[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: How I did integrate Virus Scanner to ZMailer
I'm taking a similar approach (actually using 2 separate postoffice's instead
of modifying router.c, but conceptually it's the same thing).
However, I'm trying to adapt MailScanner (http://MailScanner.info) to do AV
and antispam checking...
The problem is that MailScanner only has support for Sendmail and Exim. I'm
looking at the code and talking to the developers and it isn't a simple thing
to adapt it to "one-file-queue" mailers like zmailer or postfix because the
module interfaces aren't quite clean yet... they are working towards it.
In the meantime I'm writing a quick filter to convert the zmailer router
queue files into pseudo-sendmail-qf-and-df files so that MS processes them
and then convert them back for zmailer's router to take over.
It is clumsy, but I expect to have something working in a week or so. I'll
also try to see if MS can be cleaned up a bit more so as to be able to
support zmailer directly.
MailScanner is nice because, conceptually, works a bit like zmailer does. It
takes a bunch of messages from one queue, processes them and puts them in
another queue.
Actually, it takes a bunch of messages, explodes their content into files,
does a bit of internal analysis (rbl lists, typical html vulnerabilities and
the like) and then hands them to SpamAssassin (http://spamassassin.org) and
then runs a virus scanner thru them.
It just needs a standard virus file scanner without any special support (see
the web page for supported scanners).
It is very configurable in the sense that you can ask it to do or not most of
its tests and you can even pass more than one AV scanner to each attachment
(were you paranoid enough).
What would be helpful in zmailer (either for this or other kind of stuff you
could eventually want to do in the queue) is that either smtpserver or router
could be configured (either thru command line or config file) to use a
different directory than "router" for output or input respectively.
e.g.
smtpserver -O xxxx
where xxxx is a directory name relative to the $POSTOFFICE for smtpserver's
output queue
or
router -I xxxx
where xxxx is a directory name relative to the $POSTOFFICE for router's input
queue
or both...
El 13 Mar 2003 a las 16:54, Tomasz Nowak escribió:
> Hi,
>
> Especcialy for Matti.
>
> 1. Change source directory for router daemon in router/router.c.
> Replace "router" with for example "clean".
>
> 2. Make standalone process which scans directory router, get files,
> scan with antyvirus, if ok then put them to directory clean. If
> virus then generate warning message to sender and recipient and
> delete virus message.
>
> 2.a. How scan ? I use a little modified amavis script. My amavis
> gets message and extracts all attachments.
>
> 2.b. Run antyvirus with extracted attachments.
>
> This is quite simple. I wrote for this simple perl script.
>
> Some of antyviruses can extract attachments internaly. In this case
> you can omit step 2.a.
>
> If you have any question I help you with pleasure.
--
Mariano Absatz
El Baby
----------------------------------------------------------
It is now proved beyond doubt that smoking is one
of the leading causes of statistics.
-- Fletcher Knebel
-
To unsubscribe from this list: send the line "unsubscribe zmailer" in
the body of a message to majordomo@nic.funet.fi