11
11
It uses a mail scanning engine built into \fBclamd(8)\fR.
13
13
Clamav\-milter can use load balancing and fault tolerant techniques to connect
14
to more than one clamd(8) server and seamlessly hot-swap to even the load
14
to more than one clamd(8) server and seamlessly hot\-swap to even the load
15
15
between different machines and to keep scanning for viruses even when a server
17
17
When it is configured to use clamd on the the localhost, when
36
\fB-a FROM, \-\-from<=EMAIL>\fR
37
Source email address of notices. The default is MAILER-DAEMON.
36
\fB\-a FROM, \-\-from<=EMAIL>\fR
37
Source email address of notices. The default is MAILER\-DAEMON.
38
38
If \fI=EMAIL\fR is not given, thus \-\-from, then the from address is set
39
39
to the originating email address, however since it is likely that address is
40
40
forged it must not be relied upon.
49
49
\fB\-V, \-\-version\fR
50
50
Print the version number and exit.
52
\fB-C DIR, \-\-chroot=DIR\fR
52
\fB\-C DIR, \-\-chroot=DIR\fR
53
53
Run in chroot jail DIR.
55
55
You will have to do a lot of fiddling if you want notifications to work,
56
since clamav-milter calls \fBsendmail(8)\fR to handle the notifications and
56
since clamav\-milter calls \fBsendmail(8)\fR to handle the notifications and
57
57
sendmail will run of out the same jail.
59
59
\fB\-c FILE, \-\-config\-file=FILE\fR
65
65
\fB\-x n, \-\-debug\-level=n\fR
66
66
Set the debug level to n (where n from [0..9]) if \fBclamav\-milter\fR was
67
configured and compiled with \-\-clamav-debug enabled.
67
configured and compiled with \-\-clamav\-debug enabled.
68
68
Will be replaced by \-\-debug for compatibility with other programs in the
71
\fB-A, \-\-advisory\fR
71
\fB\-A, \-\-advisory\fR
72
72
When in advisory mode, clamav\-milter flags emails with viruses but
73
73
still forwards them. The default option is to stop viruses.
74
This mode is incompatible with \-\-quarantine and \-\-quarantine-dir.
74
This mode is incompatible with \-\-quarantine and \-\-quarantine\-dir.
76
76
\fB\-b, \-\-bounce\fR
77
77
Send a failure message to the sender, and to the postmaster.
78
78
[ \fBWarning\fR: most viruses and worms
79
79
fake their source address, so this option is not recommended, and needs
80
to be enabled at compile-time ].
80
to be enabled at compile\-time ].
81
81
See also \-\-noreject.
83
83
\fB\-B, \-\-broadcast[=<iface>]\fR
89
89
A future network management program (yet to be written) will intercept these
90
90
broadcasts to raise a warning on the operator's desk.
92
\fB-d, \-\-dont-scan-on-error\fR
92
\fB\-d, \-\-dont\-scan\-on\-error\fR
93
93
If a system error occurs pass messages through unscanned,
94
94
usually when a system error occurs the milter raises a temporary failure which
95
95
generally causes the message to remain in the queue.
97
\fB-f, \-\-force-scan\fR
98
Always scan, wherever the message came from (see also --local and --outgoing).
97
\fB\-f, \-\-force\-scan\fR
98
Always scan, wherever the message came from (see also \-\-local and \-\-outgoing).
99
99
You probably don't want this.
101
\fB-e, \-\-external\fR
101
\fB\-e, \-\-external\fR
102
102
Usually clamav\-milter scans the emails itself without the use of an
103
103
external program.
104
104
The \-\-external option informs clamav\-milter to use an external program such
105
105
as clamd(8) running either on the local server or other server(s) to perform
108
\fB\-k, \-\-blacklist-time=time\fR
108
\fB\-k, \-\-blacklist\-time=time\fR
109
109
Tells the number of seconds to black list an IP address (IPv4 only). This
110
110
is especially useful with phishing which often send a number of emails one
113
113
Blacklisting speeds up scanning significantly, however it does have drawbacks
114
114
since it is possible for a site to be incorrectly blacklisted because of DHCP
115
or an unsafe smart-host.
116
To avoid this, clamav-milter's blacklist does not last for ever.
115
or an unsafe smart\-host.
116
To avoid this, clamav\-milter's blacklist does not last for ever.
117
117
The recommended value is 60.
119
119
Machines on the LAN, the local host, and machines that are our MX peers are
120
120
never blacklisted.
122
\fB\f-K, \-\-dont-blacklist=IP[,IP...]\fR
123
Instructs clamav-milter to refrain from blacklisting IP the given addresses.
122
\fB\f\-K, \-\-dont\-blacklist=IP[,IP...]\fR
123
Instructs clamav\-milter to refrain from blacklisting IP the given addresses.
124
124
This is useful for sites that receive email from upstream servers that are
125
125
either untrusted or have no virus.
126
126
Without this option many false positives could occur.
127
127
This scenario often happens when the upstream server belongs to an
128
128
ISP that may not have AV software.
131
131
Also scan messages sent from LAN. You probably want this especially if
132
132
your LAN is populated by machines running Windows or DOS.
136
136
other machines are always scanned.
137
137
Up to 8 extra ranges may be added with the \-\-ignore option.
139
\fB-M, \-\-freshclam-monitor\fR
139
\fB\-M, \-\-freshclam\-monitor\fR
140
140
When not running in external mode, this option tells clamav\-milter how
141
141
often to check that the virus database has been updated, probably by
145
145
The checking cannot be disabled, a value less than or equal to zero will be
148
\fB-n, \-\-noxheader\fR
148
\fB\-n, \-\-noxheader\fR
149
149
Usually clamav\-milter adds headings to messages that are scanned.
150
The headers are of the form "X-Virus-Scanned: version",
151
and "X-Virus-Status: clean/infected/not-scanned".
150
The headers are of the form "X\-Virus\-Scanned: version",
151
and "X\-Virus\-Status: clean/infected/not\-scanned".
152
152
This option instructs
153
153
clamav\-milter to refrain from adding this heading.
155
\fB-N, \-\-noreject\fR
156
When clamav\-milter processes an e-mail which contains a virus it rejects
157
the e-mail by using the SMTP code 550 or 554 depending on the state machine.
155
\fB\-N, \-\-noreject\fR
156
When clamav\-milter processes an e\-mail which contains a virus it rejects
157
the e\-mail by using the SMTP code 550 or 554 depending on the state machine.
158
158
This option causes clamav\-milter to silently discard such messages.
159
159
It is recommended that system administrators use this option when NOT using
160
160
the \-\-bounce option.
162
\fB-o, \-\-outgoing\fR
162
\fB\-o, \-\-outgoing\fR
163
163
Scan messages generated from this machine. You probably don't need this.
165
\fB-i, \-\-pidfile=FILE\fR
165
\fB\-i, \-\-pidfile=FILE\fR
166
166
Notifies clamav\-milter to store its process ID in FILE.
167
167
The file must be creatable by clamav\-milter,
168
168
if the User option is set in
169
169
\fBclamd.conf(5)\fR,
170
170
then that user must have the rights to create the file.
172
\fB-p, \-\-postmaster=EMAILADDRESS\fR
173
Sets the e-mail address that receives notifications of viruses caught,
172
\fB\-p, \-\-postmaster=EMAILADDRESS\fR
173
Sets the e\-mail address that receives notifications of viruses caught,
174
174
when the \-\-quiet option is not given.
176
\fB-P, \-\-postmaster-only\fR
176
\fB\-P, \-\-postmaster\-only\fR
177
177
When the \-\-quiet option is not given, send a notification to the postmaster.
178
178
Setting this flag will include the ID of the message in the email's body
179
179
which can ease searching through system logs if the administrator believes it
181
181
Without this option, the intended recipient of the email will also receive a
182
182
copy of the notification of the interception.
185
185
Don't send any notification messages when a virus or worm is detected.
186
This option overrides the \-\-bounce and \-\-postmaster-only options, and is
186
This option overrides the \-\-bounce and \-\-postmaster\-only options, and is
187
187
the way to turn off notification to the postmaster.
189
\fB-Q, \-\-quarantine=EMAILADDRESS\fR
190
If this e-mail address is given, messages containing a virus or worm are
189
\fB\-Q, \-\-quarantine=EMAILADDRESS\fR
190
If this e\-mail address is given, messages containing a virus or worm are
191
191
redirected to it.
193
\fB-r, \-\-report-phish=EMAILADDRESS\fR
194
Report caught phishing to an anti-phish organisation's email address such
193
\fB\-r, \-\-report\-phish=EMAILADDRESS\fR
194
Report caught phishing to an anti\-phish organisation's email address such
195
195
as pirt_clamav@castlecops.com and reportphishing@antiphishing.org.
197
\fB-R, \-\-report-phish-false-positives=EMAILADDRESS\fR
197
\fB\-R, \-\-report\-phish\-false\-positives=EMAILADDRESS\fR
198
198
Report phish false positves to an email address, such as bugs@clamav.net.
200
\fB-U, \-\-quarantine-dir=DIR\fR
200
\fB\-U, \-\-quarantine\-dir=DIR\fR
201
201
If this option is given, infected files are left in this directory.
202
202
The directory must not be publicly readable or writable, if it is,
203
203
clamav\-milter will issue an error and fail to start.
204
\fBNote\fR - this option only works when using LocalSocket.
204
\fBNote\fR \- this option only works when using LocalSocket.
206
206
\fB\-\-server=HOSTNAME/ADDRESS, \-s HOSTNAME/ADDRESS\fR
207
207
IP address or hostname of server(s) running clamd (when using TCPsocket and
219
219
signature will only display on the end user's terminal if the message is
220
220
plain/text or not encoded.
222
\fB\-\-signature-file, \-F\fR
222
\fB\-\-signature\-file, \-F\fR
223
223
Location of file to be appended to each scanned message. Overrides \-S.
225
225
\fB\-\-max\-children=n, \-m n\fR
237
237
Note, however, that the default build is for SESSION to be disabled.
239
239
\fB\-\-dont\-wait\fR
240
Tells clamav\-milter what do to if the max-children number is exceeded.
240
Tells clamav\-milter what do to if the max\-children number is exceeded.
241
241
Usually clamav\-milter waits until a child dies or the timeout value has been
242
exceeded, which ever comes first, however with dont-wait enabled, clamav\-milter
242
exceeded, which ever comes first, however with dont\-wait enabled, clamav\-milter
243
243
will inform the remote SMTP client to retry later.
245
245
\fB\-\-dont\-sanitise\fR
259
259
The %v string can be escaped thus, \\%v, to send the string %v.
260
260
The % character can be escaped thus, %%, to send the % character.
261
261
Any occurrence of strings in dollar signs are replaced with the appropriate
262
sendmail-variable, e.g. ${if_addr}$.
263
If the \-t option is not given, clamav\-milter defaults to a hard-coded message.
262
sendmail\-variable, e.g. ${if_addr}$.
263
If the \-t option is not given, clamav\-milter defaults to a hard\-coded message.
264
264
Note that to send warning messages, clamav\-milter must be able to execute
268
268
File points to a file whose contents are added to the headers of the
269
269
warning message given to the \fB\-\-template\-file\fR option.
270
270
For example, to state the character set of the message,
271
put "Content-Type: text/plain; charset=koi8-r" into the file.
271
put "Content\-Type: text/plain; charset=koi8\-r" into the file.
273
273
\fB\-\-timeout=n \-T n\fR
274
274
Used in conjunction with max\-children. If clamav\-milter waits for more than
276
276
will turn off the timeout and clamav\-milter will wait indefinitely for the
277
277
scanning to quit. In practice the timeout set by sendmail will then take over.
279
\fB\-\-detect-forged-local-address \-L\fR
279
\fB\-\-detect\-forged\-local\-address \-L\fR
280
280
When neither \-\-force, \-\-local nor \-\-outgoing is given,
281
281
this option intercepts incoming mails that incorrectly claim to be from the
284
\fB\-\-whitelist-file=FILE, \-W file\fR
285
This option specifies a file which contains a list of e-mail addresses.
286
E-mails sent to or from these addresses will NOT be checked.
287
While this is not an Anti-Virus function, it is quite useful for some systems.
284
\fB\-\-whitelist\-file=FILE, \-W file\fR
285
This option specifies a file which contains a list of e\-mail addresses.
286
E\-mails sent to or from these addresses will NOT be checked.
287
While this is not an Anti\-Virus function, it is quite useful for some systems.
288
288
The address given to the \-\-quarantine directive is always whitelisted.
290
290
The file consists of a list of addresses, each address on a line enclosed
294
294
field is missing, the default is \fITo\fR.
295
295
Lines starting with #, : or ! are ignored.
297
\fB\-\-sendmail-cf=FILE\fR
297
\fB\-\-sendmail\-cf=FILE\fR
298
298
When starting, clamav\-milter runs some sanity checks against the sendmail.cf
299
299
file, usually in /etc/sendmail.cf or /etc/mail/sendmail.cf. This directive
300
300
tells clamav\-milter where to find the sendmail.cf file.
302
\fB\-\-black-hole-mode\fR
302
\fB\-\-black\-hole\-mode\fR
303
303
Since \fIsendmail\fR calls its milters before it looks in its alias and virtuser
304
tables, clamav-milter can spend time looking for malware that's going to be
304
tables, clamav\-milter can spend time looking for malware that's going to be
305
305
thrown away even if the message is clean.
307
307
Enabling this stops these messages from being scanned
309
309
these messages so the message doesn't go further down the milter call chain).
310
310
Only enable this if your site has many addresses aliased to /dev/null.
312
To enable this mode clamav-milter must have certain sendmail rights:
312
To enable this mode clamav\-milter must have certain sendmail rights:
313
313
it needs to run as a TrustedUser as defined by \fIsendmail\fR
314
314
(see http://www.sendmail.org/m4/tweaking_config.html)
315
315
by the use of the User directive in clamd.conf,
316
316
the clamav user must be able read the mail queue (often /var/spool/mqueue),
317
317
and AllowSupplementaryGroups must be enabled in clamd.conf.
318
318
Some operating systems set \fI/var/spool/mqueue\fR to be mode 700 forcing you to
319
run clamav-milter as root for black-hole-mode.
319
run clamav\-milter as root for black\-hole\-mode.
320
320
This is always unadvisable, it is better to have \fI/var/spool/mqueue\fR as
added
removed
docs/man/clamav-milter.8.in
