Having finished SpamBlocker, I've decided to move along and get ExiScan, and Virus Filtering into the mix as soon as possible.

Note: Edited 06/22/2004 to rename the new product VirusChecker.

With that thought in mind I'm recommissioning my testbed DA server and installing on it an old domain for an ISP that has since gone out of business. It is, as you might imagine, a wonderful test domain for spamblocking and virus-checking, as it has tons of non-existing users who continue to get lots of spam and viruses.

I have some questions... what do YOU want in VirusChecker?

What I'd like to know is what most DA admins want to do with emails infected with viruses... do you want to dump them, refuse them, or pass them on to users but somehow marked.

Obviously my free DA distributions will be simple, because after all what I do for a living is sell this sort of stuff (for years for Cobalt RaQs, then for Plesk, and now for DA as well); only about 10% of my income is actually from hosting.

But I would like for my free releases to "just work" and work well for people who want to use them.

So...

What do you really want VirusChecker to do?

Please reply here rather than by email or by PM; I'd like to see the results all in one place if possible.

Thanks for your input, so I can make sure this new release does what YOU want.

Jeff

Well, we are using ClamAV and MailScanner and it function's fine. When a infected e-mail is comming on the server, it wil get the virus out of the e-mail and still send it to the user with some note's of what happend.

With spam it will only apply the [***SPAM***] into the subject.

This all is a good step forward from no spam/virus filter to this, but I think it's still not very easy for users. Because the 'infected' e-mails are still comming on the clients computer. Maybe 1 time a month 1 e-mail with a status of infected mails with there subjects so that if a user wants to it can look if there are any false 'infected' e-mails. That would be a nice feature for DA when it will get implemented spam and virus filter.

If possible, i'd like a virus checker that would simply strip the virus from the email and also add a note at the top of the mail to let the user know - if we could find something like that which would be simple to install, i'd be a happy camper :D

I'd like a virusscanner which scans all email for virusses. It tags the headers that this was a virus and it tags the subject *** VIRUS ***.

It also has to remove the virus and add an attachment called virus.txt with short virus-information.

Responding first to Dennis...

Dennis, if you're specifying what it HAS to have, then you're on your own in terms of finding something that does exactly what you want, or having it created for you. We and others have programming services to do custom work.

And now responding to everyone, including Dennis... if you're looking for concensus, then let's work towards that.

Personally I don't like sending the virus on to the user marked "VIRUS" as many outlook and outlook express users will get infected automatically if they get the email.

We could try to disinfect the virus, but all the solutions that do that are commercial solutions and are extremely expensive for use in mailservers. Additionally, I'm not sure any of them would work on a Linux server; you might need a Windows server just to do the disinfecting.

So my belief is we should destroy the virus and not send it on.

Then the question is, should we send the email on to the recipient along with a note that it had a virus? My guess is we shouldn't send anything to the end-recipient.

Why? Years ago it was a good idea to send the email on to the client, so s/he could notify his/her correspondent that s/he had an infected system.

Today, however, most viruses come with forged sender information, and there's nothing you can do about it.

What about returning virus-containing email? We can't. For the same reason we can't return spam. Because most of it uses forged senders, and by trying to return it we're just creating a problem for someone else.

So what I like to do is block the entire virus at "data" time. That means I'd tell the server sending me the virus that we won't accept it because it contains a virus.

Legitimate senders should get a message back from their ISP (or whoever runs their SMTP server) that their email was refused; then they can decide what to do with it.

Fortunately this is fairly easy to do.

Anyone interested in this?

(I can have it ready within a week to a month, depending on whether or not I get it done before my vacation.)

Jeff

I agree 100% Jeff. Nothing else to be said, other than "when can you have it ready?" :p

Cheers...

Unfortunately, on the day I had time to work on it, I discovered that my testbed system wouldn't run DA; it kept teling me the license had expired. This is a monthly rental license (that way it gets continuous support), and wouldn't run DA :( .

John fixed it for me, and the fault was probably mine, since this system isn't always connected to the 'net, and might have been disconnected during the time it needed to update it's license.

Nevertheless, by then I'd lost my "window" for getting it done before my vacation (which starts Sunday morning).

So it now looks as if I won't be able to get to it until I get back (after June 2nd).

