SAGATOR

SAGATOR is an email antivirus/antispam gateway. It is an interface to any smtpd, which runs an antivirus and/ or spam checker.

Its modular architecture can use any combination of antivirus/spam checker according to configuration. It currently supports clamav, nod32d, AVG, sophos, TrendMicro AV, Symantec AV, spamassassin, bogofilter, and quickspamfilter.

It has some internal checkers (string_scanner and regexp_scanner). SAGATOR project can parse MIME mails and decompress archives.

Features:

• simple chroot support
• modular antivirus/spamchecker support:
• you can attach an intrascanner to another intrascanner or realscanner
• you can combine intrascanners
• you can combine realscanners
• virus/spam level based scanners
• database support:
• SQL logging
• dynamic scanner (antivirus/antispam) configuration
• daily reports for users
• web quarantine accessible for all users
• you don't need any perl modules or any other modules, only python
• you can return any quarantined mail to mailq/user mailbox
• mailbox/maildir scanning and cleaning
• nice statistics via WWW or MRTG
• easy installation and configuration

What is new in this release:

• removed support for upstream unsupported clamav

What is new in version 1.2.1:

• This is a bugfix release. This release can be compiled on clamav 0.96. Fixed a bug in webq (update required, if you use webq with users in non-view table), cracklib error string was fixed, added "Suspect" to default DROP pattern.

What is new in version 1.2.0:

• python-2.6 compatibility
• clamav-0.95rc1 compatibility
• decode_email_alt removed (obsolete in python-2.6 and not used)
• SIMPLE_SCANNERS configuration removed
• rpm dependency change: smtpdaemon to server(smtp)
• added "exit 0" to mkchroot.sh to avoid deb update problems
• reinicialization of random number generator after fork()
• log_sql.FORMAT can be easyly extended by other columns: log_sql.FORMAT.extend('subject', '%(SUBJECT)s')
• better spam/virus recognition for logwatch script
• python-kid replaced by python-genshi. At least genshi>=0.4.0 required. RPM package should update dependency automatically, for deb package please install python-genshi manually.
• rrdtool create data source type changed from COUNTER to DERIVE. Remove sagator.rrd file to apply this change.
• logwatch output shows count/bytes percentage, changed ordering
• ebuild updates
• deb package split into parts: sagator, sagator-base, sagator-webq, ...
• mkchroot.sagator from deb postinst moved to init script
• filter out 250-STARTTLS, sagator can't hadle TLS connections
• viruses removed from test/ directory and added download_viruses.sh shell script
• default parameters for avgd() changed
• remount /var/lib/clamav into chroot (do not need to copy or symlink)
• rbl_check() now using getaddrinfo instead of obsolete gethostbyname
• updated documentation for spamassassind() and check_level()
• display warning message when an obsolete clamav limit is used
• added "/etc/init.d/sagator kill" parameter to kill all sagator processes
• added CLAMAV_H and LIBDSPAM_OBJECTS_H definitions into Makefile
• proper symlinks for special datadirs
• update FascistCheck to support also latest version
• sa_user configuration option for spamassassind() scanner
• Broken pipe traceback shown for debug level 3 (temporary additional debugging)
• Greylist checks for IntegrityError
• configure_postfix scripts adds sagator service to limit number of connections
• new script log/analyzer.py to analyze log files
• separate database connection for log_sql() (significant speed improvemnt for high-load servers with more than 10000 emails/day)
• filesys() scanner ignores empty output for 5 seconds (avoids "Can't decode virname" messages)
• greylist speed improvements, see default config file for examples, how to configure greylist for high load servers
• update chroot before restart (not inside) to speed up restart process
• MySQLdb connection defaults to UTF-8 charset
• smtptest and policytest replaced by new smtptest.py
• increased max_children for ServiceTCPServer to allow more smtpd_policy instances
• do not remove permanent greylist entries (last_update==-1)
• load crypt() libraries before chroot to allow webq login

What is new in version 1.1.1:

• selinux updates
• better clamav autodetection
• deb package conflict added to automatically remove sagator-libclamav
• mkchroot update for /tmp/quarantine owner/group
• sgfilter update for exim, which sends mailbox content to procmail
• added pyformat style emulation for sqlite (fixed sqlite logging)
• now() changed to CURRENT_TIMESTAMP, works with current sqlite too
• updated XFORWARD pattern to match alternate syntax
• simulate rowcount for DB, which does not support it (sqlite)
• clamav 0.94 compatibility updates
• new rpm package sagator-core (sagator is now only to install dependencies)
• accept connection without HELO with milter()
• some changes for filetype.py to avoid problems running sagator, file_type() scanner has been maked obsolete, use file_magic() instead
• milter greylist fixes
• does not break DATA connection, break it before DATA and send QUIT when closing connection
• close all fds before fork, enable autorestart in deb scripts
• new scanner elisted()
• enhanced listed scanner
• increased timeout for spamd connection
• symlink /var/tmp -> /tmp fixed in chroot
• updates for esets-3.0
• display exact error when unable to rotate log file
• fix cyclic symlink for non-standard path when creating sagator chroot