bit defender for sendmail milter

BitDefender for Sendmail Milter (FreeBSD) SOFTWIN

User’s guide

BitDefender for Sendmail Milter

Contents

Contents ................................................................................................................ 2

License and Warranty........................................................................................... 3

Installation............................................................................................................. 6

System requirements ....................................................................................... 6

Install ............................................................................................................... 6

Uninstall ........................................................................................................... 7

What is BitDefender for Sendmail Milter? .......................................................... 8

Configuration under FreeBSD ........................................................................... 10

NetProtect...................................................................................................... 10

Registry .................................................................................................. 10

Core........................................................................................................ 11

AV7 – The heart of BitDefender.............................................................. 11

Spamtox – The Antispam module........................................................... 16

Logging & e-mail notification................................................................... 19

Real Time Virus Report (RTVR) & Real Time Spam Report (RTSR)...... 26

Agents .................................................................................................... 27

Live ................................................................................................................ 30

Automatic update.................................................................................... 30

Manual update ........................................................................................ 32

Product registration........................................................................................ 33

More info about BitDefender status ............................................................... 34

Web-based configuration................................................................................... 36

The webmin module installation..................................................................... 36

Uninstalling the BitDefender webmin module ................................................ 37

Accessing the BitDefender webmin module................................................... 37

Frequently Asked Questions ............................................................................. 39

Contact information............................................................................................ 41

2


License and Warranty IF YOU DO NOT AGREE TO THESE TERMS AND CONDITIONS DO NOT INSTALL THE SOFTWARE. BY CLICKING "I ACCEPT", "OK", "CONTINUE", "YES" OR BY INSTALLING OR USING THE SOFTWARE IN ANY WAY, YOU ARE INDICATING YOUR COMPLETE UNDERSTANDING AND ACCEPTANCE OF THE TERMS OF THIS AGREEMENT. This License Agreement is a legal agreement between you (either an individual or a single entity end user) and SOFTWIN for use of the SOFTWIN software product identified above, which includes computer software and may include associated media, printed materials, and "online" or electronic documentation ("BitDefender"), all of which are protected by U. S. and international copyright laws and international treaty protection. By installing, copying, or otherwise using the BitDefender, you agree to be bound by the terms of this agreement. If you do not agree to the terms of this agreement, do not install or use the BitDefender; you may, however, return it to your place of purchase for a full refund within 30 days after your purchase. Verification of your purchase may be required. BitDefender License BitDefender is protected by copyright laws and international copyright treaties, as well as other intellectual property laws and treaties. The BitDefender is licensed, not sold. GRANT OF LICENSE. SOFTWIN hereby grants you and only you the following non-exclusive license to use BitDefender: APPLICATION SOFTWARE. You may install and use one copy of the BitDefender, or any prior version for the same operating system, on a single computer terminal. The primary user of the computer on which the BitDefender is installed may make one additional (i.e. second) copy for his or her exclusive use on a portable computer. NETWORK USE. You may also store or install a copy of the BitDefender on a storage device, such as a network server, used only to install or run the BitDefender on your other computers over an internal network; however, you must purchase and dedicate a separate license for each separate computer terminal on which the BitDefender is installed or run from the storage device. A license for the BitDefender may not be shared or used concurrently on different computers or computer terminals. You should purchase a license pack if you require multiple licenses for use on multiple computers or computer terminals. LICENSE PACKS. If you purchase a License Pack and you have acquired this License Agreement for multiple licenses of BitDefender, you may make the number of additional copies of the computer software portion of the BitDefender specified above as "Licensed copies." You are also entitled to make a corresponding number of secondary copies for portable computer use as specified above in the section entitled "Application Software".

3

BitDefender for Sendmail Milter TERM OF LICENSE. The license granted hereunder shall commence on the date that you install, copy or otherwise first use BitDefender and shall continue only on the computer on which it is initially installed. UPGRADES. If the BitDefender is labeled as an upgrade, you must be properly licensed to use a product identified by SOFTWIN as being eligible for the upgrade in order to use the BitDefender. A BitDefender labeled as an upgrade replaces and/or supplements the product that formed the basis for your eligibility for the upgrade. You may use the resulting upgraded product only in accordance with the terms of this License Agreement. If the BitDefender is an upgrade of a component of a package of software programs that you licensed as a single product, the BitDefender may be used and transferred only as part of that single product package and may not be separated for use on more than one computer. COPYRIGHT. All right, title and interest in and to BitDefender and all copyright rights in and to the BitDefender (including but not limited to any images, photographs, logos, animations, video, audio, music, text, and "applets" incorporated into the BitDefender), the accompanying printed materials, and any copies of the BitDefender are owned by SOFTWIN. The BitDefender is protected by copyright laws and international treaty provisions. Therefore, you must treat the BitDefender like any other copyrighted material except that you may install the BitDefender on a single computer provided you keep the original solely for backup or archival purposes. You may not copy the printed materials accompanying the BitDefender. You must produce and include all copyright notices in their original form for all copies created irrespective of the media or form in which BitDefender exists. You may not sub-license, rent, sell, or lease BitDefender. You may not reverse engineer, recompile, disassemble, create derivative works, modify, translate, or make any attempt to discover the source code for BitDefender. LIMITED WARRANTY. SOFTWIN warrants that the media on which BitDefender is distributed is free from defects for a period of thirty days from the date of delivery of BitDefender to you. Your sole remedy for a breach of this warranty will be that SOFTWIN, at its option, may replace the defective media upon receipt of the damaged media, or refund the money you paid for BitDefender. SOFTWIN does not warrant that BitDefender will be uninterrupted or error free or that the errors will be corrected. SOFTWIN does not warrant that BitDefender will meet your requirements. SOFTWIN HEREBY DISCLAIMS ALL OTHER WARRANTIES FOR BITDEFENDER, WHETHER EXPRESSED OR IMPLIED. THE ABOVE WARRANTY IS EXCLUSIVE AND IN LIEU OF ALL OTHER WARRANTIES, WHETHER EXPRESSED OR IMPLIED, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NONINFRINGEMENT. THIS WARRANTY GIVES YOU SPECIFIC LEGAL RIGHTS. YOU MAY HAVE OTHER RIGHTS, WHICH VARY FROM STATE TO STATE.