Jeff

Just as a note, we currently host clients on 12 different DA servers. We took a "poll" in our forums, and asked what features people wanted with regards to this.

Overwhelmingly, our customers DONT want their email modified in ANY way, including a txt attachment. A header flagged as "Spam" or "Virus" was the only acceptable answer to an overwhelming majority of users. Don't modify or change their email in any way shape or form - they're adults, they can decide for themselves.

Personally, I don't want to be responsible for server side filtering on a global basis. What's spam to client A may not be spam to client B. As soon as we took viruses and threw them to an attachement as a txt file, the place went into an uproar - only one person commented that they wanted it, everyone else said "if this continues, I'm leaving".

I truly hope DA does NOT incorporate this into their default releases. No offense to jlasman, but I want my users to decide... not me. They pay me to deliver the mail, as is - not to modify it or change it in any way (other than a possible brief modification to the header - and even that was 50/50).

Just my 2cents. (or is that 12 DA licenses?)

Well, I think everybody has to decide for them selve how to manage the things you can do with 'infected' e-mails. Maybe it's the best for DA to make let there customers decide. That means that you can configure it in the control pannel or in config file's. Personaly I think that's the best way to become the best control panel there is. Just by giving your customar a lot of choice.

Ofcourse DA is already the best control panel, but it can be better :-).

I don't know about other parts of the world (maybe we do things different here in Australia?), but I've never come across a single company that actually prefers to have viruses delivered direct to their desktop, rather than have them filtered out at server level. The majority of SMEs don't have particularly good internal procedures to ensure that anti-virus software is kept up-to-date, and invariably they do get caught out all too often as a result. For everyone I know, it's a huge value-add to be able to say to a customer that their e-mail is scanned for viruses (and the attachment removed if infected) before it ever reaches their premesis, let alone their own desktop. Whether the functionality works server-wide or on an individual basis I don't care - I know either way the vast majority of my customers will be more than happy to have it. For those customers that don't want it, I suppose I could mail them a CD full of viruses or something, if that turns them on!

same for me
i don't dare yet to install mailscanner/spamassassin myself, as i don't want to risk my email stops working

It would be very great if this will be standard DA stuff, but it should be turned on/off per domain

@host-pc.com:

http://www.hostpc.com/forums/index.php?showtopic=953&hl=anti-virus

Is this the poll? I could not find any other topic about virusscanning on your forum. As far as I can tell your users love the idea as long as they have the option to turn it off? Correct me if I'm wrong. I just started to look for it because I was curious about the reactions. I'm not trying to put you on the spot or something.

@host-pc, when you say your users don't want their mail to be scanner in any way, I guess they don't have the need yet but here we have users recieving a lot of spam/virus (when I say a lot, it can go up to 700 bull**** mails in only one night, 200 infected sobig mails in one hour.)

When you run this kind of customers you don't really have the choice :
-you need to filter otherwise it will take a lot of space.
-your users will run after you to prevent their mailbox to be so hardly spammed.
(try to find one important mail out of 700 spam/virus mails..)


So, for me spam/virus filtering is a need, I had to install it because of those users and I ll be glad if DA provvides me with an automated way to control it.

I guess that for sure it will be possible to disable it.

Originally posted by hostpc.com
I truly hope DA does NOT incorporate this into their default releases. No offense to jlasman, but I want my users to decide... not me.
And I agree. That's why all our changes come with everything turned off by default.

The main reason I still haven't done anything about viruses is I'm not sure yet what to do.

As far as SpamAssassin is concerned; we simply use the DA SpamAssassin installation, which defaults to doing a lot to incoming spam emails. We've gotten no complaints.

But you can certainly change the SpamAssassin behavior whether or not you implement SpamBlocker or Virus-Filter/Blocker.

However, I'd think your customers would rather not have SpamBlocker, since it blocks spam before they get a chance to see it.

We're currently letting our clients choose. At some point in the future, as spam gets worse, we may actually charge our customers to get spam, since it costs us money to receive it for them.

Jeff

I guess the behaviour of mailscanner+clamav is the correct.
Extract the virus and attach a warning email.

For the the antivirus module should have (well it is my ideal)
* An antivirus panel would rock! this panel should allow the customer would the emails in quarantine and release a false positive email if any, along with several statistics. The reseller must be able to disabled this panel for his customers as well
as the spam/antivirus filtering.

