Sophos AV with Amavis and Postfix

How-to

Today i will show you how to install Sophos AV with Postfix. I assume that Postfix is ​​already configured.

Installation AMaViS

First of all we will install AMaViS.

Debian/Ubuntu

apt-get install amavis

Installation Sophos AV on Linux

  1. We will download the installer on the website of Sophos first
    https://www.sophos.com/de-de/products/free-tools/sophos-antivirus-for-linux.aspx
  2. In the next step we need to copy the installer to our server
    scp <path-to.tgz> <user>@<server>:
  3. Connect to the server and change to the root user
    ssh <user>@<
    server>server# sudo su -
  4. With the tar comment we uncompress the installer in /tmp
    server# cd /tmp
    server# tar -xvfz <path-to>.tgz
  5. Now we start the installation
    server# cd /tmp/sophos-av
    server# ./install.sh
  6. Press <enter> and <space> to scroll through the terms and conditions. Press ‘Y’ to confirm.
  7. Install Sophos AV in the default location
    Where do you want to install Sophos Anti-Virus? [/opt/sophos-av]
  8. On the next step we will choose the running mode.
    On-Access: Scan runs in daemon mode. This mode needs more memory but scanning files faster.
    OnDemand: It use Sophos AV only when the file pushed to the scanner.
    I have choosen on-demand.
    Do you want to enable on-access scanning? Yes(Y)/No(N) [Y] n
  9. Select the update server
    Which type of auto-updating do you want? From Sophos(s)/From own server(o)/None(n) [s]
  10. Choose ‘f’ for the free sophos version (without support)
    Do you wish to install the Free (f) or Supported (s) version of SAV for Linux? [s] f
  11. If you are using an proxy server enter this in the next step.
    Do you need a proxy to access Sophos updates? Yes(Y)/No(N) [N]
  12. Now the installation is finished.

Connect postfix and AMaViS

  1. Edit postfix main.cf
    vi /etc/postfix/main.cf
  2. Add the content filter
    content_filter = smtp-amavis:[127.0.0.1]:10024
  3. For Postfix to receive the mail from AMaViS again, two services must be defined in master.cf.
    vi /etc/postfix/master.cf

    smtp-amavis  unix    -    -    n    -    2    smtp
    -o smtp_data_done_timeout=1200
    -o smtp_send_xforward_command=yes
    -o disable_dns_lookups=yes
    127.0.0.1:10025 inet    n    -    n    -    -    smtpd
    -o content_filter=
    -o local_recipient_maps=
    -o relay_recipient_maps=
    -o smtpd_restriction_classes=
    -o smtpd_helo_restrictions=
    -o smtpd_sender_restrictions=
    -o smtpd_recipient_restrictions=permit_mynetworks,reject
    -o mynetworks=127.0.0.0/8
    -o strict_rfc821_envelopes=yes
    -o smtpd_error_sleep_time=0
    -o smtpd_soft_error_limit=1001
    -o smtpd_hard_error_limit=1000
    -o receive_override_options=no_header_body_checks

Connect AMaViS with Sophos

  1. In the AMaViS configuration we will configure the scanner
    vi /etc/amavis/conf.d/15-av_scanners
  2. Search for parameter av_scanners_backup
  3. In the array you will find Sophos Anti Virus (sweep)
  4. Comment the entry with #
  5. Copy the entry
  6. Paste the entry in the av_scanners parameter
  7. Uncomment the lines here
  8. Now AMaViS is connected with Sophos AV

Activate AV-Scans in AMaViS

  1. AMaViS needs to configure for virus scans
  2. So we will edit the file /etc/amavis/conf.d/15-content_filter_mode and uncomment the following files
    -#@bypass_virus_checks_maps = (
    -#   \%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re);
    +@bypass_virus_checks_maps = (
    +   \%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re);

Restart services

systemctl restart postfix
systemctl restart amavis
Oliver
Thats me

Leave a Reply

Your e-mail address will not be published. Required fields are marked *