AVFILTER
Yet another ClamAV filter for Courier-MTA

current--> v3.9	Tue 29 Nov 2022 12:11:40	[gpg signature]	[announce]	[rel.notes]
v3.8	Fri 12 Nov 2021 16:11:59	[gpg signature]	[announce]	[rel.notes]
v3.7	Tue 19 Oct 2021 15:10:09	[gpg signature]	[announce]	[rel.notes]
v3.6	Tue 17 Dec 2019 10:12:40	[gpg signature]	[announce]	[rel.notes]
v3.5c	Mon 09 Sep 2019 15:09:14	[gpg signature]		[rel.notes]
v3.5	Mon 11 Mar 2019 10:03:30	[gpg signature]	[announce]	[rel.notes]
v3.4	Thu 12 Jan 2017 15:01:51	[gpg signature]	[announce]	[rel.notes]
v3.3	Fri 09 Jan 2015 10:01:06	[gpg signature]	[announce]	[rel.notes]
v3.2	Wed 05 Nov 2014 16:11:31	[gpg signature]	[announce]	[rel.notes]
v3.1	Tue 02 Sep 2014 13:09:19	[gpg signature]		[rel.notes]
v3.0	Sun 27 Jul 2014 07:07:49	[gpg signature]	[announce]

avfilter source repository can also be accessed using Subversion or a web browser.
For example, to get the latest sources:

svn checkout http://www.tana.it/svn/avfilter/trunk avfilter

• You need courier-mta, libclamav-dev, and common build utilities, such as pkg-config, gcc, perl.
• Usual configure; make; make install; with a couple of notes:
  • Consider configure --with-setuid-sig, see the example in avfilter_sig man page.
  • Run src/avilter --config to check if the configuration needs changes related to ClamAV version.
  • Remember courierfilter stop and courierfilter start around make install if re-installing.

There are some other outstanding ClamAV filters for Courier-MTA out there:

• Gordon Messner's courier-pythonfilter/clamav.py
• Julian Mehnle's Courier::Filter::Module::ClamAVd
• Tony Di Monaco's ClamCour

Those three projects started in 2003-2004, more or less in the order listed. At that time, avfilter v.1 used Sophos as a backend scanner. At the time, the idea of an Open Source anti-virus package was considered ridiculous by many. In fact, distributing Sophos' include files had always been problematic, and then the whole interface was apparently discontinued in April 2014; see avfilter v.2. Meanwhile ClamAV, under the aegis of Cisco, is getting better and better.

Besides swapping backend engine, rewriting avfilter entailed a farewell to MIME parsing, a vestige of the time when scanners didn't know about email. Nowadays, scanners deal more and more with phishing, an arena disputed between anti-virus and anti-spam. Since ClamAV is an open product, organizations can build signature databases to target various kinds of malware. Sanesecurity do a good job at maintaining, distributing, and classifying some. The average rate of false positives is part of their classification. Avfilter can be configured so as to allow certain infected messages to pass, with an added header field spelling the name(s) of the malware detected therein. That way, a downstream filter can decide to accept or block based on further data, such as domain authentication. See the docs for details.

avfilter is free software: you can redistribute it and/or modify it under the terms of the GNU General Public Licence as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

avfilter is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public Licence for more details.