<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.2800.1226" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY>
<DIV><FONT face=Arial size=2><STRONG>Mailman conf :</STRONG></FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># Main configuration file for the MailScanner
E-Mail Virus Scanner<BR>#<BR># It's good practice to check through configuration
files to make sure<BR># they fit with your system and your needs, whatever you
expect them to<BR># contain.<BR>#<BR># Note: If your directories are symlinked
(soft-linked) in any way,<BR># please put
their *real* location in here, not a path
that<BR># includes any links. You may get
some very strange error<BR># messages from
some of the virus scanners if you don't.<BR>#<BR># Note for Version 4.00 and
above:<BR># A lot of the settings can take a
ruleset as well as just simple<BR># values.
These rulesets are files containing rules which are
applied<BR># to the current message to
calculate the value of the
configuration<BR># option. The rules are
checked in the order they appear in the ruleset.<BR>#<BR># Note for Version 4.03
and above:<BR># As well as rulesets, you can
now include your own functions in<BR># here.
Look at the directory containing Config.pm and you will
find<BR># CustomConfig.pm. In here, you can
add your own "value" function and<BR># an
Initvalue function to set up any global state you need such
as<BR># database connections. Then for a
setting below, you can
put:<BR>#
Configuration Option =
&ValueFunction<BR># where
"ValueFunction" is the name of the function you
have<BR># written in
CustomConfig.pm.<BR>#</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>#<BR># Definition of variables which are
substituted into definitions below<BR>#</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># Set the directory containing all the reports in
the required language<BR>%report-dir% = /etc/MailScanner/reports/fr</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># Configuration directory containing this
file<BR>%etc-dir% = /etc/MailScanner</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># Rulesets directory containing your ".rules"
files<BR>%rules-dir% = /etc/MailScanner/rules</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># Enter a short identifying name for your
organisation below, this is<BR># used to make the X-MailScanner headers unique
for your organisation.<BR># Multiple servers within one site should use an
identical value here<BR># to avoid adding multiple redundant headers where mail
has passed<BR># through several servers within your organisation.<BR>%org-name%
= yoursite</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>#<BR># System settings<BR>#
---------------<BR>#</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># How many MailScanner processes do you want to run
at a time?<BR># There is no point increasing this figure if your MailScanner
server<BR># is happily keeping up with your mail traffic.<BR># If you are
running on a server with more than 1 CPU, or you have a<BR># high mail load
(and/or slow DNS lookups) then you should see better<BR># performance if you
increase this figure.<BR># If you are running on a small system with limited
RAM, you should<BR># note that each child takes just over 20MB.<BR>#<BR># As a
rough guide, try 5 children per CPU. But read the notes above.<BR>Max Children =
5</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># User to run as (not normally used for
sendmail)<BR>#Run As User = mail<BR>#Run As User = postfix<BR>Run As User =
</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># Group to run as (not normally used for
sendmail)<BR>#Run As Group = mail<BR>#Run As Group = postfix<BR>Run As Group =
</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># How often (in seconds) should each process check
the incoming mail<BR># queue for new messages? If you have a quiet mail server,
you might<BR># want to increase this value so it causes less load on your
server, at<BR># the cost of slightly increasing the time taken for an average
message<BR># to be processed.<BR>Queue Scan Interval = 5</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># Set location of incoming mail queue<BR>#<BR>#
This can be any one of<BR># 1. A directory name<BR># Example:
/var/spool/mqueue.in<BR># 2. A wildcard giving directory
names<BR># Example: /var/spool/mqueue.in/*<BR># 3. The name of
a file containing a list of directory names,<BR># which can in
turn contain wildcards.<BR># Example:
/etc/MailScanner/mqueue.in.list.conf<BR>#<BR>Incoming Queue Dir =
/var/spool/mqueue.in</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># Set location of outgoing mail queue.<BR># This
can also be the filename of a ruleset.<BR>Outgoing Queue Dir =
/var/spool/mqueue</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># Set where to unpack incoming messages before
scanning them<BR>Incoming Work Dir =
/var/spool/MailScanner/incoming</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># Set where to store infected and message
attachments (if they are kept)<BR># This can also be the filename of a
ruleset.<BR>Quarantine Dir = /var/spool/MailScanner/quarantine</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># Set where to store the process id number so you
can stop MailScanner<BR>PID file = /var/run/MailScanner.pid</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># To avoid resource leaks, re-start
periodically<BR>Restart Every = 14400</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># Set whether to use postfix, sendmail, exim or
zmailer.<BR># If you are using postfix, then see the "SpamAssassin User State
Dir"<BR># setting near the end of this file<BR>MTA = sendmail</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># Set how to invoke MTA when sending messages
MailScanner has created<BR># (e.g. to sender/recipient saying "found a virus in
your message")<BR># This can also be the filename of a ruleset.<BR>Sendmail =
/usr/sbin/sendmail</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># Sendmail2 is provided for Exim users.<BR># It is
the command used to attempt delivery of outgoing cleaned/disinfected<BR>#
messages.<BR># This is not usually required for sendmail.<BR># This can also be
the filename of a ruleset.<BR>#For Exim users: Sendmail2 = /usr/sbin/exim -C
/etc/exim/exim_send.conf<BR>#For sendmail users: Sendmail2 =
/usr/sbin/sendmail<BR>#Sendmail2 = /usr/sbin/sendmail -C
/etc/exim/exim_send.conf<BR>sendmail2 = /usr/sbin/sendmail</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>#<BR># Processing Incoming Mail<BR>#
------------------------<BR>#</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># In every batch of virus-scanning, limit the
maximum<BR># a) number of unscanned messages to deliver<BR># b) number of
potentially infected messages to unpack and scan<BR># c) total size of unscanned
messages to deliver<BR># d) total size of potentially infected messages to
unpack and scan</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>Max Unscanned Bytes Per Scan = 100000000<BR>Max
Unsafe Bytes Per Scan = 50000000<BR>Max Unscanned Messages Per Scan = 500<BR>Max
Unsafe Messages Per Scan = 100</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># Expand TNEF attachments using an external program
(or a Perl module)?<BR># This should be "yes" unless the scanner you are using
(Sophos, McAfee) has<BR># the facility built-in. However, if you set it to "no",
then the filenames<BR># within the TNEF attachment will not be checked against
the filename rules.<BR>Expand TNEF = yes</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># Some versions of Microsoft Outlook generate
unparsable Rich Text<BR># format attachments. Do we want to deliver these bad
attachments anyway?<BR># Setting this to yes introduces the slight risk of a
virus getting through,<BR># but if you have a lot of troubled Outlook users you
might need to do this.<BR># We are working on a replacement for the TNEF
decoder.<BR># This can also be the filename of a ruleset.<BR>Deliver Unparsable
TNEF = no</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># Where the MS-TNEF expander is installed.<BR>#
This is EITHER the full command (including maxsize option) that runs<BR># the
external TNEF expander binary,<BR># OR the keyword "internal" which will make
MailScanner use the Perl<BR># module that does the same job.<BR># They are both
provided as I am unsure which one is faster and which<BR># one is capable of
expanding more file formats (there are plenty!).<BR>#<BR># The --maxsize option
limits the maximum size that any expanded attachment<BR># may be. It helps
protect against Denial Of Service attacks in TNEF files.<BR>#TNEF
Expander = internal<BR># This can also be the filename of a
ruleset.<BR>TNEF Expander = /usr/bin/tnef --maxsize=100000000</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># The maximum length of time the TNEF Expander is
allowed to run for 1 message.<BR># (in seconds)<BR>TNEF Timeout =
120</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># Where the "file" command is installed.<BR># This
is used for checking the content type of files, regardless of their<BR>#
