Avira AntiVir UNIX MailGate 3 years 10 Units
Contents
1. If REFUSED is set and there is an in the recipient s address the message is rejected If IGNORED is set is treated as a normal sign in the recipient s address If INTERPRETED is set the recipient s address is transformed into RFC821 standard form For example the address hostA hostB hostC user is transformed into Avira AntiVir MailGate 31 InEnvelope Addresses Percentls AcceptLoose DomainName AddressFilter Avira GmbH Configuration hostA hostB user hostcC If source routing is allowed the email is sent to hostA otherwise to hostC nEnvelopeAddressesBangIs REFUSED Percent sign in envelope address not in milter mode If REFUS rejected T D is set and a sign is in the recipient s address the message is If IGNOR py iD is set is treated as a normal sign in the address T If INTERPRETED is set the recipient s address is transformed into RFC821 standard form For example the address usershostCshostBehostA is transformed into hostA GhostB user hostc If source routing is allowed the email is sent to hostA otherwise to hostC nEnvelopeAddressesPercentIs REFUSED Checking email domain syntax not in milter mode A domain name must contain the following characters only 0 9A Za z The para2. BlockExtensions NO OYr BlockExtensions exe scr pif Sending alerts to recipients of suspicious emails You can send alerts of viruses and unwanted programs to recipients The available values are e NO the recipient will receive no virus alert e LOCAL alert messages are sent only if the recipient is a local user of your domain Set the option in avmailgate acl to local YES the recipient always receives virus alerts ntAlerts LOCAL ExposeRecipi Avira AntiVir MailGate 35 Expose SenderAlerts Expose Postmaster Alerts AlertsUser AddStatus InBody MaxMessage SizeStatus ForwardAll EmailAsMIME Avira GmbH Configuration Sending alerts to senders of concerning emails You can send alerts about viruses and unwanted programs to senders The available values are e NO the sender will receive no virus alert e LOCAL alert messages are sent only if the sender is local user in your domain Set the option in avmailgate acl to Local not in milter mode YES the sender always receives virus alerts for the concerning emails ExposeSenderAlerts LOCAL Sending alerts to postmaster Sends alerts about viruses or unwanted programs to the postmaster ExposePostmasterAlerts YES Warning recipients Name or email address of the recipients to be warned if a virus unwanted program is detected in an email AlertsUser AvMailGate or Ale
3. All Sendmail features remain available Example SMTP authentication anti relaying and anti spam e Simple installation and integration in Sendmail e Hourly or daily Internet update for scan engine and VDF Scanning of incoming and outgoing emails e Reliable on access detection of viruses and malware e Configurable reaction when viruses or malware are detected e Isolation of infected or suspicious files in a quarantine directory e Logfile used as email traffic log Immediate activation of new VDF e Heuristic macrovirus detection e Configurable templates for alerts Archive scanning 3 3 AntiVir MailGate Milter Mode Integration in Sendmail 3 3 1 Requirements Sendmail version 8 11 or newer with libmilter interface is required Otherwise gt Read the README file in libmilter directory of the Sendmail kit http www sendmail org gt Compile the new version of Sendmail with libmilter interface To check if Sendmail with libmilter interface has been compiled sendmail d0 10 lt dev null grep MILTER 3 3 2 Integration Avira GmbH There are two ways of adding AntiVir MailGate Milter mode to Sendmail s configuration file sendmail cf e Directly modify sendmail cf OR generate sendmail cf Avira AntiVir MailGate 12 Milter Mode Directly modify sendmail cf gt Insert the following two lines in the configuration file sendmail cf Xavmilter S inet 3333 localhost F R T S 2m R 2m E
4. localhost byname self send do not call this router in the second instance of Exim condition if eq Sinterface port 10025 1 0 Add transport entry gt Search forbegin transports in exim conf and add the following lines Transport for AntiVir MailGate antivir mailgate transport driver smtp connect to port 10024 port 10024 allow localhost gt Restart Exim Proxy Mode AntiVir MailGate configuration gt Modify or add the following entries in avmailgate conf ListenAddress 0 0 0 0 port 25 ForwardTo SMTP 127 0 0 1 port 825 Avira GmbH Avira AntiVir MailGate 21 Installation gt Restart AntiVir MailGate Exim configuration gt Modify or add the following entries in exim conf daemon smtp port 825 gt Restart Exim Configuring Qmail A plugin for Qmail is available for better integration of AntiVir MailGate into Qmail Please contact support avira com for details There are two ways to integrate AntiVir MailGate with Qmail Sendmail wrapper e Backdoor mechanism Q Replace SMTP with SMTP Backdoor only in the run file All the other parameters are just examples Sendmail You can use Sendmail wrapper which was supplied with Qmail to deliver emails wrapper default First go to the Qmail installation folder and activate the wrapper gt Activate the Sendmail wrapper in Qmail ln s var qmail bin sendmail usr lib sendmail ln s var qmail bin sendmail usr s
5. e checks the integrity of the installation files e checks for the required authorizations for installation e checks for an existing version of AntiVir MailGate on the computer copies the program files and overwrites existing obsolete ones copies configuration files and keeps existing configuration files installs Avira Updater optional installs the GUI support for Avira SMC Security Management Center Preparing installation v The program files have been downloaded from the Internet and unpacked gt Login as root Otherwise you do not have the required authorization for installation and the script returns an error message gt Go to the directory where you unpacked the AntiVir MailGate kit For example cd tmp antivir mailgate prof lt version gt Installing AntiVir MailGate gt Type install The installation script starts gt You must read the license agreement and agree with it for the installation to continue gt Quit the license agreement file with q L The following question appears Do you agree to the license terms n gt Type y and press Enter Avira GmbH Avira AntiVir MailGate 16 Installation L The AntiVir Engine is being installed Then the script asks for the path to the license file creating usr lib AntiVir done 1 installing AntiVir Core Components Engine Savapi and Avupdate copying Enter the path to your key file gt Ty
6. 2 Product Information Avira GmbH Email file transfer is a natural part of modern communication and we can no longer imagine everyday life without it However emails frequently also transport viruses or unwanted programs Many of these viruses unwanted programs were conceived especially to attack Windows operating systems But it must be considered that there is also a danger for Open Source systems because UNIX mail servers also transport malware This offers an easy opportunity for cyber attackers to penetrate your network Windows clients can be infected and thus computers of their messaging partners can also be affected Business users increasingly rely on UNIX However with free software entering companies and institutes the alternative operating systems are increasingly targeted by virus programmers Therefore virus protection on UNIX will still be needed in the future This is why we have developed Avira AntiVir MailGate Avira AntiVir MailGate scans all incoming and outgoing emails including attachments on your UNIX mail server The software can operate on a variety of Mail Transport Agents MTAs such as Sendmail Postfix Exim Qmail and other programs It effectively supports common distributions Red Hat SuSE Debian etc see 2 4 System Requirements Internet aj je a Work infected emails stations al OMAR irus fi as virus free emails aeann Mailserver Reo To start with
7. etc avmailgate scanner conf See Scanner Configuration in avmailgate scanner conf Page 46 Default values User uucp Group antivir If these are modified the access rights of the relevant directories must also be changed Postmaster The email address to receive alerts about concerning viruses unwanted programs as well as other notifications Postmaster postmaster Avira AntiVir MailGate 28 MyHostName SpoolDir AntiVirDir Temporary Dir MatchMail AddressFor Local SMTPBanner Avira GmbH Configuration Host name FQDN Fully Qualified Domain Name of the local host If not set the default setting is given by gethostname 2 Otherwise the default is MyHostName localhost Spool directory Emails are kept in the sub directories incoming rejected and outgoing while being processed The spool directory must belong to the user defined under User and the associated Group and must only be accessible to this user mode 700 SpoolDir var spool avmailgate AntiVir directory The library directory of AntiVir MailGate including virus definition files antivir vdf and the license file If you use AntiSpam do not modify the default AntiVir directory AntiVirDir usr lib AntiVir Temporary directory This directory contains temporary files such as attachments currently being scanned for viruses or unwanted programs Sufficient space is required for unpacked attachments If not set
8. qmail smtpd 2 gt amp 1 gt Edit the lines as follows usr bin tcpserver D R v p x etc tcprules d qmail smtp cdb u SQMAILDUID g S NOFILESGID 0 smtp backdoor var qmail bin qmail smtpd 2 gt amp 1 Configuring Postfix There are two ways of integrating AntiVir MailGate with Postfix e Integrate AntiVir MailGate as a content filter in Postfix recommended e AntiVir MailGate listens on port 25 and forwards emails to Postfix Content Filter From Postfix snapshot 20000520 it is possible to integrate AntiVir MailGate as a content filter The first release with possible content filtering was 20010228 Proceed as follows gt Make the following entries in etc services Content Filter for postfix antivir 10024 tcp Port for smtp daemon smtp backdoor 10025 tcp Port for postfix backdoor gt Look for the following line in etc avmailgate conf Select how mail should be forwarded Avira GmbH Avira AntiVir MailGate 23 Avira GmbH Installation gt Change these entries as below Select how mail should be forwarded Send mail by piping it thru sendmail this is the default ForwardTo usr sbin sendmail oem oi Or if you want the mail to be sent by SMTP ForwardTo SMTP localhost port smtp backdoor The location of the scanner s socket MailGate connects to this socket to perform scan re
9. scanner conf Default ScanTemp var tmp Path to the scanner logfile LogFileName path to logfile 5 5 Hosts Configuration in avmailgate acl Avira GmbH Using local and relay as key words avmailgate acl decides which computer is allowed to send emails via AntiVir MailGate This is established via the sender s or recipient s domain or IP address gt Set the local hosts and or domains For example local localhost local avira com Avira AntiVir MailGate 47 IP addresses Configuration gt Set which hosts and networks may send emails For example relay 127 0 0 1 8 192 168 0 0 16 You can specify IP addresses in various ways 192 168 0 0 16 or 192 168 Both have the same meaning 16 means 16 bit and signifies the first two numbers of the IP address Therefore all IP addresses starting with 192 168 are allowed Example for etc avmailgate acl Access lists for AVIRA MailGate These hosts and or domains are local local localhost 127 0 0 1 local avira com These hosts and networks are allowed to relay relay 127 0 0 1 8 192 168 0 0 16 5 6 Warnings Configuration in avmailgate warn Example Optionally you can use another file to set the warning messages etc avmailgate warn Beside avmailgate conf this file controls the alert emails sent to the recipient sender and postmaster A command for this file contains two entries first
10. the name of the detected virus unwanted program and it may contain wildcards e the second is one or more of the following letters S for sender R for recipient P for postmaster The command klez RP instructs AntiVir MailGate to send an alert email to the recipient and postmaster if the virus named Klez is detected The settings in avmailgate warn will overrule those made in avmailgate conf in the event of specific virus unwanted program detection 5 7 Report Templates Configuration Avira GmbH You can set some report texts as email notifications in the event of virus unwanted program or suspicious file detection Avira AntiVir MailGate 48 Configuration gt Copy the example templates in the required language from the templates directory usr lib AntiVir templates examples lt language gt in the directory usr lib AntiVir templates gt Change the directory to usr lib AntiVir templates This directory contains the following files patho administrator patho recipient patho sender alert administrator alert recipient alert sender gt Write the texts you need in the files listed above Keep the file structure the first line is the email subject an empty line follows new line then the text of the email Keywords The files alert and patho may contain the following keywords which are replaced by the appropriate text Keyword Text SENDER The email
