KAV4LMS EXIM-DLFUNC-FILTER ================================================================================ 1. Description -------------------------------------------------------------------------------- Exim-dlfunc is a new method for integrating our product with Exim. It is similar to local_scan() API method, but it does not require to have a special build of Exim. It is inspired by Victor Ustugov's work [1], and it is the first such implementation that is able to modify e-mails, not just to scan them. It is based on dlfunc string expansion method [2] and a series of ACL's [3]. As a result of calling the dlfunc string expansion, our own library is loaded, and it has access to local_scan() API and Exim's queue. The library uses a GPL'd implementation of the communication protocol to communicate with KAV4LMS server for scanning emails. All kav4lms actions are supported: warn, drop, reject, cure, delete, rename and skip. 2. Building -------------------------------------------------------------------------------- In order to build it, you need to do the following, in exim-dlfunc directory: ./configure make The binaries will be created in: exim-dlfunc/command-gpl/.libs exim-dlfunc/exim-lib/.libs 3. Integration/installation with Exim -------------------------------------------------------------------------------- In order for the library to be called, you need to add the following lines into the Exim configuration file, ACLs section (begin acls), in the acl_check_data ACL: ----- warn set acl_m0 = ${dlfunc{/path/to/libkavexim.so}{kav}\ {local:/var/run/kav4lms/kavmd.sock}{/tmp/exim-dlfunc}} accept condition = ${if match{$acl_m0}{\N^kav: continue\N}{yes}{no}} logwrite = kav returned continue deny condition = ${if match{$acl_m0}{\N^kav: reject.*\N}{yes}{no}} logwrite = kav returned reject message = Kaspersky Anti-Virus rejected the mail discard condition = ${if match{$acl_m0}{\N^kav: drop.*\N}{yes}{no}} logwrite = kav returned drop message = Kaspersky Anti-Virus dropped the mail defer condition = ${if match{$acl_m0}{\N^kav: temporary failure.*\N}{yes}{no}} logwrite = kav returned temporary failure message = Temporary failure ----- The last two parameters are the socket to be used for communicating with kavmd and the temporary directory. The socket can be either a local socket as in the above example, which is also the default setting, or it can be of the form: inet:@ In this case, a TCP/IP socket is used. Notes: - depending on the OS and distribution, there may be a single configuration file containing all the sections, or there may be several files containing one or more sections each - acl_check_data may have another name, and is defined by using acl_smtp_data directive in the main configuration area/file. 4. References -------------------------------------------------------------------------------- [1] - http://mta.org.ua/exim-4.67-conf/dlfunc/aveserver/ [2] - http://exim.org/exim-html-current/doc/html/spec_html/ch11.html#SECTexpansionitems [3] - http://exim.org/exim-html-current/doc/html/spec_html/ch40.html