clamav-milter - milter compatible mail scanner


SYNOPSIS

       clamav-milter [options] socket_address


DESCRIPTION

       Clamav-milter is a filter for sendmail(1) mail server.  It
       uses a mail scanning engine built into clamd(8).

       Clamav-milter can, when configured to use  communicate  to
       clamd on other machines, use load balancing and fault tol-
       erant techniques to connect to more  than  one  clamd  and
       seemlessly  hot  swap  to  even the load between different
       servers and to keep  scanning  for  viruses  even  when  a
       server  goes  down.  When it is configured to use clamd on
       the the localhost, when the --external flag (see below) is
       not  given  or  LocalSocket  in set in clamd.conf(5), cla-
       mav-milter verifies that it can communicate with clamd; if
       it cannot, it terminates.

       clamav-milter  supports  tcpwrappers,  the  value for dae-
       mon_list is "clamav-milter".

       The socket_address argument is the socket used to communi-
       cate  with  sendmail(8).   It must agree with the entry in
       sendmail.cf or sendmail.mc.  The file associated with  the
       socket  must  be  createable by clamav-milter, if the User
       option is set in clamd.conf, then that user must have  the
       rights to create the file.


OPTIONS

       -a FROM, --from<=EMAIL>
              Source  email  address  of  notices. The default is
              MAILER-DAEMON.   If  =EMAIL  is  not  given,   thus
              --from,  then the from address is set to the origi-
              nating email address, however since  it  is  likely
              that  address is forged it must not be relied upon.
              -h, --help Output the help information and exit.

       -H, --headers
              Include all headers in the content of emails gener-
              ated  by  clamav-milter.  This is useful for system
              administrators who may want to look at  headers  to
              check if any of their machines are infected.

       -V, --version
              Print the version number and exit.

       -c FILE, --config-file=FILE
              By  default clamav-milter uses a default configura-
              tion  file,  this  option  allows  you  to  specify
              another one.
              Enables debugging.

       -x n, --debug-level=n
              Set  the  debug level to n (where n from [0..9]) if
              clamav-milter  was  configured  and  compiled  with
              --clamav-debug   enabled.    Will  be  replaced  by
              --debug for compatability with  other  programs  in
              the suite.

       -A, --advisory
              When  in  advisory mode, clamav-milter flags emails
              with viruses but still forwards them.  The  default
              option is to stop viruses.  This mode is incompati-
              ble with --quarantine and --quarantine-dir.

       -b, --bounce
              Send a failure message to the sender,  and  to  the
              postmaster.  [ Warning: most viruses and worms fake
              their source address, so this option is not  recom-
              mended ].  See also --noreject.

       -B, --broadcast[=<iface>]
              When  a  virus is intercepted, broadcast a UDP mes-
              sage to the TCPSocket port set in  clamd.conf.   If
              the optional iface option is given, broadcasts will
              be sent on that interface. The default  is  set  by
              the opertating system, usually to the first NIC.  A
              future network management program (yet to be  writ-
              ten)  will  intercept  these  broadcasts to raise a
              warning on the operator's desk.

       -C, --dont-log-clean
              Messages without viruses are usually logged if Sys-
              Log is set in clamd.conf since it gives a feel-good
              factor.  This option turns that off.

       -d, --dont-scan-on-error
              If a system  error  occurs  pass  messages  through
              unscanned,  usually  when a system error occurs the
              milter raises a temporary failure  which  generally
              causes the message to remain in the queue.

       -f, --force-scan
              Always  scan,  whereever the message came from (see
              also --local and --outgoing).  You  probably  don't
              want this.

       -e, --external
              Usually clamav-milter scans the emails itself with-
              out the use of an external program.  The --external
              option  informs  clamav-milter  to  use an external
              program such as  clamd(8)  running  either  on  the
              Socket or TCPSocket is ignored.

       -l, --local
              Also scan messages sent from LAN. You probably want
              this  especially  if  your  LAN  is  populated   by
              machines running Windows or DOS.

       -n, --noxheader
              Usually  clamav-milter  adds  headings  to messages
              that are scanned.  The headers are of the form  "X-
              Virus-Scanned:   version",   and   "X-Virus-Status:
              clean/infected/not-scanned".  This option instructs
              clamav-milter  to refrain from adding this heading.

       -N, --noreject
              When clamav-milter processes an e-mail  which  con-
              tains  a  virus  it rejects the e-mail by using the
              SMTP  code  550  or  554  depending  on  the  state
              machine.    This  option  causes  clamav-milter  to
              silently discard such messages.  It is  recommended
              that system administrators use this option when NOT
              using the --bounce option.

       -o, --outgoing
              Scan messages  generated  from  this  machine.  You
              probably don't need this.

       -i, --pidfile=FILE
              Notifies  clamav-milter  to store its process ID in
              FILE.  The file must be createable  by  clamav-mil-
              ter,  if  the  User option is set in clamd.conf(5),
              then that user must have the rights to  create  the
              file.

