From gnats@FreeBSD.org Thu May 4 00:00:49 2006 Return-Path: Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 938CC16A405 for ; Thu, 4 May 2006 00:00:49 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id E0F7243D69 for ; Thu, 4 May 2006 00:00:42 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id k4400gjq007367 for ; Thu, 4 May 2006 00:00:42 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id k4400gT7007366; Thu, 4 May 2006 00:00:42 GMT (envelope-from gnats) Message-Id: <200605040000.k4400gT7007366@freefall.freebsd.org> Date: Thu, 4 May 2006 00:00:42 GMT From: Jan-Peter Koopmann To: FreeBSD-gnats-submit@freebsd.org Subject: [MAINTAINER] mail/MailScanner: update to 4.53.7 X-Send-Pr-Version: 3.113 X-GNATS-Notify: >Number: 96742 >Category: ports >Synopsis: [MAINTAINER] mail/MailScanner: update to 4.53.7 >Confidential: no >Severity: serious >Priority: high >Responsible: freebsd-ports-bugs >State: closed >Quarter: >Keywords: >Date-Required: >Class: maintainer-update >Submitter-Id: current-users >Arrival-Date: Thu May 04 00:10:21 GMT 2006 >Closed-Date: Thu May 04 07:13:54 GMT 2006 >Last-Modified: Thu May 04 07:13:54 GMT 2006 >Originator: Jan-Peter Koopmann >Release: FreeBSD 4.9-STABLE i386 >Organization: >Environment: System: FreeBSD services.intern.seceidos.de 4.9-STABLE FreeBSD 4.9-STABLE #0: Mon Jan 5 10:56:46 CET >Description: - Update to 4.53.7 3/5/2006 New in Version 4.53.7-1 ================================ * New Features and Improvements * - Attachment extraction now checks for available disk space and a DoS attack using messages with high expansion ratios will fail even quicker than it did before. - Added new setting "SpamAssassin Local State Dir" to support the sa-update tool provided with MailScanner these days, to provide a way of auto- updating the core SpamAssassin rulesets. The default value is set to what you need for Linux (/var/lib). - Added new cron job to run sa-update every night. The location of the sa-update program is read from /etc/sysconfig/MailScanner. - Added support for new header -H file format in Exim 4.61. - Added 2 new configuration options "Gunzip Command" and "Gunzip Timeout" to enable unpacking of gzip-ed files for filename and filetype checking. Even if this is disabled, gzip-ed files will still be virus scanned. - Added support for numerical entries in phishing.safe.sites.conf file. - Added support for optional multipliers in numbers in MailScanner.conf. So you can now write "50M" instead of "50000000". The multipliers supported are "k", "m" and "g" to denote 1 thousand, 1 million and 1 billion (10^9) in upper or lower case. You must *not* put any spaces between the number and the multiplier character. - Added a new configuration option "Ignored Web Bug Filenames". This allows you to whitelist a bunch of filenames that can appear in the URLs of potential web bugs. So if you decide that all potential web bugs with "spacer" or "pixel.gif" in the filename are just padding for page layout, then you can make it ignore them by adding them to this list. A sample list is provided in MailScanner.conf. This is disabled by default, as spammers may start to use this as a means of circumventing the Web Bug trap. - When Web Bugs are disarmed, the URL used to replace the original web bug can now be set using the new configuration option "Web Bug Replacement". If this is not specified, then the old value of "MailScannerWebBug" is used. The default value supplied in the MailScanner.conf file is the address of an untracked 1x1 pixel transparent gif (51 bytes) hosted on the MailScanner web site. This will not be tracked other than to supply an overall count of the number of hits this image gets, for overall statistical purposes. - Added Razor2 to the list of plugins automatically enabled by the ClamAV+SA easy-to-install package, due to the recent change in licence. Now if DCC could go the same way... - Updated Catalan translations. * Fixes * - Fixed bug in DoS attack handler. Thanks for Jorge for this. - Commented out setting of "SpamAssassin Local State Dir" in MailScanner.conf. Added file(s): - files/patch-bin-cron-update_phishing_sites.cron - files/patch-bin-cron-update_virus_scanners.cron - files/patch-docs-man-MailScanner.8 - files/patch-docs-man-MailScanner.8.html - files/patch-docs-man-MailScanner.conf.5 - files/patch-docs-man-MailScanner.conf.5.html - files/patch-lib-clamav-wrapper Removed file(s): - files/patch-bin:cron:update_phishing_sites.cron - files/patch-bin:cron:update_virus_scanners.cron - files/patch-docs:man:MailScanner.8 - files/patch-docs:man:MailScanner.8.html - files/patch-docs:man:MailScanner.conf.5 - files/patch-docs:man:MailScanner.conf.5.html - files/patch-lib-MailScanner-Exim.pm - files/patch-lib:clamav-wrapper Generated with FreeBSD Port Tools 0.63 >How-To-Repeat: >Fix: --- MailScanner-4.53.7.patch begins here --- Index: Makefile =================================================================== RCS file: /home/ncvs/ports/mail/mailscanner/Makefile,v retrieving revision 1.48 diff -u -r1.48 Makefile --- Makefile 27 Apr 2006 17:30:45 -0000 1.48 +++ Makefile 3 May 2006 19:49:54 -0000 @@ -6,8 +6,7 @@ # PORTNAME= MailScanner -PORTVERSION= 4.52.2 -PORTREVISION= 1 +PORTVERSION= 4.53.7 CATEGORIES= mail MASTER_SITES= http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/tar/ DISTNAME= ${PORTNAME}-install-${PORTVERSION}-${PATCHLEVEL} Index: distinfo =================================================================== RCS file: /home/ncvs/ports/mail/mailscanner/distinfo,v retrieving revision 1.34 diff -u -r1.34 distinfo --- distinfo 13 Apr 2006 16:42:24 -0000 1.34 +++ distinfo 3 May 2006 19:49:54 -0000 @@ -1,2 +1,2 @@ -MD5 (MailScanner-install-4.52.2-1.tar.gz) = d559a96f1f5b51322293d1a9b5a37f1c -SIZE (MailScanner-install-4.52.2-1.tar.gz) = 6554423 +MD5 (MailScanner-install-4.53.7-1.tar.gz) = e3d995cc3e1af611af71985bbef0f81e +SIZE (MailScanner-install-4.53.7-1.tar.gz) = 8798424 Index: pkg-plist =================================================================== RCS file: /home/ncvs/ports/mail/mailscanner/pkg-plist,v retrieving revision 1.29 diff -u -r1.29 pkg-plist --- pkg-plist 13 Apr 2006 16:42:24 -0000 1.29 +++ pkg-plist 3 May 2006 19:49:54 -0000 @@ -155,7 +155,6 @@ %%DATADIR%%/reports/cz/deleted.filename.message.txt.sample %%DATADIR%%/reports/cz/deleted.virus.message.txt.sample %%DATADIR%%/reports/cz/disinfected.report.txt.sample -%%DATADIR%%/reports/cz/filename.rules.txt.sample %%DATADIR%%/reports/cz/inline.sig.html.sample %%DATADIR%%/reports/cz/inline.sig.txt.sample %%DATADIR%%/reports/cz/inline.spam.warning.txt.sample @@ -466,6 +465,8 @@ %%DATADIR%%/reports/sk/stored.content.message.txt.sample %%DATADIR%%/reports/sk/stored.filename.message.txt.sample %%DATADIR%%/reports/sk/stored.virus.message.txt.sample +%%PORTDOCS%%%%DOCSDIR%%/ellen2.old.jpg +%%PORTDOCS%%%%DOCSDIR%%/ellenweblogo.png %%PORTDOCS%%%%DOCSDIR%%/Book.Dec04-Aug05.pdf %%PORTDOCS%%%%DOCSDIR%%/COPYING %%PORTDOCS%%%%DOCSDIR%%/ChangeLog @@ -498,7 +499,6 @@ %%PORTDOCS%%%%DOCSDIR%%/images/thumb_JulianField5.jpg %%PORTDOCS%%%%DOCSDIR%%/index.html %%PORTDOCS%%%%DOCSDIR%%/index.new.html -%%PORTDOCS%%%%DOCSDIR%%/index.old.html %%PORTDOCS%%%%DOCSDIR%%/install/ClamAVModule.shtml %%PORTDOCS%%%%DOCSDIR%%/install/OS-virus-scan-web.htm %%PORTDOCS%%%%DOCSDIR%%/install/README.trend @@ -513,6 +513,9 @@ %%PORTDOCS%%%%DOCSDIR%%/install/linux.shtml %%PORTDOCS%%%%DOCSDIR%%/install/mailscanner.shtml %%PORTDOCS%%%%DOCSDIR%%/install/mcafee.shtml +%%PORTDOCS%%%%DOCSDIR%%/install/mcp/Message.pm.patch.3.1.1 +%%PORTDOCS%%%%DOCSDIR%%/install/mcp/Conf.pm.patch.3.1.1 +%%PORTDOCS%%%%DOCSDIR%%/install/mcp/PerMsgStatus.pm.patch.3.1.1 %%PORTDOCS%%%%DOCSDIR%%/install/mcp/Conf.pm.patch.2.55 %%PORTDOCS%%%%DOCSDIR%%/install/mcp/Conf.pm.patch.2.60 %%PORTDOCS%%%%DOCSDIR%%/install/mcp/Conf.pm.patch.2.61 Index: files/CHANGES.port =================================================================== RCS file: /home/ncvs/ports/mail/mailscanner/files/CHANGES.port,v retrieving revision 1.4 diff -u -r1.4 CHANGES.port --- files/CHANGES.port 27 Apr 2006 17:30:45 -0000 1.4 +++ files/CHANGES.port 3 May 2006 19:49:54 -0000 @@ -1,3 +1,8 @@ +Version 4.53.7 +================= +- Upgrade to MailScanner 4.53 +- changed some patch-names + Version 4.52.2_1 ================= - fixed bug in mta.sh script Index: files/patch-bin-cron-update_phishing_sites.cron =================================================================== RCS file: files/patch-bin-cron-update_phishing_sites.cron diff -N files/patch-bin-cron-update_phishing_sites.cron --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ files/patch-bin-cron-update_phishing_sites.cron 3 May 2006 19:49:54 -0000 @@ -0,0 +1,38 @@ +--- ../MailScanner-install-4.50.15.orig/bin/cron/update_phishing_sites.cron Wed Feb 15 20:02:33 2006 ++++ bin/cron/update_phishing_sites.cron Wed Feb 15 20:14:45 2006 +@@ -1,20 +1,24 @@ + #!/bin/bash + +-# Insert a random delay up to this value, to spread virus updates round +-# the clock. 1800 seconds = 30 minutes. +-# Set this to 0 to disable it. +-UPDATEMAXDELAY=3600 +-if [ -f /etc/sysconfig/MailScanner ] ; then +- . /etc/sysconfig/MailScanner +-fi +-export UPDATEMAXDELAY ++# Add the following line to /etc/rc.conf to configure a maximum delay in ++# order to spread virus updates round the clock. 1800 seconds = 30 minutes. ++# Set this to 0 to disable it ++ ++. %%RC_SUBR%% ++ ++name="mailscanner" ++rcvar=`set_rcvar` ++ ++load_rc_config $name ++ ++: ${mailscanner_updatemaxdelay="600"} + + [ -x /opt/MailScanner/bin/update_phishing_sites ] || exit 0 +-if [ "x$UPDATEMAXDELAY" = "x0" ]; then ++if [ "x${mailscanner_updatemaxdelay}" = "x0" ]; then + : + else +- logger -p mail.info -t update.phishing.sites Delaying cron job up to $UPDATEMAXDELAY seconds +- perl -e "sleep int(rand($UPDATEMAXDELAY));" ++ logger -p mail.info -t update.phishing.sites Delaying cron job up to ${mailscanner_updatemaxdelay} seconds ++ perl -e "sleep int(rand(${mailscanner_updatemaxdelay}));" + fi + exec /opt/MailScanner/bin/update_phishing_sites > /dev/null 2>&1 + exit 0 Index: files/patch-bin-cron-update_virus_scanners.cron =================================================================== RCS file: files/patch-bin-cron-update_virus_scanners.cron diff -N files/patch-bin-cron-update_virus_scanners.cron --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ files/patch-bin-cron-update_virus_scanners.cron 3 May 2006 19:49:54 -0000 @@ -0,0 +1,38 @@ +--- ../MailScanner-install-4.50.15.orig/bin/cron/update_virus_scanners.cron Wed Feb 15 20:02:33 2006 ++++ bin/cron/update_virus_scanners.cron Wed Feb 15 20:11:17 2006 +@@ -1,20 +1,24 @@ + #!/bin/bash + +-# Insert a random delay up to this value, to spread virus updates round +-# the clock. 1800 seconds = 30 minutes. +-# Set this to 0 to disable it. +-UPDATEMAXDELAY=600 +-if [ -f /etc/sysconfig/MailScanner ] ; then +- . /etc/sysconfig/MailScanner +-fi +-export UPDATEMAXDELAY ++# Add the following line to /etc/rc.conf to configure a maximum delay in ++# order to spread virus updates round the clock. 1800 seconds = 30 minutes. ++# Set this to 0 to disable it ++ ++. %%RC_SUBR%% ++ ++name="mailscanner" ++rcvar=`set_rcvar` ++ ++load_rc_config $name ++ ++: ${mailscanner_updatemaxdelay="600"} + + [ -x /opt/MailScanner/bin/update_virus_scanners ] || exit 0 +-if [ "x$UPDATEMAXDELAY" = "x0" ]; then ++if [ "x${mailscanner_updatemaxdelay}" = "x0" ]; then + : + else +- logger -p mail.info -t update.virus.scanners Delaying cron job up to $UPDATEMAXDELAY seconds +- perl -e "sleep int(rand($UPDATEMAXDELAY));" ++ logger -p mail.info -t update.virus.scanners Delaying cron job up to ${mailscanner_updatemaxdelay} seconds ++ perl -e "sleep int(rand(${mailscanner_updatemaxdelay}));" + fi + exec /opt/MailScanner/bin/update_virus_scanners + exit 0 Index: files/patch-bin:cron:update_phishing_sites.cron =================================================================== RCS file: files/patch-bin:cron:update_phishing_sites.cron diff -N files/patch-bin:cron:update_phishing_sites.cron --- files/patch-bin:cron:update_phishing_sites.cron 27 Apr 2006 17:30:45 -0000 1.2 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,38 +0,0 @@ ---- ../MailScanner-install-4.50.15.orig/bin/cron/update_phishing_sites.cron Wed Feb 15 20:02:33 2006 -+++ bin/cron/update_phishing_sites.cron Wed Feb 15 20:14:45 2006 -@@ -1,20 +1,24 @@ - #!/bin/bash - --# Insert a random delay up to this value, to spread virus updates round --# the clock. 1800 seconds = 30 minutes. --# Set this to 0 to disable it. --UPDATEMAXDELAY=3600 --if [ -f /etc/sysconfig/MailScanner ] ; then -- . /etc/sysconfig/MailScanner --fi --export UPDATEMAXDELAY -+# Add the following line to /etc/rc.conf to configure a maximum delay in -+# order to spread virus updates round the clock. 1800 seconds = 30 minutes. -+# Set this to 0 to disable it -+ -+. %%RC_SUBR%% -+ -+name="mailscanner" -+rcvar=`set_rcvar` -+ -+load_rc_config $name -+ -+: ${mailscanner_updatemaxdelay="600"} - - [ -x /opt/MailScanner/bin/update_phishing_sites ] || exit 0 --if [ "x$UPDATEMAXDELAY" = "x0" ]; then -+if [ "x${mailscanner_updatemaxdelay}" = "x0" ]; then - : - else -- logger -p mail.info -t update.phishing.sites Delaying cron job up to $UPDATEMAXDELAY seconds -- perl -e "sleep int(rand($UPDATEMAXDELAY));" -+ logger -p mail.info -t update.phishing.sites Delaying cron job up to ${mailscanner_updatemaxdelay} seconds -+ perl -e "sleep int(rand(${mailscanner_updatemaxdelay}));" - fi - exec /opt/MailScanner/bin/update_phishing_sites > /dev/null 2>&1 - exit 0 Index: files/patch-bin:cron:update_virus_scanners.cron =================================================================== RCS file: files/patch-bin:cron:update_virus_scanners.cron diff -N files/patch-bin:cron:update_virus_scanners.cron --- files/patch-bin:cron:update_virus_scanners.cron 27 Apr 2006 17:30:45 -0000 1.2 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,38 +0,0 @@ ---- ../MailScanner-install-4.50.15.orig/bin/cron/update_virus_scanners.cron Wed Feb 15 20:02:33 2006 -+++ bin/cron/update_virus_scanners.cron Wed Feb 15 20:11:17 2006 -@@ -1,20 +1,24 @@ - #!/bin/bash - --# Insert a random delay up to this value, to spread virus updates round --# the clock. 1800 seconds = 30 minutes. --# Set this to 0 to disable it. --UPDATEMAXDELAY=600 --if [ -f /etc/sysconfig/MailScanner ] ; then -- . /etc/sysconfig/MailScanner --fi --export UPDATEMAXDELAY -+# Add the following line to /etc/rc.conf to configure a maximum delay in -+# order to spread virus updates round the clock. 1800 seconds = 30 minutes. -+# Set this to 0 to disable it -+ -+. %%RC_SUBR%% -+ -+name="mailscanner" -+rcvar=`set_rcvar` -+ -+load_rc_config $name -+ -+: ${mailscanner_updatemaxdelay="600"} - - [ -x /opt/MailScanner/bin/update_virus_scanners ] || exit 0 --if [ "x$UPDATEMAXDELAY" = "x0" ]; then -+if [ "x${mailscanner_updatemaxdelay}" = "x0" ]; then - : - else -- logger -p mail.info -t update.virus.scanners Delaying cron job up to $UPDATEMAXDELAY seconds -- perl -e "sleep int(rand($UPDATEMAXDELAY));" -+ logger -p mail.info -t update.virus.scanners Delaying cron job up to ${mailscanner_updatemaxdelay} seconds -+ perl -e "sleep int(rand(${mailscanner_updatemaxdelay}));" - fi - exec /opt/MailScanner/bin/update_virus_scanners - exit 0 Index: files/patch-docs-man-MailScanner.8 =================================================================== RCS file: files/patch-docs-man-MailScanner.8 diff -N files/patch-docs-man-MailScanner.8 --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ files/patch-docs-man-MailScanner.8 3 May 2006 19:49:54 -0000 @@ -0,0 +1,37 @@ +--- ../MailScanner-install-4.53.7.orig/docs/man/MailScanner.8 Wed May 3 21:16:27 2006 ++++ docs/man/MailScanner.8 Wed May 3 21:33:13 2006 +@@ -1,10 +1,10 @@ +-.TH "MailScanner" "8" "4.49.7" "Julian Field" "Mail" ++.TH "MailScanner" "8" "4.52.2" "Julian Field" "Mail" + .SH "NAME" + .LP + MailScanner \- Virus/Spam Scanner for Sendmail, Exim and Postfix + .SH "SYNOPSIS" + .LP +-\fBMailScanner\fR [\fI\-v\fR] [\fIconfigfile\fR] ++\fBMailScanner\fR [\fI\-v\fR] [\fI\-\-lint\fR] [\fI\-\-debug\fR] [\fI\-\-debug\-sa\fR] [\fI\-\-help\fR] [\fIconfigfile\fR] + + .SH "DESCRIPTION" + .LP +@@ -29,6 +29,21 @@ + \fB\-v\fR + Prints version information for Mailscanner and all used perl\-modules. + ++.TP ++\fB\-\-lint\fR ++Checks config file, print what virus scanners you have chosen to use and check SpamAssassin configuration as well. ++ ++.TP ++\fB\-\-debug\fR ++Starts MailScanner in debug mode. See MailScanner.conf "Debug=yes". ++ ++.TP ++\fB\-\-debug\-sa\fR ++Starts MailScanner in debug spamassassin mode. See MailScanner.conf "Debug SpamAssassin=yes". ++ ++.TP ++\fB\-\-lint\fR ++Test MailScanner config and SpamAssassin config. + .SH "MTA SETUP" + .LP + It is important that your MTA only queues incoming mail and does not deliver it automatically. You need two mail queues (incoming and outgoing). Moreover you should setup two instances of your MTA. One that accepts incoming mail and puts it to an incoming queue and one that sends out mail that resides in the outgoing queue. Index: files/patch-docs-man-MailScanner.8.html =================================================================== RCS file: files/patch-docs-man-MailScanner.8.html diff -N files/patch-docs-man-MailScanner.8.html --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ files/patch-docs-man-MailScanner.8.html 3 May 2006 19:49:54 -0000 @@ -0,0 +1,104 @@ +--- ../MailScanner-install-4.53.7.orig/docs/man/MailScanner.8.html Wed May 3 21:16:27 2006 ++++ docs/man/MailScanner.8.html Wed May 3 21:33:15 2006 +@@ -1,5 +1,5 @@ + +- ++ + + +@@ -40,7 +40,9 @@ + + +

MailScanner [−v] +-[configfile]

++[−−lint] [−−debug] ++[−−debug−sa] ++[−−help] [configfile]

+ + + +@@ -78,15 +80,81 @@ + cols="4" cellspacing="0" cellpadding="0"> + + +- ++ + +

−v

+ +- ++ + + +

Prints version information for Mailscanner and all used + perl−modules.

++ ++ ++ ++ ++ ++

−−lint

++ ++ ++ ++ ++

Checks config file, print what virus scanners you have ++chosen to use and check SpamAssassin configuration as ++well.

++ ++ ++ ++ ++ ++ ++ ++
++

−−debug

++ ++ ++ ++ ++ ++
++

Starts MailScanner in debug mode. See MailScanner.conf ++"Debug=yes".

++
++ ++ ++ ++ ++ ++
++

−−debug−sa

++ ++ ++ ++ ++ ++
++

Starts MailScanner in debug spamassassin mode. See ++MailScanner.conf "Debug SpamAssassin=yes".

++
++ ++ ++ ++ ++ ++ ++ ++ +
++ ++

−−lint

++
++ ++

Test MailScanner config and SpamAssassin config.

++
+
+ Index: files/patch-docs-man-MailScanner.conf.5 =================================================================== RCS file: files/patch-docs-man-MailScanner.conf.5 diff -N files/patch-docs-man-MailScanner.conf.5 --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ files/patch-docs-man-MailScanner.conf.5 3 May 2006 19:49:54 -0000 @@ -0,0 +1,223 @@ +--- ../MailScanner-install-4.53.7.orig/docs/man/MailScanner.conf.5 Wed May 3 21:16:27 2006 ++++ docs/man/MailScanner.conf.5 Wed May 3 21:33:05 2006 +@@ -1,4 +1,4 @@ +-.TH "MailScanner.conf" "5" "4.50.1" "Julian Field" "Mail" ++.TH "MailScanner.conf" "5" "4.53.7" "Julian Field" "Mail" + .SH "NAME" + .LP + MailScanner.conf \- Main configuration for MailScanner +@@ -24,6 +24,10 @@ + .br + + .br ++The following optional multipliers are supported: You can write "50M" instead of "50000000". The multipliers supported are "k", "m" and "g" to denote 1 thousand, 1 million and 1 billion (10^9) in upper or lower case. You must *not* put any spaces between the number and the multiplier character. ++.br ++ ++.br + Many of the options can also be the filename of a ruleset, which can be used to control features depending on the addresses of the message, and/or the IP address where the message came from. You will find some examples of rulesets and an explanation of them in the "rules" directories within the MailScanner installation and in the section "RULESETS" later in this manpage. + + .LP +@@ -364,6 +368,22 @@ + Should we use a TNEF decoder (external or Perl module)? This should be "yes" unless the scanner you are using (Sophos, McAfee) has the facility built\-in. However, if you set it to "no", then the filenames within the TNEF attachment will not be checked against the filename rules. + + .TP ++\fBUse TNEF Contents\fR ++Default: replace ++.br ++When the TNEF (winmail.dat) attachments are expanded, should the attachments contained in there be added to the list of attachments in the message? If you set this to "add" or "replace" then recipients of messages sent in "Outlook Rich Text Format" (TNEF) will be able to read the attachments if they are not using Microsoft Outlook. ++.br ++.RS 7 ++.IP \(bu 4 ++no: Leave winmail.dat TNEF attachments alone. ++.IP \(bu 4 ++add: Add the contents of winmail.dat as extra attachments, but also still include the winmail.dat file itself. This will result in TNEF messages being doubled in size. ++.IP \(bu 4 ++replace: Replace the winmail.dat TNEF attachment with the files it contains, and delete the original winmail.dat file itself. This means the message stays the same size, but is usable by non\-Outlook recipients. ++.RE ++ ++ ++.TP + \fBDeliver Unparsable TNEF\fR + Default: no + .br +@@ -405,6 +425,22 @@ + .br + The maximum length of time the "file" command is allowed to run for one batch of messages (in seconds). + ++.TP ++\fBGunzip Command\fR ++Default: /usr/bin/gunzip ++.br ++ ++.br ++Where the "gunzip" command is installed. This is used for expanding .gz files. To disable gzipped file checking, set this value to blank and the timeout to 0. ++ ++.TP ++\fBGunzip Timeout\fR ++Default: 50 ++.br ++ ++.br ++The maximum length of time the "gunzip" command is allowed to run to expand 1 attachment file (in seconds). ++ + + .TP + \fBUnrar Command\fR +@@ -423,6 +459,12 @@ + The maximum length of time the "unrar" command is allowed to run for 1 RAR archive (in seconds) + + .TP ++\fBFind UU\-Encoded Files\fR ++Default: no ++.br ++A few viruses store their infected data in UU\-encoded files, to try to catch out virus scanners. This rarely succeeds at all. Setting this option to yes means that you can apply filename and filetype checks to the contents of UU\-encoded files. This may occasionally be useful, in which case you should set to yes. This can also be the filename of a ruleset. ++ ++.TP + \fBBlock Encrypted Messages\fR + Default: no + .br +@@ -521,7 +563,7 @@ + .SH "Virus scanning and vulnerability testing" + .TP + \fBVirus Scanning\fR +-Default: yes ++Default: auto + .br + + .br +@@ -529,7 +571,7 @@ + .br + NOTE: Switching this to no completely disables all virus\-scanning functionality. If you just want to switch of actual virus scanning, then set "Virus Scanners = none" instead. + .br +-If you want to be able to switch scanning on/off for different users or different domains, set this to the filename of a ruleset. ++If you want to be able to switch scanning on/off for different users or different domains, set this to the filename of a ruleset. If you set this to auto then it searches for and uses every available installed virus scanner. + + .TP + \fBVirus Scanners\fR +@@ -686,6 +728,23 @@ + .br + While detecting "Phishing" attacks, do you also want to point out links to numeric IP addresses. Genuine links to totally numeric IP addresses are very rare, so this option is set to "yes" by default. If a numeric IP address is found in a link, the same phishing warning message is used as in the Find Phishing Fraud option above. This value cannot be the name of a ruleset, only a simple yes or no. + ++.TP ++\fBUse Stricter Phishing Net\fR ++Default: yes ++.br ++ ++.br ++If this is set to yes, then most of the URL in a link must match the destination address it claims to take you to. This is the default as it is a much stronger test and is very hard to maliciously avoid. If this is set to no, then just the company name and country (and any names between the two, dependent on the specific country) must match. This is not as strict as it will not protect you against internal malicious sites based within the company being abused. For example, it would not find www.nasty.company\-name.co.uk pretending to be www.nice.company\-name.co.uk. But it will still detect most phishing attacks of the type www.nasty.co.jp versus www.nice.co.jp. Depending on the country code it knows how many levels of domain need to be checked. This can also be the filename of a ruleset. ++ ++ ++.TP ++\fBHighlight Phishing Fraud\fR ++Default: yes ++.br ++ ++.br ++If a phishing fraud is detected, do you want to highlight the tag with a message stating that the link may be to a fraudulent web site. This can also be the filename of a ruleeset. ++ + + .TP + \fBPhishing Safe Sites File\fR +@@ -695,6 +754,15 @@ + .br + There are some companies, such as banks, that insist on sending out email messages with links in them that are caught by the "Find Phishing Fraud" test described above. This is the name of a file which contains a list of link destinations which should be ignored in the test. This may, for example, contain the known websites of some banks. See the file itself for more information. This can only be the name of the file containing the list, it *cannot* be the filename of a ruleset. + ++.TP ++\fBCountry Sub\-Domains List\fR ++Default: %etc\-dir%/country.domains.conf ++.br ++ ++.br ++.TP ++This file lists all the countries that use 2nd\-level and 3rd\-level domain names to classify distinct types of website within their country. This cannot be the name of a ruleset, it is just a simple setting. ++ + + .TP + \fBAllow IFrame Tags\fR +@@ -773,6 +841,22 @@ + .RE + + .TP ++\fBIgnored Web Bug Filenames\fR ++Default: ++.br ++ ++.br ++This is a list of filenames (or parts of filenames) that may appear in the filename of a web bug URL. They are only checked in the filename, not any directories or hostnames in the URL of the possible web bug. If it appears, then the web bug is assumed to be a harmless "spacer" for page layout purposes and not a real web bug at all. It should be a space\- and/or comma\-separated list of filename parts. Note: Use this with care, as spammers may use this to circumvent the web bug trap. It is disabled by default because of this problem. This can also be the filename of a ruleset. ++ ++.TP ++\fBWeb Bug Replacement\fR ++Default: http://www.sng.ecs.soton.ac.uk/mailscanner/images/1x1spacer.gif ++.br ++ ++.br ++When a web bug is found, what image do you want to replace it with? By replacing it with a real image, the page layout still works properly, so the formatting and layout of the message is correct. The following is a harmless untracked 1x1 pixel transparent image. If this is not specified, the the old value of "MailScannerWebBug" is used, which of course is not an image and may well upset layout of the email. This can also be the filename of a ruleset. ++ ++.TP + \fBAllow Object Codebase Tags\fR + Default: no + .br +@@ -1682,7 +1766,7 @@ + .SH "SpamAssassin" + .TP + \fBUse SpamAssassin\fR +-Default: no ++Default: yes + .br + + .br +@@ -2076,6 +2160,15 @@ + .RE + + .TP ++\fBSpamAssassin Local State Dir\fR ++Default: ++.br ++ ++.br ++The rules created by the "sa\-update" tool are searched for here. This directory contains the spamassassin/3.001001/updates_spamassassin_org directory structure beneath it. Only un\-comment this setting once you have proved that the sa\-update cron job has run successfully and has created a directory structure under the spamassassin directory within this one and has put some *.cf files in there. Otherwise it will ignore all your current rules! ++ ++ ++.TP + \fBSpamAssassin Default Rules Dir\fR + Default: + .br +@@ -2113,6 +2206,22 @@ + .RE + + .TP ++\fBSpamAssassin Cache Timings\fR ++Default: 1800,300,10800,172800,600 ++.br ++Do not change this unless you absolutely have to, these numbers have been carefully calculated. They affect the length of time that different types of message are stored in the SpamAssassin cache which can be configured earlier in this file (look for "Cache"). The numbers are all set in seconds. They are: ++.br ++1. Non\-Spam cache lifetime = 30 minutes ++.br ++2. Spam (low scoring) cache lifetime = 5 minutes ++.br ++3. High\-Scoring spam cache lifetime = 3 hours ++.br ++4. Viruses cache lifetime = 2 days ++.br ++5. How often to check the cache for expired messages = 10 minutes ++ ++.TP + \fBDebug\fR + Default: no + .br +@@ -2167,6 +2276,15 @@ + + .br + The value of the option is actually never used, but it is evaluated at the end of processing a batch of messages. It is designed to be used in conjunction with a Custom Function. The Custom Function should then be written to have a "side effect" of doing something useful such as logging lots of information about the batch of messages to a file or an SQL database. ++ ++ ++.TP ++\fBAlways Looked Up Last After Batch\fR ++Default: no ++.br ++ ++.br ++This option is intended for people who want to log per\-batch information. This is evaluated after the "Always Looked Up Last" configuration option for each message in the batch. This is looked up once for the entire batch. Its value is completely ignored, it is purely there to have side effects. If you want to use it, read CustomConfig.pm. + + .TP + \fBDeliver in Background\fR Index: files/patch-docs-man-MailScanner.conf.5.html =================================================================== RCS file: files/patch-docs-man-MailScanner.conf.5.html diff -N files/patch-docs-man-MailScanner.conf.5.html --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ files/patch-docs-man-MailScanner.conf.5.html 3 May 2006 19:49:54 -0000 @@ -0,0 +1,594 @@ +--- ../MailScanner-install-4.53.7.orig/docs/man/MailScanner.conf.5.html Wed May 3 21:16:27 2006 ++++ docs/man/MailScanner.conf.5.html Wed May 3 21:33:08 2006 +@@ -1,5 +1,5 @@ + +- ++ + + +@@ -113,6 +113,13 @@ + +

option = value

+ ++

The following optional multipliers are supported: You can ++write "50M" instead of "50000000". The ++multipliers supported are "k", "m" and ++"g" to denote 1 thousand, 1 million and 1 billion ++(10^9) in upper or lower case. You must *not* put any spaces ++between the number and the multiplier character.

++ +

Many of the options can also be the filename of a + ruleset, which can be used to control features depending on + the addresses of the message, and/or the IP address where +@@ -1064,6 +1071,73 @@ + + + ++

Use TNEF Contents

++ ++ ++ ++ ++ ++ ++
++

Default: replace
++When the TNEF (winmail.dat) attachments are expanded, should ++the attachments contained in there be added to the list of ++attachments in the message? If you set this to ++"add" or "replace" then recipients of ++messages sent in "Outlook Rich Text Format" (TNEF) ++will be able to read the attachments if they are not using ++Microsoft Outlook.

++
++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++
++ ++

++
++ ++

no: Leave winmail.dat TNEF attachments alone.

++
++ ++

++
++ ++

add: Add the contents of winmail.dat as extra ++attachments, but also still include the winmail.dat file ++itself. This will result in TNEF messages being doubled in ++size.

++
++ ++

++
++ ++

replace: Replace the winmail.dat TNEF attachment with ++the files it contains, and delete the original winmail.dat ++file itself. This means the message stays the same size, but ++is usable by non−Outlook recipients.

++
++ ++ ++ ++ ++ +
+

Deliver Unparsable TNEF

+ +@@ -1072,8 +1146,14 @@ + + + +-

Default: no

++

Default: no

++ + ++ ++ ++ ++ + + ++
+

Rich Text format attachments produced by some versions of + Microsoft Outlook cannot be completely decoded at present. + Setting this option to yes allows compatibility with the +@@ -1177,6 +1257,48 @@ +

++

Gunzip Command

++ ++ ++ ++ ++ ++
++

Default: /usr/bin/gunzip

++ ++

Where the "gunzip" command is installed. This ++is used for expanding .gz files. To disable gzipped file ++checking, set this value to blank and the timeout to 0.

++
++ ++ ++ ++ ++ ++
++

Gunzip Timeout

++ ++ ++ ++ ++ ++
++

Default: 50

++ ++

The maximum length of time the "gunzip" command ++is allowed to run to expand 1 attachment file (in ++seconds).

