Virus Scanning and Vulnerability Testing

Virus Scanning

Do you want to scan email for viruses? A few people don't have a virus scanner licence and so want to disable all the virus scanning. NOTE: This switch actually switches on/off all processing of the email messages. If you just want to switch off actual virus scanning, then set "Virus Scanners = none" instead.

If you want to be able to switch scanning on/off for different users or different domains, set this to the filename of a ruleset. This can also be the filename of a ruleset.


Virus Scanners

Which Virus Scanning package to use:
sophos from www.sophos.com, or
sophossavi from www.sophos.com, using the SAVI perl module, or
mcafee from www.mcafee.com, or
command from www.command.co.uk, or
kaspersky-4.5 from www.kaspersky.com, or
kaspersky from www.kaspersky.com, or
kavdaemonclient from www.kaspersky.com, or
etrust from http://www3.ca.com/Solutions/Products.asp?ID=156, or
inoculate from www.cai.com/products/inoculateit.htm, or
inoculan from ftp.ca.com/getbbs/linux.eng/inoctar.LINUX.Z, or
nod32 from www.nod32.com, or
nod32-1.99 from www.nod32.com, or
f-secure from www.f-secure.com, or
f-prot from www.f-prot.com, or
panda from www.pandasoftware.com, or
rav from www.ravantivirus.com, or
antivir from www.antivir.de, or
clamav from clamav.elektrapro.com, or
trend from www.trendmicro.com, or
none (no virus scanning at all)

Note for McAfee users: do not use any symlinks with McAfee at all. It is very strange but may not detect all viruses when started from a symlink or scanning a directory path including symlinks.

Note: If you want to use multiple virus scanners, then this should be a space-separated list of virus scanners.
For example: Virus Scanners = sophos f-prot mcafee
Note: Make sure that you check that the base installation directory in the 3rd column of virus.scanners.conf matches the location you have installed each of your virus scanners. The supplied virus.scanners.conf file assumes the default installation locations recommended by each of the virus scanner installation guides.

Virus Scanner Timeout

The maximum length of time the commercial virus scanner is allowed to run for 1 batch of messages (in seconds).

Deliver Disinfected Files

Should I attempt to disinfect infected attachments and then deliver the clean ones. "Disinfection" involves removing viruses from files (such as removing macro viruses from documents). "Cleaning" is the replacement of infected attachments with "VirusWarning.txt" text attachments. This can also be the filename of a ruleset.

Silent Viruses

Strings listed here will be searched for in the output of the virus scanners. It is used to list which viruses should be handled differently from other viruses. If a virus name is given here, then
1) The sender will not be warned that he sent it
2) No attempt at true disinfection will take place (but it will still be "cleaned" by removing the nasty attachments from the message)
3) The recipient will not receive the message, unless the "Still Deliver Silent Viruses" option is set
This can also be the filename of a ruleset


Still Deliver Silent Viruses

Still deliver (after cleaning) messages that contained viruses listed in the above option ("Silent Viruses") to the recipient?
Setting this to "yes" is good because it shows management that MailScanner is protecting them, but it is bad because they have to filter/delete all the incoming virus warnings.
This can also be the filename of a ruleset.

Block Encrypted Messages

Should encrypted messages be blocked? This is useful if you are wary about your users sending encrypted messages to your competition. This can be a ruleset so you can block encrypted message to certain domains.

Block Unencrypted Messages

Should unencrypted messages be blocked? This could be used to ensure all your users send messages outside your company encrypted to avoid snooping of mail to your business partners. This can be a ruleset so you can just check mail to certain users/domains.