FRISK Software International

F-PROT Antivirus Mail Scanner
1.6 F-PROT Antivirus Mail Scanner (scan-mail.pl)
 

This section applies to F-PROT Antivirus for UNIX Mail Server version only

Introduction to F-PROT Antivirus Mail Scanner

F-PROT Antivirus Mail Scanner is a set of perl modules and scripts that work as an e-mail processor. An e-mail processor is a configurable program that can disassemble a multipart MIME message, decode it and run certain operations on it. F-PROT Antivirus Mail Scanner has the capability of both sanitizing and defanging dangerous e-mail content. Also it provides a fairly simple interface for setting policies based on a multitude of criteria.

F-PROT Antivirus for UNIX Mail Servers comes with a mail scanner program called scan-mail.pl. Scan-mail.pl uses the Anomy Sanitizer package (http://mailtools.anomy.net/) for e-mail handling. Scan-mail was originally written to work with procmail, but has since been extended to function for various e-mail systems (see section 5 of this manual).

F-PROT Antivirus Mail Scanner handling of attachments

If F-PROT Antivirus detects an infection in a message or attachment, the Mail Scanner will try to neutralize the threat. If the message was clean or if all infection was removed, the Mail Scanner will check the filenames of the attachments against rules found in /etc/f-prot.conf to determine if attachments of that type are allowed through the system. If, however, F-PROT Antivirus fails to remove the infection, the message or attachment will be removed, an appropriate message will be appended to the e-mail. In case of a run-time error, the attachment is saved to disk and removed from the e-mail.

The Mail Scanner can be configured to generate backups of all incoming mail by supplying it with the -backup switch. To generate backups of infected messages only, use the -quarantine switch.

This will cause the script to create the directory /opt/f-prot/backup/MMDD/ (where MM is a number representing the month, and DD is a number representing the day of the month), and a file underneath there using the current time and the process id as the saved file name. That file will contain the original message before being scanned.

The Mail Scanner will add the following header to your e-mail:
X-Antivirus: Scanned by F-PROT Antivirus (http://www.f-prot.com)

F-PROT Antivirus Mail Scanner can be used to scan e-mail at mail delivery using, e.g., procmail, or in-transit using the Sendmail/libmilter plug-in, the Postfix plug-in or the Qmail plug-in for F-PROT Antivirus Mail Scanner.

Requirements for F-PROT Antivirus Mail Scanner

F-PROT Antivirus Mail Scanner depends on the Perl 5.8 interpreter being present. If your computer does not have Perl 5.8 installed by default, please consult your manual on how to install it.

F-PROT Antivirus Mail Scanner also depends on a couple of Perl modules. MIME::Base64 and MIME::QuotedPrint need to be present on your system in order for Anomy to work. To install these modules, run the command 'perl -MCPAN -e shell' from your command-prompt as root. Complete the questionnaire, and when you reach the cpan prompt ("cpan> ") type in "install MIME::Base64". Next, type in "install MIME::QuotedPrint". That should complete the installation of the two modules.

Please note if your system meets the requirements stated here above but you still receive a failed dependencies error, use the --nodeps argument when trying to install the rpm, e.g.

rpm -Uvh --nodeps fp-UNIX-ms-4.3.2-1.i386.rpm

Back to Index

 
 
F-PROT Antivirus
- for Windows
- for UNIX
- for Exchange
F-PROT AVES
F-PROT Antivirus
- for Windows
- for UNIX
- for Exchange
F-PROT AVES
Stay up to date with important developments via e-mail.
Stay up to date with life cycle policies for F-PROT Antivirus for Windows.
Definitions of common antivirus terminology.