• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 5836
  • Last Modified:

I am Using MailScanner, Sendmail Server based on RHEL 5. I want some rule to notify only Sender who is sending viruses with an attachment. Not to receiver. Please help

Below is the configuration that i have.


# Main configuration file for the MailScanner E-Mail Virus Scanner # # It's good practice to check through configuration files to make sure # they fit with your system and your needs, whatever you expect them to # contain.
#
# Note: If your directories are symlinked (soft-linked) in any way,
#       please put their *real* location in here, not a path that
#       includes any links. You may get some very strange error
#       messages from some of the virus scanners if you don't.
#
# Note for Version 4.00 and above:
#       A lot of the settings can take a ruleset as well as just simple
#       values. These rulesets are files containing rules which are applied
#       to the current message to calculate the value of the configuration
#       option. The rules are checked in the order they appear in the ruleset.
#
# Note for Version 4.03 and above:
#       As well as rulesets, you can now include your own functions in
#       here. Look at the directory containing Config.pm and you will find
#       CustomConfig.pm. In here, you can add your own "value" function and
#       an Initvalue function to set up any global state you need such as
#       database connections. Then for a setting below, you can put:
#               Configuration Option = &ValueFunction
#       where "ValueFunction" is the name of the function you have
#       written in CustomConfig.pm.
#
# Note for Version 4.54 and above:
#       Numbers can be scaled by 1 thousand, 1 million or 1 billion by
#       putting a "k", "m" or "g" immediately after the number. You must
#       *not* put any spaces between the number and the k, m or g.
#

#
# Definition of variables which are substituted into definitions below.
#
# You can add any %variables% that you want to use in addition to the # ones provided.
#
# You can also use any shell environment variables here such as $HOSTNAME # or ${HOSTNAME} in configuration settings and rulesets. See the # definition of "Hostname" for an example.
#

# Enter a short identifying name for your organisation below, this is # used to make the X-MailScanner headers unique for your organisation.
# Multiple servers within one site should use an identical value here # to avoid adding multiple redundant headers where mail has passed # through several servers within your organisation.
#
# Note: Some Symantec scanners complain (incorrectly) about "."
# ***** characters appearing in the names of headers.
#       Some other mail servers complain about "_" characters
#       appearing in the names of headers as well.
#       So don't put "." or "_" in this setting.
#
# **** RULE: It must not contain any spaces! **** %org-name% = GlyphInternational

# Enter the full name of your organisation below, this is used in the # signature placed at the bottom of report messages sent by MailScanner.
# It can include pretty much any text you like. You can make the result # span several lines by including "\n" sequences in the text. These will # be replaced by line-breaks.
%org-long-name% = GlyphInternational

# Enter the location of your organisation's web site below. This is used # in the signature placed at the bottom of report messages sent by # MailScanner. It should preferably be the location of a page that you # have written explaining why you might have rejected the mail and what # the recipient and/or sender should do about it.
%web-site% = www.glyphinternational.com

# Configuration directory containing this file %etc-dir% = /etc/MailScanner

# Set the directory containing all the reports in the required language %report-dir% = /etc/MailScanner/reports/en

# Rulesets directory containing your ".rules" files %rules-dir% = /etc/MailScanner/rules

# Configuration directory containing files related to MCP # (Message Content Protection) %mcp-dir% = /etc/MailScanner/mcp

# One other that is set automatically for you is %version% which is, # unsurprisingly, the string of the MailScanner version. It does not # contain the build number (the "-1" on the end), but does include the rest.


#
# System settings
# ---------------
#

# How many MailScanner processes do you want to run at a time?
# There is no point increasing this figure if your MailScanner server # is happily keeping up with your mail traffic.
# If you are running on a server with more than 1 CPU, or you have a # high mail load (and/or slow DNS lookups) then you should see better # performance if you increase this figure.
# If you are running on a small system with limited RAM, you should # note that each child takes just over 20MB.
#
# As a rough guide, try 5 children per CPU. But read the notes above.
Max Children = 5

# User to run as (not normally used for sendmail) # If you want to change the ownership or permissions of the quarantine or # temporary files created by MailScanner, please see the "Incoming Work"
# settings later in this file.
#Run As User = mail
#Run As User = postfix
Run As User =

# Group to run as (not normally used for sendmail) #Run As Group = mail #Run As Group = postfix Run As Group =

# How often (in seconds) should each process check the incoming mail # queue for new messages? If you have a quiet mail server, you might # want to increase this value so it causes less load on your server, at # the cost of slightly increasing the time taken for an average message # to be processed.
Queue Scan Interval = 6

# Set location of incoming mail queue
#
# This can be any one of
# 1. A directory name
#    Example: /var/spool/mqueue.in
# 2. A wildcard giving directory names
#    Example: /var/spool/mqueue.in/*
# 3. The name of a file containing a list of directory names,
#    which can in turn contain wildcards.
#    Example: /etc/MailScanner/mqueue.in.list.conf
#
# If you are using sendmail and have your queues split into qf, df, xf # directories, then just specify the main directory, do not give me the # directory names of the qf,df,xf directories.
# Example: if you have /var/spool/mqueue.in/qf
#                      /var/spool/mqueue.in/df
#                      /var/spool/mqueue.in/xf
# then just tell me /var/spool/mqueue.in. I will find the subdirectories # automatically.
#
Incoming Queue Dir = /var/spool/mqueue.in

# Set location of outgoing mail queue.
# This can also be the filename of a ruleset.
Outgoing Queue Dir = /var/spool/mqueue

# Set where to unpack incoming messages before scanning them # This can completely safely use tmpfs or a ramdisk, which will # give you a significant performance improvement.
# NOTE: The path given here must not include any links at all, # NOTE: but must be the absolute path to the directory.
Incoming Work Dir = /var/spool/MailScanner/incoming

# Set where to store infected and message attachments (if they are kept) # This can also be the filename of a ruleset.
Quarantine Dir = /var/spool/MailScanner/quarantine

# Set where to store the process id number so you can stop MailScanner PID file = /var/run/MailScanner.pid

# To avoid resource leaks, re-start periodically Restart Every = 14400

# Set whether to use postfix, sendmail, exim or zmailer.
# If you are using postfix, then see the "SpamAssassin User State Dir"
# setting near the end of this file
MTA = sendmail

# Set how to invoke MTA when sending messages MailScanner has created # (e.g. to sender/recipient saying "found a virus in your message") # This can also be the filename of a ruleset.
Sendmail = /usr/sbin/sendmail

# Sendmail2 is provided for Exim users.
# It is the command used to attempt delivery of outgoing cleaned/disinfected # messages.
# This is not usually required for sendmail.
# This can also be the filename of a ruleset.
#For Exim users: Sendmail2 = /usr/sbin/exim -C /etc/exim/exim_send.conf #For sendmail users: Sendmail2 = /usr/sbin/sendmail
#Sendmail2 = /usr/sbin/sendmail -C /etc/exim/exim_send.conf
Sendmail2 = /usr/sbin/sendmail

#
# Incoming Work Dir Settings
# --------------------------
#
# You should not normally need to touch these settings at all, # unless you are using ClamAV and need to be able to use the # external archive unpackers instead of ClamAV's built-in ones.

# If you want to create the temporary working files so they are owned # by a user other than the "Run As User" setting at the top of this file, # you can change that here.
# Note: If the "Run As User" is not "root" then you cannot change the
#       user but may still be able to change the group, if the
#       "Run As User" is a member of both of the groups "Run As Group"
#       and "Incoming Work Group".
Incoming Work User =
Incoming Work Group =

# If you want processes running under the same *group* as MailScanner to # be able to read the working files (and list what is in the # directories, of course), set to 0640. If you want *all* other users to # be able to read them, set to 0644. For a detailed description, if # you're not already familiar with it, refer to `man 2 chmod`.
# Typical use: external helper programs of virus scanners (notably ClamAV), # like unpackers.
# Use with care, you may well open security holes.
Incoming Work Permissions = 0600

#
# Quarantine and Archive Settings
# -------------------------------
#
# If, for example, you are using a web interface so that users can manage # their quarantined files, you might want to change the ownership and # permissions of the quarantined so that they can be read and/or deleted # by the web server.
# Don't touch this unless you know what you are doing!

# If you want to create the quarantine/archive so the files are owned # by a user other than the "Run As User" setting at the top of this file, # you can change that here.
# Note: If the "Run As User" is not "root" then you cannot change the
#       user but may still be able to change the group, if the
#       "Run As User" is a member of both of the groups "Run As Group"
#       and "Quarantine Group".
Quarantine User =
Quarantine Group =

# If you want processes running under the same *group* as MailScanner to # be able to read the quarantined files (and list what is in the # directories, of course), set to 0640. If you want *all* other users to # be able to read them, set to 0644. For a detailed description, if # you're not already familiar with it, refer to `man 2 chmod`.
# Typical use: let the webserver have access to the files so users can # download them if they really want to.
# Use with care, you may well open security holes.
Quarantine Permissions = 0600

#
# Processing Incoming Mail
# ------------------------
#

# In every batch of virus-scanning, limit the maximum # a) number of unscanned messages to deliver # b) number of potentially infected messages to unpack and scan # c) total size of unscanned messages to deliver # d) total size of potentially infected messages to unpack and scan

Max Unscanned Bytes Per Scan = 100m
Max Unsafe Bytes Per Scan = 50m
Max Unscanned Messages Per Scan = 30
Max Unsafe Messages Per Scan = 30

# If more messages are found in the queue than this, then switch to an # "accelerated" mode of processing messages. This will cause it to stop # scanning messages in strict date order, but in the order it finds them # in the queue. If your queue is bigger than this size a lot of the time, # then some messages could be greatly delayed. So treat this option as # "in emergency only".
Max Normal Queue Size = 800

# If this is set to yes, then email messages passing through MailScanner # will be processed and checked, and all the other options in this file # will be used to control what checks are made on the message.
# If this is set to no, then email messages will NOT be processed or # checked *at all*, and so any viruses or other problems will be ignored.
#
# The purpose of this option is to set it to be a ruleset, so that you # can skip all scanning of mail destined for some of your users/customers # and still scan all the rest.
# A sample ruleset would look like this:
#   To:       bad.customer.com  no
#   From:     ignore.domain.com no
#   FromOrTo: default           yes
# That will scan all mail except mail to bad.customer.com and mail from # ignore.domain.com. To set this up, put the 3 lines above into a file # called /etc/MailScanner/rules/scan.messages.rules and set the next line to # Scan Messages = %rules-dir%/scan.messages.rules # This can also be the filename of a ruleset (as illustrated above).
Scan Messages = yes

