Hi,
there where several people asking how one could do this, here ist one possible
solution. I use the script found on http://satan.oih.rwth-aachen.de/AMaViS/
and a software called AntiVir (http://www.antivir.de). The script is included,
sorry about the length. The script is 0.2.0pre1, I didn't switched to pre2
until now. BTW, I did documented what I've done in the script, sorry about the
inconvenience.
What happens is somewhat simple: run every mail that will be delivered to a
user through the script; if it malicious, stop and don't deliver the mail:
catchall@lingo ~ % cat .qmail
| /usr/sbin/scanmails $SENDER $RECIPIENT
./Maildir/
The things I changed in the script are the positional parameters and the exit
code in case a virus was found. If a virus was found the mail is copied
somewhere. Here is a little problem with qmail, as it runs with the uid of the
receipient. My solution to this is the following:
root@lingo /home/antivirus # ls -l
total 3
drwx------ 5 antiviru antiviru 1024 Jan 28 01:18 Maildir
drwx----wt 2 antiviru antiviru 1024 Feb 23 21:04 mailvirus
drwxr-xr-x 2 antiviru antiviru 1024 Jan 28 01:18 public_html
I did something similar for the logfile, but it seems as if this is not
necessary, don't remember why I did it...
root@lingo /home/antivirus # ls -ld /var/log/scanmails/
drwx----wt 2 root root 1024 Jan 28 02:44 /var/log/scanmails/
root@lingo /home/antivirus # ls -l /var/log/scanmails/
total 663
-rw-----w- 1 root root 673943 Mar 28 05:05 logfile
I'm sure there was a reason :-)
I know that all this is far away from being perfect and idiot proof, but at
least on a system without users access to there .qmail files it works ok. I'd
be interested to see a solution that checks the mail more centralized wihout
the need to use .qmail, and to also check all outgoing traffid. May be some of
you knows what to do?
Have fun,
Sascha
scanmails