of file suffixes ignored by the on-access scanner;

possible values are strings according to suffix specification syntax, example values:

.jpg .gif; the default value is none

8.3. AvgDaemon

Configuration of the AVG for Linux E-mail Server e-mail scanning daemon(s):

z port – port number the daemon listens on; possible values are positive

integers (preferably assigned to unused ports); the default value is

55555

www.grisoft.com

AVG Linux Email Server / User Manual

unixSocketName – the name of the Unix socket used for the e-mail scanning daemon communication purposes; the default value is

/tmp/avg.sock

z address – local IP address the daemon is bound to – should be the same as

the local address of your e-mail server; possible values are numerical strings according to the IP address decimal representation syntax; the default value is

127.0.0.1

z numOfDaemons – the number of daemons; possible values are non-negative

integers, the default value is

2; specifying the number to 0 will disable the

daemon

8.4. AvgUpdate

Configuration of the

avgupdate module:

z location – the location where the update will be performed from; possible

values are strings according to the general URL; the default value is

http://www.grisoft.cz/softw/70/update

z proxy – specification of the proxy server; possible values are strings in the

form of host:port, where host is the address of a proxy server (decimal or alphanumeric address notation, e.g. 192.168.100.99 or proxy.myserver.com) and port is the numeric specification of respective port; to disable the proxy server leave the default

off value

z proxyLogin – specification of the proxy user, enabled only when the proxy

option is enabled as well; possible values are strings in the form of user:password, for example frog:swamp; to disable this feature leave the default

off value

z backupDir – the location of the backup directory that is used for storing the

backup data before performing the update itself; possible values are strings according to the path specification syntax; the default va lue is

/opt/grisoft/avg7/var/update/backup

z preinstallDir – the location of the directory that is used for storing the update

data before installing them (the directory is cleared after completing the update); possible values are strings according to the path specification syntax, the default value is

/opt/grisoft/avg7/var/update/preinstall

z downloadDir – the location of the directory that is used for storing the

downloaded update files (unless the

avgupdate '-d' command line option is specified, the directory is cleared after finishing the update); possible values are strings according to the path specification syntax; the default value is

/opt/grisoft/avg7/var/update/download

z logFile – the location of the update log file; possible values are strings

according to the path specification syntax; by default

/opt/grisoft/avg7/var/update/log/avg7upd.log

z logLevel – the update logging level; possible values are integer numbers from

1 to 3 (the default value is

1):

o 1 – lowest logging level, only the update start/finish information is

recorded

o 2 – medium logging level, some more information on various update

phases is recorded

www.grisoft.com

AVG Linux Email Server / User Manual

o 3 – maximum logging level, detailed information on all update phases is

recorded (useful when an update fails for some unknown reason)

z timeout – specification of the maximum time the download can take (in

seconds); possible values are non-negative integers; the default value is

0 (no

limitation posed upon the downloading time)

www.grisoft.com

AVG Linux Email Server / User Manual

9. FAQ and Technical Support

The FAQ section of the Grisoft website (http://www.grisoft.com) provides answers to most issues that you may encounter while using AVG for Linux E-mail Server.

If you do not find the solution of your problem in the FAQ section or documentation, contact the GRISOFT technical support department via e-mail at

technicalsupport@grisoft.com.

Providing the following information in the e-mail will help our technical support to give you a quick and comprehensive response:

z Basic information (should be included always):

o version of your AVG for Linux E-mail Server (the version can be found

out using the

avgscan command)

o your distribution of Linux (or other UNIX based system version) o your AVG Anti-Virus license number

z Situation dependent information (according to the particular

problem):

o If there is a problem with e-mail processing in general, we need to know

which e-mail server and e-mail content scanner (AMaViS or Qmail- scanner version) you use.

o If some viruses are coming through the e-mail server, send the virus

samples and also the information required in the previous point.

o If there is a problem with updates, set the logging level to 3 in the

/etc/avg.conf file and send us the /etc/avg.conf and /opt/grisoft/avg7/var/update/log/avg7upd.log files. See section

8.4 Configuration File/AvgUpdate for details on the logging level settings.

o If you have some problem with on-access scanner, we need you to tell

us which version of DAZUKO you use. You should also send the /etc/avg.conf file.

o For problems with the system libraries, please refer to section

2.1 Before

Installation/Prerequisites in this document.

o If you experience license number and/or registration problems, send us

your license number and the exact transcript of the command you used for the registration.

o If there is some problem with file system scanning, send us the exact

transcript of the scanning command you have used.

AVG Linux E-mail Server, Anti-Virus 7.1 User Manual

Specifications and Main Features

Frequently Asked Questions

User Manual