One of the best anti-virus systems for a Postfix server is ClamAV. This anti-virus tool kit is open sourced and can be used on all UNIX-like operating systems. It’s easy to install and effective. In this article we will be following our series started way back in the Installing Ubuntu Server 9.04 article. Of course we will be installing ClamAV on a Ubuntu server running LAMP and Postfix. With that in mind, let’s get busy!

Installation

The first thing to take care of is the installation of ClamAV. There are a number of tools you will need to install. Open up a terminal window and issue the command:

sudo apt-get install clamav clamav-freshclam clamsmtp

The above command should also pick up all of the necessary dependencies. The installation will also start the clamav daemon. You will restart that momentarily

Configuration

Once installed you have some configurations to take care of. There are three files you are going to have to edit:

• /etc/clamsmtpd.conf
• /etc/postfix/main.cf
• /etc/postfix/master.cf

The first file to configure is the clamsmtpd.conf file. The configuration in this file is simple. Look for the lines:

OutAddress: 10025

127.0.0.1:10026

Change them to:

OutAddress: 10026

127.0.0.1:10025

That’s it for the clamsmtpd.conf file. Now let’s move on to the heavier configurations.

Open up the /etc/postfix/main.cf file. Scroll down to the bottom of this file and add the following:

content_filter = scan:127.0.0.1:10025

receive_override_options = no_address_mappings

Save that file and now move on over to the /etc/postfix/master.cf file. Again, scroll down to the bottom of this file and add the following:

# AV scan filter (used by content_filter)
scan unix - - n - 16 smtp
-o smtp_send_xforward_command=yes
# For injecting mail back into postfix from the filter
127.0.0.1:10026 inet n - n - 16 smtpd
-o content_filter=
-o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
-o smtpd_helo_restrictions=
-o smtpd_client_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks_style=host
-o smtpd_authorized_xforward_hosts=127.0.0.0/8

Save that file.

Restarting

The first thing you need to do is restart Postfix with the command:

sudo /etc/init.d/postfix restart

Once that has restarted you need to restart clamsmtpd with the command:

sudo /etc/init.d/clamsmtpd restart

Now, if nothing has gone horribly wrong, you should have a virus protected Postfix mail server.

Updating signatures

You should never go without updating your virus signatures. This is critical for keeping your mail server virus-free as new viruses are created or old viruses mutate. Fortunately ClamAV has its own tool for this. You will need to go back to that terminal window and issue the command:

sudo freshclam

Which will update the signatures.

You might even add the freshclam command into the root users crontab for regular signature updates.

Final thoughts

Your Postfix mail server is getting better and stronger each day. Adding anti-virus is a critical step in the grand scheme of Postfix things. In our next addition to the Postfix series, we will add Spamassassin for anti-spam measures.

Related posts

• What is your Security Concept ? (9)
• Test your Anti-virus program (10)
• Stop SPAM in Postfix with Spamassassin (1)
• Secure Windows XP (0)
• Mail relaying made simple with Postfix (2)

Unlike ClamAV, KlamAV is a GUI tool. So there’s no need for opening up a terminal window and learning commands in order to scan either KMail or Evolution for viruses. And KlamAV is full of user-friendly features. Let’s take a look at how this gui tool can give you and your users even more of a security edge than they already have thanks to the Linux operating system.

Getting and installing

More than likely KlamAV and its requisite ClamAV are in your distributions repositories. So if you open up your Add/Remove Applications tool you can install KlamAV using the following steps:

1. Do a search for “klamav” (no quotes).
2. Select the resulting KlamAV listing.
3. Click Apply.
4. OK the dependencies.
5. Sit back and watch the installation happen.

When the install completes, you are ready for your first KlamAV run.

First run

When you run KlamAV for the first time you have to walk through an easy-to-use setup wizard. This wizard will have you locate your signature database and quarantine locations (the defaults will work) and that’s it. When the wizard completes you will more than likely be told your installation (or signatures) is out of date.

Figure 1

As soon as KlamAV is running for the first time you will see the Update tab of the KlamAV window (see Figure 1). Automatically a new virus definition will begin downloading. Once that is finished you are ready to start scanning.

The first thing you want to do is go to the Email Protection tab and select your email client. As stated earlier, KlamAV can protect both Kmail and Evolution. If you use Kmail KlamAV can set it up automatically. If you use Evolution you have to set up a filter in Evolution to pipe incoming and outgoing mail through klammail. Once that filter is set up you have to create a second filter to send any email with “virus-found” in the header to a quarantine folder.

If you click on the Scan tab you will notice a directory tree. From here you can scan files with the help of the kernel module Dazuko. So you can manually scan your directories for viruses.

Auto update

You can also set KlamAV to automatically update your virus database (definitions).  To do this go to the Update tab and then click on the “Update Virus Database Automatically” and then select how often you want it to be automatically updated. You can also manually update the database by clicking the Update Now button.

But why?

You may be asking yourself “why employ a virus scanner on Linux when the vast majority of viruses can’t harm my machine?” That is true, but those viruses can harm all of those people you might forward an email to who use Windows. To protect them why not scan all of your outgoing email. Better safe than sorry in that regard.

Final thoughts

Even if you are running the Linux operating system, you would do well to employ some form of anti-virus, even if only to protect users you forward email to. And if you do look for a Linux anti-virus, KlamAV is one of the best.

Related posts

• Yoggie PICO Personal Mobile Security Computer (3)
• With Ubuntu 9.10 Arrives Wubi 9.10 (2)
• Widgets for Linux: SuperKaramba (6)
• Widgets for Linux: gDesklets (3)
• Why you should switch your parents pc to ubuntu (20)

So called anti virus removal tools have been created to effectively remove traces of anti virus software from the computer system. They usually run a series of processes that delete files, Registry settings and other parameters or options that have been installed by the antivirus software during installation.

Below is a collection of anti virus software removal tools that have been created by the developers of the programs to aid their users if they encounter difficulties uninstalling it.

• AntiVir Registry Cleaner
• Avast Removal Tool
• AVG Remover
• Bitdefender Uninstallation Tool
• F-Secure Uninstallation Tool
• Kaspersky Removal Tool
• McAfee Consumer Products Removal
• Microsoft One Care Uninstall Cleanup Tool
• Norton Removal Tool
• Panda Anti Virus 2008 Uninstaller
• Symantec Corporate Products Clean Up Tool

Did we miss antivirus software uninstallation tools in the list? Let us know in the comments.

Related posts

• How To Run Commercial Antivirus Software Without Paying For It (21)
• AVG Remover (10)
• AVG-Antivirus will continue to be free (2)
• McAfee Consumer Product Removal Tool (6)
• Kaspersky Anti-Virus KAVRemover (9)

Users who followed the advice of the AVG software program were greeted with a Blue Screen of Death as soon as they clicked on the Heal button to remove the virus. Any attempts to boot the system afterwards failed because of the missing file. AVG was quick to react and released another update that corrected the issue.

This does not help those users who already cleaned the file in Windows. Here is the official information on how to fix the system for those users:

The system can be restored by following the steps in one of the comments on forum (using safe mode or recovery console and copying c:\windows\system32\dllcache\user32.dll into the right location)

If you need to restore deleted files from AVG Virus Vault you can do it this way:

- Open AVG user interface.
- Choose “Virus Vault” option from the “History” menu.
- Locate the file that was incorrectly removed and select it (one click).
- Click on the “Restore” button.

A possibility would have been to cross-check the detected virus with another anti-virus software or an online virus scanner to be sure that it is indeed infected before deleting the file.

Related posts

• Clam Win Antivirus (3)
• AVG-Antivirus will continue to be free (2)
• Antivirus Test (5)
• What You Should Do After Buying A New Computer System (18)
• Test your Anti-virus program (10)

The removal tool is compatible with Kaspersky Anti-Virus 6.0\7.0\2009, Kaspersky Internet Security 6.0\7.0\2009, Kaspersky Anti-Virus 6.0 for Windows Workstations and Kaspersky Anti-Virus 6.0 for Windows Servers. If the removal tool is run on a 64-bit operating system it can only remove Kaspersky Anti-Virus 2009 and Kaspersky Internet Security 2009.

KAVRemover can be executed right after the download has finished. It opens up a captcha that has to be identified correctly before the removal starts. A reboot of the computer is required after the removal process has ended.

