The following shows what options the Qmail-Scanner-2.11st (st patch) installation supports:
./configure --help
valid options:
--qs-user <username> (default: qscand)
User that Qmail-Scanner runs as
|
--qs-group <usergroup> (default: same as qs-user)
Group that Qmail-Scanner runs as, qs-user must
be member of this group.
|
--qmaildir <top of qmail> (defaults to /var/qmail/)
--spooldir <spooldir> (defaults to /var/spool/qscan/)
--bindir <installdir> (defaults to /var/qmail/bin/)
Where to install qmail-scanner-queue.pl
|
--setuidgid-path <path to setuidgid program>
Defaults to nothing, the configure script will
search for it, this option is only necessary if
'setuidgid' from daemontools packet is installed
in an unusual path.
|
--admin <username> (default: root)
User to Email alerts to
--domain <domain name>
"user"@"domain" makes up Email address to Email alerts to
--admin-description <"description"> (default: "System Anti-Virus Administrator")
From line information used when making reports, the input
must be quoted. i.e. --admin-description "Antivirus Admin"
--local-domains "one.domain,two.domain"
Defaults to the value of the "--domain" setting.
Comma-separated list (no spaces!) of domains that are
classified as "local". This is needed to ensure alerts
are only sent to local users and not remote when
'--notify "recips"' is chosen. This will drastically
reduce the chance of alerts being sent to mailing-lists.
--scanners <list of installed content scanners>
Defaults to "auto" - will use whatever scanners are found
on system.
Use this option to override "auto" - set to one or more
of the following:
[auto|none|clamscan,clamdscan,sweep,sophie,vscan,trophie,
uvscan,csav,antivir,kavscanner,AvpLinux,kavdaemon,
AvpDaemonClient,fsav,fprot,inocucmd,vexira,bitdefender,
verbose_spamassassin,fast_spamassassin]
Note the special-case "none". This will disable all but
the internal perlscanner module.
--skip-text-msgs [yes|no] (defaults to "yes")
Q-S will skip running any anti-virus scanner on any messages
it works out are text-only. i.e. don't have any attachments.
Set to "no" if you want them to be scanned anyway.
--normalize [yes|no] (defaults to "yes")
This decides if base64/qp attachment
filenames and/or Subject: headers should
be "normalized" back to their decoded form
before being checked against entries in
quarantine-events.txt.
--notify [none|sender|recips|precips|admin|nmladm|nmlvadm|all] (defaults to "psender,nmlvadm")
Comma-separated list (no spaces!) of addresses to which
alerts should be sent to. "nmladm" means only notify
admin for "user infections",
i.e. non-mailing-list mail.
"nmlvadm" is the same as nmladm - except that it also doesn't
notify for viral e-mails.
i.e. just "policy" quarantines get e-mails.
This allows you to still notify people when an e-mail is
blocked due to a policy decision (such as blocking
password-protected zip files), but a message tagged as viral
by an AV system will *not* trigger notification.
Similarly, "psender" means notify the sender only if their
e-mail was blocked for policy reasons.
i.e. if an AV system found a virus, then don't notify the
sender as the address was probably forged.
--silent-viruses "virus1,virus2" (defaults to "auto")
This option allows you to tell Qmail-Scanner *not* to
notify senders when it quarantines one of these viruses.
Viruses such as Klez alter the sender address so that it
has no relation to the actual sender - so there's no point
in responding to Klez messages - it just confuses people.
The admin and recips will still be notified as set
by "--notify". Use this option to override "auto".
By default this is set to:
"klez,bugbear,hybris,yaha,braid,nimda,tanatos,sobig,winevar,
palyh,fizzer,gibe,cailont,lovelorn,swen,dumaru,sober,hawawi,
hawaii,holar-i,mimail,poffer,bagle,worm.galil,mydoom,worm.sco,
tanx,novarg,\@mm,cissy,cissi,qizy,bugler,dloade,netsky,spam"
--dlp-monitor "string1|string2" (defaults to "none")
Using this will cause Q-S to *not* block events that match
this regex.
Typically used in environments where you want to track the
movement of sensitive files/etc outside of your
environment, without blocking
--lang <lang> (defaults to en_GB)
"af_ZA cs_CZ de_DE en_GB enlt_LT enlt_LT_short en_PL es_ES
fr_FR it_IT ja_JP.EUC nl_NL no_NO pl_PL pt_BR pt_PT sv_SE
tr_TR tr_TR_ascii tw_BIG5"
--archive [yes|no|regex] (defaults to "no")
Whether to archive mail after it as been processed.
If "yes", all copies of processed mail will be moved into
the maildir "/var/spool/qmailscan/archives/".
Any other string besides "yes" and "no" will be treated
as a REGEX. Only mail from or to an address that contains
that regex will be archived. e.g. "jhaar|harry" or
"\@our.domain".
Be careful with this option, a badly written regex
will cause Qmail-Scanner to crash.
--redundant [yes|no] (defaults to "yes")
Whether or not to let the scanners also scan any zip files
and the original "raw" Email file.
--unzip [yes|no] (defaults to "no" - off)
Whether or not to forcibly unzip all zip files.
Off by default as most AV's do unzip'ping themselves.
--max-zip-size <number-bytes> (defaults to 1 Gbytes)
This setting allows you to control the maximum size you
are willing to allow zip file attachments to unpack to.
This is to enable you to limit DoS attacks against your
Qmail-Scanner installation (someone could send you a small
zip file that unpacks to Gbytes of useless files - filling
your harddisk). Set to whatever value you think is
appropriate for your system. The default value of 1Gb is
set so large so as not to assume anything about your
system - YOU WILL NEED TO SET THIS VALUE IN ORDER TO GAIN
ANY PROTECTION.
Something like "100000000" (100 Mb) might be appropriate.
--max-unpacked-files <number-files> (defaults to 10000 files)
--max-scan-size <number-bytes> (defaults to 100 Mbytes)
Email messages (raw size) larger than this
number (in bytes) will skip all AV and Spam
scanning checks. It's to stop Q-S scanning
300Mbyte TIFF file messages and the like.
--log-crypto [yes|no] (defaults to "no")
Whether or not to log the presence
of cryptographic (both signing and encrypting)
technologies in the "log-details". Q-S can flag
PGP, S/MIME and password-protected zip files. This
is informational logging only.
--fix-mime [yes|no|num] (defaults to "2")
Whether or not to attempt to "fix" broken MIME messages
before doing anything else. Should be safe, but *may* break
some strange, old mailers (none known yet).
Defaults to "2" enables a bunch of extra MIME checks that
have proven to be very useful.
--ignore-eol-check [yes|no] (defaults to "no")
Making this "yes" stops Qmail-Scanner
from treating "\r" or "\0" chars in the headers of
MIME mail messages as being suspicious enough to quarantine
mail over. Some sites receive so much broken e-mail that this
option has been created so that they can still receive such
messages without having to be as drastic as to "--fix-mime no"
which disables all sorts of other good stuff.
Use only if you have to.
--add-dscr-hdrs [yes|no|all] (defaults to "no")
This adds the now old-fashion X-Qmail-Scanner headers to the
message. "all" adds the "rcpt to" headers too - this is a
privacy hole.
|
--dscr-hdrs-text <"Descrip-Headers-Text"> (defaults to "X-Qmail-Scanner")
Input must be quoted.
i.e. --dscr-hdrs-text "X-Antivirus-MYDOMAIN"
|
--log-details [yes|syslog|no] (defaults to "syslog")
Whether or not to log to mailstats.csv/via syslog the
attachment structure of every Email message.
|
--debug [0|1|2|3|4|5] (defaults:1)
Whether or not debugging is turned on. Can be also set to
a number. Numbers over 100 cause Q-S to not cleanup working
files. Thus allowing for offline debugging...
debug >= 5, all info is logged.
|
--batch
Do not confirm configure information (mainly for scripting)
--install
Create directory paths, install perl script, and
change ownerships to match.
--mime-unpacker "reformime" (defaults to "reformime")
--spamdir <maildir name> (defaults to "spam")
This will be the maildir directory structure
into which spam mails are quarantined
(under /var/spool/qscan/quarantine/spam)
It is possible to set it per user/domain enabling the
feature settings-per-domain, see the docs.
--sa-timeout [num] (defaults to "30")
This is the max number of seconds
you will allow spamc to take on processing
a mail message. Anything longer implies
spamd has hung on some narly DNS lookup
or the like, and will cause QS to give
the message a SPAM score of (?/?)
--sa-faulttolerant [yes|no] (defaults to "no")
This can be used in addition to sa-timeout
as a way of telling Qmail-Scanner to let
SA "have another go" at processing a message
if it was unable to get it right the first time.
It will cause Q-S to run SA up to THREE TIMES
on a particular email - if SA fails to return any
value (in the past this used to lead to Q-S reporting
(?/?)). This can get around emails from far-off domains
that "hang" SA due to DNS lookups - and *may* allow SA
to operate correctly the next time it is called on the same
message. See "--sa-tempfail" for even more
reliability options
--sa-maxsize [num] (defaults to "256000")
This size (in bytes) sets the
max size email that will be
processed by SpamAssassin.
