That's what I found out too indeed, about the on-access virus
scanner...however this is not such a nice implementation, customers could
complain about not being able to attach files and send them (cause they are
infected they won't be able to send).
Ok, I must agree that viruses cannot be send in this way, so it is kind of
safe....
But I cannot believe this could be the only way, so help is still
appreciated...
the articles:
Re: [IMail Forum] An Anti-Virus idea.... (hooks)
----------------------------------------------------------------------------
----
From: David Gregg
Subject: Re: [IMail Forum] An Anti-Virus idea.... (hooks)
Date: Wed, 17 May 2000 08:27:59 -0700
----------------------------------------------------------------------------
----
You said:
>Also, hooks to tie AV programs in, they exist and we're
>working on a knowledge base article now.
When will this article be ready? I'm very interested.
-----Original Message-----
From: Robert Stull <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
Date: Wednesday, May 17, 2000 7:55 AM
Subject: Re: [IMail Forum] An Anti-Virus idea....
>_Shouldn't_ be a problem.
>
>1. Web Messaging reads the same mailbox as POP3/IMAP4.
>2. The incoming messages _don't_ bypass the scanners because
> they come in through the normal SMTP services (SMTPD32).
>3. The outgoing messages _don't_ bypass the scanning process
> because Web Messaging uses IMail1.exe to pass the
> messages through the normal SMTP queue.
>4. Web Messaging _doesn't_ create HTML messages only text.
>
>Also, hooks to tie AV programs in, they exist and we're
>working on a knowledge base article now.
>
>Bob
>
>In reply to 17 May message from [EMAIL PROTECTED]:
>
>>Just an observation here that kind of ties two threads
>>together. Someone was commenting earlier about
>>attachments in webmail not be intercepted by the AV
>>scanner. I didn't see any mention of the reason
>>(maybe is so obvious that everyone thinks everyone
>>already knows it and doesn't want to look foolish, but
>>I'll do it - I'm not proud {bg}).
>
>>The web mail interacts directly with IMail - bypassing
>>all the gateways, scanners, etc between it and the
>>mean nasty world out there. Unless Ipswitch puts
>>hooks into IMail to support AV scanning, this will be
>>a big hole in your defenses.
>
>>I don't have any solutions (yet), but I thought I'd
>>throw this out.
>
>>Rocky
>>----- Original Message -----
>>From: "Len Conrad" <[EMAIL PROTECTED]>
>>To: <[EMAIL PROTECTED]>
>>Sent: Wednesday, May 17, 2000 12:48 AM
>>Subject: Re: [IMail Forum] An Anti-Virus idea....
>
>
>
>>>There seems to be some great AV engines already designed,
>what they did is
>>>license these engines and write the interface to Exchange.
>The company is
>>>Sybari and it won't work on IMail, but I thought perhaps
>someone on this
>>>list could figure how to make, Sophos, Norman, Norton, or
>NAI hook into
>>>IMail.
>
>>At this point, there are no hooks in Imail for av
>>scanners. But that doesn't matter, imo, because the
>>av scanner should be inserted in the mail flow
>>upstream from Imail, and in a separate dedicated
>>machine. The AV scanners are dedicated to AV, not
>>anti-spam (although GFI MailEssentials has some
>>anti-spam featuers) so to get a total,
>>whiter-than-white mail infrasture, you need something
>>like this:
>
>>1. Internet gateway relay with agressive antispam
>>features (http://IMGate.MEIway.com).
>
>>(btw, Dusty Carden at NetEase.net got his first IMGate
>>machine running Tuesday night)
>
>>2. av scanner relay of your choice, content scanner.
>
>>3. Imail
>
>>This keeps the functions in separate boxes, spreads
>>the load for unlimited scalablility (you can build any
>>number of 1., 2., 3.) and flexiblity and reliabiilty.
>>It keeps the functions "loosely coupled" across the
>>SMTP protocol, avoiding tight coupling and hooking
>>within one machine.
>
>>Len
-----Original Message-----
From: Scott Perry [mailto:[EMAIL PROTECTED]]
Sent: vrijdag 30 maart 2001 16.46
To: [EMAIL PROTECTED]
Subject: Re: RSS: [IMail Forum] Webmail and antivirus ???
> I've read some articles in the knowledgebase about webmessaging and
> the problem of bypassing the av scanners for outgoing mail. I have
> this problem too, everything elseworks fine.
I'm not sure where you read that, because I can't find it in the knowledge
base. But, you are right in a way. Web messaging bypasses the complete
SMTP process. If you send an E-mail that is local, it will not get scanned.
If you send a remote E-mail, and you not have it go through an anti-virus
gateway, then it will not get scanned either.
However, you can get around this problem by running a standard "on-access"
virus scanner on the mail server, monitoring the spool directory. When
viruses are uploaded by web messaging, the attachments are temporarily
stored in the spool directory in raw form before being encoded, so the virus
scanner will catch them. This only applies to outgoing E-mail sent from web
messaging. Running an on-access scanner will not catch viruses in incoming
or non-web-messaging outgoing E-mail.
--
-Scott
Please visit http://www.ipswitch.com/support/mailing-lists.html
to be removed from this list.
An Archive of this list is available at:
http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
