background image

Configuration

74

AntiVir MailGate

Avira GmbH

6.8

Configuring the Spam Filter

A license is required in order to use the spam filter. You can display information on 
your current license with:

antivir --version

The output should contain the following line:

product: Avira AntiSpam and Outbreak Detection

A spam filter is integrated in AntiVir MailGate and it filters spam and other 
unwanted emails. The spam filter opens a connection to the spam database server 
for every email to check its status.

You have to enable the connection on port 55555 via TCP.

The spam filter is currently available only for Linux-GLIBC22 systems. It integrates 
with AntiVir MailGate through a library (

libasmailgate.so

).

If the spam filter is active, emails marked as "Outbreak" are blocked. All other 
emails are just tagged. You can read about these header entries in the 

MANUAL

 file 

(Paragraph "Spam and bulk").

6.8.1 Spam Filter Configuration

All these options are made in 

avmailgate.conf

.

Options and parameters for spam filter

Enable

SpamCheck

Activates/deactivates spam filter.

EnableSpamCheck

YES

LibAsmailgate

Specifies the path to the spam filter library.

/usr/lib/AntiVir/libasmailgate.so

Asmailgate

Config

Specifies the path to the spam filter configuration file.

/etc/asmailgate.xml

Spam

Header

Name

Defines the spam header to be inserted in the email header. Only the beginning can 
be changed (

X-Antivirus-Spam-Check

). Example:

X-Antivirus-Spam-Check: clean (checked by AntiVir Mail-
Gate)

The parameters for the following options are:

z

BLOCK: the email is moved to quarantine

z

TAG: the email contains a new header

z

NONE: the email is neither blocked nor tagged. It is forwarded without being 
processed.

Содержание ANTIVIR UNIX MAILGATE

Страница 1: ...MORE THAN SECURITY www avira com User Manual Avira AntiVir UNIX MailGate...

Страница 2: ......

Страница 3: ...n 32 4 6 Installing MailGate Using the Graphical Installation Routine 33 Chapter 5 Operation 43 5 1 Starting and Stopping AntiVir MailGate Manually 43 5 2 Updating AntiVir MailGate Manually 45 5 3 Par...

Страница 4: ...2 AntiVir MailGate Avira GmbH Chapter 9 Appendix 109 9 1 Glossary 109 9 2 Further Information 110 9 3 Golden Rules for Protection Against Viruses 111...

Страница 5: ...d Symbols Page 4 Abbreviations Page 5 1 1 Introduction We have includeded in this manual all the information you need on AntiVir MailGate and it will guide you step by step through installation config...

Страница 6: ...stop and update AntiVir reactions when viruses and unwanted programs are detected 6 Configuration Directions for optimum settings of AntiVir MailGate on your system 7 Graphical User Interface GUI Gene...

Страница 7: ...component Select all Elements of the software interface such as menu items window titles and buttons in dialog windows http www avira com URLs Signs and Symbols Page 4 Cross reference within the docum...

Страница 8: ...About this Manual 6 AntiVir MailGate Avira GmbH...

Страница 9: ...s and institutes the alternative operating systems are increasingly targeted by virus programmers Therefore virus protection on UNIX will still be needed in the future This is why we have developed An...

Страница 10: ...coming and outgoing emails scanning of mailboxes isolation of suspicious and infected files configurable notification functions for the administrator and for the email sender and recipient login to th...

Страница 11: ...rectory This program can run as an independent server using port 25 SMTP or it can be started by the Internet superdaemons inetd or xinetd Scanner and Forwarder daemon The forwarder daemon reads the e...

Страница 12: ...version Convenience Package The license depends on the number of users in the network who are to be protected by AntiVir MailGate The license is contained in a license file named hbedv key You will re...

Страница 13: ...4 System Requirements For reasons of efficiency AntiVir MailGate makes the following minimum requirements of your server additional memory may be required depending on the email traffic number and siz...

Страница 14: ...Product Information 12 AntiVir MailGate Avira GmbH...

Страница 15: ...alhost OR unix local path to file Example unix path to file local path to file If necessary the ForwardTo entry has to be set to the Sendmail binary If the default value is correct the option has to r...

Страница 16: ...unning in Milter mode z All Sendmail features remain available Example SMTP authentication anti relaying and anti spam z Simple installation and integration in Sendmail z Hourly or daily Internet upda...

Страница 17: ...r MailGate Milter mode to Sendmail s configuration file sendmail cf z Directly modify sendmail cf OR z generate sendmail cf Directly modify sendmail cf X Insert the following two lines in the configur...

