Kevin,
> I have a copy of Kaspersky AV for Linux mail servers, version 5.6,
> installed on my gateway. I can get amavisd-new to recognize the file
> system scanner by adding the following to the amavisd-new config file,
> as an application location:
>
> /opt/kaspersky/kav4lms/bin/kav4lms-kavscanner
>
> However, invoking this scanner is fairly expensive CPU and memory wise
> and I'd much prefer to use the daemon version that this version of
> Kaspersky ships with. I am using Postfix as my MTA. The problem is I
> cannot find an easy way to get amavisd-new to utilize the Kaspersky
> daemon, because the daemon itself is designed to operate in a pre or
> post queue setup with Postfix, as a content filter and with mail being
> reinjected back into the queue after the Kaspersky daemon scans it.
> One solution would be to setup two content filters in Postfix; have
> the first one forward to Kaspersky kavmd, then have that reinject back
> into the queue, where a second content_filter would pass the message
> onto amavisd-new, and then reinject the message into the queue for
> final processing and delivery. However, that means having Postfix
> write the message out to disk at least twice and creates potentially
> twice the load on the server.
>
> So has anyone figured out a way to have amavisd-new interface directly
> with kavmd, the Kaspersky AV mail daemon?
Perhaps the new feature in 2.6.4-rc1 will come handy:
- a new experimental interface to SMTP-based antivirus scanners is provided;
an @av_scanners entry may look like the following:
['av_smtp', \&ask_av_smtp,
['{}', 'smtp:[127.0.0.1]:5525', 'du...@localhost'],
qr/^2/, qr/^5/, qr/FOUND:\s*(.*?)\s*$/m ],
The ask_av_smtp mechanism connects to a virus scanner using the specified
protocol (typically SMTP or LMTP) on a given IP address and a port number,
considering the virus scanner as an ordinary MTA. The full original
message is then fed to the scanner (currently ignoring the "{}" argument),
using the original envelope sender address and a given address as a single
recipient (defaults to 'du...@localhost'). It is expected that a virus
scanner will accept a clean message (2xx) and reject an infected message
(status 5xx). A SMTP response is parsed as usual for any output from a
virus scanner, typically considering a response starting with 2 as clean,
a response starting by 5 as infected, and anything else as a scanner
failure. The SMTP-based virus scanner should be configured not to deliver
a message. This may be achieved by feeding its SMTP output to a dummy
SMTP listener, such as smtp-sink as supplied by a Postfix package.
It is not a particularly efficient interfacing mechanism, but some virus
scanners do not provide a choice.
Mark
------------------------------------------------------------------------------
Crystal Reports - New Free Runtime and 30 Day Trial
Check out the new simplified licensing option that enables unlimited
royalty-free distribution of the report engine for externally facing
server and web deployment.
http://p.sf.net/sfu/businessobjects
_______________________________________________
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
