From owner-freebsd-stable Thu Nov 2 2:52:38 2000 Delivered-To: freebsd-stable@freebsd.org Received: from hermes.element-5.de (hermes.element-5.de [195.185.111.26]) by hub.freebsd.org (Postfix) with SMTP id 68F4C37B4C5 for ; Thu, 2 Nov 2000 02:52:33 -0800 (PST) Received: (qmail 43794 invoked by uid 85); 2 Nov 2000 10:52:31 -0000 Received: from glaess@element5.de by hermes.element-5.de with qmail-scanner-0.93 (sweep: 1.11/3.37. . Clean. Processed in 0.452491 secs); 02/11/2000 11:52:30 Received: from fw2.cc.element5.de (HELO davis.element5.de) (192.168.11.2) by hermes.element-5.de with SMTP; 2 Nov 2000 10:52:30 -0000 Content-Length: 2485 Message-ID: X-Mailer: XFMail 1.4.0 on FreeBSD X-Priority: 3 (Normal) Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit MIME-Version: 1.0 In-Reply-To: <20001102113045.A50839@isi.actis.de> Date: Thu, 02 Nov 2000 11:52:30 +0100 (CET) Reply-To: glaess@hermes.element-5.de Organization: element5 AG From: holger glaess To: freebsd-stable@freebsd.org Subject: RE: Mailscanning with FreeBSD (was: VIRUS WARNING) Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG hi folks i use qmail 1.03 qmailqueuescan (sourceforg.net/projects/qmail-scanner sohos sweep (i think is the best , (is fast and a nativ prg for FreeBSD) On 02-Nov-00 Thorsten Kuehnemann wrote: > On Thu, Nov 02, 2000 at 10:19:35AM +0100, Pawel Latkowski wrote: >> Hello guys, >> I received many of warnings from You. I'm interested in what are U using to >> check e-mails for virus. I'm using sendmail. > > Hello Paul, > > i installed a native FreeBSD Virusscanner from Network Associates > www.nai.com : > > cd /usr/ports/security/vscan && make install > > This port depends on regularly updated "DAT-Files" with virus signatures. > Because of the weekly updating of that files i had to install the port in > /usr/src/security/uvscan-dat with NO_CHECKSUM=yes. > The port has a shellscript to use for updating. > I suggest you to create a nonprovileged user for this script > because it extracts a tarfile downloaded from the net. > > Now you have a Program for checking files. The Tools in > http://amavis.org can extract all attachments of a mail > with the help of many tools found under /usr/ports/archivers and > /usr/ports/converters/tnef into files and running "uvscan" on them. > > Its main Shellscript "scanmails" replaces the local Mailer found > in Mlocal of your sendmail.cf. After checking the mail it calls the > "real" local delivery program. The script is highly configurable. > > Amavis uses file(1) to get the type of a file and needs a parameter > "-b" so i installed GNU-File under /usr/local/libexec/file for it. > Amavis suggests installing "maildrop" to get a secure tool for > extracting attachments into files. The FreeBSD-Port is very old so > i installed it from http://www.flounder.net/~mrsam/maildrop/ . > > > I doubt that this installation will increase the security of your > site: > > - the users think that the MTA will refuse all insecure mails > which is NOT true (think of new worms/viruses or other executables > like moorhuhn.exe) > > - many programs are started at your mailserver to extract all > attachments. All Programs have their own security holes like > buffer overflows... > > But i know what it means for me to restore the complete contents > of file- or webservers as a result of the behaviour of our users > so i installed it. > > Thorsten > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-stable" in the body of the message -- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message