Avcheck: a simple antivirus solution for a mail system |
What is Avcheck? |
Avcheck is a simple program that allows you to call an antivirus software in order to check mail messages for viruses before actual delivery from within a Mail Transfer Agent, or MTA.
Avcheck itself isn't a virusscanner, nor it is an MTA. It sits between the MTA and a real antivirus software. Most MTAs available today can call an external program for every mail message in order to perform various tasks, including virus scanning and content filtering. Avcheck can be used as that external program.
Avcheck will receive a mail message from a mail system, pass it to an antivirus software, and, depending on the presence of a virus in that message, will either allow the message to be delivered or take appropriate actions to handle infected mail.
Avcheck does nothing with a mail message contents -- it's task is to prepare file with a mail message and feed it to an antivirus progra. It's an antivirus task to decode MIME structure, handle embedded archives and so on. Many but not all antivirus products today have this ability.
Avcheck consists of two basic parts that works together. One of them,
a small executable called avcheck
, used to perform all
necessary actions to determine if a given message is infected (with
a call to an antivirus engine). This program has built-in small
SMTP client, to be able to inject mail for further delivery faster.
Second component, infected
program (usually a shell
script), called to handle any mail message that is infected by a virus.
This program will not be called often (you don't have many
infected mail coming via your mail server, do you?). This second
component should do all the required work to do something with
an infected mail message -- this is very site-specific. Thus, it
is easy to write your own handler that will suit your needs best.
There are two ready-to-run examples of such a handler provided in
the distribution, one of them have translations to many different
languages.
Initially, Avcheck was written as a little hack that allows to use an excellent MTA -- Postfix -- together with AVP antivirus daemon. Later, it was developed into a more general system that can be used with different antivirus engines and different MTAs, with flexible configurable actions to infected mails, while still remaining very simple.
Avcheck written by Michael Tokarev and Ralf Hildebrandt, with help and suggestions from many others all over the world. It is free software.
Supported Antiviruses and MTAs |
Currently, Avcheck supports the following antivirus engines:
Avcheck can be used with almost any Mail Transport Agent. The following MTAs are supported directly:
Note that all README files referred above included into distribution archive.
News and Download Section |
Avcheck can be downloaded for free from this site using HTTP or FTP. Size of current version is only about 45K, including all README files and examples. Avcheck is free software, you can do with it whatether you like, except of claiming that you wrote it.
News
infected.ex2
handler.
See ChangeLog for a complete list
of changes. You don't need to upgrade if avcheck works for you.
Avcheck Mailing List |
There is a mailing list available, where you can ask a question(s) about using Avcheck, request new features, or share your expirience. Avcheck mailinglist powered by Mailman, an excellent mailing list manager software.
To post a message to the list, send mail to avcheck@corpit.ru. Currently, list is opened to everyone, there is no need to subscribe before posting. Please, do not post subscribe and unsubscribe requests to the list itself, and do not post unrelated questions and information to it.
All messages posted to this list will be archived. Archives are available here.
If you want to filter messages comes from Avcheck mailing list to you, set up your mail reader software to look to header Sender:. All messages comes from this list have this headed looks like Sender: avcheck-admin@list.corpit.ru.
In order to subscribe to the list, send email message to avcheck-request@corpit.ru with subject subscribe. You will shortly receive a mail message back to your address asking for confirmation of your subscription and with further instructions.
Alternatively, you can subscribe by filling in the following little form online. You will be sent email requesting confirmation, to prevent others from gratuitously subscribing you.
To unsubscribe from the list, or to change your subscription options, enter your subscription email address:
Alternatively, send email to avcheck-request@corpit.ru with subject help to get instructions on how to change your subscription options via email.
Links |
First of all, an excellent MTA written by Wietse Venema, called Postfix. It is very easy to set up, it is secure, fast, and flexible. Big advantage of Postfix is it's backward compatibility -- you can upgrade your postfix installation (due to e.g. new features found in never version) after many years of work, and be sure new version will run with your settings.
Amavis, A Mail Virus Scanner, by Lars Hecking, is a similar project. Main difference between Amavis and Avcheck is that Amavis decodes MIME structure of a mail message and extracts attached archives etc. itself, using perl's modules and various external programs, and feeds only plain files to the virus scanner. This way, it doesn't depend on ability of an antivirus software to handle archives and MIME.
Virge, utility similar to avcheck but designed to be run as LDA (Local Delivery Agent), i.e. it sits between a mail system and your personal mailbox.