My company is going to be moving our email services in house in the near future and we are probably going with the SuSE IMAP server does anyone have a suggestion about a server level virus scanner, since most of our clients are unfortunately windows this is a highly significant issue. We are looking for a scanner with capabilities to include detection, cleaning, and if unable to clean removal of infected files, attachments, or entire emails. Thanks in advance for any suggestions or advice. -- ________________________________________________________ Duane Kehoe Phone # 414.908.1814 MIS Department Fax # 414.908.1814 Weyco Group, Inc. Email: dkehoe@weycogroup.com
On Mon, 16 Oct 2000, Duane Kehoe wrote:
My company is going to be moving our email services in house in the near future and we are probably going with the SuSE IMAP server does anyone have a suggestion about a server level virus scanner, since most of our clients are unfortunately windows this is a highly significant issue. We are looking for a scanner with capabilities to include detection, cleaning, and if unable to clean removal of infected files, attachments, or entire emails. Thanks in advance for any suggestions or advice. Well, you mya use AMaViS-Perl (www.amavis.org). We provide a slightly modified version of it for the SuSE eMail Server (formerly known as SuSE IMAP Server) on ftp://ftp.suse.com:/pub/suse_update/imap/1.0/virus/ Unfortunately, the SDB article for the installation is only available in german. Note: AMaViS is not a virus scanner per se, it's more a kind of interface. AMaViS supports a wide-range of commercial anti-virus products for Linux/Unix. And, btw, if an infected attachment is detected, the whole mail is blocked and put into quarantine.
HTH best regards, Rainer Link -- Rainer Link | SuSE - The Linux Experts link@suse.de | Developer of A Mail Virus Scanner (amavis.org) www.suse.de | Founder OpenAntiVirus Project (www.openantivirus.org)
I suggest you have a look at Mfilter (http://sourceforge.net/projects/mfilter) before you go installing Amavis. I have used Amavis at several large sites, and found it to have limitations, so I went looking for something more flexible. I heard about a bunch of scripts that a friend had hacked together, and asked for a copy. Since then we have packaged them and put them on a webpage (see above) I have this software running on some very large installations, and it works beautifully. It also has the ability to duplicate emails for archiving/censorship etc.. (Nasty I know, but required by alot of companies, and achieved with one extra line of perl) I have also written some SuSE startup/shutdown scripts for it, let me know if you want them as I haven't got around to putting them on the site. Next thing I have to do is create a SuSE rpm, as soon as I figgure out how. anyone got a pointer for a rpm creation howto? (no that I've even looked yet) HTH Nix At 12:22 AM 17/10/2000, you wrote:
On Mon, 16 Oct 2000, Duane Kehoe wrote:
My company is going to be moving our email services in house in the near future and we are probably going with the SuSE IMAP server does anyone have a suggestion about a server level virus scanner, since most of our clients are unfortunately windows this is a highly significant issue. We are looking for a scanner with capabilities to include detection, cleaning, and if unable to clean removal of infected files, attachments, or entire emails. Thanks in advance for any suggestions or advice. Well, you mya use AMaViS-Perl (www.amavis.org). We provide a slightly modified version of it for the SuSE eMail Server (formerly known as SuSE IMAP Server) on ftp://ftp.suse.com:/pub/suse_update/imap/1.0/virus/ Unfortunately, the SDB article for the installation is only available in german. Note: AMaViS is not a virus scanner per se, it's more a kind of interface. AMaViS supports a wide-range of commercial anti-virus products for Linux/Unix. And, btw, if an infected attachment is detected, the whole mail is blocked and put into quarantine.
HTH
best regards, Rainer Link
-- Rainer Link | SuSE - The Linux Experts link@suse.de | Developer of A Mail Virus Scanner (amavis.org) www.suse.de | Founder OpenAntiVirus Project (www.openantivirus.org)
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
I suggest you have a look at Mfilter (http://sourceforge.net/projects/mfilter) before you go installing Amavis. I have used Amavis at several large sites, and found it to have limitations, so I went looking for something more Do you refer to AMaviS (shell) or AMaviS-Perl? Can you give me some more
On Tue, 17 Oct 2000, Nix wrote: details on it's limitations? Anyway, a lot of Open Source Tools do exit, some designed especially for an MTA or for doing only file-name-based/file type based content filtering. So, have a look at http://lavp.sourceforge.net/av-linux_e.txt and choose the one which fits your requirements best :)
beautifully. It also has the ability to duplicate emails for archiving/censorship etc.. (Nasty I know, but required by alot of companies, and achieved with one extra line of perl) Note: AMaViS will never support this. It's at least prohibited by German law. Ah, well, reminds me to read a paper written by two lawyers here in Germany again.
best regards, Rainer Link -- Rainer Link | SuSE - The Linux Experts link@suse.de | Developer of A Mail Virus Scanner (amavis.org) www.suse.de | Founder OpenAntiVirus Project (www.openantivirus.org)
beautifully. It also has the ability to duplicate emails for archiving/censorship etc.. (Nasty I know, but required by alot of companies, and achieved with one extra line of perl) Note: AMaViS will never support this. It's at least prohibited by German law. Ah, well, reminds me to read a paper written by two lawyers here in Germany again.
Duplicating incoming emails is trivial, just set an alias like: seifried: seifried, /var/spool/backup/mail/seifried As for outgoing email I have yet to find a good solution. Personally I like copying all incoming emails, since I tend to delete stuff I later want =).
best regards, Rainer Link
-Kurt
At 04:53 PM 17/10/2000, you wrote:
beautifully. It also has the ability to duplicate emails for archiving/censorship etc.. (Nasty I know, but required by alot of companies, and achieved with one extra line of perl) Note: AMaViS will never support this. It's at least prohibited by German law. Ah, well, reminds me to read a paper written by two lawyers here in Germany again.
Yes, it is not enabled by default, but is left as an exercise to the installer if needed. It IS legal in Australia and the US, inside a company as the company "owns" all communications inside the company. I installed it for the AU Franchises of a couple of the world's largest companies.....
Duplicating incoming emails is trivial, just set an alias like:
seifried: seifried, /var/spool/backup/mail/seifried
yes, this would have to be added for every user though, and is absolutely useless for a firewall/relay where you have many thousands of email addresses that are not actually hosted on the machine doing the scanning.
As for outgoing email I have yet to find a good solution. Personally I like copying all incoming emails, since I tend to delete stuff I later want =).
Yah, with Mfilter, there is no differentiation, as it scans it inbetween SMTPD accepting the email and Sendmail forwarding it, whether it goes to UUCP, Procmail or ESMTP (etc etc..) is irrelevant
best regards, Rainer Link
-Kurt
Cheers Nix
Quoting Nix (suse@nix.hispeed.com) on Tue, Oct 17, 2000 at 01:24:50PM +0200:
Duplicating incoming emails is trivial, just set an alias like:
seifried: seifried, /var/spool/backup/mail/seifried
yes, this would have to be added for every user though, and is absolutely useless for a firewall/relay where you have many thousands of email addresses that are not actually hosted on the machine doing the scanning.
Hmm, Postfix has a simple way of duplicating all mail (always_bcc), just send it to procmail account and save the ones you need. At a previous job we did it for a patent law agency here in Germany. Yup, it can be done in Germany as well, depends all on explicit policies for the usage of e-mail.
Yah, with Mfilter, there is no differentiation, as it scans it inbetween SMTPD accepting the email and Sendmail forwarding it, whether it goes to UUCP, Procmail or ESMTP (etc etc..) is irrelevant
If the obtuse smtpd would be better at relay protection, it might be ok, but I do prefer the easy integration of amavis into postfix which has better spam checks. Amavavis with Postfix also sits inbetween, no matter if the mail is local, relayed or outbound... Now if Amavis could be made to also block specific file types / mime tipes I would be really happy. cheers afx -- atsec information security GmbH Phone: +49-89-4424930 Steinstrasse 68 Fax: +49-89-4424931 D-81667 Muenchen, Germany May the Source be with you!
On Tue, 17 Oct 2000, Andreas Siegert wrote:
Hmm, Postfix has a simple way of duplicating all mail (always_bcc), just send it to Correct, yes. procmail account and save the ones you need. At a previous job we did it for a patent law agency here in Germany. Yup, it can be done in Germany as well, depends all on explicit policies for the usage of e-mail. The paper I have from "Bartsch&Partner" makes a difference between incoming and outgoing eMails. So, to sum it up - we, the AMaViS Dev Team, won't add such a feature and if you need duplicating mail this should be done with the used MTA.
do prefer the easy integration of amavis into postfix which has better spam checks. Amavavis with Postfix also sits inbetween, no matter if the mail is local, relayed or outbound... Correct, yes.
Now if Amavis could be made to also block specific file types / mime tipes I would be really happy. I started already with this for AMaViS shell, which works in my test. I will it add to 0.2.2. I'm currently workin on exim support and content filtering support for AMaviS-Perl. The exim stuff works, but, well, the MIME-Tools can not handle batched SMTP correctly, and I loose because therefore no virus can be detected. The content filtering stuff isn't useable yet. I'm currently busy with doing some code audit / tests with TNEF and reformime - the use of metamail in AMaViS-shell is depreciated because metamail can not handle MIME multipart/alternative messages [1]. But the new reformime release introduced a new limitation, which I do not like.
So, please do not expect exim / content filtering support in AMaViS-Perl very soon. And, btw, contributions are always welcome :) best regards, Rainer Link [1] http://www.amavis.org/asa/asa-2000-1.txt -- Rainer Link | SuSE - The Linux Experts link@suse.de | Developer of A Mail Virus Scanner (amavis.org) www.suse.de | Founder OpenAntiVirus Project (www.openantivirus.org)
participants (5)
-
Andreas Siegert
-
Duane Kehoe
-
Kurt Seifried
-
Nix
-
Rainer Link