MORE THAN SECURITY
www.avira.com
User Manual
Avira AntiVir
UNIX MailGate
Contents
Chapter 1. About this Manual ........................................................................... 3
1.1 Introduction ............................................................................................................................................... 3
1.2 The Structure of the Manual ..................................................................................................................... 4
1.3 Signs and Symbols...................................................................................................................................... 4
1.4 Abbreviations ............................................................................................................................................. 5
Chapter 2. Product Information ....................................................................... 7
2.1 Features ...................................................................................................................................................... 8
2.2 Modules and Operating Mode of AntiVir MailGate................................................................................. 9
2.3 Licensing Concept .................................................................................................................................... 10
2.4 System Requirements .............................................................................................................................. 11
Chapter 3. Milter Mode ................................................................................... 13
3.1 Overview................................................................................................................................................... 13
3.2 AntiVir MailGate (Milter Mode) Features .............................................................................................. 14
3.3 AntiVir MailGate (Milter Mode) Integration in Sendmail..................................................................... 15
Chapter 4. Installation ................................................................................... 17
4.1 Preparing the Installation Files............................................................................................................... 18
4.2 Licensing................................................................................................................................................... 19
4.3 Installation with the Installation Script "install" ................................................................................... 20
4.4 Further Installation Steps, Depending on the MTA............................................................................... 26
4.5 Testing AntiVir MailGate after Installation ........................................................................................... 32
4.6 Installing MailGate Using the Graphical Installation Routine .............................................................. 33
Chapter 5. Operation ...................................................................................... 43
5.1 Starting and Stopping AntiVir MailGate Manually................................................................................ 43
5.2 Updating AntiVir MailGate Manually..................................................................................................... 45
5.3 Parameters for SMTP and Scanner Daemon .......................................................................................... 46
5.4 Queue Manager avq ................................................................................................................................. 47
5.5 Procedures when Detecting Viruses/Unwanted Programs.................................................................... 50
Chapter 6. Configuration ................................................................................ 51
6.1 MailGate Actions when Detecting Viruses/ Unwanted Programs ........................................................ 52
6.2 Configuring avmailgate.conf ................................................................................................................... 53
6.3 Configuring avmailgate.acl ...................................................................................................................... 67
6.4 Virus Warnings: Configuring avmailgate.warn ...................................................................................... 67
6.5 Configuring Report Templates................................................................................................................ 68
6.6 Regular Updates Configuration............................................................................................................... 70
6.7 Configuring Update Reports.................................................................................................................... 73
6.8 Configuring the Spam Filter .................................................................................................................... 74
Chapter 7. Graphical User Interface (GUI) ....................................................... 77
7.1 Overview................................................................................................................................................... 77
7.2 Operating AntiVir MailGate Using the GUI ........................................................................................... 79
7.3 Configuring AntiVir MailGate Using the GUI ........................................................................................ 83
Chapter 8. Service ........................................................................................ 107
8.1 Support ................................................................................................................................................... 107
8.2 Online Shop............................................................................................................................................ 107
8.3 Contact.................................................................................................................................................... 108
Avira GmbH AntiVir MailGate 1
Chapter 9. Appendix ..................................................................................... 109
9.1 Glossary .................................................................................................................................................. 109
9.2 Further Information .............................................................................................................................. 110
9.3 Golden Rules for Protection Against Viruses ....................................................................................... 111
2 AntiVir MailGate Avira GmbH
1About this Manual
In this Chapter you can find an overview of the structure and contents of this
manual.
After a short introduction, you can read information about the following issues:
• The Structure of the Manual – Page 4
• Signs and Symbols – Page 4
• Abbreviations – Page 5
1.1 Introduction
We have includeded in this manual all the information you need on AntiVir
MailGate and it will guide you step by step through installation, configuration and
operation of the software.
The appendix contains a Glossary, which explains the basic terms.
About this Manual
For further information and assistance, please refer to our website, to the Hotline
of our Technical Support and to our regular Newsletter (see Service – Page 107).
Your Avira Team
Avira GmbH AntiVir MailGate 3
About this Manual
1.2 The Structure of the Manual
The manual of your AntiVir software consists of a number of Chapters, providing
the following information:
Chapter Contents
1 About this Manual The structure of the manual, signs and symbols
2 Product Information General information on AntiVir MailGate
3 Milter Mode Presenting the Milter function mode in AntiVir
4 Installation Instructions to install AntiVir MailGate on your
5 Operation Manually start, stop and update AntiVir;
software, its modules, features, system
requirements and licensing
MailGate
system - using a script or the graphical
installation routine.
reactions when viruses and unwanted programs
are detected
6 Configuration Directions for optimum settings of AntiVir
7 Graphical User Interface
(GUI)
8 Service Avira GmbH Support and Service
9 Appendix Glossary of technical terms and abbreviations
1.3 Signs and Symbols
The manual uses the following signs and symbols:
Symbol Meaning
3
X ... shown before a step you have to perform
MailGate on your system
General information on GUI; operation and
configuration of AntiVir MailGate using the
GUI
Golden Rules for protection against viruses
... shown before a condition that must be met prior to
performing an action
... shown before the result that directly follows the preceding
action
... shown before an alert if there is a danger of critical data
loss or hardware damage
... shown before a note containing particularly important
information, e.g. on the steps to be followed
... shown before a tip that makes it easier to understand and
use AntiVir MailGate
4 AntiVir MailGate Avira GmbH
About this Manual
For improved legibility and clear marking, the following types of emphasis are also
used in the text:
Emphasis in text Explanation
Ctrl+Alt Key or key combination
/usr/lib/AntiVir/antivir
ls /usr/lib/AntiVir
Choose component
Select all
http://www.avira.com URLs
Signs and Symbols – Page 4 Cross-reference within the document
1.4 Abbreviations
The manual uses the following abbreviations:
Abbreviation Meaning
ACL Access Control List
FAQ Frequently Asked Question
FQDN Fully Qualified Domain Name
Path and file name
User entries
Elements of the software interface such
as menu items, window titles and
buttons in dialog windows
GPL General Public License
GUI Graphical User Interface
MIME Multipurpose Internet Mail Extensions
MTA Mail Transport Agent
PMS Possible Malicious Software
RFC Request For Comment
SMTP Simple Mail Transfer Protocol
VDF Virus Definition File
Avira GmbH AntiVir MailGate 5
About this Manual
6 AntiVir MailGate Avira GmbH
2Product Information
Email file transfer is a natural part of modern communication and we can no longer
imagine everyday life without it. However, emails frequently also transport viruses
or unwanted programs.
Many of these viruses/unwanted programs were conceived especially to attack
Windows operating systems. However, it must be considered that there is also a
danger for Open Source systems, because UNIX mail servers also transport
malware. This offers an easy opportunity for cyber-attackers to penetrate your
network. Windows clients can be infected and computers of their messaging
partners can also be affected.
Business users increasingly rely on UNIX. However, with free software entering
companies and institutes, the alternative operating systems are increasingly
targeted by virus programmers. Therefore, virus protection on UNIX will still be
needed in the future. This is why we have developed AntiVir MailGate for UNIX.
Product Information
AntiVir MailGate scans all incoming and outgoing emails (including attachments)
on your UNIX mail server. The software can operate on a variety of Mail Transport
Agents (MTAs), such as Sendmail, Postfix, Exim, Qmail and other programs. It
effectively supports common distributions - Red Hat, SuSE, Debian etc..
To start with, two very important tips:
Losing valuable files usually has dramatic consequences. Not even the best antivirus
software can fully protect you against data loss.
X
Ensure that you make regular back-ups of your files.
An anti-virus program can only be reliable and effective if kept up to date.
X
Ensure that you keep your AntiVir MailGate up to date using automatic updates. You
will learn how to do this in this user guide.
Avira GmbH AntiVir MailGate 7
Product Information
2.1 Features
AntiVir MailGate supports a variety of configuration settings to ensure that you
have control of the email traffic on your system.
The essential features of AntiVir MailGate are:
• realtime scan for viruses and unwanted programs;
• scanning of incoming and outgoing emails;
• scanning of mailboxes;
• isolation of suspicious and infected files;
• configurable notification functions for the administrator and for the email
sender and recipient;
• login to the email server logs;
• automatic Internet update for the scan engine and VDFs;
• heuristic detection for macro viruses;
• recognition of all common archive types (with configurable recursion level for
nested archives);
• optional: operation and configuration of AntiVir MailGate using the userfriendly interface (GUI).
8 AntiVir MailGate Avira GmbH
Product Information
2.2 Modules and Operating Mode of AntiVir MailGate
AntiVir MailGate is an SMTP scanner, which scans all incoming and outgoing
emails, including attachments, on your UNIX mail server for viruses/unwanted
programs (see figure below). The program achieves high scanning speed and is easy
to configure.
Apart from SMTP, AntiVir MailGate supports the Sendmail Milter interface.
This store and forward agent divides the work between two programs:
SMTP daemon
The SMTP daemon receives the emails and stores them in the spool directory. This
program can run as an independent server using port 25 (SMTP) or it can be
started by the Internet superdaemons inetd or xinetd.
Scanner and
Forwarder
daemon
The forwarder daemon reads the emails stored in the spool directory, decodes any
attachments and then starts scanning for viruses and unwanted programs.
Depending on the result of the scanning process, clean emails are forwarded, while
infected emails are blocked in the spool directory (rejected).
According to the configuration made in avmailgate.conf, the program also blocks
suspicious emails, such as password-protected archives and fragmented emails, in
the same directory.
You can scan the queue on-demand using the Queue Manager avq (for scanning the
spool directory, see Queue Manager avq – Page 47).
Avira GmbH AntiVir MailGate 9
Product Information
Warnings
The postmaster receives an email containing detailed alerts when viruses,
unwanted programs or suspicious files are detected. The alerts can also be sent to
the sender and recipient of the email. The program contains alert message
templates that you can adjust and use. Apart from these, status reports are
registered in syslog.
GUI
The graphical user interface assists you in operating and configuring AntiVir
MailGate and graphically displays the monitoring process. However, AntiVir
MailGate is fully configurable and functional even without a GUI.
You require Java 1.4.0 or higher in order to use the GUI.
2.3 Licensing Concept
You must have a license to use AntiVir MailGate and accept the license terms
(see http://www.avira.com/documents/general/pdf/en/avira_eula_en.pdf).
There are different license models for using the various functions of AntiVir
MailGate:
• demo version
• evaluation version
• full version
• Convenience Package
Demo Version
Evaluation
Ver sion
Full Version
The license depends on the number of users in the network who are to be protected
by AntiVir MailGate.
The license is contained in a license file named hbedv.key . You will receive it by
email from Avira GmbH. It contains certain data such as the programs you will use
and the period of your license. The same license file may refer to more than one
Avira product.
Without a license file, AntiVir MailGate runs as a demo version. An Avira banner is
inserted in every email. The automatic update function is not available, so that you
will have to download new virus definitions and scan engine versions manually
from our website.
30-day test license for AntiVir UNIX MailGate.
Details of the evaluation version can be found on our website:
http://www.avira.com.
The range of full version features includes:
z AntiVir MailGate versions available by Internet download
z license file by email, to convert the demo version into a full version
z complete installation instructions (digital)
z PDF manuals available for Internet download
z Four weeks installation support, starting from acquisition date
10 AntiVir MailGate Avira GmbH
z Newsletter service (per email)
z Internet update service for program files and VDF
Product Information
Convenience
Package
In addition to the full version license, the Convenience Package includes:
z every three months: free delivery of a boot CD-ROM with the AntiVir Rescue
System and all updated AntiVir products
z complete installation manual (printed) on first delivery
z license file on a floppy disk with the first delivery
z Newsletter service (printed, regular mail delivery)
2.4 System Requirements
For reasons of efficiency, AntiVir MailGate makes the following minimum
requirements of your server (additional memory may be required, depending on
the email traffic, number and size of attachments etc):
The versions for UNIX Server, UNIX Workstation, FreeBSD, OpenBSD and Sun Sparc
Solaris have similar installation and operating procedures (in general, only some file
names may differ, depending on the target operating system).
z Computer i386
z 8 MB free hard disk space for product installation
z 20 MB temporary disk space
z 32 MB free memory space (64 MB recommended)
z Linux with GLIBC or LIBC5; FreeBSD (Intel); OpenBSD (Intel) or Sun Sparc
Solaris
If you want to use the GUI:
z Java 1.4.0 or higher
Avira GmbH AntiVir MailGate 11
Product Information
12 AntiVir MailGate Avira GmbH
3Milter Mode
3.1 Overview
AntiVir Milter has been a stand-alone product up to now. The product has been available
only for Sendmail, using the Sendmail Milter interface. Now, the Milter functionality is
integrated in MailGate.
