← Back to team overview

sslug-teknik team mailing list archive

Re: Linux programmer til virus check

 

Har du hørt om MailScanner?

http://www.sng.ecs.soton.ac.uk/mailscanner/

----------------------------------------------------------------------------
---------------------
HOWTO mailscanner for sendmail
==============================
by Thomas Chung (tchung AT openwebmail.org)
Last Update: 2002-09-23

1. Download virus scanner software

   fp-linux_sb.rpm from http://www.f-prot.com/download/getfplinfree.html

2. Rename software for future reference

   mv fp-linux_sb.rpm f-prot-3.12a-1.i386.rpm

3. Install virus scanner software

   rpm -Uvh f-prot-3.12a-1.i386.rpm

4. Create Daily Cron Job to update virus definition automatically

   cd /etc/cron.daily
   ln -s /usr/local/f-prot/check-updates.sh f-prot.cron

5. Download mail scanner software

   mailscanner-3.22-10.i386.rpm from
http://www.sng.ecs.soton.ac.uk/mailscanner/downloads.shtml

6. Install mail scanner software

   rpm -Uvh mailscanner-3.22-10.i386.rpm
   and remove "Sophos.autoupdate" from /etc/cron.daily which is unnecessary
since we installed f-prot instead.

7. Change mailscanner config file for f-prot (by default, sophos is used)

  vi /usr/local/MailScanner/etc/mailscanner.conf

  1) Virus Scanner = f-prot

  2) Sweep = /usr/local/f-prot/f-protwrapper


8. Start mailscanner service:

   service mailscanner start

9. That's it!  Now if you receive any email with suspicious attachment, you
will be notified by email
   as an example shown below:

=====
This is a message from the MailScanner E-Mail Virus Protection Service
----------------------------------------------------------------------
The original e-mail attachment "07 ¤£¤@¼Ë Different.pif"
was believed to be infected by a virus and has been replaced by this warning
message.

If you wish to receive a copy of the *infected* attachment, please
e-mail helpdesk and include the whole of this message
in your request. Alternatively, you can call them, with
the contents of this message to hand when you call.

At Sun Jul 21 16:06:35 2002 the virus scanner said:
   /var/spool/MailScanner/incoming/g6LN6K421609/07 ¤£¤@¼Ë Different.pif
Infection: W32/Klez.H@mm
   Shortcuts to MS-Dos programs are very dangerous in email in 07 ¤£¤@¼Ë
Different.pif

Note to Help Desk: Look on the MailScanner in
/var/spool/MailScanner/quarantine (message g6LN6K421609).
--
Postmaster

Minor URL Issue in Virus Report
================================
To correct the URL for mailscanner web site in Open Wembail message,

1) cd /usr/local/MailScanner/etc

2) add "http://"; in front of "www.mailscanner.info" in following files
   - sender.error.report.txt
   - sender.filename.report.txt
   - sender.virus.report.txt


More tweak on /usr/local/MailScanner/etc/mailscanner.conf
=========================================================

1) If you don't want to deliver the email with virus removed to recipients

   Deliver To Recipients = no

2) If you don't want to notify the infected message to sender

   Notify Senders = no

3) If you don't want to keep (quarantine) the infected message

   Action = delete
----------------------------------------------------------------------------
-----
----- Original Message -----
From: "Carsten Brink" <cbrink@xxxxxxx>
To: <sslug-teknik@xxxxxxx>
Sent: Saturday, February 22, 2003 6:50 AM
Subject: [TEKNIK] Linux programmer til virus check


> Jeg har en redhat 7.2 server stående koblet optil vores netværkpå
arbejdet. Vores teledata afdeling som er meget windos baseret er meget
bekymret over, at der ikke er virus beskyttelse på maskinen (at de er
ligeglade med de fem unix maskiner jeg har står som et mysterium). Derfor
vil jeg høre om der nogle der har erfaring med virus check programmer til
Linux. Personligt ville jeg selvfølgelig helst have freeware, men også hvis
der skal betalles licens for det hører jeg gerne om erfaringer samt
referencer til produkterne
>
> Med venlig hilsen
> Carsten
>
>
>
>
>


---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.455 / Virus Database: 255 - Release Date: 2/13/2003



References