Librenix
Headlines | Linux | Apps | Coding | BSD | Admin | News
Information for Linux System Administration 

Install a Mail Server with Antivirus and Antispam in minutes

Up
vote
Down

This article illustrates a situation where you need to set up your own mail server (be it your home mail server, or a small office one). It actually shows that, if using an integrated service mail server, anyone can do the job, all in a matter of minutes.

AXIGEN Mail Server, the solution chosen for this example, can send and receive e-mails securely via "mydomain.com" and is able to retrieve them in a WebMail interface - this means that it includes all mail services needed for a fully functional mail server (SMTP, IMAP, POP3, WebMail, WebAdmin).

To get an idea of the amount of time you can spare by installing such a solution, just think of all the different open source applications you would need to install instead (i.e. an MTA, Squirrelmail for Webmail, QmailAdmin for web configuration, Courier for IMAP and POP3 and many others.)

AXIGEN Mail Server can virtually integrate with any Antivirus/Antispam application and it comes with built-in connectors ClamAV Antivirus and SpamAssassin. The second part of this article shows you how to install these applications and configure these connectors for use with AXIGEN.

Thus, at the end of this process which can take up half an hour at most, you will not only have your mail server up and running, but also virus and spam protection for your incoming and outgoing mail traffic.

AXIGEN runs on several Linux distributions (Gentoo, Redhat/Fedora Core, Slackware, Debian, Ubuntu, Mandrake/Mandriva, SUSE), on BSD versions (FreeBSD, OpenBSD and NetBSD) and on Solaris but for the purpose of this article, let's suppose you are setting up your mail system on a Fedora Core 6 platform.In five easy steps, you will have your server installed, your primary domain running and access to the Web configuration interface (WebAdmin).

1. Download / unpack corresponding package

Download AXIGEN rpm package from the AXIGEN website (packages are available as 30 day evaluation versions). Save the corresponding package for Fedora Core 6 "axigen-2.0.4.i386.rpm.gcc4.tar.gz" on your local machine and unpack the file, by issuing in the same directory as the download file:
tar xzvf axigen-2.0.4.i386.rpm.gcc4.tar.gz

2. Install command

Then, in order to install the RPM package, issue (while logged in as root) the following command, from the same directory as the rpm file:
rpm -ivh axigen-2.0.4.gcc4-1.i386.rpm
This will create the entire directory structure needed for AXIGEN to run. After the installation, no daemons or related application will be started.


3. Configuration options

AXIGEN provides several configuration options (configuration file, Command Line Interface), but the most intuitive and comprehensive one is WebAdmin, the Web configuration interface.

The corresponding WebAdmin service is enabled by default, as well as the other default services: IMAP, Logging, POP3, Processing and SMTP.

4. Initial configuration

The first configuration steps take place using the configuration wizard. You will set the administrator's password, select which services are started and what interfaces will be used. In this stage of the setup you also create the primary domain that your server will use.


The wizard can be run by issuing the following command in the console right after the installation of the package has finished:
/opt/axigen/bin/axigen-cfg-wizard
NOTE: You have to make sure you do not start the mail server before the initial configuration.

5. Start AXIGEN

You can then start AXIGEN, using its initscript, by issuing this command:
/etc/init.d/axigen start
Now that your server is running, you can connect the antivirus and anti-spam applications. By default, AXIGEN comes with connectors for the ClamAV Antivirus and SpamAssasin Antispam application. The setup process below describes how to make these two applications work with AXIGEN. However, note that AXIGEN implements a proprietary filter scripting language that allows you to implement connectors for any third party Antivirus and Antispam applications.

Connecting to ClamAV


A. Install ClamAV (daemon), on the same machine on which AXIGEN Mail Server is installed. Follow these steps in order to configure ClamAv for use with AXIGEN and start the clamd daemon.

1. Install clamav-server, using yum (Yellow Dog Updater, Modified):
yum install clamav-server
2. Copy the sample config file shipped with clamav-server:
cp /usr/share/doc/clamav-server-*/clamd.conf /etc/clamd.d/axigen.conf
3. Edit: /etc/clamd.d/axigen.conf
# comment out the Example line 
# Example
# insert/modify the following lines:
LogFile /var/log/clamd.axigen
PidFile /var/run/clamd.axigen/clamd.pid
LocalSocket /var/run/clamd.axigen/clamd.sock
User axigen
4. Create a link to the clamd binary:
ln -s /usr/sbin/clamd /usr/sbin/clamd.axigen
5. Create the run directory, where the PID file and clamd socket will be stored, and change its permissions:
mkdir -p /var/run/clamd.axigen chown axigen:axigen /var/run/clamd.axigen
6. Create and setup the initscript:
cp /usr/share/doc/clamav-server-*/clamd.init /etc/init.d/clamd.axigen 
chmod 755 /etc/init.d/clamd.axigen /sbin/chkconfig clamd.axigen on
7. Edit: /etc/init.d/clamd.axigen and modify the following lines, as specified below:
# description: The clamd server running for axigen CLAMD_SERVICE=axigen
8. Finally, start the clamd daemon:
/etc/init.d/clamd.axigen

B. Configure AXIGEN antivirus filter at server level using WebAdmin

In order to activate the ClamAV filter, go through the following steps:

In the "Server" context, click on the Add new filter button. This will open up and display the Active Filter list. It is empty right now, so we need to add the clamav filter to the list.



In the Priority field, enter a priority between 0 and 500 (a filter with priority 0 will be applied first and the one with 500, last).

Important - the domain-level filters have the priority limited to range 100-400 and the user-level filters are limited to the 200-300 range. A value of "10" should be fine, leaving you space to apply some other future filters before this one.

After setting the filter priority, select the socket value from in the Filter type dropdown list and the clamav value from the Filter Name list.

In the Apply on checklist, select the relay option, to apply the filter on outgoing mails. To make sure you scan both incoming and outgoing mails, you have to create the filter and select both values, local and relay.

In AXIGEN, it is possible to enable filters either at domain or user level, in the corresponding WebAdmin tabs. The filters activated at server level will be automatically applied for all domains and accounts. However, you have the possibility to add additional filters at domain or account level.

Connecting to SpamAssasin


The process for Connecting SpamAssassin is similar and even less time-consuming as no configurations are necessary after the product installation.

C. Install SpamAssassin using the yum application:
yum install spamassassin
No further configurations are necessary.

D. Configure SpamAssassin at server level, using Webadmin

The connector for SpamAssassin is a socket filter for AXIGEN, so the configuration procedure is the same as for ClamAV. The difference would be that for SpamAssassin, a TCP socket is more likely to be used.

Also, when activating the SpamAssassin filter, you need to keep in mind the following:
  • Enter a different priority value for the SpamAssasin filter (if you have chosen 10 for ClamAV, choose a higher value for SpamAssassin in order to apply this filter after ClamAV in the filtering chain)
  • Select the corresponding filter name, spamassassin in the Filter name list

Access AXIGEN WebMail


At this step of the way, your mail server is ready to go, and you can also you can access the AXIGEN WebMail to send and receive test messages. Then, use the full email address and password to log on to AXIGEN WebMail, at the default address: http://127.0.0.1:8000, or use the address you specified in the initial configuration phase when you ran the setup wizard.


Now you're really done: you can securely send and receive messages from your home domain and easily make any further configurations, to accommodate your specific network requirements. As you have seen, installing all mail services from one single executable and an intuitive Web configuration interface make things a lot easier and a lot less time-consuming.

Authors:
Liviu Anghel, Chief Security Officer, Gecad Technologies
Ciprian Negrila, Technical Support Engineer, Gecad Technologies

read more...
mail this link | permapage | score:9375 | -Kayla Vincent, February 6, 2007

Tutorial: ClamAV and PureFTPd for Virus Scanning on Ubuntu 12.10

Up
vote
Down

This tutorial explains how you can integrate ClamAV into PureFTPd for virus scanning on an Ubuntu 12.10 system. In the end, whenever a file gets uploaded through PureFTPd, ClamAV will check the file and delete it if it is malware. read more...
permapage | score:8805 | -falko, December 8, 2012

Beneficial Computer Viruses

Up
vote
Down

An article on last week's front page of SecurityPortal entitled Reflections on the Strange, Perplexing, Interminable, and Most Lamentable Phenomenon Known as the Viral Wars contains an alarming suggestion.