filename.<BR># To disable Filetype checking, set this value to blank.<BR>File
Command = /usr/bin/file</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># The maximum length of time the "file" command is
allowed to run for 1<BR># batch of messages (in seconds)<BR>File Timeout =
20</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># The maximum size of any message including the
headers. If this is set to<BR># zero, then no size checking is done.<BR># This
can also be the filename of a ruleset, so you can have different<BR># settings
for different users. You might want to set this quite small for<BR># dialup
users so their email applications don't time out downloading huge<BR>#
messages.<BR>Maximum Message Size = 0</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><BR><FONT face=Arial size=2>#<BR># Virus Scanning and Vulnerability
Testing<BR># ----------------------------------------<BR>#</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># Do you want to scan email for viruses?<BR># A few
people don't have a virus scanner licence and so want to disable<BR># all the
virus scanning.<BR># NOTE: This switch actually switches on/off all processing
of the email<BR># messages. If you just want
to switch off actual virus scanning,<BR>#
then set "Virus Scanners = none" instead.<BR>#<BR># If you want to be able to
switch scanning on/off for different users or<BR># different domains, set this
to the filename of a ruleset.<BR># This can also be the filename of a
ruleset.<BR>Virus Scanning = yes</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># Which Virus Scanning package to use:<BR>#
sophos from </FONT><A href="http://www.sophos.com"><FONT
face=Arial size=2>www.sophos.com</FONT></A><FONT face=Arial size=2>, or<BR>#
sophossavi (also from </FONT><A href="http://www.sophos.com"><FONT face=Arial
size=2>www.sophos.com</FONT></A><FONT face=Arial size=2>, using the SAVI perl
module), or<BR># mcafee from </FONT><A
href="http://www.mcafee.com"><FONT face=Arial
size=2>www.mcafee.com</FONT></A><FONT face=Arial size=2>, or<BR>#
command from </FONT><A href="http://www.command.co.uk"><FONT
face=Arial size=2>www.command.co.uk</FONT></A><FONT face=Arial size=2>, or<BR>#
kaspersky from </FONT><A href="http://www.kaspersky.com"><FONT face=Arial
size=2>www.kaspersky.com</FONT></A><FONT face=Arial size=2>, or<BR>#
kavdaemonclient from </FONT><A href="http://www.kaspersky.com"><FONT face=Arial
size=2>www.kaspersky.com</FONT></A><FONT face=Arial size=2>, or<BR>#
etrust from </FONT><A
href="http://www3.ca.com/Solutions/Product.asp?ID=156"><FONT face=Arial
size=2>http://www3.ca.com/Solutions/Product.asp?ID=156</FONT></A><FONT
face=Arial size=2>, or<BR># inoculate from </FONT><A
href="http://www.cai.com/products/inoculateit.htm"><FONT face=Arial
size=2>www.cai.com/products/inoculateit.htm</FONT></A><FONT face=Arial size=2>,
or<BR># inoculan from </FONT><A
href="ftp://ftp.ca.com/pub/getbbs/linux.eng/inoctar.LINUX.Z"><FONT face=Arial
size=2>ftp.ca.com/pub/getbbs/linux.eng/inoctar.LINUX.Z</FONT></A><FONT
face=Arial size=2>, or<BR># nod32 from </FONT><A
href="http://www.nod32.com"><FONT face=Arial
size=2>www.nod32.com</FONT></A><FONT face=Arial size=2>, or<BR># f-secure
from </FONT><A href="http://www.f-secure.com"><FONT face=Arial
size=2>www.f-secure.com</FONT></A><FONT face=Arial size=2>, or<BR>#
f-prot from </FONT><A href="http://www.f-prot.com"><FONT
face=Arial size=2>www.f-prot.com</FONT></A><FONT face=Arial size=2>, or<BR>#
panda from </FONT><A
href="http://www.pandasoftware.com"><FONT face=Arial
size=2>www.pandasoftware.com</FONT></A><FONT face=Arial size=2>, or<BR>#
rav from </FONT><A
href="http://www.ravantivirus.com"><FONT face=Arial
size=2>www.ravantivirus.com</FONT></A><FONT face=Arial size=2>, or<BR>#
antivir from </FONT><A href="http://www.antivir.de"><FONT face=Arial
size=2>www.antivir.de</FONT></A><FONT face=Arial size=2>, or<BR>#
clamav from clamav.elektrapro.com, or<BR>#
trend from </FONT><A
href="http://www.trendmicro.com"><FONT face=Arial
size=2>www.trendmicro.com</FONT></A><FONT face=Arial size=2>, or<BR>#
none (no virus scanning at all)<BR>#<BR># Note for
McAfee users: do not use any symlinks with McAfee at all. It
is<BR>#
very strange but may not detect all viruses
when<BR>#
started from a symlink or scanning a directory
path<BR>#
including symlinks.<BR>#<BR># Note: If you want to use multiple virus scanners,
then this should be a<BR># space-separated list of virus scanners. For
example:<BR># Virus Scanners = sophos f-prot mcafee<BR>#<BR># Note: Make sure
that you check that the base installation directory in
the<BR># 3rd column of virus.scanners.conf
matches the location you have<BR># installed
each of your virus scanners. The
supplied<BR># virus.scanners.conf file
assumes the default installation
locations<BR># recommended by each of the
virus scanner installation guides.<BR>#<BR>Virus Scanners = f-prot</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># The maximum length of time the commercial virus
scanner is allowed to run<BR># for 1 batch of messages (in seconds).<BR>Virus
Scanner Timeout = 300</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># Should I attempt to disinfect infected
attachments and then deliver<BR># the clean ones. "Disinfection" involves
removing viruses from files<BR># (such as removing macro viruses from
documents). "Cleaning" is the<BR># replacement of infected attachments with
"VirusWarning.txt" text<BR># attachments.<BR># This can also be the filename of
a ruleset.<BR>Deliver Disinfected Files = yes</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># Strings listed here will be searched for in the
output of the virus scanners.<BR># It is used to list which viruses should be
handled differently from other<BR># viruses. If a virus name is given here,
then<BR># 1) The sender will not be warned that he sent it<BR># 2) No attempt at
true disinfection will take place<BR># (but it will still be
"cleaned" by removing the nasty attachments<BR># from
the message)<BR># 3) The recipient will not receive the
message,<BR># unless the "Still Deliver Silent Viruses" option
is set<BR># Other words that can be put in this list are the 3 special
keywords<BR># HTML-IFrame : inserting this will
stop senders being warned
about<BR>#
HTML Iframe tags, when they are not allowed.<BR>#
HTML-Codebase : inserting this will stop senders being warned
about<BR>#
HTML Object Codebase tags, when they are not allowed.<BR>#
HTML-Form : inserting this will stop senders being
warned
about<BR>#
HTML Form tags, when they are not allowed.<BR>#
All-Viruses : inserting this will stop senders being warned
about<BR>#
any virus, while still allowing you to warn
senders<BR>#
about HTML-based attacks.<BR>#<BR># This can also be the filename of a
ruleset.<BR>Silent Viruses = HTML-IFrame Klez Yaha-E Bugbear Braid-A WinEvar
Palyh Sobig Fizzer Ganda Mimail</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># Still deliver (after cleaning) messages that
contained viruses listed<BR># in the above option ("Silent Viruses") to the
recipient?<BR># Setting this to "yes" is good because it shows management that
MailScanner<BR># is protecting them, but it is bad because they have to
filter/delete all<BR># the incoming virus warnings.<BR># This can also be the
filename of a ruleset.<BR>Still Deliver Silent Viruses = yes</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># Should encrypted messages be blocked?<BR># This
is useful if you are wary about your users sending encrypted<BR># messages to
your competition.<BR># This can be a ruleset so you can block encrypted message
to certain domains.<BR>Block Encrypted Messages = no</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># Should unencrypted messages be blocked?<BR># This
could be used to ensure all your users send messages outside your<BR># company
encrypted to avoid snooping of mail to your business partners.<BR># This can be
a ruleset so you can just check mail to certain users/domains.<BR>Block
Unencrypted Messages = no</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>#<BR># Options specific to Sophos Anti-Virus<BR>#
-------------------------------------<BR>#</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># Anything on the next line that appears in
brackets at the end of a line<BR># of output from Sophos will cause the
error/infection to be ignored.<BR># Use of this option is dangerous, and should
only be used if you are having<BR># trouble with lots of corrupt PDF files, for
example.<BR># If you need to specify more than 1 string to find in the error
message,<BR># then put each string in quotes and separate them with a
comma.<BR># For example:<BR>#Allowed Sophos Error Messages = "corrupt", "format
not supported"</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><BR><FONT face=Arial size=2># The directory (or a link to it) containing
all the Sophos *.ide files.<BR># This is only used by the "sophossavi" virus
scanner, and is irrelevant<BR># for all other scanners.<BR>Sophos IDE Dir =
/usr/local/Sophos/ide</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># The directory (or a link to it) containing all
the Sophos *.so libraries.<BR># This is only used by the "sophossavi" virus