--sa-tempfail [yes|no] (defaults to "yes")
Should Qmail-Scanner treat SpamAssassin
like AV products and tempfail if it
fails to return a score?
|
--settings-per-domain [yes|no] (defaults to "no")
Enable or disable the domain-wise mode, each user/domain
will have a customized settings (@scanner_array and
sa_settings). If the user/domain haven't a custom
settings, qmail-scanner will fall to the defaults
site settings (@scanner_array and sa_site_settings).
--virus-to-delete [yes|no] (defaults to "no")
Enable this option if you want to delete some viruses
(i.e. mydoom) without notifying anyone. If you don't enable
it now, you can later edit qmail-scanner-queue.pl and add
the virus you want to the list virus_to_delete.
--sa-sql [yes|no] (defaults to "no")
Whether to run spamassassin with the 'rcpt to' as option,
only useful if you are running spamassassin with user
settings in mysql.
If you enable 'settings-per-domain' a message with multiples
recipients will be scanned for each recipient with his
own spamassassin settings.
--sa-delta [num] (default: 0)
If $spamc_subject is defined, and fast_spamassassin mode is
selected, a tag will be added to the subject indicating how
the message is to be considered as spam, in this way:
LOW: required_hits < score < required_hits + sa_delta
MEDIUM: required_hits + sa_delta < score < required_hits + 2 * sa_delta
HIGH: required_hits + 2 * sa_delta < score
Be aware, sa_max+2*sa_delta must be lower than sa_quarantine.
'required_hits' is the value set in the SpamAssassin
configuration file.
--sa-subject <"some text"> (defaults to nothing)
This is an alternative way to set the tag that qmail-scanner
add to subject of spam mails, to some text.
Spamassassin must be working in *fast_spamassassin* mode
Be sure that is better to tag the subject, of spam messages,
through qmail-scanner than with the rewrite_subject
of SpamAssassin.
The input must be quoted i.e. "SPAM *** ".
--sa-forward <username@domain> (default: nothing)
User to redirect spam mails 'being quarantined' for
admin purposes...
The message is forwarded almost unmodified so you can
use 'sa-learn' with it.
If you prefer that the message includes the spam headers
enable the next option.
(i.e. --sa-forward antispam@mydomain.com)
--sa-fwd-verbose [yes|no] (default: no)
Whether to add the X-Spam headers to the forwarded message.
--sa-quarantine [num] (default: 0)
Spam messages with a score higher than
(required_hits + sa_quarantine) should be quarantined.
Only relevant if SpamAssassin is used.
Score of 0 means deliver all messages.
--sa-delete [num] (default: 0)
Spam messages with a score higher than
(required_hits + sa_delete) should be deleted.
Only relevant if SpamAssassin is used.
Score of 0 means deliver all messages.
--sa-reject [yes|no] (default: no)
--quarantine-reject [yes|no]
If you enable sa-reject and sa-delete is properly set,
messages with a score higher than sa-delete will be rejected
before the smtp session is closed. Otherwise they are just
dropped silently. (1/0)
Different from the official version, only spam mails are
rejected, if your installation has the 'custom error patch'
a nice little text message is sent, those without just
produce a generic Qmail error. BE CAREFUL IF ENABLING AND
YOUR Q-S SERVER ISN'T DIRECTLY FACING THE INTERNET
--sa-alt [yes|no] (default: no)
Use the alternative subroutine for spamassassin, it runs in
*fast_spamassassin* mode and doesn't pass the '-u' option
to spamc. (1/0)
--sa-debug [yes|no] (default: no)
If sa-alt is enabled an you enable this option, you will
have a beautiful log with the tests and the scores of
spamassassin in the file qmail-queue.log (1/0)
--sa-report [yes|no] (default: no)
If sa-alt is enabled you can add the X-Spam-Report header
to the messages enabling this option.
--sa-socket |
****************
Rarely Used
****************
--no-QQ-check
Do not check that the QMAILQUEUE patch is installed.
This explicitly disables any "--install" reference
as that is NOT POSSIBLE with a manual install.
Use ONLY IF YOU MUST. The QMAILQUEUE patch is REALLY
a GOOD THING!!!!
--skip-setuid-test
don't test for setuid perl. Only of use for those wanting
to run the C-wrapper version.
--qmail-queue-binary
Set this to the FULL PATH to the Qmail qmail-queue
binary. This is only EVER set when doing a manual install.
This script must be run as root so it can detect problems with setuid
perl scripts!
|