Страница 18: ...the corresponding lines in the file sendmail mc commands beginning with INPUT must be written in one line for sendmail 8 11 x define _FFR_MILTER true INPUT_MAIL_FILTER avmilter S inet 3333 localhost F...

Страница 19: ...roblems that do not directly concern AntiVir MailGate This section describes an example installation of a standard Sendmail configuration on a SuSE distribution If you want to integrate the program wi...

Страница 20: ...MailGate For example in tmp Downloading program files from the CD ROM X On the CD ROM open EN PRODUCTS UNIX MAILGATE or EN PRODUCTS UNIX GUI_INSTALLERS X Copy the file antivir mailgate prof version t...

Страница 21: ...estricted functionality Acquiring the license X Contact us by telephone or by email info avira de to obtain a valid license file You will receive the license file by email X You can also purchase Anti...

Страница 22: ...the program files and overwrites existing obsolete ones z copies configuration files and keeps existing configuration files z optional installs Internet Updater z optional installs the graphical user...

Страница 23: ...nt to install MailGate initially as a demo version without a license file X click Enter The next question asks if you want to install the automatic Internet Updater Found existing etc avmailgate conf...

Страница 24: ...tart automatically X Confirm with Enter You can deactivate this option later X Then you have to provide the path for the manual pages X Confirm the default path with Enter or type another one The foll...

Страница 25: ...ress Enter when asked about GUI installation The GUI program files are copied Then you are asked if you want to configure AntiVir Updater X Confirm the default with Enter Here you can supply important...

Страница 26: ...uter X click Enter when asked about GUI installation The GUI program files are copied AntiVir MailGate is installed You will see the following message X Depending on your MTA proceed with the installa...

Страница 27: ...configuration settings already made are not overwritten but inherited see Configuration Page 51 z Activation or deactivation of the automatic start up of Internet Updater The steps are the same in all...

Страница 28: ...0 or newer To detect your Exim version X Type exim bV There are two ways of integrating AntiVir MailGate with Exim z Integrate AntiVir MailGate as a content filter in Exim recommended z Proxy mode Co...

Страница 29: ...egin transports in exim conf and add the following lines Transport for AntiVir MailGate antivir_mailgate_transport driver smtp connect to port 10024 port 10024 allow_localhost X Restart Exim Proxy Mod...

Страница 30: ...file etc avmailgate conf for the following line Select how mail should be forwarded X Change these entries as below Send mail by piping it thru sendmail this is the de fault ForwardTo usr sbin sendmai...

Страница 31: ...d If you use tcpwrapper with Qmail X Change the Qmail port in var qmail supervise qmail smtpd run For example look for the following lines usr bin tcpserver D R v p x etc tcprules d qmail smtp cdb u Q...

Страница 32: ...Port for postfix backdoor X Look for the following line in etc avmailgate conf Select interface and port the smtp daemon will listen on X Change these entries as below Select interface and port the s...

Страница 33: ...7 0 0 1 10024 X Restart Postfix etc init d postfix restart or etc init d postfix reload If Postfix sets the status deferred for emails after AntiVir MailGate installation X search in main cf for the l...

Страница 34: ...age but will force the program to react when an email scan is performed if the installation and configuration is correct X Copy the following string to a file X5O P AP 4 PZX54 P 7CC 7 EICAR STANDARD A...

Страница 35: ...les Page 18 Thegraphicalinstallationroutineservesonlyforinstallation ItisnotrelatedtotheGUI which enables the operation and configuration of AntiVir MailGate The graphical installation routine for Ant...

Страница 36: ...ment If Disagree is selected the installation cannot continue X Select Agree and click Next The following window is displayed There are three ways to install MailGate z Express setup the program is in...

Страница 37: ...inary avmailgate bin is installed in usr lib AntiVir avmailgate bin z the automatic Internet Updater is not installed z GUI support is activated z MailGate will start automatically when booting z the...

Страница 38: ...tings X Select Custom setup and click Next The following window asks which mail server will be used Postfix Sendmail Exim Qmail etc X Select your mail server and click Next The following window asks i...

Страница 39: ...Internet Updater If you wish to install the Internet Updater X Select Yes and click Next in this case you are asked if you want the Internet Updater to start automatically when the computer is booted...

Страница 40: ...ra GmbH The next window asks whether MailGate should start automatically when the computer is booted X Select Yes or No and click Next A window will display the settings and further instructions X Cli...

Страница 41: ...nly Choose this option if you wish to install only the GUI X Select GUI only and click Next The GUI is installed in the following directory usr lib AntiVir All settings and further instructions appear...

