DMail Virus Checking

Dmail Virus Checking

Virus attacks are becoming more and more common these days and so we have added anti virus functionality to DMail. This is quite resource intensive as each attachment has to be extracted out then scanned. You can use any virus scanner than can take command line arguments and be instructed to delete the extracted files if they contain a virus. If DSMTP detects the extracted file has been deleted then it will return a 500 error informing the sender that the message contains a virus and not deliver the message to the recipient.

external_viruschecker <path and filename of viruschecker> <arguments> $FILE$

This gives the location of the virus scanner and the arguments it needs to delete infected files, some examples are given below, The $FILE$ is the macro for the filename that DMail extracted to the directory.

extract_mime <path> [file extensions]

This is the path that DMail will use to extract files to for use with the virus scanning. By default it will extract any file to the directory but you can list extensions so that it only extracts certain types.

e.g.

extract_mime c:\mime\ exe zip com

What anti virus software can I use?

As mentioned above you can use any anti virus software that will take a command line argument and that can be instructed to delete any infected file. Below is listed some examples of some of the anti-virus products available.

Kaspersky Anti-Virus (AVP) - http://www.kaspersky.com

A well regarded virus checker that will satisfy most organizations anti-malware needs. Free downloads are available for evaluation purposes.

Supported platforms: Windows, Linux, FreeBSD, BSDi

Example of use with DMail:

After installing the AVP server product add the following lines to your dmail.conf file:
extract_mime /usr/local/dmail/extract
external_viruschecker /opt/AVP/kavscanner -E -Y $FILE$
Activate these changes with the command:
tellsmtp reload
All traffic through the SMTP server will now be scanned. Mail containing potentially malicious code will be returned to the sender

RAV AntiVirus Checker - http://www.rav.ro/

Another good virus checker, all of their mail server products may be integrated with DMail via command line calls.

This is available for Windows, Linux, FreeBSD and OpenBSD

Example of use with DMail:

Install RAV anti-virus and add the following lines to you dmail.conf file:
extract_mime /usr/local/dmail/extract
external_viruschecker /usr/bin/ravlin8 -DEL -UNZIP -HEUR ON $FILE$
Activate these changes with the command:
tellsmtp reload
All traffic through the SMTP server will now be scanned. Mail containing potentially malicious code will be returned to the sender

BrightMail - http://www.brightmail.com

BrightMail offers both virus and spam detection. BrightMail actively monitor email traffic and distribute rules on a real-time basis to filter out unsolicited and potentially harmful email messages. This solution will tend to be of interest to those with more financial leverage.