#! /bin/bash
# you need create manually dir mail_av in /var/log directory by command "mkdir /var/log/mail_av"
# you need install pwgen package for that via command "apt update && apt install pwgen"
# create unical policy name
pol=$(pwgen 10 -1 -s -0)
# create policy file
echo "FirstAction=Skip" > /var/log/mail_av/$pol.pol
echo "ScanMailBases=Yes" >> /var/log/mail_av/$pol.pol
echo "ScanPlainMail=Yes" >> /var/log/mail_av/$pol.pol
echo "UseAnalyzer=Yes" >> /var/log/mail_av/$pol.pol
echo "HeuristicLevel=Medium" >> /var/log/mail_av/$pol.pol
echo "[ScanScope.item_1]" >> /var/log/mail_av/$pol.pol
echo "Path=$2" >> /var/log/mail_av/$pol.pol
# create policy in KESL from file
/opt/kaspersky/kesl/bin/kesl-control --create-task $pol --type ODS --file /var/log/mail_av/$pol.pol >> /dev/null
# check file by KESL
vir=$(/opt/kaspersky/kesl/bin/kesl-control --start-task $pol -W|grep 'DetectName'|awk -F'=' '{print $2}'| head -1)
# remove policy from KESL
/opt/kaspersky/kesl/bin/kesl-control --delete-task $pol
# find virus name in KESL output
if [ -z $vir ]; then
rm -f /var/log/mail_av/$pol.pol
# write result to log that letter good
echo "Mail $2 was checked succesfull" >> /var/log/mail_av/checked
echo "v1"
echo "OK";
else
# write result to log that letter virused
# KESL policy don't delete
echo "In mail $2 find $vir" >> /var/log/mail_av/$pol.pol
echo "Mail $2 was blocked. More info in /var/log/mail_av/$pol.pol file" >> /var/log/mail_av/checked
echo "v1"
echo "VIRUS: $vir"
fi
exit 0
Proxmox Notification:
Sender: antivirustest@internet-lab.ru
Receiver: mailadmin@contoso.com
Targets: mailadmin@contoso.com
Subject: Antivirus test from internet-lab.ru
Matching Rule: Block Viruses
Rule: Block Viruses
Receiver: mailadmin@contoso.com
Action: Move to quarantine.
Action: notify mailadmin@contoso.com
Virus Info: EICAR-Test-File
Thank you! Will try.Hi. Now i do it with Kaspersky Endpoint Security Linux (KESL)
On this moment i used script like that:
Bash:#! /bin/bash # you need create manually dir mail_av in /var/log directory by command "mkdir /var/log/mail_av" # you need install pwgen package for that via command "apt update && apt install pwgen" # create unical policy name pol=$(pwgen 10 -1 -s -0) # create policy file echo "FirstAction=Skip" > /var/log/mail_av/$pol.pol echo "ScanMailBases=Yes" >> /var/log/mail_av/$pol.pol echo "ScanPlainMail=Yes" >> /var/log/mail_av/$pol.pol echo "UseAnalyzer=Yes" >> /var/log/mail_av/$pol.pol echo "HeuristicLevel=Medium" >> /var/log/mail_av/$pol.pol echo "[ScanScope.item_1]" >> /var/log/mail_av/$pol.pol echo "Path=$2" >> /var/log/mail_av/$pol.pol # create policy in KESL from file /opt/kaspersky/kesl/bin/kesl-control --create-task $pol --type ODS --file /var/log/mail_av/$pol.pol >> /dev/null # check file by KESL vir=$(/opt/kaspersky/kesl/bin/kesl-control --start-task $pol -W|grep 'DetectName'|awk -F'=' '{print $2}'| head -1) # remove policy from KESL /opt/kaspersky/kesl/bin/kesl-control --delete-task $pol # find virus name in KESL output if [ -z $vir ]; then rm -f /var/log/mail_av/$pol.pol # write result to log that letter good echo "Mail $2 was checked succesfull" >> /var/log/mail_av/checked echo "v1" echo "OK"; else # write result to log that letter virused # KESL policy don't delete echo "In mail $2 find $vir" >> /var/log/mail_av/$pol.pol echo "Mail $2 was blocked. More info in /var/log/mail_av/$pol.pol file" >> /var/log/mail_av/checked echo "v1" echo "VIRUS: $vir" fi exit 0
You can test it by sending mail to 'antivirustest@internet-lab.ru' with subject 'I need an Anti-Virus Test File'.
They send you EICAR e-mail, PMG must notify you with mail like:
If you use File_Threat_Protection in KESL, you must add exceptions for 3 directories:
/tmp with * mask for tmp files (files have name like .proxdump_*, exceptions for hiden files don't work, i create ticket for that in Kaspersky support)
/var/spool/pmg/active/ with mask ??????????????????? where mails check
/var/spool/pmg/virus/ with mask ??????????????????? where quarantine mails store
No.Thank you! Will try.
Is it needed ClamAV to be removed from system?
Thank youNo.
You can disable it via /etc/pmg/pmg.conf
In section admin add 2 lines
section: admin
clamav 0 --disable clamav
custom_check 1 --enable KESL
/usr/local/bin/pmg-custom-check - not folder, this file with scriptThank you
Finally if I understood correctly (top level steps)
Install kesl on proxmox MG
Create kesl.sh in /usr/local/bin/pmg-custom-check dir (or difine custom path via custom_check_path enviroment)
Correct pmg.conf as you described above
Restart pmg-smtp-filter
Enjoy
Is that correct steps?
I think you must do same steps, but change KESL commands to symantec specific.Is there any one try to use Symantec? My company use SEP and it has linux agent.
Thank you very much./usr/local/bin/pmg-custom-check - not folder, this file with script
And yes, after that steps KESL must start check every e-mail.
If you use KSC and install its agent on host, in KSC you will can see many events