Страница 42: ...list the installation steps performed X Click Next The following window appears only if you selected a mail server at the beginning of the installation You can either follow the instructions of the se...

Страница 43: ...x X Select Go through the MANUAL step by step and click Next Example Postfix the following window appears X Click Next Another window is displayed If you want to start the GUI directly X activate the...

Страница 44: ...Installation 42 AntiVir MailGate Avira GmbH...

Страница 45: ...AntiVir MailGate Manually Page 45 z Parameters for SMTP and Scanner Daemon Page 46 z Queue Manager avq Page 47 In addition you will find information on z Procedures when Detecting Viruses Unwanted Pro...

Страница 46: ...arting AntiVir MailGate This happens for example after making changes in configuration scripts X Type usr lib AntiVir avmailgate restart The program restarts after showing the following message Showin...

Страница 47: ...ly updated with the current antivirus files without interrupting the running scan processes It is thus ensured that all files are scanned If AntiVir does not run as root during updating it does not ha...

Страница 48: ...file Defines an alternative acl file instead of the default setting etc avmailgate acl i The SMTP daemon runs in inetd mode with SMTP conversation via stdin and stdout For more information see inetd 8...

Страница 49: ...is displayed This command corresponds to usr lib AntiVir avmailgate bin avq list In the first row you will see the name of the displayed queue For example Queue rejected At the end of the list you wi...

Страница 50: ...ilgate bin avq remove 1 X Find out the ID of the email AntiVir MailGate indicates the ID of the email in its logs and in the email sent to the postmaster X Type the command where ID is the ID of the i...

Страница 51: ...ing to be forwarded X Find out the ID of the email AntiVir MailGate indicates the ID of the infected email in its logs and in the email sent to the postmaster X Type the command where ID is the ID of...

Страница 52: ...ttings postmaster can send alerts to senders and or recipients of infected emails z According to the avmailgate conf settings infected files can be further processed by external programs or scripts Th...

Страница 53: ...tecting Viruses Unwanted Programs Page 52 z Configuring avmailgate conf Page 53 z Configuring avmailgate acl Page 67 z Virus Warnings Configuring avmailgate warn Page 67 z Configuring Report Templates...

Страница 54: ...be scanned z outgoing scanned emails that can be forwarded z rejected emails containing a virus unwanted program or classified as problematic due to a MIME error for example Spool files In these direc...

Страница 55: ...procedure X Edit avmailgate conf according to your preferences X Restart MailGate to activate the new settings usr lib AntiVir avmailgate restart The entries in avmailgate conf are described below in...

Страница 56: ...luding virus definition file antivir vdf and the license file AntiVirDir usr lib AntiVir Temporary Dir Temporary directory This contains temporary files such as attachments currently being scanned for...

Страница 57: ...ss The address and the port on which the SMTP daemon listens AntiVir MailGate listens on all network cards by 0 0 0 0 or a specific IP address can be defined If you are uncertain you can retain the de...

Страница 58: ...l incoming emails This default setting should not be changed RefuseEmptyMailFrom NO RFC2821 RFC821 and RFC2505 recommend that all emails even without the sender s address should be accepted by an SMTP...

Страница 59: ...owed the email is sent to hostA otherwise to hostC InEnvelopeAddressesPercentIs REFUSED AcceptLoose DomainName Checking email domain syntax A domain name must contain the following characters only 0 9...

Страница 60: ...the email is not scanned z if there is a match in the scan list the email is scanned The email addresses must have Perl compatible regular expressions such as abc abc xyz i abc def tld Example etc avm...

Страница 61: ...eiving a reply to the DATA command SMTPDataTimeout 120 SMTP DataBlock Timeout Defines the maximum timeout in seconds for sending individual data blocks SMTPDataBlockTimeout 180 SMTP DataPeriod Timeout...

Страница 62: ...rsion level or the maximum attachment number default setting NO BlockSuspiciousMime NO Block Fragmented Message Blocking fragmented emails Blocks fragmented emails For further information see Message...

Страница 63: ...t only if the sender is local user in your domain Set the option in avmailgate acl to local z YES the sender always receives virus alerts for the concerning emails ExposeSenderAlerts LOCAL Expose Post...

Страница 64: ...itional information If the setting is YES z in the template directory there is a body state file containing user defined text that is added to the email see Configuring Report Templates Page 68 If the...

Страница 65: ...email to the postmaster The value is YES or NO AddHeaderToNotice NO UseProxy Optimizing scans If you use a certain pool for AntiVir scanner the scans can be more effective with the proxy option in SAV...

Страница 66: ...exceed the given value in bytes are unpacked and scanned e g 2kB 2 Kilobytes 3MB 3 Megabytes ArchiveMaxSize 0 ArchiveMax Recursion Maximum archive recursion If the setting is 0 recursive nested archi...

Страница 67: ...g attachments with specified file extensions such as exe scr pif This also applies to archived files BlockExtensions NO Block OnError Blocking emails on scan error Blocks emails if an error occurs dur...

Страница 68: ...d MailGate is restarted In this case all emails are processed as soon as possible It can lead to load problems The set number is the maximum number of emails to be processed by ThrottleDelay see examp...

Страница 69: ...of the IP address Therefore all IP addresses starting with 192 168 are allowed 6 4 Virus Warnings Configuring avmailgate warn Optionally you can use another file etc avmailgate warn Besides avmailgate...

Страница 70: ...es directory usr lib AntiVir templates examples language in the directory usr lib AntiVir templates X Change the directory to usr lib AntiVir templates This directory contains the following files path...

Страница 71: ...an your system before sending any more email messages Keyword Text SENDER The email address of the infected email sender ALERTS The list of viruses unwanted programs found in the email Every line cont...

Страница 72: ...at regular intervals For information on updates see Chapter Configuring Update Reports Page 73 Configuring Internet connection for updates 3 Check that your Internet connection is functioning correct...

Страница 73: ...dates authenticity with GnuPG GnuPG is a free alternative to the encryption program PGP Pretty Good Privacy Using GnuPG you can verify the authenticity of the AntiVir Updates It is highly recommended...

Страница 74: ...ion directory cd tmp antivir mailgate prof version bin OS Here you can find the files antivir and antivir asc X Check the signature with gpg verify antivir asc antivir If you do not receive an error m...

Страница 75: ...l important operations through the syslog daemon You can specify the facility and priority for these reports If you are not familiar with syslog you should not change the default values You can find f...

Страница 76: ...d as Outbreak are blocked All other emails are just tagged You can read about these header entries in the MANUAL file Paragraph Spam and bulk 6 8 1 Spam Filter Configuration All these options are made...

Страница 77: ...tains the following header X AntiVirus Spam Check spam checked by AntiVir Mail Gate Options and parameters for spam filter proxy EnableSpam FilterProxy Activates deactivates the spam filter proxy Enab...

Страница 78: ...Configuration 76 AntiVir MailGate Avira GmbH...

Страница 79: ...ted during the installation X Type as root usr sbin usermod G group1 group2 group3 antivir username group1 group3 are the groups to which the user belongs username is the name of the user To set the g...

Страница 80: ...on the tab you click the GUI displays its own menus and options Problems Check the following requirements for using the GUI z AntiVir MailGate must be installed in usr lib AntiVir z You must have a C...

Страница 81: ...rt the GUI usr lib AntiVir antivir gui The GUI appears displaying the Realtime view Status display Computer color codes z green text MailGate is active z blue text unknown MailGate status z red text M...

Страница 82: ...s of the other computers in the network z About information about GUI z Exit closes GUI MailGate is not stopped MailGate z Realtime view to display the graphical Realtime view z Logfile to switch to t...

Страница 83: ...tarting GUI Page 79 Logfile Window X Click on the Logfile button OR select the menu option MailGate Logfile The Logfile window appears Logfile Displays the complete logfile with full paths the current...

Страница 84: ...l Rows Number of displayed log lines Load new Reload the logfile More The loaded logfile view is extended with the number of Lines given Configuration Window see Configuring AntiVir MailGate Using the...

Страница 85: ...eter These parameters are fully described in Configuring avmailgate conf Page 53 Opening the Configuration Window X Click the symbol for configuration OR select the menu option MailGate Configuration...

Страница 86: ...The corresponding parameters in avmailgate conf are User and Group If these settings are modified the access rights of the corresponding directories must be changed too Postmaster Receives warnings ab...

Страница 87: ...lDir is set in avmailgate conf AntiVir The directory with AntiVir main program including the virus definition file antivir vdf and the license file It sets AntiVirDir in avmailgate conf Temporary This...

Страница 88: ...MailGate listens on all network cards by 0 0 0 0 or you can specify an IP address for a single net card If you are uncertain you can keep the default setting The parameter is ListenAddress in avmailga...

Страница 89: ...et You can use KB MB or GB The parameter is BounceMessageSizeBody in avmailgate conf Header size Sets the bounce mail header size in Bytes The value 0 means no limit is set You can use KB MB or GB The...

Страница 90: ...the email contains no additional information If the setting is YES z plain RFC822 emails not MIME emails the notification is added at the beginning of the message z MIME email scanned email sent as n...

