How to integrate BitDefender Antivirus with PMG

heutger

Famous Member
Apr 25, 2018
883
257
108
Fulda, Hessen, Germany
www.heutger.net
I just found, that beside ClamAV (which can be improved by additional signatures) Avast is supported as well, however, I dislike Avast and also tried just for testing to install and try a local scan and always fail with permission denied. However, I saw at https://pve.proxmox.com/pipermail/pmg-devel/2018-February/000044.html that integration seems to be not too hard, if it's possible to have a debian installer/packages/... (that's given, see below), so the final "hard job" is to adjust the RegEx to process the scan results from BitDefender similar to Avast as done there before or ClamAV, which is already integrated. As I'm not able to write my own RegEx and also don't completely understand the code (I'm out of coding for years now), maybe someone can help out?

Steps performed so far:

Code:
wget http://download.bitdefender.com/SMB/Workstation_Security_and_Management/BitDefender_Antivirus_Scanner_for_Unices/Unix/Current/EN_FR_BR_RO/Linux/BitDefender-Antivirus-Scanner-7.7-1-linux-amd64.deb.run
chmod +x BitDefender-Antivirus-Scanner-7.7-1-linux-amd64.deb.run
./BitDefender-Antivirus-Scanner-7.7-1-linux-amd64.deb.run

Accept license, don't install the GUI.

Code:
bdscan --update
bdscan BitDefender-Antivirus-Scanner-7.7-1-linux-amd64.deb.run

Output then is:

Code:
BitDefender Antivirus Scanner for Unices v7.141118 Linux-amd64
Copyright (C) 1996-2014 BitDefender. All rights reserved.
Trial key found. 30 days remaining.

Infected file action: ignore
Suspected file action: ignore
Loading plugins, please wait   
Plugins loaded.

/root/BitDefender-Antivirus-Scanner-7.7-1-linux-amd64.deb.run  ok


Results:
Folders            : 0
Files              : 1
Packed             : 0
Archives           : 0
Infected files     : 0
Suspect files      : 0
I/O errors         : 0

Code:
wget https://www.etes.de/downloads/eicar-testvirus/?file=files/etes/downloads/anwenden/eicar.com
bdscan index.html\?file\=files%2Fetes%2Fdownloads%2Fanwenden%2Feicar.com

Output then is:

Code:
BitDefender Antivirus Scanner for Unices v7.141118 Linux-amd64
Copyright (C) 1996-2014 BitDefender. All rights reserved.
Trial key found. 30 days remaining.

Infected file action: ignore
Suspected file action: ignore
Loading plugins, please wait   
Plugins loaded.

/root/index.html ... nden%2Feicar.com  infected: EICAR-Test-File (not a virus)


Results:
Folders            : 0
Files              : 1
Packed             : 0
Archives           : 0
Infected files     : 1
Suspect files      : 0
Identified viruses : 1
I/O errors         : 0

So only thing I need now is on how to do the adjustments (especially the RegEx) to read and handle "ok" vs. "infected" and information about infection. Can anyone help out?

Here is the documentation: http://download.bitdefender.com/SMB...der_AV_Scanner_for_Unices_User's_Guide_en.pdf

Here additional information:
https://www.bitdefender.com/support/how-to-configure-bitdefender-scanner-for-unices-837.html

Advantage of BitDefender over Avast: AV-Tests claim better results on BitDefender, BitDefender had no worse history, BitDefender has better pricing based on mailboxes, free for personal use, and would improve PMG to be able to have more decisions on AV scanner as well.
 
I googled around, but I don’t find an easy way to daemonize bdscan. It seems like the GUI has the option to daemonize, but not the CLI. However, I found, that many solutions like MailScanner, Scrollout F1, Amavisd, ... directly use bdscan as it’s not such massive slow like clamscan without daemon. I also can’t compare to avast, as I still get permission denied on any scan, even if the file is 777, owned by avast user and group and/or scan as well as the daemon has been started with sudo.
 
...BitDefender has better pricing based on mailboxes,

Pricing per mailbox seem far more expensive than avast (per server).
 
Depends on the number of users

yes, if you have more than 5 users, bitdefender seems more expensive. how much do they charge per mailbox for small setups?
 
