Re: [gentoo-user] Virus protection for Evolution users
This will only check incoming messages, and I have not tested this setup personally. Download and install clamav and set up automatic signature updating. Create a folder 'virus' or something in evolution, now set up a filter like is adviced for spamassasin at http://www.atlantawebhost.com/articles/evolution_spamassassin.php Replace the spamassasin command with clamscan --mbox. Now if a virus is found, Evolution will move the message to the virus folder... you can run clamscan again on the mbox file in the evolution subdirectory to identify the virus. On Thu, 2004-01-29 at 04:06, Mark Knecht wrote: On Wed, 2004-01-28 at 16:12, Manuel McLure wrote: Have you tried amavis? It hooks into the postfix delivery chain, and will recursively extract all files from archives and check them for viruses using the antivirus of your choice. So you can be sent a virused exe inside a zip inside an lha inside an arc and it will still catch it. No, here on my desktop I don't run postfix. We just have that at work. I was looking for a solution that would just work with Evolution, like Norton works with Outlook. Do I really need to run a server to get local virus protection? Bummer... -- [EMAIL PROTECTED] mailing list -- __ Guy Van Sanden http://unixmafia.port5.com Registered Linux user #249404 - September 1997 __ -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] Virus protection for Evolution users
On Wed, 28 Jan 2004 07:41:51 -0800 Mark Knecht [EMAIL PROTECTED] wrote: Mike, It's in the attachment. Conceptually I receive an email with an attachment that has a virus. It doesn't bother me, but I forward the email to someone else and they get infected via the attachment. Am I missing something? Seems possible to me... I thought common sense would tell you to delete the attachment when you know it's not related to the email. Why waste bandwidth? -- /~\ The ASCIIAndrej Ticho Kacian andrej at kacian dot sk \ / Ribbon Campaign GnuPG public key ID: 7CD93FE2 (pgp.mit.edu) X Against HTML Key fingerprint: / \ Email! E87D 9DEF 2A23 6FFB 7AD9 542F 4253 3A46 7CD9 3FE2 pgp0.pgp Description: PGP signature
Re: [gentoo-user] Virus protection for Evolution users
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wednesday 28 January 2004 15:29, Mark Knecht wrote: Hi, Although I'm not going to be personally infected by this new Windows worm, it would be nice not to forward it on to others and have them mad at me for the fact they use Windows. What package should I look at emerging to add virus protection to Evolution? Why would you forward the virus onto anyone, when you are immune? - -- Mike Williams -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQFAF9YpInuLMrk7bIwRAk9CAJ9YtLofPmyWCPOUJQk9FTQs+MC/vgCgipOJ EUHhbl7v2HtJtD5nQ+ruZf0= =Cne7 -END PGP SIGNATURE- -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] Virus protection for Evolution users
On Wed, 2004-01-28 at 15:32, Mike Williams wrote: Why would you forward the virus onto anyone, when you are immune? I think he meant that if he got an email with the virus and then forwarded that email - and its attachment - onto a Windows user. Rather than have the worm spread by itself. Now why you would *ever* do this is beyond me. To answers the posters original question: I am personally not aware of any AV software for Linux. I would presume there are none for the above reasons. -- Cheers Dg -- [EMAIL PROTECTED] mailing list
RE: [gentoo-user] Virus protection for Evolution users
On Wednesday 28 January 2004 15:29, Mark Knecht wrote: Hi, Although I'm not going to be personally infected by this new Windows worm, it would be nice not to forward it on to others and have them mad at me for the fact they use Windows. What package should I look at emerging to add virus protection to Evolution? Why would you forward the virus onto anyone, when you are immune? Mike, It's in the attachment. Conceptually I receive an email with an attachment that has a virus. It doesn't bother me, but I forward the email to someone else and they get infected via the attachment. Am I missing something? Seems possible to me... Thanks, Mark -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] Virus protection for Evolution users
