Email Virus Scanners and/or Spam Filters to run on the Mail ServeralterMIME
Alter mime-encoded emailpacks, e.g. add disclaimers, empty attachments, etc. (Also see ripMIME.)
Annoyance Filter: Adaptive Junk Mail Filter
annoyance-filter uses Bayesian statistics to determine the probability an E-mail message is junk based on an analysis of its contents compared to collections of known junk and legitimate E-mail. Can create gnuplot plots of histogram of words, binned by their probability of appearance in junk mail.
Active Spam Killer (ASK)
When a new message arrives and the sender is unknown, ASK sends a "confirmation message" back, informing the sender that the original message has been queued, pending confirmation. When the sender confirms (a simple reply), ASK delivers the original message and adds the sender to a "whitelist". Further messages from this sender will be immediately delivered. It is also possible to ignore messages based on specific criteria, like sender's email, subject and so on.
The procmail-based junkfilter filters spam, MLM schemes, and other types of unsolicited commercial e-mail (UCE).
Kaspersky Anti-Virus for FreeBSD.
It includes an Auto-update system and a daemon with hooks for custom anti-virus programming. Kaspersky can scan mail and filesystems for virii. It looks in side of compressed .EXE and other files. It has plugins for Qmail, Exim, Sendmail, and Postfix.
Amavis isn't a virus scanner itself but a middle man between exim and one or more virus scanners (such as McAfee's uvscan).
H+BEDV AntiVir for Linux
Detection and removal of viruses, scanning and repair of macro viruses, Heuristic detection of macro viruses, Real-time scanning (in development), scheduler for automatic activation, determination of action in case of virus detection, Intranet-Update Wizard for easy updating, Command to be executed before and after a scan, Command in case of virus detection/no virus detection, Data integrity check, Transmission of virus warnings by e-mail and pager, and Bootable CD-ROM. (Some features done with the aid of shell scripts.)
And AntiVir MailGate Linux/FreeBSD/OpenBSD: compatible with numerous common Mail Transport Agents for checking incoming and outgoing emails. Temporarily stores emails which are decoded and scanned.
an extensive db of spamtraps. It includes support for Sendmail's "milter" hooks. Fee service is based on total number of mailboxes activated on your system.
Enterprise Edition for Linux scans over 70 different file types. Can remove virus without damaging original file. Can scan filesystems and archived/compressed data. Uses Holocheck technology (signature files and behaviour monitoring).
Confirmed Mail Deliveryi (CMD)
Procmail/qmail based. Maintain a whitelist of addresses that have had legitimate correspondence through an mail server. If the address is not in the whitelist, the message is filed, and a request sent back to the sender asking for a reply confirmation; if the sender replies, then the original message is delivered, and the sender's address added to the whitelist.
Virus detection and disinfection system (for sendmail). Uses the Command AntiVirus Technology with F-Prot Professional engine; can auto-update for new virus signatures. Has browser-based configuration interface.
The Distributed Checksum Clearinghouse or DCC is a cooperative, distributed system intended to detect "bulk" mail or mail sent to many people. It allows individuals receiving a single mail message to determine that many other people have been sent essentially identical copies of the message and so reject the message. It can identify some unsolicited bulk mail using "spam traps" and other detectors, but that is not its focus.
... works together with the Exim MTA designed to be very easy to implement. Exiscan supports multithreaded unpacking and scanning of mail, with a configurable number of processes. Exiscan has generic support for available command line virus scanners. Exiscan can scan inside of MS-TNEF and SMIME (signed) wrapped messages.
filescan with postfix and amavisd
Local and outbound (bidirectional) email scanner; virus scans, text content; can unpack emails; scan for arbitary file names and types. For sendmail. (See Xamime below for commercial version.)
Trend Micro scan engines (commercial?) http://www.antivirus.com/download/engines/
Uses Exim Filter to do: Automatic blacklist addresses, Open Relay Blacklist, Host Blacklisting, Domain Blacklist, One Use Addressing, Time-limited email addresses, and Scoring Messages.
Procmail Email Sanitizer
Processes email messages looking for particular information in the headers or body of each message to help prevent attacks on your computer's security.
Provide signatures/fingerprints of common, annoying emails/files (such as viruses, chain letters, and hoaxes). Includes database and signatureID program which scans your files.
Using its rule base, this perl module uses a wide range of heuristic tests on mail headers and body text to identify "spam". It can looks for what appears to be an IP in the Received: headers and then checks the RBL. It can score depending on which RBL the relay was listed in.
Procmail rules for scoring a message based on contents. It scores for common spam signatures, known spammers, etc. This uses the procmailsc(5) -- procmail weighted scoring technique.
Vipul's Razor is a distributed, collaborative, spam detection and filtering network.
Linuxworld: How to reduce spam for your users & everyone else
MIMEDefang is written in perl and uses milter in Sendmail 8.11 (or newer) to split multi-part MIME messages into their components and potentially deletes or modifies the various parts. It then reassembles the parts back into an e-mail message and sends it on its way. For example, you can delete all *.exe and *.com files, convert all Word documents to HTML, and allow other attachments through.
Can scan for spam and for known viruses; can refuse attachments whose filenames match any given pattern; can use generic patterns that trap filenames attempting to hide the true filename extension (e.g. ".txt.vbs"). Attachments containing viruses that can be disinfected (e.g. word processor macro viruses) are automatically disinfected and sent on to their original destination. (This software uses outside virus scanner, like Sophos.)
A program which helps you perform lookups in RBL-style services, such as the MAPS RBL, DUL, or RSS listings, or the ORDB list. Can be used the command-line for quick lookups, or from a mail-delivery program (such as procmail or maildrop).
Ray's Mail Filter
The filter examines messages being processed by Sendmail, and accepts or rejects them on the basis of their header contents. In addition to the main message headers, the filter examines the MIME part headers within a multipart message. It can therefore be used to reject messages containing attachments with particular filenames or filename extensions.
Antivirus -- a Sendmail milter
The milter runs "munpack" on the file to extract any attachments. Uses "uvscan" to scan files. Can quarantine files. Can reject messages with "double extentions".
SpamBouncer: a Procmail-Based Spam Filter
A set of procmail recipes which search headers and mail body for virus signatures, IP of known spammer, advertises a spam address, sent by bulk mailer software, or other identifiers. Can tag, delete, and/or .notify sender.
Vortex Technology E-Mail block lists and policy
http://www.vortex.com/blocklist-s.txt (sendmail "access" format)
http://www.vortex.com/blocklist.txt (tcpd format)
Provides a very long list of hosts, domains, and/or networks to block. The lists are composed entirely of DNS-based names and IP numbers derived from local TCP/IP SMTP verified connect data. These files may be updated daily; it currently has 8005 listings!
Virus Snaggers ("vsnag")
Modular script plug-in for procmail with simple configuration and custom logging. Uses regular expressions to focus in combatting common viruses and worms or suspect email file attachments. (Code is free to use but code is not open source.)
a method of applying your rules and policies of what can and cannot flow through your networks to your email system. protects from viruses, malicious programs and annoying spam. reduces network line requirements through preventing unwanted data flowing over it; optionally compressing valid emails before sending them and still further reducing your network line requirements; offers WWW-based administration interface. (This is commercial; see Inflex scanner for free version.)
YAVR: Yet Another antiVirus Recipe
Procmail filter to help filter out common email worms, such as base64 signatures (Klez, Hybris, Bugbear), iframe html, CLSID, xml codebase, and other generic detection. Also filters spams like Nigeria scams.
Wed Jul 27 09:16:54 PDT 2005