How to setup BitDefender or other AV

Questions and answers about how to do stuff
Post Reply
mshanley
Posts: 41
Joined: 26 Apr 2014 05:19

How to setup BitDefender or other AV

Post by mshanley »

Anyone have a quick how-to, to add another AV besides Clam?
User avatar
shawniverson
Posts: 3644
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: How to setup BitDefender or other AV

Post by shawniverson »

This would make for a good wiki article :)

I'll browse around. MailScanner supports many different AV solutions.
mshanley
Posts: 41
Joined: 26 Apr 2014 05:19

Re: How to setup BitDefender or other AV

Post by mshanley »

Shawn,
any luck on this? :)
heronimus
Posts: 24
Joined: 11 Sep 2015 10:19
Location: Netherlands

Re: How to setup BitDefender or other AV

Post by heronimus »

Last two weeks we had several infected mail messages, not recognized by ClamAV. Replacing CLAMAV with a commercial AV has our interest.
Antiloop
Posts: 11
Joined: 20 Mar 2014 13:03

Re: How to setup BitDefender or other AV

Post by Antiloop »

did anyone do this yet?

it looks like there is an free and paid version of bitdefender:

free http://frams.bitdefender.com/
commercial http://www.bitdefender.com/support/busi ... ers-linux/
nicola.piazzi
Posts: 388
Joined: 23 Apr 2015 09:45

Re: How to setup BitDefender or other AV

Post by nicola.piazzi »

I tried all antivirus possible about 6 month ago, the only that i found to works are clam with unofficial sign (included in efa) and sophos
AVG works (is a old version and i removed it)
Others have great problems,, bitdefender included
ovizii
Posts: 463
Joined: 11 May 2016 08:08

Re: How to setup BitDefender or other AV

Post by ovizii »

any specific problems with FRAMS (bitdefender) you can remember? I was just going to give it a try.
z3us
Posts: 8
Joined: 22 Jul 2016 17:10

Re: How to setup BitDefender or other AV

Post by z3us »

I've installed ESET Linux File Security with success on my EFA machines.
It didn't miss a virus yet 8-)

Quick todo list:

Download esets.x86_64.rpm.bin to /root
Get license on server (/root)
Get to /root (cd /root)

• Install requirements
○ yum install glibc.i686 libstdc++.i686 -y
• Set permissions to ESET installer
○ chmod a+x esets.x86_64.rpm.bin
• Start installation
○ ./esets.x86_64.rpm.bin
• Import license
○ /opt/eset/esets/sbin/esets_lic --import ESET_File_Security_for_Linux.lic
• Change ESET config
○ nano /etc/opt/eset/esets/esets.cfg
Server = "" remove comment sign #
Fill in ESET username + password (remove comment sign again)
• Change MailScanner config
○ nano /etc/MailScanner/MailScanner.conf
§ Virus Scanners = esets clamd
○ nano /etc/MailScanner/virus.scanners.conf
§ esets /usr/lib/MailScanner/wrapper/esets-wrapper /opt/eset/esets/sbin
• Test ESET scanner
○ /usr/lib/MailScanner/wrapper/esets-wrapper /opt/eset/esets/sbin /root
§ Output = ESET Command-line scanner = good :-)
• Update definitions
○ /opt/eset/esets/sbin/esets_update
• ESET scanner start & restart MailScanner
○ /etc/init.d/esets start
○ service MailScanner restart

These are personal notes, correct me when I'm wrong or ask if something isn't clear.
:D
ovizii
Posts: 463
Joined: 11 May 2016 08:08

Re: How to setup BitDefender or other AV

Post by ovizii »

Antiloop wrote:did anyone do this yet?

it looks like there is an free and paid version of bitdefender:

free http://frams.bitdefender.com/
commercial http://www.bitdefender.com/support/busi ... ers-linux/
turns out the free version does not include antivirus...
Note
The Antivirus component is not available in Bitdefender Free Antispam for Mail
Servers. If you want antivirus protection also, you must purchase a license for
BitDefender Security for Mail Servers.
asuweb
Posts: 3
Joined: 07 Apr 2016 17:39

Re: How to setup BitDefender or other AV

Post by asuweb »

Hi Z3us,

Got ESET working as per my other message.

Interestingly though, I'm not seeing good results with ESET. Did you compare ESET with any other vendors?

I'm running trials with ESET / F-Secure / Sophos, and so far ESET is streets behind F-Secure and Sophos (these 2 largely detect the same results for each email). We get a lot of malware infected email and trojans hitting out scanners, and ESET hasn't fired once on these (it works with EICAR tests). The other 2 never miss a beat.

Having checked various sources and chatted to their support, it seems ESET is behind in protecting from new threats and isn't part of the ESET live grid.