The product check can be skipped at the command line in case there are traces left on the system of a Kaspersky product that the check did not discover automatically.

The syntax would be to run kavremover9.exe and add the product that should be removed as a parameter. Here is the parameter list:

• kav6
• kav7
• kav2009
• kav2009×64
• kis6
• kis7
• kis2009
• kis2009×64
• kav6fs
• kav6wks

The command kavremover9.exe kis2009 would remove all traces of Kaspersky Internet Security 2009 from the system.

Related posts

• Free Kaspersky Anti-Virus for 1 year (59)
• Download AVG 7.5 Professional for free (24)
• Anti Virus Software Removal Tools Overview (10)
• Test your Anti-virus program (10)
• Norton Security Scan (17)

The approach has a few advantages but also a disadvantage. The advantage is obviously that you can use it to remove known viruses, trojans, worms and other malicious software even if the computer cannot be booted into the operating system anymore. And since it is a standalone client it is not dependent on an installed anti-virus client but can be used on any computer that can be booted from CD. This also means that the program is independent from the installed operating system.

The disadvantage of the approach is that the virus definitions cannot be updated that easily and that it normally means that the full boot disk would have to be downloaded and burned to CD again meaning that this would have to be done regularly to stay up to date.

The good news is that you can download the Kaspersky Rescue Disk freely from an Kaspersky FTP and burn it to CD or DVD using a CD burning software like Nero.

The computer has to boot from the media and the boot sequence can be set in the computer BIOS. Make sure that the computer checks the DVD drive for a bootable device before it pulls the data from the hard drives.

The interface of the Rescue Disk is straightforward. It basically allows you to scan the computer for malicious software and offers ways to remove any that are found. This does not give a guarantee that the computer can be booted again after the cleanup though. A damaged file normally does not get repaired by anti-virus software.

Related posts

• Windows Worms Door Cleaner (2)
• Gernova Keylock (2)
• Free Kaspersky Anti-Virus for 1 year (59)
• Why Hackers take advantage of global events (0)
• Trend Micro RUBotted (5)

I personally do not think that such a feature is necessary due to the real-time protection that most anti-virus applications provide which will scan the file eventually before it can be executed.

The Mozilla team created a new preference that gives Windows users the option to disable the automatic virus scanning in Firefox which comes in handy if you have a anti-virus software installed but do not want it to scan the downloads or encounter difficulties because of this.

Type about:config in the Firefox location bar and filter for the string browser.download.manager.scanWhenDone. The default value of that parameter is true which means that scans will be done whenever a file is downloaded. Setting it to false will disable the automatic virus scanning in Firefox 3.

During research I came upon another error that is connected to the Download Statusbar extension. If you receive the error message Anti-virus Program not found after a download completes in Firefox 3 and have the Download Statusbar extension installed you need to set the path to the anti-virus program manually in the Download Statusbar options.

Related posts

• Firefox 3.1 Improvements (9)
• Firefox 3 Feature Overview Screencast (4)
• Web Browser: Firefox 3.0.8 (13)
• Web Browser: Firefox 3.0.7 (5)
• Trim down the Location Bar in Firefox 3 to show results in one line (2)

The personal free edition of AntiVir 8 has two new features or improvements listed on that page. The first is a raised scan speed which is always nice obviously and the second a redesigned visual appearance. The other versions of AntiVir contain a new system to create Rescue-CDs and the Security Suite a new option to backup data.

Windows Vista Service Pack 1 is supported now as well and there is an option to choose between software updates and updates of the virus definition lists. The size of the download is roughly 22 Megabytes and it is still possible to perform a software update right after installation which I would recommend.

Related posts

• Test your Anti-virus program (10)
• Test Avira AntiVir PersonalEdition Premium for 6 months (10)
• Kaspersky Anti-Virus KAVRemover (9)
• Free Kaspersky Anti-Virus for 1 year (59)
• Download AVG 7.5 Professional for free (24)

Kaspersky Anti-Virus sells for $39.95 regularly and is considered by many magazines to be one of the best antivirus solutions available. The key works with the English version of Kaspersky as well so don’t worry about that. The key will be send to your inbox after finishing the registration at the Chinese forum.

