Page 1 of 1

How to setup BitDefender or other AV

Posted: 19 Sep 2015 01:52
by mshanley
Anyone have a quick how-to, to add another AV besides Clam?

Re: How to setup BitDefender or other AV

Posted: 19 Sep 2015 10:53
by shawniverson
This would make for a good wiki article :)

I'll browse around. MailScanner supports many different AV solutions.

Re: How to setup BitDefender or other AV

Posted: 09 Oct 2015 15:56
by mshanley
Shawn,
any luck on this? :)

Re: How to setup BitDefender or other AV

Posted: 04 Nov 2015 08:25
by heronimus
Last two weeks we had several infected mail messages, not recognized by ClamAV. Replacing CLAMAV with a commercial AV has our interest.

Re: How to setup BitDefender or other AV

Posted: 14 Dec 2016 09:32
by Antiloop
did anyone do this yet?

it looks like there is an free and paid version of bitdefender:

free http://frams.bitdefender.com/
commercial http://www.bitdefender.com/support/busi ... ers-linux/

Re: How to setup BitDefender or other AV

Posted: 14 Dec 2016 14:51
by nicola.piazzi
I tried all antivirus possible about 6 month ago, the only that i found to works are clam with unofficial sign (included in efa) and sophos
AVG works (is a old version and i removed it)
Others have great problems,, bitdefender included

Re: How to setup BitDefender or other AV

Posted: 21 Dec 2016 00:07
by ovizii
any specific problems with FRAMS (bitdefender) you can remember? I was just going to give it a try.

Re: How to setup BitDefender or other AV

Posted: 30 Dec 2016 21:17
by z3us
I've installed ESET Linux File Security with success on my EFA machines.
It didn't miss a virus yet 8-)

Quick todo list:

Download esets.x86_64.rpm.bin to /root
Get license on server (/root)
Get to /root (cd /root)

• Install requirements
○ yum install glibc.i686 libstdc++.i686 -y
• Set permissions to ESET installer
○ chmod a+x esets.x86_64.rpm.bin
• Start installation
○ ./esets.x86_64.rpm.bin
• Import license
○ /opt/eset/esets/sbin/esets_lic --import ESET_File_Security_for_Linux.lic
• Change ESET config
○ nano /etc/opt/eset/esets/esets.cfg
Server = "" remove comment sign #
Fill in ESET username + password (remove comment sign again)
• Change MailScanner config
○ nano /etc/MailScanner/MailScanner.conf
§ Virus Scanners = esets clamd
○ nano /etc/MailScanner/virus.scanners.conf
§ esets /usr/lib/MailScanner/wrapper/esets-wrapper /opt/eset/esets/sbin
• Test ESET scanner
○ /usr/lib/MailScanner/wrapper/esets-wrapper /opt/eset/esets/sbin /root
§ Output = ESET Command-line scanner = good :-)
• Update definitions
○ /opt/eset/esets/sbin/esets_update
• ESET scanner start & restart MailScanner
○ /etc/init.d/esets start
○ service MailScanner restart

These are personal notes, correct me when I'm wrong or ask if something isn't clear.
:D

Re: How to setup BitDefender or other AV

Posted: 31 Dec 2016 17:25
by ovizii
Antiloop wrote:did anyone do this yet?

it looks like there is an free and paid version of bitdefender:

free http://frams.bitdefender.com/
commercial http://www.bitdefender.com/support/busi ... ers-linux/
turns out the free version does not include antivirus...
Note
The Antivirus component is not available in Bitdefender Free Antispam for Mail
Servers. If you want antivirus protection also, you must purchase a license for
BitDefender Security for Mail Servers.

Re: How to setup BitDefender or other AV

Posted: 19 Jan 2017 13:44
by asuweb
Hi Z3us,

Got ESET working as per my other message.

Interestingly though, I'm not seeing good results with ESET. Did you compare ESET with any other vendors?

I'm running trials with ESET / F-Secure / Sophos, and so far ESET is streets behind F-Secure and Sophos (these 2 largely detect the same results for each email). We get a lot of malware infected email and trojans hitting out scanners, and ESET hasn't fired once on these (it works with EICAR tests). The other 2 never miss a beat.

Having checked various sources and chatted to their support, it seems ESET is behind in protecting from new threats and isn't part of the ESET live grid.

Just thought I'd let you know my experiences. I'll be sticking with F-Secure and Sophos for now.

Re: How to setup BitDefender or other AV

Posted: 13 Feb 2018 08:47
by ofer5183
Help Z3us..
I followed you instructions for install Eset .
i installed Eset on EFA-3.0.2.6 .
it seems that Eset is working on the operating system but I got on Mailwatch --> top virus :
"Unknown virus scanner defined in MailScanner.conf. Review your configuration and don't use 'auto' as antivirus name (see FAQ)."
what I Missed..

Re: How to setup BitDefender or other AV

Posted: 14 Feb 2018 07:24
by tmgfsd
watching the same thing in my side, please help me too

Re: How to setup BitDefender or other AV

Posted: 09 Nov 2018 16:48
by gonzalezroda
Hi everyone,
I'm trying to make ESET work with efa but without success so far. All the installation process runs as z3us said in his post of 2016 but I'm stuck on trying to run eset-wrapper as postfix user, I understand postfix is the user who runs MailScanner and MailScanner has to run ESET via wrapper to examinate files, however ESET only runs with users root and esets.

My source of all my theory is http://lists.mailscanner.info/pipermail ... 04201.html and my practice is this:

Code: Select all

[root@efa ~]# MailScanner --lint
Trying to setlogsock(unix)

Reading configuration file /etc/MailScanner/MailScanner.conf
Reading configuration file /etc/MailScanner/conf.d/README
Read 1000 hostnames from the phishing whitelist
Read 22800 hostnames from the phishing blacklists
Config: calling custom init function SQLBlacklist
MailWatch: Starting up MailWatch SQL Blacklist
MailWatch: Read 21 blacklist entries
Config: calling custom init function MailWatchLogging
MailWatch: Started MailWatch SQL Logging child
Config: calling custom init function SQLWhitelist
MailWatch: Starting up MailWatch SQL Whitelist
MailWatch: Read 91 whitelist entries

Checking version numbers...
Version number in MailScanner.conf (5.0.7) is correct.

Your envelope_sender_header in spamassassin.conf is correct.
MailScanner setting GID to  (89)
MailScanner setting UID to  (89)

Checking for SpamAssassin errors (if you use it)...
Using SpamAssassin results cache
Connected to SpamAssassin cache database
SpamAssassin reported no errors.
Connected to Processing Attempts Database
Created Processing Attempts Database successfully
There are 10 messages in the Processing Attempts Database
Using locktype = posix
MailScanner.conf says "Virus Scanners = esets"
Found these virus scanners installed: clamavmodule, esets, clamd
===========================================================================
Filename Checks: Windows/DOS Executable (1 eicar.com)
Other Checks: Found 1 problems
Virus and Content Scanning: Starting
Scanner initialization failed.
===========================================================================

If any of your virus scanners (clamavmodule,esets,clamd)
are not listed there, you should check that they are installed correctly
and that MailScanner is finding them correctly via its virus.scanners.conf.
Config: calling custom end function SQLBlacklist
MailWatch: Closing down MailWatch SQL Blacklist
Config: calling custom end function MailWatchLogging
Config: calling custom end function SQLWhitelist
MailWatch: Closing down MailWatch SQL Whitelist

Code: Select all

[root@efa ~]# sudo -u postfix /usr/lib/MailScanner/wrapper/esets-wrapper /opt/eset/esets/sbin/ /home/admin

ESET Command-line scanner, version 4.5.11, (C) 1992-2018 ESET, spol. s r.o.
Using license: XXX (/etc/opt/eset/esets/license/esets_XXX.lic)
Scanner initialization failed.

Code: Select all

[root@efa ~]# sudo -u esets /usr/lib/MailScanner/wrapper/esets-wrapper /opt/eset/esets/sbin/ /home/admin

ESET Command-line scanner, version 4.5.11, (C) 1992-2018 ESET, spol. s r.o.
Using license: XXX (/etc/opt/eset/esets/license/esets_xxx.lic)
Module loader, version 1072 (20180813), build 1118
Module perseus, version 1545 (20181029), build 1994
Module scanner, version 18355 (20181109), build 39339
Module archiver, version 1279 (20181031), build 1359
Module advheur, version 1190 (20180924), build 1169
Module cleaner, version 1171 (20181030), build 1245

Command line: /home/admin 

Scan started at:   vie 09 nov 2018 10:35:39 CST

Scan completed at: vie 09 nov 2018 10:35:39 CST
Scan time:         0 sec (0:00:00)
Total:             files - 0, objects 0
Infected:          files - 0, objects 0
Cleaned:           files - 0, objects 0

As you can see here, MailScanner returns Scanner initialization failed. same as running wrapper as postfix user. I already tried to give permissions to postfix adding it to wheel group and even setting postfix ALL=(ALL:ALL) ALL in visudo, maybe someone in the community can finish this goal with all this info.

Thank you.