October 1, 2008

Postfix and BitDefender Scanner

In this post we will describe to you how to scan and clean your e-mail traffic of malware, using Postfix and BitDefender Scanner. This is not a very fast solution and it will scan only the incoming traffic, because the procmail filter will send each and every e-mail to BitDefender Scanner. If speed is an issue, we recommend that you use BitDefender Security for Mail Servers and integrate it with Postfix or other supported MTA.

Bitdefender Scanner is very easy to install. The package comes as .rpm, .deb and .tar. For example, type in your console:

$ sh -x BitDefender-scanner-7.5-4.linux-gcc3x.i586.deb.run

and follow the install procedure.

Once you have completed the installation, you should update the antimalware engines, as follows:

$ cd /opt/BitDefender-scanner/bin
$ ./bdscan --update

or just:

$ bdscan --update

If your LDA in Postfix is procmail, then you don’t need to make any changes in your main.cf file. Otherwise add this line in /etc/postfix/main.cf:

mailbox_command = /usr/bin/procmail -a "$EXTENSION"

Now, restart the Postfix server.

If your Postfix server is using another LDA, but it is using .forward files, a solution per user, not system wide, is to add a .forward file in your home directory and then put the following line in it:

|/usr/bin/procmail

Make sure you have the procmail package installed and that you use the actual path to your procmail binary, which is system specific.

In your home directory, edit the .procmailrc file. If it is not there, then create it as follows:

$ echo >$HOME/.procmailrc

You can enable the pre-delivery scanner, system wide, by editing /etc/.procmailrc as root.

Add the following lines in .procmailrc:

PATH=/usr/local/bin:/usr/bin:/bin
MAILDIR=$HOME/Maildir/
DEFAULT=$MAILDIR
LOGFILE=$MAILDIR/procmail.log
FILE=`mktemp`
:0 fw
|cat > $FILE; if bdscan $FILE &>/dev/null; then formail -a "X-BDScan:
clean" <$FILE; else formail -a "X-BDScan: infected" <$FILE; fi; rm -f $FILE

You must modify the MAILDIR variable and bdscan must be in your path.

Procmail will add to your email, a header that contains:

X-BDScan: clean

or

X-BDScan: infected

depending on the bdscan result.

If you want the infected email to be deleted, then add the following lines to .procmailrc:

:0
* ^X-BDScan: infected
/dev/null

If you want to move the infected files to a local directory, add:

:0
* ^X-BDScan: infected
Maildir/infected

October 01st 2008 Posted to Quick tutorials by The BitDefender Team

* Comments(1)

Comments

  1. beswararao
    August 5th, 2009 | 12:29 pm

    pls send the new activation cose

Leave a reply

Designed by: Movies