Creating an ultimate anti-virus and anti-spam email gateway
 

What i'm wanting to do is the following:

Having an email server gateway (ideally running under linux since its the OS i'm most familiar with) which has both a whitelist and a blacklist for emails plus some kind of scanning ability for certain windows virii. (or at least the ability for me to define if something is in an email send it onto the admin or send it to /dev/null).

I want it so when an email is first received it is checked for say exploit code against a list setup by the admin (if it contains virus/exploit code then it gets sent to admin or to /dev/null) then the email is checked against a anti-spam blacklist, if it passes that then it goes onto the next check the whitelist, if the email address is on the whitelist of allowed from email addresses then it gets sent to the primary email server. If not then it gets sent to admin.

The reason for the exploit code thing is simple, at the moment we have an ms exchange 2k server setup as the email server (don't look at me, was before I joined the company) with anti-virus software for both the server and on the workstations.
Now, after I joined the company I obviously did a lot of security improvements since the previous person did not do much in the way of network security. Since at the moment we're mostly a Microsoft place. (hiss, boo yada yada)
Now, viruses got past the anti-virus scanners a couple of times but because of some of the security measures (like disabling people from opening .pif files etc in Outlook) no machines got infected. (even though the anti-virus software was upto date it didn't detect some virii)

Now, I know there are to my knowledge 31 unpatched holes currently in IE some not so serious and others very serious.
So I have to take into consideration that at some point we will end up with a machine or machines infected with a virus no matter how well prepared we are.

If anyone can point me to any guides or information on creating an email gateway under linux that can check emails for certain strings, check emails against a blacklist and then check against a whitelist (which should be easilly able to add new addresses to, ideally i'd want it so users on the network could login via some sort of web interface and can define trusted from addresses for themselves) i'd be grateful.

BTW, I know about lawmonkey.org/anti-spam.html but thats under OpenBSD and primarilly anti-spam only.

Thanks

Mark

I'd say take a look at Postfix. It is a pretty powerful MTA and you can do filtering based on header, body. You can also implement the anti-spam part using SpamAssassin ... the anti-virus implementation would be done with amavisd-new.

Still need some kind of whitelist web based interface, only way I can see doing that is creating something in PHP and my PHP isn't great at the moment, infact my ASP and VB is better than my PHP which gives you an idea of how bad my PHP is...

Reason why I need a web based interface is simple, people can then add persons email addresses to the whitelist just for their email address or to a universal list. (i'd probably only want certain people to have access to the universal list)

Also, another thing I wouldn't mind having the capability is to say convert all incoming HTML emails (maybe even Rich Text too) into normal plain text (but still keeping any uuencoded/mime attachments), that way it would also strip out any malicious code too, the email gateway could keep the original HTML/Rich Text email and if the user for some reason needs the formatting of said HTML/Rich Text email they can login via the web interface and ok it to send the HTML version to the main email server.

Thanks

Mark