4

BitDefender for Sendmail Milter DISCLAIMER OF DAMAGES. Anyone using, testing, or evaluating BitDefender bears all risk to the quality and performance of BitDefender. In no event shall SOFTWIN be liable for any damages of any kind, including, without limitation, direct or indirect damages arising out of the use, performance, or delivery of BitDefender, even if SOFTWIN has been advised of the existence or possibility of such damages. SOME STATES DO NOT ALLOW THE LIMITATION OR EXCLUSION OF LIABILITY FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES, SO THE ABOVE LIMITATION OR EXCLUSION MAY NOT APPLY TO YOU. IN NO CASE SHALL SOFTWIN'S LIABILITY EXCEED THE PURCHASE PRICE PAID BY YOU FOR BITDEFENDER. The disclaimers and limitations set forth above will apply regardless of whether you accept or use, evaluate, or test BitDefender. IMPORTANT NOTICE TO USERS. THIS SOFTWARE IS NOT FAULT-TOLERANT AND IS NOT DESIGNED OR INTENDED FOR USE IN ANY HAZARDOUS ENVIRONMENT REQUIRING FAIL-SAFE PERFORMANCE OR OPERATION. THIS SOFTWARE IS NOT FOR USE IN THE OPERATION OF AIRCRAFT NAVIGATION, NUCLEAR FACILITIES, OR COMMUNICATION SYSTEMS, WEAPONS SYSTEMS, DIRECT OR INDIRECT LIFE-SUPPORT SYSTEMS, AIR TRAFFIC CONTROL, OR ANY APPLICATION OR INSTALLATION WHERE FAILURE COULD RESULT IN DEATH, SEVERE PHYSICAL INJURY OR PROPERTY DAMAGE. GOVERNMENT RESTRICTED RIGHTS/RESTRICTED RIGHTS LEGEND. Use, duplication, or disclosure by the Government is subject to restrictions as set forth in subparagraph (c)(1)(ii) of the Rights in Technical Data and Computer Software clause at DFARS 252.227-7013 or subparagraphs (c)(1) and (2) of Commercial Computer Software-Restricted Rights clause at 48 CFR 52.227-19, as applicable. Contact SOFTWIN, at Fabrica de Glucoza St., No 5, 72322-Sect.2, Bucharest, Romania, or at Tel No: 40-21-2330780, Fax:40-21-2330763 GENERAL. This Agreement will be governed by the laws of Romania and by the international copyright regulations and treaties. This Agreement may only be modified by a license addendum, which accompanies this Agreement or by a written document which has been signed, by both you and SOFTWIN. This Agreement has been written in the English language only and is not to be translated or interpreted in any other language. Prices, costs and fees for use of BitDefender are subject to change without prior notice to you. In the event of invalidity of any provision of this Agreement, the invalidity shall not affect the validity of the remaining portions of this Agreement. BitDefender and BitDefender logos are trademarks of SOFTWIN. All other trademarks are the property of their respective owners.

5


Installation System requirements Before installing BitDefender for Sendmail Milter, you must first verify that the mail server meets the following system requirements: - Processor: minimum Pentium II 300 MHz (800 Recommended) processor - RAM: minimum 64 Mb of memory (128 Recommended) - Disk space: minimum 20 Mb - Operating system: - FreeBSD 4.9-RELEASE, 4.10-RELEASE, 4.11-RELEASE, 4-STABLE - FreeBSD 5.2.1-RELEASE, 5.3-RELEASE, 5-STABLE Important note: FreeBSD 6-CURRENT IS NOT SUPPORTED AT THIS TIME. - Mail server: Sendmail with Milter inteface (starting with FreeBSD 4.8, Sendmail is compiled with Milter interface by default) NOTE: For FreeBSD 5.x, you must have compat4x port installed (from /usr/ports/misc/compat4x/). Install Before you begin the installation process, we recommend you to check that the installation packages are not corrupted (this can happen sometimes, especially if you downloaded them). Please run md5 on the packages and compare the output with the values from the md5sums file from the following location[s]: ftp://ftp.bitdefender.com/pub/freebsd/packages/md5sums Next, log in as root and execute: # pkg_add bitdefender-engines-1.6.2_1.tgz # pkg_add bitdefender-core-1.6.2_1.tgz # pkg_add bitdefender-milter-1.6.2_1.tgz To configure Sendmail Milter for BitDefender filter you must add the following lines to your .mc file and rebuild sendmail.cf (in the next example, the line is broken for typographical reasons, do not break it in the configuration file): define(`_FFR_MILTER', `true') INPUT_MAIL_FILTER(`BitDefender', \ `S=unix:/var/run/BitDefender/bdmilterd.sock, F=T, \ T=S:10s;R:10s;E:10m') Or, if you prefer to edit sendmail.cf directly, append the following lines at the end of the file (in the next example, the line is broken for typographical reasons, do not break it in the configuration file): XBitDefender, S=unix:/var/run/BitDefender/bdmilterd.sock, \ F=T, T=S:10s;R:10s;E:10m O InputMailFilters=BitDefender In both cases, restart sendmail (for example, run the following: cd /etc/mail && make restart).

