RE: [Clamav-users] ClamAV and Exchange mailboxes...
[EMAIL PROTECTED] wrote: On Mon, 8 Nov 2004 [EMAIL PROTECTED] wrote: Tim Howell wrote: Have any of you thought of what it would take to use Clam to scan mailboxes stored on an Exchange server? Hmmm... Get a list of mailboxes via LDAP Connect to each mailbox in turn using Mail::IMAPClient Walk through all folders in the mailbox Download each mail item to a temporary file Scan the file Accumulate an infection report (next time I read all my mail before responding top-down ;) Tim has a good point and for an exchange-specific application this would probably be more efficient than a popwatch-type implementation. The IMAP idea was actually Matthew's, but I'm working on an implementation now. I don't know if it will prove useful or not, but a couple of quick experiments with my own mailbox make me think that it just might work. =) --TWH ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
RE: [Clamav-users] ClamAV and Exchange mailboxes...
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Tim Howell Sent: Tuesday, November 09, 2004 3:44 PM [EMAIL PROTECTED] wrote: On Mon, 8 Nov 2004 [EMAIL PROTECTED] wrote: Tim Howell wrote: Have any of you thought of what it would take to use Clam to scan mailboxes stored on an Exchange server? Hmmm... Get a list of mailboxes via LDAP Connect to each mailbox in turn using Mail::IMAPClient Walk through all folders in the mailbox Download each mail item to a temporary file Scan the file Accumulate an infection report (next time I read all my mail before responding top-down ;) Tim has a good point and for an exchange-specific application this would probably be more efficient than a popwatch-type implementation. The IMAP idea was actually Matthew's, but I'm working on an implementation now. I don't know if it will prove useful or not, but a couple of quick experiments with my own mailbox make me think that it just might work. =) Doesn't that idea forces you to have everyone's password to connect via the IMAP server? -SamSam ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
RE: [Clamav-users] ClamAV and Exchange mailboxes...
Samuel Benzaquen wrote:
Hmmm...
Get a list of mailboxes via LDAP
Connect to each mailbox in turn using Mail::IMAPClient Walk through
Doesn't that idea forces you to have everyone's password to connect
via the IMAP server?
That would tear it.
Exchange does allow you to declare administrative accounts with complete access
to all mailboxes. But I don't know enough about IMAP to know if you can log in
to someone else's account this way.
Is there a way in that
1) Allows you to log in to a non-privileged mailbox using a privileged user
account
2) Works from Perl?
Possible candidates: IMAP, POP3, MAPI (is there a Mail::MAPI module?), DAV (I
use this to keep track of mailbox sizes)...
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
perl -emap{y/a-z/l-za-k/;print}shift Jjhi pcdiwtg Ptga wprztg,
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] ClamAV and Exchange mailboxes...
[EMAIL PROTECTED] wrote: Doesn't that idea forces you to have everyone's password to connect via the IMAP server? That would tear it. Exchange does allow you to declare administrative accounts with complete access to all mailboxes. But I don't know enough about IMAP to know if you can log in to someone else's account this way. No - you can do it. If you assign account DOM\imapadmin to have full access rights to everyone's mailboxes, then you can login via IMAP as DOM/imapadmin/mailbox_alias . Yes, it has to be /, and mailbox_alias is the alias associated with a mailbox - typically either the same as their usercode, or something like jdoe for John Doe. I use that method for testing if your Exchange virus scanners are working. Send a virus in, download email via IMAP and check to see if the virus is still present :-) Jason ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
RE: [Clamav-users] ClamAV and Exchange mailboxes...
Jason Haar wrote: No - you can do it. If you assign account DOM\imapadmin to have full access rights to everyone's mailboxes, then you can login via IMAP as DOM/imapadmin/mailbox_alias . Yes, it has to be /, and mailbox_alias is the alias associated with a mailbox - typically either the same as their usercode, or something like jdoe for John Doe. How do you grant an account full access to all mailboxes? --TWH ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] ClamAV and Exchange mailboxes...
Tim Howell wrote: How do you grant an account full access to all mailboxes? --TWH one at a time Obviously there will be some tool you can get/buy that will allow you to automate it, but via the Great GUI - one at a time... :-( Jason ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
RE: [Clamav-users] ClamAV and Exchange mailboxes...
