OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Email virus checking on a gateway host
From: BERRYP1uk.ibm.com
Date: Wed Oct 18 2000 - 08:54:51 CDT

The quick question is: can you check for viruses on incoming mail, and
then forward on clean mail, but manage (store or delete, etc) any mail that
fails the virus test?

I wish to set up virus checking on any email coming through a gateway.
I have been looking round for various tools to let me do this. Sendmail
seems
to be not suitable: it is a security risk, it is complex to understand, and
it does
not have the power to let you pipe data through a filter and check the
contents
that way.

This is the way I expect it should work. Mail arrives at the gateway. The
DATA
portion is then sent to a user process to check for viruses. Any
attachments are
converted to binary (typically from base64) and scanned by a virus scanner.
If the return value of this process is non-zero, or some other criteria,
the mail is
deemed to contain a virus. The mail delivery program then aborts the
forwarding
of the mail -- and optionally informs the recipient.

Of course there could be several variations on this theme. My question then
is,
can postfix be set up to do this? I know you can get all mail delivered
locally and
then sent to a user process. I have not yet found anything that can
effectively do
this as part of a pipeline.

I hope I am not asking what has been asked a thousand times before, but I
have
not yet found anything suitable on the Net. The benefit of this is that
there is only
one location to manage email viruses. This makes management easier, and
means
you can respond quickly to any threats.

TIA,

Phil Berry