Email Virus Scanners and/or Spam Filters to run on the Mail Server
alterMIMEhttp://www.pldaniels.com/altermime/
Alter mime-encoded emailpacks, e.g. add disclaimers, empty attachments, etc. (Also see ripMIME.)
Annoyance Filter: Adaptive Junk Mail Filter
http://www.fourmilab.ch/annoyance-filter/
annoyance-filter uses Bayesian statistics to determine the probability an
E-mail message is junk based on an analysis of its contents compared to
collections of known junk and legitimate E-mail.
Can create gnuplot plots of
histogram of words, binned by their probability of appearance in
junk mail.
Active Spam Killer (ASK)
http://a-s-k.sourceforge.net/
When a new message arrives and the sender is unknown, ASK sends a "confirmation
message" back, informing the sender that the
original message has been queued, pending
confirmation. When the sender confirms (a simple
reply), ASK delivers the original message and adds
the sender to a "whitelist". Further messages from
this sender will be immediately delivered. It is
also possible to ignore messages based on specific
criteria, like sender's email, subject and so on.
AVAcl -- AntiVirus-AccessControlList
http://www.pldaniels.com/avacl/
Fine-tuned control of email scanners like AMaVis and Inflex, such as
per-user or per-domain.
DrWeb antivirus suite
http://www.sald.com/
also: http://www.drweb.ru/
(FreeBSD port available.)
Ebola
http://www.pldaniels.com/ebola/
Antivirus engine daemon bridge. (Please email me a better description.)
junkfilter
The procmail-based junkfilter filters spam, MLM schemes, and
other types of unsolicited commercial e-mail (UCE).
Kaspersky Anti-Virus for FreeBSD with the Qmail Plug-in (Review)
Kaspersky Anti-Virus for FreeBSD.
It includes an Auto-update system and a daemon with hooks for custom
anti-virus programming.
Kaspersky can scan mail and filesystems for viruses. It looks in side
of compressed .EXE and other files. It has plugins for Qmail, Exim,
Sendmail, and Postfix.
Amavis
Amavis isn't a virus scanner
itself but a middle man between exim and one or more virus
scanners (such as McAfee's uvscan).
H+BEDV AntiVir for Linux
http://www.hbedv.com/produkte/server/server.htm,
http://www.antivir.de/
Detection and removal of viruses, scanning and repair of macro viruses,
Heuristic detection of macro viruses, Real-time scanning (in development),
scheduler for
automatic activation, determination of
action in case of virus detection,
Intranet-Update Wizard for easy updating,
Command to be executed before and after a scan,
Command in case of virus detection/no virus detection,
Data integrity check, Transmission of virus warnings by e-mail and pager,
and Bootable CD-ROM. (Some features done with the aid of shell scripts.)
And AntiVir MailGate Linux/FreeBSD/OpenBSD: compatible with numerous common Mail Transport Agents for checking incoming and outgoing emails. Temporarily stores emails which are decoded and scanned.
And AntiVir Milter for Sendmail
Brightmail
an extensive db of spamtraps. It includes support for Sendmail's "milter"
hooks. Fee service is based on total number of mailboxes activated on
your system.
Command AntiVirus
http://www.command.co.uk/
Enterprise Edition for Linux scans over 70 different file types.
Can remove virus without damaging original file.
Can scan filesystems and archived/compressed data.
Uses Holocheck technology (signature files and behaviour monitoring).
Confirmed Mail Deliveryi (CMD)
http://www.johncon.com/john/Cmd/
Procmail/qmail based.
Maintain a whitelist of addresses that have had
legitimate correspondence through an mail server.
If the address is not in the whitelist, the message is
filed, and a request sent back to the sender asking for a reply
confirmation; if the
sender replies, then the original message is delivered,
and the sender's address added to the whitelist.
CxProtect
http://www.calibretechnologies.com/cxprotect.html
Virus detection and disinfection system (for sendmail).
Uses the Command AntiVirus Technology with F-Prot Professional engine;
can auto-update for new virus signatures.
Has browser-based configuration interface.
Distributed Checksum
Clearinghouse (DCC)
The Distributed Checksum Clearinghouse or DCC is a cooperative,
distributed system intended to detect "bulk" mail or mail sent to many people.
It allows individuals receiving a single mail message to determine
that many other people have been sent essentially identical copies of the
message and so reject the message. It can identify some unsolicited bulk
mail using "spam traps" and other detectors, but that is not its focus.
... works together with the Exim MTA designed to be very easy to implement. Exiscan supports multithreaded unpacking and scanning of mail, with a configurable number of processes. Exiscan has generic support for available command line virus scanners. Exiscan can scan inside of MS-TNEF and SMIME (signed) wrapped messages.
filescan with postfix and amavisd
ftp://ftp.antivirus.com/products/freetools/
Inflex
http://www.pldaniels.com/inflex/
Local and outbound (bidirectional) email scanner;
virus scans, text content; can unpack emails;
scan for arbitary file names and types.
For sendmail.
(See Xamime below for commercial version.)
Trend Micro scan engines (commercial?) http://www.antivirus.com/download/engines/
RenAttach
http://freshmeat.net/projects/renattach/
filters e-mail attachments based on file extension;
rename potentially dangerous attachments (executable ones).
http://colondot.net/mbm/mailfilter.shtml
Uses Exim Filter to do: Automatic blacklist addresses, Open Relay
Blacklist, Host Blacklisting, Domain Blacklist, One Use Addressing,
Time-limited email addresses, and Scoring Messages.
