Zmscanner is an extensible
modular contentfilter for Zmailer and
It is designed to be fast and efficient and thus suitable for high traffic
2009-03-31: zms_clamav release 1.17 - support clamav 0.96
2009-03-31: zmscanner release 2.01 - properly use PIC code
Version 1.00 runs for several years in production environment on a high
traffic site (> 1.5M messages/day) with zms_clamav, zms_dehtml and
zms_pcre modules, and seems to operate normally. Versions 1.0x are
minor improvements to that, they should be equally stable but are not
tested that extensively.
Version 2 (prereleases are named 1.9x), as of this writing, is
experimental. Main change is new Milter interface, that is, support for
Sendmail as well as Zmailer. This change involved some modifications
in existing code, so even Zmailer version may be affected.
As to the wishlist, the current status of decoders is OK for analyzing
binary body parts, and ASCII text parts and headers. It sould be a
Right Thing to convert all text parts, and non-ascii headers to UNICODE
and make regular expression/etc. processors UNICODE-capable. Also,
there are some very interesting opportunities in HTML scanners, e.g.
normalizing host names, resolving them to IP addresses and then matching
against a blacklist.
You need Zmailer that is not older than September 2003: older versions
are not capable of communicating with the contentfilter over unix
domain socket. Specify
PARAM contentfilter /path/to/zmscanner/socket
Sendmail 8.13.3 is used for development of Milter part; binary to run is
For documentation, see manpages, README files in the distributions,
and sample confguration files.
"zmscanner" is the core package, you must build and install
(!) it before building modules.
As of this writing, four useful (and one not so useful) modules exist:
In the old/ subdirectory of the download area and in Subversion
repository you will find zms_naive module. It exactly
duplicates the functionality of "lean-mean-contentfilter" which
is distributed with Zmailer. You don't need to run it unless you want
to migrate from "lean-mean".
<crosser at average dot org>
check_ct (which is a part of the core package) - performs POSIX
regex matching on the contents of "Content-Type:" header.
This, for instance, allows to block HTML mail or messages with executable
zms_pcre - uses Philip Hazel's
PCRE library to match patterns in
text body parts. PCRE stands for "Perl Compatible Regular Expressions".
This module runs on text/plain body parts and on text/html that passed
zms_clamav - uses
ClamAV library and virus
databases to scan non-text attachments for viruses (Note: no clamd
daemon is used, only low level scanning functions).
zms_dehtml - takes text/html body part, strips off HTML tags
and passes text/plain result for further processing (converting
"&#XXXX;" is on the TODO list).