[Pkg-clamav-devel] [RFR] templates://clamav/{clamav-milter.templates}
Justin B Rye
jbr at edlug.org.uk
Fri Mar 27 12:02:20 UTC 2009
Christian Perrier wrote:
> Your review should be sent as an answer to this mail.
Diffing directly against the original clamav-milter.templates file
posted to the list.
> Default: clamav
> _Description: User to run clamav-milter as:
> It is recommended to run the ClamAV programs as a non-privileged user.
> + This will work with most MTAs with a little tweaking. However, using
> + clamd for filesystem scans while require running clamav-milter as root.
^^^^^
Presumably this should be "will require" (though plain "requires"
works too).
> Maybe "file system" by the way....
If we had a phrase that unambiguously referred to directory
hierarchies full of stuff (as opposed to storage formats such as the
ext3fs file system) I'd use it here. Oh well, it doesn't seem to
bother anybody but me.
> Template: clamav-milter/ReadTimeout
> +_Description: Wait timeout for data coming from clamd:
> + Please enter the delay (in seconds) before clamav-milter times out when it is
> + waiting for incoming data from clamd.
> + .
> + Choosing "0" will disable this timeout.
I hope I'm interpreting it correctly: a "disabled" timeout means no
automatic end to the waiting (the "zero means infinity" convention),
right?
> Template: clamav-milter/Foreground
> -_Description: Stay in foreground (don't fork)?
> +_Description: Should clamav-milter stay in foreground (don't fork)?
"Should it don't" - make that "(not forking)".
> Template: clamav-milter/Chroot
[...]
> + If that field is left empty, no chrooting will occur.
Say "this"
> Template: clamav-milter/ClamdSocket
[...]
> + unix:path : local unix socket using a absolute path.
an
> + Example: unix:/var/run/clamd/clamd.socket
> + tcp:host:port : local or remote TCP socket. The "host" value can be
> + either a hostname or an IP address. The "port"
> + is only required for IPv6 addresses (default: 3310).
> + Example: tcp:192.168.0.1
The original says the port is "only required for IPv6 addresses,
otherwise it defaults to 3310"; the above implies that it defaults
to 3310 only (or primarily) for IPv6.
> + .
> + You may specify multiple choices, separated by spaces. In such cases, the
> + clamd servers will be selected in a round-robin fashion.
>
> Complete reformatting. I tried to make this clearer and
> hard-formatting is IMHO mandatory for this.
The way the formats can't touch the colons is awkward (at least with
English punctuation traditions). Maybe it could be organised as:
- a local unix socket using an absolute path, in "unix:path" format
(for example: unix:/var/run/clamd/clamd.socket);
- a local or remote TCP socket in "tcp:host:port" format (for example:
tcp:192.168.0.1). The "host" value can be either a hostname or an IP
address, and the "port" is only required for IPv6 addresses,
defaulting to 3310 otherwise.
> Template: clamav-milter/LocalNet
> -_Description: Exclusions - IP ranges:
> - Messages originating from these hosts/networks will not be scanned. This
> - option takes a host(name)/mask pair in CIRD notation and can be repeated
> - several times (separated by whitespace). If "/mask" is omitted, a host is
> - assumed. To specify a locally originated, non-smtp, email use the keyword
> - "local".
"A" non-smtp email makes me suspect it means local _addresses_...
> +_Description: Hosts excluded from scanning:
> + Please specify, in CIDR notation (host(name)/mask), the hosts for
> + which no scanning should be performed on incoming mail. Multiple entries
> + should be separated by spaces. The "local" shortcut can be used to
> + specify locally-originated (non SMTP) email.
...Whereas here you're using "email" to mean "messages". It still
seems to work, though.
