[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Problem - I have



On Wed, Jun 25, 2003 at 08:41:34AM +0200, Piotr Batruch wrote:
> Hello
>     I have a big problem with virus (Bugbear.b). I have Drweb - antivirus
> program, but this work not goot with zmailer. I was corespond with support,
> but they was send me to zmailer autors.
> Zmailer do not allow scanning NON-smtp deliveries by content filtering
> programs, but localy mail have virus.

There has for a long while been hook at the smtpserver input for
whatever you want to be scanned.  If your email isn't sent with
smtp for some reason (I can't fathom any where UNIX server could
be accessed by virus supporting applications without sending emails
via the smtp .. anyway)..  then you might need recently added
  INPUTDIRS
mechanism.  By default that is not enabled, nor are its directories
created under the POSTOFFICE tree.  Look for that (commented out)
variable name in  SiteConfig(.in)  file:

 http://www.zmailer.org/cgi-bin/cvsweb.cgi/~checkout~/zmailer/SiteConfig.in?rev=1.21&content-type=text/plain

A file flow map about where that would fit in is:

 http://www.zmailer.org/zman/zmdirs.gif

> How I can fix this problem with zmailer and Drweb. I can't change Drweb.

You need to cook up your own directory queue scanner, which feeds messages
to Drweb, picks out ZMailer meta headers, etc.  and once done its job,
feeds them to router input directory.

Another approach would be to run the interface to Drweb from under
router's   process.cf script's  process()  function, something like:
(I have abridged this with heavy hand.. see the file for the place)

        case "$file" in
	.....
#       [0-9]*)	         rfc822 "$file" ;;  ## Original
        [0-9]*)          $MAILBIN/check-with-drweb "$file" &&
		              rfc822 "$file" ;;
	.....
        esac

The central idea there is that the "check-with-drweb" program does
its job of feeding the message to drweb, which might be resident
tester daemon, while that interface is quickly starting low overhead
binary. 

It does leave the file unmodified, if all is fine (or rewrites it,
IN PLACE, if it wants to do that - file name is supposedly its
filesystem i-node number!  st_ino  of 'struct stat' data.  There
are dangers in there with this, mainly correct lossless handling
of spool filling up..)  When the interface is signaling that all
is fine, it shall  exit(0)   and when things aren't fine,
it shall exit(1) (any value 1 thru 255, actually)

When all isn't fine, the interface shall also move the troublesome
file into somewhere else, like into  $POSTOFFICE/freezer/  or
$POSTOFFICE/postman/ (or something else under $POSTOFFICE)
directory with preferrably some sort of name suffix telling what
was wrong.  E.g.:   2345-3232.Klez-B_foobar
Name suffix must not have "/" character in it, and it should not
have anything else which is inconvenient in UNIX shells..
Translate such characters to e.g. "_".

> Help me, please.
> Forgive me my languge, please.

Understandable enough in this context, maybe not sufficient for
passing thru Oxford exams, but that isn't needed here ;-)

> Peter
> piotr@bicom.pl
-- 
/Matti Aarnio	<mea@nic.funet.fi>
-
To unsubscribe from this list: send the line "unsubscribe zmailer" in
the body of a message to majordomo@nic.funet.fi