In order to start MailGate in Milter mode, the option ListenAddress in
avmailgate.conf requires the following syntax:
inet:port@{hostname|ip-address}
Example: inet:3333@localhost
– OR –
Milter Mode
{unix|local}:/path/to/file
Example:
unix:/path/to/file
local:/path/to/file
If necessary, the ForwardTo entry has to be set to the Sendmail binary. If the
default value is correct, the option has to remain unchanged:
ForwardTo /usr/lib/sendmail -oem -oi
AntiVir MailGate will no longer use the avmilter.* files for Milter mode. They have
to be renamed avmailgate.*
To migrate from an older Milter installation to the current AntiVir MailGate
(Milter mode), the file
directory of the product kit.
It is recommended to adjust the file avmailgate.conf instead of renaming the file
avmilter.conf
MILTER_MIGRATION must be used. It is located in the doc
Avira GmbH AntiVir MailGate 13
Milter Mode
3.2 AntiVir MailGate (Milter Mode) Features
AntiVir MailGate (Milter mode) is a plug-in for Sendmail, from version 8.11, and
communicates through Sendmail’s libmilter interface.
It scans all incoming and outgoing emails. Infected emails are not forwarded. A
status notification is shown in syslog. It can notify senders, recipients and
administrators of infections.
Functions
Most of these features also apply to MailGate, even when it is not running in Milter
mode.
z All Sendmail features remain available.
Example: SMTP authentication, anti-relaying and anti-spam
z Simple installation and integration in Sendmail
z Hourly or daily Internet update for scan engine and VDF
z Scanning of incoming and outgoing emails
z Reliable on-access detection of viruses and malware
z Configurable reaction when viruses or malware are detected
z Isolation of infected or suspicious files in a quarantine directory
z Logfile used as email traffic log
z Immediate activation of new VDF
z Heuristic macrovirus detection
z Configurable templates for alerts
z Archive scanning
(the supported archive formats are displayed with antivir --info)
14 AntiVir MailGate Avira GmbH
3.3 AntiVir MailGate (Milter Mode) Integration in Sendmail
3.3.1 Requirement
Sendmail version 8.11 or newer with libmilter interface is required.
Otherwise:
X
Read the README file in libmilter directory of the Sendmail kit
(http://www.sendmail.org).
X
Compile the new version of Sendmail with libmilter interface.
When you want to check, if Sendmail with libmilter interface has been compiled:
sendmail -d0.10 < /dev/null | grep MILTER
3.3.2 Integration
Milter Mode
There are two ways of adding AntiVir MailGate (Milter mode) to Sendmail’s
configuration file sendmail.cf:
z Directly modify sendmail.cf
– OR –
z generate sendmail.cf
Directly modify sendmail.cf
X
Insert the following two lines in the configuration file sendmail.cf:
Xavmilter, S=inet:3333@localhost, F=R,
T=S:2m;R:2m;E:10m
O InputMailFilters=avmilter
Value meaning
z F: determines what should happen if the filter is not available:
– T: emails are temporarily not accepted (error 4XX)
– R: emails are not accepted (error 5XX)
z T: sets the following timeouts:
– C: timeout to set up the connection to filter
– S: timeout while sending information to filter
– R: timeout while reading an answer from filter
– E: timeout between sending the "End of message" and the response from the
filter
Avira GmbH AntiVir MailGate 15
Milter Mode
Change these values if the log displays a notification like the one below:
Milter (avmilter): timeout before data read
Generate sendmail.cf
X
Insert the corresponding lines in the file sendmail.mc
(commands beginning with INPUT must be written in one line):
for sendmail 8.11.x:
define(`_FFR_MILTER´, `true´)
INPUT_MAIL_FILTER(`avmilter´,`S=inet:3333@localhost,
F=R, T=S:2m;R:2m;E:10m´)
for sendmail 8.12.x:
INPUT_MAIL_FILTER(`avmilter´,`S=inet:3333@localhost,
F=R, T=S:2m;R:2m;E:10m´)
X
Generate the file sendmail.cf
Example:
m4 sendmail.mc > /etc/mail/sendmail.cf
16 AntiVir MailGate Avira GmbH
4 Installation
You can find the current version of AntiVir MailGate on the Internet or, if you have
the Convenience Package, you can install the files from the AntiVir CD-ROM.
AntiVir is supplied as a packed archive.
You can install the program on your system using the install script.
Installation
Requirements
You have to be logged in as root in order to install AntiVir MailGate. You also need
an MTA (Sendmail, Postfix, Exim, Qmail etc.) available on your system. We cannot
provide support for problems that do not directly concern AntiVir MailGate.
This section describes an example installation of a standard Sendmail
configuration on a SuSE distribution. If you want to integrate the program with
another MTA or, for example, with Lotus Domino, you can find further
information in the related files (INSTALL.sendmail, INSTALL.exim, INSTALL.qmail,
INSTALL.postfix etc.).
This Chapter contains the following sections:
z Preparing the Installation Files – Page 18
z Licensing – Page 19
z Installation with the Installation Script "install" – Page 20
z Further Installation Steps, Depending on the MTA – Page 26
z Testing AntiVir MailGate after Installation – Page 32
z Installing MailGate Using the Graphical Installation Routine – Page 33
Avira GmbH AntiVir MailGate 17
Installation
4.1 Preparing the Installation Files
Downloading program files from the Internet
X
Download the current files from our website http://www.avira.com to your
local computer. The file name is
antivir-mailgate-prof-<version>.tar.gz (without graphical installation routine) or
antivir-mailgate-linux-gui_installer.tar.gz (with graphical installation routine).
X
Copy the file to a directory of your choice on the computer on which you want
to install MailGate. For example, in /tmp.
Downloading program files from the CD-ROM
X
On the CD-ROM, open
/EN/PRODUCTS/UNIX/MAILGATE/ or
/EN/PRODUCTS/UNIX/GUI_INSTALLERS/
X
Copy the file antivir-mailgate-prof-<version>.tar.gz or
antivir-mailgate-linux-gui_installer.tar.gz to a directory of your choice on the
computer on which you want to install MailGate. For example, in /tmp.
Unpacking program files
We will describe the unpacking of the files without the graphical installation
routine.
X
Go to the temporary directory:
cd /tmp
X
Unpack the archive for the AntiVir kit:
tar xzvf antivir-mailgate-prof-<version>.tar.gz
The directory antivir-mailgate-prof-<version> will be created in the temporary
directory.
18 AntiVir MailGate Avira GmbH
4.2 Licensing
You need a license for AntiVir MailGate in order to use all its features (see
Licensing Concept – Page 10). The license file hbedv.key is delivered on a floppy disk
or by email. It contains information on the scope and period of the license. Without
a license, AntiVir MailGate runs only as a demo version, with restricted
functionality.
Acquiring the license
X
Contact us by telephone or by email (info@avira.de) to obtain a valid license file.
You will receive the license file by email.
X
You can also purchase AntiVir through our Online Shop (for more details,
please visit http://www.avira.com).
Copying the license file
Installation
X
Copy the license file hbedv.key to your installation directory
/tmp/antivir-mailgate-prof-<version>.
You can first install the product even without the license file but it only will run as a demo
version.
You can copy the license file later to the program directory /usr/lib/AntiVir/
Avira GmbH AntiVir MailGate 19
Installation
4.3 Installation with the Installation Script "install"
The install script performs the installation of AntiVir MailGate automatically.
It performs the following tasks:
z checks the integrity of the installation files
z checks for the required authorizations for installation
z checks for an existing version of AntiVir MailGate on the computer
z copies the program files (and overwrites existing, obsolete ones)
z copies configuration files (and keeps existing configuration files)
z optional: installs Internet Updater
z optional: installs the graphical user interface (GUI)
Preparing installation
3 The program files have been downloaded from Internet or CD-ROM and
unpacked.
X
Login as root. Otherwise you do not have the required authorization for
installation and the script returns an error message:
You must be root, to execute this script.
X
Go to the directory where you unpacked AntiVir MailGate kit. For example:
cd /tmp/antivir-mailgate-prof-<version>
20 AntiVir MailGate Avira GmbH
Installing AntiVir MailGate
If the required files and directories are found on your system, the following
message appears during installation:
...
Found existing /etc/avmailgate.conf. Skipping.
...
X
Type:
./install
The installation script starts.
X
You must read the license agreement and agree with it for the installation to
continue.
X
Quit the license agreement file with q.
The following question appears:
Installation
Do you agree to the license terms? [n]
X
Type y and confirm with Enter.
The question about the license file appears:
Enter the path to your key file []
X
Type the path to the license file and press Enter
– OR –
if you want to install MailGate initially as a demo version without a license file:
X
click Enter.
The next question asks if you want to install the automatic Internet Updater:
An internet update daemon is available with version <version> of AntiVir
MailGate. This is a program that will run in the background and automatically
check for updates (internet access is required).
Instead of installing the internet update daemon, you may also manually check
for updates using:
antivir --update
Please read the README file for more information about updating and which
method best suits you.
Would you like to install the internet update daemon? [n]
Avira GmbH AntiVir MailGate 21
Installation
You do not need the Internet Updater in order to obtain the updates. You can start a
manual update with AntiVir at any time via the Internet. For more details, see Updating
AntiVir MailGate Manually – Page 45.
For initial installation, however, it is recommended to install the Internet Updater. You
can deactivate it later in the configuration.
If you want to install the Internet Updater (recommended):
X
Type y and press Enter.
The Internet Updater is installed in /usr/lib/AntiVir. Then you are asked if the
Internet Updater should start automatically:
Would you like the internet update daemon to start automatically? [y]
X
Confirm with Enter. You can deactivate this option later.
X
Then you have to provide the path for the manual pages:
Enter the path where the manual pages will be located [/usr/share/man]
X
Confirm the default path with Enter or type another one.
The following question appears:
Enter the hosts and/or domains that are local:
[<hostname>]:
X
Change the host name, if necessary, and press Enter.
The next question is:
Enter the hosts and networks that are allowed to relay:
[127.0.0.1/8 192.168.0.0/16]:
X
Change the settings if necessary and press Enter.
Then you are asked whether a link should be created in /usr/sbin for the start
script:
Would you like to create a link in /usr/sbin for avmailgate? [y}
22 AntiVir MailGate Avira GmbH
Installation
X
Confirm with Enter or click n.
Then you are asked whether AntiVir MailGate should start automatically:
Would you like AvMailGate to start automatically? [y]
X
Type n and click Enter. You can change this option later
– OR –
confirm the default setting with Enter.
The next question (only on Linux systems) asks whether you want to install
MailGate with the graphical user interface (GUI):
Would you like to install the GUI (+ SMC support)? [y]
AntiVir MailGate includes a GUI, which enables it to monitor on-access activities, to
display log entries and to configure the product. However, MailGate is also fully
functional without the GUI.
If you want to install the GUI:
3 you require Sun Java 1.4.0 or newer on your computer.
X
Press Enter when asked about GUI installation.
The GUI program files are copied.
Then you are asked if you want to configure AntiVir Updater:
Would you like to configure the AntiVir updater now? [y]
X
Confirm the default with Enter.
Here you can supply important information for the Updater (proxy settings,
logs etc.)
Then you have to state whether you want to receive notifications of updates:
Would you like email notification about updates? [n]
X
Confirm the default with Enter.
The next step asks whether the Updater information should be written in a
logfile:
Would you like the updater to log to a custom file? [y]
X
Click Enter.
The script asks for the path and file name:
What will be the log file name with absolute path (it must begin with ’/’)? [/
var/log/avupdater.log]
Avira GmbH AntiVir MailGate 23
Installation
X
Confirm the default with Enter or type another path and file name.
The following question appears:
Does this machine use a HTTP proxy server? [n]
X
Confirm the default with Enter.
A configuration overview appears and the question about saving the settings:
Save configuration settings? [y]
X
Click Enter.
The following message appears:
* SUCCESS *
Configuration successfully saved to.
/etc/avupdater.conf
Press <ENTER> to continue.
X
Click Enter to continue.
