Virus scanning for SCO Openserver (MMDF)--Scanmails/Smtprelay by Kevin Smith

Kevin Smith of Shadetree Software has allowed us to mirror this from his site.

I have managed to setup e-mail virus scanning on an OSR504 system using MMDF as an e-mail gateway to a corporate network. It works off a collection of availables tools, some custom code and the SOPHOS anti-virus software (www.sophos.com).

Basic operation is a program I wrote (smtprelay) that is invoked out of inetd for incoming e-mail connections on port 25. It monitors the smtp protocol and interacts with the actual smtp server for MMDF (/usr/mmdf/chans/smtpsrvr).

Most commands are simply relayed (rcpt to, msg from, etc.) but at the DATA phase the incomming message is read into an internal buffer and passed to a backend program for filtering. The backend command is free to edit the message, pass it unmodified, or signal an error. This is where I do virus scanning.

If the messages passes, the DATA command is passed to the backend server followed by the (possibly edited) message.

The backend virus scanner is a hacked up version of AMAVIS (0.2.1) (http:www.amavis.org). The original version had some HUGE performance issues and was designed to cover a variety of virus scanners. I streamlined the file processing loop and stripped it down to just work with SOPHOS. It was also designed to handle final delivery of the message. I modified it to act as a filter instead.

The AMAVIS part handles breaking out MIME attachments and unpacking various archives and compressed files so they can be scanned.

The whole package consists of

smtpsrvr

Replacement form MMDF smtpsrvr to invoke smtprelay frontend.

Modify the smtpd line in /etc/inetd.conf

            smtp        stream  tcp     nowait  root    /usr/mmdf/chans/smtpd smtpd /usr/local/scanmails/bin/smtpsrvr smtp
        

smtprelay

The core program to manage the e-mail connection and to invoke the real e-mail server and the virus scanner

scanmails

Shell script derived from amavis 0.2.1 to scan messages for viruses.

reformime

GNU program to extract mime attachments

makemime

GNU program to create mime attachments

securetar

Filter to patch tar filenames so tar archives can be safely extracted and examined (comes with amavis)

secureunzip

Version of unzip 5.4.2 ( ftp://ftp.freesoftware.com/pub/infozip/src/unzip542.tar.gz) modified to restore all files with simple sequential numberd file names.

amavis supplies an unzip like securetar but it had some severe bugs.

file

GNU versio of the 'file' program. More informative than the native file program.

gunzip

GNU unzip for uncompressing .gz files

bunzip2

GNU bunzip2 for uncompressing .bz files

tnef

Another archive format

There are also hooks for other archive types that I didn't include handling for.

It also uses various standard programs ( uncompress, uudecode, logger, fgrep, egrep, grep, find, sed, awk, tar)

You can download...

• gzip'ed tarball of the whole thing.

              login as root
              cd /usr/local
              gunzip <scanmails.tar.gz | tar xvf -
          
  

  This will create directories /usr/local/scanmails and /usr/local/smtprelay.

  scanmails contains all the scripts and executables.

  scanmails/bin

  All the scripts and executables

  scanmails/data/tmp/*

  Temporary files as e-mail messages are unpacked

  scanmails/data/log/*

  Log files (also syslog)

  smtprelay/*

  Source for smtprelay program

• smtprelay source code

*** WARNING ***

The tarball was glommed together out of a less organized actual implementation and may not work out of the box.

Proceede at your own risk

Related Articles

Have you tried Searching this site?

Please read this disclaimer

Unix/Linux/Mac OS X support by phone, email or on-site: Support Rates

This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more. We appreciate comments and article submissions.