antivirus with ipchains

[Andreas Jellinghaus]

[antivirus]
install one machine als MTA with anti virus protection.
in the firewall you can either block all smtp conenctions not comming
from or going to your anti virus mailserver, or you can simply redirect
all smtp connections that are not from your anti virus mailserver to
this anti virus mailserver.

the anti virus mailserver could run on the firewall.
it doesn't need to store mail, handly users, whatever,
but it will need to accept mail, scan for viruses,
determine the where to forward the mail to, and forward
it to that machine. and spool the mail, if the target
machine is not available.

therefore the machine should have large enough discs,
so you can spool the mail, and of course it should have
raid (mirroring or raid-5), because mail should never get
lost.

because you will not be able to send or receive mail
without this machine, you might want to have a second
machine with a similiar configuration as hot standby.

of course you will need to monitor these machines,
and make sure they run, and their harddiscs have enought free space.

and most important: you need to make sure, the anti virus software
works as expected, has no security holes, find the virus,
will not allow the virus to pass, and is always up-to-date.

some firewall rule to redirect every smtp connection
(outgoing AND incoming) with src !=anti-virus-smtp-ip
to anti-virus-smtp-ip port smtp should help you.
as you see, it's the smallest part of the whole operation.

regards, andreas