# You may not want to receive mail from certain addresses and/or to certain # addresses. If so, you can do this with your email transport (sendmail, # Postfix, etc) but that will just send a one-line message which is not # helpful to the user sending the message.
# If this is set to yes, then the message set by the "Rejection Report"
# will be sent instead, and the incoming message will be deleted.
# If you want to store a copy of the original incoming message then use the # "Archive Mail" setting to archive a copy of it.
# The purpose of this option is to set it to be a ruleset, so that you # can reject messages from a few offending addresses where you need to  send # a polite reply instead of just a brief 1-line rejection message.
Reject Message = no

# The maximum number of attachments allowed in a message before it is # considered to be an error. Some email systems, if bouncing a message # between 2 addresses repeatedly, add information about each bounce as # an attachment, creating a message with thousands of attachments in just # a few minutes. This can slow down or even stop MailScanner as it uses # all available memory to unpack these thousands of attachments.
# This can also be the filename of a ruleset.
Maximum Attachments Per Message = 200

# Expand TNEF attachments using an external program (or a Perl module)?
# This should be "yes" unless the scanner you are using (Sophos, McAfee) has # the facility built-in. However, if you set it to "no", then the filenames # within the TNEF attachment will not be checked against the filename rules.
Expand TNEF = no

# When the TNEF (winmail.dat) attachments are expanded, should the # attachments contained in there be added to the list of attachments in # the message?
# If you set this to "add" or "replace" then recipients of messages sent # in "Outlook Rich Text Format" (TNEF) will be able to read the attachments # if they are not using Microsoft Outlook.
#
# no      => Leave winmail.dat TNEF attachments alone.
# add     => Add the contents of winmail.dat as extra attachments, but also
#            still include the winmail.dat file itself. This will result in
#            TNEF messages being doubled in size.
# replace => Replace the winmail.dat TNEF attachment with the files it
#            contains, and delete the original winmail.dat file itself.
#            This means the message stays the same size, but is usable by
#            non-Outlook recipients.
#
# This can also be the filename of a ruleset.
Use TNEF Contents = replace

# Some versions of Microsoft Outlook generate unparsable Rich Text # format attachments. Do we want to deliver these bad attachments anyway?
# Setting this to yes introduces the slight risk of a virus getting through, # but if you have a lot of troubled Outlook users you might need to do this.
# We are working on a replacement for the TNEF decoder.
# This can also be the filename of a ruleset.
Deliver Unparsable TNEF = no

# Where the MS-TNEF expander is installed.
# This is EITHER the full command (including maxsize option) that runs # the external TNEF expander binary, # OR the keyword "internal" which will make MailScanner use the Perl # module that does the same job.
# They are both provided as I am unsure which one is faster and which # one is capable of expanding more file formats (there are plenty!).
#
# The --maxsize option limits the maximum size that any expanded attachment # may be. It helps protect against Denial Of Service attacks in TNEF files.
# This can also be the filename of a ruleset.
#TNEF Expander  = internal
TNEF Expander = /usr/bin/tnef --maxsize=100000000

# The maximum length of time the TNEF Expander is allowed to run for 1 message.
# (in seconds)
TNEF Timeout = 120

# Where the "file" command is installed.
# This is used for checking the content type of files, regardless of their # filename.
# To disable Filetype checking, set this value to blank.
File Command = /usr/bin/file

# The maximum length of time the "file" command is allowed to run for 1 # batch of messages (in seconds).
File Timeout = 20

# Where the "gunzip" command is installed.
# This is used for expanding .gz files.
# To disable gzipped file checking, set this value to blank # and the timeout to 0.
Gunzip Command = /bin/gunzip

# The maximum length of time the "gunzip" command is allowed to run to expand # 1 attachment file (in seconds).
Gunzip Timeout = 50

# Where the "unrar" command is installed.
# If you haven't got this command, look at www.rarlab.com.
#
# This is used for unpacking rar archives so that the contents can be # checked for banned filenames and filetypes, and also that the # archive can be tested to see if it is password-protected.
# Virus scanning the contents of rar archives is still left to the virus # scanner, with one exception:
# If using the clavavmodule virus scanner, this adds external RAR checking # to that scanner which is needed for archives which are RAR version 3.
Unrar Command = /usr/bin/unrar

# The maximum length of time the "unrar" command is allowed to run for 1 # RAR archive (in seconds) Unrar Timeout = 50

# A few viruses store their infected data in UU-encoded files, to try to # catch out virus scanners. This rarely succeeds at all.
# Setting this option to yes means that you can apply filename and filetype # checks to the contents of UU-encoded files. This may occasionally be # useful, in which case you should set to yes.
# This can also be the filename of a ruleset.
Find UU-Encoded Files = no

# The maximum size, in bytes, of any message including the headers.
# If this is set to zero, then no size checking is done.
# This can also be the filename of a ruleset, so you can have different # settings for different users. You might want to set this quite small for # dialup users so their email applications don't time out downloading huge # messages.
Maximum Message Size = %rules-dir%/max.message.size.rules

# The maximum size, in bytes, of any attachment in a message.
# If this is set to zero, effectively no attachments are allowed.
# If this is set less than zero, then no size checking is done.
# This can also be the filename of a ruleset, so you can have different # settings for different users. You might want to set this quite small for # large mailing lists so they don't get deluged by large attachments.
Maximum Attachment Size = -1

# The minimum size, in bytes, of any attachment in a message.
# If this is set less than or equal to zero, then no size checking is done.
# It is very useful to set this to 1 as it removes any zero-length # attachments which may be created by broken viruses.
# This can also be the filename of a ruleset.
Minimum Attachment Size = -1

# The maximum depth to which zip archives will be unpacked, to allow for # checking filenames and filetypes within zip archives.
#
# Note: This setting does *not* affect virus scanning in archives at all.
#
# To disable this feature set this to 0.
# A common useful setting is this option = 0, and Allow Password-Protected # Archives = no. That block password-protected archives but does not do # any filename/filetype checks on the files within the archive.
# This can also be the filename of a ruleset.
Maximum Archive Depth = 3

# Find zip archives by filename or by file contents?
# Finding them by content is a far more reliable way of finding them, but # it does mean that you cannot tell your users to avoid zip file checking # by renaming the file from ".zip" to "_zip" and tricks like that.
# Only set this to no (i.e. check by filename only) if you don't want to # reliably check the contents of zip files. Note this does not affect # virus checking, but it will affect all the other checks done on the contents # of the zip file.
# This can also be the filename of a ruleset.
Find Archives By Content = yes

#
# Virus Scanning and Vulnerability Testing # ----------------------------------------
#

# Do you want to scan email for viruses?
# A few people don't have a virus scanner licence and so want to disable # all the virus scanning.
# If you use a ruleset for this setting, then the mail will be scanned if # *any* of the rules match (except the default). That way unscanned mail # never reaches a user who is having their mail virus-scanned.
#
# If you want to be able to switch scanning on/off for different users or # different domains, set this to the filename of a ruleset.
# This can also be the filename of a ruleset.
Virus Scanning = yes

# Which Virus Scanning package to use:
# sophos    from www.sophos.com, or
# sophossavi (also from www.sophos.com, using the SAVI perl module), or
# mcafee    from www.mcafee.com, or
# command   from www.command.co.uk, or
# bitdefender from www.bitdefender.com, or
# drweb     from www.dials.ru/english/dsav_toolkit/drwebunix.htm, or
# kaspersky-4.5 from www.kaspersky.com (Version 4.5 and newer), or # kaspersky from www.kaspersky.com, or # kavdaemonclient from www.kaspersky.com, or
# etrust    from http://www3.ca.com/Solutions/Product.asp?ID=156, or
# inoculate from www.cai.com/products/inoculateit.htm, or # inoculan  from ftp.ca.com/pub/getbbs/linux.eng/inoctar.LINUX.Z, or
# nod32     for No32 before version 1.99 from www.nod32.com, or
# nod32-1.99 for Nod32 1.99 and later, from www.nod32.com, or # f-secure  from www.f-secure.com, or
# f-prot    from www.f-prot.com, or
# panda     from www.pandasoftware.com, or
# rav       from www.ravantivirus.com, or
# antivir   from www.antivir.de, or
# clamav    from www.clamav.net, or
# clamavmodule (also from www.clamav.net using the ClamAV perl module), or
# trend     from www.trendmicro.com, or
# norman    from www.norman.de, or
# css       from www.symantec.com, or
# avg       from www.grisoft.com, or
# vexira    from www.centralcommand.com, or
# symscanengine from www.symantec.com (Symantec Scan Engine, not CSS), or
# generic   One you wrote: edit the generic-wrapper and generic-autoupdate
#           to fit your own needs. The output spec is in generic-wrapper, or
# none      No virus scanning at all.
#
# Note for McAfee users: do not use any symlinks with McAfee at all. It is
#                        very strange but may not detect all viruses when
#                        started from a symlink or scanning a directory path
#                        including symlinks.
#
# Note: If you want to use multiple virus scanners, then this should be a
#       space-separated list of virus scanners. For example:
#       Virus Scanners = sophos f-prot mcafee
#
# Note: Make sure that you check that the base installation directory in the
#       3rd column of virus.scanners.conf matches the location you have
#       installed each of your virus scanners. The supplied
#       virus.scanners.conf file assumes the default installation locations
#       recommended by each of the virus scanner installation guides.
#
# Note: If you specify "auto" then MailScanner will search for all the
#       scanners you have installed and will use all of them. If you really
#       want none, then specify "none".
#
# This *cannot* be the filename of a ruleset.
Virus Scanners = auto

# The maximum length of time the commercial virus scanner is allowed to run # for 1 batch of messages (in seconds).
Virus Scanner Timeout = 300

# Should I attempt to disinfect infected attachments and then deliver # the clean ones. "Disinfection" involves removing viruses from files # (such as removing macro viruses from documents). "Cleaning" is the # replacement of infected attachments with "VirusWarning.txt" text # attachments.
# Less than 1% of viruses in the wild can be successfully disinfected, # as macro viruses are now a rare occurrence. So the default has been # changed to "no" as it gives a significant performance improvement.
#
# This can also be the filename of a ruleset.
Deliver Disinfected Files = no

# Strings listed here will be searched for in the output of the virus scanners.
# It is used to list which viruses should be handled differently from other # viruses. If a virus name is given here, then # 1) The sender will not be warned that he sent it # 2) No attempt at true disinfection will take place
#    (but it will still be "cleaned" by removing the nasty attachments
#     from the message)
# 3) The recipient will not receive the message,
#    unless the "Still Deliver Silent Viruses" option is set
# Other words that can be put in this list are the 5 special keywords
#    HTML-IFrame   : inserting this will stop senders being warned about
#                    HTML Iframe tags, when they are not allowed.
#    HTML-Codebase : inserting this will stop senders being warned about
#                    HTML Object Codebase/Data tags, when they are not allowed.
#    HTML-Script   : inserting this will stop senders being warned about
#                    HTML Script tags, when they are not allowed.
#    HTML-Form     : inserting this will stop senders being warned about
#                    HTML Form tags, when they are not allowed.
#    Zip-Password  : inserting this will stop senders being warned about
#                    password-protected zip files, when they are not allowed.
#                    This keyword is not needed if you include All-Viruses.
#    All-Viruses   : inserting this will stop senders being warned about
#                    any virus, while still allowing you to warn senders
#                    about HTML-based attacks. This includes Zip-Password
#                    so you don't need to include both.
#
# The default of "All-Viruses" means that no senders of viruses will be # notified (as the sender address is always forged these days anyway), # but anyone who sends a message that is blocked for other reasons will # still be notified.
#
# This can also be the filename of a ruleset.
Silent Viruses = HTML-IFrame All-Viruses

