milter_watch

milter_watch tests the functionality of spam- and virus-filtering milters.

Sendmail has functionality to take a conditional action at SMTP time based on feedback from a plugin mail filter (milter). One such milter is ClamAV-milter, an open source virus scanner. Another is SpamAss-Milter, an open source spam scanner. By playing the sendmail side of the connection, milter_watch can send a fake virus (eicar) and spam (GTUBE) to these (or other) milters to ensure they are functioning properly. If the milter has hung, crashed, or is allowing malware through, it can be automatically restarted, and the postmaster notified.

Documentation:

Running milter_watch -h will give the following basic information:

    Synopsis:
      milter_watch [options] socket_address
      
      socket_address should be given in a standard format:
                     local:/path/to/socket or inet:port@host
    
    Options:
      -h           This help screen
      -q           Quiet mode (don't print status)
      -d           Debug mode (lots of ugly information)
      -t timeout   Seconds to wait for milter response (default: 15)
      -L lockfile  Path to milter lockfile (abort if file doesn't exist)
      -A           Allow malware through if header added
      -r recipient Email address of recipient (default: victim)
    
    Returns 0 if milter should be restarted
            1 if milter working, or administratively shut down
    
    Recommended cronjob:
      milter_watch -q local:/var/milter.sock && /etc/init.d/milter condrestart

In addition, the following notes may be useful:

The default timeout is 15 seconds. Most systems will return in under a second, but it's possible that a heavily-loaded system could take longer, and you might want to increase this. The minimum value for this parameter is 1.
The socket should point to the milter socket, in the same format as used by your sendmail.mc or sendmail.cf file. If it terminates with Couldn't open socket, then you should confirm that this socket exists on your system and is writable by the milter_watch process.
Some systems use a lockfile to record whether a daemon is running. This script can check for the presence of that lockfile, and abort if it doesn't exist. It is a good idea to use this option if you can.

Contact:

Please send bug reports or feature requests (preferably in the form of patches) to Damian Menscher at menscher@uiuc.edu. If you are seeking help, please include as much system information as possible, along with the output of milter_watch -d. Note that because the debugging info may contain eicar (virus) or gtube (spam) samples, either put the debugging output on a website or email it in an encrypted .zip file.

License:

This software is distributed under the University of Illinois/NCSA Open Source License.

Download:

Save to to a file and chmod +x it.

Version 0.5: milter_watch-0.5 -- TCP ports on remote machines; test spam milters too

Version 0.4: clmilter_watch-0.4 -- test false positives; add flag to allow viruses through

Version 0.3: clmilter_watch-0.3 -- handle stale socket

Version 0.2: clmilter_watch-0.2 -- code cleanup and public release

Version 0.1: Not publicly released -- initial proof of concept

Proposed changes:

Tell me if there's interest in any of this:

Change the defaults (I'm open to suggestions)

ITG Home Page Microscopy Suite User Information Calendars Equipment Software Modalities Techniques Policies Fees Helpful Links Contacts VMIL About User Information Calendars Equipment Software Documentation Multimedia Production Printing Special Services Policies Fees Contacts Technology Development Bugscope Chickscope Remote Microscopy Virtual Microscopy 3D Reconstruction Visualization Web Atlas Publications Technical Reports News Forums Papers Exhibits Image of the Week Gallery Magazine Covers Movies ITG Developed Software ITG Web Resources ITG in the Media Special Events ITG People Search Advanced Search Search Help	milter_watch milter_watch tests the functionality of spam- and virus-filtering milters. Sendmail has functionality to take a conditional action at SMTP time based on feedback from a plugin mail filter (milter). One such milter is ClamAV-milter, an open source virus scanner. Another is SpamAss-Milter, an open source spam scanner. By playing the sendmail side of the connection, milter_watch can send a fake virus (eicar) and spam (GTUBE) to these (or other) milters to ensure they are functioning properly. If the milter has hung, crashed, or is allowing malware through, it can be automatically restarted, and the postmaster notified. Documentation: Running `milter_watch -h` will give the following basic information: Synopsis: milter_watch [options] socket_address socket_address should be given in a standard format: local:/path/to/socket or inet:port@host Options: -h This help screen -q Quiet mode (don't print status) -d Debug mode (lots of ugly information) -t timeout Seconds to wait for milter response (default: 15) -L lockfile Path to milter lockfile (abort if file doesn't exist) -A Allow malware through if header added -r recipient Email address of recipient (default: victim) Returns 0 if milter should be restarted 1 if milter working, or administratively shut down Recommended cronjob: milter_watch -q local:/var/milter.sock && /etc/init.d/milter condrestart In addition, the following notes may be useful: The default timeout is 15 seconds. Most systems will return in under a second, but it's possible that a heavily-loaded system could take longer, and you might want to increase this. The minimum value for this parameter is 1. The socket should point to the milter socket, in the same format as used by your `sendmail.mc` or `sendmail.cf` file. If it terminates with `Couldn't open socket`, then you should confirm that this socket exists on your system and is writable by the milter_watch process. Some systems use a lockfile to record whether a daemon is running. This script can check for the presence of that lockfile, and abort if it doesn't exist. It is a good idea to use this option if you can. Contact: Please send bug reports or feature requests (preferably in the form of patches) to Damian Menscher at menscher@uiuc.edu. If you are seeking help, please include as much system information as possible, along with the output of `milter_watch -d`. Note that because the debugging info may contain eicar (virus) or gtube (spam) samples, either put the debugging output on a website or email it in an encrypted .zip file. License: This software is distributed under the University of Illinois/NCSA Open Source License. Download: Save to to a file and `chmod +x` it. Version 0.5: milter_watch-0.5 -- TCP ports on remote machines; test spam milters too Version 0.4: clmilter_watch-0.4 -- test false positives; add flag to allow viruses through Version 0.3: clmilter_watch-0.3 -- handle stale socket Version 0.2: clmilter_watch-0.2 -- code cleanup and public release Version 0.1: Not publicly released -- initial proof of concept Proposed changes: Tell me if there's interest in any of this: Change the defaults (I'm open to suggestions)
The ITG is part of the Beckman Institute for Advanced Science and Technology at the University of Illinois.
Copyright 2005. All rights reserved. University of Illinois at Urbana-Champaign. The Imaging Technology Group 405 North Mathews, Urbana IL 61801 USA Phone: 217.244.0170 FAX: 217.244.6219 Email: I T G