Virus scanning for SCO Openserver (MMDF)--Scanmails/Smtprelay by Kevin Smith
Kevin Smith of Shadetree Software has allowed us to mirror this from his site.
I have managed to setup e-mail virus scanning on an OSR504 system using MMDF as an e-mail gateway to a corporate network. It works off a collection of availables tools, some custom code and the SOPHOS anti-virus software (www.sophos.com).
Basic operation is a program I wrote (smtprelay) that is invoked out of inetd for incoming e-mail connections on port 25. It monitors the smtp protocol and interacts with the actual smtp server for MMDF (/usr/mmdf/chans/smtpsrvr).
Most commands are simply relayed (rcpt to, msg from, etc.) but at the DATA phase the incomming message is read into an internal buffer and passed to a backend program for filtering. The backend command is free to edit the message, pass it unmodified, or signal an error. This is where I do virus scanning.
If the messages passes, the DATA command is passed to the backend server followed by the (possibly edited) message.
The backend virus scanner is a hacked up version of AMAVIS (0.2.1) (http:www.amavis.org). The original version had some HUGE performance issues and was designed to cover a variety of virus scanners. I streamlined the file processing loop and stripped it down to just work with SOPHOS. It was also designed to handle final delivery of the message. I modified it to act as a filter instead.
The AMAVIS part handles breaking out MIME attachments and unpacking various archives and compressed files so they can be scanned.
The whole package consists of
- smtpsrvr
- Replacement form MMDF smtpsrvr to invoke smtprelay frontend.
Modify the smtpd line in /etc/inetd.conf
smtp stream tcp nowait root /usr/mmdf/chans/smtpd smtpd /usr/local/scanmails/bin/smtpsrvr smtp
- smtprelay
- The core program to manage the e-mail connection and to invoke the real e-mail server and the virus scanner
- scanmails
- Shell script derived from amavis 0.2.1 to scan messages for viruses.
- reformime
- GNU program to extract mime attachments
- makemime
- GNU program to create mime attachments
- securetar
- Filter to patch tar filenames so tar archives can be safely extracted and examined (comes with amavis)
- secureunzip
- Version of unzip 5.4.2 ( (link seems to be dead, sorry))
modified to restore all files with simple sequential numbered file
names.
amavis supplies an unzip like securetar but it had some severe bugs.
- file
- GNU versio of the 'file' program. More informative than the native file program.
- gunzip
- GNU unzip for uncompressing .gz files
- bunzip2
- GNU bunzip2 for uncompressing .bz files
- tnef
- Another archive format
There are also hooks for other archive types that I didn't include handling for.
It also uses various standard programs ( uncompress, uudecode, logger, fgrep, egrep, grep, find, sed, awk, tar)
You can download...
- gzip'ed
tarball of the whole thing.
login as root cd /usr/local gunzip <scanmails.tar.gz | tar xvf -
This will create directories /usr/local/scanmails and /usr/local/smtprelay.
scanmails contains all the scripts and executables.
- scanmails/bin
- All the scripts and executables
- scanmails/data/tmp/*
- Temporary files as e-mail messages are unpacked
- scanmails/data/log/*
- Log files (also syslog)
- smtprelay/*
- Source for smtprelay program
- smtprelay source code
*** WARNING ***
The tarball was glommed together out of a less organized actual implementation and may not work out of the box.
Proceed at your own risk
Got something to add? Send me email.
(OLDER) <- More Stuff -> (NEWER) (NEWEST)
Printer Friendly Version
-> -> -> Virus scanning for SCO Openserver
Increase ad revenue 50-250% with Ezoic
Inexpensive and informative Apple related e-books:
Take Control of Pages
Take Control of Apple Mail, Third Edition
Yosemite Crash Course
El Capitan: A Take Control Crash Course
Take Control of iCloud
More Articles by Kevin Smith © 2008-10-23 Kevin Smith
Printer Friendly Version
Virus scanning for SCO Openserver Copyright © November 2001 Kevin Smith
Have you tried Searching this site?
Support RatesThis is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more.
Contact us
Printer Friendly Version