AVG Linux Email Server / User Manual AVG 7.1 for Linux E-mail Server User Manual Document revision 71.7 (15.6.2006) Copyright (c) 1992-2006 GRISOFT, s.r.o. All rights reserved. This product uses RSA Data Security, Inc. MD5 Message-Digest Algorithm, Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. This product uses code from C-SaCzech library, Copyright (c) 1996-2001 Jaromir Dolecek
AVG Linux Email Server / User Manual Contents 1. Introduction........................................................................................... 3 2. Before Installation ................................................................................. 4 2.1. Prerequisites .................................................................................... 4 2.2. Installation Package .......................................................................... 5 3. Installation and Launch ...........
AVG Linux Email Server / User Manual 1. Introduction This User Manual is the full documentation describing AVG for Linux E-mail Server. a) AVG for Linux E-mail Server Kernel Features AVG for Linux E-mail Server is a product based on the AVG for Linux scanning kernel. The AVG for Linux kernel provides comprehensive and reliable protection against viruses for Linux powered machines.
AVG Linux Email Server / User Manual 2. Before Installation 2.1. Prerequisites Before installing AVG for Linux E-mail Server you must verify that your system meets the following requirements: a) Libraries The following libraries are required in order to ensure the AVG for Linux kernel can be installed and run properly: o b) libc.so.
AVG Linux Email Server / User Manual Refer to chapter 4.2 Third Party Products/AMaViS to see how to install the AMaViS scanner, and how to integrate it with AVG for Linux E-mail Server. e) Qmail-Scanner If you use the qmail MTA, an alternative solution to AMaVis mail virus scanner is Qmail-Scanner – the e-mail content scanner designed to be used exclusively with qmail. Qmail-Scanner is available for free at http://qmailscanner.sourceforge.net/. Refer to section 4.
AVG Linux Email Server / User Manual 3. Installation and Launch AVG for Linux E-mail Server installation packages are provided as RPM files or .tar.gz package. z For the installation from the RPM file, use the $ rpm -i avg71{edition}-r{version}-a{version of avi}.i386.rpm command in your shell (accessible for example using the xterm application within your X window system). For the installation from the .tar.gz package, use the z $ tar -xvzf avg71{edition}-r{version}-a{version of avi}.i386.tar.
AVG Linux Email Server / User Manual # tar xzvf avggui-1.0-{release}.i386.tar.gz Change directory to avggui: # cd avggui1 Run the installation script as root then: $ ./install.sh z If your distribution supports it, you can install GUI from RPM package: Download latest rpm and install it: # rpm -i avggui-1.0-{release}.i386.rpm Launch the /opt/grisoft/avggui/bin/avggui_update_licinfo.sh script as root for updating license information after installation.
AVG Linux Email Server / User Manual c) Product Registration After the installation process you need to register your AVG for Linux E-mail Server unless it has been registered already during the installation process; this applies to special packages for AVG Anti-Virus vendor partners. The registration can be performed by launching the $ avgscan -register command in your shell. (See chapter 7.1 Standalone Command Line Modules/AVGSCAN Command for details).
AVG Linux Email Server / User Manual For proper function of the on-access scanning daemon the DAZUKO kernel module is required. Refer to section 7.3 Standalone Command Line Modules/On-access Scanner for detailed information on this topic. The included command line modules can be operated as described in chapter 7. Standalone Command Line Modules. www.grisoft.com Copyright (c) 1992-2006 GRISOFT, s.r.o. All rights reserved.
AVG Linux Email Server / User Manual 4. Third Party Products Third party software is needed to preprocess incoming and outgoing e-mail messages content before they can be scanned by AVG for Linux E-mail Server. Two solutions are available for particular e-mail servers – the AMaViS and the Qmail-Scanner security packages.
AVG Linux Email Server / User Manual $ patch -p1 < qmail-scanner-{version}-avg.patch command, and follow the installation instructions as described in chapter 4.3 Third Party Products/Qmail-Scanner. 4.2. AMaViS You can download the package from the http://www.amavis.org/download/ page.
AVG Linux Email Server / User Manual o Time::HiRes (Time-HiRes-x.xx, use 1.49 or later, older versions can cause problems) o Unix::Syslog (Unix-Syslog-x.xxx) o BerkeleyDB with bdb library 3.2 or later (4.2 or later preferred) All of these modules are available for free at http://www.cpan.org/. The usual way of installing a new Perl module consists of unpacking the downloaded file, switching into the unpacked directory, and running the following sequence of commands as root: # perl Makefile.PL ..