11. www avira com Avira GmbH All rights reserved This manual was created with great care However errors in design and contents cannot be exclu ded The reproduction of this publication or parts thereof in any form is prohibited without previous written consent from Avira GmbH Errors and technical subject to change Issued Q1 2009 AntiVir is a registered trademark of the Avira GmbH All other brand and product names are trademarks or registered trademarks of their respective owners Protected trademarks are not marked as such in this manual However this does not mean that they may be used freely
12. address of the infected email sender ALERTS The list of viruses unwanted programs found in the email Every line contains a virus name and the prefix and postfix are repeated REASON The reason for not scanning an email short sentence ADVICE Advice on problem solving 1 line see REASON QUEUEID Email ID in Avira AntiVir MailGate queue SUBJECT Subject of infected email CONCERNING Will be replaced with a list of files in which the alerts were FILE_NAMES detected PRODUCT _ Product version number VERSION ENGINE_ Scan engine version number VERSION VDF_VERSION VDF version number VDF_DATE VDF creation date Avira GmbH Avira AntiVir MailGate 49 Example for alert sender Avira GmbH Configuration SUBJECT AntiVir ALARM Your email SUBJECT KKKKKKKKKKKKKAKKKKKAKAKKANCIVIY ALARM KKKKKKKKKKKKKKKKK AntiVir has discovered the from your address AL following in the email sent ERTS This email has not been sent but isolated on your server Please scan yo virus infection ur system immediately for possible Clean your system before sending any more email messages Avira AntiVir MailGate 50 Configuration 5 8 Updater Configuration in avupdate conf internet srvs master file install dir temp dir Updates ensure that AntiVir MailGate components MailGate scanner VDF and engine which provide security against viruses or unwanted programs
13. category bulk porn as spam SpamFilterHandleBulkPornLikeSpam NO Avira AntiVir MailGate 44 SpamFilter ModifySubject SpamFilter CheckFailed Keep OpenMax DBSupport DBodbclIni DBodbcLib DBodbcData Source DBUpdate Delay Avira GmbH Configuration Inserts the spam check result into the Subject header line Subject spamcheck spam this is the original subject text This is the default message It can be overridden using a template spamfilter subjects This template allows you to specify a string for each spam check result The string for the corresponding spam check result will be used as a replacement for the Subject header line Asample template is installed to usr lib AntiVir templates examples Please see the MANUAL for details SpamFilterModifySubject NO Re queue a mail if the spam check failed The mail will be put back in the queue to be reprocessed later It will be reprocessed as long as the error persists At the moment you can t enforce the delivery of a mail that is stuck in the queue SpamFilterCheckFailedKeep NO Specifies the maximum number of opened files for the Avira MailGate processes The default value will only be set if the current system value is lower than the default OpenMax 1024 If this option is enabled MailGate writes statistics into a database The database consists in two tables alerts logs information about each malware alert and counter logs the num
14. email is not scanned e if there is a match in the scan list the email is scanned The email addresses must have Perl compatible regular expressions such as abc abc xyz i abc def tl1d Example etc avmailgate ignore contains the following lines somebody somewhere tld SR virus firm R abc def tld i If the address is somebody somewhere tld the email is not scanned If the recipient address is virus firm the email is not scanned In this case the R flag is optional virus firm R is equal to virus firm When starting AntiVir MailGate mai 1 1og will indicate whether the address filter is active or not addressfilter is active table order is ignore scan or addressfilter is not active Scanning order of the filter table This option can be used only if AddressFilter is active AddressFilter YES The possible parameters are FilterTableOrder scan ignore or FilterTableOrder ignore scan Defines the maximum timeout in seconds for receiving the greeting message from the remote host not in milter mode SMTPGreetingTimeout 300 Defines the maximum timeout in seconds for receiving a reply to the SMTP HELO Avira AntiVir MailGate 33 SMTP MailFrom Timeout SMTP Rept Timeout SMTP Data Timeout SMTP DataBlock Timeout SMTP DataPeriod Timeout Max Forwarders ForwardTo ScannerListen Addres
15. entries will still be sent to syslog LogFile NO OYr LogFile var log avmailgate log Debug output It determines the level of debug output written in syslog and if set in the logfile Possible values 0 disabled 5 all messages DebugLevel 0 IP address The address and the port on which the SMTP daemon listens AntiVir MailGate listens on all network cards by 0 0 0 0 or a specific IP address can be defined If you are uncertain you can keep the default setting ListenAddress 0 0 0 0 port 25 You can start AntiVir MailGate in Milter mode using a different syntax For more details see Chapter Milter Mode Page 11 Maximum number of simultaneous connections not in milter mode Sets the number of simultaneous connections from remote sites For example you can set the maximum number of simultaneously incoming emails to 100 For unlimited connections use 0 default setting MaxIncomingConnections 0 SMTP timeout not in milter mode Defines the maximum timeout in seconds for SMTP connections SMTPTimeout 300 Avira AntiVir MailGate 30 MaxMessage Size MinFree Blocks Max Recipients PerMessage RefuseEmpty MailFrom AllowSource Routing InEnvelope Addresses Bangls Avira GmbH Configuration Maximum message size not in milter mode A value greater than 0 means that only emails up to the given size are scanned Larger emails are rejected If the value is 0 all messa
16. of the pending emails see MailGate Spool Directories Page 27 Email status in queue Avira GmbH gt Type usr lib AntiVir avmailgate bin avq L gt The status for all emails in the queue is displayed In the first row you will see the name of the displayed queue For example Queue rejected At the end of the list you will see the number of emails in the queue 5 mails in the rejected queue The Queue Manager shows the following status information for the emails e gt Not processed yet e gt OK e gt MIME problem Recursion too deep etc e gt Found e g 1x Eicar Test Signature type virus The following status information is displayed according to the spam filter results see Report Templates Configuration Page 48 e gt Outbreak detected e gt Dangerous attachment found e gt Dangerous iframe found e gt Dangerous alert found e gt Spam Avira AntiVir MailGate 56 Operation You can control the outcome with the following parameters after avq the Help provides more parameters which you can call with avq help You can apply the following parameters to the outcome Parameter Description queue incoming Lists the emails in the incoming queue queue outgoing Lists the emails in the outgoing queue list all Lists all queues type lt type gt Lists all rejected emails of the specific type Other types can be spam mal mal
17. remove all Deletes all emails Before deleting an alert appears to confirm the action flush Immediately empties the incoming and outgoing queue Forcing email forwarding This procedure may forward potentially dangerous viruses Y gt Always check which email is going to be forwarded gt Find out the ID of the email AntiVir MailGate indicates the ID of the infected email in its logs and in the email sent to the postmaster gt Type the command where lt ID gt is the ID of the infected email usr lib AntiVir avmailgate bin avq deliver lt ID gt The email is delivered whatever the virus scanner reports and it is deleted from the queue Avira GmbH Avira AntiVir MailGate 58 Operation 6 4 Procedures when Detecting Viruses Unwanted Programs If configured correctly AntiVir MailGate has already automatically carried out all important antivirus tasks on your system e Infected emails are not forwarded e Infected emails are moved to var spool avmailgate rejected or to another directory specified in avmailgate conf where data file df and control file vf or mf are located For further information see MailGate Spool Directories Page 27 e Data files can contain emails in which viruses unwanted programs were detected These can be directly deleted together with the control file or they can be handled using the Queue Manager avq e According to the avmailgate conf
18. settings postmaster can send alerts to senders and or recipients of infected emails e According to the avmailgate conf settings infected files can be further processed by external programs or scripts These procedures avoid the danger of spreading infection You should always perform the following steps gt Try to detect the way the virus unwanted program infiltrated your system gt Perform targeted scanning on the data storage supports used gt Inform your team superiors or partners gt Inform your system administrator and security provider Submit Infected Files to Avira GmbH Avira GmbH gt Please send us the viruses unwanted programs and suspicious files that our product does not yet recognize or detect Send us the virus or unwanted program packed in an archive PGP gzip WinZIP PKZip Arj attached to an email message to virus avira com When packing use the password virus In this way the file will not be deleted by virus scanners on an email gateway Avira AntiVir MailGate 59 Updates 7 Updates With Avira Updater you can update Avira software on your computers using Avira update servers The program can be configured either by editing the configuration file see 5 8 Updater Configuration in avupdate conf or by using parameters in the command line It is recommended to run the Updater as root If the Updater does not run as root it does not have the necessary rights to restart AntiVir daemons
19. the path for the manual pages Enter the path where the manual pages will be located usr share man Avira AntiVir MailGate 17 Avira GmbH gt Confirm the default path with Enter or type another one L gt The following questions regard the local and relayed hosts Installation Enter the hosts and or domains that are local lt hostname gt gt Change the host name if necessary and press Enter L The next question is Enter the hosts and networks that are allowed to relay 127 0 0 1 8 192 168 0 0 16 gt Change the settings if necessary and press Enter L Then you are asked whether a link should be created in usr sbin for the start script Would you like to create a link in usr sbin for avmailgate y gt Confirm with Enter or click n L Then you are asked whether AntiVir MailGate should start automatically Please specify if boot scripts should be set up Set up boot scripts y gt Type n and click Enter You can change this option later OR Confirm the default setting with Enter L The next step installs the SMC plugin for Avira Security Management Center installation of main program complete 4 activate SMC support to manage this software remotely you need this Would you like to activate SMC support y If you are going to use AVIRA Security Management Center SMC gt Press Enter if you want to install the SMC plugin or n and Enter to skip i
