anvir virus scan
Sponsored Links
Sponsored Links
Secleted [ 0 ] software to compare
Results 1 - 15 of about 623
Qmail virus scanner 1.4
The Qmail virus scanner (QScan) is a mail filter for Qmail that scans incoming messages using the Sophos Antivirus engine. more>>
The Qmail virus scanner (QScan) is a mail filter for Qmail that scans incoming messages using the Sophos Antivirus engine, immediately rejecting infected content.
It is designed to be minimalistic, yet extremely fast and secure, and uses multiple pipes instead of the traditional temporary files and privilege separation. It works with non-native versions of the virus scanner like under OpenBSD with Linux or FreeBSD emulation.
You must create a temporary directory to extract MIME attachments, and replace Qmails original qmail-queue program with Qscan. Quick way to achieve this for the impatients :
mkdir /var/qmail/qscan
chmod 700 /var/qmail/qscan
chown qmaild:qmail /var/qmail/qscan
ln /var/qmail/bin/qmail-queue /var/qmail/bin/qmail-queue-old
Now, lets compile and install Qscan :
./configure --help
./configure [your beloved flags]
make install-strip
The last step is to replace the original qmail-queue program with our filter :
rm /var/qmail/bin/qmail-queue
ln -s /usr/local/sbin/qscan /var/qmail/bin/qmail-queue
Depending on your local configuration, it may be needed or not, but start with doing it :
chown qmaild:qmail /usr/local/sbin/qscan
chmod 6711 /usr/local/sbin/qscan
After testing, if everythings ok for you, remove the setuid bit :
chown 0:0 /usr/local/sbin/qscan
chmod 711 /usr/local/sbin/qscan
<<lessIt is designed to be minimalistic, yet extremely fast and secure, and uses multiple pipes instead of the traditional temporary files and privilege separation. It works with non-native versions of the virus scanner like under OpenBSD with Linux or FreeBSD emulation.
You must create a temporary directory to extract MIME attachments, and replace Qmails original qmail-queue program with Qscan. Quick way to achieve this for the impatients :
mkdir /var/qmail/qscan
chmod 700 /var/qmail/qscan
chown qmaild:qmail /var/qmail/qscan
ln /var/qmail/bin/qmail-queue /var/qmail/bin/qmail-queue-old
Now, lets compile and install Qscan :
./configure --help
./configure [your beloved flags]
make install-strip
The last step is to replace the original qmail-queue program with our filter :
rm /var/qmail/bin/qmail-queue
ln -s /usr/local/sbin/qscan /var/qmail/bin/qmail-queue
Depending on your local configuration, it may be needed or not, but start with doing it :
chown qmaild:qmail /usr/local/sbin/qscan
chmod 6711 /usr/local/sbin/qscan
After testing, if everythings ok for you, remove the setuid bit :
chown 0:0 /usr/local/sbin/qscan
chmod 711 /usr/local/sbin/qscan
Download (0.083MB)
Added: 2006-07-10 License: GPL (GNU General Public License) Price:
1201 downloads
AntiVirus Scanner 3.2.1
AntiVirus Scanner is an anti-virus scanner for Endeavour Mark II that uses the ClamAV library (libclamav). more>>
AntiVirus Scanner is an anti-virus scanner for Endeavour Mark II that uses the ClamAV library (libclamav).
AntiVirus Scanner allows you to create a list of scan items for frequently scanned locations and features easy virus database updating, all in a simple GUI environment.
<<lessAntiVirus Scanner allows you to create a list of scan items for frequently scanned locations and features easy virus database updating, all in a simple GUI environment.
Download (0.50MB)
Added: 2007-08-02 License: GPL (GNU General Public License) Price:
843 downloads
Aegis Virus Scanner 2.0.0
Aegis is a virus scanner for Linux, Unix and Windows with a simple and intuitive user interface. more>>
Aegis project is a virus scanner for Linux, Unix and Windows with a simple and intuitive user interface.
Aegis supports scanning of subdirectories, hidden files and .zip and .tar archive files, and drag-and-drop of files from the Nautilus file browser, or your Gnome desktop. When a virus is detected you can choose to delete, quarantine or rename the file.