6

BitDefender for Sendmail Milter For additional info you should check the documentation located in: /usr/local/bitdefender/share/doc Uninstall

Log in as root and execute: # pkg_deinstall bitdefender-milter # pkg_deinstall bitdefender-core # pkg_deinstall bitdefender-engines

7


What is BitDefender for Sendmail Milter? The acquisition and installation of an antivirus product for the company’s mail server is the most efficient way of preventing the infection of a computer and the spreading of viruses inside the company, and outside the company as well through the most common way of communication - the e-mail. BitDefender for Sendmail Milter is the solution SOFTWIN offers for the antivirus and antispam protection of the Sendmail servers. The product is designed and implemented in a modular manner, thus it can easily adapt to any work environment. All the messages received by the server are scanned using the BitDefender scan engines. This technology detects all the viruses presents in the attachments; BitDefender features built-in support for more than 80 packed files formats, including RAR, ZIP, ARJ, LZH, LHA, ACE, GZIP, TARGZ, JAR, UUE, MIME or CAB archives, no matter how they were created (self-extractable, multivolume, etc). If the message is clean, it will be sent forward to the mail recipient. In case an infection is found, it will be treated corresponding to the selected option (disinfection, deletion or isolation in the quarantine area) and alarm messages will be sent to the persons responsible for network security and management. For ensuring a superior and efficient antivirus protection, BitDefender for Sendmail Milter was designed with a function for an automatic update of the virus definitions. This function connects periodically to the BitDefender upgrade server, without the administrator’s intervention. Features:

- Real-time Antivirus protection of SMTP traffic - Real-time Antispam filtering - Scanning of all the e-mail messages and attached files - Antivirus protection for the newly created mail boxes - The multirecipient messages are filtered only once, before delivery, and not

many times for each mail recipient - Internal WatchDog to ensure solution's uptime - Forward option to make backup copies of email traffic - Automatic and incremental update of virus definitions and scanning engines

directly from BitDefender servers - Pushed updates directly from Softwin's servers in case of virus outbreaks - Custom message disclaimers to scanned emails - On-demand antivirus scanner for scheduled tasks - Possibility of isolating the infected e-mails in the quarantine zone - Generates custom alarm messages through e-mail - Web-based remote administration - Statistics and reports regarding the number of scanned files, the infected

files, the deleted and disinfected files

8

BitDefender for Sendmail Milter The message’s HTML body and attachments will be verified in order to detect the infected files and the back doors/ trojans/ worm files and prevent their spreading into the system. Only the clean messages will be delivered to the mail clients from the stations or will be sent further to the mail recipients outside the company. The infected messages are treated depending on the administrator’s option, by disinfection, deletion or isolation in a certain location on the server, considered to be the quarantine zone.

9


Configuration under FreeBSD The specification of the protection settings is made through the file /usr/local/bitdefender/etc/bdsettings.xml Edit this file in order to specify the protection options. The file might be structured in the following sections: <NetProtect> <live> each one will be treated in a special paragraph: NetProtect Here the user can specify the action on the infected objects, the location of the quarantine zone, the events when a special situation appears. Inside this section there are some subsections, which contain a few tags where the user can modify the settings. Registry The Registry is a special process that BitDefender uses for keeping the settings and helps all other components communicate with each other. The /NetProtect/Registry/ section determines the way BitDefender Registry will accept incoming connections and which local users (defined on the FreeBSD system) will be able to access the settings. The section should as below: <Registry> <TCPListen value="N"/> <Interfaces> <0.0.0.0 value=""/> </Interfaces> <LocalUsers> <bitdefender value=""/> <root value=""/> </LocalUsers> <RemoteUsers> <admin value="23F32CAC35432579"/> </RemoteUsers> </Registry>

The TCPListen variable controls whether bdregd will listen on a TCP port or only on a local UNIX socket. If you plan to use the Windows version of the BitDefender Remote Admin you must set this value to “Y” for the Console to be able to connect to bdregd.

10

BitDefender for Sendmail Milter If the above variable is enabled, then BitDefender will listen on port 8138 on the interfaces defined in the Interfaces section. If the setting is 0.0.0.0 then bdregd will listen on all interfaces. The LocalUsers section defines the local users (from the FreeBSD system) that are allowed to connect with the BitDefender Registry. By default the root and bitdefender user are set, but depending on the Agent installed more users might be added for BitDefender to work properly. The RemoteUsers/admin variable defines the password (in an encrypted form) that will be used when connecting from the Windows version of the BitDefender Remote Admin. Since the password is in an encrypted form, if you want to change it you must run /usr/local/bitdefender/bin/bdsetup –pass . Core By editing the /NetProtect/Core section you can change a few aspects related to the bdcored process. Maybe the most important setting in this section is Threads – which determines the maximum number of threads bdcored will be allowed to initiate. If an email comes in and bdcored is already scanning the <Threads> number of emails, BitDefender will enqueue it and will begin to scan it just after a running thread finishes. If you think that your server is able to scan more email messages at the same time than the default value, you can increase the Threads number up to an appropriate value. The /NetProtect/Core/PushUpdate key controls whether the PushUpdate system is active or not. In case of any virus outbreaks or an emergency update we will send you a special email message that when scanned by BitDefender will automatically start the update process. These email messages can be discarded or delivered to their recipients depending on the /NetProtect/Core/PushUpdateAction (DROP | DELIVER). AV7 – The heart of BitDefender In the Plugins section you can modify the action on the infected files, the location of the quarantine zone and you can configure any other modules included with BitDefender (for example the Antispam module). The settings for the AntiVirus core component are located in the /NetProtect/Plugins/AV7/ subsection. The following two variables controls how the antivirus will behave when an email is scanned: FirstAction – specifies the first action on the infected files (default DISINFECT) SecondAction – specifies the second action, in case the first action fails. The second action is enabled only when the first action is “DISINFECT”. (default DELETE) The values that FirstAction and SecondAction can take are:

11


• IGNORE: mark and log the message and continue. The email will not be disinfected.

• DISINFECT: attempts to disinfect, perform SecondAction if the object cannot be disinfected.

