Linux antivirus gateway

Matthew Carpenter matt
Thu May 5 11:03:54 PDT 2005 

Douglas J Hunley wrote:
>>for BitDefender, which runs Debian (does Debian have a Sparc-based
>>distribution?).
> 
> I believe so, yes.
Ubuntu does, so it would figure that Debian does.
> 
>>As for ClamAV, I thought that this is for Sendmail scanning only. Am I
>>correct? Or can it scan traffic that is entering the network too?
> 
> ClamAV doesn't know/care what kind of traffic it's scanning. there's a squid 
> module (iirc) that passes all http thru it ...

ClamAV does care somwhat, but is capable of scanning many things.  It's 
in the delivery (whether it's a real virus file or an email with headers 
and a virus attachment, etc...)

ClamAV uses clamd for on-access scanning and scanning files from TCP or 
Unix socket connections.  clamscan is the on-demand scanner (used by you 
and me), and there is indeed a Squid plugin which pipes HTTP transfers 
through it.

I use Postfix, AMaViS and ClamAV on my systems.  Postfix hands off the 
email to amavis, which then uses ClamAV to scan the file and 
Spamassassin to tag it as SPAM or HAM.

Pertinent parts of /etc/postfix/main.cf:
-------------------------------------------
content_filter = vscan:
-------------------------------------------

Pertinent parts of /etc/postfix/master.cf:
-------------------------------------------
vscan     unix  -       n       n       -       10       pipe
   user=vscan argv=/usr/sbin/amavis ${sender} ${recipient}
-------------------------------------------



Then, in /etc/amavisd.conf, uncomment the following section as so:
-------------------------------------------
### http://clamav.elektrapro.com/
['Clam Antivirus-clamd',
   \&ask_daemon, ["CONTSCAN {}\n", '/tmp/clamd'],
   qr/\bOK$/, qr/\bFOUND$/,
   qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
# NOTE: run clamd under the same user as amavisd,
# match the socket name in clamav.conf to the socket name in this entry



-- 
Matthew Carpenter
matt at eisgr.com                          http://www.eisgr.com/

Enterprise Information Systems
* Network Server Appliances
* Security Consulting, Incident Handling & Forensics
* Network Consulting, Integration & Support
* Web Integration and E-Business

More information about the Linux-users mailing list