On 15/03/2012 10:33, Timo Sirainen wrote:
I'm curious if anyone has any plugins for AV integration directly into dovecot.
Our old pop servers have been scanning messges as they're moved from new->cur in the inbox and, at least where user's aren't poping every few seconds, there is occasionally enough time between scanning through the MXs to message retreval to snag a few more virues with updated definitions before they reach customers.
Anyone doing anything similar? http://dovecot.org/patches/2.1/mail-filter.tar.gz allows you to run a
On Wed, 2012-03-14 at 16:51 -0700, Kelsey Cummings wrote: script that modifies a mail while it's being read. You could make it run a virus check, and if that happens you could change the virus MIME part to be full of spaces (better not to change message size, line count or MIME structure).
Couple of other ideas:
Could use one of the (buggy and variously unsupported) on access virus scanners. I think Dazuko is now abandoned, but this is a new one mentioned via the Clamav site: http://www.fsl.cs.sunysb.edu/docs/avfs-security04/index.html
Extremely racey, but if you were on maildir you could use some kind of pre-login scripting to kick off a scan on login. Touch some lock file so that you can tell when last scanned and only scan if the definitions have been updated since you last scanned?
There are some POP proxies which offer inline virus scanning. Could place one in front of your mail server. Presumably this will expose you to all the bugs in that proxy...
Good luck
Ed W