MailScanner: selective virus scanning using a simple ruleset
MailScanner at ecs.soton.ac.uk
Thu Feb 28 19:57:07 GMT 2008
There are many ways you can do this.
You want to use a "ruleset". In this case, it's a very simple one that
just switches off the "Virus Scanning = yes" for these particular
messages. You can set pretty much any setting in the MailScanner.conf
file to different values for different messages, depending on where they
come from and are going to. You can have a different ruleset for any
setting, so you can build extremely complex configurations if that's
what you need.
But in your case we can keep it very simple.
The setting we want to change is the "Virus Scanning" setting, which can
take "yes" or "no" as its value. So first we build the ruleset file.
These live in /etc/MailScanner/rules on most people's systems. You have
to beware that the "from" address in an email message can be faked by a
spammer or a virus, so you can't reliably control something as crucial
as the actual virus scanning depending on only the "from" address. Less
crucial settings, such as many of the spam detection settings are no
problem, as a failure will just let through the occasional spam which is
unlikely to cause anyone serious problems.
So we can say that, in your case, you want to set "Virus Scanning" to
"yes" for most messages. You want it to be "no" for messages from
root at messenger.mideasti.org, so long as they originate from the server
itself, the IP address 127.0.0.1. So put these 2 lines into
From: root at messenger.mideasti.org and From: 127.0.0.1 no
FromOrTo: default yes
That should have been 2 lines, just in case your email application
wrapped the text onto 3 lines by mistake.
Then you just tell MailScanner to use the new ruleset file by setting
this in your /etc/MailScanner/MailScanner.conf
Virus Scanning = %rules-dir%/virus.scanning.rules
The last 2 jobs are to check the new setting is right by running the command
and if that works okay then tell MailScanner to re-read its
/sbin/service MailScanner reload
You can have as many different rulesets as you like. Just don't put more
than around 1000 lines into each ruleset as things will slow down a bit.
In the /etc/MailScanner/rules directory, you will find a couple of
examples which show you what you can put in ruleset files. You can make
the 'address conditions' (just the simple "root at messenger.mideasti.org"
in your case) very complicated if you need to, there are loads of
different things you can do there.
If you can't write your requirements as a ruleset, but need to write
some sort of a program to work out the value, you can write what are
called "Custom Functions" to produce the result instead. Indeed, this is
how the entire MailWatch package hooks into MailScanner.
The values set by a ruleset don't have to just be "yes" or "no". They
can be whatever values are acceptable to the MailScanner.conf setting
you are using the ruleset for. So you can give different report
filenames for different customers, different languages for different
domains, all sorts of things, it's only limited by your imagination and
The configuration system I built into MailScanner is very easy to use,
and most people's setups are very simple. But you can make it as complex
as you need to, and it's all easy to manage and administer. Personally
it's one of the cleverest bits of code I've written in quite a while :-)
The bit I'm most proud of actually is the upgrade_MailScanner_conf
script, as it can upgrade or downgrade from any MailScanner version to
any other MailScanner version, without any external list of what the
permitted options are or anything like that. It just uses the two
filenames you give it to read from, and it works out everything from
those. For example, did you know that upgrade_languages_conf and
upgrade_MailScanner_conf are actually the same script? One is
soft-linked to the other, there's only 1 copy of the script on your disk.
I hope that all helps you get started using rulesets. There are examples
in the /etc/MailScanner/rules directory and in the wiki web site at
http://wiki.mailscanner.info/ and in the Book. The Book explains them
all fairly well too.
If you haven't got the book, please can you buy one from the website?
It's my only source of funding for MailScanner and its development and
my ability to support it depend on the profits I make solely from
selling the book. Many thanks!
If you can't afford a copy of the book, and just want the bit that
explains rulesets, then drop me a line and I might give you a copy of
that snippet of the book. It would be useful for that bit to be
available for free on-line anyway, I think a lot of people would
appreciate that, as many people seem to think they are more complicated
than they actually are.
Good luck! And feel free to mail me if you really get stuck even after
you've read the examples, the documentation on-line and in the book.
Julian Field MEng CITP CEng
Buy the MailScanner book at www.MailScanner.info/store
MailScanner customisation, or any advanced system administration help?
Contact me at Jules at Jules.FM
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
PGP public key: http://www.jules.fm/julesfm.asc
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the MailScanner