FRISK Software International

How does the Sendmail plug-in work?

In-transit mail scanning can be achieved using the f-prot-milter libmilter plug-in in conjunction with the F-PROT Antivirus Mail Scanner. To achieve this functionality, two lines must be added to the sendmail.mc configuration file:
define(`_FFR_MILTER', `true') INPUT_MAIL_FILTER(`f-prot-milter', `S=local:/var/run/f-prot.sock, F=T, T=S:300s;R:300s;E:5m')
Optionally, if selective scanning based on recipient is desired, the {FP_SCANONLY} sendmail macro can be defined and exported to the envrcpt routine by adding these three lines to sendmail.mc:
define(`confMILTER_MACROS_ENVRCPT', `{rcpt_mailer}, {rcpt_host}, {rcpt_addr}, {FP_SCANONLY}')
LOCAL_CONFIG
D{FP_SCANONLY}@domain1\\.net$$:@domain2\\.net$$:@domain3\\.net$$
After editing your sendmail.mc file, recompile the sendmail.cf file using the Makefile included with sendmail (make sure you have the sendmail-cf package installed, or equivalent). Then restart sendmail. scan-mail.pl must then be started with the -milter commandline option giving a path the sendmail.cf file as an argument, which will cause scan-mail.pl to start f-prot-milter, and start listening for scan-requests from f-prot-milter.

The Mail Scanner will add two headers to your e-mail, "X-Antivirus: Scanned by F-PROT Antivirus (http://www.f-prot.com)", and a header called "X-Antivirus-Summary" which describes the changes made to the message.

If F-PROT Antivirus detects an infection in a message or attachment, the Mail Scanner will try to neutralize the threat. If the infection is removed, the Mail Scanner will only defang the message or attachment. If, however, F-PROT Antivirus fails to remove the infection, the message or attachment will be removed, and an appropriate message will be appended to the e-mail. The Mail Scanner will take no action if the attachment is found to be clean. In the case of a runtime error, the Mail Scanner will defang the message. Defanging involves changing the filename extension, and thus removing the danger of a user running the attached file by double-clicking it.

The Mail Scanner can be configured to generate backups of all incoming mail by supplying it with the -backup switch. To generate backups of infected messages only, use the -quarantine switch. This will cause the Mail Scanner to create a directory MMDD/ under /usr/local/f-prot/backup (where MM is a number representing the month, and DD is a number representing the day of the month), and a file underneath there in the format of unix-time.pid. That file will contain the original message before the Mail Scanner scanned it.



Feedback | Contact Technical Support | Contact Sales Support

 
F-PROT Antivirus
- for Windows
- for UNIX
- for Exchange
F-PROT AVES
F-PROT Antivirus
- for Windows
- for UNIX
- for Exchange
F-PROT AVES
Stay up to date with life cycle policies for F-PROT Antivirus for Windows.
Definitions of common antivirus terminology.

More information about F-Prot Antivirus for UNIX:
Help files
Manual pages

agoat@klaki.net argentina@f-prot.com argentina@frisk.is argentina@complex.is argentina@f-prot.is argentina@frisk-software.com argentina@f-prot.net argentina@f-prot.co.uk brazil@f-prot.com brazil@frisk.is brazil@complex.is brazil@f-prot.is brazil@frisk-software.com brazil@f-prot.net brazil@f-prot.co.uk malta@f-prot.com malta@frisk.is malta@complex.is malta@f-prot.is malta@frisk-software.com malta@f-prot.net malta@f-prot.co.uk a.bjani@f-prot.com a.bjani@frisk.is a.bjani@complex.is a.bjani@f-prot.is a.bjani@f-prot.co.uk a.bjani@frisk-software.com a.bjani@f-prot.net z.fifl@f-prot.com z.fifl@frisk.is z.fifl@complex.is z.fifl@f-prot.is z.fifl@f-prot.co.uk z.fifl@frisk-software.com z.fifl@f-prot.net strumpuri@complex.is strumpure@complex.is strumpuru@complex.is