++
++ ++ ++ ++ ++ +
+

Unrar Command

+ +@@ -1225,6 +1347,30 @@ + + + ++

Find UU−Encoded Files

++ ++ ++ ++ ++ ++ ++
++

Default: no
++A few viruses store their infected data in UU−encoded ++files, to try to catch out virus scanners. This rarely ++succeeds at all. Setting this option to yes means that you ++can apply filename and filetype checks to the contents of ++UU−encoded files. This may occasionally be useful, in ++which case you should set to yes. This can also be the ++filename of a ruleset.

++
++ ++ ++ ++ ++ +
+

Block Encrypted Messages

+ +@@ -1508,7 +1654,7 @@ + + + +-

Default: yes

++

Default: auto

+ +

Do you want to scan email for viruses? A few people + don’t have virus scanner licence and so want to +@@ -1519,7 +1665,9 @@ + Scanners = none" instead.
+ If you want to be able to switch scanning on/off for + different users or different domains, set this to the +-filename of a ruleset.

++filename of a ruleset. If you set this to auto then it ++searches for and uses every available installed virus ++scanner.

+ + + +@@ -1999,6 +2147,61 @@ + + + ++

Use Stricter Phishing Net

++ ++ ++ ++ ++ ++ ++
++

Default: yes

++ ++

If this is set to yes, then most of the URL in a link ++must match the destination address it claims to take you to. ++This is the default as it is a much stronger test and is ++very hard to maliciously avoid. If this is set to no, then ++just the company name and country (and any names between the ++two, dependent on the specific country) must match. This is ++not as strict as it will not protect you against internal ++malicious sites based within the company being abused. For ++example, it would not find ++www.nasty.company−name.co.uk pretending to be ++www.nice.company−name.co.uk. But it will still detect ++most phishing attacks of the type www.nasty.co.jp versus ++www.nice.co.jp. Depending on the country code it knows how ++many levels of domain need to be checked. This can also be ++the filename of a ruleset.

++
++ ++ ++ ++ ++ ++
++

Highlight Phishing Fraud

++ ++ ++ ++ ++ ++
++

Default: yes

++ ++

If a phishing fraud is detected, do you want to highlight ++the tag with a message stating that the link may be to a ++fraudulent web site. This can also be the filename of a ++ruleeset.

++
++ ++ ++ ++ ++ +
+

Phishing Safe Sites File

+ +@@ -2026,6 +2229,35 @@ + + + ++

Country Sub−Domains List

++ ++ ++ ++ ++ ++ ++
++

Default: %etc−dir%/country.domains.conf

++
++ ++ ++ ++ ++ ++
++

This file lists all the countries that use ++2nd−level and 3rd−level domain names to classify ++distinct types of website within their country. This cannot ++be the name of a ruleset, it is just a simple ++setting.

++ ++ ++ ++ ++ +
+

Allow IFrame Tags

+ +@@ -2317,7 +2549,7 @@ + + + +-

Allow Object Codebase Tags

++

Ignored Web Bug Filenames

+ + + + + ++

Default:

+
+-

Default: no

+ + + + ++
++

This is a list of filenames (or parts of filenames) that ++may appear in the filename of a web bug URL. They are only ++checked in the filename, not any directories or hostnames in ++the URL of the possible web bug. If it appears, then the web ++bug is assumed to be a harmless "spacer" for page ++layout purposes and not a real web bug at all. It should be ++a space− and/or comma−separated list of filename ++parts. Note: Use this with care, as spammers may use this to ++circumvent the web bug trap. It is disabled by default ++because of this problem. This can also be the filename of a ++ruleset.

++
++ ++ ++ ++ ++ ++
++

Web Bug Replacement

++ ++ ++ ++ ++ ++
++

Default: ++http://www.sng.ecs.soton.ac.uk/mailscanner/images/1x1spacer.gif

++ ++

When a web bug is found, what image do you want to ++replace it with? By replacing it with a real image, the page ++layout still works properly, so the formatting and layout of ++the message is correct. The following is a harmless ++untracked 1x1 pixel transparent image. If this is not ++specified, the the old value of ++"MailScannerWebBug" is used, which of course is ++not an image and may well upset layout of the email. This ++can also be the filename of a ruleset.

++
++ ++ ++ ++ ++ ++
++

Allow Object Codebase Tags

++ ++ ++ ++ ++ ++Possible values:

++ +
++

Default: no

++ +

Do you want to allow <Object Codebase=...> tags in + email messages? This is a bad idea as it leaves you + unprotected against various Microsoft−specific + security vulnerabilities. But if your users demand it, you + can do it. This can also be the filename of a ruleset. +-Possible values:

+ + + + + + ++

SpamAssassin Local State Dir

+
+-

Default: no

++

Default: yes

+ +

Do you want to detect spam using the very good + SpamAssassin package? You must have installed SpamAssassin +@@ -6117,7 +6407,7 @@ +

+-

SpamAssassin Default Rules Dir

+ + + + ++
++

The rules created by the "sa−update" tool ++are searched for here. This directory contains the ++spamassassin/3.001001/updates_spamassassin_org directory ++structure beneath it. Only un−comment this setting ++once you have proved that the sa−update cron job has ++run successfully and has created a directory structure under ++the spamassassin directory within this one and has put some ++*.cf files in there. Otherwise it will ignore all your ++current rules!

++
++ ++ ++ ++ ++ ++
++

SpamAssassin Default Rules Dir

++ ++ ++ ++ ++ ++places (even if this option is not set):

++ +
++

Default:

++ +

This tells MailScanner where to look for the default + rules. If this is set it adds to the list of places that are + searched. MailScanner will always look at the following +-places (even if this option is not set):

+ + + +- +- ++ +@@ -6236,8 +6554,8 @@ + + +- +- ++ +@@ -6249,8 +6567,8 @@ + + +- +- ++ +@@ -6261,24 +6579,59 @@ + + ++
++ + +

%d

+
+
++ + +

%5.2f

+
+
++ + +

%05.1f

+
+
++ ++ + + +- +- +- +- ++ ++
+- +-

Debug

+-
+- ++

SpamAssassin Cache Timings

++ ++ ++ ++ ++ +
++

Default: 1800,300,10800,172800,600

+ + + ++ ++ ++
++

Do not change this unless you absolutely have to, these ++numbers have been carefully calculated. They affect the ++length of time that different types of message are stored in ++the SpamAssassin cache which can be configured earlier in ++this file (look for "Cache"). The numbers are all ++set in seconds. They are:
++1. Non−Spam cache lifetime = 30 minutes
++2. Spam (low scoring) cache lifetime = 5 minutes
++3. High−Scoring spam cache lifetime = 3 hours
++4. Viruses cache lifetime = 2 days
++5. How often to check the cache for expired messages = 10 ++minutes

++
++ ++ ++ + +- ++ ++ ++ ++ +
+-

Default: no

++ ++

Debug

++
++ ++

Default: no

++
++
+ + ++ ++
++ ++ ++ ++ ++ ++
++

Always Looked Up Last After Batch

++ ++ ++ ++ ++ +
++

Default: no

++ ++

This option is intended for people who want to log ++per−batch information. This is evaluated after the ++"Always Looked Up Last" configuration option for ++each message in the batch. This is looked up once for the ++entire batch. Its value is completely ignored, it is purely ++there to have side effects. If you want to use it, read ++CustomConfig.pm.

+
+ Index: files/patch-docs:man:MailScanner.8 =================================================================== RCS file: files/patch-docs:man:MailScanner.8 diff -N files/patch-docs:man:MailScanner.8 --- files/patch-docs:man:MailScanner.8 13 Apr 2006 16:42:25 -0000 1.28 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,37 +0,0 @@ ---- ../MailScanner-install-4.52.2.orig/docs/man/MailScanner.8 Thu Apr 13 09:25:25 2006 -+++ docs/man/MailScanner.8 Thu Apr 13 09:25:39 2006 -@@ -1,10 +1,10 @@ --.TH "MailScanner" "8" "4.49.7" "Julian Field" "Mail" -+.TH "MailScanner" "8" "4.52.2" "Julian Field" "Mail" - .SH "NAME" - .LP - MailScanner \- Virus/Spam Scanner for Sendmail, Exim and Postfix - .SH "SYNOPSIS" - .LP --\fBMailScanner\fR [\fI\-v\fR] [\fIconfigfile\fR] -+\fBMailScanner\fR [\fI\-v\fR] [\fI\-\-lint\fR] [\fI\-\-debug\fR] [\fI\-\-debug\-sa\fR] [\fI\-\-help\fR] [\fIconfigfile\fR] - - .SH "DESCRIPTION" - .LP -@@ -29,6 +29,21 @@ - \fB\-v\fR - Prints version information for Mailscanner and all used perl\-modules. - -+.TP -+\fB\-\-lint\fR -+Checks config file, print what virus scanners you have chosen to use and check SpamAssassin configuration as well. -+ -+.TP -+\fB\-\-debug\fR -+Starts MailScanner in debug mode. See MailScanner.conf "Debug=yes". -+ -+.TP -+\fB\-\-debug\-sa\fR -+Starts MailScanner in debug spamassassin mode. See MailScanner.conf "Debug SpamAssassin=yes". -+ -+.TP -+\fB\-\-lint\fR -+Test MailScanner config and SpamAssassin config. - .SH "MTA SETUP" - .LP - It is important that your MTA only queues incoming mail and does not deliver it automatically. You need two mail queues (incoming and outgoing). Moreover you should setup two instances of your MTA. One that accepts incoming mail and puts it to an incoming queue and one that sends out mail that resides in the outgoing queue. Index: files/patch-docs:man:MailScanner.8.html =================================================================== RCS file: files/patch-docs:man:MailScanner.8.html diff -N files/patch-docs:man:MailScanner.8.html --- files/patch-docs:man:MailScanner.8.html 13 Apr 2006 16:42:25 -0000 1.21 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,407 +0,0 @@ ---- ../MailScanner-install-4.52.2.orig/docs/man/MailScanner.8.html Thu Apr 13 09:25:25 2006 -+++ docs/man/MailScanner.8.html Thu Apr 13 09:25:42 2006 -@@ -1,168 +1,236 @@ -- -- -- -- -- -- -- -- --MailScanner -- -- -- --

MailScanner

--NAME
--SYNOPSIS
--DESCRIPTION
--MTA SETUP
--SEE ALSO
-- --
-- --

NAME

-- -- -- -- -- --
--

MailScanner − Virus/Spam Scanner for Sendmail, Exim --and Postfix

--
-- --

SYNOPSIS

-- -- -- -- -- --
--

MailScanner [−v] --[configfile]

--
-- --

DESCRIPTION

-- -- -- -- -- --
--

MailScanner starts the main MailScanner process. --[configfile] should point to a valid MailScanner --configuration file (see MailScanner.conf(5) for details). --The default location for this file depends on the operating --system.

-- --

Linux: /etc/MailScanner/MailScanner.conf

-- --

FreeBSD: /usr/local/etc/MailScanner/MailScanner.conf

-- --

Other: /opt/MailScanner/etc/MailScanner.conf

-- --

The main process then spawns n number of child --processes. n is configured in [configfile] --with the option "Max Children". Each process waits --for messages to appear in the "Incoming Queue --Dir", processes these messages and then puts them in --the "Outgoing Queue Dir". You may need to adjust --the configuration of your MTA (or the startup of your MTA) --to make it work with MailScanner.

--
-- -- -- -- -- -- -- --
-- --

−v

--
-- --

Prints version information for Mailscanner and all used --perl−modules.

--
-- --

MTA SETUP

-- -- -- -- -- --
--

It is important that your MTA only queues incoming mail --and does not deliver it automatically. You need two mail --queues (incoming and outgoing). Moreover you should setup --two instances of your MTA. One that accepts incoming mail --and puts it to an incoming queue and one that sends out mail --that resides in the outgoing queue.

-- --

A common setup for Sendmail could look like this:

-- --

1. Verify that you already have one queue (e.g. in --/var/spool/mqueue).

-- --

2. Create a second queue (e.g. /var/spool/mqueue.in) and --apply the same owner/group/mode.

-- --

3. Change your sendmail startup from

-- --

sendmail −bd −q15m (or similar)

-- --

to

-- --

sendmail −bd −OPrivacyOptions=noetrn --−ODeliveryMode=queueonly --−OQueueDirectory=/var/spool/mqueue.in
--sendmail −q15m

-- --

A similar setup for Exim could look like this:

-- --

1. Create two queues (e.g. /var/spool/exim.in and --/var/spool/exim.out) with appropriate owner/group/mode (e.g. --owner=mailnull, group=mail, mode=750).

-- --

2. Create two exim configurations (e.g. --/usr/local/etc/exim/configure.in, --/usr/local/etc/exim/configure.out).

-- --

3. Make sure that the incoming exim configuration only --queues mails and never delivers mail itself. This can be --achieved by using the Exim config option "queue_only = --true" and/or a special router definition (Exim 4 --syntax):

-- --

defer_router:
--driver = manualroute
--self = defer
--transport = remote_smtp
--route_list = * 127.0.0.1 byname
--verify = false

-- --

4. Start two exim instances:

-- --

exim −C /usr/local/etc/exim/configure.in
--exim −C /usr/local/etc/exim/configure.out

--
-- --

SEE ALSO

-- -- -- -- -- --
--

MailScanner.conf(5)

--
--
-- -- -+ -+ -+ -+ -+ -+ -+ -+ -+MailScanner -+ -+ -+ -+

MailScanner

-+NAME
-+SYNOPSIS
-+DESCRIPTION
-+MTA SETUP
-+SEE ALSO
-+ -+
-+ -+

NAME

-+ -+ -+ -+ -+ -+
-+

MailScanner − Virus/Spam Scanner for Sendmail, Exim -+and Postfix

-+
-+ -+

SYNOPSIS

-+ -+ -+ -+ -+ -+
-+

MailScanner [−v] -+[−−lint] [−−debug] -+[−−debug−sa] -+[−−help] [configfile]

-+
-+ -+

DESCRIPTION

-+ -+ -+ -+ -+ -+
-+

MailScanner starts the main MailScanner process. -+[configfile] should point to a valid MailScanner -+configuration file (see MailScanner.conf(5) for details). -+The default location for this file depends on the operating -+system.

-+ -+

Linux: /etc/MailScanner/MailScanner.conf

-+ -+

FreeBSD: /usr/local/etc/MailScanner/MailScanner.conf

-+ -+

Other: /opt/MailScanner/etc/MailScanner.conf

-+ -+

The main process then spawns n number of child -+processes. n is configured in [configfile] -+with the option "Max Children". Each process waits -+for messages to appear in the "Incoming Queue -+Dir", processes these messages and then puts them in -+the "Outgoing Queue Dir". You may need to adjust -+the configuration of your MTA (or the startup of your MTA) -+to make it work with MailScanner.

-+
-+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+
-+ -+

−v

-+
-+ -+

Prints version information for Mailscanner and all used -+perl−modules.

-+
-+ -+

−−lint

-+
-+ -+

Checks config file, print what virus scanners you have -+chosen to use and check SpamAssassin configuration as -+well.

-+
-+ -+ -+ -+ -+ -+
-+

−−debug

-+ -+ -+ -+ -+ -+
-+

Starts MailScanner in debug mode. See MailScanner.conf -+"Debug=yes".

-+
-+ -+ -+ -+ -+ -+
-+

−−debug−sa

-+ -+ -+ -+ -+ -+
-+

Starts MailScanner in debug spamassassin mode. See -+MailScanner.conf "Debug SpamAssassin=yes".

-+
-+ -+ -+ -+ -+ -+ -+ -+ -+
-+ -+

−−lint

-+
-+ -+

Test MailScanner config and SpamAssassin config.

-+
-+
-+ -+

MTA SETUP

-+ -+ -+ -+ -+ -+
-+

It is important that your MTA only queues incoming mail -+and does not deliver it automatically. You need two mail -+queues (incoming and outgoing). Moreover you should setup -+two instances of your MTA. One that accepts incoming mail -+and puts it to an incoming queue and one that sends out mail -+that resides in the outgoing queue.

-+ -+

A common setup for Sendmail could look like this:

-+ -+

1. Verify that you already have one queue (e.g. in -+/var/spool/mqueue).

-+ -+

2. Create a second queue (e.g. /var/spool/mqueue.in) and -+apply the same owner/group/mode.

-+ -+

3. Change your sendmail startup from

-+ -+

sendmail −bd −q15m (or similar)

-+ -+

to

-+ -+

sendmail −bd −OPrivacyOptions=noetrn -+−ODeliveryMode=queueonly -+−OQueueDirectory=/var/spool/mqueue.in
-+sendmail −q15m

-+ -+

A similar setup for Exim could look like this:

-+ -+

1. Create two queues (e.g. /var/spool/exim.in and -+/var/spool/exim.out) with appropriate owner/group/mode (e.g. -+owner=mailnull, group=mail, mode=750).

-+ -+

2. Create two exim configurations (e.g. -+/usr/local/etc/exim/configure.in, -+/usr/local/etc/exim/configure.out).

-+ -+

3. Make sure that the incoming exim configuration only -+queues mails and never delivers mail itself. This can be -+achieved by using the Exim config option "queue_only = -+true" and/or a special router definition (Exim 4 -+syntax):

-+ -+

defer_router:
-+driver = manualroute
-+self = defer
-+transport = remote_smtp
-+route_list = * 127.0.0.1 byname
-+verify = false

-+ -+

4. Start two exim instances:

-+ -+

exim −C /usr/local/etc/exim/configure.in
-+exim −C /usr/local/etc/exim/configure.out

-+
-+ -+

SEE ALSO

-+ -+ -+ -+ -+ -+
-+

MailScanner.conf(5)

-+
-+
-+ -+ Index: files/patch-docs:man:MailScanner.conf.5 =================================================================== RCS file: files/patch-docs:man:MailScanner.conf.5 diff -N files/patch-docs:man:MailScanner.conf.5 --- files/patch-docs:man:MailScanner.conf.5 13 Apr 2006 16:42:25 -0000 1.29 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,150 +0,0 @@ ---- ../MailScanner-install-4.52.2.orig/docs/man/MailScanner.conf.5 Thu Apr 13 09:25:25 2006 -+++ docs/man/MailScanner.conf.5 Thu Apr 13 09:25:46 2006 -@@ -1,4 +1,4 @@ --.TH "MailScanner.conf" "5" "4.50.1" "Julian Field" "Mail" -+.TH "MailScanner.conf" "5" "4.52.2" "Julian Field" "Mail" - .SH "NAME" - .LP - MailScanner.conf \- Main configuration for MailScanner -@@ -364,6 +364,22 @@ - Should we use a TNEF decoder (external or Perl module)? This should be "yes" unless the scanner you are using (Sophos, McAfee) has the facility built\-in. However, if you set it to "no", then the filenames within the TNEF attachment will not be checked against the filename rules. - - .TP -+\fBUse TNEF Contents\fR -+Default: replace -+.br -+When the TNEF (winmail.dat) attachments are expanded, should the attachments contained in there be added to the list of attachments in the message? If you set this to "add" or "replace" then recipients of messages sent in "Outlook Rich Text Format" (TNEF) will be able to read the attachments if they are not using Microsoft Outlook. -+.br -+.RS 7 -+.IP \(bu 4 -+no: Leave winmail.dat TNEF attachments alone. -+.IP \(bu 4 -+add: Add the contents of winmail.dat as extra attachments, but also still include the winmail.dat file itself. This will result in TNEF messages being doubled in size. -+.IP \(bu 4 -+replace: Replace the winmail.dat TNEF attachment with the files it contains, and delete the original winmail.dat file itself. This means the message stays the same size, but is usable by non\-Outlook recipients. -+.RE -+ -+ -+.TP - \fBDeliver Unparsable TNEF\fR - Default: no - .br -@@ -423,6 +439,12 @@ - The maximum length of time the "unrar" command is allowed to run for 1 RAR archive (in seconds) - - .TP -+\fBFind UU\-Encoded Files\fR -+Default: no -+.br -+A few viruses store their infected data in UU\-encoded files, to try to catch out virus scanners. This rarely succeeds at all. Setting this option to yes means that you can apply filename and filetype checks to the contents of UU\-encoded files. This may occasionally be useful, in which case you should set to yes. This can also be the filename of a ruleset. -+ -+.TP - \fBBlock Encrypted Messages\fR - Default: no - .br -@@ -521,7 +543,7 @@ - .SH "Virus scanning and vulnerability testing" - .TP - \fBVirus Scanning\fR --Default: yes -+Default: auto - .br - - .br -@@ -529,7 +551,7 @@ - .br - NOTE: Switching this to no completely disables all virus\-scanning functionality. If you just want to switch of actual virus scanning, then set "Virus Scanners = none" instead. - .br --If you want to be able to switch scanning on/off for different users or different domains, set this to the filename of a ruleset. -+If you want to be able to switch scanning on/off for different users or different domains, set this to the filename of a ruleset. If you set this to auto then it searches for and uses every available installed virus scanner. - - .TP - \fBVirus Scanners\fR -@@ -686,6 +708,23 @@ - .br - While detecting "Phishing" attacks, do you also want to point out links to numeric IP addresses. Genuine links to totally numeric IP addresses are very rare, so this option is set to "yes" by default. If a numeric IP address is found in a link, the same phishing warning message is used as in the Find Phishing Fraud option above. This value cannot be the name of a ruleset, only a simple yes or no. - -+.TP -+\fBUse Stricter Phishing Net\fR -+Default: yes -+.br -+ -+.br -+If this is set to yes, then most of the URL in a link must match the destination address it claims to take you to. This is the default as it is a much stronger test and is very hard to maliciously avoid. If this is set to no, then just the company name and country (and any names between the two, dependent on the specific country) must match. This is not as strict as it will not protect you against internal malicious sites based within the company being abused. For example, it would not find www.nasty.company\-name.co.uk pretending to be www.nice.company\-name.co.uk. But it will still detect most phishing attacks of the type www.nasty.co.jp versus www.nice.co.jp. Depending on the country code it knows how many levels of domain need to be checked. This can also be the filename of a ruleset. -+ -+ -+.TP -+\fBHighlight Phishing Fraud\fR -+Default: yes -+.br -+ -+.br -+If a phishing fraud is detected, do you want to highlight the tag with a message stating that the link may be to a fraudulent web site. This can also be the filename of a ruleeset. -+ - - .TP - \fBPhishing Safe Sites File\fR -@@ -695,6 +734,15 @@ - .br - There are some companies, such as banks, that insist on sending out email messages with links in them that are caught by the "Find Phishing Fraud" test described above. This is the name of a file which contains a list of link destinations which should be ignored in the test. This may, for example, contain the known websites of some banks. See the file itself for more information. This can only be the name of the file containing the list, it *cannot* be the filename of a ruleset. - -+.TP -+\fBCountry Sub\-Domains List\fR -+Default: %etc\-dir%/country.domains.conf -+.br -+ -+.br -+.TP -+This file lists all the countries that use 2nd\-level and 3rd\-level domain names to classify distinct types of website within their country. This cannot be the name of a ruleset, it is just a simple setting. -+ - - .TP - \fBAllow IFrame Tags\fR -@@ -1682,7 +1730,7 @@ - .SH "SpamAssassin" - .TP - \fBUse SpamAssassin\fR --Default: no -+Default: yes - .br - - .br -@@ -2113,6 +2161,22 @@ - .RE - - .TP -+\fBSpamAssassin Cache Timings\fR -+Default: 1800,300,10800,172800,600 -+.br -+Do not change this unless you absolutely have to, these numbers have been carefully calculated. They affect the length of time that different types of message are stored in the SpamAssassin cache which can be configured earlier in this file (look for "Cache"). The numbers are all set in seconds. They are: -+.br -+1. Non\-Spam cache lifetime = 30 minutes -+.br -+2. Spam (low scoring) cache lifetime = 5 minutes -+.br -+3. High\-Scoring spam cache lifetime = 3 hours -+.br -+4. Viruses cache lifetime = 2 days -+.br -+5. How often to check the cache for expired messages = 10 minutes -+ -+.TP - \fBDebug\fR - Default: no - .br -@@ -2167,6 +2231,15 @@ - - .br - The value of the option is actually never used, but it is evaluated at the end of processing a batch of messages. It is designed to be used in conjunction with a Custom Function. The Custom Function should then be written to have a "side effect" of doing something useful such as logging lots of information about the batch of messages to a file or an SQL database. -+ -+ -+.TP -+\fBAlways Looked Up Last After Batch\fR -+Default: no -+.br -+ -+.br -+This option is intended for people who want to log per\-batch information. This is evaluated after the "Always Looked Up Last" configuration option for each message in the batch. This is looked up once for the entire batch. Its value is completely ignored, it is purely there to have side effects. If you want to use it, read CustomConfig.pm. - - .TP - \fBDeliver in Background\fR Index: files/patch-docs:man:MailScanner.conf.5.html =================================================================== RCS file: files/patch-docs:man:MailScanner.conf.5.html diff -N files/patch-docs:man:MailScanner.conf.5.html --- files/patch-docs:man:MailScanner.conf.5.html 13 Apr 2006 16:42:25 -0000 1.25 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,14272 +0,0 @@ ---- ../MailScanner-install-4.50.15.orig/docs/man/MailScanner.conf.5.html Tue Feb 7 13:45:34 2006 -+++ docs/man/MailScanner.conf.5.html Tue Feb 7 13:58:55 2006 -@@ -1,7013 +1,7099 @@ -- -- -- -- -- -- -- -- --MailScanner.conf -- -- -- --

MailScanner.conf

--NAME
--SYNOPSIS
--DESCRIPTION
--System Settings
--Incoming Work Dir Settings
--Quarantine and Archive Settings
--Process Incoming Mail
--Options specific to Sophos Anti-Virus
--Virus scanning and vulnerability testing
--Options specific to ClamAV Anti-Virus
--Removing/Logging dangerous or potentially offensive content
--Attachment filename checking
--Reports and responses
--Changes to message headers
--Notifications back to the senders of blocked messages
--Changes to subject line
--Changes to the message body
--Mail archiving and monitoring
--Notices to system administrators
--Definitions of virus scanners and spam detectors
--Spam detection and spam lists (DNS blocklists)
--SpamAssassin
--Custom Spam Scanner Plugin
--What to do with spam
--System logging
--Advanced SpamAssassin Settings
--Advanced Settings
--RULESETS
--ATTACHMENT FILENAME RULESET
--SEE ALSO
-- --
-- --

NAME

-- -- -- -- -- --
--

MailScanner.conf − Main configuration for --MailScanner

--
-- --

SYNOPSIS

-- -- -- -- -- --
--

none

--
-- --

DESCRIPTION

-- -- -- -- -- --
--

MailScanner is configured using the file --MailScanner.conf. The location of this file varies from --operating system to operating system:

--
-- -- -- -- -- -- -- -- --
-- --

Linux:

--
-- --

/etc/MailScanner

--
--
-- -- -- -- -- --
--

FreeBSD: /usr/local/etc/MailScanner
--Other: /opt/MailScanner/etc

-- --

Blank lines are ignored, as are leading and trailing --spaces. Comments start at a ’#’ character and --extend to the end of the line. All options are expressed in --the form

-- --

option = value

-- --

Many of the options can also be the filename of a --ruleset, which can be used to control features depending on --the addresses of the message, and/or the IP address where --the message came from. You will find some examples of --rulesets and an explanation of them in the "rules" --directories within the MailScanner installation and in the --section "RULESETS" later in this manpage.

-- --

The options are best listed in a few categories. If this --list looks very large then don’t worry, the supplied --MailScanner.conf file (or MailScanner.conf.sample) contains --sensible defaults for all the values. You will probably only --need to change a very few of them to start with.

-- --

Starting with version 4.40.10 of MailScanner you can use --shell environment variables such as $HOSTNAME or ${HOSTNAME} --in MailScanner.conf and its relatives.

-- --

You should define the following variables:

--
-- -- -- -- -- --
--

%report−dir%

-- -- -- -- -- --
--

Default: /opt/MailScanner/etc/reports/en
--Default FreeBSD: /usr/local/share/MailScanner/reports/en

-- --

Set the directory containing all the reports in the --required language.

--
-- -- -- -- -- --
--

%etc−dir%

-- -- -- -- -- --
--

Default: /opt/MailScanner/etc
--Default FreeBSD: /usr/local/etc/MailScanner

-- --

Configuration directory containing this file

--
-- -- -- -- -- --
--

%rules−dir%

-- -- -- -- -- --
--

Default: /opt/MailScanner/etc/rules
--Default FreeBSD: /usr/local/etc/MailScanner/rules

-- --

Rulesets directory containing your ".rules" --files

--
-- -- -- -- -- --
--

%org−name%

-- -- -- -- -- --
--

Default: yoursite

-- --

Enter a short identifying name for your organisation --below, this is used to make the X−MailScanner headers --unique for your organisation. Multiple servers within one --site should use an identical value here to avoid adding --multiple redundant headers where mail has passed through --several servers within your organisation.
--Note: Some Symantec scanners complain (incorrectly) about --"." characters appearing in the names of --headers.

--
-- -- -- -- -- --
--

%org−long−name%

-- -- -- -- -- --
--

Default: Your Organisation Name Here

-- --

Enter the full name of your organisation below, this is --used in the signature placed at the bottom of report --messages sent by MailScanner. It can include pretty much any --text you like. You can make the result span several lines by --including "0 sequences in the text. These will be --replaced by line−breaks.

--
-- -- -- -- -- --
--

%web−site%

-- -- -- -- -- --
--

Default: www.your−organisation.com

-- --

Enter the location of your organisation’s web site --below. This is used in the signature placed at the bottom of --report messages sent by MailScanner. It should preferably be --the location of a page that you have written explaining why --you might have rejected the mail and what the recipient --and/or sender should do about it.

--
-- --

System Settings

-- -- -- -- -- --
--

Max Children

-- -- -- -- -- --
--

Default: 5

-- --

MailScanner uses your server efficiently by running --several identical processes at the same time, all processing --mail. This is the number of these processes to run at once. --Turning this figure will optimise the performance of your --system if you process a lot of mail. A good figure to start --with is 5 children per CPU. So if you have 4 CPUs in your --server, start by setting this to 20.

--
-- -- -- -- -- --
--

Run as User

-- -- -- -- -- --
--

Default: not to change user

-- --

Provided for Exim users (and anyone not running sendmail --as root), this changes the user under which MailScanner --runs.

--
-- -- -- -- -- --
--

Run as Group

-- -- -- -- -- --
--

Default: not to change group

-- --

Provided for Exim users (and anyone not running sendmail --as root), this changes the group under which MailScanner --runs.

--
-- -- -- -- -- --
--

Queue Scan Interval

-- -- -- -- -- --
--

Default: 5

-- --

How often (in seconds) should each process check the --incoming mail queue for new messages? If you have a quiet --mail server, you might want to increase this value so it --causes less load on your server, at the cost of slightly --increasing the time taken for an average message to be --processed.

--
-- -- -- -- -- --
--

Incoming Queue Dir

-- -- -- -- -- --
--

Default: /var/spool/mqueue.in

-- --

Directory in which MailScanner should find e−mail --messages for scanning. This can be any of the following:

--
-- -- -- -- -- -- -- -- --
-- --

1.

--
-- --

a directory name.

--
--
-- -- -- -- -- --
--

Example: /var/spool/mqueue.in

--
-- -- -- -- -- -- -- -- --
-- --

2.

--
-- --

a wildcard giving directory names.

--
--
-- -- -- -- -- --
--

Example: /var/spool/mqueue.in/*

--
-- -- -- -- -- -- -- --
-- --

3.

--
-- --

the name of a file containing a list of directory names, --which can in turn contain wildcards.

--
-- -- -- -- -- --
--

Example: --/usr/local/etc/MailScanner/mqueue.in.list.conf

-- -- -- -- -- --
--

Outgoing Queue Dir

-- -- -- -- -- --
--

Default: /var/spool/mqueue

-- --

Directory in which MailScanner should place scanned --e−mail messages. This can also be the filename of a --ruleset.

--
-- -- -- -- -- --
--

Incoming work dir

-- -- -- -- -- --
--

Default: /opt/MailScanner/var/incoming
--Default FreeBSD: /var/spool/MailScanner/incoming

-- --

Directory in which to temporarily store unpacked MIME --messages during scanning process.

--
-- -- -- -- -- --
--

Quarantine Dir

-- -- -- -- -- --
--

Default: /opt/MailScanner/var/quarantine
--Default FreeBSD: /var/spool/MailScanner/quarantine

-- --

Set where to store infected messages and attachments (if --they are kept). This can also be the filename of a --ruleset.

--
-- -- -- -- -- --
--

PID file

-- -- -- -- -- --
--

Default: /opt/MailScanner/var/MailScanner.pid
--Default FreeBSD: /var/run/MailScanner.pid

-- --

Set where to store the process id number so you can stop --MailScanner. In the FreeBSD port this should remain --/var/run/MailScanner.pid in order for the start/stop script --to work.

--
-- -- -- -- -- --
--

Restart Every

-- -- -- -- -- --
--

Default: 14400

-- --

To avoid resource leaks the MailScanner parent process --stops and restarts its child processes from time to time. --Set the amount of seconds each child process is supposed to --live here.

--
-- -- -- -- -- -- -- -- --
-- --

MTA

--
-- --

Default: sendmail

--
--
-- -- -- -- -- --
--

MailScanner works with sendmail and exim. Since the queue --handling differs a bit, you have to tell MailScanner which --MTA you are using. Valid options are sendmail and exim.

--
-- -- -- -- -- --
--

Sendmail

-- -- -- -- -- --
--

Default: /usr/lib/sendmail
--Default FreeBSD: /usr/sbin/sendmail

-- --

Set how to invoke MTA when sending messages MailScanner --has created (e.g. to sender/recipient saying "found a --virus in your message"). This can also be the filename --of a ruleset.

--
-- -- -- -- -- --
--

Sendmail2

-- -- -- -- -- --
--

Default: same value as the Sendmail setting

-- --

Sendmail2 is provided for exim users. It is the command --used to attempt delivery of outgoing cleaned/disinfected --messages. This is not usually required for sendmail.
--For Exim users this could be: Sendmail2 = /usr/sbin/exim --−C /usr/local/etc/exim/configure.out

--
-- --

Incoming Work Dir Settings

-- -- -- -- -- --
--

You should not normally need to touch these settings at --all, unless you are using ClamAV and need to be able to use --the external archive unpackers instead of ClamAV’s --built−in ones.

--
-- -- -- -- -- --
--

Incoming Work User

-- -- -- -- -- --
--

Default:

-- --

If you want to create the temporary working files so they --are owned by a user other than the "Run As User" --setting, you can change that here. Note: If the "Run As --User" is not "root" then you cannot change --the user but may still be able to change the group, if the --"Run As User" is a member of both of the groups --"Run As Group" and "Incoming Work --Group".

--
-- -- -- -- -- --
--

Incoming Work Group

-- -- -- -- -- --
--

Default:

-- --

If you want to create the temporary working files so they --are owned by a group other than the "Run As User" --setting, you can change that here. Note: If the "Run As --User" is not "root" then you cannot change --the user but may still be able to change the group, if the --"Run As User" is a member of both of the groups --"Run As Group" and "Incoming Work --Group".

