CommuniGate Pro

McAfee VirusScan* Plugin for CommuniGate Pro

* VirusScan is a registered trademark of Network Associates and/or its affiliates in the US and other countries.

Note: The McAfee AntiVirus Plugin is available only for some platforms supported with the CommuniGate Pro server software. Before you order the McAfee Plugin License, make sure that the available versions of the Plugin software run on your CommuniGate Pro Server platform.

Note: The McAfee AntiVirus Plugin requires CommuniGatePro version 5.3.15 or later.


Download the McAfee Plugins

McAfee antivirus plugins are available for certain platforms only.
Operating System CPU Download
via
http
via
ftp
Sun Solaris 8, 9 & 10 Sparc
Sun Solaris 10 x86
Microsoft Windows 200x/XP/7 x86
x86_64
Linux
Kernel 2.4 & 2.6 (stdc++ library version = 5.0)
x86
Linux
Kernel 2.6 (stdc++ library version = 6.0)
x86_64
Apple MacOS X (Darwin)
version 10.4.8 and greater
UB (PowerPC+Intel)
FreeBSD 6 x86
IBM AIX 5.2, 5.3 & 6.1 PowerPC

The current version of the Plugin is 4.2

The current version of the McAfee Antivirus Engine is 5.6.00.

The previous version is available:
Operating System CPU Download Note
via
http
via
ftp
FreeBSD 6 x86_64 Will be out soon
HP/UX HPPA Discontinued
IBM OS/400 AS/400 Power Discontinued by McAfee
SCO UnixWare Intel Discontinued by McAfee


Installing on a MS Windows 200x/NT/XP/9x System.


Installing on a Sun Solaris System.


Installing on a Linux System.


Installing on a FreeBSD System.

Notes on FreeBSD 7.x and 8.x installation:

You may be able to run FreeBSD 6 version under FreeBSD 7 and 8 if you perform the following actions:


Installing on an AIX System.


Installing on an HP/UX System.


Installing on a MacOS X (Darwin) System.

Note: There's an alternative way to install it from Terminal program using this command:  
installer -pkg ./CGPMcAfee.pkg -target /


Upgrading to a newer version.

When upgrading the Plugin to a newer version, do the following steps:


Testing the antivirus Plugin.

On Windows System:

On a Unix System:

Note: If in a Unix system the CGPMcAfee/CGPMcAfee program fails to start because some library is missing in your OS setup, try launching CGPMcAfee/CGPMcAfee-static program if one presents.


Command Line Options

The McAfee Plugin supports the following command-line options (parameters):

--noHeuristic or -h
This option tells the Plugin not to perform the heuristic analysis used to find new, unknown viruses. The option may be useful if some new virus crashes or slows down the McAfee virus scanning engine.

--noMacros or -m
This option tells the Plugin not to scan messages for macro viruses.

--noDecompress or -d
This option tells the Plugin not to decompress archives and packed executable files before scanning.


Integrating the antivirus Plugin with CommuniGate Pro.

Please check the VirusScan section of the CommuniGate Pro manual.

Open the General page in the Settings section of the WebAdmin Interface and click the Helpers link. Create the Helper as follows:

Content Filtering
Log Level: Program Path:
Time-out: Auto-Restart:
Note: For Windows system the Program Path shold be CGPMcAfee\CGPMcAfee.exe
Note: On some versions of FreeBSD system you may need to specify the full path to the program, i.e. /var/CommuniGate/CGPMcAfee/CGPMCAfee

The recommended Scanning Rule is as follows:

Data Operation Parameter
Action Parameter

Note: It's not recommended to scan small messages (less than 2K) because they are unlikely to contain viruses.

Note: If you run the unlicensed version of the plugin you're limited to one message per hour. Therefore you must not scan all messages because this will just block the mail flow. If you want to see how the plugin catches viruses, then in the Scanning Rule you should specify more conditions in order to apply the ExternalFilter action only to messages from certain sender (from you) and with certain subject.


Updating the virus definitions database.

The database

The virus definitions database is several .dat files in avvdat subdirectory. You can update them manually by downloading addvat-nnnn.zip file from http://update.nai.com/Products/CommonUpdater/.

How you can automete the updates:

Upon restart, the Plugin creates the Updates subdirectory in its current directory. Before scanning a message it checks for the Updates/update.sig file (the "signal file") presence. When the Plugin detects the signal file, it checks if the .dat files in that directory are valid, moves them from Updates into avvdat and erases all files in the Updates subdirectory. This allows you to avoid stopping the plugin when you update the .dat files.

Updating the virus definitions database manually:

Using incremental updates:

The updateDatFiles program supports the following command-line options (parameters):

--verbose or -v
This option tells the Plugin not to print more detailed output.

--base or -b
This option specifies the plugin directory.

--host or -h
This option specifies McAfee FTP server name.

--path or -p
This option specifies the directory name in McAfee update server.

Example:
CGPMcAfee/updateDatFiles -v -b /var/CommuniGate/CGPMcAfee/ -h update.nai.com -p http://update.nai.com/Products/CommonUpdater


To automate the launching of the updateDatFiles.exe on Windows system you can use the Windows' "Scheduled Tasks Manager" service.

To automate the launching of the updateDatFiles on Unix systems you can use cron daemon, see more info in 'man cron' and 'man 5 crontab' output.
The recommended crontab entry is as follows:

#minute hour    mday    month   wday    who     command
0       3,15    *       *       *       root    /etc/periodic/McAfeeUpdate.sh
#launch the update at 3am and 3pm every day
The /etc/periodic/McAfeeUpdate.sh script is as follows:
#!/bin/sh
#
# Update McAfee virus definitions

MCAFEE_DIR=/var/CommuniGate/CGPMcAfee/
UPDATE_CMD=/var/CommuniGate/CGPMcAfee/updateDatFiles
MAILER_CMD="/usr/bin/mail -s 'cron: McAfee Update Report'"
REPORT_ADR="postmaster"

( \
if [ -d ${MCAFEE_DIR} ]; then
  cd ${MCAFEE_DIR}
  if [ -x ${UPDATE_CMD} ]; then
    ${UPDATE_CMD} 2>&1
    if [ ${?} -ne 0 ]; then
      echo "The command failed; retrying..\n"
      ${UPDATE_CMD} 2>&1
    fi
  else
    echo "Update command ${UPDATE_CMD} is not found."
  fi
else
  echo "Directory ${MCAFEE_DIR} is not found."
fi
) | eval ${MAILER_CMD} ${REPORT_ADR}

For Windows you can use the following .bat file and launch it from the Task Scheduler:

@echo off
c:
cd \Communigate Fles\CGPMcafee
updateDatFiles.exe -v > update.log

Note: The incremental updates are possible only if your current virus definitions database is not more than 15 days old. Otherwise you need to perform the full update, the updateDatFiles program will download the addvat-nnnn.zip for you but you will need to unzip it and create the signal file nanually. You normally need to do that only once when you start the Plugin for the first time, then you can continue with incremental updates.


Configuring the Plugin.

On startup the McAfee Plugin reads the contents of the CGPMcAfee.cfg file from the current directory. The format of the file data elements is described in http://www.communigate.com/CommuniGatePro/Data.html. The description of the data elements you may find in the CGPMcAfee.cfg file. The default CGPMcAfee.cfg is available here.

It is safe to view and edit the CGPMcAfee.cfg file while the Plugin is running. After you have made changes to the CGPMcAfee.cfg, you should do one of the following:


Evaluating the required license type.

The McAfee License limits the number of messages the Plugin can scan within any 60 minute period of time. If the E-mail traffic exceeds the licensed limit, the Plugin suspends the CommuniGate Pro Queue processing module. Without the license you are limited to 1 message per hour.

To evaluate the required license type:

#!/usr/bin/perl
$|=1;
my $count=0;

while(<STDIN>) {
  chomp;
  @line = split(" ");
  if ($line[1] eq "FILE") { $count++; }
  print $line[0] . " OK " . $count . " messages scanned.\n";
}

CommuniGate® Pro Guide. Copyright © 1998-2013, Stalker Software, Inc.