[PLUG] stopping outgoing virus mail
AthlonRob
athlonrob at axpr.net
Mon Mar 17 13:50:02 UTC 2003
On Mon, 2003-03-17 at 12:13, Carla Schroder wrote:
> I'm trying to figure out a way to block outgoing email generated by a virus.
> The idea is to stop it before it gets out into the world, and log the
> activity for when the admin arrives to work refreshed and alert after an
> unbroken night's sleep.
>
> I don't even know if it's possible, anyone have any brilliant ideas? The usual
> virus-scanners check both incoming and outgoing mail, I'm looking for a way
> to do it with iptables rules or procmail something similar. Don't even let it
> past the firewall. Seems like there ought to be something to base a generic
> ruleset on.
You can't well block outgoing viruses with iptables unless you write
some code to capture and reconstruct smtp packets, then scan the
reconstructed mail for viruses...
I thought procmail was for local mail delivery?
Use AMaViS. I'm pretty sure you can specify you don't want it scanning
incoming email (but why not?). If you're working for a nonprofit
organization, you can use it in conjunction with F-Prot for free.
Otherwise, you might need to buy some AV software.
Whenever a virus-ridden email comes through my server, incoming or
outgoing, everybody involved is notified. The sender is emailed saying
they sent a virus, the recipient is notified saying somebody tried to
send them a virus (and as a result, the email wasn't delivered), and the
postmaster is notified, saying somebody tried to send a virus through my
system.
Rob
More information about the PLUG
mailing list