Re: Recommendation for "antivirus" software (MTA is qmail)

From: Chris Shenton (chris_at_shenton.org)
Date: 01/27/04

  • Next message: User Ernie: "Re: L2TP LNS setup" 
    To: David Wolfskill <david@egation.com>
Date: Tue, 27 Jan 2004 17:07:38 -0500

    David Wolfskill <david@egation.com> writes:

    > My boss, who persists in using a M$-based desktop, wants me to install
    > an "antivirus solution" on our mail server.

    > The MTA we currently use is qmail on a system running FreeBSD 4.8.
    > As far as I can tell, that is for its ease of integration with
    > vpopmail.

    qmail guru, Russ Nelson has the qmail-smtpd-virusscan.patch which
    blocks all MS executable attachments sent as base-64 encoded
    attachments. Folks who use it claim it stops almost all virii. I
    haven't done tests or analyzed logs, but it seems to help a huge
    amount. It's very fast since it just looks for the 9-character-long
    base-64 strings which match the beginning of any MS executable file in
    the first line of an attachment: it doesn't do unpacking, unzipping,
    but it also doesn't believe any filenames or extensions. It does this
    at the qmail-smtpd level, before getting into your queue, rejecting
    the connection with a message that says something like "we don't
    accept executable attachments" so human senders can re-send as ZIP or
    something. The qmail-ldap folks also use a variant for what it's worth.

    I patched the qmail-smtpd on a small ISP I support, with which I also
    use vpopmail. They're losely coupled enough this isn't a problem.

    I'd suggest starting with this. If anything gets through, you might
    want to look into another more cpu-intensive filter. But the patch is
    very low CPU usage.

    I don't have a handle on the anti-spam thing -- that's a LOT harder to
    detect reliably (and cheaply/quickly).
    _______________________________________________
    freebsd-isp@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-isp
    To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org"

  • Next message: User Ernie: "Re: L2TP LNS setup"