Re: [Exim] Virus Scanning with mailhubs

Top Page
Delete this message
Reply to this message
Author: Dan Egli
Date:  
To: exim-users
Subject: Re: [Exim] Virus Scanning with mailhubs
Forgive is this seems presumptous, but why not just install a program like
Amavis? I use Amavis on three different machines and it works great! All I
gotta do is add the director, router, and transport configs to the exim file
(clearly spelled out in the README.exim file that comes with the Amavis
distribution) and ANY message that touches my server is scanned before begin
passed on to ANYONE. Works for Remote_addr => local_addr, local=>local,
local=>remote, and even remote=>remote. IF a virus is found the message is
removed, quarenteened, and a message is sent to myself (administrator) as
well as the sender and, optionally, the recipiant of the message stating
that a virus was found. The message is customizable, and as long as I keep
my Mcafee virus defs updated, I'm ALMOST virusproof. I know, it's impossible
to be 100% virusproof, but I'm as close as can be and still operate
computers on the 'net. Or at least I think I am :>
----- Original Message -----
From: "Bob Franklin" <r.c.franklin@???>
To: "Mike Richardson" <doctor@???>
Cc: <exim-users@???>
Sent: Monday, November 12, 2001 2:24 PM
Subject: Re: [Exim] Virus Scanning with mailhubs


> On Mon, 12 Nov 2001, Mike Richardson wrote:
>
> >    ^
> >    |
> > =======      =========
> > | Hub |<=====| Virus |
> > |     |      | Scan  |
> > |     |=====>|       |
> > =======      =========
> >    ^
> >    |

> >
> > Am I asking the impossible here? If not then what sort of config do I
> > need for the Hub and Virus Scan machine?
> >
> > I'm guessing that I could specify the Virus Scan machine as the
> > remote_smtp destination, and the Hub as the remote_smtp's destination
> > but to prevent loops I'd have to add a 'scanned-ok' header to the mail
> > by the Virus Scanner and check for it on the Hub.
>
> I did some experiments with this, because it was how I'm planning to
> introduce the same thing here. My 'solution' was to do set up a router,
> specified, before the one which delivers mail on from the hub to its
> destination, with something like:
>
>   unscanned_mail:
>     driver = domainlist
>     transport = remote_smtp
>     route_list = "* mailscanhost.mycorp.com byname"
>     condition = ! ${eq {$sender_host_address}{192.168.1.1.}}

>
> Where 'mailscanhost' is your mail scanning host and '192.168.1.1' is its
> IP address. [Obviously more complex arrangements could be contrived.] I
> might have this a little wrong as the machine with the test configuration
> went down with a disk fault today. I won't mention the vendor. ;)
>
> The idea is that the router is only matched if the host from which the
> mail was received does not have the IP address of the scanning host, so is
> 'unclean'. This assumes you can make sure this doesn't generate loops and
> things, as the only way to detect a clean message is if it came directly
> from the scanning host.
>
> I'd appreciate anyone pointing out the folly of my ways before I go any
> further with this. :)
>
> - Bob
>
>
> --
>  Bob Franklin <r.c.franklin@???>          +44 (0)118 987 6630
>  Systems and Communications, IT Services, The University of Reading, UK

>
>
>
> --
>
> ## List details at http://www.exim.org/mailman/listinfo/exim-users Exim

details at http://www.exim.org/ ##
>