1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
|
--- ../MailScanner-install-4.40.10.old/docs/man/MailScanner.conf.5 Fri Apr 1 16:10:19 2005
+++ docs/man/MailScanner.conf.5 Fri Apr 1 16:10:37 2005
@@ -1,4 +1,4 @@
-.TH "MailScanner.conf" "5" "4.38.2" "Julian Field" "Mail"
+.TH "MailScanner.conf" "5" "4.41.3" "Julian Field" "Mail"
.SH "NAME"
.LP
MailScanner.conf \- Main configuration for MailScanner
@@ -27,7 +27,9 @@
Many of the options can also be the filename of a ruleset, which can be used to control features depending on the addresses of the message, and/or the IP address where the message came from. You will find some examples of rulesets and an explanation of them in the "rules" directories within the MailScanner installation and in the section "RULESETS" later in this manpage.
.LP
-The options are best listed in a few categories. This is also the order in which you will find them in the MailScanner.conf file. If this list looks very large then don't worry, the supplied MailScanner.conf file (or MailScanner.conf.sample) contains sensible defaults for all the values. You will probably only need to change a very few of them to start with.
+The options are best listed in a few categories. If this list looks very large then don't worry, the supplied MailScanner.conf file (or MailScanner.conf.sample) contains sensible defaults for all the values. You will probably only need to change a very few of them to start with.
+
+Starting with version 4.40.10 of MailScanner you can use shell environment variables such as $HOSTNAME or ${HOSTNAME} in MailScanner.conf and its relatives.
.LP
You should define the following variables:
@@ -74,6 +76,22 @@
Enter a short identifying name for your organisation below, this is used to make the X\-MailScanner headers unique for your organisation. Multiple servers within one site should use an identical value here to avoid adding multiple redundant headers where mail has passed through several servers within your organisation.
.br
Note: Some Symantec scanners complain (incorrectly) about "." characters appearing in the names of headers.
+
+.TP
+\fB%org\-long\-name%\fR
+Default: Your Organisation Name Here
+.br
+
+.br
+Enter the full name of your organisation below, this is used in the signature placed at the bottom of report messages sent by MailScanner. It can include pretty much any text you like. You can make the result span several lines by including "\n" sequences in the text. These will be replaced by line\-breaks.
+
+.TP
+\fB%web\-site%\fR
+Default: www.your\-organisation.com
+.br
+
+.br
+Enter the location of your organisation's web site below. This is used in the signature placed at the bottom of report messages sent by MailScanner. It should preferably be the location of a page that you have written explaining why you might have rejected the mail and what the recipient and/or sender should do about it.
.SH "System Settings"
.TP
\fBMax Children\fR
@@ -370,6 +388,23 @@
.br
The maximum length of time the "file" command is allowed to run for one batch of messages (in seconds).
+
+.TP
+\fBUnrar Command\fR
+Default: /usr/bin/unrar
+.br
+
+.br
+Where the "unrar" command is installed. If you haven't got this command, look at www.rarlab.com. This is used for unpacking rar archives so that the contents can be checked for banned filenames and filetypes, and also that the archive can be tested to see if it is password\-protected. Virus scanning the contents of rar archives is still left to the virus scanner, with one exception: If using the clavavmodule virus scanner, this adds external RAR checking to that scanner which is needed for archives which are RAR version 3.
+
+.TP
+\fBUnrar Timeout\fR
+Default: 50
+.br
+
+.br
+The maximum length of time the "unrar" command is allowed to run for 1 RAR archive (in seconds)
+
.TP
\fBBlock Encrypted Messages\fR
Default: no
@@ -562,6 +597,41 @@
.br
ClamAVModule only: monitor each of these files for changes in size to detect when a ClamAV update has happened. This is only used by the "clamavmodule" virus scanner, not the "clamav" scanner setting.
+
+.TP
+\fBClamAVmodule Maximum Recursion Level\fR
+Default: 5
+.br
+
+.br
+ClamAVModule only: The maximum recursion level of archives. This setting *cannot* be the filename of a ruleset, only a simple number.
+
+.TP
+\fBClamAVmodule Maximum Files\fR
+Default: 100
+.br
+
+.br
+ClamAVModule only: The maximum number of files per batch. This setting *cannot* be the filename of a ruleset, only a simple number.
+
+
+.TP
+\fBClamAVmodule Maximum File Size\fR
+Default: 10000000
+.br
+
+.br
+ClamAVModule only: The maximum file of each file (Default = 10MB). This setting *cannot* be the filename of a ruleset, only a simple number.
+
+
+.TP
+\fB\fRClamAVmodule Maximum Compression Ratio
+Default: 250
+.br
+
+.br
+ClamAVModule only: The maximum compression ration of archives. This setting *cannot* be the filename of a ruleset, only a simple number.
+
.SH "Removing/Logging dangerous or potentially offensive content"
.TP
\fBAllow Partial Messages\fR
@@ -601,6 +671,15 @@
.TP
+\fBPhishing Safe Sites File\fR
+Default: %etc\-dir%/phishing.safe.sites.conf
+.br
+
+.br
+There are some companies, such as banks, that insist on sending out email messages with links in them that are caught by the "Find Phishing Fraud" test described above. This is the name of a file which contains a list of link destinations which should be ignored in the test. This may, for example, contain the known websites of some banks. See the file itself for more information. This can only be the name of the file containing the list, it *cannot* be the filename of a ruleset.
+
+
+.TP
\fBAllow IFrame Tags\fR
Default: no
.br
@@ -1753,6 +1832,12 @@
.br
Log all occurrences of "Silent Viruses" as defined above? This can only be a simple yes/no value, not a ruleset.
+
+.TP
+\fBLog Dangerous HTML Tags\fR
+Default: no
+.br
+Log all occurrences of HTML tags found in messages, that can be blocked. This will help you build up your whitelist of message sources for which particular HTML tags should be allowed, such as mail from newsletters and daily cartoon strips. This can also be the filename of a ruleset.
.SH "Advanced SpamAssassin Settings"
If you are using Postfix you may well need to use some of the settings below, as the home directory for the "postfix" user cannot be written to by the "postfix" user. You may also need to use these if you have installed SpamAssassin somewhere other than the default location.
|
