Re: [Exim] Virus scanning architecture

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Philip Hazel
Date:  
À: Elena Blanco
CC: exim-users
Sujet: Re: [Exim] Virus scanning architecture
On Wed, 3 Jan 2001, Elena Blanco wrote:

> I have been asked to provide a virus scanning service that is available
> for use by any mail servers in the Oxford domain that want to use it.
> Now it's pretty straight forward to get messages into a virus-sweeping
> box and run the anti-virus software on each message BUT I have a
> problem re-injecting the scanned message for delivery. The requirement
> is to send the scanned message back to the host that sent it for virus
> scanning in the first place (with an appropriate header indicating that
> it has been scanned obviously).


Header? Anybody can forge a header.

> Since all but 4 of the mail servers
> that can potentially use this service are servers that are NOT under my
> control, how do I get the virus-scanning box to send the message back
> to the last server that appears in the received headers so that that
> host is responsible for spooling and delivering the clean message? Are
> there any compelling reasons not to use this kind of architecture other
> than the fact that it sounds hideous?


Anybody can forge a received header too.

The way people do this is to use the IP addresses. The scanning box
returns the message to the IP address from which it got it. The sending
box checks to see where a message has come from. If it comes from the
virus scanner, it delivers it normally. Otherwise it sends it to the
virus scanner. This is easy to configure with Exim.

Of course, you want the virus scanner to accept messages only from
within Oxford.


-- 
Philip Hazel            University of Cambridge Computing Service,
ph10@???      Cambridge, England. Phone: +44 1223 334714.