PORTVERSION=	4.38.2

PORTVERSION=	4.42.1

		${LOCALBASE}/bin/unzip:${PORTSDIR}/archivers/unzip

		${LOCALBASE}/bin/unzip:${PORTSDIR}/archivers/unzip \

		${LOCALBASE}/bin/unrar:${PORTSDIR}/archivers/unrar

		spam.lists.conf virus.scanners.conf

		spam.lists.conf virus.scanners.conf \

		phishing.safe.sites.conf

		s,/opt/MailScanner/lib,${PREFIX}/lib/MailScanner,g;' \

		s,/opt/MailScanner/lib,${PREFIX}/lib/MailScanner,g; \

		s,/usr/bin/unrar,${LOCALBASE}/bin/unrar,g; \

		s,/etc/mail/spamassassin,${LOCALBASE}/etc/mail/spamassassin,g;' \

MD5 (MailScanner-install-4.38.2-1.tar.gz) = d3849865be7518c1b3d5915df9753a48

MD5 (MailScanner-install-4.42.1-1.tar.gz) = 7cb2929b0cd364be57e0d4534bb672f6

SIZE (MailScanner-install-4.38.2-1.tar.gz) = 5618312

SIZE (MailScanner-install-4.42.1-1.tar.gz) = 4701002

@comment $FreeBSD: ports/mail/mailscanner/pkg-plist,v 1.16 2004/11/01 20:10:10 sem Exp $

@comment $FreeBSD: ports/mail/mailscanner/pkg-plist,v 1.19 2005/02/16 16:11:36 vs Exp $

# $Id: Sophos.install.freebsd,v 1.3 2004/01/31 23:54:55 sergei Exp $

# $Id: Sophos.install.freebsd,v 1.3 2004/01/31 23:43:16 sergei Exp $

--- ../MailScanner-install-4.38.2.orig/docs/man/MailScanner.8	Mon Jan 17 15:49:00 2005

--- ../MailScanner-install-4.40.10.old/docs/man/MailScanner.8	Fri Apr  1 16:10:19 2005

+++ docs/man/MailScanner.8	Mon Jan 17 15:54:03 2005

+++ docs/man/MailScanner.8	Fri Apr  1 16:10:33 2005

-.TH "MailScanner" "8" "4.34.8" "Julian Field" "Mail"

-.TH "MailScanner" "8" "4.38.2" "Julian Field" "Mail"

+.TH "MailScanner" "8" "4.38.2" "Julian Field" "Mail"

+.TH "MailScanner" "8" "4.41.3" "Julian Field" "Mail"

--- ../MailScanner-install-4.38.2.orig/docs/man/MailScanner.8.html	Mon Jan 17 15:49:00 2005

--- ../MailScanner-install-4.40.10.old/docs/man/MailScanner.8.html	Fri Apr  1 16:10:19 2005

+++ docs/man/MailScanner.8.html	Mon Jan 17 15:54:04 2005

+++ docs/man/MailScanner.8.html	Fri Apr  1 16:10:35 2005

-<!-- CreationDate: Fri Oct 15 15:13:21 2004 -->

-<!-- CreationDate: Mon Jan 17 15:53:41 2005 -->

+<!-- CreationDate: Mon Jan 17 15:53:41 2005 -->

+<!-- CreationDate: Fri Apr  1 16:08:30 2005 -->

--- ../MailScanner-install-4.38.2.orig/docs/man/MailScanner.conf.5	Mon Jan 17 15:49:00 2005

--- ../MailScanner-install-4.40.10.old/docs/man/MailScanner.conf.5	Fri Apr  1 16:10:19 2005

+++ docs/man/MailScanner.conf.5	Mon Jan 17 15:54:08 2005

+++ docs/man/MailScanner.conf.5	Fri Apr  1 16:10:37 2005

-.TH "MailScanner.conf" "5" "4.34.8" "Julian Field" "Mail"

-.TH "MailScanner.conf" "5" "4.38.2" "Julian Field" "Mail"

+.TH "MailScanner.conf" "5" "4.38.2" "Julian Field" "Mail"

+.TH "MailScanner.conf" "5" "4.41.3" "Julian Field" "Mail"

@@ -485,7 +485,7 @@

@@ -27,7 +27,9 @@

 .br 

 Many of the options can also be the filename of a ruleset, which can be used to control features depending on the addresses of the message, and/or the IP address where the message came from. You will find some examples of rulesets and an explanation of them in the "rules" directories within the MailScanner installation and in the section "RULESETS" later in this manpage.

 .br 

 .LP 

-Which Virus Scanning package to use. Possible choices are sophos, sophossavi, mcafee, command, bitdefender, kaspersky, kaspersky\-4.5, kavdaemonclient, inoculate, inoculan, nod32, nod32\-1.99, f\-secure, f\-prot, panda, rav, antivir, clamav, clamavmodule, css, trend, norman, avg, vexira, none (no virus scanning at all). This *cannot* be the filename of a ruleset.

-The options are best listed in a few categories. This is also the order in which you will find them in the MailScanner.conf file. If this list looks very large then don't worry, the supplied MailScanner.conf file (or MailScanner.conf.sample) contains sensible defaults for all the values. You will probably only need to change a very few of them to start with.

+Which Virus Scanning package to use. Possible choices are sophos, sophossavi, mcafee, command, bitdefender, kaspersky, kaspersky\-4.5, kavdaemonclient, inoculate, inoculan, nod32, nod32\-1.99, f\-secure, f\-prot, panda, rav, antivir, clamav, clamavmodule, css, trend, norman, avg, vexira, symscanengine, generic, none (no virus scanning at all). This *cannot* be the filename of a ruleset.

+The options are best listed in a few categories. If this list looks very large then don't worry, the supplied MailScanner.conf file (or MailScanner.conf.sample) contains sensible defaults for all the values. You will probably only need to change a very few of them to start with.

 .br 

+

+Starting with version 4.40.10 of MailScanner you can use shell environment variables such as $HOSTNAME or ${HOSTNAME} in MailScanner.conf and its relatives.

@@ -585,13 +585,22 @@

 Note: Some Symantec scanners complain (incorrectly) about "." characters appearing in the names of headers.

+

+.TP 

+\fB%org\-long\-name%\fR

+Default: Your Organisation Name Here

+.br 

+

+.br 

+Enter the full name of your organisation below, this is used in the signature placed at the bottom of report messages sent by MailScanner. It can include pretty much any text you like. You can make the result span several lines by including "\n" sequences in the text. These will be replaced by line\-breaks.

+

+.TP 

+\fB%web\-site%\fR

+Default: www.your\-organisation.com

+.br 

+

+.br 

+Enter the location of your organisation's web site below. This is used in the signature placed at the bottom of report messages sent by MailScanner. It should preferably be the location of a page that you have written explaining why you might have rejected the mail and what the recipient and/or sender should do about it.

 .SH "System Settings"

 \fBFind Phishing Fraud\fR

 \fBMax Children\fR

-Default: no

@@ -370,6 +388,23 @@

+Default: yes

 .br 

 Do you want to check for "Phishing" attacks? These are attacks that look like a genuine email message from your bank, which contain a link to click on to take you to the web site where you will be asked to type in personal information such as your account number or credit card details. Except it is not the real bank's web site at all, it is a very good copy of it run by thieves who want to steal your personal information or credit card details. These can be spotted because the real address of the link in the message is not the same as the text that appears to be the link. Note: This does cause significant extra load, particularly on systems       receiving lots of spam such as secondary MX hosts. This *cannot* be the filename of a ruleset, it must be 'yes' or 'no'.

 The maximum length of time the "file" command is allowed to run for one batch of messages (in seconds).

 \fBAllow IFrame Tags\fR

+\fBUnrar Timeout\fR

+Default: 50

+.br 

+

+.br 

+The maximum length of time the "unrar" command is allowed to run for 1 RAR archive (in seconds)

+

 .TP 

 \fBBlock Encrypted Messages\fR

 .br 

@@ -562,6 +597,41 @@

@@ -781,6 +790,15 @@

 When an entire message is saved in the quarantine for any reason, do you want to save it as the raw data files out of the mail queue (which can be processed with the df2mbox script, and which is easier to send to its original recipients), or do you want a conventional message file consisting of the header followed by the body of the message. If the previous option is switched off, then this will only affect archived mail and quarantined spam. If the previous option is on, then this also affects quarantined infections. 

