Virustotal integration for amavisd-new
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Johann Schmitz cdd54d5746
Updated test
3 years ago
amavisvt Updated test 3 years ago
tests Updated test 3 years ago
.gitignore Generate JUnit report file (for jenkins) when executing tests 3 years ago
.travis.yml Added requirements_dev.txt for development dependencies 3 years ago
LICENSE.txt Initial commit 3 years ago
Makefile Report py.test warnings 3 years ago
README.md Updated README.md 3 years ago
amavisvt_example.cfg Starting to rework amavisvt to use a daemon 3 years ago
requirements.txt New Feature: filename pattern detection 3 years ago
requirements_dev.txt Added requirements_dev.txt for development dependencies 3 years ago
setup.py Don't forget packages in setup.py 3 years ago

README.md

amavisvt is a command-line program to include Virustotal as an amavisd-new virus scanner by using the Virustotal Public API.

Before you think about integrating it into your mailserver, please have in mind that the Virustotal Public API has a very low request limit which isn’t enough for most mail servers to provide good results.
amavisvt uses memcached to reduce the number of calls to the API. While it’s possible to run amavisvt without memached, it’s strongly advised to do so.

amavisvt uses the SHA256 hash of mimeparts to fetch file scan reports from Virustotal. amavisvt does not send any content to virustotal unless you have the filename pattern detection feature enabled (see amavisvt_example.cfg for details). To reduce the number of requests to VT even further, amavisvt only asks for reports for parts whose mime type (identified by libmagic) starts with application/, image/ or are typical scripts (perl, python, shell).

In future versions, amavisvt may integrate configurable filter for the mime types and/or file extensions.

Build Status Coverage Status

Installation

If you are on Gentoo Linux, add the last hope overlay and emerge amavisvt:

layman -a last-hope
emerge app-antivirus/amavisvt -av

Configuration

First, create an account on virustotal.com to obtain your API key. After registration, you can find it under “My API key”

amavisvt ships with an example config file. Place it in one of the following locations: /etc/amavisvt.cfg, ~/amavisvt.cfg or ./amavisvt.cfg and adjust it to your needs.

Please note, the location of memcached isn’t configurable at the moment. The instance has to run on 127.0.0.1:11211 and must accept connections from localhost.

As a last step, configure amavisd-new by adding the following snippet to either @av_scanners or @av_scanners_backup:

['AmavisVT', 'amavisvt',
    '-v {}',
    [0], [1],
    qr/(?:Detected as) (.*)(?:\033|$)/m ],

After that, restart amavisd-new. If all went well, you should see a line like this in your logfile:

Found primary av scanner AmavisVT    at /usr/bin/amavisvt

License

See LICENSE.txt