# Package README file for floppyfw v.3.0+ (http://www.zelow.no/floppyfw) # Package name: mailscan (Clam AntiVirus Daemon + POP3/SMTP mail scanning) # Packaged by: Ivo Tachev, ivotachev@mail.bg # 1. ABOUT Mailscan package for floppyfw is an email (POP3 and SMTP) transparent antivirus scanning solution. Scans all email (message and attachment) traffic at the firewall for viri. Stops infected messages and notifies the client. Attachments over a predefined file size (default=10MB) are not scanned. 2. INSTALLATION The standard floppyfw way: Rename downloaded tarball: - mailscan-0.40-ffw_3.0.ffw to mailscan.ffw (for floppyfw-3.0 and later) (to be on the safe side with 8.3 names). Put package tarball in /packages. You may have to remove some unneeded files from your floppyfw disk. 3. RUNNING The standard floppyfw way: Automatic (default): post-mailscan.ini script is in /etc - Manual: run "post-mailscan.ini stop" to stop daemons and clear iptables rules. Then you can start post-mailscan.ini again. 4. DEPENDENCIES - floppyfw v.3.0 and newer (uClibC 0.9.28 - based). - virus definitions for ClamAV: post-mailscan.ini downloads these each time floppyfw starts. 5. DELIVERS - ClamAV: http://www.clamav.net - p3scan: http://p3scan.sourceforge.net/ - p3pmail: http://p3scan.sourceforge.net/#p3pmail - renattach: http://www.pc-tools.net/unix/renattach/ - clamsmtp: http://memberwebs.com/nielsen/software/clamsmtp/ - bzip2: http://www.bzip.org (shared library only) Versions in this package: - ClamAV: 0.88.6 - p3scan: 2.9.05d - p3pmail: 1.3 - renattach: 1.2.4 - clamsmtp: 1.8 - bzip2: 1.0.3 6. MISCELANEOUS INFO Binaries are optimized for size and stripped. A Pentium or above class processor is needed. Because of running in RAM no logging is done and all infected messages are discarded. I suggest a total RAM size of 48MB as a minimum. Changes in configuration can be done by editing the config files in /etc. It is recommended to read the docs for all projects employed. !WARNING! Daemons run as root. If you experience corruption of received (HTML) e-mail messages, try disabling renattach and/or p3pmail in /etc/p3scan/p3scan.conf. To compile against uClibC some trivial tweaks were applied to the sources (e.g. libclamav, p3scan, p3pmail). It is ugly, so feel free to make them better. 7. LICENSE Read components licensing info. Unless specified otherwise, see GNU Public License v.2: http://www.gnu.org/licenses/gpl.txt 8. COMPILING INFO: Used uClibC developer environment (root fs image). - ClamAV: Apply the patch (cvd.c.0.88.6.patch) in libclamav subdirectory (you can see cvd.c there); ./configure --disable-clamuko --disable-dns --disable-dsig --with-zlib=/ --with-user=root --with-group=root --with-dbdir=/var/lib/clamav --sysconfdir=/etc CFLAGS=-Os -march=i386 - p3scan: Apply the patch (p3scan.c patch) ; ./configure --disable-pop3s --disable-ripmime --disable-clamav --disable-vcheck --with-user=root CFLAGS=-Os -march=i386 ; manually undefine rpl_malloc and rpl_realloc at the end of config.h - p3pmail: Apply the patch (p3pmail-1.3-uClibC.patch) - renattach: ./configure CFLAGS=-Os -march=i386 ; manually undefine rpl_malloc at the end of config.h - clamsmtp: ./configure CFLAGS=-Os -march=i386 - bzip2: In Makefile(for .so): insert CFLAGS=-Os -march=i386 ; comment out "#BIGFILES=-D_FILE_OFFSET_BITS=64" 9. TODO - Implement online virus scanning; drop ClamAV - Implement Layer7 matching and redirecting in firewall rules - Add IMAP support - Port to other platforms (e.g. embedded router devices) 10. CHANGELOG: ------------- floppyfw 3.0 -------------- v.0.40: First version for floppyfw 3.0 / uClibC 0.9.28 (support for floppyfw development vesrions 2.99.x dropped) - Version update of ClamAV, p3scan, renattach, clamsmtp ------------ floppyfw 2.99.x ------------- v. 0.31: - Version update of ClamAV and p3scan. v. 0.30: - Version update of p3scan; - Version update of ClamAV; clamav now running in TCP mode (p3scan requirement). v. 0.25: - Version update of ClamAV. - Version update of clamsmtp; v. 0.24: - Version update of ClamAV. - Version update of clamsmtp; - Version update of zlib; - Firewall rules for the package are now reloaded when firewall.ini is reloaded, so mailscan should be (hopefully) more usable when outside IP is dynamic; a temporary helper script for fixing original firewall.ini upon startup was added. v. 0.23: - Version update of ClamAV. v. 0.22: - Version update of ClamAV. v. 0.21: - Version updates of ClamAV and clamsmtp. v. 0.2: - Added bzip2 support - RAR support in ClamAV now enabled by default - Fixed compilation and stripping settings, so SMTP scanning works now - Switched to uncompressed executables - performs better and saves space on floppy - Cleaned up unneded executables: clamscan, ripmime + ripole - Removed TCP mode for clamd - Removed template files (not needed now). v. 0.1 (dated 03.29.2005, was named just mailscan.bz2): Initial package release. Pretty unstable. PLEASE DO NOT USE! (EOF)