background image

Configuration

Avira GmbH

Avira AntiVir MailGate

33

According to the result, the procedures are:

z

if there is no match in the first list, the next list is checked.

z

if there is no match in the second list either, the email is scanned.

z

if there is a match in the ignore list, the email is not scanned.

z

if there is a match in the scan list, the email is scanned.

The email addresses must have Perl-compatible regular expressions, such as:

/abc/
/^abc/
/xyz/i
/^abc@def\.tld/

Example

:

/etc/avmailgate.ignore

 contains the following lines:

/^somebody@somewhere\.tld$/ SR
/^virus@firm/ R
/^abc@def.*\.tld/i

If the address is [email protected], the email is not scanned.

If the recipient address is virus@firm*, the email is not scanned. In this case, the R 
flag is optional:

/^virus@firm/ R is equal to /^virus@firm/.

When starting AntiVir MailGate, 

maillog

 will indicate whether the address filter 

is active or not:

addressfilter is active
table order is: ignore,scan

or

addressfilter is not active

Filter

TableOrder

Scanning order of the filter table

:

This option can be used only if AddressFilter is active (

AddressFilter

 

YES

). 

The possible parameters are:

FilterTableOrder scan,ignore

or

FilterTableOrder ignore,scan

SMTP

Greeting

Timeout

Defines the maximum timeout, in seconds, for receiving the greeting message 
from the remote host (not in milter mode).

SMTPGreetingTimeout 300

SMTPHelo

Timeout

Defines the maximum timeout, in seconds, for receiving a reply to the SMTP HELO 

Summary of Contents for AntiVir MailGate

Page 1: ...Avira AntiVir MailGate MailGate Suite www avira com User Manual...

Page 2: ...on the MTA 20 4 6 Testing AntiVir MailGate after Installation 25 5 Configuration 26 5 1 MailGate Spool Directories 27 5 2 MailGate Configuration in avmailgate conf 28 5 3 Spam Filter Configuration Av...

Page 3: ...and Symbols Page 4 Abbreviations Page 5 1 1 Introduction We have included in this manual all the information you need on Avira AntiVir MailGate and it will guide you step by step through installation...

Page 4: ...r optimum settings of Avira AntiVir MailGate components on your system 6 Operation Commands and parameters for running the Scannerandthequeuemanager reactionswhen viruses and unwanted programs are det...

Page 5: ...r lib AntiVir User entries Choose component Select all Elements of the software interface such as menu items window titles and buttons in dialog windows http www avira com URLs Signs and Symbols Page...

Page 6: ...s the alternative operating systems are increasingly targeted by virus programmers Therefore virus protection on UNIX will still be needed in the future This is why we have developed Avira AntiVir Mai...

Page 7: ...igurable spam filter available in Avira MailGate Suite scanning of mailboxes isolation of suspicious and infected files configurable notification functions for the administrator and for the email send...

Page 8: ...un as an independent server using port 25 SMTP or it can be started by the Internet superdaemons inetd or xinetd Scanner and Forwarder daemon The forwarder daemon reads the emails stored in the spool...

Page 9: ...on the number of users in the network who are to be protected by Avira AntiVir MailGate The license is contained in a license file named hbedv key You will receive it by email from Avira GmbH It cont...

Page 10: ...U 32 bit or 64 bit UNIX Running AntiVir software on 64 bit UNIX systems requires the ability to execute 32 bit binaries For instructions about checking and eventually enabling this behavior please ref...

Page 11: ...unix local path to file Example unix path to file local path to file If necessary the ForwardTo entry has to be set to the Sendmail binary If the default value is correct the option has to remain unc...

Page 12: ...and outgoing emails Reliable on access detection of viruses and malware Configurable reaction when viruses or malware are detected Isolation of infected or suspicious files in a quarantine directory...

Page 13: ...while sending information to filter R timeout while reading an answer from filter E timeout between sending the End of message and the response from the filter Generate sendmail cf X Insert the corres...

Page 14: ...grate the program with another MTA or for example with Lotus Domino you can find further information in the related files INSTALL sendmail INSTALL exim INSTALL qmail INSTALL postfix etc This Chapter c...

Page 15: ...e prof version will be created in the temporary directory 4 2 Licensing You need a license to run AntiVir MailGate see Licensing Concept Page 9 The license file hbedv key is delivered by email It cont...

Page 16: ...talls Avira Updater z optional installs the GUI support for Avira SMC Security Management Center Preparing installation 3 The program files have been downloaded from the Internet and unpacked X Login...

Page 17: ...update copying Enter the path to your key file 2 Configuring updates An internet updater is available with version 3 1 2 1 of AVIRA MailGate UNIX It will ensure that you always have the latest virus s...