* Having a statistics feature... with graphics like this:

http://mailwatch.sourceforge.net/images/mail_by_date_rpt.png
http://mailwatch.sourceforge.net/images/top_viruses_rpt.png
http://mailwatch.sourceforge.net/

and the capacity of include just strings like this in their homepages:

MAILS PROCESSED: 10000
SPAM DETECTED: 123 (30%)
VIRUS DETECTED: 123 (30%)
TOP TEN VIRUS DETECTED:
virus 1 (%)
virus 2 (%)
virus 3 (%)
virus 4 (%)
virus 5 (%)

and the possibility to have reports by domain, when on demand requested by a web form...

(in fact I started a thread in webhostingtalk.com (http://www.webhostingtalk.com/showthread.php?s=&threadid=243277) about this
type of module for mailscanner.

Originally posted by albatroz
I guess the behaviour of mailscanner+clamav is the correct.
Extract the virus and attach a warning email.
That was great behavior when viruses were mostly attached to legitimate emails sent by legitimate senders.

However today most viruses come automatically from zombies (infected machines) and as such are spam as well as viruses.

I don't know about you, but I don't want to be bothered with emails telling me some infected system somewhere has sent me a virus which was detected and deleted.

I'm still waiting for reasonable discussion on this before I go ahead with Virus-Filter/Blocker.

For the the antivirus module should have (well it is my ideal)
* An antivirus panel would rock!
My free solution will consist of only an exim.conf file and necessary other files.

After that, DA can create anything they want around my solution. (Or around their own if they don't want to wait for mine.)

(in fact I started a thread in webhostingtalk.com (http://www.webhostingtalk.com/showthread.php?s=&threadid=243277) about this
type of module for mailscanner.
I generally don't have time to read other forums to see what DA folk are interested in; please use this forum if you want me to see what you'd like.

And please give me reasons, rather than just what you'd like to see.

Currenly I've not seen any reasons to forward on virus-carrying emails without the virus or to delver a warning message.

Are there any such reasons?

Jeff

Currenly I've not seen any reasons to forward on virus-carrying emails without the virus or to delver a warning message.

Are there any such reasons?
Sure, some people work in the security and/or software fields and analyze viruses, trojans, etc either as a business or hobby. They often receive samples from others. There's also coders who write this stuff and send their work back and forth. For everyone else, IMO there's really no need.

Before the net got so polluted, most people probably received a periodic virus mostly from someone they knew or had prior contact. You could warn the other person to clean his PC. Today, the activity is too heavy and frequent plus many addresses are spoofed. I see no reason to warn the email originator now because it's either coming from a fake address or he's most likely getting hundreds or thousands of bounced messages anyway.

IMO if you provide the ability to turn this feature on and off by domain and/or email address, you can dump them all into the bit bucket. Those afraid of false positives or manipulation of their emails can turn it on whenever they want. I doubt any in this latter group are getting many viruses.

I've decided that what I'd like to do is offer these two options:

1) no virus checking

2) virus check at data time and refuse email at data time.

Note that all my free distributions are on a per domain basis only (and with whitelisting available for sending domains [blacklisting can simply be done through my already existing SpamBlocker exim.conf file free distribution]).

That's because I sell other solutions :) .

Of course you, or DA, or anyone else, is free to take any of my exim.conf files I make available under the applicable open-source license, and change it in any way you wish, as long as you also keep your changes under the applicable license.

Jeff

So what I like to do is block the entire virus at "data" time. That means I'd tell the server sending me the virus that we won't accept it because it contains a virus.

Legitimate senders should get a message back from their ISP (or whoever runs their SMTP server) that their email was refused; then they can decide what to do with it.

Fortunately this is fairly easy to do.

Anyone interested in this?


I like this idea but I am not sure it will work due to forged return address.

If the infected message is relayed from there SMTP relay to the direct admin smtp it will still create a bounce of sorts. The SMTP server that was trying to send the infected message will send a notice to the return address on the infected email.

Worser still some spam blacklists will list servers that forward virus warnings to the senders of Clez since they are usually forged.

Anyways, I am still excited to try this when you get it out!

Matthew

I understand the problem.

But it won't happen as often as you think, since most viruses are sent directly from the infected system rather than through an smtp relay.