 .TP 

 .br 

+\fBKeep Spam And MCP Archive Clean\fR

 ClamAVModule only: monitor each of these files for changes in size to detect when a ClamAV update has happened. This is only used by the "clamavmodule" virus scanner, not the "clamav" scanner setting.

+Default: no

+

+.TP 

+\fBClamAVmodule Maximum Recursion Level\fR

+Default: 5

+Do you want to stop any virus\-infected spam getting into the spam or MCP archives? If you have a system where users can release messages from the spam or MCP archives, then you probably want to stop them being able to release any infected messages, so set this to yes. It is set to no by default as it causes a small hit in performance, and many people don't allow users to access the spam quarantine, so don't need it. This can also be the filename of a ruleset.

+ClamAVModule only: The maximum recursion level of archives. This setting *cannot* be the filename of a ruleset, only a simple number.

+

+.TP 

+\fBClamAVmodule Maximum Files\fR

+Default: 100

+.br 

+

+.br 

+ClamAVModule only: The maximum number of files per batch. This setting *cannot* be the filename of a ruleset, only a simple number.

 \fBLanguage Strings\fR

+\fBClamAVmodule Maximum File Size\fR

 Default: %reports\-dir%/languages.conf

+Default: 10000000

 .br 

+.br 

@@ -1266,12 +1284,11 @@

+

+.br 

+ClamAVModule only: The maximum file of each file (Default = 10MB). This setting *cannot* be the filename of a ruleset, only a simple number.

+

+

+.TP 

+\fB\fRClamAVmodule Maximum Compression Ratio

+Default: 250

+.br 

+

+.br 

+ClamAVModule only: The maximum compression ration of archives. This setting *cannot* be the filename of a ruleset, only a simple number.

+ 

 .SH "Removing/Logging dangerous or potentially offensive content"

 \fBAttachment Encoding Charset\fR

 \fBAllow Partial Messages\fR

-Default: us\-ascii

@@ -601,6 +671,15 @@

+Default: ISO\-8859\-1

 .br 

 .br 

 .TP 

 If you give this option a ruleset, you can control exactly whose mail is archived or forwarded. If you do this, beware of the legal implications as this could be deemed to be illegal interception unless the police have asked you to do this.

+\fBPhishing Safe Sites File\fR

+Default: %etc\-dir%/phishing.safe.sites.conf

+

-

-

+Any of the items above can contain the magic string _DATE_ in them which will be replaced with the current date in yyyymmdd format. This will make archive\-rolling and maintenance much easier, as you can guarantee that yesterday's mail archive will not be in active use today.

+There are some companies, such as banks, that insist on sending out email messages with links in them that are caught by the "Find Phishing Fraud" test described above. This is the name of a file which contains a list of link destinations which should be ignored in the test. This may, for example, contain the known websites of some banks. See the file itself for more information. This can only be the name of the file containing the list, it *cannot* be the filename of a ruleset.

 .SH "Notices to system administrators"

+

 .TP 

+

 \fBSend Notices\fR

+.TP 

@@ -1595,22 +1613,24 @@

 \fBAllow IFrame Tags\fR

 Default: no

 .RS 7

@@ -1753,6 +1832,12 @@

 .IP  \(bu 4

-"deliver" \- the message is delivered to the recipient as normal 

+deliver \- the message is delivered to the recipient as normal 

 .IP  \(bu 4

-"delete" \- the message is deleted 

+delete \- the message is deleted 

 .IP  \(bu 4

-"store" \- the message is stored in the quarantine 

+store \- the message is stored in the quarantine 

 .IP  \(bu 4

-"forward" \- an email address is supplied, to which the message is forwarded 

+forward \- an email address is supplied, to which the message is forwarded 

 .IP  \(bu 4

-"notify" \- Send the recipients a short notification that spam addressed to them was not delivered. They can then take action to request retrieval of the orginal message if they think it was not spam.

+notify \- Send the recipients a short notification that spam addressed to them was not delivered. They can then take action to request retrieval of the orginal message if they think it was not spam.

 .IP  \(bu 4

-"striphtml" \- convert all in\-line HTML content in the message to be stripped to plain text, which removes all images and scripts and so can be used to protect your users from offensive spam. Note that using this action on its own does not imply that the message will be delivered, you will need to specify "deliver" or "forward" to actually deliver the message. 

+striphtml \- convert all in\-line HTML content in the message to be stripped to plain text, which removes all images and scripts and so can be used to protect your users from offensive spam. Note that using this action on its own does not imply that the message will be delivered, you will need to specify "deliver" or "forward" to actually deliver the message. 

 .IP  \(bu 4

-"attachment" \- Convert the original message into an attachment of the message. This means the user has to take an extra step to open the spam, and stops "web bugs" very effectively.

+attachment \- Convert the original message into an attachment of the message. This means the user has to take an extra step to open the spam, and stops "web bugs" very effectively.

 .IP  \(bu 4

-"bounce" \- bounce the spam message. This option should not be used and must be enabled with the "Enable Spam Bounce" option first.

+bounce \- bounce the spam message. This option should not be used and must be enabled with the "Enable Spam Bounce" option first.

+.IP  \(bu 4

+header "name: value" \- Add the header "name: value" to the message. name must not contain any spaces.

 .RE

 .TP 

@@ -1725,8 +1745,16 @@

 Log all the filenames that are allowed by the Filetype Rules, or just the filetypes that are denied? This can also be the filename of a ruleset.

 Log all occurrences of "Silent Viruses" as defined above? This can only be a simple yes/no value, not a ruleset.

+\fBLog Silent Viruses\fR

+\fBLog Dangerous HTML Tags\fR

+

+Log all occurrences of HTML tags found in messages, that can be blocked. This will help you build up your whitelist of message sources for which particular HTML tags should be allowed, such as mail from newsletters and daily cartoon strips. This can also be the filename of a ruleset.

+.br 

+Log all occurrences of "Silent Viruses" as defined above? This can only be a simple yes/no value, not a ruleset.

-If you are using Postfix you may well need to use some of the settings below, as the home directory for the "postfix" user cannot be written to by the "postfix" user. You may also need to use these if you have installed SpamAssassin somewhere other than the default location.

 If you are using Postfix you may well need to use some of the settings below, as the home directory for the "postfix" user cannot be written to by the "postfix" user. You may also need to use these if you have installed SpamAssassin somewhere other than the default location. 

+If you are using Postfix you may well need to use some of the settings below, as the home directory for the "postfix" user cannot be written to by the "postfix" user. You may also need to use these if you have installed SpamAssassin somewhere other than the default location. 

 .TP 

 \fBSpamAssassin User State Dir\fR

@@ -1734,7 +1762,7 @@

 .br 

 .br 

-The per\-user files (bayes, auto\-whitelist, user_prefs) are looked for here and in ~/.spamassassin/. Note the files are mutable. If this is unset then no extra places are searched for. If using Postfix, you probably want to set this to /var/spool/MailScanner/spamassassin and do

+The per\-user files (bayes, auto\-whitelist, user_prefs) are looked for here and in ~/.spamassassin/. Note the files are mutable. If this is unset then no extra places are searched for. NOTE: SpamAssassin is always called from MailScanner as the same user, and that is the "Run As" user specified in MailScanner.conf. So you can only have 1 set of "per\-user" files, it's just that you might possibly need to modify this location. You should not normally need to set this at all. If using Postfix, you probably want to set this to /var/spool/MailScanner/spamassassin and do

--- ../MailScanner-install-4.38.2.orig/docs/man/MailScanner.conf.5.html	Mon Jan 17 15:49:00 2005

--- ../MailScanner-install-4.40.10.old/docs/man/MailScanner.conf.5.html	Fri Apr  1 16:10:19 2005

