Antivirus installation - DRWEB
DRWEB daemon installation
DRWEB is russian antivirus software that can be embeded into postfix installation. Full information
you can read at http://www.sald.com. It works as a daemon
so you need to create that !!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Download DRWEB antivirus software from ftp://ftp.drweb.ru/pub/unix/. For Linux operation system
you need to download glibc version. Since drweb is running as daemon you need to add user drweb.
Perform following steps:
adduser -s /sbin/nologin drweb
tar -xzvf drweb*.tar.gz
cd drweb*
cp -Rpv opt/drweb /usr/local/
cp -Rpv etc/drweb/ /etc/
cp -Rpv var/drweb /var/
chown -R drweb.drweb /var/drweb
Now we need to configure it. Open /etc/drweb/drweb32.ini at your
favorite editor and change location of viruses database since it's better to have /usr as read-only
to keep servers secure.
UpdatePath = "/var/drweb/updates"
And move database to /var partition:
mv /usr/local/drweb/updates /var/drweb/
Also, at loaded servers you need to increase number of drweb childs.
MaxChildren = 16
should be changed to
MaxChildren = 2000
Basically, Drweb should be installed into /opt/drweb, but at most system /opt is located at root partition, so
it's much simpler just to make a symlink as shown below:
mkdir /opt/
ln -s /usr/local/drweb /opt/
Lets add the drweb daemon at servers startup scripts. Take startup script at
http://smartcgi.com/dist/postfix/init.d/drwebd.
And add this startup script into default level of your Linux. For RedHat use following command:
/sbin/chkconfig --add drwebd
/sbin/chkconfig drwebd on
chmod 711 /etc/init.d/drweb
Check if it has been added correctly:
[root@box1 init.d]# chkconfig --list | grep drweb
drwebd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
[root@box1 init.d]#
And start the daemon to see if it's working fine:
[root@box1 init.d]# /etc/init.d/drwebd start
Starting drwebd: Dr.Web (R) daemon for Linux, version 4.29.5 (January 6, 2003)
Copyright (c) Igor Daniloff, 1992-2002
Daniloff's Labs and DialogueScience
http://www.drweb.ru, support@drweb.ru: +7 (812) 387-64-08
http://www.dials.ru, antivir@dials.ru: +7 (095) 137-01-50
Key file: /usr/local/drweb/drwebd.key
Registration info:
0100005168
Evaluation Key (ID Anti-Virus Lab. Ltd, St.Petersburg)
This is an EVALUATION version with limited functionality!
To get your registration key, call regional dealer.
Engine version: 4.29b
Loading /var/drweb/bases/drwebase.vdb - Ok, virus records: 31578
Daemon is installed, active interfaces: 127.0.0.1:3000
[root@box1 init.d]#
Well, everything looks fine and DRWEB daemon accepts connections at 127.0.0.1 port 3000. And 31578 virus signatures
have been loaded.
Integrating DRWEB antivirus with postfix
DRWEB accepts connections with mail bodies on 3000 port and reinject scanned mail to
postfix over TCP/IP. To use this way you to download drweb-postfix package from
ftp://ftp.drweb.ru/pub/unix/.
Download latest version like drweb-postfix-x.xx-linux-glibc-x.xx.tar.gz and install it as shown below:
tar -xzvf drweb-postfix*
cp -Rpv drweb-postfix*/opt/drweb/* /usr/local/drweb/
cp -Rpv drweb-postfix*/etc/drweb/* /etc/drweb/
Take perl script that reinjects scanned emails to postfix back at
http://smartcgi.com/dist/postfix/misc/reinject-drweb and put this into
/usr/local/drweb/ directory.
Well, DRWEB antivirus daemon has been completelly installed.
Setup periodical updating of viruses database's updates
Check if you have /var/drweb owned by user and group 'drweb'. If not, change owner. Then you need
to add a command to download viruses database's updates into cron of 'drweb user'. It should be:
0 4 * * * /usr/local/drweb/update/update.pl > /dev/null 2>&1
List of content
- Introduction
- Misc software installation
- Antivirus software
- Antispam - SpamAssassin installation
- Postfix installation
- COPYRIGHT
| 
Home
