Mailtraq VirusScan MessageFilter
--------------------------------

The Mailtraq VirusScan (MV) is a messagefilter for Mailtraq. Every message which Mailtraq routes will be processed by MV. MV will extract the attachments of the message and will run the virusscanner. Infected messages will be moved to a quarantine folder.

For questions, remarks, etc: marco@mattic.n.l. (remove the last two dots)

Disclaimer
----------
You use this program on your own risk!. We did extensive testing to prevent any malfunction, but we cannot guarantee this on your system configuration. We cannot take any responsibility of any lost messages or virusses which were not detected.

Installing
----------
- Setup the ini file (described below)
- Run the MTQVirusScan.exe once. This will register the message filter in Mailtraq.
From now on Mailtraq will automatically start the filter.

How does it work
----------------
Every message which Mailtraq routes is saved (by Maitraq) in the 'InQueue'.
- MV checks the InQueue for any messages. If a message exists in the InQueue, the first is moved to the 'ProcessFolder'.
- MV extracts all the attachments of the message to the 'ProcessFolder'.
- MV executes 'VirusScanApplication' with the parameters 'VirusScanParameters'
- If the exitcode of the 'VirusScanApplication' is 0 (means successful), the message is moved to 'OutQueue'. Mailtraq retrieves the message from the OutQueue and continues routing the message
- If the exitcode of the 'VirusScanApplication' is 'ExitCodeVirusFound', the message is moved to 'QuarantineFolder'.
- If the exitcode of the 'VirusScanApplication' is not 0 and not 'ExitCodeVirusFound', the message is moved back to the 'InQueue'.

IniFile settings
----------------
The IniFile (MTQVirusScan.ini) must contain the following entries:

[Settings]
Name=
Description=
InQueue=
OutQueue=
ProcessFolder=
QuarantineFolder=
VirusScanApplication=
VirusScanParameters=
ExitCodeVirusFound=
ReportLogfileContaining=
DeleteLogfile=

The VirusScanParameters can contain the following strings which will be replaced during execution:
%foldername% = The folder which will be scanned containing both the message file and the attachments (=ProcessFolder)
%filename% = The filname of the message file
%logfilename% = A log file name in which the virusscanner reports its result


Things to know
--------------
- During the extracting of the message, the attachments will be (temporarily) saved in the temp folder. If you have a resident virusscanner, make sure the temp folder is not scanned.
- If any settings are changed, change the ini file, terminate the mtqvirusscanner.exe process and wait for Mailtraq to restart MV. This can take several minutes. During this delay, the routing of messages is delayed but no messages will be routed without scanning
- The ProcessFolder cannot have any spaces in the name. This is because of some problems with certain virusscanners which do not accept a quoted path.

Example ini files
-----------------

McAfee VirusScan Enterprise 7/8:

[Settings]
Name=VirusScan
Description=McAfee Virus Scan
InQueue=C:\Data\Mailtraq\VirusScan\InQueue
OutQueue=C:\Data\Mailtraq\VirusScan\OutQueue
ProcessFolder=C:\Data\Mailtraq\VirusScan\Processing
QuarantineFolder=C:\Data\Mailtraq\VirusScan\Quarantine
VirusScanApplication=C:\Program Files\Common Files\Network Associates\Engine\Scan.exe
VirusScanParameters=%foldername% /all /sub /mime /nomem /noboot /nobeep /unzip /analyze /program /noexpire /append /report %logfilename%
ExitCodeVirusFound=13
ReportLogfileContaining=Found


Grisoft AVG 7:

[Settings]
Name=AVG
Description=AVG Virus Scan
InQueue=c:\Data\Mailtraq\AVG\InQueue
OutQueue=c:\Data\Mailtraq\AVG\OutQueue
ProcessFolder=c:\Data\Mailtraq\AVG\Processing
QuarantineFolder=c:\Data\Mailtraq\AVG\Quarantine
VirusScanApplication=C:\Program Files\Grisoft\AVG7\avgscan.exe
VirusScanParameters=/arc /rt /report %logfilename% /macrow /noboot /nomem /nohimem /noself /ext=* /scan %foldername%
ExitCodeVirusFound=6
ReportLogfileContaining=Virus identified


ClamWin Antivirus:

[Settings]
Name=ClamWin
Description=ClamWin Virus Scan
InQueue=c:\Data\Mailtraq\ClamWin\InQueue
OutQueue=c:\Data\Mailtraq\ClamWin\OutQueue
ProcessFolder=c:\Data\Mailtraq\ClamWin\Processing
QuarantineFolder=c:\Data\Mailtraq\ClamWin\Quarantine
VirusScanApplication=C:\Program Files\ClamWin\bin\clamscan.exe
VirusScanParameters=--log=%logfilename% --database="C:\Documents and Settings\All Users\.clamwin\db" %foldername%
ExitCodeVirusFound=1
ReportLogfileContaining= FOUND



Updates and more information
----------------------------
http://www.matdev.com/mtqvirusscan.html

System requirements
-------------------
MV has been tested on:
- Windows 2000 professional
- Windows XP professional (SP2)
- Windows 2003 server

Uninstalling
------------
- Open RegEdit
- Remove the complete entry under HKEY_LOCAL_MACHINE\SOFTWARE\Fastraq\Mailtraq\MessageFilters
- Restart Mailtraq


Copyright
---------
This program is freeware. Anyone can use it. The program is "as is" without warrenty of any kind. In no event shall the regents or contributors be liable for any direct, indirect, incidental, special, exemplary, or consequential damages (including, but not limited to, procurement of substitute goods or services; loss of use, data, or profits; or business interruption) however caused and on any theory of liability, whether in contract, strict liability, or tort (including negligence or otherwise) arising in any way out of the use of this software, even if advised of the possibility of such damage.

- Portions of this software are Copyright (c) 1993 - 2002, Chad Z. Hower (Kudzu) and the Indy Pit Crew - http://www.nevrona.com/Indy/


Back