packets scan
Brad Chapman
kakadu@earthlink.net
Mon, 30 Jul 2001 13:06:25 -0400
Mr. Stone,
Don't. The virus scanner just acts as a proxy. It gets queued e-mail
message from connection, then scans it and reinjects it. The good thing
is that this is all in userspace, so you can load up the RAM and swap
the daemon out if necessary ;-). The rules to do it are below:
iptables -t mangle -A PREROUTING -p tcp --sport 110 -j QUEUE
iptables -t mangle -A POSTROUTING -p tcp --dport 110 -j QUEUE
To do this, Mr. Florent would need my mangle5hooks patch from the
archives, since Mr. Harald is still really busy and hasn't sorted
out the priority issue ;-)
Brad
Antony Stone wrote:
> On 30 Jul 01 at 9:09, Brad Chapman wrote:
>
>>> Florent wrote:
>>
>>> Hi all,
>>
>>> Is there a way to process the user data contained in the packets with a
>>> virusscanner for example? What I just have realised is that some of the
>>> users pop to external mails servers and, by that way, some virus can break
>>> down into the local network.
>>
>> Mr. Florent,
>>
>> Use the QUEUE target to queue POP connections to userspace, then
>> hack a virus scanner to call libipq, then set it up to run as a daemon;
>> otherwise, the QUEUE target will drop packets on the floor and your users
>> will not be particularly pleased ;-)
>>
>> Brad
>
>
> That sounds okay for getting the packets TO the virus scanner, but how do you
> then send the ones which pass the anto-virus check back to the original
> requesting client, still with the correct source IP address of the POP3
> server ?
>
>
> Antony.
>
>
>