Virus Scanning and Vulnerability Testing
Virus Scanning
Do you want to scan email for viruses?
A few people don't have a virus scanner licence and so want to disable all the virus scanning.
NOTE: This switch actually switches on/off all processing of the email messages. If you just want to switch off actual virus scanning, then set "Virus Scanners = none" instead.
If you want to be able to switch scanning on/off for different users or different domains, set this to the filename of a ruleset. This can also be the filename of a ruleset.
Virus Scanners
Which Virus Scanning package to use:
sophos from www.sophos.com, or
sophossavi from www.sophos.com, using the SAVI perl module, or
mcafee from www.mcafee.com, or
command from www.command.co.uk, or
kaspersky-4.5 from www.kaspersky.com, or
kaspersky from www.kaspersky.com, or
kavdaemonclient from www.kaspersky.com, or
etrust from http://www3.ca.com/Solutions/Products.asp?ID=156, or
inoculate from www.cai.com/products/inoculateit.htm, or
inoculan from ftp.ca.com/getbbs/linux.eng/inoctar.LINUX.Z, or
nod32 from www.nod32.com, or
nod32-1.99 from www.nod32.com, or
f-secure from www.f-secure.com, or
f-prot from www.f-prot.com, or
panda from www.pandasoftware.com, or
rav from www.ravantivirus.com, or
antivir from www.antivir.de, or
clamav from clamav.elektrapro.com, or
trend from www.trendmicro.com, or
none (no virus scanning at all)
Note for McAfee users: do not use any symlinks with McAfee at all. It is very strange but may not detect all viruses when started from a symlink or scanning a directory path including symlinks.
Note: If you want to use multiple virus scanners, then this should be a space-separated list of virus scanners.
For example: Virus Scanners = sophos f-prot mcafee
Note: Make sure that you check that the base installation directory in the
3rd column of virus.scanners.conf matches the location you have
installed each of your virus scanners. The supplied
virus.scanners.conf file assumes the default installation locations
recommended by each of the virus scanner installation guides.
Virus Scanner Timeout
The maximum length of time the commercial virus scanner is allowed to run for 1 batch of messages (in seconds).
Deliver Disinfected Files
Should I attempt to disinfect infected attachments and then deliver the clean ones. "Disinfection" involves removing viruses from files (such as removing macro viruses from documents). "Cleaning" is the replacement of infected attachments with "VirusWarning.txt" text attachments.
This can also be the filename of a ruleset.
Silent Viruses
Strings listed here will be searched for in the output of the virus scanners.
It is used to list which viruses should be handled differently from other viruses. If a virus name is given here, then
1) The sender will not be warned that he sent it
2) No attempt at true disinfection will take place (but it will still be "cleaned" by removing the nasty attachments from the message)
3) The recipient will not receive the message, unless the "Still Deliver Silent Viruses" option is set
This can also be the filename of a ruleset
Still Deliver Silent Viruses
Still deliver (after cleaning) messages that contained viruses listed in the above option ("Silent Viruses") to the recipient?
Setting this to "yes" is good because it shows management that MailScanner is protecting them, but it is bad because they have to filter/delete all the incoming virus warnings.
This can also be the filename of a ruleset.
Block Encrypted Messages
Should encrypted messages be blocked?
This is useful if you are wary about your users sending encrypted
messages to your competition.
This can be a ruleset so you can block encrypted message to certain domains.
Block Unencrypted Messages
Should unencrypted messages be blocked?
This could be used to ensure all your users send messages outside your
company encrypted to avoid snooping of mail to your business partners.
This can be a ruleset so you can just check mail to certain users/domains.