scanner, and is irrelevant<BR># for all other scanners.<BR>Sophos Lib Dir =
/usr/local/Sophos/lib</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># SophosSAVI only: monitor each of these files for
changes in size to<BR># detect when a Sophos update has happened. The date of
the Sophos Lib Dir<BR># is also monitored.<BR># This is only used by the
"sophossavi" virus scanner, not the "sophos"<BR># scanner setting.<BR>#Monitors
For Sophos Updates = /usr/local/Sophos/ide/*ides.zip</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>#<BR># Removing/Logging dangerous or potentially
offensive content<BR>#
-----------------------------------------------------------<BR>#</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># Do you want to allow partial messages, which only
contain a fraction of<BR># the attachments, not the whole thing? There is
absolutely no way to<BR># scan these "partial messages" properly for viruses, as
MailScanner never<BR># sees all of the attachment at the same time. Enabling
this option can<BR># allow viruses through. You have been warned.<BR># This can
also be the filename of a ruleset so you can, for example, allow<BR># them in
outgoing mail but not in incoming mail.<BR>Allow Partial Messages =
no</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># Do you want to allow messages whose body is
stored somewhere else on the<BR># internet, which is downloaded separately by
the user's email package?<BR># There is no way to guarantee that the file
fetched by the user's email<BR># package is free from viruses, as MailScanner
never sees it.<BR># This feature is dangerous as it can allow viruses to be
fetched from<BR># other Internet sites by a user's email package. The user would
just<BR># think it was a normal email attachment and would have been scanned
by<BR># MailScanner.<BR># It is only currently supported by Netscape 6 anyway,
and the only people<BR># who it are the IETF. So I would strongly advise leaving
this switched off.<BR># This can also be the filename of a ruleset.<BR>Allow
External Message Bodies = no</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># Do you want to allow <IFrame> tags in email
messages? This is not a good<BR># idea as it allows various Microsoft Outlook
security vulnerabilities to<BR># remain unprotected, but if you have a load of
mailing lists sending them,<BR># then you will want to allow them to keep your
users happy.<BR># This can also be the filename of a ruleset, so you can allow
them from<BR># known mailing lists but ban them from everywhere else.<BR>Allow
IFrame Tags = no</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># Banning <IFrame> tags completely is likely
to break some common HTML<BR># mailing lists, such as Dilbert and other
important things like that.<BR># So before you implement any restriction on
them, you can log the sender<BR># of any message containing an <IFrame>,
so that you can set the option<BR># above to be a ruleset allowing IFrame tags
from named "From" addresses<BR># and banning all others.<BR># This can also be
the filename of a ruleset.<BR>Log IFrame Tags = no</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># Do you want to allow <Form> tags in email
messages? This is a bad idea<BR># as these are used as scams to pursuade people
to part with credit card<BR># information and other personal data.<BR># This can
also be the filename of a ruleset.<BR>Allow Form Tags = no</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># Do you want to allow <Object Codebase=...>
tags in email messages?<BR># This is a bad idea as it leaves you unprotected
against various<BR># Microsoft-specific security vulnerabilities. But if your
users demand<BR># it, you can do it.<BR># This can also be the filename of a
ruleset, so you can allow them just<BR># for specific users or domains.<BR>Allow
Object Codebase Tags = no</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># Do you want to convert HTML messages containing
<IFrame> or<BR># <Object Codebase=...> tags into plain text?<BR>#
This will only apply if you are also allowing the tags to be present<BR># using
the configuration options above. You can allow messages<BR># that contain the
tags, but convert them to plain text. This makes<BR># the HTML harmless, while
still allowing your users to see the text<BR># content of the messages.<BR>#
This can also be the filename of a ruleset, so you can make this apply<BR># only
to specific users or domains.<BR>Convert Dangerous HTML To Text =
no</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># Do you want to convert all HTML messages into
plain text?<BR># This is very useful for users who are children or are easily
offended<BR># by nasty things like pornographic spam.<BR># This can also be the
filename of a ruleset, so you can switch this<BR># feature on and off for
particular users or domains.<BR>Convert HTML To Text = no</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>#<BR># Attachment Filename Checking<BR>#
----------------------------<BR>#</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># Set where to find the attachment filename
ruleset.<BR># The structure of this file is explained elsewhere, but it is used
to<BR># accept or reject file attachments based on their name, regardless
of<BR># whether they are infected or not.<BR>#<BR># This can also point to a
ruleset, but the ruleset filename must end in<BR># ".rules" so that MailScanner
can determine if the filename given is<BR># a ruleset or not!<BR>Filename Rules
= /etc/MailScanner/filename.rules.conf</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># Set where to find the attachment filetype
ruleset.<BR># The structure of this file is explained elsewhere, but it is used
to<BR># accept or reject file attachments based on their content as
determined<BR># by the "file" command, regardless of whether they are infected
or not.<BR>#<BR># This can also point to a ruleset, but the ruleset filename
must end in<BR># ".rules" so that MailScanner can determine if the filename
given is<BR># a ruleset or not!<BR>#<BR># To disable this feature, set this to
just "Filetype Rules =" or set<BR># the location of the file command to a blank
string.<BR>Filetype Rules = /etc/MailScanner/filetype.rules.conf</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>#<BR># Reports and Responses<BR>#
---------------------<BR>#</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># Do you want to store copies of the infected
attachments and messages?<BR># This can also be the filename of a
ruleset.<BR>Quarantine Infections = yes</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># Do you want to quarantine the original *entire*
message as well as<BR># just the infected attachments?<BR># This can also be the
filename of a ruleset.<BR>Quarantine Whole Message = no</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># When you quarantine an entire message, do you
want to store it as<BR># raw mail queue files (so you can easily send them onto
users) or<BR># as human-readable files (header then body in 1
file)?<BR>Quarantine Whole Messages As Queue Files = no</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># Set where to find all the strings used so they
can be translated into<BR># your local language.<BR># This can also be the
filename of a ruleset so you can produce different<BR># languages for different
messages.<BR>Language Strings =
/etc/MailScanner/reports/fr/languages.conf</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># Set where to find the message text sent to users
when one of their<BR># attachments has been deleted from a message.<BR># These
can also be the filenames of rulesets.<BR>Deleted Bad Content Message
Report = %report-dir%/deleted.content.message.txt<BR>Deleted Bad Filename
Message Report =
/etc/MailScanner/reports/fr/deleted.filename.message.txt<BR>Deleted Virus
Message Report =
/etc/MailScanner/reports/fr/deleted.virus.message.txt</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># Set where to find the message text sent to users
when one of their<BR># attachments has been deleted from a message and stored in
the quarantine.<BR># These can also be the filenames of rulesets.<BR>Stored Bad
Content Message Report = %report-dir%/stored.content.message.txt<BR>Stored
Bad Filename Message Report =
/etc/MailScanner/reports/fr/stored.filename.message.txt<BR>Stored Virus Message
Report = /etc/MailScanner/reports/fr/stored.virus.message.txt</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># Set where to find the message text sent to users
explaining about the<BR># attached disinfected documents.<BR># This can also be
the filename of a ruleset.<BR>Disinfected Report =
/etc/MailScanner/reports/fr/disinfected.report.txt</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># Set where to find the HTML and text versions that
will be added to the<BR># end of all clean messages, if "Sign Clean Messages" is
set.<BR># These can also be the filenames of rulesets.<BR>Inline HTML Signature
= /etc/MailScanner/reports/fr/inline.sig.html<BR>Inline Text Signature =
/etc/MailScanner/reports/fr/inline.sig.txt</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># Set where to find the HTML and text versions that
will be inserted at<BR># the top of messages that have had viruses removed from
them.<BR># These can also be the filenames of rulesets.<BR>Inline HTML Warning =
/etc/MailScanner/reports/fr/inline.warning.html<BR>Inline TEXT Warning =
/etc/MailScanner/reports/fr/inline.warning.txt</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># Set where to find the messages that are delivered
to the sender, when they<BR># sent an email containing either an error, banned
content, a banned filename<BR># or a virus infection.<BR># These can also be the
filenames of rulesets.<BR>Sender Content Report =
/etc/MailScanner/reports/fr/sender.content.report.txt<BR>Sender Error Report =
/etc/MailScanner/reports/fr/sender.error.report.txt<BR>Sender Bad Filename
Report = /etc/MailScanner/reports/fr/sender.filename.report.txt<BR>Sender Virus
Report = /etc/MailScanner/reports/fr/sender.virus.report.txt</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># Hide the directory path from all virus scanner
reports sent to users.<BR># The extra directory paths give away information
about your setup, and<BR># tend to just confuse users.<BR># This can also be the
filename of a ruleset.<BR>Hide Incoming Work Dir = yes</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># Include the name of the virus scanner in each of
the scanner reports.<BR># This also includes the translation of "MailScanner" in
each of the report<BR># lines resulting from one of MailScanner's own checks
such as filename,<BR># filetype or dangerous HTML content. To change the name
"MailScanner", look<BR># in reports/...../languages.conf.<BR>#<BR># Very useful
if you use several virus scanners, but a bad idea if you<BR># don't want to let
your customers know which scanners you use.<BR>Include Scanner Name In Reports =
no</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>#<BR># Changes to Message Headers<BR>#
--------------------------<BR>#</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># Add this extra header to all mail as it is
processed.<BR># This *must* include the colon ":" at the end.<BR># This can also
be the filename of a ruleset.<BR>Mail Header = X-Oieau-MailScanner:</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># Add this extra header to all messages found to be
spam.<BR># This can also be the filename of a ruleset.<BR>Spam Header =
X-Oieau-MailScanner-SpamCheck:</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># Add this extra header if "Spam Score" = yes. The
header will<BR># contain 1 character for every point of the SpamAssassin
score.<BR>Spam Score Header = X-Oieau-MailScanner-SpamScore:</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># Add this extra header to all mail as it is
processed.<BR># The contents is set by "Information Header Value" and is
intended for<BR># you to be able to insert a help URL for your users.<BR># If
you don't want an information header at all, just comment out this<BR># setting
or set it to be blank.<BR># This can also be the filename of a
ruleset.<BR>Information Header = X-oieau-MailScanner-Information:</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># The character to use in the "Spam Score
Header".<BR># Don't use: x as a score of 3 is "xxx" which the users will think
is porn,<BR>#
# as it will cause confusion with comments in procmail as
well<BR>#
as MailScanner
itself,<BR># *
as it will cause confusion with pattern matches in
procmail,<BR>#
. as it will cause confusion with pattern matches in
procmail,<BR>#
? as it will cause the users to think something went wrong.<BR># "s" is nice and
safe and stands for "spam".<BR>Spam Score Character = s</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># Set the "Mail Header" to these values for
clean/infected/disinfected messages.<BR># This can also be the filename of a
ruleset.<BR>Clean Header Value = Non infecté<BR>Infected Header Value =
Infecté<BR>Disinfected Header Value = Désinfecté</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># Set the "Information Header" to this value.<BR>#
This can also be the filename of a ruleset.<BR>Information Header Value =
Contactez votre ISP pour plus de détails</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># Do you want the full spam report, or just a
simple "spam / not spam" report?<BR>Detailed Spam Report = yes</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># Do you want to include the numerical scores in
the detailed SpamAssassin<BR># report, or just list the names of the
scores<BR>Include Scores In SpamAssassin Report = yes</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># What to do when you get several MailScanner
headers in one message,<BR># from multiple MailScanner servers. Values
are<BR># "append" : Append the new data to
the existing header<BR>#
"add" : Add a new
header<BR># "replace" : Replace the old data with
the new data<BR># Default is "append"<BR># This can also be the filename of a
ruleset.<BR>Multiple Headers = append</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># Name of this host, or a name like "the
MailScanner" if you want to hide<BR># the real hostname. It is used in the Help
Desk note contained in the<BR># virus warnings sent to users.<BR># This can also
be the filename of a ruleset.<BR>Hostname = the MailScanner</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># If this is "no", then (as far as possible)
messages which have already<BR># been processed by another MailScanner server
will not have the clean<BR># signature added to the message. This prevents
messages getting many<BR># copies of the signature as they flow through your
site.<BR># This can also be the filename of a ruleset.<BR>Sign Messages Already
Processed = no</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># Add the "Inline HTML Signature" or "Inline Text
Signature" to the end<BR># of uninfected messages?<BR># This can also be the
filename of a ruleset.<BR>Sign Clean Messages = yes</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># Add the "Inline HTML Warning" or "Inline Text
Warning" to the top of<BR># messages that have had attachments removed from
them?<BR># This can also be the filename of a ruleset.<BR>Mark Infected Messages
= yes</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># When a message is to not be virus-scanned (which
may happen depending<BR># upon the setting of "Virus Scanning", especially if it
is a ruleset),<BR># do you want to add the header advising the users to get
their email<BR># virus-scanned by you?<BR># Very good for advertising your
MailScanning service and encouraging<BR># users to give you some more money and
sign up to virus scanning.<BR># This can also be the filename of a
ruleset.<BR>Mark Unscanned Messages = no</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># This is the text used by the "Mark Unscanned
Messages" option above.<BR># This can also be the filename of a
ruleset.<BR>Unscanned Header Value = Non scanné: Contactez votre fournisseur de
service E-Mail pour plus de détails</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># Do you want to deliver messages once they have
been cleaned of any<BR># viruses?<BR># By making this a ruleset, you can
re-create the "Deliver From Local"<BR># facility of previous
versions.<BR>Deliver Cleaned Messages = yes</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>#<BR># Notifications back to the senders of blocked
messages<BR>#
-----------------------------------------------------<BR>#</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># Do you want to notify the people who sent you
messages containing<BR># viruses or badly-named filenames?<BR># The default
value has been changed to "no" as most viruses now fake<BR># sender addresses
and therefore should be on the "Silent Viruses" list.<BR># This can also be the
filename of a ruleset.<BR>Notify Senders = yes</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># *If* "Notify Senders" is set to yes, do you want
to notify people<BR># who sent you messages containing viruses?<BR># This can
also be the filename of a ruleset.<BR>Notify Senders Of Viruses =
yes</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># *If* "Notify Senders" is set to yes, do you want
to notify people<BR># who sent you messages containing attachments that are
blocked due to<BR># their filename or file contents?<BR># This can also be the
filename of a ruleset.<BR>Notify Senders Of Blocked Filenames Or Filetypes =
yes</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># *If* "Notify Senders" is set to yes, do you want
to notify people<BR># who sent you messages containing other blocked content,
such as<BR># partial messages or messages with external bodies?<BR># This can
also be the filename of a ruleset.<BR>Notify Senders Of Other Blocked Content =
yes</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># If you supply a space-separated list of message
"precedence" settings,<BR># then senders of those messages will not be warned
about anything you<BR># rejected. This is particularly suitable for mailing
lists, so that any<BR># MailScanner responses do not get sent to the entire