It proposes that we..."Develop antiviral viruses (antibodies) that are polymorphic and mobile. Roaming the Internet they would seek out and destroy new viral strains. (SARC is doing some interesting work in this area. More needs to be done though.)". There are several problems with this idea.

First, it ignores the basic problem with viruses -- that they run on other people's computers without authorization. Presumably, a "beneficial" virus would propagate by similarly illegitimate means, but carry a "good" payload rather than a destructive one. For that reason, I believe that anyone who releases such a "good" virus should be charged with the same offense as one releasing a "bad" virus, although with reduced penalties for its perhaps lesser damage and less deliberately destructive intent.

Note that the good virus would not only propagate and execute without permission, but would also consume network bandwidth, processor cycles, memory, and disk space. Resulting, inevitably, in the denial of the system owner from using those resources. That is what is commonly called a "denial of service" attack, or DoS.

Next, there is the non-trivial problem of identifying malicious programs. Identifying a known, existing virus is easy in comparison to programmatically distinguishing between unknown good and bad code. Since many legitimate programs contain several ways to damage or remove files, the simple ability to delete and modify files cannot alone identify a program as bad. So, perhaps the good virus would limit itself to wiping out only programs that it could (somehow) identify as capable of replication by combining its own code with that of another program. That would surely be inconvenient for the makers of self-extracting archive software. But, assuming that that obstacle could be overcome, how would a good virus tell another good virus from a bad one? Both behave similarly, including the practice of damaging or destroying other files. Imagine the resources wasted in unintentional global wars between various strains of good viruses! We can only hope that all creators of such good viruses carefully write their code to recognize every other species of good virus -- a task made difficult or impossible by the fact that the good viruses would be cleverly polymorphic.

Note that, for liability reasons, good viruses would have to be very nearly perfect. To have them mistakenly delete a recently patched copy of Microsoft Word could be very inconvenient.

And, of course, let's not overlook the possibility of mutant evil strains of the so-called good virus -- strains created by shady programmers who would not otherwise be capable of writing such sophisticated code. The new evil -- and polymorphic -- strains would likely be mis-identified as good by unmodified good viruses yet carry a very destructive payload. A payload which could include the killing of all the unsuspecting good viruses that it can so easily identify.

Then, some time in the future, we will pause for a moment of silence while we remember the deceased good viruses that first invaded our computers, escalated the virus wars, then gave their very essence to improving the breed of their sworn enemies before being themselves ruthlessly destroyed by derivatives of their own code.
mail this link | permapage | score:8649 | -Ray, June 26, 2000 (Updated: January 1, 2003)

The short life and hard times of a Linux virus

Up
vote
Down

Why aren't the existing Linux viruses[1] anything more than a topic for conversation? Why don't they affect you in your daily computing in the way that MS viruses affect Windows users?

There are several reasons for the non-issue of the Linux virus. Most of those reasons a Linux user would already be familiar with, but there is one, all important, reason that a student of evolution or zoology would also appreciate.

First, let's take a look at the way Linux has stacked the deck against the virus.

For a Linux binary virus to infect executables, those executables must be writable by the user activating the virus. That is not likely to be the case. Chances are, the programs are owned by root and the user is running from a non-privileged account. Further, the less experienced the user, the lower the likelihood that he actually owns any executable programs. Therefore, the users who are the least savvy about such hazards are also the ones with the least fertile home directories for viruses.

Even if the virus successfully infects a program owned by the user, its task of propagation is made much more difficult by the limited privileges of the user account. [For neophyte Linux users running a single-user system, of course, this argument may not apply. Such a user might be careless with the root account.]

