[Avcheck] RFC: Avcheck future

Michael Tokarev mjt at tls.msk.ru
Mon May 24 22:09:31 MSD 2004 

After quite some time, I'm again at avcheck, thinking what
to do with it next.  I don't use it in my server anymore,
instead, I use a perl script that is running as smtpd-proxy,
checking incoming mail for viruses and applying minimalistic
spam controls.  I don't know much about (various flavours of)
amavis, but it seems this mode is pretty similar to whatever
amavis does.  Basically, I want the following mode of operation
to be implemented:

  standard (in postfix 2.1+) smtp proxy that saves the message
  in a temp file and asks an external daemon to look at the
  file (in a way similar to almost all antivirus daemons, using
  a socket).  The filter may reply with "Ok", in which case the
  while message is passed to backend smtpd, with "Reject", in
  which case the content will be rejected, obviously, or with
  "stolen", in which case the daemon filter will took the
  responsibility of the delivery.

In this scheme, almost any filtering may be applied, including
antivirus checks (as many various antivirus products as needed),
spam controls and the like.

There is a problem ofcourse: the whole process is limited in
time, to pass before smtp timeout expires.  To handle this,
the proxy should enforce it's own timeout, and in case it
expires, it should either reject the message (with temp
error), or to pass it to backend smtpd with some header
that will trigger "offline" content filtering pass after
queuing (maybe using the same proxy).

That all to say: i think that avcheck, in it's current state,
is dead, because new functionality provided now by postfix is
pretty much covers all what is needed and is much better.
Am I right, or wrong?

In case anyone want to take a look at the prototype (proof of
concept) implementation of the proxy, here it is:
  http://www.corpit.ru/mjt/avproxy.tar.gz

It is implemented as a postfix service (with some gross hacks).
In order to run it, one have to copy Syslog.pm (reimplementation
of Sys::Syslog perl module), Postfix.pm, and Postfix/MultiServer.pm
into a directory which is searched by perl (e.g. /usr/local/lib/site_perl),
copy avproxy.pm into /usr/lib/postfix/, and add the following lines
into your master.cf:

smtp.... smtpd -o smtpd_proxy_filter=26
localhost:26 inet n - n - 1 avproxy.pm user=avclient:avgroup smtp_server=localhost:27
localhost:27 inet n - n - - smtpd -o smtpd_authorized_xforward_hosts=127.0.0.0

Currently, only drweb is supported.  (See source for other
parameters).

/mjt

More information about the Avcheck mailing list