AVG Antivirus For Linux/FreeBSD Plus Qmail Mail Server
Abstract: # tar xzvf avg2012{edition}-r{release}-a{vdb version}.{architecture}.tar.gz # cd avg2012{edition}-r{release}-a{vdb version}.{architecture} # ./install
This document describes how to deploy AVG Antivirus for Linux/FreeBSD to the Qmail mail server. It is usable for AVG version 8.5, 10 and 2012.
Requirements
1) Linux or FreeBSD x86 or x86_64 with x32 compatible libraries. (See /opt/avg/av/doc/README.)
2) Configured Postfix Mail server.
3) Correct HW configuration for AVG:
- CPU: i686 or amd64 on 800 MHz
- Mem: 512 MB, 1GB is recommended
- HDD: 500 MB of free space
Installation
1) Download correct package from AVG site:
Trial: http://www.avg.com/cz-cs/download.prd-trialb
Free: http://free.avg.com/cz-cs/stahnout.tpl-stdfull.prd-alf
NOTE: Trial/full package contains Antispam module. Later migration from free to full is possible.
2) Install package according to your distribution. Examples:
Installation from RPM (Linux only):
# rpm -i avg2012lms-r{release}-a{vdb version}.{architecture}.rpm
Installation from .deb (Linux only):
# dpkg -i avg2012lms-r{release}-a{vdb version}.{architecture}.deb
Installation from sh (Linux only):
# chmod +x avg2012lms-r{release}-a{vdb version}.{architecture}.sh
# ./avg2012lms-r{release}-a{vdb version}.{architecture}.sh
Installation from .tar.gz:
# tar xzvf avg2012{edition}-r{release}-a{vdb version}.{architecture}.tar.gz
# cd avg2012{edition}-r{release}-a{vdb version}.{architecture}
# ./install.sh
Registration
You can register AVG for Linux/FreeBSD during installation from sh or tar.gz, or later using command:
# avgctl --register 'your license number'
NOTE: Free version is registered automatically during instalation, trial license is available at /opt/avg/av/doc/README.
Start of AVG Anti-Virus It is possible to use init scripts or avgctl utility:
Linux:
# /etc/init.d/avgd start
FreeBSD:
# /usr/local/etc/rc.d/avgd.sh start
Both systems:
# avgctl --start
Integration AVG to Qmail - Qmail Queue
Integration is possible via Qmail Queue AVG module. Qmail Queue for AVG is a module included into the Qmail email process chain. It allows to scan incoming and outgoing email messages for viruses and spam. It replaces the original qmail-queue file with the qmail-queue-avg file which implements communication with the AVG Daemon. After email scanning the original qmail-queue is executed. Note that execution of the original qmail-queue depends on the AVG Daemon settings. For example when a email contains a virus and the AVG Daemon is configured to drop email with virus the original qmail-queue will not be executed.
* Original email process chain:
qmail-inject ---
|
v
---> qmail-qmail ---> qmail-send ---> ...
^
|
qmail-smtpd ---
* Email process chain with the Qmail Queue for the AVG Daemon:
AVG Daemon
^ |
qmail-inject --- | |
| | |
v | v
---> qmail-qmail-avg ---> qmail-queue ---> qmail-send ---> ...
^
|
qmail-smtpd ---
Installation of Qmail Queue AVG
Download Qmail Queue AVG source from here.
For example:
wget http://download.avg.com/filedir/inst/qmail-queue-avg.tar.gz
Unpack archive and go to the folder:
tar xzvf qmail-queue-avg.tar.gz && cd qmail-queue-avg
Edit configure file:
Change/leave binary path of qmail-queue file:
QQBINPATH="/var/qmail/bin/qmail-queue"
Change/leave path of symbolic link to qmail-queue file:
QQSYMPATH="/var/qmail/bin/qmail-queue-lnk"
Note: Symlink is automaticaly created via installation process if it is not available.
Change/leave path of new qmail-queue-avg file:
DESTINATION="/var/qmail/bin/qmail-queue-avg"
Note: You can also set this parameter with configure command. See help of configure for details.
Run trinity:
./configure
make
make install
Integration AVG to Qmail is done now. Restart of mail server is not needed.
AVG Service Configuration
Configuration is out-of-the-box, it works at all after integration.
If you need to change some specific parameters use utility avgcfgctl.
For example if you need write configuration use:
avgcfgctl -w 'parameter=value'
For more details see man page of avgcfgctl.
Specific configuration for QMail (AVG protocol).
It is needed to set some parameters:
Enable AVG protocol:
Default.tcpd.avg.enabled=true
Define port:
Default.tcpd.avg.ports="|54322|"
Make sure this port is the same as port defined in configure file of Qmail Queue AVG module.
Other useful AVG parameters:
For settings:
Default.setup.features.tcpd=true
This item enables/disables whole E-Mail functions.
Default.tcpd.spam.enabled=true
Enable/disable Anti-spam function.
For scanning:
Tcpd.scan.Options.ArchiveLevel=256
It defines level of processing archive files.Values:
- 0 - no archives, macros, cookies, real-time compression will be scanned, including MIME
- 32 - only macros, cookies, real-time compression will be scanned
- 256 - archives, macros, cookies will be scanned
Tcpd.scan.Options.DetectCookies=false
This enables/disables detection of cookies.
Tcpd.scan.Options.DetectPup2=false
Tcpd.scan.Options.DetectPup=true
This enables/disables detection of Potentially Unwanted Programs.
Tcpd.scan.Options.UseHeuristics=true
Use heuristic during scan.
Tcpd.scan.Options.MaxFileSize=268435456
This item defines maximal size of extracted archive.
Tcpd.scan.Options.MaxNumberOfFiles=50000
This item defines maximal count of extracted files.
Tcpd.scan.Options.MaxRecursionDepth=40
Maximal level of recursion for archive.
Tcpd.scan.mail.strip.alldoc=false
Tcpd.scan.mail.strip.alldoclist=|DO?|XL?|VBX|RTF|PP?|POT|MDA|MDB|XML|DOC?|DOT?|XLS?|XLT?|XLAM|PPT?|POT?|PPS?|SLD?|PPAM|THMX|PDF|
Tcpd.scan.mail.strip.allexe=false
Tcpd.scan.mail.strip.allexelist=|COM|DRV|EXE|OV?|PGM|SYS|BIN|CMD|DEV|386|SMM|VXD|DLL|OCX|BOO|SCR|ESL|CLA|CLASS|BAT|VBS|VBE|WSH|HTA|CHM|INI|HTT|INF|JS|JSE|HLP|SHS|PRC|PDB|PIF|PHP|ASP|LNK|PL|CPL|WMF|
Tcpd.scan.mail.strip.enable=false
Tcpd.scan.mail.strip.list=
Enable detection of defined attachments.
For basic Anti-spam configuration:
Default.tcpd.spam.header.enabled=true
This item adds "AVG Anti-spam header" to mail.
Default.tcpd.spam.phish_subj_prefix=[PHISHING]
This item adds prefix to subject - mail with phishing.
Default.tcpd.spam.spamscore_level=90
This item sets score for Spam identification (less means more spam).
Default.tcpd.spam.subj_prefix=[SPAM]
This item adds prefix to subject - mail with spam.
Other actions:
Default.tcpd.parsing.mime_certification_enabled=false
It enables/disables AVG certification in body of E-mail.
Default.tcpd.rules.virus.action=0
Default.tcpd.rules.phishing.action=0
Default.tcpd.rules.spam.action=0
This items defines action for each detected message. Values:
- 0 - PASS means message will be only certified (header, subject, body,..)
- 1 - DROP means message will be deleted
- 2 - BOUNCE means message will be delivered to adress defined by parameter Default.tcpd.rules.*.bounce_addr
Default.tcpd.rules.virus.bounce_addr=
Default.tcpd.rules.phishing.bounce_addr=
Default.tcpd.rules.spam.bounce_addr=
There is defined adress for BOUNCE action.
Default.tcpd.scan.header.enabled=true
This parameter adds "AVG Anti-virus header" to mail.
Default.tcpd.scan.subj_prefix=[VIRUS]
This item adds prefix to subject - mail with virus.
Basic statistics of scanned messages:
For basic statistic enter command:
avgctl --stat=tcpd
This returns (depends on settings):
AVG command line controller
Copyright (c) 2012 AVG Technologies CZ
------ Tcpd status ------
E-mails checked : 10256
SPAM messages : 104
Phishing messages : 2
E-mails infected : 211
E-mails dropped : 211
Operation successful.
NOTE: For other parameters see avgtcpd and avgspamd man page! After configuration restart all related services (AVG).