Linux networking programs are conservatively constructed, without the high-level macro facilities that have enabled the recent Windows viruses to propagate so rapidly. This is not an inherent feature of Linux; it is simply a reflection of the differences between the two user bases and the resulting differences between the products that are successful in those markets. The lessons learned from observing these problems will also serve as an innoculation for future Linux products as well.

Linux applications and system software is almost all open source. Because so much of the Linux market is accustomed to the availability of source code, binary-only products are rare and have a harder time achieving a substantial market presence. This has two effects on the virus. First, open source code is a tough place for a virus to hide. Second, for the binary-only virus, a newly compiled installation cuts off a prime propagation vector.

Each one of these obstacles represents a significant impediment to the success of a virus. It is when they are considered together, however, that the basic problem emerges.

A computer virus, like a biological virus, must have a reproduction rate that exceeds its death (eradication) rate in order to spread. Each of the above obstacles significantly reduces the reproduction rate of the Linux virus. If the reproduction rate falls below the threshold necessary to replace the existing population, the virus is doomed from the beginning -- even before news reports start to raise the awareness level of potential victims.

The reason that we have not seen a real Linux virus epidemic in the wild is simply that none of the existing Linux viruses can thrive in the hostile environment that Linux provides. The Linux viruses that exist today are nothing more than technical curiosities; the reality is that there is no viable Linux virus.

Of course this doesn't mean that there can never be a Linux virus epidemic.[2] It does mean, however, that a successful Linux virus must be well-crafted and innovative to succeed in the inhospitable Linux ecosystem.


[1] Bliss is the only Linux-compatible virus seen in the wild. Staog is the first known Linux virus.

[2] For another perspective on this issue, try this article on freshmeat.net.
mail this link | permapage | score:8648 | -Ray, June 10, 2000 (Updated: July 30, 2005)

Tutorial: Virus Scanning with ClamAV and PureFTPd on CentOS 6.2

Up
vote
Down

This tutorial explains how you can integrate ClamAV into PureFTPd for virus scanning on a CentOS 6.2 system. In the end, whenever a file gets uploaded through PureFTPd, ClamAV will check the file and delete it if it is malware. read more...
permapage | score:8503 | -falko, April 4, 2012

Virus Scanning PureFTPd with ClamAV on Debian 6

Up
vote
Down

This tutorial explains how you can integrate ClamAV into PureFTPd for virus scanning on a Debian Squeeze system. In the end, whenever a file gets uploaded through PureFTPd, ClamAV will check the file and delete it if it is malware. read more...
permapage | score:8249 | -falko, May 1, 2012

Virus Scanning with ClamAV and ProFTPd on Debian Linux

Up
vote
Down

This tutorial explains how you can integrate ClamAV into ProFTPd for virus scanning on a Debian Lenny system. This is achieved through mod_clamav. In the end, whenever a file gets uploaded through ProFTPd, ClamAV will check the file and delete it if it is malware. read more...
permapage | score:8118 | -falko, October 19, 2010

Tutorial: PureFTPd using ClamAV for Virus scans on Fedora 18

Up
vote
Down

This tutorial explains how you can integrate ClamAV into PureFTPd for virus scanning on a Fedora 18 system. In the end, whenever a file gets uploaded through PureFTPd, ClamAV will check the file and delete it if it is malware. read more...
permapage | score:7928 | -falko, February 13, 2013

Tutorial: The Linux virus writing and detection HOWTO

Up
vote
Down

An interesting tutorial and explanation of virus writing, techniques, and detection.
This document describes how to write parasitic file viruses infecting ELF executables on Linux/i386. Though it contains a lot of source code, no actual virus is included.

[ . . . ]

Writing a program that inserts code into another program file is one thing. Writing that program so that it can be injected itself is a very different art. Although this document shows a lot of code and technique, it is far from being a "Construction Kit For Dummies". Instead I'll try to show how things work. Translation of infecting code to assembly is left as a (non-trivial) exercise to the reader.

