Virus Screening with the iPlanet Messaging Server Conversion Channel

The iPlanet Messaging Server has a facility for allowing sites to hook in third party software to perform arbitrary body-part processing. Examples could include software that performs document conversion from text to Postscript, content filtering, or other desired processing. This facility can also be used in conjunction with a third party virus scanning software to conduct e-mail virus screening.

The Conversion Channel

The conversion channel is a standard out-of-the-box Messaging Server component. This channel can perform arbitrary body-part-by-body-part processing on messages flowing through the Message Transfer Agent (MTA). (Complete information on using the Conversion Channel will be available in the iPlanet Messaging Server 5.2 Administrator's Guide.)

Any subset of the MTA traffic can be selected for conversion and any set of programs or command procedures can be used to perform conversion processing. A special conversion channel configuration file is consulted to choose an appropriate conversion for each body part.

Typically, a message is not processed by the conversion channel as it traverses the MTA. However, a site may set up directives in the MTA configuration such that select message traffic take a detour through the conversion channel.

Once the message is in the conversion channel it is broken up into individual body-parts. Each body-part is examined with special attention is given to the MIME headers. These headers tell what type of body-part is being examined and possibly the document name of the body-part. This information is compared against entries in the conversion channel configuration file to determine what special processing, if any, should be applied to the body-part. Sites will set rules for how to handle certain document types with these entries.

If the content type information of a body-part satisfies the criteria of the conversion control entry, then the action specified by that conversion control entry is applied to that body-part.

Body-parts not matching any conversion control entries are passed through without processing

Integrating a Third Party Program into the Conversion Channel

For deployment via the conversion channel, the third party software should have a command line interface. This enables the system manager to invoke the scan in a wrapper process that translates the error return codes from the scan into directives on how to further process the body-part.

The tasks of the wrapper are to call the third party virus scanner, input the body-part, and return a signal for some type of action after the results of the scan are known. For instance, if the scan implies that there is a virus in the body-part, then the wrapper could pass a signal back to the conversion channel such that it will either:

  • Replace the infected body-part with a substitute text message of some sort.
    (example, "Warning: virus detected, infected part removed.")
  • Discard the infected body-part.
  • Return the entire message as undeliverable.
  • Hold the message for manual intervention by the system administrator.

Deployment & Performance Considerations

For efficiency, e-mail virus screening should be set up on the outer edges of your messaging system deployment. This assures that only the minimum amount of processing is done if the results of a virus scan are used--among other things--as a basis for bouncing those messages. For this reason, you will want to place the virus scanning functions on your inbound relay machines and your outbound relay machines.

Virus scanning has an impact on the message flow rates due to the increased use of system resources. Systems should not only be adequately sized for dealing with the mail flow during peak periods, but should be also sized to handle the additional demands of running a virus scanner.

Other Considerations

Note that it is just as important to scan outbound email messages for viruses. With advent of the Melissa and LOVEbug viruses which replicate via misuse of email address books, sites should be good netizens by scanning outbound messages.

There could be legal implications as well. It would be prudent for sites to protect themselves against possible legal action for passing along viruses to others.

Summary

The iPlanet Messaging Server offers the ability for sites to implement e-mail virus scanning with the flexibility to select the types of documents to scan as well as the portion of mail traffic to examine. The conversion channel offers the framework within which a site may apply their virus detection policies quite readily.

Additional Information

For details on how to insert a third party program into the conversion channel see this Technical Writeup.

In addition, see the iPlanet Messaging Server Adminitration Guide for detailed information on the conversion channel.

Scripting Samples

Sample scripts for using various scanners with the conversion channel are available for download here.

Virus Scanning Software Products

The following virus scanning software products have been successfully deployed via the iMS conversion channel:

UVSCAN from NAI
   http://www.nai.com/asp_set/buy_try/try/products_evals.asp

Sweep from Sophos
   http://www.sophos.com

InterScan VirusWall from TrendMicro
   http://www.antivirus.com/products/isvw      (You only need to install the ISBASE portion)