@@ -7,7 +7,16 @@ use Getopt::Long qw(:config gnu_getopt);

 sub wwarn {

 	my $w = shift;

-	warn "WARINING: $w";

+	warn "WARNING: $w\n";

+}

+

+sub tosconf {

+	my ($cfg, $v) = @_;

+	if($v) {

+		my $sep = $v=~/ / ? '"' : '';

+		$v = "\n$cfg $sep$v$sep";

+	}

+	return $v;

 }

 my $notify = 0;

@@ -25,7 +34,7 @@ my $monitor = 0;

 my $oninfected = 'Reject';

 my $onfail = 'Defer';

 my @localnets = ();

-my $whitelist;

+my $whitelist = '';

 my $config = '';

 my $chroot = '';

 my $pidfile = '';

@@ -50,7 +59,7 @@ GetOptions (

 	"debug|D" => \$debug,

 	"sign|S" => \$sign,

 	"signature-file|F=s" => \$sign,

-	"broadcast|B" => \$broad,

+	"broadcast|B=s" => \$broad,

 	"detect-forged-local-address|L" => \$forge,

 	"dont-sanitise|z" => sub { $sanity = 0 },

 	"black-hole-mode|2" => \$blackhole,

@@ -106,6 +115,7 @@ if ($config) {

 	}

 }

+die "FAIL: No socket provided" unless $ARGV[0];

 die "FAIL: Unable to determine clamd socket\n" unless scalar keys %clamds;

 wwarn "Notifications and bounces are no longer supported.

@@ -156,9 +166,238 @@ As a result the following command line options cannot be converted into new conf

  --max-children (-m)

  --dont-wait (-w)

  --timeout (-T)

-

 Please make use of the native Sendmail / Postfix rate limiting facilities

 " if $rate;

 wwarn "The option --freshclam-monitor (-M) only made sense in internal mode\nPlease configure freshclam to notify clamd about updates instead\n" if $monitor;

+wwarn "Here is the auto generated config file. Please review:\n";

+

+my $mysock = tosconf('MilterSocket', $ARGV[0]);

+$chroot = tosconf('Chroot', $chroot);

+$pidfile = tosconf('PidFile', $pidfile);

+$oninfected = tosconf('OnInfected', $oninfected);

+$onfail = tosconf('OnFail', $onfail);

+$whitelist = tosconf('Whitelist', $whitelist);

+$addheader = $addheader ? "\nAddHeader Yes" : '';

+

+print <<BLOCK1;

+##

+## Example config file for clamav-milter

+## (automatically generated by make-clamav-milter-conf.pl)

+##

+

+# Comment or remove the line below.

+Example

+

+

+##

+## Main options

+##

+

+# Define the interface through which we communicate with sendmail

+# This option is mandatory! Possible formats are:

+# [[unix|local]:]/path/to/file - to specify a unix domain socket

+# inet:port@[hostname|ip-address] - to specify an ipv4 socket

+# inet6:port@[hostname|ip-address] - to specify an ipv6 socket

+#

+# Default: no default

+#MilterSocket /tmp/clamav-milter.socket

+#MilterSocket inet:7357$mysock

+

+# Remove stale socket after unclean shutdown.

+#

+# Default: yes

+#FixStaleSocket yes

+

+# Run as another user (clamav-milter must be started by root for this option to work)

+#

+# Default: unset (don't drop privileges)

+#User clamav /* FIXME */

+

+# Initialize supplementary group access (clamd must be started by root).

+#

+# Default: no

+#AllowSupplementaryGroups no /* FIXME */

+

+# Waiting for data from clamd will timeout after this time (seconds).

+# Value of 0 disables the timeout.

+#

+# Default: 120

+#ReadTimeout 300

+

+# Don't fork into background.

+#

+# Default: no

+#Foreground yes /* FIXME */

+

+# Chroot to the specified directory.

+# Chrooting is performed just after reading the config file and before dropping privileges.

+#

+# Default: unset (don't chroot)

+#Chroot /newroot$chroot

+

+# This option allows you to save a process identifier of the listening

+# daemon (main thread).

+#

+# Default: disabled

+#PidFile /var/run/clamd.pid$pidfile

+

+# Optional path to the global temporary directory.

+# Default: system specific (usually /tmp or /var/tmp).

+#

+#TemporaryDirectory /var/tmp /* FIXME */

+

+##

+## Clamd options

+##

+

+# Define the clamd socket to connect to for scanning.

+# If not set (the default), clamav-milter uses internal mode.

+# This option is mandatory! Syntax:

+# ClamdSocket unix:path

+# ClamdSocket tcp:host:port

+# The first syntax specifies a local unix socket (needs an bsolute path) e.g.:

+#     ClamdSocket unix:/var/run/clamd/clamd.socket

+# The second syntax specifies a tcp local or remote tcp socket: the

+# host can be a hostname or an ip address; the ":port" field is only required

+# for IPv6 addresses, otherwise it defaults to 3310

+#     ClamdSocket tcp:192.168.0.1

+#

+# This option can be repeated several times with different sockets or even

+# with the same socket: clamd servers will be selected in a round-robin fashion.