<<lessAegis supports scanning of subdirectories, hidden files and .zip and .tar archive files, and drag-and-drop of files from the Nautilus file browser, or your Gnome desktop. When a virus is detected you can choose to delete, quarantine or rename the file.
Download (0.021MB)
Added: 2006-09-20 License: GPL (GNU General Public License) Price:
1134 downloads
Antivirus Scan with F-Prot 0.5
Antivirus Scan with F-Prot is a simple servicemenu for konqueror that allows to scan single or multiple files and folders. more>>
Antivirus Scan with F-Prot is a simple servicemenu for konqueror that allows to scan single or multiple files and folders using the F-Prot Antivirus. Antivirus Scan with F-Prot shows the result of the scanning in a textbox using kdialog. It can also show the progress of the scanning in a terminal.
I hope you may find it useful.
Comments or/and translations are welcome.
TO INSTALL: extract the content of the tarball and copy the file f-prot_virus_scan.desktop into ~/.kde/share/apps/konqueror/servicemenus (just for your user) or in /usr/share/apps/konqueror/servicemenus, /opt/kde/share/apps/konqueror/servicemenus... etc, depending on your distro, to make it system-wide.
This is only the service-menu, you need to have F-Prot antivirus installed on your system.
Enhancements:
- Added Danish translation by Kefeus
<<lessI hope you may find it useful.
Comments or/and translations are welcome.
TO INSTALL: extract the content of the tarball and copy the file f-prot_virus_scan.desktop into ~/.kde/share/apps/konqueror/servicemenus (just for your user) or in /usr/share/apps/konqueror/servicemenus, /opt/kde/share/apps/konqueror/servicemenus... etc, depending on your distro, to make it system-wide.
This is only the service-menu, you need to have F-Prot antivirus installed on your system.
Enhancements:
- Added Danish translation by Kefeus
Download (MB)
Added: 2006-08-14 License: GPL (GNU General Public License) Price:
1187 downloads
Viralator Proxy Virus Scanner 0.9.7
Viralator Proxy Virus Scanner is a Perl script that virus scans HTTP/FTP downloads request on a UNIX server. more>>
Viralator is a Perl script that virus scans HTTP/FTP downloads request on a UNIX server after passing through the Squid proxy server.
Even when I implemented virus protection for my network email server we still continued to get the odd virus. Most of the viruses came from people using free webmail accounts like Hotmail or Yahoo and downloading the infected attachments to their machines or through downloading junk.
Rather than block access to the users I decided to look at how we could better protect the network. I looked at a couple of different products both comercial and free but they were either too expensive or did not meet my needs.
That is how Viralator was born. Viralator Proxy Virus Scanner is licenced under the GPL.
Viralator should work in any UNIX system that uses Apache and Squid servers. We have reports about successful instalations on:
- RedHat Linux
- Mandrake Linux
- SuSe Linux
- e-Smith Linux
- Slackware Linux
- Conectiva Linux
- Debian Gnu Linux
Supported Redirectors:
- Squirm
- SquidGuard
- Jesred
Supported Virus Scanners
- AntiVir
- AVP
- RAV
- Inoculate
- Sophos Sweep
- McAfee
- Trend
- Clamav
- Bit Defender (free edition)
The original concept for Viralator came from the Viromat project. Without Viromat the Viralator project would not have had a starting point. We can also thank Ralph Meyer for badgering me into releasing the script under the GPL.
Enhancements:
- Parenthesis are included on the regular expression used to validate URLs.
- The character set checking step, which was not working before last patch released, has been fixed.
<<lessEven when I implemented virus protection for my network email server we still continued to get the odd virus. Most of the viruses came from people using free webmail accounts like Hotmail or Yahoo and downloading the infected attachments to their machines or through downloading junk.
Rather than block access to the users I decided to look at how we could better protect the network. I looked at a couple of different products both comercial and free but they were either too expensive or did not meet my needs.
That is how Viralator was born. Viralator Proxy Virus Scanner is licenced under the GPL.