On Wednesday 28 Jan 2004 13:20, David Gethings wrote: To answers the posters original question: I am personally not aware of any AV software for Linux. I would presume there are none for the above reasons. clamav. It's in portage. Peter -- == Gentoo Linux: Portage 2.0.49-r20kernel-2.6.2-rc2 i686 AMD Athlon(tm) XP 3200+KDE: 3.1.5 Qt: 3.2.3 gcc(GCC): 3.2.3 == -- [EMAIL PROTECTED] mailing list
RE: [gentoo-user] Virus protection for Evolution users
-Original Message- From: David Gethings [mailto:[EMAIL PROTECTED] Sent: Wednesday, January 28, 2004 5:21 AM To: [EMAIL PROTECTED] Subject: Re: [gentoo-user] Virus protection for Evolution users On Wed, 2004-01-28 at 15:32, Mike Williams wrote: Why would you forward the virus onto anyone, when you are immune? I think he meant that if he got an email with the virus and then forwarded that email - and its attachment - onto a Windows user. Rather than have the worm spread by itself. Now why you would *ever* do this is beyond me. To answers the posters original question: I am personally not aware of any AV software for Linux. I would presume there are none for the above reasons. Hi, This was exactly the scenario. This new worm can be embedded in a zip file. Simple Postfix attachment filters don't reject it. I'm typing this on a Windows/Outlook machine with Norton Antivirus that has received something like 15 of these attachments just this morning. Norton catches them so no big deal. However, on my Linux box maybe I don't open the zip file, but for one reason or another, today or some day in the future, I forward the email to someone else. They get infected since they run Windows. Granted, it's their fault they got infected at all, but I can do the world a little favor by not forwarding this things, right? I see another email just arrived saying clamav. Thanks to Peter for that. There's also one called Kaminski or something like that for Linux, but that's for money. Anyway, thanks for the ideas. Cheers, Mark -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] Virus protection for Evolution users
snip Hi, This was exactly the scenario. This new worm can be embedded in a zip file. Simple Postfix attachment filters don't reject it. /snip I disagree, postfix can stop those attachments, if you got a /etc/postfix/mime_header_checks.regexp and it contains this rule /filename=\?(.*)\.(bat|chm|cmd|com|do|exe|hta|jse|rm|scr|pif|vbe|vbs|vxd|xl)\?$/ REJECT For security reasons we reject attachments of this type /^\s*Content-(Disposition|Type).*name\s*=\s*?(.+\.(lnk|asd|hlp|ocx|zip|reg|bat|c[ho]m|cmd|exe|dll|vxd|pif|scr|hta|jse?|sh[mbs]|vb[esx]|ws[fh]|wav|mov|wmf|xl))?\s*$/ REJECT Attachment type not allowed. File $2 has the unacceptable extension $3 they won't come true. and change REJECT in to DROP Patrick -- Live long and prosper, Spock. -- T'Pau I shall do neither. I have killed my captain, and my friend. -- Spock Fingerprint = 2792 057F C445 9486 F932 3AEA D3A3 1B0C 1059 273B ICQ# 316932703 Registered Linux User #44550 http://counter.li.org pgp0.pgp Description: PGP signature
Re: [gentoo-user] Virus protection for Evolution users
David Gethings wrote: I am personally not aware of any AV software for Linux. I would presume there are none for the above reasons. f-prot is a virus scanning package for linux that is in portage. Also several mta's have the ability to do attachment filtering, one mta-proxy I like is messagewall, it can easly do virus scanning with clamav or f-prot, dns blacklist lookups, and other spam prevention type handleing before your favorite mta even sees the message. -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] Virus protection for Evolution users
