debian packages - spamassassin not getting called

mark david mcCreary mdm at INTERNET-TOOLS.COM
Sat Jun 29 22:59:14 IST 2002

I'm starting to use Mailscanner and Spamassassin, via Debian 3.0 (Woody).

Mailscanner is version 3.13 and Spamassassin is 2.20, and I am using
Exim 4 (not part of Woody).

Mailscanner is moving the email from one message queue to another and
running Sophos at that time.  However I can find no trace that
SpamAssassin is ever invoked, although I have set Use SpamAssassin =

The mailscanner logs say "Scanning 1 message, 1260 bytes", which I
interpret to be the virus scan.

Should there be any log entries reflecting SpamAssassin being called ?

Running Mailscanner in debug mode does not shed any more light on the

Does anybody have any ideas on where I have gone wrong ?

I will put my mailscanner.conf file below.

Thanks in advance.


# Configuration file for MailScanner E-Mail Virus Scanner
# This file assumes everything is in the default locations provided
# by the MailScanner and RedHat 6.2 and upwards.
# Note: If your directories are symlinked (soft-linked) in any way,
#       please put their *real* location in here, not a path that
#       includes any links. You may get some very strange error
#       messages from some of the virus scanners if you don't.

# User to run as (provided for Exim users)
Run As User = mail

# Group to run as (provided for Exim users)
Run As Group = mail

# In every batch of virus-scanning, limit the maximum
# a) number of text-only messages to deliver
# b) number of potentially infected messages to unpack and scan
# c) total size of text-only messages to deliver
# d) total size of potentially infected messages to unpack and scan
Max Safe   Messages Per Scan = 500
Max Unsafe Messages Per Scan = 100
Max Safe   Bytes Per Scan = 100000000
Max Unsafe Bytes Per Scan = 50000000

# To avoid resource leaks, re-start periodically.
Restart Every = 14400 # 4 hours

# Name of this host, or just "the MailScanner" if you want to hide this info.
# It can be placed in the Help Desk note contained in virus warnings
sent to users.
Host name          =

# Add this extra header to all mail as it is scanned.
# (this must *include* terminating colon).
Mail Header = X-MailScanner:

# Set the mail header to these values for clean/infected messages.
Clean Header       = Certified virus free by Sophos Anti-Virus
Infected Header    = Infected Message according to Sophos Anti-Virus
Disinfected Header = Disinfected by Sophos Anti-Virus

# Set where to unpack incoming messages before scanning them
Incoming Work Dir  = /var/spool/mailscanner/incoming

# Set where to store infected message attachments (if they are kept)
Quarantine Dir     = /var/spool/mailscanner/quarantine

# Set where to store the process id so you can easily stop the scanner
Pid File           = /var/run/mailscanner/

# Set where to find the attachment filename ruleset.
# The structure of this file is explained elsewhere, but it is used to
# accept or reject file attachments based on their name, regardless of
# whether they are infected or not.
Filename Rules     = /etc/mailscanner/filename.rules.conf

# Set where to find the message text sent to users when one of their
# attachments has been quarantined.
Stored Virus Message Report  = /etc/mailscanner/stored.virus.message.txt
Stored Bad Filename Message Report  =

# Set where to find the message text sent to users when one of their
# attachments has been deleted.
Deleted Virus Message Report = /etc/mailscanner/deleted.virus.message.txt
Deleted Bad Filename Message Report =

# Set where to find the message text sent to users explaining about the
# attached disinfected documents.
Disinfected Report = /etc/mailscanner/

# Set location of incoming mail queue
# and location of outgoing mail queue.
Incoming Queue Dir = /var/spool/exim_incoming/input
Outgoing Queue Dir = /var/spool/exim/input

# Set whether to use sendmail or exim (default is sendmail)
MTA                = exim

# Set how to invoke MTA when sending created message
# (e.g. to sender/recipient saying "found a virus in your message")
Sendmail           = /usr/sbin/exim

# Sendmail2 is provided for Exim users.
# It defaults to the value supplied for Sendmail.
# It is the command used to attempt delivery of outgoing
# (scanned/cleaned) messages.
# This is not usually required for sendmail.
Sendmail2          = /usr/sbin/exim -C /etc/exim/exim.conf.outgoing

# Do you want to scan email for viruses?
# A few people have wanted to disable the entire virus scanning.
Virus Scanning     = yes

# Which Virus Scanning package to use:
# sophos    from, or
# mcafee    from, or
# command   from, or
# kaspersky from, or
# inoculate from, or
# f-secure  from, or
# f-prot    from (which is *free* for Linux as of 1/1/2002)
# Note: If you want to use multiple virus scanners, then this should be a
# comma-separated list of virus scanners. For example:
# Virus Scanner      = sophos, f-prot
Virus Scanner      = sophos

