In-transit mail scanning can be achieved using the f-prot-milter libmilter plugin in conjunction with the F-Prot Antivirus Mail Scanner. To achieve this functionality, two lines must be added to the sendmail.mc configuration file:
define(`_FFR_MILTER', `true')
INPUT_MAIL_FILTER(`f-prot-milter', `S=inet:12200@127.0.0.1, F=T, T=E:8m;C:5m;R:4m;S:2m')
Optionally, if selective scanning based on recipient is desired, the {FP_SCANONLY} sendmail macro can be defined and exported to the envrcpt routine by adding these three lines to sendmail.mc:
define(`confMILTER_MACROS_ENVRCPT', `{rcpt_mailer}, {rcpt_host}, {rcpt_addr}, {FP_SCANONLY}')
LOCAL_CONFIG
D{FP_SCANONLY}@domain1\\.net$$:@domain2\\.net$$:@domain3\\.net$$
After editing your sendmail.mc file, recompile the sendmail.cf file using the Makefile included with sendmail (make sure you have the sendmail-cf package installed, or equivalent). Then restart sendmail.
scan-mail.pl must then be started with the -milter commandline option giving a path the the sendmail.cf file as an argument, which will cause scan-mail.pl to start f-prot-milter, and start listening for scan-requests from f-prot-milter.
The Mail Scanner will add two headers to your e-mail, "X-Antivirus: Scanned by F-Prot Antivirus (http://www.f-prot.com)", and a header called "X-Antivirus-Summary" which describes the changes made to the message.
If F-Prot Antivirus detects an infection in a message or attachment, the Mail Scanner will try to neutralize the threat. If the infection is removed, the Mail Scanner will only defang the message or attachment. If, however, F-Prot Antivirus fails to remove the infection, the message or attachment will be removed, and an appropriate message will be appended to the e-mail. The Mail Scanner will take no action if the attachment is found to be clean. In the case of a runtime error, the Mail Scanner will defang the message. Defanging involves changing the filename extension, and thus removing the danger of a user running the attached file by double-clicking it.
The Mail Scanner can be configured to generate backups of all incoming mail by supplying it with the -backup switch. To generate backups of infected messages only, use the -quarantine switch. This will cause the Mail Scanner to create a directory MMDD/ under /usr/local/f-prot/backup (where MM is a number representing the month, and DD is a number representing the day of the month), and a file underneath there in the format of unix-time.pid. That file will contain the original message before the Mail Scanner scanned it.
Back to Index Next