The other day I decided to check the Vista Firewall in detail since I had never actually gone through it after installing my beta version on the laptop. Considering the fact that security has been a prime concern recently for all small business and organizations, the Windows Vista Firewall surley has that “something more” in store. Here are some highlights that I would like to share:

• Different Interface: This time the firewall comes with more managible options compared to the Security Center that we have in Windows XP. There is a beginners interface which is accessible from the Control Panel while we have a more advanced interface for the geeks out there. This can be accessed by creating a custom MMC. It’s good in a way that the advanced controls are not left out in the open since this would prevent the beginners from disrupting the firewall rules while providing a way for advanced users to customize firewall settings more granularly and control outbound as well as inbound traffic. For network and system administrators, now configuring the firewall on clients can also be controlled via Group Policy settings.
• Secure by Default: The moment the firewall is installed, it is configured by default to block all incoming traffic while allowing all outbound. The Vista firewall also works in conjunctions with Vista’s new Windows Service Hardening feature. This means that if the firewall detects behavior that is prohibited by the Windows Service Hardening network rules, the firewall will block that behavior. The firewall also fully supports a pure IPv6 network environment.
• PING is Blocked: Digging deeper in to the advanced configuration, I noticed that all incoming ICMP requests were blocked. Well, that surley means that finding the host for hacking is going to be difficult now though it also means no more preliminary diagnostics unless the block is cleared.
• Inbound and Outbound Rules: Now that’s where I like to play. The advanced interface opens up a lot more features of the firewall where we can open up custom ports for specific programs. We can even make selection from some predefined configurations or run the rule creation wizard. The best part is that we can apply rules to services, ports or programs. Now that’s flexibility at work.
• AD Based Rules: This, I would say, is a blessing for network and system administrators. Now we can create rules which directly integrate with the Active Directory to block or allow connections based on Active Directory User, Computer, or Group Accounts. The flip side — the connection should be secured by IPSec with Kerberos v5.
• Multiple Policies: Using the MMC snap-in for advanced configuration we can set up multiple firewall profiles so that we can have a different firewall configuration for different situations. I created three firewall profiles on my laptop: one for connecting to my domain in office, one for connecting from my Home Wi-Fi network, and one for connecting from a public network (specially while waiting at the airports furing delayed flight schedules).

There are lot of other features relating to IPSec, Custom Authentication Rules, Security Wizard for creating Security Rules, etc. but I think they would not appeal much to the general public so I’m keeping them off the list.

The bottom line is that the Vista Firewall is no longer Basic.

This article will show you how to add free Anti-virus (ClamAV) and spam filtering (SpamAssassin) for SmarterMail. Although SmarterMail comes with built-in spam filtering it is far less powerful than SpamAssassin.

Step # 1: Install Clam-AV

• Download and install the latest version of Clam Anti-Virus from http://www.sosdg.org/clamav-win32  with the default installation path. If you change this make sure that the correct path is put in the steps that follow in this document.

Step # 2: Run Clam as Service

• Clam needs to run as a service so that there is optimum utilization of memory. For this we need to run CLAMD.EXE as a service rather then configuring SmarterMail to use CLAM.EXE. To enable Clam to run as service, download the Windows 2003 Resource Kit. What we need from there is INSTSRV.EXE and SRVANY.EXE
• Once the Resource Kit has been installed, go to the command prompt and type: INSTSRV ClamAV “C:\Program Files\Windows Resource Kits\Tools\srvany.exe”
• This step will write ClamAV as a service in the registry
• Open the Services Manager and locate ClamAV service
• Right-click ClamAV and set it up to run under administrator account. This is important else ClamAV will fail to check the spools
• Next, open registry editor and locate HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ClamAV
• Add a new key called Parameters
• Under Parameters add a new String Value (REG_SZ) called Application and set the path to C:\\clamav-devel\\bin\\clamd.exe
• Once this is set, get out of the registry editor and go back to the Services Manager. Set the ClamAV service to Automatic and start it.
• To verify that ClamAV is running fine, open C:\clamav-devel\log and verify that the clamd.log file is created. Open and see if the service has started.

Note: ClamAV does not kill the process automatically. If you need to reset, first kill the clamd process from Task Manager and then restart the service.