Just thought I'd let you know my experiences. I'll be sticking with F-Secure and Sophos for now.
ofer5183
Posts: 2
Joined: 12 Feb 2018 06:56

Re: How to setup BitDefender or other AV

Post by ofer5183 »

Help Z3us..
I followed you instructions for install Eset .
i installed Eset on EFA-3.0.2.6 .
it seems that Eset is working on the operating system but I got on Mailwatch --> top virus :
"Unknown virus scanner defined in MailScanner.conf. Review your configuration and don't use 'auto' as antivirus name (see FAQ)."
what I Missed..
Attachments
top viruses.JPG
top viruses.JPG (37.66 KiB) Viewed 10732 times
tmgfsd
Posts: 2
Joined: 14 Feb 2018 07:22

Re: How to setup BitDefender or other AV

Post by tmgfsd »

watching the same thing in my side, please help me too
gonzalezroda
Posts: 7
Joined: 17 Dec 2016 22:03

Re: How to setup BitDefender or other AV

Post by gonzalezroda »

Hi everyone,
I'm trying to make ESET work with efa but without success so far. All the installation process runs as z3us said in his post of 2016 but I'm stuck on trying to run eset-wrapper as postfix user, I understand postfix is the user who runs MailScanner and MailScanner has to run ESET via wrapper to examinate files, however ESET only runs with users root and esets.

My source of all my theory is http://lists.mailscanner.info/pipermail ... 04201.html and my practice is this:

Code: Select all

[root@efa ~]# MailScanner --lint
Trying to setlogsock(unix)

Reading configuration file /etc/MailScanner/MailScanner.conf
Reading configuration file /etc/MailScanner/conf.d/README
Read 1000 hostnames from the phishing whitelist
Read 22800 hostnames from the phishing blacklists
Config: calling custom init function SQLBlacklist
MailWatch: Starting up MailWatch SQL Blacklist
MailWatch: Read 21 blacklist entries
Config: calling custom init function MailWatchLogging
MailWatch: Started MailWatch SQL Logging child
Config: calling custom init function SQLWhitelist
MailWatch: Starting up MailWatch SQL Whitelist
MailWatch: Read 91 whitelist entries

Checking version numbers...
Version number in MailScanner.conf (5.0.7) is correct.

Your envelope_sender_header in spamassassin.conf is correct.
MailScanner setting GID to  (89)
MailScanner setting UID to  (89)

Checking for SpamAssassin errors (if you use it)...
Using SpamAssassin results cache
Connected to SpamAssassin cache database
SpamAssassin reported no errors.
Connected to Processing Attempts Database
Created Processing Attempts Database successfully
There are 10 messages in the Processing Attempts Database
Using locktype = posix
MailScanner.conf says "Virus Scanners = esets"
Found these virus scanners installed: clamavmodule, esets, clamd
===========================================================================
Filename Checks: Windows/DOS Executable (1 eicar.com)
Other Checks: Found 1 problems
Virus and Content Scanning: Starting
Scanner initialization failed.
===========================================================================

If any of your virus scanners (clamavmodule,esets,clamd)
are not listed there, you should check that they are installed correctly
and that MailScanner is finding them correctly via its virus.scanners.conf.
Config: calling custom end function SQLBlacklist
MailWatch: Closing down MailWatch SQL Blacklist
Config: calling custom end function MailWatchLogging
Config: calling custom end function SQLWhitelist
MailWatch: Closing down MailWatch SQL Whitelist

Code: Select all

[root@efa ~]# sudo -u postfix /usr/lib/MailScanner/wrapper/esets-wrapper /opt/eset/esets/sbin/ /home/admin

ESET Command-line scanner, version 4.5.11, (C) 1992-2018 ESET, spol. s r.o.
Using license: XXX (/etc/opt/eset/esets/license/esets_XXX.lic)
Scanner initialization failed.

Code: Select all

[root@efa ~]# sudo -u esets /usr/lib/MailScanner/wrapper/esets-wrapper /opt/eset/esets/sbin/ /home/admin

ESET Command-line scanner, version 4.5.11, (C) 1992-2018 ESET, spol. s r.o.
Using license: XXX (/etc/opt/eset/esets/license/esets_xxx.lic)
Module loader, version 1072 (20180813), build 1118
Module perseus, version 1545 (20181029), build 1994
Module scanner, version 18355 (20181109), build 39339
Module archiver, version 1279 (20181031), build 1359
Module advheur, version 1190 (20180924), build 1169
Module cleaner, version 1171 (20181030), build 1245

Command line: /home/admin 

Scan started at:   vie 09 nov 2018 10:35:39 CST

Scan completed at: vie 09 nov 2018 10:35:39 CST
Scan time:         0 sec (0:00:00)
Total:             files - 0, objects 0
Infected:          files - 0, objects 0
Cleaned:           files - 0, objects 0

As you can see here, MailScanner returns Scanner initialization failed. same as running wrapper as postfix user. I already tried to give permissions to postfix adding it to wheel group and even setting postfix ALL=(ALL:ALL) ALL in visudo, maybe someone in the community can finish this goal with all this info.

Thank you.
Post Reply