I have managed to setup e-mail virus scanning on an OSR504 system using MMDF as an e-mail gateway to a corporate network. It works off a collection of availables tools, some custom code and the SOPHOS anti-virus software (www.sophos.com).
Basic operation is a program I wrote (
Most commands are simply relayed (rcpt to, msg from, etc.) but
at the DATA phase the incomming message is read into an internal
buffer and passed to a backend program for filtering. The backend
command is free to edit the message, pass it unmodified, or signal
an error. This is where I do virus scanning.
If the messages passes, the DATA command is passed to the backend
server followed by the (possibly edited) message.
The backend virus scanner is a hacked up version of AMAVIS (0.2.1)
(http:www.amavis.org). The original version had some HUGE performance
issues and was designed to cover a variety of virus scanners. I
streamlined the file processing loop and stripped it down to just work
with SOPHOS. It was also designed to handle final delivery of the
message. I modified it to act as a filter instead.
The AMAVIS part handles breaking out MIME attachments and unpacking
various archives and compressed files so they can be scanned.
The whole package consists of
Modify the smtpd line in /etc/inetd.conf
Modified 03/11/2002--Modified to use generated
names when extracting mime segments so two segments with the same
file name don't overwrite each other. Using the same name
twice could have been used to mask a virus file by attaching a
second file with the same name but which was not infected.
amavis supplies an unzip like securetar but it had some severe bugs.
There are also hooks for other archive types for which I didn't include
handling.
It also uses various standard programs (
uncompress,
uudecode,
logger,
fgrep,
egrep,
grep,
find,
sed,
awk,
tar)
You can download...
This will create directories /usr/local/scanmails
and /usr/local/smtprelay.
scanmails contains all the scripts and executables.
The tarball was glommed together out of a less organized actual
implementation and may not work out of the box.
Proceede at your own risk
smtp stream tcp nowait root /usr/mmdf/chans/smtpd smtpd /usr/local/scanmails/bin/smtpsrvr smtp
login as root
cd /usr/local
gunzip <scanmails.tar.gz | tar xvf -
*** WARNING ***