If you want to install the GUI:
3 you require Sun Java 1.4.0 or newer on your computer.
X
click Enter when asked about GUI installation.
The GUI program files are copied.
AntiVir MailGate is installed. You will see the following message:
Installation of the following features complete:
AntiVir Engine
AntiVir MailGate
AntiVir GUI
X
Depending on your MTA, proceed with the installation as described in Further
Installation Steps, Depending on the MTA – Page 26.
X
Finally, you can start AntiVir MailGate:
/usr/lib/AntiVir/avmailgate start
24 AntiVir MailGate Avira GmbH
Reinstalling AntiVir MailGate
You can re-launch the install script at any time. There are several possible
situations:
z Install a new version (upgrade). The installation script checks the previous
version and installs the necessary new components.
The configuration settings already made are not overwritten, but inherited (see
Configuration – Page 51).
z Activation or deactivation of the automatic start-up of Internet Updater.
The steps are the same in all cases:
X
Open the directory where you unpacked AntiVir MailGate. For example,
cd /tmp/antivir-mailgate-prof-<version>/
X
Type:
./install
Installation
The installation script runs as described above.
X
Make the changes you need during installation procedure.
AntiVir MailGate is installed with the required settings.
Avira GmbH AntiVir MailGate 25
Installation
4.4 Further Installation Steps, Depending on the MTA
After installing AntiVir MailGate as described above, you have to make some
manual settings, depending on your MTA.
The following part describes Sendmail, Exim, Qmail and Postfix specifics.
Configuring Sendmail
If you are working with Sendmail, we recommend that you use AntiVir MailGate in
Milter mode (see Chapter Milter Mode – Page 13). It guarantees full SMTP functionality
in Sendmail (such as SMTP authentication).
Configuring Exim
AntiVir MailGate runs with Exim version 3.0 or newer.
Content Filter
To detect your Exim version:
X
Type:
exim -bV
There are two ways of integrating AntiVir MailGate with Exim:
z Integrate AntiVir MailGate as a content filter in Exim (recommended)
z Proxy mode
AntiVir MailGate configuration:
X
Modify (or add) the following entries in avmailgate.conf:
ListenAddress 127.0.0.1 port 10024
ForwardTo SMTP: 127.0.0.1 port 10025
X
Restart AntiVir MailGate.
Exim configuration:
X
Modify (or add) the following entries in exim.conf:
# Listen on all interfaces on port 25
# and on 127.0.0.1 port 10025
local_interfaces = 0.0.0.0.25 : 127.0.0.1.10025
Add router entry:
X
Search for the entry begin router in exim.conf and add the following
entries:
# Router for AntiVir MailGate
antivir_mailgate:
debug_print = "R: AntiVir MailGate for
26 AntiVir MailGate Avira GmbH
Installation
$local_part@$domain"
driver = manualroute
transport = antivir_mailgate_transport
route_list = "* localhost byname"
self = send
# do not call this router in the second instance
of Exim
condition = ${if !eq
{$interface_port}{10025}{1}{0}}
Add transport entry:
X
Search for begin transports in exim.conf and add the following lines:
# Transport for AntiVir MailGate
antivir_mailgate_transport:
driver = smtp
Proxy Mode
# connect to port 10024
port = 10024
allow_localhost
X
Restart Exim.
AntiVir MailGate configuration:
X
Modify (or add) the following entries in avmailgate.conf:
ListenAddress 0.0.0.0 port 25
ForwardTo SMTP: 127.0.0.1 port 825
X
Restart AntiVir MailGate.
Exim configuration:
X
Modify (or add) the following entries in exim.conf:
daemon_smtp_port = 825
X
Restart Exim.
Avira GmbH AntiVir MailGate 27
Installation
Configuring Qmail
There are two ways to integrate AntiVir MailGate with Qmail:
z Sendmail wrapper
z Backdoor mechanism
Replace SMTP with SMTP-Backdoor only in the run file. All the other parameters are
examples only.
Sendmail
wrapper
Backdoor
mechanism
You can use Sendmail wrapper, which was supplied with Qmail, to deliver emails
(default). First, go to the Qmail installation folder and activate the wrapper.
X
Activate the Sendmail wrapper in Qmail:
ln -s /var/qmail/bin/sendmail /usr/lib/sendmail
ln -s /var/qmail/bin/sendmail /usr/sbin/sendmail
X
Establish the email forwarding mode. Refer to the file /etc/avmailgate.conf for
the following line:
# Select how mail should be forwarded.
X
Change these entries as below:
# Send mail by piping it thru sendmail (this is the default)
ForwardTo /usr/sbin/sendmail -oem -oi
# Or if you want the mail to be sent by SMTP
# ForwardTo SMTP: localhost port smtp-backdoor
The second possibility sets email delivery on port 825, on which Qmail should be
active. This is done, for example, with inetd.conf (see Qmail installation package).
X
Insert the following line in /etc/services:
smtp-backdoor 825/tcp
X
Establish the email forwarding mode. Look into the file /etc/avmailgate.conf for:
# Select how mail should be forwarded.
X
Change these entries as below:
# ForwardTo /usr/sbin/sendmail -oem -oi
# Or if you want the mail to be sent by SMTP
ForwardTo SMTP: localhost port smtp-backdoor
28 AntiVir MailGate Avira GmbH
Installation
If you use inetd with Qmail:
X
Insert the following line in inetd.conf (one line!):
smtp-backdoor stream tcp nowait qmaild /var/qmail/bin/
tcp-env tcp-env /var/qmail/bin/qmail-smtpd
If you use tcpwrapper with Qmail:
X
Change the Qmail port in /var/qmail/supervise/qmail-smtpd/run. For example,
look for the following lines:
/usr/bin/tcpserver -D -R -v -p -x /etc/tcprules.d/
qmail-smtp.cdb \
-u $QMAILDUID -g $NOFILESGID 0 smtp /var/qmail/bin/
qmail-smtpd 2>&1
X
Edit the lines as follows:
/usr/bin/tcpserver -D -R -v -p -x /etc/tcprules.d/
qmail-smtp.cdb \
-u $QMAILDUID -g $NOFILESGID 0 smtp-backdoor /var/
qmail/bin/qmail-smtpd 2>&1
Avira GmbH AntiVir MailGate 29
Installation
Configuring Postfix
There are two ways of integrating AntiVir MailGate with Postfix:
z Integrate AntiVir MailGate as a content filter in Postfix (recommend)
z AntiVir MailGate listens on port 25 and forwards emails to Postfix
Content Filter
From Postfix snapshot 20000520, it is possible to integrate AntiVir MailGate as a
content filter. The first release with possible content filtering was 20010228.
Proceed as follows:
X
Make the following entries in etc/services:
# Content Filter for postfix
antivir 10024/tcp #Port for smtp daemon
smtp-backdoor 10025/tcp #Port for postfix backdoor
X
Look for the following line in /etc/avmailgate.conf:
# Select interface and port, the smtp daemon will
listen on.
X
Change these entries as below:
# Select interface and port, the smtp daemon will listen
on.
# Port may be given as a number or a service name.
ListenAddress localhost port antivir
# Select how mail should be forwarded.
# Send mail by piping it thru sendmail (this is the default)
# ForwardTo /usr/sbin/sendmail -oem -oi
# Or if you want the mail to be sent by SMTP
ForwardTo SMTP: localhost port smtp-backdoor
If you use SuSE Mail Server II:
X
replace the entry #AllowSourceRouting NO with:
AllowSourceRouting YES
X
stop and restart AntiVir MailGate:
/etc/init.d/avgate restart
X
add the following entry in /etc/postfix/master.cf:
# service type private unpriv chroot wakeup maxproc com-
30 AntiVir MailGate Avira GmbH
Installation
mand + args
# (yes) (yes) (yes) (never) (50)
smtp inet n - n - - smtpd
For AntiVir Mail daemon
localhost:smtp-backdoor inet n - n - - smtpd -o
content_filter= (one line!)
X
check that the first character in the table is not a space or tab.
The entry smtpd -o content_filter deactivates the corresponding line in
a second Postfix instance (avoids mail loops).
X
Add into /etc/postfix/main.cf:
# AntiVir integration
content_filter = smtp:127.0.0.1:10024
X
Restart Postfix:
Listen on
port 25
/etc/init.d/postfix restart
or
/etc/init.d/postfix reload
If Postfix sets the status deferred for emails, after AntiVir MailGate installation:
X
search in main.cf for the line:
defer_transports = local
X
comment it out:
# defer_transports = local
X
look in master.cf for:
smtp inet n - n - - smtpd
X
comment it out:
# smtp inet n - n - - smtpd
It prevents Postfix from listening on SMTP port. SMTP daemon can listen on
this port. Emails forwarded by the SMTP daemon will be processed by the
Sendmail wrapper /usr/lib/sendmail (delivered by Postfix).
X
Restart Postfix:
/etc/init.d/postfix restart
or
/etc/init.d/postfix reload
Avira GmbH AntiVir MailGate 31
Installation
4.5 Testing AntiVir MailGate after Installation
After installing AntiVir MailGate, it is recommended that you test its functionality.
To do this, you can use a test virus, called Eicar, which is recognized by all virus
scanners. This will not cause any damage but will force the program to react when
an email scan is performed if the installation (and configuration) is correct.
X
Copy the following string to a file:
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TESTFILE!$H+H*
– OR –
download the Eicar file from the website http://www.eicar.com
X
Send this file as an attachment to a test email for AntiVir MailGate.
X
Check the reactions in the directory /var/spool/avmailgate/rejected.
X
Check the messages AntiVir MailGate sent to the logfile or syslog.
32 AntiVir MailGate Avira GmbH
Installation
4.6 Installing MailGate Using the Graphical Installation Routine
You can easily install AntiVir MailGate using a graphical installation routine. You
have to download the corresponding file, as mentioned in Preparing the
Installation Files – Page 18.
The graphical installation routine serves only for installation. It is not related to the GUI,
which enables the operation and configuration of AntiVir MailGate.
The graphical installation routine for AntiVir WebGate runs only on Linux. It requires
Java 1.4.0 or higher.
3 The program file is unpacked and saved in the directory:
/tmp/antivir-mailgate-linux-gui_installer
X
Open the directory and type:
./install
A welcome text with a short description of the program appears:
X
Click Next.
Avira GmbH AntiVir MailGate 33
Installation
You will see the license terms window:
In order to continue the installation, you have to accept the license agreement. If
Disagree is selected, the installation cannot continue.
X
Select Agree and click Next.
The following window is displayed:
There are three ways to install MailGate:
z Express setup: the program is installed with basic settings.
z Custom setup: the program is installed according to the user’s options.
z GUI only: only the GUI is installed in usr/lib/AntiVir.
34 AntiVir MailGate Avira GmbH
Express setup
Installation
The program is installed with the following basic settings:
z "MailGate" (Main Program) and "AntiVir" (AntiVir Search Engine) are installed
in the directory /usr/lib/AntiVir
z VDFs are installed in /usr/lib/AntiVir
z the binary avmailgate.bin is installed in:
/usr/lib/AntiVir/avmailgate.bin
z the automatic Internet Updater is not installed
z GUI support is activated
z MailGate will start automatically when booting
z the license file is not copied, meaning that MailGate runs as a demo version
X
Select Express setup and click Install.
All settings and further instructions appear in a window.
X
Click Next.
The program is installed.
X
Click Done in the final window to complete the installation.
Avira GmbH AntiVir MailGate 35
Installation
Custom setup
You can install the program with user-defined settings.
X
Select Custom setup and click Next.
The following window asks which mail server will be used (Postfix, Sendmail,
Exim, Qmail etc.):
X
Select your mail server and click Next.
The following window asks if you want to activate the GUI support (entry in
the file avmailgate.conf):
X
Select Yes or No and click Next.
36 AntiVir MailGate Avira GmbH
Installation
Then you must specify whether you want to install the automatic Internet
Updater:
If you wish to install the Internet Updater:
X
Select Yes and click Next (in this case, you are asked if you want the Internet
Updater to start automatically when the computer is booted).
The next window asks whether the license file is to be copied:
X
Follow the instructions and then click Next.
Avira GmbH AntiVir MailGate 37
Installation
The next window asks whether MailGate should start automatically when the
computer is booted:
X
Select Yes or No and click Next.
A window will display the settings and further instructions:
X
Click Install.
The program is installed.
38 AntiVir MailGate Avira GmbH
GUI only
Choose this option if you wish to install only the GUI.
X
Select GUI only and click Next.
The GUI is installed in the following directory:
/usr/lib/AntiVir
All settings and further instructions appear in a window.
X
Click Install.
The GUI is installed.
Installation
Avira GmbH AntiVir MailGate 39
Installation
Completing the Installation
Following any installation type you selected, a window will list the installation
steps performed:
X
Click Next.
The following window appears only if you selected a mail server at the
beginning of the installation:
You can either follow the instructions of the selected mail server "step by step" or
read the entire manual at once. The installation instructions differ according to the
mail server.
40 AntiVir MailGate Avira GmbH
An example for Postfix:
X
Select Go through the MANUAL step by step and click Next.
Example Postfix: the following window appears:
Installation
X
Click Next.
Another window is displayed:
If you want to start the GUI directly:
X
activate the option Start GUI now and click Done.
The installation is completed.
Avira GmbH AntiVir MailGate 41
Installation
42 AntiVir MailGate Avira GmbH
5Operation
After concluding installation and configuration and when AntiVir MailGate is
running, MailGate guarantees continuous monitoring of your system. During
operation you might have to make occasional changes in settings, as described in
Configuration – Page 51.
In some cases, it may be necessary to operate AntiVir MailGate manually or to
process the emails filtered by AntiVir MailGate manually. This Chapter describes:
z Starting and Stopping AntiVir MailGate Manually – Page 43
z Updating AntiVir MailGate Manually – Page 45
z Parameters for SMTP and Scanner Daemon – Page 46
z Queue Manager avq – Page 47
In addition, you will find information on:
z Procedures when Detecting Viruses/Unwanted Programs – Page 50
Operation
5.1 Starting and Stopping AntiVir MailGate Manually
If you have installed AntiVir MailGate as described in Installation – Page 17, the
program is automatically started and stopped by the system.
However, you may need to start and stop AntiVir MailGate manually. Any changes
in configuration files must be followed by a restart for activation.
The script /usr/lib/AntiVir/avmailgate enables starting and stopping the mailgate
daemon.
You must login as root or you must have the required access rights to start or stop AntiVir
MailGate manually.
Avira GmbH AntiVir MailGate 43
Operation
Starting AntiVir MailGate
X
Type:
/usr/lib/AntiVir/avmailgate start
The program starts with the following message:
Starting AntiVir: avmailgate.
Stopping AntiVir MailGate
X
Type:
/usr/lib/AntiVir/avmailgate stop
The program stops with the following message:
Stopping AntiVir: avmailgate.
Restarting AntiVir MailGate
This happens, for example, after making changes in configuration scripts.
X
Type:
/usr/lib/AntiVir/avmailgate restart
The program restarts after showing the following message:
Stopping AntiVir: avmailgate.
Starting AntiVir: avmailgate.
Showing AntiVir MailGate status
X
Type:
/usr/lib/AntiVir/avmailgate status
The program shows information on the MailGate daemons:
AntiVir Status: avmailgate running.
44 AntiVir MailGate Avira GmbH
5.2 Updating AntiVir MailGate Manually
You can update AntiVir manually at any time.
It is recommended to run AntiVir as root while updating.
Advantage: any running processes of AntiVir daemons (such as AntiVir Guard,
SAVAPI, MailGate) are automatically updated with the current antivirus files
without interrupting the running scan processes. It is thus ensured that all files are
scanned.
If AntiVir does not run as root during updating, it does not have the necessary
rights to restart AntiVir daemons. The restart has to be made manually, as root.
If you want to update AntiVir:
X
type:
/usr/lib/AntiVir/antivir --update
If you just want to check for a new AntiVir version without updating AntiVir:
X
type:
Operation
/usr/lib/AntiVir/antivir --update --check
Avira GmbH AntiVir MailGate 45
Operation
5.3 Parameters for SMTP and Scanner Daemon
The following tables describe the possible command line parameters that overrule
avmailgate.conf
Parameters for avmailgate.bin
Parameter Description
-V or --version Shows the version number
-C config-file Defines an alternative configuration file instead of
-A acl-file Defines an alternative acl file instead of the default setting /etc/
-i The SMTP daemon runs in inetd mode with SMTP conversation
settings.
/etc/avmailgate.conf
avmailgate.acl
via stdin and stdout. For more information, see inetd(8).
-p port Defines the port on which SMTP daemon is listening instead of
the normal SMTP port (25).
The following options are used during debugging:
Parameter Description
-D debug-level Sets debug level.
-R remote.host Defines the remote host domain name
(default: -i)
-r remote-ip-addr Defines the remote host IP address (aaa.bbb.ccc.ddd)
(default: -i)
-q port Defines the remote host TCP port
46 AntiVir MailGate Avira GmbH
5.4 Queue Manager avq
The Queue Manager avq is integrated in avmailgate.bin. The Queue Manager
enables manipulation of the AntiVir MailGate spool directory
/var/spool/avmailgate/ and its sub-directories. Here you can see and modify the
status of the pending emails (see MailGate Actions when Detecting Viruses/
Unwanted Programs – Page 52).
Email status in queue
X
Type:
/usr/lib/AntiVir/avmailgate.bin --avq
The status for all emails in the queue is displayed.
This command corresponds to
/usr/lib/AntiVir/avmailgate.bin --avq --list
Operation
In the first row you will see the name of the displayed queue. For example:
Queue: rejected.
At the end of the list, you will see the number of emails in the queue:
5 mails in the rejected queue.
The Queue Manager shows the following status information for the emails:
z --> Not processed yet
z --> OK
z --> MIME problem (Recursion too deep etc. )
z --> Found e.g. (1x) Eicar Test Signature (type: virus)
The following status information is displayed, according to the spam filter results
(see Configuring the Spam Filter – Page 74):
z --> Outbreak detected
z --> Dangerous attachment found
z --> Dangerous iframe found
z --> Dangerous alert found
Avira GmbH AntiVir MailGate 47
Operation
You can control the outcome with the following parameters after --avq (the Help
provides more parameters, which you can call with --avq --help).
You can apply the following parameters to the outcome:
Parameter Description
--queue=incoming Shows the emails in the incoming queue
--queue=outgoing Shows the emails in the outgoing queue
--list=all Shows all queues
Deleting emails from queue
Deleting emails from the queue is important in the event of infected emails. Forwarded
emails are automatically deleted from the queue.
You have to delete the emails from the rejected queue manually.
To delete denied emails immediately, you can use the option ExternalProgram in
avmailgate.conf. For example:
/usr/lib/AntiVir/rm_rejected.sh
rm_rejected.sh:
#!/bin/sh
/usr/lib/AntiVir/avmailgate.bin --avq --remove=$1
X
Find out the ID of the email. AntiVir MailGate indicates the ID of the email in
its logs and in the email sent to the postmaster.
X
Type the command (where ID is the ID of the infected email):
/usr/lib/AntiVir/avmailgate.bin --avq --remove=ID
The email is deleted from the queue.
You can use the following parameters when deleting:
Parameter Description
--remove=26158-2212B237 Deletes the email with the given ID.
--remove=all Deletes all emails. Before deleting, an alert appears to confirm
the action.
--flush Immediately empties the incoming and outgoing queue.
48 AntiVir MailGate Avira GmbH
Forcing email forwarding
This procedure may forward potentially dangerous viruses.
X
Always check which email is going to be forwarded.
X
Find out the ID of the email. AntiVir MailGate indicates the ID of the infected
email in its logs and in the email sent to the postmaster.
X
Type the command (where ID is the ID of the infected email):
/usr/lib/AntiVir/avmailgate.bin --avq --deliver=ID
The email is delivered, whatever the virus scanner reports, and it is deleted
from the queue.
Operation
Avira GmbH AntiVir MailGate 49
Operation
5.5 Procedures when Detecting Viruses/Unwanted Programs
If configured correctly, AntiVir MailGate has already automatically carried out all
important anti-virus tasks on your system:
z Infected emails are not forwarded.
z Infected emails are moved to /var/spool/avmailgate/rejected (or to another
directory, specified in avmailgate.conf), where data file (df-) and control file (vfor mf -) are located. For further information, see MailGate Actions when
Detecting Viruses/ Unwanted Programs – Page 52.
z Data files can contain emails in which viruses/unwanted programs were
detected. These can be directly deleted, together with the control file, or they
can be handled using Queue Manager script aiq.
z According to the avmailgate.conf settings, postmaster can send alerts to senders
and/or recipients of infected emails.
z According to the avmailgate.conf settings, infected files can be further processed
by external programs or scripts.
These procedures avoid the danger of spreading infection.
You should always perform the following steps:
X
Try to detect the way the virus/unwanted program infiltrated your system.
X
Perform targeted scanning on the data storage supports used.
X
Inform your team, superiors or partners.
X
Inform your system administrator and security provider.
Submit Infected Files to Avira GmbH
X
Please send us the viruses, unwanted programs and suspicious files that our
product does not yet recognize or detect. Send us the virus or unwanted
program packed in a password-protected archive (PGP, gzip, WinZIP, PKZip,
Arj), attached to an email message, to virus@avira.com.
When packing, use the password virus. In this way, the file will not be deleted by virus
scanners on an email gateway.
50 AntiVir MailGate Avira GmbH
6 Configuration
You can adjust AntiVir MailGate for optimum performance on your system.
Immediately after installation with install script, the most important settings are
suggested and you can make changes at any time.
In this section, you will be guided step by step through the configuration process.
It contains the following sections:
z MailGate Actions when Detecting Viruses/ Unwanted Programs – Page 52
z Configuring avmailgate.conf – Page 53
z Configuring avmailgate.acl – Page 67
z Virus Warnings: Configuring avmailgate.warn – Page 67
z Configuring Report Templates – Page 68
z Regular Updates Configuration – Page 70
z Configuring Update Reports – Page 73
Configuration
z Configuring the Spam Filter – Page 74
The configuration files are read when the program starts. It will ignore empty lines or
lines beginning with #.
They are provided with default values, which are suitable for most set-ups. Some entries
are deactivated or commented out using # and they can be activated by deleting the #
sign.
Avira GmbH AntiVir MailGate 51
Configuration
6.1 MailGate Actions when Detecting Viruses/ Unwanted Programs
AntiVir MailGate isolates infected emails in "quarantine". Depending on the
configuration, a message about the detection of a virus/unwanted program is sent
to postmaster and/or the sender and/or recipient of the email. These parameters
can be set in the file avmailgate.conf (see Configuring avmailgate.conf – Page 53).
Spool
directories
Spool files
The spool directory (default: /var/spool/avmailgate/) contains three subdirectories:
z incoming: incoming emails that must be scanned.
z outgoing: scanned emails that can be forwarded.
z rejected: emails containing a virus/unwanted program, or classified as
problematic due to a MIME error, for example.
In these directories, each email is represented by two files:
z data file
z control file
The name of the data file begins with df- and contains an ID (for example 325570BE692EB). The control file has the same ID, but according to its status its name
begins with:
z xf-: control file has just been processed;
z qf-: the email is to be subjected to a virus scan;
z Qf-: the email is to be forwarded without scanning;
Example
z vf-: the email contains a virus/unwanted program;
z mf-: the email has a MIME problem.
z Data file: df-32557-0BE692EB
z Corresponding control file: qf-32557-0BE692EB
52 AntiVir MailGate Avira GmbH
Configuration
Spool files
processing
If there was a virus/unwanted program detection, the directory /var/spool/
avmailgate/rejected/
z df-file
z vf-file or mf-file
contains:
These files can be processed by external programs or scripts, such as those set by
the ExternalProgram parameter (see Configuring avmailgate.conf – Page 53).
If no virus/unwanted program is detected, data files and control files are deleted
after scanning and sending the email.
6.2 Configuring avmailgate.conf
The configuration file avmailgate.conf contains numerous parameters for working
with AntiVir MailGate.
Configuration
procedure
X
Edit avmailgate.conf according to your preferences.
X
Restart MailGate to activate the new settings:
/usr/lib/AntiVir/avmailgate restart
The entries in avmailgate.conf are described below, in thematic groups. These
entries only influence the actions of AntiVir MailGate and not the other AntiVir
programs. You can edit these settings more easily with the graphical user interface,
as described in Configuring AntiVir MailGate Using the GUI – Page 83.