AVG Linux Email Server / User Manual different MTA, you must re-run AMaViS configuration, because the script contains only the code for the MTA it was initially configured for. The configuration steps to be taken for particular mail transport agent consist of making small subtle changes in the related configuration files in order to ensure AMaViS can access the messages in the mail transport agent's queue before they are processed further.
AVG Linux Email Server / User Manual diff -u qmail-1.03-orig/Makefile qmail-1.03/Makefile --- qmail-1.03-orig/Makefile Mon Jun 15 04:53:16 1998 +++ qmail-1.03/Makefile Tue Jan 19 10:52:24 1999 @@ -1483,12 +1483,12 @@ trigger.o fmtqfn.o quote.o now.o readsubdir.o qmail.o date822fmt.o \ datetime.a case.a ndelay.a getln.a wait.a seek.a fd.a sig.a open.a \ lock.a stralloc.a alloc.a substdio.a error.a str.a fs.a auto_qmail.o \ -auto_split.o +auto_split.o env.a ./load qmail-send qsutil.o control.o constmap.
AVG Linux Email Server / User Manual +static char *binqqargs[2] = { 0, 0 } ; + +static void setup_qqargs() +{ + if(!binqqargs[0]) + binqqargs[0] = env_get("QMAILQUEUE"); + if(!binqqargs[0]) + binqqargs[0] = "bin/qmail-queue"; +} int qmail_open(qq) struct qmail *qq; { int pim[2]; int pie[2]; + + setup_qqargs(); if (pipe(pim) == -1) return -1; if (pipe(pie) == -1) { close(pim[0]); close(pim[1]); return -1; } Before installing the software a special account must be created, which the Qmail-Scanner pr
AVG Linux Email Server / User Manual command (the version stands for the downloaded package version). Switch to the unpacked directory and run the $ ./configure –help command if you want to get an overview of possible configuration options. Run the $ ./configure command (possibly with selected options). This determines all the features and recognizes the AVG for Linux E-mail Server virus scanning software on your computer. Run the # .
AVG Linux Email Server / User Manual # No Qmail-Scanner at all for mail from 127.0.0.1 127.:allow,RELAYCLIENT="",RBLSMTPD="",QMAILQUEUE="/var/qmail/bin/qm ail-queue" # Use Qmail-Scanner without SpamAssassin on any mail from the local network # [it triggers SpamAssassin via the presence of the RELAYCLIENT var] 10.:allow,RELAYCLIENT="",RBLSMTPD="",QMAILQUEUE="/var/qmail/bin/qmai l-scannerqueue.
AVG Linux Email Server / User Manual Any dropped SMTP session (for example due to network outages) may lead to files lying around in /var/spool/qmailscan. Running the # /var/qmail/bin/qmail-scanner-queue.pl -z command as root at least once a day will ensure such files are deleted when they are over 30 hours old (for example the cron utility can be employed to perform the regular cleanup). Note: For details on the Qmail-Scanner please refer to the http://qmailscanner.sourceforge.net/ website. 4.4.
AVG Linux Email Server / User Manual 5. E-mail Scanning 5.1. General Principles The AVG for Linux E-mail Server service responsible for e-mail scanning runs as a set of memory resident daemons. These daemons are identical preforked processes bearing the AVG Anti-Virus scanning kernel and interface for scanning the e-mail content fetched by AMaViS, Qmail-Scanner or respective commercial e-mail server.
AVG Linux Email Server / User Manual 5.3. Using Unix Socket for an Extra Security You can take advantage of launching the AVG Anti-Virus e-mail scanning daemon within the same account as the e-mail content scanner (AMaViS or QmailScanner). Moreover, the e-mail scanning daemon can create a Unix socket and listen on it then in order to increase the e-mail scanning security. The socket is created and also destroyed by the daemon automatically with the proper access rights and ownership (e. g.
AVG Linux Email Server / User Manual 6. Commercial E-mail Servers AVG for Linux E-mail Server can also be used with commercial e-mail servers running under Linux. The main idea of such a solution is to protect the (possibly Windows powered) computers of users connected to these e-mail servers against the possible virus infection.