20. two very important tips Losing valuable files usually has dramatic consequences Not even the best antivirus software can fully protect you against data loss gt Ensure that you make regular back ups of your files An anti virus program can only be reliable and effective if kept up to date gt Ensure that you keep your Avira AntiVir MailGate up to date using automatic updates You will learn how to do this in this user guide Avira AntiVir MailGate 6 2 1 Features Avira GmbH Product Information Avira AntiVir MailGate supports a variety of configuration settings to ensure that you have control of the email traffic on your system The essential features of Avira AntiVir MailGate are real time scanning of incoming and outgoing emails scanning for viruses and unwanted programs configurable spam filter available in Avira MailGate Suite scanning of mailboxes isolation of suspicious and infected files configurable notification functions for the administrator and for the email sender and recipient reporting statistics about AntiVir MailGate s activity into a database automatic Internet update for product scanner engine and VDFs heuristic detection for macro viruses recognition of all common archive types with configurable recursion level for nested archives optional GUI support for integration with Avira Security Management Center Avira AntiVir MailGate 7 2 2 SMTP daemon Scanner and Forwarde
21. 10m O InputMailFilters avmilter Value meaning F determines what should happen if the filter is not available T emails are temporarily not accepted error 4XX R emails are rejected error 5XX e T sets the following timeouts C timeout to set up the connection to filter S timeout while sending information to filter R timeout while reading an answer from filter E timeout between sending the End of message and the response from the filter Change these values if the log displays this notification Milter avmilter timeout before data read Generate sendmail cf gt Insert the corresponding lines in the file sendmail mc commands beginning with INPUT must be written in one line for sendmail 8 11 x define FFR MILTER true INPUT MAIL FILTER avmilter S inet 3333 localhost F R T S 2m R 2m E 10m for sendmail 8 12 x INPUT MAIL FILTER avmilter S inet 3333 localhost F R T S 2m R 2m E 10m gt Generate the file sendmail cf Example m4 sendmail mc gt etc mail sendmail cf Avira GmbH Avira AntiVir MailGate 13 Installation 4 Installation Requirements Avira GmbH You can find the current version of AntiVir MailGate on Avira website AntiVir is supplied as a packed archive You can install the program on your system using the install script You have to be logged in a
22. AVIRA More Than Security User Manual of Sl l Contents 1 About this Manual icssssssascccidccesconcncsa saan svidssesetacescacasepessceasacaes ssbiiseduiedics 3 tI THAI LO IA ays aa apenas cues wo ey hess E aia es SaaS 3 1 2 Whe Structure of the Manual Sti eae hae en acest at a E og ees 4 1 3 SIGNS ANG Symbols tees nsw erei a r R AREE E EERO E ETR 4 1 4 Abbreviations oononishia nene E E T ee ERR 5 Product Information e sssesessosessecsrececosecoreoeeceseeecosecseeoereoeeoseeseeeseoeeee 6 Jo E a SS E E E E E E E 7 2 2 Modules and Operating Mode of Avira AntiVir MailGate ssseeeeeeeeeeeeerreersererese 8 2 9 Licensing Concept ia a E aies aA AE a A E a a EE 9 2 4 System Reguitements irii ee aE E REE A AE E aE E TE EN 10 Milter Mode cisssscsiccccsccsssesasasosadatatdaaandasabialeweeatesnvoasaneadsmesneneatescincesenys 11 Nol or 10h gern Oe ec Oe Ere ee UOT SB eae OT Re ee A Oe Ree ene ROEM Peo ron pe 11 3 2 AntiVir MailGate Milter Mode Features ccccccccccccscsssscccesssssccessssscessssssecesssssseess 12 3 3 AntiVir MailGate Milter Mode Integration in Sendmail 00 eee eeeseeseeneeneeeeeeee 12 Installation sosssisinsssscasavensssssectaccensteceusidencaaduntnesusvasevnesesavedtusansisanseuanss 14 4 1 Preparing the Installation Files sis cos vesslcvsasstssasavessessie aps onnaavaleqane asesseueud pausereqaastanase 15 DCO LG a er Sees xan ta ays ip secs sean coma nS epee aah uaa ae 15 4 3 Installation with the
23. Installation Script install oo eeeeeereeeeeeeeeeceeeeeneeneees 16 4 4 Reinstalling and Uninstalling AntiVir cv siscswien qssstsnine lUdaninsdessosnenstaaadocasosuadun deansusices 19 4 5 Further Installation Steps Depending on the MTA 0 ee eeeeeeeeseeseeeeeseeteeeeeneeneees 20 4 6 Testing AntiVir MailGate after Installation 00 ceeeeeseeseeeeeeeseeeseeseeeeseeeees 25 Configuration ss cic cccecicccnuaiiisacersssenavensenetsssssisuvececateaoesenesunsvetecdcdecssads 26 5 1 MailGate Spool Directories 5 d c se 3 as55 gsecsaoasad Sees aes toca atas a epsaeavge etude caer nee eaaanas 27 5 2 MailGate Configuration in avmailgate conf ot ee cee eseeeceeeseeeceeeseeeeeeeseetseeeees 28 5 3 Spam Filter Configuration Avira MailGate Suite only o eee eee eeeeeeeeees 41 5 4 Scanner Configuration in avmailgate scanner conf eee eee eeeeeceeeeeeeeeeteeeeees 46 5 5 Hosts Configuration in avmailgate acl jie cascsdunivcens cea anasmpavinmmniaar ies 47 5 6 Warnings Configuration in avmailgate warn 0 c cesses ee ceeeeeeeceeeeeeceeeseeeseeeeeeeees 48 5 7 Report Templates Configuration ates ls Yenc uated ate eins Svea eecasiends 48 5 8 Updater Configuration in avupdate conf sees sseeseeecesesseeecesecseesceacesecseeaceaecneeees 51 Operation os cecscicscisccsl insti ses lesbdshsdbasisseedescesheussuasaeseeudesusssentessodscesteaees 53 6 1 Starting and Stopping AntiVir MailGate Manually oo cece ee eereteeeeneeeeees 53 6 2 Parameters f
24. O Scan in archives If the setting is NO the archives are not scanned for viruses unwanted programs If the setting is YES all files in archives are unpacked and scanned depending on the settings for ArchiveMaxSize ArchiveMaxRecursion and ArchiveMaxRatio ScanInArchive YES Maximum unpacked size of archived files There are some archived files that have useless content but intentionally expand to an irrational size when unpacked in order to slow down the computer This parameter avoids unpacking such archive files If the setting is 0 all archived files are unpacked whatever their size If the set value is gt 0 all archives that do not exceed the given value in bytes are unpacked and scanned e g 2KB 2 Kilobytes 3MB 3 Megabytes ArchiveMaxSize 0 Blocking mail bombs Blocks so called mail bombs with a very high compression ratio You can set the maximum difference between packed and unpacked file size The zero value deactivates this option not recommended The default is 150 ArchiveMaxRatio 150 Maximum archive recursion If the setting is 0 recursive nested archives are unpacked whatever their recursion depth If the set value is gt 0 all archives that do not exceed the given recursion depth are unpacked This saves processing time ArchiveMaxRecursion 20 Blocking emails with suspicious archives If activated YES this option blocks archives that exceed one
25. ams you will use and the period of your license The same license file may refer to more than one Avira product 30 day test license for Avira AntiVir MailGate Details of the evaluation version can be found on our website http www avira com The range of full version license includes e Avira AntiVir MailGate versions available by Internet download license file by email to convert the test version into a full version e complete installation instructions digital four weeks installation support starting from acquisition date e newsletter service per email Internet update service for program files and VDF After installing an AntiVir product you can read the information on your current license using the license tool avlinfo gt Change to usr lib AntiVir and call avlinfo Use avlinfo h to get information about using this tool Avira AntiVir MailGate 9 0 Product Information The license file must have the suffix key case insensitive The new scanner backend savapi does not display information about the license file when called with version 2 4 System Requirements Avira GmbH For Avira AntiVir MailGate to work properly on your server the following minimum requirements have to be met additional memory may be required depending on the email traffic number and size of attachments etc The versions for UNIX Server UNIX Workstation and Sun Sparc Solaris have similar installatio
26. are always kept up to date With Avira Updater you can update Avira software on your computers using Avira update servers To configure the update process use the options in etc avira avupdate conf described below All parameters from avupdate conf can be passed to the Updater via command line For example parameter in avupdate conf temp dir tmp command line usr lib AntiVir avupdate bin temp dir tmp The list of Internet update servers internet srvs http dll pro antivir de http d1l2 pro antivir de http dl3 pro antivir de Specifies the master idx file master file idx master idx Specifies the installation directory for updated product files install dir usr lib AntiVir Temporary directory for downloading update files temp dir tmp avira update Setting update email reports mailer smtp notify when Avira GmbH All reports on AntiVir updates are sent to the email address given in avupdate conf Emails can be sent via smtp engine or using sendmail mailer Authentication for smtp connection Activate the auth method option and then provide the smtp server port user and password auth method password smtp user lt your username gt smtp password lt your password gt smtp server lt servername gt smtp port lt port gt There are three situations to set for email notifications e O no email notifications are sent Avira AntiVir MailGate 51 Configurati
27. ate should be done in etc avmailgate conf and all settings for the internet updater should be done in etc avira avupdate conf Although etc antivir conf will still be read the software will issue a warning that the file is deprecated Avira AntiVir MailGate 26 Configuration 5 1 MailGate Spool Directories AntiVir MailGate isolates infected emails in quarantine Depending on the configuration a message about the detection of a virus unwanted program is sent to postmaster and or the sender and or recipient of the email These parameters can be set in the file avmailgate conf see MailGate Configuration in avmailgate conf Page 28 Spool The spool directory default var spool avmailgate contains three sub directories directories incoming incoming emails that must be scanned outgoing scanned emails that can be forwarded rejected emails containing a virus unwanted program or classified as problematic due to a MIME error for example Spool files In these directories each email is represented by two files data file control file The name of the data file begins with df and contains an ID for example 32557 OBE692EB The control file has the same ID but according to its status its name begins with e xf control file has just been processed qf the email is to be subjected to a virus scan o Qf the email is to be forwarded without scanning e vf the email contains a virus unwante
28. ber of different emails processed by MailGate Please refer to usr lib AntiVir MANUAL avmailgate for more information about the database support DBSupport NO If DBSupport is active the ODBC driver manager will use the specified odbc ini Default the installed ODBC driver manager decides which odbc ini file it loads path to odbc ini DBodbcIni If DBSupport is active MailGate will load the specified library and use it as the ODBC driver manager Default loads one of the following libraries from the default library path in this order libodbc so 1 libodbc so libiodbc so DBodbcLib path to odbc library If DBSupport is active it connects to the given database source DBodbcDataSource MailGate If DBSupport is active it waits for a given interval before writing the next summed up counters to the database You can specify the delay in seconds minutes and hours Default write counters to database every full hour DBUpdateDelay 1h Avira AntiVir MailGate 45 Configuration 5 4 Scanner Configuration in avmailgate scanner conf User Group Q Socket Permissions ListenAddress UseSavapi Proxy Avira GmbH A new configuration file has been introduced starting with MailGate v 3 0 0 avmailgate scanner conf It contains configuration options specific to the new scanner backend Usually you don t have to change the options in this file but th
29. bin sendmail gt Establish the email forwarding mode Refer to the file etc avmailgate conf for the following line Select how mail should be forwarded gt Change these entries as below Send mail by piping it thru sendmail this is the default ForwardTo usr sbin sendmail oem oi Or if you want the mail to be sent by SMTP ForwardTo SMTP localhost port smtp backdoor Backdoor The second possibility sets email delivery on port 825 on which Qmail should be mechanism active This is done for example with inetd conf see Qmail installation package gt Insert the following line in etc services smtp backdoor 825 tcp gt Establish the email forwarding mode Look into the file etc avmailgate conf for Select how mail should be forwarded Avira GmbH Avira AntiVir MailGate 22 Installation gt Change these entries as below ForwardTo usr sbin sendmail oem oi Or if you want the mail to be sent by SMTP ForwardTo SMTP localhost port smtp backdoor If you use inetd with Qmail gt Insert the following line in inetd conf one line smtp backdoor stream tcp nowait gqmaild var qmail bin tcp env tcp env var qmail bin gmail smtpd If you use tcpwrapper with Qmail gt Change the Qmail port in var qmail supervise qmail smtpd run For example look for the following lines usr bin tcpserver D R v p x etc tcprules d qmail smtp cdb u SQMAILDUID g NOFILESGID 0 smtp var qmail bin
30. ble 5 3 Spam Filter Configuration Avira MailGate Suite only t Avira GmbH A spam filter is integrated in Avira MailGate Suite to filter spam and other unwanted emails The spam filter opens a connection to the spam database server for every email to check its status You have to enable the connection on port 55555 via TCP The spam filter is currently available for Linux GLIBC22 and for Solaris Sparc systems It integrates with AntiVir MailGate through a library libasmailgate so If the spam filter is active emails marked as Outbreak are blocked All other emails are just tagged You can read about these header entries in the MANUAL file Paragraph Spam and bulk All these options are made in avmailgate conf The spam filter proxy will choose its listen port automatically on startup Be sure you do not have firewall rules for your loopback device active This may prevent the proxy from starting up correctly Avira AntiVir MailGate 41 Configuration Options and parameters for spam filter Enable SpamCheck SpamAction Dangerous Outbreak Action Dangerous Attachment Action Dangerous IFrameAction Dangerous Alert Action Dangerous Unknown Action LibAsmailgate Spam Header Name SpamFilter Exceptions Avira GmbH Activates deactivates spam filter EnableSpamCheck NO Defines an action for spam mails BLOCK TAG NONE e TAG inserts a header line into the email For example X AntiV
31. d program e mf the email has a MIME problem Example e Data file df 32557 OBE692EB e Corresponding control file gf 32557 OBE692EB Avira GmbH Avira AntiVir MailGate 27 Spool files processing Configuration If there is a virus unwanted program detection the directory var spool avmailgate rejected contains e df file e vf file or mf file These files can be processed by external programs or scripts such as those set by the ExternalProgram parameter see MailGate Configuration in avmailgate conf Page 28 If no virus unwanted program is detected data files and control files are deleted after scanning and sending the email 5 2 MailGate Configuration in avmailgate conf Configuration procedure User Group Postmaster Avira GmbH The configuration file avmailgate conf contains numerous parameters for working with AntiVir MailGate gt Edit avmailgate conf according to your preferences gt Restart MailGate to activate the new settings usr lib AntiVir avmailgate restart The entries in avmailgate conf are described below in thematic groups These entries only influence the actions of AntiVir MailGate and not other AntiVir software When changing User Group PidDir or ListenAddress you have to stop MailGate first User Group The users and group for MailGate processes they should not be root If you modify this parameter you must also change the value for User and Group in
32. e which controls the search for viruses and unwanted programs Secure AntiVirus Application Programming Interface A text file containing commands to be executed in UNIX similar to batch files in DOS Simple Mail Transfer Protocol protocol for email communication on the Internet Avira AntiVir MailGate 64 Term syslog daemon Unwanted programs VDF Virus Definition File Appendix Meaning A daemon used by programs for logging various information These reports are written in different logfiles The syslog daemon configuration is in etc antivir conf The name for programs that do not directly harm the computer but are not wanted by the user or administrator or have been installed without their consent These can be backdoors BDC dialers jokes and games A file with known signatures for viruses and unwanted programs In many cases it is sufficient for an update to load the most recent version of this file 9 2 Further Information You can find further information on viruses worms macro viruses and other unwanted programs at http www avira com Avira GmbH Avira AntiVir MailGate 65 Appendix 9 3 Golden Rules for Protection Against Viruses Avira GmbH gt Always keep boot floppy disks for your network server and for your workstations gt Always remove floppy disks from the drive after finishing work Even if they have no executable programs disks can contain program code in the boot secto
33. e option ScannerListenAddress ListenAddress unix var run avmailgate scanner In etc avmailgate conf ScannerListenAddress var run avmailgate scanner To make scanning processes more efficient you can use a given pool of scanners Please note that too many scanners would overload the computer while too few would cause unnecessary waiting for applications Values 0 or 1 Default Avira AntiVir MailGate 46 PoolScanners Pool Connections Syslog Facility ReportLevel ScanTemp LogFileName Configuration UseSavapiProxy 0 The number of AntiVir scanners set in the pool Default PoolScanners 24 The maximum number of simultaneous connections MailGate allows to the scanner pool Default PoolConnections 128 It sets the log category that Syslog should apply for Scanner messages SyslogFacility mail The scanner can be set to log on different levels e 0 Log errors e 1 Log errors and alerts e 2 Logerrors alerts and warnings 3 Log errors alerts warnings and debug messages alerts means information about potential malicious code Default ReportLevel 0 The directory used by the scanner to store temporary files such as unpacked archives or locked files The scanner backend does not recognize the environment variable TMPDIR If you want to use a single tmp directory for all MailGate components you can change the option TemporaryDir in etc avmailgate conf and ScanTemp in avmailgate
34. ected archives and fragmented emails in the same directory In the same configuration file you can define rules for the spam filter You can scan the queue on demand using the Queue Manager avq for scanning the spool directory see Queue Manager avq Page 56 Avira AntiVir MailGate 8 Product Information Warnings The postmaster receives an email containing detailed alerts when viruses unwanted programs or suspicious files are detected The alerts can also be sent to the sender and recipient of the email The program contains alert templates that you can adjust and use Updater Avira Updater downloads current updates from the AntiVir web servers and installs them at regular intervals manually or automatically It can also send update notifications by email You can update Avira AntiVir MailGate entirely or only certain components signatures engine scanner 2 3 Licensing Concept Test Version Full Version Avira GmbH You must have a license to use Avira AntiVir MailGate and accept the license terms see http www avira com documents general pdf en avira_eula_en pdf There are 2 license modes for Avira AntiVir MailGate e Test version e Fullversion The license depends on the number of users in the network who are to be protected by Avira AntiVir MailGate The license is contained in a license file named hbedv key You will receive it by email from Avira GmbH It contains specific data such as the progr
35. er usr lib sendmail delivered by Postfix gt Restart Postfix etc init d postfix restart or etc init d postfix reload 4 6 Testing AntiVir MailGate after Installation After installing AntiVir MailGate it is recommended that you test its functionality To do this you can use a test virus called Eicar which is recognized by all virus scanners This will not cause any damage but it will force the program to react when an email scan is performed if the installation and configuration is correct gt Copy the following string to a file X5O0 P AP 4 PZX54 P 7CC 7 EICAR STANDARD ANTIVIRUS TEST FILE H H OR download the Eicar file from the website http www eicar com gt Send this file as an attachment to a test email for AntiVir MailGate gt Check the reactions in the directory var spool avmailgate rejected gt Check the messages AntiVir MailGate sent to the logfile or syslog Avira GmbH Avira AntiVir MailGate 25 Configuration 5 Configuration Avira GmbH You can adjust AntiVir MailGate for optimum performance on your system During installation with the install script some of the settings are suggested and you can make changes at any time In this section you will be guided step by step through the configuration process It contains the following sections e MailGate Spool Directories Page 27 e MailGate Configuration in avmailgate conf Page 28 e Spam Filter Configuration Avira MailGate S
36. ere might be a few exceptions If you change one of these options you have to make sure that the files avmailgate scanner conf and avmailgate conf contain the same values for these options You also have to adapt avmailgate scanner conf if you updated from a previous MailGate version lt 3 0 0 and the current settings for User Group differ from the default settings Defaults User uucp Group antivir There are some other changes needed when changing User Group In etc avmailgate scanner conf e Change the owner group of the path given with ListenAddress The option consists of a path and a socket file Don t forget to stop MailGate before making any changes If the socket file exists delete it and only change the owner group of the directory When changing the user and or group here you must also change the options User and Group in MailGate s configuration file etc avmailgate conf In etc avmailgate conf e Change the option User Group Change the owner group of the directory and its sub directories given with SpoolDir default var spool avmailgate The owner and permissions of the scanner backend s socket The scanner backend must run as the same user as MailGate runs SocketPermissions 0600 ListenAddress in avmailgate scanner conf and ScannerListenAddress in avmailgate conf specify how the scanner backend can be reached Both options must point to the same path the string unix must not be used with th
37. erms For further information and assistance please refer to our website to the Hotline of our Technical Support and to our regular Newsletter see Service Page 62 Your Avira Team Avira AntiVir MailGate 3 About this Manual 1 2 The Structure of the Manual The manual of your AntiVir software consists of a number of Chapters providing the following information Chapter Contents 1 About this Manual The structure of the manual signs and symbols 2 Product Information General information on Avira AntiVir MailGate its modules features system requirements and licensing 3 Milter Mode Presenting the Milter function mode in Avira AntiVir MailGate 4 Installation Instructions to install Avira AntiVir MailGate on your system 5 Configuration Directions for optimum settings of Avira AntiVir MailGate components on your system 6 Operation Commands and parameters for running the Scanner and the queue manager reactions when viruses and unwanted programs are detected 7 Updates Running Internet and intranet updates 8 Service Avira GmbH Support and Service 9 Appendix Glossary of technical terms and abbreviations Golden Rules for protection against viruses 1 3 Signs and Symbols Avira GmbH The manual uses the following signs and symbols Symbol Meaning y Used before a condition that must be met prior to performing an action gt Used before a step yo
38. ges of any size are scanned e g 4KB 3MB 2GB MaxMessageSize 0 Minimum free system space not in milter mode AntiVir MailGate refuses incoming connections if the free hard disk space is smaller than the given value MinFreeBlocks 100 Maximum number of recipients per email not in milter mode Defines the maximum number of recipients for an email The 0 value deactivates this option MaxRecipientsPerMessage 100 Reject emails without sender name not in milter mode It is possible to receive messages without the sender s name The default setting is NO so that the SMTP server accepts all incoming emails This default setting should not be changed RefuseEmptyMailFrom NO RFC2821 RFC821 and RFC2505 recommend that all emails even without the sender s address should be accepted by an SMTP server It is recommended not to change the default setting for the parameter RefuseEmpt yMailFrom Allow source routing not in milter mode Source routing has the following address syntax QONE TWO JOE THREE This address sets the route for the email it passes through ONE and TWO and it is finally delivered to JOE on host THREE T E should be excluded NO or This option specifies whether all except JOEQTHR whether the address should be retained YES AllowSourceRouting NO Exclamation mark in envelope address not in milter mode
39. his file you can specify email addresses and the corresponding actions Additionally Avira AntiVir MailGate 42 Avira GmbH Configuration this file can be used as a black and white list for the spam filter Each list consists of an address given as regular expression E g someone somewhere tld i blacklist The above example treats emails from someone somewhere tld as spam independently of the spam check result blacklist is the action for the given address For Avira MailGate v 2 1 3 a match in this list concerns all recipients even if the mail was sent to recipients that are not listed E g in asmailgate except someone somewhere tld i r block_spam If Avira MailGate processes a mail to someone somewhere tld _and_abc def tld and the mail was rated as spam abce def tld will not receive the mail since it was blocked due to the rule for someone somewhere tld This behavior will be changed in a further release Actions Actions overwrite the settings for the spam filter in avmailgate conf except for white and black lists Several actions can be specified for each address e blacklist Treat mail as spam e whitelist Treat mail as clean block spam If the mail is spam block it e block dangerous attachment If the mail has a dangerous attachment block it e block dangerous alert If the mail contains a dangerous alert block it e block dangerous iframe If the mail contains a dangerous iframe block i
40. icious mails dangerous attachment dangerous iframe dangerous alert dangerous outbreak alert types like worm virus etc type lt notype gt Lists all rejected emails except the one specified if it has the prefix no nospam nomal etc nosort Switches off the sorting By default the queue listing is sorted by date according to the internal timestamp of the queue file with the newest email in the last position Deleting emails from queue Deleting emails from the queue is important in the event of infected emails Forwarded emails are automatically deleted from the queue You have to delete the emails from the rejected queue manually To delete denied emails immediately you can use the option ExternalProgramin avmailgate conf For example ExternalProgram usr lib AntiVir rm rejected sh rm reyected Shs bin sh usr lib AntiVir avmailgate bin avq remove 1 gt Find out the ID of the email AntiVir MailGate indicates the ID of the email in its logs and in the email sent to the postmaster Avira GmbH Avira AntiVir MailGate 57 Operation gt Type the command where lt ID gt is the ID of the infected email usr lib AntiVir avmailgate bin avq remove lt ID gt L gt The email is deleted from the queue You can use the following parameters when deleting Parameter Description remove lt ID gt Deletes the email with the given ID
41. il to wait in the queue before rejection The value can be given in seconds minutes hours or days For example 10s 10m 10h 10d The zero value deactivates the option QueueLifetime 0 The interval for MailGate to retry forwarding an email not in milter mode The value can be given in seconds minutes hours or days see above ForwarderRetryDelay 30m This option is necessary if too many emails are gathered in the queue and MailGate is restarted not in milter mode In this case all emails are processed as soon as possible It can lead to load problems The set number is the maximum number of emails to be processed by ThrottleDelay see the example below It is important not to accept any more emails while this option is active These would not be processed immediately This option should only be used temporarily The option ThrottleDelay also has to be set ThrottleMessageCount 0 This option sets the number of emails ThrottleMessageCount to be sent in a time interval in seconds not in milter mode Default 0 deactivates the option ThrottleDelay 0 Example There are 100 emails in the queue Thrott leMessageCount is set to 10 and ThrottleDelay to 1 Then a maximum of 10 emails are processed per second Avira AntiVir MailGate 39 Bounce MessageUser Bounce Message SizeBody Bounce Message SizeHeader AddXHeader AddReceived ByHeader MaxHop Count ScanTimeout Ex
42. ilgate bin Parameter Description V or version Displays the version number C config file Defines an alternative configuration file instead of etc avmailgate conf If you specify C you have to specify C for stop and status too A acl file Defines an alternative acl file instead of the default etc avmailgate acl i The SMTP daemon runs in inetd mode with SMTP conversation via stdin and stdout For more information see inetd 8 p port Defines the port on which SMTP daemon is listening instead of the normal SMTP port 25 Another possibility is to add the parameters C A and p to the variable DAEMONPARAMS in the start stop script usr lib AntiVir avmailgate The following options are used during debugging Parameter Description D debug level Sets debug level small integer 1 5 5 is most detailed R remote host Defines the remote host domain name default i r remote ip addr Defines the remote host IP address aaa bbb ccc ddd default i q port Defines the remote host TCP port avq Calls the queue manager Avira GmbH Avira AntiVir MailGate 55 Operation 6 3 Queue Manager avq The Queue Manager avq is integrated in avmailgate bin The Queue Manager enables manipulation of the AntiVir MailGate spool directory var spool avmailgate and its sub directories Here you can see and modify the status
43. irus Spam Check clean checked by Avira MailGate version 2 1 3 0 spam filter version 2 0 5 0 2 host host your site e BLOCK puts the mail into the rejected directory e NONE disables any action for spam mail SpamAction TAG Performs the set action when emails are not detected by the virus scanner because of their recent outbreak If the option is set to BLOCK no email notification is sent BLOCK DangerousOutbreakAction Performs the set action when the email attachment may be harmful DangerousAttachmentAction TAG Performs the set action when detecting a dangerous iframe DangerousIFrameAction TAG Performs the set action when the spam filter classifies emails as dangerous BLOCK DangerousAlertAction Performs the set action when detecting an unknown danger DangerousUnknownAction TAG Specifies the path to the spam filter library LibAsmailgate usr lib AntiVir libasmailgate so Defines the spam header to be inserted in the email header Only the beginning can be changed X AntiVirus Spam Check Example SpamHeaderName X AntiVirus Spam Check Result X AntiVirus Spam Check spam checked by Avira MailGate version 2 1 3 0 spam filter version 2 0 5 0 2 host host your site Defines the list of exceptions for black white lists and actions SpamFilterExceptions etc asmailgate except The spam filter actions can be overwritten using the file asmailgate except In t
44. l 3 Blocking emails on scan error If set to YES it blocks emails if an error occurs during scanning attached archives or cause the scan process timeout BlockOnError NO Blocking emails with unsupported archives Blocks emails containing archives that are not supported by the scanner BlockUnsupportedArchive NO Rejecting emails containing alerts Available only in Milter mode If RejectAlertMail is YES an email containing an alert will be rejected with the message Alert found in email It will be moved to the quarantine directory depending on the setting of QuarantineAlert If RejectAlertMail is NO the email will be accepted and moved to quarantine RejectAlertMail NO Avira AntiVir MailGate 38 Quarantine Alert PollPeriod Queue Lifetime Forwarder RetryDelay Throttle Message Count Throttle Delay Avira GmbH Configuration Sending alert emails to quarantine Available only in Milter mode If QuarantineAlert is YES and RejectAlertMail is YES an email containing an alert will be rejected and the email will be quarantined If QuarantineAlert is NO and RejectAlertMail is YES the email will be rejected and not quarantined QuarantineAlert YES Scanning queue Sets the interval in seconds for the program to scan the emails queue for viruses and malware PollPeriod 60 Email lifetime in queue not in milter mode The maximum time for an ema
45. l program or script when a virus unwanted program is detected Calls an external program or script in case of detection The parameter is the ID of the rejected email see MailGate Spool Directories Page 27 ExternalProgram path to program Avira AntiVir MailGate 40 NotifyEnd OfLicense Add Precedence Header AddHeaderTo Notice GUISupport Configuration Information on license expiry date Sends a message to postmaster 30 days before license expiration date The 0 value means no alert NotifyEndOfLicense 30 Adding precedence header If the setting is YES the following line is added in the headers Precedence junk Programs that are set to respond automatically to incoming emails e g vacation would not react to this report YES and NO entries can be replaced by specific text AddPrecedenceHeader NO Adding email header for postmaster You can add the headers of the rejected email into the warning message sent to the postmaster The value is YES or NO AddHeaderToNotice YES GUI support activation You must activate this entry in order for MailGate to communicate with the SMC GUI Required parameters default values GuiSupport NO GuiCAFile usr lib AntiVir gui cert cacert pem GuiCertFile usr lib AntiVir gui cert server pem GuiCertPass antivir default GuiRandFile path to file If these parameters are missing or not valid the GUI is not availa
46. lGate manually or to process the emails filtered by AntiVir MailGate manually This Chapter describes Starting and Stopping AntiVir MailGate Manually Page 53 e Parameters for SMTP and Scanner Daemon Page 55 Queue Manager avq Page 56 In addition you will find information on e Procedures when Detecting Viruses Unwanted Programs Page 59 6 1 Starting and Stopping AntiVir MailGate Manually Avira GmbH If you have installed AntiVir MailGate as described in Installation Page 14 the program is automatically started and stopped by the system However you may need to start and stop AntiVir MailGate manually Any changes in configuration files must be followed by a restart of the program for activation The script usr lib AntiVir avmailgate starts and stops the scanner and mailgate daemon Since version 3 0 0 MailGate uses a new scanner which must be started before avmailgate bin Therefore you have to start and stop MailGate with the avmailgate script usr lib AntiVir avmailgate start usr lib AntiVir avmailgate stop If you use your own script you should make sure to start the scanner first See the script avmailgate for an example on how you can start the scanner backend If you want to pass specific command line options to MailGate you can add them to the parameter DAEMONPARAMS in the script see Parameters for avmailgate bin You must login as root or you must have the required acces
47. mailgate prof lt version gt tar gz gt Copy the file to a directory of your choice on the computer on which you want to install AntiVir MailGate For example in tmp Unpacking program files gt Go to the temporary directory cd tmp gt Unpack the archive for the AntiVir kit tar xzvf antivir mailgate prof lt version gt tar gz L The directory antivir mailgate prof lt version gt will be created in the temporary directory 4 2 Licensing You need a license to run AntiVir MailGate see Licensing Concept Page 9 The license file hbedv key is delivered by email It contains information on the scope and period of the license Acquiring the license gt You may test AntiVir MailGate for 30 days if you fill in the test license form on our website gt Contact us by telephone or at sales avira com to obtain a valid license file by email gt You can also purchase AntiVir through our Online Shop for more details please visit http www avira com Copying the license file gt Copy the license file hbedv key to your installation directory For example tmp antivir mailgate prof lt version gt You can copy the license file later to the program directory usr lib AntiVir Avira GmbH Avira AntiVir MailGate 15 Installation 4 3 Installation with the Installation Script install The install script performs the installation of AntiVir MailGate automatically It performs the following tasks
