BitDefender for Sendmail Milter (FreeBSD)

SOFTWIN

User’s guide
 BitDefender for Sendmail Milter

Contents

Contents ................................................................................................................ 2
License and Warranty........................................................................................... 3
Installation ............................................................................................................. 6
System requirements ....................................................................................... 6
Install ............................................................................................................... 6
Uninstall ........................................................................................................... 7
What is BitDefender for Sendmail Milter? .......................................................... 8
Configuration under FreeBSD ........................................................................... 10
NetProtect...................................................................................................... 10
Registry .................................................................................................. 10
Core........................................................................................................ 11
AV7 – The heart of BitDefender.............................................................. 11
Spamtox – The Antispam module........................................................... 16
Logging & e-mail notification................................................................... 19
Real Time Virus Report (RTVR) & Real Time Spam Report (RTSR)...... 26
Agents .................................................................................................... 27
Live ................................................................................................................ 30
Automatic update.................................................................................... 30
Manual update ........................................................................................ 32
Product registration........................................................................................ 33
More info about BitDefender status ............................................................... 34
Web-based configuration................................................................................... 36
The webmin module installation..................................................................... 36
Uninstalling the BitDefender webmin module ................................................ 37
Accessing the BitDefender webmin module................................................... 37
Frequently Asked Questions ............................................................................. 39
Contact information............................................................................................ 41

2
 BitDefender for Sendmail Milter

License and Warranty

IF YOU DO NOT AGREE TO THESE TERMS AND CONDITIONS DO NOT INSTALL THE
SOFTWARE. BY CLICKING "I ACCEPT", "OK", "CONTINUE", "YES" OR BY
INSTALLING OR USING THE SOFTWARE IN ANY WAY, YOU ARE INDICATING YOUR
COMPLETE UNDERSTANDING AND ACCEPTANCE OF THE TERMS OF THIS
AGREEMENT.

This License Agreement is a legal agreement between you (either an individual or a single
entity end user) and SOFTWIN for use of the SOFTWIN software product identified above,
which includes computer software and may include associated media, printed materials,
and "online" or electronic documentation ("BitDefender"), all of which are protected by U.
S. and international copyright laws and international treaty protection. By installing,
copying, or otherwise using the BitDefender, you agree to be bound by the terms of this
agreement. If you do not agree to the terms of this agreement, do not install or use the
BitDefender; you may, however, return it to your place of purchase for a full refund within
30 days after your purchase. Verification of your purchase may be required.

BitDefender License

BitDefender is protected by copyright laws and international copyright treaties, as well as

other intellectual property laws and treaties. The BitDefender is licensed, not sold.

GRANT OF LICENSE. SOFTWIN hereby grants you and only you the following non-
exclusive license to use BitDefender:

APPLICATION SOFTWARE. You may install and use one copy of the BitDefender, or any
prior version for the same operating system, on a single computer terminal. The primary
user of the computer on which the BitDefender is installed may make one additional (i.e.
second) copy for his or her exclusive use on a portable computer.

NETWORK USE. You may also store or install a copy of the BitDefender on a storage
device, such as a network server, used only to install or run the BitDefender on your other
computers over an internal network; however, you must purchase and dedicate a separate
license for each separate computer terminal on which the BitDefender is installed or run
from the storage device. A license for the BitDefender may not be shared or used
concurrently on different computers or computer terminals. You should purchase a license
pack if you require multiple licenses for use on multiple computers or computer terminals.

LICENSE PACKS. If you purchase a License Pack and you have acquired this License
Agreement for multiple licenses of BitDefender, you may make the number of additional
copies of the computer software portion of the BitDefender specified above as "Licensed
copies." You are also entitled to make a corresponding number of secondary copies for
portable computer use as specified above in the section entitled "Application Software".

3
 BitDefender for Sendmail Milter

TERM OF LICENSE. The license granted hereunder shall commence on the date that
you install, copy or otherwise first use BitDefender and shall continue only on the
computer on which it is initially installed.

UPGRADES. If the BitDefender is labeled as an upgrade, you must be properly licensed to

use a product identified by SOFTWIN as being eligible for the upgrade in order to use the
BitDefender. A BitDefender labeled as an upgrade replaces and/or supplements

the product that formed the basis for your eligibility for the upgrade. You may use the
resulting upgraded product only in accordance with the terms of this License Agreement. If
the BitDefender is an upgrade of a component of a package of software programs that you
licensed as a single product, the BitDefender may be used and transferred only as part of
that single product package and may not be separated for use on more than one
computer.

COPYRIGHT. All right, title and interest in and to BitDefender and all copyright rights in
and to the BitDefender (including but not limited to any images, photographs, logos,
animations, video, audio, music, text, and "applets" incorporated into the BitDefender), the
accompanying printed materials, and any copies of the BitDefender are owned by
SOFTWIN. The BitDefender is protected by copyright laws and international treaty
provisions. Therefore, you must treat the BitDefender like any other copyrighted material
except that you may install the BitDefender on a single computer provided you keep the
original solely for backup or archival purposes. You may not copy the printed materials
accompanying the BitDefender. You must produce and include all copyright notices in their
original form for all copies created irrespective of the media or form in which BitDefender
exists. You may not sub-license, rent, sell, or lease BitDefender. You may not reverse
engineer, recompile, disassemble, create derivative works, modify, translate, or make any
attempt to discover the source code for BitDefender.

LIMITED WARRANTY. SOFTWIN warrants that the media on which BitDefender is

distributed is free from defects for a period of thirty days from the date of delivery of
BitDefender to you. Your sole remedy for a breach of this warranty will be that SOFTWIN,
at its option, may replace the defective media upon receipt of the damaged media, or
refund the money you paid for BitDefender. SOFTWIN does not warrant that BitDefender
will be uninterrupted or error free or that the errors will be corrected. SOFTWIN does not
warrant that BitDefender will meet your requirements. SOFTWIN HEREBY DISCLAIMS
ALL OTHER WARRANTIES FOR BITDEFENDER, WHETHER EXPRESSED OR
IMPLIED. THE ABOVE WARRANTY IS EXCLUSIVE AND IN LIEU OF ALL OTHER
WARRANTIES, WHETHER EXPRESSED OR IMPLIED, INCLUDING THE IMPLIED
WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR
NONINFRINGEMENT. THIS WARRANTY GIVES YOU SPECIFIC LEGAL RIGHTS.
YOU MAY HAVE OTHER RIGHTS, WHICH VARY FROM STATE TO STATE.

