Anti-Virus

TUXGUARD Mail Gateway currently supports ClamAV and ESET Mail Security Anti-Virus engines. Anti-Virus and Attachment checks are always run before Spam and other checks and are excluded from being skipped by any Map ACLs (to prevent spam whitelisting from allow viruses through).

ClamAV

ClamAV® is an open source (GPL) anti-virus engine and is included by default with TUXGUARD Mail Gateway. The options below enable rejections of messages based on the type of signature detected in the message. If any viruses are detected but the relevant option is disabled, then the virus name is written to the X-Haraka-Virus: header which can be used for scoring later in the scan sequence (such as within SpamAssassin).

Enabled

Enable or Disable ClamAV anti-virus scans.

Hosts

If you wish to direct ClamAV scans to a dedicated cluster of ClamAV installations rather than using the TUXGUARD Mail Gateway supplied daemon, then you can supply a comma-separated list of host/ip:port combinations here and TUXGUARD Mail Gateway will use those instead.
Leave blank and each TUXGUARD Mail Gateway host will use its locally installed daemon.

Reject Broken Executables

When enabled, this will reject messages with attachments that contain broken executables detected by ClamAV.

Reject Encrypted Archives

When enabled, this will reject messages with attachments that contain encrypted ZIP or RAR files. Encrypted archives cannot be scanned as they cannot be unpacked by ClamAV.

Enable PUA Signatures

When enabled, this will reject messages with attachments that contain ‘Potentially Unwanted Applications’ identified by ClamAV.
From the ClamAV documentation - these include the following types of unwanted applications:

Packed

This is a detection for files that use some kind of runtime packer. A runtime packer can be used to reduce the size of executable files without the need for an external unpacker. While this can‘t be considered malicious in general, runtime packers are widely used with malicious files since they can prevent a already known malware from detection by an Antivirus product.

PwTool

Password tools are all applications that can be used to recover or decrypt passwords for various applications - like mail clients or system passwords. Such tools can be quite helpful if a password is lost, however, it can also be used to spy out passwords.

NetTool

Applications that can be used to sniff, filter, manipulate or scan network traffic or networks.
While a network scanner - for example - can be a extremely helpful tool for admins, you may not want to see an average user playing arround with it. Same goes for tools like netcat and the like.

P2P

Peer to Peer clients can be used to generate a lot of unwanted traffic and sometimes it happens that copyrights are violated by downloading copyright protected content (Music, Movies) - therefore we consider them possibly unwanted as well.

IRC

IRC Clients can be a productivity killer and depending on the client - a powerful platform for malicious scripts (take mIRC for example).

RAT

Remote Access Trojans are used to remotely access systems, but can be used also by system admins, for example VNC or RAdmin.

Tool

General system tools, like process killers/finders

Spy

Keyloggers, spying tools

Server

Server based badware like DistributedNet

Script

Known "problem" scripts written in Javascript, ActiveX or similar

Enable DLP Signatures

When enabled, message containing Credit Card Numbers or Social Security Numbers identified by ClamAV Data Loss Prevention module will be rejected.

Reject OLE2 Macros

When enabled, messages containing attachments which contain any Microsoft Office Macros will be rejected. This can prevent a lot of malware droppers, but may impact your users if they send and receive a lot of documents that contain macros.

Enable Google SafeBrowsing Signatures

When enabled, messages containing URLs listed on the Google SafeBrowsing list will be rejected.

Enable Phishing Signatures

When enabled, messages identified as potential Phishing will be rejected. ClamAV recommends that this not be used to reject messages.

Enable UNOFFICIAL Signatures

ClamAV allows anyone to write their own signature databases. These always have .UNOFFICIAL added to their name so they can be identified as from the ClamAV or not. Enabling this option allows messages that match an .UNOFFICIAL signature to be rejected

Unofficial Signature DB URLs

Here a comma-separated list of urls can be entered which point to unofficial signature databases.
ClamAV will update its freshclam.conf accordingly and proceed to download those on each worker host.

Both http(s) and ftp(s) URLs are being supported.

Exclude List

This is a list of viruses, one per line, that should not be rejected if detected. Wildcards are supported, * will match many characters and ? will match a single character only or regular expressions can be used by enclosing the pattern with //. Comments are prefixed with #
You can negate a match by prefixing it with ! Negative matches are always checked first.

AVG AntiVirus

AVG is an optional add-on. It must be installed on each TUXGUARD Mail Gateway worker host before it is enabled. See Appendix E for installation instructions

Enabled

This enables or disables AVG AntiVirus scanning

ESET Mail Security

ESET Mail Security is an optional add-on. It must be installed on each TUXGUARD Mail Gateway worker host as per the ESET documentation before it is enabled.

Enabled

This enables or disables ESET Mail Security scanning.