How to Build a Linux Server: Anti-malware and Anti-spam Protection

We all know very well that an attack originates from some person and spreads very rapidly through the Internet. Nobody is safe and everybody applies different counter-measures against those threats. In terms of building a server, it is best practice to build a first defense line against the malware before it reaches your inner network. Since all the Linux distributions have their firewalls installed and running by default, I am not counting them as the first defense line; actually they are the zeroth.

As always, take your network and users into consideration and make a plan before you begin the job. You may ask what will an anti-virus and anti-spam application has to do with planning, but wait until you read the next paragraph.

To plan your anti-virus and anti-spam server applications, first think about the network. Will you have a Linux-only network or a hybrid network that also have Windows clients? Will you host all the users’ documents on the server; to say that scanning the messages in the server is fine and you have an additional protection in the server? Or will you also install antivirus programs on the client and update them on a regular basis? How about the outgoing mail? Will you scan for some file extensions -e.g. executable (exe) files- in the messages that your users send? What if a user is sending an e-mail which has a hidden link that points to a well-known infection site? On what basis will you scan outgoing mail? Will you implement a security strategy inside the company so that your users will not be sending large files to each other? How about checking the messages that are falsely identified as spam but actually they are not? What if a client is infected? What is your contingency plan?

These are the questions that you have to take note of and then proceed to the configuration of your mail/collaboration software with the anti-virus and anti-spam tools.

One option is a Postfix mail server.

To configure Postfix, I advise you to read the very comprehensive instructional material of Tobias Rice. I did not find better directions and they are long enough to be beyond the scope of this article. They are a step-by-step tutorial on configuring ClamAV and SpamAssassin for a Postfix mail server. The article is on Debian, but since we are using Ubuntu Server from the beginning, you should have no problem with the apt-get installation method.

Another option is the Citadel Groupware server.

There are many anti-virus and anti-spam software available for Linux: AVG, Sophos, ClamAV, etc.. For ease, we will choose ClamAV software to work on our Citadel Groupware server. I direct you to Apache Wiki's ClamAV plug-in page, which has very concise documentation on enabling ClamAV to check e-mail for virus/malware detection on a Citadel Groupware Server. I can not write any better.

For anti-spam, I definitely recommend SpamAssassin. In addition to the Linux server that we are building, you can also use it on your personal computer. To install SpamAssassin, you can issue apt-get install spamassassin as the root user and have it installed on your computer. To enable it, you have to edit the configuration file located in /etc/default, named spamassassin. At the top, you will see a line that reads “# Change to one to enable spamd”; just below, change the ENABLED value to one (ENABLED = 1). And start it with the command /etc/init.d/spamassassin start as root. From this point on, SpamAssassin will be listening to the default e-mail ports. If you have made any changes to the port numbers, then you will have to make the necessary configuration change for SpamAssassin to enable it to listen to those ports. That’s all that needs to be done to get SpamAssassin running on your Citadel server.

There is more to do than making some changes in the configuration files when you are building a first defense line for your network. If you implement counter measures without considering your network structure, then you need to make sure that you are not opening up some holes to be exploited.

In addition, you should consider commercial tools for your defense line. We have gone with the free tools, which are not less effective than their commercial competitors, but you have to make sure that you can get support whenever you want. For your gaming computer, you can ‘support’ yourself, but if you are left with a down network infected by malware then getting outside support will be of the utmost importance to get your business running again.