+#

+# Default: no default

+#ClamdSocket tcp:scanner.mydomain:7357

+BLOCK1

+

+print "ClamdSocket \"$_\"\n" foreach (keys %clamds);

+print <<BLOCK2;

+

+

+##

+## Exclusions

+##

+

+# Messages originating from these hosts/networks will not be scanned

+# This option takes a host(name)/mask pair in CIRD notation and can be

+# repeated several times. If "/mask" is omitted, a host is assumed.

+# To specify a locally orignated, non-smtp, email use the keyword "local"

+#

+# Default: unset (scan everything regardless of the origin)

+#LocalNet local

+#LocalNet 192.168.0.0/24

+#LocalNet 1111:2222:3333::/48

+

+# This option specifies a file which contains a list of POSIX regular

+# expressions. Addresses (sent to or from - see below) matching these regexes

+# will not be scanned.  Optionally each line can start with the string "From:"

+# or "To:" (note: no whitespace after the colon) indicating if it is, 

+# respectively, the sender or recipient that is to be whitelisted.

+# If the field is missing, "To:" is assumed.

+# Lines starting with #, : or ! are ignored.

+#

+# Default unset (no exclusion applied)

+#Whitelist /etc/whitelisted_addresses$whitelist

+

+

+##

+## Actions

+##

+

+# The following group of options controls the delievery process under

+# different circumstances.

+# The following actions are available:

+# - Accept

+#   The message is accepted for delievery

+# - Reject

+#   Immediately refuse delievery (a 5xx error is returned to the peer)

+# - Defer

+#   Return a temporary failure message (4xx) to the peer

+# - Blackhole (not available for OnFail)

+#   Like accept but the message is sent to oblivion

+# - Quarantine (not available for OnFail)

+#   Like accept but message is quarantined instead of being deilievered

+#   In sendmail the quarantine queue can be examined via mailq -qQ

+#   For Postfix this causes the message to be accepted but placed on hold

+# 

+# Action to be performed on clean messages (mostly useful for testing)

+# Default Accept

+#OnClean Accept

+

+# Action to be performed on infected messages

+# Default: Quarantine

+#OnInfected Quarantine$oninfected

+

+# Action to be performed on error conditions (this includes failure to

+# allocate data structures, no scanners available, network timeouts,

+# unknown scanner replies and the like)

+# Default Defer

+#OnFail Defer$onfail

+

+# If this option is set to Yes, an "X-Virus-Scanned" and an "X-Virus-Status"

+# headers will be attached to each processed message, possibly replacing

+# existing headers. 

+# Default: No

+#AddHeader Yes$addheader

+

+

+##

+## Logging options

+##

+

+# Uncomment this option to enable logging.

+# LogFile must be writable for the user running daemon.

+# A full path is required.

+#

+# Default: disabled

+#LogFile /tmp/clamav-milter.log

+

+# By default the log file is locked for writing - the lock protects against

+# running clamav-milter multiple times.

+# This option disables log file locking.

+#

+# Default: no

+#LogFileUnlock yes

+

+# Maximum size of the log file.

+# Value of 0 disables the limit.

+# You may use 'M' or 'm' for megabytes (1M = 1m = 1048576 bytes)

+# and 'K' or 'k' for kilobytes (1K = 1k = 1024 bytes). To specify the size

+# in bytes just don't use modifiers.

+#

+# Default: 1M

+#LogFileMaxSize 2M

+

+# Log time with each message.

+#

+# Default: no

+#LogTime yes

+

+# Use system logger (can work together with LogFile).

+#

+# Default: no

+#LogSyslog yes

+

+# Specify the type of syslog messages - please refer to 'man syslog'

+# for facility names.

+#

+# Default: LOG_LOCAL6

+#LogFacility LOG_MAIL

+

+# Enable verbose logging.

+#

+# Default: no

+#LogVerbose yes

+

+

+##

+## Limits

+##

+

+# Messages larger than this value won't be scanned.

+# Default: 25M

+#MaxFileSize 150M /* FIXME */

+BLOCK2

+

+

@@ -1,6 +1,5 @@

 ##

-## Example config file for the clamav-milter

-## /* FIXME : NOT DONE YET */ Please read the clamav-milter.conf(5) manual before editing this file.

+## Example config file for clamav-milter

 ##

 # Comment or remove the line below.

@@ -18,51 +17,46 @@ Example

 # inet6:port@[hostname|ip-address] - to specify an ipv6 socket

 #

 # Default: no default

-##MilterSocket /tmp/clamav-milter.socket

-##MilterSocket inet:7357

+#MilterSocket /tmp/clamav-milter.socket

+#MilterSocket inet:7357

 # Remove stale socket after unclean shutdown.

 #

 # Default: yes

-##FixStaleSocket yes

-

-# Maximum number of threads running at the same time.

-#

-# Default: 10

-##MaxThreads 20

+#FixStaleSocket yes

 # Run as another user (clamav-milter must be started by root for this option to work)

 #

 # Default: unset (don't drop privileges)

-##User clamav

+#User clamav

 # Initialize supplementary group access (clamd must be started by root).

 #

 # Default: no

-##AllowSupplementaryGroups no

+#AllowSupplementaryGroups no

 # Waiting for data from clamd will timeout after this time (seconds).

 # Value of 0 disables the timeout.

 #

 # Default: 120

-##ReadTimeout 300

+#ReadTimeout 300

 # Don't fork into background.

 #

 # Default: no

-##Foreground yes

+#Foreground yes

 # Chroot to the specified directory.

 # Chrooting is performed just after reading the config file and before dropping privileges.

 #

 # Default: unset (don't chroot)

-##Chroot /newroot

+#Chroot /newroot

 # This option allows you to save a process identifier of the listening

 # daemon (main thread).

 #

 # Default: disabled

-##PidFile /var/run/clamd.pid

+#PidFile /var/run/clamd.pid

 # Optional path to the global temporary directory.

 # Default: system specific (usually /tmp or /var/tmp).

@@ -89,14 +83,7 @@ Example

 # with the same socket: clamd servers will be selected in a round-robin fashion.

 #

 # Default: no default

-##ClamdSocket tcp:scanner.mydomain:7357

-

-# WARNING: The following options are deprecated and may go away soon.

-# Please use ClamdSocket instead!

-# Default: disabled

-#LocalSocket

-#TCPSocket

-#TCPAddr

+#ClamdSocket tcp:scanner.mydomain:7357

 ##

@@ -175,14 +162,14 @@ Example

 # A full path is required.

 #

 # Default: disabled

-##LogFile /tmp/clamav-milter.log

+#LogFile /tmp/clamav-milter.log

 # By default the log file is locked for writing - the lock protects against

 # running clamav-milter multiple times.

 # This option disables log file locking.

 #

 # Default: no

-##LogFileUnlock yes

+#LogFileUnlock yes

 # Maximum size of the log file.

 # Value of 0 disables the limit.

@@ -191,28 +178,28 @@ Example

 # in bytes just don't use modifiers.

 #

 # Default: 1M

-##LogFileMaxSize 2M

+#LogFileMaxSize 2M

 # Log time with each message.

 #

 # Default: no

-##LogTime yes

+#LogTime yes

 # Use system logger (can work together with LogFile).

 #

 # Default: no

-##LogSyslog yes

+#LogSyslog yes

 # Specify the type of syslog messages - please refer to 'man syslog'

 # for facility names.

 #

 # Default: LOG_LOCAL6

-##LogFacility LOG_MAIL

+#LogFacility LOG_MAIL

 # Enable verbose logging.

 #

 # Default: no

-##LogVerbose yes

+#LogVerbose yes

 ##

@@ -221,82 +208,5 @@ Example

 # Messages larger than this value won't be scanned.

 # Default: 25M

-##MaxFileSize 150M

-

-# WARNING: The following two options are deprecated and may go away soon.

-# Please use MaxFile size instead!

-# For compatibility reasons the minimum value among MaxFileSize,

-# MaxScanSize and StreamMaxLength will be used.

-#MaxScanSize

-#StreamMaxLength

-

-

-##

-## Deprecated options

-##

+#MaxFileSize 150M

-# The following deprecated options are only kept for compatibility

-# reaosns and may go away soon. These do not affect clamav-milter

-# in any way, except for a small warning emitted on startup.

-

-#ArchiveBlockEncrypted

-#DatabaseDirectory

-#Debug

-#DetectBrokenExecutables

-#LeaveTemporaryFiles

-#MailFollowURLs

-#MaxRecursion

-#MaxFiles

-#PhishingSignatures

-#ScanArchive

-#ScanHTML

-#ScanMail

-#ScanOLE2

-#ScanPE

-

-

-#Todo

-##-C --chroot

-#-D --debug

-##-i --pidfile

-##-I --ignore

-##-W --whitelist-file

-

-#Deprecated switches

-#-a --from

-#-H --headers

-#-x --debug-level

-#-b --bounce

-#-B --broadcast

-#-f --force-scan

-#-e --external

-#-k --blacklist-time

-#-K --dont-blacklist

-#-l --local

-#-M --freshclam-monitor

-#-o --outgoing

-#-p --postmaster

-#-P --postmaster-only

-#-q --quiet

-#-r --report-phish

-#-R --report-phish-false-positives

-#-s --sign

-#-F --signature-file

-#-m --max-children

-#--dont-wait

-#--dont-sanitise

-#-t --template-file

-#--template-headers

-#-T --timeout

-#-L --detect-forged-local-address

-#--sendmail-cf

-#--black-hole-mode

-#--server

-

-#Reworked

-##-A --advisory

-##-d --dont-scan-on-error

-##-n --noxheader

-##-N --noreject

-##-Q --quarantine

-##-U, --quarantine-dir