...
|
...
|
@@ -1,4 +1,4 @@
|
1
|
|
-.TH "clamav-milter" "8" "March 23, 2004" "ClamAV @VERSION@" "Clam AntiVirus"
|
|
1
|
+.TH "clamav\-milter" "8" "March 23, 2004" "ClamAV @VERSION@" "Clam AntiVirus"
|
2
|
2
|
.SH "NAME"
|
3
|
3
|
.LP
|
4
|
4
|
clamav\-milter \- milter compatible mail scanner
|
...
|
...
|
@@ -11,7 +11,7 @@ Clamav\-milter is a filter for \fBsendmail(1)\fR mail server.
|
11
|
11
|
It uses a mail scanning engine built into \fBclamd(8)\fR.
|
12
|
12
|
.LP
|
13
|
13
|
Clamav\-milter can use load balancing and fault tolerant techniques to connect
|
14
|
|
-to more than one clamd(8) server and seamlessly hot-swap to even the load
|
|
14
|
+to more than one clamd(8) server and seamlessly hot\-swap to even the load
|
15
|
15
|
between different machines and to keep scanning for viruses even when a server
|
16
|
16
|
goes down.
|
17
|
17
|
When it is configured to use clamd on the the localhost, when
|
...
|
...
|
@@ -33,8 +33,8 @@ then that user must have the rights to create the file.
|
33
|
33
|
.LP
|
34
|
34
|
|
35
|
35
|
.TP
|
36
|
|
-\fB-a FROM, \-\-from<=EMAIL>\fR
|
37
|
|
-Source email address of notices. The default is MAILER-DAEMON.
|
|
36
|
+\fB\-a FROM, \-\-from<=EMAIL>\fR
|
|
37
|
+Source email address of notices. The default is MAILER\-DAEMON.
|
38
|
38
|
If \fI=EMAIL\fR is not given, thus \-\-from, then the from address is set
|
39
|
39
|
to the originating email address, however since it is likely that address is
|
40
|
40
|
forged it must not be relied upon.
|
...
|
...
|
@@ -49,11 +49,11 @@ to check if any of their machines are infected.
|
49
|
49
|
\fB\-V, \-\-version\fR
|
50
|
50
|
Print the version number and exit.
|
51
|
51
|
.TP
|
52
|
|
-\fB-C DIR, \-\-chroot=DIR\fR
|
|
52
|
+\fB\-C DIR, \-\-chroot=DIR\fR
|
53
|
53
|
Run in chroot jail DIR.
|
54
|
54
|
.IP
|
55
|
55
|
You will have to do a lot of fiddling if you want notifications to work,
|
56
|
|
-since clamav-milter calls \fBsendmail(8)\fR to handle the notifications and
|
|
56
|
+since clamav\-milter calls \fBsendmail(8)\fR to handle the notifications and
|
57
|
57
|
sendmail will run of out the same jail.
|
58
|
58
|
.TP
|
59
|
59
|
\fB\-c FILE, \-\-config\-file=FILE\fR
|
...
|
...
|
@@ -64,20 +64,20 @@ Enables debugging.
|
64
|
64
|
.TP
|
65
|
65
|
\fB\-x n, \-\-debug\-level=n\fR
|
66
|
66
|
Set the debug level to n (where n from [0..9]) if \fBclamav\-milter\fR was
|
67
|
|
-configured and compiled with \-\-clamav-debug enabled.
|
|
67
|
+configured and compiled with \-\-clamav\-debug enabled.
|
68
|
68
|
Will be replaced by \-\-debug for compatibility with other programs in the
|
69
|
69
|
suite.
|
70
|
70
|
.TP
|
71
|
|
-\fB-A, \-\-advisory\fR
|
|
71
|
+\fB\-A, \-\-advisory\fR
|
72
|
72
|
When in advisory mode, clamav\-milter flags emails with viruses but
|
73
|
73
|
still forwards them. The default option is to stop viruses.
|
74
|
|
-This mode is incompatible with \-\-quarantine and \-\-quarantine-dir.
|
|
74
|
+This mode is incompatible with \-\-quarantine and \-\-quarantine\-dir.
|
75
|
75
|
.TP
|
76
|
76
|
\fB\-b, \-\-bounce\fR
|
77
|
77
|
Send a failure message to the sender, and to the postmaster.
|
78
|
78
|
[ \fBWarning\fR: most viruses and worms
|
79
|
79
|
fake their source address, so this option is not recommended, and needs
|
80
|
|
-to be enabled at compile-time ].
|
|
80
|
+to be enabled at compile\-time ].
|
81
|
81
|
See also \-\-noreject.
|
82
|
82
|
.TP
|
83
|
83
|
\fB\-B, \-\-broadcast[=<iface>]\fR
|
...
|
...
|
@@ -89,45 +89,45 @@ first NIC.
|
89
|
89
|
A future network management program (yet to be written) will intercept these
|
90
|
90
|
broadcasts to raise a warning on the operator's desk.
|
91
|
91
|
.TP
|
92
|
|
-\fB-d, \-\-dont-scan-on-error\fR
|
|
92
|
+\fB\-d, \-\-dont\-scan\-on\-error\fR
|
93
|
93
|
If a system error occurs pass messages through unscanned,
|
94
|
94
|
usually when a system error occurs the milter raises a temporary failure which
|
95
|
95
|
generally causes the message to remain in the queue.
|
96
|
96
|
.TP
|
97
|
|
-\fB-f, \-\-force-scan\fR
|
98
|
|
-Always scan, wherever the message came from (see also --local and --outgoing).
|
|
97
|
+\fB\-f, \-\-force\-scan\fR
|
|
98
|
+Always scan, wherever the message came from (see also \-\-local and \-\-outgoing).
|
99
|
99
|
You probably don't want this.
|
100
|
100
|
.TP
|
101
|
|
-\fB-e, \-\-external\fR
|
|
101
|
+\fB\-e, \-\-external\fR
|
102
|
102
|
Usually clamav\-milter scans the emails itself without the use of an
|
103
|
103
|
external program.
|
104
|
104
|
The \-\-external option informs clamav\-milter to use an external program such
|
105
|
105
|
as clamd(8) running either on the local server or other server(s) to perform
|
106
|
106
|
the scanning.
|
107
|
107
|
.TP
|
108
|
|
-\fB\-k, \-\-blacklist-time=time\fR
|
|
108
|
+\fB\-k, \-\-blacklist\-time=time\fR
|
109
|
109
|
Tells the number of seconds to black list an IP address (IPv4 only). This
|
110
|
110
|
is especially useful with phishing which often send a number of emails one
|
111
|
111
|
after the other.
|
112
|
112
|
.IP
|
113
|
113
|
Blacklisting speeds up scanning significantly, however it does have drawbacks
|
114
|
114
|
since it is possible for a site to be incorrectly blacklisted because of DHCP
|
115
|
|
-or an unsafe smart-host.
|
116
|
|
-To avoid this, clamav-milter's blacklist does not last for ever.
|
|
115
|
+or an unsafe smart\-host.
|
|
116
|
+To avoid this, clamav\-milter's blacklist does not last for ever.
|
117
|
117
|
The recommended value is 60.
|
118
|
118
|
.IP
|
119
|
119
|
Machines on the LAN, the local host, and machines that are our MX peers are
|
120
|
120
|
never blacklisted.
|
121
|
121
|
.TP
|
122
|
|
-\fB\f-K, \-\-dont-blacklist=IP[,IP...]\fR
|
123
|
|
-Instructs clamav-milter to refrain from blacklisting IP the given addresses.
|
|
122
|
+\fB\f\-K, \-\-dont\-blacklist=IP[,IP...]\fR
|
|
123
|
+Instructs clamav\-milter to refrain from blacklisting IP the given addresses.
|
124
|
124
|
This is useful for sites that receive email from upstream servers that are
|
125
|
125
|
either untrusted or have no virus.
|
126
|
126
|
Without this option many false positives could occur.
|
127
|
127
|
This scenario often happens when the upstream server belongs to an
|
128
|
128
|
ISP that may not have AV software.
|
129
|
129
|
.TP
|
130
|
|
-\fB-l, \-\-local\fR
|
|
130
|
+\fB\-l, \-\-local\fR
|
131
|
131
|
Also scan messages sent from LAN. You probably want this especially if
|
132
|
132
|
your LAN is populated by machines running Windows or DOS.
|
133
|
133
|
.IP
|
...
|
...
|
@@ -136,7 +136,7 @@ Machines with IP addresses within the ranges 192.168.0.0/16, 10.0.0.0/8,
|
136
|
136
|
other machines are always scanned.
|
137
|
137
|
Up to 8 extra ranges may be added with the \-\-ignore option.
|
138
|
138
|
.TP
|
139
|
|
-\fB-M, \-\-freshclam-monitor\fR
|
|
139
|
+\fB\-M, \-\-freshclam\-monitor\fR
|
140
|
140
|
When not running in external mode, this option tells clamav\-milter how
|
141
|
141
|
often to check that the virus database has been updated, probably by
|
142
|
142
|
freshclam(1).
|
...
|
...
|
@@ -145,35 +145,35 @@ The default is 300 seconds.
|
145
|
145
|
The checking cannot be disabled, a value less than or equal to zero will be
|
146
|
146
|
rejected.
|
147
|
147
|
.TP
|
148
|
|
-\fB-n, \-\-noxheader\fR
|
|
148
|
+\fB\-n, \-\-noxheader\fR
|
149
|
149
|
Usually clamav\-milter adds headings to messages that are scanned.
|
150
|
|
-The headers are of the form "X-Virus-Scanned: version",
|
151
|
|
-and "X-Virus-Status: clean/infected/not-scanned".
|
|
150
|
+The headers are of the form "X\-Virus\-Scanned: version",
|
|
151
|
+and "X\-Virus\-Status: clean/infected/not\-scanned".
|
152
|
152
|
This option instructs
|
153
|
153
|
clamav\-milter to refrain from adding this heading.
|
154
|
154
|
.TP
|
155
|
|
-\fB-N, \-\-noreject\fR
|
156
|
|
-When clamav\-milter processes an e-mail which contains a virus it rejects
|
157
|
|
-the e-mail by using the SMTP code 550 or 554 depending on the state machine.
|
|
155
|
+\fB\-N, \-\-noreject\fR
|
|
156
|
+When clamav\-milter processes an e\-mail which contains a virus it rejects
|
|
157
|
+the e\-mail by using the SMTP code 550 or 554 depending on the state machine.
|
158
|
158
|
This option causes clamav\-milter to silently discard such messages.
|
159
|
159
|
It is recommended that system administrators use this option when NOT using
|
160
|
160
|
the \-\-bounce option.
|
161
|
161
|
.TP
|
162
|
|
-\fB-o, \-\-outgoing\fR
|
|
162
|
+\fB\-o, \-\-outgoing\fR
|
163
|
163
|
Scan messages generated from this machine. You probably don't need this.
|
164
|
164
|
.TP
|
165
|
|
-\fB-i, \-\-pidfile=FILE\fR
|
|
165
|
+\fB\-i, \-\-pidfile=FILE\fR
|
166
|
166
|
Notifies clamav\-milter to store its process ID in FILE.
|
167
|
167
|
The file must be creatable by clamav\-milter,
|
168
|
168
|
if the User option is set in
|
169
|
169
|
\fBclamd.conf(5)\fR,
|
170
|
170
|
then that user must have the rights to create the file.
|
171
|
171
|
.TP
|
172
|
|
-\fB-p, \-\-postmaster=EMAILADDRESS\fR
|
173
|
|
-Sets the e-mail address that receives notifications of viruses caught,
|
|
172
|
+\fB\-p, \-\-postmaster=EMAILADDRESS\fR
|
|
173
|
+Sets the e\-mail address that receives notifications of viruses caught,
|
174
|
174
|
when the \-\-quiet option is not given.
|
175
|
175
|
.TP
|
176
|
|
-\fB-P, \-\-postmaster-only\fR
|
|
176
|
+\fB\-P, \-\-postmaster\-only\fR
|
177
|
177
|
When the \-\-quiet option is not given, send a notification to the postmaster.
|
178
|
178
|
Setting this flag will include the ID of the message in the email's body
|
179
|
179
|
which can ease searching through system logs if the administrator believes it
|
...
|
...
|
@@ -181,27 +181,27 @@ is a locally sourced virus.
|
181
|
181
|
Without this option, the intended recipient of the email will also receive a
|
182
|
182
|
copy of the notification of the interception.
|
183
|
183
|
.TP
|
184
|
|
-\fB-q, \-\-quiet\fR
|
|
184
|
+\fB\-q, \-\-quiet\fR
|
185
|
185
|
Don't send any notification messages when a virus or worm is detected.
|
186
|
|
-This option overrides the \-\-bounce and \-\-postmaster-only options, and is
|
|
186
|
+This option overrides the \-\-bounce and \-\-postmaster\-only options, and is
|
187
|
187
|
the way to turn off notification to the postmaster.
|
188
|
188
|
.TP
|
189
|
|
-\fB-Q, \-\-quarantine=EMAILADDRESS\fR
|
190
|
|
-If this e-mail address is given, messages containing a virus or worm are
|
|
189
|
+\fB\-Q, \-\-quarantine=EMAILADDRESS\fR
|
|
190
|
+If this e\-mail address is given, messages containing a virus or worm are
|
191
|
191
|
redirected to it.
|
192
|
192
|
.TP
|
193
|
|
-\fB-r, \-\-report-phish=EMAILADDRESS\fR
|
194
|
|
-Report caught phishing to an anti-phish organisation's email address such
|
|
193
|
+\fB\-r, \-\-report\-phish=EMAILADDRESS\fR
|
|
194
|
+Report caught phishing to an anti\-phish organisation's email address such
|
195
|
195
|
as pirt_clamav@castlecops.com and reportphishing@antiphishing.org.
|
196
|
196
|
.TP
|
197
|
|
-\fB-R, \-\-report-phish-false-positives=EMAILADDRESS\fR
|
|
197
|
+\fB\-R, \-\-report\-phish\-false\-positives=EMAILADDRESS\fR
|
198
|
198
|
Report phish false positves to an email address, such as bugs@clamav.net.
|
199
|
199
|
.TP
|
200
|
|
-\fB-U, \-\-quarantine-dir=DIR\fR
|
|
200
|
+\fB\-U, \-\-quarantine\-dir=DIR\fR
|
201
|
201
|
If this option is given, infected files are left in this directory.
|
202
|
202
|
The directory must not be publicly readable or writable, if it is,
|
203
|
203
|
clamav\-milter will issue an error and fail to start.
|
204
|
|
-\fBNote\fR - this option only works when using LocalSocket.
|
|
204
|
+\fBNote\fR \- this option only works when using LocalSocket.
|
205
|
205
|
.TP
|
206
|
206
|
\fB\-\-server=HOSTNAME/ADDRESS, \-s HOSTNAME/ADDRESS\fR
|
207
|
207
|
IP address or hostname of server(s) running clamd (when using TCPsocket and
|
...
|
...
|
@@ -219,7 +219,7 @@ Add a hard\-coded signature to each scanned file. It is likely that this
|
219
|
219
|
signature will only display on the end user's terminal if the message is
|
220
|
220
|
plain/text or not encoded.
|
221
|
221
|
.TP
|
222
|
|
-\fB\-\-signature-file, \-F\fR
|
|
222
|
+\fB\-\-signature\-file, \-F\fR
|
223
|
223
|
Location of file to be appended to each scanned message. Overrides \-S.
|
224
|
224
|
.TP
|
225
|
225
|
\fB\-\-max\-children=n, \-m n\fR
|
...
|
...
|
@@ -237,9 +237,9 @@ unless your system is under great load.
|
237
|
237
|
Note, however, that the default build is for SESSION to be disabled.
|
238
|
238
|
.TP
|
239
|
239
|
\fB\-\-dont\-wait\fR
|
240
|
|
-Tells clamav\-milter what do to if the max-children number is exceeded.
|
|
240
|
+Tells clamav\-milter what do to if the max\-children number is exceeded.
|
241
|
241
|
Usually clamav\-milter waits until a child dies or the timeout value has been
|
242
|
|
-exceeded, which ever comes first, however with dont-wait enabled, clamav\-milter
|
|
242
|
+exceeded, which ever comes first, however with dont\-wait enabled, clamav\-milter
|
243
|
243
|
will inform the remote SMTP client to retry later.
|
244
|
244
|
.TP
|
245
|
245
|
\fB\-\-dont\-sanitise\fR
|
...
|
...
|
@@ -259,8 +259,8 @@ Occurrences of %h are replaced with the message's headers.
|
259
|
259
|
The %v string can be escaped thus, \\%v, to send the string %v.
|
260
|
260
|
The % character can be escaped thus, %%, to send the % character.
|
261
|
261
|
Any occurrence of strings in dollar signs are replaced with the appropriate
|
262
|
|
-sendmail-variable, e.g. ${if_addr}$.
|
263
|
|
-If the \-t option is not given, clamav\-milter defaults to a hard-coded message.
|
|
262
|
+sendmail\-variable, e.g. ${if_addr}$.
|
|
263
|
+If the \-t option is not given, clamav\-milter defaults to a hard\-coded message.
|
264
|
264
|
Note that to send warning messages, clamav\-milter must be able to execute
|
265
|
265
|
sendmail.
|
266
|
266
|
.TP
|
...
|
...
|
@@ -268,7 +268,7 @@ sendmail.
|
268
|
268
|
File points to a file whose contents are added to the headers of the
|
269
|
269
|
warning message given to the \fB\-\-template\-file\fR option.
|
270
|
270
|
For example, to state the character set of the message,
|
271
|
|
-put "Content-Type: text/plain; charset=koi8-r" into the file.
|
|
271
|
+put "Content\-Type: text/plain; charset=koi8\-r" into the file.
|
272
|
272
|
.TP
|
273
|
273
|
\fB\-\-timeout=n \-T n\fR
|
274
|
274
|
Used in conjunction with max\-children. If clamav\-milter waits for more than
|
...
|
...
|
@@ -276,15 +276,15 @@ Used in conjunction with max\-children. If clamav\-milter waits for more than
|
276
|
276
|
will turn off the timeout and clamav\-milter will wait indefinitely for the
|
277
|
277
|
scanning to quit. In practice the timeout set by sendmail will then take over.
|
278
|
278
|
.TP
|
279
|
|
-\fB\-\-detect-forged-local-address \-L\fR
|
|
279
|
+\fB\-\-detect\-forged\-local\-address \-L\fR
|
280
|
280
|
When neither \-\-force, \-\-local nor \-\-outgoing is given,
|
281
|
281
|
this option intercepts incoming mails that incorrectly claim to be from the
|
282
|
282
|
local domain.
|
283
|
283
|
.TP
|
284
|
|
-\fB\-\-whitelist-file=FILE, \-W file\fR
|
285
|
|
-This option specifies a file which contains a list of e-mail addresses.
|
286
|
|
-E-mails sent to or from these addresses will NOT be checked.
|
287
|
|
-While this is not an Anti-Virus function, it is quite useful for some systems.
|
|
284
|
+\fB\-\-whitelist\-file=FILE, \-W file\fR
|
|
285
|
+This option specifies a file which contains a list of e\-mail addresses.
|
|
286
|
+E\-mails sent to or from these addresses will NOT be checked.
|
|
287
|
+While this is not an Anti\-Virus function, it is quite useful for some systems.
|
288
|
288
|
The address given to the \-\-quarantine directive is always whitelisted.
|
289
|
289
|
.IP
|
290
|
290
|
The file consists of a list of addresses, each address on a line enclosed
|
...
|
...
|
@@ -294,14 +294,14 @@ indicating if it is the sender or recipient that is to be whitelisted. If the
|
294
|
294
|
field is missing, the default is \fITo\fR.
|
295
|
295
|
Lines starting with #, : or ! are ignored.
|
296
|
296
|
.TP
|
297
|
|
-\fB\-\-sendmail-cf=FILE\fR
|
|
297
|
+\fB\-\-sendmail\-cf=FILE\fR
|
298
|
298
|
When starting, clamav\-milter runs some sanity checks against the sendmail.cf
|
299
|
299
|
file, usually in /etc/sendmail.cf or /etc/mail/sendmail.cf. This directive
|
300
|
300
|
tells clamav\-milter where to find the sendmail.cf file.
|
301
|
301
|
.TP
|
302
|
|
-\fB\-\-black-hole-mode\fR
|
|
302
|
+\fB\-\-black\-hole\-mode\fR
|
303
|
303
|
Since \fIsendmail\fR calls its milters before it looks in its alias and virtuser
|
304
|
|
-tables, clamav-milter can spend time looking for malware that's going to be
|
|
304
|
+tables, clamav\-milter can spend time looking for malware that's going to be
|
305
|
305
|
thrown away even if the message is clean.
|
306
|
306
|
.IP
|
307
|
307
|
Enabling this stops these messages from being scanned
|
...
|
...
|
@@ -309,14 +309,14 @@ Enabling this stops these messages from being scanned
|
309
|
309
|
these messages so the message doesn't go further down the milter call chain).
|
310
|
310
|
Only enable this if your site has many addresses aliased to /dev/null.
|
311
|
311
|
.IP
|
312
|
|
-To enable this mode clamav-milter must have certain sendmail rights:
|
|
312
|
+To enable this mode clamav\-milter must have certain sendmail rights:
|
313
|
313
|
it needs to run as a TrustedUser as defined by \fIsendmail\fR
|
314
|
314
|
(see http://www.sendmail.org/m4/tweaking_config.html)
|
315
|
315
|
by the use of the User directive in clamd.conf,
|
316
|
316
|
the clamav user must be able read the mail queue (often /var/spool/mqueue),
|
317
|
317
|
and AllowSupplementaryGroups must be enabled in clamd.conf.
|
318
|
318
|
Some operating systems set \fI/var/spool/mqueue\fR to be mode 700 forcing you to
|
319
|
|
-run clamav-milter as root for black-hole-mode.
|
|
319
|
+run clamav\-milter as root for black\-hole\-mode.
|
320
|
320
|
This is always unadvisable, it is better to have \fI/var/spool/mqueue\fR as
|
321
|
321
|
mode 750.
|
322
|
322
|
.SH "BUGS"
|