Re: [SLUG] sendmail virus filtering

[Grant Parnell <gripz@xxxxxxxxxxxxxx>]

On Sun, 11 Nov 2001, Jeff Waugh wrote:

> <quote who="Dennis M. Gray">
> 
> > Can anyone recommend some virus filtering software that could be invoked
> > when processed by sendmail or at least post-processed when aliasing?
> 
> Amavis, on both counts. It's very cool, and blows apart all the compressed
> and Microsoft-butchered mail so it can scan the Very Insides. :)
> 
> Teamed up with NOD32 or AVP (both proprietary, and 'Eastern Bloc'), it makes
> for a very good Windows Weenie Protection Mechanism.
> 
>   Amavis: http://www.amavis.org/
>   NOD32: http://www.nod32.com.au/
> 
> - Jeff

I dare say probably any of these can be combined with Mfilter which I'm 
probably the main developer of at the moment. Works with sendmail and Exim 
that we've tried so far but is probably easily adapted to others, worst 
case you can run your existing MTA on a different port and write something 
to direct the passed emails to it.

You basically receive mail with Obtuse-smtpd listening on port 25, pass it
through Mfilter which is basically a perl script (for the moment) that
performs some check of your chosing (virus scan, custom script, file type
blocking, sender/receiver based blocking) and decides whether the mail
should continue or be trashed/archived. If it's passed it then gets
forwarded (using smtpfwdd) to your regular MTA for onward delivery. Mailed
messages optionally respond to the sender telling them their mail may have
a virus for example (and includes the log - optionally).

There's also a script that does nice pretty statistics and outputs HTML
pages.

Grab the latest version out of CVS off SourceForge, the current 'release' 
is truly ancient, the CVS one is stable enough and runs in a user context 
rather than as root.

-- 
---<GRiP>--- 
Web: www.arcadia.au.com/gripz 
Phone/fax: 02 4950 1194   
Mobile: 0408 686 201