Virus Scanning moved imap files
Dave McMurtrie
dave64 at andrew.cmu.edu
Wed Nov 30 13:16:37 EST 2011
On 11/30/2011 12:41 PM, Marc Patermann wrote:
> Shelley,
>
> Shelley Waltz schrieb (30.11.2011 16:47 Uhr):
>> I have two imap servers, one which has smtp(postfix) and virus scanning
>> before delivery to imap.
>>
>> I have another imap archive server which has no smtp, but users simply
>> move messages from their imap account(s) to the archive server. It appears
>> that some messages have infections.
>>
>> My question is, other than wholesale scanning the entire imap directory, moving
>> infected messages to a virus folder, and reconstructing the mailbox, is there a
>> more elegant way? One which scans on arrival before depositing into inbox?
> I think you mean an "on access scanner".
> There are a few IMHO i.e.
> http://www.clamav.net/lang/en/download/third-party-tools/3rdparty-fs/
>
> But I am not sure what happens, if the just created/copied infected
> cyrus message file is (somehow) /handled/ by the scanner.
It's not exactly what you're asking for, but I figure it's worth a
mention in case you didn't know it existed, and it is somewhat related.
Cyrus contains a tool called cyr_virusscan that is capable of scanning
messages for viruses, optionally removing infected messages and
optionally appending a new message to the mailbox with an explanation of
what it removed.
I doubt anyone has ever used cyr_virusscan outside of CMU because it
doesn't build by default and it's not documented anywhere that I'm aware
of. If you look at the source files, however, you'll see it there.
To build it, you have to manually:
make cyr_virusscan
after you run configure. I think Ken intended for it to be able to use
any virus scanning engine, but it might currently only work with
libclam. At the very least, I know we've only ever used it with ClamAV.
Also, the ClamAV api changed since Ken wrote cyr_virusscan. Not long
ago, I updated the code to work with the new ClamAV api but it hasn't
been well tested since then.
HTH,
Dave
--
Dave McMurtrie, SPE
Email Systems Technical Lead
Carnegie Mellon University,
Computing Services
More information about the Info-cyrus
mailing list