4
 BitDefender for Sendmail Milter

DISCLAIMER OF DAMAGES. Anyone using, testing, or evaluating BitDefender bears all

risk to the quality and performance of BitDefender. In no event shall SOFTWIN be liable
for any damages of any kind, including, without limitation, direct or indirect damages
arising out of the use, performance, or delivery of BitDefender, even if SOFTWIN has been
advised of the existence or possibility of such damages. SOME STATES DO NOT
ALLOW THE LIMITATION OR EXCLUSION OF LIABILITY FOR INCIDENTAL OR
CONSEQUENTIAL DAMAGES, SO THE ABOVE LIMITATION OR EXCLUSION MAY
NOT APPLY TO YOU. IN NO CASE SHALL SOFTWIN'S LIABILITY EXCEED THE
PURCHASE PRICE PAID BY YOU FOR BITDEFENDER. The disclaimers and limitations
set forth above will apply regardless of whether you accept or use, evaluate, or test
BitDefender.

IMPORTANT NOTICE TO USERS. THIS SOFTWARE IS NOT FAULT-TOLERANT AND

IS NOT DESIGNED OR INTENDED FOR USE IN ANY HAZARDOUS ENVIRONMENT
REQUIRING FAIL-SAFE PERFORMANCE OR OPERATION. THIS SOFTWARE IS NOT
FOR USE IN THE OPERATION OF AIRCRAFT NAVIGATION, NUCLEAR FACILITIES,
OR COMMUNICATION SYSTEMS, WEAPONS SYSTEMS, DIRECT OR INDIRECT LIFE-
SUPPORT SYSTEMS, AIR TRAFFIC CONTROL, OR ANY APPLICATION OR
INSTALLATION WHERE FAILURE COULD RESULT IN DEATH, SEVERE PHYSICAL
INJURY OR PROPERTY DAMAGE.

GOVERNMENT RESTRICTED RIGHTS/RESTRICTED RIGHTS LEGEND. Use,

duplication, or disclosure by the Government is subject to restrictions as set forth in
subparagraph (c)(1)(ii) of the Rights in Technical Data and Computer Software clause at
DFARS 252.227-7013 or subparagraphs (c)(1) and (2) of Commercial Computer Software-
Restricted Rights clause at 48 CFR 52.227-19, as applicable. Contact SOFTWIN, at
Fabrica de Glucoza St., No 5, 72322-Sect.2, Bucharest, Romania, or at Tel No: 40-21-
2330780, Fax:40-21-2330763

GENERAL. This Agreement will be governed by the laws of Romania and by the
international copyright regulations and treaties. This Agreement may only be modified by
a license addendum, which accompanies this Agreement or by a written document which
has been signed, by both you and SOFTWIN. This Agreement has been written in the
English language only and is not to be translated or interpreted in any other language.
Prices, costs and fees for use of BitDefender are subject to change without prior notice to
you. In the event of invalidity of any provision of this Agreement, the invalidity shall not
affect the validity of the remaining portions of this Agreement. BitDefender and
BitDefender logos are trademarks of SOFTWIN. All other trademarks are the property of
their respective owners.

5
 BitDefender for Sendmail Milter

Installation
System requirements
Before installing BitDefender for Sendmail Milter, you must first verify that the mail
server meets the following system requirements:

- Processor: minimum Pentium II 300 MHz (800 Recommended) processor

- RAM: minimum 64 Mb of memory (128 Recommended)
- Disk space: minimum 20 Mb
- Operating system:
- FreeBSD 4.9-RELEASE, 4.10-RELEASE, 4.11-RELEASE, 4-STABLE
- FreeBSD 5.2.1-RELEASE, 5.3-RELEASE, 5-STABLE
Important note: FreeBSD 6-CURRENT IS NOT SUPPORTED AT THIS TIME.
- Mail server: Sendmail with Milter inteface (starting with FreeBSD 4.8, Sendmail is
compiled with Milter interface by default)

NOTE: For FreeBSD 5.x, you must have compat4x port installed (from
/usr/ports/misc/compat4x/).

Install
Before you begin the installation process, we recommend you to check that the installation
packages are not corrupted (this can happen sometimes, especially if you downloaded
them). Please run md5 on the packages and compare the output with the values from the
md5sums file from the following location[s]:
ftp://ftp.bitdefender.com/pub/freebsd/packages/md5sums
Next, log in as root and execute:
# pkg_add bitdefender-engines-1.6.2_1.tgz
# pkg_add bitdefender-core-1.6.2_1.tgz
# pkg_add bitdefender-milter-1.6.2_1.tgz

To configure Sendmail Milter for BitDefender filter you must add the following lines to your
.mc file and rebuild sendmail.cf (in the next example, the line is broken for typographical
reasons, do not break it in the configuration file):

define(`_FFR_MILTER', `true')
INPUT_MAIL_FILTER(`BitDefender', \
`S=unix:/var/run/BitDefender/bdmilterd.sock, F=T, \
T=S:10s;R:10s;E:10m')

Or, if you prefer to edit sendmail.cf directly, append the following lines at the end of the file
(in the next example, the line is broken for typographical reasons, do not break it in the
configuration file):

XBitDefender, S=unix:/var/run/BitDefender/bdmilterd.sock, \
F=T, T=S:10s;R:10s;E:10m
O InputMailFilters=BitDefender

In both cases, restart sendmail (for example, run the following: cd /etc/mail && make
restart).

6
 BitDefender for Sendmail Milter
For additional info you should check the documentation located in:
/usr/local/bitdefender/share/doc

Uninstall
Log in as root and execute:
# pkg_deinstall bitdefender-milter
# pkg_deinstall bitdefender-core
# pkg_deinstall bitdefender-engines

7
 BitDefender for Sendmail Milter

What is BitDefender for Sendmail Milter?