# Still deliver (after cleaning) messages that contained viruses listed # in the above option ("Silent Viruses") to the recipient?
# Setting this to "yes" is good when you are testing everything, and # because it shows management that MailScanner is protecting them, # but it is bad because they have to filter/delete all the incoming virus # warnings.
#
# Note: Once you have deployed this into "production" use, you should set # Note: this option to "no" so you don't bombard thousands of people with # Note: useless messages they don't want!
#
# This can also be the filename of a ruleset.
Still Deliver Silent Viruses = no

# Strings listed here will be searched for in the output of the virus scanners.
# It works to achieve the opposite effect of the "Silent Viruses" listed above.
# If a string here is found in the output of the virus scanners, then the # message will be treated as if it were not infected with a "Silent Virus".
# If a message is detected as both a silent virus and a non-forging virus, # then the ___non-forging status will override the silent status.___ # In simple terms, you should list virus names (or parts of them) that you # know do *not* forge the From address.
# A good example of this is a document macro virus or a Joke program.
# Another word that can be put in this list is the special keyword
#    Zip-Password  : inserting this will cause senders to be warned about
#                    password-protected zip files, when they are not allowed.
#                    This will over-ride the All-Viruses setting in the list
#                    of "Silent Viruses" above.
#
Non-Forging Viruses = Joke/ OF97/ WM97/ W97M/ eicar

# Should encrypted messages be blocked?
# This is useful if you are wary about your users sending encrypted # messages to your competition.
# This can be a ruleset so you can block encrypted message to certain domains.
Block Encrypted Messages = no

# Should unencrypted messages be blocked?
# This could be used to ensure all your users send messages outside your # company encrypted to avoid snooping of mail to your business partners.
# This can be a ruleset so you can just check mail to certain users/domains.
Block Unencrypted Messages = no

# Should archives which contain any password-protected files be allowed?
# Leaving this set to "no" is a good way of protecting against all the # protected zip files used by viruses at the moment.
# This can also be the filename of a ruleset.
Allow Password-Protected Archives = no

#
# Options specific to Sophos Anti-Virus
# -------------------------------------
#

# Anything on the next line that appears in brackets at the end of a line # of output from Sophos will cause the error/infection to be ignored.
# Use of this option is dangerous, and should only be used if you are having # trouble with lots of corrupt PDF files, for example.
# If you need to specify more than 1 string to find in the error message, # then put each string in quotes and separate them with a comma.
# For example:
#Allowed Sophos Error Messages = "corrupt", "format not supported", "File was encrypted", "The main body of virus data is out of date"
Allowed Sophos Error Messages =

# The directory (or a link to it) containing all the Sophos *.ide files.
# This is only used by the "sophossavi" virus scanner, and is irrelevant # for all other scanners.
Sophos IDE Dir = /usr/local/Sophos/ide

# The directory (or a link to it) containing all the Sophos *.so libraries.
# This is only used by the "sophossavi" virus scanner, and is irrelevant # for all other scanners.
Sophos Lib Dir = /usr/local/Sophos/lib

# SophosSAVI only: monitor each of these files for changes in size to # detect when a Sophos update has happened. The date of the Sophos Lib Dir # is also monitored.
# This is only used by the "sophossavi" virus scanner, not the "sophos"
# scanner setting.
Monitors For Sophos Updates = /usr/local/Sophos/ide/*ides.zip

#
# Options specific to ClamAV Anti-Virus
# -------------------------------------
#

# ClamAVModule only: monitor each of these files for changes in size to # detect when a ClamAV update has happened.
# This is only used by the "clamavmodule" virus scanner, not the "clamav"
# scanner setting.
Monitors for ClamAV Updates = /usr/local/share/clamav/*.cvd

# ClamAVModule only: set limits when scanning for viruses.
#
# The maximum recursion level of archives, # The maximum number of files per batch, # The maximum file of each file, # The maximum compression ratio of archive.
# These settings *cannot* be the filename of a ruleset, only a simple number.
ClamAVmodule Maximum Recursion Level = 8 ClamAVmodule Maximum Files = 1000 ClamAVmodule Maximum File Size = 10000000 # (10 Mbytes) ClamAVmodule Maximum Compression Ratio = 250

#
# Removing/Logging dangerous or potentially offensive content # -----------------------------------------------------------
#

# Do you want to scan the messages for potentially dangerous content?
# Setting this to "no" will disable all the content-based checks except # Virus Scanning, Allow Partial Messages and Allow External Message Bodies.
# This can also be the filename of a ruleset.
Dangerous Content Scanning = yes

# Do you want to allow partial messages, which only contain a fraction of # the attachments, not the whole thing? There is absolutely no way to # scan these "partial messages" properly for viruses, as MailScanner never # sees all of the attachment at the same time. Enabling this option can # allow viruses through. You have been warned.
# This can also be the filename of a ruleset so you can, for example, allow # them in outgoing mail but not in incoming mail.
Allow Partial Messages = no

# Do you want to allow messages whose body is stored somewhere else on the # internet, which is downloaded separately by the user's email package?
# There is no way to guarantee that the file fetched by the user's email # package is free from viruses, as MailScanner never sees it.
# This feature is dangerous as it can allow viruses to be fetched from # other Internet sites by a user's email package. The user would just # think it was a normal email attachment and would have been scanned by # MailScanner.
# It is only currently supported by Netscape 6 anyway, and the only people # who it are the IETF. So I would strongly advise leaving this switched off.
# This can also be the filename of a ruleset.
Allow External Message Bodies = no

# Do you want to check for "Phishing" attacks?
# These are attacks that look like a genuine email message from your bank, # which contain a link to click on to take you to the web site where you # will be asked to type in personal information such as your account number # or credit card details.
# Except it is not the real bank's web site at all, it is a very good copy # of it run by thieves who want to steal your personal information or # credit card details.
# These can be spotted because the real address of the link in the message # is not the same as the text that appears to be the link.
# Note: This does cause extra load, particularly on systems receiving lots
#       of spam such as secondary MX hosts.
# This can also be the filename of a ruleset.
Find Phishing Fraud = yes

# While detecting "Phishing" attacks, do you also want to point out links # to numeric IP addresses. Genuine links to totally numeric IP addresses # are very rare, so this option is set to "yes" by default. If a numeric # IP address is found in a link, the same phishing warning message is used # as in the Find Phishing Fraud option above.
# This can also be the filename of a ruleset.
Also Find Numeric Phishing = no

# If this is set to yes, then most of the URL in a link must match the # destination address it claims to take you to. This is the default as it is # a much stronger test and is very hard to maliciously avoid.
# If this is set to no, then just the company name and country (and any # names between the two, dependent on the specific country) must match.
# This is not as strict as it will not protect you against internal # malicious sites based within the company being abused. For example, it would # not find www.nasty.company-name.co.uk pretending to be # www.nice.company-name.co.uk. But it will still detect most phishing attacks # of the type www.nasty.co.jp versus www.nice.co.jp.
# Depending on the country code it knows how many levels of domain need to # be checked.
# This can also be the filename of a ruleset.
Use Stricter Phishing Net = no

# If a phishing fraud is detected, do you want to highlight the tag with # a message stating that the link may be to a fraudulent web site.
# This can also be the filename of a ruleeset.
Highlight Phishing Fraud = no

# There are some companies, such as banks, that insist on sending out # email messages with links in them that are caught by the "Find Phishing # Fraud" test described above.
# This is the name of a file which contains a list of link destinations # which should be ignored in the test. This may, for example, contain # the known websites of some banks.
# See the file itself for more information.
# This can only be the name of the file containing the list, it *cannot* # be the filename of a ruleset.
Phishing Safe Sites File = %etc-dir%/phishing.safe.sites.conf

# This file lists all the countries that use 2nd-level and 3rd-level # domain names to classify distinct types of website within their country.
# This cannot be the name of a ruleset, it is just a simple setting.
Country Sub-Domains List = %etc-dir%/country.domains.conf

# Do you want to allow <IFrame> tags in email messages? This is not a good # idea as it allows various Microsoft Outlook security vulnerabilities to # remain unprotected, but if you have a load of mailing lists sending them, # then you will want to allow them to keep your users happy.
# Value: yes     => Allow these tags to be in the message
#        no      => Ban messages containing these tags
#        disarm  => Allow these tags, but stop these tags from working
# This can also be the filename of a ruleset, so you can allow them from # known mailing lists but ban them from everywhere else.
Allow IFrame Tags = disarm

# Do you want to allow <Form> tags in email messages? This is a bad idea # as these are used as scams to pursuade people to part with credit card # information and other personal data.
# Value: yes     => Allow these tags to be in the message
#        no      => Ban messages containing these tags
#        disarm  => Allow these tags, but stop these tags from working
#                   Note: Disarming can be defeated, it is not 100% safe!
# This can also be the filename of a ruleset.
Allow Form Tags = disarm

# Do you want to allow <Script> tags in email messages? This is a bad idea # as these are used to exploit vulnerabilities in email applications and # web browsers.
# Value: yes     => Allow these tags to be in the message
#        no      => Ban messages containing these tags
#        disarm  => Allow these tags, but stop these tags from working
#                   Note: Disarming can be defeated, it is not 100% safe!
# This can also be the filename of a ruleset.
Allow Script Tags = disarm

# Do you want to allow <Img> tags with very small images in email messages?
# This is a bad idea as these are used as 'web bugs' to find out if a message # has been read. It is not dangerous, it is just used to make you give away # information.
# Value: yes     => Allow these tags to be in the message
#        disarm  => Allow these tags, but stop these tags from working
#                   Note: Disarming can be defeated, it is not 100% safe!
# Note: You cannot block messages containing web bugs as their detection
#       is very vulnerable to false alarms.
# This can also be the filename of a ruleset.
Allow WebBugs = disarm

# This is a list of filenames (or parts of filenames) that may appear in # the filename of a web bug URL. They are only checked in the filename, # not any directories or hostnames in the URL of the possible web bug.
#
# If it appears, then the web bug is assumed to be a harmless "spacer" for # page layout purposes and not a real web bug at all.
# It should be a space- and/or comma-separated list of filename parts.
#
# Note: Use this with care, as spammers may use this to circumvent the
#       web bug trap. It is disabled by default because of this problem.
#
# This can also be the filename of a ruleset.
#Ignored Web Bug Filenames = spacer pixel.gif pixel.png Ignored Web Bug Filenames =