> Template: clamav-milter/Whitelist
> Type: string
> -_Description: Exclusions - Regular expressions:
> - This option specifies a file which contains a list of POSIX regular
> - expressions. Addresses (sent to or from) matching these regexes will not be
> - scanned. Optionally each line can start with the string "From:" or "To:"
> - (note: no whitespace after the colon) indicating if it is, respectively, the
> - sender or recipient that is to be whitelisted. If the field is missing, "To:"
> - is assumed.
> +_Description: Mail addresses whitelist:
> + Please specify the path to a file which contains a list of POSIX regular
> + expressions to specify mail addresses for which no scanning should be
> + performed.
> + .
> + Eeach line in this file may start with "From:" or "To:" to
^
You've lost the note that it's "From:foo" rather than "From: foo".
> + restrict whitelisting to either the sender (From:) or recipient (To:)
> + addresses. Without such prefix, whitelisting is restricted to
> + recipients (To:).
It probably shouldn't talk about these prefixes "restricting"
whitelisting - that makes it sound as if the default is for it to be
"unrestricted", with each matching address triggering whitelisting
regardless of whether it's a recipient or sender.
> .
> - Lines in this file starting with #, : or ! are ignored.
> + That file may include comments, prefixed by "#", ":" or "!" characters.
>
> Another completely rewritten template. I'm slightly unhappy because it
> is still quite long (but I don't really find how to shorten it more).
I've ended up rewriting it all over again, but it's got shorter.
_Description: Mail address whitelist:
Please specify the path to a whitelist file, listing email addresses
that should cause scanning to be bypassed.
.
Each line in this file should be a POSIX regular expression; lines
starting with "#", ":" or "!" will be ignored as comments.
.
Lines may start with "From:" (with no space after the colon) to make
the whitelisting apply to matching sender addresses; otherwise, or
with a "To:" prefix, it affects recipient addresses.
> Template: clamav-milter/OnClean
> +__Choices: Accept, Reject, Defer, Blackhole, Quarantine
> +_Description: Action to perform on clean messages:
> + Please choose the action to perform on "clean" messages:
> .
> + - Accept : the message is accepted for delivery;
To be parallel, this should be "accept the message for delivery;".
> + - Reject : immediately refuse delivery (with a 5xx error);
> + - Defer : return a temporary failure message (4xx);
> + - Blackhole : accept the message then drop it;
^
> + (not available for OnFail)
> + - Quarantine: accept the message then quarantine it. With
> + sendmail, the quarantine queue can be examined
> + with "mailq -qQ". With Postfix, such mails are placed
> + on hold.
> + (not available for OnFail)
> .
> + This setting is meant for testing purposes only.
Capitalise Sendmail (here and elsewhere) to clarify that it doesn't
mean the /usr/sbin/sendmail -> /usr/sbin/exim4 symlink.
Why does it mention the template name OnFail in the OnClean and
OnInfected templates? Wouldn't it make more sense for the OnFail
template just to omit the ones that aren't available?
So that would mean for OnClean and OnInfected it would look like
this:
- Accept : accept the message for delivery;
- Reject : immediately refuse delivery (with a 5xx error);
- Defer : return a temporary failure message (4xx);
- Blackhole : accept the message then drop it;
- Quarantine: accept the message then quarantine it. With
Sendmail, the quarantine queue can be examined
with "mailq -qQ". With Postfix, such mails are placed
on hold.
And OnFail gets:
- Accept: accept the message for delivery;
- Reject: immediately refuse delivery (with a 5xx error);
- Defer : return a temporary failure message (4xx).
> Template: clamav-milter/OnFail
[...]
> + Please choose the action to perform on errors such as failure to
> + allocate data structures, no scanners available,
> + network timeouts, unknown scanner replies...:
...:?...:-)
> Template: clamav-milter/LogFile
> Type: string
> Default: none
> +_Description: Log file for clamav-milter:
> + The clamav-milter log file must be writable for the user running daemon.
> + You should specify a full path.
The user running _the_ daemon? The user the daemon is running as?
