Free hqx virus software for linux

The Qmail virus scanner (QScan) is a mail filter for Qmail that scans incoming messages using the Sophos Antivirus engine, immediately rejecting infected content.

It is designed to be minimalistic, yet extremely fast and secure, and uses multiple pipes instead of the traditional temporary files and privilege separation. It works with non-native versions of the virus scanner like under OpenBSD with Linux or FreeBSD emulation.


You must create a temporary directory to extract MIME attachments, and replace Qmails original qmail-queue program with Qscan. Quick way to achieve this for the impatients :

mkdir /var/qmail/qscan
chmod 700 /var/qmail/qscan
chown qmaild:qmail /var/qmail/qscan
ln /var/qmail/bin/qmail-queue /var/qmail/bin/qmail-queue-old

Now, lets compile and install Qscan :

./configure --help

./configure [your beloved flags]

make install-strip

The last step is to replace the original qmail-queue program with our filter :

rm /var/qmail/bin/qmail-queue
ln -s /usr/local/sbin/qscan /var/qmail/bin/qmail-queue

Depending on your local configuration, it may be needed or not, but start with doing it :

chown qmaild:qmail /usr/local/sbin/qscan
chmod 6711 /usr/local/sbin/qscan

After testing, if everythings ok for you, remove the setuid bit :

chown 0:0 /usr/local/sbin/qscan
chmod 711 /usr/local/sbin/qscan

HAVP (HTTP Antivirus Proxy) is a proxy with a ClamAV anti-virus scanner. HTTP Anti Virus Proxy aims are continuous, non-blocking downloads and smooth scanning of dynamic and password protected HTTP traffic.
Havp antivirus proxy has a parent and transparent proxy mode. It can be used with squid or standalone.
Main features:
- HTTP Antivirus proxy
- Scans complete incomming traffic
- Nonblocking downloads
- Smooth scanning of dynamic and password protected traffic
- Can used with squid or other proxy
- Parent proxy support
- Transparent proxy support
- Logfile
- Process change to defined user and group
- Daemon
- Use Clamav (GPL antivirus)
- Operating System: Linux
- Written in C++
- Released under GPL
Enhancements:
- Experimental support was added for chunked Transfer-Encoding, which fixes some broken sites.
- The IGNOREVIRUS configuration directive was added for whitelisting virus names.
- The CLAMBLOCKBROKEN configuration directive was added.
- Detection with AVG was improved.
- HAVP is killed if database reloading fails for Library Scanner.
- The URL is logged when a crashed scanner process is detected.
- The build system updated, adding the --prefix, --sbindir, --sysconfdir, and --localstatedir options.

Milter-virus is not a virus scanner. It is a wrapper that can be used with many commercial and freely available virus scanners. Milter-Virust is written completely in C, and requires (few skills??).
It is run-able with the Milter interface, but then will only scan for "double extensions".
If you wish it to scan for more, you need at Ripmime or other tools to extract files from MIME-encoded emails. You also need a (command-line) virus scanner.
The difference between this program and the original is that this is much more configurable via the config file. The original version has the advantage that it is simpler and easier to bugfix.
Enhancements:
- This is a large update.
- Many problems in the statistik module were fixed.
- Some spam protection features were included.

POP3 Virus Scanner Proxy is a full-transparent proxy daemon which scans all mails for viruses using third party scanners (built-in support for AVPD and Trophie).

You have to set up a port redirection in the linux-netfilter (iptables) so that all connections from e.g. inside your office to any POP3 server outside in the world will not leave your router, but come a local port, on which POP3VScan listens. POP3VScan receives from the linux kernel the original destinations of packets (the POP3 server outside in the world) and will connect to them.

All data we receive from the client will be sent to the server, and vice versa. With a little enhancement: we parse the neccessary parts of the POP3 protocol and when an email is sent from the server, we store it into a file, invoke a virusscanner and send it if it is good, or we just replace it with a virus notification. It should be possible to use all scanners using the scannertype=basic. Also POP3VScan provides scannertype=avpd for high-speed scanning using Kaspersky Anti-Virus for Linux, every C programmer can easily adept other scan-daemons (trophie, sophie, antivir, ...).

Neither the client nor the server has to be configured, none of them will take notice that theres a mailscanner (except the client when he gets a virus notification or if he looks into the header, and the server gets our ip as source).

AntiVirus Scanner is an anti-virus scanner for Endeavour Mark II that uses the ClamAV library (libclamav).

AntiVirus Scanner allows you to create a list of scan items for frequently scanned locations and features easy virus database updating, all in a simple GUI environment.

Yet Another antiVirus Recipe is a procmail that helps to filter out a lot of the most common e-mail worms.
For some of the above (plain iframe, clsid, xml, macro) e-mail is delivered normally but gets a WARNING in subject plus its old subject ($SUB).
Some of the warnings are:
WARNING-XML-CODEBASE-OBJECT-$SUB
WARNING-CLSID-EXTENSION-$SUB
WARNING-IFRAME-$SUB
WARNING-MACRO-$SUB
WARNING-NSCAM-SCORE:$NKNGS-$SUB
Main features:
- :: base64 signatures ::
- Most of these worms are MS-Windows executables and arrive at our e-mail encoded through base64 routines. YAVR uses especially selected signatures to locate these attachments. After that it places them in a directory (/virus/) sorted by name.
-
- :: iframe html exploit ::
- Through IFrame tag a html encoded e-mail can download and execute a file from a remote http site without informing the user.
-
- :: CLSID hidden extensions exploit ::
- Attachments which end with a Class ID (CLSID) file extension do not show the actual file extension saved and viewed with Windows Explorer. This allows dangerous file types to look as though they are actually innocent files, such as JPG or WAV files.
-
- :: xml codebase exploit ::
- Usage of some xml objects allow local files to be automatically executed, regardless of the security settings on the target machine.
-
- :: generic executable trap for bat, pif, vbs, vba, scr, lnk, com, exe ::
- The rest of MS-executable files that are not caught from base64 signatures end up in a virus-could-be file.
-
- :: generic macro detection for doc,dot,xls,xla files ::
- MS-Word and MS-Excel files that contain macro commands are marked with a warning.
-
- :: generic detection for most of nigeria scam e-mails (most of them) ::
- Nigeria scam e-mail is not a virus but a big spam problem... There are many good filters that use great algorithms for spam. This is just an add-on.
Enhancements:
- new switches for quarantine or not certain e-mailsbased on some ideas by Dan Smart
- YAVRQUARANTEXE if set to ON it sends unknown executables to /virus/virus-could-be as usual if set to OFF it delivers at inbox with a warning (and the X- header ;)
- YAVRQUARANTNIG same for nigeria scam
- YAVRQUARANTPRN same for porn e-mail read instuctions inside nkvir-rc
- X- marks in headers to help your own procmail scripts
- X-YAVR: MS-EXEC (any MS executable that wasnt identified by signatures)
- X-YAVR: NIGERIA (nigeria scam)
- X-YAVR: PORN (porn related)
- X-YAVR: MACRO (containing macro code)
- X-YAVR: XML-CODEBASE
- X-YAVR: IFRAME
- X-YAVR: CLSID-EXTENSION
- X-YAVR: SENDMAIL-EXPLOIT
- some more Worm.Moodown.b aka Netsky.b signatures
- another Mimail.Q

PHP ClamaAV Lib is a PHP extension that allows you to incorporate virus scanning features in your PHP scripts.

It uses the Clam Antivirus API (libclamav) for virus scanning. There are supported functions for file scanning and buffer scanning.

Functions Reference:

string cl_scanfile(string filename);

Description:

Scan a file given a filename.

Parameters:

filename: the absolute / relative path to the file.

Return value:

Returns the name of the virus if this is found and returns null when no virus is found.

cl_scanfile_ex(string filename, int options, string virusname, int retcode);

Description:

Scan a file given a filename (extended version), it supports the ClamAV scanning options and returns the virusname and return code of the cl_scanfile() API function.

Parameters:

filename: the absolute / relative path to the file.
options: ClamAV scanning options.
virusname: This parameter is used to retrieve the virusname if a virus was found.
retcode: This parameter is used to retrieve the return code of the cl_scanfile API function.

string cl_scanbuff();

Description:

Scan a file given a string buffer.

Parameters:

buffer: string buffer to be scanned.

Return value:

Returns the name of the virus if this is found and returns null when no virus is found.

string cl_scanbuff_ex(string buffer, int size_buffer, string virusname, int retcode);

Description:

Scan a file given a string buffer (extended version), returns the virusname and return code of the cl_scanfile() API function..

Parameters:

buffer: string buffer to be scanned.
size_buffer: size of the buffer.
virusname: This parameter is used to retrieve the virusname if a virus was found.
retcode: This parameter is used to retrieve the return code of the cl_scanfile API function.

string cl_pretcode(int retcode);

Description:

Translates the ClamAV return code.

Parameters:

retcode: The return code of a cl_scanfile_ex(filename, options, virusname, retcode) or cl_scanbuff_ex(buffer, size_buffer, virusname, retcode) function.
Return value:

Returns a string with the return code description.

Compatibility functions:

string clam_scan_buffer(string buffer);
string clam_scan_file(string filename);
string clam_get_version();