Virus attacks are becoming more and more common these days and so we have added
anti virus functionality to DMail. This is quite resource intensive as each
attachment has to be extracted out then scanned. You can use any virus scanner
than can take command line arguments and be instructed to delete the extracted
files if they contain a virus. If DSMTP detects the extracted file has been
deleted then it will return a 500 error informing the sender that the message
contains a virus and not deliver the message to the recipient.
external_viruschecker <path and filename of viruschecker> <arguments> $FILE$
This gives the location of the virus scanner and the arguments it needs to delete infected files, some examples are given below, The $FILE$ is the macro for the filename that DMail extracted to the directory.
extract_mime <path> [file extensions]
This is the path that DMail will use to extract files to for use with the virus scanning. By default it will extract any file to the directory but you can list extensions so that it only extracts certain types.
extract_mime c:\mime\ exe zip com
There is a new way also using RAVMD, this is a daemon that will sit on the machine and DMail can "talk" to, this should be faster and also will report what files were infected and allows the cleaning of files etc, a lot more effective than the older method, you can see the RAV section further below
As mentioned above you can use any anti virus software that will take a command line argument and that can be instructed to delete any infected file. Below is listed some examples of some of the anti-virus products available. Currently we recommend using RAV for DMail or Mailscan for DMail who have tailor made versions of their anti virus software specifically for DMail and MailScan also does content checking and a lot more.
Please be careful to follow the license agreements of the antivirus software as many vendors have specific licenses for use with mail servers.
Using RAVMD you just need to add this setting to dmail.conf.
If you've installed rav into /usr/local/rav8 then you just need to add to dmail.conf
If you have defined scan_ext in your rav config file then be sure to include *.tmp in the list or it will give odd errors about not being able to find the file it is trying to scan.
That will take care of everything, and your users will be alerted to exactly what the virus was etc, this is by the far the best method, it also allows for passing of cleaned files which the other method doesn't.
MailScan for DMail/SurgeMail is an Antivirus product for DMail and SurgeMail Server. MailScan has good features like Scanning Attachments, Content checking, automatic virus updation, POP-UP message notifiction and much more. Automatically configures DMail, this content checks at the socket level so won't upset any relay settings etc for DMail.
It is a 30-day Trial version. Any questions please email email@example.com
A very well known and respected virus checker that is available for a wide variety of platforms, is well suited for DMail with its on demand scanning utility - SWEEP.
Platforms: Windows 95/98/NT/2000, AIX PPC, Digital Unix - Alpha, FreeBSD 2 & 3 Intel, HP-UX, Linux libc5 & libc6, Linux Alpha, Solaris Sparc, Solaris Intel
external_viruschecker /usr/local/bin/sweep -s -nc -remove -archive $FILE$
Options for command line:
-nc (no cofirmation)
-remove (delete file, compulsary)
-zip (search through zip files)
-tar (search through tar files)
-gzip (search through gzip files)
-cab (search through cab files)
-rar (search through rar files)
-arj (search through arj files)
-archive (serch through all the above types of archives)
A very well known anti virus solution for home users, can be setup for use
with DMail also but other anti virus soltuions that have been designed especially
for command line driven use are probably better to use on serious systems.
external_viruschecker c:\program files\navnt\navwnt.exe /noresults $FILE$
You must also set in the Norton Anti Virus GUI for Norton to delete any affected files, otherwise it will not work.
A well regarded virus checker that will satisfy most organizations anti-malware needs. Free downloads are available for evaluation purposes.
Supported platforms: Windows, Linux, FreeBSD, BSDi
Example of use with DMail:
After installing the AVP server product add the following lines to your dmail.conf file:extract_mime /usr/local/dmail/extractActivate these changes with the command:
external_viruschecker /opt/AVP/kavscanner -E -Y $FILE$tellsmtp reloadAll traffic through the SMTP server will now be scanned. Mail containing potentially malicious code will be returned to the sender
To scan for specific users set this in dmail.conf
Then in your authent database you can return vscan="true" as part of the return code. If this is returned the users email will be scanned otherwise it won't be.
If you want to scan for just one domain you can use these settings.
domain_vscan_skip <domain> (tells dmail to skip scanning for specified domains
domain_vscan_do <domain> (tells dmail to scan this domain (overides domain_vscan_skip))
Example: You just want to scan mail for users on domain test.com