AVG Linux Email Server / User Manual export BASH_ENV PATH LANG LC_TIME LC_MONETARY LC_NUMERIC LC_COLLATE ... Once all the prerequisites mentioned above are satisfied, you can install the plugin. Unpack the plugin installation package with the # tar -xvzf avgln_linux-{version}.i386.tar.gz command (the version stands for the number of the plugin version). Switch to the unpacked avgln_linux directory and run the installation script as root: # ./install.
AVG Linux Email Server / User Manual z incoming files which are considered infected are sent to the recipient with a message containing file and virus details z outgoing e-mail containing infected attachments will be returned to the sender with information about the infected objects and corresponding viruses; the infected e-mail will not be delivered to the recipient You can easily change the default configuration of AVG for Lotus Notes/Domino Server using the Lotus Notes/Domino Server administratio
AVG Linux Email Server / User Manual removed from an incoming e-mail, no matter whether the identified file has been infected by a virus or not.
AVG Linux Email Server / User Manual - Deliver mail to the recipient, the infected e-mail will be delivered to the recipient with a warning about the virus and infected file added; additional settings will define whether the infected attachments are removed from the mail and/or moved to the AVG Virus Vault database. A field entitled Infected files allows you to specify the action to be taken for virus-infected files.
AVG Linux Email Server / User Manual - Scan – the attachments related field – you can define here whether to check all the attachments or only those with extensions specified in the Extensions field - Infected files - allows you to specify the action to be taken for virus-infected files.
AVG Linux Email Server / User Manual c) o fields grouped by the recipient of infected message detected in e-mail scan: o fields grouped by the virus in infected message detected in e-mail scan AVG Log In the AVG Log database information is stored on AVG for Lotus Notes/Domino Server events recorded during the server’s run. You can check and further examine various events such as initialization progress, viruses found and so on.
AVG Linux Email Server / User Manual o Delete the following files from the /usr/local/lotus/notesdata directory: avgln.pdf avglog.ntf avglog.nsf avgsetup.ntf avgsetup.nsf avgvirus.ntf avgvirus.nsf o Open the /usr/local/lotus/notesdata/notes.ini in a text editor and delete the avgmail and avgscan strings from the line beginning with ServerTasks idetifier. Delete also the whole lines NSF_HOOKS=AVGHOOK AVGLang=x The ‘x’ depends on the language installed (1 for Czech, 2 for English and 3 for German).
AVG Linux Email Server / User Manual 6.2. AVG for Kerio MailServer Maintenance The anti-virus protection mechanism is integrated directly into the Kerio MailServer application. In order to activate e-mail protection of Kerio MailServer by the AVG Anti-Virus scanning engine, launch the Kerio Administration Console application (using the kerioadmin command in your shell).
AVG Linux Email Server / User Manual b) Attachment Filter Tab On the Attachment Filter tab there is a list of various attachment definitions: You can enable/disable filtering of mail attachments by selecting the Enable attachment filter field. Each item in the list has four fields: o Type – specification of the kind of attachment determined by the extension given in the Content field. Possible types are File name or MIME type.
AVG Linux Email Server / User Manual An item is removed from the list by pressing the Remove button. You can add another item to the list by pressing the Add… button. Or, you can edit an existing record by pressing the Edit… button. This window then appears: c) o In the Description field you can write a short description of the attachment to be filtered. o In the If a mail message contains an attachment where field you can select the type of attachment (File name or MIME type).
AVG Linux Email Server / User Manual There are two sections: o Action This section specifies an action to be carried out when a virus is detected in a message, or when a message is filtered by an attachment filter: o - Forward the message to administrator address - when selected, the virus-infected message is forwarded to the address specified in address text field - Forward the filtered message to administrator address - when selected, the filtered message is forwarded to the address specified in
AVG Linux Email Server / User Manual 7. Standalone Command Line Modules As a part of the AVG for Linux E-mail Server internal structure, several command line configurable and executable modules are included in the installation package. 7.1. AVGSCAN Command The avgscan command is intended to perform various on-demand tests. Its performance is comprehensively controlled by the command line parameters.
AVG Linux Email Server / User Manual Parameter Description Explicit specification of file extensions not to be scanned in noext= the form of -noext=, where the string stands for the extension definition (for example “*”, ”jpg”, etc.). -smart Switches on the smart scan testing feature. -arc Switches on scanning of archives (common archive file types like ZIP, GZIP, BZIP2 and others are supported). -rt Switches on scanning of run-time compressed objects.
