How can I integrate Kaspersky Anti-Virus (KAV) into the SME Server?
Klaus J. Mueller (kjm (at)
v0.1d, 2004-01-21

Use this documentation at your own risk. I will not accept any responsibility for any incorrect information within this document, nor for any damage it might cause when applied. It worked for me and it should work for you.

Copyright (C) 2002 Klaus J. Mueller. Permission to distribute and modify this document is granted under the GNU General Public License as long as this Copyright notice is left unmodified.

Current version
The most current version of this document can be obtained from

Cheers to Christian Hofmann of the german distributor of KAV, Data Security, for helping me with his intimate knowledge of KAV and also to the e-smith respectively SME people!

It's quite handy to have all your eMail - in- and outbound - automagically checked for viruses. This HowTo shows you how to integrate Kaspersky Anti Virus into the SME-Server.

This HowTo is based (and tested) on SME-Server V5.5 and KAV engine V3.5.136 for Linux Server. You will obviously need a running installation of the SME-Server. This document should also work for SME-Server V5.1.x - can anyone confirm this?

Let the games begin!
What else do we need? Some Files (for which we create a directory to temporarily store them first):
    > mkdir /tmp/kav4sme/
Create the directories for KAV:
    > mkdir /opt/AVP
    > mkdir /opt/AVP/Bases
    > mkdir /opt/AVP/kavkeeper
    > mkdir /opt/AVP/keys
    > mkdir /opt/AVP/Tools
Now download the files and store them in /tmp/kav4es/: Now we go to our temp directory to unpack the files:
    > cd /tmp/kav4sme/
    > tar -xvzf *kavselinux.tgz   # (010810kavselinux.tgz at time of writing)
This will give us several files for different mail servers (sendmail, qmail, postfix and exim). As SME uses qmail, we're only interested in this one (don't mind the others):
    > tar -xvzf kavkeeper-qmail-linux-3.5.136.tgz # (engine 3.5, release 136 is current at time of writing)
Remark: An error message will appear. Why? Well, the guys at KAV attach some checksum data right to the end of the tgz-file. In their installer script (which - well - doesn't really look like a time-saver to me) they use this information to check the integrity of the files. That, of course, is a very good idea. We'll do without anyway. As mentioned before - I think all in all it's better to do the installation by hand. So, just ignore the message.

Now, let's unpack the workstation tools:
    > tar -xvzf kavwslinux.tgz
Remark: Again, an error message will appear. Be brave - ignore.

Grab the important files and put them in place:
    > cd /tmp/kav4sme/kavwslinux/
    > mv AvpUnix.ini defUnix.prf kav* /opt/AVP/
    > ln -s /opt/AVP/AvpUnix.ini /root/
    > mv *.key /opt/AVP/keys/
    > mv ../kavkeeper.ini /opt/AVP/kavkeeper/
    > mv Tools/checkurl /opt/AVP/Tools/
    > mv EtcScripts/cron/kavupdater.daily /etc/cron.daily/
    > mv EtcScripts/init.d/kavdaemon.rh7 /etc/init.d/kavdaemon.start
    > mv ../kavkeeper.8 /usr/man/man8/
    > mv Docs/man/*.8 /usr/man/man8/
Make sure, checkurl is known system wide:
    > ln -s /opt/AVP/Tools/checkurl /usr/bin
Create the links to automatically start the kavdaemon on system boot:
    > ln -s /etc/init.d/kavdaemon.start /etc/rc7.d/S80kavdaemon.start
    > ln -s /etc/init.d/kavdaemon.start /etc/rc7.d/K10kavdaemon.start
Modify the ini files

Open /opt/AVP/AvpUnix.ini in your favourite editor: (vi, joe, mc's editor) and change the following:
At this stage you can test what you've done so far by firing up either the command line scanner or the daemon:
    > /opt/AVP/   # download virus-definition files first; otherwise the scanner won't really know, what to search for...
    > /opt/AVP/kavscanner      # if you're impatient you can cancel that at some stage by pressing <Ctrl-C>
    > /opt/AVP/kavdaemon
Both should work and - among other things - state, that they're running in trial mode. If they give you error messages: go back! Do your homework! You failed! (everyone getting caught in an endless loop here is allowed to send me mail.
Before you go any further you should be aware that the following steps will temporarily (well - if you're lucky) affect your mail system. Best idea is to shut down your mail system for now:
    > /etc/init.d/qmail stop
We want to integrate KAV into qmail and the mechanism for this is to rename the original "qmail-queue" file and replace it by one that incorporates the kavdaemon:
    > mv /var/qmail/bin/qmail-queue /var/qmail/bin/qmail-que
    > mv /tmp/kav4sme/qmail-queue /var/qmail/bin/qmail-queue
    > chown qmailq:qmail /var/qmail/bin/qmail-queue
Use your editor to open /opt/AVP/kavkeeper/kavkeeper.ini and modify these entries:
    kavdaemonname=kav@yourdomain.comm     # well - you'll obviously want to replace the domain name; 
                                          # this entry determines the "from" address of virus detection mail messages
    infectedaction=NOTIFY                 # send message to recipient, sender and admin
    infectednotify=virus@yourdomain.comm  # well - same thing - replace this!
                                          # this is where the admin mails go to
                                          # Remark: you can also set this to "root" which only makes sense
                                          # if you don't "forward administrative notices" to a local user!!!
                                          # If you do, you'll get a nice mail loop:
                                          # (mail -> scan for viruses -> infected -> notify admin -> forward to local user
                                          # -> scan for viruses -> infected -> ...
    attachinfected=no                     # don't attach the original mail message - even if it has been disinfected
                                          # why? Imagine a user getting a message "hey - user "foo" was going to send you mail that was infected with virus "bar"
                                          # you can find the message in the attachment"
                                          # well - is the virus really gone? I'm scared! ...
Remark: after modifying kavkeeper.ini you don't need to restart kavdaemon - changes become active instantaneously

Same thing with /opt/AVP/defUnix.prf:
    ReportFileSize=50000                   # maximum file size in kBytes
That's it!
Now, start kavdaemon:
    > /etc/init.d/kavdaemon.start start
And qmail also:
    > /etc/init.d/qmail start
Remark: Currently there is a newer version then 3.5.136 of the KAV engine available. According to H. Hofmann of Data Security, who have done excessive testing, the new version is not ready for productional use, yet.

Version history
v0.1 2002-11-08 initial release
v0.1a 2003-03-17 added the "" command to avoid error message when testing the scanner. Thanx to Tim Litwiller for bringing this to my attention!
v0.1b 2003-08-04 modified the URL of the key file on Datsec's server - appearantly they changed the file name but forgot to notify me ;-)
v0.1c 2003-11-17 updated outdated link (again) to a file on Datsec's server. Thanx to Quentin Gillet for notifying me! v0.1d 2004-01-21 some minor corrections