I suppose I could offer the option of either dropping or refusing the virus.

I'll ask some AV gurus what they recommend.

Jeff

Which AV will the exim.conf call to check the messages?

I don't see the benefits of scanning at data time. We still have to download data to check if it's a "virus inside" message, so why not download the message, scan it and delete it?

Another thought on this.

Why not just put a package together with Mailscanner + ClamAV and Spamassassin? Its tried and proven and then perhaps the Directadmin guru's will add a gui interface to it all.

I know there are a few Directadmin how-to's on how to put these all together and I have done it on a few RAQ boxes I am just afraid if I hack to much on the Directadmin system a Directadmin upgrade might kill it. Something that Directadmin supports would be much better.

Just my 2 cents.

Matt

I don't see the benefits of scanning at data time. We still have to download data to check if it's a "virus inside" message, so why not download the message, scan it and delete it?

I see an advantage. No need to store or deliver the message. Just reject it and done.

Matt

Originally posted by interfasys
Which AV will the exim.conf call to check the messages?
My current thought is to use ClamAV. Do you have any other suggestions?
[/quote]I don't see the benefits of scanning at data time. We still have to download data to check if it's a "virus inside" message, so why not download the message, scan it and delete it?[/quote]
As hci mentions, rejecting the virus is a lot simpler than filtering it afterwards.

I understand that some people would rather delete than reject; I'm still considering that.

Of course you can write yours any way you want; this is just my idea.

Jeff

Originally posted by hci
Why not just put a package together with Mailscanner + ClamAV and Spamassassin?
In fact that's the direction I'm leaning towards.

Its tried and proven and then perhaps the Directadmin guru's will add a gui interface to it all.
I'm awaiting their new Exim release, to see what they've added besides my SpamBlock code.

I know there are a few Directadmin how-to's on how to put these all together and I have done it on a few RAQ boxes I am just afraid if I hack to much on the Directadmin system a Directadmin upgrade might kill it.
Automatic DirectAdmin updates will not change exim.conf. Version updates to programs used by DirectAdmin may, but I'd presume that if they do, they'll save the old config files.

Certainly, if it were me I wouldn't update any DA included program to a new version without saving the config file(s) first.

Jeff

I still don't get it :confused:

How do you reject an email if you don't scan it? And if you scan it, then you have already downloaded it, no? So how is this different from the standard MailScanner way of doing things?

It's an exim thing.

You can do the scanning at data time rather than at rcpt time.

Yes, exim does read the entire email before it rejects it, but because it hasn't sent the "data ok" before it does, it can still reject the message and therefore doesn't have to decide what to do with a message it doesn't want to deliver.

Since RFCs say you shouldn't throw away messages, and since you can't return a virus-laden email because you're not sure the envelope sender isn't spoofed, rejecting it is the way to go... at least to me.

Jeff

Thanks for the explanation. I'm all for following RFCs that make sense ;).

I still don't get it

How do you reject an email if you don't scan it? And if you scan it, then you have already downloaded it, no? So how is this different from the standard MailScanner way of doing things?



You need to understand the SMTP protocol. During the hand shaking after the RCPT TO it gives the go ahead for sending SMTP server to send the data portion of the message and end it with "<crlf>.<crlf>". After that point the receiving SMTP server has the message in its entirety but has not said ok yet. At this point the message can be scanned and if its clean send ok. If its infected reject it.

I have never known a email virus scanner to work this way but it certainly seems possible.

Matt

I'm still studying; I think it's possible with exim; exim is extremely configurable.

Jeff

Jeff

Any update to this? If it works as well as your spamblocker I would like to donate something towards your efforts.

You might consider putting a donation page on your web site for this kind of thing. Have you seen the donation page for the mrtg creator here (http://people.ee.ethz.ch/~oetiker/webtools/appreciators.txt) You never know someone might donate a car :)

cheers

Jon

You can simply add a virus scanner such as ClamAV to Exiscan which comes with Directadmin now. Been running it for several months now and it works fine.

http://www.directadmin.com/forum/showthread.php?s=&threadid=3860

What I want now is to upgrade to Spamassassin 3.0 when it comes out.

Matthew

I prefer the method Jeff had discussed with his virus scanner in that infected email is not processed on the server, but rejected(like spamblocker) at date time.

regards

Jon

Thats what the above method does using Exiscan.

