[Dovecot] Virusscanning

Steffen Kaiser skdovecot at smail.inf.fh-brs.de
Tue Apr 13 14:45:22 EEST 2010


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tue, 13 Apr 2010, Andreas Schulze wrote:

>> So, you want  postfix to accept the virus, send it to dovecot's deliver
>> which then calls a virus scanner and finds it infected and deletes it,
>> that makes absolutely no sense
> ACK.
>
> but imagine:
>
> MTA delivers a mail where the virusscanner finds nothing. Mail gets delivered.
> Some time later there is a scannerupdate. Now the scanner would find a malicious content.
>
> So I may instantly scan the complete mailstore each time a new pattern arrives
> or scan only each accessed mail with the latest pattern. This seems smarter to me.
>
> For this scenario I would like to see a concept for datainspection/datamodification in dovecot.

> What about when dovecot would act as a milter client?
> Sounds strange but the problems are the same, why not use existing solutions ?

The problems are the same, but a milter has the duty to filter incoming 
mail. It's not a general mail-(content)-only filter.

You want a IMAP/POP3 mail inspector, well, that's fine. There are 
in-between firewall inspecting the contents of the routed connections. 
They understand POP3 and IMAP, as long as it is not encrypted. Some can 
act as proxy themselves, decrypt the connection. They work transparently.

To solve the problem in Dovecot one need to create an "iilter" (IMAP 
filter), aka Dovecot plugin. Which hands over the contents to the virus 
scanner and replaces the malicous part with a dummy value. However, 
because of caching in IMAP clients doing so may not work as expected.

That plugin could be derived from the zlib plugin, as it also has the duty 
to inspect the data on its flow from the disk to client and around. This 
won't work in Dovecot proxy mode, however, I guess.

Regards,

- -- 
Steffen Kaiser
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iQEVAwUBS8RZVr+Vh58GPL/cAQKOYQf+Ke46qAcH2ro7y9txCg2HhNgKZgtTA0BI
9+09ipuzkz4Pmqhz7rQtFmnl3LVs9aWfdJH3TIBipXi4wOkchiiw1Wb3iVPhSCyJ
vdsAloCA2MhBqGKgdLx+uTQ39OIT66ysk2iRqVJHJblkyn3bpUyLtWf1XKokyjCe
0BZkbObg7eYmDQGS8RctS+QFoVslmlggr2qPHKxmBrKbUGAvK2NzI5jGEDntBWLl
NuSTZRoV4szBZlISCczw0yDq+B/KVGLtAikC7PQAt6Osu/Lx7iz6mQrcsd8e8tIF
d7BxYJwuzau3E6yCNdEXN3UKSRcACNVgADln3K4lpJZYf8yxWVJTFw==
=MVDW
-----END PGP SIGNATURE-----


More information about the dovecot mailing list