clamav-milter - milter compatible mail scanner
SYNOPSIS
clamav-milter [options] socket_address
DESCRIPTION
Clamav-milter is a filter for sendmail(1) mail server. It
uses a mail scanning engine built into clamd(8).
Clamav-milter can, when configured to use communicate to
clamd on other machines, use load balancing and fault tol-
erant techniques to connect to more than one clamd and
seemlessly hot swap to even the load between different
servers and to keep scanning for viruses even when a
server goes down. When it is configured to use clamd on
the the localhost, when the --external flag (see below) is
not given or LocalSocket in set in clamd.conf(5), cla-
mav-milter verifies that it can communicate with clamd; if
it cannot, it terminates.
clamav-milter supports tcpwrappers, the value for dae-
mon_list is "clamav-milter".
The socket_address argument is the socket used to communi-
cate with sendmail(8). It must agree with the entry in
sendmail.cf or sendmail.mc. The file associated with the
socket must be createable by clamav-milter, if the User
option is set in clamd.conf, then that user must have the
rights to create the file.
OPTIONS
-a FROM, --from<=EMAIL>
Source email address of notices. The default is
MAILER-DAEMON. If =EMAIL is not given, thus
--from, then the from address is set to the origi-
nating email address, however since it is likely
that address is forged it must not be relied upon.
-h, --help Output the help information and exit.
-H, --headers
Include all headers in the content of emails gener-
ated by clamav-milter. This is useful for system
administrators who may want to look at headers to
check if any of their machines are infected.
-V, --version
Print the version number and exit.
-c FILE, --config-file=FILE
By default clamav-milter uses a default configura-
tion file, this option allows you to specify
another one.
Enables debugging.
-x n, --debug-level=n
Set the debug level to n (where n from [0..9]) if
clamav-milter was configured and compiled with
--clamav-debug enabled. Will be replaced by
--debug for compatability with other programs in
the suite.
-A, --advisory
When in advisory mode, clamav-milter flags emails
with viruses but still forwards them. The default
option is to stop viruses. This mode is incompati-
ble with --quarantine and --quarantine-dir.
-b, --bounce
Send a failure message to the sender, and to the
postmaster. [ Warning: most viruses and worms fake
their source address, so this option is not recom-
mended ]. See also --noreject.
-B, --broadcast[=<iface>]
When a virus is intercepted, broadcast a UDP mes-
sage to the TCPSocket port set in clamd.conf. If
the optional iface option is given, broadcasts will
be sent on that interface. The default is set by
the opertating system, usually to the first NIC. A
future network management program (yet to be writ-
ten) will intercept these broadcasts to raise a
warning on the operator's desk.
-C, --dont-log-clean
Messages without viruses are usually logged if Sys-
Log is set in clamd.conf since it gives a feel-good
factor. This option turns that off.
-d, --dont-scan-on-error
If a system error occurs pass messages through
unscanned, usually when a system error occurs the
milter raises a temporary failure which generally
causes the message to remain in the queue.
-f, --force-scan
Always scan, whereever the message came from (see
also --local and --outgoing). You probably don't
want this.
-e, --external
Usually clamav-milter scans the emails itself with-
out the use of an external program. The --external
option informs clamav-milter to use an external
program such as clamd(8) running either on the
Socket or TCPSocket is ignored.
-l, --local
Also scan messages sent from LAN. You probably want
this especially if your LAN is populated by
machines running Windows or DOS.
-n, --noxheader
Usually clamav-milter adds headings to messages
that are scanned. The headers are of the form "X-
Virus-Scanned: version", and "X-Virus-Status:
clean/infected/not-scanned". This option instructs
clamav-milter to refrain from adding this heading.
-N, --noreject
When clamav-milter processes an e-mail which con-
tains a virus it rejects the e-mail by using the
SMTP code 550 or 554 depending on the state
machine. This option causes clamav-milter to
silently discard such messages. It is recommended
that system administrators use this option when NOT
using the --bounce option.
-o, --outgoing
Scan messages generated from this machine. You
probably don't need this.
-i, --pidfile=FILE
Notifies clamav-milter to store its process ID in
FILE. The file must be createable by clamav-mil-
ter, if the User option is set in clamd.conf(5),
then that user must have the rights to create the
file.
-p, --postmaster=EMAILADDRESS
Sets the e-mail address to send notifications to
when the --quiet option is not given.
-P, --postmaster-only
When the --quiet option is not given, send a noti-
fication to the postmaster. Setting this flag will
include the ID of the message which can ease
searching through system logs if the administrator
believes it is a locally sourced virus.
-q, --quiet
Don't send any warning messages when a virus or
worm or is detected. This option overrides the
--bounce and --postmaster-only options, and is the
way to turn off notification to the postmaster.
-Q, --quarantine=EMAILADDRESS
-U, --quarantine-dir=DIR
If this option is given, infected files are left in
this directory. The directory must not be publi-
cally readable or writeable, if it is, clamav-mil-
ter will issue an error and fail to start. Note -
this option only works when using LocalSocket.
--server=HOSTNAME/ADDRESS, -s HOSTNAME/ADDRESS
IP address or hostname of server(s) running clamd
(when using TCPsocket). More than one server may
be specified, separating the server's names by
colons. If more than one server is specified, cla-
mav-milter will load balance between the available
servers. All the servers must be up when cla-
mav-milter starts, however afterwards it is fault
tolerant to a server becoming unavailable, and will
only raise an error if all of the servers cannot be
reached. The default value for ADDRESS is
127.0.0.1 (localhost).
--sign, -S
Add a hard-coded signature to each scanned file.
--signature-file, -F
Location of file to be appended to each scanned
message. Overrides -S.
--max-children=n, -m n
Set a hint of the maximum number of children. If
the number is hit the maximum time a pending thread
will be held up is set by --timeout, so the number
of threads can exceed this number for short periods
of time. There is no default, if this argument is
not clamav-milter will spawn as many children as is
necessary up to the MaxThreads limit set in
clamd.conf. When clamav-milter has been built with
SESSION mode this argument is mandatory since it
tells clamav-milter the number of sessions to keep
open to clamd servers. When not built with in SES-
SION mode it is unlikely that you will need this
unless your system is under great load. Note, how-
ever, that the default build is for SESSION to be
disabled.
--dont-wait
Tells clamav-milter what do to if the max-children
number is exceeded. Usually clamav-milter waits
until a child dies or the timeout value has been
exceeded, which ever comes first, however with
dont-wait enabled, clamav-milter will inform the
remote SMTP client to retry later.
File points to a file whose contents is sent as the
warning message whenever a virus is intercepted.
Occurances of %v within the file is replaced with
the message returned from clamd, which includes the
name of the virus. Occurances of %h are replaced
with the message's headers. The %v string can be
escaped thus, \%v, to send the string %v. The %
character can be escaped thus, %%, to send the %
character. Any occurance of strings in dollar
signs are replaced with the appropriate sendmail-
variable, e.g. ${if_addr}$. If the -t option is
not given, clamav-milter defaults to a hardcoded
message. Note that to send warning messages, cla-
mav-milter must be able to execute sendmail.
--timeout=n -T n
Used in conjuction with max-children. If cla-
mav-milter waits for more than n seconds (default
0) it proceeds with scanning. Setting n to zero
will turn off the timeout and clamav-milter will
wait indefinately for the scanning to quit. In
practice the timeout set by sendmail will then take
over.
--detect-forged-local-address -L
When neither --force, --local nor --outgoing is
given, this option intercepts incoming mails that
incorrectly claim to be from the local domain.
--whitelist-file=FILE, -W file
This option specifies a file which contains a list
of e-mail addresses. E-mails sent to these
addresses will NOT be checked. While this is not
an Anti-Virus function, it is quite useful for some
systems. The address given to the --quarantine
directive is always whitelisted.
--sendmail-cf=FILE
When starting, clamav-milter runs some sanity
checks against the sendmail.cf file, usually in
/etc/sendmail.cf or /etc/mail/sendmail.cf. This
directive tells clamav-milter where to find the
sendmail.cf file.
BUGS
There is no support for IPv6.
EXAMPLES
clamav-milter -o local:/var/run/clamav/clmilter.sock
AUTHOR
Nigel Horne <njh@bandsman.co.uk>
sendmail(1), clamd(8), clamscan(1), freshclam(1), sig-
tool(1), clamd.conf(5), hosts_access(5)
Man(1) output converted with
man2html