Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: howto
Top Forums UNIX for Dummies Questions & Answers howto Post 40571 by Perderabo on Thursday 18th of September 2003 07:58:11 AM
Old 09-18-2003
Unix is a collection of operating systems that run on any hardware. Unix people rarely download executables except from very trusted sources.

Windows users will download executables very frequently and virtually all of them use a cpu that uses intel's instruction set.

True viruses are machine specific. So you can create a SunOS true virus or an HP-UX true virus. But a unix true virus cannot be written.

The first internet based attack was the morris worm which targeted several versions of unix simultaneously. It took down many unix based systems. It even crossed over to Milnet and took down hundreds of military systems. That was well over 10 years ago and unix security has improved a lot since then.

Unix tends to treat email as something for a human to read. It is very rare for a unix system to attempt to execute an incoming email message automatically. It also helps that there are other operating systems that are very vulnerable to viruses. They divert the attention of virus authors away from unix. Finally, unix still has several security problems of its own. A cracker who wants to breech unix security will target one of those.

These are the big factors that act to protect unix from viruses. True viruses that is....

However, people use the term virus loosely. I know the difference between a virus and a worm. However, I would not be amused if the virus scanning software that I bought for my laptop intentionally ignored worms.

And evil software doesn't always perfectly match the classical definitions. Those email viruses that target windows are not true viruses. But it's not clear what to call them... they are sort of a cross between a trojan horse and a worm or something.

Now consider your mail server: if an email virus targeted toward Windows arrives on your server, it will not magically disappear. Sure, it won't affect your unix based mail server. That doesn't mean that you want to forward it to your user's computer. I would call a unix mail server waiting to download windows viruses "infected". What other term would you use? (Actually, I kinda like the term "subclinical infection".)

So unix can be infected with anything and after you loosen up the definition of "virus" enough to include all evil software, unix can be affected by viruses.

As for antispam, click on home, then click on answers to frequently asked questions, then click on email antispam techniques and email filtering
 

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

pop3 service- howto?

Hello , I have this RH6.2 box with sendmail8.9.3-20 (configured and running properly ) I have also (procmail3.14-2 , fetchmail5.3.1-1 ) installed but I don't know about them. (( all installed as rpm packages)) okay ,,, here what I need: I need to be able to use OUTLOOK or any other... (3 Replies)
Discussion started by: t_zone
3 Replies

2. UNIX for Dummies Questions & Answers

Full Duplex Howto

Dear Members, I was reading a few posts and saw something about installing two Nics so one could use Full Duplex. I remember back in the day of dial up, you could have two modems and use one for upstream and one for downstream. This was called shotgunning. It seems that you can now do the same... (4 Replies)
Discussion started by: Phobos
4 Replies

3. Windows & DOS: Issues & Discussions

windows howto find

Hi all! How would you do the equivalent of find ! -type f..... under windows? Meaning, how under a directory could you find all files except those named *.mp3 for example? the command under linux would be: find $DIR ! -name "*.mp3" what would be that under windows? Thanx for any ideas... (3 Replies)
Discussion started by: penguin-friend
3 Replies

4. UNIX for Dummies Questions & Answers

system () howto ??

How do you write a command to : A text line to a file in ./DATA1/archive.log using system () in awk TodayDate Time scriptname.ksh filename.dat system(echo `date '+%D %T` scriptname.ksh >> ./DATA/archive.log) --> syntax error +%D Thanks for your help (0 Replies)
Discussion started by: britney
0 Replies

5. Linux

boot cd linux HOWTO?

i have linux bootable cd. I want similar bootalbe cd with some chnage in the disk. i.e, some file from the old cd has to replaced in newer one. how do i do it? (3 Replies)
Discussion started by: yogesh_powar
3 Replies

6. Shell Programming and Scripting

Howto create a file

Hi folks, How do we create a file using shell script? i mean to say that do we use is it a good approch to do echo "abc" >file echo "xxxx" >>file or is there any better method? Thanks, Amit (5 Replies)
Discussion started by: amit4g
5 Replies

7. Solaris

Looking for CIFS howto

I just skimmed through the Administration Guide about LDAP and CIFS. Well that's a whole lot of text. Does someone know a tutorial/introduction with some steps to make? TIA (14 Replies)
Discussion started by: PatrickBaer
14 Replies

8. Shell Programming and Scripting

Howto use grep command

Hi all , i am having a table which contains start date and end date for ex .. startdate enddate 12/03/2011 12/04/2012 11/03/2011 20/05/2011 11/04/2011 28/07/2011 how to grep startdate = 12/03/2011 enddate = 28/07/2011 i need output :- startdate:12/03/2012... (4 Replies)
Discussion started by: Venkatesh1
4 Replies

9. UNIX for Dummies Questions & Answers

Q: Howto compare 2 files

Greetings, I made an extraction on 2 different databases. What I need to do is to compare those extractions to know what is on database1 which is not on database2 and vice versa. In those files, there are only numbers. So each line is just a number witch should be present on both file. If... (6 Replies)
Discussion started by: Sekullos
6 Replies

10. Shell Programming and Scripting

Howto cancel I/O redirection ?

Hi on AIX systems (6.x and 7.x) I have ksh scripts redirecting I/O, and running another script script000.ksh ie : # my script ... >${LOG} >${LOGCTRL} exec >>${LOG} 2>>${LOG} . ${PROJECT}/.../script000.ksh # hereafter, restore default I/O ... Is it possible at the end of the... (2 Replies)
Discussion started by: Fundix
2 Replies

LEARN ABOUT DEBIAN

clamsmtpd

clamsmtpd(8)						    BSD System Manager's Manual 					      clamsmtpd(8)

NAME

     clamsmtpd -- an SMTP server for scanning viruses via clamd

SYNOPSIS

     clamsmtpd [-d level] [-f configfile] [-p pidfile]
     clamsmtpd -v

DESCRIPTION

     clamsmtpd is an SMTP filter that allows you to check for viruses using the ClamAV anti-virus software. It accepts SMTP connections and for-
     wards the SMTP commands and responses to another SMTP server.

     The DATA email body is intercepted and scanned before forwarding. By default email with viruses are dropped silently and logged without any
     additional action taken.

     clamsmtpd aims to be lightweight and simple rather than have a myriad of options. The options it does have are configured by editing the
     clamsmtpd.conf(5) file. See the man page for clamsmtpd.conf(5) for more info on the default location of the configuration file.

OPTIONS

     Previous versions had more options. These still work for now but have equivalents in clamsmtpd.conf(5) and are not documented here. The
     options are as follows.

     -d 	 Don't detach from the console and run as a daemon. In addition the level argument specifies what level of error messages to dis-
		 play. 0 being the least, 4 the most.

     -f 	 configfile specifies an alternate location for the clamsmtpd configuration file. See clamsmtpd.conf(5) for more details on where
		 the configuration file is located by default.

     -p 	 pidfile specifies a location for the a process id file to be written to. This file contains the process id of clamsmtpd and can
		 be used to stop the daemon.

     -v 	 Prints the clamsmtp version number and exits.

LOGGING

     clamsmtpd logs to syslogd by default under the 'mail' facility. You can also output logs to the console using the -d option.

LOOPBACK FEATURE

     In some cases it's advantageous to consolidate the virus scanning and filtering for several mail servers on one machine.  clamsmtpd allows
     this by providing a loopback feature to connect back to the IP that an SMTP connection comes in from.

     To use this feature specify only a port number (no IP address) for the OutAddress setting in the configuration file. This will cause
     clamsmtpd to pass the email back to the said port on the incoming IP address.

     Make sure the MaxConnections setting is set high enough to handle the mail from all the servers without refusing connections.

TRANSPARENT PROXY FEATURE

     A transparent proxy is a configuration on a gateway that routes certain types of traffic through a proxy server without any changes on the
     client computers.	clamsmtpd has support for transparent proxying of SMTP traffic by enabling the TransparentProxy setting. This type of set-
     up usually involves firewall rules which redirect traffic to clamsmtpd and the setup varies from OS to OS. The SMTP traffic will be forwarded
     to it's original destination after being scanned.

     When doing transparent proxying for outgoing email it's probably a good idea to turn on bounce notifications using the Action: bounce set-
     ting. Also note that some features (such as SSL/TLS) will not be available when going through the transparent proxy.

     Make sure that the MaxConnections setting is set high enough for your transparent proxying. Because clamsmtpd is not being used as a filter
     inside a queue, which usually throttles the amount of email going through, this setting may need to be higher than usual.

VIRUS ACTIONS

     Using the VirusAction option you can run a script or program whenever a virus is found. This may be handy in certain circumstances but it has
     several drawbacks. For one, the performance of the virus filtering will take a hit, perhaps DOS'ing your machine under heavy load. Secondly
     as with running any program there are security implications to be considered.

     Please consider the above carefully before implementing a virus action.

     The script is run without its output being logged, or return value being checked. Because of this you should test it thoroughly. Make sure it
     runs without problems under the user that clamsmtpd(8) is being run as.

     Various environment variables will be present when your script is run. You may need to escape them properly before use in your favorite
     scripting language. Failure to do this could lead to a REMOTE COMPROMISE of your machine.

     CLIENT	 The network address of the SMTP client connected.

     EMAIL	 When the Quarantine option is enabled, this specifies the file that the virus was saved to.

     RECIPIENTS  The email addresses of the email recipients. These are specified one per line, in standard address format.

     REMOTE	 If clamsmtpd is being used to filter email between SMTP servers, then this is the IP address of the original client. In order for
		 this information to be present (a) the SMTP client (sending server) must an send an XFORWARD command and (b) the SMTP server
		 (receiving server) must accept that XFORWARD command without error.

     REMOTE_HELO
		 If clamsmtpd is being used to filter email between SMTP servers, then this is the HELO/EHLO banner of the original client. In
		 order for this information to be present (a) the SMTP client (sending server) must an send an XFORWARD command and (b) the SMTP
		 server (receiving server) must accept that XFORWARD command without error.

     SENDER	 The email address for the sender of the email.

     SERVER	 The network address of the SMTP server we're connected to.

     TMPDIR	 The path to the temp directory in use. This is the same as the TempDirectory option.

     VIRUS	 The name of the virus found.

SECURITY

     There's no reason to run this daemon as root. It is meant as a filter and should listen on a high TCP port. It's probably a good idea to run
     it using the same user as the clamd(8) daemon. This way the temporary files it writes are accessible to clamd(8)

     Care should be taken with the directory that clamsmtpd writes its temporary files to. In order to be secure, it should not be a world write-
     able location. Specify the directory using the TempDirectory setting.

     When using the VirusAction option make sure you understand the security issues involved. Unescaped environment variables can lead to execu-
     tion of arbitrary shell commands on your machine.

     If running clamsmtpd on a publicly accessible IP address or without a firewall please be sure to understand all the possible security issues.
     This is especially true if the loopback feature is used (see above).

SEE ALSO

     clamsmtpd.conf(5) clamd(8), clamdscan(1)

AUTHOR

     Stef Walter <stef@memberwebs.com>

clamsmtp							   June 1, 2019 							  clamsmtp
All times are GMT -4. The time now is 06:19 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy