WOOT! - Virus Scanning

After much blood, tears, and extreme frustration, I have created a sweet little virus scanning package for the mail servers. Took only four days of pretty constant work, reading page after man page. My own little (simple) custom program written in C. This avoids the load that perl or shell scripts place on the machine. It integrates quickly with clamav and qmail.

The program simply uses clamdscan to check to see if a message is a virus... If it is, it silently drops it - Noone wants to know you sent a message to them or they missed out on receiving one of those gems - and 99% of the time, its spoofed anyway, causing panic and confusion to the masses of the mail world.

It seems pretty foolproof, load on the server wasn't harmed, and I've tried to break it in many ways, without success (which is good that I couldn't break it...).

Also, we've reenable the RBL after last week's debacle. We're hoping to have our own inhouse DNSBL server soon to avoid sending 2 million queries away.

[somereseller]

do you have more details on the type of files that are blocked and the ones that are scanned?

Its scans all messages. If there is a virus, its dropped. Pretty simple?

[somereseller]

I should have said attachements instead of message...


goes inside zip, rar, ace, hqx,etc?
scans pif, exe, swf, etc?

[jmbeach]

Matt, let me guess...

on the weekends you like to build racing engines with duct tape and a grease pen, don't you?

"simply uses clamdscan..." - what a showoff

Nice work!

[Brangwyn]

Great stuff Matt, give yourself a big pat on the back ! ... Brad, give that boy a raise will ya !

It will scan all attachments that are valid, and go a layer deep into a zip ... so maybe a zip in zip if there is one. won't scan overly large messages (>1M) until we see viruses that big (I hope not!)