• DELETE: attempts to delete infected attachment • QUARANTINE: move entire message to system quarantine. • DROP: silently delete email (sender not informed) • REJECT: rejects email (implies bouncing)

The same settings can be configured in a easier way if you use the BitDefender Remote Admin module installed in Webmin (see the Web-based configuration chapter for more information).

The AddHeader variable can take one of these values: 0, n, no, 1, y, yes (case insensitive) and determines if the email messages that are scanned by BitDefender will contain a header telling if the email was infected or not by a virus. The AddFooterToClean, AddFooterToInfected variables can take one of these values: 0, n, no, 1, y, yes (case insensitive) and determines if the emails scanned by BitDefender will contain a message telling if the email was infected or not. The FooterOfClean, FooterOfInfectedRemoved, FooterOfInfectedIgnored variables should contain the path to the templates used when writing the footers. If these variables are undefined the builtin templates will be used. Custom headers and footers can be created by replacing certain variables with their corresponding values.

12

BitDefender for Sendmail Milter Variables

$BitDefender -- replaced with BitDefender. If you do not include this variable in your template the builtin template will be used instead.

$start and $end -- mark the boundary of the object list. Multiple object lists are allowed, provided they are not imbricated.

$no -- the number of the current item, in an object list. Starts from 1. Not valid outside object lists.

$object -- the file or object found infected or suspected of being infected. Valid only inside object lists.

$status -- One of Infected, Suspected, Unknown. Valid only inside object lists.

$virus -- the virus name. Valid only inside object lists.

$action -- the action taken for this object. Can be one of Disinfected, Deleted, Quarantined, Dropped, Rejected, Ignored. Normally Dropped and Rejected should never appear (since these messages are lost). Valid only inside object lists.

Examples

The built-in footer for disinfected emails looks like this: (note that spaces can be a little tricky)

---- This message has been scanned by $BitDefender, found to be infected and cleaned Details: $start$no. File: $object Status: $status Virus: $virus Action: $action $end

which produces something like:

---- This message has been scanned by BitDefender, found to be infected and cleaned. Details: 1. File: (MIME part)=>(application)=>word/W97M.Smac.D Status: Infected Virus: W97M.Smac.D Action: Disinfected 2. File: (MIME part)=>(application)=>word/W97M.Story.AD Status: Infected Virus: W97M.Story.AD Action: Disinfected 3. File: (MIME part)=>(application)=>word/W97M.Surround.A Status: Infected Virus: W97M.Surround.A Action: Disinfected

13


A more compact report:

---- The $BitDefender scanner found and cleaned in this message: $start$virus $end.

Combining the two above would work too (and would be useful, for example, when receiving quarantine tarballs).

In the AV7 subsection the location of the quarantine directory (where the infected files are stored), QuarDir, can also be configured. By default if the installation directory is /usr/local/bitdefender/ the QuarDir will bet set to /usr/local/bitdefender/var/quarantine . This is how the entire AV7 section should look: <Plugins> <AV7> <Path value="/usr/local/bitdefender/lib/npcore/av7core.plg"/> <Active value="Y"/> <FirstAction value="DISINFECT"/> <SecondAction value="IGNORE"/> <AddHeader value="Y"/> <AddFooterToClean value="yes"/> <AddFooterToInfected value="Y"/> <FooterOfClean value="/usr/local/bitdefender/share/temp/en/FooterOfClean.ptt"/> <FooterOfInfectedRemoved value="/usr/local/bitdefender/share/temp/en/FooterOfInfectedRemoved.ptt"/> <FooterOfInfectedIgnored value="/usr/local/bitdefender/share/temp/en/FooterOfInfectedIgnored.ptt"/> <QuarDir value="/usr/local/bitdefender/var/quarantine"/> <Plugins value="/usr/local/bitdefender/lib/Plugins"/> <bdcore value="/usr/local/bitdefender/lib"/> </AV7> </Plugins>

The options related to the messages added by BitDefender to the scanned email messages can be easily configured from BitDefender Remote Admin, too:

14


15


Spamtox – The Antispam module BitDefender Antispam module is an advanced spam filtering solution integrated into BitDefender for FreeBSD Mail Servers. Version 1.6 of BitDefender for Sendmail Milter features a version of BitDefender Antispam, using a proprietary heuristic analysis technology, image and URL filter and WBL (White List / Black List) support. BitDefender Antispam checks every incoming & outgoing email message and marks it as Spam or Non-Spam (Ham). Additionally, a Spam Score is attached to every scanned message. If the Spam Score is greater than or equal to Spam Threshold, then the message is marked as Spam. Otherwise, it's marked as Ham (Non-Spam). BitDefender Antispam module actions:

• add email header: X-BitDefender-Spam: Yes (100) • modify subject: [SPAM] Buy 0nl1ne!!!! • reject message (NOT recommended)

Glossary:

• Spam: unwanted email message (former definition: unsolicited commercial/bulk email)

• Ham: a Non-Spam message • False positive: a Non-Spam message marked as Spam • False negative: a Spam message not detected and not marked as Spam • Threshold: variable number, between 0 and 100, default to 90. For best results,

use the default value (90). • Spam Score: a variable number (between 0 and 100) reporting the Spam

probability of the current message. If Score < Threshold then the message is markes as Ham, otherwise the message is marked as Spam.

All the settings related to the Antispam module are grouped under the SpamTox section in the /NetProtect/Plugins/ registry path. The most important setting regarding this module is the Active variable that depending on the setting (Y or N) enables or disables the whole Antispam protection. If the Antispam module is marked as Active then the following options will be enabled as well: Action - specifies a list of actions that will be executed by the plugin. The variable should contain at least one of the following words separated by ‘,’ or ‘;’: reject, header, subject. Reject triggers the rejection of the mail and is not recommended. Header adds a custom header to the message. Subject modifies the subject header, according to a custom pattern. The actions can be written in any order and separated by spaces, tabs, commas and semicolons. Note that duplicating them or specifying anything near reject works but makes no sense.

16

BitDefender for Sendmail Milter SubjectPattern (default value: “[spam] $subject”) This value is used as a pattern for the new subject when one of the actions is subject and the mail is considered spam. Defined variables are $subject and $score. HeaderName (default value: “X-BitDefender-Spam”) The name of the custom header added to messages if one of the actions is header. HeaderPatternYes (default value: “Yes ($score)”) The value of the custom header, added if one of the actions is header and the mail is considered spam. Defined variables are $subject and $score. HeaderPatternNo (default value: “No ($score)”) The value of the custom header, added if one of the actions is header and the mail is not considered spam. Defined variables are $subject and $score. SpamThreshold (integer, value in the range 1-99, default value: “90”) The score threshold value. Messages obtaining a score higher than this are considered to be spam. Wrong values are ignored. UseHeur (boolean, values: 0 | n | no | 1 | y | yes (case insensitive), default value: yes) Whether to use antispam heuristics. You should leave this option enabled. UseBW (boolean, values: 0 | n | no | 1 | y | yes (case insensitive), default value: yes) If you want to use the black list and white list support. UseURL (boolean, values: 0 | n | no | 1 | y | yes (case insensitive), default value: yes) Whether to use the URL filter. UseIMG (boolean, values: 0 | n | no | 1 | y | yes (case insensitive), default value: yes) Whether to use the Image filter. This is how the Spamtox section should look: <Plugins > <Spamtox > <Path value="/usr/local/bitdefender/lib/npcore/spamtox.plg" /> <Active value="Y" /> <AntispamLib value="/usr/local/bitdefender/lib/npcore/spam/libantispam.so" /> <MainPath value="/usr/local/bitdefender/lib/npcore/spam" /> <TmpPath value="/usr/local/bitdefender/var/tmp" /> <UseHeur value="yes" /> <UseBW value="yes" /> <UseURL value="yes" /> <UseBayes value="no" /> <Action value="header,%20subject" /> <SubjectPattern value="[spam]%20$subject" /> <HeaderName value="X-BitDefender-Spam" /> <HeaderPatternYes value="Yes%20($score)" /> <HeaderPatternNo value="No%20($score)" /> <SpamThreshold value="90" /> </Spamtox> </Plugins>

17

BitDefender for Sendmail Milter The settings for the Antispam module can be easily configured via the BitDefender Remote Admin:

18

BitDefender for Sendmail Milter Logging & e-mail notification The /NetProtect/Logger/ section is used to configure both the file logging module (Filelog) and the e-mail notification module (MNsmtp). BitDefender is able to write detailed information about the scanned email traffic to a file and to notify the sender/receiver(s)/administrator(s) when a virus is detected. The file logging job is done by the Filelog module and the most important ones are the Active and DefaultLogFile. The value of the Active variable (Y, or N) determines if any information is written to the DefaultLogFile (specified as full path) or not.. <Logger> <Plugins> <Filelog> <Path value="/usr/local/bitdefender/lib/logger/filelog.npl"/> <Active value="Y"/> <DefaultLogFile value="/usr/local/bitdefender/var/log/bd.log"/> </Filelog> <MNsmtp> <Path value="/usr/local/bitdefender/lib/logger/mn-smtp.npl"/> <Active value="Y"/> <Enable value="Y"/> <AlertSender value="Y"/> <AlertReceivers value="Y"/> <SMTPServer value="127.0.0.1:10025"/> <From value="[email protected]"/> <Administrator value="[email protected]"/> <Postmaster value="[email protected]"/> <AdminAlertPattern value="/usr/local/bitdefender/share/templates/en/AdminAlert.ptt"/> <SenderAlertPattern value="/usr/local/bitdefender/share/templates/en/SenderAlert.ptt"/> <ReceiverAlertPattern value="/usr/local/bitdefender/share/templates/en/ReceiverAlert.ptt"/> <FileServerAlertPattern value="/usr/local/bitdefender/share/templates/en/FileServerAlert.ptt"/> <KeyWillExpireAlertPattern value="/usr/local/bitdefender/share/templates/en/KeyWillExpireAlert.ptt"/> <KeyHasExpiredAlertPattern value="/usr/local/bitdefender/share/templates/en/KeyHasExpiredAlert.ptt"/> </MNsmtp> </Plugins> </Logger>

Every other section in the configuration file that contains a Verbose key increases the log verbosity of that specific component if set to “Y”. For example if you set the /live/Verbose key to “Y” the log file will contain detailed information about the update attempts made by the bdlived process. The same settings can be easily modified via the BitDefender Remote Admin:

19


20

The Mail Notification section (MNsmtp) controls how and where the notification will be sent. The following variables change the MNsmtp’s behaviour: Active * Enable bdlogd to load this plugin. If not loaded, all other settings are useless. * Values: {"Y", "N"} * Default value: "Y" Enable * Enable logging (if the plugin is loaded (Active=Y) you can enable/disable mn-smtp without restarting bdlogd) * Values: {"Y", "N"} * Default value: "Y" AlertSender * Boolean value: whether to alert the sender of the message (sender address is taken from the From: header in the mail) * Values: {"Y", "N"} * Default value: "N" AlertReceivers * Boolean value: whether to alert the receivers of the message (address taken from the To:, Cc: headers in the mail) * Values: {"Y", "N"} * Default value: "N" SMTPServer * The IP of the server used for sending the alerts (in IPv4 numeric format)

BitDefender for Sendmail Milter * You can also specify a port number by prepending the number with a colon. The default value of 25 is assigned if the port is not specified, the format is not correct (missing colon), or if an invalid invalid port number is specified (not in 1..65535) or if a conversion error occurs. * Default value: "127.0.0.1:25" From * Specify the sender used when sending alerts. This value will appear in the “From: field of the notification e-mails). * Values : email address * Default value : bitdefender@<hostname> Administrator * The email address where to send key_expired alerts, key_will_expire alerts and other important error alerts. * Values : email address(es) Postmaster * The email address where to send virus alerts. * Values : email address(es) PostmasterAlertPattern * Full path to a file that will be used as pattern in virus alerts sent to postmaster * Values : file path * Default value : <path to mn-smtp.npl>/../../share/templates/en/PostmasterAlert.ptt SenderAlertPattern * Full path to a file that will be used as pattern in virus alerts sent to the sender of an infected mail. * Values : file path * Default value : <path to mn-smtp.npl>/../../share/templates/en/SenderAlert.ptt ReceiverAlertPattern * Full path to a file that will be use as pattern in virus alerts sent to the receivers of an infected mail. * Values : file path * Default value : <path ro mn-smtp.npl>/../../share/templates/en/ReceiverAlert.ptt KeyWillExpireAlertPattern * Full path to a file that will be used as pattern in key_will_expire alerts sent to administrator * Values : file path * Default value : <path to mn-smtp.npl>/../../share/templates/en/KeyWillExpireAlert.ptt KeyHasExpiredAlertPattern * Full path to a file that will be used as pattern in key_expired alerts sent to administrator * Values : file path * Default value : <path to mn-smtp.npl>/../../share/templates/en/KeyHasExpiredAlert.ptt The BitDefender variable must be present on every template or the default template will be used instead.

21

BitDefender for Sendmail Milter Possible variables to be used in various templates are the following: • PostmasterAlert.ptt

o RealSender o RealReceivers o HeaderSender o HeaderReceivers o Subject o Object o Action o Virus o Status o Agent

• SenderAlert.ptt o RealReceivers o HeaderReceivers o Subject o Object o Action o Virus o Status o Agent

• ReceiverAlert.ptt o RealSender o HeaderSender o Subject o Object o Action o Virus o Status o Agent

• FileServerAlert.ptt o Filename o Action o Virus o Status o Agent

• KeyWillExpireAlert.ptt o Product o Days o Agent

• KeyHasExpiredAlert.ptt o Product o Agent

22

BitDefender for Sendmail Milter Example The built-in alert template for Postmater alert is the following. Subject: System info $BitDefender found an infected object in a message: Real sender: $RealSender Real receivers: $RealReceivers From: $HeaderSender To: $HeaderReceivers Subject: $Subject Virus: $Virus http://www.bitdefender.com/vfind/?q=$virus Object: $Object Status: $Status Action: $Action Thank you for choosing BitDefender for FreeBSD Mail Servers The BitDefender Lab - http://www.bitdefender.com/ The result to be sent is the next one. BitDefender found an infected object in a message: Real sender: <[email protected]> Real receivers: <[email protected]> From: The Sender <[email protected]> To: The Receiver <[email protected]> Subject: klez Virus: Win32.Klez.A@mm http://www.bitdefender.com/vfind/?q=Win32.Klez.A@mm Object: /usr/local/bitdefender/var/tmp/bdnp.milter.qf2aqW=>[Subject: klez] [Date: Wed, 30 Mar 2005 12:29:36 +0300]=> (MIME part)=>(application) Status: Infected Action: Deleted Thank you for choosing BitDefender for FreeBSD Mail Servers The BitDefender Lab - http://www.bitdefender.com/ The same settings can be easily modified via the BitDefender Remote Admin, as shown in the next screenshots.

23


24


25

BitDefender for Sendmail Milter Real Time Virus Report (RTVR) & Real Time Spam Report (RTSR) Real Time Virus and Spam Report is a system included in all BitDefender products reporting virus and spam activity to the BitDefender Labs to help isolate and prevent the spreading of malware and spam in an efficient and timely manner.

Reporting details

Viruses and spam are reported at different times: • viruses are reported every 4 hours (or the value of

/NetProtect/Logger/Plugins/RTVR/Hours) or when the queue of viruses to report has reached a number of 1000 entries (or the value of /NetProtect/Logger/Plugins/RTVR/Viruses)

• spam is reported every 24 hours Both, viruses and spam, are reported whenever the rtvr/rtsr plugin is unloaded, that means when bdlogd is stopped. The time intervals are checked only when a new log event appears. That means that if there are some virus log events in the queue, and the next one arrives days later, only then the queue will be reported to the server, even though the time interval is set to 4 hours. This is true for both viruses and spam reporting.

Sample Registry Tree

<RTVR > <CUID value="273b1836-8118-4755-bfc9-af775de02e49" /> <Path value="/usr/local/bitdefender/lib/logger/rtvr.npl" /> <Active value="Y" /> <Enable value="Y" /> <UID value="022d182e-1157-4d9b-8b7a-d74acb6ded0e" /> <Hours value="4" /> <Viruses value="3" /> <Timeout value="15" /> <EnableRTSR value="Y" /> <ReportHost value="report.bitdefender.com" /> <Country value="3" /> </RTVR> The Active key determines if the entire RTVR/RTSR system is active or not, while the Enable and EnableRTSR control the operation of RTVR and RTSR individually.

26

BitDefender for Sendmail Milter Agents The bdmilterd agent has all of its configuration entries grouped under /NetProtect/Agents/Milter/ . These settings are explained in the following section:

SmtpFwdWhen (string, value: one of these words: never, always, infected) Enables the SMTP forward feature (sending a copy of the email through SMTP) either for all messages or for infected messages only. SmtpFwdHost (string) SMTP server to be contacted. If necessary (SmtpFwdWhen) a connection will be opened on port 25 of this machine and the mail will be forwarded. This will delay the queueing process (the original program will be invoked only after this action is completed). SmtpFwdHelo (string) Value to be sent in the SMTP HELO command (see above). SmtpFwdFrom (string) Value to be sent in SMTP FROM: command (see above). SmtpFwdRcpt (string) Value to be sent in SMTP RCPT TO: command (see above).