Setting users and directories
User, Group
Postmaster
Users/Group:
The users and group for MailGate processes (they should not be
User uucp
Group antivir
If these are modified, the access rights of the relevant directories must also be
changed.
Postmaster:
Receives alerts about concerning viruses/unwanted programs, as well as other
notifications:
root).
Postmaster postmaster
Avira GmbH AntiVir MailGate 53
Configuration
MyHostName
SpoolDir
AntiVirDir
Host name:
FQDN (Fully Qualified Domain Name) of the local host.
If it is commented out, the default setting is given by gethostname(2).
Otherwise, the local host is the default:
MyHostName localhost
Spool directory:
Emails are kept in the sub-directories incoming, rejected and outgoing while being
processed.
The spool directory must belong to the user defined under User and the associated
group and must only be accessed by this user (mode=700).
SpoolDir /var/spool/avmailgate
AntiVir directory:
The directory with AntiVir main program, including virus definition file antivir.vdf
and the license file:
AntiVirDir /usr/lib/AntiVir
Temporary Dir
MatchMail
AddressFor
Local
SMTPBanner
Temporary directory:
This contains temporary files (such as attachments currently being scanned for
viruses or unwanted programs). Sufficient space is required for unpacked
attachments.
TemporaryDir /var/tmp
or
TemporaryDir /tmp
Check domain name:
This option determines whether the domain names of RECIPIENT, SENDER or
BOTH addresses should be matched with the entries in the local:- section in
avmailgate.acl
For more information, see Configuring avmailgate.acl – Page 67.
MatchMailAddressForLocal RECIPIENT
SMTP banner:
Sets the headers sent by MailGate. You can edit the text if you do not want to reveal
the type of security software, for example.
SMTPBanner "AntiVir MailGate"
54 AntiVir MailGate Avira GmbH
Configuration
PidDir
Syslog
Facility
LogFile
PID directory:
This directory saves the PID files for MailGate’s main processes.
PidDir /var/tmp
or
PidDir /tmp
Syslog facility sets the log category that Syslog should apply for MailGate
messages.
SyslogFacility mail
Logfile:
It must contain the full path to the log file. Apart from the log file, entries will also
be sent to syslog.
If LogFile is set to NO, no log file is used. The entries will still be sent to syslog.
LogFile /var/log/avmailgate.log
– OR –
LogFile NO
Configuring connections
Listen Address
MaxIncoming
Connections
IP address:
The address and the port on which the SMTP daemon listens. AntiVir MailGate
listens on all network cards (by 0.0.0.0) or a specific IP address can be defined. If
you are uncertain, you can retain the default setting:
ListenAddress 0.0.0.0 port 25
You can start AntiVir MailGate in Milter mode using a different syntax. For more details,
see Chapter Milter Mode – Page 13.
Maximum number of simultaneous connections:
Sets the number of simultaneous connections from remote sites. For example, you
can set the maximum number of simultaneously incoming emails to 100. The zero
value (default setting) deactivates this function, so that the number is unlimited.
MaxIncomingConnections 0
SMTP
Timeout
SMTP timeout:
Defines the maximum timeout in seconds for SMTP connections.
SMTPTimeout 300
Avira GmbH AntiVir MailGate 55
Configuration
MaxMessage
Size
MinFree Blocks
Max
Recipients
PerMessage
RefuseEmpty
MailFrom
Maximum message size:
A value greater than 0 means that only emails up to the given size are scanned.
Larger emails are rejected. If the value is 0, all messages of any size are scanned.
e.g.: 4kB, 3MB, 2GB.
MaxMessageSize 0
Minimum free system space:
AntiVir MailGate blocks incoming connections if free hard disk space is smaller
than the given value.
MinFreeBlocks 100
Maximum number of recipients per email:
Defines the maximum number of recipients for an email. The 0 value deactivates
this option.
MaxRecipientsPerMessage 100
Reject emails with no sender name:
It is possible to receive messages without the sender's name. The default setting is
NO, so that the SMTP server accepts all incoming emails. This default setting
should not be changed.
RefuseEmptyMailFrom NO
RFC2821, RFC821 and RFC2505 recommend that all emails (even without the sender's
address) should be accepted by an SMTP server. However, it is recommended not to
change the default setting for the parameter RefuseEmptyMailFrom.
Handling email addresses
AllowSource
Routing
InEnvelope
Addresses
BangIs
Allow source routing:
Source routing has the following address syntax:
@ONE,@TWO:JOE@THREE
This address sets the route for the email: it passes through ONE and TWO and it is
finally delivered to JOE on host THREE.
This option specifies whether all except JOE@THREE should be excluded (NO) or
whether the address should be retained (YES).
AllowSourceRouting NO
Exclamation mark in envelope address:
If REFUSED is set and there is an "!" in the recipient's address, the message is
rejected.
If IGNORED is set, "!" is treated as a normal sign in the recipient's address.
If INTERPRETED is set, the recipient's address is transformed into RFC821
56 AntiVir MailGate Avira GmbH
Configuration
standard form. For example, the address
hostA!hostB!hostC!user
is transformed into
hostA,@hostB:user@hostC
If source routing is allowed, the email is sent to hostA, otherwise to hostC.
InEnvelopeAddressesBangIs REFUSED
InEnvelope
Addresses
PercentIs
AcceptLoose
DomainName
Percent sign in envelope address:
If REFUSED is set and a '%' sign is in the recipient's address, the message is
rejected.
If IGNORED is set, '%' is treated as a normal sign in the address.
If INTERPRETED is set, the recipient's address is transformed into RFC821
standard form. For example, the address
user%hostC%hostB@hostA
is transformed into
@hostA,@hostB:user@hostC
If source routing is allowed, the email is sent to hostA, otherwise to hostC.
InEnvelopeAddressesPercentIs REFUSED
Checking email domain syntax:
A domain name must contain the following characters only:
[-.0-9A-Za-z].
The parameter AcceptLooseDomainName also allows incorrect domain names.
If the setting is NO and the domain name for message delivery is not correct
(depending on source routing), the message is rejected.
If the setting is YES, the domain name is not checked. Therefore, even if the
domain is incorrect, the email is forwarded.
AcceptLooseDomainName NO
AddressFilter
Filtering email addresses:
This option can activate/deactivate the address filter. The default setting is NO, i.e.
no address filter is used with the standard installation.
AddressFilter YES
To be able to use the address filter, the following files are necessary:
/etc/avmailgate.ignore
and
/etc/avmailgate.scan
Avira GmbH AntiVir MailGate 57
Configuration
These files contain lines with email addresses and optional S/s (sender) and/or
R/r (recipient) flags. The given email addresses are checked only by SMTP protocol
(MAIL FROM and RCPT TO). The email addresses in the email header are ignored.
The lists are checked. Checking begins with the first list on FilterTableOrder.
When a match is found, the checking is terminated and the configured action
performed.
According to the result, the procedures are:
z if there is no match in the first list, the next list is checked.
z if there is no match in the second list either, the email is scanned.
z if there is a match in the ignore list, the email is not scanned.
z if there is a match in the scan list, the email is scanned.
The email addresses must have Perl-compatible regular expressions, such as:
/abc/
/^abc/
/xyz/i
/^abc@def\.tld/
Example:
/etc/avmailgate.ignore contains the following lines:
/^somebody@somewhere\.tld$/ SR
/^virus@firm/ R
/^abc@def.*\.tld/i
If the address is somebody@somewhere.tld, the email is not scanned.
If the recipient address is virus@firm*, the email is not scanned. In this case, the R
flag is optional:
/^virus@firm/ R is equal to /^virus@firm/.
When starting AntiVir MailGate, maillog will indicate whether the address filter
is active or not:
addressfilter is active
table order is: ignore,scan
or
addressfilter is not active
Filter
TableOrder
Scanning order of the filter table:
This option can be used only if AddressFilter is active (AddressFilter YES).
The possible parameters are:
scan,ignore
or
ignore,scan
58 AntiVir MailGate Avira GmbH
Forwarding emails
Configuration
SMTP
Greeting
Timeout
SMTPHelo
Timeout
SMTP
MailFrom
Timeout
SMTP
Rcpt
Timeout
SMTP
Data
Timeout
Defines the maximum timeout, in seconds, for receiving the greeting message
from the remote host.
SMTPGreetingTimeout 300
Defines the maximum timeout, in seconds, for receiving a reply to the SMTP HELO
command.
SMTPHeloTimeout 300
Defines the maximum timeout, in seconds, for receiving a reply to the MAIL FROM
command.
SMTPMailFromTimeout300
Defines the maximum timeout, in seconds, for receiving a reply to the RCPT TO
command.
SMTPRcptTimeout 300
Defines the maximum timeout, in seconds, for receiving a reply to the DATA
command.
SMTPDataTimeout 120
SMTP
DataBlock
Timeout
SMTP
DataPeriod
Timeout
PollPeriod
ScanTimeout
Max
Forwarders
Defines the maximum timeout, in seconds, for sending individual data blocks.
SMTPDataBlockTimeout 180
Defines the maximum timeout, in seconds, for receiving a reply to the final dot of
the DATA command and QUIT command after sending the message.
SMTPDataPeriodTimeout 600
Scanning queue:
Sets the time, in seconds, for the program to scan the emails queue for viruses and
malware.
PollPeriod 60
Maximum time for email scanning:
Defines maximum time for email scanning, in seconds:
ScanTimeout 300
Maximum number for the forwarder:
Maximum number of simultaneous forwarding processes. The value depends on
the efficiency of your email system and on the quality of your email connection
(default value: 10).
MaxForwarders 10
Avira GmbH AntiVir MailGate 59
Configuration
ForwardTo
Max
Attachments
Block
Suspicious
Mime
Forwarder:
Defines how emails should be sent (default: by Sendmail).
ForwardTo /usr/lib/sendmail -oem -oi
The email can also be sent by SMTP:
ForwardTo SMTP: localhost port 825
or
localhost port smtp-backdoor
The SMTP setting applies only to MailGate in SMTP mode. In Milter mode, it can only
be forwarded by the program. Therefore, the valid entry is:
ForwardTo /path/to/file
Maximum number of email attachments (MIME):
Defines the maximum number of attachments for a single MIME email.
MaxAttachments 100
Blocking suspicious emails (MIME):
Blocks suspicious MIME emails. An email is classified as suspicious if it exceeds the
maximum recursion level or the maximum attachment number (default setting:
NO).
BlockSuspiciousMime NO
Block
Fragmented
Message
Blocking fragmented emails:
Blocks fragmented emails. For further information, see "Message Fragmentation
and Reassembly", RFC 2046, http://www.faqs.org/rfcs/rfc2046.html, paragraph
5.2.2.1).
BlockFragmentedMessage NO
ForwardAll
EmailAs MIME
Forwarding emails as MIME:
Even if not in MIME, emails can be transformed into MIME emails. They have a
MIME header with content type: text/plain, content disposition: inline and
content encoding: 7 bit or 8 bit. "Encoding" depends on the original email.
If the setting is NO, non-MIME emails are sent without further processing.
If the setting is YES, non-MIME emails are transformed into MIME emails.
ForwardAllEmailAsMIME NO
Sending notifications
In addition to avmailgate.conf, you can use avmailgate.warn for configuration (see
Virus Warnings: Configuring avmailgate.warn – Page 67).
60 AntiVir MailGate Avira GmbH
Configuration
Expose
Recipient
Alerts
Expose
SenderAlerts
Sending alerts to recipients of suspicious emails:
You can send alerts of viruses and unwanted programs to recipients. The available
values are:
z NO: the recipient will receive no virus alert.
z LOCAL: alert messages are sent only if the recipient is a local user of your
domain. Set the option in avmailgate.acl to local.
z YES: the recipient always receives virus alerts.
ExposeRecipientAlerts LOCAL
Sending alerts to senders of concerning emails:
You can send alerts about viruses and unwanted programs to senders. The
available values are:
z NO: the sender will receive no virus alert.
z LOCAL: alert messages are sent only if the sender is local user in your domain.
Set the option in avmailgate.acl to local.
z YES: the sender always receives virus alerts for the concerning emails.
Expose
Postmaster
Alerts
NotifyEnd
OfLicense
AlertsUser
Bounce
MessageUser
ExposeSenderAlerts LOCAL
Sending alerts to postmaster:
Sends alerts about viruses or unwanted programs to the postmaster.
ExposePostmasterAlerts YES
Information on license expiry date:
Sends a message to postmaster close to the license expiration date (given in days).