Procmail Email Sanitizer
http://www.impsec.org/email-tools/procmail-security.html
Processes email messages looking for particular information in the
headers or body of each message to help prevent attacks on your computer's
security.
ripMIME
http://www.pldaniels.com/ripmime/
Extract the attached files out of a MIME package.
(Also see alterMIME.)
SignatureDB
http://www.pldaniels.com/signaturedb/
Provide signatures/fingerprints of common, annoying emails/files (such as
viruses, chain letters, and hoaxes).
Includes database and signatureID program which scans your files.
SpamAssassin
http://spamassassin.taint.org/
Using its rule base, this perl module
uses a wide range of heuristic tests on mail headers
and body text to identify "spam".
It can looks for what appears to be an IP in the Received: headers and then checks the RBL.
It can score depending on which RBL the relay was listed in.
Spamrc
http://arch.ipsec.pl/spamrc/
Procmail rules for scoring a message based on contents. It scores for
common spam signatures, known spammers, etc.
This uses the
procmailsc(5) -- procmail weighted scoring technique.
Vipul's Razor
http://razor.sourceforge.net/
Vipul's Razor is a distributed, collaborative, spam detection and
filtering network.
Linuxworld:
How to reduce spam for your users & everyone else
MIMEDefang
http://www.roaringpenguin.com/mimedefang/
MIMEDefang is written in perl and uses milter in Sendmail 8.11 (or newer)
to split multi-part MIME messages into their components and potentially
deletes or modifies the various parts. It then reassembles the parts
back into an e-mail message and sends it on its way. For example, you
can delete all *.exe and *.com files, convert all Word documents to HTML,
and allow other attachments through.
MailScanner
http://www.sng.ecs.soton.ac.uk/mailscanner/
Can scan for spam and for known viruses; can refuse attachments
whose filenames match any given pattern; can use generic patterns
that trap filenames attempting to hide the true filename extension
(e.g. ".txt.vbs"). Attachments containing viruses that can be disinfected
(e.g. word processor macro viruses) are automatically disinfected and
sent on to their original destination. (This software uses outside virus
scanner, like Sophos.)
rblcheck
http://rblcheck.sourceforge.net/
A program which helps you perform lookups in RBL-style services, such
as the MAPS RBL, DUL, or RSS listings, or the ORDB list. Can be used
the command-line for quick lookups, or from a mail-delivery program
(such as procmail or maildrop).
rblcheck (perl version)
http://www.salesianer.de/util/rblcheck.html
This is not the real version, but has the same name. It is a perl version
and can filter input to find the IP address.
Sophos
http://www.sophos.com/
Commercial anti-virus scanner. Easily automated: upgrades, reporting.
H+BEDV Professional Virus defense: AntiVir
http://www.hbedv.com/download/download.htm
Removal of viruses. Repairing of files.
Ray's Mail Filter
http://www.sendmail-filter.sbu.ac.uk/
The filter examines messages being processed by Sendmail, and accepts or
rejects them on the basis of their header contents. In addition to the
main message headers, the filter examines the MIME part headers within a
multipart message. It can therefore be used to reject messages containing
attachments with particular filenames or filename extensions.
Antivirus -- a Sendmail milter
http://www.nmt.edu/~wcolburn/antivirus/
The milter runs "munpack" on the file to extract any attachments.
Uses "uvscan" to scan files. Can quarantine files.
Can reject messages with "double extentions".
Milter
http://www.milter.org/
A website dedicated to discussing sendmail's Milter API.
SpamBouncer: a Procmail-Based Spam Filter
http://www.spambouncer.org/
A set of procmail recipes which search headers and mail body for virus
signatures, IP of known spammer, advertises a spam address, sent by
bulk mailer software, or other identifiers.
Can tag, delete, and/or .notify sender.
Vortex Technology E-Mail block lists and policy
http://www.vortex.com/blocklist-s.txt (sendmail "access" format)
http://www.vortex.com/blocklist.txt (tcpd format)
Provides a very long list of hosts, domains, and/or networks to block.
The lists are composed entirely of DNS-based names and IP numbers derived
from local TCP/IP SMTP verified connect data.
These files may be updated daily; it currently has 8005 listings!
Virus Snaggers ("vsnag")
http://www.panix.com/~dman/vdoms/parve/vsnag/
Modular script plug-in for procmail with simple configuration and
custom logging.
Uses regular expressions to focus in combatting
common viruses and worms or suspect email file attachments.
(Code is free to use but code is not open source.)
Xamime
http://xamime.com/
a method of applying your rules and policies of what can and cannot
flow through your networks to your email system. protects from viruses,
malicious programs and annoying spam. reduces network line requirements
through preventing unwanted data flowing over it; optionally compressing
valid emails before sending them and still further reducing your network
line requirements; offers WWW-based administration interface.
(This is commercial; see Inflex scanner for free version.)
YAVR: Yet Another antiVirus Recipe
http://agriroot.aua.gr/~nikant/nkvir/
Procmail filter to help filter out common email worms, such
as base64 signatures (Klez, Hybris, Bugbear), iframe html, CLSID,
xml codebase, and other generic detection. Also filters spams like
Nigeria scams.
Wed Jul 27 09:16:54 PDT 2005