[Avcheck] AVCheck and McAfee

[Michael Tokarev]

Deives Michellis wrote:
> 
> Does anybody know how I can make AVCheck to get along with McAfee
> ViruScan? I'm using RedHat 6.2 Linux and Postfix 1.1.4. I already have a
> content filter running, but I must add viruschecking facilities to it.

McAfee, as long as I remember, works is a command-line tool (scanner),
not as a daemon.  For this, it's sufficient to use "plain" content_filter
written in shell, like an example in postfix's FILTER_README.  Performance
of filter itself will be slower compared to avcheck, but that's not a
problem since McAfee uvscan will load it's av bases for every email
anyway (uvscan does that much faster than many other virusscanners).

You may try to adapt one of avcheck's `infected' handlers to do the
work.  The only addition needed is -- save incoming email in a temp
file using cat and run uvscan on it -- somewhere near beginning of
a script.  E.g.:

#! /bin/sh
# should be called as:
#  filter from-address to-address to-addres...

SENDMAIL="/usr/sbin/sendmail -i"
FROM="$1"; shift

MAIL=/var/uvscan/tmp.$$
cat >$MAIL || exit 75

MSG=`/path/to/uvscan -options $MAIL`
if [ $? = 0 ] ; then
  $SENDMAIL -f "$FROM" "$@" <$MAIL
  # check for possible errors
  rm -f $MAIL
  exit 0
elif [ $? != UVSCAN_INFECTED_CODE ] ; then
  rm -f $MAIL
  exit 75
fi

... rest of avcheck's `infected' handler ...


I don't know what options should be used for uvscan (it should
deMIME mail messages, something like --mime) - consult uvscan(1)
manpage.

For faster reinjections, you may use avcheck instead of sendmail:

 SENDMAIL="/path/to/avcheck -c -S:10025"

And do not forget to add appropriate transport entry into master.cf:

 uvscan unix ... pipe flags=q user=uvscan argv=/path/to/filter-script ${sender} ${recipient}

Regards,
 Michael.