How to enable anti-spam and anti-virus filtering in Axigen using the milter implementation of Dr. Web for mail servers

How to enable anti-spam and anti-virus filtering in Axigen using the milter implementation of Dr. Web for Unix mail servers. Anti-virus&Anti-spam

Dr.Web's installation

To use Dr. Web you will first need a license key. You can also request for a demo license at:
 http://download.drweb.com/maild

First download Dr. Web for Unix mail servers, anti-virus + anti-spam  from the Download section:
 drweb-mail-servers-av-as_<version>_linux.run

Installation

Dr. Web is a combination of installed modules and plugins. This combination allows interaction with Axigen.
Short description of the required modules:
  Dr.Web Daemon - antivirus package that can be used as an external antivirus filter plugin
  Vaderetro - external antispam filter plugin
  Dr.Web MailD - is used for analyzing and processing of mail traffic and enables integration with all other packages

To install, simply run Dr.Web installer:
# sh drweb-mail-servers-av-as_5.0.0_linux.run
To install the software in console mode change your directory to drweb-mail-servers-av-as_5.0.0_linux and install the following:
 # ./drweb-agent.install
 # ./drweb-maild-plugin-vaderetro.install
 # ./drweb-daemon.install
 # ./drweb-monitor.install
 # ./drweb-maild-sendmail.install
 # ./drweb-maild-plugin-drweb.install
 # ./drweb-bases.install
 # ./drweb-maild-plugin-headersfilter.install
Rename the original sendmail.cf since Dr.Web requires this file to add a patch:
 # mv /etc/mail/sendmail.cf /etc/mail/sendmail.cf.original
then create an empty file for Dr.Web to use:
# touch /etc/mail/sendmail.cf
Then change directory to:
# cd /opt/drweb/maild/scripts/and run a few configuration scripts:
 # ./configure_mta.sh
 # perl plugin_vaderetro_configure.pl
 # perl plugin_drweb_configure.pl
 # perl plugin_headersfilter_configure.pl
Then you will have to edit the following files:
   /etc/drweb/drwebd.enable
   /etc/drweb/drweb-monitor.enable
To enable DrWeb Daemon and DrWeb Monitor Daemon. Just change from:
 
 ENABLE=0 to ENABLE=1

Copy the license key in /opt/drweb/
 # cp drweb32.key /opt/drweb/and start Dr. Web:
 # /etc/init.d/drwebd start 
 # /etc/init.d/drweb-monitor start

Use netstat to verify that Dr.Web binds on the correct ports:
 # netstat -ntpl | grep drweb
 tcp        0      0 127.0.0.1:4040              0.0.0.0:*                   LISTEN      6299/drweb-agent.re
 tcp        0      0 127.0.0.1:3000              0.0.0.0:*                   LISTEN      6279/drwebd.real
 tcp        0      0 127.0.0.1:3001              0.0.0.0:*                   LISTEN      6331/drweb-milter.r
Axigen configuration

To configure Axigen to use Dr.Web as a filter, login as admin to the Webadmin interface and navigate to: Security & Filtering -> Acceptance & Routing -> Advanced Settings tab and define the following rules:
 
1. Rule Name: drweb-define <or a suggestive name for the rule>
    Conditions:  Match any email message
    Actions: Filters - Add Filter: 
                             Name: drweb <or a suggestive name for the filter>
                             Address: inet://127.0.0.1:3001

 2. Rule Name: drweb-execute <or a suggestive name for the rule>
    Conditions:  Match any email message
    Actions: Filters - Execute Filters - drweb <or the name specified for the filter in the above rule>

Send a test message to yourself and view the Axigen log files for errors. The source of the message received should contain the following extra headers added by Dr.Web:

 X-Antivirus:
 X-Antivirus-Code:
 X-Drweb-SpamState:
 X-Drweb-SpamScore:

Enforce actions in Axigen based on the message spam status

In order to deliver the message to Spam folder if the message was identified as spam by Dr.Web, define the following rule via Webadmin -> Security & Filtering -> Incoming Message Rules:
   Message rule name: <type a suggestive rule name>
   Conditions: Custom - ''X-Drweb-SpamState'' - Contains - ''yes''
   Actions: Move To - ''Spam''

You can test this rule using the GTUBE string in a message. The GTUBE string is:
   XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X

In order to test the antivirus you can use EICAR test. More details regarding the EICAR, as well as test attachments are available at:
 http://www.eicar.org/anti_virus_test_file.htm


Dr. Web configuration files
 
You can configure Dr.Web's modules by editing their corresponding configuration files located under:
 /etc/drweb/

For example, to add the prefix **SPAM** in the subject of the messages identified as spam you should edit the corresponding variable in:
 /etc/drweb/plugin_vaderetro.conf

Releases: Mail Server 7.2.X
OS: Linux
Distros: RPM based distros, RPM based distros with gcc3, RPM based distros with gcc4, Slackware, Debian, Ubuntu, Gentoo, Mandriva Linux, DEB based distros with gcc4, Yellow Dog, Debian 3.1, FreeBSD 6.x