Matthew

With what operating system. I keep hearing exiscan and RHE is problematic. I asked a while back if anyone has exiscan/Clam/SA working on RHE. Anyone?

Getting our VirusBlocker solution working is now a top priority at NoBaloney.Net (http://www.nobaloney.net/).

Jeff

Been running Fedora2 with Exiscan, ClamAV and Spamassassin for a few months now with no trouble. I will know more when I move more sites to it to load it a little heavier. I did have some stabillity problems once before installing ClamAV but replacing the cheap generic RAM with Viking RAM cleared that up.

Matthew

Thanks. Do you know anyone running this on RHE?

Originally posted by hci
You can simply add a virus scanner such as ClamAV to Exiscan which comes with Directadmin now. Been running it for several months now and it works fine.

http://www.directadmin.com/forum/showthread.php?s=&threadid=3860

What I want now is to upgrade to Spamassassin 3.0 when it comes out.

Matthew

are you running it with spamblocker exim config?

You can simply add a virus scanner such as ClamAV to Exiscan which comes with Directadmin now. Been running it for several months now and it works fine.

http://www.directadmin.com/forum/sh...=&threadid=3860

What I want now is to upgrade to Spamassassin 3.0 when it comes out.

Matthew

are you running it with spamblocker exim config?

All new Directadmin exim configs come with the Spamblocker but I have it turned off.

I have setup manually to block in exim.conf based on the 2 blacklists: ordb.org and spamhaus.org both of which rarely false and have clear listing policies.

#ACLs
deny dnslists = relays.ordb.org : sbl-xbl.spamhaus.org
message = rejected because $sender_host_address is in the blacklist at $dnslist_domain\n\ ($dnslist_text)

I do not trust blocking based on any other blacklists. I prefer using Spamassassin to score each message and give the end email user the option to keep or toss messages. I understand the argument that blocking is better since it saves CPU cycles and bandwidth and I aggree. I just feel a junk mail folder the end user can check once a week or so is much safer. Also, with a junk mail folder they can tell how well the SPAM flter is working too!

If we had a way to turn Spamblocker on in the Directadmin GUI per email user I admit I would really like that. That way if they want it turned on its there decision and they cannot complain to me about there aunt not being able to email them from China. Of course they will probably still complain to me about it.

Matthew

All new Directadmin exim configs come with the Spamblocker but I have it turned off.

I have setup manually to block in exim.conf based on the 2 blacklists: ordb.org and spamhaus.org both of which rarely false and have clear listing policies.

#ACLs
deny dnslists = relays.ordb.org : sbl-xbl.spamhaus.org
message = rejected because $sender_host_address is in the blacklist at $dnslist_domain\n\ ($dnslist_text)

I do not trust blocking based on any other blacklists. I prefer using Spamassassin to score each message and give the end email user the option to keep or toss messages.


Matthew - this is good and timely info to share as I have just had to disable spamblocker after too many very frustrating false positives.

The downside of turning spamblocker off is yesterday we received alot of spam that would have been blocked but frankly it was worth it as we had no false positives.

I'm sure spamblocker could be edited to only include those two lists? I know Spamblocker gives people the option to be whitelisted but only if they read and understand the error message in the email. I think it would be better to amend the subject line with something like 'Your message to - insert email address - was spamblocked!'

I'll be testing your suggestion over the next few days.. and will post how it gets on...

Thanks!

Rob

Originally posted by matrixx
Matthew - this is good and timely info to share as I have just had to disable spamblocker after too many very frustrating false positives.
Please send me, preferebly by email, some details of the false positives; if you can give me the IP#s of the sending servers perhaps we can figure out which list is creating the false positives and stop using that list. Or perhaps we can create a whitelist for certain senders. We do want SpamBlocker to work well. Unfortunately we can only go by our own experience if you and others don't give us details of yours.

I'm sure spamblocker could be edited to only include those two lists?
Absolutely.

I know Spamblocker gives people the option to be whitelisted but only if they read and understand the error message in the email.
SpamBlocker doesn't send an email. It notifies the sending server why it's blocking receipt of the email, and it's the sending server's responsibility to send the email explaining why it couldn't deliver the email. Some do a better job than others.

