How does the Sendmail plug-in work?

In-transit mail scanning can be achieved using the f-prot-milter libmilter plug-in in conjunction with the F-PROT Antivirus Mail Scanner. To achieve this functionality, two lines must be added to the sendmail.mc configuration file:

define(`_FFR_MILTER', `true') INPUT_MAIL_FILTER(`f-prot-milter', `S=local:/var/run/f-prot.sock, F=T, T=S:300s;R:300s;E:5m')

Optionally, if selective scanning based on recipient is desired, the {FP_SCANONLY} sendmail macro can be defined and exported to the envrcpt routine by adding these three lines to sendmail.mc:

define(`confMILTER_MACROS_ENVRCPT', `{rcpt_mailer}, {rcpt_host}, {rcpt_addr}, {FP_SCANONLY}')
LOCAL_CONFIG
D{FP_SCANONLY}@domain1\\.net$$:@domain2\\.net$$:@domain3\\.net$$

After editing your sendmail.mc file, recompile the sendmail.cf file using the Makefile included with sendmail (make sure you have the sendmail-cf package installed, or equivalent). Then restart sendmail. scan-mail.pl must then be started with the -milter commandline option giving a path the sendmail.cf file as an argument, which will cause scan-mail.pl to start f-prot-milter, and start listening for scan-requests from f-prot-milter.

The Mail Scanner will add two headers to your e-mail, "X-Antivirus: Scanned by F-PROT Antivirus (http://www.f-prot.com)", and a header called "X-Antivirus-Summary" which describes the changes made to the message.

If F-PROT Antivirus detects an infection in a message or attachment, the Mail Scanner will try to neutralize the threat. If the infection is removed, the Mail Scanner will only defang the message or attachment. If, however, F-PROT Antivirus fails to remove the infection, the message or attachment will be removed, and an appropriate message will be appended to the e-mail. The Mail Scanner will take no action if the attachment is found to be clean. In the case of a runtime error, the Mail Scanner will defang the message. Defanging involves changing the filename extension, and thus removing the danger of a user running the attached file by double-clicking it.

The Mail Scanner can be configured to generate backups of all incoming mail by supplying it with the -backup switch. To generate backups of infected messages only, use the -quarantine switch. This will cause the Mail Scanner to create a directory MMDD/ under /usr/local/f-prot/backup (where MM is a number representing the month, and DD is a number representing the day of the month), and a file underneath there in the format of unix-time.pid. That file will contain the original message before the Mail Scanner scanned it.

Feedback | Contact Technical Support | Contact Sales Support