integration of Sophos Antivirus into PMG

[josefb]

Hi,

I've integrated the Sophos Antivirus engine into the PMG.

You need the "Sophos Central Server Protection" (SKU CSAD1CSAA). Get the license from a Sophos partner and install the Linux-Version onto the PMG. The product was previous know as "Intercept X Advanced for Server" or "Sophos Protection for Linux" or "Anti-Virus for Linux". Maybe you can get a free trial here (I'm not sure ). License cost is around € 170,-/year (exkl. VAT).
Very important, disable "real-time scanning" in the corresponding server policy in the central management (Policies->Threat Protection: Linux Base Policy ... SETTINGS ... Real-time scanning - Local files and network shares).
Then use the attached pmg-custom-script (remove the .txt) to integrate the AV-engine into the PMG (see Custom Check Interface).

bye Josef
PS: If you need a Sophos partner in DACH-region you can contact me via PM.

 

[Fernando.parra]

Greetings josefb, what a pleasure to greet you.
The post you made is just what I was looking for, I wanted to ask you for help regarding the execution of the script for the integration that you attached, what is the parameter format that must be configured so that the script is executed without problems, I thank you in advance for your aid.

 

[josefb]

Hi Fernando,

ok 3 simple steps:

1. If you have successfully installed the Sophos Antivirus Engine, you should have a binary /usr/local/bin/avscanner which is referenced by my script. So check this.
2. Copy my script into /usr/local/bin/pmg-custom-check and make it executable (chmod a+x /usr/local/bin/pmg-custom-check).
3. Enable the custom check in the admin section of /etc/pmg/pmg.conf
   section: admin custom_check 1

The script itself is very simple, it just copy the handed mail to a temporary space, scan it with avscanner and report the result back.
Here you find the more documentation for the PMG Custom Check Interface.

bye Josef