The acquisition and installation of an antivirus product for the company’s mail server is the
most efficient way of preventing the infection of a computer and the spreading of viruses
inside the company, and outside the company as well through the most common way of
communication - the e-mail.

BitDefender for Sendmail Milter is the solution SOFTWIN offers for the antivirus and
antispam protection of the Sendmail servers. The product is designed and implemented in
a modular manner, thus it can easily adapt to any work environment.

All the messages received by the server are scanned using the BitDefender scan engines.
This technology detects all the viruses presents in the attachments; BitDefender features
built-in support for more than 80 packed files formats, including RAR, ZIP, ARJ, LZH, LHA,
ACE, GZIP, TARGZ, JAR, UUE, MIME or CAB archives, no matter how they were created
(self-extractable, multivolume, etc). If the message is clean, it will be sent forward to the
mail recipient. In case an infection is found, it will be treated corresponding to the selected
option (disinfection, deletion or isolation in the quarantine area) and alarm messages will
be sent to the persons responsible for network security and management.

For ensuring a superior and efficient antivirus protection, BitDefender for Sendmail
Milter was designed with a function for an automatic update of the virus definitions. This
function connects periodically to the BitDefender upgrade server, without the
administrator’s intervention.

Features:
- Real-time Antivirus protection of SMTP traffic
- Real-time Antispam filtering
- Scanning of all the e-mail messages and attached files
- Antivirus protection for the newly created mail boxes
- The multirecipient messages are filtered only once, before delivery, and not
many times for each mail recipient
- Internal WatchDog to ensure solution's uptime
- Forward option to make backup copies of email traffic
- Automatic and incremental update of virus definitions and scanning engines
directly from BitDefender servers
- Pushed updates directly from Softwin's servers in case of virus outbreaks
- Custom message disclaimers to scanned emails
- On-demand antivirus scanner for scheduled tasks
- Possibility of isolating the infected e-mails in the quarantine zone
- Generates custom alarm messages through e-mail
- Web-based remote administration
- Statistics and reports regarding the number of scanned files, the infected
files, the deleted and disinfected files

8
 BitDefender for Sendmail Milter

The message’s HTML body and attachments will be verified in order to detect the infected
files and the back doors/ trojans/ worm files and prevent their spreading into the system.

Only the clean messages will be delivered to the mail clients from the stations or will be
sent further to the mail recipients outside the company.
The infected messages are treated depending on the administrator’s option, by
disinfection, deletion or isolation in a certain location on the server, considered to be the
quarantine zone.

9
 BitDefender for Sendmail Milter

Configuration under FreeBSD

The specification of the protection settings is made through the file

/usr/local/bitdefender/etc/bdsettings.xml

Edit this file in order to specify the protection options. The file might be structured in the
following sections:

<NetProtect>
<live>

each one will be treated in a special paragraph:

NetProtect
Here the user can specify the action on the infected objects, the location of the quarantine
zone, the events when a special situation appears.

Inside this section there are some subsections, which contain a few tags where the user
can modify the settings.

Registry

The Registry is a special process that BitDefender uses for keeping the settings and helps
all other components communicate with each other.

The /NetProtect/Registry/ section determines the way BitDefender Registry will accept
incoming connections and which local users (defined on the FreeBSD system) will be able
to access the settings.

The section should as below:

<Registry>
<TCPListen value="N"/>
<Interfaces>
<0.0.0.0 value=""/>
</Interfaces>
<LocalUsers>
<bitdefender value=""/>
<root value=""/>
</LocalUsers>
<RemoteUsers>
<admin value="23F32CAC35432579"/>
</RemoteUsers>
</Registry>

The TCPListen variable controls whether bdregd will listen on a TCP port or only on a
local UNIX socket. If you plan to use the Windows version of the BitDefender Remote
Admin you must set this value to “Y” for the Console to be able to connect to bdregd.

10
 BitDefender for Sendmail Milter
If the above variable is enabled, then BitDefender will listen on port 8138 on the interfaces
defined in the Interfaces section. If the setting is 0.0.0.0 then bdregd will listen on all
interfaces.

The LocalUsers section defines the local users (from the FreeBSD system) that are
allowed to connect with the BitDefender Registry. By default the root and bitdefender user
are set, but depending on the Agent installed more users might be added for BitDefender
to work properly.

The RemoteUsers/admin variable defines the password (in an encrypted form) that will
be used when connecting from the Windows version of the BitDefender Remote Admin.
Since the password is in an encrypted form, if you want to change it you must run
/usr/local/bitdefender/bin/bdsetup –pass .

Core

By editing the /NetProtect/Core section you can change a few aspects related to the
bdcored process.

Maybe the most important setting in this section is Threads – which determines the
maximum number of threads bdcored will be allowed to initiate.

If an email comes in and bdcored is already scanning the <Threads> number of emails,
BitDefender will enqueue it and will begin to scan it just after a running thread finishes. If
you think that your server is able to scan more email messages at the same time than the
default value, you can increase the Threads number up to an appropriate value.

The /NetProtect/Core/PushUpdate key controls whether the PushUpdate system is

active or not. In case of any virus outbreaks or an emergency update we will send you a
special email message that when scanned by BitDefender will automatically start the
update process. These email messages can be discarded or delivered to their recipients
depending on the /NetProtect/Core/PushUpdateAction (DROP | DELIVER).

AV7 – The heart of BitDefender

In the Plugins section you can modify the action on the infected files, the location of the
quarantine zone and you can configure any other modules included with BitDefender (for
example the Antispam module).

The settings for the AntiVirus core component are located in the
/NetProtect/Plugins/AV7/ subsection.

The following two variables controls how the antivirus will behave when an email is
scanned:

FirstAction – specifies the first action on the infected files (default DISINFECT)
SecondAction – specifies the second action, in case the first action fails. The second
action is enabled only when the first action is “DISINFECT”. (default DELETE)

The values that FirstAction and SecondAction can take are:

11
 BitDefender for Sendmail Milter
• IGNORE: mark and log the message and continue. The email will not be
disinfected.
• DISINFECT: attempts to disinfect, perform SecondAction if the object cannot be
disinfected.
• DELETE: attempts to delete infected attachment
• QUARANTINE: move entire message to system quarantine.
• DROP: silently delete email (sender not informed)
• REJECT: rejects email (implies bouncing)

The same settings can be configured in a easier way if you use the BitDefender Remote
Admin module installed in Webmin (see the Web-based configuration chapter for more
information).