# When a web bug is found, what image do you want to replace it with?
# By replacing it with a real image, the page layout still works properly, # so the formatting and layout of the message is correct.
# The following is a harmless untracked 1x1 pixel transparent image.
# If this is not specified, the the old value of "MailScannerWebBug" is used, # which of course is not an image and may well upset layout of the email.
# This can also be the filename of a ruleset.
Web Bug Replacement = http://www.sng.ecs.soton.ac.uk/mailscanner/images/1x1spacer.gif

# Do you want to allow <Object Codebase=...> or <Object Data=...> tags # in email messages?
# This is a bad idea as it leaves you unprotected against various # Microsoft-specific security vulnerabilities. But if your users demand # it, you can do it.
# Value: yes     => Allow these tags to be in the message
#        no      => Ban messages containing these tags
#        disarm  => Allow these tags, but stop these tags from working
# This can also be the filename of a ruleset, so you can allow them just # for specific users or domains.
Allow Object Codebase Tags = disarm

# This option interacts with the "Allow ... Tags" options above like this:
#
# Allow...Tags    Convert Danger...    Action Taken on HTML Message
# ============    =================    ============================
#    no              no                Blocked
#    no              yes               Blocked
#    disarm          no                Specified HTML tags disarmed
#    disarm          yes               Specified HTML tags disarmed
#    yes             no                Nothing, allowed to pass
#    yes             yes               All HTML tags stripped
#
# If an "Allow ... Tags = yes" is triggered by a message, and this # "Convert Dangerous HTML To Text" is set to "yes", then the HTML # message will be converted to plain text.  This makes the HTML # harmless, while still allowing your users to see the text content # of the messages.  Note that all graphical content will be removed.
#
# This can also be the filename of a ruleset, so you can make this apply # only to specific users or domains.
Convert Dangerous HTML To Text = no

# Do you want to convert all HTML messages into plain text?
# This is very useful for users who are children or are easily offended # by nasty things like pornographic spam.
# This can also be the filename of a ruleset, so you can switch this # feature on and off for particular users or domains.
Convert HTML To Text = no

#
# Attachment Filename Checking
# ----------------------------
#

# To simplify web-based configuration systems, there are now two extra # settings here. They are both intended for use with normal rulesets # that you would expect to find in %rules-dir%. The first gives a list # of patterns to match against the attachment filenames, and a filename # is allowed if it matches any of these patterns. The second gives the # the equivalent list for patterns that are used to deny filenames.
# If either of these match at all, then filename.rules.conf is ignored # for that filename.
# So you can easily have a set like this:
# Allow Filenames = \.txt$ \.pdf$
# Deny  Filenames = \.com$ \.exe$ \.cpl$ \.pif$ # which is a lot simpler than having to handle filename.rules.conf!
# It is far simpler when you want to change the allowed+denied list for # different domains/addresses, as you can use the filename of a simple # ruleset here instead.
# NOTE: The filename and filetype rules are separate, so if you want to
#       allow executable *.exe files you will need at least
#           Allow Filenames = \.exe$
#           Allow Filetypes = executable
#       to make it pass both tests. If either test denies the attachment
#       then it will be blocked.

# Allow any attachment filenames matching any of the patters listed here.
# If this setting is empty, it is ignored and no matches are made.
# This can also be the filename of a ruleset.
Allow Filenames =

# Deny any attachment filenames matching any of the patters listed here.
# If this setting is empty, it is ignored and no matches are made.
# This can also be the filename of a ruleset.
Deny Filenames =

#
# Set where to find the attachment filename ruleset.
# The structure of this file is explained elsewhere, but it is used to # accept or reject file attachments based on their name, regardless of # whether they are infected or not.
#
# This can also point to a ruleset, but the ruleset filename must end in # ".rules" so that MailScanner can determine if the filename given is # a ruleset or not!
#Filename Rules = %etc-dir%/filename.rules.conf

# To simplify web-based configuration systems, there are now two extra # settings here. They are both intended for use with normal rulesets # that you would expect to find in %rules-dir%. The first gives a list # of patterns to match against the attachment filetypes, and a filetype # is allowed if it matches any of these patterns. The second gives the # the equivalent list for patterns that are used to deny filetypes.
# If either of these match at all, then filetype.rules.conf is ignored # for that filetype.
# So you can easily have a set like this:
# Allow Filetypes = script postscript
# Deny  Filetypes = executable MPEG
# which is a lot simpler than having to handle filetype.rules.conf!
# It is far simpler when you want to change the allowed+denied list for # different domains/addresses, as you can use the filetype of a simple # ruleset here instead.

# Allow any attachment filetypes matching any of the patters listed here.
# If this setting is empty, it is ignored and no matches are made.
# This can also be the filetype of a ruleset.
Allow Filetypes =

# Deny any attachment filetypes matching any of the patters listed here.
# If this setting is empty, it is ignored and no matches are made.
# This can also be the filetype of a ruleset.
Deny Filetypes =

# Set where to find the attachment filetype ruleset.
# The structure of this file is explained elsewhere, but it is used to # accept or reject file attachments based on their content as determined # by the "file" command, regardless of whether they are infected or not.
#
# This can also point to a ruleset, but the ruleset filename must end in # ".rules" so that MailScanner can determine if the filename given is # a ruleset or not!
#
# To disable this feature, set this to just "Filetype Rules =" or set # the location of the file command to a blank string.
Filetype Rules = %etc-dir%/filetype.rules.conf

#
# Reports and Responses
# ---------------------
#

# Do you want to store copies of the infected attachments and messages?
# This can also be the filename of a ruleset.
Quarantine Infections = yes

# There is no point quarantining most viruses these days as the infected # messages contain no useful content, so if you set this to "no" then no # infections listed in your "Silent Viruses" setting will be quarantined, # even if you have chosen to quarantine infections in general. This is # currently set to "yes" so the behaviour is the same as it was in # previous versions.
# This can also be the filename of a ruleset.
Quarantine Silent Viruses = no

# Do you want to store copies of messages which have been disarmed by # having their HTML modified at all?
# This can also be the filename of a ruleset.
Quarantine Modified Body = no

# Do you want to quarantine the original *entire* message as well as # just the infected attachments?
# This can also be the filename of a ruleset.
Quarantine Whole Message = no

# When you quarantine an entire message, do you want to store it as # raw mail queue files (so you can easily send them onto users) or # as human-readable files (header then body in 1 file)?
Quarantine Whole Messages As Queue Files = no

# Do you want to stop any virus-infected spam getting into the spam or MCP # archives? If you have a system where users can release messages from the # spam or MCP archives, then you probably want to stop them being able to # release any infected messages, so set this to yes.
# It is set to no by default as it causes a small hit in performance, and # many people don't allow users to access the spam quarantine, so don't # need it.
# This can also be the filename of a ruleset.
Keep Spam And MCP Archive Clean = yes

# Set where to find all the strings used so they can be translated into # your local language.
# This can also be the filename of a ruleset so you can produce different # languages for different messages.
Language Strings = %report-dir%/languages.conf

# Set where to find the message text sent to users who triggered the ruleset # you are using with the "Reject Message" option.
Rejection Report = %report-dir%/rejection.report.txt

# Set where to find the message text sent to users when one of their # attachments has been deleted from a message.
# These can also be the filenames of rulesets.
Deleted Bad Content Message Report  = %report-dir%/deleted.content.message.txt
Deleted Bad Filename Message Report = %report-dir%/deleted.filename.message.txt
Deleted Virus Message Report        = %report-dir%/deleted.virus.message.txt
Deleted Size Message Report        = %report-dir%/deleted.size.message.txt

# Set where to find the message text sent to users when one of their # attachments has been deleted from a message and stored in the quarantine.
# These can also be the filenames of rulesets.
Stored Bad Content Message Report  = %report-dir%/stored.content.message.txt
Stored Bad Filename Message Report = %report-dir%/stored.filename.message.txt
Stored Virus Message Report        = %report-dir%/stored.virus.message.txt
Stored Size Message Report        = %report-dir%/stored.size.message.txt

# Set where to find the message text sent to users explaining about the # attached disinfected documents.
# This can also be the filename of a ruleset.
Disinfected Report = %report-dir%/disinfected.report.txt

# Set where to find the HTML and text versions that will be added to the # end of all clean messages, if "Sign Clean Messages" is set.
# These can also be the filenames of rulesets.
#Inline HTML Signature = %report-dir%/domainsignature.html.rules
#Inline Text Signature = %report-dir%/domainsignature.txt.rules
#Inline HTML Signature = %report-dir%/inline.sig.html #Inline Text Signature = %report-dir%/inline.sig.txt

# Set where to find the HTML and text versions that will be inserted at # the top of messages that have had viruses removed from them.
# These can also be the filenames of rulesets.
Inline HTML Warning = %report-dir%/inline.warning.html Inline Text Warning = %report-dir%/inline.warning.txt

# Set where to find the messages that are delivered to the sender, when they # sent an email containing either an error, banned content, a banned filename # or a virus infection.
# These can also be the filenames of rulesets.
Sender Content Report        = %report-dir%/sender.content.report.txt
Sender Error Report        = %report-dir%/sender.error.report.txt
Sender Bad Filename Report = %report-dir%/sender.filename.report.txt
Sender Virus Report        = %report-dir%/sender.virus.report.txt
Sender Size Report         = %report-dir%/sender.size.report.txt

# Hide the directory path from all virus scanner reports sent to users.
# The extra directory paths give away information about your setup, and # tend to just confuse users.
# This can also be the filename of a ruleset.
Hide Incoming Work Dir = yes

# Include the name of the virus scanner in each of the scanner reports.
# This also includes the translation of "MailScanner" in each of the report # lines resulting from one of MailScanner's own checks such as filename, # filetype or dangerous HTML content. To change the name "MailScanner", look # in reports/...../languages.conf.
#
# Very useful if you use several virus scanners, but a bad idea if you # don't want to let your customers know which scanners you use.
Include Scanner Name In Reports = yes

#
# Changes to Message Headers
# --------------------------
#

# Add this extra header to all mail as it is processed.
# This *must* include the colon ":" at the end.
# This can also be the filename of a ruleset.
Mail Header = X-%org-name%-MailScanner:

# Add this extra header to all messages found to be spam.
# This can also be the filename of a ruleset.
Spam Header = X-%org-name%-MailScanner-SpamCheck:

# Add this extra header if "Spam Score" = yes. The header will # contain 1 character for every point of the SpamAssassin score.
Spam Score Header = X-%org-name%-MailScanner-SpamScore:

# Add this extra header to all mail as it is processed.
# The contents is set by "Information Header Value" and is intended for # you to be able to insert a help URL for your users.
# If you don't want an information header at all, just comment out this # setting or set it to be blank.
# This can also be the filename of a ruleset.
Information Header = X-%org-name%-MailScanner-Information:

# Do you want to add the Envelope-From: header?
# This is very useful for tracking where spam came from as it # contains the envelope sender address.
# This can also be the filename of a ruleset.
Add Envelope From Header = yes

# Do you want to add the Envelope-To: header?
# This can be useful for tracking spam destinations, but should be # used with care due to possible privacy concerns with the use of # Bcc: headers by users.
# This can also be the filename of a ruleset.
Add Envelope To Header = no

# This is the name of the Envelope From header # controlled by the option above.
# This can also be the filename of a ruleset.
Envelope From Header = X-%org-name%-MailScanner-From:

# This is the name of the Envelope To header # controlled by the option above.
# This can also be the filename of a ruleset.
Envelope To Header = X-%org-name%-MailScanner-To:

# The character to use in the "Spam Score Header".
# Don't use: x as a score of 3 is "xxx" which the users will think is porn,
#            # as it will cause confusion with comments in procmail as well
#              as MailScanner itself,
#            * as it will cause confusion with pattern matches in procmail,
#            . as it will cause confusion with pattern matches in procmail,
#            ? as it will cause the users to think something went wrong.
# "s" is nice and safe and stands for "spam".
Spam Score Character = s

# If this option is set to yes, you will get a spam-score header saying just # the value of the spam score, instead of the row of characters representing # the score.
# This can also be the filename of a ruleset.
SpamScore Number Instead Of Stars = no

# This sets the minimum number of "Spam Score Characters" which will appear # if a message triggered the "Spam List" setting but received a very low # SpamAssassin score. This means that people who only filter on the "Spam # Stars" will still be able to catch messages which receive a very low # SpamAssassin score. Set this value to 0 to disable it.
# This can also be the filename of a ruleset.
Minimum Stars If On Spam List = 0

# Set the "Mail Header" to these values for clean/infected/disinfected messages.
# This can also be the filename of a ruleset.
Clean Header Value       = Found to be clean
Infected Header Value    = Found to be infected
Disinfected Header Value = Disinfected

# Set the "Information Header" to this value.
# This can also be the filename of a ruleset.
Information Header Value = Please contact the ISP for more information

# Do you want the full spam report, or just a simple "spam / not spam" report?
Detailed Spam Report = yes

# Do you want to include the numerical scores in the detailed SpamAssassin # report, or just list the names of the scores Include Scores In SpamAssassin Report = yes

# Do you want to always include the Spam Report in the SpamCheck # header, even if the message wasn't spam?
# This can also be the filename of a ruleset.
Always Include SpamAssassin Report = no

# What to do when you get several MailScanner headers in one message, # from multiple MailScanner servers. Values are
#      "append"  : Append the new data to the existing header
#      "add"     : Add a new header
#      "replace" : Replace the old data with the new data
# Default is "append"
# This can also be the filename of a ruleset.
Multiple Headers = append

# Name of this host, or a name like "the MailScanner" if you want to hide # the real hostname. It is used in the Help Desk note contained in the # virus warnings sent to users.
# Remember you can use $HOSTNAME in here, so you might want to set it to # Hostname = the %org-name% ($HOSTNAME) MailScanner # This can also be the filename of a ruleset.
Hostname = the %org-name% ($HOSTNAME) MailScanner

# If this is "no", then (as far as possible) messages which have already # been processed by another MailScanner server will not have the clean # signature added to the message. This prevents messages getting many # copies of the signature as they flow through your site.
# This can also be the filename of a ruleset.
Sign Messages Already Processed = yes

# Add the "Inline HTML Signature" or "Inline Text Signature" to the end # of uninfected messages?
# This can also be the filename of a ruleset.
#Sign Clean Message = %rules-dir%/disclaimer.rules Sign Clean Messages = yes

# Add the "Inline HTML Warning" or "Inline Text Warning" to the top of # messages that have had attachments removed from them?
# This can also be the filename of a ruleset.
Mark Infected Messages = yes

# When a message is to not be virus-scanned (which may happen depending # upon the setting of "Virus Scanning", especially if it is a ruleset), # do you want to add the header advising the users to get their email # virus-scanned by you?
# Very good for advertising your MailScanning service and encouraging # users to give you some more money and sign up to virus scanning.
# This can also be the filename of a ruleset.
Mark Unscanned Messages = yes

# This is the text used by the "Mark Unscanned Messages" option above.
# This can also be the filename of a ruleset.
Unscanned Header Value = Not scanned: please contact your Internet E-Mail Service Provider for details

# If any of these headers are included in a a message, they will be deleted.
# This is very useful for removing return-receipt requests and any headers # which mean special things to your email client application.
# X-Mozilla-Status is bad as it allows spammers to make a message appear to # have already been read, which is believed to bypass some naive spam # filtering systems.
# Receipt requests are bad as they give any attacker confirmation that an # account is active and being read. You don't want this sort of information # to leak outside your corporation. So you might want to remove
#     Disposition-Notification-To and Return-Receipt-To.
# If you are having problems with duplicate message-id headers when you # release spam from the quarantine and send it to an Exchange server, then add
#     Message-Id.
# Each header should end in a ":", but MailScanner will add it if you forget.
# Headers should be separated by commas or spaces.
# This can also be the filename of a ruleset.
Remove These Headers = X-Mozilla-Status: X-Mozilla-Status2:

# Do you want to deliver messages once they have been cleaned of any # viruses?
# By making this a ruleset, you can re-create the "Deliver From Local"
# facility of previous versions.
Deliver Cleaned Messages = yes

#
# Notifications back to the senders of blocked messages # -----------------------------------------------------
#

# Do you want to notify the people who sent you messages containing # viruses or badly-named filenames?
# This can also be the filename of a ruleset.
Notify Senders = yes

# *If* "Notify Senders" is set to yes, do you want to notify people # who sent you messages containing viruses?
# The default value has been changed to "no" as most viruses now fake # sender addresses and therefore should be on the "Silent Viruses" list.
# This can also be the filename of a ruleset.
Notify Senders Of Viruses = no 

# *If* "Notify Senders" is set to yes, do you want to notify people # who sent you messages containing attachments that are blocked due to # their filename or file contents?
# This can also be the filename of a ruleset.
Notify Senders Of Blocked Filenames Or Filetypes = yes

# *If* "Notify Senders" is set to yes, do you want to notify people # who sent you messages containing other blocked content, such as # partial messages or messages with external bodies?
# This can also be the filename of a ruleset.
Notify Senders Of Other Blocked Content = yes

# If you supply a space-separated list of message "precedence" settings, # then senders of those messages will not be warned about anything you # rejected. This is particularly suitable for mailing lists, so that any # MailScanner responses do not get sent to the entire list.
Never Notify Senders Of Precedence = list bulk

#
# Changes to the Subject: line
# ----------------------------
#

# When the message has been scanned but no other subject line changes # have happened, do you want modify the subject line?
# This can be 1 of 3 values:
#      no    = Do not modify the subject line, or
#      start = Add text to the start of the subject line, or
#      end   = Add text to the end of the subject line.
# This makes very good advertising of your MailScanning service.
# This can also be the filename of a ruleset.
Scanned Modify Subject = no # end

# This is the text to add to the start/end of the subject line if the # "Scanned Modify Subject" option is set.
# This can also be the filename of a ruleset.
Scanned Subject Text = {Scanned}

# If the message contained a virus, do you want to modify the subject line?
# This makes filtering in Outlook very easy.
# This can also be the filename of a ruleset.
Virus Modify Subject = yes

# This is the text to add to the start of the subject if the # "Virus Modify Subject" option is set.
# This can also be the filename of a ruleset.
Virus Subject Text = {Virus?}

# If an attachment triggered a filename check, but there was nothing # else wrong with the message, do you want to modify the subject line?
# This makes filtering in Outlook very easy.
# This can also be the filename of a ruleset.
Filename Modify Subject = yes

# This is the text to add to the start of the subject if the # "Filename Modify Subject" option is set.
# You might want to change this so your users can see at a glance # whether it just was just the filename that MailScanner rejected.
# This can also be the filename of a ruleset.
Filename Subject Text = {Filename?}

# If an attachment triggered a content check, but there was nothing # else wrong with the message, do you want to modify the subject line?
# This makes filtering in Outlook very easy.
# This can also be the filename of a ruleset.
Content Modify Subject = yes

# This is the text to add to the start of the subject if the # "Content Modify Subject" option is set.
# You might want to change this so your users can see at a glance # whether it just was just the content that MailScanner rejected.
# This can also be the filename of a ruleset.
Content Subject Text = {Dangerous Content?}

# If an attachment or the entire message triggered a size check, but # there was nothing else wrong with the message, do you want to modify # the subject line? This makes filtering in Outlook very easy.
# This can also be the filename of a ruleset.
Size Modify Subject = yes

# This is the text to add to the start of the subject if the # "Size Modify Subject" option is set.
# You might want to change this so your users can see at a glance # whether it just was just the message or attachment size that # MailScanner rejected.
# This can also be the filename of a ruleset.
Size Subject Text = {Size}

# If HTML tags in the message were "disarmed" by using the HTML "Allow"
# options above with the "disarm" settings, do you want to modify the # subject line?
# This can also be the filename of a ruleset.
Disarmed Modify Subject = yes

# This is the text to add to the start of the subject if the # "Disarmed Modify Subject" option is set.
# This can also be the filename of a ruleset.
Disarmed Subject Text = {Disarmed}

# If a potential phishing attack is found in the message, do you want to # modify the subject line?
# This can also be the filename of a ruleset.
Phishing Modify Subject = no

# This is the text to add to the start of the subject if the "Phishing # Modify Subhect" option is set.
# This can also be the filename of a ruleset.
Phishing Subject Text = {Fraud?}

# If the message is spam, do you want to modify the subject line?
# This makes filtering in Outlook very easy.
# This can also be the filename of a ruleset.
Spam Modify Subject = no

# This is the text to add to the start of the subject if the # "Spam Modify Subject" option is set.
# The exact string "_SCORE_" will be replaced by the numeric # SpamAssassin score.
# The exact string "_STARS_" will be replaced by a row of stars # whose length is the SpamAssassin score.
# This can also be the filename of a ruleset.
Spam Subject Text = {Spam?}

# This is just like the "Spam Modify Subject" option above, except that # it applies when the score from SpamAssassin is higher than the # "High SpamAssassin Score" value.
# This can also be the filename of a ruleset.
High Scoring Spam Modify Subject = yes

# This is just like the "Spam Subject Text" option above, except that # it applies when the score from SpamAssassin is higher than the # "High SpamAssassin Score" value.
# The exact string "_SCORE_" will be replaced by the numeric # SpamAssassin score.
# The exact string "_STARS_" will be replaced by a row of stars # whose length is the SpamAssassin score.
# This can also be the filename of a ruleset.
High Scoring Spam Subject Text = {Spam?}

#
# Changes to the Message Body
# ---------------------------
#

# When a virus or attachment is replaced by a plain-text warning, # should the warning be in an attachment? If "no" then it will be # placed in-line. This can also be the filename of a ruleset.
Warning Is Attachment = yes

# When a virus or attachment is replaced by a plain-text warning, # and that warning is an attachment, this is the filename of the # new attachment.
# This can also be the filename of a ruleset.
Attachment Warning Filename = %org-name%-Attachment-Warning.txt

# What character set do you want to use for the attachment that # replaces viruses (VirusWarning.txt)?
# The default is ISO-8859-1 as even Americans have to talk to the # rest of the world occasionally :-) # This can also be the filename of a ruleset.
Attachment Encoding Charset = ISO-8859-1

#
# Mail Archiving and Monitoring
# -----------------------------
#

# Space-separated list of any combination of # 1. email addresses to which mail should be forwarded, # 2. directory names where you want mail to be stored, # 3. file names (they must already exist!) to which mail will be appended
#    in "mbox" format suitable for most Unix mail systems.
#
# Any of the items above can contain the magic string _DATE_ in them # which will be replaced with the current date in yyyymmdd format.
# This will make archive-rolling and maintenance much easier, as you can # guarantee that yesterday's mail archive will not be in active use today.
#
# If you give this option a ruleset, you can control exactly whose mail # is archived or forwarded. If you do this, beware of the legal implications # as this could be deemed to be illegal interception unless the police have # asked you to do this.
#
# Note: This setting still works even if "Scan Messages" is no.
#
#Archive Mail = /var/spool/MailScanner/archive Archive Mail = %rules-dir%/watchdog.rules

#
# Notices to System Administrators
# --------------------------------
#

# Notify the local system administrators ("Notices To") when any infections # are found?
# This can also be the filename of a ruleset.
Send Notices = yes

# Include the full headers of each message in the notices sent to the local # system administrators?
# This can also be the filename of a ruleset.
Notices Include Full Headers = yes

# Hide the directory path from all the system administrator notices.
# The extra directory paths give away information about your setup, and # tend to just confuse users but are still useful for local sys admins.
# This can also be the filename of a ruleset.
Hide Incoming Work Dir in Notices = no

# What signature to add to the bottom of the notices.
# To insert a line-break in there, use the sequence "\n".
Notice Signature = -- \nMailScanner\nEmail Virus Scanner\nwww.mailscanner.info

# The visible part of the email address used in the "From:" line of the # notices. The <user@domain> part of the email address is set to the # "Local Postmaster" setting.
Notices From = MailScanner

# Where to send the notices.
# This can also be the filename of a ruleset.
Notices To = postmaster

# Address of the local Postmaster, which is used as the "From" address in # virus warnings sent to users.
# This can also be the filename of a ruleset.
Local Postmaster = postmaster

#
# Spam Detection and Virus Scanner Definitions # --------------------------------------------
#

# This is the name of the file that translates the names of the "Spam List"
# values to the real DNS names of the spam blacklists.
Spam List Definitions = %etc-dir%/spam.lists.conf

# This is the name of the file that translates the names of the virus # scanners into the commands that have to be run to do the actual scanning.
Virus Scanner Definitions = %etc-dir%/virus.scanners.conf

#
# Spam Detection and Spam Lists (DNS blocklists) # ----------------------------------------------
#

# Do you want to check messages to see if they are spam?
# Note: If you switch this off then *no* spam checks will be done at all.
#       This includes both MailScanner's own checks and SpamAssassin.
#       If you want to just disable the "Spam List" feature then set
#       "Spam List =" (i.e. an empty list) in the setting below.
# This can also be the filename of a ruleset.
Spam Checks = no

# This is the list of spam blacklists (RBLs) which you are using.
# See the "Spam List Definitions" file for more information about what # you can put here.
# This can also be the filename of a ruleset.
Spam List =  ORDB-RBL SBL+XBL # You can un-comment this to enable them

# This is the list of spam domain blacklists which you are using # (such as the "rfc-ignorant" domains). See the "Spam List Definitions"
# file for more information about what you can put here.
# This can also be the filename of a ruleset.
Spam Domain List =

# If a message appears in at least this number of "Spam Lists" (as defined # above), then the message will be treated as spam and so the "Spam # Actions" will happen, unless the message reaches the levels for "High # Scoring Spam". By default this is set to 1 to mimic the previous # behaviour, which means that appearing in any "Spam Lists" will cause # the message to be treated as spam.
# This can also be the filename of a ruleset.
Spam Lists To Be Spam = 1

# If a message appears in at least this number of "Spam Lists" (as defined # above), then the message will be treated as "High Scoring Spam" and so # the "High Scoring Spam Actions" will happen. You probably want to set # this to 2 if you are actually using this feature. 5 is high enough that # it will never happen unless you use lots of "Spam Lists".
# This can also be the filename of a ruleset.
Spam Lists To Reach High Score = 3

# If an individual "Spam List" or "Spam Domain List" check takes longer # that this (in seconds), the check is abandoned and the timeout noted.
Spam List Timeout = 10

# The maximum number of timeouts caused by any individual "Spam List" or # "Spam Domain List" before it is marked as "unavailable". Once marked, # the list will be ignored until the next automatic re-start (see # "Restart Every" for the longest time it will wait).
# This can also be the filename of a ruleset.
Max Spam List Timeouts = 7

# The total number of Spam List attempts during which "Max Spam List Timeouts"
# will cause the spam list fo be marked as "unavailable". See the previous # comment for more information.
# The default values of 5 and 10 mean that 5 timeouts in any sequence of 10 # attempts will cause the list to be marked as "unavailable" until the next # periodic restart (see "Restart Every").
Spam List Timeouts History = 10

# Spam Whitelist:
# Make this point to a ruleset, and anything in that ruleset whose value # is "yes" will *never* be marked as spam.
# The whitelist check is done before the blacklist check. If anyone whitelists # a message, then all recipients get the message. If no-one has whitelisted it, # then the blacklist is checked.
# This setting over-rides the "Is Definitely Spam" setting.
# This can also be the filename of a ruleset.
#Is Definitely Not Spam = no
Is Definitely Not Spam = %rules-dir%/spam.whitelist.rules

# Spam Blacklist:
# Make this point to a ruleset, and anything in that ruleset whose value # is "yes" will *always* be marked as spam.
# This value can be over-ridden by the "Is Definitely Not Spam" setting.
# This can also be the filename of a ruleset.
Is Definitely Spam = no

# Setting this to yes means that spam found in the blacklist is treated # as "High Scoring Spam" in the "Spam Actions" section below. Setting it # to no means that it will be treated as "normal" spam.
# This can also be the filename of a ruleset.
Definite Spam Is High Scoring = no

# Spammers have learnt that they can get their message through by sending # a message with lots of recipients, one of which chooses to whitelist # everything coming to them, including the spammer.
# So if a message arrives with more than this number of recipients, ignore # the "Is Definitely Not Spam" whitelist.
Ignore Spam Whitelist If Recipients Exceed = 20

#
# SpamAssassin
# ------------
#

# Do you want to find spam using the "SpamAssassin" package?
# This can also be the filename of a ruleset.
Use SpamAssassin = yes

# SpamAssassin is not very fast when scanning huge messages, so messages # bigger than this value will be truncated to this length for SpamAssassin # testing. The original message will not be affected by this. This value # is a good compromise as very few spam messages are bigger than this.
#
# Now for the options:
# 1) <length of data in bytes>
# 2) <length of data in bytes> trackback # 3) <length of data in bytes> continue <max extra bytes allowed> # # 1) Put in a simple number.
#    This will be the simple cut-off point for messages that are larger than
#    this number.
# 2) Put in a number followed by 'trackback'.
#    Once the size limit is reached, MailScanner reverses towards the start
#    of the message, until it hits a line that is blank. The message passed
#    to SpamAssassin is truncated there. This stops any part-images being
#    passed to SpamAssassin, and so avoids rules which trigger on this.
# 3) Put in a number followed by 'continue' followed by another number.
#    Once the size limit is reached, MailScanner continues adding to the data
#    passed to SpamAssassin, until at most the 2nd number of bytes have been
#    added looking for a blank line. This tries to complete the image data
#    that has been started when the 1st number of bytes has been reached,
#    while imposing a limit on the amount that can be added (to avoid attacks).
#
# If all this confuses you, just leave it alone at "40k" as that is good.
Max SpamAssassin Size = 40k

# This replaces the SpamAssassin configuration value 'required_hits'.
# If a message achieves a SpamAssassin score higher than this value, # it is spam. See also the High SpamAssassin Score configuration option.
# This can also be the filename of a ruleset, so the SpamAssassin # required_hits value can be set to different values for different messages.
Required SpamAssassin Score = 6

# If a message achieves a SpamAssassin score higher than this value, # then the "High Scoring Spam Actions" are used. You may want to use # this to deliver moderate scores, while deleting very high scoring messsages.
# This can also be the filename of a ruleset.
High SpamAssassin Score = 10

# Set this option to "yes" to enable the automatic whitelisting functions # available within SpamAssassin. This will cause addresses from which you # get real mail, to be marked so that it will never incorrectly spam-tag # messages from those addresses.
# To disable whitelisting, you must set "use_auto_whitelist 0" in your # spam.assassin.prefs.conf file as well as set this to no.
SpamAssassin Auto Whitelist = yes

# If SpamAssassin takes longer than this (in seconds), the check is # abandoned and the timeout noted.
SpamAssassin Timeout = 75

# If SpamAssassin times out more times in a row than this, then it will be # marked as "unavailable" until MailScanner next re-starts itself.
# This means that remote network failures causing SpamAssassin trouble will # not mean your mail stops flowing.
Max SpamAssassin Timeouts = 10

# The total number of SpamAssassin attempts during which "Max SpamAssassin # Timeouts" will cause SpamAssassin to stop doing all network-based tests.
# If double the timeout value is reached (i.e. it continues to timeout at # the same frequency as before) then it is marked as "unavailable".
# See the previous comment for more information.
# The default values of 10 and 20 mean that 10 timeouts in any sequence of # 20 attempts will trigger the behaviour described above, until the next # periodic restart (see "Restart Every").
SpamAssassin Timeouts History = 30

# If the message sender is on any of the Spam Lists, do you still want # to do the SpamAssassin checks? Setting this to "no" will reduce the load # on your server, but will stop the High Scoring Spam Actions from ever # happening.
# This can also be the filename of a ruleset.
Check SpamAssassin If On Spam List = yes

# Do you want to include the "Spam Score" header. This shows 1 character # (Spam Score Character) for every point of the SpamAssassin score. This # makes it very easy for users to be able to filter their mail using # whatever SpamAssassin threshold they want. For example, they just look # for "sssss" for every message whose score is > 5, for example.
# This can also be the filename of a ruleset.
Spam Score = yes

# Many naive spammers send out the same message to lots of people.
# These messages are very likely to have roughly the same SpamAssassin score.
# For extra speed, cache the SpamAssassin results for the messages # being processed so that you only call SpamAssassin once for all of the # messages.
# This can also be the filename of a ruleset.
Cache SpamAssassin Results = yes

# The SpamAssassin cache uses a database file which needs to be writable # by the MailScanner "Run As User". This file will be created and setup for # you automatically when MailScanner is started.
SpamAssassin Cache Database File = /var/spool/MailScanner/incoming/SpamAssassin.cache.db

# If you are using the Bayesian statistics engine on a busy server, # you may well need to force a Bayesian database rebuild and expiry # at regular intervals. This is measures in seconds.
# 1 day = 86400 seconds.
# To disable this feature set this to 0.
# Note: If you enable this feature, set "bayes_auto_expire 0" in
#       spam.assasssin.prefs.conf which you will find in the same
#       directory as this file.
Rebuild Bayes Every = 0

# The Bayesian database rebuild and expiry may take a 2 or 3 minutes # to complete. During this time you can either wait, or simply # disable SpamAssassin checks until it has completed.
Wait During Bayes Rebuild = no

#
# Custom Spam Scanner Plugin
# --------------------------
#

# Use the Custom Spam Scanner. This is code you will have to write yourself, # a function called "GenericSpamScanner" stored in the file # MailScanner/lib/MailScanner/CustomFunctions/GenericSpamScanner.pm
# It will be passed
#  $IP      - the numeric IP address of the system on the remote end
#             of the SMTP connections
#  $From    - the address of the envelope sender of the message
#  $To      - a perl reference to the envelope recipients of the message
#  $Message - a perl reference to the list of line of the message # A sample function is given in the correct file in the distribution.
# This sample function also includes code to show you how to make it run # an external program to produce a spam score.
# This can also be the filename of a ruleset.
Use Custom Spam Scanner = no

# How much of the message should be passed tot he Custom Spam Scanner.
# Most spam tools only need the first 20kbytes of the message to determine # if it is spam or not. Passing more than is necessary only slows things # down.
# This can also be the filename of a ruleset.
Max Custom Spam Scanner Size = 20k

# How long should the custom spam scanner take to run? If it takes more # seconds than this, then it should be considered to have crashed and # should be killed. This stops denial-of-service attacks.
Custom Spam Scanner Timeout = 20

# If the Custom Spam Scanner times out more times in a row than this, # then it will be marked as "unavailable" until MailScanner next re- # starts itself.
Max Custom Spam Scanner Timeouts = 10

# The total number of Custom Spam Scanner attempts during which "Max # Custom Spam Scanner Timeouts" will cause the Custom Spam Scanner to # be marked as "unavailable". See the previous comment for more information.
# The default values of 10 and 20 mean that 10 timeouts in any sequence of # 20 attempts will trigger the behaviour described above, until the next # periodic restart (see "Restart Every").
Custom Spam Scanner Timeout History = 20

#
# What to do with spam
# --------------------
#

# This is a list of actions to take when a message is spam.
# It can be any combination of the following:
#    deliver                 - deliver the message as normal
#    delete                  - delete the message
#    store                   - store the message in the quarantine
#    bounce                  - send a rejection message back to the sender
#    forward user@domain.com - forward a copy of the message to user@domain.com
#    striphtml               - convert all in-line HTML content to plain text.
#                              You need to specify "deliver" as well for the
#                              message to reach the original recipient.
#    attachment              - Convert the original message into an attachment
#                              of the message. This means the user has to take
#                              an extra step to open the spam, and stops "web
#                              bugs" very effectively.
#    notify                  - Send the recipients a short notification that
#                              spam addressed to them was not delivered. They
#                              can then take action to request retrieval of
#                              the original message if they think it was not
#                              spam.
#    header "name: value"    - Add the header
#                                name: value
#                              to the message. name must not contain any spaces.
#
# The default value I have set here enables Thunderbird 1.5 to automatically # handle spam when set to trust the "SpamAssassin" headers.
#
# This can also be the filename of a ruleset, in which case the filename # must end in ".rule" or ".rules".
#Spam Actions = store forward anonymous@ecs.soton.ac.uk Spam Actions = deliver header "X-Spam-Status: Yes"

# This is just like the "Spam Actions" option above, except that it applies # when the score from SpamAssassin is higher than the "High SpamAssassin Score"
# value.
#    deliver                 - deliver the message as normal
#    delete                  - delete the message
#    store                   - store the message in the quarantine
#    forward user@domain.com - forward a copy of the message to user@domain.com
#    striphtml               - convert all in-line HTML content to plain text.
#                              You need to specify "deliver" as well for the
#                              message to reach the original recipient.
#    attachment              - Convert the original message into an attachment
#                              of the message. This means the user has to take
#                              an extra step to open the spam, and stops "web
#                              bugs" very effectively.
#    notify                  - Send the recipients a short notification that
#                              spam addressed to them was not delivered. They
#                              can then take action to request retrieval of
#                              the original message if they think it was not
#                              spam.
#    header "name: value"    - Add the header
#                                name: value
#                              to the message. name must not contain any spaces.
#
# The default value I have set here enables Thunderbird 1.5 to automatically # handle spam when set to trust the "SpamAssassin" headers.
#
# This can also be the filename of a ruleset, in which case the filename # must end in ".rule" or ".rules".
High Scoring Spam Actions = deliver

# This is just like the "Spam Actions" option above, except that it applies # to messages that are *NOT* spam.
#    deliver                 - deliver the message as normal
#    delete                  - delete the message
#    store                   - store the message in the quarantine
#    forward user@domain.com - forward a copy of the message to user@domain.com
#    striphtml               - convert all in-line HTML content to plain text
#    header "name: value"    - Add the header
#                                name: value
#                              to the message. name must not contain any spaces.
#
# The default value I have set here enables Thunderbird 1.5 to automatically # handle spam when set to trust the "SpamAssassin" headers.
#
# This can also be the filename of a ruleset, in which case the filename # must end in ".rule" or ".rules".
Non Spam Actions = deliver header "X-Spam-Status: No"

# There are 3 reports:
#   Sender Spam Report         -  sent when a message triggers both a Spam
#                                 List and SpamAssassin,
#   Sender Spam List Report    -  sent when a message triggers a Spam List,
#   Sender SpamAssassin Report -  sent when a message triggers SpamAssassin.
#
# These can also be the filenames of rulesets.
Sender Spam Report         = %report-dir%/sender.spam.report.txt
Sender Spam List Report    = %report-dir%/sender.spam.rbl.report.txt
Sender SpamAssassin Report = %report-dir%/sender.spam.sa.report.txt

# If you use the 'attachment' Spam Action or High Scoring Spam Action # then this is the location of inline spam report that is inserted at # the top of the message.
Inline Spam Warning = %report-dir%/inline.spam.warning.txt

# If you use the 'notify' Spam Action or High Scoring Spam Action then # this is the location of the notification message that is sent to the # original recipients of the message.
Recipient Spam Report = %report-dir%/recipient.spam.report.txt

# You can use this ruleset to enable the "bounce" Spam Action.
# You must *only* enable this for mail from sites with which you have # agreed to bounce possible spam. Use it on low-scoring spam only (<10) # and only to your regular customers for use in the rare case that a # message is mis-tagged as spam when it shouldn't have been.
# Beware that many sites will automatically delete the bounce messages # created by using this option unless you have agreed this with them in # advance.
# If you enable this, be prepared to handle the irate responses from # people to whom you are essentially sending more spam!
Enable Spam Bounce = %rules-dir%/bounce.rules

# When you bounce a spam message back to the sender, do you want to # encapsulate it in another message, rather like the "attachment" option # when delivering spam to the original recipient?
# NOTE: If you enable this option, be sure to whitelist your local server
#       ie. 127.0.0.1 as otherwise the spam bounce message will be detected
#       as spam again, which will cause another spam bounce and so on
#       until your mail queues fill up and your server crashes!
# This can also be the filename of a ruleset.
Bounce Spam As Attachment = no

#
# Logging
# -------
#

# This is the syslog "facility" name that MailScanner uses. If you don't # know what a syslog facility name is, then either don't change this value # or else go and read "man syslog.conf". The default value of "mail" will # cause the MailScanner logs to go into the same place as all your other # mail logs.
Syslog Facility = mail

# Do you want to log the processing speed for each section of the code # for a batch? This can be very useful for diagnosing speed problems, # particularly in spam checking.
Log Speed = no

# Do you want all spam to be logged? Useful if you want to gather # spam statistics from your logs, but can increase the system load quite # a bit if you get a lot of spam.
Log Spam = no

# Do you want all non-spam to be logged? Useful if you want to see # all the SpamAssassin reports of mail that was marked as non-spam.
# Note: It will generate a lot of log traffic.
Log Non Spam = no

# Log all the filenames that are allowed by the Filename Rules, or just # the filenames that are denied?
# This can also be the filename of a ruleset.
Log Permitted Filenames = no

# Log all the filenames that are allowed by the Filetype Rules, or just # the filetypes that are denied?
# This can also be the filename of a ruleset.
Log Permitted Filetypes = no

# Log all occurrences of "Silent Viruses" as defined above?
# This can only be a simple yes/no value, not a ruleset.
Log Silent Viruses = no

# Log all occurrences of HTML tags found in messages, that can be blocked.
# This will help you build up your whitelist of message sources for which # particular HTML tags should be allowed, such as mail from newsletters # and daily cartoon strips.
# This can also be the filename of a ruleset.
Log Dangerous HTML Tags = no

#
# Advanced SpamAssassin Settings
# ------------------------------
#
# If you are using Postfix you may well need to use some of the settings # below, as the home directory for the "postfix" user cannot be written # to by the "postfix" user.
# You may also need to use these if you have installed SpamAssassin # somewhere other than the default location.
#

# The per-user files (bayes, auto-whitelist, user_prefs) are looked # for here and in ~/.spamassassin/. Note the files are mutable.
# If this is unset then no extra places are searched for.
# If using Postfix, you probably want to set this as shown in the example # line at the end of this comment, and do
#      mkdir /var/spool/MailScanner/spamassassin
#      chown postfix.postfix /var/spool/MailScanner/spamassassin
# NOTE: SpamAssassin is always called from MailScanner as the same user,
#       and that is the "Run As" user specified above. So you can only
#       have 1 set of "per-user" files, it's just that you might possibly
#       need to modify this location.
#       You should not normally need to set this at all.
#SpamAssassin User State Dir = /var/spool/MailScanner/spamassassin
SpamAssassin User State Dir =

# This setting is useful if SpamAssassin is installed in an unusual place, # e.g. /opt/MailScanner. The install prefix is used to find some fallback # directories if neither of the following two settings work.
# If this is set then it adds to the list of places that are searched; # otherwise it has no effect.
#SpamAssassin Install Prefix = /opt/MailScanner SpamAssassin Install Prefix =

# The site rules are searched for here.
# Normal location on most systems is /etc/mail/spamassassin.
SpamAssassin Site Rules Dir = /etc/mail/spamassassin

# The site-local rules are searched for here, and in prefix/etc/spamassassin, # prefix/etc/mail/spamassassin, /usr/local/etc/spamassassin, /etc/spamassassin, # /etc/mail/spamassassin, and maybe others.
# Be careful of setting this: it may mean the spam.assassin.prefs.conf file # is missed out, you will need to insert a soft-link with "ln -s" to link # the file into mailscanner.cf in the new directory.
# If this is set then it replaces the list of places that are searched; # otherwise it has no effect.
#SpamAssassin Local Rules Dir = /etc/MailScanner/mail/spamassassin
SpamAssassin Local Rules Dir =

# The rules created by the "sa-update" tool are searched for here.
# This directory contains the spamassassin/3.001001/updates_spamassassin_org
# directory structure beneath it.
# Only un-comment this setting once you have proved that the sa-update # cron job has run successfully and has created a directory structure under # the spamassassin directory within this one and has put some *.cf files in # there. Otherwise it will ignore all your current rules!
# The default location may be /var/opt on Solaris systems.
SpamAssassin Local State Dir = # /var/lib

# The default rules are searched for here, and in prefix/share/spamassassin, # /usr/local/share/spamassassin, /usr/share/spamassassin, and maybe others.
# If this is set then it adds to the list of places that are searched; # otherwise it has no effect.
#SpamAssassin Default Rules Dir = /opt/MailScanner/share/spamassassin
SpamAssassin Default Rules Dir =

#
# MCP (Message Content Protection)
# -----------------------------
#
# This scans text and HTML messages segments for any banned text, using # a 2nd copy of SpamAssassin to provide the searching abilities.
# This 2nd copy has its own entire set of rules, preferences and settings.
# When used together with the patches for SpamAssassin, it can also check # the content of attachments such as office documents.
#
# See http://www.mailscanner.info/mcp.html for more info.
#

MCP Checks = no

# Do the spam checks first, or the MCP checks first?
# This cannot be the filename of a ruleset, only a fixed value.
First Check = mcp

# The rest of these options are clones of the equivalent spam options MCP Required SpamAssassin Score = 1 MCP High SpamAssassin Score = 10 MCP Error Score = 1

MCP Header = X-%org-name%-MailScanner-MCPCheck:
Non MCP Actions = deliver
MCP Actions = deliver
High Scoring MCP Actions = deliver
Bounce MCP As Attachment = no

MCP Modify Subject = yes
MCP Subject Text = {MCP?}
High Scoring MCP Modify Subject = yes
High Scoring MCP Subject Text = {MCP?}

Is Definitely MCP = no
Is Definitely Not MCP = no
Definite MCP Is High Scoring = no
Always Include MCP Report = no
Detailed MCP Report = yes
Include Scores In MCP Report = no
Log MCP = no

MCP Max SpamAssassin Timeouts = 20
MCP Max SpamAssassin Size = 100k
MCP SpamAssassin Timeout = 10

MCP SpamAssassin Prefs File = %mcp-dir%/mcp.spam.assassin.prefs.conf
MCP SpamAssassin User State Dir =
MCP SpamAssassin Local Rules Dir = %mcp-dir% MCP SpamAssassin Default Rules Dir = %mcp-dir% MCP SpamAssassin Install Prefix = %mcp-dir% Recipient MCP Report = %report-dir%/recipient.mcp.report.txt
Sender MCP Report = %report-dir%/sender.mcp.report.txt

#
# Advanced Settings
# -----------------
#
# Don't bother changing anything below this unless you really know # what you are doing, or else if MailScanner has complained about # your "Minimum Code Status" setting.
#

# When trying to work out the value of configuration parameters which are # using a ruleset, this controls the behaviour when a rule is checking the # "To:" addresses.
# If this option is set to "yes", then the following happens when checking # the ruleset:
#   a) 1 recipient. Same behaviour as normal.
#   b) Several recipients, but all in the same domain (domain.com for example).
#      The rules are checked for one that matches the string "*@domain.com".
#   c) Several recipients, not all in the same domain.
#      The rules are checked for one that matches the string "*@*".
#
# If this option is set to "no", then some rules will use the result they # get from the first matching rule for any of the recipients of a message, # so the exact value cannot be predicted for messages with more than 1 # recipient.
#
# This value *cannot* be the filename of a ruleset.
Use Default Rules With Multiple Recipients = no

# When putting the value of the spam score of a message into the headers, # how do you want to format it. If you don't know how to use sprintf() or # printf() in C, please *do not modify* this value. A few examples for you:
# %d     ==> 12
# %5.2f  ==> 12.34
# %05.1f ==> 012.3
# This can also be the filename of a ruleset.
Spam Score Number Format = %d

# This is the version number of the MailScanner distribution that created # this configuration file. Please do not change this value.
MailScanner Version Number = 4.56.8

# Do not change this unless you absolutely have to, these numbers have # been carefully calculated.
# They affect the length of time that different types of message are # stored in the SpamAssassin cache which can be configured earlier in # this file (look for "Cache").
# The numbers are all set in seconds. They are:
# 1. Non-Spam cache lifetime                           = 30 minutes
# 2. Spam (low scoring) cache lifetime                 = 5 minutes
# 3. High-Scoring spam cache lifetime                  = 3 hours
# 4. Viruses cache lifetime                            = 2 days
# 5. How often to check the cache for expired messages = 10 minutes SpamAssassin Cache Timings = 1800,300,10800,172800,600

# Set Debug to "yes" to stop it running as a daemon and just process # one batch of messages and then exit.
Debug = no

# Do you want to debug SpamAssassin from within MailScanner?
Debug SpamAssassin = no

# Set Run In Foreground to "yes" if you want MailScanner to operate # normally in foreground (and not as a background daemon).
# Use this if you are controlling the execution of MailScanner # with a tool like DJB's 'supervise' (see http://cr.yp.to/daemontools.html).
Run In Foreground = no

# If you are using an LDAP server to read the configuration, these # are the details required for the LDAP connection. The connection # is anonymous.
#LDAP Server = localhost
#LDAP Base   = o=fsl
#LDAP Site   = default

# This option is intended for people who want to log more information # about messages than what is put in syslog. It is intended to be used # with a Custom Function which has the side-effect of logging information, # perhaps to an SQL database, or any other processing you want to do # after each message is processed.
# Its value is completely ignored, it is purely there to have side # effects.
# If you want to use it, read CustomConfig.pm.
Always Looked Up Last = no

# This option is intended for people who want to log per-batch information.
# This is evaluated after the "Always Looked Up Last" configuration option # for each message in the batch. This is looked up once for the entire batch.
# Its value is completely ignored, it is purely there to have side effects.
# If you want to use it, read CustomConfig.pm.
Always Looked Up Last After Batch = no

# When attempting delivery of outgoing messages, should we do it in the # background or wait for it to complete? The danger of doing it in the # background is that the machine load goes ever upwards while all the # slow sendmail processes run to completion. However, running it in the # foreground may cause the mail server to run too slowly.
Deliver In Background = yes

# Attempt immediate delivery of messages, or just place them in the outgoing # queue for the MTA to deliver when it wants to?
#      batch -- attempt delivery of messages, in batches of up to 20 at once.
#      queue -- just place them in the queue and let the MTA find them.
# This can also be the filename of a ruleset. For example, you could use a # ruleset here so that messages coming to you are immediately delivered, # while messages going to any other site are just placed in the queue in # case the remote delivery is very slow.
Delivery Method = batch

# Are you using Exim with split spool directories? If you don't understand # this, the answer is probably "no". Refer to the Exim documentation for # more information about split spool directories.
Split Exim Spool = no

# Where to put the virus scanning engine lock files.
# These lock files are used between MailScanner and the virus signature # "autoupdate" scripts, to ensure that they aren't both working at the # same time (which could cause MailScanner to let a virus through).
Lockfile Dir = /tmp

# Where to put the code for your "Custom Functions". No code in this # directory should be over-written by the installation or upgrade process.
# All files starting with "." or ending with ".rpmnew" will be ignored, # all other files will be compiled and may be used with Custom Functions.
Custom Functions Dir = /usr/lib/MailScanner/MailScanner/CustomFunctions

# How to lock spool files.
# Don't set this unless you *know* you need to.
# For sendmail, it defaults to "posix".
# For sendmail 8.12 and older, you will probably need to change it to flock, # particularly on Linux systems.
# For Exim, it defaults to "posix".
# No other type is implemented.
Lock Type = 

# Minimum acceptable code stability status -- if we come across code # that's not at least as stable as this, we barf.
# This is currently only used to check that you don't end up using untested # virus scanner support code without realising it.
# Levels used are:
# none          - there may not even be any code.
# unsupported   - code may be completely untested, a contributed dirty hack,
#                 anything, really.
# alpha         - code is pretty well untested. Don't assume it will work.
# beta          - code is tested a bit. It should work.
# supported     - code *should* be reliable.
#
# Don't even *think* about setting this to anything other than "beta" or # "supported" on a system that receives real mail until you have tested it # yourself and are happy that it is all working as you expect it to.
# Don't set it to anything other than "supported" on a system that could # ever receive important mail.
#
# READ and UNDERSTAND the above text BEFORE changing this.
#
Minimum Code Status = supported

Open in new window

0
aloknet21
Asked:
aloknet21
  • 2
1 Solution
 
aloknet21Author Commented:
# The default of "All-Viruses" means that no senders of viruses will be # notified (as the sender address is always forged these days anyway), # but anyone who sends a message that is blocked for other reasons will # still be notified.
#
# This can also be the filename of a ruleset.
Silent Viruses = HTML-IFrame All-Viruses

When i Remove the "All-Viruses" and enable this line:
 Do you want to notify the people who sent you messages containing # viruses or badly-named filenames?
# This can also be the filename of a ruleset.
Notify Senders = yes

# *If* "Notify Senders" is set to yes, do you want to notify people # who sent you messages containing viruses?
# The default value has been changed to "no" as most viruses now fake # sender addresses and therefore should be on the "Silent Viruses" list.
# This can also be the filename of a ruleset.
Notify Senders Of Viruses = no

In this case sender and receiver both notified, But i want sender to be notified. Any help will be higly appreciated.

Thanks
Alok
0
 
jar3817Commented:
99% of the time, if viruses are being sent, the sender address is forged, so notifying them is just a waste of time and resources.
0
 
aloknet21Author Commented:
Thank you jar3817. last time i faced a problem one of my user has sent a word file attachment to client and he did not got any notification so he believed that mail has gone and thus we missed some important communication with client so i wnat users to nofify who send any viruses with attachment.


so that he aware that mail has discarded due to viruses contains in attach file.

0

Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now