This is OdeiaVir, a program that, well, hates viruses.
It is meant to be placed at the local delivery phase of the e-mail
message lifetime. It currently works reliably only with qmail, but
there is embrionary (as in pre-alpha, extremely-untested) Sendmail
support.
You call it from the user's .qmail file. This means you can virus-proof
ezmlm lists, too, with ease. Sendmail users will have to change the
Mlocal line in sendmail.cf.
You'll need an antivirus program. This version supports either
VirusScan, F-Prot, Panda, Sophos, InoculateIT, RAV, Kaspersky, or
F-Secure. More to follow.
As of version 0.3.0, OdeiaVir includes support for the GPL'ed virus
scanner ScannerDaemon. Please note this is a work in progress, and
its accuracy of virus detection is currently less than optimal,
particularly for Word macro viruses. No doubt this will change soon.
Stay tuned to http://www.openantivirus.org.
NOTES FOR UPGRADERS:
1) If you're upgrading OdeiaVir from any version before 0.5.0 to 0.5.0
or later, the newer version requires the sendmail executable in order
to send virus warnings. Qmail provides a sendmail-compatible executable.
All you have to do is create symbolic links in /usr/lib and /usr/sbin
(if this hasn't been done already). Check the Qmail documentation for
more information.
2) If you're upgrading OdeiaVir from any version before 0.4.0 to 0.4.0
or later, "make install" will insert antivirus definitions into an
existing /etc/odeiavir/config but won't create the full comments.
Please head to /etc/odeiavir/config.sample for spiritual enlightenment.
* Prerequisites
- One of the following:
- D. J. Bernstein's qmail 1.03
http://www.qmail.org/
- Sendmail 8.11+ (Preliminary support! Don't use in production servers!)
http://www.sendmail.org/
- Paul L. Daniels's ripMIME 1.2.7+
http://pldaniels.org/ripmime/
- Erik Troan's popt 1.3+
ftp://ftp.rpm.org/pub/rpm/dist/rpm-4.0.x/
- At least one of the following:
- McAfee Virus Scan for Linux v4.16.0+
http://www.mcafeeb2b.com/naicommon/download/default.asp
- Frisk's F-Prot for Linux v3.11+
http://www.f-prot.com/f-prot/download/
- Panda Antivirus for Linux 6.3+
http://www.pandasoftware.com/com/linux/linux.asp
- Sophos Anti-Virus for Unix 3.53+
http://www.sophos.com/downloads/products/unix.html
- Computer Associates' InoculateIT (inocucmd)
ftp://ftp.cai.com/pub/getbbs/linux.eng/
- GeCAD RAV AntiVirus Desktop for Linux v8.1.3+
http://www.rav.ro/pages/download.php
- Kaspersky Anti-Virus for Linux Workstations v3.5.13+
http://www.kaspersky.com/download.html
- F-Secure Anti-Virus for Linux
http://www1.buyonet.com/s/b?id=4.53.48&design=fsecure_design&page=av_index
(No download available)
- OpenAntiVirus.org's ScannerDaemon by Kurt Huwig
http://www.openantivirus.org
* Installation
Once prerequisites are installed & working, do the following:
1) Edit the Makefile and
1a) Make sure EXEC_RIPMIME points to the correct absolute path to the
ripMIME executable.
1b) Make sure EXEC_SENDMAIL points to the correct absolute path to the
Sendmail executable.
1c) If you want to install the OdeiaVir executable somewhere else than
/usr/bin, change the value of the LOCATION variable.
1d) If you want the config and data files to reside somewhere else than
/etc/odeiavir, change the value of the SYSCONFDIR variable.
2) Build and install OdeiaVir:
make
make install
3) Edit /etc/odeiavir/*.txt to your heart's content. (although you really
should be giving meaningful messages to your users. And changing the
headers is probably not a good idea, either). The templates provided
deliver a bilingual warning message -- Brazilian Portuguese and English.
Tip: keep the English version, and translate it to your local language
instead of Portuguese.
4) Optionally edit /etc/odeiavir/config. The install procedure always leaves
a fully commented sample in /etc/odeiavir/config.sample. There's plenty
of comment there explaining each option. Sendmail users should edit the
bin_mail_cmd option based on the current Mlocal line in sendmail.cf
BEFORE performing step 5b.
5) Prepare your mail server:
5a) (Qmail users) Insert the following line at the top of your users'
.qmail files (assuming you installed odeiavir in /usr/bin):
|/usr/bin/odeiavir [optional command-line switches]
5b) (Sendmail users) Locate the Mlocal line in sendmail.cf and make the
following changes:
1) "P=/bin/mail" (or whatever) becomes "P=/usr/bin/odeiavir",
and
2) "A=mail $u" (or whatever) becomes "A=odeiavir -sm $h $f $u".
Now comes the tricky part -- finding a virus to test the little critter.
Try forwarding some of the "X-Rated Snow White" messages you got.
;) Both
the sender (even if not on your local domain) and the recipient of the
message should receive a virus warning. The infected message is not
delivered.
* Command line switches
-ns
Don't warn sender
-nr
Don't warn recipient
-r user@domain
Force user@domain as recipient address (use if automatic detection
of recipient address fails)
-w user@domain
Send alternate warning message to user@domain (good to warn the
sysadmin)
-f user[@domain]
Apparent origin address of virus warning messages. If @domain is
omitted, local domain is used.
-av N
Use only this antivirus, even if others are installed.
Currently N may be:
0 - McAfee VirusScan (uvscan)
1 - F-Prot
2 - Panda (pavcl)
3 - Sophos (sweep)
4 - InoculateIT (inocucmd)
5 - RAV (ravav)
6 - Kaspersky (kavscanner)
7 - F-Secure (fsav)
-l
Lists the installed command-line scanners to standard output and
exit. Good to detect unexpected fudging with the begin_av/end_av
sections in /etc/odeiavir/config.
-sm host sender user
Sendmail support. This switch must only be used in the A= parameter
of the Mlocal line of sendmail.cf.
* Home Page and Latest Version
http://virus.isverybad.org/
* Suggestion, Bug Reports, Complaints, Praises, Bomb Threats etc.
Juan Carlos Castro y Castro <jcastro@vialink.com.br>
* Acknowledgements
Thanks to Joeri Belis <joeri.belis@nollekens.be> for the good ideas.
Thanks to Mihai Eduard Sandu <mihai.sandu@kpnqwest.com> for bugfixes
and
RAV support.
Thanks to Carl Hogue <carl@capaho.com> for the insert_odeiavir.cgi script.
Thanks to Jarmo Järvenpää <Jarmo.Jarvenpaa@softers.net> for F-Secure support.
* Terms of Use
See file "COPYING". I brake for Gnus.