The AddHeader variable can take one of these values: 0, n, no, 1, y, yes (case insensitive)
and determines if the email messages that are scanned by BitDefender will contain a
header telling if the email was infected or not by a virus.

The AddFooterToClean, AddFooterToInfected variables can take one of these values:

0, n, no, 1, y, yes (case insensitive) and determines if the emails scanned by BitDefender
will contain a message telling if the email was infected or not.

The FooterOfClean, FooterOfInfectedRemoved, FooterOfInfectedIgnored variables

should contain the path to the templates used when writing the footers. If these variables
are undefined the builtin templates will be used.

Custom headers and footers can be created by replacing certain variables with their
corresponding values.

12
 BitDefender for Sendmail Milter
Variables
$BitDefender -- replaced with BitDefender. If you do not include this variable in your
template the builtin template will be used instead.
$start and $end -- mark the boundary of the object list. Multiple object lists are allowed,
provided they are not imbricated.
$no -- the number of the current item, in an object list. Starts from 1. Not valid outside
object lists.
$object -- the file or object found infected or suspected of being infected. Valid only
inside object lists.
$status -- One of Infected, Suspected, Unknown. Valid only inside object lists.
$virus -- the virus name. Valid only inside object lists.
$action -- the action taken for this object. Can be one of Disinfected, Deleted,
Quarantined, Dropped, Rejected, Ignored. Normally Dropped and Rejected should never
appear (since these messages are lost). Valid only inside object lists.
Examples
The built-in footer for disinfected emails looks like this: (note that spaces can be a little
tricky)
----
This message has been scanned by $BitDefender,
found to be infected and cleaned

Details:
$start$no. File: $object
Status: $status
Virus: $virus
Action: $action
$end

which produces something like:

----
This message has been scanned by BitDefender,
found to be infected and cleaned.

Details:
1. File: (MIME part)=>(application)=>word/W97M.Smac.D
Status: Infected
Virus: W97M.Smac.D
Action: Disinfected
2. File: (MIME part)=>(application)=>word/W97M.Story.AD
Status: Infected
Virus: W97M.Story.AD
Action: Disinfected
3. File: (MIME part)=>(application)=>word/W97M.Surround.A
Status: Infected
Virus: W97M.Surround.A
Action: Disinfected

13
 BitDefender for Sendmail Milter
A more compact report:
----
The $BitDefender scanner found and cleaned in this message:
$start$virus $end.

Combining the two above would work too (and would be useful, for example, when
receiving quarantine tarballs).
In the AV7 subsection the location of the quarantine directory (where the infected files are
stored), QuarDir, can also be configured. By default if the installation directory is
/usr/local/bitdefender/ the QuarDir will bet set to /usr/local/bitdefender/var/quarantine .

This is how the entire AV7 section should look:

<Plugins>
<AV7>
<Path value="/usr/local/bitdefender/lib/npcore/av7core.plg"/>
<Active value="Y"/>
<FirstAction value="DISINFECT"/>
<SecondAction value="IGNORE"/>
<AddHeader value="Y"/>
<AddFooterToClean value="yes"/>
<AddFooterToInfected value="Y"/>
<FooterOfClean
value="/usr/local/bitdefender/share/temp/en/FooterOfClean.ptt"/>
<FooterOfInfectedRemoved
value="/usr/local/bitdefender/share/temp/en/FooterOfInfectedRemoved.ptt
"/>
<FooterOfInfectedIgnored
value="/usr/local/bitdefender/share/temp/en/FooterOfInfectedIgnored.ptt
"/>
<QuarDir value="/usr/local/bitdefender/var/quarantine"/>
<Plugins value="/usr/local/bitdefender/lib/Plugins"/>
<bdcore value="/usr/local/bitdefender/lib"/>
</AV7>
</Plugins>

The options related to the messages added by BitDefender to the scanned email
messages can be easily configured from BitDefender Remote Admin, too:

14
 BitDefender for Sendmail Milter

15
 BitDefender for Sendmail Milter

Spamtox – The Antispam module

BitDefender Antispam module is an advanced spam filtering solution integrated into

BitDefender for FreeBSD Mail Servers. Version 1.6 of BitDefender for Sendmail Milter
features a version of BitDefender Antispam, using a proprietary heuristic analysis
technology, image and URL filter and WBL (White List / Black List) support.

BitDefender Antispam checks every incoming & outgoing email message and marks it as
Spam or Non-Spam (Ham). Additionally, a Spam Score is attached to every scanned
message. If the Spam Score is greater than or equal to Spam Threshold, then the
message is marked as Spam. Otherwise, it's marked as Ham (Non-Spam).

BitDefender Antispam module actions:

• add email header: X-BitDefender-Spam: Yes (100)
• modify subject: [SPAM] Buy 0nl1ne!!!!
• reject message (NOT recommended)

Glossary:
• Spam: unwanted email message (former definition: unsolicited commercial/bulk
email)
• Ham: a Non-Spam message
• False positive: a Non-Spam message marked as Spam
• False negative: a Spam message not detected and not marked as Spam
• Threshold: variable number, between 0 and 100, default to 90. For best results,
use the default value (90).
• Spam Score: a variable number (between 0 and 100) reporting the Spam
probability of the current message. If Score < Threshold then the message is
markes as Ham, otherwise the message is marked as Spam.

All the settings related to the Antispam module are grouped under the SpamTox section in
the /NetProtect/Plugins/ registry path.

The most important setting regarding this module is the Active variable that depending on
the setting (Y or N) enables or disables the whole Antispam protection.

If the Antispam module is marked as Active then the following options will be enabled as
well:

Action - specifies a list of actions that will be executed by the plugin. The variable should
contain at least one of the following words separated by ‘,’ or ‘;’: reject, header, subject.