Raymond posted a nice registration walkthrough and I recommend that you check out his website and use it as a guide to make your way through the registration process. Once you got the serial number you can download Kaspersky Antivirus 7.0 and use the serial number that was send to you to activate the software.

Related posts

• Test your Anti-virus program (10)
• Kaspersky Rescue Disk (2)
• Kaspersky Anti-Virus KAVRemover (9)
• How To Run Commercial Antivirus Software Without Paying For It (21)
• Free McAfee VirusScan Plus 2008 (24)

The offers is only valid for non-commercial use and good for one PC at a time. I guess there is nothing wrong in downloading AVG 7.5 Pro for your computer and that of another user.

The download link is slow. I had a hard time downloading the file and the website seems to be going down / become unresponsive frequently and I strongly suggest that you use a Download Manager to download the file. Some mirrors have been posted at Cybernet news which is a respected site. The links point to Rapidshare and Megaupload however and I would not use them.

The size of the download is 37 Megabytes and I’m currently downloading it with a speed of 20 K in Orbit Downloader. I will install AVG 7.5 Pro after the download finishes and update this article if any more information come up.

Related posts

• Kaspersky Anti-Virus KAVRemover (9)
• Test your Anti-virus program (10)
• Norton Security Scan (17)
• Microsoft Security Essentials Leaks (8)
• Microsoft Security Essentials Final Announced (10)

I was not able to find a engine that I knew of that was not listed, all the major players like Symantec, AVG, Kapersky and Avira are listed which means that the file will get a very special treatment. Even though the file gets scanned by those 32 engines it is no guarantee that it does not contain a virus. No script or software can give you that guarantee but this looks like the best way to scan a file for malicious code and the possibility of success is greater with it.

There does not seem to be a file size limit, at least nothing is mentioned on their pages regarding a file size limit. I suspect that big files will result in an error message after a certain time.

Files can be uploaded using SSL for increased security and it can be checked that the file will not be distributed to the antivirus companies if a virus is found. This is an important option that should be checked most of the time because of privacy issues.

Virus Total offers another way to check files for malicious code. You can send them an email to scan@virustotal.com with SCAN (or SCAN- if you do not want to distribute the sample) and no body text. Attach the file to the email and make sure that it does not exceed 10 Megabytes.

A report will be send after the scan to the email that send the file. Users can also download a shell extension to send files directly from the context menu to Virus Total. Found the link at Make Use Of.

Related posts

• What is your Security Concept ? (9)
• Kaspersky Rescue Disk (2)
• Free Kaspersky Anti-Virus for 1 year (59)
• 20 Minute Guide to Pc Security (0)
• Windows Worms Door Cleaner (2)

Let me explain my security concept and ask some questions about yours afterwards. The most important part in my security concept is my knowledge. I know what I should do and what I should not do on the Internet. I know how phishing emails look like, I know when I should be doubtful of files that I want to execute and I do know how to select passwords that can not be bruteforced in a short period of time.

Firewall:

I do rely on a hardware firewall that is properly configured keeping many attacks away from my computer. I do however run no software firewall because I think this is a) not necessary because of the hardware firewall and b) could lead to attacks that are not there without it. Every piece of software installed on my system is a potential way to hack my system.

Anti virus:

I use the free AntiVir as a virus scanner. This is probably not the best choice in the world but good free scanners are rare. I keep it running all the time with automatic updates. Nothing compared to commercial products that update once every 30 minutes but good enough to react on all threats that make it on my system. My Knowledge prevents most possible ways of attacking my system with viruses and trojans anyway.

Encryption:

I have two hard drives with more than 500 gigabytes of encrypted data using the excellent Open Source software True Crypt. This is important to prevent local access to my files as long as the hard drives have not been mounted.

Spyware:

Something that I feel is overrated. I tend to run Ad-Aware and Spybot every other week to scan my system but I normally find some tracking cookies, that is all.

Rootkits:

The same can be said for Rootkits. I tend to use Rootkit Revealer or other products to check my system for rootkits but only occasionally. I would never put a Sony CD into my Computer anway ;)

Browsing, Email:

No Microsoft products if possible. I do use Opera and Firefox for web surfing and Thunderbird as my main email client. Both browsers are more secure than Microsofts Internet Explorer and Outlook. Maybe because they are better products, maybe because hackers like to concentrate on Microsoft products because more users are using them.

Did I leave something out ? What is your security concept ? Let me know, I like to read about software or tips that I never thought about in first place.

Related posts

• Rootkits: Sony does it again (3)
• Check a File using multiple antivirus engines (2)
• 20 Minute Guide to Pc Security (0)
• Windows Defender (11)
• Why I decided to uninstall my Antivirus software (24)

The guide is written for the inexperienced user mainly and consists of several parts. The first, called”The Basics: Spotting and Eliminating Threats” suggests to install a firewall, anti-virus software, anti-spyware software and other software like software that detects rootkits. They always recommend some programs that can be downloaded by following the links.

Now that they have covered the basics they tell you to update your operating system and software that is installed on your system. They suggest to use either Opera or Firefox instead of the Internet Explorer, want you to disable file sharing and be cautious when downloading.

As I said all those tips are good for beginners but geeks like we are should have implemented most of their suggestions already.

Next comes safe emailing with suggestions on good e-mail clients, again don’t use Outlook but tools like Thunderbird or Gmail instead. They also tell you to be wary of extensions and be cautious when clicking on links in emails to avoid malicious websites. (phishing). Last but not least you should setup email filters.

The next part deals with protecting your passwords which can be summed up by choosing different passwords that can’t be found using dictionary attacks. They also suggest to password protect the computer which I think is completely useless.

After that they make two suggestions to protect the wireless network which are really basic suggestions, they also suggest not to use the wireless connection of your neighbours because it could be setup for this case. (scanning the data like passwords that are send over the connection)

The last part deals with physical protection: Disguise your laptop and use anti-theft solutions should not bother most users but could be useful for business clients.

As you can see those are basic advices that could help inexperienced users. They miss to cover some topics that could really increase security but require knowledge of the subject. They fail to address the possibility to create a user account in Windows and use this one instead of the admin account. They also miss to mention that not needed services should be turned off, which user needs telnet or remote access anyways ?

I’m also not very fond of software firewalls and would suggest to use a hardware firewall instead. Software firewalls give a false sense of security especially if you are inexperienced.

Related posts

• Why you should switch your parents pc to ubuntu (20)
• Truemark Email Identification (5)
• New Phishing Mail Tactics (4)
• Must have software for my new computer (27)
• Ingenious PayPal mimicing spam (8)

The first and one of the most important steps would be to download and install the latest security fixes and services packs. I sometimes have to talk to users in my job (which is somewhat security related as well) and discover that they run Windows XP with the same settings that the pc was shipped with. No updates, outdated anti-virus definitions and the like. You do get the latest patches and fixes for your operating system at windowsupdates.

Make sure you have a valid license otherwise you will not be able to download the updates. A different way would be to use autopatcher which can be downloaded in a version that includes all the updates and fixes already.

The next step would be to turn off unnecessary services and programs that you won’t use. Why should the remote service be active if you never use it ? This reduces the chance of an attacker to get into the system. There are currently 19 services running on my system, if you never tinkered with them before you have probably double that size or even more.

Read the article about turning unnecessary services off, it explains the basics. It is a good idea to turn of the following services if you do not need them

• Telnet
• Universal Plug and Play Device Host
• IIS (not installed by default)
• Netmeeting Remote Desktop Sharing
• Remote Desktop Help Session Manager
• Remote Registry
• Routing & Remote Access
• SSDP Discovery Service

Talking about software. It is wise to not use the default Microsoft products like Outlook Express or Internet Explorer. Those are attacked the most because most of the users use them. (besides offering great ways of attacking them) Alternatives would be Firefox or Opera for Internet Explorer and Thunderbird for Outlook Express.

You should install a anti-virus solution. I do use Antivir but others should be fine as well. The most important aspect is that you keep the definition files up to date. If the software offers automatic updates I suggest you make it update the files once a day.

Firewalls. I do not use them. Well, not a software based firewall that is. I do have a hardware firewall which is all I need. I think that firewalls give the user a false sense of security. They are highly complex and require lots of attention to secure the system. It is not enough to simply install one and click on accept / deny every time a program wants to connect to the internet.

