Introduction to F-PROT Antivirus Mail Scanner
F-PROT Antivirus Mail Scanner is a set of perl modules and scripts that work as an e-mail processor. An e-mail processor is a configurable program that can disassemble a multipart MIME message, decode it and run certain operations on it. F-PROT Antivirus Mail Scanner has the capability of both sanitizing and defanging dangerous e-mail content. Also it provides a fairly simple interface for setting policies based on a multitude of criteria.
F-PROT Antivirus for UNIX Mail Servers comes with F-PROT Antivirus Mail Scanner script called scan-mail.pl. Scan-mail.pl uses the latest version of the Anomy Sanitizer package (http://mailtools.anomy.net/) for e-mail handling. Scan-mail was originally written to work with procmail, but has since been extended to function for various e-mail systems (see section 5 of this manual).Mailscanner handling of attachments
If F-PROT Antivirus detects an infection in a message or attachment, the Mail Scanner will try to neutralize the threat. If the message was clean or if all infection are removed, the Mail Scanner will check the filenames of the attachments against rules found in /etc/f-prot.conf to determine if attachments of that type are allowed through the system. If, however, F-PROT Antivirus fails to remove the infection, the message or attachment will be removed, an appropriate message will be appended to the e-mail. In case of a run-time error, the attachment is saved to disk and removed from the e-mail.
The Mail Scanner can be configured to generate backups of all incoming mail by supplying it with the -backup switch. To generate backups of infected messages only, use the -quarantine switch.
This will cause the script to create the direcory /usr/local/f-prot/backup/MMDD/ (where MM is a number representing the month, and DD is a number representing the day of the month), and a file underneath there using the current time and the process id as the saved file name. That file will contain the original message before being scanned.
The Mail Scanner will add the following header to your e-mail:
X-Antivirus: Scanned by F-PROT Antivirus (http://www.f-prot.com)
F-PROT Antivirus Mail Scanner can be used to scan e-mail at mail delivery using, e.g., procmail, or in-transit using the Sendmail/libmilter plug-in, the Postfix plug-in or the Qmail plug-in for F-PROT Antivirus Mail Scanner.
F-PROT Antivirus Mail Scanner depends on the Perl 5.8 interpreter being present. If your computer does not have Perl 5.8 installed by default, please consult your manual on how to install it.
F-PROT Antivirus Mail Scanner also depends on a couple of Perl modules. MIME::Base64 and MIME::QuotedPrint need to be present on your system in order for Anomy to work. To install these modules. To install them, run the command 'perl -MCPAN -e shell' from your command-prompt as root. Complete the questionnaire, and when you reach the cpan prompt (cpan> ) type in "install MIME::Base64". Next, type in "install MIME::QuotedPrint". That should complete the installation of the two modules.
Please note if your system meets the requirements stated here above but you still receive a failed
dependencies error, use the --nodeps argument when trying to install the rpm, e.g.
rpm -Uvh --nodeps fp-UNIX-ms-4.3.2-1.i386.rpm< Previous | Back to Index | Next >