This is a very quick benchmark comparing avast,bitdefender,clamav scanning a stupid eicar.com.txt:

AVAST:

root@mailgw3:/var/custom/dev/bitdefender# time scan .
/var/custom/dev/bitdefender/eicar.com.txt EICAR Test-NOT virus!!!

real 0m0.031s
user 0m0.004s
sys 0m0.000s

CLAMAV (CLAMD MODE):

oot@mailgw3:/var/custom/dev/bitdefender# time clamdscan .
/var/custom/dev/bitdefender/./eicar.com.txt: Eicar-Test-Signature FOUND

----------- SCAN SUMMARY -----------
Infected files: 1
Time: 0.004 sec (0 m 0 s)

real 0m0.010s
user 0m0.000s
sys 0m0.004s


BITDEFENDER:

root@mailgw3:/var/custom/dev/bitdefender# time bdscan .
BitDefender Antivirus Scanner for Unices v7.141118 Linux-amd64
Copyright (C) 1996-2014 BitDefender. All rights reserved.
Trial key found. 30 days remaining.

Infected file action: ignore
Suspected file action: ignore
Loading plugins, please wait
Plugins loaded.

/var/custom/dev/bitdefender/get.sh ok
/var/custom/dev/bitdefender/eicar.com.txt infected: EICAR-Test-File (not a virus)
/var/custom/dev/bitdefender/run.sh ok

real 0m7.844s
user 0m6.644s
sys 0m1.160s


As expected the overhead is due to the fact the scanner needs to load the plugin and definitition (the load plugins .. please wait text).
So IMHO :

1) bitdefender is too slow
2) bitdeneder is too expensive compared to avast and to 1)
 
I googled around, but I don’t find an easy way to daemonize bdscan. It seems like the GUI has the option to daemonize, but not the CLI. However, I found, that many solutions like MailScanner, Scrollout F1, Amavisd, ... directly use bdscan as it’s not such massive slow like clamscan without daemon. I also can’t compare to avast, as I still get permission denied on any scan, even if the file is 777, owned by avast user and group and/or scan as well as the daemon has been started with sudo.

You can't, the "daemonized" mode should be supported natively by the av engine as it's composed generlly by two parts: the daemon that embeds the engine and the av definitions, and the client that instructs the daemon on which file/path should be scanned.
 
yes, if you have more than 5 users, bitdefender seems more expensive. how much do they charge per mailbox for small setups?

I just found, my information is outdated, BitDefender for Unices should not be used anymore. There is a new solution, and also a new pricing, which also does not depend on mailboxes any more and also not on devices if lower than 100 and is similar to Avast.
 
  • Like
Reactions: killmasta93
You can't, the "daemonized" mode should be supported natively by the av engine as it's composed generlly by two parts: the daemon that embeds the engine and the av definitions, and the client that instructs the daemon on which file/path should be scanned.

Sure, that's what I looked for as BitDefender for Unices is only(!) the CLI, but other BitDefender Security ... Server editions have a bdscand, which should work with bdscan as counterpart. However, I will continue to test. Avast BTW is not working for me, I tried to install and can't use.
 
  • Like
Reactions: killmasta93
In the meantime to test Avast as well, can anyone help out on how to use/test Avast? I performed the following:

Code:
echo "deb http://deb.avast.com/lin/repo debian release" >> /etc/apt/sources.list
wget https://files.avast.com/files/resellers/linux/avast.gpg
apt-key add avast.gpg
apt-get update
apt-get install avast
vi /etc/avast/license.avastlic
/etc/init.d/avast start
scan eicar.com

But I always get

Code:
avast: /root/eicar.com: Permission denied

?
 
* depending on the user the avast scanner is running as, it might just not have permissions to open a file in /root (usually only root can read/open /root)?
* try to move eicar.com to /tmp, and scan it there
 
Sure, that's what I looked for as BitDefender for Unices is only(!) the CLI, but other BitDefender Security ... Server editions have a bdscand, which should work with bdscan as counterpart. However, I will continue to test. Avast BTW is not working for me, I tried to install and can't use.
Could you please give additional information on this? Like links and docs for example
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!