The 0 value means no alert.
NotifyEndOfLicense 10
Warning recipients:
Name or email address of the recipients to be warned (if a virus/unwanted program
is detected in an email):
AlertsUser AvMailGate
or
AlertsUser AvMailGate@mailserver.mydomain.tld
Recipient for email failure:
This is the user that receives email failure reports when an email cannot be sent by
MTA.
BounceMessageUser MAILER-DAEMON
Avira GmbH AntiVir MailGate 61
Configuration
Bounce
Message
SizeBody
Size of the email failure (mail body):
Sets the size in bytes from the original mail body, to be returned by bounce mail.
The value 0 means no limit is set.
e.g.: 4kB, 3MB, 2GB.
BounceMessageSizeBody 0
Bounce
Message
SizeHeader
Size of the email failure (mail header):
Sets the size in bytes from the original mail header, to be returned by bounce mail.
The value 0 means no limit is set.
e.g.: 2kB (2 Kilobytes), 3MB (3 Megabytes).
BounceMessageSizeHeader 0
Adding information to forwarded emails
Using the following parameters, you can add status information to forwarded
emails:
AddStatus
InBody
Status information in email body:
If the setting is NO, the email contains no additional information.
MaxMessage
SizeStatus
AddXHeader
If the setting is YES:
z in the template directory, there is a body-state file containing user-defined
text that is added to the email (see Configuring Report Templates – Page 68).
If the body-state file does not exist, a default text is inserted.
AddStatusInBody could also be the name of a file. In this case, the contents of
the file are added.
AddStatusInBody NO
Status text:
If the option
AddStatusInBody is set to YES, no status text is added to an email
that exceeds the given size value.
e.g.: 4kB, 3MB, 2GB.
MaxMessageSizeStatus 0
Adding X header:
If the setting is YES, information on scan status will be included in the header of
the email. For example: X-AntiVirus: checked by AntiVir MailGate...
The text cannot be modified.
AddXHeader YES
AddReceived
ByHeader
Adding "received by" header:
If the setting is YES, the scanned email contains a note on incoming time.
AddReceivedByHeader YES
62 AntiVir MailGate Avira GmbH
Configuration
MaxHop
Count
Add
Precedence
Header
AddHeaderTo
Notice
UseProxy
Avoids mail loops. If more "received:" lines appear in the header, the email is
blocked.
MaxHopCount 100
Adding precedence header:
If the setting is YES, the email contains the following line in the headers:
Precedence: junk. Programs that are set to respond automatically to incoming
emails (e.g.: vacation) would not react to this report. YES and NO entries can be
replaced by specific text.
AddPrecedenceHeader NO
Adding email header for postmaster:
You can add the headers of the concerning email to the alert email to the
postmaster. The value is YES or NO.
AddHeaderToNotice NO
Optimizing scans:
If you use a certain pool for AntiVir scanner, the scans can be more effective with
the proxy option in SAVAPI. The size of the pool must be determined exactly,
because it can increase the throughput: too many scanners use too many resources
and do not increase performance, while too few scanners determine SAVAPI
applications to wait unnecessarily for a long time. Possible parameters are YES and
NO.
Proxy
Scanners
Proxy
Connections
UseProxy NO
Number of AntiVir scanners:
Establishing the number of AnitVir scanners in pool (see UseProxy).
ProxyScanners 8
Simultaneous proxy connections:
Establishing the maximum number of simultaneous connections between AntiVir
MailGate and scanner pool.
ProxyConnections 32
Avira GmbH AntiVir MailGate 63
Configuration
Scanning files in archived attachments
ScanIn Archive
Archive
MaxSize
Scan in archives:
If the setting is NO, the archives are not scanned for viruses/unwanted programs.
If the setting is YES, all files in archives are unpacked and scanned, depending on
the settings for ArchiveMaxSize, ArchiveMaxRecursion and
ArchiveMaxRatio.
ScanInArchive YES
Maximum unpacked size of archived files:
There are some archived files that have useless content but intentionally expand to an
"irrational size" when unpacked in order to slow down the computer. This parameter
avoids unpacking such archive files.
If the setting is 0, all archived files are unpacked, whatever their size.
If the set value is >0, all archives that do not exceed the given value (in bytes) are
unpacked and scanned.
e.g.: 2kB (2 Kilobytes), 3MB (3 Megabytes).
ArchiveMaxSize 0
ArchiveMax
Recursion
ArchiveMax
Ratio
BlockPartial
Archive
Maximum archive recursion:
If the setting is 0, recursive (nested) archives are unpacked, whatever their
recursion depth.
If the set value is >0, all archives that do not exceed the given recursion depth are
unpacked. This saves time.
ArchiveMaxRecursion 5
Blocking "mail bombs":
Blocks so-called "mail bombs" with a very high compression ratio. You can set the
maximum difference between packed and unpacked file size.
The zero value deactivates this option. This value is not recommended. The default
is 150.
ArchiveMaxRatio 150
Block partial archive:
If activated (YES), this option blocks partial archives.
BlockPartialArchive NO
Block
Unsupported
Archive
64 AntiVir MailGate Avira GmbH
Blocking emails with unsupported archives:
Blocks emails containing archives that are not supported by the scanner.
BlockUnsupportedArchive NO
Configuration
Block
Suspicious
Archive
Block
Encrypted
Archive
Block
Extensions
Blocking emails with suspicious archives:
If activated (YES), this option blocks archives that exceed one of the settings for
ArchiveMaxSize, ArchiveMaxRecursion and ArchiveMaxRatio.
If the option is deactivated (NO), such archives are forwarded, disregarding the
settings for ArchiveMaxSize, ArchiveMaxRecursion and
ArchiveMaxRatio.
BlockSuspiciousArchive NO
Blocking emails with password-protected archives:
If the setting is YES, emails containing password-protected files in archives are
rejected.
If NO is set, emails containing encrypted archives are also delivered.
BlockEncryptedArchive NO
Blocking emails with certain extensions:
You can configure MailGate to block emails containing attachments with specified
file extensions (such as exe, scr, pif). This also applies to archived files.
BlockExtensions NO
Block
OnError
Blocking emails on scan error:
Blocks emails if an error occurs during scanning or the maximum scanning time
has expired.
BlockOnError NO
Running external programs
External
Program
Running an external program or script when a virus/unwanted program is
detected:
Calls an external program or script when a virus/unwanted program is detected.
The parameter is the ID of the rejected email (see MailGate Actions when
Detecting Viruses/ Unwanted Programs – Page 52).
ExternalProgram /dir/my_own_script
Activating GUI support
GUISupport
GUI support activation:
You must activate this entry in order for MailGate to communicate with the GUI.
Required parameters:
GuiSupport YES
GuiCAFile /usr/lib/AntiVir/gui/cert/cacert.pem
GuiCertFile /usr/lib/AntiVir/gui/cert/server.pem
GuiCertPass antivir_default
If these parameters are missing or not valid, the GUI is not available.
Avira GmbH AntiVir MailGate 65
Configuration
Queue
Queue
Lifetime
Forwarder
RetryDelay
Throttle
Message
Count
Email lifetime in queue:
The maximum time for an email to wait in the queue before rejection.
The value can be given in seconds, minutes, hours or days. For example:
10s, 10m, 10h, 10d.
The zero value deactivates the option.
QueueLifetime 0
The interval for MailGate to retry forwarding an email.
The value can be given in seconds, minutes, hours or days (see above).
ForwarderRetryDelay 30m
This option is necessary if too many emails are gathered in the queue and MailGate
is restarted.
In this case, all emails are processed as soon as possible. It can lead to load
problems.
The set number is the maximum number of emails to be processed by
ThrottleDelay (see examples below).
It is important not to accept any more emails while this option is active. These
would not be processed immediately.
Throttle
Delay
This option should only be used temporarily.
The option ThrottleDelay also has to be set.
ThrottleMessageCount 0
This option sets the number of emails (ThrottleMessageCount) to be sent in
a time interval (in seconds).
The zero value deactivates the option.
Example: There are 100 emails in the queue.
10 and
ThrottleDelay to 1. Then a maximum of 10 emails are processed per
ThrottleMessageCount is set to
second.
ThrottleDelay 0
66 AntiVir MailGate Avira GmbH
6.3 Configuring avmailgate.acl
Using local and relay key words, aimailgate.acl decides which computer is
allowed to send emails via AntiVir MailGate. This is established via the sender's or
recipient’s domain or IP address.
X
Set the local hosts and/or domains. For example:
local: localhost
local: avira.com
X
Set which hosts and networks may send emails. For example:
relay: 127.0.0.1/8 192.168.0.0/16
Configuration
IP addresses
You can specify IP addresses in various ways:
192.168.0.0/16 or 192.168
have the same meaning. /16 means 16 bit and signifies the first two numbers of
the IP address. Therefore, all IP addresses starting with 192.168 are allowed.
6.4 Virus Warnings: Configuring avmailgate.warn
Optionally, you can use another file: /etc/avmailgate.warn. Besides avmailgate.conf,
this file controls the alert emails sent to the recipient, sender and postmaster.
A command for this file contains two entries: first, the name of the detected virus/
unwanted program and it may contain wildcards; the second is one or more of the
following letters:
z S: for sender
z R: for recipient
z P: for postmaster
Example
The command
/klez/ RP
instructs AntiVir MailGate to send an alert email to the recipient and postmaster
if the virus named Klez is detected.
The settings in avmailgate.warn will overrule those made in avmailgate.conf in the event
of specific virus/unwanted program detection.
Avira GmbH AntiVir MailGate 67
Configuration
6.5 Configuring Report Templates
You can set some report texts as email notifications in the event of virus/unwanted
program or suspicious file detection.
X
Copy the example templates in the required language from the templates
directory /usr/lib/AntiVir/templates/examples/language/ in the directory /usr/lib/
AntiVir/templates
X
Change the directory to /usr/lib/AntiVir/templates. This directory contains the
following files:
patho-administrator
patho-recipient
patho-sender
alert-administrator
alert-recipient
alert-sender
X
Write the texts you need in the files listed above. Keep the file structure:
- the first line is the email subject;
- then an empty line follows (new line);
- then the text of the email.
.
68 AntiVir MailGate Avira GmbH
Configuration
Key words
The files alert-* and patho-* may contain the following key words, which are
replaced by the appropriate text:
Keyword Text
SENDER The email address of the infected email sender.
ALERTS The list of viruses/unwanted programs found in the email.
Every line contains a virus name, and the prefix and postfix
are repeated.
REASON The reason for not scanning an email (short sentence).
ADVICE Advice on problem-solving (~1 line, see REASON)
QUEUEID Email ID in AntiVir MailGate queue.
SUBJECT Subject of infected email.
CONCERNING_
FILE_NAMES
Will be replaced with a list of files in which the alerts were
detected.
Example
PRODUCT_
Product version number.
VERSION
ENGINE_
Scan engine version number.
VERSION
VDF_VERSION VDF version number.
Example for alert sender:
SUBJECT: AntiVir ALARM [Your email: "SUBJECT"]
**********************AntiVir ALARM*******************
******************************************************
AntiVir has discovered the following in the email sent
from your address:
ALERTS
This email has not been sent, but isolated on your
server. Please scan your system immediately for possible
virus infection.
Clean your system before sending any more email
messages.
Avira GmbH AntiVir MailGate 69
Configuration
6.6 Regular Updates Configuration
The performance and effectiveness of antivirus software depend on its update
status. This is why AntiVir MailGate offers you the possibility to download current
updates via HTTP from the AntiVir webserver and to install them at regular
intervals, manually or automatically.
These updates ensure that AntiVir MailGate components (VDF and scan engine),
which provide security against viruses or unwanted programs, are always kept up
to date.
We recommend that you configure your AntiVir MailGate program to
automatically access the Avira website and to check for updates at regular
intervals.
For information on updates, see Chapter Configuring Update Reports – Page 73.
Configuring Internet connection for updates
Proxy Server
3 Check that your Internet connection is functioning correctly. Usually this
connection is already configured. If not, refer to your UNIX documentation for
the information you need.
If you are connected to the Internet via an HTTP proxy server, you must make the
necessary settings in antivir.conf. There are no default settings provided.
X
Open the file /etc/antivir.conf.
X
Type the name of the proxy server. For example:
HTTPProxyServer proxy.domain.com
X
Type the proxy server port. For example:
HTTPProxyPort 8080
If user name and password are required:
X
enter the username and password. For example:
HTTPProxyUsername username
HTTPProxyPassword password
The Internet connection is now configured.
70 AntiVir MailGate Avira GmbH
Automatic updates with cron daemon
Regular updates are made using cron daemon. The settings in /etc/crontab have
been made if, in the case of AntiVir MailGate installation with install script, the
answer for installing AntiVir Updater was yes.
You can find further information on cron daemon in your UNIX documentation.
X
Make the appropriate entry in /etc/crontab. The option -q means that no report
will be issued.
Example: for an hourly update at *:23, enter the following command:
23 * * * * root /usr/lib/AntiVir/antivir --update -q
X
Start update process to test the settings:
/usr/lib/AntiVir/antivir --update
If successful, a report will appear in the logfile /var/log/antivir.log
Configuration
If there is no update available, you will receive the following message (example):
checking for updates
06.18.00.07 <=> [vdf,loaded]
06.18.00.02 <=> [engine,running]
02.00.06.13 <=> [program,running]
Verifying updates authenticity with GnuPG
GnuPG is a free alternative to the encryption program PGP (Pretty Good Privacy).
Using GnuPG you can verify the authenticity of the AntiVir Updates. It is highly
recommended to use GnuPG.
However, this procedure requires extensive knowledge of UNIX and GnuPG. In the event
of configuration errors, there is the danger of deactivating AntiVir updates.
You can find more details about GnuPG at http://www.gnupg.org
The following steps guide you to activate GnuPG support:
X
Download GnuPG from the website http://www.gnupg.org. Here you can also
find the manual with further information on GnuPG and its features.
X
Generate your own PGP key pair as described in the GnuPG documentation.
X
Import the AntiVir public PGP key into your key-ring:
gpg --import antivir.gpg
X
Display the fingerprint of the key to check that it really is the AntiVir PGP key:
gpg --fingerprint build@avira.com
Avira GmbH AntiVir MailGate 71
Configuration
The 40-character fingerprint is displayed.
X
Check if the displayed fingerprint corresponds with the one on the Avira
website (http://www.avira.de)
X
Sign the AntiVir public key in order to certify its validity:
gpg --sign-key build@avira.com
X
Change to the /bin sub-directory of the AntiVir installation directory:
cd /tmp/antivir-mailgate-prof-<version>/bin/<OS>/
Here you can find the files antivir and antivir.asc.
X
Check the signature with:
gpg --verify antivir.asc antivir
If you do not receive an error message, you can use GnuPG for AntiVir
updates.
X
Activate GnuPG for AntiVir. In /etc/antivir.conf, enter the path to GnuPG
binaries using the option GnuPGBinary:
GnuPGBinary /usr/local/bin/gpg
X
Restart antivirupdater to activate the new settings in antivir.conf:
/usr/lib/AntiVir/antivirupdater restart
From now on, GnuPG authenticates the updates.
72 AntiVir MailGate Avira GmbH
6.7 Configuring Update Reports
The settings described here for program update reports are made in
/etc/antivir.conf
X
Open the file /etc/antivir.conf.
X
Make the necessary settings.
Setting update email reports
All reports on AntiVir MailGate updates are sent to the specified email address.
Configuration
EmailTo
X
Type the email address. For example:
EmailTo root@localhost
Specify syslog reports
AntiVir reports all important operations through the syslog daemon. You can
specify the facility and priority for these reports.
If you are not familiar with syslog, you should not change the default values. You can find
further information on syslog in your UNIX documentation.
Syslog
Facility
Syslog
Priority
X
Type a new facility or keep the default setting:
SyslogFacility user
X
Type a new priority or keep the default setting:
SyslogPriority notice
Logfile settings
Apart from syslog, update reports can be also written in a logfile. There are no
default settings for this parameter.
X
Type the name and full path for the log file. For example:
/var/log/antivir.log
Avira GmbH AntiVir MailGate 73
Configuration
6.8 Configuring the Spam Filter
A license is required in order to use the spam filter. You can display information on
your current license with:
antivir --version
The output should contain the following line:
product: Avira AntiSpam and Outbreak Detection
A spam filter is integrated in AntiVir MailGate and it filters spam and other
unwanted emails. The spam filter opens a connection to the spam database server
for every email to check its status.
You have to enable the connection on port 55555 via TCP.
The spam filter is currently available only for Linux-GLIBC22 systems. It integrates
with AntiVir MailGate through a library (libasmailgate.so).
If the spam filter is active, emails marked as "Outbreak" are blocked. All other
emails are just tagged. You can read about these header entries in the MANUAL file
(Paragraph "Spam and bulk").
6.8.1 Spam Filter Configuration
All these options are made in avmailgate.conf.
Options and parameters for spam filter
Enable
SpamCheck
LibAsmailgate
Asmailgate
Config
Spam
Header
Name
Activates/deactivates spam filter.
EnableSpamCheck YES
Specifies the path to the spam filter library.
/usr/lib/AntiVir/libasmailgate.so
Specifies the path to the spam filter configuration file.
/etc/asmailgate.xml
Defines the spam header to be inserted in the email header. Only the beginning can
be changed (X-Antivirus-Spam-Check). Example:
X-Antivirus-Spam-Check: clean (checked by AntiVir MailGate)
The parameters for the following options are:
z BLOCK: the email is moved to quarantine
z TAG: the email contains a new header
z NONE: the email is neither blocked nor tagged. It is forwarded without being
processed.
74 AntiVir MailGate Avira GmbH
Configuration
Dangerous
Outbreak
Action
Performs the set action when emails are not detected by the virus scanner, because
of their recent outbreak. If the option is set to BLOCK, no email notification is
sent.
DangerousOutbreakAction BLOCK
Dangerous
Code
Action
Dangerous
Attachment
Action
Dangerous
Alert
Action
Performs the set action when emails may contain malicious code.
DangerousCodeAction TAG
Performs the set action when the email attachment may be harmful.
DangerousAttachmentAction TAG
Performs the set action when the spam filter classifies emails as dangerous.
DangerousAlertAction BLOCK
If an email is classified as spam, it contains the following header:
X-AntiVirus-Spam-Check: spam (checked by AntiVir MailGate)
Options and parameters for spam filter proxy
EnableSpam
FilterProxy
SpamFilter
ProxyPort
SpamFilter
ProxyPool
SpamFilter
Proxy
ThreadsMax
SpamFilter
Proxy
Timeout
SpamFilter
Proxy
Connections
Activates/deactivates the spam filter proxy.
EnableSpamFilterProxy YES
Specifies the port on which the spam filter proxy waits for queries. The default is
random.
SpamFilterProxyPort 12345
Specifies how many proxy threads open when the proxy starts.
SpamFilterProxyPool 2
Specifies the maximum number of open proxy threads.
SpamFilterProxyPort 5
Specifies the interval in seconds for the spam filter proxy to reopen the connection
to the server if the connection fails.
SpamFilterProxyTimeout 40
Specifies the maximum number of connections to the spam database server.
SpamFilterProxyConnections 2
Avira GmbH AntiVir MailGate 75
Configuration
76 AntiVir MailGate Avira GmbH
7 Graphical User Interface (GUI)
7.1 Overview
The graphical user interface (GUI) assists you in operating and configuring AntiVir
MailGate and graphically displays the monitoring process. AntiVir MailGate is
fully functional and configurable even without GUI. The interface is an
independent application that can start and stop without influencing AntiVir
MailGate.
You need Java 1.4.0 or higher to use the GUI.
Graphical User Interface (GUI)
Permissions
Starting
You do not need root permissions. You can use the program with GUI as a normal
user.
However, you must belong to the "antivir" group created during the installation.
X
Type (as root):
/usr/sbin/usermod -G group1,group2,group3,antivir
username
group1 - group3 are the groups to which the user belongs,
username is the name of the user.
To set the groups for a user:
X
type:
/usr/bin/groups
X
Start the GUI:
antivir-gui
If this command does not detect the Java installation:
X
create a soft link in /usr/bin (as root):
ln -s /PFAD/ZUR/JAVA/INSTALLATION/bin/java /usr/bin
Communication
GUI communicates with AntiVir MailGate via SSL through the loopback network
interface. You must specify the following parameters in the configuration file
avmailgate.conf:
GuiSupport YES
GuiCAFile /usr/lib/AntiVir/gui/cert/cacert.pem
GuiCertFile /usr/lib/AntiVir/gui/cert/server.pem
GuiCertPass antivir_default
If these parameters are missing or invalid, the GUI is not available.
Avira GmbH AntiVir MailGate 77
Graphical User Interface (GUI)
More products
Problems
If more AntiVir products are installed on the computer, GUI sets them in tabs.
Thus you can easily monitor and configure every product. Depending on the tab
you click, the GUI displays its own menus and options.
Check the following requirements for using the GUI:
z AntiVir MailGate must be installed in /usr/lib/AntiVir.
z You must have a COMMERCIAL license for AntiVir MailGate
(antivir --version).
z The parameter GuiSupport must be set in avmailgate.conf
z The user must belong to the "antivir" group.
If these requirements are not met, an error message appears.
78 AntiVir MailGate Avira GmbH
Graphical User Interface (GUI)
7.2 Operating AntiVir MailGate Using the GUI
Starting GUI
3 The entry GuiSupport must be activated in avmailgate.conf in order for
MailGate to communicate with the GUI.
X
Start the GUI:
/usr/lib/AntiVir/antivir-gui
The GUI appears, displaying the Realtime view.
Status display
More
MailGates
Computer color codes:
z green text: MailGate is active
z blue text: unknown MailGate status
z red text: MailGate is not active
z yellow text: MailGate restart
In case there are more MailGates selected in the network, the tree contains a new
branch for every MailGate, indicating its status (as described above, in Status
display).
Avira GmbH AntiVir MailGate 79
Graphical User Interface (GUI)
Symbols
Click to display the Realtime view.
Click to switch to the Logfile window.
Click to open the Configuration window.
Menus
System
z Network browser: to select another computer in the network on which
MailGate GUI runs.
MailGate
z Certificate management: to manage integrated certificates of the other
computers in the network.
z About...: information about GUI.
z Exit: closes GUI. MailGate is not stopped.
z Realtime view: to display the graphical Realtime view
z Logfile: to switch to the Logfile table window
z Configuration: to open the Configuration window
z Start MailGate: to start MailGate. This menu option is active only when
MailGate is not running
z Stop MailGate: to stop MailGate. This menu option is active only when
MailGate is running
z Restart MailGate: to restart MailGate (MailGate will be stopped and restarted).
80 AntiVir MailGate Avira GmbH
Realtime View Window
Every computer has a folder containing various email-specific data (see the figure
in Starting GUI – Page 79).
Logfile Window
X
Click on the Logfile button
– OR –
select the menu option MailGate/Logfile.
The
Graphical User Interface (GUI)
Logfile window appears.
Logfile
Displays the complete logfile, with full paths, the current size of the logfile in KB,
the displayed log levels and the log level used by MailGate.
Four buttons appear at the bottom of the window: Settings, Rows, Load new and
More.
Avira GmbH AntiVir MailGate 81
Graphical User Interface (GUI)
Settings
Rows
Load new
More
X
Click Settings.
An additional area appears in the Logfile window:
z Choice of date to view: select the time interval for the logfile entries to be
displayed;
Default: complete logfile.
z Show the following log levels: select the log levels to be displayed;
Default: All.
Number of displayed log lines
Reload the logfile
The loaded logfile view is extended with the number of Lines given.
Configuration Window
see Configuring AntiVir MailGate Using the GUI – Page 83
Starting and Stopping MailGate
Start
Stop
Restart
X
Select the menu option MailGate/Start MailGate.
X
Select the menu option MailGate/Stop MailGate.
X
Select the menu option MailGate/Restart MailGate.
Closing GUI
X
Select System/Exit.
The GUI is closed.
When you close GUI, it retains the current status of AntiVir MailGate.
82 AntiVir MailGate Avira GmbH
Graphical User Interface (GUI)
7.3 Configuring AntiVir MailGate Using the GUI
You can use the GUI to set the configuration parameters in avmailgate.conf
For better understanding, we shall also mention the entry in avmailgate.conf for
every parameter. These parameters are fully described in Configuring
avmailgate.conf – Page 53.
Opening the Configuration Window
X
Click the symbol for configuration
– OR –
select the menu option MailGate/Configuration.