Maybe just:
Specify the full path to the clamav-milter log file, which must be
writable for the clamav daemon.
> Template: clamav-milter/LogFileMaxSize
> Type: string
> Default: 1M
> +_Description: Maximum size of the log file (MB):
> + Please specify the maximu size for the log file. Using "0" will
^
> + allow that file to grow indefinitely.
If it's interpreting the input in terms of megabyte units, why is
the default "1M"? I hope that means "1MB", not "one million
megabytes".
> Template: clamav-milter/LogSyslog
[...]
> +_Description: Use system logger?
> + Please choose whether you want to use the system logger (syslog). That
This
> + option can be used along with logging in a dedicated file.
...
> Template: clamav-milter/LogFacility
> Type: string
> Default: LOG_LOCAL6
> +_Description: Type of syslog messages:
> + Please choose the type of syslog messages as detailed in the system
> + logger manpage.
>
> When using rsyslog, "man syslog" doesn't work..:-)
As it happens I see more information in "man syslog" (meaning
Sys::Syslog(3perl)) than in rsyslogd(8). I'd suggest saying "as
detailed in the system logger's documentation".
> Template: clamav-milter/MaxFileSize
[...]
> +_Description: Size limit for scanend messages (MB):
^^
--
JBR with qualifications in linguistics, experience as a Debian
sysadmin, and probably no clue about this particular package
-------------- next part --------------
--- clamav-milter.templates.old 2009-03-27 03:09:54.000000000 +0000
+++ clamav-milter.templates 2009-03-27 03:24:31.000000000 +0000
@@ -4,23 +4,21 @@
_Description: Handle the configuration file automatically?
Some options must be configured for clamav-milter.
.
- The ClamAV suite won't work if it isn't configured. If you do not
+ It won't work if it isn't configured. If you do not
configure it automatically, you'll have to configure
- /etc/clamav/clamav-milter.conf manually or run 'dpkg-reconfigure clamav-milter'
+ /etc/clamav/clamav-milter.conf manually or run "dpkg-reconfigure clamav-milter"
later. In any case, manual changes in /etc/clamav/clamav-milter.conf will
be respected.
Template: clamav-milter/MilterSocket
Type: string
Default: /var/run/clamav/milter.ctl
-_Description: Define the interface through to communicate with sendmail:
- Possible formats are:
- .
- Unix domain socket: [[unix|local]:]/path/to/file
- .
- IPv4 socket: inet:port@[hostname|ip-address]
- .
- IPv6 socket: inet6:port@[hostname|ip-address]
+_Description: Communication interface with Sendmail:
+ Please choose the method that should be used by clamav-milter to
+ communicate with Sendmail. The following formats can be used:
+ - Unix domain socket: [[unix|local]:]/path/to/file
+ - IPv4 socket : inet:port@[hostname|ip-address]
+ - IPv6 socket : inet6:port@[hostname|ip-address]
Template: clamav-milter/FixStaleSocket
Type: boolean
@@ -32,142 +30,169 @@
Default: clamav
_Description: User to run clamav-milter as:
It is recommended to run the ClamAV programs as a non-privileged user.
- This will work with most MTAs with a little tweaking, but if you want to
- use clamd for filesystem scans, running as root is probably unavoidable.
+ This will work with most MTAs with a little tweaking. However, using
+ clamd for filesystem scans will require running clamav-milter as root.
+ .
Please see README.Debian in the clamav-base package for details.
Template: clamav-milter/AddGroups
Type: string
_Description: Groups for clamav-milter (space-separated):
By default, clamav-milter runs as a non-privileged user. If you need
- clamav-milter to be able to access files owned by another user (e.g., in
- combination with an MTA), then you will need to add clamav to the group for
- that piece of software. Please see README.Debian in the clamav-base package for
+ clamav-milter to be able to access files owned by another user (for
+ instance when it is used in combination with an MTA), this user
+ need to be added to the relevant group(s).