-Original Message- From: [EMAIL PROTECTED] [mailto:clamav-users- [EMAIL PROTECTED] On Behalf Of Tim Howell Sent: 9. november 2004 23:55 To: ClamAV users ML Subject: RE: [Clamav-users] ClamAV and Exchange mailboxes... Jason Haar wrote: No - you can do it. If you assign account DOM\imapadmin to have full access rights to everyone's mailboxes, then you can login via IMAP as DOM/imapadmin/mailbox_alias . Yes, it has to be /, and mailbox_alias is the alias associated with a mailbox - typically either the same as their usercode, or something like jdoe for John Doe. How do you grant an account full access to all mailboxes? On Exchange 2K/2003 open system manager - Servers - right click on your server - select Security - add the account - set all permissions to allow. Now just wait for AD to replicate the settings. It would be a lot easier using Clamwin through IFS since you could scan every email (in private and public folders) as if they where plain messages stored on a file system (M drive on Exchange 2K, must be enabled on Exchange 2003 http://support.microsoft.com/?id=821836). The downside is that the message would be delivered to the mailbox before you get a chance to scan it, so the right way to do this is through VSAPI. Best regards, Diego d'Ambra smime.p7s Description: S/MIME cryptographic signature ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
RE: [Clamav-users] ClamAV and Exchange mailboxes...
Tim Howell wrote:
Have any of you thought of what it would take to use Clam to scan mailboxes
stored on an
Exchange server?
Hmmm...
Get a list of mailboxes via LDAP
Connect to each mailbox in turn using Mail::IMAPClient
Walk through all folders in the mailbox
Download each mail item to a temporary file
Scan the file
Accumulate an infection report
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
perl -emap{y/a-z/l-za-k/;print}shift Jjhi pcdiwtg Ptga wprztg,
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] ClamAV and Exchange mailboxes...
[EMAIL PROTECTED] wrote: Tim Howell wrote: Have any of you thought of what it would take to use Clam to scan mailboxes stored on an Exchange server? Hmmm... Get a list of mailboxes via LDAP Connect to each mailbox in turn using Mail::IMAPClient Walk through all folders in the mailbox Download each mail item to a temporary file Scan the file Accumulate an infection report Would running ClamWin on the Exchange server be a possibility? Matt ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
RE: [Clamav-users] ClamAV and Exchange mailboxes...
Matt wrote:
[EMAIL PROTECTED] wrote:
Tim Howell wrote:
Have any of you thought of what it would take to use Clam to scan
mailboxes stored on an Exchange server?
Hmmm...
Get a list of mailboxes via LDAP
Connect to each mailbox in turn using Mail::IMAPClient
Walk through all folders in the mailbox
Download each mail item to a temporary file
Scan the file
Accumulate an infection report
Would running ClamWin on the Exchange server be a possibility?
Matt
Umm... yes... so long as you don't scan the Exchange .edb or .log files.
That's a good way to corrupt your information store. But you could presumably
run the above procedure using a Scheduled Task from the server, assuming you
installed ClamWin and Perl (and Net::LDAP, Mail::IMAPClient, etc.)
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
perl -emap{y/a-z/l-za-k/;print}shift Jjhi pcdiwtg Ptga wprztg,
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] ClamAV and Exchange mailboxes...
On Mon, 8 Nov 2004, Tim Howell wrote: I think a lot of us may use ClamAV on gateway SMTP servers that eventually deliver mail to Microsoft Exchange. Have any of you thought of what it would take to use Clam to scan mailboxes stored on an Exchange server? Clam is great, and it catches almost everything that gets sent to us, but there are times when we receive several copies of a virus before Clam has definitions for it. I keep meaning to write a proggie called something like popwatch which logs into a pop server, retrieves each message and deletes infected messages. Of course it would/should need to mail the user saying it deleted a message and keep it quarantined in case of false-positive. This is kind-of a twist on a pop3 proxy and I know that exchange has a pop3 connector. This would at least alleviate this kind of timing problem: 00:15 - virus arrives 00:22 - Clam sigs updates 00:30 - popwatch cleans out the virus 08:00 - user logs in With the above example the user would have gotten a virus since exchange already accepted the message. This may not be feasible over a slow link, but certainly possible. You would want the popwatch software close to the server bandwidth-wise. If you intend to write something like this, ping me offline and I would be happy to coordinate efforts. -- Eric Wheeler Vice President National Security Concepts, Inc. PO Box 3567 Tualatin, OR 97062 http://www.nsci.us/ Voice: (503) 293-7656 Fax: (503) 885-0770 ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
RE: [Clamav-users] ClamAV and Exchange mailboxes...
On Mon, 8 Nov 2004 [EMAIL PROTECTED] wrote: Tim Howell wrote: Have any of you thought of what it would take to use Clam to scan mailboxes stored on an Exchange server? Hmmm... Get a list of mailboxes via LDAP Connect to each mailbox in turn using Mail::IMAPClient Walk through all folders in the mailbox Download each mail item to a temporary file Scan the file Accumulate an infection report (next time I read all my mail before responding top-down ;) Tim has a good point and for an exchange-specific application this would probably be more efficient than a popwatch-type implementation. -- Eric Wheeler Vice President National Security Concepts, Inc. PO Box 3567 Tualatin, OR 97062 http://www.nsci.us/ Voice: (503) 293-7656 Fax: (503) 885-0770 ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
