1. Manuals
  2. Brands
  3. ESET Manuals
  4. Software
  5. NOD32 ANTIVIRUS - FOR LINUX-BSD MAIL SERVER
  6. Installation manual

ESET NOD32 ANTIVIRUS - FOR LINUX-BSD MAIL SERVER Installation Manual

For linux/bsd mail server
Hide thumbs
Table of Contents

Advertisement

Quick Links

Download this manual
w e p r o t e c t d i g i t a l w o r l d s
NOD32 for Linux/BSD

Mail Server

Installation Manual
and User's documentation

Advertisement

Table of Contents
loading

Related Manuals for ESET NOD32 ANTIVIRUS - FOR LINUX-BSD MAIL SERVER

Summary of Contents for ESET NOD32 ANTIVIRUS - FOR LINUX-BSD MAIL SERVER

  • Page 1: Mail Server

    w e p r o t e c t d i g i t a l w o r l d s NOD32 for Linux/BSD Mail Server Installation Manual and User’s documentation...

  • Page 2: Table Of Contents

    7.1. Dropping messages marked by NOD32 author. as deleted in MTA Postfix ..........42 Eset, s.r.o. reserves the right to change any of the 7.2. NOD32LMS/NOD32BMS and TLS support in MTA ....42 8. Let us know ............45 described application software without prior notice.

  • Page 3: Introduction

    Chapter 1: Introduction...
  • Page 4 Dear user, you have acquired NOD32 for Linux/BSD Mail Server - NOD32LMS/NOD32BMS - probably the best anti- virus system running under the Linux/BSD OS. As you will soon find out, the system using, the state-of-the-art NOD32 scanning engine, has unsurpassed scanning speed and detection rate, combined with a very small footprint that makes it the ideal choice for any Linux/BSD OS server.

  • Page 5: Installation

    Chapter 2: Installation...
  • Page 6 RedHat Ready and Novell (SuSE) Ready certificate. This means in particular that the package is installed as an add-on application, i.e. the primary installation directory is ’/opt/eset/nod32’ instead of the base Linux OS directory structure. However, there are more differences between the original and ’Ready’ variation of the product that are beyond the scope of this document.

  • Page 7: Product's Roadmap

    Chapter 3: Product’s Roadmap...
  • Page 8 Once the product package has been successfully installed, it is time to become familiar with its content. The structure of the NOD32LMS/NOD32BMS is shown in the figure 3-1. The system is composed of the following components. Figure 3-1. Structure of NOD3LMS/NOD3BMS. CORE AGENTS NOD32D...
  • Page 9 /etc/nod32 Note that in case of RedHat Ready and Novell (SuSE) Ready variation of the NOD32 for Linux Mail Server the configuration and authorization directory is /etc/opt/eset/nod32 The directory consists of the following files. nod32.cfg This is the most important configuration file as it maintains the major part of the product functionality. For this reason the file is further referred to as ‚main configuration file‘...
  • Page 10 e-mail header | From: | To: -------------------------- e-mail body | text of e-mail body | content of lms_sig_header_infected.html | list of infiltrations found by the scanner | content of lms_sig_footer_infected.html The following footnote templates are used in e-mails found as clean: e-mail header | From: | To: -------------------------- e-mail body | text of e-mail body...

  • Page 11: Integration With E-Mailmessaging System

    Chapter 4: Integration with E-mail Messaging System...
  • Page 12 This chapter describes integration of the NOD32LMS/NOD32BMS with the variety of known email messaging systems. Knowledge of e-mail messaging system basic principles (figure 4-1) is of paramount importance for understanding of the NOD32LMS/NOD32BMS operation. Figure -1. Scheme of UNIX OS e-mail messaging system. MTA - Mail Transport Agent A program (for instance sendmail, postfix, qmail, exim, INTERNET...

  • Page 13: Scanning Of Inbound E-Mail Messages

    In case of RedHat Ready and/or Novell (SuSE) Ready variation of NOD32 for Linux Mail Server the installation path to the nod32mda is different so an appropriate statement is as follows: ln -s /opt/eset/nod32/bin/nod32mda /usr/bin/procmail With the above modifications, you ensure that all messages originally sent to MDA are primarily catched by nod32mda module.

  • Page 14: Setting Of Nod32Mda (In Mta) As Mda

    A=nod32mda -t -Y -a $h -d $u Note that in case of RedHat Ready and/or Novell (SuSE) Ready variation of NOD32 for Linux Mail Server the nod32mda module path is different, so an appropriate Sendmail configuration file sentence will be as follows. Mlocal, P=/opt/eset/nod32/bin/nod32mda, F=lsDFMAw5:/|@qSPhnu9, S=EnvFromL/HdrFromL, R=EnvToL/HdrToL, T=DNS/RFC822/X-Unix, A=nod32mda -t -Y -a $h -d $u Warning: In case you are reading the ASCII form of this guide, do not drag and drop any of above sentences, since it may not work.

  • Page 15: Setting Nod32Mda In Postfix Mta

    not a full-blown MDA, it is rather a wrapper; the ‘mda_path‘ parameter in this case has the following format: mda_path = “/usr/lib/sm.bin/sensible-mda“ To reread of newly created NOD32 configuration, enter the following command: /etc/init.d/nod32d reload To accomplish the whole procedure, one has to restart the MTA Sendmail. Note that NOD32LMS/NOD32BMS provides you with the option to define NOD32 scanning engine parameters individually for recipient users (resp.

  • Page 16: Setting Nod32Mda In Qmail Mta

    #!/bin/sh exec env - PATH=“/var/qmail/bin:$PATH“ \ qmail-start ’|/opt/eset/nod32/bin/nod32mda ’./Maildir/ splogger qmail Note that there is space before the second character ‚ and no space after it. Keep also in mind that the argument - ./Maildir/ - is used this time only as an example and in your case you must prepend argument used in your original ‚/ var/qmail/rc‘...

  • Page 17: Setting Nod32Mda In Mta Exim Version 3

    RedHat Ready and/or Novell (SuSE) Ready variation of NOD32 for Linux Mail Server the ’/var/qmail/rc’ script shall be slightly different. #!/bin/sh exec env - PATH=“/var/qmail/bin:$PATH“ \ qmail-start ’|/opt/eset/nod32/bin/nod32mda ’./Maildir/’ \ -- --user “$USER“’ splogger qmail 4.1.2.4. Setting NOD32MDA in MTA Exim version 3 Let’s look inside the exim configuration file ’/etc/exim/exim.conf’ (resp. in older versions ’/etc/exim.conf’) to become familiarwith its content.
  • Page 18 TRANSPORTS CONFIGURATION entry in this case is as follows: # TRANSPORTS CONFIGURATION nod32_transport: driver = pipe command = /opt/eset/nod32/bin/nod32mda -oMr virus-scanned $local_part@$domain user = mail group = mail Be sure that the ’user’ (usually ’mail’) used in the above settings is listed in a ’trusted_users’ list for this parameter.

  • Page 19: Setting Nod32Mda In Mta Exim Version 4

    -- --user $local_part 4.1.2.5. Setting NOD32MDA in MTA Exim version 4 Let’s look inside the exim configuration file ’/etc/exim4/exim4.conf’ to become familiar with its content. It is typically compound from TRANSPORTS CONFIGURATION section and ROUTERS CONFIGURATION section. Usually there is a ROUTERS CONFIGURATION entry ’localuser’...

  • Page 20: Scanning Of Outbound E-Mail Messages

    -- --user $local_part resp. in case of RedHat Ready and Novell (SuSE) Ready variation of NOD32 for Linux Mail Server used, the ’ c ommand’ parameter has to be defined as follows: command = /opt/eset/nod32/bin/nod32mda -oMr virus-scanned $local_part@$domain \ -- --user $local_part 4.2. Scanning of outbound e-mail messages Scanning of the outbound e-mail messages is performed during transfer of e-mail messages between the local MUA and the MTA.
  • Page 21 case you use ipchains (resp. iptables) tool for network filtering an appropriate rules will be as follows. Kernel 2.2.X: ipchains -I INPUT -p tcp -s 192.168.1.0/24 -d 0.0.0.0/0 25 \ -j REDIRECT 2525 Kernel2.4.X: iptables -I PREROUTING -t nat -p tcp -s 192.168.1.0/24 --dport 25 \ -j REDIRECT --to-ports 2525 Now all the communication arrives to the nod32smtp that can be checked in the module logging output. Note that the port 2525 with this setting provides an open relay as nod32smtp accepts all the packets that arrive on port 2525 (including packets from outside the local network).

  • Page 22: Content Filtering In Mta

    On the other hand the content filtering method is MTA dependent. The ESET comes with four content filters built for most common MTA, i.e.

  • Page 23: Content Filtering In Mta Sendmail

    4.3.2. Content filtering in MTA Sendmail The nod32smfi module is a third-party program with the purpose to serve as a content filter for MTA Sendmail. Using Sendmail’s Milter interface the nod32smfi accesses all e-mail messages being processed by MTA Sendmail. In order to enable filtering, enter the following lines into the [smfi] section of main NOD32 configuration file.
  • Page 24 TRANSPORTS CONFIGURATION entry in this case is as follows: # TRANSPORTS CONFIGURATION nod32_transport: driver = pipe command = /opt/eset/nod32/bin/nod32mda -oMr virus-scanned $local_part@$domain user = mail group = mail Make sure that the ‘user‘ (usually ‘mail‘) used in the above settings is listed in a ‘trusted_users‘ list for this parameter.

  • Page 25: Content Filtering In Mta Exim 4

    -- --user $local_part resp. in case of RedHat Ready and Novell (SuSE) Ready variation of this anti-virus product used, the ’ c ommand’ parameter has to be defined as follows: command = /opt/eset/nod32/bin/nod32mda -oMr virus-scanned $local_part@$domain \ -- --user $local_part 4.3.4. Content filtering in MTA Exim 4 Let’s look inside the exim configuration file ’/etc/exim4/exim4.conf’ to become familiar with its content. It is typically compound from TRANSPORTS CONFIGURATION section and ROUTERS CONFIGURATION section.

  • Page 26: Content Filtering In Mta Qmail

    -- --user $local_part resp. in case of RedHat Ready and Novell (SuSE) Ready variation of this anti-virus product used, the ’ c ommand’ parameter has to be defined as follows: command = /opt/eset/nod32/bin/nod32mda -oMr virus-scanned $local_part@$domain \ -- --user $local_part 4.3.5. Content filtering in MTA Qmail Nod32pipe can serve as a content-filter for Qmail. However, you need to download and compile the qmail-qfilter program, version 2.0 or newer.

  • Page 27: Alternative Methods Of Content Filtering

    4.4.1.1. amavis Configuration of Amavis is performed during the process of Amavis installation. For installation, first unpack the source amavis-0.x.y.tgz and overwrite the file amavis/av/nod32cli with this contents: # ESET Software NOD32 Command Line Interface, Version 2.52 if ($nod32cli) { do_log(2,“Using $nod32cli“); chop($output = ‘$nod32cli --subdir $TEMPDIR/parts‘);...

  • Page 28: Amavisd

    In order to install the product with Amavisd-new, unpack and install the source amavisdnew- 2.x.y.tgz in your installation directory. Now to configure the product with newly installed Amavisd-new, delete the clause for ’ESET Software NOD32’ and replace the clause for ’ESET Software NOD32 - Client/Server Version’ in file ’amavisd.conf’ with the following one: ### http://www.eset.com/...
  • Page 29 ### http://www.eset.com/ [’ESET Software NOD32 Command Line Interface v 2.52’, ’/opt/eset/nod32/bin/nod32cli’, ’--subdir {}’, [0], [1,2], qr/virus=“([^“]+)“/ ], Please, note the NOD32 scanning status values written within square brackets of the above setting. They are set to follow the same performance of Amavis cooperation as defined by default in the section discussing Amavis configuration.
  • Page 30 NOD32 for Linux/BSD Mail Server...

  • Page 31: Important Nod32Lms/Nod32Bmsmechanisms

    Chapter 5: Important NOD32LMS/ NOD32BMS Mechanisms...

  • Page 32: User Specific Configuration

    5.1. User Specific Configuration User Specific Configuration mechanism is implemented in the product in order to provide user with enhanced configuration functionality. It allows to define NOD32 anti-virus scanner parameters selectively for client/server identification. Regarding the NOD32LMS/NOD32BMS the NOD32 anti-virus scanner parameters can be defined individually for first recipient and/or sender of the e-mail messages processed.

  • Page 33: Handle Object Policy

    5.2. Handle Object Policy The Handle Object Policy (see figure 5-1) is a mechanism that provides handling of the scanned objects depending on their scanning status. The mechanism is based on so-called action configuration options (’action_on_processed’ , ’action_on_infected’ , ‚action_on_uncleanable‘ , ‚action_on_notscanned‘) combined with Anti-Virus enabling configuration option (‚av_enabled‘).
  • Page 34 server_addr = “localhost“ server_port = 2525 In the following we provide the [smtp] section with the reference to special configuration file ’nod32smtp_spec.cfg’ where the black-list or white-list will be defined. [smtp] agent_enabled = yes listen_addr = “localhost“ listen_port = 2526 server_addr = “localhost“ server_port = 2525 user_config = “nod32smtp_spec.cfg“...

  • Page 35: Samples Submission System

    accepted without scanning. Please, note the character ’|’ placed in front of the header name of the special section in case of sender address and not placed there in case of recipient address. To get description of the special header name syntax, please refer to the appropriate NOD32 agent module manual page (in this case it is nod32smtp(1)).
  • Page 36 NOD32 for Linux/BSD Mail Server...

  • Page 37: Nod32 System Update Andmaintenance

    Chapter 6: NOD32 System Update and Maintenance...

  • Page 38: Basic Concept Of Nod32 System Update

    6.1.1. NOD32 mirror creation First, the mirror of all relevant so-called NOD32 precompiled modules have to be created from the origin ESET server(s). In the product developed for Linux OS and BSD OS the precompiled NOD32 modules introduced above are...

  • Page 39: Automatic Update Of The Virus Definitions Database

    (nod32.005) and ThreatSense.NET support module (nod32.006) in the directory: /var/lib/nod32 resp. in RedHat Ready and Novell (SuSE) Ready variation of the product the target directory is as follows: /var/opt/eset/nod32/lib Note that the above directory is exactly the NOD32 base directory where main NOD32 daemon loads NOD32 modules from.
  • Page 40 NOD32 for Linux/BSD Mail Server...

  • Page 41: Tips And Tricks

    Chapter 7: Tips and Tricks...

  • Page 42: Dropping Messages Marked By Nod32 As Deleted In Mta Postfix

    This chapter is devoted to describe tips and tricks concerned with configuration of NOD32LMS/NOD32BMS. This means it describes configuration of NOD32LMS/NOD32BMS in circumstances when for instance MTA is configured to use other software with similar functionality or with functionality that could normally lead to misconfiguration of NOD32LMS/NOD32BMS.
  • Page 43 data encryption in communication between local MTA and Internet and still use the ’ c ontent filtering’ methods. In MTA Sendmail content filtering there is no problem with SMTP TLS support at all as the Sendmail Milter does not relay on the SMTP communication and content filtering is done rather internally.
  • Page 44 NOD32 for Linux/BSD Mail Server...

  • Page 45: Let Us Know

    Chapter 8: Let us know...
  • Page 46 Therefore, in case of bugs or inconsistencies found within this documentation, please report a problem to our support center http://www.eset.com/support We are looking forward to help you solve any problem concerning the product.

This manual is also suitable for:

Nod32 antivirus system

Table of Contents