list.<BR>Never Notify Senders Of Precedence = list bulk</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>#<BR># Changes to the Subject: line<BR>#
----------------------------<BR>#</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># When the message has been scanned but no other
subject line changes<BR># have happened, do you want modify the subject
line?<BR># This can be 1 of 3 values:<BR>#
no = Do not modify the subject line,
or<BR># start = Add text to the start of the
subject line, or<BR># end = Add text
to the end of the subject line.<BR># This makes very good advertising of your
MailScanning service.<BR># This can also be the filename of a
ruleset.<BR>Scanned Modify Subject = no # start</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># This is the text to add to the start/end of the
subject line if the<BR># "Scanned Modify Subject" option is set.<BR># This can
also be the filename of a ruleset.<BR>Scanned Subject Text =
{Scanné}</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># If the message contained a virus, do you want to
modify the subject line?<BR># This makes filtering in Outlook very easy.<BR>#
This can also be the filename of a ruleset.<BR>Virus Modify Subject =
yes</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># This is the text to add to the start of the
subject if the<BR># "Virus Modify Subject" option is set.<BR># This can also be
the filename of a ruleset.<BR>Virus Subject Text = {Virus?}</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># If an attachment triggered a filename check, but
there was nothing<BR># else wrong with the message, do you want to modify the
subject line?<BR># This makes filtering in Outlook very easy.<BR># This can also
be the filename of a ruleset.<BR>Filename Modify Subject = yes</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># This is the text to add to the start of the
subject if the<BR># "Filename Modify Subject" option is set.<BR># You might want
to change this so your users can see at a glance<BR># whether it just was just
the filename that MailScanner rejected.<BR># This can also be the filename of a
ruleset.<BR>Filename Subject Text = {Nom de fichier?}</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># If an attachment triggered a content check, but
there was nothing<BR># else wrong with the message, do you want to modify the
subject line?<BR># This makes filtering in Outlook very easy.<BR># This can also
be the filename of a ruleset.<BR>Content Modify Subject = yes</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># This is the text to add to the start of the
subject if the<BR># "Content Modify Subject" option is set.<BR># You might want
to change this so your users can see at a glance<BR># whether it just was just
the content that MailScanner rejected.<BR># This can also be the filename of a
ruleset.<BR>Content Subject Text = {Dangerous Content?}</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># If the message is spam, do you want to modify the
subject line?<BR># This makes filtering in Outlook very easy.<BR># This can also
be the filename of a ruleset.<BR>Spam Modify Subject = yes</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># This is the text to add to the start of the
subject if the<BR># "Spam Modify Subject" option is set.<BR># This can also be
the filename of a ruleset.<BR>Spam Subject Text = {Polluriel?}</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># This is just like the "Spam Modify Subject"
option above, except that<BR># it applies then the score from SpamAssassin is
higher than the<BR># "High SpamAssassin Score" value.<BR>High Scoring Spam
Modify Subject = yes</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># This is just like the "Spam Subject Text" option
above, except that<BR># it applies then the score from SpamAssassin is higher
than the<BR># "High SpamAssassin Score" value.<BR>High Scoring Spam Subject Text
= {Polluriel de haut niveau?}</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>#<BR># Changes to the Message Body<BR>#
---------------------------<BR>#</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># When a virus or attachment is replaced by a
plain-text warning,<BR># should the warning be in an attachment? If "no" then it
will be<BR># placed in-line. This can also be the filename of a
ruleset.<BR>Warning Is Attachment = no</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># When a virus or attachment is replaced by a
plain-text warning,<BR># and that warning is an attachment, this is the filename
of the<BR># new attachment.<BR># This can also be the filename of a
ruleset.<BR>Attachment Warning Filename = VirusWarning.txt</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># What character set do you want to use for the
attachment that<BR># replaces viruses (VirusWarning.txt)?<BR># The default is
"us-ascii" but if you speak anything other than<BR># English, you will probably
want "ISO-8859-1" instead.<BR># This can also be the filename of a
ruleset.<BR>Attachment Encoding Charset = ISO-8859-1</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>#<BR># Mail Archiving and Monitoring<BR>#
-----------------------------<BR>#</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># Space-separated list of any combination of<BR>#
1. email addresses to which mail should be forwarded,<BR># 2. directory names
where you want mail to be stored,<BR># 3. file names (they must already exist!)
to which mail will be appended<BR># in "mbox" format suitable
for most Unix mail systems.<BR>#<BR># If you give this option a ruleset, you can
control exactly whose mail<BR># is archived or forwarded. If you do this, beware
of the legal implications<BR># as this could be deemed to be illegal
interception unless the police have<BR># asked you to do this.<BR>#Archive Mail
= #Archive Mail = /var/spool/MailScanner/archive<BR>#Archive Mail =
/var/spool/MailScanner/archive<BR>Archive Mail = no</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>#<BR># Notices to System Administrators<BR>#
--------------------------------<BR>#</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># Notify the local system administrators ("Notices
To") when any infections<BR># are found?<BR># This can also be the filename of a
ruleset.<BR>Send Notices = yes</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># Include the full headers of each message in the
notices sent to the local<BR># system administrators?<BR># This can also be the
filename of a ruleset.<BR>Notices Include Full Headers = no</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># Hide the directory path from all the system
administrator notices.<BR># The extra directory paths give away information
about your setup, and<BR># tend to just confuse users but are still useful for
local sys admins.<BR># This can also be the filename of a ruleset.<BR>Hide
Incoming Work Dir in Notices = no</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># What signature to add to the bottom of the
notices.<BR># To insert a line-break in there, use the sequence "\n".<BR>Notice
Signature = -- \nMailScanner\nEmail Virus
Scanner\nwww.mailscanner.info</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># The visible part of the email address used in the
"From:" line of the<BR># notices. The <</FONT><A
href="mailto:user@domain"><FONT face=Arial size=2>user@domain</FONT></A><FONT
face=Arial size=2>> part of the email address is set to the<BR># "Local
Postmaster" setting.<BR>Notices From = MailScanner</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># Where to send the notices.<BR># This can also be
the filename of a ruleset.<BR>Notices To = postmaster</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># Address of the local Postmaster, which is used as
the "From" address in<BR># virus warnings sent to users.<BR># This can also be
the filename of a ruleset.<BR>Local Postmaster = postmaster</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>#<BR># Spam Detection and Virus Scanner
Definitions<BR># --------------------------------------------<BR>#</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># This is the name of the file that translates the
names of the "Spam List"<BR># values to the real DNS names of the spam
blacklists.<BR>Spam List Definitions =
/etc/MailScanner/spam.lists.conf</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># This is the name of the file that translates the
names of the virus<BR># scanners into the commands that have to be run to do the
actual scanning.<BR>Virus Scanner Definitions =
/etc/MailScanner/virus.scanners.conf</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>#<BR># Spam Detection and Spam Lists (DNS
blocklists)<BR>#
----------------------------------------------<BR>#</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># Do you want to check messages to see if they are
spam?<BR># Note: If you switch this off then *no* spam checks will be done at
all.<BR># This includes both MailScanner's
own checks and SpamAssassin.<BR># If you
want to just disable the "Spam List" feature then
set<BR># "Spam List =" (i.e. an empty list)