# Where the Virus scanner is installed. This is the command needed to run it.
# Note: If you want to use multiple virus scanners, then this should be a
# comma-separated list of commands, **in the same order** as they are listed
# in the "Virus Scanner" keyword just above. For example:
# Sweep = /etc/mailscanner/wrapper/sophoswrapper,
Sweep = /etc/mailscanner/wrapper/sophoswrapper

# The maximum length of time the commercial virus scanner is allowed to run
# for 1 batch of messages (in seconds).
Virus Scanner Timeout = 300

# Expand TNEF attachments using an external program?
# This should be "yes" except for Sophos (when it should be "no")
# as Sophos has the facility built-in.
Expand TNEF        = no

# Where the MS-TNEF expander is installed.
# The new --maxsize option limits the maximum size that any expanded attachment
# may be. It helps protect against Denial Of Service attacks in TNEF files.
TNEF Expander      = /usr/bin/tnef --maxsize=100000000

# The maximum length of time the TNEF Expander is allowed to run for 1 message.
# (in seconds)
TNEF Timeout       = 120

# What should the attachments be called that replace virus-infected files?
Attachment Warning Filename = VirusWarning.txt

# Should we scan all messages, including plain-text messages which are normally
# harmless? This should be "yes" since the MyParty message appeared.
Scan All Messages = yes

# Once we have removed viruses from an email message and replaced them with
# VirusWarning.txt attachments, should we deliver the clean result to the
# original recipients (or just delete them if "no")?
Deliver To Recipients = yes

# Deliver messages with viruses removed to their original recipients
# if they came from a local address, or just delete them so no-one knows
# we have a virus outbreak on our site?
Deliver From Local Domains = yes

# Notify the senders of infected messages that they should check out
# their systems?
Notify Senders = yes

# Set where to find the message text sent to the senders of infected
# messages.
#Sender Report = /etc/mailscanner/
Sender Virus Report        = /etc/mailscanner/
Sender Bad Filename Report = /etc/mailscanner/
Sender Error Report        = /etc/mailscanner/

# Notify the local postmaster when any infections are found?
Notify Local Postmaster = yes

# Include the full headers of each message in the postmaster notification?
Postmaster Gets Full Headers = yes

# Set email address of who to notify about any infections found.
# Should put your full domain name here too,
#    e.g. postmaster at
Local Postmaster = virusmaster at

# Set what to do with infected attachments or messages.
# keep   ==> Store under the "Quarantine Dir"
# delete ==> Just delete them
#Action = delete
Action = keep

# Should I attempt to disinfect infected attachments and then deliver
# the clean ones
Deliver Disinfected Files = yes

# Local domain name, or filename containing a list of local domain names
# The file supports blank entries, '#' and ';' comment characters and
# uses the first word off each line. This should be compatible with all
# such lines in a sendmail or Exim configuration file.
Local Domains =

# Mark infected messages in the message body.
# There can now be more than 1 of these configuration lines here, so you can
# break the warning message over multiple lines.
Mark Infected Messages = yes
Inline Text Warning = Warning: This message has had one or more
attachments removed.
Inline Text Warning = Warning: Please read the "VirusWarning.txt"
attachment(s) for more information.
Inline HTML Warning = <P><B><FONT SIZE="+1" COLOR="red">Warning:
</FONT>This message has had one or more attachments removed. Please
read the "VirusWarning.txt" attachment(s) for more

# Sign clean messages in the message body.
# There can be more than 1 of these configuration lines here, so you can
# break the signature message over multiple lines.
# Note that enabling this option will add to the overall system load as some
# major optimisations will no longer be possible!
Sign Clean Messages = no
Inline Text Signature = --
Inline Text Signature = This message has been scanned for viruses and
Inline Text Signature = dangerous content by MailScanner, and is
Inline Text Signature = believed to be clean.
Inline HTML Signature = <BR>--
Inline HTML Signature = <BR>This message has been scanned for viruses and
Inline HTML Signature = <BR>dangerous content by
Inline HTML Signature = <A
Inline HTML Signature = and is<BR>believed to be clean.

# Do you want to archive all mail in a directory for later inspection?
# Be warned if you are in the UK: this may well be illegal due to RIPA
# and DPA restrictions!
Archive Mail = no

# Where to store the mail archive.
# Be warned: this is likely to get big very quickly.
Archive Mail Dir = /var/spool/mailscanner/archive

# Per-Domain Scanning and Spam Detection
# Do we want to only scan certain named domains for viruses and spam?
Scanning By Domain = no

# Filename listing all the domains we want to scan
Domains To Scan = /etc/mailscanner/

# Do we want to add a MailScanner header to messages we have not scanned
Sign Unscanned Messages = no

# What do we want to put in the header
Unscanned Header = not scanned: please contact your email provider for details

# Spam Detection
# Should the anti-spam checks be done on all incoming messages?
Spam Checks = yes

# Set the name of the extra header to add to all messages found to be
# likely spam.
Spam Header = X-MailScanner-SpamCheck:

# Do you want to put some text on the front of the subject line when
# we think it is spam?
Spam Modify Subject = yes

# What text do we want to put on the front (gets followed by a " ")
Spam Subject Text = {SPAM?}

# Do we have the SpamAssassin package installed?
# This is a very good, very clever heuristics-based spam checker.
# For more info and installation instructions, see
Use SpamAssassin = yes

# Set the maximum size of message which we will check with SpamAssassin
# Don't set this too large as your system load will get very high processing
# huge messages.
Max SpamAssassin Size = 100000

# Set the maximum time to allow SpamAssassin to process 1 message
SpamAssassin Timeout = 10

# Set the list of database names and their corresponding DNS domains.
# All of these databases work in a similar way, allowing the simple use
# of multiple databases.
# See and for more information.
#Spam List = ORDB-RBL,
# MAPS now charge for their services, so you'll have to buy a contract before
# attempting to use the next 3 lines.
#Spam List = MAPS-RBL,
#Spam List = MAPS-DUL,
#Spam List = MAPS-RSS,
# This next line works for JANET UK Academic sites only
#Spam List = MAPS-RBL+,

# Define local networks from whom you should always accept mail, and
# never mark it as spam. This is useful in case your own mail servers
# are ever in the ORBS or MAPS lists.
#Accept Spam From = 152.78.
#Accept Spam From = 139.166.

# Define a list of email addresses and email domains from whom you should
# always accept mail, and never mark it as spam. This is useful in case
# someone you correspond with a lot has their mail servers in the ORBS or
# MAPS lists.
Spam White List = /etc/mailscanner/spam.whitelist.conf

# Advanced Features
# =================
# Don't bother changing anything below this unless you really know what
# you are doing.

# Set Debug to 1 to stop it running as a daemon
# and produce more verbose output
Debug = 0

# Attempt immediate delivery of messages, or just place them in the outgoing
# queue for the MTA to deliver at a time of its own choosing?
# If attempting immediate delivery, do them one at a time,
#                                or do them in batches of 30 at a time?
# Delivery Method = queue
# Delivery Method = individual
Delivery Method = batch

# How to lock spool files.
# Don't set this unless you *know* you need to.
# For sendmail, it defaults to "flock".
# For Exim, it defaults to "posix".
# No other type is implemented.
#Lock Type          = flock

# Where to put the virus scanning engine lock files.
# These lock files are used between MailScanner and the virus signature
# "autoupdate" scripts, to ensure that they aren't both working at the
# same time (which could cause MailScanner to let a virus through).
Lock File Dir = /tmp

# What to do when you get several MailScanner headers in one message,
# from multiple MailScanner servers. Values are
# "append"  : Append the new data to the existing header
# "add"     : Add a new header
# "replace" : Replace the old data with the new data
# Default is "append"
Multiple Headers = append

# Some versions of Microsoft Outlook generate unparsable Rich Text
# format attachments. Do we want to deliver these bad attachments anyway?
# Setting this to yes introduces the slight risk of a virus getting through,
# but if you have a lot of troubled Outlook users you might need to do this.
# We are working on a replacement for the TNEF decoder.
Deliver Unparsable TNEF = no

# When attempting delivery of outgoing messages, should we do it in the
# background or wait for it to complete? The danger of doing it in the
# background is that the machine load goes ever upwards while all the
# slow sendmail processes run to completion. However, running it in the
# foreground may cause the mail server to run too slowly.
Deliver In Background = no

# Minimum acceptable code stability status -- if we come across code
# that's not at least as stable as this, we barf.
# This is currently only used to check that you don't end up using untested
# virus scanner support code without realising it.
# Levels used are:
# none          - there may not even be any code.
# unsupported   - code may be completely untested, a contributed dirty hack,
#                 anything, really.
# alpha         - code is pretty well untested. Don't assume it will work.
# beta          - code is tested a bit. It should work.
# supported     - code *should* be reliable.
# Don't even *think* about setting this to anything other than "beta" or
# "supported" on a system that receives real mail until you have tested it
# yourself and are happy that it is all working as you expect it to.
# Don't set it to anything other than "supported" on a system that could
# ever receive important mail.
Minimum Code Status = supported

More information about the MailScanner mailing list