To secure the system you have to add all the tools that should have internet access to the firewall rules with exactly the ports they need. You should close every other port that is not needed by those applications. A good freeware that displays the list of currently open ports is currports.

I think those are the most important steps. If you have more let me know them.

Related posts

• XP Keep Per User Display Settings (1)
• Why is nvsvc32.exe running on my system ? (1)
• Who is connected to your pc right now ? (6)
• Vista Part 3 (19)
• Unknown Device Identifier (5)

Creating the file is pretty simple. Just create a new text file and paste the following line of code into it: X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

Save the file and rename it to test.com. When executed it displays the message EICAR-STANDARD-ANTIVIRUS-TEST-FILE. No harm will be done to your system if you accidentally execute the file. To test your virus scanner right-click the file and select to test it with your software.

You could also pack it and test it or send it to your email account to test the interaction between virus scanner and email client. After the test finishes you do know if your virus scanner is working as intended and able to detect viruses on your system. This does not necessarily mean that it will detect every virus that exists but it means that it is working.

Kaspersky Anti-Virus Products

Related posts

• Antivirus Test (5)
• Free Kaspersky Anti-Virus for 1 year (59)
• AVG-Antivirus will continue to be free (2)
• Virus Total Uploader (2)
• Test Avira AntiVir PersonalEdition Premium for 6 months (10)

GRISOFT is announcing a new version of the AVG Anti-Virus Free Edition. This new 7.5 version with improved performance and full compatibility with the latest Windows Vista version is available. Users that are using AVG Free 7.1 will be provided with a specific dialog, within the next few weeks, with the opportunity to choose the right option fulfilling their needs. AVG Free 7.1 version will be discontinued on 15th of Jan 2007. 

In case that you are still looking for an antivirus solution other than AVG Free I recommend Antivir which is completely free for personal use. I have been using Antivir for some time now and have not encountered serious issues as of now. I would say that a successful solution depends more on the user behind the keys than on the antivirus program that he is using.

Related posts

• Antivirus Test (5)
• Test Avira AntiVir PersonalEdition Premium for 6 months (10)
• Clam Win Antivirus (3)
• Astalavista Top 10 Freeware Tools (2)
• Anti Virus Software Removal Tools Overview (10)

They used one virus file which is about 50 megs unzipped and contains more than 10000 virii. The software that found the most got their recommendation which is not the best criteria if you ask me. There should be other factors like system resource use (never use Norton if you want a fast system), updates, type of virii found aso. But its a good test to see how your favorite AV handles this infested files.

Related posts

• AVG-Antivirus will continue to be free (2)
• Test your Anti-virus program (10)
• Test Avira AntiVir PersonalEdition Premium for 6 months (10)
• Free Kaspersky Anti-Virus for 1 year (59)
• Clam Win Antivirus (3)

The program is easy to download and install which is also a plus, just download, double click on the downloaded tool and you are ready to go. You have the option to include different languages, the source and add windows explorer and outlook integration. I´am not using Outlook so I removed this option and left everything else untouched for now.

The user interface is a basic one, you don´t have all the nifty graphics most other antivirus programs use. Clam is simply in that way, but its also fast due to this. I don´t care about looks if a program does what I expect it to do, but I know there are lots of people who like a resource eating monster like Symantec Internet Security more than a freeware program without the cool animated effects.

You have lots of configuration options, you can set filters, email alerts, schedule scans and use a proxy for the automatic internet updates if you like. Automatic updates are a great plus for Clam, my current antivirus software that I use (AVG) does not have automatic updates, you have to start the updates manually which is a great hassle. Especially when you don´t know if there has been a update at all.

What I don´t like about Clam is that its only having a plugin for outlook which is the most used email software of course but should not be used by anyone serious about making his pc more secure.

I can recommend Clam Win especially to users of Microsoft Outlook and users who tend to forgot to check for internet updates of their antivirus software. Resources accessed are minimal which is also a good thing for an anti-virus product.

Related posts

• AVG-Antivirus will continue to be free (2)
• Norton Antibot Free 1 Year License (15)
• Can’t delete virus ? Try Killbox (3)
• AVG 8 Update Marked User32.dll As Virus Infected (25)
• Antivirus Test (5)