Zmscanner

Content Scanner for Zmailer and Sendmail

Zmscanner is an extensible modular contentfilter for Zmailer and Sendmail MTAs. It is designed to be fast and efficient and thus suitable for high traffic mail systems.

2009-03-31: zms_clamav release 1.17 - support clamav 0.96

2009-03-31: zmscanner release 2.01 - properly use PIC code

Download tarballs
Anonymouns read-only Subversion access:
```
$ svn co http://svn.average.org/svn/zmscanner/<module>/trunk <localdir>
  
```
Modules are: zmscanner (core package), zms_clamav, zms_dehtml, zms_pcre.

Version 1.00 runs for several years in production environment on a high traffic site (> 1.5M messages/day) with zms_clamav, zms_dehtml and zms_pcre modules, and seems to operate normally. Versions 1.0x are minor improvements to that, they should be equally stable but are not tested that extensively.

Version 2 (prereleases are named 1.9x), as of this writing, is experimental. Main change is new Milter interface, that is, support for Sendmail as well as Zmailer. This change involved some modifications in existing code, so even Zmailer version may be affected.

As to the wishlist, the current status of decoders is OK for analyzing binary body parts, and ASCII text parts and headers. It sould be a Right Thing to convert all text parts, and non-ascii headers to UNICODE and make regular expression/etc. processors UNICODE-capable. Also, there are some very interesting opportunities in HTML scanners, e.g. normalizing host names, resolving them to IP addresses and then matching against a blacklist.

You need Zmailer that is not older than September 2003: older versions are not capable of communicating with the contentfilter over unix domain socket. Specify

    PARAM contentfilter /path/to/zmscanner/socket

in smtpserver.conf

Sendmail 8.13.3 is used for development of Milter part; binary to run is named smscanner.

For documentation, see manpages, README files in the distributions, and sample confguration files.

"zmscanner" is the core package, you must build and install (!) it before building modules.

As of this writing, four useful (and one not so useful) modules exist:

check_ct (which is a part of the core package) - performs POSIX regex matching on the contents of "Content-Type:" header. This, for instance, allows to block HTML mail or messages with executable attachments.
zms_pcre - uses Philip Hazel's PCRE library to match patterns in text body parts. PCRE stands for "Perl Compatible Regular Expressions". This module runs on text/plain body parts and on text/html that passed through zms_dehtml.
zms_clamav - uses ClamAV library and virus databases to scan non-text attachments for viruses (Note: no clamd daemon is used, only low level scanning functions).
zms_dehtml - takes text/html body part, strips off HTML tags and passes text/plain result for further processing (converting "&#XXXX;" is on the TODO list).

In the old/ subdirectory of the download area and in Subversion repository you will find zms_naive module. It exactly duplicates the functionality of "lean-mean-contentfilter" which is distributed with Zmailer. You don't need to run it unless you want to migrate from "lean-mean".

Eugene Crosser <crosser at average dot org>