Virus scanning for SCO Openserver (MMDF)--Scanmails/Smtprelay by Kevin Smith
Kevin Smith of Shadetree Software has allowed us to mirror this from his site.
I have managed to setup e-mail virus scanning on an OSR504 system using MMDF as an e-mail gateway to a corporate network. It works off a collection of availables tools, some custom code and the SOPHOS anti-virus software (www.sophos.com).
Basic operation is a program I wrote (smtprelay) that is invoked out of inetd for incoming e-mail connections on port 25. It monitors the smtp protocol and interacts with the actual smtp server for MMDF (/usr/mmdf/chans/smtpsrvr).
Most commands are simply relayed (rcpt to, msg from, etc.) but at the DATA phase the incomming message is read into an internal buffer and passed to a backend program for filtering. The backend command is free to edit the message, pass it unmodified, or signal an error. This is where I do virus scanning.
If the messages passes, the DATA command is passed to the backend server followed by the (possibly edited) message.
The backend virus scanner is a hacked up version of AMAVIS (0.2.1) (http:www.amavis.org). The original version had some HUGE performance issues and was designed to cover a variety of virus scanners. I streamlined the file processing loop and stripped it down to just work with SOPHOS. It was also designed to handle final delivery of the message. I modified it to act as a filter instead.
The AMAVIS part handles breaking out MIME attachments and unpacking various archives and compressed files so they can be scanned.
The whole package consists of
- Replacement form MMDF smtpsrvr to invoke smtprelay frontend.
Modify the smtpd line in /etc/inetd.conf
smtp stream tcp nowait root /usr/mmdf/chans/smtpd smtpd /usr/local/scanmails/bin/smtpsrvr smtp
- The core program to manage the e-mail connection and to invoke the real e-mail server and the virus scanner
- Shell script derived from amavis 0.2.1 to scan messages for viruses.
- GNU program to extract mime attachments
- GNU program to create mime attachments
- Filter to patch tar filenames so tar archives can be safely extracted and examined (comes with amavis)
- Version of unzip 5.4.2 ( (link seems to be dead, sorry))
modified to restore all files with simple sequential numbered file
amavis supplies an unzip like securetar but it had some severe bugs.
- GNU versio of the 'file' program. More informative than the native file program.
- GNU unzip for uncompressing .gz files
- GNU bunzip2 for uncompressing .bz files
- Another archive format
There are also hooks for other archive types that I didn't include handling for.
It also uses various standard programs ( uncompress, uudecode, logger, fgrep, egrep, grep, find, sed, awk, tar)
You can download...
tarball of the whole thing.
login as root cd /usr/local gunzip <scanmails.tar.gz | tar xvf -
This will create directories /usr/local/scanmails and /usr/local/smtprelay.
scanmails contains all the scripts and executables.
- All the scripts and executables
- Temporary files as e-mail messages are unpacked
- Log files (also syslog)
- Source for smtprelay program
- smtprelay source code
*** WARNING ***
The tarball was glommed together out of a less organized actual implementation and may not work out of the box.
Proceed at your own risk
Got something to add? Send me email.
(OLDER) <- More Stuff -> (NEWER) (NEWEST)
Printer Friendly Version
Increase ad revenue 50-250% with Ezoic
More Articles by Kevin Smith © 2008-10-23 Kevin Smith