Date: Thu, 2 Nov 2000 11:30:45 +0100 From: Thorsten Kuehnemann <thk@actis.de> To: Pawel Latkowski <platkowski@noblestar.pl> Cc: freebsd-stable@FreeBSD.ORG Subject: Mailscanning with FreeBSD (was: VIRUS WARNING) Message-ID: <20001102113045.A50839@isi.actis.de> In-Reply-To: <GPEMKBNLHCMKHCNBBDHMEEJBCCAA.platkowski@noblestar.pl>; from platkowski@noblestar.pl on Thu, Nov 02, 2000 at 10:19:35AM %2B0100 References: <200011020837.eA28bUH23293@madli.ut.ee> <GPEMKBNLHCMKHCNBBDHMEEJBCCAA.platkowski@noblestar.pl>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Nov 02, 2000 at 10:19:35AM +0100, Pawel Latkowski wrote:
> Hello guys,
> I received many of warnings from You. I'm interested in what are U using to
> check e-mails for virus. I'm using sendmail.
Hello Paul,
i installed a native FreeBSD Virusscanner from Network Associates
www.nai.com :
cd /usr/ports/security/vscan && make install
This port depends on regularly updated "DAT-Files" with virus signatures.
Because of the weekly updating of that files i had to install the port in
/usr/src/security/uvscan-dat with NO_CHECKSUM=yes.
The port has a shellscript to use for updating.
I suggest you to create a nonprovileged user for this script
because it extracts a tarfile downloaded from the net.
Now you have a Program for checking files. The Tools in
http://amavis.org can extract all attachments of a mail
with the help of many tools found under /usr/ports/archivers and
/usr/ports/converters/tnef into files and running "uvscan" on them.
Its main Shellscript "scanmails" replaces the local Mailer found
in Mlocal of your sendmail.cf. After checking the mail it calls the
"real" local delivery program. The script is highly configurable.
Amavis uses file(1) to get the type of a file and needs a parameter
"-b" so i installed GNU-File under /usr/local/libexec/file for it.
Amavis suggests installing "maildrop" to get a secure tool for
extracting attachments into files. The FreeBSD-Port is very old so
i installed it from http://www.flounder.net/~mrsam/maildrop/ .
I doubt that this installation will increase the security of your
site:
- the users think that the MTA will refuse all insecure mails
which is NOT true (think of new worms/viruses or other executables
like moorhuhn.exe)
- many programs are started at your mailserver to extract all
attachments. All Programs have their own security holes like
buffer overflows...
But i know what it means for me to restore the complete contents
of file- or webservers as a result of the behaviour of our users
so i installed it.
Thorsten
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001102113045.A50839>