...
|
...
|
@@ -1,10 +1,10 @@
|
1
|
|
-.TH "clamav\-milter" "8" "March 23, 2004" "ClamAV @VERSION@" "Clam AntiVirus"
|
|
1
|
+.TH "clamav\-milter" "8" "Feb 25, 2009" "ClamAV @VERSION@" "Clam AntiVirus"
|
2
|
2
|
.SH "NAME"
|
3
|
3
|
.LP
|
4
|
4
|
clamav\-milter \- milter compatible mail scanner
|
5
|
5
|
.SH "SYNOPSIS"
|
6
|
6
|
.LP
|
7
|
|
-clamav\-milter [options] socket_address
|
|
7
|
+clamav\-milter [options]
|
8
|
8
|
.SH "DESCRIPTION"
|
9
|
9
|
.LP
|
10
|
10
|
Clamav\-milter is a filter for \fBsendmail(1)\fR mail server.
|
...
|
...
|
@@ -14,319 +14,23 @@ Clamav\-milter can use load balancing and fault tolerant techniques to connect
|
14
|
14
|
to more than one clamd(8) server and seamlessly hot\-swap to even the load
|
15
|
15
|
between different machines and to keep scanning for viruses even when a server
|
16
|
16
|
goes down.
|
17
|
|
-When it is configured to use clamd on the the localhost, when
|
18
|
|
-the \-\-external flag (see below) is not given or
|
19
|
|
-LocalSocket in set in \fBclamd.conf(5)\fR,
|
20
|
|
-clamav\-milter verifies that it can communicate with clamd; if it cannot, it
|
21
|
|
-terminates.
|
22
|
|
-.LP
|
23
|
|
-clamav\-milter supports tcpwrappers, the value for \fIdaemon_list\fR
|
24
|
|
-is "clamav\-milter".
|
25
|
|
-.LP
|
26
|
|
-The socket_address argument is the socket used to communicate with
|
27
|
|
-\fBsendmail(8)\fR.
|
28
|
|
-It must agree with the entry in sendmail.cf or sendmail.mc.
|
29
|
|
-The file associated with the socket must be creatable by clamav\-milter,
|
30
|
|
-if the User option is set in clamd.conf,
|
31
|
|
-then that user must have the rights to create the file.
|
32
|
17
|
.SH "OPTIONS"
|
33
|
18
|
.LP
|
34
|
|
-
|
35
|
19
|
.TP
|
36
|
|
-\fB\-a FROM, \-\-from<=EMAIL>\fR
|
37
|
|
-Source email address of notices. The default is MAILER\-DAEMON.
|
38
|
|
-If \fI=EMAIL\fR is not given, thus \-\-from, then the from address is set
|
39
|
|
-to the originating email address, however since it is likely that address is
|
40
|
|
-forged it must not be relied upon.
|
41
|
20
|
\fB\-h, \-\-help\fR
|
42
|
|
-Output the help information and exit.
|
43
|
|
-.TP
|
44
|
|
-\fB\-H, \-\-headers\fR
|
45
|
|
-Include all headers in the content of emails generated by clamav\-milter.
|
46
|
|
-This is useful for system administrators who may want to look at headers
|
47
|
|
-to check if any of their machines are infected.
|
48
|
|
-.TP
|
|
21
|
+Output help information and exit.
|
|
22
|
+.TP
|
49
|
23
|
\fB\-V, \-\-version\fR
|
50
|
24
|
Print the version number and exit.
|
51
|
|
-.TP
|
52
|
|
-\fB\-C DIR, \-\-chroot=DIR\fR
|
53
|
|
-Run in chroot jail DIR.
|
54
|
|
-.IP
|
55
|
|
-You will have to do a lot of fiddling if you want notifications to work,
|
56
|
|
-since clamav\-milter calls \fBsendmail(8)\fR to handle the notifications and
|
57
|
|
-sendmail will run of out the same jail.
|
58
|
|
-.TP
|
|
25
|
+.TP
|
59
|
26
|
\fB\-c FILE, \-\-config\-file=FILE\fR
|
60
|
|
-By default clamav\-milter uses a default configuration file, this option allows you to specify another one.
|
61
|
|
-.TP
|
62
|
|
-\fB\-D, \-\-debug\fR
|
63
|
|
-Enables debugging.
|
64
|
|
-.TP
|
65
|
|
-\fB\-x n, \-\-debug\-level=n\fR
|
66
|
|
-Set the debug level to n (where n from [0..9]) if \fBclamav\-milter\fR was
|
67
|
|
-configured and compiled with \-\-clamav\-debug enabled.
