@@ -1,3 +1,7 @@

+Wed May 12 19:10:39 CEST 2010 (acab)

+------------------------------------

+ * docs/man: add clamav.milter.conf.5

+

 Wed May 12 14:21:23 CEST 2010 (tk)

 ----------------------------------

  * freshclam: fix handling of temporary files

@@ -60,6 +60,7 @@ DIST_COMMON = README $(am__configure_deps) $(srcdir)/Makefile.am \

 	$(srcdir)/clamav-config.in $(srcdir)/libclamav.pc.in \

 	$(srcdir)/platform.h.in $(top_srcdir)/configure \

 	$(top_srcdir)/docs/man/clamav-milter.8.in \

+	$(top_srcdir)/docs/man/clamav-milter.conf.5.in \

 	$(top_srcdir)/docs/man/clamconf.1.in \

 	$(top_srcdir)/docs/man/clamd.8.in \

 	$(top_srcdir)/docs/man/clamd.conf.5.in \

@@ -91,10 +92,11 @@ am__CONFIG_DISTCLEAN_FILES = config.status config.cache config.log \

 mkinstalldirs = $(install_sh) -d

 CONFIG_HEADER = clamav-config.h

 CONFIG_CLEAN_FILES = clamav-config libclamav.pc platform.h \

-	docs/man/clamav-milter.8 docs/man/clamconf.1 docs/man/clamd.8 \

-	docs/man/clamd.conf.5 docs/man/clamdscan.1 docs/man/clamscan.1 \

-	docs/man/freshclam.1 docs/man/freshclam.conf.5 \

-	docs/man/sigtool.1 docs/man/clamdtop.1

+	docs/man/clamav-milter.8 docs/man/clamav-milter.conf.5 \

+	docs/man/clamconf.1 docs/man/clamd.8 docs/man/clamd.conf.5 \

+	docs/man/clamdscan.1 docs/man/clamscan.1 docs/man/freshclam.1 \

+	docs/man/freshclam.conf.5 docs/man/sigtool.1 \

+	docs/man/clamdtop.1

 CONFIG_CLEAN_VPATH_FILES =

 am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;

 am__vpath_adj = case $$p in \

@@ -412,6 +414,8 @@ platform.h: $(top_builddir)/config.status $(srcdir)/platform.h.in

 	cd $(top_builddir) && $(SHELL) ./config.status $@

 docs/man/clamav-milter.8: $(top_builddir)/config.status $(top_srcdir)/docs/man/clamav-milter.8.in

 	cd $(top_builddir) && $(SHELL) ./config.status $@

+docs/man/clamav-milter.conf.5: $(top_builddir)/config.status $(top_srcdir)/docs/man/clamav-milter.conf.5.in

+	cd $(top_builddir) && $(SHELL) ./config.status $@

 docs/man/clamconf.1: $(top_builddir)/config.status $(top_srcdir)/docs/man/clamconf.1.in

 	cd $(top_builddir) && $(SHELL) ./config.status $@

 docs/man/clamd.8: $(top_builddir)/config.status $(top_srcdir)/docs/man/clamd.8.in

@@ -19903,7 +19903,7 @@ else

 fi

-ac_config_files="$ac_config_files clamscan/Makefile database/Makefile docs/Makefile clamd/Makefile clamdscan/Makefile clamav-milter/Makefile freshclam/Makefile sigtool/Makefile clamconf/Makefile etc/Makefile test/Makefile unit_tests/Makefile clamdtop/Makefile clambc/Makefile Makefile clamav-config libclamav.pc platform.h docs/man/clamav-milter.8 docs/man/clamconf.1 docs/man/clamd.8 docs/man/clamd.conf.5 docs/man/clamdscan.1 docs/man/clamscan.1 docs/man/freshclam.1 docs/man/freshclam.conf.5 docs/man/sigtool.1 docs/man/clamdtop.1"