       -p, --postmaster=EMAILADDRESS
              Sets  the  e-mail  address to send notifications to
              when the --quiet option is not given.

       -P, --postmaster-only
              When the --quiet option is not given, send a  noti-
              fication to the postmaster.  Setting this flag will
              include the  ID  of  the  message  which  can  ease
              searching  through system logs if the administrator
              believes it is a locally sourced virus.

       -q, --quiet
              Don't send any warning messages  when  a  virus  or
              worm  or  is  detected.   This option overrides the
              --bounce and --postmaster-only options, and is  the
              way to turn off notification to the postmaster.

       -Q, --quarantine=EMAILADDRESS

       -U, --quarantine-dir=DIR
              If this option is given, infected files are left in
              this  directory.   The directory must not be publi-
              cally readable or writeable, if it is,  clamav-mil-
              ter  will issue an error and fail to start.  Note -
              this option only works when using LocalSocket.

       --server=HOSTNAME/ADDRESS, -s HOSTNAME/ADDRESS
              IP address or hostname of server(s)  running  clamd
              (when  using  TCPsocket).  More than one server may
              be specified,  separating  the  server's  names  by
              colons.  If more than one server is specified, cla-
              mav-milter will load balance between the  available
              servers.  All  the  servers  must  be  up when cla-
              mav-milter starts, however afterwards it  is  fault
              tolerant to a server becoming unavailable, and will
              only raise an error if all of the servers cannot be
              reached.    The   default   value  for  ADDRESS  is
              127.0.0.1 (localhost).

       --sign, -S
              Add a hard-coded signature to each scanned file.

       --signature-file, -F
              Location of file to be  appended  to  each  scanned
              message. Overrides -S.

       --max-children=n, -m n
              Set  a  hint  of the maximum number of children. If
              the number is hit the maximum time a pending thread
              will  be held up is set by --timeout, so the number
              of threads can exceed this number for short periods
              of  time.  There is no default, if this argument is
              not clamav-milter will spawn as many children as is
              necessary   up  to  the  MaxThreads  limit  set  in
              clamd.conf.  When clamav-milter has been built with
              SESSION  mode  this  argument is mandatory since it
              tells clamav-milter the number of sessions to  keep
              open to clamd servers.  When not built with in SES-
              SION mode it is unlikely that you  will  need  this
              unless your system is under great load.  Note, how-
              ever, that the default build is for SESSION  to  be
              disabled.

       --dont-wait
              Tells  clamav-milter what do to if the max-children
              number is exceeded.   Usually  clamav-milter  waits
              until  a  child  dies or the timeout value has been
              exceeded, which  ever  comes  first,  however  with
              dont-wait  enabled,  clamav-milter  will inform the
              remote SMTP client to retry later.
              File points to a file whose contents is sent as the
              warning  message  whenever  a virus is intercepted.
              Occurances of %v within the file is  replaced  with
              the message returned from clamd, which includes the
              name of the virus.  Occurances of %h  are  replaced
              with  the  message's headers.  The %v string can be
              escaped thus, \%v, to send the string  %v.   The  %
              character  can  be  escaped thus, %%, to send the %
              character.  Any  occurance  of  strings  in  dollar
              signs  are  replaced with the appropriate sendmail-
              variable, e.g. ${if_addr}$.  If the  -t  option  is
              not  given,  clamav-milter  defaults to a hardcoded
              message.  Note that to send warning messages,  cla-
              mav-milter must be able to execute sendmail.

       --timeout=n -T n
              Used  in  conjuction  with  max-children.  If  cla-
              mav-milter waits for more than n  seconds  (default
              0)  it  proceeds  with  scanning. Setting n to zero
              will turn off the timeout  and  clamav-milter  will
              wait  indefinately  for  the  scanning  to quit. In
              practice the timeout set by sendmail will then take
              over.

       --detect-forged-local-address -L
              When  neither  --force,  --local  nor --outgoing is
              given, this option intercepts incoming  mails  that
              incorrectly claim to be from the local domain.

       --whitelist-file=FILE, -W file
              This  option specifies a file which contains a list
              of  e-mail  addresses.   E-mails  sent   to   these
              addresses  will  NOT be checked.  While this is not
              an Anti-Virus function, it is quite useful for some
              systems.   The  address  given  to the --quarantine
              directive is always whitelisted.

       --sendmail-cf=FILE
              When  starting,  clamav-milter  runs  some   sanity
              checks  against  the  sendmail.cf  file, usually in
              /etc/sendmail.cf  or  /etc/mail/sendmail.cf.   This
              directive  tells  clamav-milter  where  to find the
              sendmail.cf file.


BUGS

       There is no support for IPv6.


EXAMPLES

       clamav-milter -o local:/var/run/clamav/clmilter.sock


AUTHOR

       Nigel Horne <njh@bandsman.co.uk>
       sendmail(1),  clamd(8),  clamscan(1),  freshclam(1),  sig-
       tool(1), clamd.conf(5), hosts_access(5)



















































Man(1) output converted with man2html