--
-- -- -- -- -- --
--

Incoming Work Permissions

-- -- -- -- -- --
--

Default: 0600

-- --

If you want processes running under the same *group* as --MailScanner to be able to read the working files (and list --what is in the directories, of course), set to 0640. If you --want *all* other users to be able to read them, set to 0644. --For a detailed description, if you’re not already --familiar with it, refer to ‘man 2 chmod‘. --Typical use: external helper programs of virus scanners --(notably ClamAV), like unpackers. Use with care, you may --well open security holes.

--
-- --

Quarantine and Archive Settings

-- -- -- -- -- --
--

If, for example, you are using a web interface so that --users can manage their quarantined files, you might want to --change the ownership and permissions of the quarantined so --that they can be read and/or deleted by the web server. --Don’t touch this unless you know what you are --doing!

--
-- -- -- -- -- --
--

Quarantine User

-- -- -- -- -- --
--

Default:

-- --

If you want to create the quarantine/archive so the files --are owned by a user other than the "Run As User" --setting at the top of this file, you can change that here. --Note: If the "Run As User" is not "root" --then you cannot change the user but may still be able to --change the group, if the "Run As User" is a member --of both of the groups "Run As Group" and --"Quarantine Group".

--
-- -- -- -- -- --
--

Quarantine Group

-- -- -- -- -- --
--

Default:

-- --

If you want to create the quarantine/archive so the files --are owned by a user other than the "Run As User" --setting at the top of this file, you can change that here. --Note: If the "Run As User" is not "root" --then you cannot change the user but may still be able to --change the group, if the "Run As User" is a member --of both of the groups "Run As Group" and --"Quarantine Group".

--
-- -- -- -- -- --
--

Quarantine Permissions

-- -- -- -- -- --
--

Default: 0600

-- --

If you want processes running under the same *group* as --MailScanner to be able to read the quarantined files (and --list what is in the directories, of course), set to 0640. If --you want *all* other users to be able to read them, set to --0644. For a detailed description, if you’re not --already familiar with it, refer to ‘man 2 --chmod‘. Typical use: let the webserver have access to --the files so users can download them if they really want to. --Use with care, you may well open security holes.

--
-- --

Process Incoming Mail

-- -- -- -- -- --
--

Max Unscanned Bytes Per Scan

-- -- -- -- -- --
--

Default: 100000000

-- --

MailScanner handles messages in batches for efficiency. --Messages are gathered (in strict date order) from the --incoming queue directory, one at a time, until this or one --of the following three limits is reached or the queue is --empty.

-- --

This setting limits the total size of messages per batch --for which no scanning is done (i.e. Virus Scanning = --no).

--
-- -- -- -- -- --
--

Max Unsafe Bytes per Scan

-- -- -- -- -- --
--

Default: 50000000

-- --

This setting limits the total size of messages per batch --for which scanning is done (i.e. Virus Scanning = yes).

--
-- -- -- -- -- --
--

Max Unscanned Messages Per Scan

-- -- -- -- -- --
--

Default: 100

-- --

This setting limits the total number of messages per --batch for which no scanning is done (i.e. Virus Scanning = --no).

--
-- -- -- -- -- --
--

Max Unsafe Messages per Scan

-- -- -- -- -- --
--

Default: 100

-- --

This setting limits the total number of messages per --batch for which scanning is done (i.e. Virus Scanning = --yes).

--
-- -- -- -- -- --
--

Max Normal Queue Size

-- -- -- -- -- --
--

Default: 1000

-- --

If more messages are found in the queue than this, then --switch to an "accelerated" mode of processing --messages. This will cause it to stop scanning messages in --strict date order, but in the order it finds them in the --queue. If your queue is bigger than this size a lot of the --time, then some messages could be greatly delayed. So treat --this option as "in emergency only".

--
-- -- -- -- -- --
--

Scan Messages

-- -- -- -- -- --
--

Default: yes

-- --

If this is set to yes, then email messages passing --through MailScanner will be processed and checked, and all --the other options in this file will be used to control what --checks are made on the message. If this is set to no, then --email messages will NOT be processed or checked *at all*, --and so any viruses or other problems will be ignored.

--
-- -- -- -- -- --
--

Reject Messages

-- -- -- -- -- --
--

Default: no

-- --

You may not want to receive mail from certain addresses --and/or to certain addresses. If so, you can do this with --your email transport (sendmail, Postfix, etc) but that will --just send a one−line message which is not helpful to --the user sending the message. If this is set to yes, then --the message set by the "Rejection Report" will be --sent instead, and the incoming message will be deleted. If --you want to store a copy of the original incoming message --then use the "Archive Mail" setting to archive a --copy of it. The purpose of this option is to set it to be a --ruleset, so that you can reject messages from a few --offending addresses where you need to send a polite reply --instead of just a brief 1−line rejection message.

--
-- -- -- -- -- --
--

Maximum Attachments Per Message

-- -- -- -- -- --
--

Default: 200

-- --

The maximum number of attachments allowed in a message --before it is considered to be an error. Some email systems, --if bouncing a message between 2 addresses repeatedly, add --information about each bounce as an attachment, creating a --message with thousands of attachments in just a few minutes. --This can slow down or even stop MailScanner as it uses all --available memory to unpack these thousands of attachments. --This can also be the filename of a ruleset.

--
-- -- -- -- -- --
--

Expand TNEF

-- -- -- -- -- --
--

Default: yes

-- --

TNEF is primarily used by Microsoft programs such as --Outlook and Outlook Express when mails are formatted/sent in --Rich−Text−Format. Attachments are all put --together in one WINMAIL.DAT file.

-- --

Should we use a TNEF decoder (external or Perl module)? --This should be "yes" unless the scanner you are --using (Sophos, McAfee) has the facility built−in. --However, if you set it to "no", then the filenames --within the TNEF attachment will not be checked against the --filename rules.

--
-- -- -- -- -- --
--

Deliver Unparsable TNEF

-- -- -- -- -- --
--

Default: no

-- --

Rich Text format attachments produced by some versions of --Microsoft Outlook cannot be completely decoded at present. --Setting this option to yes allows compatibility with the --behaviour of earlier versions where these attachments were --still delivered. This would introduce the slight chance of a --virus getting through in the segment of the attachment that --could not be decoded, but the setting may be necessary if --you have a large number of Microsoft Outlook users who are --troubled by the new behaviour.

--
-- -- -- -- -- --
--

TNEF Expander

-- -- -- -- -- --
--

Default: /opt/MailScanner/bin/tnef
--Default FreeBSD: /usr/local/bin/tnef

-- --

Full pathname giving location of the MS−TNEF --expander/decoder program, or the keyword internal which will --force use of the optional Perl Convert::TNEF module instead --of the external program.

--
-- -- -- -- -- --
--

TNEF Timeout

-- -- -- -- -- --
--

Default: 120

-- --

The maximum length of time (in seconds) the TNEF Expander --is allowed to run for diassembling one attachment.

--
-- -- -- -- -- --
--

File Command

-- -- -- -- -- --
--

Default: /usr/bin/file

-- --

Where the "file" command is installed. This is --used for checking the content type of files, regardless of --their filename. To disable Filetype checking, set this value --to blank.

--
-- -- -- -- -- --
--

File Timeout

-- -- -- -- -- --
--

Default: 20

-- --

The maximum length of time the "file" command --is allowed to run for one batch of messages (in --seconds).

--
-- -- -- -- -- --
--

Unrar Command

-- -- -- -- -- --
--

Default: /usr/bin/unrar

-- --

Where the "unrar" command is installed. If you --haven’t got this command, look at www.rarlab.com. This --is used for unpacking rar archives so that the contents can --be checked for banned filenames and filetypes, and also that --the archive can be tested to see if it is --password−protected. Virus scanning the contents of rar --archives is still left to the virus scanner, with one --exception: If using the clavavmodule virus scanner, this --adds external RAR checking to that scanner which is needed --for archives which are RAR version 3.

--
-- -- -- -- -- --
--

Unrar Timeout

-- -- -- -- -- --
--

Default: 50

-- --

The maximum length of time the "unrar" command --is allowed to run for 1 RAR archive (in seconds)

--
-- -- -- -- -- --
--

Block Encrypted Messages

-- -- -- -- -- --
--

Default: no

-- --

This is inteded for use with a ruleset to ensure that --none of your users is covertly mailing sites with which you --would not normally communicate (e.g. your competitors). If --this is set to yes (or the ruleset evaluates to yes) --encrypted messages are blocked.

--
-- -- -- -- -- --
--

Block Unencrypted Messages

-- -- -- -- -- --
--

Default: no

-- --

This is intended for use with a ruleset to ensure that --mail is always encrypted before being sent. This could be --used to ensure that mail to your business partners is sent --securely.

--
-- -- -- -- -- --
--

Allow Password−Protected Archives

-- -- -- -- -- --
--

Default: no

-- --

Should archives which contain any --password−protected files be allowed? Leaving this set --to "no" is a good way of protecting against all --the protected zip files used by viruses at the moment. This --can also be the filename of a ruleset.

--
-- -- -- -- -- --
--

Maximum Message Size

-- -- -- -- -- --
--

Default: 0

-- --

The maximum size, in bytes, of any message including the --headers. If this is set to zero, then no size checking is --done. This can also be the filename of a ruleset, so you can --have different settings for different users. You might want --to set this quite small for dialup users so their email --applications don’t time out downloading huge --messages.

--
-- -- -- -- -- --
--

Maximum Attachment Size

-- -- -- -- -- --
--

Default: −1

-- --

The maximum size, in bytes, of any attachment in a --message. If this is set to zero, effectively no attachments --are allowed. If this is set less than zero, then no size --checking is done. This can also be the filename of a --ruleset, so you can have different settings for different --users. You might want to set this quite small for large --mailing lists so they don’t get deluged by large --attachments.

--
-- -- -- -- -- --
--

Maximum Archive Depth

-- -- -- -- -- --
--

Default: 3

-- --

The maximum depth to which zip archives will be unpacked --to allow for checking filenames and filetypes within zip --archives. Setting this to 0 will disable --filename/−type checks within zip files while still --allowing to block password protected zip files.

--
-- -- -- -- -- --
--

Find Archives By Content

-- -- -- -- -- --
--

Default: yes

-- --

Find zip archives by filename or by file contents? --Finding them by content is a far more reliable way of --finding them, but it does mean that you cannot tell your --users to avoid zip file checking by renaming the file from --".zip" to "_zip" and tricks like that. --Only set this to no (i.e. check by filename only) if you --don’t want to reliably check the contents of zip --files. Note this does not affect virus checking, but it will --affect all the other checks done on the contents of the zip --file. This can also be the filename of a ruleset.

--
-- --

Options specific to Sophos Anti-Virus

-- -- -- -- -- --
--

Allowed Sophos Error Messages

-- -- -- -- -- --
--

Default:

-- --

Anything on the next line that appears in brackets at the --end of a line of output from Sophos will cause the --error/infection to be ignored. Use of this option is --dangerous, and should only be used if you are having trouble --with lots of corrupt PDF files, for example. This option --allows for multiple strings as well. In this case, the --strings should be put in double quotes (") and each --string separated with commas. Examples:
--Allowed Sophos Error Messages = corrupt format not --supported
--Allowed Sophos Error Messages = "corrupt", --"format not supported"

-- --

The first version will match "corrupt format not --supported" only. The second version will match --"corrupt" and "format not --supported".

--
-- -- -- -- -- --
--

Sophos IDE Dir

-- -- -- -- -- --
--

Default: /usr/local/Sophos/ide

-- --

The directory (or a link to it) containing all the Sophos --*.ide files. This is only used by the "sophossavi" --virus scanner, and is irrelevant for all other scanners.

--
-- -- -- -- -- --
--

Sophos Lib Dir

-- -- -- -- -- --
--

Default: /usr/local/Sophos/lib

-- --

The directory (or a link to it) containing all the Sophos --*.so libraries.This is only used by the --"sophossavi" virus scanner, and is irrelevant for --all other scanners.

--
-- -- -- -- -- --
--

Monitors For Sophos Updates

-- -- -- -- -- --
--

Default: /usr/local/Sophos/ide/*ides.zip

-- --

SophosSAVI only: monitor each of these files for changes --in size to detect when a Sophos update has happened. The --date of the Sophos Lib Dir is also monitored. This is only --used by the "sophossavi" virus scanner, not the --"sophos" scanner setting.

--
-- --

Virus scanning and vulnerability testing

-- -- -- -- -- --
--

Virus Scanning

-- -- -- -- -- --
--

Default: yes

-- --

Do you want to scan email for viruses? A few people --don’t have virus scanner licence and so want to --disable all the virus scanning.
--NOTE: Switching this to no completely disables all --virus−scanning functionality. If you just want to --switch of actual virus scanning, then set "Virus --Scanners = none" instead.
--If you want to be able to switch scanning on/off for --different users or different domains, set this to the --filename of a ruleset.

--
-- -- -- -- -- --
--

Virus Scanners

-- -- -- -- -- --
--

Default: none

-- --

Which Virus Scanning package to use. Possible choices are --sophos, sophossavi, mcafee, command, bitdefender, kaspersky, --kaspersky−4.5, kavdaemonclient, inoculate, inoculan, --nod32, nod32−1.99, f−secure, f−prot, --panda, rav, antivir, clamav, clamavmodule, css, trend, --norman, avg, vexira, symscanengine, generic, none (no virus --scanning at all). This *cannot* be the filename of a --ruleset.

-- --

Note for McAfee users: Do NOT use any symlinks with --McAfee at all. It is very strange but McAfee may not detect --all viruses when started from a symlink or scanning a --directory path including symlinks.

-- --

Note: If you want to use multiple virus scanners, then --this should be a space−separated list of virus --scanners.

-- --

Note: Make sure that you check that the base installation --directory in the 3rd column of virus.scanners.conf matches --the location you have installed each of your virus scanners. --The supplied virus.scanners.conf file assumes the default --installation locations recommended by each of the virus --scanner installation guides.

--
-- -- -- -- -- --
--

Virus Scanner Timeout

-- -- -- -- -- --
--

Default: 300

-- --

The maximum time (in seconds) that the cirus scanner is --allowed to take to scan one batch of messages.

--
-- -- -- -- -- --
--

Deliver Disinfected Files

-- -- -- -- -- --
--

Default: yes

-- --

Should infected attached documents be automatically --disinfected and sent on to the original recipients? Less --than 1% of viruses in the wild can be successfully --disinfected,as macro viruses are now a rare occurrence. So --the default has been changed to "no" as it gives a --significant performance improvement.

--
-- -- -- -- -- --
--

Silent Viruses

-- -- -- -- -- --
--

Default: HTML−IFrame All−Viruses

-- --

Messages whose virus reports contain any of the words --listed here will be treated as "silent" viruses. --No messages will be sent back to the senders of these --viruses, and the delivery to the recipient of the message --can be controlled by the next option "Still Deliver --Silent Viruses". This is primarily designed for viruses --such as "Klez" and "Bugbear" which put --fake addresses on messages they send, so there is no point --informing the sender of the message, as it won’t --actually be them who sent it anyway. Other words that can be --put in this list are the 5 special keywords

--
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
-- --

--
-- --

HTML−IFrame: inserting this will stop senders --being warned about HTML Iframe tags, when they are not --allowed.

--
-- --

--
-- --

HTML−Codebase: inserting this will stop senders --being warned about HTML Object Codebase tags, when they are --not allowed.

--
-- --

--
-- --

Zip−Password: inserting this will stop senders --being warned about password−protected zip files when --they are not allowd. This keyword is not needed if you --include All−Viruses.

--
-- --

--
-- --

All−Viruses: inserting this will stop senders --being warned about any virus, while still allowing you to --warn senders about HTML−based attacks. This includes --Zip−Password so you don’t need to include --both.

--
-- -- -- -- -- --
--

The default of "All−Viruses" means that --no senders of viruses will be notified (as the sender --address is always forged these days anyway), but anyone who --sends a message that is blocked for other reasons will still --be notified.

-- -- -- -- -- --
--

Still Deliver Silent Viruses

-- -- -- -- -- --
--

Default: no

-- --

If this is set to yes then disinfected messsages that --originally contained one of the "silent" viruses --will still be delivered to the original recipients, even --those addresses were chosen at random by the infected PC and --do not correspond to anything a user intended to send. Set --this to yes so that your users (and your management) --appreciate how much MailScanner is doing to protect them, --but set it to no if they complain a lot about receiving lots --of virus warnings.

--
-- -- -- -- -- --
--

Non−Forging Viruses

-- -- -- -- -- --
--

Default: Joke/ OF97/ WM97/ W97M/

-- --

Strings listed here will be searched for in the output of --the virus scanners. It works to achieve the opposite effect --of the "Silent Viruses" listed above. If a string --here is found in the output of the virus scanners, then the --message will be treated as if it were not infected with a --"Silent Virus". If a message is detected as both a --silent virus and a non−forging virus, then the --non−forging status will override the silent status. In --simple terms, you should list virus names (or parts of them) --that you know do *not* forge the From address. A good --example of this is a document macro virus or a Joke program. --Another word that can be put in this list is the special --keyword "Zip−.Password". Inserting this will --cause senders to be warned about password−protected --zip files, whey they are not allowed.

--
-- --

Options specific to ClamAV Anti-Virus

-- -- -- -- -- --
--

Monitors for ClamAV Updates

-- -- -- -- -- --
--

Default: /usr/local/share/clamav/*.cvd

-- --

ClamAVModule only: monitor each of these files for --changes in size to detect when a ClamAV update has happened. --This is only used by the "clamavmodule" virus --scanner, not the "clamav" scanner setting.

--
-- -- -- -- -- --
--

ClamAVmodule Maximum Recursion Level

-- -- -- -- -- --
--

Default: 5

-- --

ClamAVModule only: The maximum recursion level of --archives. This setting *cannot* be the filename of a --ruleset, only a simple number.

--
-- -- -- -- -- --
--

ClamAVmodule Maximum Files

-- -- -- -- -- --
--

Default: 100

-- --

ClamAVModule only: The maximum number of files per batch. --This setting *cannot* be the filename of a ruleset, only a --simple number.

--
-- -- -- -- -- --
--

ClamAVmodule Maximum File Size

-- -- -- -- -- --
--

Default: 10000000

-- --

ClamAVModule only: The maximum file of each file (Default --= 10MB). This setting *cannot* be the filename of a ruleset, --only a simple number.

--
-- -- -- -- -- --
--

ClamAVmodule Maximum Compression Ratio

-- -- -- -- -- --
--

Default: 250

-- --

ClamAVModule only: The maximum compression ration of --archives. This setting *cannot* be the filename of a --ruleset, only a simple number.

--
-- --

Removing/Logging dangerous or potentially offensive content

-- -- -- -- -- --
--

Allow Partial Messages

-- -- -- -- -- --
--

Default: no

-- --

Do you want to allow partial messages, which only contain --a fraction of the attachments, not the whole thing? There is --no way that "partial messages" can be scanned for --viruses properly, as only a fragment of the message is ever --processed, never the whole message at once.
--Setting this option to yes is very dangerous as it --can let viruses in. But you might want to use a ruleset to --set it for some customers’ outgoing mail, for --example.

--
-- -- -- -- -- --
--

Allow External Message Bodies

-- -- -- -- -- --
--

Default: no

-- --

There is a mechanism, very rarely used, in which the body --of a message is contained on a remote server, which the --user’s email application should download when it --displays the message. Currently, I am only aware of this --feature being supported by a few versions of Netscape, and --the only people who use it are the IETF. There is no way to --guarantee that the fetched file has no viruses in it, as --MailScanner never sees it.
--Setting this option to yes is very dangerous as it --can let viruses in from remote "message body --servers".

--
-- -- -- -- -- --
--

Find Phishing Fraud

-- -- -- -- -- --
--

Default: yes

-- --

Do you want to check for "Phishing" attacks? --These are attacks that look like a genuine email message --from your bank, which contain a link to click on to take you --to the web site where you will be asked to type in personal --information such as your account number or credit card --details. Except it is not the real bank’s web site at --all, it is a very good copy of it run by thieves who want to --steal your personal information or credit card details. --These can be spotted because the real address of the link in --the message is not the same as the text that appears to be --the link. Note: This does cause significant extra load, --particularly on systems receiving lots of spam such as --secondary MX hosts. This *cannot* be the filename of a --ruleset, it must be ’yes’ or --’no’.

--
-- -- -- -- -- --
--

Also Find Numeric Phishing

-- -- -- -- -- --
--

Default: yes

-- --

While detecting "Phishing" attacks, do you also --want to point out links to numeric IP addresses. Genuine --links to totally numeric IP addresses are very rare, so this --option is set to "yes" by default. If a numeric IP --address is found in a link, the same phishing warning --message is used as in the Find Phishing Fraud option above. --This value cannot be the name of a ruleset, only a simple --yes or no.

--
-- -- -- -- -- --
--

Phishing Safe Sites File

-- -- -- -- -- --
--

Default: %etc−dir%/phishing.safe.sites.conf

-- --

There are some companies, such as banks, that insist on --sending out email messages with links in them that are --caught by the "Find Phishing Fraud" test described --above. This is the name of a file which contains a list of --link destinations which should be ignored in the test. This --may, for example, contain the known websites of some banks. --See the file itself for more information. This can only be --the name of the file containing the list, it *cannot* be the --filename of a ruleset.

--
-- -- -- -- -- --
--

Allow IFrame Tags

-- -- -- -- -- --
--

Default: no

-- --

Do you want to allow HTML <IFrame> tags in email --messages? This is not a good idea as it allows various --Microsoft Outlook security vulnerabilities to go --unprotected, but if you have a load of mailing lists sending --them, then you will want to allow them to keep your users --happy. This can also be the filename of a ruleset, so you --can allow them from known mailing lists but ban them from --everywhere else. Possible Values:

--
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
-- --

--
-- --

yes => Allow these tags to be in the message

--
-- --

--
-- --

no => Ban messages containing these tags

--
-- --

--
-- --

disarm => Allow these tags, but stop these tags from --working

--
-- -- -- -- -- --
--

Log IFrame Tags

-- -- -- -- -- --
--

Default: no

-- -- -- -- -- --
--

You may receive complaints from your users that HTML --mailing lists they subscribe to have been stopped by the --"Allow IFrame Tags" option above. So before you --use the option above, set this option to "yes" and --MailScanner will log the senders all messages which contain --IFrame tags. You can then setup a ruleset for the option --above which will allow IFrame tags in messages sent by well --known (and trusted) mailing lists, while banning them from --everywhere else.

--
-- -- -- -- -- --
--

Allow Form Tags

-- -- -- -- -- --
--

Default: disarm

-- --

Do you want to allow <Form> tags in email messages? --This is a bad idea as these are used as scams to persuade --people to part with credit card information and other --personal data. This can also be the filename of a ruleset. --Possible values:

--
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
-- --

--
-- --

yes => Allow these tags to be in the message

--
-- --

--
-- --

no => Ban messages containing these tags

--
-- --

--
-- --

disarm => Allow these tags, but stop these tags from --working

--
-- -- -- -- -- --
--

Allow Script Tags

-- -- -- -- -- --
--

Default: no

-- -- -- -- -- --
--

Do you want to allow <Script> tags in email --messages? This is a bad idea as these are used to exploit --vulnerabilities in email applications and web browsers. This --can also be the filename of a ruleset. Possible --values:

-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
-- --

--
-- --

yes => Allow these tags to be in the message

--
-- --

--
-- --

no => Ban messages containing these tags

--
-- --

--
-- --

disarm => Allow these tags, but stop these tags from --working

--
-- -- -- -- -- --
--

Allow WebBugs

-- -- -- -- -- --
--

Default: disarm

-- -- -- -- -- --
--

Do you want to allow <Img> tags with very small --images in email messages? This is a bad idea as these are --used as ’web bugs’ to find out if a message has --been read. It is not dangerous, it is just used to make you --give away information. This can also be the filename of a --ruleset. Possible values:

-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
-- --

--
-- --

yes => Allow these tags to be in the message

--
-- --

--
-- --

no => Ban messages containing these tags

--
-- --

--
-- --

disarm => Allow these tags, but stop these tags from --working

--
-- -- -- -- -- --
--

Allow Object Codebase Tags

-- -- -- -- -- --
--

Default: no

-- -- -- -- -- --
--

Do you want to allow <Object Codebase=...> tags in --email messages? This is a bad idea as it leaves you --unprotected against various Microsoft−specific --security vulnerabilities. But if your users demand it, you --can do it. This can also be the filename of a ruleset. --Possible values:

-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
-- --

--
-- --

yes => Allow these tags to be in the message

--
-- --

--
-- --

no => Ban messages containing these tags

--
-- --

--
-- --

disarm => Allow these tags, but stop these tags from --working

--
-- -- -- -- -- --
--

Convert Dangerous HTML To Text

-- -- -- -- -- --
--

Default: no

-- -- -- -- -- --
--

This option interacts with the "Allow ... Tags" --options above like this:

-- --

Allow...Tags Convert Danger... Action
--============ ================= --============================
--no no Blocked
--no yes Blocked
--disarm no Specified HTML tags disarmed
--disarm yes Specified HTML tags disarmed
--yes no Nothing
--yes yes All HTML tags stripped

-- --

If an "Allow ... Tags = yes" is triggered by a --message, and this "Convert Dangerous HTML To Text" --is set to "yes", then the HTML message will be --converted to plain text. This makes the HTML harmless, while --still allowing your users to see the text content of the --messages. Note that all graphical content will be --removed.

--
-- -- -- -- -- --
--

Convert HTML To Text

-- -- -- -- -- --
--

Default: no

-- --

If you have users who are children, or who are offended --by things like pornographic spam email, you can protect them --by converting incoming HTML email messages into plain text. --HTML attachments will not be affected. You could set this to --be a ruleset so you only convert messages addressed to some --of your users, or not convert messages from some known --trusted sources. This can be essential if you have a --"duty of care" for some of your users.

--
-- -- -- -- -- --
--

Allow Form Tags

-- -- -- -- -- --
--

Default: no

-- --

Do you want to allow <Form> tags in email messages? --This is a bad idea as these are used as scams to pursuade --people to part with credit card information and other --personal data. This can also be the filename of a --ruleset.

--
-- --

Attachment filename checking

-- -- -- -- -- --
--

Allow Filenames

-- -- -- -- -- --
--

Default:

-- --

Allow any attachment filenames matching any of the --patters listed here. If this setting is empty, it is ignored --and no matches are made. This can also be the filename of a --ruleset.

-- --

To simplify web−based configuration systems, there --are now two extra settings here. They are both intended for --use with normal rulesets that you would expect to find in --%rules−dir%. The first gives a list of patterns to --match against the attachment filenames, and a filename is --allowed if it matches any of these patterns. The second --gives the the equivalent list for patterns that are used to --deny filenames. If either of these match at all, then --filename.rules.conf is ignored for that filename. So you can --easily have a set like this:

-- --

Allow Filenames = .txt$ .pdf$
--Deny Filenames = .com$ .exe$ .cpl$ .pif$

-- --

which is a lot simpler than having to handle --filename.rules.conf! It is far simpler when you want to --change the allowed+denied list for different --domains/addresses, as you can use the filename of a simple --ruleset here instead.

--
-- -- -- -- -- --
--

Deny Filenames

-- -- -- -- -- --
--

Default:

-- --

Deny any attachment filenames matching any of the patters --listed here. If this setting is empty, it is ignored and no --matches are made. This can also be the filename of a --ruleset.

--
-- -- -- -- -- --
--

Filename Rules

-- -- -- -- -- --
--

Default: %etc−dir%/filename.rules.conf

-- --

File in which to store the attachment filename ruleset. --This can be a ruleset allowing different filename rules to --apply to different users or domains. The syntax of this file --is described in section "Attachment Filename --Ruleset".

--
-- -- -- -- -- --
--

Allow Filetypes

-- -- -- -- -- --
--

Default:

-- --

Allow any attachment filetypes matching any of the --patters listed here. If this setting is empty, it is ignored --and no matches are made. This can also be the filetype of a --ruleset.

-- --

To simplify web−based configuration systems, there --are now two extra settings here. They are both intended for --use with normal rulesets that you would expect to find in --%rules−dir%. The first gives a list of patterns to --match against the attachment filetypes, and a filetype is --allowed if it matches any of these patterns. The second --gives the the equivalent list for patterns that are used to --deny filetypes. If either of these match at all, then --filetype.rules.conf is ignored for that filetype. So you can --easily have a set like this:

-- --

Allow Filetypes = .txt$ .pdf$
--Deny Filetypes = .com$ .exe$ .cpl$ .pif$

-- --

which is a lot simpler than having to handle --filetype.rules.conf! It is far simpler when you want to --change the allowed+denied list for different --domains/addresses, as you can use the filetype of a simple --ruleset here instead.

--
-- -- -- -- -- --
--

Deny Filetypes

-- -- -- -- -- --
--

Default:

-- --

Deny any attachment filetypes matching any of the patters --listed here. If this setting is empty, it is ignored and no --matches are made. This can also be the filetype of a --ruleset.

--
-- -- -- -- -- --
--

Filetype Rules

-- -- -- -- -- --
--

Default: %etc−dir%/filetype.rules.conf

-- --

Set where to find the attachment filetype ruleset. The --structure of this file is explained elsewhere, but it is --used to accept or reject file attachments based on their --content as determined by the "file" command, --regardless of whether they are infected or not. This can --also point to a ruleset, but the ruleset filename must end --in ".rules" so that MailScanner can determine if --the filename given a ruleset or not!

--
-- --

Reports and responses

-- -- -- -- -- --
--

Quarantine Infections

-- -- -- -- -- --
--

Default: yes

-- --

Set this to store infected / dangerous attachments in --directories created under the quarantine directory. Without --this, they will be deleted. Due to laws on privacy and data --protection in your country, you may be forced to set this to --"no".

--
-- -- -- -- -- --
--

Quarantine Silent Viruses

-- -- -- -- -- --
--

Default: yes

-- --

There is no point quarantining most viruses these days, --so if you set this to "no" then no infections --listed in your "Silent Viruses" setting will be --quarantined, even if you have chosen to quarantine --infections in general. This is currently set to --"yes" so the behaviour is the same as it was in in --previous versions. This can also be the filename of a --ruleset.

--
-- -- -- -- -- --
--

Quarantine Modified Body

-- -- -- -- -- --
--

Default: no

-- --

Do you want to store copies of messages which have been --disarmed by having their HTML modified at all? This can also --be the filename of a ruleset.

--
-- -- -- -- -- --
--

Quarantine Whole Message

-- -- -- -- -- --
--

Default: no

-- --

When an infected message is stored in the quarantine, a --copy of the entire message will be saved, in addition to --copies of the infected attachments.

--
-- -- -- -- -- --
--

Quarantine Whole Messages As Queue Files

-- -- -- -- -- --
--

Default: no

-- --

When an entire message is saved in the quarantine for any --reason, do you want to save it as the raw data files out of --the mail queue (which can be processed with the df2mbox --script, and which is easier to send to its original --recipients), or do you want a conventional message file --consisting of the header followed by the body of the --message. If the previous option is switched off, then this --will only affect archived mail and quarantined spam. If the --previous option is on, then this also affects quarantined --infections.

--
-- -- -- -- -- --
--

Keep Spam And MCP Archive Clean

-- -- -- -- -- --
--

Default: no

-- --

Do you want to stop any virus−infected spam getting --into the spam or MCP archives? If you have a system where --users can release messages from the spam or MCP archives, --then you probably want to stop them being able to release --any infected messages, so set this to yes. It is set to no --by default as it causes a small hit in performance, and many --people don’t allow users to access the spam --quarantine, so don’t need it. This can also be the --filename of a ruleset.

--
-- -- -- -- -- --
--

Language Strings

-- -- -- -- -- --
--

Default: %reports−dir%/languages.conf

-- --

Set where to find all the strings used so they can be --translated into your local language. This can also be the --filename of a ruleset so you can produce different languages --for different messages.

--
-- -- -- -- -- --
--

Rejection Report

-- -- -- -- -- --
--

Default: %reports−dir%/rejection.report.txt

-- --

Set where to find the message text sent to users who --triggered the ruleset you are using with the "Reject --Message" option.

--
-- -- -- -- -- --
--

Deleted Bad Filename Message Report

-- -- -- -- -- --
--

Default: --%reports−dir%/deleted.filename.message.txt

-- --

When an attachment is deleted from a message because the --filename failed the filename rules in force for the message, --it is replaced by the contents of this file. A few variable --substitutions can be made in this file, an example of each --of which is contained in the supplied sample file.

--
-- -- -- -- -- --
--

Deleted Virus Message Report

-- -- -- -- -- --
--

Default: --%reports−dir%/deleted.virus.message.txt

-- --

When an attachment is deleted from a message because the --attachment contained a virus or other dangerous content, it --is replaced by the contents of this file. A few variable --substitutions can be made in this file, an example of each --of which is contained in the supplied sample file.

--
-- -- -- -- -- --
--

Stored Bad Filename Message Report

-- -- -- -- -- --
--

Default: --%reports−dir%/stored.filename.message.txt

-- --

When an attachment is deleted and stored from a message --(and the attachment has been stored in the quarantine) --because the filename failed the filename rules in force for --the message, it is replaced by the contents of this file. A --few variable substitutions can be made in this file, an --example of each of which is contained in the supplied sample --file.

--
-- -- -- -- -- --
--

Deleted Bad Content Message Report

-- -- -- -- -- --
--

Default: --/%reports−dir%/deleted.content.message.txt

-- --

This report is sent when a message is deleted because it --contained bad or dangerous content. A few variable --substitutions can be made in this file, an example of each --of which is contained in the supplied sample file.

--
-- -- -- -- -- --
--

Stored Bad Content Message Report

-- -- -- -- -- --
--

Default: --%reports−dir%/stored.content.message.txt

-- --

This report is sent when a message is stored because it --contained bad or dangerous content. A few variable --substitutions can be made in this file, an example of each --of which is contained in the supplied sample file.

--
-- -- -- -- -- --
--

Disinfected Report

-- -- -- -- -- --
--

Default: %reports−dir%/disinfected.report.txt

-- --

When, for example, a Microsoft Word macro virus has been --safely removed from a document, leaving the original --document intact, it is delivered on to the original --recipient. The contents of this text file will be put in the --body of the new message, explaining to the user what has --happened.

--
-- -- -- -- -- --
--

Inline HTML Signature

-- -- -- -- -- --
--

Default: %reports−dir%/inline.sig.html

-- --

If the "Sign Clean Messages" option is set, --then the contents of this file will be appended to the end --of the body of every message that is scanned by MailScanner. --You can use this to inform your users that MailScanner has --scanned it, and you can also add any disclaimers you feel --should be on mail travelling through your servers. This --option corresponds to the contents that is appended to HTML --messages.

--
-- -- -- -- -- --
--

Inline Text Signature

-- -- -- -- -- --
--

Default: %reports−dir%/inline.sig.txt

-- --

If the "Sign Clean Messages" option is set, --then the contents of this file will be appended to the end --of the body of every message that is scanned by MailScanner. --You can use this to inform your users that MailScanner has --scanned it, and you can also add any disclaimers you feel --should be on mail travelling through your servers. This --option corresponds to the contents that is appended to text --messages.

--
-- -- -- -- -- --
--

Sender Error Report

-- -- -- -- -- --
--

Default: %reports−dir%/sender.error.report.txt

-- --

When a message could not be processed completely for some --reason, such as bad message structure or unreadable --winmail.dat TNEF attachments, this message is sent back to --the sender. Read the example file supplied for a --demonstration of what variables can be used inside the --file.

--
-- -- -- -- -- --
--

Sender Bad Filename Report

-- -- -- -- -- --
--

Default: --%reports−dir%/sender.filename.report.txt

-- --

When an attachment is trapped by the filename rules, this --message is sent back to the sender.

--
-- -- -- -- -- --
--

Sender Virus Report

-- -- -- -- -- --
--

Default: %reports−dir%/sender.virus.report.txt

-- --

When an attachment is removed because of a virus, this --message is sent back to the sender.

--
-- -- -- -- -- --
--

Hide Incoming Work Dir

-- -- -- -- -- --
--

Default: yes

-- --

When this option is set, the full directory in which the --virus was found will be removed from report messages sent to --users. This makes the infection reports a lot easier to --understand.

--
-- -- -- -- -- --
--

Include Scanner Name in Reports

-- -- -- -- -- --
--

Default: yes

-- --

Include the name of the virus scanner in each of the --scanner reports. This also includes the translation of --"MailScanner" in each of the report lines --resulting from one of MailScanner’s own checks such as --filename, filetype or dangerous HTML content. To change the --name "MailScanner", look in --reports/...../languages.conf.
--Very useful if you use several virus scanners, but a bad --idea if you don’t want to let your customers know --which scanners you use.

--
-- --

Changes to message headers

-- -- -- -- -- --
--

Mail Header

-- -- -- -- -- --
--

Default: X−MailScanner:

-- --

Extra header that should be added to all scanned messages --to show they have been scanned. You might want to add an --abbreviation of your site name to this, so that you can find --headers that are added by your MailScanner server.

--
-- -- -- -- -- --
--

Spam Header

-- -- -- -- -- --
--

Default: X−MailScanner−SpamCheck:

-- --

Name of the header to add to mail detected as spam. The --text of the header is a list of the causes that think the --message is spam.

--
-- -- -- -- -- --
--

Spam Score Header

-- -- -- -- -- --
--

Default: X−MailScanner−SpamScore:

-- --

If the option "Spam Score" is set, this is the --name of the header that is used to contain the list of --characters.

--
-- -- -- -- -- --
--

Information Header

-- -- -- -- -- --
--

Default: X−MailScanner−Information:

-- --

Name of the header to add to all messages, to be used for --simply providing a URL or contact information for anyone --receiving mail that has gone through MailScanner. If you do --not want this header, simply set it blank.

--
-- -- -- -- -- --
--

Add Envelope From Header

-- -- -- -- -- --
--

Default: yes

-- --

Do you want to add the Envelope−From: header? This --is very useful for tracking where spam came from as it --contains the envelope sender address. This can also be the --filename of a ruleset.

--
-- -- -- -- -- --
--

Add Envelope To Header

-- -- -- -- -- --
--

Default: no

-- --

Do you want to add the Envelope−To: header? This --can be useful for tracking span destinations, but should be --used with care due to possible privacy concerns with the use --of Bcc: headers by users. This can also be the filename of a --ruleset.

--
-- -- -- -- -- --
--

Evelope From Header

-- -- -- -- -- --
--

Default: --X−%org−name%−MailScanner−From:

-- --

This is the name of the Envelope From header controlled --by the option above. This can also be the filename of a --ruleset.

--
-- -- -- -- -- --
--

Evelope To Header

-- -- -- -- -- --
--

Default: --X−%org−name%−MailScanner−To:

-- --

This is the name of the Envelope To header controlled by --the option above. This can also be the filename of a --ruleset.

--
-- -- -- -- -- --
--

Detailed Spam Report

-- -- -- -- -- --
--

Default: yes

-- --

If this is set to yes then you get the normal fully --detailed spam report in spam messages. If this is set to no --then you simply get a "spam" or "not --spam" report. The exact text inserted can be configured --in the languages.conf file for your language.

--
-- -- -- -- -- --
--

Include Scores In SpamAssassin Report

-- -- -- -- -- --
--

Default: yes

-- --

Do you want to include the numerical scores in the --detailed SpamAssassin report, or just list the names of the --scores?

--
-- -- -- -- -- --
--

Spam Score Character

-- -- -- -- -- --
--

Default: s

-- --

If the option "Spam Score" is set, this is the --character that will be repeated in the "Spam Score --Header", one letter for each point in the SpamAssassin --score.

--
-- -- -- -- -- --
--

SpamScore Number Instead Of Stars

-- -- -- -- -- --
--

Default: no

-- --

If this option is set to yes, you will get a --spam−score header saying just the value of the spam --score, instead of the row of characters representing the --score. This can also be the filename of a ruleset.

--
-- -- -- -- -- --
--

Minimum Stars If on Spam List

-- -- -- -- -- --
--

Default: 0

-- --

This sets the minimum number of "Spam Score --Characters" which will appear if a message triggered --the "Spam List" setting but received a very low --SpamAssassin score. This means that people who only filter --on the "Spam Stars" will still be able to catch --messages which receive a very low SpamAssassin score. Set --this value to 0 to disable it. This can also be the filename --of a ruleset.

--
-- -- -- -- -- --
--

Clean header Value

-- -- -- -- -- --
--

Default: Found to be clean

-- --

This is the text that is added to the "Mail --Header" when a message is found to be clean and free of --viruses and other dangerous content.

--
-- -- -- -- -- --
--

Infected Header Value

-- -- -- -- -- --
--

Default: Found to be infected

-- --

This is the text that is added to the "Mail --Header" when a message is found to be infected with a --virus or other dangerous content.

--
-- -- -- -- -- --
--

Disinfected Header Value

-- -- -- -- -- --
--

Default: Disinfected

-- --

This is the text that is added to the "Mail --Header" of a message that is created by MailScanner to --contain disinfected documents containing macro viruses that --could be completely removed, leaving the original document --intact.

--
-- -- -- -- -- --
--

Information Header Value

-- -- -- -- -- --
--

Default: Please contact the ISP for more information

-- --

This is the text that is added to the "Information --Header" of a message that has passed through --MailScanner at all. It could be used to provide a URL or --contact address for recipients if they have any queries --about the messages they have received. If the setting --"Information Header" is blank, this message will --not be added to the Mail Header.

--
-- -- -- -- -- --
--

Multiple Headers

-- -- -- -- -- --
--

Default: append

-- --

When a message passes through more than one MailScanner --server on your site, they will each try to add their own --headers. This option controls what should happen when trying --to add a MailScanner header that already exists in the --message. Valid options are append (append the new data to --the existing header), add (add a new header) and replace --(replace the old data with the new data).

--
-- -- -- -- -- --
--

Hostname

-- -- -- -- -- --
--

Default: the MailScanner

-- --

This is the name of the MailScanner server that is put in --messages to users. If you have more than one MailScanner --server on your site, you will want to change this on each --server so that you can tell them apart.

--
-- -- -- -- -- --
--

Sign Messages Already Processed

-- -- -- -- -- --
--

Default: no

-- --

If a message has already been processed by another --MailScanner server on your site, then the "Inline --HTML/Text Signature" is not added to the message again --if this option is set. Without it, you will get one --signature added for every MailScanner server that processes --the message.

--
-- -- -- -- -- --
--

Sign Clean Messages

-- -- -- -- -- --
--

Default: no

-- --

If this option is set, then the "Inline HTML/Text --Signature" will be added to the end of every clean --message processed by MailScanner. You can use this to inform --the recipient that the message has been checked, and also to --add any legal disclaimer or copyright statement you want to --add to every message. Using a ruleset for this option, you --could very simply set it so that only messages leaving your --site are signed, for example.

--
-- -- -- -- -- --
--

Mark Infected Messages

-- -- -- -- -- --
--

Default: yes

-- --

If this option is set, then the "Inline HTML/Text --Warning" is added to the start of every message that is --found to be infected or has had attachments removed for any --reason. This can be used to guide the recipients to read the --infection reports contained in the replacement --attachments.

--
-- -- -- -- -- --
--

Mark Unscanned Messages

-- -- -- -- -- --
--

Default: yes

-- --

If this option is set, then any message which is not --scanned by MailScanner gets the "Mail Header" --added to it with the string contained in the "Unscanned --Header Value" option. This can be used to advertise --your MailScanner service to customers/clients who are --currently not using it.

--
-- -- -- -- -- --
--

Unscanned Header Value

-- -- -- -- -- --
--

Default: Not scanned: please contact your Internet --E−Mail Service Provider for details

-- --

This supplies the text that is placed in the "Mail --Header" of messages that have not been scanned, if the --option "Mark Unscanned Messages" is set. It is a --useful place to advertise your MailScanner service to new --customers/clients.

--
-- -- -- -- -- --
--

Remove These Headers

-- -- -- -- -- --
--

Default:

-- --

If any of these headers are included in a a message, they --will be deleted. This is very useful for removing --return−receipt requests and any headers which mean --special things to your email client application, such as # --X−Mozilla−Status. Each header should end in a --":", but MailScanner will add it if you forget. --Headers should be separated by commas or spaces. This can --also be the filename of a ruleset.

--
-- -- -- -- -- --
--

Deliver Cleaned Messages

-- -- -- -- -- --
--

Default: yes

-- --

Once a message has had all viruses and dangerous content --removed from it, it will then be delivered to the original --recipients if this option is set. If you want the behaviour --from previous versions of MailScanner that had the --"Deliver From Local Domains" keyword, then you --should set this to be a ruleset that only returns --"yes" for messages destined for inside your site, --and "no" for messages going out of your site.

--
-- --

Notifications back to the senders of blocked messages

-- -- -- -- -- --
--

Notifiy Senders

-- -- -- -- -- --
--

Default: yes

-- --

Do you want to notify the people who sent you messages --containing viruses or badly−named filenames? The --default value has been changed to "no" as most --viruses now fake sender addresses and therefore should be on --the "Silent Viruses" list. This can also be the --filename of a ruleset.

--
-- -- -- -- -- --
--

Notify Senders Of Blocked Filenames Or --Filetypes

-- -- -- -- -- --
--

Default: yes

-- --

*If* "Notify Senders" is set to yes, do you --want to notify people who sent you messages containing --attachments that are blocked due to their filename or file --contents? This can also be the filename of a ruleset.

--
-- -- -- -- -- --
--

Notify Senders Of Other Blocked Content

-- -- -- -- -- --
--

Default: yes

-- --

*If* "Notify Senders" is set to yes, do you --want to notify people who sent you messages containing other --blocked content, such as partial messages or messages with --external bodies? This can also be the filename of a --ruleset.

--
-- -- -- -- -- --
--

Notify Senders Of Viruses

-- -- -- -- -- --
--

Default: no

-- --

*If* "Notify Senders" is set to yes, do you --want to notify people who sent you messages containing --viruses? This can also be the filename of a ruleset.

--
-- -- -- -- -- --
--

Never Notify Senders Of Precedence

-- -- -- -- -- --
--

Default: list bulk

-- --

If you supply a space−separated list of message --"precedence" settings, then senders of those --messages will not be warned about anything you rejected. --This is particularly suitable for mailing lists, so that any --MailScanner responses do not get sent to the entire --list.

--
-- --

Changes to subject line

-- -- -- -- -- --
--

Scanned Modify Subject

-- -- -- -- -- --
--

Default: no # end

-- --

If this is set to "start" or "end" --then the "Scanned Subject Text" is inserted at the --start or the end of the Subject: line. This only happens if --the Subject: line has not already been modified for any --other reason.

--
-- -- -- -- -- --
--

Scanned Subject Text

-- -- -- -- -- --
--

Default: {Scanned}

-- --

This is the text inserted at the start or the end of the --Subject: line if the "Scanned Modify Subject" --option above is in effect.

--
-- -- -- -- -- --
--

Virus Modify Subject

-- -- -- -- -- --
--

Default: yes

-- --

If this is set, then the "Subject:" line of a --message that was infected with a virus will have the --"Virus Subject Text" text inserted at the --start.

--
-- -- -- -- -- --
--

Virus Subject Text

-- -- -- -- -- --
--

Default: {Virus?}

-- --

This is the text inserted at the start of the --"Subject:" line if the "Virus Modify --Subject" option is set.

--
-- -- -- -- -- --
--

Filename Modify Subject

-- -- -- -- -- --
--

Default: yes

-- --

If this is set, then the "Subject:" line of a --message that had an attachment with a dangerous filename --will have the "Filename Subject Text" text --inserted at the start.

--
-- -- -- -- -- --
--

Filename Subject Text

-- -- -- -- -- --
--

Default: {Virus?}

-- --

This is the text inserted at the start of the --"Subject:" line if the "Filename Modify --Subject" option is set.

--
-- -- -- -- -- --
--

Content Modify Subject

-- -- -- -- -- --
--

Default: yes

-- --

If this is set, then the "Subject:" line of a --message that triggered a content check without anything else --wrong in the message will have the "Content Subject --Text" text inserted at the start.

--
-- -- -- -- -- --
--

Content Subject Text

-- -- -- -- -- --
--

Default: {Filename?}

-- --

This is the text inserted at the start of the --"Subject:" line if the "Content Modify --Subject" option is set.

--
-- -- -- -- -- --
--

Disarmed Modify Subject

-- -- -- -- -- --
--

Default: yes

-- --

If HTML tags in the message were "disarmed" by --using the HTML "Allow" options above with the --"disarm" settings, do you want to modify the --subject line? This can also be the filename of a --ruleset.

--
-- -- -- -- -- --
--

Disarmed Subject Text

-- -- -- -- -- --
--

Default: {Disarmed}

-- --

This is the text to add to the start of the subject if --the "Disarmed Modify Subject" option is set. This --can also be the filename of a ruleset.

--
-- -- -- -- -- --
--

Spam Modify Subject

-- -- -- -- -- --
--

Default: yes

-- --

If this is set, then the "Subject:" line of a --message that was determined to be spam will have the --"Spam Subject Text" text inserted at the --start.

--
-- -- -- -- -- --
--

Spam Subject Text

-- -- -- -- -- --
--

Default: {Spam?}

-- --

This is the text to add to the start of the subject if --the "Spam Modify Subject" option is set. The exact --string "_SCORE_" will be replaced by the numeric --SpamAssassin score. This can also be the filename of a --ruleset.

--
-- -- -- -- -- --
--

High Scroing Spam Modify Subject

-- -- -- -- -- --
--

Default: yes

-- --

If this is set, then the "Subject:" line of a --message that was determined to be spam, and had a --SpamAssassin score greater than the "High SpamAssassin --Score" will have the "High Scoring Spam Subject --Text" text inserted at the start.

--
-- -- -- -- -- --
--

High Scoring Spam Subject Text

-- -- -- -- -- --
--

Default: {Spam?}

-- --

This is just like the "Spam Subject Text" --option above, except that it applies then the score from --SpamAssassin is higher than the "High SpamAssassin --Score" value. The exact string "_SCORE_" will --be replaced by the numeric SpamAssassin score. This can also --be the filename of a ruleset.

--
-- --

Changes to the message body

-- -- -- -- -- --
--

Warning Is Attachment

-- -- -- -- -- --
--

Default: yes

-- --

When an infected or dangerous attachment is replaced with --a text message containing the infection report, should the --replacement be an attachment (yes) or should it be included --inline in the main text of the message (no).

--
-- -- -- -- -- --
--

Attachment Warning Filename

-- -- -- -- -- --
--

Default: --%org−name%−Attachment−Warning.txt

-- --

What an infected or dangerous attachment is replaced with --a text message containing the infection report, this is the --filename of the attachment that appears in the message.

--
-- -- -- -- -- --
--

Attachment Encoding Charset

-- -- -- -- -- --
--

Default: ISO−8859−1

-- --

This is the name of the encoding character set used for --the contents of "VirusWarning.txt" --attachments.

--
-- --

Mail archiving and monitoring

-- -- -- -- -- --
--

Archive Mail

-- -- -- -- -- --
--

Default:

-- --

Space−separated list of any combination of

-- -- -- -- -- -- -- -- -- -- -- --
-- --

1. email addresses to which mail should be --forwarded,

--
-- --

2. directory names where you want mail to be stored,

--
-- --

3. file names to which mail will be appended.

--
-- -- -- -- -- --
--

The files (option 3) are using the "mbox" --format suitable for most Unix mail systems. These files must --already exist since MailScanner will not create them!

-- --

If you give this option a ruleset, you can control --exactly whose mail is archived or forwarded. If you do this, --beware of the legal implications as this could be deemed to --be illegal interception unless the police have asked you to --do this.

-- --

Any of the items above can contain the magic string --_DATE_ in them which will be replaced with the current date --in yyyymmdd format. This will make archive−rolling and --maintenance much easier, as you can guarantee that --yesterday’s mail archive will not be in active use --today.

--
-- --

Notices to system administrators

-- -- -- -- -- --
--

Send Notices

-- -- -- -- -- --
--

Default: yes

-- --

Should system administrators listed in the "Notices --To" option be notified of every infection found?

--
-- -- -- -- -- --
--

Notices Include Full Headers

-- -- -- -- -- --
--

Default: no

-- --

If this option is set, then the system administrator --notices will include the full headers of every infected --message. If this option is set to "no" then only a --restricted set of headers is included in the notices.

--
-- -- -- -- -- --
--

Hide Incoming Work Dir in Notices

-- -- -- -- -- --
--

Default: no

-- --

When this option is set, the full directory in which the --virus was found will be removed from report messages sent to --administrators. This makes the infection reports a lot --easier to understand. It is also very useful if your notices --go to your customer sites.

--
-- -- -- -- -- --
--

Notice Signature

-- -- -- -- -- --
--

Default: −− \nMailScanner\nEmail Virus --Scanner\nwww.mailscanner.info

-- --

This string is added to the bottom of all system --administrator notices, and is intended to be the signature --of your MailScanner system. To insert --"line−breaks" or "newline" --characters, use the sequence 0

--
-- -- -- -- -- --
--

Notices From

-- -- -- -- -- --
--

Default: MailScanner

-- --

The visible part of the email address used in the --"From:" line of the notices. The --<user@domain> part of the email address is set to the --"Local Postmaster" setting.

--
-- -- -- -- -- --
--

Notices To

-- -- -- -- -- --
--

Default: postmaster

-- --

This option provides a list of the addresses to which --virus notices should be sent. You may want to set this to be --a ruleset, providing different notification addresses for --different domains that you administer.

--
-- -- -- -- -- --
--

Local Postmaster

-- -- -- -- -- --
--

Default: postmaster

-- --

When virus warnings are sent to any users, this is the --email address used as the "From:" header in the --messages.

--
-- --

Definitions of virus scanners and spam detectors

-- -- -- -- -- --
--

Spam List Definitions

-- -- -- -- -- --
--

Default: %etc−dir%/spam.lists.conf

-- --

This file contains all the definitions of the "Spam --Lists" (also known as RBL’s or DNSBL’s) --which can be used to try to detect spam based on where each --message came from. Many more spam lists can be added to this --file, but it contains the most popular ones to get you --started.

--
-- -- -- -- -- --
--

Virus Scanner Definitions

-- -- -- -- -- --
--

Default: %etc−dir%/virus.scanners.conf

-- --

This file contains the locations of all the commands that --are run for each virus scanner. Check this file before --starting MailScanner to make sure it will run the correct --command or wrapper script.

--
-- --

Spam detection and spam lists (DNS blocklists)

-- -- -- -- -- --
--

Spam Checks

-- -- -- -- -- --
--

Default: yes

-- --

If this option is set, messages will be checked to see if --they are spam.

--
-- -- -- -- -- --
--

Spam List

-- -- -- -- -- --
--

Default: ORDB−RBL Infinite−Monkeys

-- --

This provides a space−separated list of "Spam --Lists" (or RBL’s or DNSBL’s) which are --checked for each message. These lists are based on the --numeric IP address of the server that sent the message to --your MailScanner server. Every list used here must be --defined in the "Spam List Definitions" file --mentioned above.

--
-- -- -- -- -- --
--

Spam Domain List

-- -- -- -- -- --
--

Default:

-- --

This provides a space−separated list of "Spam --Lists" (or RBL’s or DNSBL’s) which are --checked for each message. These lists are based on the --domain name of the sender address of each message. Every --list used here must be defined in the "Spam List --Definitions" file mentioned above.

--
-- -- -- -- -- --
--

Spam Lists To Be Spam

-- -- -- -- -- --
--

Default: 1

-- --

If a message appears in at least this number of --"Spam Lists" (as defined above), then the message --will be treated as spam and so the "Spam Actions" --will happen, unless the message reaches the levels for --"High Scoring Spam". By default this is set to 1 --to mimic the previous behaviour, which means that appearing --in any "Spam Lists" will cause the message to be --treated as spam. This can also be the filename of a --ruleset.

--
-- -- -- -- -- --
--

Spam Lists To Reach High Score

-- -- -- -- -- --
--

Default: 5

-- --

If a message appears in at least this number of --"Spam Lists" (as defined above), then the message --will be treated as "High Scoring Spam" and so the --"High Scoring Spam Actions" will happen. You --probably want to set this to 2 if you are actually using --this feature. 5 is high enough that it will never happen --unless you use lots of "Spam Lists". This can also --be the filename of a ruleset.

--
-- -- -- -- -- --
--

Spam List Timeout

-- -- -- -- -- --
--

Default: 10

-- --

This is the number of seconds to wait for each "Spam --List" lookup to complete. If the lookup takes longer --than this, it is killed and ignored.

--
-- -- -- -- -- --
--

Max Spam List Timeouts

-- -- -- -- -- --
--

Default: 7

-- --

If a "Spam List" lookup times out for this many --consecutive checks without ever succeeding, then the --particular "Spam List" entry will not be used any --more, as it appears to be unreachable. When MailScanner --restarts itself after a few hours, MailScanner will try to --use the entry again, in case service has resumed --properly.

--
-- -- -- -- -- --
--

Spam List Timeouts History

-- -- -- -- -- --
--

Default: 10

-- --

The total number of Spam List attempts during which --"Max Spam List Timeouts" will cause the spam list --fo be marked as "unavailable". See the previous --comment for more information. The default values of 5 and 10 --mean that 5 timeouts in any sequence of 10 attempts will --cause the list to be marked as "unavailable" until --the next periodic restart (see "Restart --Every").

--
-- -- -- -- -- --
--

Is Definitely Not Spam

-- -- -- -- -- --
--

Default: %rules−dir%/spam.whitelist.rules

-- --

This option would normally be a ruleset. Any messages for --which the ruleset result is "yes" will never be --marked as spam. This is used to create a spam --"whitelist" of addresses which are never spam. You --will probably want to include your own site (or your own --site’s IP addresses) in this ruleset.

--
-- -- -- -- -- --
--

Is Definitely Spam

-- -- -- -- -- --
--

Default: no

-- --

This option would normally be a ruleset. Any messages for --which the ruleset result is "yes" will always be --marked as spam. This is used to create a spam --"blacklist" of addresses of known spammers.

--
-- -- -- -- -- --
--

Definite Spam Is High Scoring

-- -- -- -- -- --
--

Default: no

-- --

Setting this to yes means that spam found in the --blacklist is treated as "High Scoring Spam" in the --"Spam Actions" section below. Setting it to no --means that it will be treated as "normal" spam. --This can also be the filename of a ruleset.

--
-- -- -- -- -- --
--

Ignore Spam Whitelist If Recipients --Exceed

-- -- -- -- -- --
--

Default: 20

-- --

Spammers have learnt that they can get their message --through by sending a message with lots of recipients, one of --which chooses to whitelist everything coming to them, --including the spammer. So if a message arrives with more --than this number of recipients, ignore the "Is --Definitely Not Spam" whitelist.

--
-- --

SpamAssassin

-- -- -- -- -- --
--

Use SpamAssassin

-- -- -- -- -- --
--

Default: no

-- --

Do you want to detect spam using the very good --SpamAssassin package? You must have installed SpamAssassin --before using this option, otherwise MailScanner will not --start properly.
--NOTE for FreeBSD port user: The SpamAssassin port is not --automatically installed with the MailScanner port. You can --find it at --/usr/ports/mail/p5−Mail−SpamAssassin.

--
-- -- -- -- -- --
--

Max SpamAssassin Size

-- -- -- -- -- --
--

Default: 90000

-- --

SpamAssassin is quite slow when processing very large --messages. To work round this problem, this option provides a --maximum size for messages that are processed with --SpamAssassin. Most real spam is usually less than about --50,000 bytes per message.

--
-- -- -- -- -- --
--

Required Spam Assassin Score

-- -- -- -- -- --
--

Default: 6

-- --

This gives the minimum SpamAssassin score value above --which messages are spam. This replaces SpamAssassin’s --own "required_hits" value, so that it can be a --ruleset and set to different values for different --users/domains.

--
-- -- -- -- -- --
--

High SpamAssassin Score

-- -- -- -- -- --
--

Default: 20

-- --

Messages with a SpamAssassin score greater than this --value are labelled as being "High Scoring Spam", --and a different set of "Spam Actions" are applied --to messages scoring at least this value.

--
-- -- -- -- -- --
--

SpamAssassin Auto Whitelist

-- -- -- -- -- --
--

Default: no

-- --

SpamAssassin has a feature which measures the ratio of --spam to non−spam originating from different addresses, --and will automatically add addresses to its own internal --"whitelist" if most of the messages from an --address is not spam. This option enables this feature of --SpamAssassin. Please read their documentation for more --information.

--
-- -- -- -- -- --
--

SpamAssassin Prefs File

-- -- -- -- -- --
--

Default: %etc−dir%/spam.assassin.prefs.conf

-- --

SpamAssassin uses a "user preferences" file --which can be used to set the values of various SpamAssassin --options. This is the name of that file. Its most useful --feature is that the RBL/DNSBL/"Spam List" checks --done by SpamAssassin can be disabled as MailScanner already --does them and there is little to be gained by doing these --checks twice for every message.

--
-- -- -- -- -- --
--

SpamAssassin Timeout

-- -- -- -- -- --
--

Default: 30

-- --

This option sets the maximum number of seconds to wait --for SpamAssassin to process a message. This is a useful --protection against occasional bugs in SpamAssassin that can --cause it to take hours to process a single message.

--
-- -- -- -- -- --
--

Max SpamAssasin Timeouts

-- -- -- -- -- --
--

Default: 20

-- --

If several consecutive calls to SpamAssassin time out, --then MailScanner decides that there is something stopping --SpamAssassin from working properly. It will therefore be --disabled for the next few hours until MailScanner restarts --itself, at which point it will be tried again.

--
-- -- -- -- -- --
--

SpamAssassin Timeouts History

-- -- -- -- -- --
--

Default: 30

-- --

The total number of SpamAssassin attempts during which --"Max SpamAssassin Timeouts" will cause --SpamAssassin to be marked as "unavailable". See --the previous comment for more information. The default --values of 10 and 20 mean that 10 timeouts in any sequence of --20 attempts will trigger the behaviour described above, --until the next periodic restart (see "Restart --Every").

--
-- -- -- -- -- --
--

Check SpamAssassin If On Spam List

-- -- -- -- -- --
--

Default: yes

-- --

If a message has already triggered any of the "Spam --List" checks, the SpamAssassin check will be skipped if --this option is set to "no". This can help reduce --the load on your server if SpamAssassin checks take a long --time for some reason.

--
-- -- -- -- -- --
--

Always Include SpamAssasin Report

-- -- -- -- -- --
--

Default: no

-- --

If this option is set, then the "Spam Header" --will be included in the header of every message, so its --presence cannot be used to filter out spam by your --users’ e−mail applications.

--
-- -- -- -- -- --
--

Spam Score

-- -- -- -- -- --
--

Default: yes

-- --

If a message is spam, and this option is set, then a --header will be added to the message containing 1 character --for each point in the SpamAssassin score. This allows users --to choose for themselves the SpamAssassin scores at which --they want to do different things with the message, such as --file it or delete it.

--
-- -- -- -- -- --
--

Cache SpamAssassin Results

-- -- -- -- -- --
--

Default: yes

-- --

Many naive spammers send out the same message to lots of --people. These messages are very likely to have roughly the --same SpamAssassin score. For extra speed, cache the --SpamAssassin results for the messages being processed so --that you only call SpamAssassin once for all of the --messages. This can also be the filename of a ruleset.

--
-- -- -- -- -- --
--

SpamAssassin Cache Database File

-- -- -- -- -- --
--

Default: --/var/spool/MailScanner/incoming/SpamAsssassin.cache.db

-- --

The SpamAssassin cache uses a database file which needs --to be writable by the MailScanner "Run As User". --This file will be created and setup for you automatically --when MailScanner is started.

--
-- -- -- -- -- --
--

Rebuild Bayes Every

-- -- -- -- -- --
--

Default: 0

-- --

If you are using the Bayesian statistics engine on a busy --server, you may well need to force a Bayesian database --rebuild and expiry at regular intervals. This is measures in --seconds. 24 hours = 86400 seconds. To disable this feature --set this to 0.

--
-- -- -- -- -- --
--

Wait During Bayes Rebuild

-- -- -- -- -- --
--

Default: no

-- --

The Bayesian database rebuild and expiry may take a 2 or --3 minutes to complete. During this time you can either wait, --or simply disable SpamAssassin checks until it has --completed.

--
-- --

Custom Spam Scanner Plugin

-- -- -- -- -- --
--

Use Custom Spam Scanner

-- -- -- -- -- --
--

Default: no

-- --

Use the Custom Spam Scanner. This is code you will have --to write yourself, a function called --"GenericSpamScanner" stored in the file --"MailScanner/lib/MailScanner/CustomFunctions/GenericSpamScanner.pm". --A sample function is given in the correct file in the --distribution. This sample function also includes code to --show you how to make it run an external program to produce a --spam score. This can also be the filename of a ruleset. The --function will be passed

--
-- -- -- -- -- -- -- -- -- -- -- -- -- -- --
-- --

--
-- --

$IP

--
--
-- -- --

− the numeric IP address of the system on the --remote end of the SMTP connections

--
-- -- -- -- -- -- -- -- -- -- --
-- --

--
-- --

$From

--
-- --

− the address of the envelope sender of the --message

--
--
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
-- --

--
-- --

$To

--
--
-- -- --

− a perl reference to the envelope recipients of --the message

--
--
-- -- -- -- -- -- -- -- --
-- --

--
-- --

$Message

--
--
-- -- -- -- -- --
--

− a perl reference to the list of line of the --message

-- -- -- -- -- --
--

Max Custom Spam Scanner Size

-- -- -- -- -- --
--

Default: 20000

-- --

How much of the message should be passed tot he Custom --Spam Scanner. Most spam tools only need the first 20kbytes --of the message to determine if it is spam or not. Passing --more than is necessary only slows things down. This can also --be the filename of a ruleset.

--
-- -- -- -- -- --
--

Custom Spam Scanner Timeout

-- -- -- -- -- --
--

Default: 20

-- --

How long should the custom spam scanner take to run? If --it takes more seconds than this, then it should be --considered to have crashed and should be killed. This stops --denial−of−service attacks.

--
-- -- -- -- -- --
--

Max Custom Spam Scanner Timeouts

-- -- -- -- -- --
--

Default: 10

-- --

If the Custom Spam Scanner times out more times in a row --than this, then it will be marked as "unavailable" --until MailScanner next re−starts itself.

--
-- -- -- -- -- --
--

Custom Spam Scanner Timeout History

-- -- -- -- -- --
--

Default: 20

-- --

The total number of Custom Spam Scanner attempts during --which "Max Custom Spam Scanner Timeouts" will --cause the Custom Spam Scanner to be marked as --"unavailable". See the previous comment for more --information. The default values of 10 and 20 mean that 10 --timeouts in any sequence of 20 attempts will trigger the --behaviour described above, until the next periodic restart --(see "Restart Every").

--
-- --

What to do with spam

-- -- -- -- -- --
--

Spam Actions

-- -- -- -- -- --
--

Default: deliver

-- --

This can be any combination of 1 or more of the following --keywords, and these actions are applied to any message which --is spam.

--
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
-- --

--
-- --

deliver − the message is delivered to the --recipient as normal

--
-- --

--
-- --

delete − the message is deleted

--
-- --

--
-- --

store − the message is stored in the --quarantine

--
-- --

--
-- --

forward − an email address is supplied, to which --the message is forwarded

--
-- --

--
-- --

notify − Send the recipients a short notification --that spam addressed to them was not delivered. They can then --take action to request retrieval of the orginal message if --they think it was not spam.

--
-- --

--
-- --

striphtml − convert all in−line HTML content --in the message to be stripped to plain text, which removes --all images and scripts and so can be used to protect your --users from offensive spam. Note that using this action on --its own does not imply that the message will be delivered, --you will need to specify "deliver" or --"forward" to actually deliver the message.

--
-- --

--
-- --

attachment − Convert the original message into an --attachment of the message. This means the user has to take --an extra step to open the spam, and stops "web --bugs" very effectively.

--
-- --

--
-- --

bounce − bounce the spam message. This option --should not be used and must be enabled with the "Enable --Spam Bounce" option first.

--
-- --

--
-- --

header "name: value" − Add the header --"name: value" to the message. name must not --contain any spaces.

--
-- -- -- -- -- --
--

High Scoring Spam Actions

-- -- -- -- -- --
--

Default: deliver

-- -- -- -- -- --
--

This is the same as the "Spam Actions" option --above, but it gives the actions to apply to any message --whose SpamAssassin score is above the "High --Scoring" threshold described above.

--
-- -- -- -- -- --
--

Non Spam Actions

-- -- -- -- -- --
--

Default: deliver

-- --

This is the same as the "Spam Actions" option --above, except that it applies to messages that are NOT spam. --The bounce option does not make much sense here so do not --use it.

--
-- -- -- -- -- --
--

Sender Spam Report

-- -- -- -- -- --
--

Default: %reports−dir%/sender.spam.report.txt

-- --

When the "bounce" spam action is applied to a --message that triggered both a "Spam List" check --and SpamAssassin, this file gives the text to put in that --message.

--
-- -- -- -- -- --
--

Sender Spam List Report

-- -- -- -- -- --
--

Default: --%reports−dir%/sender.spam.rbl.report.txt

-- --

When the "bounce" spam action is applied to a --message that triggered a "Spam List" check, this --file gives the text to put in that message.

--
-- -- -- -- -- --
--

Sender SpamAssassin Report

-- -- -- -- -- --
--

Default: --%reports−dir%/sender.spam.sa.report.txt

-- --

When the "bounce" spam action is applied to a --message that triggered SpamAssassin, this file gives the --text to put in that message.

--
-- -- -- -- -- --
--

Inline Spam Warning

-- -- -- -- -- --
--

Default: %reports−dir%/inline.spam.warning.txt

-- --

If you use the ’attachment’ Spam Action or --High Scoring Spam Action then this is the location of inline --spam report that is inserted at the top of the message.

--
-- -- -- -- -- --
--

Recipient Spam Report

-- -- -- -- -- --
--

Default: --%reports−dir%/recipient.spam.report.txt

-- --

If you use the ’notify’ Spam Action or High --Scoring Spam Action then this is the location of the --notification message that is sent to the original recipients --of the message.

--
-- -- -- -- -- --
--

Enable Spam Bounce

-- -- -- -- -- --
--

Default: %rules−dir%/bounce.rules

-- --

You can use this ruleset to enable the "bounce" --Spam Action. You must *only* enable this for mail from sites --with which you have agreed to bounce possible spam. Use it --on low−scoring spam only (<10) and only to your --regular customers for use in the rare case that a message is --mis−tagged as spam when it shouldn’t have been. --Beware that many sites will automatically delete the bounce --messages created by using this option unless you have agreed --this with them in advance.

--
-- --

System logging

-- -- -- -- -- --
--

Syslog Facility

-- -- -- -- -- --
--

Default: mail

-- --

This is the name of the "facility" used by --syslogd to log MailScanner’s messages. If this --doesn’t mean anything to you, then either leave it --alone or else read the "syslogd" man page.

--
-- -- -- -- -- --
--

Log Speed

-- -- -- -- -- --
--

Default: no

-- --

Do you want to log the processing speed for each section --of the code for a batch? This can be very useful for --diagnosing speed problems, particularly in spam --checking.

--
-- -- -- -- -- --
--

Log Spam

-- -- -- -- -- --
--

Default: no

-- --

If this option is set, then every spam message will be --logged to syslog. If you get a lot of spam, or your server --load is high, you will want to leave this option switched --off. But if you are having trouble with spam detection, --setting this to "yes" temporarily can provide --useful debugging output.

--
-- -- -- -- -- --
--

Log Non Spam

-- -- -- -- -- --
--

Default: no

-- --

Do you want all non−spam to be logged? Useful if --you want to see all the SpamAssassin reports of mail that --was marked as non−spam. Note: It will generate a lot --of log traffic.

--
-- -- -- -- -- --
--

Log Permitted Filenames

-- -- -- -- -- --
--

Default: no

-- --

If this option is set, then every attachment filename --that passes the "filename rules" checks will be --logged to syslog. Normally this is of no interest. But if --you are having trouble getting your filename rules correct, --setting, this can provide useful debugging output.

--
-- -- -- -- -- --
--

Log Permitted Filetypes

-- -- -- -- -- --
--

Default: no

-- --

Log all the filenames that are allowed by the Filetype --Rules, or just the filetypes that are denied? This can also --be the filename of a ruleset.

--
-- -- -- -- -- --
--

Log Silent Viruses

-- -- -- -- -- --
--

Default: no

-- --

Log all occurrences of "Silent Viruses" as --defined above? This can only be a simple yes/no value, not a --ruleset.

--
-- -- -- -- -- --
--

Log Dangerous HTML Tags

-- -- -- -- -- --
--

Default: no
--Log all occurrences of HTML tags found in messages, that can --be blocked. This will help you build up your whitelist of --message sources for which particular HTML tags should be --allowed, such as mail from newsletters and daily cartoon --strips. This can also be the filename of a ruleset.

--
-- --

Advanced SpamAssassin Settings

-- -- -- -- -- --
--

If you are using Postfix you may well need to use some of --the settings below, as the home directory for the --"postfix" user cannot be written to by the --"postfix" user. You may also need to use these if --you have installed SpamAssassin somewhere other than the --default location.

--
-- -- -- -- -- --
--

SpamAssassin User State Dir

-- -- -- -- -- --
--

Default:

-- --

The per−user files (bayes, auto−whitelist, --user_prefs) are looked for here and in ~/.spamassassin/. --Note the files are mutable. If this is unset then no extra --places are searched for. NOTE: SpamAssassin is always called --from MailScanner as the same user, and that is the "Run --As" user specified in MailScanner.conf. So you can only --have 1 set of "per−user" files, it’s --just that you might possibly need to modify this location. --You should not normally need to set this at all. If using --Postfix, you probably want to set this to --/var/spool/MailScanner/spamassassin and do

--
-- -- -- -- -- --
--

mkdir /var/spool/MailScanner/spamassassin
--chown postfix.postfix --/var/spool/MailScanner/spamassassin

-- -- -- -- -- --
--

SpamAssassin Install Prefix

-- -- -- -- -- --
--

Default:

-- --

This setting is useful if SpamAssassin is installed in an --unusual place, e.g. /opt/MailScanner. The install prefix is --used to find some fallback directories if neither of the --following two settings work. If this is set then it adds to --the list of places that are searched; otherwise it has no --effect.

--
-- -- -- -- -- --
--

SpamAssassin Local Rules Dir

-- -- -- -- -- --
--

Default:

-- --

This tells MailScanner where to look for the --site−local rules. If this is set it adds to the list --of places that are searched. MailScanner will always look at --the following places (even if this option is not set):

--
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
-- --

--
-- --

prefix/etc/spamassassin

--
--
-- --

--
-- --

prefix/etc/mail/spamassassin

--
--
-- --

--
-- --

/usr/local/etc/spamassassin

--
--
-- --

--
-- --

/etc/spamassassin

--
--
-- --

--
-- --

/etc/mail/spamassassin

--
--
-- --

--
-- --

maybe others as well

--
--
-- -- -- -- -- --
--

SpamAssassin Default Rules Dir

-- -- -- -- -- --
--

Default:

-- -- -- -- -- --
--

This tells MailScanner where to look for the default --rules. If this is set it adds to the list of places that are --searched. MailScanner will always look at the following --places (even if this option is not set):

-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
-- --

--
-- --

prefix/share/spamassassin

--
--
-- --

--
-- --

/usr/local/share/spamassassin

--
--
-- --

--
-- --

/usr/share/spamassassin

--
--
-- --

--
-- --

maybe others as well

--
--
-- --

Advanced Settings

-- -- -- -- -- --
--

Spam Score Number Format

-- -- -- -- -- --
--

Default: %d

-- --

When putting the value of the spam score of a message --into the headers, how do you want to format it. If you --don’t know how to use sprintf() or printf() in C, --please *do not modify* this value. This can also be the --filename of a ruleset. A few examples for you:

--
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
-- --

%d

--
-- --

==> 12

--
--
-- --

%5.2f

--
-- --

==> 12.34

--
--
-- --

%05.1f

--
-- --

==> 012.3

--
--
-- --

Debug

--
--
-- -- -- -- -- --
--

Default: no

-- -- -- -- -- --
--

Not for use by normal users. Setting this option to --"yes" will put MailScanner into debugging mode, in --which it creates slightly more output and will not become a --daemon.

--
-- -- -- -- -- --
--

Debug SpamAssassin

-- -- -- -- -- --
--

Default: no

-- --

Do you want to debug SpamAssassin from within --MailScanner?

--
-- -- -- -- -- --
--

Run In Foreground

-- -- -- -- -- --
--

Default: no

-- --

Set Run In Foreground to "yes" if you want --MailScanner to operate normally in foreground (and not as a --background daemon). Use this if you are controlling the --execution of MailScanner with a tool like DJB’s --’supervise’ (see --http://cr.yp.to/daemontools.html).

--
-- -- -- -- -- --
--

LDAP Server

-- -- -- -- -- --
--

Default:

-- --

If you are using an LDAP server to read the --configuration, these are the details required for the LDAP --connection. The connection is anonymous. Example: --localhost

--
-- -- -- -- -- --
--

LDAP Base

-- -- -- -- -- --
--

Default:

-- --

If you are using an LDAP server to read the --configuration, these are the details required for the LDAP --connection. The connection is anonymous. Example: o=fsl

--
-- -- -- -- -- --
--

LDAP Site

-- -- -- -- -- --
--

Default:

-- --

If you are using an LDAP server to read the --configuration, these are the details required for the LDAP --connection. The connection is anonymous. Example: --default

--
-- -- -- -- -- --
--

Always Looked Up Last

-- -- -- -- -- --
--

Default: no

-- --

The value of the option is actually never used, but it is --evaluated at the end of processing a batch of messages. It --is designed to be used in conjunction with a Custom --Function. The Custom Function should then be written to have --a "side effect" of doing something useful such as --logging lots of information about the batch of messages to a --file or an SQL database.

--
-- -- -- -- -- --
--

Deliver in Background

-- -- -- -- -- --
--

Default: yes

-- --

When attempting delivery of any messages (when the --"Delivery Method = batch") the sendmail/Exim --command will be run in the background so that MailScanner --does not have to wait for the delivery attempt to complete. --There are very few good reasons for setting this to --"no".

--
-- -- -- -- -- --
--

Lockfile Dir

-- -- -- -- -- --
--

Default: /tmp

-- --

This is the directory in which lock files are placed to --stop the virus scanners used while they are in the middle of --updating themselves with new virus definitions. If you --change this at all, you will need to edit the --"autoupdate" scripts for all your virus --scanners.

--
-- -- -- -- -- --
--

Custom Functions Dir

-- -- -- -- -- --
--

Default: --/opt/MailScanner/lib/MailScanner/CustomFunctions
--Default FreeBSD: --/usr/local/lib/MailScanner/MailScanner/CustomFunctions

-- --

Where to put the code for your "Custom --Functions". No code in this directory should be --over−written by the installation or upgrade process. --All files starting with "." or ending with --".rpmnew" will be ignored, all other files will be --compiled and may be used with Custom Functions.

--
-- -- -- -- -- --
--

Lock Type

-- -- -- -- -- --
--

Do not set this option to anything unless you know --exactly what you are doing. For sendmail and Exim, --MailScanner will choose the correct value by default. This --affects how mail queue files are locked, and your mail will --be totally screwed up if you set this option to anything --other than the correct value for your MTA. So leave it alone --and let MailScanner choose the correct value for you.

--
-- -- -- -- -- --
--

Minimum Code Status

-- -- -- -- -- --
--

Default: supported

-- --

Minimum acceptable code stability status −− --if we come across code that’s not at least as stable --as this, we barf. This is currently only used to check that --you don’t end up using untested virus scanner support --code without realising it. Don’t even *think* about --setting this to anything other than "beta" or --"supported" on a system that receives real mail --until you have tested it yourself and are happy that it is --all working as you expect it to. Don’t set it to --anything other than "supported" on a system that --could ever receive important mail. Levels used are:

--
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
-- --

--
-- --

none − there may not even be any code.

--
-- --

--
-- --

unsupported − code may be completely untested, a --contributed dirty hack, anything, really.

--
-- --

--
-- --

alpha − code is pretty well untested. Don’t --assume it will work.

--
-- --

--
-- --

beta − code is tested a bit. It should work.

--
-- --

--
-- --

supported − code *should* be reliable.

--
-- -- -- -- -- --
--

Split Exim Spool

-- -- -- -- -- --
--

Default: yes

-- -- -- -- -- --
--

Are you using Exim with split spool directories? If you --don’t understand this, the answer is probably --"no". Refer to the Exim documentation for more --information about split spool directories.

--
-- -- -- -- -- --
--

Use Default Rules With Multiple --Recipients

-- -- -- -- -- --
--

Default: no

-- --

When trying to work out the value of configuration --parameters which are using a ruleset, this controls the --behaviour when a rule is checking the "To:" --addresses. If this option is set to "no", then --some rules will use the result they get from the first --matching rule for any of the recipients of a message, so the --exact value cannot be predicted for messages with more than --1 recipient. This value *cannot* be the filename of a --ruleset.
--If this option is set to "yes", then the following --happens when checking the ruleset:

--
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
-- --

a)

--
-- --

1 recipient. Same behaviour as normal.

--
-- --

b)

--
-- --

Several recipients, but all in the same domain --(domain.com for example). The rules are checked for one that --matches the string "*@domain.com".

--
-- --

c)

--
-- --

Several recipients, not all in the same domain. The --rules are checked for one that matches the string --"*@*".

--
-- --

RULESETS

-- -- -- -- -- --
--

Ruleset files should all be put in --/opt/MailScanner/etc/rules (FreeBSD: --/usr/local/etc/MailScanner/rules) and their filename should --end in ".rules" wherever possible.

-- --

All blank lines are ignored, and comments start with --"#" and continue to the end of the line, like --this: # This line is just a comment

-- --

Other than that, every line is a rule and looks like this --example: From: john.doe@domain.com yes

-- --

As you can see, each rule has 3 fields:
--1. Direction
--2. Pattern to match
--3. Result value (or values)

-- --

1. Direction should be one of the following:

--
-- -- -- -- -- -- -- -- -- -- -- -- -- -- --
-- --

From:

--
-- --

Matches when the message is from a matching address

--
--
-- --

To:

--
-- --

Matches when the message is to a matching address

--
--
-- -- -- -- -- --
--

FromOrTo:

-- -- -- -- -- --
--

Matches when the message is from or to a matching --address

--
-- -- -- -- -- --
--

FromAndTo:

-- -- -- -- -- --
--

Matches when the message is from and to a matching --address

--
-- -- -- -- -- --
--

The syntax of these is very loosely defined. Any word --containing "from", any word containing --"to", any word containing "from" and --"to" (in either order), and any word containing --"and" will work just fine. You can put them in --upper or lower case, it doesn’t matter. And any --additional punctuation will be ignored.

-- -- -- -- -- --
--

This specifies the whether the rule should be matched --against the sender’s address (or IP address), or the --recipient’s address.

--
-- -- -- -- -- --
--

2. The pattern describes what messages should match this --rule. Some examples are:

-- --

user@sub.domain.com # Individual address
--user@* # 1 user at any domain
--*@sub.domain.com # Any user at 1 domain
--*@*.domain.com # Any user at any sub−domain of --"domain.com"
--*@domain.com # Any user at 1 specific domain
--/pattern/ # Any address matching this Perl regular
--# expression
--192.168. # Any SMTP client IP address in this network
--/pattern−with−no−letters/ # Any SMTP --client IP address matching this
--# Perl regular expression
--/^192.168.1[4567]./ # Any SMTP client IP address in the --networks
--# 192.168.14 − 192.168.17
--*@* # Default value
--default # Default value

-- --

You should be able to do just about anything with --that.

-- --

3. The result value is what you could have put in the --entry in the main mailscanner.conf file had you not given --the filename of a ruleset instead.

-- --

See the file EXAMPLES for a few ideas on how to do things --with this system.

--
-- --

ATTACHMENT FILENAME RULESET

-- -- -- -- -- --
--

This is held in the filename pointed to by the --configuration option Filename rules. It contains a set of --rules that are used to judge whether any given file --attachment should be accepted or rejected on the basis of --its filename, regardless of whether it is found to be --virus−infected or not. This can not only be used for --draconian measures such as banning all .exe attachments, but --it can be used with any Perl regular expression to provide --facilities such as detection of attempts at hiding --filenames.

-- --

Many Windows e−mail programs (eg. Microsoft --Outlook) hide common file extensions in an attempt to not --baffle the user. The result is that while an attachment --called "Your Document.doc" is helpfully displayed --as "Your Document", a more sinister attachment --just as "Looks Safe.txt.pif" will appear simply as --"Looks Safe.txt". Many users recognise the .txt --filename extension as applying to plain text files, which --they know are safe. So even an experienced user may well --double−click on this attachment thinking it is just --going to start Notepad and display the text file. However, --the file is really an MS−Dos shortcut (.pif file) and --can execute any arbitrary commands the author wanted: all --without any indication to the unwitting user.

-- --

The rules are matched in order from the top to the bottom --of the file, and the first rule containing a matching --regular expression is used. Each line of the file is either --blank, a comment (in which case it starts with a --’#’ character) or is a rule made up of 4 fields --separated by one or more TAB characters:

--
-- -- -- -- -- --
--

allow / deny

-- -- -- -- -- --
--

Accept or reject the attachment if its filename matches --the regular expression

--
-- -- -- -- -- --
--

regular expression

-- -- -- -- -- --
--

The rule is executed if the attachment matches this --expression. It may optionally be surrounded in --’/’ characters.

--
-- -- -- -- -- --
--

log text

-- -- -- -- -- --
--

If the rule matches, this text is placed in the syslog. --If the text is "−", no string is logged.

--
-- -- -- -- -- --
--

user text

-- -- -- -- -- --
--

If the rule matches, this text is placed in the text --message sent to the user. If the text is --"−", no text is used.

--
-- -- -- -- -- --
--

Please have a look at the filename.rules.conf or --filename.rules.conf.sample file provided with this --distribution/package/port.

--
-- --

SEE ALSO

-- -- -- -- -- --
--

MailScanner(8)

--
--
-- -- -+ -+ -+ -+ -+ -+ -+ -+ -+MailScanner.conf -+ -+ -+ -+

MailScanner.conf

-+NAME
-+SYNOPSIS
-+DESCRIPTION
-+System Settings
-+Incoming Work Dir Settings
-+Quarantine and Archive Settings
-+Process Incoming Mail
-+Options specific to Sophos Anti-Virus
-+Virus scanning and vulnerability testing
-+Options specific to ClamAV Anti-Virus
-+Removing/Logging dangerous or potentially offensive content
-+Attachment filename checking
-+Reports and responses
-+Changes to message headers
-+Notifications back to the senders of blocked messages
-+Changes to subject line
-+Changes to the message body
-+Mail archiving and monitoring
-+Notices to system administrators
-+Definitions of virus scanners and spam detectors
-+Spam detection and spam lists (DNS blocklists)
-+SpamAssassin
-+Custom Spam Scanner Plugin
-+What to do with spam
-+System logging
-+Advanced SpamAssassin Settings
-+Advanced Settings
-+RULESETS
-+ATTACHMENT FILENAME RULESET
-+SEE ALSO
-+ -+
-+ -+

NAME

-+ -+ -+ -+ -+ -+
-+

MailScanner.conf − Main configuration for -+MailScanner

-+
-+ -+

SYNOPSIS

-+ -+ -+ -+ -+ -+
-+

none

-+
-+ -+

DESCRIPTION

-+ -+ -+ -+ -+ -+
-+

MailScanner is configured using the file -+MailScanner.conf. The location of this file varies from -+operating system to operating system:

-+
-+ -+ -+ -+ -+ -+ -+ -+ -+
-+ -+

Linux:

-+
-+ -+

/etc/MailScanner

-+
-+
-+ -+ -+ -+ -+ -+
-+

FreeBSD: /usr/local/etc/MailScanner
-+Other: /opt/MailScanner/etc

-+ -+

Blank lines are ignored, as are leading and trailing -+spaces. Comments start at a ’#’ character and -+extend to the end of the line. All options are expressed in -+the form

-+ -+

option = value

-+ -+

Many of the options can also be the filename of a -+ruleset, which can be used to control features depending on -+the addresses of the message, and/or the IP address where -+the message came from. You will find some examples of -+rulesets and an explanation of them in the "rules" -+directories within the MailScanner installation and in the -+section "RULESETS" later in this manpage.

-+ -+

The options are best listed in a few categories. If this -+list looks very large then don’t worry, the supplied -+MailScanner.conf file (or MailScanner.conf.sample) contains -+sensible defaults for all the values. You will probably only -+need to change a very few of them to start with.

-+ -+

Starting with version 4.40.10 of MailScanner you can use -+shell environment variables such as $HOSTNAME or ${HOSTNAME} -+in MailScanner.conf and its relatives.

-+ -+

You should define the following variables:

-+
-+ -+ -+ -+ -+ -+
-+

%report−dir%

-+ -+ -+ -+ -+ -+
-+

Default: /opt/MailScanner/etc/reports/en
-+Default FreeBSD: /usr/local/share/MailScanner/reports/en

-+ -+

Set the directory containing all the reports in the -+required language.

-+
-+ -+ -+ -+ -+ -+
-+

%etc−dir%

-+ -+ -+ -+ -+ -+
-+

Default: /opt/MailScanner/etc
-+Default FreeBSD: /usr/local/etc/MailScanner

-+ -+

Configuration directory containing this file

-+
-+ -+ -+ -+ -+ -+
-+

%rules−dir%

-+ -+ -+ -+ -+ -+
-+

Default: /opt/MailScanner/etc/rules
-+Default FreeBSD: /usr/local/etc/MailScanner/rules

-+ -+

Rulesets directory containing your ".rules" -+files

-+
-+ -+ -+ -+ -+ -+
-+

%org−name%

-+ -+ -+ -+ -+ -+
-+

Default: yoursite

-+ -+

Enter a short identifying name for your organisation -+below, this is used to make the X−MailScanner headers -+unique for your organisation. Multiple servers within one -+site should use an identical value here to avoid adding -+multiple redundant headers where mail has passed through -+several servers within your organisation.
-+Note: Some Symantec scanners complain (incorrectly) about -+"." characters appearing in the names of -+headers.

-+
-+ -+ -+ -+ -+ -+
-+

%org−long−name%

-+ -+ -+ -+ -+ -+
-+

Default: Your Organisation Name Here

-+ -+

Enter the full name of your organisation below, this is -+used in the signature placed at the bottom of report -+messages sent by MailScanner. It can include pretty much any -+text you like. You can make the result span several lines by -+including "0 sequences in the text. These will be -+replaced by line−breaks.

-+
-+ -+ -+ -+ -+ -+
-+

%web−site%

-+ -+ -+ -+ -+ -+
-+

Default: www.your−organisation.com

-+ -+

Enter the location of your organisation’s web site -+below. This is used in the signature placed at the bottom of -+report messages sent by MailScanner. It should preferably be -+the location of a page that you have written explaining why -+you might have rejected the mail and what the recipient -+and/or sender should do about it.

-+
-+ -+

System Settings

-+ -+ -+ -+ -+ -+
-+

Max Children

-+ -+ -+ -+ -+ -+
-+

Default: 5

-+ -+

MailScanner uses your server efficiently by running -+several identical processes at the same time, all processing -+mail. This is the number of these processes to run at once. -+Turning this figure will optimise the performance of your -+system if you process a lot of mail. A good figure to start -+with is 5 children per CPU. So if you have 4 CPUs in your -+server, start by setting this to 20.

-+
-+ -+ -+ -+ -+ -+
-+

Run as User

-+ -+ -+ -+ -+ -+
-+

Default: not to change user

-+ -+

Provided for Exim users (and anyone not running sendmail -+as root), this changes the user under which MailScanner -+runs.

-+
-+ -+ -+ -+ -+ -+
-+

Run as Group

-+ -+ -+ -+ -+ -+
-+

Default: not to change group

-+ -+

Provided for Exim users (and anyone not running sendmail -+as root), this changes the group under which MailScanner -+runs.

-+
-+ -+ -+ -+ -+ -+
-+

Queue Scan Interval

-+ -+ -+ -+ -+ -+
-+

Default: 5

-+ -+

How often (in seconds) should each process check the -+incoming mail queue for new messages? If you have a quiet -+mail server, you might want to increase this value so it -+causes less load on your server, at the cost of slightly -+increasing the time taken for an average message to be -+processed.

-+
-+ -+ -+ -+ -+ -+
-+

Incoming Queue Dir

-+ -+ -+ -+ -+ -+
-+

Default: /var/spool/mqueue.in

-+ -+

Directory in which MailScanner should find e−mail -+messages for scanning. This can be any of the following:

-+
-+ -+ -+ -+ -+ -+ -+ -+ -+
-+ -+

1.

-+
-+ -+

a directory name.

-+
-+
-+ -+ -+ -+ -+ -+
-+

Example: /var/spool/mqueue.in

-+
-+ -+ -+ -+ -+ -+ -+ -+ -+
-+ -+

2.

-+
-+ -+

a wildcard giving directory names.

-+
-+
-+ -+ -+ -+ -+ -+
-+

Example: /var/spool/mqueue.in/*

-+
-+ -+ -+ -+ -+ -+ -+ -+
-+ -+

3.

-+
-+ -+

the name of a file containing a list of directory names, -+which can in turn contain wildcards.

-+
-+ -+ -+ -+ -+ -+
-+

Example: -+/usr/local/etc/MailScanner/mqueue.in.list.conf

-+ -+ -+ -+ -+ -+
-+

Outgoing Queue Dir

-+ -+ -+ -+ -+ -+
-+

Default: /var/spool/mqueue

-+ -+

Directory in which MailScanner should place scanned -+e−mail messages. This can also be the filename of a -+ruleset.

-+
-+ -+ -+ -+ -+ -+
-+

Incoming work dir

-+ -+ -+ -+ -+ -+
-+

Default: /opt/MailScanner/var/incoming
-+Default FreeBSD: /var/spool/MailScanner/incoming

-+ -+

Directory in which to temporarily store unpacked MIME -+messages during scanning process.

-+
-+ -+ -+ -+ -+ -+
-+

Quarantine Dir

-+ -+ -+ -+ -+ -+
-+

Default: /opt/MailScanner/var/quarantine
-+Default FreeBSD: /var/spool/MailScanner/quarantine

-+ -+

Set where to store infected messages and attachments (if -+they are kept). This can also be the filename of a -+ruleset.

-+
-+ -+ -+ -+ -+ -+
-+

PID file

-+ -+ -+ -+ -+ -+
-+

Default: /opt/MailScanner/var/MailScanner.pid
-+Default FreeBSD: /var/run/MailScanner.pid

-+ -+

Set where to store the process id number so you can stop -+MailScanner. In the FreeBSD port this should remain -+/var/run/MailScanner.pid in order for the start/stop script -+to work.

-+
-+ -+ -+ -+ -+ -+
-+

Restart Every

-+ -+ -+ -+ -+ -+
-+

Default: 14400

-+ -+

To avoid resource leaks the MailScanner parent process -+stops and restarts its child processes from time to time. -+Set the amount of seconds each child process is supposed to -+live here.

-+
-+ -+ -+ -+ -+ -+ -+ -+ -+
-+ -+

MTA

-+
-+ -+

Default: sendmail

-+
-+
-+ -+ -+ -+ -+ -+
-+

MailScanner works with sendmail and exim. Since the queue -+handling differs a bit, you have to tell MailScanner which -+MTA you are using. Valid options are sendmail and exim.

-+
-+ -+ -+ -+ -+ -+
-+

Sendmail

-+ -+ -+ -+ -+ -+
-+

Default: /usr/lib/sendmail
-+Default FreeBSD: /usr/sbin/sendmail

-+ -+

Set how to invoke MTA when sending messages MailScanner -+has created (e.g. to sender/recipient saying "found a -+virus in your message"). This can also be the filename -+of a ruleset.

-+
-+ -+ -+ -+ -+ -+
-+

Sendmail2

-+ -+ -+ -+ -+ -+
-+

Default: same value as the Sendmail setting

-+ -+

Sendmail2 is provided for exim users. It is the command -+used to attempt delivery of outgoing cleaned/disinfected -+messages. This is not usually required for sendmail.
-+For Exim users this could be: Sendmail2 = /usr/sbin/exim -+−C /usr/local/etc/exim/configure.out

-+
-+ -+

Incoming Work Dir Settings

-+ -+ -+ -+ -+ -+
-+

You should not normally need to touch these settings at -+all, unless you are using ClamAV and need to be able to use -+the external archive unpackers instead of ClamAV’s -+built−in ones.

-+
-+ -+ -+ -+ -+ -+
-+

Incoming Work User

-+ -+ -+ -+ -+ -+
-+

Default:

-+ -+

If you want to create the temporary working files so they -+are owned by a user other than the "Run As User" -+setting, you can change that here. Note: If the "Run As -+User" is not "root" then you cannot change -+the user but may still be able to change the group, if the -+"Run As User" is a member of both of the groups -+"Run As Group" and "Incoming Work -+Group".

-+
-+ -+ -+ -+ -+ -+
-+

Incoming Work Group

-+ -+ -+ -+ -+ -+
-+

Default:

-+ -+

If you want to create the temporary working files so they -+are owned by a group other than the "Run As User" -+setting, you can change that here. Note: If the "Run As -+User" is not "root" then you cannot change -+the user but may still be able to change the group, if the -+"Run As User" is a member of both of the groups -+"Run As Group" and "Incoming Work -+Group".

-+
-+ -+ -+ -+ -+ -+
-+

Incoming Work Permissions

-+ -+ -+ -+ -+ -+
-+

Default: 0600

-+ -+

If you want processes running under the same *group* as -+MailScanner to be able to read the working files (and list -+what is in the directories, of course), set to 0640. If you -+want *all* other users to be able to read them, set to 0644. -+For a detailed description, if you’re not already -+familiar with it, refer to ‘man 2 chmod‘. -+Typical use: external helper programs of virus scanners -+(notably ClamAV), like unpackers. Use with care, you may -+well open security holes.

-+
-+ -+

Quarantine and Archive Settings

-+ -+ -+ -+ -+ -+
-+

If, for example, you are using a web interface so that -+users can manage their quarantined files, you might want to -+change the ownership and permissions of the quarantined so -+that they can be read and/or deleted by the web server. -+Don’t touch this unless you know what you are -+doing!

-+
-+ -+ -+ -+ -+ -+
-+

Quarantine User

-+ -+ -+ -+ -+ -+
-+

Default:

-+ -+

If you want to create the quarantine/archive so the files -+are owned by a user other than the "Run As User" -+setting at the top of this file, you can change that here. -+Note: If the "Run As User" is not "root" -+then you cannot change the user but may still be able to -+change the group, if the "Run As User" is a member -+of both of the groups "Run As Group" and -+"Quarantine Group".

-+
-+ -+ -+ -+ -+ -+
-+

Quarantine Group

-+ -+ -+ -+ -+ -+
-+

Default:

-+ -+

If you want to create the quarantine/archive so the files -+are owned by a user other than the "Run As User" -+setting at the top of this file, you can change that here. -+Note: If the "Run As User" is not "root" -+then you cannot change the user but may still be able to -+change the group, if the "Run As User" is a member -+of both of the groups "Run As Group" and -+"Quarantine Group".

-+
-+ -+ -+ -+ -+ -+
-+

Quarantine Permissions

-+ -+ -+ -+ -+ -+
-+

Default: 0600

-+ -+

If you want processes running under the same *group* as -+MailScanner to be able to read the quarantined files (and -+list what is in the directories, of course), set to 0640. If -+you want *all* other users to be able to read them, set to -+0644. For a detailed description, if you’re not -+already familiar with it, refer to ‘man 2 -+chmod‘. Typical use: let the webserver have access to -+the files so users can download them if they really want to. -+Use with care, you may well open security holes.

-+
-+ -+

Process Incoming Mail

-+ -+ -+ -+ -+ -+
-+

Max Unscanned Bytes Per Scan

-+ -+ -+ -+ -+ -+
-+

Default: 100000000

-+ -+

MailScanner handles messages in batches for efficiency. -+Messages are gathered (in strict date order) from the -+incoming queue directory, one at a time, until this or one -+of the following three limits is reached or the queue is -+empty.

-+ -+

This setting limits the total size of messages per batch -+for which no scanning is done (i.e. Virus Scanning = -+no).

-+
-+ -+ -+ -+ -+ -+
-+

Max Unsafe Bytes per Scan

-+ -+ -+ -+ -+ -+
-+

Default: 50000000

-+ -+

This setting limits the total size of messages per batch -+for which scanning is done (i.e. Virus Scanning = yes).

-+
-+ -+ -+ -+ -+ -+
-+

Max Unscanned Messages Per Scan

-+ -+ -+ -+ -+ -+
-+

Default: 100

-+ -+

This setting limits the total number of messages per -+batch for which no scanning is done (i.e. Virus Scanning = -+no).

-+
-+ -+ -+ -+ -+ -+
-+

Max Unsafe Messages per Scan

-+ -+ -+ -+ -+ -+
-+

Default: 100

-+ -+

This setting limits the total number of messages per -+batch for which scanning is done (i.e. Virus Scanning = -+yes).

-+
-+ -+ -+ -+ -+ -+
-+

Max Normal Queue Size

-+ -+ -+ -+ -+ -+
-+

Default: 1000

-+ -+

If more messages are found in the queue than this, then -+switch to an "accelerated" mode of processing -+messages. This will cause it to stop scanning messages in -+strict date order, but in the order it finds them in the -+queue. If your queue is bigger than this size a lot of the -+time, then some messages could be greatly delayed. So treat -+this option as "in emergency only".

-+
-+ -+ -+ -+ -+ -+
-+

Scan Messages

-+ -+ -+ -+ -+ -+
-+

Default: yes

-+ -+

If this is set to yes, then email messages passing -+through MailScanner will be processed and checked, and all -+the other options in this file will be used to control what -+checks are made on the message. If this is set to no, then -+email messages will NOT be processed or checked *at all*, -+and so any viruses or other problems will be ignored.

-+
-+ -+ -+ -+ -+ -+
-+

Reject Messages

-+ -+ -+ -+ -+ -+
-+

Default: no

-+ -+

You may not want to receive mail from certain addresses -+and/or to certain addresses. If so, you can do this with -+your email transport (sendmail, Postfix, etc) but that will -+just send a one−line message which is not helpful to -+the user sending the message. If this is set to yes, then -+the message set by the "Rejection Report" will be -+sent instead, and the incoming message will be deleted. If -+you want to store a copy of the original incoming message -+then use the "Archive Mail" setting to archive a -+copy of it. The purpose of this option is to set it to be a -+ruleset, so that you can reject messages from a few -+offending addresses where you need to send a polite reply -+instead of just a brief 1−line rejection message.

-+
-+ -+ -+ -+ -+ -+
-+

Maximum Attachments Per Message

-+ -+ -+ -+ -+ -+
-+

Default: 200

-+ -+

The maximum number of attachments allowed in a message -+before it is considered to be an error. Some email systems, -+if bouncing a message between 2 addresses repeatedly, add -+information about each bounce as an attachment, creating a -+message with thousands of attachments in just a few minutes. -+This can slow down or even stop MailScanner as it uses all -+available memory to unpack these thousands of attachments. -+This can also be the filename of a ruleset.

-+
-+ -+ -+ -+ -+ -+
-+

Expand TNEF

-+ -+ -+ -+ -+ -+
-+

Default: yes

-+ -+

TNEF is primarily used by Microsoft programs such as -+Outlook and Outlook Express when mails are formatted/sent in -+Rich−Text−Format. Attachments are all put -+together in one WINMAIL.DAT file.

-+ -+

Should we use a TNEF decoder (external or Perl module)? -+This should be "yes" unless the scanner you are -+using (Sophos, McAfee) has the facility built−in. -+However, if you set it to "no", then the filenames -+within the TNEF attachment will not be checked against the -+filename rules.

-+
-+ -+ -+ -+ -+ -+
-+

Use TNEF Contents

-+ -+ -+ -+ -+ -+
-+

Default: replace
-+When the TNEF (winmail.dat) attachments are expanded, should -+the attachments contained in there be added to the list of -+attachments in the message? If you set this to -+"add" or "replace" then recipients of -+messages sent in "Outlook Rich Text Format" (TNEF) -+will be able to read the attachments if they are not using -+Microsoft Outlook.

-+
-+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+
-+ -+

-+
-+ -+

no: Leave winmail.dat TNEF attachments alone.

-+
-+ -+

-+
-+ -+

add: Add the contents of winmail.dat as extra -+attachments, but also still include the winmail.dat file -+itself. This will result in TNEF messages being doubled in -+size.

-+
-+ -+

-+
-+ -+

replace: Replace the winmail.dat TNEF attachment with -+the files it contains, and delete the original winmail.dat -+file itself. This means the message stays the same size, but -+is usable by non−Outlook recipients.

-+
-+ -+ -+ -+ -+ -+
-+

Deliver Unparsable TNEF

-+ -+ -+ -+ -+ -+
-+

Default: no

-+ -+ -+ -+ -+ -+
-+

Rich Text format attachments produced by some versions of -+Microsoft Outlook cannot be completely decoded at present. -+Setting this option to yes allows compatibility with the -+behaviour of earlier versions where these attachments were -+still delivered. This would introduce the slight chance of a -+virus getting through in the segment of the attachment that -+could not be decoded, but the setting may be necessary if -+you have a large number of Microsoft Outlook users who are -+troubled by the new behaviour.

-+
-+ -+ -+ -+ -+ -+
-+

TNEF Expander

-+ -+ -+ -+ -+ -+
-+

Default: /opt/MailScanner/bin/tnef
-+Default FreeBSD: /usr/local/bin/tnef

-+ -+

Full pathname giving location of the MS−TNEF -+expander/decoder program, or the keyword internal which will -+force use of the optional Perl Convert::TNEF module instead -+of the external program.

-+
-+ -+ -+ -+ -+ -+
-+

TNEF Timeout

-+ -+ -+ -+ -+ -+
-+

Default: 120

-+ -+

The maximum length of time (in seconds) the TNEF Expander -+is allowed to run for diassembling one attachment.

-+
-+ -+ -+ -+ -+ -+
-+

File Command

-+ -+ -+ -+ -+ -+
-+

Default: /usr/bin/file

-+ -+

Where the "file" command is installed. This is -+used for checking the content type of files, regardless of -+their filename. To disable Filetype checking, set this value -+to blank.

-+
-+ -+ -+ -+ -+ -+
-+

File Timeout

-+ -+ -+ -+ -+ -+
-+

Default: 20

-+ -+

The maximum length of time the "file" command -+is allowed to run for one batch of messages (in -+seconds).

-+
-+ -+ -+ -+ -+ -+
-+

Unrar Command

-+ -+ -+ -+ -+ -+
-+

Default: /usr/bin/unrar

-+ -+

Where the "unrar" command is installed. If you -+haven’t got this command, look at www.rarlab.com. This -+is used for unpacking rar archives so that the contents can -+be checked for banned filenames and filetypes, and also that -+the archive can be tested to see if it is -+password−protected. Virus scanning the contents of rar -+archives is still left to the virus scanner, with one -+exception: If using the clavavmodule virus scanner, this -+adds external RAR checking to that scanner which is needed -+for archives which are RAR version 3.

-+
-+ -+ -+ -+ -+ -+
-+

Unrar Timeout

-+ -+ -+ -+ -+ -+
-+

Default: 50

-+ -+

The maximum length of time the "unrar" command -+is allowed to run for 1 RAR archive (in seconds)

-+
-+ -+ -+ -+ -+ -+
-+

Find UU−Encoded Files

-+ -+ -+ -+ -+ -+
-+

Default: no
-+A few viruses store their infected data in UU−encoded -+files, to try to catch out virus scanners. This rarely -+succeeds at all. Setting this option to yes means that you -+can apply filename and filetype checks to the contents of -+UU−encoded files. This may occasionally be useful, in -+which case you should set to yes. This can also be the -+filename of a ruleset.

-+
-+ -+ -+ -+ -+ -+
-+

Block Encrypted Messages

-+ -+ -+ -+ -+ -+
-+

Default: no

-+ -+

This is inteded for use with a ruleset to ensure that -+none of your users is covertly mailing sites with which you -+would not normally communicate (e.g. your competitors). If -+this is set to yes (or the ruleset evaluates to yes) -+encrypted messages are blocked.

-+
-+ -+ -+ -+ -+ -+
-+

Block Unencrypted Messages

-+ -+ -+ -+ -+ -+
-+

Default: no

-+ -+

This is intended for use with a ruleset to ensure that -+mail is always encrypted before being sent. This could be -+used to ensure that mail to your business partners is sent -+securely.

-+
-+ -+ -+ -+ -+ -+
-+

Allow Password−Protected Archives

-+ -+ -+ -+ -+ -+
-+

Default: no

-+ -+

Should archives which contain any -+password−protected files be allowed? Leaving this set -+to "no" is a good way of protecting against all -+the protected zip files used by viruses at the moment. This -+can also be the filename of a ruleset.

-+
-+ -+ -+ -+ -+ -+
-+

Maximum Message Size

-+ -+ -+ -+ -+ -+
-+

Default: 0

-+ -+

The maximum size, in bytes, of any message including the -+headers. If this is set to zero, then no size checking is -+done. This can also be the filename of a ruleset, so you can -+have different settings for different users. You might want -+to set this quite small for dialup users so their email -+applications don’t time out downloading huge -+messages.

-+
-+ -+ -+ -+ -+ -+
-+

Maximum Attachment Size

-+ -+ -+ -+ -+ -+
-+

Default: −1

-+ -+

The maximum size, in bytes, of any attachment in a -+message. If this is set to zero, effectively no attachments -+are allowed. If this is set less than zero, then no size -+checking is done. This can also be the filename of a -+ruleset, so you can have different settings for different -+users. You might want to set this quite small for large -+mailing lists so they don’t get deluged by large -+attachments.

-+
-+ -+ -+ -+ -+ -+
-+

Maximum Archive Depth

-+ -+ -+ -+ -+ -+
-+

Default: 3

-+ -+

The maximum depth to which zip archives will be unpacked -+to allow for checking filenames and filetypes within zip -+archives. Setting this to 0 will disable -+filename/−type checks within zip files while still -+allowing to block password protected zip files.

-+
-+ -+ -+ -+ -+ -+
-+

Find Archives By Content

-+ -+ -+ -+ -+ -+
-+

Default: yes

-+ -+

Find zip archives by filename or by file contents? -+Finding them by content is a far more reliable way of -+finding them, but it does mean that you cannot tell your -+users to avoid zip file checking by renaming the file from -+".zip" to "_zip" and tricks like that. -+Only set this to no (i.e. check by filename only) if you -+don’t want to reliably check the contents of zip -+files. Note this does not affect virus checking, but it will -+affect all the other checks done on the contents of the zip -+file. This can also be the filename of a ruleset.

-+
-+ -+

Options specific to Sophos Anti-Virus

-+ -+ -+ -+ -+ -+
-+

Allowed Sophos Error Messages

-+ -+ -+ -+ -+ -+
-+

Default:

-+ -+

Anything on the next line that appears in brackets at the -+end of a line of output from Sophos will cause the -+error/infection to be ignored. Use of this option is -+dangerous, and should only be used if you are having trouble -+with lots of corrupt PDF files, for example. This option -+allows for multiple strings as well. In this case, the -+strings should be put in double quotes (") and each -+string separated with commas. Examples:
-+Allowed Sophos Error Messages = corrupt format not -+supported
-+Allowed Sophos Error Messages = "corrupt", -+"format not supported"

-+ -+

The first version will match "corrupt format not -+supported" only. The second version will match -+"corrupt" and "format not -+supported".

-+
-+ -+ -+ -+ -+ -+
-+

Sophos IDE Dir

-+ -+ -+ -+ -+ -+
-+

Default: /usr/local/Sophos/ide

-+ -+

The directory (or a link to it) containing all the Sophos -+*.ide files. This is only used by the "sophossavi" -+virus scanner, and is irrelevant for all other scanners.

-+
-+ -+ -+ -+ -+ -+
-+

Sophos Lib Dir

-+ -+ -+ -+ -+ -+
-+

Default: /usr/local/Sophos/lib

-+ -+

The directory (or a link to it) containing all the Sophos -+*.so libraries.This is only used by the -+"sophossavi" virus scanner, and is irrelevant for -+all other scanners.

-+
-+ -+ -+ -+ -+ -+
-+

Monitors For Sophos Updates

-+ -+ -+ -+ -+ -+
-+

Default: /usr/local/Sophos/ide/*ides.zip

-+ -+

SophosSAVI only: monitor each of these files for changes -+in size to detect when a Sophos update has happened. The -+date of the Sophos Lib Dir is also monitored. This is only -+used by the "sophossavi" virus scanner, not the -+"sophos" scanner setting.

-+
-+ -+

Virus scanning and vulnerability testing

-+ -+ -+ -+ -+ -+
-+

Virus Scanning

-+ -+ -+ -+ -+ -+
-+

Default: auto

-+ -+

Do you want to scan email for viruses? A few people -+don’t have virus scanner licence and so want to -+disable all the virus scanning.
-+NOTE: Switching this to no completely disables all -+virus−scanning functionality. If you just want to -+switch of actual virus scanning, then set "Virus -+Scanners = none" instead.
-+If you want to be able to switch scanning on/off for -+different users or different domains, set this to the -+filename of a ruleset. If you set this to auto then it -+searches for and uses every available installed virus -+scanner.

-+
-+ -+ -+ -+ -+ -+
-+

Virus Scanners

-+ -+ -+ -+ -+ -+
-+

Default: none

-+ -+

Which Virus Scanning package to use. Possible choices are -+sophos, sophossavi, mcafee, command, bitdefender, kaspersky, -+kaspersky−4.5, kavdaemonclient, inoculate, inoculan, -+nod32, nod32−1.99, f−secure, f−prot, -+panda, rav, antivir, clamav, clamavmodule, css, trend, -+norman, avg, vexira, symscanengine, generic, none (no virus -+scanning at all). This *cannot* be the filename of a -+ruleset.

-+ -+

Note for McAfee users: Do NOT use any symlinks with -+McAfee at all. It is very strange but McAfee may not detect -+all viruses when started from a symlink or scanning a -+directory path including symlinks.

-+ -+

Note: If you want to use multiple virus scanners, then -+this should be a space−separated list of virus -+scanners.

-+ -+

Note: Make sure that you check that the base installation -+directory in the 3rd column of virus.scanners.conf matches -+the location you have installed each of your virus scanners. -+The supplied virus.scanners.conf file assumes the default -+installation locations recommended by each of the virus -+scanner installation guides.

-+
-+ -+ -+ -+ -+ -+
-+

Virus Scanner Timeout

-+ -+ -+ -+ -+ -+
-+

Default: 300

-+ -+

The maximum time (in seconds) that the cirus scanner is -+allowed to take to scan one batch of messages.

-+
-+ -+ -+ -+ -+ -+
-+

Deliver Disinfected Files

-+ -+ -+ -+ -+ -+
-+

Default: yes

-+ -+

Should infected attached documents be automatically -+disinfected and sent on to the original recipients? Less -+than 1% of viruses in the wild can be successfully -+disinfected,as macro viruses are now a rare occurrence. So -+the default has been changed to "no" as it gives a -+significant performance improvement.

-+
-+ -+ -+ -+ -+ -+
-+

Silent Viruses

-+ -+ -+ -+ -+ -+
-+

Default: HTML−IFrame All−Viruses

-+ -+

Messages whose virus reports contain any of the words -+listed here will be treated as "silent" viruses. -+No messages will be sent back to the senders of these -+viruses, and the delivery to the recipient of the message -+can be controlled by the next option "Still Deliver -+Silent Viruses". This is primarily designed for viruses -+such as "Klez" and "Bugbear" which put -+fake addresses on messages they send, so there is no point -+informing the sender of the message, as it won’t -+actually be them who sent it anyway. Other words that can be -+put in this list are the 5 special keywords

-+
-+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+
-+ -+

-+
-+ -+

HTML−IFrame: inserting this will stop senders -+being warned about HTML Iframe tags, when they are not -+allowed.

-+
-+ -+

-+
-+ -+

HTML−Codebase: inserting this will stop senders -+being warned about HTML Object Codebase tags, when they are -+not allowed.

-+
-+ -+

-+
-+ -+

Zip−Password: inserting this will stop senders -+being warned about password−protected zip files when -+they are not allowd. This keyword is not needed if you -+include All−Viruses.

-+
-+ -+

-+
-+ -+

All−Viruses: inserting this will stop senders -+being warned about any virus, while still allowing you to -+warn senders about HTML−based attacks. This includes -+Zip−Password so you don’t need to include -+both.

-+
-+ -+ -+ -+ -+ -+
-+

The default of "All−Viruses" means that -+no senders of viruses will be notified (as the sender -+address is always forged these days anyway), but anyone who -+sends a message that is blocked for other reasons will still -+be notified.

-+ -+ -+ -+ -+ -+
-+

Still Deliver Silent Viruses

-+ -+ -+ -+ -+ -+
-+

Default: no

-+ -+

If this is set to yes then disinfected messsages that -+originally contained one of the "silent" viruses -+will still be delivered to the original recipients, even -+those addresses were chosen at random by the infected PC and -+do not correspond to anything a user intended to send. Set -+this to yes so that your users (and your management) -+appreciate how much MailScanner is doing to protect them, -+but set it to no if they complain a lot about receiving lots -+of virus warnings.

-+
-+ -+ -+ -+ -+ -+
-+

Non−Forging Viruses

-+ -+ -+ -+ -+ -+
-+

Default: Joke/ OF97/ WM97/ W97M/

-+ -+

Strings listed here will be searched for in the output of -+the virus scanners. It works to achieve the opposite effect -+of the "Silent Viruses" listed above. If a string -+here is found in the output of the virus scanners, then the -+message will be treated as if it were not infected with a -+"Silent Virus". If a message is detected as both a -+silent virus and a non−forging virus, then the -+non−forging status will override the silent status. In -+simple terms, you should list virus names (or parts of them) -+that you know do *not* forge the From address. A good -+example of this is a document macro virus or a Joke program. -+Another word that can be put in this list is the special -+keyword "Zip−.Password". Inserting this will -+cause senders to be warned about password−protected -+zip files, whey they are not allowed.

-+
-+ -+

Options specific to ClamAV Anti-Virus

-+ -+ -+ -+ -+ -+
-+

Monitors for ClamAV Updates

-+ -+ -+ -+ -+ -+
-+

Default: /usr/local/share/clamav/*.cvd

-+ -+

ClamAVModule only: monitor each of these files for -+changes in size to detect when a ClamAV update has happened. -+This is only used by the "clamavmodule" virus -+scanner, not the "clamav" scanner setting.

-+
-+ -+ -+ -+ -+ -+
-+

ClamAVmodule Maximum Recursion Level

-+ -+ -+ -+ -+ -+
-+

Default: 5

-+ -+

ClamAVModule only: The maximum recursion level of -+archives. This setting *cannot* be the filename of a -+ruleset, only a simple number.

-+
-+ -+ -+ -+ -+ -+
-+

ClamAVmodule Maximum Files

-+ -+ -+ -+ -+ -+
-+

Default: 100

-+ -+

ClamAVModule only: The maximum number of files per batch. -+This setting *cannot* be the filename of a ruleset, only a -+simple number.

-+
-+ -+ -+ -+ -+ -+
-+

ClamAVmodule Maximum File Size

-+ -+ -+ -+ -+ -+
-+

Default: 10000000

-+ -+

ClamAVModule only: The maximum file of each file (Default -+= 10MB). This setting *cannot* be the filename of a ruleset, -+only a simple number.

-+
-+ -+ -+ -+ -+ -+
-+

ClamAVmodule Maximum Compression Ratio

-+ -+ -+ -+ -+ -+
-+

Default: 250

-+ -+

ClamAVModule only: The maximum compression ration of -+archives. This setting *cannot* be the filename of a -+ruleset, only a simple number.

-+
-+ -+

Removing/Logging dangerous or potentially offensive content

-+ -+ -+ -+ -+ -+
-+

Allow Partial Messages

-+ -+ -+ -+ -+ -+
-+

Default: no

-+ -+

Do you want to allow partial messages, which only contain -+a fraction of the attachments, not the whole thing? There is -+no way that "partial messages" can be scanned for -+viruses properly, as only a fragment of the message is ever -+processed, never the whole message at once.
-+Setting this option to yes is very dangerous as it -+can let viruses in. But you might want to use a ruleset to -+set it for some customers’ outgoing mail, for -+example.

-+
-+ -+ -+ -+ -+ -+
-+

Allow External Message Bodies

-+ -+ -+ -+ -+ -+
-+

Default: no

-+ -+

There is a mechanism, very rarely used, in which the body -+of a message is contained on a remote server, which the -+user’s email application should download when it -+displays the message. Currently, I am only aware of this -+feature being supported by a few versions of Netscape, and -+the only people who use it are the IETF. There is no way to -+guarantee that the fetched file has no viruses in it, as -+MailScanner never sees it.
-+Setting this option to yes is very dangerous as it -+can let viruses in from remote "message body -+servers".

-+
-+ -+ -+ -+ -+ -+
-+

Find Phishing Fraud

-+ -+ -+ -+ -+ -+
-+

Default: yes

-+ -+

Do you want to check for "Phishing" attacks? -+These are attacks that look like a genuine email message -+from your bank, which contain a link to click on to take you -+to the web site where you will be asked to type in personal -+information such as your account number or credit card -+details. Except it is not the real bank’s web site at -+all, it is a very good copy of it run by thieves who want to -+steal your personal information or credit card details. -+These can be spotted because the real address of the link in -+the message is not the same as the text that appears to be -+the link. Note: This does cause significant extra load, -+particularly on systems receiving lots of spam such as -+secondary MX hosts. This *cannot* be the filename of a -+ruleset, it must be ’yes’ or -+’no’.

-+
-+ -+ -+ -+ -+ -+
-+

Also Find Numeric Phishing

-+ -+ -+ -+ -+ -+
-+

Default: yes

-+ -+

While detecting "Phishing" attacks, do you also -+want to point out links to numeric IP addresses. Genuine -+links to totally numeric IP addresses are very rare, so this -+option is set to "yes" by default. If a numeric IP -+address is found in a link, the same phishing warning -+message is used as in the Find Phishing Fraud option above. -+This value cannot be the name of a ruleset, only a simple -+yes or no.

-+
-+ -+ -+ -+ -+ -+
-+

Use Stricter Phishing Net

-+ -+ -+ -+ -+ -+
-+

Default: yes

-+ -+

If this is set to yes, then most of the URL in a link -+must match the destination address it claims to take you to. -+This is the default as it is a much stronger test and is -+very hard to maliciously avoid. If this is set to no, then -+just the company name and country (and any names between the -+two, dependent on the specific country) must match. This is -+not as strict as it will not protect you against internal -+malicious sites based within the company being abused. For -+example, it would not find -+www.nasty.company−name.co.uk pretending to be -+www.nice.company−name.co.uk. But it will still detect -+most phishing attacks of the type www.nasty.co.jp versus -+www.nice.co.jp. Depending on the country code it knows how -+many levels of domain need to be checked. This can also be -+the filename of a ruleset.

-+
-+ -+ -+ -+ -+ -+
-+

Highlight Phishing Fraud

-+ -+ -+ -+ -+ -+
-+

Default: yes

-+ -+

If a phishing fraud is detected, do you want to highlight -+the tag with a message stating that the link may be to a -+fraudulent web site. This can also be the filename of a -+ruleeset.

-+
-+ -+ -+ -+ -+ -+
-+

Phishing Safe Sites File

-+ -+ -+ -+ -+ -+
-+

Default: %etc−dir%/phishing.safe.sites.conf

-+ -+

There are some companies, such as banks, that insist on -+sending out email messages with links in them that are -+caught by the "Find Phishing Fraud" test described -+above. This is the name of a file which contains a list of -+link destinations which should be ignored in the test. This -+may, for example, contain the known websites of some banks. -+See the file itself for more information. This can only be -+the name of the file containing the list, it *cannot* be the -+filename of a ruleset.

-+
-+ -+ -+ -+ -+ -+
-+

Country Sub−Domains List

-+ -+ -+ -+ -+ -+
-+

Default: %etc−dir%/country.domains.conf

-+
-+ -+ -+ -+ -+ -+
-+

This file lists all the countries that use -+2nd−level and 3rd−level domain names to classify -+distinct types of website within their country. This cannot -+be the name of a ruleset, it is just a simple -+setting.

-+ -+ -+ -+ -+ -+
-+

Allow IFrame Tags

-+ -+ -+ -+ -+ -+
-+

Default: no

-+ -+

Do you want to allow HTML <IFrame> tags in email -+messages? This is not a good idea as it allows various -+Microsoft Outlook security vulnerabilities to go -+unprotected, but if you have a load of mailing lists sending -+them, then you will want to allow them to keep your users -+happy. This can also be the filename of a ruleset, so you -+can allow them from known mailing lists but ban them from -+everywhere else. Possible Values:

-+
-+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+
-+ -+

-+
-+ -+

yes => Allow these tags to be in the message

-+
-+ -+

-+
-+ -+

no => Ban messages containing these tags

-+
-+ -+

-+
-+ -+

disarm => Allow these tags, but stop these tags from -+working

-+
-+ -+ -+ -+ -+ -+
-+

Log IFrame Tags

-+ -+ -+ -+ -+ -+
-+

Default: no

-+ -+ -+ -+ -+ -+
-+

You may receive complaints from your users that HTML -+mailing lists they subscribe to have been stopped by the -+"Allow IFrame Tags" option above. So before you -+use the option above, set this option to "yes" and -+MailScanner will log the senders all messages which contain -+IFrame tags. You can then setup a ruleset for the option -+above which will allow IFrame tags in messages sent by well -+known (and trusted) mailing lists, while banning them from -+everywhere else.

-+
-+ -+ -+ -+ -+ -+
-+

Allow Form Tags

-+ -+ -+ -+ -+ -+
-+

Default: disarm

-+ -+

Do you want to allow <Form> tags in email messages? -+This is a bad idea as these are used as scams to persuade -+people to part with credit card information and other -+personal data. This can also be the filename of a ruleset. -+Possible values:

-+
-+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+
-+ -+

-+
-+ -+

yes => Allow these tags to be in the message

-+
-+ -+

-+
-+ -+

no => Ban messages containing these tags

-+
-+ -+

-+
-+ -+

disarm => Allow these tags, but stop these tags from -+working

-+
-+ -+ -+ -+ -+ -+
-+

Allow Script Tags

-+ -+ -+ -+ -+ -+
-+

Default: no

-+ -+ -+ -+ -+ -+
-+

Do you want to allow <Script> tags in email -+messages? This is a bad idea as these are used to exploit -+vulnerabilities in email applications and web browsers. This -+can also be the filename of a ruleset. Possible -+values:

-+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+
-+ -+

-+
-+ -+

yes => Allow these tags to be in the message

-+
-+ -+

-+
-+ -+

no => Ban messages containing these tags

-+
-+ -+

-+
-+ -+

disarm => Allow these tags, but stop these tags from -+working

-+
-+ -+ -+ -+ -+ -+
-+

Allow WebBugs

-+ -+ -+ -+ -+ -+
-+

Default: disarm

-+ -+ -+ -+ -+ -+
-+

Do you want to allow <Img> tags with very small -+images in email messages? This is a bad idea as these are -+used as ’web bugs’ to find out if a message has -+been read. It is not dangerous, it is just used to make you -+give away information. This can also be the filename of a -+ruleset. Possible values:

-+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+
-+ -+

-+
-+ -+

yes => Allow these tags to be in the message

-+
-+ -+

-+
-+ -+

no => Ban messages containing these tags

-+
-+ -+

-+
-+ -+

disarm => Allow these tags, but stop these tags from -+working

-+
-+ -+ -+ -+ -+ -+
-+

Allow Object Codebase Tags

-+ -+ -+ -+ -+ -+
-+

Default: no

-+ -+ -+ -+ -+ -+
-+

Do you want to allow <Object Codebase=...> tags in -+email messages? This is a bad idea as it leaves you -+unprotected against various Microsoft−specific -+security vulnerabilities. But if your users demand it, you -+can do it. This can also be the filename of a ruleset. -+Possible values:

-+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+
-+ -+

-+
-+ -+

yes => Allow these tags to be in the message

-+
-+ -+

-+
-+ -+

no => Ban messages containing these tags

-+
-+ -+

-+
-+ -+

disarm => Allow these tags, but stop these tags from -+working

-+
-+ -+ -+ -+ -+ -+
-+

Convert Dangerous HTML To Text

-+ -+ -+ -+ -+ -+
-+

Default: no

-+ -+ -+ -+ -+ -+
-+

This option interacts with the "Allow ... Tags" -+options above like this:

-+ -+

Allow...Tags Convert Danger... Action
-+============ ================= -+============================
-+no no Blocked
-+no yes Blocked
-+disarm no Specified HTML tags disarmed
-+disarm yes Specified HTML tags disarmed
-+yes no Nothing
-+yes yes All HTML tags stripped

-+ -+

If an "Allow ... Tags = yes" is triggered by a -+message, and this "Convert Dangerous HTML To Text" -+is set to "yes", then the HTML message will be -+converted to plain text. This makes the HTML harmless, while -+still allowing your users to see the text content of the -+messages. Note that all graphical content will be -+removed.

-+
-+ -+ -+ -+ -+ -+
-+

Convert HTML To Text

-+ -+ -+ -+ -+ -+
-+

Default: no

-+ -+

If you have users who are children, or who are offended -+by things like pornographic spam email, you can protect them -+by converting incoming HTML email messages into plain text. -+HTML attachments will not be affected. You could set this to -+be a ruleset so you only convert messages addressed to some -+of your users, or not convert messages from some known -+trusted sources. This can be essential if you have a -+"duty of care" for some of your users.

-+
-+ -+ -+ -+ -+ -+
-+

Allow Form Tags

-+ -+ -+ -+ -+ -+
-+

Default: no

-+ -+

Do you want to allow <Form> tags in email messages? -+This is a bad idea as these are used as scams to pursuade -+people to part with credit card information and other -+personal data. This can also be the filename of a -+ruleset.

-+
-+ -+

Attachment filename checking

-+ -+ -+ -+ -+ -+
-+

Allow Filenames

-+ -+ -+ -+ -+ -+
-+

Default:

-+ -+

Allow any attachment filenames matching any of the -+patters listed here. If this setting is empty, it is ignored -+and no matches are made. This can also be the filename of a -+ruleset.

-+ -+

To simplify web−based configuration systems, there -+are now two extra settings here. They are both intended for -+use with normal rulesets that you would expect to find in -+%rules−dir%. The first gives a list of patterns to -+match against the attachment filenames, and a filename is -+allowed if it matches any of these patterns. The second -+gives the the equivalent list for patterns that are used to -+deny filenames. If either of these match at all, then -+filename.rules.conf is ignored for that filename. So you can -+easily have a set like this:

-+ -+

Allow Filenames = .txt$ .pdf$
-+Deny Filenames = .com$ .exe$ .cpl$ .pif$

-+ -+

which is a lot simpler than having to handle -+filename.rules.conf! It is far simpler when you want to -+change the allowed+denied list for different -+domains/addresses, as you can use the filename of a simple -+ruleset here instead.

-+
-+ -+ -+ -+ -+ -+
-+

Deny Filenames

-+ -+ -+ -+ -+ -+
-+

Default:

-+ -+

Deny any attachment filenames matching any of the patters -+listed here. If this setting is empty, it is ignored and no -+matches are made. This can also be the filename of a -+ruleset.

-+
-+ -+ -+ -+ -+ -+
-+

Filename Rules

-+ -+ -+ -+ -+ -+
-+

Default: %etc−dir%/filename.rules.conf

-+ -+

File in which to store the attachment filename ruleset. -+This can be a ruleset allowing different filename rules to -+apply to different users or domains. The syntax of this file -+is described in section "Attachment Filename -+Ruleset".

-+
-+ -+ -+ -+ -+ -+
-+

Allow Filetypes

-+ -+ -+ -+ -+ -+
-+

Default:

-+ -+

Allow any attachment filetypes matching any of the -+patters listed here. If this setting is empty, it is ignored -+and no matches are made. This can also be the filetype of a -+ruleset.

-+ -+

To simplify web−based configuration systems, there -+are now two extra settings here. They are both intended for -+use with normal rulesets that you would expect to find in -+%rules−dir%. The first gives a list of patterns to -+match against the attachment filetypes, and a filetype is -+allowed if it matches any of these patterns. The second -+gives the the equivalent list for patterns that are used to -+deny filetypes. If either of these match at all, then -+filetype.rules.conf is ignored for that filetype. So you can -+easily have a set like this:

-+ -+

Allow Filetypes = .txt$ .pdf$
-+Deny Filetypes = .com$ .exe$ .cpl$ .pif$

-+ -+

which is a lot simpler than having to handle -+filetype.rules.conf! It is far simpler when you want to -+change the allowed+denied list for different -+domains/addresses, as you can use the filetype of a simple -+ruleset here instead.

-+
-+ -+ -+ -+ -+ -+
-+

Deny Filetypes

-+ -+ -+ -+ -+ -+
-+

Default:

-+ -+

Deny any attachment filetypes matching any of the patters -+listed here. If this setting is empty, it is ignored and no -+matches are made. This can also be the filetype of a -+ruleset.

-+
-+ -+ -+ -+ -+ -+
-+

Filetype Rules

-+ -+ -+ -+ -+ -+
-+

Default: %etc−dir%/filetype.rules.conf

-+ -+

Set where to find the attachment filetype ruleset. The -+structure of this file is explained elsewhere, but it is -+used to accept or reject file attachments based on their -+content as determined by the "file" command, -+regardless of whether they are infected or not. This can -+also point to a ruleset, but the ruleset filename must end -+in ".rules" so that MailScanner can determine if -+the filename given a ruleset or not!

-+
-+ -+

Reports and responses

-+ -+ -+ -+ -+ -+
-+

Quarantine Infections

-+ -+ -+ -+ -+ -+
-+

Default: yes

-+ -+

Set this to store infected / dangerous attachments in -+directories created under the quarantine directory. Without -+this, they will be deleted. Due to laws on privacy and data -+protection in your country, you may be forced to set this to -+"no".

-+
-+ -+ -+ -+ -+ -+
-+

Quarantine Silent Viruses

-+ -+ -+ -+ -+ -+
-+

Default: yes

-+ -+

There is no point quarantining most viruses these days, -+so if you set this to "no" then no infections -+listed in your "Silent Viruses" setting will be -+quarantined, even if you have chosen to quarantine -+infections in general. This is currently set to -+"yes" so the behaviour is the same as it was in in -+previous versions. This can also be the filename of a -+ruleset.

-+
-+ -+ -+ -+ -+ -+
-+

Quarantine Modified Body

-+ -+ -+ -+ -+ -+
-+

Default: no

-+ -+

Do you want to store copies of messages which have been -+disarmed by having their HTML modified at all? This can also -+be the filename of a ruleset.

-+
-+ -+ -+ -+ -+ -+
-+

Quarantine Whole Message

-+ -+ -+ -+ -+ -+
-+

Default: no

-+ -+

When an infected message is stored in the quarantine, a -+copy of the entire message will be saved, in addition to -+copies of the infected attachments.

-+
-+ -+ -+ -+ -+ -+
-+

Quarantine Whole Messages As Queue Files

-+ -+ -+ -+ -+ -+
-+

Default: no

-+ -+

When an entire message is saved in the quarantine for any -+reason, do you want to save it as the raw data files out of -+the mail queue (which can be processed with the df2mbox -+script, and which is easier to send to its original -+recipients), or do you want a conventional message file -+consisting of the header followed by the body of the -+message. If the previous option is switched off, then this -+will only affect archived mail and quarantined spam. If the -+previous option is on, then this also affects quarantined -+infections.

-+
-+ -+ -+ -+ -+ -+
-+

Keep Spam And MCP Archive Clean

-+ -+ -+ -+ -+ -+
-+

Default: no

-+ -+

Do you want to stop any virus−infected spam getting -+into the spam or MCP archives? If you have a system where -+users can release messages from the spam or MCP archives, -+then you probably want to stop them being able to release -+any infected messages, so set this to yes. It is set to no -+by default as it causes a small hit in performance, and many -+people don’t allow users to access the spam -+quarantine, so don’t need it. This can also be the -+filename of a ruleset.

-+
-+ -+ -+ -+ -+ -+
-+

Language Strings

-+ -+ -+ -+ -+ -+
-+

Default: %reports−dir%/languages.conf

-+ -+

Set where to find all the strings used so they can be -+translated into your local language. This can also be the -+filename of a ruleset so you can produce different languages -+for different messages.

-+
-+ -+ -+ -+ -+ -+
-+

Rejection Report

-+ -+ -+ -+ -+ -+
-+

Default: %reports−dir%/rejection.report.txt

-+ -+

Set where to find the message text sent to users who -+triggered the ruleset you are using with the "Reject -+Message" option.

-+
-+ -+ -+ -+ -+ -+
-+

Deleted Bad Filename Message Report

-+ -+ -+ -+ -+ -+
-+

Default: -+%reports−dir%/deleted.filename.message.txt

-+ -+

When an attachment is deleted from a message because the -+filename failed the filename rules in force for the message, -+it is replaced by the contents of this file. A few variable -+substitutions can be made in this file, an example of each -+of which is contained in the supplied sample file.

-+
-+ -+ -+ -+ -+ -+
-+

Deleted Virus Message Report

-+ -+ -+ -+ -+ -+
-+

Default: -+%reports−dir%/deleted.virus.message.txt

-+ -+

When an attachment is deleted from a message because the -+attachment contained a virus or other dangerous content, it -+is replaced by the contents of this file. A few variable -+substitutions can be made in this file, an example of each -+of which is contained in the supplied sample file.

-+
-+ -+ -+ -+ -+ -+
-+

Stored Bad Filename Message Report

-+ -+ -+ -+ -+ -+
-+

Default: -+%reports−dir%/stored.filename.message.txt

-+ -+

When an attachment is deleted and stored from a message -+(and the attachment has been stored in the quarantine) -+because the filename failed the filename rules in force for -+the message, it is replaced by the contents of this file. A -+few variable substitutions can be made in this file, an -+example of each of which is contained in the supplied sample -+file.

-+
-+ -+ -+ -+ -+ -+
-+

Deleted Bad Content Message Report

-+ -+ -+ -+ -+ -+
-+

Default: -+/%reports−dir%/deleted.content.message.txt

-+ -+

This report is sent when a message is deleted because it -+contained bad or dangerous content. A few variable -+substitutions can be made in this file, an example of each -+of which is contained in the supplied sample file.

-+
-+ -+ -+ -+ -+ -+
-+

Stored Bad Content Message Report

-+ -+ -+ -+ -+ -+
-+

Default: -+%reports−dir%/stored.content.message.txt

-+ -+

This report is sent when a message is stored because it -+contained bad or dangerous content. A few variable -+substitutions can be made in this file, an example of each -+of which is contained in the supplied sample file.

-+
-+ -+ -+ -+ -+ -+
-+

Disinfected Report

-+ -+ -+ -+ -+ -+
-+

Default: %reports−dir%/disinfected.report.txt

-+ -+

When, for example, a Microsoft Word macro virus has been -+safely removed from a document, leaving the original -+document intact, it is delivered on to the original -+recipient. The contents of this text file will be put in the -+body of the new message, explaining to the user what has -+happened.

-+
-+ -+ -+ -+ -+ -+
-+

Inline HTML Signature

-+ -+ -+ -+ -+ -+
-+

Default: %reports−dir%/inline.sig.html

-+ -+

If the "Sign Clean Messages" option is set, -+then the contents of this file will be appended to the end -+of the body of every message that is scanned by MailScanner. -+You can use this to inform your users that MailScanner has -+scanned it, and you can also add any disclaimers you feel -+should be on mail travelling through your servers. This -+option corresponds to the contents that is appended to HTML -+messages.

-+
-+ -+ -+ -+ -+ -+
-+

Inline Text Signature

-+ -+ -+ -+ -+ -+
-+

Default: %reports−dir%/inline.sig.txt

-+ -+

If the "Sign Clean Messages" option is set, -+then the contents of this file will be appended to the end -+of the body of every message that is scanned by MailScanner. -+You can use this to inform your users that MailScanner has -+scanned it, and you can also add any disclaimers you feel -+should be on mail travelling through your servers. This -+option corresponds to the contents that is appended to text -+messages.

-+
-+ -+ -+ -+ -+ -+
-+

Sender Error Report

-+ -+ -+ -+ -+ -+
-+

Default: %reports−dir%/sender.error.report.txt

-+ -+

When a message could not be processed completely for some -+reason, such as bad message structure or unreadable -+winmail.dat TNEF attachments, this message is sent back to -+the sender. Read the example file supplied for a -+demonstration of what variables can be used inside the -+file.

-+
-+ -+ -+ -+ -+ -+
-+

Sender Bad Filename Report

-+ -+ -+ -+ -+ -+
-+

Default: -+%reports−dir%/sender.filename.report.txt

-+ -+

When an attachment is trapped by the filename rules, this -+message is sent back to the sender.

-+
-+ -+ -+ -+ -+ -+
-+

Sender Virus Report

-+ -+ -+ -+ -+ -+
-+

Default: %reports−dir%/sender.virus.report.txt

-+ -+

When an attachment is removed because of a virus, this -+message is sent back to the sender.

-+
-+ -+ -+ -+ -+ -+
-+

Hide Incoming Work Dir

-+ -+ -+ -+ -+ -+
-+

Default: yes

-+ -+

When this option is set, the full directory in which the -+virus was found will be removed from report messages sent to -+users. This makes the infection reports a lot easier to -+understand.

-+
-+ -+ -+ -+ -+ -+
-+

Include Scanner Name in Reports

-+ -+ -+ -+ -+ -+
-+

Default: yes

-+ -+

Include the name of the virus scanner in each of the -+scanner reports. This also includes the translation of -+"MailScanner" in each of the report lines -+resulting from one of MailScanner’s own checks such as -+filename, filetype or dangerous HTML content. To change the -+name "MailScanner", look in -+reports/...../languages.conf.
-+Very useful if you use several virus scanners, but a bad -+idea if you don’t want to let your customers know -+which scanners you use.

-+
-+ -+

Changes to message headers

-+ -+ -+ -+ -+ -+
-+

Mail Header

-+ -+ -+ -+ -+ -+
-+

Default: X−MailScanner:

-+ -+

Extra header that should be added to all scanned messages -+to show they have been scanned. You might want to add an -+abbreviation of your site name to this, so that you can find -+headers that are added by your MailScanner server.

-+
-+ -+ -+ -+ -+ -+
-+

Spam Header

-+ -+ -+ -+ -+ -+
-+

Default: X−MailScanner−SpamCheck:

-+ -+

Name of the header to add to mail detected as spam. The -+text of the header is a list of the causes that think the -+message is spam.

-+
-+ -+ -+ -+ -+ -+
-+

Spam Score Header

-+ -+ -+ -+ -+ -+
-+

Default: X−MailScanner−SpamScore:

-+ -+

If the option "Spam Score" is set, this is the -+name of the header that is used to contain the list of -+characters.

-+
-+ -+ -+ -+ -+ -+
-+

Information Header

-+ -+ -+ -+ -+ -+
-+

Default: X−MailScanner−Information:

-+ -+

Name of the header to add to all messages, to be used for -+simply providing a URL or contact information for anyone -+receiving mail that has gone through MailScanner. If you do -+not want this header, simply set it blank.

-+
-+ -+ -+ -+ -+ -+
-+

Add Envelope From Header

-+ -+ -+ -+ -+ -+
-+

Default: yes

-+ -+

Do you want to add the Envelope−From: header? This -+is very useful for tracking where spam came from as it -+contains the envelope sender address. This can also be the -+filename of a ruleset.

-+
-+ -+ -+ -+ -+ -+
-+

Add Envelope To Header

-+ -+ -+ -+ -+ -+
-+

Default: no

-+ -+

Do you want to add the Envelope−To: header? This -+can be useful for tracking span destinations, but should be -+used with care due to possible privacy concerns with the use -+of Bcc: headers by users. This can also be the filename of a -+ruleset.

-+
-+ -+ -+ -+ -+ -+
-+

Evelope From Header

-+ -+ -+ -+ -+ -+
-+

Default: -+X−%org−name%−MailScanner−From:

-+ -+

This is the name of the Envelope From header controlled -+by the option above. This can also be the filename of a -+ruleset.

-+
-+ -+ -+ -+ -+ -+
-+

Evelope To Header

-+ -+ -+ -+ -+ -+
-+

Default: -+X−%org−name%−MailScanner−To:

-+ -+

This is the name of the Envelope To header controlled by -+the option above. This can also be the filename of a -+ruleset.

-+
-+ -+ -+ -+ -+ -+
-+

Detailed Spam Report

-+ -+ -+ -+ -+ -+
-+

Default: yes

-+ -+

If this is set to yes then you get the normal fully -+detailed spam report in spam messages. If this is set to no -+then you simply get a "spam" or "not -+spam" report. The exact text inserted can be configured -+in the languages.conf file for your language.

-+
-+ -+ -+ -+ -+ -+
-+

Include Scores In SpamAssassin Report

-+ -+ -+ -+ -+ -+
-+

Default: yes

-+ -+

Do you want to include the numerical scores in the -+detailed SpamAssassin report, or just list the names of the -+scores?

-+
-+ -+ -+ -+ -+ -+
-+

Spam Score Character

-+ -+ -+ -+ -+ -+
-+

Default: s

-+ -+

If the option "Spam Score" is set, this is the -+character that will be repeated in the "Spam Score -+Header", one letter for each point in the SpamAssassin -+score.

-+
-+ -+ -+ -+ -+ -+
-+

SpamScore Number Instead Of Stars

-+ -+ -+ -+ -+ -+
-+

Default: no

-+ -+

If this option is set to yes, you will get a -+spam−score header saying just the value of the spam -+score, instead of the row of characters representing the -+score. This can also be the filename of a ruleset.

-+
-+ -+ -+ -+ -+ -+
-+

Minimum Stars If on Spam List

-+ -+ -+ -+ -+ -+
-+

Default: 0

-+ -+

This sets the minimum number of "Spam Score -+Characters" which will appear if a message triggered -+the "Spam List" setting but received a very low -+SpamAssassin score. This means that people who only filter -+on the "Spam Stars" will still be able to catch -+messages which receive a very low SpamAssassin score. Set -+this value to 0 to disable it. This can also be the filename -+of a ruleset.

-+
-+ -+ -+ -+ -+ -+
-+

Clean header Value

-+ -+ -+ -+ -+ -+
-+

Default: Found to be clean

-+ -+

This is the text that is added to the "Mail -+Header" when a message is found to be clean and free of -+viruses and other dangerous content.

-+
-+ -+ -+ -+ -+ -+
-+

Infected Header Value

-+ -+ -+ -+ -+ -+
-+

Default: Found to be infected

-+ -+

This is the text that is added to the "Mail -+Header" when a message is found to be infected with a -+virus or other dangerous content.

-+
-+ -+ -+ -+ -+ -+
-+

Disinfected Header Value

-+ -+ -+ -+ -+ -+
-+

Default: Disinfected

-+ -+

This is the text that is added to the "Mail -+Header" of a message that is created by MailScanner to -+contain disinfected documents containing macro viruses that -+could be completely removed, leaving the original document -+intact.

-+
-+ -+ -+ -+ -+ -+
-+

Information Header Value

-+ -+ -+ -+ -+ -+
-+

Default: Please contact the ISP for more information

-+ -+

This is the text that is added to the "Information -+Header" of a message that has passed through -+MailScanner at all. It could be used to provide a URL or -+contact address for recipients if they have any queries -+about the messages they have received. If the setting -+"Information Header" is blank, this message will -+not be added to the Mail Header.

-+
-+ -+ -+ -+ -+ -+
-+

Multiple Headers

-+ -+ -+ -+ -+ -+
-+

Default: append

-+ -+

When a message passes through more than one MailScanner -+server on your site, they will each try to add their own -+headers. This option controls what should happen when trying -+to add a MailScanner header that already exists in the -+message. Valid options are append (append the new data to -+the existing header), add (add a new header) and replace -+(replace the old data with the new data).

-+
-+ -+ -+ -+ -+ -+
-+

Hostname

-+ -+ -+ -+ -+ -+
-+

Default: the MailScanner

-+ -+

This is the name of the MailScanner server that is put in -+messages to users. If you have more than one MailScanner -+server on your site, you will want to change this on each -+server so that you can tell them apart.

-+
-+ -+ -+ -+ -+ -+
-+

Sign Messages Already Processed

-+ -+ -+ -+ -+ -+
-+

Default: no

-+ -+

If a message has already been processed by another -+MailScanner server on your site, then the "Inline -+HTML/Text Signature" is not added to the message again -+if this option is set. Without it, you will get one -+signature added for every MailScanner server that processes -+the message.

-+
-+ -+ -+ -+ -+ -+
-+

Sign Clean Messages

-+ -+ -+ -+ -+ -+
-+

Default: no

-+ -+

If this option is set, then the "Inline HTML/Text -+Signature" will be added to the end of every clean -+message processed by MailScanner. You can use this to inform -+the recipient that the message has been checked, and also to -+add any legal disclaimer or copyright statement you want to -+add to every message. Using a ruleset for this option, you -+could very simply set it so that only messages leaving your -+site are signed, for example.

-+
-+ -+ -+ -+ -+ -+
-+

Mark Infected Messages

-+ -+ -+ -+ -+ -+
-+

Default: yes

-+ -+

If this option is set, then the "Inline HTML/Text -+Warning" is added to the start of every message that is -+found to be infected or has had attachments removed for any -+reason. This can be used to guide the recipients to read the -+infection reports contained in the replacement -+attachments.

-+
-+ -+ -+ -+ -+ -+
-+

Mark Unscanned Messages

-+ -+ -+ -+ -+ -+
-+

Default: yes

-+ -+

If this option is set, then any message which is not -+scanned by MailScanner gets the "Mail Header" -+added to it with the string contained in the "Unscanned -+Header Value" option. This can be used to advertise -+your MailScanner service to customers/clients who are -+currently not using it.

-+
-+ -+ -+ -+ -+ -+
-+

Unscanned Header Value

-+ -+ -+ -+ -+ -+
-+

Default: Not scanned: please contact your Internet -+E−Mail Service Provider for details

-+ -+

This supplies the text that is placed in the "Mail -+Header" of messages that have not been scanned, if the -+option "Mark Unscanned Messages" is set. It is a -+useful place to advertise your MailScanner service to new -+customers/clients.

-+
-+ -+ -+ -+ -+ -+
-+

Remove These Headers

-+ -+ -+ -+ -+ -+
-+

Default:

-+ -+

If any of these headers are included in a a message, they -+will be deleted. This is very useful for removing -+return−receipt requests and any headers which mean -+special things to your email client application, such as # -+X−Mozilla−Status. Each header should end in a -+":", but MailScanner will add it if you forget. -+Headers should be separated by commas or spaces. This can -+also be the filename of a ruleset.

-+
-+ -+ -+ -+ -+ -+
-+

Deliver Cleaned Messages

-+ -+ -+ -+ -+ -+
-+

Default: yes

-+ -+

Once a message has had all viruses and dangerous content -+removed from it, it will then be delivered to the original -+recipients if this option is set. If you want the behaviour -+from previous versions of MailScanner that had the -+"Deliver From Local Domains" keyword, then you -+should set this to be a ruleset that only returns -+"yes" for messages destined for inside your site, -+and "no" for messages going out of your site.

-+
-+ -+

Notifications back to the senders of blocked messages

-+ -+ -+ -+ -+ -+
-+

Notifiy Senders

-+ -+ -+ -+ -+ -+
-+

Default: yes

-+ -+

Do you want to notify the people who sent you messages -+containing viruses or badly−named filenames? The -+default value has been changed to "no" as most -+viruses now fake sender addresses and therefore should be on -+the "Silent Viruses" list. This can also be the -+filename of a ruleset.

-+
-+ -+ -+ -+ -+ -+
-+

Notify Senders Of Blocked Filenames Or -+Filetypes

-+ -+ -+ -+ -+ -+
-+

Default: yes

-+ -+

*If* "Notify Senders" is set to yes, do you -+want to notify people who sent you messages containing -+attachments that are blocked due to their filename or file -+contents? This can also be the filename of a ruleset.

-+
-+ -+ -+ -+ -+ -+
-+

Notify Senders Of Other Blocked Content

-+ -+ -+ -+ -+ -+
-+

Default: yes

-+ -+

*If* "Notify Senders" is set to yes, do you -+want to notify people who sent you messages containing other -+blocked content, such as partial messages or messages with -+external bodies? This can also be the filename of a -+ruleset.

-+
-+ -+ -+ -+ -+ -+
-+

Notify Senders Of Viruses

-+ -+ -+ -+ -+ -+
-+

Default: no

-+ -+

*If* "Notify Senders" is set to yes, do you -+want to notify people who sent you messages containing -+viruses? This can also be the filename of a ruleset.

-+
-+ -+ -+ -+ -+ -+
-+

Never Notify Senders Of Precedence

-+ -+ -+ -+ -+ -+
-+

Default: list bulk

-+ -+

If you supply a space−separated list of message -+"precedence" settings, then senders of those -+messages will not be warned about anything you rejected. -+This is particularly suitable for mailing lists, so that any -+MailScanner responses do not get sent to the entire -+list.

-+
-+ -+

Changes to subject line

-+ -+ -+ -+ -+ -+
-+

Scanned Modify Subject

-+ -+ -+ -+ -+ -+
-+

Default: no # end

-+ -+

If this is set to "start" or "end" -+then the "Scanned Subject Text" is inserted at the -+start or the end of the Subject: line. This only happens if -+the Subject: line has not already been modified for any -+other reason.

-+
-+ -+ -+ -+ -+ -+
-+

Scanned Subject Text

-+ -+ -+ -+ -+ -+
-+

Default: {Scanned}

-+ -+

This is the text inserted at the start or the end of the -+Subject: line if the "Scanned Modify Subject" -+option above is in effect.

-+
-+ -+ -+ -+ -+ -+
-+

Virus Modify Subject

-+ -+ -+ -+ -+ -+
-+

Default: yes

-+ -+

If this is set, then the "Subject:" line of a -+message that was infected with a virus will have the -+"Virus Subject Text" text inserted at the -+start.

-+
-+ -+ -+ -+ -+ -+
-+

Virus Subject Text

-+ -+ -+ -+ -+ -+
-+

Default: {Virus?}

-+ -+

This is the text inserted at the start of the -+"Subject:" line if the "Virus Modify -+Subject" option is set.

-+
-+ -+ -+ -+ -+ -+
-+

Filename Modify Subject

-+ -+ -+ -+ -+ -+
-+

Default: yes

-+ -+

If this is set, then the "Subject:" line of a -+message that had an attachment with a dangerous filename -+will have the "Filename Subject Text" text -+inserted at the start.

-+
-+ -+ -+ -+ -+ -+
-+

Filename Subject Text

-+ -+ -+ -+ -+ -+
-+

Default: {Virus?}

-+ -+

This is the text inserted at the start of the -+"Subject:" line if the "Filename Modify -+Subject" option is set.

-+
-+ -+ -+ -+ -+ -+
-+

Content Modify Subject

-+ -+ -+ -+ -+ -+
-+

Default: yes

-+ -+

If this is set, then the "Subject:" line of a -+message that triggered a content check without anything else -+wrong in the message will have the "Content Subject -+Text" text inserted at the start.

-+
-+ -+ -+ -+ -+ -+
-+

Content Subject Text

-+ -+ -+ -+ -+ -+
-+

Default: {Filename?}

-+ -+

This is the text inserted at the start of the -+"Subject:" line if the "Content Modify -+Subject" option is set.

-+
-+ -+ -+ -+ -+ -+
-+

Disarmed Modify Subject

-+ -+ -+ -+ -+ -+
-+

Default: yes

-+ -+

If HTML tags in the message were "disarmed" by -+using the HTML "Allow" options above with the -+"disarm" settings, do you want to modify the -+subject line? This can also be the filename of a -+ruleset.

-+
-+ -+ -+ -+ -+ -+
-+

Disarmed Subject Text

-+ -+ -+ -+ -+ -+
-+

Default: {Disarmed}

-+ -+

This is the text to add to the start of the subject if -+the "Disarmed Modify Subject" option is set. This -+can also be the filename of a ruleset.

-+
-+ -+ -+ -+ -+ -+
-+

Spam Modify Subject

-+ -+ -+ -+ -+ -+
-+

Default: yes

-+ -+

If this is set, then the "Subject:" line of a -+message that was determined to be spam will have the -+"Spam Subject Text" text inserted at the -+start.

-+
-+ -+ -+ -+ -+ -+
-+

Spam Subject Text

-+ -+ -+ -+ -+ -+
-+

Default: {Spam?}

-+ -+

This is the text to add to the start of the subject if -+the "Spam Modify Subject" option is set. The exact -+string "_SCORE_" will be replaced by the numeric -+SpamAssassin score. This can also be the filename of a -+ruleset.

-+
-+ -+ -+ -+ -+ -+
-+

High Scroing Spam Modify Subject

-+ -+ -+ -+ -+ -+
-+

Default: yes

-+ -+

If this is set, then the "Subject:" line of a -+message that was determined to be spam, and had a -+SpamAssassin score greater than the "High SpamAssassin -+Score" will have the "High Scoring Spam Subject -+Text" text inserted at the start.

-+
-+ -+ -+ -+ -+ -+
-+

High Scoring Spam Subject Text

-+ -+ -+ -+ -+ -+
-+

Default: {Spam?}

-+ -+

This is just like the "Spam Subject Text" -+option above, except that it applies then the score from -+SpamAssassin is higher than the "High SpamAssassin -+Score" value. The exact string "_SCORE_" will -+be replaced by the numeric SpamAssassin score. This can also -+be the filename of a ruleset.

-+
-+ -+

Changes to the message body

-+ -+ -+ -+ -+ -+
-+

Warning Is Attachment

-+ -+ -+ -+ -+ -+
-+

Default: yes

-+ -+

When an infected or dangerous attachment is replaced with -+a text message containing the infection report, should the -+replacement be an attachment (yes) or should it be included -+inline in the main text of the message (no).

-+
-+ -+ -+ -+ -+ -+
-+

Attachment Warning Filename

-+ -+ -+ -+ -+ -+
-+

Default: -+%org−name%−Attachment−Warning.txt

-+ -+

What an infected or dangerous attachment is replaced with -+a text message containing the infection report, this is the -+filename of the attachment that appears in the message.

-+
-+ -+ -+ -+ -+ -+
-+

Attachment Encoding Charset

-+ -+ -+ -+ -+ -+
-+

Default: ISO−8859−1

-+ -+

This is the name of the encoding character set used for -+the contents of "VirusWarning.txt" -+attachments.

-+
-+ -+

Mail archiving and monitoring

-+ -+ -+ -+ -+ -+
-+

Archive Mail

-+ -+ -+ -+ -+ -+
-+

Default:

-+ -+

Space−separated list of any combination of

-+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+
-+ -+

1. email addresses to which mail should be -+forwarded,

-+
-+ -+

2. directory names where you want mail to be stored,

-+
-+ -+

3. file names to which mail will be appended.

-+
-+ -+ -+ -+ -+ -+
-+

The files (option 3) are using the "mbox" -+format suitable for most Unix mail systems. These files must -+already exist since MailScanner will not create them!

-+ -+

If you give this option a ruleset, you can control -+exactly whose mail is archived or forwarded. If you do this, -+beware of the legal implications as this could be deemed to -+be illegal interception unless the police have asked you to -+do this.

-+ -+

Any of the items above can contain the magic string -+_DATE_ in them which will be replaced with the current date -+in yyyymmdd format. This will make archive−rolling and -+maintenance much easier, as you can guarantee that -+yesterday’s mail archive will not be in active use -+today.

-+
-+ -+

Notices to system administrators

-+ -+ -+ -+ -+ -+
-+

Send Notices

-+ -+ -+ -+ -+ -+
-+

Default: yes

-+ -+

Should system administrators listed in the "Notices -+To" option be notified of every infection found?

-+
-+ -+ -+ -+ -+ -+
-+

Notices Include Full Headers

-+ -+ -+ -+ -+ -+
-+

Default: no

-+ -+

If this option is set, then the system administrator -+notices will include the full headers of every infected -+message. If this option is set to "no" then only a -+restricted set of headers is included in the notices.

-+
-+ -+ -+ -+ -+ -+
-+

Hide Incoming Work Dir in Notices

-+ -+ -+ -+ -+ -+
-+

Default: no

-+ -+

When this option is set, the full directory in which the -+virus was found will be removed from report messages sent to -+administrators. This makes the infection reports a lot -+easier to understand. It is also very useful if your notices -+go to your customer sites.

-+
-+ -+ -+ -+ -+ -+
-+

Notice Signature

-+ -+ -+ -+ -+ -+
-+

Default: −− \nMailScanner\nEmail Virus -+Scanner\nwww.mailscanner.info

-+ -+

This string is added to the bottom of all system -+administrator notices, and is intended to be the signature -+of your MailScanner system. To insert -+"line−breaks" or "newline" -+characters, use the sequence 0

-+
-+ -+ -+ -+ -+ -+
-+

Notices From

-+ -+ -+ -+ -+ -+
-+

Default: MailScanner

-+ -+

The visible part of the email address used in the -+"From:" line of the notices. The -+<user@domain> part of the email address is set to the -+"Local Postmaster" setting.

-+
-+ -+ -+ -+ -+ -+
-+

Notices To

-+ -+ -+ -+ -+ -+
-+

Default: postmaster

-+ -+

This option provides a list of the addresses to which -+virus notices should be sent. You may want to set this to be -+a ruleset, providing different notification addresses for -+different domains that you administer.

-+
-+ -+ -+ -+ -+ -+
-+

Local Postmaster

-+ -+ -+ -+ -+ -+
-+

Default: postmaster

-+ -+

When virus warnings are sent to any users, this is the -+email address used as the "From:" header in the -+messages.

-+
-+ -+

Definitions of virus scanners and spam detectors

-+ -+ -+ -+ -+ -+
-+

Spam List Definitions

-+ -+ -+ -+ -+ -+
-+

Default: %etc−dir%/spam.lists.conf

-+ -+

This file contains all the definitions of the "Spam -+Lists" (also known as RBL’s or DNSBL’s) -+which can be used to try to detect spam based on where each -+message came from. Many more spam lists can be added to this -+file, but it contains the most popular ones to get you -+started.

-+
-+ -+ -+ -+ -+ -+
-+

Virus Scanner Definitions

-+ -+ -+ -+ -+ -+
-+

Default: %etc−dir%/virus.scanners.conf

-+ -+

This file contains the locations of all the commands that -+are run for each virus scanner. Check this file before -+starting MailScanner to make sure it will run the correct -+command or wrapper script.

-+
-+ -+

Spam detection and spam lists (DNS blocklists)

-+ -+ -+ -+ -+ -+
-+

Spam Checks

-+ -+ -+ -+ -+ -+
-+

Default: yes

-+ -+

If this option is set, messages will be checked to see if -+they are spam.

-+
-+ -+ -+ -+ -+ -+
-+

Spam List

-+ -+ -+ -+ -+ -+
-+

Default: ORDB−RBL Infinite−Monkeys

-+ -+

This provides a space−separated list of "Spam -+Lists" (or RBL’s or DNSBL’s) which are -+checked for each message. These lists are based on the -+numeric IP address of the server that sent the message to -+your MailScanner server. Every list used here must be -+defined in the "Spam List Definitions" file -+mentioned above.

-+
-+ -+ -+ -+ -+ -+
-+

Spam Domain List

-+ -+ -+ -+ -+ -+
-+

Default:

-+ -+

This provides a space−separated list of "Spam -+Lists" (or RBL’s or DNSBL’s) which are -+checked for each message. These lists are based on the -+domain name of the sender address of each message. Every -+list used here must be defined in the "Spam List -+Definitions" file mentioned above.

-+
-+ -+ -+ -+ -+ -+
-+

Spam Lists To Be Spam

-+ -+ -+ -+ -+ -+
-+

Default: 1

-+ -+

If a message appears in at least this number of -+"Spam Lists" (as defined above), then the message -+will be treated as spam and so the "Spam Actions" -+will happen, unless the message reaches the levels for -+"High Scoring Spam". By default this is set to 1 -+to mimic the previous behaviour, which means that appearing -+in any "Spam Lists" will cause the message to be -+treated as spam. This can also be the filename of a -+ruleset.

-+
-+ -+ -+ -+ -+ -+
-+

Spam Lists To Reach High Score

-+ -+ -+ -+ -+ -+
-+

Default: 5

-+ -+

If a message appears in at least this number of -+"Spam Lists" (as defined above), then the message -+will be treated as "High Scoring Spam" and so the -+"High Scoring Spam Actions" will happen. You -+probably want to set this to 2 if you are actually using -+this feature. 5 is high enough that it will never happen -+unless you use lots of "Spam Lists". This can also -+be the filename of a ruleset.

-+
-+ -+ -+ -+ -+ -+
-+

Spam List Timeout

-+ -+ -+ -+ -+ -+
-+

Default: 10

-+ -+

This is the number of seconds to wait for each "Spam -+List" lookup to complete. If the lookup takes longer -+than this, it is killed and ignored.

-+
-+ -+ -+ -+ -+ -+
-+

Max Spam List Timeouts

-+ -+ -+ -+ -+ -+
-+

Default: 7

-+ -+

If a "Spam List" lookup times out for this many -+consecutive checks without ever succeeding, then the -+particular "Spam List" entry will not be used any -+more, as it appears to be unreachable. When MailScanner -+restarts itself after a few hours, MailScanner will try to -+use the entry again, in case service has resumed -+properly.

-+
-+ -+ -+ -+ -+ -+
-+

Spam List Timeouts History

-+ -+ -+ -+ -+ -+
-+

Default: 10

-+ -+

The total number of Spam List attempts during which -+"Max Spam List Timeouts" will cause the spam list -+fo be marked as "unavailable". See the previous -+comment for more information. The default values of 5 and 10 -+mean that 5 timeouts in any sequence of 10 attempts will -+cause the list to be marked as "unavailable" until -+the next periodic restart (see "Restart -+Every").

-+
-+ -+ -+ -+ -+ -+
-+

Is Definitely Not Spam

-+ -+ -+ -+ -+ -+
-+

Default: %rules−dir%/spam.whitelist.rules

-+ -+

This option would normally be a ruleset. Any messages for -+which the ruleset result is "yes" will never be -+marked as spam. This is used to create a spam -+"whitelist" of addresses which are never spam. You -+will probably want to include your own site (or your own -+site’s IP addresses) in this ruleset.

-+
-+ -+ -+ -+ -+ -+
-+

Is Definitely Spam

-+ -+ -+ -+ -+ -+
-+

Default: no

-+ -+

This option would normally be a ruleset. Any messages for -+which the ruleset result is "yes" will always be -+marked as spam. This is used to create a spam -+"blacklist" of addresses of known spammers.

-+
-+ -+ -+ -+ -+ -+
-+

Definite Spam Is High Scoring

-+ -+ -+ -+ -+ -+
-+

Default: no

-+ -+

Setting this to yes means that spam found in the -+blacklist is treated as "High Scoring Spam" in the -+"Spam Actions" section below. Setting it to no -+means that it will be treated as "normal" spam. -+This can also be the filename of a ruleset.

-+
-+ -+ -+ -+ -+ -+
-+

Ignore Spam Whitelist If Recipients -+Exceed

-+ -+ -+ -+ -+ -+
-+

Default: 20

-+ -+

Spammers have learnt that they can get their message -+through by sending a message with lots of recipients, one of -+which chooses to whitelist everything coming to them, -+including the spammer. So if a message arrives with more -+than this number of recipients, ignore the "Is -+Definitely Not Spam" whitelist.

-+
-+ -+

SpamAssassin

-+ -+ -+ -+ -+ -+
-+

Use SpamAssassin

-+ -+ -+ -+ -+ -+
-+

Default: yes

-+ -+

Do you want to detect spam using the very good -+SpamAssassin package? You must have installed SpamAssassin -+before using this option, otherwise MailScanner will not -+start properly.
-+NOTE for FreeBSD port user: The SpamAssassin port is not -+automatically installed with the MailScanner port. You can -+find it at -+/usr/ports/mail/p5−Mail−SpamAssassin.

-+
-+ -+ -+ -+ -+ -+
-+

Max SpamAssassin Size

-+ -+ -+ -+ -+ -+
-+

Default: 90000

-+ -+

SpamAssassin is quite slow when processing very large -+messages. To work round this problem, this option provides a -+maximum size for messages that are processed with -+SpamAssassin. Most real spam is usually less than about -+50,000 bytes per message.

-+
-+ -+ -+ -+ -+ -+
-+

Required Spam Assassin Score

-+ -+ -+ -+ -+ -+
-+

Default: 6

-+ -+

This gives the minimum SpamAssassin score value above -+which messages are spam. This replaces SpamAssassin’s -+own "required_hits" value, so that it can be a -+ruleset and set to different values for different -+users/domains.

-+
-+ -+ -+ -+ -+ -+
-+

High SpamAssassin Score

-+ -+ -+ -+ -+ -+
-+

Default: 20

-+ -+

Messages with a SpamAssassin score greater than this -+value are labelled as being "High Scoring Spam", -+and a different set of "Spam Actions" are applied -+to messages scoring at least this value.

-+
-+ -+ -+ -+ -+ -+
-+

SpamAssassin Auto Whitelist

-+ -+ -+ -+ -+ -+
-+

Default: no

-+ -+

SpamAssassin has a feature which measures the ratio of -+spam to non−spam originating from different addresses, -+and will automatically add addresses to its own internal -+"whitelist" if most of the messages from an -+address is not spam. This option enables this feature of -+SpamAssassin. Please read their documentation for more -+information.

-+
-+ -+ -+ -+ -+ -+
-+

SpamAssassin Prefs File

-+ -+ -+ -+ -+ -+
-+

Default: %etc−dir%/spam.assassin.prefs.conf

-+ -+

SpamAssassin uses a "user preferences" file -+which can be used to set the values of various SpamAssassin -+options. This is the name of that file. Its most useful -+feature is that the RBL/DNSBL/"Spam List" checks -+done by SpamAssassin can be disabled as MailScanner already -+does them and there is little to be gained by doing these -+checks twice for every message.

-+
-+ -+ -+ -+ -+ -+
-+

SpamAssassin Timeout

-+ -+ -+ -+ -+ -+
-+

Default: 30

-+ -+

This option sets the maximum number of seconds to wait -+for SpamAssassin to process a message. This is a useful -+protection against occasional bugs in SpamAssassin that can -+cause it to take hours to process a single message.

-+
-+ -+ -+ -+ -+ -+
-+

Max SpamAssasin Timeouts

-+ -+ -+ -+ -+ -+
-+

Default: 20

-+ -+

If several consecutive calls to SpamAssassin time out, -+then MailScanner decides that there is something stopping -+SpamAssassin from working properly. It will therefore be -+disabled for the next few hours until MailScanner restarts -+itself, at which point it will be tried again.

-+
-+ -+ -+ -+ -+ -+
-+

SpamAssassin Timeouts History

-+ -+ -+ -+ -+ -+
-+

Default: 30

-+ -+

The total number of SpamAssassin attempts during which -+"Max SpamAssassin Timeouts" will cause -+SpamAssassin to be marked as "unavailable". See -+the previous comment for more information. The default -+values of 10 and 20 mean that 10 timeouts in any sequence of -+20 attempts will trigger the behaviour described above, -+until the next periodic restart (see "Restart -+Every").

-+
-+ -+ -+ -+ -+ -+
-+

Check SpamAssassin If On Spam List

-+ -+ -+ -+ -+ -+
-+

Default: yes

-+ -+

If a message has already triggered any of the "Spam -+List" checks, the SpamAssassin check will be skipped if -+this option is set to "no". This can help reduce -+the load on your server if SpamAssassin checks take a long -+time for some reason.

-+
-+ -+ -+ -+ -+ -+
-+

Always Include SpamAssasin Report

-+ -+ -+ -+ -+ -+
-+

Default: no

-+ -+

If this option is set, then the "Spam Header" -+will be included in the header of every message, so its -+presence cannot be used to filter out spam by your -+users’ e−mail applications.

-+
-+ -+ -+ -+ -+ -+
-+

Spam Score

-+ -+ -+ -+ -+ -+
-+

Default: yes

-+ -+

If a message is spam, and this option is set, then a -+header will be added to the message containing 1 character -+for each point in the SpamAssassin score. This allows users -+to choose for themselves the SpamAssassin scores at which -+they want to do different things with the message, such as -+file it or delete it.

-+
-+ -+ -+ -+ -+ -+
-+

Cache SpamAssassin Results

-+ -+ -+ -+ -+ -+
-+

Default: yes

-+ -+

Many naive spammers send out the same message to lots of -+people. These messages are very likely to have roughly the -+same SpamAssassin score. For extra speed, cache the -+SpamAssassin results for the messages being processed so -+that you only call SpamAssassin once for all of the -+messages. This can also be the filename of a ruleset.

-+
-+ -+ -+ -+ -+ -+
-+

SpamAssassin Cache Database File

-+ -+ -+ -+ -+ -+
-+

Default: -+/var/spool/MailScanner/incoming/SpamAsssassin.cache.db

-+ -+

The SpamAssassin cache uses a database file which needs -+to be writable by the MailScanner "Run As User". -+This file will be created and setup for you automatically -+when MailScanner is started.

-+
-+ -+ -+ -+ -+ -+
-+

Rebuild Bayes Every

-+ -+ -+ -+ -+ -+
-+

Default: 0

-+ -+

If you are using the Bayesian statistics engine on a busy -+server, you may well need to force a Bayesian database -+rebuild and expiry at regular intervals. This is measures in -+seconds. 24 hours = 86400 seconds. To disable this feature -+set this to 0.

-+
-+ -+ -+ -+ -+ -+
-+

Wait During Bayes Rebuild

-+ -+ -+ -+ -+ -+
-+

Default: no

-+ -+

The Bayesian database rebuild and expiry may take a 2 or -+3 minutes to complete. During this time you can either wait, -+or simply disable SpamAssassin checks until it has -+completed.

-+
-+ -+

Custom Spam Scanner Plugin

-+ -+ -+ -+ -+ -+
-+

Use Custom Spam Scanner

-+ -+ -+ -+ -+ -+
-+

Default: no

-+ -+

Use the Custom Spam Scanner. This is code you will have -+to write yourself, a function called -+"GenericSpamScanner" stored in the file -+"MailScanner/lib/MailScanner/CustomFunctions/GenericSpamScanner.pm". -+A sample function is given in the correct file in the -+distribution. This sample function also includes code to -+show you how to make it run an external program to produce a -+spam score. This can also be the filename of a ruleset. The -+function will be passed

-+
-+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+
-+ -+

-+
-+ -+

$IP

-+
-+
-+ -+ -+

− the numeric IP address of the system on the -+remote end of the SMTP connections

-+
-+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+
-+ -+

-+
-+ -+

$From

-+
-+ -+

− the address of the envelope sender of the -+message

-+
-+
-+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+
-+ -+

-+
-+ -+

$To

-+
-+
-+ -+ -+

− a perl reference to the envelope recipients of -+the message

-+
-+
-+ -+ -+ -+ -+ -+ -+ -+ -+
-+ -+

-+
-+ -+

$Message

-+
-+
-+ -+ -+ -+ -+ -+
-+

− a perl reference to the list of line of the -+message

-+ -+ -+ -+ -+ -+
-+

Max Custom Spam Scanner Size

-+ -+ -+ -+ -+ -+
-+

Default: 20000

-+ -+

How much of the message should be passed tot he Custom -+Spam Scanner. Most spam tools only need the first 20kbytes -+of the message to determine if it is spam or not. Passing -+more than is necessary only slows things down. This can also -+be the filename of a ruleset.

-+
-+ -+ -+ -+ -+ -+
-+

Custom Spam Scanner Timeout

-+ -+ -+ -+ -+ -+
-+

Default: 20

-+ -+

How long should the custom spam scanner take to run? If -+it takes more seconds than this, then it should be -+considered to have crashed and should be killed. This stops -+denial−of−service attacks.

-+
-+ -+ -+ -+ -+ -+
-+

Max Custom Spam Scanner Timeouts

-+ -+ -+ -+ -+ -+
-+

Default: 10

-+ -+

If the Custom Spam Scanner times out more times in a row -+than this, then it will be marked as "unavailable" -+until MailScanner next re−starts itself.

-+
-+ -+ -+ -+ -+ -+
-+

Custom Spam Scanner Timeout History

-+ -+ -+ -+ -+ -+
-+

Default: 20

-+ -+

The total number of Custom Spam Scanner attempts during -+which "Max Custom Spam Scanner Timeouts" will -+cause the Custom Spam Scanner to be marked as -+"unavailable". See the previous comment for more -+information. The default values of 10 and 20 mean that 10 -+timeouts in any sequence of 20 attempts will trigger the -+behaviour described above, until the next periodic restart -+(see "Restart Every").

-+
-+ -+

What to do with spam

-+ -+ -+ -+ -+ -+
-+

Spam Actions

-+ -+ -+ -+ -+ -+
-+

Default: deliver

-+ -+

This can be any combination of 1 or more of the following -+keywords, and these actions are applied to any message which -+is spam.

-+
-+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+
-+ -+

-+
-+ -+

deliver − the message is delivered to the -+recipient as normal

-+
-+ -+

-+
-+ -+

delete − the message is deleted

-+
-+ -+

-+
-+ -+

store − the message is stored in the -+quarantine

-+
-+ -+

-+
-+ -+

forward − an email address is supplied, to which -+the message is forwarded

-+
-+ -+

-+
-+ -+

notify − Send the recipients a short notification -+that spam addressed to them was not delivered. They can then -+take action to request retrieval of the orginal message if -+they think it was not spam.

-+
-+ -+

-+
-+ -+

striphtml − convert all in−line HTML content -+in the message to be stripped to plain text, which removes -+all images and scripts and so can be used to protect your -+users from offensive spam. Note that using this action on -+its own does not imply that the message will be delivered, -+you will need to specify "deliver" or -+"forward" to actually deliver the message.

-+
-+ -+

-+
-+ -+

attachment − Convert the original message into an -+attachment of the message. This means the user has to take -+an extra step to open the spam, and stops "web -+bugs" very effectively.

-+
-+ -+

-+
-+ -+

bounce − bounce the spam message. This option -+should not be used and must be enabled with the "Enable -+Spam Bounce" option first.

-+
-+ -+

-+
-+ -+

header "name: value" − Add the header -+"name: value" to the message. name must not -+contain any spaces.

-+
-+ -+ -+ -+ -+ -+
-+

High Scoring Spam Actions

-+ -+ -+ -+ -+ -+
-+

Default: deliver

-+ -+ -+ -+ -+ -+
-+

This is the same as the "Spam Actions" option -+above, but it gives the actions to apply to any message -+whose SpamAssassin score is above the "High -+Scoring" threshold described above.

-+
-+ -+ -+ -+ -+ -+
-+

Non Spam Actions

-+ -+ -+ -+ -+ -+
-+

Default: deliver

-+ -+

This is the same as the "Spam Actions" option -+above, except that it applies to messages that are NOT spam. -+The bounce option does not make much sense here so do not -+use it.

-+
-+ -+ -+ -+ -+ -+
-+

Sender Spam Report

-+ -+ -+ -+ -+ -+
-+

Default: %reports−dir%/sender.spam.report.txt

-+ -+

When the "bounce" spam action is applied to a -+message that triggered both a "Spam List" check -+and SpamAssassin, this file gives the text to put in that -+message.

-+
-+ -+ -+ -+ -+ -+
-+

Sender Spam List Report

-+ -+ -+ -+ -+ -+
-+

Default: -+%reports−dir%/sender.spam.rbl.report.txt

-+ -+

When the "bounce" spam action is applied to a -+message that triggered a "Spam List" check, this -+file gives the text to put in that message.

-+
-+ -+ -+ -+ -+ -+
-+

Sender SpamAssassin Report

-+ -+ -+ -+ -+ -+
-+

Default: -+%reports−dir%/sender.spam.sa.report.txt

-+ -+

When the "bounce" spam action is applied to a -+message that triggered SpamAssassin, this file gives the -+text to put in that message.

-+
-+ -+ -+ -+ -+ -+
-+

Inline Spam Warning

-+ -+ -+ -+ -+ -+
-+

Default: %reports−dir%/inline.spam.warning.txt

-+ -+

If you use the ’attachment’ Spam Action or -+High Scoring Spam Action then this is the location of inline -+spam report that is inserted at the top of the message.

-+
-+ -+ -+ -+ -+ -+
-+

Recipient Spam Report

-+ -+ -+ -+ -+ -+
-+

Default: -+%reports−dir%/recipient.spam.report.txt

-+ -+

If you use the ’notify’ Spam Action or High -+Scoring Spam Action then this is the location of the -+notification message that is sent to the original recipients -+of the message.

-+
-+ -+ -+ -+ -+ -+
-+

Enable Spam Bounce

-+ -+ -+ -+ -+ -+
-+

Default: %rules−dir%/bounce.rules

-+ -+

You can use this ruleset to enable the "bounce" -+Spam Action. You must *only* enable this for mail from sites -+with which you have agreed to bounce possible spam. Use it -+on low−scoring spam only (<10) and only to your -+regular customers for use in the rare case that a message is -+mis−tagged as spam when it shouldn’t have been. -+Beware that many sites will automatically delete the bounce -+messages created by using this option unless you have agreed -+this with them in advance.

-+
-+ -+

System logging

-+ -+ -+ -+ -+ -+
-+

Syslog Facility

-+ -+ -+ -+ -+ -+
-+

Default: mail

-+ -+

This is the name of the "facility" used by -+syslogd to log MailScanner’s messages. If this -+doesn’t mean anything to you, then either leave it -+alone or else read the "syslogd" man page.

-+
-+ -+ -+ -+ -+ -+
-+

Log Speed

-+ -+ -+ -+ -+ -+
-+

Default: no

-+ -+

Do you want to log the processing speed for each section -+of the code for a batch? This can be very useful for -+diagnosing speed problems, particularly in spam -+checking.

-+
-+ -+ -+ -+ -+ -+
-+

Log Spam

-+ -+ -+ -+ -+ -+
-+

Default: no

-+ -+

If this option is set, then every spam message will be -+logged to syslog. If you get a lot of spam, or your server -+load is high, you will want to leave this option switched -+off. But if you are having trouble with spam detection, -+setting this to "yes" temporarily can provide -+useful debugging output.

-+
-+ -+ -+ -+ -+ -+
-+

Log Non Spam

-+ -+ -+ -+ -+ -+
-+

Default: no

-+ -+

Do you want all non−spam to be logged? Useful if -+you want to see all the SpamAssassin reports of mail that -+was marked as non−spam. Note: It will generate a lot -+of log traffic.

-+
-+ -+ -+ -+ -+ -+
-+

Log Permitted Filenames

-+ -+ -+ -+ -+ -+
-+

Default: no

-+ -+

If this option is set, then every attachment filename -+that passes the "filename rules" checks will be -+logged to syslog. Normally this is of no interest. But if -+you are having trouble getting your filename rules correct, -+setting, this can provide useful debugging output.

-+
-+ -+ -+ -+ -+ -+
-+

Log Permitted Filetypes

-+ -+ -+ -+ -+ -+
-+

Default: no

-+ -+

Log all the filenames that are allowed by the Filetype -+Rules, or just the filetypes that are denied? This can also -+be the filename of a ruleset.

-+
-+ -+ -+ -+ -+ -+
-+

Log Silent Viruses

-+ -+ -+ -+ -+ -+
-+

Default: no

-+ -+

Log all occurrences of "Silent Viruses" as -+defined above? This can only be a simple yes/no value, not a -+ruleset.

-+
-+ -+ -+ -+ -+ -+
-+

Log Dangerous HTML Tags

-+ -+ -+ -+ -+ -+
-+

Default: no
-+Log all occurrences of HTML tags found in messages, that can -+be blocked. This will help you build up your whitelist of -+message sources for which particular HTML tags should be -+allowed, such as mail from newsletters and daily cartoon -+strips. This can also be the filename of a ruleset.

-+
-+ -+

Advanced SpamAssassin Settings

-+ -+ -+ -+ -+ -+
-+

If you are using Postfix you may well need to use some of -+the settings below, as the home directory for the -+"postfix" user cannot be written to by the -+"postfix" user. You may also need to use these if -+you have installed SpamAssassin somewhere other than the -+default location.

-+
-+ -+ -+ -+ -+ -+
-+

SpamAssassin User State Dir

-+ -+ -+ -+ -+ -+
-+

Default:

-+ -+

The per−user files (bayes, auto−whitelist, -+user_prefs) are looked for here and in ~/.spamassassin/. -+Note the files are mutable. If this is unset then no extra -+places are searched for. NOTE: SpamAssassin is always called -+from MailScanner as the same user, and that is the "Run -+As" user specified in MailScanner.conf. So you can only -+have 1 set of "per−user" files, it’s -+just that you might possibly need to modify this location. -+You should not normally need to set this at all. If using -+Postfix, you probably want to set this to -+/var/spool/MailScanner/spamassassin and do

-+
-+ -+ -+ -+ -+ -+
-+

mkdir /var/spool/MailScanner/spamassassin
-+chown postfix.postfix -+/var/spool/MailScanner/spamassassin

-+ -+ -+ -+ -+ -+
-+

SpamAssassin Install Prefix

-+ -+ -+ -+ -+ -+
-+

Default:

-+ -+

This setting is useful if SpamAssassin is installed in an -+unusual place, e.g. /opt/MailScanner. The install prefix is -+used to find some fallback directories if neither of the -+following two settings work. If this is set then it adds to -+the list of places that are searched; otherwise it has no -+effect.

-+
-+ -+ -+ -+ -+ -+
-+

SpamAssassin Local Rules Dir

-+ -+ -+ -+ -+ -+
-+

Default:

-+ -+

This tells MailScanner where to look for the -+site−local rules. If this is set it adds to the list -+of places that are searched. MailScanner will always look at -+the following places (even if this option is not set):

-+
-+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+
-+ -+

-+
-+ -+

prefix/etc/spamassassin

-+
-+
-+ -+

-+
-+ -+

prefix/etc/mail/spamassassin

-+
-+
-+ -+

-+
-+ -+

/usr/local/etc/spamassassin

-+
-+
-+ -+

-+
-+ -+

/etc/spamassassin

-+
-+
-+ -+

-+
-+ -+

/etc/mail/spamassassin

-+
-+
-+ -+

-+
-+ -+

maybe others as well

-+
-+
-+ -+ -+ -+ -+ -+
-+

SpamAssassin Default Rules Dir

-+ -+ -+ -+ -+ -+
-+

Default:

-+ -+ -+ -+ -+ -+
-+

This tells MailScanner where to look for the default -+rules. If this is set it adds to the list of places that are -+searched. MailScanner will always look at the following -+places (even if this option is not set):

-+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+
-+ -+

-+
-+ -+

prefix/share/spamassassin

-+
-+
-+ -+

-+
-+ -+

/usr/local/share/spamassassin

-+
-+
-+ -+

-+
-+ -+

/usr/share/spamassassin

-+
-+
-+ -+

-+
-+ -+

maybe others as well

-+
-+
-+ -+

Advanced Settings

-+ -+ -+ -+ -+ -+
-+

Spam Score Number Format

-+ -+ -+ -+ -+ -+
-+

Default: %d

-+ -+

When putting the value of the spam score of a message -+into the headers, how do you want to format it. If you -+don’t know how to use sprintf() or printf() in C, -+please *do not modify* this value. This can also be the -+filename of a ruleset. A few examples for you:

-+
-+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+
-+ -+

%d

-+
-+ -+

==> 12

-+
-+
-+ -+

%5.2f

-+
-+ -+

==> 12.34

-+
-+
-+ -+

%05.1f

-+
-+ -+

==> 012.3

-+
-+
-+ -+ -+ -+ -+ -+
-+

SpamAssassin Cache Timings

-+ -+ -+ -+ -+ -+
-+

Default: 1800,300,10800,172800,600

-+ -+ -+ -+ -+ -+
-+

Do not change this unless you absolutely have to, these -+numbers have been carefully calculated. They affect the -+length of time that different types of message are stored in -+the SpamAssassin cache which can be configured earlier in -+this file (look for "Cache"). The numbers are all -+set in seconds. They are:
-+1. Non−Spam cache lifetime = 30 minutes
-+2. Spam (low scoring) cache lifetime = 5 minutes
-+3. High−Scoring spam cache lifetime = 3 hours
-+4. Viruses cache lifetime = 2 days
-+5. How often to check the cache for expired messages = 10 -+minutes

-+
-+ -+ -+ -+ -+ -+ -+ -+ -+
-+ -+

Debug

-+
-+ -+

Default: no

-+
-+
-+ -+ -+ -+ -+ -+
-+

Not for use by normal users. Setting this option to -+"yes" will put MailScanner into debugging mode, in -+which it creates slightly more output and will not become a -+daemon.

-+
-+ -+ -+ -+ -+ -+
-+

Debug SpamAssassin

-+ -+ -+ -+ -+ -+
-+

Default: no

-+ -+

Do you want to debug SpamAssassin from within -+MailScanner?

-+
-+ -+ -+ -+ -+ -+
-+

Run In Foreground

-+ -+ -+ -+ -+ -+
-+

Default: no

-+ -+

Set Run In Foreground to "yes" if you want -+MailScanner to operate normally in foreground (and not as a -+background daemon). Use this if you are controlling the -+execution of MailScanner with a tool like DJB’s -+’supervise’ (see -+http://cr.yp.to/daemontools.html).

-+
-+ -+ -+ -+ -+ -+
-+

LDAP Server

-+ -+ -+ -+ -+ -+
-+

Default:

-+ -+

If you are using an LDAP server to read the -+configuration, these are the details required for the LDAP -+connection. The connection is anonymous. Example: -+localhost

-+
-+ -+ -+ -+ -+ -+
-+

LDAP Base

-+ -+ -+ -+ -+ -+
-+

Default:

-+ -+

If you are using an LDAP server to read the -+configuration, these are the details required for the LDAP -+connection. The connection is anonymous. Example: o=fsl

-+
-+ -+ -+ -+ -+ -+
-+

LDAP Site

-+ -+ -+ -+ -+ -+
-+

Default:

-+ -+

If you are using an LDAP server to read the -+configuration, these are the details required for the LDAP -+connection. The connection is anonymous. Example: -+default

-+
-+ -+ -+ -+ -+ -+
-+

Always Looked Up Last

-+ -+ -+ -+ -+ -+
-+

Default: no

-+ -+

The value of the option is actually never used, but it is -+evaluated at the end of processing a batch of messages. It -+is designed to be used in conjunction with a Custom -+Function. The Custom Function should then be written to have -+a "side effect" of doing something useful such as -+logging lots of information about the batch of messages to a -+file or an SQL database.

-+
-+ -+ -+ -+ -+ -+
-+

Always Looked Up Last After Batch

-+ -+ -+ -+ -+ -+
-+

Default: no

-+ -+

This option is intended for people who want to log -+per−batch information. This is evaluated after the -+"Always Looked Up Last" configuration option for -+each message in the batch. This is looked up once for the -+entire batch. Its value is completely ignored, it is purely -+there to have side effects. If you want to use it, read -+CustomConfig.pm.

-+
-+ -+ -+ -+ -+ -+
-+

Deliver in Background

-+ -+ -+ -+ -+ -+
-+

Default: yes

-+ -+

When attempting delivery of any messages (when the -+"Delivery Method = batch") the sendmail/Exim -+command will be run in the background so that MailScanner -+does not have to wait for the delivery attempt to complete. -+There are very few good reasons for setting this to -+"no".

-+
-+ -+ -+ -+ -+ -+
-+

Lockfile Dir

-+ -+ -+ -+ -+ -+
-+

Default: /tmp

-+ -+

This is the directory in which lock files are placed to -+stop the virus scanners used while they are in the middle of -+updating themselves with new virus definitions. If you -+change this at all, you will need to edit the -+"autoupdate" scripts for all your virus -+scanners.

-+
-+ -+ -+ -+ -+ -+
-+

Custom Functions Dir

-+ -+ -+ -+ -+ -+
-+

Default: -+/opt/MailScanner/lib/MailScanner/CustomFunctions
-+Default FreeBSD: -+/usr/local/lib/MailScanner/MailScanner/CustomFunctions

-+ -+

Where to put the code for your "Custom -+Functions". No code in this directory should be -+over−written by the installation or upgrade process. -+All files starting with "." or ending with -+".rpmnew" will be ignored, all other files will be -+compiled and may be used with Custom Functions.

-+
-+ -+ -+ -+ -+ -+
-+

Lock Type

-+ -+ -+ -+ -+ -+
-+

Do not set this option to anything unless you know -+exactly what you are doing. For sendmail and Exim, -+MailScanner will choose the correct value by default. This -+affects how mail queue files are locked, and your mail will -+be totally screwed up if you set this option to anything -+other than the correct value for your MTA. So leave it alone -+and let MailScanner choose the correct value for you.

-+
-+ -+ -+ -+ -+ -+
-+

Minimum Code Status

-+ -+ -+ -+ -+ -+
-+

Default: supported

-+ -+

Minimum acceptable code stability status −− -+if we come across code that’s not at least as stable -+as this, we barf. This is currently only used to check that -+you don’t end up using untested virus scanner support -+code without realising it. Don’t even *think* about -+setting this to anything other than "beta" or -+"supported" on a system that receives real mail -+until you have tested it yourself and are happy that it is -+all working as you expect it to. Don’t set it to -+anything other than "supported" on a system that -+could ever receive important mail. Levels used are:

-+
-+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+
-+ -+

-+
-+ -+

none − there may not even be any code.

-+
-+ -+

-+
-+ -+

unsupported − code may be completely untested, a -+contributed dirty hack, anything, really.

-+
-+ -+

-+
-+ -+

alpha − code is pretty well untested. Don’t -+assume it will work.

-+
-+ -+

-+
-+ -+

beta − code is tested a bit. It should work.

-+
-+ -+

-+
-+ -+

supported − code *should* be reliable.

-+
-+ -+ -+ -+ -+ -+
-+

Split Exim Spool

-+ -+ -+ -+ -+ -+
-+

Default: yes

-+ -+ -+ -+ -+ -+
-+

Are you using Exim with split spool directories? If you -+don’t understand this, the answer is probably -+"no". Refer to the Exim documentation for more -+information about split spool directories.

-+
-+ -+ -+ -+ -+ -+
-+

Use Default Rules With Multiple -+Recipients

-+ -+ -+ -+ -+ -+
-+

Default: no

-+ -+

When trying to work out the value of configuration -+parameters which are using a ruleset, this controls the -+behaviour when a rule is checking the "To:" -+addresses. If this option is set to "no", then -+some rules will use the result they get from the first -+matching rule for any of the recipients of a message, so the -+exact value cannot be predicted for messages with more than -+1 recipient. This value *cannot* be the filename of a -+ruleset.
-+If this option is set to "yes", then the following -+happens when checking the ruleset:

-+
-+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+
-+ -+

a)

-+
-+ -+

1 recipient. Same behaviour as normal.

-+
-+ -+

b)

-+
-+ -+

Several recipients, but all in the same domain -+(domain.com for example). The rules are checked for one that -+matches the string "*@domain.com".

-+
-+ -+

c)

-+
-+ -+

Several recipients, not all in the same domain. The -+rules are checked for one that matches the string -+"*@*".

-+
-+ -+

RULESETS

-+ -+ -+ -+ -+ -+
-+

Ruleset files should all be put in -+/opt/MailScanner/etc/rules (FreeBSD: -+/usr/local/etc/MailScanner/rules) and their filename should -+end in ".rules" wherever possible.

-+ -+

All blank lines are ignored, and comments start with -+"#" and continue to the end of the line, like -+this: # This line is just a comment

-+ -+

Other than that, every line is a rule and looks like this -+example: From: john.doe@domain.com yes

-+ -+

As you can see, each rule has 3 fields:
-+1. Direction
-+2. Pattern to match
-+3. Result value (or values)

-+ -+

1. Direction should be one of the following:

-+
-+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+
-+ -+

From:

-+
-+ -+

Matches when the message is from a matching address

-+
-+
-+ -+

To:

-+
-+ -+

Matches when the message is to a matching address

-+
-+
-+ -+ -+ -+ -+ -+
-+

FromOrTo:

-+ -+ -+ -+ -+ -+
-+

Matches when the message is from or to a matching -+address

-+
-+ -+ -+ -+ -+ -+
-+

FromAndTo:

-+ -+ -+ -+ -+ -+
-+

Matches when the message is from and to a matching -+address

-+
-+ -+ -+ -+ -+ -+
-+

The syntax of these is very loosely defined. Any word -+containing "from", any word containing -+"to", any word containing "from" and -+"to" (in either order), and any word containing -+"and" will work just fine. You can put them in -+upper or lower case, it doesn’t matter. And any -+additional punctuation will be ignored.

-+ -+ -+ -+ -+ -+
-+

This specifies the whether the rule should be matched -+against the sender’s address (or IP address), or the -+recipient’s address.

-+
-+ -+ -+ -+ -+ -+
-+

2. The pattern describes what messages should match this -+rule. Some examples are:

-+ -+

user@sub.domain.com # Individual address
-+user@* # 1 user at any domain
-+*@sub.domain.com # Any user at 1 domain
-+*@*.domain.com # Any user at any sub−domain of -+"domain.com"
-+*@domain.com # Any user at 1 specific domain
-+/pattern/ # Any address matching this Perl regular
-+# expression
-+192.168. # Any SMTP client IP address in this network
-+/pattern−with−no−letters/ # Any SMTP -+client IP address matching this
-+# Perl regular expression
-+/^192.168.1[4567]./ # Any SMTP client IP address in the -+networks
-+# 192.168.14 − 192.168.17
-+*@* # Default value
-+default # Default value

-+ -+

You should be able to do just about anything with -+that.

-+ -+

3. The result value is what you could have put in the -+entry in the main mailscanner.conf file had you not given -+the filename of a ruleset instead.

-+ -+

See the file EXAMPLES for a few ideas on how to do things -+with this system.

-+
-+ -+

ATTACHMENT FILENAME RULESET

-+ -+ -+ -+ -+ -+
-+

This is held in the filename pointed to by the -+configuration option Filename rules. It contains a set of -+rules that are used to judge whether any given file -+attachment should be accepted or rejected on the basis of -+its filename, regardless of whether it is found to be -+virus−infected or not. This can not only be used for -+draconian measures such as banning all .exe attachments, but -+it can be used with any Perl regular expression to provide -+facilities such as detection of attempts at hiding -+filenames.

-+ -+

Many Windows e−mail programs (eg. Microsoft -+Outlook) hide common file extensions in an attempt to not -+baffle the user. The result is that while an attachment -+called "Your Document.doc" is helpfully displayed -+as "Your Document", a more sinister attachment -+just as "Looks Safe.txt.pif" will appear simply as -+"Looks Safe.txt". Many users recognise the .txt -+filename extension as applying to plain text files, which -+they know are safe. So even an experienced user may well -+double−click on this attachment thinking it is just -+going to start Notepad and display the text file. However, -+the file is really an MS−Dos shortcut (.pif file) and -+can execute any arbitrary commands the author wanted: all -+without any indication to the unwitting user.

-+ -+

The rules are matched in order from the top to the bottom -+of the file, and the first rule containing a matching -+regular expression is used. Each line of the file is either -+blank, a comment (in which case it starts with a -+’#’ character) or is a rule made up of 4 fields -+separated by one or more TAB characters:

-+
-+ -+ -+ -+ -+ -+
-+

allow / deny

-+ -+ -+ -+ -+ -+
-+

Accept or reject the attachment if its filename matches -+the regular expression

-+
-+ -+ -+ -+ -+ -+
-+

regular expression

-+ -+ -+ -+ -+ -+
-+

The rule is executed if the attachment matches this -+expression. It may optionally be surrounded in -+’/’ characters.

-+
-+ -+ -+ -+ -+ -+
-+

log text

-+ -+ -+ -+ -+ -+
-+

If the rule matches, this text is placed in the syslog. -+If the text is "−", no string is logged.

-+
-+ -+ -+ -+ -+ -+
-+

user text

-+ -+ -+ -+ -+ -+
-+

If the rule matches, this text is placed in the text -+message sent to the user. If the text is -+"−", no text is used.

-+
-+ -+ -+ -+ -+ -+
-+

Please have a look at the filename.rules.conf or -+filename.rules.conf.sample file provided with this -+distribution/package/port.

-+
-+ -+

SEE ALSO

-+ -+ -+ -+ -+ -+
-+

MailScanner(8)

-+
-+
-+ -+ Index: files/patch-lib-MailScanner-Exim.pm =================================================================== RCS file: files/patch-lib-MailScanner-Exim.pm diff -N files/patch-lib-MailScanner-Exim.pm --- files/patch-lib-MailScanner-Exim.pm 27 Apr 2006 17:30:45 -0000 1.1 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,92 +0,0 @@ ---- ../MailScanner-install-4.52.2.orig/lib/MailScanner/Exim.pm Wed Apr 26 09:25:10 2006 -+++ lib/MailScanner/Exim.pm Wed Apr 26 09:26:00 2006 -@@ -251,7 +251,7 @@ - - my %metadata; - my($InHeader, $InSubject, $InDel, @headers, $msginfo, $from, @to, $subject); -- my($ip, $sender, @acl, $line); -+ my($ip, $sender, @acl, @aclc, @aclm, $line, $acltype); - - # Seek to the start of the file in case anyone read the file - # between me opening it and locking it. -@@ -287,13 +287,24 @@ - #$line eq "" and $metadata{"dv_$1"} = 1, next; - #$metadata{"dv_$1"} = $line; - #$metadata{dashvars}{$1} = 1; -- if($1 eq "acl") { -+ # ACLs can be -acl or -aclc or -aclm. -+ $acltype = $1; -+ if($acltype =~ /^acl[cm]?$/) { - # we need to handle acl vars differently - if($line =~ /^(\d+) (\d+)$/) { - my $buf; - my $pos = $1; - my $len = $2; -- $acl[$pos]=[]; -+ if ($acltype eq "acl") { -+ $acl[$pos]->[0] = []; -+ } elsif ($acltype eq "aclc") { -+ $aclc[$pos]->[0] = []; -+ } elsif ($acltype eq "aclm") { -+ $aclm[$pos]->[0] = []; -+ } else { -+ # invalid format -+ last; -+ } - (read($RQf, $buf, $len + 1)==$len+1) or last; - if($buf =~ /\n$/) { - chomp $buf; -@@ -301,7 +312,16 @@ - # invalid format - last; - } -- $acl[$pos]->[0] = $buf; -+ if ($acltype eq "acl") { -+ $acl[$pos]->[0] = $buf; -+ } elsif ($acltype eq "aclc") { -+ $aclc[$pos]->[0] = $buf; -+ } elsif ($acltype eq "aclm") { -+ $aclm[$pos]->[0] = $buf; -+ } else { -+ # invalid format -+ last; -+ } - } else { - # this is a weird format, and we're not sure how to handle it - last; -@@ -315,6 +335,8 @@ - next; - } - $metadata{aclvars} = \@acl; -+ $metadata{aclcvars} = \@aclc; -+ $metadata{aclmvars} = \@aclm; - - # If it was an invalid queue file, log a warning and tell caller - unless (defined $line) { -@@ -1059,11 +1081,24 @@ - - # ACLs patch starts here - # Add the separate ACL Vars -- my @acl = @{$metadata->{aclvars}}; -- for($i=0; $i<=$#acl; $i++) { -+ my @acl = @{$metadata->{aclvars}}; -+ my @aclc = @{$metadata->{aclcvars}}; -+ my @aclm = @{$metadata->{aclmvars}}; -+ my $greatestacl = $#acl; -+ $greatestacl = $#aclc if $#aclc > $greatestacl; -+ $greatestacl = $#aclm if $#aclm > $greatestacl; -+ for($i=0; $i<=$greatestacl; $i++) { - if($acl[$i]) { - $Qfile .= "-acl " . $i . " " . length($acl[$i]->[0]) . "\n"; - $Qfile .= $acl[$i]->[0] . "\n"; -+ } -+ if($aclc[$i]) { -+ $Qfile .= "-aclc " . $i . " " . length($aclc[$i]->[0]) . "\n"; -+ $Qfile .= $aclc[$i]->[0] . "\n"; -+ } -+ if($aclm[$i]) { -+ $Qfile .= "-aclm " . $i . " " . length($aclm[$i]->[0]) . "\n"; -+ $Qfile .= $aclm[$i]->[0] . "\n"; - } - } - Index: files/patch-lib-clamav-wrapper =================================================================== RCS file: files/patch-lib-clamav-wrapper diff -N files/patch-lib-clamav-wrapper --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ files/patch-lib-clamav-wrapper 3 May 2006 19:49:54 -0000 @@ -0,0 +1,41 @@ +--- ../MailScanner-install-4.42.9.orig/lib/clamav-wrapper Wed Jun 1 11:24:25 2005 ++++ lib/clamav-wrapper Wed Jun 1 11:31:57 2005 +@@ -51,6 +51,9 @@ + + # You may want to check this script for bash-isms + ++PATH=$PATH:/usr/local/bin ++export PATH ++ + TempDir="/tmp/clamav.$$" + ClamUser="clamav" + ClamGroup="clamav" +@@ -98,23 +101,23 @@ + # LESS COMMON unpackers, which probably aren't installed by default + # (hence disabled) + # Uncomment ONE of the following lines if you have unrar installed +-#ExtraScanOptions="$ExtraScanOptions --unrar" ++ExtraScanOptions="$ExtraScanOptions --unrar" + #ExtraScanOptions="$ExtraScanOptions --unrar=/path/to/unrar" + + # Uncomment ONE of the following lines if you have unarj installed +-#ExtraScanOptions="$ExtraScanOptions --unarj" ++ExtraScanOptions="$ExtraScanOptions --unarj" + #ExtraScanOptions="$ExtraScanOptions --unarj=/path/to/unarj" + + # Uncomment ONE of the following lines if you have unace installed +-#ExtraScanOptions="$ExtraScanOptions --unace" ++ExtraScanOptions="$ExtraScanOptions --unace" + #ExtraScanOptions="$ExtraScanOptions --unace=/path/to/unace" + + # Uncomment ONE of the following lines if you have lha installed +-#ExtraScanOptions="$ExtraScanOptions --lha" ++ExtraScanOptions="$ExtraScanOptions --lha" + #ExtraScanOptions="$ExtraScanOptions --lha=/path/to/lha" + + # Uncomment ONE of the following lines if you have zoo installed +-#ExtraScanOptions="$ExtraScanOptions --zoo" ++ExtraScanOptions="$ExtraScanOptions --zoo" + #ExtraScanOptions="$ExtraScanOptions --zoo=/path/to/unzoo" + + # Uncomment next line if you need to disable Clam's DoS protection Index: files/patch-lib:clamav-wrapper =================================================================== RCS file: files/patch-lib:clamav-wrapper diff -N files/patch-lib:clamav-wrapper --- files/patch-lib:clamav-wrapper 1 Jun 2005 16:34:12 -0000 1.5 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,41 +0,0 @@ ---- ../MailScanner-install-4.42.9.orig/lib/clamav-wrapper Wed Jun 1 11:24:25 2005 -+++ lib/clamav-wrapper Wed Jun 1 11:31:57 2005 -@@ -51,6 +51,9 @@ - - # You may want to check this script for bash-isms - -+PATH=$PATH:/usr/local/bin -+export PATH -+ - TempDir="/tmp/clamav.$$" - ClamUser="clamav" - ClamGroup="clamav" -@@ -98,23 +101,23 @@ - # LESS COMMON unpackers, which probably aren't installed by default - # (hence disabled) - # Uncomment ONE of the following lines if you have unrar installed --#ExtraScanOptions="$ExtraScanOptions --unrar" -+ExtraScanOptions="$ExtraScanOptions --unrar" - #ExtraScanOptions="$ExtraScanOptions --unrar=/path/to/unrar" - - # Uncomment ONE of the following lines if you have unarj installed --#ExtraScanOptions="$ExtraScanOptions --unarj" -+ExtraScanOptions="$ExtraScanOptions --unarj" - #ExtraScanOptions="$ExtraScanOptions --unarj=/path/to/unarj" - - # Uncomment ONE of the following lines if you have unace installed --#ExtraScanOptions="$ExtraScanOptions --unace" -+ExtraScanOptions="$ExtraScanOptions --unace" - #ExtraScanOptions="$ExtraScanOptions --unace=/path/to/unace" - - # Uncomment ONE of the following lines if you have lha installed --#ExtraScanOptions="$ExtraScanOptions --lha" -+ExtraScanOptions="$ExtraScanOptions --lha" - #ExtraScanOptions="$ExtraScanOptions --lha=/path/to/lha" - - # Uncomment ONE of the following lines if you have zoo installed --#ExtraScanOptions="$ExtraScanOptions --zoo" -+ExtraScanOptions="$ExtraScanOptions --zoo" - #ExtraScanOptions="$ExtraScanOptions --zoo=/path/to/unzoo" - - # Uncomment next line if you need to disable Clam's DoS protection --- MailScanner-4.53.7.patch ends here --- >Release-Note: >Audit-Trail: From: "Koopmann, Jan-Peter" To: Cc: Subject: Re: ports/96742: [MAINTAINER] mail/MailScanner: update to 4.53.7 Date: Thu, 4 May 2006 07:49:29 +0200 Hi, please close this bug-request. The port contains a small error. I just fixed it and will supply a new version in a few minutes! From: "Koopmann, Jan-Peter" To: Cc: Subject: Re: ports/96742: [MAINTAINER] mail/MailScanner: update to 4.53.7 Date: Thu, 4 May 2006 08:59:06 +0200 Replaced by PR96751 State-Changed-From-To: open->closed State-Changed-By: linimon State-Changed-When: Thu May 4 07:13:26 UTC 2006 State-Changed-Why: Superseded by ports/96751. http://www.freebsd.org/cgi/query-pr.cgi?pr=96742 >Unformatted: