1. Manuals
  2. Brands
  3. AVIRA Manuals
  4. Software
  5. MAILGATE SUITE
  6. User manual

AVIRA MAILGATE SUITE User Manual

Hide thumbs
Table of Contents

Advertisement

Quick Links

Download this manual
User Manual
Avira AntiVir MailGate
| MailGate Suite
www.avira.com

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the MAILGATE SUITE and is the answer not in the manual?

Questions and answers

Related Manuals for AVIRA MAILGATE SUITE

Summary of Contents for AVIRA MAILGATE SUITE

  • Page 1 User Manual Avira AntiVir MailGate | MailGate Suite www.avira.com...

  • Page 2: Table Of Contents

    Configuration ...................26 5.1 MailGate Spool Directories ..................27 5.2 MailGate Configuration in avmailgate.conf .............. 28 5.3 Spam Filter Configuration (Avira MailGate Suite only) ..........41 5.4 Scanner Configuration in avmailgate-scanner.conf ..........46 5.5 Hosts Configuration in avmailgate.acl ............... 47 5.6 Warnings Configuration in avmailgate.warn ............. 48 5.7 Report Templates Configuration ................

  • Page 3: About This Manual

    Abbreviations – Page 5 Introduction We have included in this manual all the information you need on Avira AntiVir MailGate and it will guide you step by step through installation, configuration and operation of the software. The appendix contains a Glossary, which explains the basic terms.

  • Page 4: The Structure Of The Manual

    2 Product Information General information on Avira AntiVir MailGate, its modules, features, system requirements and licensing. 3 Milter Mode Presenting the Milter function mode in Avira AntiVir MailGate. 4 Installation Instructions to install Avira AntiVir MailGate on your system. 5 Configuration Directions for optimum settings of Avira AntiVir MailGate components on your system.

  • Page 5: Abbreviations

    Abbreviation Meaning Access Control List Frequently Asked Question FQDN Fully Qualified Domain Name Graphical User Interface MIME Multipurpose Internet Mail Extensions Mail Transport Agent Request For Comment SMTP Simple Mail Transfer Protocol Virus Definition File Avira GmbH Avira AntiVir MailGate...

  • Page 6: Product Information

    Therefore, virus protection on UNIX will still be needed in the future. This is why we have developed Avira AntiVir MailGate. Avira AntiVir MailGate scans all incoming and outgoing emails (including attachments) on your UNIX mail server.

  • Page 7: Features

    Product Information Features Avira AntiVir MailGate supports a variety of configuration settings to ensure that you have control of the email traffic on your system. The essential features of Avira AntiVir MailGate are: • real-time scanning of incoming and outgoing emails;...

  • Page 8: Modules And Operating Mode Of Avira Antivir Mailgate

    Product Information Modules and Operating Mode of Avira AntiVir MailGate Avira AntiVir MailGate is an SMTP scanner, which scans all incoming and outgoing emails, including attachments, on your UNIX mail server for viruses/unwanted programs (see figure below). The program has a high scanning speed and is easy to configure.

  • Page 9: Licensing Concept

    You can update Avira AntiVir MailGate entirely or only certain components: signatures, engine, scanner. Licensing Concept You must have a license to use Avira AntiVir MailGate and accept the license terms (see http://www.avira.com/documents/general/pdf/en/avira_eula_en.pdf). There are 2 license modes for Avira AntiVir MailGate: •...

  • Page 10: System Requirements

    --version . System Requirements For Avira AntiVir MailGate to work properly on your server, the following minimum requirements have to be met (additional memory may be required, depending on the email traffic, number and size of attachments etc):...

  • Page 11: Milter Mode

    To migrate from an older Milter installation to the current AntiVir MailGate (Milter mode), the file MILTER_MIGRATION must be used. It is located in the /doc directory of the product kit. It is recommended to adjust the file avmailgate.conf instead of renaming the file avmilter.conf Avira GmbH Avira AntiVir MailGate...

  • Page 12: Antivir Mailgate (Milter Mode) Features

    To check, if Sendmail with libmilter interface has been compiled: sendmail -d0.10 < /dev/null | grep MILTER 3.3.2 Integration There are two ways of adding AntiVir MailGate (Milter mode) to Sendmail’s configuration file sendmail.cf : Directly modify sendmail.cf – OR – generate sendmail.cf Avira GmbH Avira AntiVir MailGate...
  • Page 13 Insert the corresponding lines in the file sendmail.mc (commands beginning with INPUT must be written in one line): for sendmail 8.11.x: define(`_FFR_MILTER’, `true’) INPUT_MAIL_FILTER(`avmilter’,`S=inet:3333@localhost, F=R, T=S:2m;R:2m;E:10m’) for sendmail 8.12.x: INPUT_MAIL_FILTER(`avmilter’,`S=inet:3333@localhost, F=R, T=S:2m;R:2m;E:10m’) Generate the file sendmail.cf Example: m4 sendmail.mc > /etc/mail/sendmail.cf Avira GmbH Avira AntiVir MailGate...

  • Page 14: Installation

    Testing AntiVir MailGate after Installation – Page 25 If you have also installed Avira AntiVir Server (UNIX) or Avira AntiVir Professional (UNIX) and you use the Graphical User Interface to configure and operate these products, please note that the GUI is not compatible with the current versions (starting with version 3) of Avira AntiVir MailGate and Avira AntiVir WebGate.

  • Page 15: Preparing The Installation Files

    You can also purchase AntiVir through our Online Shop (for more details, please visit http://www.avira.com). Copying the license file Copy the license file hbedv.key to your installation directory. For example: /tmp/antivir-mailgate-prof-<version> .

  • Page 16: Installation With The Installation Script "Install

    (and overwrites existing, obsolete ones); copies configuration files (and keeps existing configuration files); installs Avira Updater; optional: installs the GUI support for Avira SMC (Security Management Center). Preparing installation The program files have been downloaded from the Internet and unpacked.
  • Page 17 2) Configuring updates An internet updater is available with version 3.1.2-1 of AVIRA MailGate (UNIX). It will ensure that you always have the latest virus signatures and engine updates. In order to trigger an update you will need to run the command:...
  • Page 18 Type n and click Enter . You can change this option later – OR – Confirm the default setting with Enter . The next step installs the SMC plugin, for Avira Security Management Center: installation of main program complete 4) activate SMC support...

  • Page 19: Reinstalling And Uninstalling Antivir

    – Page 26). • Later installation of some components. • Activating or deactivating the automatic start of Avira Updater or AntiVir MailGate. Reinstalling Avira AntiVir MailGate The steps are the same in all cases: Open the directory where you unpacked AntiVir MailGate. For example: cd /tmp/antivir-mailgate-prof-<version>/...

  • Page 20: Further Installation Steps, Depending On The Mta

    MailGate and Scanner. Answer the questions with y or n and press Enter . Avira AntiVir MailGate is removed from your system. Further Installation Steps, Depending on the MTA After installing AntiVir MailGate as described above, you have to make some manual settings, depending on your MTA.
  • Page 21 = smtp # connect to port 10024 port = 10024 allow_localhost Restart Exim. Proxy Mode AntiVir MailGate configuration Modify (or add) the following entries in avmailgate.conf : ListenAddress 0.0.0.0 port 25 ForwardTo SMTP: 127.0.0.1 port 825 Avira GmbH Avira AntiVir MailGate...
  • Page 22 = 825 Restart Exim. Configuring Qmail A plugin for Qmail is available, for better integration of AntiVir MailGate into Qmail. Please contact support@avira.com for details. There are two ways to integrate AntiVir MailGate with Qmail: Sendmail wrapper Backdoor mechanism Replace SMTP with SMTP-Backdoor only in the run file.
  • Page 23 Make the following entries in etc/services : # Content Filter for postfix antivir 10024/tcp #Port for smtp daemon smtp-backdoor 10025/tcp #Port for postfix backdoor Look for the following line in /etc/avmailgate.conf : # Select how mail should be forwarded. Avira GmbH Avira AntiVir MailGate...
  • Page 24 = smtp:127.0.0.1:10024 Restart Postfix: /etc/init.d/postfix restart /etc/init.d/postfix reload If Postfix sets the status for emails, after AntiVir MailGate installation: deferred Search in main.cf for the line: defer_transports = local Comment it out: # defer_transports = local Avira GmbH Avira AntiVir MailGate...

  • Page 25: Testing Antivir Mailgate After Installation

    Eicar file from the website http://www.eicar.com Send this file as an attachment to a test email for AntiVir MailGate. Check the reactions in the directory /var/spool/avmailgate/rejected . Check the messages AntiVir MailGate sent to the logfile or syslog . Avira GmbH Avira AntiVir MailGate...

  • Page 26: Configuration

    MailGate Configuration in avmailgate.conf – Page 28 Spam Filter Configuration (Avira MailGate Suite only) – Page 41 (This feature is only activated with the license for Avira MailGate Suite.) Scanner Configuration in avmailgate-scanner.conf – Page 46 Hosts Configuration in avmailgate.acl –...

  • Page 27: Mailgate Spool Directories

    : the email is to be subjected to a virus scan; Qf- : the email is to be forwarded without scanning; vf- : the email contains a virus/unwanted program; mf- : the email has a MIME problem. Example Data file: df-32557-0BE692EB Corresponding control file: qf-32557-0BE692EB Avira GmbH Avira AntiVir MailGate...

  • Page 28: Mailgate Configuration In Avmailgate.conf

    Group antivir If these are modified, the access rights of the relevant directories must also be changed. Postmaster Postmaster: The email address to receive alerts about concerning viruses/unwanted programs, as well as other notifications: Postmaster postmaster Avira GmbH Avira AntiVir MailGate...
  • Page 29 MatchMailAddressForLocal RECIPIENT SMTPBanner SMTP message: Sets the headers sent by MailGate. You can edit the text, for example, if you do not want to reveal the type of security software. Default is: SMTPBanner "AntiVir MailGate" Avira GmbH Avira AntiVir MailGate...
  • Page 30 100. For unlimited connections, use 0 (default setting). MaxIncomingConnections 0 SMTP SMTP timeout (not in milter mode): Timeout Defines the maximum timeout in seconds for SMTP connections. SMTPTimeout 300 Avira GmbH Avira AntiVir MailGate...
  • Page 31 If IGNORED is set, "!" is treated as a normal sign in the recipient's address. • If INTERPRETED is set, the recipient's address is transformed into RFC821 • standard form. For example, the address hostA!hostB!hostC!user is transformed into Avira GmbH Avira AntiVir MailGate...
  • Page 32 (MAIL FROM and RCPT TO). The email addresses in the email headers are ignored. The lists are checked. Checking begins with the first list on FilterTableOrder . When a match is found, the checking is terminated and the configured action performed. Avira GmbH Avira AntiVir MailGate...
  • Page 33 Defines the maximum timeout, in seconds, for receiving the greeting message Greeting from the remote host (not in milter mode). Timeout SMTPGreetingTimeout 300 SMTPHelo Defines the maximum timeout, in seconds, for receiving a reply to the SMTP HELO Timeout Avira GmbH Avira AntiVir MailGate...
  • Page 34 The SMTP setting applies only to MailGate in SMTP mode. In Milter mode, it can only be forwarded by the program. Therefore, the valid entry is: ForwardTo /path/to/file ScannerListen Scanner location: Address Sets the location of the scanner’s socket, for MailGate to connect and perform scan Avira GmbH Avira AntiVir MailGate...
  • Page 35 LOCAL : alert messages are sent only if the recipient is a local user of your domain. Set the option in avmailgate.acl to local . • YES : the recipient always receives virus alerts. ExposeRecipientAlerts LOCAL Avira GmbH Avira AntiVir MailGate...
  • Page 36 MIME header with content type: text/plain, content disposition: inline and content encoding: 7 bit or 8 bit. "Encoding" depends on the original email. If the setting is NO, non-MIME emails are sent without further processing. Avira GmbH Avira AntiVir MailGate...
  • Page 37 If activated ( YES ), this option blocks archives that exceed one of the settings for Archive ArchiveMaxSize , ArchiveMaxRecursion and ArchiveMaxRatio . If the option is deactivated ( NO ), such archives are forwarded, disregarding the settings for ArchiveMaxSize , ArchiveMaxRecursion and ArchiveMaxRatio . BlockSuspiciousArchive NO Avira GmbH Avira AntiVir MailGate...
  • Page 38 " Alert found in email ". It will be moved to the quarantine directory depending on the setting of QuarantineAlert. If RejectAlertMail is NO , the email will be accepted and moved to quarantine. RejectAlertMail NO Avira GmbH Avira AntiVir MailGate...
  • Page 39 (not in milter mode). Default: 0, deactivates the option. ThrottleDelay Example: There are 100 emails in the queue. ThrottleMessageCount is set to 10 and ThrottleDelay to 1. Then a maximum of 10 emails are processed per second. Avira GmbH Avira AntiVir MailGate...
  • Page 40 Running an external program or script when a virus/unwanted program is Program detected: Calls an external program or script in case of detection. The parameter is the ID of the rejected email (see MailGate Spool Directories – Page 27). ExternalProgram /path/to/program Avira GmbH Avira AntiVir MailGate...

  • Page 41: Spam Filter Configuration (Avira Mailgate Suite Only)

    Avira MailGate Suite A spam filter is integrated in Avira MailGate Suite to filter spam and other unwanted emails. The spam filter opens a connection to the spam database server for every email to check its status. You have to enable the connection on port 55555 via TCP.
  • Page 42 Defines an action for spam mails: BLOCK, TAG, NONE. • TAG inserts a header line into the email. For example: X-AntiVirus-Spam-Check: clean (checked by Avira MailGate: version: 2.1.3-0; spam filter version: 2.0.5/0.2; host: host.your.site) • BLOCK puts the mail into the " rejected " directory.
  • Page 43 " blacklist " is the action for the given address. For Avira MailGate v 2.1.3, a match in this list concerns all recipients even if the mail was sent to recipients that are not listed. E. g. (in asmailgate.except ): /^someone@somewhere\.tld$/i r block_spam...
  • Page 44 An email containing this string should be rated as spam by spam filters. Just put this string into the message's body and send it through Avira MailGate. If you get messages similar to the ones below, the spam filter works correctly: spam filter: result=spam;...
  • Page 45 SpamFilterCheckFailedKeep NO OpenMax Specifies the maximum number of opened files for the Avira MailGate processes. The default value will only be set if the current system value is lower than the default.

  • Page 46: Scanner Configuration In Avmailgate-Scanner.conf

    To make scanning processes more efficient, you can use a given pool of scanners. Proxy Please note that too many scanners would overload the computer, while too few would cause unnecessary waiting for applications. Values: 0 or 1. Default: Avira GmbH Avira AntiVir MailGate...

  • Page 47: Hosts Configuration In Avmailgate.acl

    Using local and relay as key words, avmailgate.acl decides which computer is allowed to send emails via AntiVir MailGate. This is established via the sender's or recipient’s domain or IP address. Set the local hosts and/or domains. For example: local: localhost local: avira.com Avira GmbH Avira AntiVir MailGate...

  • Page 48: 5.6 Warnings Configuration In Avmailgate.warn

    Both have the same meaning. /16 means 16 bit and signifies the first two numbers of the IP address. Therefore, all IP addresses starting with 192.168 are allowed. Example for /etc/avmailgate.acl : # Access lists for AVIRA MailGate # These hosts and/or domains are local. local: localhost 127.0.0.1 local: avira.com...
  • Page 49 The reason for not scanning an email (short sentence). ADVICE Advice on problem-solving (~1 line, see REASON) QUEUEID Email ID in Avira AntiVir MailGate queue. SUBJECT Subject of infected email. CONCERNING_ Will be replaced with a list of files in which the alerts were FILE_NAMES detected.
  • Page 50 AntiVir has discovered the following in the email sent from your address: ALERTS This email has not been sent, but isolated on your server. Please scan your system immediately for possible virus infection. Clean your system before sending any more email messages. Avira GmbH Avira AntiVir MailGate...

  • Page 51: Updater Configuration In Avupdate.conf

    With Avira Updater you can update Avira software on your computers, using Avira update servers. To configure the update process, use the options in /etc/avira/avupdate.conf described below.
  • Page 52 Integration into Avira Security Management Center (SMC) In order to configure updates via Avira Security Management Center (SMC), it is necessary to add the updateplugin package to the SMC repository. Once added, a new product "Avira Updater" will be available for installation on machines administered by the SMC.

  • Page 53: Operation

    If you want to pass specific command line options to MailGate, you can add them to the parameter "DAEMONPARAMS" in the script (see Parameters for avmailgate.bin). You must login as root or you must have the required access rights to start or stop AntiVir MailGate manually. Avira GmbH Avira AntiVir MailGate...
  • Page 54 Operation Starting AntiVir MailGate Type: /usr/lib/AntiVir/avmailgate start The program starts with the following message: Starting AVIRA AntiVir MailGate... Starting savapi Stopping AntiVir MailGate Type: /usr/lib/AntiVir/avmailgate stop The program stops with the following message: Stopping AVIRA AntiVir MailGate... Stopping: avmailgate.bin Shutting down Avira MailGate...

  • Page 55: 6.2 Parameters For Smtp And Scanner Daemon

    -R remote.host Defines the remote host domain name (default: -i ) -r remote-ip-addr Defines the remote host IP address (aaa.bbb.ccc.ddd) (default: -i ) -q port Defines the remote host TCP port --avq Calls the queue manager. Avira GmbH Avira AntiVir MailGate...

  • Page 56: Queue Manager Avq

    The following status information is displayed, according to the spam filter results (see Report Templates Configuration – Page 48): --> Outbreak detected --> Dangerous attachment found --> Dangerous iframe found --> Dangerous alert found --> Spam Avira GmbH Avira AntiVir MailGate...
  • Page 57 . For example: ExternalProgram /usr/lib/AntiVir/rm_rejected.sh rm_rejected.sh: #!/bin/sh /usr/lib/AntiVir/avmailgate.bin --avq --remove=$1 Find out the ID of the email. AntiVir MailGate indicates the ID of the email in its logs and in the email sent to the postmaster. Avira GmbH Avira AntiVir MailGate...
  • Page 58 Type the command (where <ID> is the ID of the infected email): /usr/lib/AntiVir/avmailgate.bin --avq --deliver=<ID> The email is delivered, whatever the virus scanner reports, and it is deleted from the queue. Avira GmbH Avira AntiVir MailGate...

  • Page 59: Procedures When Detecting Viruses/Unwanted Programs

    Inform your team, superiors or partners. Inform your system administrator and security provider. Submit Infected Files to Avira GmbH Please send us the viruses, unwanted programs and suspicious files that our product does not yet recognize or detect. Send us the virus or unwanted program packed in an archive (PGP, gzip, WinZIP, PKZip, Arj), attached to an email message, to virus@avira.com.

  • Page 60: Updates

    Updates Updates With Avira Updater you can update Avira software on your computers, using Avira update servers. The program can be configured either by editing the configuration file (see 5.8 Updater Configuration in avupdate.conf), or by using parameters in the command line.
  • Page 61 - complete update (MailGate, scanner, engine and vdf files). Start the update process to test the settings: /usr/lib/AntiVir/avupdate --product=[product] where [product] takes the same values as above. If successful, a report will appear in the logfile /var/log/avupdate.log Avira GmbH Avira AntiVir MailGate...

  • Page 62: Service

    The expertise and experience of our developers is available to you. The experts from Avira answer your questions and help you with difficult technical problems. During the first 30 days after you have purchased a license, you can use our AntiVir Installation Support by phone, email or by online form.

  • Page 63: Contact

    Service Contact Address Avira GmbH Lindauer Strasse 21 D-88069 Tettnang Germany Internet You can find further information on us and our products by visiting http://www.avira.com. Avira GmbH Avira AntiVir MailGate...

  • Page 64: Appendix

    These processes usually start up and shut down with the computer. Demo version Without a license file, Avira AntiVir MailGate runs as a demo version. An Avira banner is inserted in every email. The automatic update function is not available, so you will have to download new virus definitions and scan engine versions manually from our website.

  • Page 65: Further Information

    Further Information You can find further information on viruses, worms, macro viruses and other unwanted programs at http://www.avira.com . Avira GmbH Avira AntiVir MailGate...

  • Page 66: Golden Rules For Protection Against Viruses

    Draw up a plan for data protection and recovery. Your network must be correctly configured and the access rights must be wisely assigned. This is represents good protection against viruses. Avira GmbH Avira AntiVir MailGate...
  • Page 67 Avira AntiVir MailGate | Avira AntiVir MailGate Suite Avira GmbH Lindauer Str. 21 88069 Tettnang Germany Telephone: +49 (0) 7542-500 0 Fax: +49 (0) 7542-525 10 Internet: http://www.avira.com © Avira GmbH. All rights reserved. This manual was created with great care. However, errors in design and contents cannot be exclu- ded.

This manual is also suitable for:

Antivir mailgate

Table of Contents