Installation of a virus scanner (H+BEDV AvMailGate)

Support knowledgebase (rsimai_imap3_avmailgate)
Applies to

SuSE eMail Server: Version 3

Situation

Installation of virus scanner AvMailGate

Procedure for an installation from the scratch

A demoversion of AvMailGate is included on the installation disk
It can be found in the series pay

Please use YaST, YaST2 or rpm -Uvh PACKAGE to install the package avmailgate.rpm

AvMailGate is capable to work with different MTAs (Mail Transfer Agents), this description is to be used for postfix systems like SuSE eMail Server 3.
  1. Stop the postfix service: rcpostfix stop
  2. Edit the file /etc/postfix/master.cf and change the line

  3. #localhost:10025 inet n  -    y    -    -    smtpd -o content_filter=
    to
    localhost:10026 inet n  -    y    -    -    smtpd -o content_filter=
  4. Edit the file /etc/postfix/main.cf and insert this line:

  5. content_filter = smtp:127.0.0.1:10025
  6. Edit the file /etc/avmailgate.conf and change ListenAddress and ForwardTo to this:

  7. ListenAddress   127.0.0.1  port 10025
    ForwardTo       SMTP: localhost port 10026
  8. Edit the file /etc/rc.config and set

  9. START_AVMAILGATE="yes"
  10. Edit the file /etc/aliases and enter the line
    AvMailGate:     mailadmin
    and run newaliases

  11. Start the update program update-queue --update (only present in 6.x.x.x versions)

  12. Start the scanner by entering rcavgate start

  13. Start the postfix services by entering rcpostfix start

Your eMail Server 3 is now capable of scanning incoming mails.

Procedure for an update

  1. Stop the scanner: rcavgate stop. Make sure, that the processes avgatefwd and avgated do not exist anymore!
  2. Install the update package rpm -Uhv PACKAGENAME
    Attention: H+BEDV has changed the version number from 6.x.x.x to 2.x.x.x. Actually these packages are more recent. To install these packages you may use rpm -Uhv --oldpackage PACKAGENAME
  3. Start the update program: update-queue --update (only present in 6.x.x.x versions)
  4. Start the scanner: rcavgate start

Description

Postfix accepts incoming mails on port 25 and leads them to a content_filter. The content_filter is now AvMailGate, which takes over the mails on port 10025. After the mails have been scanned, they are placed back to postfix on port 10026. Finally postfix delivers the mails.
Documentation about AvMailGate can be found after installation at /usr/share/doc/packages/avmailgate

Full version

Have a look at http://www.antivir.de/ to get information about the H+BEDV products.

Test your installation

You may use a testpattern like eicar.com to verify your setup.
Attention: You are using this information on your own risk. Have a look at the URL below for more details!

  1. Open a new text file using your favourite editor
  2. Copy the following line into this file
  3. X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
  4. Save the text file to eicar.com
  5. Send this file as an attachment to a user on your eMail Server
The mailadmin and the sender now should get a mail, which informs about the detection of a possible virus. In this mail, the mailadmin will additionally be informed about sender, recipient and how to force the delivery/removal of the mail.
Although this is no real virus, do never send this file to other mail servers!

More information about this test can be found at http://www.eicar.org/anti_virus_test_file.htm
Keywords: IMAP3, AVMAILGATE, VIRUS, SCANNER, ANTIVIR, H+BEDV

Categories: SuSE Linux IMAP Server

SDB-rsimai_imap3_avmailgate, Copyright SuSE Linux AG, Nürnberg, Germany - Version: 28. Nov 2001
SuSE Linux AG - Last generated: 28. Jun 2002 by rsimai (sdb_gen 1.40.0)