PMG and Alternative antivirus

All my step:
1. Create Installation Package from KCS.
2. Install kesl.sh on pmg server and check connect status on KSC server (make sure pmg status is running.)
3. mkdir /var/log/mail_av" and install pwgen (follow https://forum.proxmox.com/threads/pmg-and-alternative-antivirus.131935/post-580164)
4. Create script task scan for Kesl.
Code: 
vim /usr/local/bin/pmg-custom-check
(https://forum.proxmox.com/threads/pmg-and-alternative-antivirus.131935/post-580164).
5. Edit pmg.conf in /etc/pmg/pmg.conf
Code: 
section: admin
        clamav 0
        custom_check 1
        email youremail.local
6. Set Allow create task policy in local kesl (Follow https://support.kaspersky.com/KES4Linux/11.4.0/en-US/233440.htm)

Thanks!
 
Last edited:
For use KESL 12 i did next steps:
1. Create Installation Package from KCS.
2. Install kesl.sh on pmg server and check connect status on KSC server (make sure pmg status is running.)
3. Set Allow create task policy in local kesl
4. Create exclusion /tmp with mask *, /var/spool/pmg/active/ with mask ??????????????????? and /var/spool/pmg/virus/ with mask ???????????????????
5. mkdir /var/log/mail_av, mkdir /var/log/mail_av/pol and install pwgen (follow https://forum.proxmox.com/threads/pmg-and-alternative-antivirus.131935/post-580164)
6. Create script task scan for Kesl, nano /usr/local/bin/pmg-custom-check
Bash: 
#! /bin/bash
# you need create manually dir mail_av in /var/log directory by command "mkdir /var/log/mail_av"
# you need create manually dir mail_av for policies in /var/log directory by command "mkdir /var/log/mail_av/pol"
# you need install pwgen package for that via command "apt update && apt install pwgen"
# create unical policy name
pol=$(pwgen 10 -1 -s -0)
# create policy file
#option FirstAction made changed in KESL 12
echo "ActionOnThreat=Inform" > /var/log/mail_av/pol/$pol.pol
echo "ScanMailBases=Yes" >> /var/log/mail_av/pol/$pol.pol
echo "ScanPlainMail=Yes" >> /var/log/mail_av/pol/$pol.pol
echo "UseAnalyzer=Yes" >> /var/log/mail_av/pol/$pol.pol
echo "HeuristicLevel=Medium" >> /var/log/mail_av/pol/$pol.pol
# KSC settings exclusion /tmp, /var/spool/pmg/active/, /var/spool/pmg/virus/ with masks, so you need disable global exclusion
echo "UseGlobalExclusions=No" >> /var/log/mail_av/pol/$pol.pol
echo "UseOASExclusions=No" >> /var/log/mail_av/pol/$pol.pol
# default setting include check root / folder, you need disable check root folder
echo "[ScanScope.item_0000]" >> /var/log/mail_av/pol/$pol.pol
echo "UseScanArea=No" >> /var/log/mail_av/pol/$pol.pol
echo "[ScanScope.item_0001]" >> /var/log/mail_av/pol/$pol.pol
echo "UseScanArea=Yes" >> /var/log/mail_av/pol/$pol.pol
echo "Path=$2" >> /var/log/mail_av/pol/$pol.pol
# create policy in KESL from file
/opt/kaspersky/kesl/bin/kesl-control --create-task $pol --type ODS --file /var/log/mail_av/pol/$pol.pol >> /dev/null
# check file by KESL
vir=$(/opt/kaspersky/kesl/bin/kesl-control --start-task $pol -W|grep 'DetectName'|awk -F'=' '{print $2}'| head -1)
# remove policy from KESL
/opt/kaspersky/kesl/bin/kesl-control --delete-task $pol
# find virus name in KESL output
if [ -z $vir ]; then
rm -f /var/log/mail_av/pol/$pol.pol
# write result to log that letter good
echo "$(date +'%Y-%m-%d %H:%M:%S') Mail $2 was checked succesfull" >> /var/log/mail_av/checked
echo "v1"
echo "OK";
else
# write result to log that letter virused
# KESL policy don't delete
echo "In mail $2 find $vir" >> /var/log/mail_av/pol/$pol.pol
echo "$(date +'%Y-%m-%d %H:%M:%S') Mail $2 was blocked. More info in /var/log/mail_av/pol/$pol.pol file" >> /var/log/mail_av/checked
echo "v1"
echo "VIRUS: $vir"
fi

exit 0
7. Edit pmg.conf in /etc/pmg/pmg.conf, nano /etc/pmg/pmg.conf
Code: 
section: admin
        clamav 0
        custom_check 1
        email youremail.local
8. Create logrotate, nano /etc/logrotate.d/mail-av
Code: 
/var/log/mail_av/checked {
    weekly
    rotate 12
    compress
    delaycompress
    missingok
    notifempty
    create 0644 root root
}
 
You must log in or register to reply here.
Top Bottom