Qmail-Scanner ./configure options

The following shows what options the Qmail-Scanner installation supports:

./configure --help
Building Qmail-Scanner...

valid options:
  --qs-user <username>  User that Qmail-Scanner runs as (default: qscand)
  --qmaildir <top of qmail> defaults to /var/qmail/
  --spooldir <spooldir> defaults to /var/spool/qscan/
  --bindir <installdir> where to install qmail-scanner-queue.pl
                        Defaults to /var/qmail/bin/
  --admin <username> user to Email alerts to (default: root)
  --domain <domain name> "user"@"domain" makes up Email address
         to Email alerts to.
  --admin-description <description> Defaults to:
                                    "System Anti-Virus Administrator"
                                    - this plus "--admin" and 
                                    "--domain" settings are used
                                    to construct the From: line
                                    in any e-mails generated by Q-S
  --scanners <list of installed content scanners>
                                    Defaults to "auto" - will use
                                    whatever scanners are found on system.
                                    Use this option to override "auto" - set
                                    to one or more of the following:

auto,none,clamscan,clamdscan,sweep,sophie,vscan,trophie,uvscan,csav,antivir,kavscanner,AvpLinux,kavdaemon,AvpDaemonClient,fsav,fprot,inocucmd,ravlin,vexira,verbose_spamassassin,fast_spamassassin

                                    Note the special-case "none". This
                                    will disable all but the internal
                                    perlscanner module.
                                    
  --skip-text-msgs [yes|no]          Defaults to "yes" - Q-S will skip
                                     running any anti-virus scanners on
                                     any messages it works out are text-only.
                                     i.e. don't have any attachments.
                                     Set to "no" if you want them to be scanned
                                     anyway.

  --virusdir "maildir name"          Defaults to "viruses".
                                     This will be the maildir directory structure
                                     into which viruses are quarantined. 
                                     (under /var/spool/qscan/quarantine/viruses)
                                     If this is the string "none" - then viruses will be DELETED
                                     instead of quarantined. IT IS NOT RECOMMENED TO
                                     USE IN ENVIRONMENTS WHERE THE OPTION TO RECOVER
                                     IS REQUIRED.

  --notify "none|sender|recips|precips|admin|nmladm|nmlvadm|all" Defaults to "psender,nmlvadm". 
                                     Comma-separated list (no spaces!)
                                     of addresses to which alerts should
                                     be sent to. "nmladm" means only
                                     notify admin for "user infections", 
                                     i.e. non-mailing-list mail.
                                     "nmlvadm" is the same as nmladm - except
                                     that it also doesn't notify for viral e-mails.
                                     i.e. just "policy" quarantines get e-mails. This allows you to 
                                     still notify people when an e-mail is blocked due to
                                     a policy decision (such as blocking password-protected
                                     zip files), but a message tagged as viral by an AV system
                                     will *not* trigger notification.
				     Similarly, "psender"/"precips" means notify the sender/recips only 
				     if their e-mail was blocked for policy reasons. i.e. if an AV system 
				     found a virus, then don't notify the sender/recip as the address was 
				     probably forged.
  --quarantine-reject [n|y]          Defaults to "no". Whether to trigger a SMTP
                                     error response to quarantine events (inc. SPAM).
                                     Qmail installed with the "custom error patch" will
                                     get a nice little text msg sent, those without 
                                     just produce a generic Qmail error. BE CAREFUL
                                     IF ENABLING AND YOUR Q-S SERVER ISN'T DIRECTLY
                                     FACING THE INTERNET
  --local-domains "one.domain,two.domain" Defaults to the 
                                     value of the "--domain" setting.
                                     Comma-separated list (no spaces!) 
                                     of domains that are classified as
                                     "local". This is needed to ensure 
                                     alerts are only sent to local users
                                     and not remote when '--notify "recips"'
                                     is chosen. This will drastically
                                     reduce the chance of alerts being
                                     sent to mailing-lists.          
  --silent-viruses "virus1,virus2"   Defaults to "auto".
                                     This option allows you to tell 
                                     Qmail-Scanner *not* to notify 
                                     senders when it quarantines one
                                     of these viruses. Viruses such 
                                     as Klez alter the sender address
                                     so that it has no relation to the
                                     actual sender - so there's no point
                                     in responding to Klez messages - it
                                     just confuses people. The admin and
                                     recips will still be notified as set
                                     by "--notify".
                                     Use this option to override "auto".
                                     By default this is set to:
                                     klez,bugbear,hybris,yaha,braid,nimda,tanatos,sobig,winevar,palyh,fizzer,gibe,cailont,lovelorn,swen,dumaru,sober,hawawi,holar-i,mimail,poffer,bagle,worm.galil,mydoom,worm.sco,tanx,novarg,@mm

  --sa-maxsize "number"              Currently set to "256000".
                                     This size (in bytes) sets the
                                     max size email that will be
                                     processed by SpamAssassin.
  --sa-quarantine "X"                Disabled by default. If you have 
                                     SpamAssassin installed and enabled, then
                                     configuring this allows you to quarantine
                                     SPAM that is more than +X points than
				     the "required_hits" value (typically "5").
				     If you want to use this, a good starting point
				     might be "--sa-quarantine 5"
				     i.e. for required_hits=5, a score of 10 (5+5)
				     gets the message quarantined instead of
				     delivered to the end-user. E-mail
				     alerts are NEVER generated for SPAM, and
				     they are quarantined into the "./spam/"
				     maildir instead of the "./viruses/"
				     maildir where viruses go.

  --lang "af_ZA cs_CZ de_DE en_GB enlt_LT enlt_LT_short en_PL es_ES fr_FR it_IT ja_JP.EUC nl_NL no_NO pl_PL pt_BR pt_PT sk_SK sv_SE tr_TR tr_TR_ascii tw_BIG5"   
                            Defaults to en_GB.
  --archive [yes|no|regex] Defaults to "no". Whether to archive mail after
                           it as been processed. If "yes", all copies of 
                           processed mail will be moved into the maildir 
                           "/var/spool/qscan/archives/". Any other string besides
                           "yes" and "no" will be treated as a REGEX. Only mail
                           from or to an address (i.e. envelope headers "mail from" and "rcpt to") that contains that regex will
                           be archived. e.g. "jhaar|harry" or "\@our\.domain".
                           Be careful with this option, a badly written regex
                           will cause Qmail-Scanner to crash. Putting quotes around that string is a good start...
  --redundant [yes|no]     Defaults to "yes". Whether or not to let the scanners
                           also scan any zip files and the original "raw" Email
                           file.
  --log-details [yes|syslog|no] Whether or not to log to mailstats.csv/via 
                                syslog the attachment structure of every Email 
                                message. Logs to "syslog" by default.
  --log-crypto [yes|no]    Defaults to "no". Whether or not to log the presence
                           of cryptographic (both signing and encrypting) 
                           technologies in the "log-details". Q-S can flag
                           PGP, S/MIME and password-protected zip files. This
                           is informational logging only.
  --fix-mime [yes|no|num]  Defaults to "yes" (2). Whether or not to attempt to 
                          "fix" broken MIME messages before doing anything
                          else. Should be safe, but *may* break some 
                          strange, old mailers (none known yet). If you see blocks
                          occurring due to this setting, try "--fix-mime 1" first
                          before "--fix-mime no".
  --ignore-eol-check [yes|no]   Defaults to "no". Making this "yes" stops Qmail-Scanner
                          from treating "\r" or "\0" chars in the headers of 
                          MIME mail messages as being suspicious enough to quarantine
                          mail over. Some sites receive so much broken e-mail that this
                          option has been created so that they can still receive such
                          messages without having to be as drastic as to "--fix-mime no"
                          - which disables all sorts of other good stuff. Use only if you
                          have to.

  --add-dscr-hdrs [yes|no|all]  Defaults to "no". This adds the now old-fashion
                            X-Qmail-Scanner headers to the message. "all" adds
                            the "rcpt to" headers too - this is a privacy hole.
  --debug    [yes|no]     Whether or not debugging is turned on. On (yes)
                          by default. Can be also set to a number. Numbers 
                          over 100 cause Q-S to not cleanup working files
                          - thus allowing for offline debugging...
  --unzip    [yes|no]     Whether or not to forcibly unzip all zip files. Off 
                          by default as most AV's do unzip'ping themselves.
  --max-zip-size [number] Defaults to 1 Gbytes. 
			  This setting allows you to control the maximum size you
			  are willing to allow zip file attachments to unpack to.
			  This is to enable you to limit DoS attacks against your
			  Qmail-Scanner installation (someone could send you a small zip
			  file that unpacks to Gbytes of useless files - filling your harddisk).
			  Set to whatever value you think is appropriate for your system. The
			  default value of 1Gb is set so large so as not to assume anything about
			  your system - YOU WILL NEED TO SET THIS VALUE IN ORDER TO GAIN ANY 
			  PROTECTION.
  --batch                 Do not confirm configure information (mainly for scripting)
  --install               Create directory paths, install perl script,
                          and change ownerships to match.
  --mime-unpacker "reformime"        Defaults to reformime.

       ****************
         Rarely Used
       ****************

  --no-QQ-check           Do not check that the QMAILQUEUE patch is installed. 
                          This explicitly disables any "--install" reference 
                          as that is NOT POSSIBLE with a manual install.
                          Use ONLY IF YOU MUST. The QMAILQUEUE patch is REALLY
                          a GOOD THING!!!!

  --skip-setuid-test      don't test for setuid perl. Only of use for those wanting
                          to run the C-wrapper version.

  --qmail-queue-binary    Set this to the FULL PATH to the Qmail qmail-queue 
                          binary. This is only EVER set when doing a manual 
                          install.


This script must be run as root so it can detect problems with setuid
perl scripts! 


Last Updated: Thursday 12th 2006f October 2006 12:40:20 AM GMT