+ .
+ Please see README.Debian in the clamav-base package for
details.
Template: clamav-milter/ReadTimeout
Type: string
Default: 120
-_Description: Waiting for data from clamd will timeout after this time (seconds):
- Set to a value of '0' to disable the timeout.
+_Description: Wait timeout for data coming from clamd:
+ Please enter the delay (in seconds) before clamav-milter times out when it is
+ waiting for incoming data from clamd.
+ .
+ Choosing "0" will disable this timeout.
Template: clamav-milter/Foreground
Type: boolean
Default: false
-_Description: Stay in foreground (don't fork)?
+_Description: Should clamav-milter stay in foreground (not forking)?
Template: clamav-milter/Chroot
Type: string
_Description: Chroot to directory:
- Chrooting is performed just after reading the config file and before dropping
- privileges. An empty value means don't chroot.
+ Clamav-milter can run in a chroot jail. It will enter it after reading
+ the configuration file and before dropping root privileges.
+ .
+ If this field is left empty, no chrooting will occur.
Template: clamav-milter/PidFile
Type: string
Default: /var/run/clamav/clamav-milter.pid
_Description: PID file:
- This option allows you to save a process identifier of the listening daemon
- (main thread).
+ Please specify the process identifier file location for clamav-milter's
+ listening daemon (main thread).
Template: clamav-milter/TemporaryDirectory
Type: string
Default: /tmp
-_Description: Optional path to the global temporary directory:
- If unset, $TMPDIR and $TEMP will be honored.
+_Description: Global temporary directory path:
+ Please specify the directory for clamav-milter's temporary files.
+ If unset, $TMPDIR and $TEMP will be honored.
Template: clamav-milter/ClamdSocket
Type: string
Default: unix:/var/run/clamav/clamd.ctl
-_Description: Define the clamd socket to connect to for scanning:
- To refer to a local unix socket using a absolute path, use unix:path (e.g.,
- unix:/var/run/clamd/clamd.socket). A local or remote TCP socket is specified
- using the tcp:host:port syntax. The host can be a hostname or an ip address;
- the ":port" field is only required for IPv6 addresses, otherwise it defaults to
- 3310 (e.g., tcp:192.168.0.1).
- .
- This option can be repeated several times (separated by whitespace) with
- different sockets or even with the same socket: clamd servers will be selected
- in a round-robin fashion.
+_Description: Clamd socket to connect to for scanning:
+ Please specify the socket to use to connect to the ClamAV daemon for
+ scanning purposes. Possible choices are:
+ - a local unix socket using an absolute path, in "unix:path" format
+ (for example: unix:/var/run/clamd/clamd.socket);
+ - a local or remote TCP socket in "tcp:host:port" format (for example:
+ tcp:192.168.0.1). The "host" value can be either a hostname or an IP
+ address, and the "port" is only required for IPv6 addresses,
+ defaulting to 3310 otherwise.
+ .
+ You may specify multiple choices, separated by spaces. In such cases, the
+ clamd servers will be selected in a round-robin fashion.
Template: clamav-milter/LocalNet
Type: string
-_Description: Exclusions - IP ranges:
- Messages originating from these hosts/networks will not be scanned. This
- option takes a host(name)/mask pair in CIRD notation and can be repeated
- several times (separated by whitespace). If "/mask" is omitted, a host is
- assumed. To specify a locally originated, non-smtp, email use the keyword
- "local".
+_Description: Hosts excluded from scanning:
+ Please specify, in CIDR notation (host(name)/mask), the hosts for
+ which no scanning should be performed on incoming mail. Multiple entries
+ should be separated by spaces. The "local" shortcut can be used to
+ specify locally-originated (non-SMTP) email.
.
- If unset, everything regardless of the origin is scanned.
+ If this field is left empty, all incoming mail will be scanned.
