##################################################################### WHAT IS IT: modularized contentfilter for Zmailer COPYRIGHT: (c) 2003 Eugene G. Crosser LICENSE: The same set as apply to Zmailer code ##################################################################### This is a plugin to zmscanner (http://www.average.org/zmscanner/) that makes use of clamav library (http://clamav.sourceforge.net/). Clamav is an open source antivirus. It has its own infrastructure to parse messages and check files on disk, but we only use low level API function that scans a chunk of memory or a single file. This plugin binds to "content" stage of zmscanner, that is, it gets decoded body (part) regardless of the content-type. We choose to opportunistically scan data of any type except text because viruses often mimic images etc. (Still, text types are not scanned) There are two modes of operation, selectable via configuration file "clamav.conf". One uses cl_scanbuff() function scanning a chunk of memory. It is very efficient, because there are no file operations involved. Although, it is unable to detect viruses hidden inside archieves, "Portable Executable" encosures and OLE enclosures. This mode is the default. Second mode of operation is "file scanning". Zmscanner writes every body part to scan into a temporary file created via tmpfile() and passed the descriptor to cl_scandesc(). Which in turn may (and likely will) create more temporary files... This may be as expensive as the clamav-milter tool. ##################################################################### Appendix: building from CVS $ cvs -d :ext:cvs.average.org:/cvsroot/ZMSCANNER co zms_clamav $ cd zms_clamav $ aclocal $ autoheader $ libtoolize $ automake -a $ autoconf $ ./configure --various-options ##################################################################### $Id$ $Log: README,v $ Revision 1.2 2003/09/10 21:20:44 crosser cosmetic changes Revision 1.1 2003/09/09 20:40:25 crosser adding README