Date: Thu, 02 May 2002 16:13:17 -0700 From: Blake Swensen <blake@pyramus.com> To: george@durham.net Cc: "'Dave'" <dave@hawk-systems.com>, freebsd-isp@FreeBSD.ORG Subject: Re: Blake, Andre and anyone else that cares to comment on virus scanning. PLEASE!!! Message-ID: <3CD1C80D.5DC54EBC@pyramus.com> References: <002b01c1f18a$d153de80$20fea8c0@ddd>
next in thread | previous in thread | raw e-mail | index | archive | help
Right... First... you can install drweb from the ports collection (/usr/ports/security/drweb and drweb-sendmail). I installed the packages because it was easier. Second... and this is a biggy. If you don't already have sendmail compiled with milter and you are not prepared to re-make sendmail then don't bother reading any further. If you are keeping current on sendmail then you should be an old hand at this. If not, shame! Dr.Web installs the daemon (drwebd), the command line scanner (drweb), and some other utilities to update virus definitions, etc. Steps are like this. Install port/package. Configure the drweb.ini file. Make a small change to /etc/defaults/make.conf. Re-make sendmail. Edit sendmail.cf. done. There is a test un-virus that comes with the installation. And... if you want, I can send you a pile of klez to run your tests on :) (I have trapped over 1000 messages that were spam or virus over the last three days, for example). The thing that got me confused was the whole 'port' thing.. That is to say that drwebd listens on a port as does drweb-smf (the sendmail filter). So sendmail passes every message to drweb-smf and it passes it to drwebd to be scanned. Then if OK, the thing takes a trip back through and gets dropped into the mailbox in the normal way. So, when I set it up I thought that the filter would have to be set to talk to the daemon on the port specified in the drweb32.ini file.. but I was wrong!. Sendmail has to talk to drweb-smf (the filter) on a port as well... so make sure that when you reconfigure sendmail.cf that you specify a different port than the one that drwebd is on..... other than that you'll be OK. Finally, starting the filter for the first time was a little trying. There are sooooooo many command line parameters that it needs before it will start up. If you get one wrong it won't start but it also will not tell you why.... arrrg. The startup script that it puts in /usr/local/etc/rc.d was no help either... So I ended up putting a value for every parameter then taking out the ones that didn't make sense until it broke. Have fun... although it was a bit of a bugger, it was well worth the effort. Peace, Blake George Ramos wrote: > > Well, server. We have about 1500 subscribers and we are using sendmail and > Free BSD 4.X. > > -----Original Message----- > From: owner-freebsd-isp@FreeBSD.ORG > [mailto:owner-freebsd-isp@FreeBSD.ORG]On Behalf Of Dave > Sent: Thursday, May 02, 2002 12:14 PM > To: freebsd-isp@FreeBSD.ORG > Subject: RE: Blake, Andre and anyone else that cares to comment on virus > scanning. PLEASE!!! > > >First of all, what is the URL for Dr Web? > > http://www.sald.com/ > > >Secondly, I'm missing Andre's point and I am trying to understand, why are > >you Andre asking about "for a sendmail addon to scan each e-mail (at least > >incoming, but > >> > incoming and outgoing preferred) for virii's. I've heard that they > >don't > >> > work well on FreeBSD? any ideas welcome." but then move on to say "I > >love RAV's native version for FreeBSD using the sendmail milter > >> interface. > >> > >> http://www.ravantivirus.com/ > > > >Isn't ravantivirus the same thing? Can you please kindly explain Andre > >because it seems to me that you were asking for something that you already > >have....? I hope that you don't mind my asking but we are trying to > >implement a virus scanning solution for our customers and needless to say > we > >are trying to do this as painlessly as possible. We've been watching the > >suggestions on the list and I was encouraged by Blake's answer regarding > >Dr.Web. > > > >Lastly, can you tell me, how long should it take to get this Dr.Web running > >and are there any pitfalls that we should watch for? > > are you looking for server implementation or workstation? if server what > volume > of what of email and platform? > > Dave > > >Thank you. > > > >George > >Durham Net > > > > > >Sent: Tuesday, April 30, 2002 3:48 PM > >Cc: freebsd-isp@FreeBSD.ORG > >Subject: Re: sendmail virus scanning > > > > > >I have installed and am using DR.Web. It tooks some doing as the > >documentation is a bit sketchy. However, now that I have it installed > >it works very, very well. It even does a modest amount of spam > >filtering. > > > >That being said, the port for drweb-sendmail appears to be broken, but > >the package installation worked very well. Also, make sure that you are > >not getting the package from the Freebsd 4.2 tree... it installs ok but > >doesn't actually do anything once installed. > > > >Happy hacking. > > > >Peace, > >Blake > > > >Andre Albsmeier wrote: > >> > >> On Sat, 20-Apr-2002 at 14:53:40 -0700, Patrick O. Fish wrote: > >> > I'm looking for a sendmail addon to scan each e-mail (at least > incoming, > >but > >> > incoming and outgoing preferred) for virii's. I've heard that they > >don't > >> > work well on FreeBSD? any ideas welcome. > >> > >> I love RAV's native version for FreeBSD using the sendmail milter > >> interface. > >> > >> http://www.ravantivirus.com/ > >> > >> -Andre > > > > > >To Unsubscribe: send mail to majordomo@FreeBSD.org > >with "unsubscribe freebsd-isp" in the body of the message > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3CD1C80D.5DC54EBC>