Template: clamav-milter/Whitelist
Type: string
-_Description: Exclusions - Regular expressions:
- This option specifies a file which contains a list of POSIX regular
- expressions. Addresses (sent to or from) matching these regexes will not be
- scanned. Optionally each line can start with the string "From:" or "To:"
- (note: no whitespace after the colon) indicating if it is, respectively, the
- sender or recipient that is to be whitelisted. If the field is missing, "To:"
- is assumed.
- .
- Lines in this file starting with #, : or ! are ignored.
+_Description: Mail addresses whitelist:
+ Please specify the path to a whitelist file, listing email adresses
+ that should cause scanning to be bypassed.
+ .
+ Each line in this file should be a POSIX regular expression; lines
+ starting with "#", ":" or "!" will be ignored as comments.
+ .
+ Lines may start with "From:" (with no space after the colon) to make
+ the whitelisting apply to matching sender addresses; otherwise, or
+ with a "To:" prefix, it affects recipient addresses.
Template: clamav-milter/OnClean
Type: select
-Choices: Accept, Reject, Defer, Blackhole, Quarantine
+__Choices: Accept, Reject, Defer, Blackhole, Quarantine
Default: Accept
-_Description: Action to be performed on clean messages (mostly useful for testing):
- The following actions are available:
+_Description: Action to perform on clean messages:
+ Please choose the action to perform on "clean" messages:
.
- - Accept: The message is accepted for delievery
+ - Accept : accept the message for delivery;
+ - Reject : immediately refuse delivery (with a 5xx error);
+ - Defer : return a temporary failure message (4xx);
+ - Blackhole : accept the message then drop it;
+ - Quarantine: accept the message then quarantine it. With
+ Sendmail, the quarantine queue can be examined
+ with "mailq -qQ". With Postfix, such mails are placed
+ on hold.
.
- - Reject: Immediately refuse delievery (a 5xx error is returned to the peer)
- .
- - Defer: Return a temporary failure message (4xx) to the peer
- .
- - Blackhole (not available for OnFail): Like accept but the message is sent to
- oblivion
- .
- - Quarantine (not available for OnFail): Like accept but message is quarantined
- instead of being delivered In sendmail the quarantine queue can be examined
- via mailq -qQ For Postfix this causes the message to be accepted but placed
- on hold
+ This setting is meant for testing purposes only.
Template: clamav-milter/OnInfected
Type: select
-Choices: Accept, Reject, Defer, Blackhole, Quarantine
+__Choices: Accept, Reject, Defer, Blackhole, Quarantine
Default: Quarantine
-_Description: Action to be performed on infected messages:
+_Description: Action to perform on infected messages:
+ Please choose the action to perform on "infected" messages:
+ .
+ - Accept : accept the message for delivery;
+ - Reject : immediately refuse delivery (with a 5xx error);
+ - Defer : return a temporary failure message (4xx);
+ - Blackhole : accept the message then drop it;
+ - Quarantine: accept the message then quarantine it. With
+ Sendmail, the quarantine queue can be examined
+ with "mailq -qQ". With Postfix, such mails are placed
+ on hold.
Template: clamav-milter/OnFail
Type: select
-Choices: Accept, Reject, Defer, Blackhole, Quarantine
+__Choices: Accept, Reject, Defer, Blackhole, Quarantine
Default: Defer
-_Description: Action to be performed on error conditions:
- This includes failure to allocate data structures, no scanners available,
- network timeouts, unknown scanner replies and the like)
+_Description: Action to perform on error conditions:
+ Please choose the action to perform on errors such as failure to
+ allocate data structures, no scanners available,
+ network timeouts, unknown scanner replies...:
+ .
+ - Accept: accept the message for delivery;
+ - Reject: immediately refuse delivery (with a 5xx error);
+ - Defer : return a temporary failure message (4xx).
Template: clamav-milter/RejectMsg
Type: string
_Description: Specific rejection reason for infected messages:
- It is only useful together with "OnInfected Reject". The string "%v", if
- present, will be replaced with the virus name.
+ Please specify the rejection reason that will be included in reject mails.
+ .
+ This option is only useful together with "OnInfected Reject".
+ .
+ The "%v" string may be used to include the virus name.
Template: clamav-milter/AddHeader
Type: boolean
Default: false
_Description: Add headers to processed messages?
- If adding headers is enabled, "X-Virus-Scanned" and "X-Virus-Status" headers
+ If you choose this option, "X-Virus-Scanned" and "X-Virus-Status" headers
will be attached to each processed message, possibly replacing existing
- headers.
+ similar headers.
Template: clamav-milter/LogFile
Type: string
Default: none
-_Description: Log to file:
- LogFile must be writable for the user running daemon. A full path is required.
+_Description: Log file for clamav-milter:
+ Specify the full path to the clamav-milter log file, which must be
+ writable for the clamav daemon.
.
- Logging via syslog is configured independently of this entry.
+ Logging via syslog is configured independently of this setting.
Template: clamav-milter/LogFileUnlock
Type: boolean
@@ -179,8 +204,9 @@
Template: clamav-milter/LogFileMaxSize
Type: string
Default: 1M
-_Description: Maximum size of the log file (unit Mb):
- Set to a value of '0' to disable the timeout.
+_Description: Maximum size of the log file (MB):
+ Please specify the maximum size for the log file. Using "0" will
+ allow that file to grow indefinitely.
Template: clamav-milter/LogTime
Type: boolean
@@ -190,13 +216,16 @@
Template: clamav-milter/LogSyslog
Type: boolean
Default: false
-_Description: Use system logger (can work together with LogFile)?
+_Description: Use system logger?
+ Please choose whether you want to use the system logger (syslog). This
+ option can be used along with logging in a dedicated file.
Template: clamav-milter/LogFacility
Type: string
Default: LOG_LOCAL6
-_Description: Specify the type of syslog messages:
- Please refer to 'man syslog' for facility names.
+_Description: Type of syslog messages:
+ Please choose the type of syslog messages as detailed in the system
+ logger's documentation.
Template: clamav-milter/LogVerbose
Type: boolean
@@ -205,15 +234,21 @@
Template: clamav-milter/LogInfected
Type: select
-Choices: Off, Basic, Full
+__Choices: Off, Basic, Full
Default: Off
-_Description: What should be logged when a message is infected:
- Possible values are Off (the default - nothing is logged), Basic (minimal info
- logged), Full (verbose info logged)
+_Description: Information to log on infected messages:
+ Please choose the level of information that will be logged when infected
+ messages are found:
+ - Off : no logging;
+ - Basic: minimal information;
+ - Full : verbose information.
Template: clamav-milter/MaxFileSize
Type: string
Default: 25M
-_Description: Messages larger than this value won't be scanned (unit Mb):
- Make sure this value is lower than StreamMaxLength in clamd.conf
-
+_Description: Size limit for scanned messages (MB):
+ Please specify the maximum size for scanned messages. Messages bigger than
+ this limit will not be scanned.
+ .
+ You should check that this value is lower than the value of "StreamMaxLength"
+ in the clamd.conf file.
-------------- next part --------------
Template: clamav-milter/debconf
Type: boolean
Default: true
_Description: Handle the configuration file automatically?
Some options must be configured for clamav-milter.
.
It won't work if it isn't configured. If you do not
configure it automatically, you'll have to configure
/etc/clamav/clamav-milter.conf manually or run "dpkg-reconfigure clamav-milter"
later. In any case, manual changes in /etc/clamav/clamav-milter.conf will
be respected.
