1. Manuals
  2. Brands
  3. ESET Manuals
  4. Software
  5. NOD32 ANTIVIRUS - FOR LINUX MAIL SERVERS
  6. Installation manual

ESET NOD32 ANTIVIRUS - FOR LINUX MAIL SERVERS Installation Manual

Installation manual and users’ documentation for linux mail servers
Hide thumbs
Table of Contents

Advertisement

Quick Links

Download this manual
NOD32 for Linux Mail Servers
(for use with FreeBSD)
Installation Manual
and
Users' Documentation
Copyright 2005, Eset, s.r.o.

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the NOD32 ANTIVIRUS - FOR LINUX MAIL SERVERS and is the answer not in the manual?

Questions and answers

Related Manuals for ESET NOD32 ANTIVIRUS - FOR LINUX MAIL SERVERS

Summary of Contents for ESET NOD32 ANTIVIRUS - FOR LINUX MAIL SERVERS

  • Page 1 NOD32 for Linux Mail Servers (for use with FreeBSD) Installation Manual Users’ Documentation Copyright 2005, Eset, s.r.o.
  • Page 2 All rights reserved. No part of this documentation may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning, or otherwise without a permission in writing from the author. Eset s.r.o. reserves the right to change any of the described application software without prior notice. Revision History Revision 2.14-1 (11/03/2005)

  • Page 3: Table Of Contents

    Table of Contents 1. Introduction ............................1 2. How to navigate through this guide ....................3 3. Mail server in UNIX OS environment..................... 5 4. NOD32LMS package installation..................... 9 5. NOD32LMS configuration ....................... 11 5.1. NOD32LMS - own configuration..................11 5.2.

  • Page 5: Introduction

    Chapter 1. Introduction Dear user, you have acquired NOD32 for Linux Mail Servers (for use with FreeBSD) - NOD32LMS - probably the best antivirus system for e-mail servers running under the FreeBSD operating system. As you will soon realize, the system has unsurpassed scanning speed and detection rate, combined with a very small footprint that makes NOD32 the ideal choice for any FreeBSD mail server.
  • Page 6 Chapter 1. Introduction...

  • Page 7: How To Navigate Through This Guide

    Chapter 2. How to navigate through this guide This guide is assumed to be the complex users’ guide into the NOD32LMS system. It covers in- formation on configuration and maintenance of the system in order to run efficiently for various supported FreeBSD OS distributions and various e-mail server systems.
  • Page 8 Chapter 2. How to navigate through this guide Chapter 8 Contains information on where to send your questions or remarks.

  • Page 9: Mail Server In Unix Os Environment

    Chapter 3. Mail server in UNIX OS environment This chapter is concerned with the basics of the e-mail messaging system, also commonly called e-mail server system, however, e-mail server is only part of the more complex messaging system. For better understanding of the NOD32LMS operation, knowledge of the messaging system basic principles is of paramount importance.
  • Page 10 Chapter 3. Mail server in UNIX OS environment The meaning of abbreviations used in the scheme of figure 3-1 is as follows. MTA (Mail Transport Agent) A program (for instance sendmail, postfix, qmail, exim, etc.) receives e-mail messages from local and/or remote domains and forwards it for further delivery. Generally speaking, MTA is an agent providing mail transfer among other e-mail servers MTAs and/or MUAs (see below).
  • Page 11 Chapter 3. Mail server in UNIX OS environment Scanning of inbound e-mail messages (We define the term "inbound message" for e-mail mes- • sage with the target address corresponding to the destination located at the local domain. Similarly the "outbound message" will be a message bound to some remote domain via its target address.) marked in the figure by symbol S1, is used to protect e-mail messages deliv- ered from the outside Internet to the local MAILBOX-es belonging to local users.
  • Page 12 Chapter 3. Mail server in UNIX OS environment...

  • Page 13: Nod32Lms Package Installation

    Chapter 4. NOD32LMS package installation Before further explanations concerned with NOD32LMS, let’s first install the whole thing. In order to do so, one has to download the appropriate packages from the NOD32 server. Use your favorite web browser to navigate to the NOD32 download page http://www.nod32.com/download/download.htm At this page you can see a set of NOD32LMS packages listed for various UNIX OS distributions.
  • Page 14 Chapter 4. NOD32LMS package installation...

  • Page 15: Nod32Lms Configuration

    Chapter 5. NOD32LMS configuration This chapter describes the process of the NOD32LMS configuration. In the first section the struc- ture and meaning of all NOD32LMS configuration files will be discussed. The rest of the chapter is devoted to individual scenarios related configurations as discussed briefly in chapter 3. 5.1.
  • Page 16 Chapter 5. NOD32LMS configuration To finish a general description of the main configuration file, we will yet make a remark on the parameters type. Note that there are basically three types of parameters in the configuration file, e.g.: integer Integer parameters accept integer values. For instance (listen_port = 2526). string String parameters accept the strings delimited by quotation marks (server_addr = "local- host").
  • Page 17 Chapter 5. NOD32LMS configuration When NOD32 system has not detected any infiltration in the e-mail message, the following footnote template is written into the footnote when enabled. e-mail header | From: | To: ---------------------------- e-mail body |html text of the file sig_header_clean.html |list of infiltrations found by the scanner |html text of the file sig_footer_clean.html /etc/nod32/nod32d_script...

  • Page 18: Scanning Of The Inbound E-Mail Messages

    Chapter 5. NOD32LMS configuration 5.2. Scanning of the inbound e-mail messages Scanning of the inbound e-mail messages is performed at the time of message transmission between MTA and MDA (as marked by symbol S1 in figure 3-1). The generic scheme of the process is shown in the figure 5-1.

  • Page 19: Renaming The Original Mda And Its Replacement By Nod32Mda

    Chapter 5. NOD32LMS configuration 5.2.1. Renaming the original MDA and its replacement by NOD32MDA This is a simple approach even without a need to make any changes in the agent MTA. But still, prior starting with the proper setup modification, the user is required to know exactly what MDA agent is used by the system.

  • Page 20: Setting Of Nod32Mda (In Mta) As Mda

    Chapter 5. NOD32LMS configuration link cancellation may occur and one has always, after the MDA software upgrade, to repeat the whole procedure described above. 5.2.2. Setting of NOD32MDA (in MTA) as MDA This section contains a more rigorous approach to provide scanning of inbound messages than the one described in the previous section.

  • Page 21: Setting Postfix Mta

    Chapter 5. NOD32LMS configuration Note: Please, in case you are reading the ASCII form of this guide, do not drag and drop the above sentence, since it may not work. Indeed, it can be that the switches used here as an exam- ple will not work in your case as they are dependent on the version of Sendmail MTA.

  • Page 22: Setting Qmail Mta

    Chapter 5. NOD32LMS configuration that will give us the full path to the binary file by return. Now, in order to involve module nod32mda into the message processing, we have to replace the MDA maildrop with the module nod32mda. Write the following command in order to do so: postconf -e "mailbox_command = nod32mda -d \"$USER\"...
  • Page 23 Chapter 5. NOD32LMS configuration messages to the MAILBOX file located at the local user home directory; ’|preline procmail’ to use the procmail MDA as a local deliver agent, etc.). In order to involve the module nod32mda into the message delivery process the user is re- quired to use: "|/usr/bin/nod32mda"...

  • Page 24: Setting Mta Exim Version 3

    Chapter 5. NOD32LMS configuration Note: Please check whether the path at each binary file used in the script corresponds to the real location of the binary file. With the above modifications we have configured Qmail to send e-mail messages to nod32mda module from where they are after scanning sent to MDA procmail for local delivery.
  • Page 25 Chapter 5. NOD32LMS configuration # DIRECTORS CONFIGURATION procmail: driver = localuser transport = procmail_pipe As can be seen in this screenshot, the original MDA component is referenced in the configuration file by parameter ’command’. Note: Please note that besides the section related to transport there should always be defined the section usually called ’DIRECTORS CONFIGURATIONS’...

  • Page 26: Setting Mta Exim Version 3 (More General)

    Chapter 5. NOD32LMS configuration 5.2.2.5. Setting MTA Exim version 3 (more general) An MTA Exim version 3 stores its configuration in the file /etc/exim/exim.conf (resp. /etc/exim.conf). The procedure described here will therefore be done only with this one file and of course with the main NOD32LMS configuration file (/etc/nod32/nod32.cfg). Please, note that the configuration described here is MDA independent by means it can be used in cooperation with any MDA already working with Postfix MTA.

  • Page 27: Setting Mta Exim Version 4

    Chapter 5. NOD32LMS configuration #!/bin/sh /usr/sbin/exim -oMr virus-scanned $* In the above script we have asumed that the exim binary file is located within a directory /usr/sbin. If this is not the case, please modify above script as necessary. To accomplish the whole procedure, one has to restart both the MTA Exim and the daemon nod32d.

  • Page 28: Scanning The Outbound E-Mail Messages

    Chapter 5. NOD32LMS configuration With the above setting we have ensured that all the e-mail messages sent to user belonging to local domain will now be primarily sent to module nod32mda. Still there remains the second part of the modification to provide that all messages processed by nod32mda will be sent to the appropriate MAILBOX.
  • Page 29 Chapter 5. NOD32LMS configuration module. NOD32D INTERNET NOD32SMTP FILE TCP PORT 25 TCP PORT 2525 LOCAL NETWORK 192.168.1.0/24 The most important part of scanning the outbound messages is done by the nod32smtp filter. This filter is a resident program (daemon) that performs in general three functions: receives data via the INET socket, •...
  • Page 30 Chapter 5. NOD32LMS configuration The operation principle of scanning an outbound e-mail message is based on the following idea: We configure a nod32smtp daemon to listen to communication incoming to port 2525 of the e- mail server computer and forward the scanned communication to port 25 of the same computer where, typically, the MTA daemon listens to.

  • Page 31: Content Filtering In Mta

    Chapter 5. NOD32LMS configuration This problem, however, can be solved by ensuring that all communication with the port 2525 will be disabled with the exception of the local network. In order to do so we use the following command: ipfw add deny tcp from not 192.168.1.0/24 to 192.168.1.10 2525 via xl0 Warning: Please, read...

  • Page 32: Content Filtering In Mta Sendmail

    Chapter 5. NOD32LMS configuration The value of the parameter myhostname must differ from that set in postfix (postconf myhost- name), otherwise a loop is detected (by postfix) and the e-mail is rejected. Finally, add postconf -e "content_filter = smtp:localhost:2526" into the postfix configuration file (/etc/postfix/main.cf). The entire process is illustrated in fig- ure 5-3.

  • Page 33: Content Filtering In Mta Exim

    Chapter 5. NOD32LMS configuration With these settings nod32smfi will communicate with the MTA Sendmail via unix socket /var/run/nod32smfi.sock. In the next step, modify the /etc/mail/sendmail.cf file by adding the following specification into the section MAIL FILTER DEFINITIONS: Xnod32smfi, S=local:/var/run/nod32smfi.sock, F=T, T=S:2m;R:2m;E:5m With this setting sendmail will communicate with the nod32smfi...

  • Page 34: Alternative Methods Of Scanning E-Mails

    Chapter 5. NOD32LMS configuration verify = false This section has to be placed as first section among all ROUTER CONFIGURATIONS sections. In case of Exim 4 it is only necessary to comment out the line domains = +local_domains from already existing ’nod32_router’ ROUTERS CONFIGURATIONS section defined by rules in section 5.2.2.6.

  • Page 35: Amavis

    Configuration of Amavis with NOD32LMS is performed during the process of Amavis installation. For installation, first unpack the source amavis-0.x.y.tgz and overwrite the file amavis/av/nod32cli with this contents: # ESET Software NOD32 Command Line Interface, Version 2.00 if ($nod32cli) { do_log(2,"Using $nod32cli");...

  • Page 36: Amavisd

    In order to install NOD32LMS with Amavisd-new, unpack and install the source amavisd- new-2.x.y.tgz in your installation directory. Now to configure NOD32LMS with newly installed Amavisd-new replace the clause for ’ESET Software NOD32 - Client/Server Version’ in file ’amavisd.conf’ with the following one: ### http://www.nod32.com/...
  • Page 37 Chapter 5. NOD32LMS configuration After configuring NOD32LMS follow the recommendation for configuring Amavisd-new in README.mta located in Amavisd-new directory according your mail server.
  • Page 38 Chapter 5. NOD32LMS configuration...

  • Page 39: Nod32 System Update And Maintenance

    Chapter 6. NOD32 system update and maintenance In order to keep NOD32LMS system effective, it is necessary to keep NOD32 virus definitions database up to date. In the following sections a concept of the NOD32 database update process is described with more in depth details which is in most cases not necessary to read. Therefore one may wish to skip directly to section 6.3 that can serve in this sense as a short ’how-to’...

  • Page 40: Nod32 Mirror Creation

    Chapter 6. NOD32 system update and maintenance in the local mirror directory and is used as a reference file for generation of further subordinate mirrors. The process of subordinate mirror creation is described in the section 6.2 in detail. 6.1.2. NOD32 mirror creation As has already been told, NOD32 update mirror creator (nod32umc) utility is used to download and maintain the mirror of NOD32 modules storage.

  • Page 41: Subordinate Mirrors Creation

    Chapter 6. NOD32 system update and maintenance base directory, i.e. directory where the NOD32 anti-virus scanner will load the modules from). One can choose an arbitrary directory for this purpose, however, this must contain nod32.000 module. There is no requirement given on the version of the module. In case the module is not located in the directory chosen, error 105 will occur.

  • Page 42: Automatic Update Of The Virus Definitions Database

    Chapter 6. NOD32 system update and maintenance At this point we would like you to notice that the creation of the mirror file structure at some computers file system, is not enough to provide the fully featured NOD32LMS mirror. For proper function of the newly created mirror there are additional conditions to be fulfilled.

  • Page 43: Periodic Update Of The Virus Definitions Database

    Chapter 6. NOD32 system update and maintenance that has to be adjusted by the user. The authorization file is an ASCII file with the following format. username=your_nod32_username password=your_nod32_password Please, use your favorite editor to invoke the file and fill its appropriate parts by valid username and password that you have received from your vendor.
  • Page 44 Chapter 6. NOD32 system update and maintenance...

  • Page 45: Tips And Tricks

    Chapter 7. Tips and tricks This chapter is devoted to describe tips and tricks cocnerned with configuration of NOD32LMS. This means it describes configuration of NOD32LMS in circumstances when for instance MTA is configured to use other software with similar functionality or with functionality that could normally lead to misconfiguration of NOD32LMS.

  • Page 46: Nod32Lms And Tls Support In Mta

    Chapter 7. Tips and tricks 7.2. NOD32LMS and TLS support in MTA Transport Layer Security (TLS) is a protocol guaranting data privacy in client/server commu- nication over the Internet. The basic principle of TLS is based on the SSL encryption of data traveling between client and server (We have on our mind the SMTP communication between MTA client and server).
  • Page 47 Chapter 7. Tips and tricks smtp_tls_per_site = hash:/etc/postfix/smtp_tls_per_site In addition it is necessary to create the above file with the following content localhost NONE and provide its appropriate hash table. In order to do so, execute the following statement from ’/etc/postfix’...
  • Page 48 Chapter 7. Tips and tricks...

  • Page 49: Let Us Know

    Chapter 8. Let us know Dear user, this guide should have given you a good knowledge about how the NOD32LMS works and how to configure it in order to protect your e-mail messaging system with highest efficiency. However, writing a documentation is a process that is never finished. There will al- ways be some parts of the NOD32LMS that can be explained better or are not even explained at all.
  • Page 50 Chapter 8. Let us know...

  • Page 51: Installed Content Of Nod32Lms Package

    Appendix A. Installed content of NOD32LMS package /usr/local/etc/rc.d/nod32d.sh /usr/local/etc/rc.d/nod32smfi.sh /usr/local/etc/rc.d/nod32smtp.sh /etc/nod32/nod32.auth /etc/nod32/nod32.cfg /etc/nod32/nod32d_script /etc/nod32/sig_footer_clean.html.example /etc/nod32/sig_footer_infected.html.example /etc/nod32/sig_header_clean.html.example /etc/nod32/sig_header_infected.html.example /usr/bin/nod32mda /usr/bin/nod32smfi /usr/bin/nod32smtp /usr/bin/nod32cli /usr/sbin/nod32_update /usr/sbin/nod32d /usr/sbin/nod32umc /usr/sbin/nod32upd /usr/share/doc/nod32lms/copyright /usr/share/doc/nod32lms/guide.us.txt.gz /usr/share/man/man1/nod32mda.1.gz /usr/share/man/man1/nod32smfi.1.gz /usr/share/man/man1/nod32smtp.1.gz /usr/share/man/man1/nod32cli.1.gz /usr/share/man/man5/nod32.5.gz /usr/share/man/man5/nod32.cfg.5.gz /usr/share/man/man8/nod32d.8.gz /usr/share/man/man8/nod32umc.8.gz /usr/share/man/man8/nod32upd.8.gz /var/lib/nod32/mirror...
  • Page 52 Appendix A. Installed content of NOD32LMS package...

This manual is also suitable for:

Nod32

Table of Contents