+++ docs/man/MailScanner.conf.5.html	Mon Jan 17 15:54:10 2005

+++ docs/man/MailScanner.conf.5.html	Fri Apr  1 16:10:40 2005

-<!-- CreationDate: Fri Oct 22 08:13:20 2004 -->

-<!-- CreationDate: Mon Jan 17 15:53:41 2005 -->

+<!-- CreationDate: Mon Jan 17 15:53:41 2005 -->

+<!-- CreationDate: Fri Apr  1 16:08:30 2005 -->

@@ -397,4 +397,5813 @@

@@ -120,13 +120,15 @@

 <td width="3%"></td>

 directories within the MailScanner installation and in the

 <td width="72%">

 section &quot;RULESETS&quot; later in this manpage.</p>

 <!-- INDENTATION -->

-<p>the name of a fi@

-<p>The options are best listed in a few categories. This is

\ No newline at end of file

-also the order in which you will find them in the

+<p>the name of a file containing a list of directory names,

-MailScanner.conf file. If this list looks very large then

+which can in turn contain wildcards.</p>

-don’t worry, the supplied MailScanner.conf file (or

+</td>

-MailScanner.conf.sample) contains sensible defaults for all

+</table>

-the values. You will probably only need to change a very few

+<!-- INDENTATION -->

-of them to start with.</p>

+<table width="100%" border=0 rules="none" frame="void"

+<p>The options are best listed in a few categories. If this

+       cols="2" cellspacing="0" cellpadding="0">

+list looks very large then don’t worry, the supplied

+<tr valign="top" align="left">

+MailScanner.conf file (or MailScanner.conf.sample) contains

+<td width="28%"></td>

+sensible defaults for all the values. You will probably only

+<td width="72%">

+need to change a very few of them to start with.</p>

+<p>Example:

+/usr/local/etc/MailScanner/mqueue.in.list.conf</p></td>

+</table>

+<!-- INDENTATION -->

+<table width="100%" border=0 rules="none" frame="void"

+       cols="2" cellspacing="0" cellpadding="0">

+<tr valign="top" align="left">

+<td width="11%"></td>

+<td width="89%">

+<p><b>Outgoing Queue Dir</b></p></td>

+</table>

+<!-- INDENTATION -->

+<table width="100%" border=0 rules="none" frame="void"

+       cols="2" cellspacing="0" cellpadding="0">

+<tr valign="top" align="left">

+<td width="22%"></td>

+<td width="78%">

+<p>Default: /var/spool/mqueue</p>

+<!-- INDENTATION -->

+<p>Directory in which MailScanner should place scanned

+e−mail messages. This can also be the filename of a

+ruleset.</p>

+</td>

+</table>

+<!-- INDENTATION -->

+<table width="100%" border=0 rules="none" frame="void"

+       cols="2" cellspacing="0" cellpadding="0">

+<tr valign="top" align="left">

+<td width="11%"></td>

+<td width="89%">

+<p><b>Incoming work dir</b></p></td>

+</table>

+<!-- INDENTATION -->

+<table width="100%" border=0 rules="none" frame="void"

+       cols="2" cellspacing="0" cellpadding="0">

+<tr valign="top" align="left">

+<td width="22%"></td>

+<td width="78%">

+<p>Default: /opt/MailScanner/var/incoming<br>

+Default FreeBSD: /var/spool/MailScanner/incoming</p>

+<!-- INDENTATION -->

+<p>Directory in which to temporarily store unpacked MIME

+messages during scanning process.</p>

+</td>

+</table>

+<!-- INDENTATION -->

+<table width="100%" border=0 rules="none" frame="void"

+       cols="2" cellspacing="0" cellpadding="0">

+<tr valign="top" align="left">

+<td width="11%"></td>

+<td width="89%">

+<p><b>Quarantine Dir</b></p></td>

+</table>

+<!-- INDENTATION -->

+<table width="100%" border=0 rules="none" frame="void"

+       cols="2" cellspacing="0" cellpadding="0">

+<tr valign="top" align="left">

+<td width="22%"></td>

+<td width="78%">

+<p>Default: /opt/MailScanner/var/quarantine<br>

+Default FreeBSD: /var/spool/MailScanner/quarantine</p>

+<!-- INDENTATION -->

+<p>Set where to store infected messages and attachments (if

+they are kept). This can also be the filename of a

+ruleset.</p>

+</td>

+</table>

+<!-- INDENTATION -->

+<table width="100%" border=0 rules="none" frame="void"

+       cols="2" cellspacing="0" cellpadding="0">

+<tr valign="top" align="left">

+<td width="11%"></td>

+<td width="89%">

+<p><b>PID file</b></p></td>

+</table>

+<!-- INDENTATION -->

+<table width="100%" border=0 rules="none" frame="void"

+       cols="2" cellspacing="0" cellpadding="0">

+<tr valign="top" align="left">

+<td width="22%"></td>

+<td width="78%">

+<p>Default: /opt/MailScanner/var/MailScanner.pid<br>

+Default FreeBSD: /var/run/MailScanner.pid</p>

+<!-- INDENTATION -->

+<p>Set where to store the process id number so you can stop

+MailScanner. In the FreeBSD port this should remain

+/var/run/MailScanner.pid in order for the start/stop script

+to work.</p>

+</td>

+</table>

+<!-- INDENTATION -->

+<table width="100%" border=0 rules="none" frame="void"

+       cols="2" cellspacing="0" cellpadding="0">

+<tr valign="top" align="left">

+<td width="11%"></td>

+<td width="89%">

+<p><b>Restart Every</b></p></td>

+</table>

+<!-- INDENTATION -->

+<table width="100%" border=0 rules="none" frame="void"

+       cols="2" cellspacing="0" cellpadding="0">

+<tr valign="top" align="left">

+<td width="22%"></td>

+<td width="78%">

+<p>Default: 14400</p>

+<!-- INDENTATION -->

+<p>To avoid resource leaks the MailScanner parent process

+stops and restarts its child processes from time to time.

+Set the amount of seconds each child process is supposed to

+live here.</p>

+</td>

+</table>

+<!-- TABS -->

+<table width="100%" border=0 rules="none" frame="void"

+       cols="5" cellspacing="0" cellpadding="0">

+<tr valign="top" align="left">

+<td width="11%"></td>

+<td width="4%">

+

+<p><b>MTA</b></p>

+</td>

+<td width="7%"></td>

+<td width="26%">

+

+<p>Default: sendmail</p>

+</td>

+<td width="52%">

+</td>

+</table>

+<!-- INDENTATION -->

+<table width="100%" border=0 rules="none" frame="void"

+       cols="2" cellspacing="0" cellpadding="0">

+<tr valign="top" align="left">

+<td width="22%"></td>

+<td width="78%">

+<p>MailScanner works with sendmail and exim. Since the queue

+handling differs a bit, you have to tell MailScanner which

+MTA you are using. Valid options are sendmail and exim.</p>

+</td>

+</table>

+<!-- INDENTATION -->

+<table width="100%" border=0 rules="none" frame="void"

+       cols="2" cellspacing="0" cellpadding="0">

+<tr valign="top" align="left">

+<td width="11%"></td>

+<td width="89%">

+<p><b>Sendmail</b></p></td>

+</table>

+<!-- INDENTATION -->

+<table width="100%" border=0 rules="none" frame="void"

+       cols="2" cellspacing="0" cellpadding="0">

+<tr valign="top" align="left">

+<td width="22%"></td>

+<td width="78%">

+<p>Default: /usr/lib/sendmail<br>

+Default FreeBSD: /usr/sbin/sendmail</p>

+<!-- INDENTATION -->

+<p>Set how to invoke MTA when sending messages MailScanner

+has created (e.g. to sender/recipient saying "found a

+virus in your message"). This can also be the filename

+of a ruleset.</p>

+</td>

+</table>

+<!-- INDENTATION -->

+<table width="100%" border=0 rules="none" frame="void"

+       cols="2" cellspacing="0" cellpadding="0">

+<tr valign="top" align="left">

+<td width="11%"></td>

+<td width="89%">

+<p><b>Sendmail2</b></p></td>

+</table>

+<!-- INDENTATION -->

+<table width="100%" border=0 rules="none" frame="void"

+       cols="2" cellspacing="0" cellpadding="0">

+<tr valign="top" align="left">

+<td width="22%"></td>

+<td width="78%">

+<p>Default: same value as the Sendmail setting</p>

+<!-- INDENTATION -->

+<p>Sendmail2 is provided for exim users. It is the command

+used to attempt delivery of outgoing cleaned/disinfected

+messages. This is not usually required for sendmail.<br>

+For Exim users this could be: Sendmail2 = /usr/sbin/exim

+&minus;C /usr/local/etc/exim/configure.out</p>

+</td>

+</table>

+<a name="Incoming Work Dir Settings"></a>

+<h2>Incoming Work Dir Settings</h2>

+<!-- INDENTATION -->

+<table width="100%" border=0 rules="none" frame="void"

+       cols="2" cellspacing="0" cellpadding="0">

+<tr valign="top" align="left">

+<td width="11%"></td>

+<td width="89%">

+<p>You should not normally need to touch these settings at

+all, unless you are using ClamAV and need to be able to use

+the external archive unpackers instead of ClamAV’s

+built&minus;in ones.</p>

+</td>

+</table>

+<!-- INDENTATION -->

+<table width="100%" border=0 rules="none" frame="void"

+       cols="2" cellspacing="0" cellpadding="0">

+<tr valign="top" align="left">

+<td width="11%"></td>

+<td width="89%">

+<p><b>Incoming Work User</b></p></td>

+</table>

+<!-- INDENTATION -->

+<table width="100%" border=0 rules="none" frame="void"

+       cols="2" cellspacing="0" cellpadding="0">

+<tr valign="top" align="left">

+<td width="22%"></td>

+<td width="78%">

+<p>Default:</p>

+<!-- INDENTATION -->

+<p>If you want to create the temporary working files so they

+are owned by a user other than the "Run As User"

+setting, you can change that here. Note: If the "Run As

+User" is not "root" then you cannot change

+the user but may still be able to change the group, if the

+"Run As User" is a member of both of the groups

+"Run As Group" and "Incoming Work

+Group&quot;.</p>

+</td>

+</table>

+<!-- INDENTATION -->

+<table width="100%" border=0 rules="none" frame="void"

+       cols="2" cellspacing="0" cellpadding="0">

+<tr valign="top" align="left">

+<td width="11%"></td>

+<td width="89%">

+<p><b>Incoming Work Group</b></p></td>

+</table>

+<!-- INDENTATION -->

+<table width="100%" border=0 rules="none" frame="void"

+       cols="2" cellspacing="0" cellpadding="0">

+<tr valign="top" align="left">

+<td width="22%"></td>

+<td width="78%">

+<p>Default:</p>

+<!-- INDENTATION -->

+<p>If you want to create the temporary working files so they

+are owned by a group other than the "Run As User"

+setting, you can change that here. Note: If the "Run As

+User" is not "root" then you cannot change

+the user but may still be able to change the group, if the

+"Run As User" is a member of both of the groups

+"Run As Group" and "Incoming Work

+Group&quot;.</p>

+</td>

+</table>

+<!-- INDENTATION -->

+<table width="100%" border=0 rules="none" frame="void"

+       cols="2" cellspacing="0" cellpadding="0">

+<tr valign="top" align="left">

+<td width="11%"></td>

+<td width="89%">

+<p><b>Incoming Work Permissions</b></p></td>

+</table>

+<!-- INDENTATION -->

+<table width="100%" border=0 rules="none" frame="void"

+       cols="2" cellspacing="0" cellpadding="0">

+<tr valign="top" align="left">

+<td width="22%"></td>

+<td width="78%">

+<p>Default: 0600</p>

+<!-- INDENTATION -->

+<p>If you want processes running under the same *group* as

+MailScanner to be able to read the working files (and list

+what is in the directories, of course), set to 0640. If you

+want *all* other users to be able to read them, set to 0644.

+For a detailed description, if you’re not already

+familiar with it, refer to ‘man 2 chmod‘.

+Typical use: external helper programs of virus scanners

+(notably ClamAV), like unpackers. Use with care, you may

+well open security holes.</p>

+</td>

+</table>

+<a name="Quarantine and Archive Settings"></a>

+<h2>Quarantine and Archive Settings</h2>

+<table width="100%" border=0 rules="none" frame="void"

+<p>Starting with version 4.40.10 of MailScanner you can use

+       cols="2" cellspacing="0" cellpadding="0">

+shell environment variables such as $HOSTNAME or ${HOSTNAME}

+<tr valign="top" align="left">

+in MailScanner.conf and its relatives.</p>

+<td width="11%"></td>

 <!-- INDENTATION -->

+<td width="89%">

 <p>You should define the following variables:</p>

+<p>If, for example, you are using a web interface so that

 </td>

+users can manage their quarantined files, you might want to

@@ -220,6 +222,54 @@

+change the ownership and permissions of the quarantined so

 headers.</p>

+that they can be read and/or deleted by the web server.

 </td>

+Don’t touch this unless you know what you are

 </table>

+doing!</p>

+</td>

+</table>

+<p><b>Quarantine User</b></p></td>

+<p><b>%org&minus;long&minus;name%</b></p></td>

+<p>Default:</p>

+<p>Default: Your Organisation Name Here</p>

+<p>If you want to create the quarantine/archive so the files

+<p>Enter the full name of your organisation below, this is

+are owned by a user other than the "Run As User"

+used in the signature placed at the bottom of report

+setting at the top of this file, you can change that here.

+messages sent by MailScanner. It can include pretty much any

+Note: If the "Run As User" is not "root"

+text you like. You can make the result span several lines by

+then you cannot change the user but may still be able to

+including "0 sequences in the text. These will be

+change the group, if the "Run As User" is a member

+replaced by line&minus;breaks.</p>

+of both of the groups "Run As Group" and

+&quot;Quarantine Group&quot;.</p>

+<p><b>Quarantine Group</b></p></td>

+<p><b>%web&minus;site%</b></p></td>

+<p>Default:</p>

+<p>Default: www.your&minus;organisation.com</p>

+<p>If you want to create the quarantine/archive so the files

+<p>Enter the location of your organisation&rsquo;s web site

+are owned by a user other than the "Run As User"

+below. This is used in the signature placed at the bottom of

+setting at the top of this file, you can change that here.

+report messages sent by MailScanner. It should preferably be

+Note: If the "Run As User" is not "root"

+the location of a page that you have written explaining why

+then you cannot change the user but may still be able to

+you might have rejected the mail and what the recipient

+change the group, if the "Run As User" is a member

+and/or sender should do about it.</p>

+of both of the groups "Run As Group" and

+&quot;Quarantine Group&quot;.</p>

+<!-- INDENTATION -->

 <a name="System Settings"></a>

+<table width="100%" border=0 rules="none" frame="void"

 <h2>System Settings</h2>

+       cols="2" cellspacing="0" cellpadding="0">

 <!-- INDENTATION -->

+<tr valign="top" align="left">

@@ -1071,6 +1121,54 @@

+<td width="11%"></td>

 <tr valign="top" align="left">

+<td width="89%">

 <td width="11%"></td>

+<p><b>Quarantine Permissions</b></p></td>

 <td width="89%">

+<p><b>Unrar Command</b></p></td>

+<p>Default: 0600</p>

+<p>Default: /usr/bin/unrar</p>

+<p>If you want processes running under the same *group* as

+<p>Where the &quot;unrar&quot; command is installed. If you

+MailScanner to be able to read the quarantined files (and

+haven’t got this command, look at www.rarlab.com. This

+list what is in the directories, of course), set to 0640. If

+is used for unpacking rar archives so that the contents can

+you want *all* other users to be able to read them, set to

+be checked for banned filenames and filetypes, and also that

+0644. For a detailed description, if you’re not

+the archive can be tested to see if it is

+already familiar with it, refer to ‘man 2

+password−protected. Virus scanning the contents of rar

+chmod‘. Typical use: let the webserver have access to

+archives is still left to the virus scanner, with one

+the files so users can download them if they really want to.

+exception: If using the clavavmodule virus scanner, this

+Use with care, you may well open security holes.</p>

+adds external RAR checking to that scanner which is needed

+for archives which are RAR version 3.</p>

+<p><b>Max Unscanned Bytes Per Scan</b></p></td>

+<p><b>Unrar Timeout</b></p></td>

+<p>Default: 100000000</p>

+<p>Default: 50</p>

+<!-- INDENTATION -->

+<p>MailScanner handles messages in batches for efficiency.

+Messages are gathered (in strict date order) from the

+incoming queue directory, one at a time, until this or one

+of the following three limits is reached or the queue is

+empty.</p>

+<p>This setting limits the total size of messages per batch

+<p>The maximum length of time the &quot;unrar&quot; command

+for which no scanning is done (i.e. Virus Scanning =

+is allowed to run for 1 RAR archive (in seconds)</p>

+no).</p>

+<p><b>Max Unsafe Bytes per Scan</b></p></td>

 <p><b>Block Encrypted Messages</b></p></td>

+</table>

 </table>

+<!-- INDENTATION -->

 <!-- INDENTATION -->

+<table width="100%" border=0 rules="none" frame="void"

@@ -1638,6 +1736,90 @@

+       cols="2" cellspacing="0" cellpadding="0">

 scanner, not the &quot;clamav&quot; scanner setting.</p>

+<tr valign="top" align="left">

 </td>

+<td width="22%"></td>

 </table>

+<td width="78%">

+<p>Default: 50000000</p>

+<!-- INDENTATION -->

+<p>This setting limits the total size of messages per batch

+for which scanning is done (i.e. Virus Scanning = yes).</p>

+</td>

+</table>

+<p><b>Max Unscanned Messages Per Scan</b></p></td>

+<p><b>ClamAVmodule Maximum Recursion Level</b></p></td>

+<p>Default: 100</p>

+<p>Default: 5</p>

+<p>This setting limits the total number of messages per

+<p>ClamAVModule only: The maximum recursion level of

+batch for which no scanning is done (i.e. Virus Scanning =

+archives. This setting *cannot* be the filename of a

+no).</p>

+ruleset, only a simple number.</p>

+<p><b>Max Unsafe Messages per Scan</b></p></td>

+<p><b>ClamAVmodule Maximum Files</b></p></td>

+<p>This setting limits the total number of messages per

+<p>ClamAVModule only: The maximum number of files per batch.

+batch for which scanning is done (i.e. Virus Scanning =

+This setting *cannot* be the filename of a ruleset, only a

+yes).</p>

+simple number.</p>

+</td>

+</table>

+<!-- INDENTATION -->

+<table width="100%" border=0 rules="none" frame="void"

+       cols="2" cellspacing="0" cellpadding="0">

+<tr valign="top" align="left">

+<td width="11%"></td>

+<td width="89%">

+<p><b>Max Normal Queue Size</b></p></td>

+</table>

+<!-- INDENTATION -->

+<table width="100%" border=0 rules="none" frame="void"

+       cols="2" cellspacing="0" cellpadding="0">

+<tr valign="top" align="left">

+<td width="22%"></td>

+<td width="78%">

+<p>Default: 1000</p>

+<!-- INDENTATION -->

+<p>If more messages are found in the queue than this, then

+switch to an "accelerated" mode of processing

+messages. This will cause it to stop scanning messages in

+strict date order, but in the order it finds them in the

+queue. If your queue is bigger than this size a lot of the

+time, then some messages could be greatly delayed. So treat

+this option as &quot;in emergency only&quot;.</p>

+<p><b>Maximum Attachments Per Message</b></p></td>

+<p><b>ClamAVmodule Maximum File Size</b></p></td>

+<p>Default: 200</p>

+<p>Default: 10000000</p>

+<p>The maximum number of attachments allowed in a message

+<p>ClamAVModule only: The maximum file of each file (Default

+before it is considered to be an error. Some email systems,

+= 10MB). This setting *cannot* be the filename of a ruleset,

+if bouncing a message between 2 addresses repeatedly, add

+only a simple number.</p>

+information about each bounce as an attachment, creating a

+message with thousands of attachments in just a few minutes.

+This can slow down or even stop MailScanner as it uses all

+available memory to unpack these thousands of attachments.

+This can also be the filename of a ruleset.</p>

+<p><b>Expand TNEF</b></p></td>

+<p>ClamAVmodule Maximum Compression Ratio</p></td>

+<p>Default: yes</p>

+<p>Default: 250</p>

+<p>TNEF is primarily used by Microsoft programs such as

+<p>ClamAVModule only: The maximum compression ration of

+Outlook and Outlook Express when mails are formatted/sent in

+archives. This setting *cannot* be the filename of a

+Rich−Text−Format. Attachments are all put

+ruleset, only a simple number.</p>

+together in one WINMAIL.DAT file.</p>

+<!-- INDENTATION -->

+<p>Should we use a TNEF decoder (external or Perl module)?

+This should be "yes" unless the scanner you are

+using (Sophos, McAfee) has the facility built−in.

+However, if you set it to "no", then the filenames

+within the TNEF attachment will not be checked against the

+filename rules.</p>

+<!-- INDENTATION -->

 <a name="Removing/Logging dangerous or potentially offensive content"></a>

+<table width="100%" border=0 rules="none" frame="void"

 <h2>Removing/Logging dangerous or potentially offensive content</h2>

+       cols="2" cellspacing="0" cellpadding="0">

 <!-- INDENTATION -->

+<tr valign="top" align="left">

@@ -1761,6 +1943,33 @@

+<td width="11%"></td>

 <tr valign="top" align="left">

+<td width="89%">

 <td width="11%"></td>

+<p><b>Deliver Unparsable TNEF</b></p></td>

 <td width="89%">

+<p><b>Phishing Safe Sites File</b></p></td>

+<p>Default: no</p>

+<p>Default: %etc&minus;dir%/phishing.safe.sites.conf</p>

+<p>Rich Text format attachments produced by some versions of

+<p>There are some companies, such as banks, that insist on

+Microsoft Outlook cannot be completely decoded at present.

+sending out email messages with links in them that are

+Setting this option to yes allows compatibility with the

+caught by the "Find Phishing Fraud" test described

+behaviour of earlier versions where these attachments were

+above. This is the name of a file which contains a list of

+still delivered. This would introduce the slight chance of a

+link destinations which should be ignored in the test. This

+virus getting through in the segment of the attachment that

+may, for example, contain the known websites of some banks.

+could not be decoded, but the setting may be necessary if

+See the file itself for more information. This can only be

+you have a large number of Microsoft Outlook users who are

+the name of the file containing the list, it *cannot* be the

+troubled by the new behaviour.</p>

+filename of a ruleset.</p>

+<p><b>TNEF Expander</b></p></td>

 <p><b>Allow IFrame Tags</b></p></td>

+</table>

 </table>

+<!-- INDENTATION -->

 <!-- INDENTATION -->

+<table width="100%" border=0 rules="none" frame="void"

@@ -5122,6 +5331,28 @@

+       cols="2" cellspacing="0" cellpadding="0">

 <p>Log all occurrences of &quot;Silent Viruses&quot; as

+<tr valign="top" align="left">

 defined above? This can only be a simple yes/no value, not a

+<td width="22%"></td>

 ruleset.</p>

+<td width="78%">

+<p>Default: /opt/MailScanner/bin/tnef<br>

+Default FreeBSD: /usr/local/bin/tnef</p>

+<!-- INDENTATION -->

+<p>Full pathname giving location of the MS&minus;TNEF

+expander/decoder program, or the keyword internal which will

+force use of the optional Perl Convert::TNEF module instead

+of the external program.</p>

+<p><b>TNEF Timeout</b></p></td>

+<p><b>Log Dangerous HTML Tags</b></p></td>

+<p>Default: 120</p>

+<p>Default: no<br>

+<!-- INDENTATION -->

+Log all occurrences of HTML tags found in messages, that can

+<p>The maximum length of time (in seconds) the TNEF Expander

+be blocked. This will help you build up your whitelist of

+is allowed to run for diassembling one attachment.</p>

+message sources for which particular HTML tags should be

+</td>

+allowed, such as mail from newsletters and daily cartoon

+</table>

+strips. This can also be the filename of a ruleset.</p>

+<!-- INDENTATION -->

 </td>

+<table width="100%" border=0 rules="none" frame="void"

 </table>

+       cols="2" cellspacing="0" cellpadding="0">

 <a name="Advanced SpamAssassin Settings"></a>

+<tr valign="top" align="left">

+<td width="11%"></td>

+<td width="89%">

+<p><b>File Command</b></p></td>

+</table>

+<!-- INDENTATION -->

+<table width="100%" border=0 rules="none" frame="void"

+       cols="2" cellspacing="0" cellpadding="0">

+<tr valign="top" align="left">

+<td width="22%"></td>

+<td width="78%">

+<p>Default: /usr/bin/file</p>

+<!-- INDENTATION -->

+<p>Where the &quot;file&quot; command is installed. This is

+used for checking the content type of files, regardless of

+their filename. To disable Filetype checking, set this value

+to blank.</p>

+</td>

+</table>

+<!-- INDENTATION -->

+<table width="100%" border=0 rules="none" frame="void"

+       cols="2" cellspacing="0" cellpadding="0">

+<tr valign="top" align="left">

+<td width="11%"></td>

+<td width="89%">

+<p><b>File Timeout</b></p></td>

+</table>

+<!-- INDENTATION -->

+<table width="100%" border=0 rules="none" frame="void"

+       cols="2" cellspacing="0" cellpadding="0">

+<tr valign="top" align="left">

+<td width="22%"></td>

+<td width="78%">

+<p>Default: 20</p>

+<!-- INDENTATION -->

+<p>The maximum length of time the &quot;file&quot; command

+is allowed to run for one batch of messages (in

+seconds).</p>

+</td>

+</table>

+<!-- INDENTATION -->

+<table width="100%" border=0 rules="none" frame="void"

+       cols="2" cellspacing="0" cellpadding="0">

+<tr valign="top" align="left">

+<td width="11%"></td>

+<td width="89%">

+<p><b>Block Encrypted Messages</b></p></td>

+</table>

+<!-- INDENTATION -->

+<table width="100%" border=0 rules="none" frame="void"

+       cols="2" cellspacing="0" cellpadding="0">

+<tr valign="top" align="left">

+<td width="22%"></td>

+<td width="78%">

+<p>Default: no</p>

+<!-- INDENTATION -->

+<p>This is inteded for use with a ruleset to ensure that

+none of your users is covertly mailing sites with which you

+would not normally communicate (e.g. your competitors). If

+this is set to yes (or the ruleset evaluates to yes)

+encrypted messages are blocked.</p>

+</td>

+</table>

+<!-- INDENTATION -->

+<table width="100%" border=0 rules="none" frame="void"

+       cols="2" cellspacing="0" cellpadding="0">

+<tr valign="top" align="left">

+<td width="11%"></td>

+<td width="89%">

+<p><b>Block Unencrypted Messages</b></p></td>

+</table>

+<!-- INDENTATION -->

+<table width="100%" border=0 rules="none" frame="void"

+       cols="2" cellspacing="0" cellpadding="0">

+<tr valign="top" align="left">

+<td width="22%"></td>

+<td width="78%">

+<p>Default: no</p>

+<!-- INDENTATION -->

+<p>This is intended for use with a ruleset to ensure that

+mail is always encrypted before being sent. This could be

+used to ensure that mail to your business partners is sent

+securely.</p>

+</td>

+</table>

+<!-- INDENTATION -->

+<table width="100%" border=0 rules="none" frame="void"

+       cols="2" cellspacing="0" cellpadding="0">

+<tr valign="top" align="left">

+<td width="11%"></td>

+<td width="89%">

+<p><b>Allow Password&minus;Protected Archives</b></p></td>

+</table>

+<!-- INDENTATION -->

+<table width="100%" border=0 rules="none" frame="void"

+       cols="2" cellspacing="0" cellpadding="0">

+<tr valign="top" align="left">

+<td width="22%"></td>

+<td width="78%">

+<p>Default: no</p>

+<!-- INDENTATION -->

+<p>Should archives which contain any

+password−protected files be allowed? Leaving this set

+to "no" is a good way of protecting against all

+the protected zip files used by viruses at the moment. This

+can also be the filename of a ruleset.</p>

+</td>

+</table>

+<!-- INDENTATION -->

+<table width="100%" border=0 rules="none" frame="void"

+       cols="2" cellspacing="0" cellpadding="0">

+<tr valign="top" align="left">

+<td width="11%"></td>

+<td width="89%">

+<p><b>Maximum Message Size</b></p></td>

+</table>

+<!-- INDENTATION -->

+<table width="100%" border=0 rules="none" frame="void"

+       cols="2" cellspacing="0" cellpadding="0">

+<tr valign="top" align="left">

+<td width="22%"></td>

+<td width="78%">

+<p>Default: 0</p>

+<!-- INDENTATION -->

+<p>The maximum size, in bytes, of any message including the

+headers. If this is set to zero, then no size checking is

+done. This can also be the filename of a ruleset, so you can

+have different settings for different users. You might want

+to set this quite small for dialup users so their email

+applications don’t time out downloading huge

+messages.</p>

+</td>

+</table>

+<!-- INDENTATION -->

+<table width="100%" border=0 rules="none" frame="void"

+       cols="2" cellspacing="0" cellpadding="0">

+<tr valign="top" align="left">

+<td width="11%"></td>

+<td width="89%">

+<p><b>Maximum Attachment Size</b></p></td>

+</table>

+<!-- INDENTATION -->

+<table width="100%" border=0 rules="none" frame="void"

+       cols="2" cellspacing="0" cellpadding="0">

+<tr valign="top" align="left">

+<td width="22%"></td>

+<td width="78%">

+<p>Default: &minus;1</p>

+<!-- INDENTATION -->

+<p>The maximum size, in bytes, of any attachment in a

+message. If this is set to zero, effectively no attachments

+are allowed. If this is set less than zero, then no size

+checking is done. This can also be the filename of a

+ruleset, so you can have different settings for different

+users. You might want to set this quite small for large

+mailing lists so they don’t get deluged by large

+attachments.</p>

+</td>

+</table>

+<!-- INDENTATION -->

+<table width="100%" border=0 rules="none" frame="void"

+       cols="2" cellspacing="0" cellpadding="0">

+<tr valign="top" align="left">

+<td width="11%"></td>

+<td width="89%">

+<p><b>Maximum Archive Depth</b></p></td>

+</table>

+<!-- INDENTATION -->

+<table width="100%" border=0 rules="none" frame="void"

+       cols="2" cellspacing="0" cellpadding="0">

+<tr valign="top" align="left">

+<td width="22%"></td>

+<td width="78%">

+<p>Default: 3</p>

+<!-- INDENTATION -->

+<p>The maximum depth to which zip archives will be unpacked

+to allow for checking filenames and filetypes within zip

+archives. Setting this to 0 will disable

+filename/−type checks within zip files while still

+allowing to block password protected zip files.</p>

+</td>

+</table>

+<!-- INDENTATION -->

+<table width="100%" border=0 rules="none" frame="void"

+       cols="2" cellspacing="0" cellpadding="0">

+<tr valign="top" align="left">

+<td width="11%"></td>

+<td width="89%">

+<p><b>Find Archives By Content</b></p></td>

+</table>

+<!-- INDENTATION -->

+<table width="100%" border=0 rules="none" frame="void"

+       cols="2" cellspacing="0" cellpadding="0">

+<tr valign="top" align="left">

+<td width="22%"></td>

+<td width="78%">

+<p>Default: yes</p>

+<!-- INDENTATION -->

+<p>Find zip archives by filename or by file contents?

+Finding them by content is a far more reliable way of

+finding them, but it does mean that you cannot tell your

+users to avoid zip file checking by renaming the file from

+".zip" to "_zip" and tricks like that.

+Only set this to no (i.e. check by filename only) if you

+don’t want to reliably check the contents of zip

+files. Note this does not affect virus checking, but it will

+affect all the other checks done on the contents of the zip

+file. This can also be the filename of a ruleset.</p>

+</td>

+</table>

+<a name="Options specific to Sophos Anti-Virus"></a>

+<h2>Options specific to Sophos Anti-Virus</h2>

+<!-- INDENTATION -->

+<table width="100%" border=0 rules="none" frame="void"

+       cols="2" cellspacing="0" cellpadding="0">

+<tr valign="top" align="left">

+<td width="11%"></td>

+<td width="89%">

+<p><b>Allowed Sophos Error Messages</b></p></td>

+</table>

+<!-- INDENTATION -->

+<table width="100%" border=0 rules="none" frame="void"

+       cols="2" cellspacing="0" cellpadding="0">

+<tr valign="top" align="left">

+<td width="22%"></td>

+<td width="78%">

+<p>Default:</p>

+<!-- INDENTATION -->

+<p>Anything on the next line that appears in brackets at the

+end of a line of output from Sophos will cause the

+error/infection to be ignored. Use of this option is

+dangerous, and should only be used if you are having trouble

+with lots of corrupt PDF files, for example. This option

+allows for multiple strings as well. In this case, the

+strings should be put in double quotes (") and each

+string separated with commas. Examples:<br>

+Allowed Sophos Error Messages = corrupt format not

+supported<br>

+Allowed Sophos Error Messages = "corrupt",

+&quot;format not supported&quot;</p>

+<!-- INDENTATION -->

+<p>The first version will match &quot;corrupt format not

+supported" only. The second version will match

+"corrupt" and "format not

+supported&quot;.</p>

+</td>

+</table>

+<!-- INDENTATION -->

+<table width="100%" border=0 rules="none" frame="void"

+       cols="2" cellspacing="0" cellpadding="0">

+<tr valign="top" align="left">

+<td width="11%"></td>

+<td width="89%">

+<p><b>Sophos IDE Dir</b></p></td>

+</table>

+<!-- INDENTATION -->

+<table width="100%" border=0 rules="none" frame="void"

+       cols="2" cellspacing="0" cellpadding="0">

+<tr valign="top" align="left">

+<td width="22%"></td>

+<td width="78%">

+<p>Default: /usr/local/Sophos/ide</p>

+<!-- INDENTATION -->

+<p>The directory (or a link to it) containing all the Sophos

+*.ide files. This is only used by the "sophossavi"

+virus scanner, and is irrelevant for all other scanners.</p>

+</td>

+</table>

+<!-- INDENTATION -->

+<table width="100%" border=0 rules="none" frame="void"

+       cols="2" cellspacing="0" cellpadding="0">

+<tr valign="top" align="left">

+<td width="11%"></td>

+<td width="89%">

+<p><b>Sophos Lib Dir</b></p></td>

+</table>

+<!-- INDENTATION -->

+<table width="100%" border=0 rules="none" frame="void"

+       cols="2" cellspacing="0" cellpadding="0">

+<tr valign="top" align="left">

+<td width="22%"></td>

+<td width="78%">

+<p>Default: /usr/local/Sophos/lib</p>

+<!-- INDENTATION -->

+<p>The directory (or a link to it) containing all the Sophos

+*.so libraries.This is only used by the

+"sophossavi" virus scanner, and is irrelevant for

+all other scanners.</p>

+</td>

+</table>

+<!-- INDENTATION -->

+<table width="100%" border=0 rules="none" frame="void"

+       cols="2" cellspacing="0" cellpadding="0">

+<tr valign="top" align="left">

+<td width="11%"></td>

+<td width="89%">

+<p><b>Monitors For Sophos Updates</b></p></td>

+</table>

+<!-- INDENTATION -->

+<table width="100%" border=0 rules="none" frame="void"

+       cols="2" cellspacing="0" cellpadding="0">

+<tr valign="top" align="left">

+<td width="22%"></td>

+<td width="78%">

+<p>Default: /usr/local/Sophos/ide/*ides.zip</p>

+<!-- INDENTATION -->

+<p>SophosSAVI only: monitor each of these files for changes

+in size to detect when a Sophos update has happened. The

+date of the Sophos Lib Dir is also monitored. This is only

+used by the "sophossavi" virus scanner, not the

+&quot;sophos&quot; scanner setting.</p>

+</td>

+</table>

+<a name="Virus scanning and vulnerability testing"></a>

+<h2>Virus scanning and vulnerability testing</h2>

+<!-- INDENTATION -->

+<table width="100%" border=0 rules="none" frame="void"

+       cols="2" cellspacing="0" cellpadding="0">

+<tr valign="top" align="left">

+<td width="11%"></td>

+<td width="89%">

+<p><b>Virus Scanning</b></p></td>

+</table>

+<!-- INDENTATION -->

+<table width="100%" border=0 rules="none" frame="void"

+       cols="2" cellspacing="0" cellpadding="0">

+<tr valign="top" align="left">

+<td width="22%"></td>

+<td width="78%">

+<p>Default: yes</p>

+<!-- INDENTATION -->

+<p>Do you want to scan email for viruses? A few people

+don’t have virus scanner licence and so want to

+disable all the virus scanning.<br>

+NOTE: Switching this to no completely disables all

+virus−scanning functionality. If you just want to

+switch of actual virus scanning, then set "Virus

+Scanners = none&quot; instead.<br>

+If you want to be able to switch scanning on/off for

+different users or different domains, set this to the

+filename of a ruleset.</p>

+</td>

+</table>

+<!-- INDENTATION -->

+<table width="100%" border=0 rules="none" frame="void"

+       cols="2" cellspacing="0" cellpadding="0">

+<tr valign="top" align="left">

+<td width="11%"></td>

+<td width="89%">

+<p><b>Virus Scanners</b></p></td>

+</table>

+<!-- INDENTATION -->

+<table width="100%" border=0 rules="none" frame="void"

+       cols="2" cellspacing="0" cellpadding="0">

+<tr valign="top" align="left">

+<td width="22%"></td>

+<td width="78%">

+<p>Default: none</p>

+<!-- INDENTATION -->

+<p>Which Virus Scanning package to use. Possible choices are

+sophos, sophossavi, mcafee, command, bitdefender, kaspersky,

+kaspersky−4.5, kavdaemonclient, inoculate, inoculan,

+nod32, nod32−1.99, f−secure, f−prot,

+panda, rav, antivir, clamav, clamavmodule, css, trend,

+norman, avg, vexira, symscanengine, generic, none (no virus

+scanning at all). This *cannot* be the filename of a

+ruleset.</p>

+<!-- INDENTATION -->

+<p>Note for McAfee users: Do NOT use any symlinks with

+McAfee at all. It is very strange but McAfee may not detect

+all viruses when started from a symlink or scanning a

+directory path including symlinks.</p>

+<!-- INDENTATION -->

+<p>Note: If you want to use multiple virus scanners, then

+this should be a space−separated list of virus

+scanners.</p>

+<!-- INDENTATION -->

+<p>Note: Make sure that you check that the base installation

+directory in the 3rd column of virus.scanners.conf matches

+the location you have installed each of your virus scanners.

+The supplied virus.scanners.conf file assumes the default

+installation locations recommended by each of the virus

+scanner installation guides.</p>

+</td>

+</table>

+<!-- INDENTATION -->

+<table width="100%" border=0 rules="none" frame="void"

+       cols="2" cellspacing="0" cellpadding="0">

+<tr valign="top" align="left">

+<td width="11%"></td>

+<td width="89%">

+<p><b>Virus Scanner Timeout</b></p></td>

+</table>

+<!-- INDENTATION -->

+<table width="100%" border=0 rules="none" frame="void"

+       cols="2" cellspacing="0" cellpadding="0">

+<tr valign="top" align="left">

+<td width="22%"></td>

+<td width="78%">

+<p>Default: 300</p>

+<!-- INDENTATION -->

+<p>The maximum time (in seconds) that the cirus scanner is

+allowed to take to scan one batch of messages.</p>

+</td>

+</table>

+<!-- INDENTATION -->

+<table width="100%" border=0 rules="none" frame="void"

+       cols="2" cellspacing="0" cellpadding="0">

+<tr valign="top" align="left">

+<td width="11%"></td>

+<td width="89%">

+<p><b>Deliver Disinfected Files</b></p></td>

+</table>

+<!-- INDENTATION -->

+<table width="100%" border=0 rules="none" frame="void"

+       cols="2" cellspacing="0" cellpadding="0">

+<tr valign="top" align="left">

+<td width="22%"></td>

+<td width="78%">

+<p>Default: yes</p>

+<!-- INDENTATION -->

+<p>Should infected attached documents be automatically

+disinfected and sent on to the original recipients? Less

+than 1% of viruses in the wild can be successfully

+disinfected,as macro viruses are now a rare occurrence. So

+the default has been changed to "no" as it gives a

+significant performance improvement.</p>

+</td>

+</table>

+<!-- INDENTATION -->

+<table width="100%" border=0 rules="none" frame="void"

+       cols="2" cellspacing="0" cellpadding="0">

+<tr valign="top" align="left">

+<td width="11%"></td>

+<td width="89%">

+<p><b>Silent Viruses</b></p></td>

+</table>

+<!-- INDENTATION -->

+<table width="100%" border=0 rules="none" frame="void"

+       cols="2" cellspacing="0" cellpadding="0">

+<tr valign="top" align="left">

+<td width="22%"></td>

+<td width="78%">

+<p>Default: HTML&minus;IFrame All&minus;Viruses</p>

+<!-- INDENTATION -->

+<p>Messages whose virus reports contain any of the words

+listed here will be treated as "silent" viruses.

+No messages will be sent back to the senders of these

+viruses, and the delivery to the recipient of the message

+can be controlled by the next option "Still Deliver

+Silent Viruses". This is primarily designed for viruses

+such as "Klez" and "Bugbear" which put

+fake addresses on messages they send, so there is no point

+informing the sender of the message, as it won’t

+actually be them who sent it anyway. Other words that can be

+put in this list are the 5 special keywords</p>

+</td>

+</table>

+<!-- TABS -->

+<table width="100%" border=0 rules="none" frame="void"

+       cols="4" cellspacing="0" cellpadding="0">

+<tr valign="top" align="left">

+<td width="22%"></td>

+<td width="1%">

+

+<p>&bull;</p>

+</td>

+<td width="5%"></td>

+<td width="72%">

+

+<p>HTML&minus;IFrame: inserting this will stop senders

+being warned about HTML Iframe tags, when they are not

+allowed.</p>

+</td>

+<tr valign="top" align="left">

+<td width="22%"></td>

+<td width="1%">

+

+<p>&bull;</p>

+</td>

+<td width="5%"></td>

+<td width="72%">

+

+<p>HTML&minus;Codebase: inserting this will stop senders

+being warned about HTML Object Codebase tags, when they are

+not allowed.</p>

+</td>

+<tr valign="top" align="left">

+<td width="22%"></td>

+<td width="1%">

+

+<p>&bull;</p>

+</td>

+<td width="5%"></td>

+<td width="72%">

+

+<p>Zip&minus;Password: inserting this will stop senders

+being warned about password−protected zip files when

+they are not allowd. This keyword is not needed if you

+include All&minus;Viruses.</p>

+</td>

+<tr valign="top" align="left">

+<td width="22%"></td>

+<td width="1%">

+

+<p>&bull;</p>

+</td>

+<td width="5%"></td>

+<td width="72%">

+

+<p>All&minus;Viruses: inserting this will stop senders

+being warned about any virus, while still allowing you to

+warn senders about HTML−based attacks. This includes

+Zip−Password so you don’t need to include

+both.</p>

+</td>

+</table>

+<!-- INDENTATION -->

+<table width="100%" border=0 rules="none" frame="void"

+       cols="2" cellspacing="0" cellpadding="0">

+<tr valign="top" align="left">

+<td width="28%"></td>

+<td width="72%">

+<p>The default of &quot;All&minus;Viruses&quot; means that

+no senders of viruses will be notified (as the sender

+address is always forged these days anyway), but anyone who

+sends a message that is blocked for other reasons will still

+be notified.</p></td>

+</table>

+<!-- INDENTATION -->

+<table width="100%" border=0 rules="none" frame="void"

+       cols="2" cellspacing="0" cellpadding="0">

+<tr valign="top" align="left">

+<td width="11%"></td>

+<td width="89%">

+<p><b>Still Deliver Silent Viruses</b></p></td>

+</table>

+<!-- INDENTATION -->

+<table width="100%" border=0 rules="none" frame="void"

+       cols="2" cellspacing="0" cellpadding="0">

+<tr valign="top" align="left">

+<td width="22%"></td>

+<td width="78%">

+<p>Default: no</p>

+<!-- INDENTATION -->

+<p>If this is set to yes then disinfected messsages that

+originally contained one of the "silent" viruses

+will still be delivered to the original recipients, even

+those addresses were chosen at random by the infected PC and

+do not correspond to anything a user intended to send. Set

+this to yes so that your users (and your management)

+appreciate how much MailScanner is doing to protect them,

+but set it to no if they complain a lot about receiving lots

+of virus warnings.</p>

+</td>

+</table>

+<!-- INDENTATION -->

+<table width="100%" border=0 rules="none" frame="void"

+       cols="2" cellspacing="0" cellpadding="0">

+<tr valign="top" align="left">

+<td width="11%"></td>

+<td width="89%">

+<p><b>Non&minus;Forging Viruses</b></p></td>

+</table>

+<!-- INDENTATION -->

+<table width="100%" border=0 rules="none" frame="void"

+       cols="2" cellspacing="0" cellpadding="0">

+<tr valign="top" align="left">

+<td width="22%"></td>

+<td width="78%">

+<p>Default: Joke/ OF97/ WM97/ W97M/</p>

+<!-- INDENTATION -->

+<p>Strings listed here will be searched for in the output of

+the virus scanners. It works to achieve the opposite effect

+of the "Silent Viruses" listed above. If a string

+here is found in the output of the virus scanners, then the

+message will be treated as if it were not infected with a

+"Silent Virus". If a message is detected as both a

+silent virus and a non−forging virus, then the

+non−forging status will override the silent status. In

+simple terms, you should list virus names (or parts of them)

+that you know do *not* forge the From address. A good

+example of this is a document macro virus or a Joke program.

+Another word that can be put in this list is the special

+keyword "Zip−.Password". Inserting this will

+cause senders to be warned about password−protected

+zip files, whey they are not allowed.</p>

+</td>

+</table>

+<a name="Options specific to ClamAV Anti-Virus"></a>

+<h2>Options specific to ClamAV Anti-Virus</h2>

+<!-- INDENTATION -->

+<table width="100%" border=0 rules="none" frame="void"

+       cols="2" cellspacing="0" cellpadding="0">

+<tr valign="top" align="left">

+<td width="11%"></td>

+<td width="89%">

+<p><b>Monitors for ClamAV Updates</b></p></td>

+</table>

+<!-- INDENTATION -->

+<table width="100%" border=0 rules="none" frame="void"

+       cols="2" cellspacing="0" cellpadding="0">

+<tr valign="top" align="left">

+<td width="22%"></td>

+<td width="78%">

+<p>Default: /usr/local/share/clamav/*.cvd</p>

+<!-- INDENTATION -->

+<p>ClamAVModule only: monitor each of these files for

+changes in size to detect when a ClamAV update has happened.

+This is only used by the "clamavmodule" virus

+scanner, not the &quot;clamav&quot; scanner setting.</p>

+</td>

+</table>

+<a name="Removing/Logging dangerous or potentially offensive content"></a>

+<h2>Removing/Logging dangerous or potentially offensive content</h2>

+<!-- INDENTATION -->

+<table width="100%" border=0 rules="none" frame="void"

+       cols="2" cellspacing="0" cellpadding="0">

+<tr valign="top" align="left">

+<td width="11%"></td>

+<td width="89%">

+<p><b>Allow Partial Messages</b></p></td>

+</table>

+<!-- INDENTATION -->

+<table width="100%" border=0 rules="none" frame="void"

+       cols="2" cellspacing="0" cellpadding="0">

+<tr valign="top" align="left">

+<td width="22%"></td>

+<td width="78%">

+<p>Default: no</p>

+<!-- INDENTATION -->

+<p>Do you want to allow partial messages, which only contain

+a fraction of the attachments, not the whole thing? There is

+no way that "partial messages" can be scanned for

+viruses properly, as only a fragment of the message is ever

+processed, never the whole message at once.<br>

+Setting this option to yes is <b>very dangerous</b> as it

+can let viruses in. But you might want to use a ruleset to

+set it for some customers’ outgoing mail, for

+example.</p>

+</td>

+</table>

+<!-- INDENTATION -->

+<table width="100%" border=0 rules="none" frame="void"

+       cols="2" cellspacing="0" cellpadding="0">

+<tr valign="top" align="left">

+<td width="11%"></td>

+<td width="89%">

+<p><b>Allow External Message Bodies</b></p></td>

+</table>