We agree with you completely about not wanting false positives. But we also believe that people stand a better chance of getting their blocked email finally delivered than their filtered email, since most people who get a lot of email eventually stop reading their email that's been filtered and marked as spam, but simply delete it because there's so much of it.

I think it would be better to amend the subject line with something like 'Your message to - insert email address - was spamblocked!
Great idea. But we can't implement it, because we don't send an email. If you think about it, we can't send an email, since we have no idea if the return address is correct. If we sent an email, then better than nine times out of ten we'd be spamming innocent parties.

And unfortunately I don't think you'll ever convince hundreds of thousands of administrators of hundreds of thousands of email servers, to change their error messages.

If you help me identify the bad lists, I'll be glad to adjust what we use in SpamBlocker.

Jeff

Hi Jeff,

Thanks for this - I'll work through the stuff over the weekend and email you.

Off the top of my head the list was one of the ones blocking the nameservers not the IP's - I'll try to dig out the other details.

Rob

Any update on Virus blocker? My DA servers are not in production yet so I am not in a rush. I don't want to bother with Mailscanner if I don't have to.

Working on it this weekend.

Jeff

I posted I think already a few mails about my idea and nobody seems to reply on it. I don't understand it, because i think it's the 'ultimate' for the client. The client is afraid that he or she is losing there e-mail by blocking everything. But to receive every e-mail, tagged or not, is stil as anoying as a mail adres without a spam/virus checker.

I'm looking for a configuration that it wil move the spam/virus mails to a separete folder in the IMAP server so people can log in on there webmail en eventualy find e-mails if they want to. Then they can move it to the inbox and they wil receive it. This way only 'clean' mail wil be received bij the client en if they want to browse there infected e-mail it's also no problem.

And then ofcourse you should consider to delete the e-mail after 30 day's or something, but that's part 2 of the problem.

What do you all think?

I'm not sure what you are asking here. From what I see of the new DA SA user interface, there is the option to send the spam to a seperate spam folder. Isn't this what you are asking about? Question is, how does one access this folder now?? Anyone know?

Originally posted by bvvelzen
I'm looking for a configuration that it wil move the spam/virus mails to a separete folder in the IMAP server so people can log in on there webmail en eventualy find e-mails if they want to.
This is probably the wrong thread to look for that in, as neither my VirusBlocker nor SpamBlocker products will ever filter emails into directories (sometimes called folders by Microsoft). They can't, since they don't accept the email onto the system in the first place. You can't filter email you don't have.

Jeff

Originally posted by rldev
I'm not sure what you are asking here. From what I see of the new DA SA user interface, there is the option to send the spam to a seperate spam folder. Isn't this what you are asking about? Question is, how does one access this folder now?? Anyone know?
I don't know anything about the new server interface at all, as I haven't loaded the latest DA at all. I'm hoping to get it loaded on my testbed this morning.

What's stopped me so far is I haven't read any posts announcing or explaining the new SpamAssassin interface. I use the "new posts" search to read all the messages on the forum. Are there posts here on the forums I've missed?

Thanks.

Jeff

What would you like to know about the interface?

Everything :D .

I'm going to finish a new DA install on a testbed server today.

Once I do that, do I have to make any changes to exim.conf for it to work? There's a post in the HowTo section that makes me believe I might.

How about when I update old systems to the latest version of DA. Do I then have to change something in exim.conf to make it work?

I need to know because I need to change the master exim.conf file.

Was there a post or a series of posts somewhere that I've missed, which explains the new implementation of SpamAssassin?

I haven't seen any posts on it.

Thanks.

Jeff

I do not believe you need to make any changes to the Exim conf when you update DA and follow their instructions to install SA. I know I made no modifications at all.

Da's SA interface is pretty good. It allows the cp owner to set SA threshold value.

White and Black listing of email addresses.

Options to move Spam tagged Mail to a spam folder, delete, or pass through.

You can customize the Spam Tag.

Other Delivery Options:

Don't use attachments (dangerous)
Use attachments.
Use text-only attachments

All and all a good interface. They should really consider changing the name to something likw Spam Tools and include a UI to your SpamBlocker. I think this is very important. I'm kind of surprised they didn't do this considering they made SpamBlocker available in the Exim.conf. Per haps they will get around to this in the next release. Good work overall though. All we need is to get VirusBlocker integrated into all of this. It will offer a easy to use and powerful Spam/Virus Tools.

Originally posted by rldev
I do not believe you need to make any changes to the Exim conf when you update DA and follow their instructions to install SA.
Where did they offer any instructions for installing SA? Is there a thread? Do they somehow pop up somehow when you follow their instructions? This is the part I'm missing.

We ran into a few problems over the weekend doing a clean DA install on CentOS on our testbed, and haven't seen the new SA setup yet :(.

All and all a good interface. They should really consider changing the name to something likw Spam Tools and include a UI to your SpamBlocker.
I agree that they can and probably should do it.

If we're left to do it two things will occur:

1) We'll do it externally to the skins system, as a completely separate login (but using the same user, reseller and admin passwords) since I don't want to get involved in having to update skins as often as DA comes out with revisions.

2) We'll probably make a (hopefully reasonable) charge for it, since we'll be making a commitment to maintain it.

Jeff

Yeah I'm bummed that there's no interface for the spamblocker. They do have a similar block by email address or domain in the spamassassin configure but they must understand that the processor resources get sucked by spamassassin when they really don't need to. That is the beauty of spamblocker in theory.

As for the SA install look http://help.directadmin.com/item.php?id=36

Any progress on Virus Blocker?

The commercial version will be available to advance purchasers by the end of this month. It will probably be available in raw exim.conf form shortly thereafter; certianly by the end of the year.

Jeff

how much will it cost for the early purchasers ?

What will the purchasers get?

Jon

For commercial product info please contact me privately at the email address in my sig.

Thanks.

Jeff

It's been a while now since the last update on news on the development of virus blocker. I'm slightly confused as to what the plans are for this software following some of the threads of this forum. Are there any further developments?

Questions that come to mind are:

1) Is this product going to be available this year?


2) Are there two products. A commercial and a free edition? If so what is the eta release dates for each of these.




regards

Jon

I think it is going to be released soon.

Originally posted by jjma
It's been a while now since the last update on news on the development of virus blocker. I'm slightly confused as to what the plans are for this software following some of the threads of this forum. Are there any further developments? [quote]
Yes; if I just had an entire day to devote to it, I could finish it.
[quote]1) Is this product going to be available this year?
Hopefully. I've cancelled my holiday trip to Idaho in the hopes I'll have time to finish it.

2) Are there two products. A commercial and a free edition? If so what is the eta release dates for each of these.
I'd make the exim.conf file available as an open-source download first. That way anyone who wanted to implement it could do so.

Whether I'd go further than that with a commercial edition would depend on whether there was any interest in paying for a control panel for it.

Jeff

Hello

Any eta on this?

regards

Jon

I would like a default option of to accept email with viruses but add a warning to the email that a virus has been detected and be cautious if wanting to open the file, there can be an option in the DA gui for users to auto reject such email's.

Originally posted by jjma
Any eta on this?
January 1st, 2005.

Obviously not met :( .

I feel like a guy treading water, I'm paddling as fast as I can, but I'm not getting anywhere.

Working on it in every moment of spare time.

No spare time :( .

Jeff

Originally posted by Chrysalis
I would like a default option of to accept email with viruses
Then you won't want to use VirusBlocker.

Since VirusBlocker works by blocking viruses before accepting them on the server, it doesn't have them, so it can't deliver them.

but add a warning to the email that a virus has been detected and be cautious if wanting to open the file, there can be an option in the DA gui for users to auto reject such email's.
Either you or someone else will have to create that using some of the virus-filtering tools already discussed on these forums; blocking can't do what you want.

Jeff

Can a domain be whitelisted so that they do not have virus emailed filtered out? I know it sounds crazy but some people albeit few might not want this.

Again, nothing is filtered out; it's totally blocked during the SMTP dialogue.

You will be able to choose whether or not you want VirusBlocker on a per domain level.

Jeff

Yes that is what I meant. Filtering was not the proper word to use. Thanks.

well there are a few valid reasons for viruses to be sent over email eg. I get some sent to me when we investigate DDOS attacks and these viruses are used to infect the zombie machines. I also dont like the idea of auto blocking emails by default because it will be a nightmare for support when user's start asking why email's arent getting through.

I don't see a problem. If your user wants emails with viruses, you can put them on the whitelist. The main advantage of VirusBlocker is that it frees up a lot of resources being wasted by viri infected emails. Most viri email is junk mail anyway.

However, VirusBlocker is not for everyone.

well they are my concerns I might still use it, I can just tell users before hand about viruses been blocked.

Originally posted by Chrysalis
well they are my concerns I might still use it, I can just tell users before hand about viruses been blocked.

Our users certainly could use it and have asked for a solution asp. I hope the product is soon coming.

regards

Jon

Our users certainly could use it and have asked for a solution asp. I hope the product is soon coming.

http://www.directadmin.com/forum/showthread.php?s=&threadid=3860

Tells you exactly how to add a virus scanner to your Directadmin box if you are running Fedora Core 2 or similiar. Been running it nearly 8 months with hundreds of email accounts with no troubles.

Matthew

Does this block the email at source like it will with virus blocker.

Jon

Does this block the email at source like it will with virus blocker.

If you read the first few lines of the how too... ;<)


This is a very basic how to on adding support for ClamAV to your Directadmin server. It simply rejects all messages containing viruses.

Reading farther into it...


Unlike Mailscanner this rejects infected messages before accepting them.

Having run Mailscanner on our old RAQ server for several years I think this rejecting virus infected messages is far superior to removing them. No quarantine or any of that to worry about. The sending MTA is responsible for sending any warnings but that is usually a virus anyway.

Matthew

any updates?

I get further behind every day.

But we've hired someone, so that should change soon.

Jeff

any ETA?

I know; I know...

Old news.

But yes, we are working on it again.

Jeff

Originally posted by DennisCitus
I'd like a virusscanner which scans all email for virusses. It tags the headers that this was a virus and it tags the subject *** VIRUS ***.

It also has to remove the virus and add an attachment called virus.txt with short virus-information.

:D :D :D :D

That will never be included in VirusBlocker because VirusBlocker will refuse to accept emails with a virus included. So they won't remain on the server, and there'll be nothing to edit.

Jeff

jjasman can you layout this part of the config like so.

lookuphost:
driver = dnslookup
# domains = ! +local_domains
ignore_target_hosts = 127.0.0.0/8
self = pass
same_domain_copy_routing = true
transport = remote_smtp
no_more

so if a domain is hosted on the same server it still does a MX lookup and the result overides it if not local, the purpose of this is so if a user sign's up and uses an email on the same domain still hosted elsewhere they will get the email, on the default config it would deliver locally and fail.

I can.

But I won't. Not as a standard.

You can change it yourself, or have me change it, as custom work (warning: we're not cheap).

Now as to what would change my mind:

If the DA staff decide they'd rather do it that way, then I'll go along with them.

But otherwise I won't change the behavior as it's quite standard for exim, and on a busy server can save a lot of MX lookups.

Jeff

No worries I guess I just need to remember to change it if I update my config. I just happen to prefer ensuring mail reaches its destination over a few seconds of speed.

I'll tell you what...

If you can get any of the proclaimed "experts" on exim-users to agree that exim should always use MX lookup even if it thinks it's supposed to manage email for a domain, I'll change it and convince Mark and John :) .

So find the exim-users list (hint: it's an exim.org list) and ask away.

:)

Jeff

I am already on the user list. The difference here is directadmin is a control panel, exim can be used on its own without a control panel, ask yourself this. How many users on that exim mailing list use exim with a control panel? Directadmin has a function of sending out welcome emails, some of these welcome emails go to email addresses that are on the domain that is to be hosted on directadmin, do you think its sensible to have directadmin deliver that email locally?

If the default config is to remain the same then perhaps directadmin should be changed so it either rejects signup mails matching the domain or it does mx lookups for singup emails regardless of local or not.

If you do a search on these forums you will find a few have had problems with this scenario.

I think we should stop here, I feel bad going off topic on the thread, if you want to leave that part of config alone then thats fine with me as I said I will just edit it to suit myself.

In my opinion the fact that the server is being managed by a control doesn't change the specific issues involved.

I am willing to change my opinion, if I get some reasonable input from other exim users.

And of course John may decide to change my exim.conf file before using it, or not use it at all.

Jeff

How's the progress on this?

I'm now of the opinion that on a hosting server it makes more sense for exim to always use MX lookup.

However I won't even take my own word for it; I'll check with some of the real email gurus out there before I make any changes on my own.

Jeff