+ac_config_files="$ac_config_files clamscan/Makefile database/Makefile docs/Makefile clamd/Makefile clamdscan/Makefile clamav-milter/Makefile freshclam/Makefile sigtool/Makefile clamconf/Makefile etc/Makefile test/Makefile unit_tests/Makefile clamdtop/Makefile clambc/Makefile Makefile clamav-config libclamav.pc platform.h docs/man/clamav-milter.8 docs/man/clamav-milter.conf.5 docs/man/clamconf.1 docs/man/clamd.8 docs/man/clamd.conf.5 docs/man/clamdscan.1 docs/man/clamscan.1 docs/man/freshclam.1 docs/man/freshclam.conf.5 docs/man/sigtool.1 docs/man/clamdtop.1"

 cat >confcache <<\_ACEOF

 # This file is a shell script that caches the results of configure

@@ -20960,6 +20960,7 @@ do

     "libclamav.pc") CONFIG_FILES="$CONFIG_FILES libclamav.pc" ;;

     "platform.h") CONFIG_FILES="$CONFIG_FILES platform.h" ;;

     "docs/man/clamav-milter.8") CONFIG_FILES="$CONFIG_FILES docs/man/clamav-milter.8" ;;

+    "docs/man/clamav-milter.conf.5") CONFIG_FILES="$CONFIG_FILES docs/man/clamav-milter.conf.5" ;;

     "docs/man/clamconf.1") CONFIG_FILES="$CONFIG_FILES docs/man/clamconf.1" ;;

     "docs/man/clamd.8") CONFIG_FILES="$CONFIG_FILES docs/man/clamd.8" ;;

     "docs/man/clamd.conf.5") CONFIG_FILES="$CONFIG_FILES docs/man/clamd.conf.5" ;;

@@ -23548,6 +23549,7 @@ do

     "libclamav.pc") CONFIG_FILES="$CONFIG_FILES libclamav.pc" ;;

     "platform.h") CONFIG_FILES="$CONFIG_FILES platform.h" ;;

     "docs/man/clamav-milter.8") CONFIG_FILES="$CONFIG_FILES docs/man/clamav-milter.8" ;;

+    "docs/man/clamav-milter.conf.5") CONFIG_FILES="$CONFIG_FILES docs/man/clamav-milter.conf.5" ;;

     "docs/man/clamconf.1") CONFIG_FILES="$CONFIG_FILES docs/man/clamconf.1" ;;

     "docs/man/clamd.8") CONFIG_FILES="$CONFIG_FILES docs/man/clamd.8" ;;

     "docs/man/clamd.conf.5") CONFIG_FILES="$CONFIG_FILES docs/man/clamd.conf.5" ;;

@@ -1605,6 +1605,7 @@ clamav-config

 libclamav.pc

 platform.h

 docs/man/clamav-milter.8

+docs/man/clamav-milter.conf.5

 docs/man/clamconf.1

 docs/man/clamd.8

 docs/man/clamd.conf.5

@@ -17,4 +17,4 @@

 #  MA 02110-1301, USA.

 EXTRA_DIST = html $(top_srcdir)/docs/man/*.in clamdoc.pdf clamdoc.tex clamav-mirror-howto.pdf clamav-mirror-howto.tex phishsigs_howto.tex phishsigs_howto.pdf signatures.pdf signatures.tex clam.eps

-man_MANS = man/clamscan.1 man/freshclam.1 man/sigtool.1 man/clamd.8 man/clamd.conf.5 man/clamdscan.1 man/clamav-milter.8 man/freshclam.conf.5 man/clamconf.1 man/clamdtop.1

+man_MANS = man/clamscan.1 man/freshclam.1 man/sigtool.1 man/clamd.8 man/clamd.conf.5 man/clamdscan.1 man/clamav-milter.8 man/clamav-milter.conf.5 man/freshclam.conf.5 man/clamconf.1 man/clamdtop.1

@@ -270,7 +270,7 @@ top_build_prefix = @top_build_prefix@

 top_builddir = @top_builddir@

 top_srcdir = @top_srcdir@

 EXTRA_DIST = html $(top_srcdir)/docs/man/*.in clamdoc.pdf clamdoc.tex clamav-mirror-howto.pdf clamav-mirror-howto.tex phishsigs_howto.tex phishsigs_howto.pdf signatures.pdf signatures.tex clam.eps

-man_MANS = man/clamscan.1 man/freshclam.1 man/sigtool.1 man/clamd.8 man/clamd.conf.5 man/clamdscan.1 man/clamav-milter.8 man/freshclam.conf.5 man/clamconf.1 man/clamdtop.1