The Configuration window appears:
The configuration makes a distinction between "normal" user settings and settings for
"experts". For the latter, you have to activate the Expertmode option.
X
Click on an item in the tree structure.
A window with the corresponding settings appears.
Avira GmbH AntiVir MailGate 83
Graphical User Interface (GUI)
7.3.1 Settings for "Normal" Users
User settings
User
Group
Postmaster
User and group for MailGate processes (they should not be root). The
corresponding parameters in avmailgate.conf are User and Group.
If these settings are modified, the access rights of the corresponding directories
must be changed too.
Receives warnings about concerning viruses/unwanted programs as well as other
notifications. It sets Postmaster in avmailgate.conf.
These three parameters (User, Group, Postmaster) can also be set manually.
84 AntiVir MailGate Avira GmbH
Directories settings
Graphical User Interface (GUI)
Spool
AntiVir
Temporary
PID
Emails are kept in the sub-directories incoming, rejected and outgoing while being
processed.
The spool directory must belong to the user and the corresponding group specified
under User and only be accessible to this user. SpoolDir is set in avmailgate.conf.
The directory with AntiVir main program, including the virus definition file
antivir.vdf and the license file. It sets AntiVirDir in avmailgate.conf.
This contains temporary files (such as attachments being currently scanned for
viruses or unwanted programs). For unpacking attachments, supplementary space
will be needed. It sets TemporaryDir in avmailgate.conf.
This directory saves the PID files for the main processes of MailGate. It sets
PidDir in avmailgate.conf.
Avira GmbH AntiVir MailGate 85
Graphical User Interface (GUI)
Interface settings
Interface
Port
Program
SMTP
The address and the port on which the SMTP daemon listens. AntiVir MailGate
listens on all network cards (by 0.0.0.0) or you can specify an IP address for a single
net card. If you are uncertain, you can keep the default setting.
The parameter is ListenAddress in avmailgate.conf.
Define how emails should be sent. The default setting is by Sendmail.
The email can also be sent by SMTP.
It sets ForwardTo in
avmailgate.conf.
86 AntiVir MailGate Avira GmbH
Notification settings
Graphical User Interface (GUI)
Alert
Error
Body size
Header size
Recipient
Name or email address of the recipients to be warned (if a virus/unwanted program
is detected in an email). It sets AlertsUser in avmailgate.conf.
This is the user that receives email failure reports when an email cannot be sent by
MTA. It sets BounceMessageUser in avmailgate.conf.
Sets the bounce mail body size (in Bytes). The value 0 means no limit is set. You can
use KB, MB or GB.
The parameter is BounceMessageSizeBody in
avmailgate.conf.
Sets the bounce mail header size (in Bytes). The value 0 means no limit is set. You
can use KB, MB or GB.
The parameter is BounceMessageSizeHeader in avmailgate.conf.
You can send warnings about viruses and unwanted programs to recipients. The
available values are:
z NO: the recipient will receive no virus warning.
z LOCAL: warning messages are sent only if the recipient is a local user of your
domain. Set the option in avmailgate.acl to local.
z YES: the recipient always receives virus warnings.
The parameter is ExposeRecipientsAlerts in avmailgate.conf.
Avira GmbH AntiVir MailGate 87
Graphical User Interface (GUI)
Sender
Postmaster
Mail Header
Status
You can send warnings about viruses and unwanted programs to senders. The
available values are:
z NO: the sender will not receive a virus warning.
z LOCAL: warning messages are sent only if the sender is a local user in your
domain. Set the option in avmailgate.acl to local.
z YES: the sender always receives virus warnings for the concerning emails.
It sets ExposeSenderAlerts in avmailgate.conf.
Sends warnings about viruses or unwanted programs to the postmaster. Values:
Yes or No.
It sets ExposePostmasterAlerts in avmailgate.conf.
You can add the headers of the concerning email to the warning email to the
postmaster. The value is Yes or No.
It sets AddHeaderToNotice in avmailgate.conf.
If the setting is NO, the email contains no additional information.
If the setting is YES:
License
Mail size for
status...
z plain RFC822 emails (not MIME emails): the notification is added at the
beginning of the message.
z MIME email: scanned email, sent as new MIME multipart/mixed email, with a
text section containing information on the status and with a second RFC822 a
section containing the original email. The header of the original message is
usually copied into the new message.
z in the template directory there is a body-state file containing user-defined
text that is added to the email (see Configuring Report Templates – Page 68).
If FILE is set, the text from the file is added.
The parameter is AddStatusInBody in avmailgate.conf.
Sends a message to the postmaster close to the license expiration date (given in
days). The 0 value means no warning.
It sets NotifyEndOfLicense in avmailgate.conf.
If the option AddStatusInBody is set to YES, no status text is added to an email
that exceeds the given size value
e.g.: 4kB, 3MB, 2GB.
88 AntiVir MailGate Avira GmbH
Logging settings
Graphical User Interface (GUI)
Syslog
facility
Log
Syslog facility sets the log category in syslog for MailGate notifications.
The parameter is SyslogFacility in avmailgate.conf.
The field has to contain the full path to a distinct logfile. It sets LogFile in
avmailgate.conf.
If there is no entry, the program will not use a separate logfile.
Whether you activate a separate logfile or not, entries are sent to syslog.
Avira GmbH AntiVir MailGate 89
Graphical User Interface (GUI)
Header settings
Scan status
Received
"Received:"
lines
Precedence
If the setting is Yes , information on scan status will be included in the header of the
email. For example: X-AntiVirus: checked by AntiVir MailGate...
The text cannot be modified.
The parameter is AddXHeader in avmailgate.conf.
If the setting is Yes, the scanned email contains a note on incoming time.
It sets AddReceivedByHeader in avmailgate.conf.
Avoids mail loops. If more "Received:" lines appear in the header, the email is
blocked. It sets MaxHopCount in avmailgate.conf.
If the setting is Yes, the email contains the following line in the headers:
Precedence: junk if a virus/unwanted program has been detected. Programs that
are set to respond automatically to incoming emails (e.g.: vacation) would not react
to this report.
The parameter is AddPrecedenceHeader in avmailgate.conf.
90 AntiVir MailGate Avira GmbH
Prefix settings
Graphical User Interface (GUI)
The program reports virus and malware detections.
You can also set it to report so-called "extended malware types" by activating the
corresponding options.
Avira GmbH AntiVir MailGate 91
Graphical User Interface (GUI)
ACL Editor settings
Accept
domain
Allow
forwarding
from...
Using local and relay key words, aimailgate.acl decides which computer is
allowed to send emails via AntiVir MailGate. This is established via the sender's or
recipient’s domain or IP address.
X
Set the local hosts and/or domains. For example localhost or avira.com
X
Set which hosts and networks may send emails. For example 127.0.0.1/8
or 192.168.0.0/16.
IP addresses:
You can specify IP addresses in various ways:
192.168.0.0/16 or 192.168
have the same meaning. /16 means 16 bit and signifies the first two numbers of
the IP address. Therefore, all IP addresses starting with 192.168 are allowed.
92 AntiVir MailGate Avira GmbH
7.3.2 Expert Settings
Common settings
Graphical User Interface (GUI)
Hostname
Execute on
alert
Enable macro
heuristics
Enable Win32
heuristics
FQDN (Fully Qualified Domain Name) of the local host.
If the field is empty, the default setting is given by
gethostname(2). Otherwise,
localhost is default.
The parameter is MyHostName in avmailgate.conf.
Calls an external program or script when a virus/unwanted program is detected.
The parameter forwarded is the ID of the rejected email (see MailGate Actions
when Detecting Viruses/ Unwanted Programs – Page 52).
It sets ExternalProgram in
avmailgate.conf.
Activates heuristics for macroviruses in documents.
Activates Win32 file heuristics, which also detect unknown file viruses, worms,
Trojans etc. You can select the level of this method: low, medium or high.
Avira GmbH AntiVir MailGate 93
Graphical User Interface (GUI)
MinMax settings
Max. number
of Forwarder
Processes
Max. no. of
simultaneous
connections
Max. no. of
recipients per
email
Max. size of
email
Free blocks on
file system
spool directory
Maximum number of simultaneous forwarding processes allowed. The value
depends on the efficiency of your email system and on your email connection
quality (default value: 10)
The parameter is MaxForwarders in avmailgate.conf.
Sets the number of simultaneous connections from remote sites. For example, you
can set the maximum number of simultaneously incoming emails to 100. The zero
value (default setting) deactivates this function, so that the number is unlimited.
It sets MaxIncomingConnections in
avmailgate.conf.
Defines the maximum number of recipients for an email. The 0 value deactivates
this option.
It sets MaxRecipientsPerMessage in avmailgate.conf.
A value greater than 0 means that only emails up to the given size are scanned.
Larger emails are rejected. If the value is 0, all messages of any size are scanned.
It sets MaxMessageSize in avmailgate.conf.
AntiVir MailGate blocks incoming connections if hard disk free space is smaller
than the given value.
It sets MinFreeBlocks in avmailgate.conf.
94 AntiVir MailGate Avira GmbH
Graphical User Interface (GUI)
Max. time
before scan is
stopped
Periodicity of
queue scanning
Defines the maximum time for email scanning, in seconds.
It sets ScanTimeOut in avmailgate.conf.
Sets the time in seconds for the scanner and forwarder daemon to scan the emails
queue for viruses and unwanted programs.
It sets PollPeriod in avmailgate.conf.
Avira GmbH AntiVir MailGate 95
Graphical User Interface (GUI)
SMTP settings
SMTP
greeting
message
SMTP
Timeout
SMTP
Greeting
Timeout
SMTP
EHLO/HELO
Timeout
SMTP
MAIL FROM
Timeout
SMTP
RCPT
Timeout
Sets the headers sent by MailGate. You can edit the text if, for example, you do not
want to reveal the type of security software.
The parameter is SMTPBanner in avmailgate.conf.
Defines maximum timeout in seconds for SMTP connections.
It sets SMTPTimeout in
avmailgate.conf.
Defines the maximum timeout in seconds for receiving the greeting message from
the remote host to which the email is sent.
It sets SMTPGreetingTimeout in
avmailgate.conf.
Defines the maximum timeout in seconds for receiving a reply to the SMTP HELO
command.
It sets SMTPHeloTimeout in avmailgate.conf.
Defines the maximum timeout in seconds for receiving a reply to the MAIL FROM
command.
It sets SMTPMailFromTimeout in avmailgate.conf.
Defines the maximum timeout in seconds for receiving a reply to the RCPT TO
command.
It sets SMTPRcptTimeout in
avmailgate.conf.
96 AntiVir MailGate Avira GmbH
Graphical User Interface (GUI)
SMTP
DATA
Timeout
SMTP
DATABlock
Timeout
SMTP
DATAPeriod
Timeout
Accept email
from
Defines the maximum timeout in seconds for receiving a reply to the DATA
command.
It sets SMTPDataTimeout in avmailgate.conf.
Defines the maximum timeout in seconds for sending individual data blocks.
It sets SMTPDataBlockTimeout in avmailgate.conf.
Defines the maximum timeout in seconds for receiving a reply to the final dot of
the DATA command and QUIT command after sending the message.
It sets SMTPDataPeriodTimeout in avmailgate.conf.
This option determines whether the domain names of RECIPIENT, SENDER or
BOTH addresses should be matched with the entries in the local:- section in
avmailgate.acl
It sets MatchMailAddressForLocal in avmailgate.conf.
For more information, see Configuring avmailgate.acl – Page 67.
Avira GmbH AntiVir MailGate 97
Graphical User Interface (GUI)
Mail Queue settings
Queue
lifetime
Forwarder
retry delay
Throttle
message count
Settings for email queue processing.
The maximum time for an email to wait in the queue before rejection.
The value can be given in seconds, minutes, hours or days. For example:
10s, 10m, 10h, 10d.
The zero value deactivates the option
The interval for MailGate to retry forwarding an email.
The value can be given in seconds, minutes, hours or days (see above).
This option is necessary if too many emails are gathered in the queue and MailGate
restarts.
In this case, all emails are processed as soon as possible. It can lead to load
problems.
It is important not to accept any more emails while this option is active. These
would not be processed immediately.
This option should only be used temporarily.
The option ThrottleDelay also has to be set.
The set number is the maximum number of emails to be processed by
ThrottleDelay (see examples below).
98 AntiVir MailGate Avira GmbH
Loading...