27


28

FailureAction (string, value: one of DROP, REJECT, REJECT, IGNORE; default value: REFUSE) Action that should be taken when the scan process fails. Possible reasons for the failure include:

• bdcored not running • product registration check failure • crash while scanning

IGNORE means "send the email as if nothing happened"(without scanning). REFUSE returns a "temporary, not available" code to the sender. REJECT returns an “permanent error” to the sender and the message is discarded DROP discards the message without informing the sender

http://zulu/wiki/index.php/Bdcored


29

Key This is the registration key of BitDefender FreeBSD Sendmail Milter. You could enter your license key by manually editing this value or by running from the FreeBSD console “/path/to/BitDefender/bin/bd register”.

BitDefender for Sendmail Milter Live In this section you may find the settings for BitDefender update. <live> <CheckSecs value=”7200” /> <mainlocation value=http://upgrade.bitdefender.com /> <ProxyOn value=”Y”> <ProxySetts value=”192.168.5.99:8080” /> </live> Variable Description CheckSecs specifies the interval to which the upgrade checking is made

(in seconds) Mainlocation specifies the location of the upgrade server ProxyOn specifies if the product upgrade is made or not through a

proxy server. If the upgrade is made through a proxy, the variable gets the value Y, otherwise it gets the N value.

ProxySetts specifies the proxy settings, in case the company uses a proxy server.

The proxy settings must be specified in the following manner: <ProxySetts value=”proxy_server:port” /> or <ProxySetts value=”user_name:password@proxy_server:port” /> for the proxy servers with authentication. Automatic update BitDefender for Sendmail Milter is pre-configured to update automatically each 8 hours. To configure the automatic update module please follow these steps: Update interval To modify the update time interval you will have to run the command bellow: # /usr/local/bitdefender/bin/bdsetup –setkey /live/CheckSecs 28800

Note: The time interval is displayed in seconds. Proxy server configuration

If you use a proxy server to connect to the internet please run the following command and follow the on-screen instructions. # /usr/local/bitdefender/bin/bdsetup –proxy

In order to deactivate the proxy usage, run # /usr/local/bitdefender/bin/bdsetup –noproxy.

30

BitDefender for Sendmail Milter The settings for the Live! Update module can be easily configured via the BitDefender Remote Admin:

An automatic update can be forced by running /usr/local/etc/rc.d/bitdefender.sh update from a FreeBSD console or clicking the Update Now button from the BitDefender Remote Admin:

31

BitDefender for Sendmail Milter Manual update The cumulative.zip is released every week on Monday and it includes all the virus definitions and scan engines updates up to the release date. The daily.zip is released each day and it includes all the virus definitions and scan engines updates since the last cumulative and up to the current date. In order to update the product manually, please follow these steps: 1. Download the updates

If it's Monday or if it's the first time you update using the manual updates please download the cumulative.zip and save it on your disk when prompted. Otherwise please download the daily.zip and save it on your disk.

2. Extract

Extract the contents of the zip file to “/usr/local/bitdefender/lib/Plugins/“ (overwrite the existing files if necessary). Note: If you are using both cumulative.zip and daily.zip you will have to extract the contents of the cumulative.zip first.

WARNING: After extracting the zip archives, you MUST set the proper owner and permissions, by running the following commands: # chown bitdefender:bitdefender \

/usr/local/bitdefender/lib/Plugins/* # chmod 644 /usr/local/bitdefender/lib/Plugins/*

3. Restart BitDefender services

Use the "/usr/local/bitdefender/bin/bdsetup –restart" command

32

http://www.bitdefender.com/bd/site/downloads.php?menu_id=19&s_id=2

BitDefender for Sendmail Milter Product registration The product is delivered with a trial registration key valid for thirty days. At the end of the trial period, if you want to purchase the product you have to provide a new serial number. In order to modify the default serial number use the : “/usr/local/etc/rc.d/bitdefender.sh register” command (alternatively you can use /usr/local/etc/rc.d/bitdefender.sh register") and follow the on-screen instructions. You can register BitDefender from the BitDefender Remote Admin bu clicking the Register button from the About / BitDefender Module Info section:

33

BitDefender for Sendmail Milter More info about BitDefender status More information about the current status of BitDefender is available if you run “/usr/local/etc/rc.d/bitdefender.sh info”: BitDefender v1.6.2 on FreeBSD localhost 5.4-PRERELEASE FreeBSD 5.4-PRERELEASE #2: Fri Mar 25 19:18:59 EET 2005 bitdefender@localhost:/usr/src/sys/i386/compile/Orion i386 BitDefender components: - core: 1.6.2-1 - engines: 1.6.2-1 - milter: 1.6.2-1 - radmin: 1.6.2-2 Engine: BitDefender AV Engine Ver 7. Signatures: 117351 - first action: DISINFECT - second action: DELETE - quarantine directory: /usr/local/bitdefender/var/quarantine (0 files - 4.0K) Agents: - Milter - Valid license, 22 days remaining. Antispam: Enabled Virus signatures update status: - last checked: Wed Apr 6 11:44:16 EEST 2005 - last updated: Wed Apr 6 11:44:30 EEST 2005 - check every: 8 hours

The following information is displayed: - the current version of BitDefender for Mail Servers along with some system information - the version numbers of BitDefender components - the AV engine used and its configured actions - the status of the Antispam module (enabled/disabled) - the agents installed along with the license status - the time when BitDefender last checked for virus signatures update and the time when

it actually updated its signatures You must have bdregd running in order to see all this information, otherwise only a small part of it will be shown. By running bd stats you will receive statistics about BitDefender’s activity: +-------------------------+-------------------------+ | MAILS | OBJECTS | +-------------------------+-------------------------+ | Scanned: 97721| Scanned: 805322| | Infected: 97505| Infected: 114975| | Suspected: 0| Suspected: 0| | Disinfected: 97505| Disinfected: 12270| | Dropped: 0| Deleted: 102705| | Rejected: 0| Ignored: 0| | Quarantined: 0| | | Spam: 2| | +-------------------------+-------------------------+

34

BitDefender for Sendmail Milter If you want to reset the statistics run the command /usr/local/bitdefender/bin/bdsetup –resetstats . Statistics are available from the BitDefender Remote Admin as well:

35


Web-based configuration BitDefender for Sendmail Milter can also be configured using a web browser under any operating system. In order to configure the antivirus protection for FreeBSD, it is necessary to install on the server side the Webmin module. Before installing, you have to make sure that the computer meets the following requirements: Operating system: FreeBSD Installed product: BitDefender for FreeBSD Mail Servers v1.6.2. Webmin: v1.100 or later The webmin module installation In order to use the BitDefender webmin module you must first install Webmin from http://www.webmin.com. Webmin is a web-based interface for system administration for Unix. Using any browser that supports tables and forms (and Java for the File Manager module), you can setup user accounts, Apache, DNS, file sharing and so on. After you succesfully installed Webmin you must:

- open the panel into a browser (http://hostname:10000/) - go to Webmin / Webmin Configuration / Webmin Modules - select the From ftp or http URL radio button - enter the following value in the textbox

ftp://ftp.bitdefender.com/pub/unices/RemoteAdmin/webmin/BitDefender.wbm.gz - Press Install Module

36

http://www.webmin.com/

http://hostname:10000/

ftp://ftp.bitdefender.com/pub/linux/RemoteAdmin/webmin/BitDefender.wbm.gz


Uninstalling the BitDefender webmin module

To uninstall the BitDefender Webmin module, follow these steps:

- open the webmin panel in a web browser (http://hostname:10000/) - Go to Webmin / Webmin Configuration / Webmin modules - Select BitDefender Remote Admin from the Delete Modules list and press Delete

Selected Modules. Accessing the BitDefender webmin module The BitDefender webmin module can be accessed from any web browser that supports tables and forms by going to http://hostname:10000/. After you log into Webmin you can find BitDefender Remote Admin under the System section.

After choosing BitDefender Remote Admin from the System section the following panel appears:

37




38

The left side menu (configuration toolbar) has the following options: BitDefender status – the current status of BitDefender's services is shown along with

the commands to start, stop, restart Sendmail Milter– configure the Sendmail integration Antispam – to configure the Antispam module Antivirus – to select the action, in case an infected file is detected, and the location of

the quarantine area; Mail Notification – to select the e-mail addresses where alarm messages will be sent

in case of virus detection; Logger – to configure the logging process Quarantine – to see the quarantine objects Live! Update – to access the configuration window for the product update; Statistics – to view the reports and statistics about the scanned objects; Registry – to change the settings related to BitDefender Registry; About – to view information about the current version, copyright, and contact

information as well;

BitDefender for Sendmail Milter Frequently Asked Questions Installation Q: What are the system requirements for running BitDefender for FreeBSD Mail Servers? A: You will find them in the System requirements section. Q: Which version of BitDefender for FreeBSD Mail Servers do I need? A: This depends on what MTA (email server) you use: Sendmail Milter, qmail, Postfix, Courier or another through SMTP Proxy. Q: How do I install the package? A: Follow the instructions from the Install section. Configuration Q: I modify the bdsettings.xml, but when I shut down BitDefender, the modifications are lost! Why? A: Restarting the settings should not affect the file, but this can happen because sometimes Live module updates some values. In this case, you need to shut down BitDefender services before editing bdsettings.xml: - run "/usr/local/etc/rc.d/bitdefender.sh stop" - edit ”bdsettings.xml” - run "/usr/local/etc/rc.d/bitdefender.sh start" Q: Where do I enter my serial number (license key) ? A: The product registration can be made under both FreeBSD and Windows. Use / Troubleshooting Q: BitDefender does not catch viruses! A: Make sure that: - the product is installed and configured properly. - the product is not expired - the 30 evaluation days passed or the registration key you used is expired or incorrect. Q: I don't receive any warning, but the antivirus works. Why? A: On some systems, you need a valid email address for the sender. The default is root@localhost - this is not valid in all cases. Please change it to a "regular" email address, for example [email protected].

39

BitDefender for Sendmail Milter Updates Q: How can I update the virus signatures database? A: By default, BitDefender will automatically update every 8 hours, but you can also force an update using the Remote Admin or running /usr/local/etc/rc.d/bitdefender.sh update from the FreeBSD console. Q: How can I tell if the virus signatures database is up to date? A: Run "/usr/local/bitdefender/bin/bd info" and check the number of signatures matched with the one from www.bitdefender.com website.

40

http://www.bitdefender.com/

BitDefender for Sendmail Milter Contact information

SUPPORT DEPARTMENT:

As a valued provider, SOFTWIN strives to provide its customers with an unparallel level of fast and accurate support. The Support Center listed below is continually being updated with the newest virus descriptions and answers to common questions, so that you obtain the necessary information in a timely manner. At SOFTWIN, dedication to saving its customers time and money by providing the most advanced products at the fairest prices has always been a top priority. Moreover, we think that a successful business is based on a good communication and a commitment to excellence in customer support. Clients department: [email protected] Technical support: [email protected] Phone: 0040-21-233 07 80 Address: SOFTWIN 5th Fabrica de Glucoza St. PO BOX 52-93 Bucharest, ROMANIA

41

mailto:[email protected]

mailto:[email protected]

bit defender for sendmail milter

Documents