BitDefender Mail Protection for Enterprises EVALUATOR'S GUIDE Copyright© 2006 SOFTWIN
BitDefender Mail Protection for Enterprises EVALUATOR'S GUIDE Abstract This guide introduces evaluators and reviewers to key functions of BitDefender Mail Protection for Enterprises. The objectives of this guide are to provide minimal install instructions and a guided tour of the important features and enhancements in this new release.
BitDefender Mail Protection for Enterprises EVALUATOR'S GUIDE BitDefender Mail Protection for Enterprises can be installed on any Linux distribution, using a self-extractable archive. The archive is a compressed tar and includes all the necessary pre-install, post-install, pre-remove and post-remove scripts. This package should be installed using the following command. # ./BitDefender-mpe-{os}-{ver}.{pkg}.run This will unpack the BitDefender files (engines, core, etc.), the install and uninstall scripts.
BitDefender Mail Protection for Enterprises EVALUATOR'S GUIDE # bdsafe agent integrate qmail Eventually, enable the agent. # bdsafe agent qmail enable 3. Quick tests Let's run some short tests to see whether BitDefender is working and, most of all, how it is working. We will address separately the major components: the antivirus and the antispam functions. To make sure BitDefender is working properly, we will test its efficiency using standard testing methods.
BitDefender Mail Protection for Enterprises EVALUATOR'S GUIDE Copy this line and save the file with any name and .COM extension, for example EICAR.COM. You can keep the EICAR.COM in a safe place and test periodically the server protection. EICAR online resources You can visit the EICAR website at http://eicar.com/, read the documentation and download the file from one of the locations on the web page http://eicar.com/anti_virus_test_file.htm.
BitDefender Mail Protection for Enterprises EVALUATOR'S GUIDE Infected attached archive For testing the efficiency of the BitDefender MIME Packer component, create an archive containing the EICAR.COM file, then attach it to an email sent to yourself through the email server to test. For example, gzip the EICAR.COM file and attach the resulting archive. $ gzip --best EICAR.COM $ echo "EICAR test archive." | mail -s EICAR -a EICAR.COM.
BitDefender Mail Protection for Enterprises EVALUATOR'S GUIDE Subject: [spam] GTUBE If you take a look at the email headers, you will notice this one: X-BitDefender-Spam: Yes (100) Now it is easy to create filtering rules based on the subject or, better, on the X-BitDefender-Spam header. RBL quick configuration The RBL filter servers to filter spam based on mail server's reputation as spam sender. To configure it, you can use the bdsafe command.
BitDefender Mail Protection for Enterprises EVALUATOR'S GUIDE Basically, there are groups and user. The users are defined according to their email address or login name, as they are seen by the server internally. Several users define a group. The nice part is just following: you can specify various settings for each group, such as antivirus actions, templates to be used for notification and so on. There are two special groups: All and Default.
BitDefender Mail Protection for Enterprises EVALUATOR'S GUIDE The Net-SNMP plugin, is a module of the snmpd daemon (developed for the net-snmp package). It is loaded by the daemon and communicates with BitDefender Registry to gain read and write access to BitDefender settings. The second implementation, the Logger plugin, is just another module beside file logger, real-time virus and spam report module or mail notification module.
BitDefender Mail Protection for Enterprises EVALUATOR'S GUIDE • Consult the update related keys: last update, last check, update status and set the interval between to successive checks. • Consult the number of signatures of the antivirus engine. • Consult the license information: the license type, the number of users, the number of domains (reported to the total number of users and domains supported by the license).
BitDefender Mail Protection for Enterprises EVALUATOR'S GUIDE Thus we specify this user will have read and write access, but it is not defined yet. Add this line at the end of the /var/net-snmp/snmptrapd.conf file and remember the passwords should be longer than 8 characters. If the file does not exist, just create it.
BitDefender Mail Protection for Enterprises EVALUATOR'S GUIDE Set the privacy pass phrase used for encrypted SNMP v3 messages. The same v a l u e m u s t b e f o u n d i n /BDUX/LoggerDaemon/Plugins/SNMP/SecurityPrivProtoPass registry key. This line will be replaced with another one, with encrypted passwords, when snmptrapd daemon is started. One more thing: you do not need to use all the parameters specified above for SNMP v3.
BitDefender Mail Protection for Enterprises EVALUATOR'S GUIDE we have created the bitdefender_inform user for this purpose. The alert will be logged on syslog too. # snmpinform -v 3 -m ALL -u bitdefender_inform -l authPriv -a MD5 -A -x DES -X localhost 42 coldStart.0 \ \ If you do not want to use the SNMP version 3 protocol, you can use the other two supported: 1 and 2c. In this case you do not need the username, all you have to know is the community string.
BitDefender Mail Protection for Enterprises EVALUATOR'S GUIDE Time interval modification To modify the time interval, let's say to 2 hours, you will have to run the command bellow. # bdsafe configure update checkinterval 7200 Live! Update proxy configuration If a proxy server is to be used to connect to the Internet please run the following command providing the correct settings, the proxy address and port. # bdsafeconfigure update proxysettings address:port By default, the proxy is disabled.
BitDefender Mail Protection for Enterprises EVALUATOR'S GUIDE • A patch is labeled SECURITY when it has the role to correct any security related issue. For example, if there is a bug which might permit an attacker to gain access to emails scanned by BitDefender, then a SECURITY patch will be released to fix this issue. Opposed to CRITICAL patches, which affect the BitDefender's normal behavior, SECURITY patches can fix the bugs that will not occur in friendly environment, if such one exists, usually.
