[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: How I did integrate Virus Scanner to ZMailer

About a year ago I was dealing with similar problem and done it
somehow different way:

TN> Hi,

TN>   Especcialy for Matti.

TN>   1. Change source directory for router daemon in router/router.c.
TN>   Replace "router" with for example "clean".

No changes in code, just inserted some script calls in router main

TN>   2. Make standalone process which scans directory router, get files,
TN>   scan with antyvirus, if ok then put them to directory clean. If
TN>   virus then generate warning message to sender and recipient and
TN>   delete virus message.

Not standalone - but my system is not a high capacity one

TN>   2.a. How scan ? I use a little modified amavis script. My amavis
TN>   gets message and extracts all attachments.

Modified emailscan.0.12 - basic script could not properly handle
envelopes and I needed some fancy fireworks,
attachements extracted using ripmime

TN>   2.b. Run antyvirus with extracted attachments.

same. At now Kaspersky AV does it's job fine.
At the beginnig we were using Sophos but costs were too big.

At the same time emailscan does some simply content-filtering so we
block before scanning emails containing *.pif, *.lnk, *.scr and some
multimedia files (*.mp3, *.mpg etc. - company policy)

It's now more than a year of successfull virus protection.

TN>   This is quite simple. I wrote for this simple perl script.

TN>   Some of antyviruses can extract attachments internaly. In this case
TN>   you can omit step 2.a.

TN>   If you have any question I help you with pleasure.

TN> Pozdrawiam.

 Robert Kurjata                          mailto:rkurjata@ire.pw.edu.pl

To unsubscribe from this list: send the line "unsubscribe zmailer" in
the body of a message to majordomo@nic.funet.fi