Template: clamav-milter/MilterSocket
Type: string
Default: /var/run/clamav/milter.ctl
_Description: Communication interface with Sendmail:
Please choose the method that should be used by clamav-milter to
communicate with Sendmail. The following formats can be used:
- Unix domain socket: [[unix|local]:]/path/to/file
- IPv4 socket : inet:port@[hostname|ip-address]
- IPv6 socket : inet6:port@[hostname|ip-address]
Template: clamav-milter/FixStaleSocket
Type: boolean
Default: true
_Description: Remove stale socket after unclean shutdown?
Template: clamav-milter/User
Type: string
Default: clamav
_Description: User to run clamav-milter as:
It is recommended to run the ClamAV programs as a non-privileged user.
This will work with most MTAs with a little tweaking. However, using
clamd for filesystem scans will require running clamav-milter as root.
.
Please see README.Debian in the clamav-base package for details.
Template: clamav-milter/AddGroups
Type: string
_Description: Groups for clamav-milter (space-separated):
By default, clamav-milter runs as a non-privileged user. If you need
clamav-milter to be able to access files owned by another user (for
instance when it is used in combination with an MTA), this user
need to be added to the relevant group(s).
.
Please see README.Debian in the clamav-base package for
details.
Template: clamav-milter/ReadTimeout
Type: string
Default: 120
_Description: Wait timeout for data coming from clamd:
Please enter the delay (in seconds) before clamav-milter times out when it is
waiting for incoming data from clamd.
.
Choosing "0" will disable this timeout.
Template: clamav-milter/Foreground
Type: boolean
Default: false
_Description: Should clamav-milter stay in foreground (not forking)?
Template: clamav-milter/Chroot
Type: string
_Description: Chroot to directory:
Clamav-milter can run in a chroot jail. It will enter it after reading
the configuration file and before dropping root privileges.
.
If this field is left empty, no chrooting will occur.
Template: clamav-milter/PidFile
Type: string
Default: /var/run/clamav/clamav-milter.pid
_Description: PID file:
Please specify the process identifier file location for clamav-milter's
listening daemon (main thread).
Template: clamav-milter/TemporaryDirectory
Type: string
Default: /tmp
_Description: Global temporary directory path:
Please specify the directory for clamav-milter's temporary files.
If unset, $TMPDIR and $TEMP will be honored.
Template: clamav-milter/ClamdSocket
Type: string
Default: unix:/var/run/clamav/clamd.ctl
_Description: Clamd socket to connect to for scanning:
Please specify the socket to use to connect to the ClamAV daemon for
scanning purposes. Possible choices are:
- a local unix socket using an absolute path, in "unix:path" format
(for example: unix:/var/run/clamd/clamd.socket);
- a local or remote TCP socket in "tcp:host:port" format (for example:
tcp:192.168.0.1). The "host" value can be either a hostname or an IP
address, and the "port" is only required for IPv6 addresses,
defaulting to 3310 otherwise.
.
You may specify multiple choices, separated by spaces. In such cases, the
clamd servers will be selected in a round-robin fashion.
Template: clamav-milter/LocalNet
Type: string
_Description: Hosts excluded from scanning:
Please specify, in CIDR notation (host(name)/mask), the hosts for
which no scanning should be performed on incoming mail. Multiple entries
should be separated by spaces. The "local" shortcut can be used to
specify locally-originated (non-SMTP) email.
.
If this field is left empty, all incoming mail will be scanned.
Template: clamav-milter/Whitelist
Type: string
_Description: Mail addresses whitelist:
Please specify the path to a whitelist file, listing email adresses
that should cause scanning to be bypassed.
.
Each line in this file should be a POSIX regular expression; lines
starting with "#", ":" or "!" will be ignored as comments.
.
Lines may start with "From:" (with no space after the colon) to make
the whitelisting apply to matching sender addresses; otherwise, or
with a "To:" prefix, it affects recipient addresses.
Template: clamav-milter/OnClean
Type: select
__Choices: Accept, Reject, Defer, Blackhole, Quarantine
Default: Accept
_Description: Action to perform on clean messages:
Please choose the action to perform on "clean" messages:
.
