As I don't have anywhere to put this up - I'll post the package to the list
(it's only 15K). If anyone else is interested in cleaning up my code -
please do - but please be gentle :-)
As usual, it works for me but I'll give no guarantees how it'll work for you.
I'll include the README below for details.
--
Cheers
Jason Haar
Unix/Network Specialist, Trimble NZ
Phone: +64 3 3391 377 Fax: +64 3 3391 417
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-
This is the README for scan4virus v0.1
--------------------------------------------------
The scan4virus package can be inserted into a (currently) patched
qmail-1.03 system to provide virus protection for all incoming SMTP
traffic.
Required Packages
Qmail-1.03
Perl 5.005_03+
Maildrop-0.73 <URL:http://www.flounder.net/~mrsam/maildrop/>
Bruce Guenter's QMAILQUEUE patch <URL:http://www.qmail.org/qmailqueue-patch>
Perl module Time::HiRes (if debugging enabled)
So-far tested Virus scanners:
Trend's Virus scanner for Linux
MacAfee's (NAI's) virus scanner for Linux
The QMAILQUEUE patch allows you to tell qmail to use an alternate
qmail-queue program - in this case antivirus-qmail-queue.pl. It
unpacks the message into its MIME components, decides whether or not
it has a virus (by running file scanners over it) and then either:
a) resends it to the end destination (by unsetting QMAILQUEUE)
or
b) notifies sender (and optionally CC's to local admin) that message
has a virus, stores it, and exits.
*** TODO ***
Currently due to my lack of in-depth knowledge of programming
anything, I don't know how to handle the fact that there are multiple
processes accessing both STDIN and STDOUT. This leads to problems with
locally generated Emails that are piped straight into Email, and means
that I can't do the proper job of getting antivirus-qmail-queue.pl to
call /var/qmail/bin/qmail-queue directly after it's finished. IF
SOMEONE COULD HELP ME OUT THAT'D BE APPRECIATED. If we get that
working, then Bruce's patch wouldn't be needed.
I've been using it for over a month here - just on my own Email. It
takes on average 0.4 seconds to scan with TWO scanners an average
sized message, and around a minute for a 20Mb mixed tar and zip file
message - not bad... ;-) If the STDIN/STDOUT issue could be rectified,
this could become a general release for us at least...
Anyway, to install:
* edit antivirus-qmail-queue.pl setting PATHs/etc accordingly. Configure
which scanners you have (currently either MacAfee's or Trends) - check
out subroutines uvscan_scanner and iscan_scanner to ensure
directories/etc are correct. Also it's up to you to install all that
and download/keep up-to-date virus DAT files/etc ;-)
* cp antivirus-qmail-queue.pl /var/qmail/bin/antivirus-qmail-queue.pl
* chown qmailq:qmail /var/qmail/bin/antivirus-qmail-queue.pl
* mkdir -p /var/spool/qmailscan/failed/new /var/spool/qmailscan/viruses/new \
/var/spool/qmailscan/working/new
* chown -R qmailq:qmail /var/spool/qmailscan/
then alter qmail startup to the following:
echo -n "qmail-smtpd, "
QMAILQUEUE="/var/qmail/bin/antivirus-qmail-queue" export QMAILQUEUE
(ulimit -d 2048 -m 2048 && tcpserver -l`hostname -f` -c20 -b40 -P -h -R -t10 -O -Q -v
-x/var/qmail/control/tcprules.cdb -g505 -u400 0 25 qmail-smtpd 2>&1) | splogger
tcpserver &
..or whatever yours is like. Basically set QMAILQUEUE just before you
invoke qmail-smtpd - that way only it runs with a different
qmail-queue - everything else carries on running the standard qmail-queue.
BE VERY CAREFUL ABOUT THAT - YOU DON'T WANT AN INFINITE LOOP FORMING!!!
To ensure you keep an eye on Emails that fail due to the STDIN/OUT
problem, just run something like the following from crontab once a
day:
find /var/spool/qmailscan/*/new -type f
I find it only catches a couple of my workstations nightly
jobs. Converting them to writing to a file and then sending that file
fixes that problem...
******************
Contacting Me
******************
This software is released under the GPL as found in the COPYING file
enclosed.
Any Questions etc to [EMAIL PROTECTED]
Jason Haar 23/Nov/1999
scan4virus-0.1.tgz