48. meter Accept LooseDomainName also allows incorrect domain names If the setting is NO and the domain name for message delivery is not correct depending on source routing the message is rejected If the setting is YES the domain name is not checked Therefore even if the domain is incorrect the email is forwarded AcceptLooseDomainName NO Filtering email addresses This option can activate deactivate the address filter The default setting is NO i e no address filter is used with the standard installation AddressFilter NO To be able to use the address filter the following files are necessary etc avmailgate ignore and etc avmailgate scan These files contain lines with email addresses and optional S s sender and or R r recipient flags The given email addresses are checked only by SMTP protocol MAIL FROM and RCPT TO The email addresses in the email headers are ignored The lists are checked Checking begins with the first list on FilterTableOrder When a match is found the checking is terminated and the configured action performed Avira AntiVir MailGate 32 Filter TableOrder SMTP Greeting Timeout SMTPHelo Timeout Avira GmbH Configuration According to the result the procedures are e if there is no match in the first list the next list is checked e if there is no match in the second list either the email is scanned e if there is a match in the ignore list the
49. n and operating procedures in general only some file names may differ depending on the target operating system Computer x386 Sparc OS Linux with GLIBC 2 2 or higher or Solaris CPU 32 bit or 64 bit UNIX Running AntiVir software on 64 bit UNIX systems requires the ability to execute 32 bit binaries For instructions about checking and eventually enabling this behavior please refer to the documentation of your UNIX system 38 MB free hard disk space for product installation RAM 256MB 1280MB for Solaris HD 100MB 1GB or more recommended Administration through Avira SMC libstdc so 5 is required for the SMC Agent ee supported distributions for Avira AntiVir MailGate Red Hat Enterprise Linux 5 Server Red Hat Enterprise Linux 4 Server Novell Open Enterprise Server 10 2 Novell Linux Desktop 9 NLD 9 Novell SUSE Linux Enterprise Server 11 SLES 11 Novell SUSE Linux Enterprise Server 10 10 2 SLES 10 Novell SUSE Linux Enterprise Server 9 SLES 9 Debian GNU Linux 4 Debian GNU Linux 5 stable lenny Ubuntu Server Edition 8 Ubuntu Server Edition 9 intrepid Sun Solaris 9 SPARC Sun Solaris 10 SPARC Gentoo Avira AntiVir MailGate 10 Milter Mode 3 Milter Mode 3 1 Overview Avira GmbH AntiVir Milter has been a stand alone product up to now The product has been available only for Sendmail using the Sendmail Milter interface Now the Milter functionality is integrated in MailGate In order t
50. n settings already made are not overwritten but inherited see Configuration Page 26 Later installation of some components Activating or deactivating the automatic start of Avira Updater or AntiVir MailGate Reinstalling Avira AntiVir MailGate The steps are the same in all cases gt Open the directory where you unpacked AntiVir MailGate For example cd tmp antivir mailgate prof lt version gt gt Type install The installation script runs as described above Avira GmbH Avira AntiVir MailGate 19 Installation gt Make the changes you need during installation procedure AntiVir MailGate is installed with the required settings Uninstalling AntiVir You can use the uninstall script located in the temporary AntiVir directory to remove Avira AntiVir MailGate The syntax is uninstall product productname no interactive force version help where productname is Mailgate gt Open the AntiVir directory cd usr lib AntiVir gt Type uninstall product Mailgate L The script starts uninstalling the product asking you step by step if you want to keep backups for the license file for the configuration files and logfiles it can also remove the cronjobs you made for MailGate and Scanner gt Answer the questions with y or n and press Enter LD Avira AntiVir MailGate is removed from your system 4 5 Further Installation Steps Depending on the MTA After installing A
51. nd 23 root usr lib AntiVir avupdate product product Avira AntiVir MailGate 60 Updates As product you can use Scanner recommended to update the scanner engine and vdf files MailGate complete update MailGate scanner engine and vdf files gt Start the update process to test the settings usvr lib AntiVir avupdate product product where product takes the same values as above L If successful a report will appear in the logfile var log avupdate log Avira GmbH Avira AntiVir MailGate 61 Service 8 Service 8 1 Support Support Service Our website http www avira com contains all the necessary information on our extensive support service The expertise and experience of our developers is available to you The experts from Avira answer your questions and help you with difficult technical problems During the first 30 days after you have purchased a license you can use our AntiVir Installation Support by phone email or by online form In addition we recommend that you also purchase our AntiVir Classic Support with which you can contact and obtain advice from our experts during business hours when technical problems are encountered The annual fee for this service which includes eliminating viruses and hoax support is 20 of the list price of your purchased AntiVir program Another optional service is the AntiVir Premium Support which in addition to the scope of the AntiVir Classic Sup
52. ntiVir MailGate as described above you have to make some manual settings depending on your MTA The following part describes Sendmail Exim Qmail and Postfix specifics Configuring Sendmail If you are working with Sendmail we recommend that you use AntiVir MailGate in Milter mode see Chapter Milter Mode Page 11 It guarantees full SMTP functionality in Sendmail such as SMTP authentication Configuring Exim AntiVir MailGate runs with Exim version 3 0 or newer gt To detect your Exim version use the command exim bV There are two ways of integrating AntiVir MailGate with Exim e Integrate AntiVir MailGate as a content filter in Exim recommended Avira GmbH Avira AntiVir MailGate 20 Installation e Proxy mode Content Filter AntiVir MailGate configuration gt Modify or add the following entries in avmailgate conf ListenAddress 127 0 0 1 port 10024 ForwardTo SMTP 127 0 0 1 port 10025 gt Restart AntiVir MailGate Exim configuration gt Modify or add the following entries in exim conf Listen on all interfaces on port 25 and on 127 0 0 1 port 10025 local_interfaces 0 0 0 0 25 127 0 0 1 10025 Add router entry gt Search for the entry begin router in exim conf and add the following entries Router for AntiVir MailGate antivir mailgate debug print R AntiVir MailGate for Slocal_part domain driver manualroute transport antivir mailgate transport route list
53. o start MailGate in Milter mode the option ListenAddress in avmailgate conf requires the following syntax after installing MailGate inet port hostname ip address Example inet 3333 localhost OR unix local path to file Example unix path to file local path to file If necessary the ForwardTo entry has to be set to the Sendmail binary If the default value is correct the option has to remain unchanged ForwardTo usr lib sendmail oem oi AntiVir MailGate will no longer use the avmilter files for Milter mode They have to be renamed avmailgate Example mv etc avmilter warn etc avmailgate warn To migrate from an older Milter installation to the current AntiVir MailGate Milter mode the file MILTER_MIGRATION must be used It is located in the doc directory of the product kit It is recommended to adjust the file avmailgate conf instead of renaming the file avmilter conf Avira AntiVir MailGate 11 Milter Mode 3 2 AntiVir MailGate Milter Mode Features Functions AntiVir MailGate Milter mode is a plug in for Sendmail starting with version 8 11 and communicates through Sendmail s libmilter interface It scans all incoming and outgoing emails Infected emails are not forwarded A status notification is shown in syslog It can notify senders recipients and administrators of infections Most of these features also apply to MailGate even when it is not running in Milter mode
54. of the settings for ArchiveMaxSize ArchiveMaxRecursionand ArchiveMaxRatio If the option is deactivated NO such archives are forwarded disregarding the settings for ArchiveMaxSize ArchiveMaxRecursion and ArchiveMaxRatio BlockSuspiciousArchive NO Avira AntiVir MailGate 37 Block Encrypted Archive Detect Heuristics Macro Heuristics Level Block OnError Block Unsupported Archive RejectAlertMail Avira GmbH Configuration Blocking emails with password protected archives If the setting is YES emails containing password protected files in archives are rejected If NO is set emails containing encrypted archives are also delivered BlockEncryptedArchive NO Detection of other types of unwanted programs Besides viruses there are some other types of harmful or unwanted software described in avmailgate conf You can activate their detection using the following options Detec Detec DSPY yes PPL yes DetectBDC yes DetectDIAL yes DetectGAME no DetectHIDDENEXT yes DetectJOKE no DetectPCK no DetectPHISH yes DetectSPR no tA tA B D Z NI Macrovirus Heuristics Activates the heuristics for macroviruses in documents HeuristicsMacro yes Win32 Heuristics Sets the detection level of Win32 Heuristics Available values are 0 off 1 low 2 medium and 3 high HeuristicsLeve
55. on wou e 1 email notifications are sent in case of successful update unsuccessful update or up to date e 2 email notification only in case of unsuccessful update e 3 email notification only in case of successful update default notify when email to The recipient of notification emails email to Logfile settings log Specify a full path with a filename to which AntiVir Updater will write its log messages log var log avupdate log log append By default the logfile is overwritten You can use this option to append the logfile log append Integration into Avira Security Management Center SMC Avira GmbH In order to configure updates via Avira Security Management Center SMC it is necessary to add the updateplugin package to the SMC repository Once added a new product Avira Updater will be available for installation on machines administered by the SMC The Avira Updater product allows updates to be configured for all products installed on computers administered by the SMC For more details please refer to the SMC documentation Avira AntiVir MailGate 52 Operation 6 Operation After concluding installation and configuration and when AntiVir MailGate is running MailGate guarantees continuous monitoring of your system During operation you might have to make occasional changes in settings as described in Configuration Page 26 In some cases it may be necessary to operate AntiVir Mai
56. or SMTP and Scanner Daemon 0 00 esessseceesseeeceeeceeescencescesceaceaeeneeees 55 6 3 Queue Manager avg rirerire agiia E iie e EAE RANEE EESE aS 56 6 4 Procedures when Detecting Viruses Unwanted Programs sssessesreereerrerrrereseee 59 WAAL CS cores sensrersere i aeoea e teea EPn Ssa Eaa PESSE iadro eaa 60 Tal Internet Updates sira aii e E EAE AET x E i A EE E E 60 aa TE EEE R 62 S 1 SUP POLE nesne n a e a E E E A R a N s 62 8 2 Online Shop orei eea ea aa iat Eaa aa eee 62 Od Contactar nana h e E a A A AT E aeaa E E AEEA 63 Appendia tarara Eea TP TTT TePPET TTT OTT AEAEE Sane 64 9 L Gloss ry Ser Aer duces E E E E RE KE a E TRAR oes i 64 9 2 Further Information siseerira eani i a cai new ow eased A RE TR 65 9 3 Golden Rules for Protection Against Viruses s essesseesssessseersesrresrsrsesesesrsesreesesesee 66 Avira GmbH Avira AntiVir MailGate About this Manual 1 About this Manual In this Chapter you can find an overview of the structure and contents of this manual After a short introduction you can read information about the following issues The Structure of the Manual Page 4 Signs and Symbols Page 4 Abbreviations Page 5 1 1 Introduction Avira GmbH We have included in this manual all the information you need on Avira AntiVir MailGate and it will guide you step by step through installation configuration and operation of the software The appendix contains a Glossary which explains the basic t
57. pe the path to the license file and press Enter OR If you want to copy the license file later just click Enter L The next step is installing the automatic Internet Updater Then you are asked whether a link should be created in usr sbin for the start script 2 Configuring updates An internet updater is available with version 3 1 2 1 of AVIRA MailGate UNIX It will ensure that you always have the latest virus signatures and engine updates In order to trigger an update you will need to run the command usr lib AntiVir avupdate product MailGate Please read the README file for more information about updating and which method best suits you Would you like to create a link in usr sbin for avupdate y gt Confirm with Enter or click n L Then you are asked if you want to create cron jobs for the Scanner and for product updates Would you like to setup Scanner update as cron task y Please specify the interval to check Recommended values are daily or 2 hours available options d 2 creating Scanner update cronjob done Would you like to check for MailGate updates once a week n creating MailGate update cronjob done setup internet updater complete You can also set these options later L The script continues with the installation of the main program 3 installing main program copying doc avmailgate_en pdf to usr lib AntiVir done copying gt You have to provide
58. pecified times A background process for administration on UNIX systems On average there are about a dozen daemons running on a computer These processes usually start up and shut down with the computer Without a license file Avira AntiVir MailGate runs as a demo version An Avira banner is inserted in every email The automatic update function is not available so you will have to download new virus definitions and scan engine versions manually from our website The European Institute for Computer Antivirus Research offers a test virus for testing antivirus programs More details at http www eicar org also Report file A file containing reports generated by the program during run time when a certain event occurs Generic term for foreign bodies of any type These can be interferences such as viruses or other software which the user generally considers as unwanted see also Unwanted Programs Multipurpose Internet Mail Extensions Internet extensions for integrating binary files in Internet emails MIME supports so called multipart emails to allow various file types in an email or binary attachments and HTML emails Mail Transfer Agent a program that sends emails via SMTP For example Sendmail Postfix Exim The directory where infected files are stored to block the user s access to them for example rejected The user with unlimited access rights such as system administrator on Windows AntiVir software modul
59. port allows you to contact expert partners at any time even after business hours in the case of an emergency When virus alerts occur you will receive an SMS on your cellphone Forum Before you contact our Hotline we recommend that you visit our user forum at FAQ _ http forum antivir de as well as the FAQ section on our website Your questions may already have been answered for another user and posted on the forum Email Support Support via email can be obtained at http www avira com 8 2 Online Shop Would you like to buy our products by mouse click You can visit the Avira Online Shop at http www avira com and buy upgrade or extend AntiVir licenses quickly and safely The Online Shop guides you step by step through the order menu A multi lingual Customer Care Center explains the order process payment transactions and delivery Resellers can order by invoice and use a reseller panel Avira GmbH Avira AntiVir MailGate 62 Service 8 3 Contact Address Avira GmbH Lindauer Strasse 21 D 88069 Tettnang Germany Internet You can find further information on us and our products by visiting http www avira com Avira GmbH Avira AntiVir MailGate 63 Appendix 9 Appendix 9 1 Glossary Term cron daemon Daemon Demo version Eicar Logfile Malware MIME MTA Quarantine directory root Scan engine SAVAPI Script SMTP Avira GmbH Meaning A daemon which starts other programs at s
60. quests ScannerListenAddress var run avmailgate scanner If you use SuSE Mail Server II gt Replace the entry AllowSourceRouting NO with AllowSourceRouting YES gt Stop and restart AntiVir MailGate etc init d avmailgate restart gt Add the following entry in etc postfix master cf service type private unpriv chroot wakeup maxproc command args yes yes yes never 50 smtp inet n n smtpd For AntiVir Mail daemon localhost smtp backdoor inet n n smtpd o content_filter one line gt Check that the first character in the table is not a space or tab The entry smtpd o content filter deactivates the corresponding line in a second Postfix instance avoids mail loops gt Add into etc postfix main cf AntiVir integration content filter smtp 127 0 0 1 10024 gt Restart Postfix etc init d postfix restart or etc init d postfix reload If Postfix sets the status deferred for emails after AntiVir MailGate installation gt Search in main cf for the line defer transports local gt Comment it out defer transports local Avira AntiVir MailGate 24 Installation Listenon gt Look in master cf for port 25 smtp inet n n smtpd gt Comment it out smtp inet n n smtpd It prevents Postfix from listening on SMTP port SMTP daemon can listen on this port Emails forwarded by the SMTP daemon will be processed by the Sendmail wrapp
61. r daemon Avira GmbH Product Information Modules and Operating Mode of Avira AntiVir MailGate Avira AntiVir MailGate is an SMTP scanner which scans allincoming and outgoing emails including attachments on your UNIX mail server for viruses unwanted programs see figure below The program has a high scanning speed andis easy to configure Apart from SMTP Avira AntiVir MailGate supports the Sendmail Milter interface SMTP daemon Incoming queue var spool avmailgate incoming Scanner daemon Virus error detected Wirus error queue Outgoing queue var spool avmailgate rejected Possible forwarding var spool avmailgate outgoing Forwarder daemon Send via MTA or SMTP MTA SMTP This store and forward agent divides the work between two programs The SMTP daemon receives the emails and stores them in the spool directory This program can run as an independent server using port 25 SMTP or it can be started by the Internet superdaemons inetd or xinetd The forwarder daemon reads the emails stored in the spool directory decodes any attachments and then starts scanning for viruses and unwanted programs Depending on the result of the scanning process clean emails are forwarded while infected emails are blocked in the spool directory rejected According to the configuration made in avmailgate conf the program also blocks suspicious emails such as password prot
62. r and these can serve to carry boot sector viruses gt Regularly back up your files gt Limit program exchange particularly with other networks mailboxes Internet and acquaintances gt Scan new programs before installation and the disk after this If the program is archived you can detect a virus only after unpacking and during installation If there are other users connected to your computer you should set the following rules for protection against viruses gt Use a test computer to check downloads of new software demo versions or virus suspicious media floppies CD R CD RW removable drives gt Disconnect the test computer from the network gt Appoint a person responsible for virus infection operations and define all steps for virus elimination gt Draw up an emergency plan as a precaution for preventing damage due to destruction theft failure or loss change due to incompatibility You can replace programs and storage devices but not your vital business data gt Draw up a plan for data protection and recovery gt Your network must be correctly configured and the access rights must be wisely assigned This is represents good protection against viruses Avira AntiVir MailGate 66 AVIRA More Than Security We 77 7 Avira AntiVir MailGate Avira AntiVir MailGate Suite Avira GmbH Lindauer Str 21 88069 Tettnang Germany Telephone 49 0 7542 500 0 Fax 49 0 7542 525 10 Internet http
63. rtsUser AvMailGate domainname Status information in email body If the setting is NO the email contains no additional information default AddStatusInBody NO If the setting is YES e If a file named body state exists in the template subdirectory of the program the text from this file is inserted in the mail see Report Templates Configuration Page 48 e AddStatusInBody could also take the name of a file In this case the contents of the file are added Status text If the option AddStatusInBodyis set to YES no status text is added to an email that exceeds the given size value The size can be specified in megabytes MB kilobytes KB or bytes Examples 4KB 3MB Default MaxMessageSizeStatus 0 Values larger than 200 0MB 2GB are not allowed Forwarding emails as MIME not in milter mode Even if not in MIME emails can be transformed into MIME emails They have a MIME header with content type text plain content disposition inline and content encoding 7 bit or 8 bit Encoding depends on the original email If the setting is NO non MIME emails are sent without further processing Avira AntiVir MailGate 36 ScanInArchive Archive MaxSize ArchiveMax Ratio ArchiveMax Recursion Block Suspicious Archive Avira GmbH Configuration If the setting is YES non MIME emails are transformed into MIME emails ForwardAllEmailAsMIME N
64. s Avira GmbH Configuration command not in milter mode SMTPHeloTimeout 300 Defines the maximum timeout in seconds for receiving a reply to the MAIL FROM command not in milter mode SMTPMailFromTimeout 300 Defines the maximum timeout in seconds for receiving a reply to the RCPT TO command not in milter mode SMTPRcptTimeout 300 Defines the maximum timeout in seconds for receiving a reply to the DATA command not in milter mode SMTPDataTimeout 120 Defines the maximum timeout in seconds for sending individual data blocks not in milter mode SMTPDataBlockTimeout 180 Defines the maximum timeout in seconds for receiving a reply to the final dot of the DATA command and QUIT command after sending the message not in milter mode SMTPDataPeriodTimeout 600 Maximum number for the forwarder Maximum number of simultaneous forwarding processes The value depends on the efficiency of your email system and on the quality of your email connection default value 10 MaxForwarders 10 Forwarder Defines how emails should be sent default by Sendmail ForwardTo usr lib sendmail oem oi The email can also be sent by SMTP ForwardTo SMTP localhost port 825 The SMTP setting applies only to MailGate in SMTP mode In Milter mode it can only be forwarded by the program Therefore the valid entry is ForwardTo path to file Scanner location Sets the location of the scanner
65. s rights to start or stop AntiVir MailGate manually Avira AntiVir MailGate 53 Operation Starting AntiVir MailGate gt Type usr lib AntiVir avmailgate start L The program starts with the following message Starting AVIRA AntiVir MailGate Starting savapi Stopping AntiVir MailGate gt Type usr lib AntiVir avmailgate stop L The program stops with the following message Stopping AVIRA AntiVir MailGate Stopping avmailgate bin Shutting down Avira MailGate Stopping savapi Restarting AntiVir MailGate This is used for example after making changes in configuration scripts gt Type usr lib AntiVir avmailgate restart 4 The program restarts after showing the following message Stopping AVIRA AntiVir MailGate Stopping avmailgate bin Shutting down Avira MailGate Stopping savapi Starting AVIRA AntiVir MailGate Starting savapi Checking AntiVir MailGate status gt Type usr lib AntiVir avmailgate status 4 The program shows information on the MailGate daemons Status avmailgate bin running Status savapi running Avira GmbH Avira AntiVir MailGate 54 Operation 6 2 Parameters for SMTP and Scanner Daemon The following tables describe the possible command line parameters that overrule avmailgate conf settings Syntax avmailgate bin V version i C config file D debug level stop status avq Parameters for avma
66. s root in order to install AntiVir MailGate You also need an MTA Sendmail Postfix Exim Qmail etc available on your system We cannot provide support for problems that do not directly concern AntiVir MailGate This section describes an example installation of a standard Sendmail configuration on a SuSE distribution If you want to integrate the program with another MTA or for example with Lotus Domino you can find further information in the related files INSTALL sendmail INSTALL exim INSTALL qmail INSTALL postfix etc This Chapter contains the following sections e Preparing the Installation Files Page 15 e Licensing Page 15 e Installation with the Installation Script install Page 16 e Reinstalling and Uninstalling AntiVir Page 19 e Further Installation Steps Depending on the MTA Page 20 e Testing AntiVir MailGate after Installation Page 25 If you have also installed Avira AntiVir Server UNIX or Avira AntiVir Professional UNIX and you use the Graphical User Interface to configure and operate these products please note that the GUI is not compatible with the current versions starting with version 3 of Avira AntiVir MailGate and Avira AntiVir WebGate Avira AntiVir MailGate 14 Installation 4 1 Preparing the Installation Files Downloading program files from the Internet gt Download the current files from our website http www avira com to your local computer The file name is antivir