On Wed, 2004-01-28 at 09:56, [EMAIL PROTECTED] wrote: snip Hi, This was exactly the scenario. This new worm can be embedded in a zip file. Simple Postfix attachment filters don't reject it. /snip I disagree, postfix can stop those attachments, if you got a /etc/postfix/mime_header_checks.regexp and it contains this rule /filename=\?(.*)\.(bat|chm|cmd|com|do|exe|hta|jse|rm|scr|pif|vbe|vbs|vxd|xl)\?$/ REJECT For security reasons we reject attachments of this type /^\s*Content-(Disposition|Type).*name\s*=\s*?(.+\.(lnk|asd|hlp|ocx|zip|reg|bat|c[ho]m|cmd|exe|dll|vxd|pif|scr|hta|jse?|sh[mbs]|vb[esx]|ws[fh]|wav|mov|wmf|xl))?\s*$/ REJECT Attachment type not allowed. File $2 has the unacceptable extension $3 they won't come true. and change REJECT in to DROP Patrick Patrick, That's not the point, or at least my point. I don't want to reject ALL zip files. I only want to reject zip files that have a virus embedded in them. Please remember the problem I'm trying to address. Someone sends me a virus infected file inside a zip, which is what has been happening for the last few days. Zip files have value. I should accept zip, and even zip with an exe in it, as long as they are not infected. That requires virus protection TTBOMK. Thanks, Mark -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] Virus protection for Evolution users
Mark Knecht wrote: On Wed, 2004-01-28 at 09:56, [EMAIL PROTECTED] wrote: snip Hi, This was exactly the scenario. This new worm can be embedded in a zip file. Simple Postfix attachment filters don't reject it. /snip I disagree, postfix can stop those attachments, if you got a /etc/postfix/mime_header_checks.regexp and it contains this rule /filename=\?(.*)\.(bat|chm|cmd|com|do|exe|hta|jse|rm|scr|pif|vbe|vbs|vxd|xl)\?$/ REJECT For security reasons we reject attachments of this type /^\s*Content-(Disposition|Type).*name\s*=\s*?(.+\.(lnk|asd|hlp|ocx|zip|reg|bat|c[ho]m|cmd|exe|dll|vxd|pif|scr|hta|jse?|sh[mbs]|vb[esx]|ws[fh]|wav|mov|wmf|xl))?\s*$/ REJECT Attachment type not allowed. File $2 has the unacceptable extension $3 they won't come true. and change REJECT in to DROP Patrick Patrick, That's not the point, or at least my point. I don't want to reject ALL zip files. I only want to reject zip files that have a virus embedded in them. Please remember the problem I'm trying to address. Someone sends me a virus infected file inside a zip, which is what has been happening for the last few days. Zip files have value. I should accept zip, and even zip with an exe in it, as long as they are not infected. That requires virus protection TTBOMK. Have you tried amavis? It hooks into the postfix delivery chain, and will recursively extract all files from archives and check them for viruses using the antivirus of your choice. So you can be sent a virused exe inside a zip inside an lha inside an arc and it will still catch it. -- Manuel A. McLure KE6TAW [EMAIL PROTECTED] http://www.mclure.org ...for in Ulthar, according to an ancient and significant law, no man may kill a cat. -- H.P. Lovecraft -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] Virus protection for Evolution users
On Thursday 29 January 2004 04:06, Mark Knecht wrote: work. I was looking for a solution that would just work with Evolution, like Norton works with Outlook. Do I really need to run a server to get local virus protection? Bummer... I don't know any solution that can do that (but maybe there is one?). I have an MTA (sendmail) running, fetching my mail with fetchmail and uses amavis. I don't know if evolution has the ability to pipe the mail through an external program (kmail can do so). Then it is maybe possible to pipe the mail through amavis (but I've never tested this). cu lukas -- ** PGP-key available on keyserver pgp.mit.edu ** Please don't sign your public mail unless your PGP-key is available for everyone! pgp0.pgp Description: signature
Re: [gentoo-user] Virus protection for Evolution users
http://pop3vscan.sourceforge.net/ dunno about any imap ones. On Wed, 2004-01-28 at 22:24, lukas wrote: On Thursday 29 January 2004 04:06, Mark Knecht wrote: work. I was looking for a solution that would just work with Evolution, like Norton works with Outlook. Do I really need to run a server to get local virus protection? Bummer... I don't know any solution that can do that (but maybe there is one?). I have an MTA (sendmail) running, fetching my mail with fetchmail and uses amavis. I don't know if evolution has the ability to pipe the mail through an external program (kmail can do so). Then it is maybe possible to pipe the mail through amavis (but I've never tested this). cu lukas -- MEMO: An interoffice communication too often written more for the benefit of the person who sends it than the person who receives it. -- Nicholas Hockey ([EMAIL PROTECTED]) Encrypted E-Mail preferred signature.asc Description: This is a digitally signed message part
