P3Scan Current version: 2.3.2
p3scan-development P3PMail

Support This Project Support This Project

The following companies support P3Scan:
ISC Supports This Project Sentinelbox Supports This Project
Thank you very much!

Introduction

This is a full-transparent proxy-server for email clients. It runs on a Linux box with iptables (for port re-direction)[1]. It can be used to provide email scanning from the internet, to any internal network and is ideal for helping to protect your "Other OS" LAN from harm, especially when used in conjunction with a firewall and other Internet Proxy servers.

It is designed to enable scanning of incoming/outgoing email messages for Virus's, Worms, Trojans, Spam (read as "Un-solicited Bulk Email"), and harmfull attachments. Because viewing HTML mail can enable a "Spammer" to validate an email address (via Web bugs), it can also provide HTML stripping.

This project is maintained by Jack S. Lai <laitcg at cox dot net>.

P3Scan is a derived work of POP3VScan as written by Folke Ashberg <folke at ashberg dot de>.

It's intent is to provide a follow on program to POP3-Virusscan-Proxy 0.4

It is based upon his program but provides numerous changes to include scanning email for spam, hardening the program, addaption to today's email environment, and many, many other changes.

I want to thank Folke Ashberg here for his wonderful program. I would also like to thank Astaro Internet Security for the patches they made to Folke's program that are incorporated in p3scan.

[1] If you want to forgo transparency, you can choose not to use iptables redirection.

How it works

You have to set up a port redirection with iptables so that all connections from e.g. inside your office to any POP3/POP3S/SMTP server outside in the world will not leave your router, but come to a local port, on which P3Scan listens.

P3Scan receives from the Linux kernel the original destination (the email server outside in the world) and will connect to them.

All data we receive from the client will be sent to the server, and vice versa. With a little enhancement: we parse the necessary parts of the protocol and when an email is sent from the server, we store it into a file, invoke our scanning, and send it along if it is good, or in the event of POP3/POP3S we replace it with a virus notification and optionally delete the infected message. For infected SMTP messages, we reject the message.

It should be possible to use all scanners using the scannertype=basic.

Also, P3Scan provides scannertype=avpd for high-speed scanning using 'Kaspersky Anti-Virus for Linux', every C programmer can easily adept other scan-daemons (trophie, sophie, antivir, ...).

Neither the client nor the server has to be configured, none of them will take notice that there's a mail scanner (except the client when he gets a virus notification or if he looks into the header, and the server gets our ip as source).

Requirements

pcre-devel - The pcre development package, Normally installed by default on major Linux Distributions.
iptables - Normally installed by default on major Linux Distributions. (optional *)
clamav-devel - The clamav development package if your distribution does not normally install it, but only if you are testing the development version of p3scan and want to use the internal libclamav feature.
* If you want to forgo transparency, you can choose not to use iptables redirection. Otherwise, it is required.
An Anti-Virus program
P3Scan is known to work with:
Kaspersky Anti-Virus for Linux (AVPD)
Trophie Anti-Virus Daemon
FRISK F-Prot Antivirus
Clam AntiVirus
F-Secure Anti-Virus
Any other virus scanner that can output it's report to the console (stdout) so that it can be captured with "2>&1".
DSPAM Statistical Spam Protection (optional)
Mail::SpamAssassin (optional)
renattach (optional - used to delete/rename attachments)

Support

There is a p3scan chat room that you can access with any XMPP/Jabber client (like gaim):

(p3scan@conference.jabber.org) <- This is NOT an email address. :)

room: p3scan
server: conference.jabber.org

If you need the answer to a quick question, this is where you can ask. It is also a place to discuss features that you would like incorporated. It will also be used to communicate with beta testers and developers.

Please use the Mailing List for support requests and general discussions.

If you do sign up for these mailing lists and use Anti-Spam features that generate an automatic response, please ensure you put the mailing list in your whitelist as all bounces received by myself will be put in the bit bucket and you will miss traffic. Sourceforge itself scans traffic destined for mailing lists. Thank you.

Participation

Besides contributing funds, hardware, or donating something from my amazon.com wishlist, other help is very appreciated. If you are a programmer, please consider working on any TODO or FIXME in the sources, implement it or fix it and send the patch to the dev mailing list. Thank you.

Currently being worked on (and not requiring any help until a beta is released) are:
GNU/Autotools support
Threading for proper:
PIPELINING Support
IMAP Support
TOP Support
Simultaneous Virus/Spam scanning

P3Scan-development Current version: 3.0_rc1

Introduction

The files released in this branch are for testing purposes. They seem to work, they just need more people to use them to confirm so.


P3PMail Current version: none

Introduction

This program has been transfered to another programmer. I will update this with a link when I have more information. Sorry.

The current version of p3pmail (1.3) may corrupt image attachments. Please do not use this program until a replacemet is released.

p3pmail will parse dangerous html tags from email messages to make them safer for viewing. It does this by skipping the header of the email message before parsing it for dangerous HTML tags. Also, it will only parse html email, not normal email.

It was designed for p3scan but can be used as a stand alone program.

Usage: p3pmail < email-msg

The parsed email message will be printed to stdout.


SourceForge.net Logo