Reject triggers the rejection of the mail and is not recommended. Header adds a custom
header to the message. Subject modifies the subject header, according to a custom
pattern.
The actions can be written in any order and separated by spaces, tabs, commas and
semicolons. Note that duplicating them or specifying anything near reject works but makes
no sense.

16
 BitDefender for Sendmail Milter
SubjectPattern (default value: “[spam] $subject”)
This value is used as a pattern for the new subject when one of the actions is subject and
the mail is considered spam. Defined variables are $subject and $score.

HeaderName (default value: “X-BitDefender-Spam”)

The name of the custom header added to messages if one of the actions is header.

HeaderPatternYes (default value: “Yes ($score)”)

The value of the custom header, added if one of the actions is header and the mail is
considered spam. Defined variables are $subject and $score.

HeaderPatternNo (default value: “No ($score)”)

The value of the custom header, added if one of the actions is header and the mail is not
considered spam. Defined variables are $subject and $score.

SpamThreshold (integer, value in the range 1-99, default value: “90”)

The score threshold value. Messages obtaining a score higher than this are considered to
be spam. Wrong values are ignored.

UseHeur (boolean, values: 0 | n | no | 1 | y | yes (case insensitive), default value: yes)

Whether to use antispam heuristics. You should leave this option enabled.

UseBW (boolean, values: 0 | n | no | 1 | y | yes (case insensitive), default value: yes)

If you want to use the black list and white list support.

UseURL (boolean, values: 0 | n | no | 1 | y | yes (case insensitive), default value: yes)

Whether to use the URL filter.

UseIMG (boolean, values: 0 | n | no | 1 | y | yes (case insensitive), default value: yes)

Whether to use the Image filter.

This is how the Spamtox section should look:

<Plugins >
<Spamtox >
<Path value="/usr/local/bitdefender/lib/npcore/spamtox.plg" />
<Active value="Y" />
<AntispamLib
value="/usr/local/bitdefender/lib/npcore/spam/libantispam.so" />
<MainPath value="/usr/local/bitdefender/lib/npcore/spam" />
<TmpPath value="/usr/local/bitdefender/var/tmp" />
<UseHeur value="yes" />
<UseBW value="yes" />
<UseURL value="yes" />
<UseBayes value="no" />
<Action value="header,%20subject" />
<SubjectPattern value="[spam]%20$subject" />
<HeaderName value="X-BitDefender-Spam" />
<HeaderPatternYes value="Yes%20($score)" />
<HeaderPatternNo value="No%20($score)" />
<SpamThreshold value="90" />
</Spamtox>
</Plugins>

17
 BitDefender for Sendmail Milter
The settings for the Antispam module can be easily configured via the BitDefender
Remote Admin:

18
 BitDefender for Sendmail Milter

Logging & e-mail notification

The /NetProtect/Logger/ section is used to configure both the file logging module
(Filelog) and the e-mail notification module (MNsmtp). BitDefender is able to write detailed
information about the scanned email traffic to a file and to notify the
sender/receiver(s)/administrator(s) when a virus is detected.

The file logging job is done by the Filelog module and the most important ones are the
Active and DefaultLogFile. The value of the Active variable (Y, or N) determines if any
information is written to the DefaultLogFile (specified as full path) or not..

<Logger>
<Plugins>
<Filelog>
<Path value="/usr/local/bitdefender/lib/logger/filelog.npl"/>
<Active value="Y"/>
<DefaultLogFile value="/usr/local/bitdefender/var/log/bd.log"/>
</Filelog>
<MNsmtp>
<Path value="/usr/local/bitdefender/lib/logger/mn-smtp.npl"/>
<Active value="Y"/>
<Enable value="Y"/>
<AlertSender value="Y"/>
<AlertReceivers value="Y"/>
<SMTPServer value="127.0.0.1:10025"/>
<From value="bitdefender@softwin.ro"/>
<Administrator value="test@softwin.ro"/>
<Postmaster value="test@softwin.ro"/>
<AdminAlertPattern
value="/usr/local/bitdefender/share/templates/en/AdminAlert.ptt"/>
<SenderAlertPattern
value="/usr/local/bitdefender/share/templates/en/SenderAlert.ptt"/>
<ReceiverAlertPattern
value="/usr/local/bitdefender/share/templates/en/ReceiverAlert.ptt"/>
<FileServerAlertPattern
value="/usr/local/bitdefender/share/templates/en/FileServerAlert.ptt"/>
<KeyWillExpireAlertPattern
value="/usr/local/bitdefender/share/templates/en/KeyWillExpireAlert.ptt
"/>
<KeyHasExpiredAlertPattern
value="/usr/local/bitdefender/share/templates/en/KeyHasExpiredAlert.ptt
"/>
</MNsmtp>
</Plugins>
</Logger>

Every other section in the configuration file that contains a Verbose key increases the log
verbosity of that specific component if set to “Y”. For example if you set the /live/Verbose
key to “Y” the log file will contain detailed information about the update attempts made by
the bdlived process.

The same settings can be easily modified via the BitDefender Remote Admin:

19
 BitDefender for Sendmail Milter

The Mail Notification section (MNsmtp) controls how and where the notification will be
sent. The following variables change the MNsmtp’s behaviour:

Active
* Enable bdlogd to load this plugin. If not loaded, all other settings are useless.
* Values: {"Y", "N"}
* Default value: "Y"

Enable
* Enable logging (if the plugin is loaded (Active=Y) you can enable/disable mn-smtp
without restarting bdlogd)
* Values: {"Y", "N"}
* Default value: "Y"

AlertSender
* Boolean value: whether to alert the sender of the message (sender address is taken
from the From: header in the mail)
* Values: {"Y", "N"}
* Default value: "N"

AlertReceivers
* Boolean value: whether to alert the receivers of the message (address taken from the
To:, Cc: headers in the mail)
* Values: {"Y", "N"}
* Default value: "N"

SMTPServer
* The IP of the server used for sending the alerts (in IPv4 numeric format)