Once the configuration is done, we will further configure ClamAV for use with SMFilter (configured later in this document). To do so:

Configure clamd to use TCP Sockets (it uses Local Socket by default). Open clamd.conf (by default in “C:\clamav-devel\etc”) in a text editor and comment out (add a ‘#’ in front of the line) the option “LocalSocket”. It should look like this:

#LocalSocket /cygdrive/c/clamav-devel/clamd.sock

Then uncomment the “TCPSocket” and “TCPAddr” options. It should look like this:

TCPSocket 3310

TCPAddr 127.0.0.1

Now just save the file, kill the current clamd.exe process and restart service.

Step # 3: Schedule Task for updating ClamAV

• To ensure that ClamAV database is updated automatically, create a task in the Task Scheduler which calls FreshClam and runs it daily

Step # 4: Install and Configure SpamAssassin

• Download SpamAssassin for Windows from http://spamassassin.apache.org

Note: SpamAssassin requires Perl to be installed. This article assumes that you have already configured ActiveState Perl on the server.

• Open DOS Prompt and browse to the PPM directory under Perl. Type PPM3 to initiate Perl Package Manager. This is the easiest way to install Perl Modules.
• To install a module all you need to do is type install <modulename>. If the module is already installed, you will be asked.
• The following modules need to be installed for SpamAssassin to work:
  • Module Comments
  • HTML-Parser Older builds of both Perl 5.6 and 5.8 will probably not have a new enough version (Check with PPM in QUERY). At least 3.24 is required.
  • Digest-SHA1 Older builds of both Perl 5.6 and 5.8 may need to upgrade via PPM. Check using QUERY in PPM. This module is also required
  • DB_File On Perl 5.8.7, PPM will install version 1.812.
  • Net-DNS On Perl 5.8.7 PPM will install version .53, which appears to work correctly on Win32 systems.
  • Time-HiRes PPM will install v1.49 for Perl 5.87
  • IP-Country PPM will install v2.20 for 5.84
  • Mail-SPF-Query This module is used only for SPF
  • DBI On Perl 5.8.7, installs DBI 1.48
• Before we can use SpamAssassin, the following configuration changes are required to be done:
  find \perl\bin\spamasasssin.bat (it is probably read-only), and add at the beginning (well, nearly: right after the @ECHO OFF line.)

SET RES_NAMESERVERS=ipaddress
SET LANG=en_US

where ipaddress is the ipaddress of your DNS server. If you have more than one, add additional ones, separating with a space character. This is needed for all RBL lookups to function properly. (Net-DNS in theory can query Windows for the right nameserver, but has not demonstrated reliability in this matter.)

You should make similar changes to \perl\bin\sa-learn.bat if you plan on using the Bayesian spam functionality.

Step # 5: Install and Configure SMFilter

• Download SMFilter from http://projects.efextra.com/SMFilter-beta2.zip and extract the files to any directory (e.g. “C:\SmarterMail”).
• Set the path to ClamAV (if using the command line scanner) and SpamAssassin in the SMFilter.ini file if they are different from the defaults.
• Make sure SMFilter is set to use direct connection to clamd (USE_SOCKET=1, CLAMD_PORT=3310, and CLAMD_HOST=127.0.0.1 in SMFilter.ini)
• Configure the message added in the subject of infected mails to [VIRUS FOUND]
• Action to be taken on infected emails (Clean, Quarantine, Delete, or Ignore) to Clean

Step # 6: Configuring SmarterMail

• Login to SmarterMail control panel as admin and go to the “Protocol Settings or General Settings” page.
• Set the “Command-line EXE or batch file to run on new mail” field to “C:\SmarterMail\SMFilter.exe %filepath” (without quotes) or whatever the path to SMFilter.exe is.
• Check the “Enabled” check box next to it and save settings.
• Restart SmarterMail Service

To ensure everything is running fine, open the following logs files:

• SmarterMail Logs: check the delivery log to see if it tags Command Line executed successfully
• ClamAV: check the clamd.log to see if ClamAV is running fine
• For further testing of SPAM, visit the following site: http://www.efextra.com/filtertest.asp

I’m no Shakespeare… but here I am with my very own blog!

The reason why I decided to start this Blog is mainly to share my experience and technical resources on Microsoft platforms — mainly on Windows 2003 Servers, Active Directory, MS Exchange Server, ISA Server and more…