+man_MANS = man/clamscan.1 man/freshclam.1 man/sigtool.1 man/clamd.8 man/clamd.conf.5 man/clamdscan.1 man/clamav-milter.8 man/clamav-milter.conf.5 man/freshclam.conf.5 man/clamconf.1 man/clamdtop.1

 all: all-am

 .SUFFIXES:

@@ -33,4 +33,4 @@ Read configuration from FILE.

 aCaB <acab@clamav.net>

 .SH "SEE ALSO"

 .LP

-sendmail(8), clamd(8), clamd.conf(5)

+sendmail(8), clamav-milter.conf(5), clamd(8), clamd.conf(5)

new file mode 100644

@@ -0,0 +1,235 @@

+.TH "clamav-milter.conf" "5" "February 12, 2007" "ClamAV @VERSION@" "Clam AntiVirus"

+.SH "NAME"

+.LP 

+\fBclamav-milter.conf\fR \- Configuration file for clamav-milter

+.SH "DESCRIPTION"

+.LP 

+clamav-milter.conf contains the configuration options for clamav-milter(8).

+.SH "FILE FORMAT"

+The file consists of comments and options with arguments. Each line which starts with a hash (\fB#\fR) symbol is ignored by the parser. Options and arguments are case sensitive and of the form \fBOption Argument\fR. The arguments are of the following types:

+.TP 

+\fBBOOL\fR

+Boolean value (yes/no or true/false or 1/0).

+.TP 

+\fBSTRING\fR

+String without blank characters.

+.TP 

+\fBSIZE\fR

+Size in bytes. You can use 'M' or 'm' modifiers for megabytes and 'K' or 'k' for kilobytes.

+.TP 

+\fBNUMBER\fR

+Unsigned integer.

+.SH "MAIN OPTIONS"

+.TP 

+\fBExample\fR

+If this option is set clamav-milter will not run.

+.TP 

+\fBMilterSocket STRING\fR

+Define the interface through which we communicate with sendmail. This option is mandatory!

+.br

+Possible formats are:

+.br

+[[unix|local\]:\]/path/to/file - to specify a unix domain socket

+.br

+inet:port@[hostname|ip-address] - to specify an ipv4 socket

+.br

+inet6:port@[hostname|ip-address] - to specify an ipv6 socket

+.br 

+Default: unset

+.TP 

+\fBMilterSocketGroup STRING\fR

+Define the group ownership for the (unix) milter socket.

+.br

+Default: disabled (the primary group of the user running clamd)

+.TP 

+\fBMilterSocketMode STRING\fR

+Sets the permissions on the (unix) milter socket to the specified mode.

+.br

+Default: disabled (obey umask)

+.TP 

+\fBFixStaleSocket BOOL\fR

+Remove stale socket after unclean shutdown.

+.br

+Default: yes

+.TP

+\fBUser STRING\fR

+Run as another user (clamav-milter must be started by root for this option to work)

+.br

+Default: unset (don\'t drop privileges)

+.TP 

+\fBAllowSupplementaryGroups BOOL\fR

+Initialize supplementary group access (clamav-milter must be started by root).

+.br 

+Default: no

+.TP 

+\fBReadTimeout NUMBER\fR

+Waiting for data from clamd will timeout after this time (seconds).

+.br 

+Default: 120

+.TP 

+\fBForeground BOOL\fR

+Don\'t fork into background.

+.br 

+Default: no

+.TP 

+\fBChroot STRING\fR

+Chroot to the specified directory. Chrooting is performed just after reading the config file and before dropping privileges.

+.br

+Default: unset (don\'t chroot)

+.TP 

+\fBPidFile STRING\fR

+Save the process identifier of a clamav-milter (main thread) to a specified file.

+.br 

+Default: disabled

+.TP 

+\fBTemporaryDirectory STRING\fR

+Optional path to the global temporary directory.

+.br 

+Default: system specific (usually /tmp or /var/tmp).

+.SH "CLAMD OPTIONS"

+.TP 

+\fBClamdSocket STRING\fR

+Define the clamd socket to connect to for scanning. This option is mandatory! Syntax:

+.br

+ClamdSocket unix:path

+.br

+ClamdSocket tcp:host:port

+.br

+The first syntax specifies a local unix socket (needs an absolute path) e.g.:

+.br

+ClamdSocket unix:/var/run/clamd/clamd.socket

+.br

+The second syntax specifies a tcp local or remote tcp socket: the host can be a hostname or an ip address; the ":port" field is only required for IPv6 addresses, otherwise it defaults to 3310 e.g.:

+.br

+ClamdSocket tcp:192.168.0.1

+.br

+This option can be repeated several times with different sockets or even with the same socket: clamd servers will be selected in a round-robin fashion.

+.br

+Default: no default

+.SH "EXCLUSIONS"

+.TP 

+\fBLocalNet STRING\fR

+Messages originating from these hosts/networks will not be scanned. This option takes a host(name)/mask pair in CIRD notation and can be repeated several times. If "/mask" is omitted, a host is assumed. To specify a locally orignated, non-smtp, email use the keyword "local"

+.br

+Default: unset (scan everything regardless of the origin)

+.TP 

+\fBWhitelist STRING\fR

+This option specifies a file which contains a list of basic POSIX regular expressions. Addresses (sent to or from - see below) matching these regexes  will not be scanned.  Optionally each line can start with the string "From:" or "To:" (note: no whitespace after the colon) indicating if it is,  respectively, the sender or recipient that is to be whitelisted. If the field is missing, "To:" is assumed.  Lines starting with #, : or ! are ignored.

+.br

+Default: unset (no exclusion applied)

+.TP 

+\fBSkipAuthenticated STRING\fR

+Messages from authenticated SMTP users matching this extended POSIX regular expression (egrep-like) will not be scanned.  As an alternative, a file containing a plain (not regex) list of names (one per line) can be specified using the prefix "file:".  e.g. SkipAuthenticated file:/etc/good_guys. Note: this is the AUTH login name!

+.br

+Default: unset (no whitelisting based on SMTP auth)

+.TP 

+\fBSkipAuthenticated SIZE\fR

+Messages larger than this value won\'t be scanned. Make sure this value is lower or equal than StreamMaxLength in clamd.conf

+.br

+Default: 25M

+.SH "ACTIONS"

+The following group of options controls the delievery process under  different circumstances. The following actions are available:

+.br

+- Accept: The message is accepted for delievery

+.br

+- Reject: Immediately refuse delievery (a 5xx error is returned to the peer)

+.br

+- Defer: Return a temporary failure message (4xx) to the peer

+.br

+- Blackhole (not available for OnFail): Like Accept but the message is sent to oblivion

+.br

+- Quarantine (not available for OnFail): Like Accept but message is quarantined instead of being delivered. NOTE: In Sendmail the quarantine queue can be examined via mailq -qQ. For Postfix this causes the message to be placed on hold.

+.TP 

+\fBOnClean STRING\fR

+Action to be performed on clean messages (mostly useful for testing)

+.br

+Default: Accept

+.TP 

+\fBOnInfected STRING\fR

+Action to be performed on infected messages

+.br

+Default: Quarantine

+.TP 

+\fBOnFail STRING\fR

+Action to be performed on error conditions (this includes failure to allocate data structures, no scanners available, network timeouts, unknown scanner replies and the like)

+.br

+Default: Defer

+.TP 

+\fBRejectMsg STRING\fR

+This option allows to set a specific rejection reason for infected messages and it\'s therefore only useful together with "OnInfected Reject". The string "%v", if present, will be replaced with the virus name.

+.br

+Default: MTA specific

+.TP 

+\fBAddHeader STRING\fR

+If this option is set to "Replace" (or "Yes"), an "X-Virus-Scanned" and an "X-Virus-Status" headers will be attached to each processed message, possibly replacing existing headers.  If it is set to Add, the X-Virus headers are added possibly on top of the existing ones. Note that while "Replace" can potentially break DKIM signatures, "Add" may confuse procmail and similar filters.

+.br

+Default: no

+.TP 

+\fBReportHostname STRING\fr

+When AddHeader is in use, this option allows to arbitrary set the reported hostname. This may be desirable in order to avoid leaking internal names. If unset the real machine name is used.

+.br

+Default: disabled

+.TP 

+\fBVirusAction STRING\fr

+Execute a command (possibly searching PATH) when an infected message is found. The following parameters are passed to the invoked program in this order: virus name, queue id, sender, destination, subject, message id, message date. Note #1: this requires MTA macroes to be available (see LogInfected below). Note #2: the process is invoked in the context of clamav-milter. Note #3: clamav-milter will wait for the process to exit. Be quick or fork to avoid unnecessary delays in email delievery.

+.br

+Default: disabled

+.SH "LOGGING OPTIONS"

+.TP 

+\fBLogFile STRING\fR

+Enable logging to selected file.

+.br 

+Default: no

+.TP 

+\fBLogFileUnlock BOOL\fR

+Disable a system lock that protects against running clamd with the same configuration file multiple times.

+.br 

+Default: no

+.TP 

+\fBLogFileMaxSize SIZE\fR

+Limit the size of the log file. The logger will be automatically disabled if the file is greater than SIZE. Value of 0 disables the limit.

+.br 

+Default: 1M

+.TP 

+\fBLogTime BOOL\fR

+Log time for each message.

+.br 

+Default: no

+.TP 

+\fBLogSyslog BOOL\fR

+Use system logger (can work together with LogFile).

+.br 

+Default: no

+.TP 

+\fBLogFacility STRING\fR

+Specify the type of syslog messages \- please refer to 'man syslog' for facility names.

+.br 

+Default: LOG_LOCAL6

+.TP 

+\fBLogVerbose BOOL\fR

+Enable verbose logging.

+.br 

+Default: no

+.TP 

+\fBLogInfected STRING\fR

+Specify the type of syslog messages \- please refer to 'man syslog' for facility names.

+.br 

+This option allows to tune what is logged when a message is infected. Possible values are Off (the default - nothing is logged), Basic (minimal info logged), Full (verbose info logged)

+.br

+Note: For this to work properly in sendmail, make sure the msg_id, mail_addr, rcpt_addr and i macroes are available in eom. In other words add a line like: Milter.macros.eom={msg_id}, {mail_addr}, {rcpt_addr}, i to your .cf file. Alternatively use the macro: define(`confMILTER_MACROS_EOM', `{msg_id}, {mail_addr}, {rcpt_addr}, i')

+.br

+Postfix should be working fine with the default settings.

+.br

+Default: disabled

+.SH "NOTES"

+.LP 

+All options expressing a size are limited to max 4GB. Values in excess will be resetted to the maximum.

+.SH "FILES"

+.LP 

+@CFGDIR@/clamav-milter.conf

+.SH "AUTHOR"

+.LP 

+aCaB <acab@clamav.net>

+.SH "SEE ALSO"

+.LP 

+clamav-milter(8), clamd(8), clamd.conf(5)

@@ -83,7 +83,7 @@ Example

 #     ClamdSocket unix:/var/run/clamd/clamd.socket

 # The second syntax specifies a tcp local or remote tcp socket: the

 # host can be a hostname or an ip address; the ":port" field is only required

-# for IPv6 addresses, otherwise it defaults to 3310

+# for IPv6 addresses, otherwise it defaults to 3310, e.g.:

 #     ClamdSocket tcp:192.168.0.1

 #

 # This option can be repeated several times with different sockets or even

@@ -129,6 +129,12 @@ Example

 # Default: unset (no whitelisting based on SMTP auth)

 #SkipAuthenticated ^(tom|dick|henry)$

+# Messages larger than this value won't be scanned.

+# Make sure this value is lower or equal than StreamMaxLength in clamd.conf

+#

+# Default: 25M

+#MaxFileSize 10M

+

 ##

 ## Actions

@@ -152,7 +158,7 @@ Example

 # For Postfix this causes the message to be placed on hold

 # 

 # Action to be performed on clean messages (mostly useful for testing)

-# Default Accept

+# Default: Accept

 #OnClean Accept

 # Action to be performed on infected messages

@@ -162,7 +168,7 @@ Example

 # Action to be performed on error conditions (this includes failure to

 # allocate data structures, no scanners available, network timeouts,

 # unknown scanner replies and the like)

-# Default Defer

+# Default: Defer

 #OnFail Defer

 # This option allows to set a specific rejection reason for infected messages

@@ -259,14 +265,3 @@ Example

 # Default: disabled

 #LogInfected Basic

-

-##

-## Limits

-##

-

-# Messages larger than this value won't be scanned.

-# Make sure this value is lower or equal than StreamMaxLength in clamd.conf

-#

-# Default: 25M

-#MaxFileSize 10M

-