You are not logged in.

#1 2004-04-13 17:26:52

zbled
Member
Registered: 2004-01-25
Posts: 56

Scan Mails for Viruses

I'm not sure if this 's the right place for my question, but anyway....

anyone knows a program like amavis to scan incoming mails - but without the need of a mailserver software like exim, qmail etc...

I'm fetching mails with fetchmail - pass them to spamassassin (via procmail) - and afterwards I want to pass them to the virusscan (antivir) before delivering the messages to the mailbox.

thanks in advance

Offline

#2 2004-04-13 21:08:22

Xentac
Forum Fellow
From: Victoria, BC
Registered: 2003-01-17
Posts: 1,797
Website

Re: Scan Mails for Viruses

Doesn't clamav do this?


I have discovered that all of mans unhappiness derives from only one source, not being able to sit quietly in a room
- Blaise Pascal

Offline

#3 2004-04-16 16:31:39

zbled
Member
Registered: 2004-01-25
Posts: 56

Re: Scan Mails for Viruses

xentac, thanks for your help... i've just added /tmp to to the virus-scan - at least it avoids executing malicous files - that's what i wanted wink

Offline

#4 2004-06-20 20:27:39

Martillo1
Member
From: My kabila in Lavapiés
Registered: 2004-02-20
Posts: 66

Re: Scan Mails for Viruses

I added "clamav" to the daemons in /etc/rc.conf but clamd and freshclam do not seem to start (I do not see the entry in /var/log/clamav/clamd.log).

What am I doing wrong?

Offline

#5 2005-01-29 09:38:46

cactus
Taco Eater
From: t͈̫̹ͨa͖͕͎̱͈ͨ͆ć̥̖̝o̫̫̼s͈̭̱̞͍̃!̰
Registered: 2004-05-25
Posts: 4,622
Website

Re: Scan Mails for Viruses

I finally got something rolling with regard to this.
I installed amavisd-new, got it "mostly" configured.
Installed Clam-AV, got it "mostly" configured.
Same with spamassassin.

I am finally getting some results! yay..after bonking my head on the table for a while (must have done the trick), I got things working...

I sent myself the EICAR and GTUBE test strings
EICAR -- Virus test string
GTUBE -- Spam test string (it auto assigns a bayesian score of 1000!! lol)

And log messages started spitting out! yay.
Now..if only I had documented my steps.
roll

Well, I can likely recall enough of what I did to whip up a wiki page that will thoroughly confuse everyone, including myself..I can only hope.  wink

Oh..here is the "virus warning" sent to the virus admin..
I need to modify it to send the stripped mail to the user..so they can deal with it themselves...  :twisted:

A virus was found: Eicar-Test-Signature

Scanner detecting a virus: ClamAV-clamd
The mail originated from: 
First upstream SMTP client IP address:

According to the 'Received:' trace, the message originated at:
  (SquirrelMail authenticated user)

Notification to sender will not be mailed.

The message WAS NOT delivered to:
   250 2.7.1 Ok, discarded, id=14682-02 - VIRUS: Eicar-Test-Signature

Virus scanner output:
  p001: Eicar-Test-Signature FOUND

The message has been quarantined as:
  virus-20050129-011845-14682-02

------------------------- BEGIN HEADERS -----------------------------
Return-Path: 
Received: from 
        by  (Postfix) with ESMTP id 
        for ; Sat, 29 Jan 2005 01:18:44 -0800 (PST)
Received: from with local (Exim 4.44)
        id 
        for; Sat, 29 Jan 2005 01:19:51 -0800
Received: from 127.0.0.1 ([127.0.0.1])
        (SquirrelMail authenticated user );
        by with HTTP;
        Sat, 29 Jan 2005 01:19:51 -0800 (PST)
Message-ID: 
Date: Sat, 29 Jan 2005 01:19:51 -0800 (PST)
Subject: EICAR virus checker test.
From: 
To: 
Reply-To: 
User-Agent: SquirrelMail/1.4.3a
X-Mailer: SquirrelMail/1.4.3a
MIME-Version: 1.0
Content-Type: text/plain;charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
X-AntiAbuse: This header was added to track abuse, please include it with any abuse
report
X-AntiAbuse: Primary Hostname - 
X-AntiAbuse: Original Domain - 
X-AntiAbuse: Originator/Caller UID/GID -
X-AntiAbuse: Sender Address Domain - 
X-Source: 
X-Source-Args: 
X-Source-Dir: 
-------------------------- END HEADERS ------------------------------

Note: Removed user data and ip dilineations.
*yawn*
Time for sleepy now. ZZZzzz


"Be conservative in what you send; be liberal in what you accept." -- Postel's Law
"tacos" -- Cactus' Law
"t̥͍͎̪̪͗a̴̻̩͈͚ͨc̠o̩̙͈ͫͅs͙͎̙͊ ͔͇̫̜t͎̳̀a̜̞̗ͩc̗͍͚o̲̯̿s̖̣̤̙͌ ̖̜̈ț̰̫͓ạ̪͖̳c̲͎͕̰̯̃̈o͉ͅs̪ͪ ̜̻̖̜͕" -- -̖͚̫̙̓-̺̠͇ͤ̃ ̜̪̜ͯZ͔̗̭̞ͪA̝͈̙͖̩L͉̠̺͓G̙̞̦͖O̳̗͍

Offline

#6 2005-01-31 11:30:06

Moo-Crumpus
Member
From: Hessen / Germany
Registered: 2003-12-01
Posts: 1,487

Re: Scan Mails for Viruses

cactus wrote:

I finally got something rolling with regard to this.
I installed amavisd-new, got it "mostly" configured.
Installed Clam-AV, got it "mostly" configured.
Same with spamassassin.

