[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Fw: VIRUS IN YOUR MAIL (W32/BugBear.A (Clam))

On Thu, 17 Oct 2002 10:32, Brian May wrote:
> On Thu, Oct 17, 2002 at 10:25:52AM +0200, Russell Coker wrote:
> > Ideally we would be able to detect the virus as it comes in and give a
> > 5xx SMTP code.
> Yes, that would be the best solution.
> exim is the only MTA I know of where I have heard this is possible
> though.

The best solution would be to have a transperant proxy in front of the mail 
server that does this.

The proxy could pass the data through until a SMTP "DATA" command is sent (so 
if the envelope sender or recipient addresses or of the sending host name or 
RBL isn't right then the mail server can drop it).  Then it would pause the 
data stream until it had received it all and scanned it (sending code 5xx for 
a virus and passing it on otherwise).

Is Linux transperant proxying up to this?  Can you intercept a data stream 
while preserving both the source and destination addresses?

I've CC'd this to debian-isp for some more input.

http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page

Reply to: