The recent explosion of the MyDoom worm seems to have sparked interest in virus-scanning email systems. UNIX users, knowing their systems are essentially immune, tend to sneer a little at these outbreaks. I think that's wrong--would a tank commander sneer to see civilians overrun? We have a responsibility to cut virus propagation off at the knees by refusing to carry infected emails on our systems. I wrote qscanq to address this need in a scalable, secure way.
Qscanq scans every email message submitted to qmail before allowing it to be added to qmail's mail queue. Infected emails are rejected, not bounced, so you won't have to deal with double-bounces during virus outbreaks.
Secure
Qscanq was designed for security from the ground up. Running qmail with qscanq should as secure as running qmail without it. There's even a security guarantee!
Interoperable
Qscanq works with your existing qmail setup: absolutely no qmail patches are needed. Nothing to recompile or reconfigure. No unapproved patches to weaken qmail's proven security. You can even install binary qmail distributions, and then add virus protection with qscanq!
Note that if you do use Bruce Guenter's QMAILQUEUE patch, then qscanq will interoperate with that as well.
Atomic
You can enable and disable qscanq without even stopping qmail! Replacement of qmail-queue occurs atomically.
Single-Minded
With qscanq, virus-infected email are rejected before qmail even sees them. That's all qscanq does: it doesn't scan for spam, or compute probability profiles, or check whitelists, or match regular expressions, or slice vegetables. It blocks infected emails, using minimal system resources in the process. That's all it will ever do.
Quiet
When qscanq detects an infected email, it refuses it. The sender--if he really exists--will see a bounce, but that's it. No annoying nag messages to the sender, recipients or root.
Efficient
Qscanq is written in C, so there's no heavyweight Perl interpreter. It's streamlined, so there's no bloat. In one performance test involving 2592 actual emails, scanning with qscanq took an average of 0.79 seconds per message. Of that time, 0.13 seconds was spent extracting the MIME components, and 0.66 seconds was spent scanning the components for viruses. Overall, more than 97% of the execution time of qscanq is spent with extraction and scanning, only 3% on overhead.
Qscanq is also efficient with disk space and qmail's time. Infected messages are rejected before qmail even sees them. Qmail won't waste time trying to deliver them; it will never generate a bounce message or have to deal with double-bounces.