More, more, tell us more! smile


Frumpus addict
[mu'.krum.pus], [frum.pus]

Offline

#7 2005-01-31 12:07:22

cactus
Taco Eater
From: t͈̫̹ͨa͖͕͎̱͈ͨ͆ć̥̖̝o̫̫̼s͈̭̱̞͍̃!̰
Registered: 2004-05-25
Posts: 4,622
Website

Re: Scan Mails for Viruses

patients o pink one.  wink
I still have an issue. Right now it is just stripping emails of viruses and sending them to virus-admin (a special email account). I want it to strip the virus, and still send the mail along to the user...sans virus of course..  lol

Spam mails are just getting bounced right now. I want to tack on a spam header, and put it in a user's spam folder....once I get that sorted out, then I will toss together a wiki page on it.

yikes.. so much to do...so much to do...


"Be conservative in what you send; be liberal in what you accept." -- Postel's Law
"tacos" -- Cactus' Law
"t̥͍͎̪̪͗a̴̻̩͈͚ͨc̠o̩̙͈ͫͅs͙͎̙͊ ͔͇̫̜t͎̳̀a̜̞̗ͩc̗͍͚o̲̯̿s̖̣̤̙͌ ̖̜̈ț̰̫͓ạ̪͖̳c̲͎͕̰̯̃̈o͉ͅs̪ͪ ̜̻̖̜͕" -- -̖͚̫̙̓-̺̠͇ͤ̃ ̜̪̜ͯZ͔̗̭̞ͪA̝͈̙͖̩L͉̠̺͓G̙̞̦͖O̳̗͍

Offline

#8 2005-02-02 10:46:52

cactus
Taco Eater
From: t͈̫̹ͨa͖͕͎̱͈ͨ͆ć̥̖̝o̫̫̼s͈̭̱̞͍̃!̰
Registered: 2004-05-25
Posts: 4,622
Website

Re: Scan Mails for Viruses

yay! progress on amavisd front.
I figured out how to get amavis to tell spamassassin to modify the header, body, and strip out naughtiness in spam. The user now gets a message with the spam score in the body, the original message attached as a mime attachment, and the subject prepended with
***SPAM***

Virus scan is now sending a message to the recipient that a message had a virus, and was dumped. I am looking into doing the same as I did with spamassassin.
Viva la "defang" option in amavisd-new!

I am getting close to a writeup as well. It may be a bit fuzzy at first, as I have done so much tinkering, that I might have trouble retracing some of the steps. Thank goodness for diff is all I can say.  wink


"Be conservative in what you send; be liberal in what you accept." -- Postel's Law
"tacos" -- Cactus' Law
"t̥͍͎̪̪͗a̴̻̩͈͚ͨc̠o̩̙͈ͫͅs͙͎̙͊ ͔͇̫̜t͎̳̀a̜̞̗ͩc̗͍͚o̲̯̿s̖̣̤̙͌ ̖̜̈ț̰̫͓ạ̪͖̳c̲͎͕̰̯̃̈o͉ͅs̪ͪ ̜̻̖̜͕" -- -̖͚̫̙̓-̺̠͇ͤ̃ ̜̪̜ͯZ͔̗̭̞ͪA̝͈̙͖̩L͉̠̺͓G̙̞̦͖O̳̗͍

Offline

#9 2005-02-03 08:29:11

cactus
Taco Eater
From: t͈̫̹ͨa͖͕͎̱͈ͨ͆ć̥̖̝o̫̫̼s͈̭̱̞͍̃!̰
Registered: 2004-05-25
Posts: 4,622
Website

Re: Scan Mails for Viruses

ok..
here is the wiki I worked up for it.
http://wiki2.archlinux.org/index.php/Am … %20Postfix

Still a very rough wiki page. I have to go back throught the installation at some point, following the steps in the wiki.
I wrote it mostly from memory, and duing the process of actually doing it, there was much thrashing around, weeping, and gnashing of teeth. So, in all likelihood, I forgot some stuff in there...

That will teach me not to write EVERYTHING down while I am working on such projects..
It is so easy to get into the habit of.."oh, that didn't work, let me flip this variable and try again.."
Trial and error is damn hard to document afterwards..
lol
roll


"Be conservative in what you send; be liberal in what you accept." -- Postel's Law
"tacos" -- Cactus' Law
"t̥͍͎̪̪͗a̴̻̩͈͚ͨc̠o̩̙͈ͫͅs͙͎̙͊ ͔͇̫̜t͎̳̀a̜̞̗ͩc̗͍͚o̲̯̿s̖̣̤̙͌ ̖̜̈ț̰̫͓ạ̪͖̳c̲͎͕̰̯̃̈o͉ͅs̪ͪ ̜̻̖̜͕" -- -̖͚̫̙̓-̺̠͇ͤ̃ ̜̪̜ͯZ͔̗̭̞ͪA̝͈̙͖̩L͉̠̺͓G̙̞̦͖O̳̗͍

Offline

Board footer

Powered by FluxBB