[Avcheck] AVCheck and McAfee
Michael Tokarev
mjt@tls.msk.ru
Fri, 03 May 2002 16:43:36 +0400
Deives Michellis wrote:
>
> Does anybody know how I can make AVCheck to get along with McAfee
> ViruScan? I'm using RedHat 6.2 Linux and Postfix 1.1.4. I already have a
> content filter running, but I must add viruschecking facilities to it.
McAfee, as long as I remember, works is a command-line tool (scanner),
not as a daemon. For this, it's sufficient to use "plain" content_filter
written in shell, like an example in postfix's FILTER_README. Performance
of filter itself will be slower compared to avcheck, but that's not a
problem since McAfee uvscan will load it's av bases for every email
anyway (uvscan does that much faster than many other virusscanners).
You may try to adapt one of avcheck's `infected' handlers to do the
work. The only addition needed is -- save incoming email in a temp
file using cat and run uvscan on it -- somewhere near beginning of
a script. E.g.:
#! /bin/sh
# should be called as:
# filter from-address to-address to-addres...
SENDMAIL="/usr/sbin/sendmail -i"
FROM="$1"; shift
MAIL=/var/uvscan/tmp.$$
cat >$MAIL || exit 75
MSG=`/path/to/uvscan -options $MAIL`
if [ $? = 0 ] ; then
$SENDMAIL -f "$FROM" "$@" <$MAIL
# check for possible errors
rm -f $MAIL
exit 0
elif [ $? != UVSCAN_INFECTED_CODE ] ; then
rm -f $MAIL
exit 75
fi
... rest of avcheck's `infected' handler ...
I don't know what options should be used for uvscan (it should
deMIME mail messages, something like --mime) - consult uvscan(1)
manpage.
For faster reinjections, you may use avcheck instead of sendmail:
SENDMAIL="/path/to/avcheck -c -S:10025"
And do not forget to add appropriate transport entry into master.cf:
uvscan unix ... pipe flags=q user=uvscan argv=/path/to/filter-script ${sender} ${recipient}
Regards,
Michael.