AVG Linux Email Server / User Manual Parameter Description -repappend FILE Reports messages about the test progress and results to the specified file; the file name must be given right after this option, and separated by the space character; in reverse to the previous option, an existing file can be used to append the information to the end of the file; when a new file is specified, it will be created. -repok Switches on reporting of uninfected files ‘is OK’.
AVG Linux Email Server / User Manual scans the user's home directory z $ avgscan -heur /home/user scans the user's home directory using heuristic analysis z $ avgscan /home/user/bin/run_something.sh scans the single file run_something.sh in the bin directory of user's home z $ avgscan -repok /home/user scans user's home directory, reporting uninfected files as OK z $ avgscan -report ~/reports/report001.
AVG Linux Email Server / User Manual z Optional update The optional update reflects changes that are not necessary for program functionality – texts, updates of the setup component, etc. Optional updates can be downloaded and applied together with recommended updates but the timeliness of implementing them is not urgent.
AVG Linux Email Server / User Manual The options for the avgupdate command are described in the following table: Parameter Description -o, --online Performs an online update from the Internet; the location where the update files are downloaded from is specified in the AVG AntiVirus configuration file. (See section 8. Configuration File for detailed information.).
AVG Linux Email Server / User Manual Parameter Description -a, --nodaemons When this option is selected, the AVG for Linux E-mail Server daemons will not be restarted following the update; for some server systems this option can help in avoiding problems with the incorrect restart of daemons. -m, -complete Select this option when your AVG for Linux E-mail Server installation is seriously damaged to repair it.
AVG Linux Email Server / User Manual 7.3. On-access Scanner The DAZUKO kernel interface for file access control must be inserted as a module into your kernel in order to enable the on-access scanning using the AVG for Linux E-mail Server engine. You can download the latest version of DAZUKO at http://www.dazuko.org. It is recommended to download the latest version available especially if you are running the kernel of major version 2.
AVG Linux Email Server / User Manual Note: The process of inserting a kernel module may vary according to the particular Linux distribution. Refer to your distribution documentation to resolve possible problems. Also, there can be some differences according to various versions of DAZUKO. Refer to the detailed DAZUKO documentation at http://www.dazuko.org. Create the device node for DAZUKO.
AVG Linux Email Server / User Manual 7.4. Service Signals Both on-access and e-mail scanning daemons are controlled within common AVG for Linux E-mail Server services. The services can be comprehensively managed by sending them a signal at once via the # /etc/init.d/avgd [start|stop|restart|reload|status|condrestart] command on most systems, or directly, using the # /opt/grisoft/avg7/etc/init.d/avgd [start|stop|restart|reload|status|condrestart] command.
AVG Linux Email Server / User Manual 8. Configuration File The common configuration of AVG for Linux E-mail Server command line modules is covered in the avg.conf file, usually located in the /opt/grisoft/avg7/etc directory. The general syntax of the configuration file is described as follows: ... # comments [] = = # comments ... [] = ...
AVG Linux Email Server / User Manual z heuristicAnalysis – using of heuristic analysis scanning; possible values are 0 or 1, the default value is 0 (heuristic analysis disabled) z processesArchives – scanning of archives; possible values are 0 or 1; the default value is 0 (archives scanning disabled) z syslogFacility – specification of facility used by syslog daemon (refer to the syslog.
AVG Linux Email Server / User Manual z unixSocketName – the name of the Unix socket used for the e-mail scanning daemon communication purposes; the default value is /tmp/avg.sock z address – local IP address the daemon is bound to – should be the same as the local address of your e-mail server; possible values are numerical strings according to the IP address decimal representation syntax; the default value is 127.0.0.
AVG Linux Email Server / User Manual o z 3 – maximum logging level, detailed information on all update phases is recorded (useful when an update fails for some unknown reason) timeout – specification of the maximum time the download can take (in seconds); possible values are non-negative integers; the default value is 0 (no limitation posed upon the downloading time) www.grisoft.com Copyright (c) 1992-2006 GRISOFT, s.r.o. All rights reserved.
AVG Linux Email Server / User Manual 9. FAQ and Technical Support The FAQ section of the Grisoft website (http://www.grisoft.com) provides answers to most issues that you may encounter while using AVG for Linux E-mail Server. If you do not find the solution of your problem in the FAQ section or documentation, contact the GRISOFT technical support department via e-mail at technicalsupport@grisoft.com.
