On 15/03/2012 10:33, Timo Sirainen wrote:
On Wed, 2012-03-14 at 16:51 -0700, Kelsey Cummings wrote:
I'm curious if anyone has any plugins for AV integration directly into
dovecot.
Our old pop servers have been scanning messges as they're moved from
new->cur in the inbox and, at least where user's aren't poping every
few seconds, there is occasionally enough time between scanning through
the MXs to message retreval to snag a few more virues with updated
definitions before they reach customers.
Anyone doing anything similar?
http://dovecot.org/patches/2.1/mail-filter.tar.gz allows you to run a
script that modifies a mail while it's being read. You could make it run
a virus check, and if that happens you could change the virus MIME part
to be full of spaces (better not to change message size, line count or
MIME structure).
Couple of other ideas:
1) Could use one of the (buggy and variously unsupported) on access
virus scanners. I think Dazuko is now abandoned, but this is a new one
mentioned via the Clamav site:
http://www.fsl.cs.sunysb.edu/docs/avfs-security04/index.html
2) Extremely racey, but if you were on maildir you could use some kind
of pre-login scripting to kick off a scan on login. Touch some lock
file so that you can tell when last scanned and only scan if the
definitions have been updated since you last scanned?
3) There are some POP proxies which offer inline virus scanning. Could
place one in front of your mail server. Presumably this will expose you
to all the bugs in that proxy...
Good luck
Ed W