67. s socket for MailGate to connect and perform scan Avira AntiVir MailGate 34 Max Attachments Block Suspicious Mime Block Fragmented Message BlockPartial Archive Block Extensions Expose Recipient Alerts Avira GmbH Configuration requests ScannerListenAddress var run avmailgate scanner Ifyou modify this parameter you must also set the same value for ListenAddress in etc avmailgate scanner conf See Scanner Configuration in avmailgate scanner conf Page 46 Maximum number of email attachments MIME Defines the maximum number of attachments for a single MIME email MaxAttachments 100 Blocking suspicious emails MIME Blocks suspicious MIME emails An email is classified as suspicious if it exceeds the maximum recursion levels or the maximum attachment number default setting NO BlockSuspiciousMime NO Blocking fragmented emails Blocks fragmented emails For further information see Message Fragmentation and Reassembly RFC 2046 http www fags org rfcs rfc2046 html paragraph 5 2 2 1 BlockFragmentedMessage NO Block partial archive If activated YES this option blocks mails containing an archive which is part of a multivolume archive BlockPartialArchive NO Blocking emails with certain extensions You can configure MailGate to block emails containing attachments with specified file extensions such as exe scr pif This also applies to archived files
68. so the restart has to be made manually as root Advantage any running processes of AntiVir daemons such as Scanner Engine MailGate are automatically updated with the current antivirus files without interrupting the running scan processes It is thus ensured that all files are scanned 7 1 Internet Updates Manually If you want to update AntiVir MailGate or some of its components gt Use the command usr lib AntiVir avupdate product product As product you can use Scanner recommended to update the scanner engine and vdf files e MailGate complete update MailGate scanner engine and vdf files If you just want to check for a new AntiVir version without updating AntiVir gt Use the command usr lib AntiVir avupdate check product product The product values are the same as above Automatic updates with cron daemon Avira GmbH Regular updates are made using cron daemon The settings for automatic updates in etc crontab have already been made if when installing Avira AntiVir MailGate with the install script the answer for installing AntiVir Updater and starting it automatically was yes You can find further information on cron daemon in your UNIX documentation To make or change the settings for automatic updates in crontab manually gt Add or edit the entry in etc cron d avira_updater similar to the example below Example for an hourly update at 23 enter the following comma
69. t L The following message appears when the script is finished Installation of the following features complete AntiVir Core Components Engine Savapi and Avupdate AVIRA Internet Updater AVIRA MailGate AntiVir SMC plugin gt Depending on your MTA proceed with the installation as described in Further Installation Steps Depending on the MTA Page 20 Avira AntiVir MailGate 18 Installation gt Finally you can start AntiVir MailGate usr lib AntiVir avmailgate start Modified binaries will not run q For example if binaries are prelinked Either disable prelinking or add 2 usr lib AntiVir as an excluded prelink path in etc prelink conf Starting with version 3 0 0 a new scanner backend is used Old scanner specific configuration options that are not known to MailGate must be moved from 2 etc avmailgate conf to the scanner specific configuration file etc avmailgate scanner conf It is highly recommended that you perform an update after installation to ensure up to a date protection This can be done by running usr lib AntiVir avupdate product MailGate For more details on updating see Updates Page 60 4 4 Reinstalling and Uninstalling AntiVir You can re launch the install script at any time There are several possible situations Install a new version upgrade The installation script checks the previous version and installs the necessary new components The configuratio
70. t e tag spam Ifthe mail is spam tag it e tag dangerous attachment If the mail has a dangerous attachment tag it e tag dangerous alert If the mail contains a dangerous alert tag it e tag dangerous iframe If the mail contains a dangerous iframe tag it Example of etc asmailgate except spam somewhere tld i blacklist All mail from spam somewhere tld will be treated as spam independently of the spam check result Actions can also be switched off Example in etc avmailgate conf SpamAction BLOCK in etc asmailgate except me here tld i r block_spam Do not block spam for the given recipient address r is the flag for recipient It means that the given address should be matched against the recipient address and not against the sender address The default without the r flag is to match the address against the sender address Avira AntiVir MailGate 43 SpamFilter DetectGTUBE SpamFilter Startup Timeout SpamFilter ServiceConnect Timeout SpamFilter ServiceMax Sessions SpamFilter HandleBulk ADVLikeSpam SpamFilter HandleBulk PornLikeSpam Avira GmbH Configuration Another example in etc avmailgate conf DangerousAttachmentAction TAG DangerousIFrameAction TAG in etc asmailgate except me here tld i r tag dangerous attachment tag dangerous iframe Don t tag DangerousAttachment and DangerousIFrame mails A DangerousOu
71. tbreak has a higher priority than the black and whitelisting If a DangerousOutbreak was detected no check for black and whitelistings will be performed The GTUBE test string can be used to test the integrated spam filter The string and a complete RFC 822 mail can be found at http spamassassin apache org gtube An email containing this string should be rated as spam by spam filters Just put this string into the message s body and send it through Avira MailGate If you get messages similar to the ones below the spam filter works correctly id 15025 btMzMR 15025 btMzMR spam filter spam filter result spam action tagged spam mail detected queue id GTUBE will not be detected by default To switch the GTUBE detection on set this option to YES and restart Avira MailGate SpamFilterDetectGTUBE NO This option specifies how long should Avira MailGate wait for the external spam daemon to come up in seconds SpamFilterStartupTimeout 60 This option specifies how long should Avira MailGate wait for an answer of a configuration request to the external spam filter daemon in seconds SpamFilterServiceConnectTimeout 30 This option sets the maximum limit of simultaneous running threads of the external spam filter daemon SpamFilterServiceMaxSessions 50 Option to rate category bulk advertisement as spam SpamFilterHandleBulkADVLikeSpam NO Option to rate
72. ternal Program Avira GmbH Configuration Recipient for email failure not in milter mode This is the user that receives email failure reports when an email cannot be sent by MTA BounceMessageUser MAILER DA EMON Size of the email failure mail body not in milter mode Sets the size in bytes from the original mail body to be returned by bounce mail The value 0 means no limit is set e g 4KB 3MB 2GB BounceMessageSiz Body 0 Size of the email failure mail header not in milter mode Sets the size in bytes from the original mail header to be returned by bounce mail The value 0 means no limit is set e g 2KB 2 Kilobytes 3MB 3 Megabytes 2GB 2 Gigabytes BounceMessageSizeHeader 0 Adding X header not in milter mode If the setting is YES the queue ID and information on scan status will be included in the header of the email For example X AntiVirus checked by AntiVir MailGate The text cannot be modified AddXHeader YES Adding Received stamp to header not in milter mode If the setting is YES the scanned email contains a note on incoming time AddReceivedByHeader YES Avoiding mail loops not in milter mode If more Received lines appear in the header the email is blocked MaxHopCount 100 Maximum time for email scanning Defines maximum time for email scanning in seconds ScanTimeout 300 Running an externa
73. the TMPDIR environment variable will be used If you want to use a single tmp directory for all MailGate components you can change the option TemporaryDir in etc avmailgate conf and ScanTemp in avmailgate scanner conf Default TemporaryDir var tmp Check domain name This option determines whether the domain names of RECIPIENT SENDER or BOTH addresses should be matched with the entries in the local section in avmailgate acl in order to accept the email For more information see Hosts Configuration in avmailgate acl Page 47 Default is MatchMailAddressForLocal RECIPIENT SMTP message Sets the headers sent by MailGate You can edit the text for example if you do not want to reveal the type of security software Default is SMTPBanner AntiVir MailGate Avira AntiVir MailGate 29 PidDir Syslog Facility LogFile DebugLevel Listen Address MaxIncoming Connections SMTP Timeout Avira GmbH Configuration PID directory This directory saves the PID files for MailGate s main processes You must stop AntiVir MailGate before changing this parameter PidDir var tmp Syslog facility It sets the log category that Syslog should apply for MailGate messages SyslogFacility mail Logfile It must contain the full path to the log file Apart from the log file entries will also be sent to syslog If LogFile is set to NO default no log file is used The
74. u have to perform r Used before the result that directly follows the preceding action Used before an alert if there is a danger of critical data loss or hardware damage Used before a note containing particularly important information e g on the steps to be followed 0 Used before a tip that makes it easier to understand and use Avira AntiVir MailGate Avira AntiVir MailGate 4 About this Manual For improved legibility and clear marking the following types of emphasis are also used in the text Emphasis in text Explanation Ctrl Alt Key or key combination usr lib AntiVir avmailgate Path and file name ls usr lib AntiVir User entries Choose component Select all Elements of the software interface such as menu items window titles and buttons in dialog windows http www avira com URLs Signs and Symbols Page 4 Cross reference within the document 1 4 Abbreviations The manual uses the following abbreviations Abbreviation Meaning ACL Access Control List FAQ Frequently Asked Question FQDN Fully Qualified Domain Name GUI Graphical User Interface MIME Multipurpose Internet Mail Extensions MTA Mail Transport Agent RFC Request For Comment SMTP Simple Mail Transfer Protocol VDF Virus Definition File Avira GmbH Avira AntiVir MailG ate 5 Product Information
75. uite only Page 41 This feature is only activated with the license for Avira MailGate Suite e Scanner Configuration in avmailgate scanner conf Page 46 e Hosts Configuration in avmailgate acl Page 47 e Warnings Configuration in avmailgate warn Page 48 e Report Templates Configuration Page 48 e Updater Configuration in avupdate conf Page 51 The configuration files are read when the program starts It will ignore empty lines or lines beginning with They are provided with default values which are suitable for most set ups Some entries are deactivated or commented out using and they can be activated by deleting the sign Starting with MailGate 3 0 0 unknown configuration options trigger an error message WARNING found an unknown config option while parsing the configuration file The list of configuration files is shown when you complete the installation etc avmailgate conf AVIRA MailGate main config etc avmailgate scanner conf AVIRA MailGate scanners config etc avmailgate acl AVIRA MailGate access list etc avmailgate ignore AVIRA MailGate ignore list etc avmailgate scan AVIRA MailGate scan list etc avmailgate warn AVIRA MailGate warn list etc asmailgate except AVIRA MailGate spamfilter config etc avira avupdate conf AVIRA Avupdate options The configuration file etc antivir conf is no longer used Users are strongly recommended to remove this file All settings for AntiVir MailG
Download Pdf Manuals
Related Search