Firewall Wizards mailing list archives

Re: Antivirus on a free UNX (Linux/BSD) platform

From: Joseph S D Yao <jsdy () center osis gov>
Date: Mon, 6 Jan 2003 13:56:22 -0500

On Mon, Jan 06, 2003 at 06:28:18PM +0100, Meco wrote:

I would like to put an antivirus to filter all the mail traffic (smtp, 
pop3, imap) in a trasparent way (without telling the user to connect to 
a different mail server).

Something like squid in trasparent mode, with antivirus checking, but 
for mail traffic.

I did it with commercial firewall (Checkpoint, Cisco). Do you think it 
is possible on Linux/*BSD (iptables/ipfilter/pf + antivirus + something 
else)?

Can you give me some pointers?


There are several ways to do it for SMTP; search on freshmeat.net for
mail antivirus server.  We are happy with AMaViS - A Mail Virus Scanner,
www.amavis.org.  AMaViS unwraps the mail message; you still need to get
some kind of software virus detection software.  We are using McAfee
VirusScan for Linux, just because we already had a license.  You do
need to automatically go out and look for new virus definitions several
times a day, and make sure that you continue to use current software.

It should be fairly easy to configure any reasonable mail transfer
agent (that means Sendmail or Postfix) to send any incoming e-mail
messages that are NOT coming from the virus scanning machine to the
virus scanning machine.  Or just run the virus scanner on the same
server, for a sufficiently powerful server [ours doesn't seem to be
heavily taxed by the antivirus load].

I do label scanned messages, so it isn't completely transparent.  ;-)

I don't know of any way to scan outgoing POP3 or IMAP4 messages.  But
if you scan messages when they arrived via SMTP, one may hope that they
don't appear via some other connection (UUCP?  Sneakernet?).

-- 
Joe Yao                         jsdy () center osis gov - Joseph S. D. Yao
OSIS Center Systems Support                                     EMT-B
-----------------------------------------------------------------------
   This message is not an official statement of OSIS Center policies.
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

Re: Antivirus on a free UN*X (Linux/*BSD) platform, (continued)
- - - Re: Antivirus on a free UN*X (Linux/*BSD) platform Patrick M. Hausen (Jan 08)
    - Re: Antivirus on a free UN*X (Linux/*BSD) platform Stephane Nasdrovisky (Jan 08)
    - Re: Antivirus on a free UN*X (Linux/*BSD) platform Shimon Silberschlag (Jan 08)
    - Re: Antivirus on a free UN*X (Linux/*BSD) platform Stephane Nasdrovisky (Jan 08)
    - Re: Antivirus on a free UN*X (Linux/*BSD) platform Devdas Bhagat (Jan 08)
    - RE: Antivirus on a free UN*X (Linux/*BSD) platform Bojan Zdrnja (Jan 09)
    - RE: Antivirus on a free UN*X (Linux/*BSD) platform Bojan Zdrnja (Jan 08)
    - Re: Antivirus on a free UN*X (Linux/*BSD) platform Kevin Steves (Jan 10)
    - Re: Antivirus on a free UN*X (Linux/*BSD) platform ark (Jan 08)
    - Re: Antivirus on a free UN*X (Linux/*BSD) platform Luca Berra (Jan 08)
- Re: Antivirus on a free UN*X (Linux/*BSD) platform Joseph S D Yao (Jan 06)
- Re: Antivirus on a free UN*X (Linux/*BSD) platform Henning Brauer (Jan 06)
- Re: Antivirus on a free UN*X (Linux/*BSD) platform Devdas Bhagat (Jan 07)

Firewall Wizards mailing list archives

Re: Antivirus on a free UN*X (Linux/*BSD) platform

Current thread:

Re: Antivirus on a free UNX (Linux/BSD) platform