- Accept : accept the message for delivery;
- Reject : immediately refuse delivery (with a 5xx error);
- Defer : return a temporary failure message (4xx);
- Blackhole : accept the message then drop it;
- Quarantine: accept the message then quarantine it. With
Sendmail, the quarantine queue can be examined
with "mailq -qQ". With Postfix, such mails are placed
on hold.
.
This setting is meant for testing purposes only.
Template: clamav-milter/OnInfected
Type: select
__Choices: Accept, Reject, Defer, Blackhole, Quarantine
Default: Quarantine
_Description: Action to perform on infected messages:
Please choose the action to perform on "infected" messages:
.
- Accept : accept the message for delivery;
- Reject : immediately refuse delivery (with a 5xx error);
- Defer : return a temporary failure message (4xx);
- Blackhole : accept the message then drop it;
- Quarantine: accept the message then quarantine it. With
Sendmail, the quarantine queue can be examined
with "mailq -qQ". With Postfix, such mails are placed
on hold.
Template: clamav-milter/OnFail
Type: select
__Choices: Accept, Reject, Defer, Blackhole, Quarantine
Default: Defer
_Description: Action to perform on error conditions:
Please choose the action to perform on errors such as failure to
allocate data structures, no scanners available,
network timeouts, unknown scanner replies...:
.
- Accept: accept the message for delivery;
- Reject: immediately refuse delivery (with a 5xx error);
- Defer : return a temporary failure message (4xx).
Template: clamav-milter/RejectMsg
Type: string
_Description: Specific rejection reason for infected messages:
Please specify the rejection reason that will be included in reject mails.
.
This option is only useful together with "OnInfected Reject".
.
The "%v" string may be used to include the virus name.
Template: clamav-milter/AddHeader
Type: boolean
Default: false
_Description: Add headers to processed messages?
If you choose this option, "X-Virus-Scanned" and "X-Virus-Status" headers
will be attached to each processed message, possibly replacing existing
similar headers.
Template: clamav-milter/LogFile
Type: string
Default: none
_Description: Log file for clamav-milter:
Specify the full path to the clamav-milter log file, which must be
writable for the clamav daemon.
.
Logging via syslog is configured independently of this setting.
Template: clamav-milter/LogFileUnlock
Type: boolean
Default: false
_Description: Disable log file locking?
By default the log file is locked for writing. The lock protects against
running clamav-milter multiple times. This option disables log file locking.
Template: clamav-milter/LogFileMaxSize
Type: string
Default: 1M
_Description: Maximum size of the log file (MB):
Please specify the maximum size for the log file. Using "0" will
allow that file to grow indefinitely.
Template: clamav-milter/LogTime
Type: boolean
Default: false
_Description: Log time with each message?
Template: clamav-milter/LogSyslog
Type: boolean
Default: false
_Description: Use system logger?
Please choose whether you want to use the system logger (syslog). This
option can be used along with logging in a dedicated file.
Template: clamav-milter/LogFacility
Type: string
Default: LOG_LOCAL6
_Description: Type of syslog messages:
Please choose the type of syslog messages as detailed in the system
logger's documentation.
Template: clamav-milter/LogVerbose
Type: boolean
Default: false
_Description: Enable verbose logging?
Template: clamav-milter/LogInfected
Type: select
__Choices: Off, Basic, Full
Default: Off
_Description: Information to log on infected messages:
Please choose the level of information that will be logged when infected
messages are found:
- Off : no logging;
- Basic: minimal information;
- Full : verbose information.
Template: clamav-milter/MaxFileSize
Type: string
Default: 25M
_Description: Size limit for scanned messages (MB):
Please specify the maximum size for scanned messages. Messages bigger than
this limit will not be scanned.
.
You should check that this value is lower than the value of "StreamMaxLength"
in the clamd.conf file.
More information about the Pkg-clamav-devel
mailing list