CGPAV: how to integrate antivirus with CommuniGate

Custom RPM

Download and rebuild the cgpav-1.4-vit03.el4.src.rpm package.

Install two built RPMS: cgpav-1.4-xxx.rpm and cgpav-samples-1.4-xxx.rpm

• For EL4 x64 these are: cgpav-1.4-vit03.el4.x86_64.rpm, cgpav-samples-1.4-vit03.el4.x86_64.rpm

The package installer does the following things for you automatically:

• Create the /usr/share/cgpav/spamassassin.sql script
• Change some default values in /etc/cgpav.conf
• Installs cgpav in CGP-independent locations and creates symbolic links

ln -s /etc/localsite/cgpro/cgpav /var/CommuniGate
ln -s /etc/cgpav.conf /var/CommuniGate/Settings

Install sample virus and spam files in /usr/share/cgpav/samples

Create quarantine directory /var/cgpav/quarantine

Manual install

Alternatively you can download cgpav from authors site and recompile manually.Then, manually perform the actions this package would do for you.

The description below assumes these preconditions are satisfied.

Configuration

Adjust a few parameters in /etc/cgpav.conf

postmaster_account = alerts
virtual_domains = ourdom.com
local_networks = 127.0.0.1, 10.20.0.0/16, 172.16.162.57
local_domains = ourdom.com
charset = koi8-r
russian = true

Standalone Test

Copy directory /group/public/anti to /var/CommuniGate/anti and set user:group to root:mail

Change to this directory, run cgpav and issue commands from standard input

$ cd /var/CommuniGate
$ chown -R root:mail anti
$ ./cgpav
1 FILE anti/eicar.com
1 ADDHEADER "X-Virus-Flag: Yes"
2 FILE anti/sample-spam.txt
2 ADDHEADER "X-Spam-Status: Yes, hits=..."
3 FILE anti/sample-nonspam.txt
3 OK

CGPAV unconditionally prefixes files names with CGP base directory

Configuring external filter in CGP

(1) Create filter association (described in theCGP guide):

• Go to Settings/General/Helpers and set following parameters in Content Filtering:
  • Enabled = cgpav
  • Log Level = All Info (and revert to Major & Failure when debugging succeeds)
  • Time-Out = 5 min
  • Program Path = /etc/localsite/cgpro/cgpav
  • Auto-Restart = 5 min
• Go to Settings/Mail/Queue and set
  • Message Enqueuer / Processors = 5

(2) Additional actions:

• Custom cgpav.conf assumes you have created an alerts mailbox in CGP. If not, do it now..
• Add new mail routing rule in Settings/Router

  = null

• Go to Users/Domains/ourdom.com/Template and add the Spam mailbox

Manually create this mailbox for existing users

(3) Configure site-wide rule to run antivirus:

• go to Settings/Mail/Rules
• add the cgp antivirus rule with priority 8 (see note 2 here), press Edit and set rule parameters:
  • Message size -- greater than -- 1 (and revert to recommended 1024 when debugging is done)
  • To -- not in -- spam,spam@*,notspam,notspam@*
  • Action = External Filter, Parameter = cgpav

CGPAV configuration says to only add a header to infected messages. Rejection is handled by CGP itself.

(4) Configure site-wide rule to reject infected messages:

• go to Settings/Mail/Rules
• add the infected rule with priority 7, click Edit and set rule parameters:
  • Header Field -- is -- X-Virus-Flag: Yes
  • Reject with --- Your mail is infected with virus

(5) Configure domain-wide rule to move potential spam to the Spam folder:

• go to Users/Domains/ourdom.com/Rules/Incoming Mail Rules
• add the spam rule with priority 7 and press Edit to set rule parameters:
  • Header Field -- is -- X-Spam-Flag: Yes
  • Store in --- Spam
  • Discard

Now try sending a message with virus or spam.

Notes about CGPAV usability

1. Even if language is set to russian, postmaster notifications are send in plain english only
2. When message is quarantined, nobody is made aware of the quarantined location, even postmasters

Вложения

cgpav-1.4-vit03.el4.src.rpm

cgpav-1.4-vit03.el4.src.rpm 284.14 КБ

cgpav-1.4-vit03.el4.x86_64.rpm

cgpav-1.4-vit03.el4.x86_64.rpm 127.34 КБ

cgpav-samples-1.4-vit03.el4.x86_64.rpm

cgpav-samples-1.4-vit03.el4.x86_64.rpm 7.8 КБ