in the setting below.<BR># This can also be the filename of a ruleset.<BR>Spam
Checks = yes</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># This is the list of spam blacklists (RBLs) which
you are using.<BR># See the "Spam List Definitions" file for more information
about what<BR># you can put here.<BR># This can also be the filename of a
ruleset.<BR>Spam List = ORDB-RBL Infinite-Monkeys</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># This is the list of spam domain blacklists which
you are using<BR># (such as the "rfc-ignorant" domains). See the "Spam List
Definitions"<BR># file for more information about what you can put here.<BR>#
This can also be the filename of a ruleset.<BR>Spam Domain List = ORDB-RBL
Infinite-Monkeys</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># If a message appears in at least this number of
"Spam Lists" (as defined<BR># above), then the message will be treated as "High
Scoring Spam" and so<BR># the "High Scoring Spam Actions" will happen. You
probably want to set<BR># this to 2 if you are actually using this feature. 5 is
high enough that<BR># it will never happen unless you use lots of "Spam
Lists".<BR># This can also be the filename of a ruleset.<BR>Spam Lists To Reach
High Score = 8</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># If an individual "Spam List" or "Spam Domain
List" check takes longer<BR># that this (in seconds), the check is abandoned and
the timeout noted.<BR>Spam List Timeout = 10</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># The maximum number of timeouts caused by any
individual "Spam List" or<BR># "Spam Domain List" before it is marked as
"unavailable". Once marked,<BR># the list will be ignored until the next
automatic re-start (see<BR># "Restart Every" for the longest time it will
wait).<BR># This can also be the filename of a ruleset.<BR>Max Spam List
Timeouts = 7</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># Spam Whitelist:<BR># Make this point to a
ruleset, and anything in that ruleset whose value<BR># is "yes" will *never* be
marked as spam.<BR># This can also be the filename of a ruleset.<BR>#Is
Definitely Not Spam = no<BR>Is Definitely Not Spam =
/etc/MailScanner/rules/spam.whitelist.rules</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># Spam Blacklist:<BR># Make this point to a
ruleset, and anything in that ruleset whose value<BR># is "yes" will *always* be
marked as spam.<BR># This can also be the filename of a ruleset.<BR>Is
Definitely Spam = no</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># Setting this to yes means that spam found in the
blacklist is treated<BR># as "High Scoring Spam" in the "Spam Actions" section
below. Setting it<BR># to no means that it will be treated as "normal"
spam.<BR># This can also be the filename of a ruleset.<BR>Definite Spam Is High
Scoring = no</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>#<BR># SpamAssassin<BR>#
------------<BR>#</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># Do you want to find spam using the "SpamAssassin"
package?<BR># This can also be the filename of a ruleset.<BR>Use SpamAssassin =
yes</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># SpamAssassin is not very fast when scanning huge
messages, so messages<BR># bigger than this value will be truncated to this
length for SpamAssassin<BR># testing. The original message will not be affected
by this. This value<BR># is a good compromise as very few spam messages are
bigger than this.<BR>Max SpamAssassin Size = 50000</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># This replaces the SpamAssassin configuration
value 'required_hits'.<BR># If a message achieves a SpamAssassin score higher
than this value,<BR># it is spam. See also the High SpamAssassin Score
configuration option.<BR># This can also be the filename of a ruleset, so the
SpamAssassin<BR># required_hits value can be set to different values for
different messages.<BR>Required SpamAssassin Score = 5</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># If a message achieves a SpamAssassin score higher
than this value,<BR># then the "High Scoring Spam Actions" are used. You may
want to use<BR># this to deliver moderate scores, while deleting very high
scoring messsages.<BR># This can also be the filename of a ruleset.<BR>High
SpamAssassin Score = 8</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># Set this option to "yes" to enable the automatic
whitelisting functions<BR># available within SpamAssassin. This will cause
addresses from which you<BR># get real mail, to be marked so that it will never
incorrectly spam-tag<BR># messages from those addresses.<BR>SpamAssassin Auto
Whitelist = yes</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># Set the location of the SpamAssassin user_prefs
file. If you want to<BR># stop SpamAssassin doing all the RBL checks again, then
you can add<BR># "skip_rbl_checks = 1" to this prefs file.<BR>SpamAssassin Prefs
File = /etc/MailScanner/spam.assassin.prefs.conf</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># If SpamAssassin takes longer than this (in
seconds), the check is<BR># abandoned and the timeout noted.<BR>SpamAssassin
Timeout = 40</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># If SpamAssassin times out more times in a row
than this, then it will be<BR># marked as "unavailable" until MailScanner next
re-starts itself.<BR># This means that remote network failures causing
SpamAssassin trouble will<BR># not mean your mail stops flowing.<BR>Max
SpamAssassin Timeouts = 20</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># If the message sender is on any of the Spam
Lists, do you still want<BR># to do the SpamAssassin checks? Setting this to
"no" will reduce the load<BR># on your server, but will stop the High Scoring
Spam Actions from ever<BR># happening.<BR># This can also be the filename of a
ruleset.<BR>Check SpamAssassin If On Spam List = yes</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># Do you want to always include the Spam Report in
the SpamCheck<BR># header, even if the message wasn't spam?<BR># This can also
be the filename of a ruleset.<BR>Always Include SpamAssassin Report =
no</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># Do you want to include the "Spam Score" header.
This shows 1 character<BR># (Spam Score Character) for every point of the
SpamAssassin score. This<BR># makes it very easy for users to be able to filter
their mail using<BR># whatever SpamAssassin threshold they want. For example,
they just look<BR># for "sssss" for every message whose score is > 5, for
example.<BR># This can also be the filename of a ruleset.<BR>Spam Score =
yes</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>#<BR># What to do with spam<BR>#
--------------------<BR>#</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># This is a list of actions to take when a message
is spam.<BR># It can be any combination of the following:<BR>#
deliver
- deliver the message as normal<BR>#
delete
- delete the message<BR>#
store
- store the message in the quarantine<BR>#
bounce
- send a rejection message back to the sender<BR># forward
</FONT><A href="mailto:user@domain.com"><FONT face=Arial
size=2>user@domain.com</FONT></A><FONT face=Arial size=2> - forward a copy of
the message to </FONT><A href="mailto:user@domain.com"><FONT face=Arial
size=2>user@domain.com</FONT></A><BR><FONT face=Arial size=2>#
striphtml
- convert all in-line HTML content to plain
text.<BR>#
You need to specify "deliver" as well for
the<BR>#
message to reach the original recipient.<BR>#
attachment
- Convert the original message into an
attachment<BR>#
of the message. This means the user has to
take<BR>#
an extra step to open the spam, and stops
"web<BR>#
bugs" very effectively.<BR>#<BR># Note that the bounce message is created in
such a way as to stop it<BR># bouncing back to your site.<BR>#<BR># This can
also be the filename of a ruleset.<BR>#Spam Actions = store forward </FONT><A
href="mailto:anonymous@ecs.soton.ac.uk"><FONT face=Arial
size=2>anonymous@ecs.soton.ac.uk</FONT></A><FONT face=Arial size=2>
bounce<BR>Spam Actions = deliver</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># This is just like the "Spam Actions" option
above, except that it applies<BR># then the score from SpamAssassin is higher
than the "High SpamAssassin Score"<BR># value.<BR>#
deliver
- deliver the message as normal<BR>#
delete
- delete the message<BR>#
store
- store the message in the quarantine<BR>#
bounce
- send a rejection message back to the sender<BR># forward
</FONT><A href="mailto:user@domain.com"><FONT face=Arial
size=2>user@domain.com</FONT></A><FONT face=Arial size=2> - forward a copy of
the message to </FONT><A href="mailto:user@domain.com"><FONT face=Arial
size=2>user@domain.com</FONT></A><BR><FONT face=Arial size=2>#
striphtml
- convert all in-line HTML content to plain
text.<BR>#
You need to specify "deliver" as well for
the<BR>#
message to reach the original recipient.<BR>#
attachment
- Convert the original message into an
attachment<BR>#
of the message. This means the user has to
take<BR>#
an extra step to open the spam, and stops
"web<BR>#
bugs" very effectively.<BR>#<BR># Note that the bounce message is created in
such a way as to stop it<BR># bouncing back to your site.<BR>#<BR># This can
also be the filename of a ruleset.<BR>High Scoring Spam Actions =
delete</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># This is just like the "Spam Actions" option
above, except that it applies<BR># to messages that are *NOT* spam.<BR># The
available options are the same as for "Spam Actions" except that it<BR># makes
no sense to bounce non-spam.<BR>#
deliver
- deliver the message as normal<BR>#
delete
- delete the message<BR>#
store
- store the message in the quarantine<BR># forward </FONT><A
href="mailto:user@domain.com"><FONT face=Arial
size=2>user@domain.com</FONT></A><FONT face=Arial size=2> - forward a copy of
the message to </FONT><A href="mailto:user@domain.com"><FONT face=Arial
size=2>user@domain.com</FONT></A><BR><FONT face=Arial size=2>#
striphtml
- convert all in-line HTML content to plain text<BR>#<BR># This can also be the
filename of a ruleset.<BR>Non Spam Actions = deliver</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># Set where to find the messages that are delivered
to the sender,<BR># when they have sent a message that was detected as spam and
caused the<BR># "bounce" action to happen. This message is sent with its
envelope<BR># constructed so that the message cannot bounce.<BR>#<BR># There are
3 reports:<BR># Sender Spam
Report - sent when a
message triggers both a
Spam<BR>#
List and SpamAssassin,<BR># Sender Spam List
Report - sent when a message triggers a Spam
List,<BR># Sender SpamAssassin Report - sent when a message
triggers SpamAssassin.<BR>#<BR># These can also be the filenames of
rulesets.<BR>Sender Spam Report =
/etc/MailScanner/reports/fr/sender.spam.report.txt<BR>Sender Spam List Report =
/etc/MailScanner/reports/fr/sender.spam.rbl.report.txt<BR>Sender SpamAssassin
Report = /etc/MailScanner/reports/fr/sender.spam.sa.report.txt</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># If you use the 'attachment' Spam Action or High
Scoring Spam Action<BR># then this is the location of inline spam report that is
inserted at<BR># the top of the message.<BR>Inline Spam Warning =
/etc/MailScanner/reports/fr/inline.spam.warning.txt</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><BR><FONT face=Arial size=2>#<BR># Logging<BR># -------<BR>#</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># This is the syslog "facility" name that
MailScanner uses. If you don't<BR># know what a syslog facility name is, then
either don't change this value<BR># or else go and read "man syslog.conf". The
default value of "mail" will<BR># cause the MailScanner logs to go into the same
place as all your other<BR># mail logs.<BR>Syslog Facility = mail</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># Do you want all spam to be logged? Useful if you
want to gather<BR># spam statistics from your logs, but can increase the system
load quite<BR># a bit if you get a lot of spam.<BR>Log Spam = yes</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># Log all the filenames that are allowed by the
Filename Rules, or just<BR># the filenames that are denied?<BR># This can also
be the filename of a ruleset.<BR>Log Permitted Filenames = no</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># Log all the filenames that are allowed by the
Filetype Rules, or just<BR># the filetypes that are denied?<BR># This can also
be the filename of a ruleset.<BR>Log Permitted Filetypes = no</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>#<BR># Advanced SpamAssassin Settings<BR>#
------------------------------<BR>#<BR># If you are using Postfix you may well
need to use some of the settings<BR># below, as the home directory for the
"postfix" user cannot be written<BR># to by the "postfix" user.<BR># You may
also need to use these if you have installed SpamAssassin<BR># somewhere other
than the default location.<BR>#</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># The per-user files (bayes, auto-whitelist,
user_prefs) are looked<BR># for here and in ~/.spamassassin/. Note the files are
mutable.<BR># If this is unset then no extra places are searched for.<BR># If
using Postfix, you probably want to set this as shown in the example<BR># line
at the end of this comment, and do<BR># mkdir
/var/spool/MailScanner/spamassassin<BR># chown
postfix.postfix /var/spool/MailScanner/spamassassin<BR>#SpamAssassin User State
Dir = /var/spool/MailScanner/spamassassin<BR>SpamAssassin User State Dir =
</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># This setting is useful if SpamAssassin is
installed in an unusual place,<BR># e.g. /opt/MailScanner. The install prefix is
used to find some fallback<BR># directories if neither of the following two
settings work.<BR># If this is set then it adds to the list of places that are
searched;<BR># otherwise it has no effect.<BR>#SpamAssassin Install Prefix =
/opt/MailScanner<BR>SpamAssassin Install Prefix = </FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># The site-local rules are searched for here, and
in prefix/etc/spamassassin,<BR># prefix/etc/mail/spamassassin,
/usr/local/etc/spamassassin, /etc/spamassassin,<BR># /etc/mail/spamassassin, and
maybe others.<BR># If this is set then it adds to the list of places that are
searched;<BR># otherwise it has no effect.<BR>SpamAssassin Local Rules Dir =
</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># The default rules are searched for here, and in
prefix/share/spamassassin,<BR># /usr/local/share/spamassassin,
/usr/share/spamassassin, and maybe others.<BR># If this is set then it adds to
the list of places that are searched;<BR># otherwise it has no
effect.<BR>SpamAssassin Default Rules Dir = </FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># <BR># Advanced Settings<BR>#
-----------------<BR>#<BR># Don't bother changing anything below this unless you
really know<BR># what you are doing, or else if MailScanner has complained
about<BR># your "Minimum Code Status" setting.<BR>#</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># When trying to work out the value of
configuration parameters which are<BR># using a ruleset, this controls the
behaviour when a rule is checking the<BR># "To:" addresses.<BR># If this option
is set to "yes", then the following happens when checking<BR># the
ruleset:<BR># a) 1 recipient. Same behaviour as
normal.<BR># b) Several recipients, but all in the same domain
(domain.com for example).<BR># The rules are
checked for one that matches the string "</FONT><A
href="mailto:*@domain.com"><FONT face=Arial size=2>*@domain.com</FONT></A><FONT
face=Arial size=2>".<BR># c) Several recipients, not all in the same
domain.<BR># The rules are checked for one that
matches the string "*@*".<BR>#<BR># If this option is set to "no", then some
rules will use the result they<BR># get from the first matching rule for any of
the recipients of a message,<BR># so the exact value cannot be predicted for
messages with more than 1<BR># recipient.<BR>#<BR># This value *cannot* be the
filename of a ruleset.<BR>Use Default Rules With Multiple Recipients =
no</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># Set Debug to "yes" to stop it running as a daemon
and just process<BR># one batch of messages and then exit.<BR>Debug =
no</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># Do you want to debug SpamAssassin from within
MailScanner?<BR>Debug SpamAssassin = no</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># This option is intended for people who want to
log more information<BR># about messages than what is put in syslog. It is
intended to be used<BR># with a Custom Function which has the side-effect of
logging information,<BR># perhaps to an SQL database, or any other processing
you want to do<BR># after each message is processed.<BR># Its value is
completely ignored, it is purely there to have side<BR># effects.<BR># If you
want to use it, read CustomConfig.pm.<BR>Always Looked Up Last = no</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># When attempting delivery of outgoing messages,
should we do it in the<BR># background or wait for it to complete? The danger of
doing it in the<BR># background is that the machine load goes ever upwards while
all the<BR># slow sendmail processes run to completion. However, running it in
the<BR># foreground may cause the mail server to run too slowly.<BR>Deliver In
Background = yes</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># Attempt immediate delivery of messages, or just
place them in the outgoing<BR># queue for the MTA to deliver when it wants
to?<BR># batch -- attempt delivery of messages, in
batches of up to 20 at once.<BR># queue -- just
place them in the queue and let the MTA find them.<BR># This can also be the
filename of a ruleset. For example, you could use a<BR># ruleset here so that
messages coming to you are immediately delivered,<BR># while messages going to
any other site are just placed in the queue in<BR># case the remote delivery is
very slow.<BR>Delivery Method = batch</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># Are you using Exim with split spool directories?
If you don't understand<BR># this, the answer is probably "no". Refer to the
Exim documentation for<BR># more information about split spool
directories.<BR>Split Exim Spool = no</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># Where to put the virus scanning engine lock
files.<BR># These lock files are used between MailScanner and the virus
signature<BR># "autoupdate" scripts, to ensure that they aren't both working at
the<BR># same time (which could cause MailScanner to let a virus
through).<BR>Lockfile Dir = /tmp</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># How to lock spool files.<BR># Don't set this
unless you *know* you need to.<BR># For sendmail, it defaults to "flock".<BR>#
For Exim, it defaults to "posix".<BR># No other type is implemented.<BR>Lock
Type = flock</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># Minimum acceptable code stability status -- if we
come across code<BR># that's not at least as stable as this, we barf.<BR># This
is currently only used to check that you don't end up using untested<BR># virus
scanner support code without realising it.<BR># Levels used are:<BR>#
none - there may not even
be any code.<BR># unsupported - code may be completely untested, a
contributed dirty
hack,<BR>#
anything, really.<BR># alpha -
code is pretty well untested. Don't assume it will work.<BR>#
beta - code is tested a
bit. It should work.<BR># supported - code *should* be
reliable.<BR>#<BR># Don't even *think* about setting this to anything other than
"beta" or<BR># "supported" on a system that receives real mail until you have
tested it<BR># yourself and are happy that it is all working as you expect it
to.<BR># Don't set it to anything other than "supported" on a system that
could<BR># ever receive important mail.<BR>#<BR># READ and UNDERSTAND the above
text BEFORE changing this.</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>mail log :</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV>Sep 12 18:42:27 ns1 sendmail[3371]: h8CGgREn003371:
from=<vlgm@oieau.fr>, size=103059, class=0, nrcpts=1,
msgid=<028f01c3794b$f7a50100$a6b239c2@NT2.oieau.fr>, proto=ESMTP,
daemon=MTA, relay=ruisseau.oieau.fr [194.57.178.1]<BR>Sep 12 18:42:28 ns1
MailScanner[3331]: New Batch: Scanning 1 messages, 103761 bytes <BR>Sep 12
18:42:28 ns1 MailScanner[3331]: Spam Checks: Starting <BR>Sep 12 18:42:30 ns1
MailScanner[3331]: Message h8CGgREn003371 from 194.57.178.1 (vlgm@oieau.fr) to
ns1.oieau.fr is polluriel, SpamAssassin (score=8, requis 4, HTML_10_20 1.36,
HTML_MESSAGE 0.10, MICROSOFT_EXECUTABLE 0.10, MIME_MISSING_BOUNDARY 0.16,
RCVD_IN_OSIRUSOFT_COM 0.55, UPPERCASE_25_50 1.24, WEIRD_QUOTING 1.54,
X_OSIRU_OPEN_RELAY 2.90) <BR>Sep 12 18:42:30 ns1 MailScanner[3331]: Spam Checks:
Found 1 spam messages <BR>Sep 12 18:42:30 ns1 MailScanner[3331]: Spam Actions:
message h8CGgREn003371 actions are deliver <BR>Sep 12 18:42:30 ns1
MailScanner[3331]: Virus and Content Scanning: Starting <BR>Sep 12 18:42:30 ns1
MailScanner[3331]:
/var/spool/MailScanner/incoming/3331/h8CGgREn003371/document_9446.pif
Infection: W32/Sobig.F@mm <BR>Sep 12 18:42:30 ns1 MailScanner[3331]: Virus
Scanning: F-Prot found virus W32/Sobig.F@mm <BR>Sep 12 18:42:30 ns1
MailScanner[3331]: Virus Scanning: F-Prot found 1 infections <BR>Sep 12 18:42:30
ns1 MailScanner[3331]: Virus Scanning: Found 1 viruses <BR>Sep 12 18:42:30 ns1
MailScanner[3331]: Filename Checks: Possible MS-Dos program shortcut attack
(document_9446.pif) <BR>Sep 12 18:42:30 ns1 MailScanner[3331]: Filetype Checks:
No executables (document_9446.pif) <BR>Sep 12 18:42:30 ns1 MailScanner[3331]:
Other Checks: Found 2 problems <BR>Sep 12 18:42:30 ns1 MailScanner[3331]: Saved
infected "document_9446.pif" to
/var/spool/MailScanner/quarantine/20030912/h8CGgREn003371 <BR>Sep 12 18:42:30
ns1 MailScanner[3331]: Silent: Delivered 1 messages containing silent viruses
<BR>Sep 12 18:42:30 ns1 sendmail[3383]: h8CGgUpp003383: from=postmaster,
size=608, class=0, nrcpts=1,
msgid=<200309121642.h8CGgUpp003383@ns1.oieau.fr>,
relay=root@localhost<BR>Sep 12 18:42:30 ns1 sendmail[3386]: h8CGgREn003371:
to=<vlgm@ns1.oieau.fr>, delay=00:00:03, xdelay=00:00:00, mailer=local,
pri=120731, dsn=2.0.0, stat=Sent<BR>Sep 12 18:42:30 ns1 sendmail[3388]:
h8CGgUEn003388: from=<postmaster@ns1.oieau.fr>, size=851, class=0,
nrcpts=1, msgid=<200309121642.h8CGgUpp003383@ns1.oieau.fr>, proto=ESMTP,
daemon=MTA, relay=localhost.localdomain [127.0.0.1]<BR>Sep 12 18:42:30 ns1
sendmail[3383]: h8CGgUpp003383: to=postmaster, delay=00:00:00, xdelay=00:00:00,
mailer=relay, pri=30121, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent
(h8CGgUEn003388 Message accepted for delivery)<BR>Sep 12 18:42:30 ns1
MailScanner[3331]: Notices: Warned about 1 messages <BR>Sep 12 18:42:30 ns1
MailScanner[3331]: New Batch: Scanning 1 messages, 1553 bytes <BR>Sep 12
18:42:30 ns1 MailScanner[3331]: Spam Checks: Starting <BR>Sep 12 18:42:31 ns1
MailScanner[3331]: Virus and Content Scanning: Starting <BR>Sep 12 18:42:31 ns1
MailScanner[3331]: Uninfected: Delivered 1 messages <BR>Sep 12 18:42:31 ns1
sendmail[3401]: h8CGgUEn003388: to=vlgm, delay=00:00:01, xdelay=00:00:00,
mailer=local, pri=120364, dsn=2.0.0, stat=Sent<BR>Sep 12 18:42:31 ns1
sendmail[3401]: h8CGgUEn003388: to=lg, delay=00:00:01, xdelay=00:00:00,
mailer=local, pri=120364, dsn=2.0.0, stat=Sent<BR></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>----- Original Message ----- </FONT>
<DIV><FONT face=Arial size=2>From: "Antony Stone" <</FONT><A
href="mailto:Antony@SOFT-SOLUTIONS.CO.UK"><FONT face=Arial
size=2>Antony@SOFT-SOLUTIONS.CO.UK</FONT></A><FONT face=Arial
size=2>></FONT></DIV>
<DIV><FONT face=Arial size=2>To: <</FONT><A
href="mailto:MAILSCANNER@JISCMAIL.AC.UK"><FONT face=Arial
size=2>MAILSCANNER@JISCMAIL.AC.UK</FONT></A><FONT face=Arial
size=2>></FONT></DIV>
<DIV><FONT face=Arial size=2>Sent: Friday, September 12, 2003 6:49
PM</FONT></DIV>
<DIV><FONT face=Arial size=2>Subject: Re: Notify Senders pb</FONT></DIV></DIV>
<DIV><FONT face=Arial><BR><FONT size=2></FONT></FONT></DIV><FONT face=Arial
size=2>> On Friday 12 September 2003 5:00 pm, Vincent LE GOUIC-MARTUN
wrote:<BR>> <BR>> > Hi,<BR>> ><BR>> > I have the "Notify
Senders = yes" parameter, but I never receive a<BR>> > notification of a
virus I send in an e-mail.<BR>> <BR>> Show us the entries from your syslog
when the machine processes such an email.<BR>> <BR>> Also, posting your
MailScanner.conf (minus blank lines and comments) would be<BR>>
helpful.<BR>> <BR>> Regards,<BR>> <BR>> Antony.<BR>> <BR>>
--<BR>> <BR>> This email was created using 100% recycled
electrons.</FONT></BODY></HTML>