How to integrate BitDefender Antivirus with PMG

[heutger]

I just found, that beside ClamAV (which can be improved by additional signatures) Avast is supported as well, however, I dislike Avast and also tried just for testing to install and try a local scan and always fail with permission denied. However, I saw at https://pve.proxmox.com/pipermail/pmg-devel/2018-February/000044.html that integration seems to be not too hard, if it's possible to have a debian installer/packages/... (that's given, see below), so the final "hard job" is to adjust the RegEx to process the scan results from BitDefender similar to Avast as done there before or ClamAV, which is already integrated. As I'm not able to write my own RegEx and also don't completely understand the code (I'm out of coding for years now), maybe someone can help out?

Steps performed so far:

wget http://download.bitdefender.com/SMB/Workstation_Security_and_Management/BitDefender_Antivirus_Scanner_for_Unices/Unix/Current/EN_FR_BR_RO/Linux/BitDefender-Antivirus-Scanner-7.7-1-linux-amd64.deb.run
chmod +x BitDefender-Antivirus-Scanner-7.7-1-linux-amd64.deb.run
./BitDefender-Antivirus-Scanner-7.7-1-linux-amd64.deb.run

Accept license, don't install the GUI.

bdscan --update
bdscan BitDefender-Antivirus-Scanner-7.7-1-linux-amd64.deb.run

Output then is:

BitDefender Antivirus Scanner for Unices v7.141118 Linux-amd64
Copyright (C) 1996-2014 BitDefender. All rights reserved.
Trial key found. 30 days remaining.

Infected file action: ignore
Suspected file action: ignore
Loading plugins, please wait   
Plugins loaded.

/root/BitDefender-Antivirus-Scanner-7.7-1-linux-amd64.deb.run  ok


Results:
Folders            : 0
Files              : 1
Packed             : 0
Archives           : 0
Infected files     : 0
Suspect files      : 0
I/O errors         : 0

wget https://www.etes.de/downloads/eicar-testvirus/?file=files/etes/downloads/anwenden/eicar.com
bdscan index.html\?file\=files%2Fetes%2Fdownloads%2Fanwenden%2Feicar.com

Output then is:

BitDefender Antivirus Scanner for Unices v7.141118 Linux-amd64
Copyright (C) 1996-2014 BitDefender. All rights reserved.
Trial key found. 30 days remaining.

Infected file action: ignore
Suspected file action: ignore
Loading plugins, please wait   
Plugins loaded.

/root/index.html ... nden%2Feicar.com  infected: EICAR-Test-File (not a virus)


Results:
Folders            : 0
Files              : 1
Packed             : 0
Archives           : 0
Infected files     : 1
Suspect files      : 0
Identified viruses : 1
I/O errors         : 0

So only thing I need now is on how to do the adjustments (especially the RegEx) to read and handle "ok" vs. "infected" and information about infection. Can anyone help out?

Here is the documentation: http://download.bitdefender.com/SMB...der_AV_Scanner_for_Unices_User's_Guide_en.pdf

Here additional information:
https://www.bitdefender.com/support/how-to-configure-bitdefender-scanner-for-unices-837.html

Advantage of BitDefender over Avast: AV-Tests claim better results on BitDefender, BitDefender had no worse history, BitDefender has better pricing based on mailboxes, free for personal use, and would improve PMG to be able to have more decisions on AV scanner as well.

 

[Davide Bozzelli]

First of all have you verified that Bitdefender offer a demonized daemon?

 

[heutger]

No, it seems not be able to be run daemonized.

 

[Davide Bozzelli]

No, it seems not be able to be run daemonized.

OK so it's a wast of time imho integrate this av engine

 

[heutger]

OK so it's a wast of time imho integrate this av engine

hmm, why does it need to be daemonized?

 

[Davide Bozzelli]

hmm, why does it need to be daemonized?

Try to use clamscan instead of clamdscan and you will get the answer to your question

 

[heutger]

Try to use clamscan instead of clamdscan and you will get the answer to your question

Ok, there is a big difference, however, Bitdefender is in between.

 

[heutger]

I googled around, but I don’t find an easy way to daemonize bdscan. It seems like the GUI has the option to daemonize, but not the CLI. However, I found, that many solutions like MailScanner, Scrollout F1, Amavisd, ... directly use bdscan as it’s not such massive slow like clamscan without daemon. I also can’t compare to avast, as I still get permission denied on any scan, even if the file is 777, owned by avast user and group and/or scan as well as the daemon has been started with sudo.

 

[killmasta93]

bounty to get bitdefender working on proxmox 100$ USD

 

[tom]

...BitDefender has better pricing based on mailboxes,

Pricing per mailbox seem far more expensive than avast (per server).

 

[heutger]

Pricing per mailbox seem far more expensive than avast (per server).

Depends on the number of users

 

[tom]

Depends on the number of users

yes, if you have more than 5 users, bitdefender seems more expensive. how much do they charge per mailbox for small setups?

 

[Davide Bozzelli]

This is a very quick benchmark comparing avast,bitdefender,clamav scanning a stupid eicar.com.txt:

AVAST:

root@mailgw3:/var/custom/dev/bitdefender# time scan .
/var/custom/dev/bitdefender/eicar.com.txt EICAR Test-NOT virus!!!

real 0m0.031s
user 0m0.004s
sys 0m0.000s

CLAMAV (CLAMD MODE):

oot@mailgw3:/var/custom/dev/bitdefender# time clamdscan .
/var/custom/dev/bitdefender/./eicar.com.txt: Eicar-Test-Signature FOUND

----------- SCAN SUMMARY -----------
Infected files: 1
Time: 0.004 sec (0 m 0 s)

real 0m0.010s
user 0m0.000s
sys 0m0.004s


BITDEFENDER:

root@mailgw3:/var/custom/dev/bitdefender# time bdscan .
BitDefender Antivirus Scanner for Unices v7.141118 Linux-amd64
Copyright (C) 1996-2014 BitDefender. All rights reserved.
Trial key found. 30 days remaining.

Infected file action: ignore
Suspected file action: ignore
Loading plugins, please wait
Plugins loaded.

/var/custom/dev/bitdefender/get.sh ok
/var/custom/dev/bitdefender/eicar.com.txt infected: EICAR-Test-File (not a virus)
/var/custom/dev/bitdefender/run.sh ok

real 0m7.844s
user 0m6.644s
sys 0m1.160s


As expected the overhead is due to the fact the scanner needs to load the plugin and definitition (the load plugins .. please wait text).
So IMHO :

1) bitdefender is too slow
2) bitdeneder is too expensive compared to avast and to 1)

 

[Davide Bozzelli]

I googled around, but I don’t find an easy way to daemonize bdscan. It seems like the GUI has the option to daemonize, but not the CLI. However, I found, that many solutions like MailScanner, Scrollout F1, Amavisd, ... directly use bdscan as it’s not such massive slow like clamscan without daemon. I also can’t compare to avast, as I still get permission denied on any scan, even if the file is 777, owned by avast user and group and/or scan as well as the daemon has been started with sudo.

You can't, the "daemonized" mode should be supported natively by the av engine as it's composed generlly by two parts: the daemon that embeds the engine and the av definitions, and the client that instructs the daemon on which file/path should be scanned.

 

[heutger]

yes, if you have more than 5 users, bitdefender seems more expensive. how much do they charge per mailbox for small setups?

I just found, my information is outdated, BitDefender for Unices should not be used anymore. There is a new solution, and also a new pricing, which also does not depend on mailboxes any more and also not on devices if lower than 100 and is similar to Avast.

 

[heutger]

You can't, the "daemonized" mode should be supported natively by the av engine as it's composed generlly by two parts: the daemon that embeds the engine and the av definitions, and the client that instructs the daemon on which file/path should be scanned.

Sure, that's what I looked for as BitDefender for Unices is only(!) the CLI, but other BitDefender Security ... Server editions have a bdscand, which should work with bdscan as counterpart. However, I will continue to test. Avast BTW is not working for me, I tried to install and can't use.

 

[heutger]

In the meantime to test Avast as well, can anyone help out on how to use/test Avast? I performed the following:

echo "deb http://deb.avast.com/lin/repo debian release" >> /etc/apt/sources.list
wget https://files.avast.com/files/resellers/linux/avast.gpg
apt-key add avast.gpg
apt-get update
apt-get install avast
vi /etc/avast/license.avastlic
/etc/init.d/avast start
scan eicar.com

But I always get

avast: /root/eicar.com: Permission denied

?

 

[Stoiko Ivanov]

* depending on the user the avast scanner is running as, it might just not have permissions to open a file in /root (usually only root can read/open /root)?
* try to move eicar.com to /tmp, and scan it there

 

[Davide Bozzelli]

Sure, that's what I looked for as BitDefender for Unices is only(!) the CLI, but other BitDefender Security ... Server editions have a bdscand, which should work with bdscan as counterpart. However, I will continue to test. Avast BTW is not working for me, I tried to install and can't use.

Could you please give additional information on this? Like links and docs for example

 

[heutger]

* depending on the user the avast scanner is running as, it might just not have permissions to open a file in /root (usually only root can read/open /root)?
* try to move eicar.com to /tmp, and scan it there

Many thanks. Really strange, I chown and chmod the file to the user, avast service is running with and to 777, but in /tmp it works.