Страница 91: ...y in syslog for MailGate notifications The parameter is SyslogFacility in avmailgate conf Log The field has to contain the full path to a distinct logfile It sets LogFile in avmailgate conf If there i...

Страница 92: ...canned email contains a note on incoming time It sets AddReceivedByHeader in avmailgate conf Received lines Avoids mail loops If more Received lines appear in the header the email is blocked It sets M...

Страница 93: ...Interface GUI Avira GmbH AntiVir MailGate 91 Prefix settings The program reports virus and malware detections You can also set it to report so called extended malware types by activating the correspo...

Страница 94: ...ain or IP address Accept domain X Set the local hosts and or domains For example localhost or avira com Allow forwarding from X Set which hosts and networks may send emails For example 127 0 0 1 8 or...

Страница 95: ...cute on alert Calls an external program or script when a virus unwanted program is detected The parameter forwarded is the ID of the rejected email see MailGate Actions when Detecting Viruses Unwanted...

Страница 96: ...e zero value default setting deactivates this function so that the number is unlimited It sets MaxIncomingConnections in avmailgate conf Max no of recipients per email Defines the maximum number of re...

Страница 97: ...pped Defines the maximum time for email scanning in seconds It sets ScanTimeOut in avmailgate conf Periodicity of queue scanning Sets the time in seconds for the scanner and forwarder daemon to scan t...

Страница 98: ...maximum timeout in seconds for receiving the greeting message from the remote host to which the email is sent It sets SMTPGreetingTimeout in avmailgate conf SMTP EHLO HELO Timeout Defines the maximum...

Страница 99: ...ut in avmailgate conf SMTP DATAPeriod Timeout Defines the maximum timeout in seconds for receiving a reply to the final dot of the DATA command and QUIT command after sending the message It sets SMTPD...

Страница 100: ...ding an email The value can be given in seconds minutes hours or days see above Throttle message count This option is necessary if too many emails are gathered in the queue and MailGate restarts In th...

Страница 101: ...tion sets the number of emails ThrottleMessageCount to be sent in a time interval in seconds The zero value deactivates the option Example There are 100 emails in the queue ThrottleMessageCount is set...

Страница 102: ...05 recommend that all emails even without the sender s address should be accepted by an SMTP server However it is recommended not to change the default setting for the parameter RefuseEmptyMailFrom Al...

Страница 103: ...is treated as a normal sign in the recipient s address If INTERPRETED is set the recipient s address is transformed into RFC821 standard form For example the address hostA hostB hostC user is transfor...

Страница 104: ...ils An email is classified as suspicious if it exceeds the maximum recursion level or the maximum attachment number It sets BlockSuspiciouMime in avmailgate conf Block fragmented MIME emails Blocks fr...

Страница 105: ...les that have useless content but intentionally expand to an irrational size when unpacked in order to slow down the computer This parameter avoids unpacking such archive files If the setting is 0 all...

Страница 106: ...supportedArchive in avmailgate conf Block mails with suspicious archives If activated YES this option blocks archives that exceed one of the settings for ArchiveMaxSize ArchiveMaxRecursion and Archive...

Страница 107: ...in AddressFilter Page 57 Filtertable order Scanning order of the filter table This option can be used only if AddressFilter is active AddressFilter YES The possible parameters are scan ignore or igno...

Страница 108: ...too many resources and do not increase performance while too few scanners keepSAVAPI applications waiting for an unnecessarily long time Possible parameters are YES and NO The parameter is UseProxy in...

Страница 109: ...of your purchased AntiVir program Another optional service is the AntiVir Premium Support which in addition to the scope of the AntiVir Classic Support allows you to contact expert partners at any tim...

Страница 110: ...e 108 AntiVir MailGate Avira GmbH 8 3 Contact Address Avira GmbH Lindauer Strasse 21 D 88069 Tettnang Germany Internet You can find further information on us and our products by visiting http www avir...

Страница 111: ...file containing reports generated by the program during run time when a certain event occurs Malware Generic term for foreign bodies of any type These can be interferences such as viruses or other so...

Страница 112: ...erent logfiles The syslog daemon configuration is in etc antivir conf Unwanted programs The name for programs that do not directly harm the computer but are not wanted by the user or administrator or...

Страница 113: ...and during installation If there are other users connected to your computer you should set the following rules for protection against viruses X Use a test computer to check downloads of new software...

Страница 114: ...ECURITY www avira com Avira GmbH Lindauer Str 21 D 88069 Tettnang Telephone 49 0 7542 500 0 Fax 49 0 7542 525 10 Email info avira com Internet http www avira com All rights reserved Subject to change...

Отзывы: