CyberKnights
Modern tools.
Traditional dedication.
Home
| Purpose
| Linux
| Products
| Legality
| Special
| Downloads
| Articles
| Contact
Instant AntiVirus (v0.2)
Ingredients
You will require:
- Root access on a working Mandrake Linux 9.1 system with the usual
tools like URPMI and a text editor such as vi;
- A legitimate copy of the Sophos virus scanner (many others can be used,
the AMaViS config file also lists FSAV, AVP, FSP, hbEDV, Sophie, Bitdefender,
FPROT, MKS, NAI, NVC, Panda, CLAM and Trend but not RAV. Prophetic?). I would
prefer to use an Open scanner, but nobody has stepped forward to keep the
virus signature updates timely for
OpenAntiVirus (as at 26 June 2003,
the signature file timestamp says 29 October 2002, therefore no Sobigs, no
BugBear.B, no insert-today's-viruses-here).
- This
collection of packages or choose individual packages
here.
Method
Install PostFix if it isn't already: urpmi postfix
Install Sophos as per the instructions that come with it. As at now,
that means unpack the linux.intel.libc6.tar file and run
./install.sh in the resulting sav-install directory.
Note that by default it installs the binaries in /usr/local/bin.
Explode the packages from the archive (note, this command unpacks them in
the current directory): tar xvjf AMaViS-Mandrake-9.1.tar.bz2
Install the packages (this assumes that the packages are the only ones
in the current directory): urpmi *.rpm
Make the directory /var/run/amavis: mkdir /var/run/amavis
Edit AMaViS' config file /etc/amavis/amavis.conf and make the following
changes:
- Uncomment the line: mail-transfer-agent = SMTP.
- Uncomment the line: virus-scanner = Sophos.
- Uncomment the extractors = line such that all extractors
are enabled.
- Configure the headers as you please. I flag the message as having
been scanned by AMaViS on a virus-immune Linux server, it gives the
recipients confidence.
- Adjust the logging to your taste.
- Set up the [Notify] section to match you and your site; take
care to escape (put a \ in front of) dots in the domain name(s) you supply
for local domain.
- Optionally uncomment the {in,out}put {port,address} lines in
the [SMTP] section, leaving input on localhost at 10025 and the
output to localhost at 10026.
- Adjust the resource limits under the [security] section to
your taste.
- If you didn't install Sophos' sweep binary in /usr/bin, adjust the
path under the [Sophos] section to reflect the correct path.
Save your changes and exit.
Start AMaViS by hand: amavis; if this starts without error and
leaves you wondering what to do next, type a Ctrl-Z and bg to
set it to waiting in the background. We'll come back presently and make
that permanent.
In the /etc/postfix directory edit the following files:
Append a line to main.cf saying:
content_filter = smtp:[127.0.0.1]:10025, which tells
PostFix to shove all incoming mail through the content filter listening
on port 10025 (our AMaViS-NG daemon).
Append a line to master.cf saying:
localhost:10026 inet n - n - - smtpd -o content_filter=,
which tells PostFix to listen on port 10026 for the returning emails
and process them without first running them through any content
filter.
Restart PostFix to make sure it is running and has picked up your
changes: service postfix restart
Check in /var/log/mail/errors to make sure you didn't break anything.
Send some email through the system and see if it comes out scanned.
Set amavis to run on startup. The simplest way is to append a line to
the /etc/rc.d/rc.local file saying:
/usr/bin/amavis &>/dev/null & but you may
prefer to use an init
script and daemoniser
wrapper. It's nicer and gives you a visual report on startup. Copy the
script to /etc/init.d/ and mark it executable. Copy the wrapper to /usr/bin/
and mark it executable. Do chkconfig --add amavis so it
will start automagically, or service amavis start to
start it now, if your amavis process from above is not still running.
Leon's Virus Rant
News sites speak of "Computer Viruses", but they're not. They are only
Microsoft Windows viruses. Linux has only a handful, and they're all
obsolete. Mac has two handsful. MS-Windows has tens of thousands
of the suckers.
If you do want to run MS-Windows but don't want to run a virus scanner,
here are some tips which will help to defer your own personal day of
reckoning:
- The short story is, the more you avoid Microsoft software, the
lower your exposure will be. In descending order of effectiveness:
- Never use MS-Outlook. I generally recommend the
Mozilla email client in its place,
but if you're willing to get a bit technical you can have my favourite
email client, KMail from KDE,
on your MS-Windows
system.
- Filter out all executable files. All of them. EXE COM SCR DLL
PIF BAT MSI and so on, their name is legion. Learn to live without
emailed executable comedies, and you'll also skip a few tragedies.
- Install the OpenOffice.org
suite and make it the default document handler for office documents
(DOC XLS PPT etc) even if you leave MS-Office on your machine. Office
documents containing macro viruses can be read with impunity using the
OpenOffice.org components (Writer, Calc, Draw etc). Making OOo the
default handler means that if a virussed email manages to automatically
open itself, robust OOo will field the request instead of vulnerable
MS-Office. As a bonus, OOo makes PDFs and will turn a presentation
into Flash for you, just upload it to your website.
- Install a different web browser (I recommend Mozilla again) and
set that to be the default protocol handler for HTTP, FTP etc. Internet
Exploder has too many complex vulnerabilities of its own. As well as
protecting you from email-induced ActiveX controls and other offenses
against the order of nature, this step will protect you against most
browser-transmitted viruses.
- OK, if at this point you can forsake your remaining games and run
your remaining accounting application under
WINE, replace your MS-Windows with
Linux. I use and recommend Mandrake Linux, but others have had good
results with Debian, SuSE, RedHat, whatever. You can download an ISO
image (CD file) called Knoppix, which you can burn to CD and boot your
computer from to see what Linux looks and feels like. Knoppix doesn't
write to your hard disk unless you type a magic incantation to tell it
to, and includes a full office suite, numerous games, a reasonable
sheaf of tools and so on. If you like that, you can either install it
(it's Debian at heart) or install one of the full distributions
after backing up everything you treasure.
We have come to realize that for most men the right to learn is curtailed by
the obligation to attend school. — Ivan Illich
Last changed:
09-Sep-2008 10:29:30 Find out
who links
to this page. Verify
for yourself that this page is pure, standard HTML, not Ruby.
If you would like us to read email for
USD$1000 per page, payable in advance, send it here.