Virge is mail 'scanner' written in C, which replaces/substitutes procmail for a while, checks the incoming mail, and then sends the m
Virge is mail 'scanner' written in C, which replaces/substitutes procmail for a while, checks the incoming mail, and then sends the mail to the procmail. It will check mail for viruses and/or attachment names. Check the FEATURES/README/NEWS files for more details. Virge requires Sendmail and (optionally) AVPDaemon, Sophie or Trophie (to check attachments for viruses).
Virge replaces temporarily procmail. When new mail comes in, Sendmail will pass the contents of the mail to Virge. At that point, Virge performs set of checks:
Checks if the mail has attachments. If it does not, it sends it to procmail for delivery.
If mail has attachments, Virge creates temporary directory, unpacks attachments there, and asks AVP/Sophie/Trophie to scan the temporary directory for viruses. Virge was created with 2 things in mind: performance and security. Because of performance issues, it was not feasible to use any 'command line scanners' like TrendMicro of McAfee ones.
AVP/Sophie/Trophie are instructed to scan attachments for viruses next. If it finds any viruses, mail is immediately 'isolated' in a directory not (hopefully) accessible to anyone except administrators.
If no viruses were found, Virge will then perform 'attachment' check, and see if any of the attachments are not allowed to be sent to the end user. A configuration file is consulted for list of extensions (or 'full' filenames) that should not be allowed in. If any such attachments were found, tricky part comes - Virge will *hopefully* properly "rewrite" the whole email, and strip the attachments that are not allowed. Small notice is attached at the end of the mail, with names of stripped attachments. Mail is also 'isolated', in case poor overworked sysadmin ever gets some free time to take a closer look.
IMPORTANT: Please, keep in mind that Virge will *NOT* rewrite & send mails when virus has been found. I will *NOT* implement any such features, since it doesn't make any sense (I haven't seen a mail with virus that actually had some 'valuable' content in it for many months - maybe even years).
If AVP/Sophie/Trophie are not available (daemon is down), Virge will still deliver mails and annoy admins through syslog messages. Attachment check is still performed.
Users for which no checks should be performed can also be configured. Location of the file can be specified in the configuration file.
Virge is definitelly trying to not let any lame script kiddies abuse it in any way. It is trying to resist to race conditions, buffer overflows, and similar neat tricks. No guarantees, of course, that there are no security problems in Virge.
Virge tries to be as fast as possible, and not waste CPU time or any other resources. It is still possible to make it perform even better, although I presume it would be in 1-5% range. Will take some more time later, and try to fix all the small performance problems.
And yes - Virge *is* fast. I have made a complete 'Virge V1' in Perl some time ago, but it was absolute failure. Although I tried to use as little modules as possible and make it as fast as possible... it was crap. 2 minutes after I started a script that sends 3-5 mails per second, I started wondering "Why the hell can't I login to the mailserver anymore?". Perl is nice, but it's not good for tools like this. Not at all (except if you have low traffic on your mailserver).
And Virge still needs a *lot* of testing. I have tried to test Virge with many different mail (MIME) formats and tried different tricks in order to bypass its 'decoding techniques' (in order to send a virus or .exe to users), but it handles things pretty well. There are cases, though, when it is possible to trick librfc2045 and send attachments that don't get 'caught', but those attachments are violating RFCs anyway. If your mail client is so stupid to decode invalid/malformed attachments/mails - you deserved it. Don't use stupid mail clients then. I'm not going to start adding all those crappy features into Virge that would let someone detect all possible tricks which can be used. Use good mail clients, don't rely on Virge to save you.
Here are some key features of "Virge":
What's New in This Release:
tags the mail for viruses virge will sophie trophie are not attachments that email that avp sophie that contains http www any such mail with that are
Download Virge 3.04rc3
Other software in this category
- Desktop Environment
- Science and Engineering
- Text Editing&Processing