CyberKnights

Modern tools.
Traditional dedication.

Instant AntiVirus (v0.2)

Ingredients

You will require:

Root access on a working Mandrake Linux 9.1 system with the usual tools like URPMI and a text editor such as vi;
A legitimate copy of the Sophos virus scanner (many others can be used, the AMaViS config file also lists FSAV, AVP, FSP, hbEDV, Sophie, Bitdefender, FPROT, MKS, NAI, NVC, Panda, CLAM and Trend but not RAV. Prophetic?). I would prefer to use an Open scanner, but nobody has stepped forward to keep the virus signature updates timely for OpenAntiVirus (as at 26 June 2003, the signature file timestamp says 29 October 2002, therefore no Sobigs, no BugBear.B, no insert-today's-viruses-here).
This collection of packages or choose individual packages here.

Method

Install PostFix if it isn't already: urpmi postfix

Install Sophos as per the instructions that come with it. As at now, that means unpack the linux.intel.libc6.tar file and run ./install.sh in the resulting sav-install directory. Note that by default it installs the binaries in /usr/local/bin.

Explode the packages from the archive (note, this command unpacks them in the current directory): tar xvjf AMaViS-Mandrake-9.1.tar.bz2

Install the packages (this assumes that the packages are the only ones in the current directory): urpmi *.rpm

Make the directory /var/run/amavis: mkdir /var/run/amavis

Edit AMaViS' config file /etc/amavis/amavis.conf and make the following changes:

Uncomment the line: mail-transfer-agent = SMTP.
Uncomment the line: virus-scanner = Sophos.
Uncomment the extractors = line such that all extractors are enabled.
Configure the headers as you please. I flag the message as having been scanned by AMaViS on a virus-immune Linux server, it gives the recipients confidence.
Adjust the logging to your taste.
Set up the [Notify] section to match you and your site; take care to escape (put a \ in front of) dots in the domain name(s) you supply for local domain.
Optionally uncomment the {in,out}put {port,address} lines in the [SMTP] section, leaving input on localhost at 10025 and the output to localhost at 10026.
Adjust the resource limits under the [security] section to your taste.
If you didn't install Sophos' sweep binary in /usr/bin, adjust the path under the [Sophos] section to reflect the correct path.

Save your changes and exit.

Start AMaViS by hand: amavis; if this starts without error and leaves you wondering what to do next, type a Ctrl-Z and bg to set it to waiting in the background. We'll come back presently and make that permanent.

In the /etc/postfix directory edit the following files:

Append a line to main.cf saying: content_filter = smtp:[127.0.0.1]:10025, which tells PostFix to shove all incoming mail through the content filter listening on port 10025 (our AMaViS-NG daemon).

Append a line to master.cf saying: localhost:10026 inet n - n - - smtpd -o content_filter=, which tells PostFix to listen on port 10026 for the returning emails and process them without first running them through any content filter.

Restart PostFix to make sure it is running and has picked up your changes: service postfix restart

Check in /var/log/mail/errors to make sure you didn't break anything.

Send some email through the system and see if it comes out scanned.

Set amavis to run on startup. The simplest way is to append a line to the /etc/rc.d/rc.local file saying: /usr/bin/amavis &>/dev/null & but you may prefer to use an init script and daemoniser wrapper. It's nicer and gives you a visual report on startup. Copy the script to /etc/init.d/ and mark it executable. Copy the wrapper to /usr/bin/ and mark it executable. Do chkconfig --add amavis so it will start automagically, or service amavis start to start it now, if your amavis process from above is not still running.

Leon's Virus Rant

News sites speak of "Computer Viruses", but they're not. They are only Microsoft Windows viruses. Linux has only a handful, and they're all obsolete. Mac has two handsful. MS-Windows has tens of thousands of the suckers.

If you do want to run MS-Windows but don't want to run a virus scanner, here are some tips which will help to defer your own personal day of reckoning:

The short story is, the more you avoid Microsoft software, the lower your exposure will be. In descending order of effectiveness:
Never use MS-Outlook. I generally recommend the Mozilla email client in its place, but if you're willing to get a bit technical you can have my favourite email client, KMail from KDE, on your MS-Windows system.
Filter out all executable files. All of them. EXE COM SCR DLL PIF BAT MSI and so on, their name is legion. Learn to live without emailed executable comedies, and you'll also skip a few tragedies.
Install the OpenOffice.org suite and make it the default document handler for office documents (DOC XLS PPT etc) even if you leave MS-Office on your machine. Office documents containing macro viruses can be read with impunity using the OpenOffice.org components (Writer, Calc, Draw etc). Making OOo the default handler means that if a virussed email manages to automatically open itself, robust OOo will field the request instead of vulnerable MS-Office. As a bonus, OOo makes PDFs and will turn a presentation into Flash for you, just upload it to your website.
Install a different web browser (I recommend Mozilla again) and set that to be the default protocol handler for HTTP, FTP etc. Internet Exploder has too many complex vulnerabilities of its own. As well as protecting you from email-induced ActiveX controls and other offenses against the order of nature, this step will protect you against most browser-transmitted viruses.
OK, if at this point you can forsake your remaining games and run your remaining accounting application under WINE, replace your MS-Windows with Linux. I use and recommend Mandrake Linux, but others have had good results with Debian, SuSE, RedHat, whatever. You can download an ISO image (CD file) called Knoppix, which you can burn to CD and boot your computer from to see what Linux looks and feels like. Knoppix doesn't write to your hard disk unless you type a magic incantation to tell it to, and includes a full office suite, numerous games, a reasonable sheaf of tools and so on. If you like that, you can either install it (it's Debian at heart) or install one of the full distributions after backing up everything you treasure.

ALSO, THERE IS NO WARRANTY OR CONDITION OF TITLE, QUIET ENJOYMENT, QUIET POSSESSION, CORRESPONDENCE TO DESCRIPTION OR NON-INFRINGEMENT WITH REGARD TO THE SOFTWARE PRODUCT.

They also assume an economic liability of $5 or software price, unless forced by some applicable law.

Is this the kind of customer support that makes proprietary software a better choice for business use? — nicke on LWN

Last changed: 09-Sep-2008 10:29:30 Find out who links to this page. Verify for yourself that this page is pure, standard HTML, not Ruby.

If you would like us to read email for USD$1000 per page, payable in advance, send it here.