News for wibblers. Stuff that really doesn't matter. |
|
News for wibblers. Stuff that really doesn't matter. |
|
Save the teapot fund
New CSS web design for Wibble proudly provided by Kelv. Please contact the webmaster with any questions or concerns. |
Wibble > List archives > postfix > 2004 > October [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Unofficial Postfix+ClamAV patch.
Hi All,There are various AV solutions for Postfix (notably amavisd-new etc). However if anyone wants a simple patch to the source to reject messages at SMTP delivery time I have created a patch with is not elegant nor highly efficient, but it works and having tested this for some time on Postfix 2.0 and now created a new patch for 2.1.5 I figured I would share. Patch is available at: http://www.isux.com/projects/ (under antivirus .. now there's a surprise! ;-)) Note: the patch is not for high volume sites - I have had it crash the server (out of resources RAM+CPU) at around 20-25 messages per second load on a Dual PIII 550 with Single SCSI UW drive and 512M RAM running Linux 2.4 - this fell over after the primary MX which is running Linux 2.4 on a 1GHz Celeron based clone with 640M RAM fell over (it only handled 12-15 messages per second before it died) - note[2] the performance was found in the real world with when suffering a 'Joe Job' - a couple of well placed DISCARD filters cleared over 100k messages in 1 hour whilst sustaining 20 messages per second incoming on both servers. Example of what is seen in the SMTP transaction: dSLGAxU4NXxQUVoSCXVYloUSwHQFVE0TRhUjNBEUdRkPagHnMEgSAvTQkDEwwhAAtDgwQDKQ CXQkEENVJ2yXzo5pz20KYQifdo9lIO9F727vY+9y73nscCtl/GTPJlftbyObTEQN1i/lFhTN MGJKnwpT2WtZTrMnXC7zQ/NadjOoMXAq/8OFPDVkpy64Uw7KRoGfZ5loFXP5QlSRDoRrGQN. 550 Error: Rejected - VIRUS detected quit 221 Bye Connection closed by foreign host. Example of what is seen in your log files:Oct 4 22:40:07 oblivion postfix/smtpd[29104]: connect from localhost[127.0.0.1] Oct 4 22:40:14 oblivion postfix/smtpd[29104]: 98E25DEA35: client=localhost[127.0.0.1] Oct 4 22:43:43 oblivion postfix/cleanup[29107]: 98E25DEA35: message-id=<20040914145606.C21F71068F@xxxxxxxxxxxxx> Oct 4 22:43:46 oblivion postfix/cleanup[29107]: 98E25DEA35: Scanning for viruses. Oct 4 22:43:46 oblivion postfix/cleanup[29107]: 98E25DEA35: Virus found [Worm.SomeFool.P]. Oct 4 22:43:54 oblivion postfix/smtpd[29104]: disconnect from localhost[127.0.0.1] I have not documented the patch process, if you cannot work out how to do/use it you probably shouldn't be considering it. It makes virus admin relatively simple in that you just need to add the following line to your crontab to keep virus definitions upto date: 17 * * * * /usr/local/bin/freshclam --quietPlease no flames, if you want help or support on it I have very little time, and this mailing list is probably not the place for it as it is far from an official patch ;-).... Mail me directly if you want to report a bug, or write some docs. Yours Mat
|