An astonishing number of people think that viruses require secret black magic. Here you will find simple code that patches other executables. But since regular users can't overwrite system files (we are talking about serious operating systems here) that is not even half the journey.
read more...
mail this link | permapage | score:7733 | -Ray, March 16, 2002 (Updated: February 11, 2004)

Implementing Postfix with spam and antivirus protection

Up
vote
Down

This solution also uses amavisd-new...
Building a complete email system with spam and antivirus protection is not as hard as you might think. This guide will walk you through installing and configuring everything you need for sending and receiving email, filtering spam, and scanning for viruses in email.

For our system, we'll use the Postfix mail transport agent (MTA); Dovecot, a secure, open source IMAP and POP3 server for Linux/Unix-like systems; SquirrelMail, a standards-based Webmail package written in PHP 4; SpamAssassin, a powerful open source spam filter; and ClamAV, a GPLed virus scanner.
read more...
mail this link | permapage | score:7722 | -Ray, March 10, 2006 (Updated: January 25, 2008)

Tutorial: Virus Protection with F-PROT Antivirus on Ubuntu

Up
vote
Down

This tutorial shows how you can install and use F-PROT Antivirus on an Ubuntu Feisty Fawn desktop. Although there are not many Linux viruses out there, this can be useful if you often exchange files with Windows users - it can help you to not pass on any Windows viruses (that do not do any harm to Linux systems) to Windows users. F-PROT Antivirus for Linux is free for home use. read more...
permapage | score:7647 | -falko, September 24, 2007

AVG Antivirus for Sendmail on Linux/FreeBSD

Up
vote
Down

This document describes how to deploy AVG Antivirus for Linux/FreeBSD to the Sendmail mail server. It is usable for AVG version 8.5, 10 and 2012. By using AVG Antivirus with your Sendmail mail server, you can ensure virus-free inboxes. read more...
permapage | score:7608 | -falko, February 22, 2012

Tutorial: Virus Scanning with ClamAV and PureFTPd on Ubuntu 12.04

Up
vote
Down

This tutorial explains how you can integrate ClamAV into PureFTPd for virus scanning on an Ubuntu 12.04 system. In the end, whenever a file gets uploaded through PureFTPd, ClamAV will check the file and delete it if it is malware. read more...
permapage | score:7573 | -falko, July 29, 2012

Fedora 13 Virus Scanning Tutorial: Use ClamAV with PureFTPd

Up
vote
Down

This tutorial explains how you can integrate ClamAV into PureFTPd for virus scanning on a Fedora 13 system. In the end, whenever a file gets uploaded through PureFTPd, ClamAV will check the file and delete it if it is malware. read more...
permapage | score:7494 | -falko, October 5, 2010

Are Linux Antivirus Products Worthwhile?

Up
vote
Down

I've had multiple networked Linux boxes for over nine years and I haven't had a virus or worm on one of them yet -- all without the help of the AV industry.

However, Linux antivirus products on servers might help some Windows boxes avoid a virus or two!
Since there are so few Linux viruses in the wild, who knows if the products actually work?. At best, the Linux antivirus hawkers are jumping the gun -- trying to capture a market that isn't quite there yet. At worst, they're advancing a cynical ploy to separate Linux newbies from their cash for something they couldn't possibly need.
read more...
mail this link | permapage | score:7426 | -Ray, November 19, 2004 (Updated: March 23, 2007)

AVG Antivirus For Linux/FreeBSD Plus Postfix Mail Server

Up
vote
Down

This document describes how to deploy AVG Antivirus for Linux/FreeBSD to a Postfix mail server. It is usable for AVG version 8.5, 10 and 2012. By using AVG Antivirus with your Postfix mail server, you can ensure virus-free inboxes. read more...
permapage | score:7277 | -falko, February 4, 2012

Virus Scanning with ClamAV, ProFTPd (Ubuntu 10.04)

Up
vote
Down

This tutorial explains how you can integrate ClamAV into ProFTPd for virus scanning on an Ubuntu 10.04 system. This is achieved through mod_clamav. In the end, whenever a file gets uploaded through ProFTPd, ClamAV will check the file and delete it if it is malware. read more...
permapage | score:7160 | -falko, December 16, 2010

