This is OdeiaVir, a program that, well, hates viruses.
It is meant to be placed at the local delivery phase of the e-mail
message lifetime. It currently works only with qmail. (coz I know
squat about sendmail, exim etc.) You call it from the user's .qmail
file. This means you can virus-proof ezmlm lists, too, with ease.
You'll need an antivirus program. This version supports either
VirusScan, F-Prot, Panda, Sophos, InoculateIT, RAV, Kaspersky, or
F-Secure. More to follow.
As of version 0.3.0, OdeiaVir includes support for the GPL'ed virus
scanner ScannerDaemon. Please note this is a work in progress, and
its accuracy of virus detection is currently less than optimal,
particularly for Word macro viruses. No doubt this will change soon.
Stay tuned to http://www.openantivirus.org.
NOTE FOR UPGRADERS: If you're upgrading OdeiaVir from any version before
0.4.0 to 0.4.0 or later, "make install" will insert antivirus definitions
into an existing /etc/odeiavir/config but won't create the full comments.
Please head to /etc/odeiavir/config.sample for spiritual enlightenment.
* Prerequisites
- D. J. Bernstein's qmail 1.03
http://www.qmail.org/
- Paul L. Daniels's ripMIME 1.2.7+
http://pldaniels.org/ripmime/
- At least one of the following:
- McAfee Virus Scan for Linux v4.16.0+
http://www.mcafeeb2b.com/naicommon/download/default.asp
- Frisk's F-Prot for Linux v3.11+
http://www.f-prot.com/f-prot/download/
- Panda Antivirus for Linux 6.3+
http://www.pandasoftware.com/com/linux/linux.asp
- Sophos Anti-Virus for Unix 3.53+
http://www.sophos.com/downloads/products/unix.html
- Computer Associates' InoculateIT (inocucmd)
ftp://ftp.cai.com/pub/getbbs/linux.eng/
- GeCAD RAV AntiVirus Desktop for Linux v8.1.3+
http://www.rav.ro/pages/download.php
- Kaspersky Anti-Virus for Linux Workstations v3.5.13+
http://www.kaspersky.com/download.html
- F-Secure Anti-Virus for Linux
http://www1.buyonet.com/s/b?id=4.53.48&design=fsecure_design&page=av_index
(No download available)
- OpenAntiVirus.org's ScannerDaemon by Kurt Huwig
http://www.openantivirus.org
* Installation
Once prerequisites are installed & working, do the following:
1) Edit odeiavir.h for the correct paths of ripMIME and qmail-inject.
2) If you want to install the odeiavir executable somewhere else than
/usr/bin, edit the Makefile and change the value of the LOCATION variable.
If you want the data files to reside somewhere else than /etc/odeiavir,
change the SYSCONFDIR variable in the Makefile.
3) Build and install OdeiaVir:
make
make install
4) Edit /etc/odeiavir/*.txt to your heart's content. (although you really
should be giving meaningful messages to your users. And changing the
headers is probably not a good idea, either). The templates provided
deliver a bilingual warning message -- Brazilian Portuguese and English.
Tip: keep the English version, and translate it to your local language
instead of Portuguese.
5) Optionally edit /etc/odeiavir/config. The install procedure always leaves
a fully commented sample in /etc/odeiavir/config.sample. There's plenty
of comment there explaining each option.
6) Insert the following line at the top of your users' .qmail files
(assuming you installed odeiavir in /usr/bin):
|/usr/bin/odeiavir [optional command-line switches]
Now comes the tricky part -- finding a virus to test the little critter.
Try forwarding some of the "X-Rated Snow White" messages you got.
;) Both
the sender (even if not on your local domain) and the recipient of the
message should receive a virus warning. The infected message is not
delivered.
* Command line switches
-ns Don't warn sender
-nr Don't warn recipient
-r user@domain Force user@domain as recipient address (use if
automatic detection of recipient address fails)
-w user@domain Send alternate warning message to user@domain (good
to warn the sysadmin)
-f user[@domain] Apparent origin address of virus warning messages.
If @domain is omitted, local domain is used.
-av N Use only this antivirus, even if others are installed.
Currently N may be:
0 - McAfee VirusScan (uvscan)
1 - F-Prot
2 - Panda (pavcl)
3 - Sophos (sweep)
4 - InoculateIT (inocucmd)
5 - RAV (ravav)
6 - Kaspersky (kavscanner)
7 - F-Secure (fsav)
-l Lists the installed command-line scanners to standard
output and exit. Good to detect unexpected fudging with
the begin_av/end_av sections in /etc/odeiavir/config.
* Home Page and Latest Version
http://virus.isverybad.org/
* Suggestion, Bug Reports, Complaints, Praises, Bomb Threats etc.
Juan Carlos Castro y Castro <jcastro@vialink.com.br>
* Acknowledgements
Thanks to Joeri Belis <joeri.belis@nollekens.be> for the good ideas.
Thanks to Mihai Eduard Sandu <mihai.sandu@kpnqwest.com> for bugfixes
and
RAV support.
Thanks to Carl Hogue <carl@capaho.com> for the insert_odeiavir.cgi script.
Thanks to Jarmo Järvenpää <Jarmo.Jarvenpaa@softers.net> for F-Secure support.
* Terms of Use
See file "COPYING". I brake for Gnus.