Scanning e-mails in-transit in Qmail

In-transit mail scanning in Qmail can be achieved using the f-prot-qmail application. To achieve this functionality, f-prot-qmail must be put in place of qmail's qmail-queue utility while retaining the original qmail-queue program backed up as qmail-queue.orig.

Here is the procedure:

    # cd /var/qmail/bin
    # mv qmail-queue qmail-queue.orig
    # cp /usr/local/f-prot/tools/f-prot-qmail ./qmail-queue
    # chown qmailq.qmail qmail-queue
    # chmod 4711 qmail-queue
Now make sure you have scan-mail.pl running with the -server option, and f-protd is running aswell. If they are, you should be able to make a connection to 127.0.0.1:11200 for scan-mail.pl and 127.0.0.1:10200 for f-protd.

The f-prot-qmail program will make a copy of each message in /tmp, contact the Mail Scanner at port 11200 and supply the Mail Scanner with the message. When the Mail Scanner has finished rewriting the message, the f-prot-qmail program will start the original qmail-queue program and supply it with the rewritten message.

The Mail Scanner will add a header line to your e-mail, "X-Antivirus: Scanned by F-Prot Antivirus (http://www.f-prot.com)"

If F-Prot Antivirus detects an infection in a message or attachment, the Mail Scanner will try to neutralize the threat. If the infection is removed, the Mail Scanner will only defang the message or attachment. If, however, F-Prot Antivirus fails to remove the infection, the message or attachment will be removed, and an appropriate message will be appended to the e-mail. The Mail Scanner will take no action if the attachment is found to be clean. In the case of a runtime error, the Mail Scanner will defang the message. Defanging involves changing the filename extension, and thus removing the danger of a user running the attached file by double-clicking it.

The Mail Scanner can be configured to generate backups of all incoming mail by supplying it with the -backup switch. To generate backups of infected messages only, use the -quarantine switch. This will cause the Mail Scanner to create a directory MMDD/ under /usr/local/f-prot/backup (where MM is a number representing the month, and DD is a number representing the day of the month), and a file underneath there in the format of unix-time.pid. That file will contain the original message before the Mail Scanner scanned it.

Back to Index Next