Use ClamAV, PureFTPd for Virus Scanning on Fedora 14

Up
vote
Down

This tutorial explains how you can integrate ClamAV into PureFTPd for virus scanning on a Fedora 14 system. In the end, whenever a file gets uploaded through PureFTPd, ClamAV will check the file and delete it if it is malware. read more...
permapage | score:7110 | -falko, June 1, 2011

AVG Antivirus for Linux/FreeBSD plus Qmail

Up
vote
Down

This document describes how to deploy AVG Antivirus for Linux/FreeBSD to the Qmail mail server. It is usable for AVG version 8.5, 10 and 2012. By using AVG Antivirus with your Qmail mail server, you can ensure virus-free inboxes. read more...
permapage | score:7000 | -falko, April 30, 2012

Automatically scan files for viruses with php-clamavlib

Up
vote
Down

This guide describes how you can automatically scan files uploaded by users through a web form on your server using PHP and ClamAV. That way you can make sure that your upload form will not be abused to distribute malware. To glue PHP and ClamAV, we install the package php5-clamavlib/php4-clamavlib which is rather undocumented at this time. That package is available for Debian Etch and Sid and also for Ubuntu Dapper Drake and Edgy Eft. read more...
permapage | score:6998 | -falko, January 15, 2007
More articles...
Buy Art Online with a Free Return Policy

Recent headlines

Tahoe Least-Authority File System for secure, distributed data storage

Dual-boot Windows 7 and Ubuntu 12.04 on a PC with UEFI board, SSD and HDD

Ubuntu Edge: Is there life after an unsuccessful crowd-funding campaign?

How to install Ajenti on Ubuntu 13.04 server

Hand of Thief trojan and your favorite Linux distribution

LinSSID Graphical wireless scanning for Linux

vsftpd: Local, Virtual users with bash script maintainance

Tutorial: Debian 7 Samba Server with tdbsam

Tutorial: Automatically add a disclaimer to emails with alterMIME (Postfix on Debian 6)

LG 8-inch G Pad 8.3 Android tablet

Tutorial: Fedora 19 Samba server with tdbsam

Tutorial: Install SugarCRM CE on Fedora 10

Encrypt mail with SSL certificates

Plasma Media Center 1.1 and digiKam 3.3

OpenShift Online: a non-developer guide

Linux Iptables Examples

StartOS 6 GNOME 3 and KDE preview

How to replace Ufw with Firewalld in Linux Mint 15

Debian 6, Squid, Kerberos/LDAP authentication, Active Directory integration, Cyfin Reporter

Install Apache2, PHP5, MySQL on CentOS 5.7

Does disk encryption really protect your data?

webOS: The latest Linux distribution

PDNSD HowTo: A DNS Caching Personal Server

Virtual Users/Domains with Postfix/Courier/MySQL/SquirrelMail (Debian 7)

GhostBSD 2.5 review

Set up Ubuntu PV DomU via xen-image-create at Xen 3.3 Ubuntu Dom0 with Novell kernel 2.6.27

Tutorial: Webcam streaming your desktop plus audio with ffmpeg, crtmpserver, Flowplayer

Tutorial: Replace Windows with Pinguy OS 11.10

Run Unity desktop on Linux Mint 12

Tutorial: Run Joomla 1.7 on Nginx on Debian 6, Ubuntu 11.10

Linpus Lite 1.9 review

4 third-party repositories for Fedora 19

Tutorial: USB-Over-IP server, Client on Ubuntu 10.04

Reviewing Kali Linux - the distro for security geeks

Using Multiple PHP Versions (PHP-FPM FastCGI) With ISPConfig 3 (Ubuntu 12.04)

Giada Audio tool for DJs, live performers and electronic musicians

The Coming HTML 5 Revolution in Linux

Tutorial: Install Lighttpd, PHP5, MySQL on CentOS 6.0

Tutorial: Install Postfix, Courier, MySQL, SquirrelMail on CentOS 6.2

How to install postgresql 9.2 on Ubuntu 13.04 Server

 

Firefox sidebar

Site map

Site info

News feed

Features

Login
(to post)

Search

 
Articles are owned by their authors.   © 2000-2012 Ray Yeargin