|
68
|
|
-Will be replaced by \-\-debug for compatibility with other programs in the
|
69
|
|
-suite.
|
70
|
|
-.TP
|
71
|
|
-\fB\-A, \-\-advisory\fR
|
72
|
|
-When in advisory mode, clamav\-milter flags emails with viruses but
|
73
|
|
-still forwards them. The default option is to stop viruses.
|
74
|
|
-This mode is incompatible with \-\-quarantine and \-\-quarantine\-dir.
|
75
|
|
-.TP
|
76
|
|
-\fB\-b, \-\-bounce\fR
|
77
|
|
-Send a failure message to the sender, and to the postmaster.
|
78
|
|
-[ \fBWarning\fR: most viruses and worms
|
79
|
|
-fake their source address, so this option is not recommended, and needs
|
80
|
|
-to be enabled at compile\-time ].
|
81
|
|
-See also \-\-noreject.
|
82
|
|
-.TP
|
83
|
|
-\fB\-B, \-\-broadcast[=<iface>]\fR
|
84
|
|
-When a virus is intercepted, broadcast a UDP message to the TCPSocket port set
|
85
|
|
-in \fBclamd.conf\fR.
|
86
|
|
-If the optional \fIiface\fR option is given, broadcasts will be sent on
|
87
|
|
-that interface. The default is set by the operating system, usually to the
|
88
|
|
-first NIC.
|
89
|
|
-A future network management program (yet to be written) will intercept these
|
90
|
|
-broadcasts to raise a warning on the operator's desk.
|
91
|
|
-.TP
|
92
|
|
-\fB\-d, \-\-dont\-scan\-on\-error\fR
|
93
|
|
-If a system error occurs pass messages through unscanned,
|
94
|
|
-usually when a system error occurs the milter raises a temporary failure which
|
95
|
|
-generally causes the message to remain in the queue.
|
96
|
|
-.TP
|
97
|
|
-\fB\-f, \-\-force\-scan\fR
|
98
|
|
-Always scan, wherever the message came from (see also \-\-local and \-\-outgoing).
|
99
|
|
-You probably don't want this.
|
100
|
|
-.TP
|
101
|
|
-\fB\-e, \-\-external\fR
|
102
|
|
-Usually clamav\-milter scans the emails itself without the use of an
|
103
|
|
-external program.
|
104
|
|
-The \-\-external option informs clamav\-milter to use an external program such
|
105
|
|
-as clamd(8) running either on the local server or other server(s) to perform
|
106
|
|
-the scanning.
|
107
|
|
-.TP
|
108
|
|
-\fB\-k, \-\-blacklist\-time=time\fR
|
109
|
|
-Tells the number of seconds to black list an IP address (IPv4 only). This
|
110
|
|
-is especially useful with phishing which often send a number of emails one
|
111
|
|
-after the other.
|
112
|
|
-.IP
|
113
|
|
-Blacklisting speeds up scanning significantly, however it does have drawbacks
|
114
|
|
-since it is possible for a site to be incorrectly blacklisted because of DHCP
|
115
|
|
-or an unsafe smart\-host.
|
116
|
|
-To avoid this, clamav\-milter's blacklist does not last for ever.
|
117
|
|
-The recommended value is 60.
|
118
|
|
-.IP
|
119
|
|
-Machines on the LAN, the local host, and machines that are our MX peers are
|
120
|
|
-never blacklisted.
|
121
|
|
-.TP
|
122
|
|
-\fB\f\-K, \-\-dont\-blacklist=IP[,IP...]\fR
|
123
|
|
-Instructs clamav\-milter to refrain from blacklisting IP the given addresses.
|
124
|
|
-This is useful for sites that receive email from upstream servers that are
|
125
|
|
-either untrusted or have no virus.
|
126
|
|
-Without this option many false positives could occur.
|
127
|
|
-This scenario often happens when the upstream server belongs to an
|
128
|
|
-ISP that may not have AV software.
|
129
|
|
-.TP
|
130
|
|
-\fB\-l, \-\-local\fR
|
131
|
|
-Also scan messages sent from LAN. You probably want this especially if
|
132
|
|
-your LAN is populated by machines running Windows or DOS.
|
133
|
|
-.IP
|
134
|
|
-Machines with IP addresses within the ranges 192.168.0.0/16, 10.0.0.0/8,
|
135
|
|
-172.16.0.0/12 and 169.254.0.0/16 are defined as 'local'. Messages from
|
136
|
|
-other machines are always scanned.
|
137
|
|
-Up to 8 extra ranges may be added with the \-\-ignore option.
|
138
|
|
-.TP
|
139
|
|
-\fB\-M, \-\-freshclam\-monitor\fR
|
140
|
|
-When not running in external mode, this option tells clamav\-milter how
|
141
|
|
-often to check that the virus database has been updated, probably by
|
142
|
|
-freshclam(1).
|
143
|
|
-The option takes one parameter, which is a number in seconds.
|
144
|
|
-The default is 300 seconds.
|
145
|
|
-The checking cannot be disabled, a value less than or equal to zero will be
|
146
|
|
-rejected.
|
147
|
|
-.TP
|
148
|
|
-\fB\-n, \-\-noxheader\fR
|
149
|
|
-Usually clamav\-milter adds headings to messages that are scanned.
|
150
|
|
-The headers are of the form "X\-Virus\-Scanned: version",
|
151
|
|
-and "X\-Virus\-Status: clean/infected/not\-scanned".
|
152
|
|
-This option instructs
|
153
|
|
-clamav\-milter to refrain from adding this heading.
|
154
|
|
-.TP
|
155
|
|
-\fB\-N, \-\-noreject\fR
|
156
|
|
-When clamav\-milter processes an e\-mail which contains a virus it rejects
|
157
|
|
-the e\-mail by using the SMTP code 550 or 554 depending on the state machine.
|
158
|
|
-This option causes clamav\-milter to silently discard such messages.
|
159
|
|
-It is recommended that system administrators use this option when NOT using
|
160
|
|
-the \-\-bounce option.
|
161
|
|
-.TP
|
162
|
|
-\fB\-o, \-\-outgoing\fR
|
163
|
|
-Scan messages generated from this machine. You probably don't need this.
|
164
|
|
-.TP
|
165
|
|
-\fB\-i, \-\-pidfile=FILE\fR
|
166
|
|
-Notifies clamav\-milter to store its process ID in FILE.
|
167
|
|
-The file must be creatable by clamav\-milter,
|
168
|
|
-if the User option is set in
|
169
|
|
-\fBclamd.conf(5)\fR,
|
170
|
|
-then that user must have the rights to create the file.
|
171
|
|
-.TP
|
172
|
|
-\fB\-p, \-\-postmaster=EMAILADDRESS\fR
|
173
|
|
-Sets the e\-mail address that receives notifications of viruses caught,
|
174
|
|
-when the \-\-quiet option is not given.
|
175
|
|
-.TP
|
176
|
|
-\fB\-P, \-\-postmaster\-only\fR
|
177
|
|
-When the \-\-quiet option is not given, send a notification to the postmaster.
|
178
|
|
-Setting this flag will include the ID of the message in the email's body
|
179
|
|
-which can ease searching through system logs if the administrator believes it
|
180
|
|
-is a locally sourced virus.
|
181
|
|
-Without this option, the intended recipient of the email will also receive a
|
182
|
|
-copy of the notification of the interception.
|
183
|
|
-.TP
|
184
|
|
-\fB\-q, \-\-quiet\fR
|
185
|
|
-Don't send any notification messages when a virus or worm is detected.
|
186
|
|
-This option overrides the \-\-bounce and \-\-postmaster\-only options, and is
|
187
|
|
-the way to turn off notification to the postmaster.
|
188
|
|
-.TP
|
189
|
|
-\fB\-Q, \-\-quarantine=EMAILADDRESS\fR
|
190
|
|
-If this e\-mail address is given, messages containing a virus or worm are
|
191
|
|
-redirected to it.
|
192
|
|
-.TP
|
193
|
|
-\fB\-r, \-\-report\-phish=EMAILADDRESS\fR
|
194
|
|
-Report caught phishing to an anti\-phish organisation's email address such
|
195
|
|
-as pirt_clamav@castlecops.com and reportphishing@antiphishing.org.
|
196
|
|
-.TP
|
197
|
|
-\fB\-R, \-\-report\-phish\-false\-positives=EMAILADDRESS\fR
|
198
|
|
-Report phish false positves to an email address, such as bugs@clamav.net.
|
199
|
|
-.TP
|
200
|
|
-\fB\-U, \-\-quarantine\-dir=DIR\fR
|
201
|
|
-If this option is given, infected files are left in this directory.
|
202
|
|
-The directory must not be publicly readable or writable, if it is,
|
203
|
|
-clamav\-milter will issue an error and fail to start.
|
204
|
|
-\fBNote\fR \- this option only works when using LocalSocket.
|
205
|
|
-.TP
|
206
|
|
-\fB\-\-server=HOSTNAME/ADDRESS, \-s HOSTNAME/ADDRESS\fR
|
207
|
|
-IP address or hostname of server(s) running clamd (when using TCPsocket and
|
208
|
|
-\-\-external).
|
209
|
|
-More than one server may be specified, separating the server's names by colons.
|
210
|
|
-If more than one server is specified, clamav\-milter will load balance
|
211
|
|
-between the available servers. All the servers must be up when clamav\-milter
|
212
|
|
-starts, however afterwards it is fault tolerant to a server becoming
|
213
|
|
-unavailable, and will only raise an error if all of the servers cannot be
|
214
|
|
-reached.
|
215
|
|
-The default value for ADDRESS is 127.0.0.1 (localhost).
|
216
|
|
-.TP
|
217
|
|
-\fB\-\-sign, \-S\fR
|
218
|
|
-Add a hard\-coded signature to each scanned file. It is likely that this
|
219
|
|
-signature will only display on the end user's terminal if the message is
|
220
|
|
-plain/text or not encoded.
|
221
|
|
-.TP
|
222
|
|
-\fB\-\-signature\-file, \-F\fR
|
223
|
|
-Location of file to be appended to each scanned message. Overrides \-S.
|
224
|
|
-.TP
|
225
|
|
-\fB\-\-max\-children=n, \-m n\fR
|
226
|
|
-Set a hint of the maximum number of children. If the number is hit the
|
227
|
|
-maximum time a pending thread will be held up is set by \-\-timeout, so the
|
228
|
|
-number of threads can exceed this number for short periods of time.
|
229
|
|
-There is no default, if this argument is not \fBclamav\-milter\fR will
|
230
|
|
-spawn as many children as is necessary up to the MaxThreads limit set
|
231
|
|
-in \fBclamd.conf\fR.
|
232
|
|
-When clamav\-milter has been built with SESSION mode this argument is
|
233
|
|
-mandatory since it tells clamav\-milter the number of sessions to keep open
|
234
|
|
-to clamd servers.
|
235
|
|
-When not built with in SESSION mode it is unlikely that you will need this
|
236
|
|
-unless your system is under great load.
|
237
|
|
-Note, however, that the default build is for SESSION to be disabled.
|
238
|
|
-.TP
|
239
|
|
-\fB\-\-dont\-wait\fR
|
240
|
|
-Tells clamav\-milter what do to if the max\-children number is exceeded.
|
241
|
|
-Usually clamav\-milter waits until a child dies or the timeout value has been
|
242
|
|
-exceeded, which ever comes first, however with dont\-wait enabled, clamav\-milter
|
243
|
|
-will inform the remote SMTP client to retry later.
|
244
|
|
-.TP
|
245
|
|
-\fB\-\-dont\-sanitise\fR
|
246
|
|
-Allow semicolon and pipe characters in email addresses.
|
247
|
|
-.TP
|
248
|
|
-\fB\-\-ignore net, \-I net\fR
|
249
|
|
-\fInet\fR is taken to be an extra IPv4 or IPv6 network in prefix/length notation
|
250
|
|
-(for example 192.0.2.0/24 or 2001:db8::/32) which is treated as being on the LAN for
|
251
|
|
-the purposes of the \-\-local argument. Up to eight nets can be specified.
|
252
|
|
-.TP
|
253
|
|
-\fB\-\-template\-file=file \-t file\fR
|
254
|
|
-File points to a file whose contents is sent as the warning message whenever a
|
255
|
|
-virus is intercepted.
|
256
|
|
-Occurrences of %v within the file is replaced with the message
|
257
|
|
-returned from clamd, which includes the name of the virus.
|
258
|
|
-Occurrences of %h are replaced with the message's headers.
|
259
|
|
-The %v string can be escaped thus, \\%v, to send the string %v.
|
260
|
|
-The % character can be escaped thus, %%, to send the % character.
|
261
|
|
-Any occurrence of strings in dollar signs are replaced with the appropriate
|
262
|
|
-sendmail\-variable, e.g. ${if_addr}$.
|
263
|
|
-If the \-t option is not given, clamav\-milter defaults to a hard\-coded message.
|
264
|
|
-Note that to send warning messages, clamav\-milter must be able to execute
|
265
|
|
-sendmail.
|
266
|
|
-.TP
|
267
|
|
-\fB\-\-template\-headers=file\fR
|
268
|
|
-File points to a file whose contents are added to the headers of the
|
269
|
|
-warning message given to the \fB\-\-template\-file\fR option.
|
270
|
|
-For example, to state the character set of the message,
|
271
|
|
-put "Content\-Type: text/plain; charset=koi8\-r" into the file.
|
272
|
|
-.TP
|
273
|
|
-\fB\-\-timeout=n \-T n\fR
|
274
|
|
-Used in conjunction with max\-children. If clamav\-milter waits for more than
|
275
|
|
-\fIn\fR seconds (default 300) it proceeds with scanning. Setting \fIn\fR to zero
|
276
|
|
-will turn off the timeout and clamav\-milter will wait indefinitely for the
|
277
|
|
-scanning to quit. In practice the timeout set by sendmail will then take over.
|
278
|
|
-.TP
|
279
|
|
-\fB\-\-detect\-forged\-local\-address \-L\fR
|
280
|
|
-When neither \-\-force, \-\-local nor \-\-outgoing is given,
|
281
|
|
-this option intercepts incoming mails that incorrectly claim to be from the
|
282
|
|
-local domain.
|
283
|
|
-.TP
|
284
|
|
-\fB\-\-whitelist\-file=FILE, \-W file\fR
|
285
|
|
-This option specifies a file which contains a list of e\-mail addresses.
|
286
|
|
-E\-mails sent to or from these addresses will NOT be checked.
|
287
|
|
-While this is not an Anti\-Virus function, it is quite useful for some systems.
|
288
|
|
-The address given to the \-\-quarantine directive is always whitelisted.
|
289
|
|
-.IP
|
290
|
|
-The file consists of a list of addresses, each address on a line enclosed
|
291
|
|
-in angle brackets (e.g. <foo@bar.com>).
|
292
|
|
-Optionally each line can start with the string \fITo:\fR or \fIFrom:\fR
|
293
|
|
-indicating if it is the sender or recipient that is to be whitelisted. If the
|
294
|
|
-field is missing, the default is \fITo\fR.
|
295
|
|
-Lines starting with #, : or ! are ignored.
|
296
|
|
-.TP
|
297
|
|
-\fB\-\-sendmail\-cf=FILE\fR
|
298
|
|
-When starting, clamav\-milter runs some sanity checks against the sendmail.cf
|
299
|
|
-file, usually in /etc/sendmail.cf or /etc/mail/sendmail.cf. This directive
|
300
|
|
-tells clamav\-milter where to find the sendmail.cf file.
|
301
|
|
-.TP
|
302
|
|
-\fB\-\-black\-hole\-mode\fR
|
303
|
|
-Since \fIsendmail\fR calls its milters before it looks in its alias and virtuser
|
304
|
|
-tables, clamav\-milter can spend time looking for malware that's going to be
|
305
|
|
-thrown away even if the message is clean.
|
306
|
|
-.IP
|
307
|
|
-Enabling this stops these messages from being scanned
|
308
|
|
-(in practice clamav\-milter will discard
|
309
|
|
-these messages so the message doesn't go further down the milter call chain).
|
310
|
|
-Only enable this if your site has many addresses aliased to /dev/null.
|
311
|
|
-.IP
|
312
|
|
-To enable this mode clamav\-milter must have certain sendmail rights:
|
313
|
|
-it needs to run as a TrustedUser as defined by \fIsendmail\fR
|
314
|
|
-(see http://www.sendmail.org/m4/tweaking_config.html)
|
315
|
|
-by the use of the User directive in clamd.conf,
|
316
|
|
-the clamav user must be able read the mail queue (often /var/spool/mqueue),
|
317
|
|
-and AllowSupplementaryGroups must be enabled in clamd.conf.
|
318
|
|
-Some operating systems set \fI/var/spool/mqueue\fR to be mode 700 forcing you to
|
319
|
|
-run clamav\-milter as root for black\-hole\-mode.
|
320
|
|
-This is always unadvisable, it is better to have \fI/var/spool/mqueue\fR as
|
321
|
|
-mode 750.
|
322
|
|
-.SH "BUGS"
|
323
|
|
-There is no support for IPv6.
|
324
|
|
-.SH "EXAMPLES"
|
325
|
|
-.LP
|
326
|
|
-clamav\-milter \-o local:/var/run/clamav/clmilter.sock
|
|
27
|
+Read configuration from FILE.
|
|
28
|
+.SH "FILES"
|
|
29
|
+.LP
|
|
30
|
+@CFGDIR@/clamd.conf
|
327
|
31
|
.SH "AUTHOR"
|
328
|
|
-.LP
|
329
|
|
-Nigel Horne <njh@bandsman.co.uk>
|
|
32
|
+.LP
|
|
33
|
+aCaB <acab@clamav.net>
|
330
|
34
|
.SH "SEE ALSO"
|
331
|
35
|
.LP
|
332
|
|
-clamd(8), clamscan(1), freshclam(1), sigtool(1), clamd.conf(5), hosts_access(5), sendmail(8)
|
|
36
|
+sendmail(8), clamd(8), clamd.conf(5)
|