Page 18: ...want to install the SMC plugin or n and Enter to skip it The following message appears when the script is finished X Depending on your MTA proceed with the installation as described in Further Install...

Page 19: ...The steps are the same in all cases X Open the directory where you unpacked AntiVir MailGate For example cd tmp antivir mailgate prof version X Type install The installation script runs as described a...

Page 20: ...ove the cronjobs you made for MailGate and Scanner X Answer the questions with y or n and press Enter Avira AntiVir MailGate is removed from your system 4 5 Further Installation Steps Depending on the...

Page 21: ...and add the following entries Router for AntiVir MailGate antivir_mailgate debug_print R AntiVir MailGate for local_part domain driver manualroute transport antivir_mailgate_transport route_list loca...

Page 22: ...in sendmail usr sbin sendmail X Establish the email forwarding mode Refer to the file etc avmailgate conf for the following line Select how mail should be forwarded X Change these entries as below Sen...

Page 23: ...2 1 X Edit the lines as follows usr bin tcpserver D R v p x etc tcprules d qmail smtp cdb u QMAILDUID g NOFILESGID 0 smtp backdoor var qmail bin qmail smtpd 2 1 Configuring Postfix There are two ways...

Page 24: ...avmailgate restart X Add the following entry in etc postfix master cf service type private unpriv chroot wakeup maxproc command args yes yes yes never 50 smtp inet n n smtpd For AntiVir Mail daemon l...

Page 25: ...ing AntiVir MailGate it is recommended thatyou test its functionality To do this you can use a test virus called Eicar which is recognized by all virus scanners This will not cause any damage but it w...

Page 26: ...are provided with default values which are suitable for most set ups Some entries are deactivated or commented out using and they can be activated by deleting the sign Starting with MailGate 3 0 0 unk...

Page 27: ...anned z outgoing scanned emails that can be forwarded z rejected emails containing a virus unwanted program or classified as problematic due to a MIME error for example Spool files In these directorie...

Page 28: ...ing to your preferences X Restart MailGate to activate the new settings usr lib AntiVir avmailgate restart The entries in avmailgate conf are described below in thematic groups These entries only infl...

Page 29: ...y This directory contains temporary files such as attachments currently being scanned for viruses or unwanted programs Sufficient space is required for unpacked attachments If not set the TMPDIR envir...

Page 30: ...and if set in the logfile Possible values 0 disabled 5 all messages DebugLevel 0 Listen Address IP address The address and the port on which the SMTP daemon listens AntiVir MailGate listens on all ne...

Page 31: ...l incoming emails This default setting should not be changed RefuseEmptyMailFrom NO RFC2821 RFC821 and RFC2505 recommend that all emails even without the sender s address should be accepted by an SMTP...

Page 32: ...eter AcceptLooseDomainName also allows incorrect domain names If the setting is NO and the domain name for message delivery is not correct depending on source routing the message is rejected If the se...

Page 33: ...he email is not scanned If the recipient address is virus firm the email is not scanned In this case the R flag is optional virus firm R is equal to virus firm When starting AntiVir MailGate maillog w...

Page 34: ...meout Defines the maximum timeout in seconds for receiving a reply to the final dot of the DATA command and QUIT command after sending the message not in milter mode SMTPDataPeriodTimeout 600 Max Forw...

Page 35: ...activated YES this option blocks mails containing an archive which is part of a multivolume archive BlockPartialArchive NO Block Extensions Blocking emails with certain extensions You can configure M...

Page 36: ...email body If the setting is NO the email contains no additional information default AddStatusInBody NO If the setting is YES z If a file named body state exists in the template subdirectory of the p...

Page 37: ...given value in bytes are unpacked and scanned e g 2KB 2 Kilobytes 3MB 3 Megabytes ArchiveMaxSize 0 ArchiveMax Ratio Blocking mail bombs Blocks so called mail bombs with a very high compression ratio Y...

Page 38: ...euristics for macroviruses in documents HeuristicsMacro yes Heuristics Level Win32 Heuristics Sets the detection level of Win32 Heuristics Available values are 0 off 1 low 2 medium and 3 high Heuristi...

Page 39: ...e to retry forwarding an email not in milter mode The value can be given in seconds minutes hours or days see above ForwarderRetryDelay 30m Throttle Message Count This option is necessary if too many...

Page 40: ...eader 0 AddXHeader Adding X header not in milter mode If the setting is YES the queue ID and information on scan status will be included in the header of the email For example X AntiVirus checked by A...

Page 41: ...ile usr lib AntiVir gui cert cacert pem GuiCertFile usr lib AntiVir gui cert server pem GuiCertPass antivir_default GuiRandFile path to file If these parameters are missing or not valid the GUI is not...

Page 42: ...erous IFrameAction Performs the set action when detecting a dangerous iframe DangerousIFrameAction TAG Dangerous Alert Action Performs the set action when the spam filter classifies emails as dangerou...

Page 43: ...tag it tag_dangerous_alert If the mail contains a dangerous alert tag it tag_dangerous_iframe If the mail contains a dangerous iframe tag it Example of etc asmailgate except spam somewhere tld i black...

Page 44: ...switch the GTUBE detection on set this option to YES and restart Avira MailGate SpamFilterDetectGTUBE NO SpamFilter Startup Timeout This option specifies how long should Avira MailGate wait for the e...

Page 45: ...t system value is lower than the default OpenMax 1024 DBSupport If this option is enabled MailGate writes statistics into a database The database consists in two tables alerts logs information about e...

Page 46: ...g any changes If the socket file exists delete it and only change the owner group of the directory In etc avmailgate conf Change the option User Group Change the owner group of the directory and its s...

Page 47: ...tial malicious code Default ReportLevel 0 ScanTemp The directory used by the scanner to store temporary files such as unpacked archives or locked files Default ScanTemp var tmp LogFileName Path to the...

Page 48: ...n Optionally you can use another file to set the warning messages etc avmailgate warn Beside avmailgate conf this file controls the alert emails sent to the recipient sender and postmaster A command f...

Page 49: ...e text of the email Keywords The files alert and patho may contain the following keywords which are replaced by the appropriate text Keyword Text SENDER The email address of the infected email sender...

Page 50: ...RM Your email SUBJECT AntiVir ALARM AntiVir has discovered the following in the email sent from your address ALERTS This email has not been sent but isolated on your server Please scan your system imm...

Page 51: ...servers internet srvs http dl1 pro antivir de http dl2 pro antivir de http dl3 pro antivir de master file Specifies the master idx file master file idx master idx install dir Specifies the installati...

Page 52: ...s log messages log var log avupdate log log append By default the logfile is overwritten You can use this option to append the logfile log append Integration into Avira Security Management Center SMC...

Page 53: ...lGate as described in Installation Page 14 the program is automatically started and stopped by the system However you may need to start and stop AntiVir MailGate manually Any changes in configuration...

Page 54: ...pe usr lib AntiVir avmailgate restart The program restarts after showing the following message Checking AntiVir MailGate status X Type usr lib AntiVir avmailgate status The program shows information o...

Page 55: ...stop and status too A acl file Defines an alternative acl file instead of the default etc avmailgate acl i The SMTP daemon runs in inetd mode with SMTP conversation via stdin and stdout For more info...

Page 56: ...ails in the queue is displayed In the first row you will see the name of the displayed queue For example Queue rejected At the end of the list you will see the number of emails in the queue 5 mails in...

Page 57: ...X Find out the ID of the email AntiVir MailGate indicates the ID of the email in its logs and in the email sent to the postmaster You can apply the following parameters to the outcome Parameter Descri...

Page 58: ...MailGate indicates the ID of the infected email in its logs and in the email sent to the postmaster X Type the command where ID is the ID of the infected email usr lib AntiVir avmailgate bin avq deli...

Page 59: ...s postmaster can send alerts to senders and or recipients of infected emails z According to the avmailgate conf settings infected files can be further processed by external programs or scripts These p...

Page 60: ...ts X Use the command usr lib AntiVir avupdate product product As product you can use Scanner recommended to update the scanner engine and vdf files MailGate complete update MailGate scanner engine and...

Page 61: ...he scanner engine and vdf files MailGate complete update MailGate scanner engine and vdf files X Start the update process to test the settings usr lib AntiVir avupdate product product where product ta...

Page 62: ...iVir program Another optional service is the AntiVir Premium Support which in addition to the scope of the AntiVir Classic Support allows you to contact expert partners at any time even after business...

Page 63: ...Avira GmbH Avira AntiVir MailGate 63 8 3 Contact Address Avira GmbH Lindauer Strasse 21 D 88069 Tettnang Germany Internet You can find further information on us and our products by visiting http www a...

Page 64: ...rtain event occurs Malware Generic term for foreign bodies of any type These can be interferences such as viruses or other software which the user generally considers as unwanted see also Unwanted Pro...

Page 65: ...fferent logfiles The syslog daemon configuration is in etc antivir conf Unwanted programs The name for programs that do not directly harm the computer but are not wanted by the user or administrator o...

Page 66: ...ing and during installation If there are other users connected to your computer you should set the following rules for protection against viruses X Use a test computer to check downloads of new softwa...

Page 67: ...evious written consent from Avira GmbH Errors and technical subject to change Issued Q1 2009 AntiVir is a registered trademark of the Avira GmbH All other brand and product names are trademarks or reg...

Reviews: