Checking Email for Viruses
By: Bleddyn Williams
Title: AS/400 Internet Specialist
Date: 09/28/1998 - 06:42 PM (UCT)
The following describes the process I went through to add anti virus support, for email destined for the AS/400, and also coming from the AS/400. The basic set-up to begin with contained the following
- a Guardian firewall sitting on an NT machine this is a packet inspection firewall.
- an AS/400 running V420 acting as the SMTP/POP server
- a copy of MimeSweeper for MIME attachment checking.
MimeSweeper acts as mail relay service for both incoming and outgoing mail, so you will have to make changes described later for the incoming and outgoing mail path.
I decided to install MimeSweeper onto the firewall(it can be installed in sevral different places on the network). To do this I had to take the appropriate steps to allow it to run on the internal card. If you want more details on this process with Guardian then drop me a note (firstname.lastname@example.org). Its fairly painless as you are able to use the internal card to run various services as long as they pass the firewall rules that are defined.
To make all mail destined for my host first of all go through MimeSweeper I had to change the MX (Mail Exchange) entry for our mail server. This entry basically says where mail delivered for the domain morpheus.co.uk will be sent to. This had been pointing directly to the AS/400 I want it to go to MimeSweeper. What will then happen is MimeSweeper checks the mail, and has a routing entry that says if the mail is fine it will forward it to the AS/400 for the morpheus.co.uk domain. This is a good way to stop people using your mail server for spamming.
Outgoing mail from the AS/400 needs changing so that it all goes through the MimeSweeper software which worried me at first because I had seen nothing on how to do this sort of mail routing.
When I looked I discovered the route option on SMTP configuration and at first wondered if this would work. This is because it talks about if no destination is found for the mail recipient it will be sent this way. If you think about this it would mean disabling DNS on the AS/400 otherwise it will always find a host to send to. But if you using V410 and V420 you should just, enable the firewall option all mail we be routed to the machine you specify. After making these changes to make sure they picked up OK I also stopped and started MSF and SMTP.
Under V370 if you read the cover letter for SF34704 it tells you how to create this option using a data area, and I imagine there is also the same fix for V320? One thing I did find was the name you put in here must not be an address, it wants a name so if its not in the DNS then add an entry to your AS/400 host table.
What should then happen is the mail when being set goes from the AS/400 to the MimeSweeper and then out to the destination. To do this MimeSweeper will also perform a DNS lookup for the recipient. This seemed to work OK and you should then have protection from a virus coming in or a virus being sent out of your network via email.