APLawrence.com -  Resources for Unix and Linux Systems, Bloggers and the self-employed

Virus scanning for SCO Openserver (MMDF)--Scanmails/Smtprelay by Kevin Smith

Kevin Smith of Shadetree Software has allowed us to mirror this from his site.

I have managed to setup e-mail virus scanning on an OSR504 system using MMDF as an e-mail gateway to a corporate network. It works off a collection of availables tools, some custom code and the SOPHOS anti-virus software (www.sophos.com).

Basic operation is a program I wrote (smtprelay) that is invoked out of inetd for incoming e-mail connections on port 25. It monitors the smtp protocol and interacts with the actual smtp server for MMDF (/usr/mmdf/chans/smtpsrvr).

Most commands are simply relayed (rcpt to, msg from, etc.) but at the DATA phase the incomming message is read into an internal buffer and passed to a backend program for filtering. The backend command is free to edit the message, pass it unmodified, or signal an error. This is where I do virus scanning.

If the messages passes, the DATA command is passed to the backend server followed by the (possibly edited) message.

The backend virus scanner is a hacked up version of AMAVIS (0.2.1) (http:www.amavis.org). The original version had some HUGE performance issues and was designed to cover a variety of virus scanners. I streamlined the file processing loop and stripped it down to just work with SOPHOS. It was also designed to handle final delivery of the message. I modified it to act as a filter instead.

The AMAVIS part handles breaking out MIME attachments and unpacking various archives and compressed files so they can be scanned.

The whole package consists of

Replacement form MMDF smtpsrvr to invoke smtprelay frontend.

Modify the smtpd line in /etc/inetd.conf

            smtp        stream  tcp     nowait  root    /usr/mmdf/chans/smtpd smtpd /usr/local/scanmails/bin/smtpsrvr smtp
The core program to manage the e-mail connection and to invoke the real e-mail server and the virus scanner
Shell script derived from amavis 0.2.1 to scan messages for viruses.
GNU program to extract mime attachments
GNU program to create mime attachments
Filter to patch tar filenames so tar archives can be safely extracted and examined (comes with amavis)
Version of unzip 5.4.2 ( (link seems to be dead, sorry)) modified to restore all files with simple sequential numbered file names.

amavis supplies an unzip like securetar but it had some severe bugs.

GNU versio of the 'file' program. More informative than the native file program.
GNU unzip for uncompressing .gz files
GNU bunzip2 for uncompressing .bz files
Another archive format

There are also hooks for other archive types that I didn't include handling for.

It also uses various standard programs ( uncompress, uudecode, logger, fgrep, egrep, grep, find, sed, awk, tar)

You can download...

  • gzip'ed tarball of the whole thing.
                login as root
                cd /usr/local
                gunzip <scanmails.tar.gz | tar xvf -

    This will create directories /usr/local/scanmails and /usr/local/smtprelay.

    scanmails contains all the scripts and executables.

    All the scripts and executables
    Temporary files as e-mail messages are unpacked
    Log files (also syslog)
    Source for smtprelay program
  • smtprelay source code

*** WARNING ***

The tarball was glommed together out of a less organized actual implementation and may not work out of the box.

Proceed at your own risk

Got something to add? Send me email.

(OLDER)    <- More Stuff -> (NEWER)    (NEWEST)   

Printer Friendly Version

-> -> -> Virus scanning for SCO Openserver

Increase ad revenue 50-250% with Ezoic

More Articles by © Kevin Smith

Kerio Samepage

Have you tried Searching this site?

Support Rates

This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more.

Contact us