20
 BitDefender for Sendmail Milter
* You can also specify a port number by prepending the number with a colon.
The default value of 25 is assigned if the port is not specified, the format is not correct
(missing colon), or if an invalid invalid port number is specified (not in 1..65535) or if a
conversion error occurs.
* Default value: "127.0.0.1:25"

From
* Specify the sender used when sending alerts. This value will appear in the “From: field
of the notification e-mails).
* Values : email address
* Default value : bitdefender@<hostname>

Administrator
* The email address where to send key_expired alerts, key_will_expire alerts and
other important error alerts.
* Values : email address(es)

Postmaster
* The email address where to send virus alerts.
* Values : email address(es)

PostmasterAlertPattern
* Full path to a file that will be used as pattern in virus alerts sent to postmaster
* Values : file path
* Default value : <path to mn-smtp.npl>/../../share/templates/en/PostmasterAlert.ptt

SenderAlertPattern
* Full path to a file that will be used as pattern in virus alerts sent to
the sender of an infected mail.
* Values : file path
* Default value : <path to mn-smtp.npl>/../../share/templates/en/SenderAlert.ptt

ReceiverAlertPattern
* Full path to a file that will be use as pattern in virus alerts sent to the receivers of an
infected mail.
* Values : file path
* Default value : <path ro mn-smtp.npl>/../../share/templates/en/ReceiverAlert.ptt

KeyWillExpireAlertPattern
* Full path to a file that will be used as pattern in key_will_expire alerts sent to
administrator
* Values : file path
* Default value : <path to mn-smtp.npl>/../../share/templates/en/KeyWillExpireAlert.ptt

KeyHasExpiredAlertPattern
* Full path to a file that will be used as pattern in key_expired alerts sent to administrator
* Values : file path
* Default value : <path to mn-smtp.npl>/../../share/templates/en/KeyHasExpiredAlert.ptt

The BitDefender variable must be present on every template or the default template will
be used instead.
21
 BitDefender for Sendmail Milter

Possible variables to be used in various templates are the following:

• PostmasterAlert.ptt
o RealSender
o RealReceivers
o HeaderSender
o HeaderReceivers
o Subject
o Object
o Action
o Virus
o Status
o Agent
• SenderAlert.ptt
o RealReceivers
o HeaderReceivers
o Subject
o Object
o Action
o Virus
o Status
o Agent
• ReceiverAlert.ptt
o RealSender
o HeaderSender
o Subject
o Object
o Action
o Virus
o Status
o Agent
• FileServerAlert.ptt
o Filename
o Action
o Virus
o Status
o Agent
• KeyWillExpireAlert.ptt
o Product
o Days
o Agent
• KeyHasExpiredAlert.ptt
o Product
o Agent

22
 BitDefender for Sendmail Milter

Example

The built-in alert template for Postmater alert is the following.

Subject: System info

$BitDefender found an infected object in a message:

Real sender: $RealSender

Real receivers: $RealReceivers
From: $HeaderSender
To: $HeaderReceivers
Subject: $Subject
Virus: $Virus
http://www.bitdefender.com/vfind/?q=$virus
Object: $Object
Status: $Status
Action: $Action

Thank you for choosing BitDefender for FreeBSD Mail Servers

The BitDefender Lab - http://www.bitdefender.com/

The result to be sent is the next one.

BitDefender found an infected object in a message:

Real sender: <sender@sender.domain>

Real receivers: <receiver@receiver.domain>
From: The Sender <sender@sender.domain>
To: The Receiver <receiver@receiver.domain>
Subject: klez
Virus: Win32.Klez.A@mm
http://www.bitdefender.com/vfind/?q=Win32.Klez.A@mm
Object:
/usr/local/bitdefender/var/tmp/bdnp.milter.qf2aqW=>[Subject: klez]
[Date: Wed, 30 Mar 2005 12:29:36 +0300]=>
(MIME part)=>(application)
Status: Infected
Action: Deleted

Thank you for choosing BitDefender for FreeBSD Mail Servers

The BitDefender Lab - http://www.bitdefender.com/

The same settings can be easily modified via the BitDefender Remote Admin, as shown in
the next screenshots.

23
 BitDefender for Sendmail Milter

24
 BitDefender for Sendmail Milter

25
 BitDefender for Sendmail Milter

Real Time Virus Report (RTVR) & Real Time Spam Report (RTSR)

Real Time Virus and Spam Report is a system included in all BitDefender products
reporting virus and spam activity to the BitDefender Labs to help isolate and prevent the
spreading of malware and spam in an efficient and timely manner.

Reporting details

Viruses and spam are reported at different times:

• viruses are reported every 4 hours (or the value of
/NetProtect/Logger/Plugins/RTVR/Hours) or when the queue of viruses to report
has reached a number of 1000 entries (or the value of
/NetProtect/Logger/Plugins/RTVR/Viruses)
• spam is reported every 24 hours

Both, viruses and spam, are reported whenever the rtvr/rtsr plugin is unloaded, that means
when bdlogd is stopped.

The time intervals are checked only when a new log event appears. That means that if
there are some virus log events in the queue, and the next one arrives days later, only
then the queue will be reported to the server, even though the time interval is set to 4
hours. This is true for both viruses and spam reporting.

Sample Registry Tree

<RTVR >
<CUID value="273b1836-8118-4755-bfc9-af775de02e49" />
<Path value="/usr/local/bitdefender/lib/logger/rtvr.npl" />
<Active value="Y" />
<Enable value="Y" />
<UID value="022d182e-1157-4d9b-8b7a-d74acb6ded0e" />
<Hours value="4" />
<Viruses value="3" />
<Timeout value="15" />
<EnableRTSR value="Y" />
<ReportHost value="report.bitdefender.com" />
<Country value="3" />
</RTVR>

The Active key determines if the entire RTVR/RTSR system is active or not, while the
Enable and EnableRTSR control the operation of RTVR and RTSR individually.

26
 BitDefender for Sendmail Milter

Agents

The bdmilterd agent has all of its configuration entries grouped under
/NetProtect/Agents/Milter/ . These settings are explained in the following section:

SmtpFwdWhen (string, value: one of these words: never, always, infected)

Enables the SMTP forward feature (sending a copy of the email through SMTP) either for
all messages or for infected messages only.

SmtpFwdHost (string)
SMTP server to be contacted. If necessary (SmtpFwdWhen) a connection will be opened
on port 25 of this machine and the mail will be forwarded. This will delay the queueing
process (the original program will be invoked only after this action is completed).

SmtpFwdHelo (string)
Value to be sent in the SMTP HELO command (see above).

SmtpFwdFrom (string)
Value to be sent in SMTP FROM: command (see above).

SmtpFwdRcpt (string)
Value to be sent in SMTP RCPT TO: command (see above).

27
 BitDefender for Sendmail Milter

FailureAction (string, value: one of DROP, REJECT, REJECT, IGNORE; default value:
REFUSE)

Action that should be taken when the scan process fails. Possible reasons for the failure
include:
• bdcored not running
• product registration check failure
• crash while scanning

IGNORE means "send the email as if nothing happened"(without scanning).

REFUSE returns a "temporary, not available" code to the sender.
REJECT returns an “permanent error” to the sender and the message is discarded
DROP discards the message without informing the sender

28
 BitDefender for Sendmail Milter

Key
This is the registration key of BitDefender FreeBSD Sendmail Milter. You could
enter your license key by manually editing this value or by running from the
FreeBSD console “/path/to/BitDefender/bin/bd register”.

29
 BitDefender for Sendmail Milter

Live
In this section you may find the settings for BitDefender update.

<live>
<CheckSecs value=”7200” />
<mainlocation value=http://upgrade.bitdefender.com />
<ProxyOn value=”Y”>
<ProxySetts value=”192.168.5.99:8080” />
</live>

Variable Description
CheckSecs specifies the interval to which the upgrade checking is made
(in seconds)
Mainlocation specifies the location of the upgrade server
ProxyOn specifies if the product upgrade is made or not through a
proxy server. If the upgrade is made through a proxy, the
variable gets the value Y, otherwise it gets the N value.
ProxySetts specifies the proxy settings, in case the company uses a
proxy server.

The proxy settings must be specified in the following manner:

<ProxySetts value=”proxy_server:port” /> or

<ProxySetts value=”user_name:password@proxy_server:port” /> for the
proxy servers with authentication.

Automatic update

BitDefender for Sendmail Milter is pre-configured to update automatically each 8 hours.

To configure the automatic update module please follow these steps:

Update interval

To modify the update time interval you will have to run the command bellow:
# /usr/local/bitdefender/bin/bdsetup –setkey /live/CheckSecs 28800

Note: The time interval is displayed in seconds.

Proxy server configuration

If you use a proxy server to connect to the internet please run the following command
and follow the on-screen instructions.
# /usr/local/bitdefender/bin/bdsetup –proxy

In order to deactivate the proxy usage, run

# /usr/local/bitdefender/bin/bdsetup –noproxy.

30
 BitDefender for Sendmail Milter

The settings for the Live! Update module can be easily configured via the BitDefender
Remote Admin:

An automatic update can be forced by running

/usr/local/etc/rc.d/bitdefender.sh update from a FreeBSD console or
clicking the Update Now button from the BitDefender Remote Admin:

31
 BitDefender for Sendmail Milter

Manual update

The cumulative.zip is released every week on Monday and it includes all the virus
definitions and scan engines updates up to the release date. The daily.zip is released
each day and it includes all the virus definitions and scan engines updates since the last
cumulative and up to the current date.

In order to update the product manually, please follow these steps:

1. Download the updates

If it's Monday or if it's the first time you update using the manual updates please
download the cumulative.zip and save it on your disk when prompted. Otherwise
please download the daily.zip and save it on your disk.

2. Extract

Extract the contents of the zip file to “/usr/local/bitdefender/lib/Plugins/“

(overwrite the existing files if necessary).

Note: If you are using both cumulative.zip and daily.zip you will have to extract the
contents of the cumulative.zip first.

WARNING: After extracting the zip archives, you MUST set the proper owner and
permissions, by running the following commands:
# chown bitdefender:bitdefender \
/usr/local/bitdefender/lib/Plugins/*
# chmod 644 /usr/local/bitdefender/lib/Plugins/*

3. Restart BitDefender services

Use the "/usr/local/bitdefender/bin/bdsetup –restart" command

32
 BitDefender for Sendmail Milter

Product registration
The product is delivered with a trial registration key valid for thirty days. At the end of the
trial period, if you want to purchase the product you have to provide a new serial number.

In order to modify the default serial number use the :

“/usr/local/etc/rc.d/bitdefender.sh register” command (alternatively you

can use /usr/local/etc/rc.d/bitdefender.sh register") and follow the on-
screen instructions.

You can register BitDefender from the BitDefender Remote Admin bu clicking the Register
button from the About / BitDefender Module Info section:

33
 BitDefender for Sendmail Milter

More info about BitDefender status

More information about the current status of BitDefender is available if you run
“/usr/local/etc/rc.d/bitdefender.sh info”:

BitDefender v1.6.2 on FreeBSD localhost 5.4-PRERELEASE

FreeBSD 5.4-PRERELEASE #2: Fri Mar 25 19:18:59 EET 2005
bitdefender@localhost:/usr/src/sys/i386/compile/Orion i386

BitDefender components:
- core: 1.6.2-1
- engines: 1.6.2-1
- milter: 1.6.2-1
- radmin: 1.6.2-2
Engine: BitDefender AV Engine Ver 7. Signatures: 117351
- first action: DISINFECT
- second action: DELETE
- quarantine directory: /usr/local/bitdefender/var/quarantine
(0 files - 4.0K)
Agents:
- Milter - Valid license, 22 days remaining.
Antispam: Enabled
Virus signatures update status:
- last checked: Wed Apr 6 11:44:16 EEST 2005
- last updated: Wed Apr 6 11:44:30 EEST 2005
- check every: 8 hours

The following information is displayed:

- the current version of BitDefender for Mail Servers along with some system information
- the version numbers of BitDefender components
- the AV engine used and its configured actions
- the status of the Antispam module (enabled/disabled)
- the agents installed along with the license status
- the time when BitDefender last checked for virus signatures update and the time when
it actually updated its signatures

You must have bdregd running in order to see all this information, otherwise only a small
part of it will be shown.

By running bd stats you will receive statistics about BitDefender’s activity:

+-------------------------+-------------------------+
| MAILS | OBJECTS |
+-------------------------+-------------------------+
| Scanned: 97721| Scanned: 805322|
| Infected: 97505| Infected: 114975|
| Suspected: 0| Suspected: 0|
| Disinfected: 97505| Disinfected: 12270|
| Dropped: 0| Deleted: 102705|
| Rejected: 0| Ignored: 0|
| Quarantined: 0| |
| Spam: 2| |
+-------------------------+-------------------------+

34
 BitDefender for Sendmail Milter

If you want to reset the statistics run the command

/usr/local/bitdefender/bin/bdsetup –resetstats .

Statistics are available from the BitDefender Remote Admin as well:

35
 BitDefender for Sendmail Milter

Web-based configuration
BitDefender for Sendmail Milter can also be configured using a web browser under any
operating system. In order to configure the antivirus protection for FreeBSD, it is
necessary to install on the server side the Webmin module. Before installing, you have to
make sure that the computer meets the following requirements:

Operating system: FreeBSD

Installed product: BitDefender for FreeBSD Mail Servers v1.6.2.
Webmin: v1.100 or later

The webmin module installation

In order to use the BitDefender webmin module you must first install Webmin from
http://www.webmin.com. Webmin is a web-based interface for system administration for
Unix. Using any browser that supports tables and forms (and Java for the File Manager
module), you can setup user accounts, Apache, DNS, file sharing and so on.

After you succesfully installed Webmin you must:

- open the panel into a browser (http://hostname:10000/)
- go to Webmin / Webmin Configuration / Webmin Modules
- select the From ftp or http URL radio button
- enter the following value in the textbox
ftp://ftp.bitdefender.com/pub/unices/RemoteAdmin/webmin/BitDefender.wbm.gz
- Press Install Module

36
 BitDefender for Sendmail Milter

Uninstalling the BitDefender webmin module

To uninstall the BitDefender Webmin module, follow these steps:

- open the webmin panel in a web browser (http://hostname:10000/)
- Go to Webmin / Webmin Configuration / Webmin modules
- Select BitDefender Remote Admin from the Delete Modules list and press Delete
Selected Modules.

Accessing the BitDefender webmin module

The BitDefender webmin module can be accessed from any web browser that supports
tables and forms by going to http://hostname:10000/. After you log into Webmin you can
find BitDefender Remote Admin under the System section.

After choosing BitDefender Remote Admin from the System section the following panel
appears:

37
 BitDefender for Sendmail Milter

The left side menu (configuration toolbar) has the following options:

BitDefender status – the current status of BitDefender's services is shown along with
the commands to start, stop, restart
Sendmail Milter– configure the Sendmail integration
Antispam – to configure the Antispam module
Antivirus – to select the action, in case an infected file is detected, and the location of
the quarantine area;
Mail Notification – to select the e-mail addresses where alarm messages will be sent
in case of virus detection;
Logger – to configure the logging process
Quarantine – to see the quarantine objects
Live! Update – to access the configuration window for the product update;
Statistics – to view the reports and statistics about the scanned objects;
Registry – to change the settings related to BitDefender Registry;
About – to view information about the current version, copyright, and contact
information as well;

38
 BitDefender for Sendmail Milter

Frequently Asked Questions

Installation

Q: What are the system requirements for running BitDefender for FreeBSD Mail
Servers?
A: You will find them in the System requirements section.

Q: Which version of BitDefender for FreeBSD Mail Servers do I need?

A: This depends on what MTA (email server) you use: Sendmail Milter, qmail, Postfix,
Courier or another through SMTP Proxy.

Q: How do I install the package?

A: Follow the instructions from the Install section.

Configuration

Q: I modify the bdsettings.xml, but when I shut down BitDefender, the modifications
are lost! Why?
A: Restarting the settings should not affect the file, but this can happen because
sometimes Live module updates some values.

In this case, you need to shut down BitDefender services before editing
bdsettings.xml:
- run "/usr/local/etc/rc.d/bitdefender.sh stop"
- edit ”bdsettings.xml”
- run "/usr/local/etc/rc.d/bitdefender.sh start"

Q: Where do I enter my serial number (license key) ?

A: The product registration can be made under both FreeBSD and Windows.

Use / Troubleshooting

Q: BitDefender does not catch viruses!

A: Make sure that:
- the product is installed and configured properly.
- the product is not expired - the 30 evaluation days passed or the registration key
you used is expired or incorrect.

Q: I don't receive any warning, but the antivirus works. Why?

A: On some systems, you need a valid email address for the sender. The default is
root@localhost - this is not valid in all cases. Please change it to a "regular" email
address, for example name@company.com.

39
 BitDefender for Sendmail Milter

Updates

Q: How can I update the virus signatures database?

A: By default, BitDefender will automatically update every 8 hours, but you can also force
an update using the Remote Admin or running
/usr/local/etc/rc.d/bitdefender.sh update from the FreeBSD console.

Q: How can I tell if the virus signatures database is up to date?

A: Run "/usr/local/bitdefender/bin/bd info" and check the number of
signatures matched with the one from www.bitdefender.com website.

40
 BitDefender for Sendmail Milter

Contact information

SUPPORT DEPARTMENT:

As a valued provider, SOFTWIN strives to provide its customers with an unparallel level of
fast and accurate support. The Support Center listed below is continually being updated
with the newest virus descriptions and answers to common questions, so that you obtain
the necessary information in a timely manner.

At SOFTWIN, dedication to saving its customers time and money by providing the most
advanced products at the fairest prices has always been a top priority. Moreover, we
think that a successful business is based on a good communication and a commitment to
excellence in customer support.

Clients department: sales@bitdefender.com

Technical support: support@bitdefender.com

Phone: 0040-21-233 07 80

Address:
SOFTWIN
5th Fabrica de Glucoza St.
PO BOX 52-93
Bucharest, ROMANIA

41