.gif){kind=logo}
|
|
|
|
 |
 |
| Thank you very much! |
This is a full-transparent proxy-server for email clients. It runs on a Linux box with iptables (for port re-direction)[1]. It can be used to provide email scanning from the internet, to any internal network and is ideal for helping to protect your "Other OS" LAN from harm, especially when used in conjunction with a firewall and other Internet Proxy servers.
It is designed to enable scanning of incoming/outgoing email messages for Virus's, Worms, Trojans, Spam (read as "Un-solicited Bulk Email"), and harmfull attachments. Because viewing HTML mail can enable a "Spammer" to validate an email address (via Web bugs), it can also provide HTML stripping.
This project is maintained by Jack S. Lai <laitcg at cox dot net>.
P3Scan is a derived work of POP3VScan as written by Folke Ashberg <folke at ashberg dot de>.
It's intent is to provide a follow on program to POP3-Virusscan-Proxy 0.4
It is based upon his program but provides numerous changes to include scanning email for spam, hardening the program, addaption to today's email environment, and many, many other changes.
I want to thank Folke Ashberg here for his wonderful program. I would also like to thank Astaro Internet Security for the patches they made to Folke's program that are incorporated in p3scan.
[1] If you want to forgo transparency, you can choose not to use iptables redirection.
You have to set up a port redirection with iptables so that all connections from e.g. inside your office to any POP3/POP3S/SMTP server outside in the world will not leave your router, but come to a local port, on which P3Scan listens.
P3Scan receives from the Linux kernel the original destination (the email server outside in the world) and will connect to them.
All data we receive from the client will be sent to the server, and vice versa. With a little enhancement: we parse the necessary parts of the protocol and when an email is sent from the server, we store it into a file, invoke our scanning, and send it along if it is good, or in the event of POP3/POP3S we replace it with a virus notification and optionally delete the infected message. For infected SMTP messages, we reject the message.
It should be possible to use all scanners using the scannertype=basic.
Also, P3Scan provides scannertype=avpd for high-speed scanning using 'Kaspersky Anti-Virus for Linux', every C programmer can easily adept other scan-daemons (trophie, sophie, antivir, ...).
Neither the client nor the server has to be configured, none of them will take notice that there's a mail scanner (except the client when he gets a virus notification or if he looks into the header, and the server gets our ip as source).
* If you want to forgo transparency, you can choose not to use iptables redirection. Otherwise, it is required.An Anti-Virus program
P3Scan is known to work with:DSPAM Statistical Spam Protection (optional)Kaspersky Anti-Virus for Linux (AVPD)
Trophie Anti-Virus Daemon
FRISK F-Prot Antivirus
Clam AntiVirus
F-Secure Anti-Virus
Any other virus scanner that can output it's report to the console (stdout) so that it can be captured with "2>&1".
PIPELINING Support
IMAP Support
TOP Support
Simultaneous Virus/Spam scanning
The files released in this branch are for testing purposes. They seem to work, they just need more people to use them to confirm so.
This program has been transfered to another programmer. I will update this with a link when I have more information. Sorry.
The current version of p3pmail (1.3) may corrupt image attachments. Please do not use this program until a replacemet is released.
p3pmail will parse dangerous html tags from email messages to make them safer for viewing. It does this by skipping the header of the email message before parsing it for dangerous HTML tags. Also, it will only parse html email, not normal email.
It was designed for p3scan but can be used as a stand alone program.
Usage: p3pmail < email-msg
The parsed email message will be printed to stdout.