Welcome at lindeman.org

XMail Filters

AntiVirus Filter 1.9

I have created a filter script which integrates anti-virus protection into XMail. It is based on a filter created by Lukas Frey.
You can find the original filter here : http://www.web4free.ch/xmail/

What you need :

  1. XMail server (http://www.xmailserver.org)
  2. McAfee AntiVirus for Linux (http://www.nai.com)
  3. F-Prot for Linux (http://www.f-prot.com/)
  4. AntiVir for Linux (http://www.antivir.de)
  5. ClamAV for Linux (http://clamav.elektrapro.com)

    Note : You don't need all four AV engines but you need at least one     ;-)

  6. Perl 5.8.0
  7. Mail-Sendmail perl unit, used to send the email (#perl -MCPAN -e 'install Mail::Sendmail')
  8. Digest-Md5 perl unit, used to calculate a md5 hash (#perl -MCPAN -e 'install Digest::MD5')
    (the version included in Perl 5.8.0 can be used as well)
  9. FindBin unit (included with Perl 5.8.0)
  10. Switch unit (found here : http://search.cpan.org/CPAN/authors/id/D/DC/DCONWAY/Switch-2.09.tar.gz)
  11. Reformime (http://courier.sourceforge.net/). The reformime binary file is also included in my tar file.

The script needs at least McAfee, F-Prot, AntiVir or ClamAV to work.

Furthermore you need "reformime" which I included in this tar file.
You can get it from the Courier package and build it yourself. (http://courier.sourceforge.net/)

A message can be sent to the postmaster to notify her/him of an error. To prevent a bounce loop the script checks a semaphore file.
If the last time it ran is less then an hour ago, no message will be sent.

Installation :

  1. You need to have root permissions. Un-tar the archive in the directory of your choice.
  2. Filter install for XMail <= XMail 1.12 
    1. Copy the .tab, checkvirus.pl, reformime files to the $MailRoot/filter directory.
      Make sure checkvirus.pl and reformime have the x bit set.
    2. If you have modified your perl installation, make sure the first line of the checkvirus.pl script points to the correct perl directory.
    3. Edit the path in the .tab file if needed.

  3. Filter install for XMail >= XMail 1.14 
    1. Copy av-filter.tab, checkvirus.*, mailto_*, reformime, and scanner_error.txt files into the $MailRoot/filters directory. Make sure checkvirus.pl and reformime have the x bit set.
    2. Copy the files filters.in.tab and filters.out.tab in your $MailRoot directory.
      If you allready have something in these files then just add this line to both of them:
      "*"[tab]"*"[tab]"0.0.0.0/0"[tab]"0.0.0.0/0"[tab]"av-filter.tab"[newline]

      Note: [tab] is the real TAB character and [newline] is real RETURN !!

    3. Edit the path in the av-filter.tab file if needed.
      The av-filter.tab has the following layout:

      "/var/MailRoot/filters/checkvirus.pl"[tab]"@@FILE"[tab]"@@FROM"[tab]"@@RCPT"[tab]"@@MSGID"[newline]

    4. Edit checkvirus.cfg according to your preferences and needs.
      If you use XMail version 1.16 or higher select "our $xmail_version = 116;". Otherwise choose "our $xmail_version = 115;"
    5. You can edit the txt files which will be used (if configured so in the checkvirus.cfg) to send to sender, recipient and postmaster.
    6. If you have modified your perl installation, make sure the first line of the checkvirus.pl script points to the correct perl directory.
    7. If you are not running any other filters you can copy the filters.in.tab and filters.out.tab over the existing files in the /yourpath/MailRoot directory. Otherwise, just copy the line containing the filter parameters into your existing files. It's a good idea to put the anti-virus filter parameters ahead of any spam filter parameters.
  4. Save your changes and it should be working. No need to restart XMail. ;-)
  5. Send a test virus file to see if the filter is working. You can get test virus file at http://www.eicar.org

  6. In case of problems, run Xmail in debug mode: #/$MailRoot/bin/XMail --debug -Md
    This way you can see if the filter is firing up or not. (Debug info about running filters was introduced in XMail 1.17 !!)
You can download the script here

If you like the filter let me know by sending me an email. It is nice to know who is using it :-) 

If you've got questions or problems installing the filter you can reach me at peter@lindeman.nl