F-Prot Antivirus Mail Scanner, which comes bundled with F-Prot Antivirus for Linux Mail Servers, can be configured to scan incoming e-mail for viruses. The scan-mail.pl script provided is intended to be used with procmail. To configure procmail to reroute all e-mail through scan-mail.pl, type the following in a procmailrc file:
:0 fw
| /usr/local/f-prot/tools/scan-mail.pl
Scan-mail.pl has a -backup command-line option, which enables it to keep a copy of each letter before scanning it. To utilize this, change the procmailrc line to:
:0 fw
| /usr/local/f-prot/tools/scan-mail.pl -backup
However, since mail processing is a resource intensive task, you might experience problems with scan-mail.pl running out of resources when there is heavy incoming e-mail traffic. Therefore, error checking of the return value of scan-mail.pl is a good idea. The rule below will deliver the mail to /usr/local/f-prot/backup/FAILED.
:0 fw
| /usr/local/f-prot/tools/scan-mail.pl
:0 e
/usr/local/f-prot/backup/FAILED.`date +%s`.$$
If you want to avoid running out of resources due to too many instances of scan-mail.pl running, you might try using locks. Below is an example of how to make procmail run only one instance of scan-mail.pl at a given time. Using a lockfile called /var/tmp/scan-mail.pl.lock:
:0 fw:/var/tmp/scan-mail.pl.lock
/usr/local/f-prot/tools/scan-mail.pl
F-Prot Antivirus for Linux Mail Servers comes with F-Prot Antivirus Mail Scanner. F-Prot Antivirus Mail Scanner is based on Anomy Sanitizer. The newest version of Anomy Sanitizer is packaged at each release of F-Prot Antivirus.The name of the Mail Scanner script is scan-mail.pl. In this script, the features of Anomy used are minimal, there is no defanging or sanitizing, only virus scanning enabled. But this is configurable by the user. Please read http://mailtools.anomy.net/sanitizer.html for more information on how to configure F-Prot Antivirus Mail Scanner via the scan-mail.pl script. The scan-mail.pl can be passed on the same configuration parameters as the sanitizer.pl script that comes with Anomy Sanitizer.
To hook the Mail Scanner into the mail delivery chain, the following needs to be added to either /etc/procmailrc (for adding e-mail scanning globally for the local mailsystem) or ~/.procmailrc (for individual user configuration):
:0 fw
| /usr/local/f-prot/tools/scan-mail.pl
The Mail Scanner will add a header to your e-mail stating "X-Antivirus: Scanned by F-Prot Antivirus (http://www.f-prot.com)".
If F-Prot Antivirus detects an infection in a message or attachment, the Mail Scanner will try
to neutralize the threat. If the infection is removed, the Mail Scanner will only
defang the message or attachment. If, however, F-Prot Antivirus fails to remove the
infection, the message or attachment will be removed, and an appropriate message
will be appended to the e-mail. The Mail Scanner will take no action if the
attachment is found to be clean. In the case of a runtime error, the Mail Scanner
will defang the message. Defanging involves changing the filename extension, and
thus removing the danger of a user running the attached file by double-clicking
it.
The Mail Scanner can be configured to generate backups of all incoming mail by
supplying it with the -backup switch. To generate backups of infected messages only, use the -quarantine switch. Depending on preference use either:
:0 fw
| /usr/local/f-prot/tools/scan-mail.pl -backup
or:
:0 fw
| /usr/local/f-prot/tools/scan-mail.pl -quarantine
This will cause the script to create a directory MMDD/ under /usr/local/f-prot/backup (where MM is a number representing the month, and DD is a number representing the day of the month), and a file underneath there in the format of unix-time.pid. That file will contain the original message before the Mail Scanner scanned it.
Back to Index Next