How to integrate BitDefender Antivirus with PMG

Discussion in 'Mail Gateway: Installation and configuration' started by heutger, Dec 8, 2018 at 16:13.

  1. heutger

    heutger Active Member

    Joined:
    Apr 25, 2018
    Messages:
    331
    Likes Received:
    78
    I just found, that beside ClamAV (which can be improved by additional signatures) Avast is supported as well, however, I dislike Avast and also tried just for testing to install and try a local scan and always fail with permission denied. However, I saw at https://pve.proxmox.com/pipermail/pmg-devel/2018-February/000044.html that integration seems to be not too hard, if it's possible to have a debian installer/packages/... (that's given, see below), so the final "hard job" is to adjust the RegEx to process the scan results from BitDefender similar to Avast as done there before or ClamAV, which is already integrated. As I'm not able to write my own RegEx and also don't completely understand the code (I'm out of coding for years now), maybe someone can help out?

    Steps performed so far:

    Code:
    wget http://download.bitdefender.com/SMB/Workstation_Security_and_Management/BitDefender_Antivirus_Scanner_for_Unices/Unix/Current/EN_FR_BR_RO/Linux/BitDefender-Antivirus-Scanner-7.7-1-linux-amd64.deb.run
    chmod +x BitDefender-Antivirus-Scanner-7.7-1-linux-amd64.deb.run
    ./BitDefender-Antivirus-Scanner-7.7-1-linux-amd64.deb.run
    Accept license, don't install the GUI.

    Code:
    bdscan --update
    bdscan BitDefender-Antivirus-Scanner-7.7-1-linux-amd64.deb.run
    Output then is:

    Code:
    BitDefender Antivirus Scanner for Unices v7.141118 Linux-amd64
    Copyright (C) 1996-2014 BitDefender. All rights reserved.
    Trial key found. 30 days remaining.
    
    Infected file action: ignore
    Suspected file action: ignore
    Loading plugins, please wait   
    Plugins loaded.
    
    /root/BitDefender-Antivirus-Scanner-7.7-1-linux-amd64.deb.run  ok
    
    
    Results:
    Folders            : 0
    Files              : 1
    Packed             : 0
    Archives           : 0
    Infected files     : 0
    Suspect files      : 0
    I/O errors         : 0
    
    Code:
    wget https://www.etes.de/downloads/eicar-testvirus/?file=files/etes/downloads/anwenden/eicar.com
    bdscan index.html\?file\=files%2Fetes%2Fdownloads%2Fanwenden%2Feicar.com
    Output then is:

    Code:
    BitDefender Antivirus Scanner for Unices v7.141118 Linux-amd64
    Copyright (C) 1996-2014 BitDefender. All rights reserved.
    Trial key found. 30 days remaining.
    
    Infected file action: ignore
    Suspected file action: ignore
    Loading plugins, please wait   
    Plugins loaded.
    
    /root/index.html ... nden%2Feicar.com  infected: EICAR-Test-File (not a virus)
    
    
    Results:
    Folders            : 0
    Files              : 1
    Packed             : 0
    Archives           : 0
    Infected files     : 1
    Suspect files      : 0
    Identified viruses : 1
    I/O errors         : 0
    
    So only thing I need now is on how to do the adjustments (especially the RegEx) to read and handle "ok" vs. "infected" and information about infection. Can anyone help out?

    Here is the documentation: http://download.bitdefender.com/SMB...der_AV_Scanner_for_Unices_User's_Guide_en.pdf

    Here additional information:
    https://www.bitdefender.com/support/how-to-configure-bitdefender-scanner-for-unices-837.html

    Advantage of BitDefender over Avast: AV-Tests claim better results on BitDefender, BitDefender had no worse history, BitDefender has better pricing based on mailboxes, free for personal use, and would improve PMG to be able to have more decisions on AV scanner as well.
     
  2. Davide Bozzelli

    Joined:
    Feb 6, 2018
    Messages:
    65
    Likes Received:
    3
    First of all have you verified that Bitdefender offer a demonized daemon?
     
  3. heutger

    heutger Active Member

    Joined:
    Apr 25, 2018
    Messages:
    331
    Likes Received:
    78
    No, it seems not be able to be run daemonized.
     
  4. Davide Bozzelli

    Joined:
    Feb 6, 2018
    Messages:
    65
    Likes Received:
    3
    OK so it's a wast of time imho integrate this av engine
     
  5. heutger

    heutger Active Member

    Joined:
    Apr 25, 2018
    Messages:
    331
    Likes Received:
    78
    hmm, why does it need to be daemonized?
     
  6. Davide Bozzelli

    Joined:
    Feb 6, 2018
    Messages:
    65
    Likes Received:
    3
    Try to use clamscan instead of clamdscan and you will get the answer to your question
     
  7. heutger

    heutger Active Member

    Joined:
    Apr 25, 2018
    Messages:
    331
    Likes Received:
    78
    Ok, there is a big difference, however, Bitdefender is in between.
     
  8. heutger

    heutger Active Member

    Joined:
    Apr 25, 2018
    Messages:
    331
    Likes Received:
    78
    I googled around, but I don’t find an easy way to daemonize bdscan. It seems like the GUI has the option to daemonize, but not the CLI. However, I found, that many solutions like MailScanner, Scrollout F1, Amavisd, ... directly use bdscan as it’s not such massive slow like clamscan without daemon. I also can’t compare to avast, as I still get permission denied on any scan, even if the file is 777, owned by avast user and group and/or scan as well as the daemon has been started with sudo.
     
  9. killmasta93

    killmasta93 Member

    Joined:
    Aug 13, 2017
    Messages:
    255
    Likes Received:
    8
    bounty to get bitdefender working on proxmox 100$ USD
     
  10. tom

    tom Proxmox Staff Member
    Staff Member

    Joined:
    Aug 29, 2006
    Messages:
    13,159
    Likes Received:
    352
    Pricing per mailbox seem far more expensive than avast (per server).
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  11. heutger

    heutger Active Member

    Joined:
    Apr 25, 2018
    Messages:
    331
    Likes Received:
    78
    Depends on the number of users
     
  12. tom

    tom Proxmox Staff Member
    Staff Member

    Joined:
    Aug 29, 2006
    Messages:
    13,159
    Likes Received:
    352
    yes, if you have more than 5 users, bitdefender seems more expensive. how much do they charge per mailbox for small setups?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  13. Davide Bozzelli

    Joined:
    Feb 6, 2018
    Messages:
    65
    Likes Received:
    3
    This is a very quick benchmark comparing avast,bitdefender,clamav scanning a stupid eicar.com.txt:

    AVAST:

    root@mailgw3:/var/custom/dev/bitdefender# time scan .
    /var/custom/dev/bitdefender/eicar.com.txt EICAR Test-NOT virus!!!

    real 0m0.031s
    user 0m0.004s
    sys 0m0.000s

    CLAMAV (CLAMD MODE):

    oot@mailgw3:/var/custom/dev/bitdefender# time clamdscan .
    /var/custom/dev/bitdefender/./eicar.com.txt: Eicar-Test-Signature FOUND

    ----------- SCAN SUMMARY -----------
    Infected files: 1
    Time: 0.004 sec (0 m 0 s)

    real 0m0.010s
    user 0m0.000s
    sys 0m0.004s


    BITDEFENDER:

    root@mailgw3:/var/custom/dev/bitdefender# time bdscan .
    BitDefender Antivirus Scanner for Unices v7.141118 Linux-amd64
    Copyright (C) 1996-2014 BitDefender. All rights reserved.
    Trial key found. 30 days remaining.

    Infected file action: ignore
    Suspected file action: ignore
    Loading plugins, please wait
    Plugins loaded.

    /var/custom/dev/bitdefender/get.sh ok
    /var/custom/dev/bitdefender/eicar.com.txt infected: EICAR-Test-File (not a virus)
    /var/custom/dev/bitdefender/run.sh ok

    real 0m7.844s
    user 0m6.644s
    sys 0m1.160s


    As expected the overhead is due to the fact the scanner needs to load the plugin and definitition (the load plugins .. please wait text).
    So IMHO :

    1) bitdefender is too slow
    2) bitdeneder is too expensive compared to avast and to 1)
     
  14. Davide Bozzelli

    Joined:
    Feb 6, 2018
    Messages:
    65
    Likes Received:
    3
    You can't, the "daemonized" mode should be supported natively by the av engine as it's composed generlly by two parts: the daemon that embeds the engine and the av definitions, and the client that instructs the daemon on which file/path should be scanned.
     
  15. heutger

    heutger Active Member

    Joined:
    Apr 25, 2018
    Messages:
    331
    Likes Received:
    78
    I just found, my information is outdated, BitDefender for Unices should not be used anymore. There is a new solution, and also a new pricing, which also does not depend on mailboxes any more and also not on devices if lower than 100 and is similar to Avast.
     
    killmasta93 likes this.
  16. heutger

    heutger Active Member

    Joined:
    Apr 25, 2018
    Messages:
    331
    Likes Received:
    78
    Sure, that's what I looked for as BitDefender for Unices is only(!) the CLI, but other BitDefender Security ... Server editions have a bdscand, which should work with bdscan as counterpart. However, I will continue to test. Avast BTW is not working for me, I tried to install and can't use.
     
    killmasta93 likes this.
  17. heutger

    heutger Active Member

    Joined:
    Apr 25, 2018
    Messages:
    331
    Likes Received:
    78
    In the meantime to test Avast as well, can anyone help out on how to use/test Avast? I performed the following:

    Code:
    echo "deb http://deb.avast.com/lin/repo debian release" >> /etc/apt/sources.list
    wget https://files.avast.com/files/resellers/linux/avast.gpg
    apt-key add avast.gpg
    apt-get update
    apt-get install avast
    vi /etc/avast/license.avastlic
    /etc/init.d/avast start
    scan eicar.com
    But I always get

    Code:
    avast: /root/eicar.com: Permission denied
    ?
     
  18. Stoiko Ivanov

    Stoiko Ivanov Proxmox Staff Member
    Staff Member

    Joined:
    May 2, 2018
    Messages:
    386
    Likes Received:
    32
    * depending on the user the avast scanner is running as, it might just not have permissions to open a file in /root (usually only root can read/open /root)?
    * try to move eicar.com to /tmp, and scan it there
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  19. Davide Bozzelli

    Joined:
    Feb 6, 2018
    Messages:
    65
    Likes Received:
    3
    Could you please give additional information on this? Like links and docs for example
     
  20. heutger

    heutger Active Member

    Joined:
    Apr 25, 2018
    Messages:
    331
    Likes Received:
    78
    Many thanks. Really strange, I chown and chmod the file to the user, avast service is running with and to 777, but in /tmp it works.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice