Installation manual

ManualsBrandsESET ManualsSoftwareNOD32 ANTIVIRUS - FOR LINUX MAIL SERVERS

This chapter is devoted to describe tips and tricks concerned with conguration of NOD32LMS/NOD32BMS. This

means it describes conguration of NOD32LMS/NOD32BMS in circumstances when for instance MTA is congured to

use other software with similar functionality or with functionality that could normally lead to misconguration of

NOD32LMS/NOD32BMS.

7.1. Dropping messages marked by NOD32 as deleted in MTA Postx

In the Internet there has recently appeared non-negligible increase of the number of the e-mail messages

containing so-called worm programs. In most cases the infected attachment of such messages cannot be cleaned but

rather deleted and whole messages even does not contain any reasonable information. In this case it has a sense to

discard (or treat in special way) this kind of messages. Mechanism described in this section can be used to suppress

messages marked as deleted in MTA Postx.

First of all one has to add the following entry:

write_to_header=1

into section [smtp] of the main NOD32 conguration le. This setting will result in a modication of each non-clean

e-mail message by means the string ’X-NOD32Result: status’ is inserted into header of themessage. Word ’status’ of the

string is replaced by actual status of the scanning process.

In order to discard all messages that has been marked as ’deleted’, add the following line:

header_checks=regexp:/etc/postx/header_checks

into the ’/etc/postx/main.cf’ conguration le. At the same time you will have to create le ’/etc/postx/header_

checks’ with the following content:

/^X-NOD32Result:deleted/DISCARD

To reread the newly created NOD32 conguration, enter the following command:

/etc/init.d/nod32d reload

To accomplish the whole procedure, one has to restart the MTA Postx.

Note that in older Postx versions DISCARD functionality may not work. In this case warning message ’Postx does

not know the command DISCARD’ appears in the MTA Postx logging output. This can be only solved by update of the

Postx software.

7.2. NOD32LMS/NOD32BMS and TLS support in MTA

Transport Layer Security (TLS) is a protocol guaranting

data privacy in client/server communication over the

Internet. The basic principle of TLS is based on the

SSL encryption of data traveling between client and

server (We have on our mind the SMTP communication

between MTA client and server). This has of course non-

negligible consequences for scanning of this kind of

communication. For instance, once TLS support in MTA is

enabled, the ’wrapping’ methods are impossible as the

whole intercepted SMTP communication is encrypted at

this stage. On the other hand, there is possibility to use

POSTFIX

NOD32

Content lter

2525

INTERNET

2526

MAILBOX

SMPT/TLS

Figure 7-1. Scheme of content ltering in Postx MTA with

enabled TLS.

NOD32 for Linux/BSD Mail Server