[ILUG] Anti-virus filters and sendmail

[Donncha O Caoimh]

I use a procmail recipe from
ftp://ftp.rubyriver.com/pub/jhardin/antispam/procmail-security.html
to scan through all incoming traffic. I had some trouble setting it up
(perl complained about suid programs but once I let procmail run as the
user the mail is for (ie. not very privileged) it dumps a log into
everyones' dir which I scrub every morning. As well as that, if any
malicious known email virii (happy99 etc) travel through the system they
get dumped into a file and the admin is informed.
Any html/exe files sent are also renamed so the recipient has to
manually rename them so the file can be executed (a.exe becomes
a.DEFANGED-exe). 

Donncha.


> 
> Could I direct all incoming messages to a custom mailer that would
> do the scan and submit the message back to sendmail (perhaps
> using a different .cf file) and send it on it's merry way.  I'm afraid that
> this might lose envelope information.
> 
> Has anyone here done anything like this?