Friday, November 7, 2008

Virus scanner for mail servers

There are tons of guides on this but hopefully mine is the easiest for you to follow

I am a SUSE fan, so this guide is based on the latest SLES10 which you can download from Novell. Everything you need is available in that distribution.

If you are new to SUSE, or even Linux, this distro is very easy to use. Just follow the guide and you will get it up and running in no time. If you just want to get to the configuration part then proceed straight there


1. INTRODUCTION

1.1 What's all this?

You'll get an SMTP server that can check for virus.

1.2 Why this set up?


This way, it will work with your current mail server. It will just be a firewall for your incoming/outgoing mails

1.3 Why use SUSE?

Because I am a SUSE fan and it is Linux which means it is free.


2. INSTALLATION

2.1 Components

You will need the following

SUSE 10 (any package, inclusive of SLES)
LDAP
Postfix
Amavisd
Clamd

2.1. Partitions

If you are using a new harddisk, then SLES will do the partition automatically for you. If you already have an existing partition, then maybe you want to customise it. The standard partitions by SLES are

partition 1 - swap = 1.5x of your available memory (if more than 256. Min 256MB, max 1GB
partition 2 - root directory = balance space

what I suggest is to divide the balance space to two and use the other half to mount a spare directory. This is where you can store junks and prevent your server from choking up if case space runs out

2.2 Package

Just choose default configuration and proceed with the installation.

2.3 Host Name / Domain

When prompted to enter machine and domain name, enter accordingly. The settings here will be used for your LDAP server.

2.4. Certificate Authority

If you want to customise your Certificate Authority, then maybe you want to change the settings when prompt to. Suggest you change to reflect your domain

2.5. LDAP

When prompted if you want to start OpenLDAP, then choose yes. Basic configuration are

Base DN - dc=yourdomain, dc=yourdomain
Administrator - cn=administrator (append DN)

When prompted to use LDAP for authentication, choose YES. Also choose Allow user to authenticate but disable login. It should choose localhost. Proceed with the installation.

2.6. Installation Source

If you have the ISO, it is time to copy it to one of the directories. It will help when it comes to installing additional feature so you do not need to insert the CDs or DVD everytime. To do this, you need to specify the location of the ISO. Once in X window, launch YAST and go to Software>Installation Source. Choose Add>Local Directory, tick ISO and browse to the CD1 file and click OK. Move the newly added source up and disable the existing one


3. CONFIGURATION

3.1 Mail Server

Run YaST and go to Software>Software Management. Search for yast2-mail-server and install it. It will ask you to remove yast2-mail. Do it.

Restart YaST and go to Network Services>Mail Server. It will prompt to enter LDAP password. Enter the password you entered earlier

Once in, go to Local Delivery and choose No Local Delivery.

Go to Mailserver Prevention and choose Start Virus scanner AMAVIS. You are done here.

3.2 Postfix

Edit /etc/postfix/main.cf

relay_domains=yourdomain
local_recipients_map - remove the whole subnet and put in your current mail server IP address.

Edit /etc/postfix/master.cf

change localhost to 127.0.0.1

restart postfix by running this command 'rcpostfix restart'

3.3 Amavisd

Edit file /etc/amavisd.conf. Look for the first instance of Clamd. Uncomment the following lines and change it to look like this. Those in italics are the one you should change. The rest, just uncomment it.

['ClamAV-clamd',
\&ask_daemon, ["CONTSCAN {}\n", "/var/lib/clamav/clamd-socket"],
qr/\bOK$/, qr/\bFOUND$/,
qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],

restart amavisd by running the command 'rcamavisd restart'

3.4 Clamd

Start clamd by running command 'rcclamd start'

Update the database by giving command 'freshclam'

You may want to update to the latest clamav. Current is 0.88.7. You can get it here

ftp://ftp.suse.com/pub/suse/update/10.0/rpm/

update it by running this command 'rpm -Fvh newrpm'


That is it! You can now forward your existing server mails to this server for your outgoing mails. You can also update your external DNS to point to this server for your incoming mails

No comments: