Identification of viruses and malware

14.4. Identification of viruses and malware#

The UCS mail services include virus and malware detection via the univention-antivir-mail package, which is automatically set up during the setup of the mail server package. The virus scan can be deactivated with the Univention Configuration Registry Variable mail/antivir.

All incoming and outgoing emails are scanned for viruses. If the scanner recognizes a virus, the email is sent to quarantine. That means that the email is stored on the server where it is not accessible to the user. The original recipient receives a message per email stating that this measure has been taken. If necessary, the administrator can restore or delete this from the /var/lib/amavis/virusmails/ directory. Automatic deletion is not performed.

The AMaViSd-new software serves as an interface between the mail server and different virus scanners. The free virus scanner ClamAV is included in the package and enters operation immediately after installation. The signatures required for virus identification are procured and updated automatically and free of charge by the Freshclam service.

Alternatively or in addition, other virus scanners can also be integrated in AMaViS. Postfix and AMaViS need to be restarted following changes to the AMaViS or ClamAV configuration.