[Dovecot] Just in time AV scanning

Ed W lists at wildgooses.com
Fri Mar 16 17:30:42 EET 2012


On 15/03/2012 10:33, Timo Sirainen wrote:
> On Wed, 2012-03-14 at 16:51 -0700, Kelsey Cummings wrote:
>> I'm curious if anyone has any plugins for AV integration directly into
>> dovecot.
>>
>> Our old pop servers have been scanning messges as they're moved from
>> new->cur in the inbox and,  at least where user's aren't poping every
>> few seconds, there is occasionally enough time between scanning through
>> the MXs to message retreval to snag a few more virues with updated
>> definitions before they reach customers.
>>
>> Anyone doing anything similar?
> http://dovecot.org/patches/2.1/mail-filter.tar.gz allows you to run a
> script that modifies a mail while it's being read. You could make it run
> a virus check, and if that happens you could change the virus MIME part
> to be full of spaces (better not to change message size, line count or
> MIME structure).
>
>

Couple of other ideas:

1) Could use one of the (buggy and variously unsupported) on access 
virus scanners.  I think Dazuko is now abandoned, but this is a new one 
mentioned via the Clamav site:
     http://www.fsl.cs.sunysb.edu/docs/avfs-security04/index.html

2) Extremely racey, but if you were on maildir you could use some kind 
of pre-login scripting to kick off a scan on login.  Touch some lock 
file so that you can tell when last scanned and only scan if the 
definitions have been updated since you last scanned?

3) There are some POP proxies which offer inline virus scanning.  Could 
place one in front of your mail server.  Presumably this will expose you 
to all the bugs in that proxy...


Good luck

Ed W



More information about the dovecot mailing list