Viralator should work in any UNIX system that uses Apache and Squid servers. We have reports about successful instalations on:
- RedHat Linux
- Mandrake Linux
- SuSe Linux
- e-Smith Linux
- Slackware Linux
- Conectiva Linux
- Debian Gnu Linux
Supported Redirectors:
- Squirm
- SquidGuard
- Jesred
Supported Virus Scanners
- AntiVir
- AVP
- RAV
- Inoculate
- Sophos Sweep
- McAfee
- Trend
- Clamav
- Bit Defender (free edition)
The original concept for Viralator came from the Viromat project. Without Viromat the Viralator project would not have had a starting point. We can also thank Ralph Meyer for badgering me into releasing the script under the GPL.
Enhancements:
- Parenthesis are included on the regular expression used to validate URLs.
- The character set checking step, which was not working before last patch released, has been fixed.
Download (0.029MB)
Added: 2006-06-16 License: GPL (GNU General Public License) Price:
1240 downloads
OpenAntivirus ScannerDaemon 0.6.0
ScannerDaemon is the virus scanner of the OpenAntivirus project. more>>
ScannerDaemon is the virus scanner of the OpenAntivirus project. You can send a filename to it via simple TCP and it will scan the file for viruses and tell you if the file is infected or not.
The ScannerDaemon listens on localhosts port 8127 for absolute filenames and absolute directorynames. It scans the files/all files in the directory and reports OK if no virus has been found or FOUND: if a virus has been detected.
You can start the ScannerDaemon simply by typing:
java -jar ScannerDaemon.jar
If you did not forget the Credo-files, it should come up and listen on port 8127. You can also give the name of the directory as a command-line parameter, like
java -jar ScannerDaemon.jar -credo.directory
Enhancements:
- Adaptions to new listener and filter scheme
- Bugfix: allow more than one signature file in one credo file
- Bugfix: close files used by UPXFilter
- Bugfix: wrong failure transitions
- Improvement: less memory consumption for nodes
- Improvement: UPXFilter scans uncompressed and compressed file
<<lessThe ScannerDaemon listens on localhosts port 8127 for absolute filenames and absolute directorynames. It scans the files/all files in the directory and reports OK if no virus has been found or FOUND: if a virus has been detected.
You can start the ScannerDaemon simply by typing:
java -jar ScannerDaemon.jar
If you did not forget the Credo-files, it should come up and listen on port 8127. You can also give the name of the directory as a command-line parameter, like
java -jar ScannerDaemon.jar -credo.directory
Enhancements:
- Adaptions to new listener and filter scheme
- Bugfix: allow more than one signature file in one credo file
- Bugfix: close files used by UPXFilter
- Bugfix: wrong failure transitions
- Improvement: less memory consumption for nodes
- Improvement: UPXFilter scans uncompressed and compressed file
Download (0.12MB)
Added: 2006-07-08 License: GPL (GNU General Public License) Price:
1206 downloads
POP3 Virus Scanner Proxy 0.4
POP3 Virus Scanner Proxy is a full-transparent proxy daemon which scans all mails for viruses more>>
POP3 Virus Scanner Proxy is a full-transparent proxy daemon which scans all mails for viruses using third party scanners (built-in support for AVPD and Trophie).
You have to set up a port redirection in the linux-netfilter (iptables) so that all connections from e.g. inside your office to any POP3 server outside in the world will not leave your router, but come a local port, on which POP3VScan listens. POP3VScan receives from the linux kernel the original destinations of packets (the POP3 server outside in the world) and will connect to them.
All data we receive from the client will be sent to the server, and vice versa. With a little enhancement: we parse the neccessary parts of the POP3 protocol and when an email is sent from the server, we store it into a file, invoke a virusscanner and send it if it is good, or we just replace it with a virus notification. It should be possible to use all scanners using the scannertype=basic. Also POP3VScan provides scannertype=avpd for high-speed scanning using Kaspersky Anti-Virus for Linux, every C programmer can easily adept other scan-daemons (trophie, sophie, antivir, ...).
Neither the client nor the server has to be configured, none of them will take notice that theres a mailscanner (except the client when he gets a virus notification or if he looks into the header, and the server gets our ip as source).
<<lessYou have to set up a port redirection in the linux-netfilter (iptables) so that all connections from e.g. inside your office to any POP3 server outside in the world will not leave your router, but come a local port, on which POP3VScan listens. POP3VScan receives from the linux kernel the original destinations of packets (the POP3 server outside in the world) and will connect to them.
All data we receive from the client will be sent to the server, and vice versa. With a little enhancement: we parse the neccessary parts of the POP3 protocol and when an email is sent from the server, we store it into a file, invoke a virusscanner and send it if it is good, or we just replace it with a virus notification. It should be possible to use all scanners using the scannertype=basic. Also POP3VScan provides scannertype=avpd for high-speed scanning using Kaspersky Anti-Virus for Linux, every C programmer can easily adept other scan-daemons (trophie, sophie, antivir, ...).
Neither the client nor the server has to be configured, none of them will take notice that theres a mailscanner (except the client when he gets a virus notification or if he looks into the header, and the server gets our ip as source).
Download (0.13MB)
Added: 2006-07-07 License: GPL (GNU General Public License) Price:
1208 downloads
gadoyanvirus 0.4
gadoyanvirus is a virus checker for qmail. more>>
gadoyanvirus is a virus checker for qmail that works with the QMAILQUEUE patch by Bruce Guenter. gadoyanvirus scans incoming messages using the ClamAV anti-virus library.
Suspected messages are quarantined and a notification message can optionally be sent to the recipients.
<<lessSuspected messages are quarantined and a notification message can optionally be sent to the recipients.
Download (0.11MB)
Added: 2005-12-07 License: GPL (GNU General Public License) Price:
1416 downloads
HTTP Anti Virus Proxy 0.86
HTTP Anti Virus Proxy is a proxy with a ClamAV anti-virus scanner. more>>
HAVP (HTTP Antivirus Proxy) is a proxy with a ClamAV anti-virus scanner. HTTP Anti Virus Proxy aims are continuous, non-blocking downloads and smooth scanning of dynamic and password protected HTTP traffic.
Havp antivirus proxy has a parent and transparent proxy mode. It can be used with squid or standalone.
Main features:
- HTTP Antivirus proxy
- Scans complete incomming traffic
- Nonblocking downloads
- Smooth scanning of dynamic and password protected traffic
- Can used with squid or other proxy
- Parent proxy support
- Transparent proxy support
- Logfile
- Process change to defined user and group
- Daemon
- Use Clamav (GPL antivirus)
- Operating System: Linux
- Written in C++
- Released under GPL
Enhancements:
- Experimental support was added for chunked Transfer-Encoding, which fixes some broken sites.
- The IGNOREVIRUS configuration directive was added for whitelisting virus names.
- The CLAMBLOCKBROKEN configuration directive was added.
- Detection with AVG was improved.
- HAVP is killed if database reloading fails for Library Scanner.
- The URL is logged when a crashed scanner process is detected.
- The build system updated, adding the --prefix, --sbindir, --sysconfdir, and --localstatedir options.
<<lessHavp antivirus proxy has a parent and transparent proxy mode. It can be used with squid or standalone.
Main features:
- HTTP Antivirus proxy
- Scans complete incomming traffic
- Nonblocking downloads
- Smooth scanning of dynamic and password protected traffic
- Can used with squid or other proxy
- Parent proxy support
- Transparent proxy support
- Logfile
- Process change to defined user and group
- Daemon
- Use Clamav (GPL antivirus)
- Operating System: Linux
- Written in C++
- Released under GPL
Enhancements:
- Experimental support was added for chunked Transfer-Encoding, which fixes some broken sites.
- The IGNOREVIRUS configuration directive was added for whitelisting virus names.
- The CLAMBLOCKBROKEN configuration directive was added.
- Detection with AVG was improved.
- HAVP is killed if database reloading fails for Library Scanner.
- The URL is logged when a crashed scanner process is detected.
- The build system updated, adding the --prefix, --sbindir, --sysconfdir, and --localstatedir options.
Download (0.53MB)
Added: 2007-04-17 License: GPL (GNU General Public License) Price:
932 downloads
Milter-Virus 2.0.0
Milter-Virus is a wrapper that can be used with many commercial and freely available virus scanners. more>>
Milter-virus is not a virus scanner. It is a wrapper that can be used with many commercial and freely available virus scanners. Milter-Virust is written completely in C, and requires (few skills??).
It is run-able with the Milter interface, but then will only scan for "double extensions".
If you wish it to scan for more, you need at Ripmime or other tools to extract files from MIME-encoded emails. You also need a (command-line) virus scanner.
The difference between this program and the original is that this is much more configurable via the config file. The original version has the advantage that it is simpler and easier to bugfix.
Enhancements:
- This is a large update.
- Many problems in the statistik module were fixed.
- Some spam protection features were included.
<<lessIt is run-able with the Milter interface, but then will only scan for "double extensions".
If you wish it to scan for more, you need at Ripmime or other tools to extract files from MIME-encoded emails. You also need a (command-line) virus scanner.
The difference between this program and the original is that this is much more configurable via the config file. The original version has the advantage that it is simpler and easier to bugfix.
Enhancements:
- This is a large update.
- Many problems in the statistik module were fixed.
- Some spam protection features were included.
Download (0.11MB)
Added: 2007-01-04 License: GPL (GNU General Public License) Price:
1032 downloads
arp-scan 1.6
arp-scan sends ARP (Address Resolution Protocol) queries to the specified targets, and displays any responses that are received. more>>
arp-scan sends ARP (Address Resolution Protocol) queries to the specified targets, and displays any responses that are received.
It allows any part of the outgoing ARP packets to be changed, allowing the behavior of targets to non-standard ARP packets to be examined. The IP address and hardware address of received packets are displayed, together with the vendor details.
These details are obtained from the IEEE OUI and IAB listings, plus a few manual entries. It includes arp-fingerprint, which allows a system to be fingerprinted based on how it responds to non-standard ARP packets.
Enhancements:
- Support for Sun Solaris was added.
- This was tested on Solaris 9 (SPARC).
- The following new arp-fingerprint patterns were added for ARP fingerprinting: IOS 11.2, 11.3, and 12.4; ScreenOS 5.1, 5.2, 5.3, and 5.4; Cisco VPN Concentrator 4.7; AIX 4.3 and 5.3; Nortel Contivity 6.00 and 6.05; Cisco PIX 5.1, 5.2, 5.3, 6.0, 6.1, 6.2, 6.3, and 7.0.
- IEEE OUI and IAB MAC/Vendor files were updated.
- HSRP MAC address was added to mac-vendor.txt.
<<lessIt allows any part of the outgoing ARP packets to be changed, allowing the behavior of targets to non-standard ARP packets to be examined. The IP address and hardware address of received packets are displayed, together with the vendor details.
These details are obtained from the IEEE OUI and IAB listings, plus a few manual entries. It includes arp-fingerprint, which allows a system to be fingerprinted based on how it responds to non-standard ARP packets.
Enhancements:
- Support for Sun Solaris was added.
- This was tested on Solaris 9 (SPARC).
- The following new arp-fingerprint patterns were added for ARP fingerprinting: IOS 11.2, 11.3, and 12.4; ScreenOS 5.1, 5.2, 5.3, and 5.4; Cisco VPN Concentrator 4.7; AIX 4.3 and 5.3; Nortel Contivity 6.00 and 6.05; Cisco PIX 5.1, 5.2, 5.3, 6.0, 6.1, 6.2, 6.3, and 7.0.
- IEEE OUI and IAB MAC/Vendor files were updated.
- HSRP MAC address was added to mac-vendor.txt.
Download (0.26MB)
Added: 2007-04-13 License: GPL (GNU General Public License) Price:
950 downloads
AVScan 3.1.1
AVScan is an AntiVirus scanner front end for ClamAV. more>>
AVScan is an AntiVirus scanner front end for ClamAV.
A front end for the Clam AntiVirus scanner using Endeavour Mark II. Features a scan list for frequently scanned locations, freshclam update support, and command line calling from Endeavour.
<<lessA front end for the Clam AntiVirus scanner using Endeavour Mark II. Features a scan list for frequently scanned locations, freshclam update support, and command line calling from Endeavour.
Download (0.53MB)
Added: 2007-06-13 License: GPL (GNU General Public License) Price:
877 downloads
Kvirus 0.5.2
Kvirus project is a board/puzzle game for the KDE Environment. more>>
Kvirus project is a board/puzzle game for the KDE Environment.
Kvirus is a board game for the KDE Environment and a clone of Ataxxlet originally written in Java.
The goal is to copy or jump your virus to eat up the enemy virus. Kvirus provides a cute interface with hours of fun.
<<lessKvirus is a board game for the KDE Environment and a clone of Ataxxlet originally written in Java.
The goal is to copy or jump your virus to eat up the enemy virus. Kvirus provides a cute interface with hours of fun.
Download (0.30MB)
Added: 2006-12-05 License: Freely Distributable Price:
1053 downloads
Virge 3.04rc3
Virge is mail scanner written in C. more>>
Virge is mail scanner written in C, which replaces/substitutes procmail for a while, checks the incoming mail, and then sends the mail to the procmail. It will check mail for viruses and/or attachment names. Check the FEATURES/README/NEWS files for more details. Virge requires Sendmail and (optionally) AVPDaemon, Sophie or Trophie (to check attachments for viruses).
Virge replaces temporarily procmail. When new mail comes in, Sendmail will pass the contents of the mail to Virge. At that point, Virge performs set of checks:
Checks if the mail has attachments. If it does not, it sends it to procmail for delivery.
If mail has attachments, Virge creates temporary directory, unpacks attachments there, and asks AVP/Sophie/Trophie to scan the temporary directory for viruses. Virge was created with 2 things in mind: performance and security. Because of performance issues, it was not feasible to use any command line scanners like TrendMicro of McAfee ones.
AVP/Sophie/Trophie are instructed to scan attachments for viruses next. If it finds any viruses, mail is immediately isolated in a directory not (hopefully) accessible to anyone except administrators.
If no viruses were found, Virge will then perform attachment check, and see if any of the attachments are not allowed to be sent to the end user. A configuration file is consulted for list of extensions (or full filenames) that should not be allowed in. If any such attachments were found, tricky part comes - Virge will *hopefully* properly "rewrite" the whole email, and strip the attachments that are not allowed. Small notice is attached at the end of the mail, with names of stripped attachments. Mail is also isolated, in case poor overworked sysadmin ever gets some free time to take a closer look.
IMPORTANT: Please, keep in mind that Virge will *NOT* rewrite & send mails when virus has been found. I will *NOT* implement any such features, since it doesnt make any sense (I havent seen a mail with virus that actually had some valuable content in it for many months - maybe even years).
If AVP/Sophie/Trophie are not available (daemon is down), Virge will still deliver mails and annoy admins through syslog messages. Attachment check is still performed.
Users for which no checks should be performed can also be configured. Location of the file can be specified in the configuration file.
Virge is definitelly trying to not let any lame script kiddies abuse it in any way. It is trying to resist to race conditions, buffer overflows, and similar neat tricks. No guarantees, of course, that there are no security problems in Virge.
Virge tries to be as fast as possible, and not waste CPU time or any other resources. It is still possible to make it perform even better, although I presume it would be in 1-5% range. Will take some more time later, and try to fix all the small performance problems.
And yes - Virge *is* fast. I have made a complete Virge V1 in Perl some time ago, but it was absolute failure. Although I tried to use as little modules as possible and make it as fast as possible... it was crap. 2 minutes after I started a script that sends 3-5 mails per second, I started wondering "Why the hell cant I login to the mailserver anymore?". Perl is nice, but its not good for tools like this. Not at all (except if you have low traffic on your mailserver).
And Virge still needs a *lot* of testing. I have tried to test Virge with many different mail (MIME) formats and tried different tricks in order to bypass its decoding techniques (in order to send a virus or .exe to users), but it handles things pretty well. There are cases, though, when it is possible to trick librfc2045 and send attachments that dont get caught, but those attachments are violating RFCs anyway. If your mail client is so stupid to decode invalid/malformed attachments/mails - you deserved it. Dont use stupid mail clients then. Im not going to start adding all those crappy features into Virge that would let someone detect all possible tricks which can be used. Use good mail clients, dont rely on Virge to save you.
Main features:
- Virge can check every incoming mail for attachments, and can remove attachments that are considered dangerous.
- "Dangerous" can be defined:
- email with specific kinds of attachments (e.g., .EXE, .COM, etc.)
- email that contains a virus as identified by Sophie ( http://www.vanja.com )
- email that contains a virus as identified by trophie ( http://www.vanja.com )
- email that contains a virus as identified by AVPDaemon (http://www.avp.ch)
- Any combination of the above.
- Dangerous email can trigger:
- rewriting that removes virus.
- alert back to sender.
- alert to recepient.
- alert to system manager.
- rewrite to remove virus.
- All offending mail messages can be isolated for later reviewing.
- Written in C, so it is very fast, doesnt waste resources, and doesnt depend on a complicated perl installation (which is subject to breaking).
- Notification can be sent (configurable) to sender/recipient of suspicious/infected mail. Templates can be used to define the layout of the mail.
- Regular expressions can be used for filename matching
- Virge was made with security in mind, and should be hard to abuse
- Can be configured to fail open or fail closed if load on the machine goes too high.
- Virge 3.0 designed for easy integration with Postfix
<<lessVirge replaces temporarily procmail. When new mail comes in, Sendmail will pass the contents of the mail to Virge. At that point, Virge performs set of checks:
Checks if the mail has attachments. If it does not, it sends it to procmail for delivery.
If mail has attachments, Virge creates temporary directory, unpacks attachments there, and asks AVP/Sophie/Trophie to scan the temporary directory for viruses. Virge was created with 2 things in mind: performance and security. Because of performance issues, it was not feasible to use any command line scanners like TrendMicro of McAfee ones.
AVP/Sophie/Trophie are instructed to scan attachments for viruses next. If it finds any viruses, mail is immediately isolated in a directory not (hopefully) accessible to anyone except administrators.
If no viruses were found, Virge will then perform attachment check, and see if any of the attachments are not allowed to be sent to the end user. A configuration file is consulted for list of extensions (or full filenames) that should not be allowed in. If any such attachments were found, tricky part comes - Virge will *hopefully* properly "rewrite" the whole email, and strip the attachments that are not allowed. Small notice is attached at the end of the mail, with names of stripped attachments. Mail is also isolated, in case poor overworked sysadmin ever gets some free time to take a closer look.
IMPORTANT: Please, keep in mind that Virge will *NOT* rewrite & send mails when virus has been found. I will *NOT* implement any such features, since it doesnt make any sense (I havent seen a mail with virus that actually had some valuable content in it for many months - maybe even years).
If AVP/Sophie/Trophie are not available (daemon is down), Virge will still deliver mails and annoy admins through syslog messages. Attachment check is still performed.
Users for which no checks should be performed can also be configured. Location of the file can be specified in the configuration file.
Virge is definitelly trying to not let any lame script kiddies abuse it in any way. It is trying to resist to race conditions, buffer overflows, and similar neat tricks. No guarantees, of course, that there are no security problems in Virge.
Virge tries to be as fast as possible, and not waste CPU time or any other resources. It is still possible to make it perform even better, although I presume it would be in 1-5% range. Will take some more time later, and try to fix all the small performance problems.
And yes - Virge *is* fast. I have made a complete Virge V1 in Perl some time ago, but it was absolute failure. Although I tried to use as little modules as possible and make it as fast as possible... it was crap. 2 minutes after I started a script that sends 3-5 mails per second, I started wondering "Why the hell cant I login to the mailserver anymore?". Perl is nice, but its not good for tools like this. Not at all (except if you have low traffic on your mailserver).
And Virge still needs a *lot* of testing. I have tried to test Virge with many different mail (MIME) formats and tried different tricks in order to bypass its decoding techniques (in order to send a virus or .exe to users), but it handles things pretty well. There are cases, though, when it is possible to trick librfc2045 and send attachments that dont get caught, but those attachments are violating RFCs anyway. If your mail client is so stupid to decode invalid/malformed attachments/mails - you deserved it. Dont use stupid mail clients then. Im not going to start adding all those crappy features into Virge that would let someone detect all possible tricks which can be used. Use good mail clients, dont rely on Virge to save you.
Main features:
- Virge can check every incoming mail for attachments, and can remove attachments that are considered dangerous.
- "Dangerous" can be defined:
- email with specific kinds of attachments (e.g., .EXE, .COM, etc.)
- email that contains a virus as identified by Sophie ( http://www.vanja.com )
- email that contains a virus as identified by trophie ( http://www.vanja.com )
- email that contains a virus as identified by AVPDaemon (http://www.avp.ch)
- Any combination of the above.
- Dangerous email can trigger:
- rewriting that removes virus.
- alert back to sender.
- alert to recepient.
- alert to system manager.
- rewrite to remove virus.
- All offending mail messages can be isolated for later reviewing.
- Written in C, so it is very fast, doesnt waste resources, and doesnt depend on a complicated perl installation (which is subject to breaking).
- Notification can be sent (configurable) to sender/recipient of suspicious/infected mail. Templates can be used to define the layout of the mail.
- Regular expressions can be used for filename matching
- Virge was made with security in mind, and should be hard to abuse
- Can be configured to fail open or fail closed if load on the machine goes too high.
- Virge 3.0 designed for easy integration with Postfix
Download (0.17MB)
Added: 2006-07-10 License: BSD License Price:
1201 downloads
mdns-scan 0.4
mdns-scan is a tool for scanning for mDNS/DNS-SD published services on the local network. more>>
mdns-scan is a tool for scanning for mDNS/DNS-SD published services on the local network. mdns-scan issues a mDNS PTR query to the special RR _services._dns-sd._udp.local for retrieving a list of all currently registered services on the local link.
mdns-scan is not a good mDNS citizen since it queries continuously for services and doesnt implement features like Duplicate Suppression. It is intended for usage as a debugging tool only.
mdns-scan is incomplete since it doesnt resolve mDNS services for you - it just dumps their PTR RRs. To understand these records you need minimal knowledge of DNS-SD and how it works.
mdns-scan does not terminate on its own behalf. It scans for services continuously until the user kills it by pressing C-c.
mdns-scan does not rely on a local mDNS responder daemon. It has no dependencies besides the GNU libc. It has been tested on Linux only.
mdns-scan does NOT scan for local mDNS enabled hosts or A/AAAA RRs, it scans for DNS-SD registered services, nothing else.
Enhancements:
- Add man pages
- Improvements to the Debianization
<<lessmdns-scan is not a good mDNS citizen since it queries continuously for services and doesnt implement features like Duplicate Suppression. It is intended for usage as a debugging tool only.
mdns-scan is incomplete since it doesnt resolve mDNS services for you - it just dumps their PTR RRs. To understand these records you need minimal knowledge of DNS-SD and how it works.
mdns-scan does not terminate on its own behalf. It scans for services continuously until the user kills it by pressing C-c.
mdns-scan does not rely on a local mDNS responder daemon. It has no dependencies besides the GNU libc. It has been tested on Linux only.
mdns-scan does NOT scan for local mDNS enabled hosts or A/AAAA RRs, it scans for DNS-SD registered services, nothing else.
Enhancements:
- Add man pages
- Improvements to the Debianization
Download (0.016MB)
Added: 2006-05-17 License: GPL (GNU General Public License) Price:
1257 downloads
Secleted [ 0 ] software to compare
Copyright Notice:
Software piracy is theft, Using crack, password, serial numbers, registration codes, key generators is illegal and prevent future software development. The above anvir virus scan search only lists software in full, demo and trial versions for free download. Download links are directly from our mirror sites or publisher sites, torrent files or links from rapidshare.com, yousendit.com or megaupload.com are not allowed
