User manual

www.grisoft.com

AVG Linux Email Server / User Manual

5.3. Using Unix Socket for an Extra Security

You can take advantage of launching the

AVG Anti-Virus e-mail scanning daemon

within the same account as the e-mail content scanner (

AMaViS or Qmail-

Scanner

). Moreover, the e-mail scanning daemon can create a Unix socket and

listen on it then in order to increase the e-mail scanning security. The socket is

created and also destroyed by the daemon automatically with the proper access

rights and ownership (e. g.

amavis when the daemon is running under the amavis

account).

To enable the using of the socket, follow these steps (you must be logged in as

root):

z Uncomment the line with the unixSocketName parameter in the

/ect/avg.conf AVG for Linux E-mail Server configuration file. You can also

change the parameter value if necessary (the default value is

/tmp/avg.sock). See chapter 8. Configuration File for detailed information

on the configuration file.

z In the /opt/grisoft/avg7/etc/init.d/avgdinit.conf file, change the SUSER

parameter value to the name of the user who is supposed to run the e-mail

scanning

AVG Anti-Virus daemon (for example amavis).

z Finally, you must change the configuration file of the respective e-mail content

scanner (

AMaViS or Qmail-Scanner). For example, in the case of the

preferred

amavisd-new scanner the AVG Anti-Virus related section of the

/etc/amavisd.conf file should look like as follows:

['AVG Anti-Virus', \&ask_daemon, ["SCAN {}\n", '/tmp/avg.sock'], qr/^200/,

qr/^403/, qr/^403 .*?: (.+)/ ]

Note: The on-access scanning must be running under the root account. So if you

change the user who is running the daemons in the

/etc/init.d/avgd file, you will

disable the on-access scanning! You have to resolve the trade-off between the on-

access scanning and increased e-mail scanning security.