Global settings virus related

  1. Home
  2. Knowledge Base
  3. Settings
  4. Global settings virus related

Table of Contents

g_vipre_enable – Enable vipre scanner on windows

Enable the vipre scanner module

Syntax: g_vipre_enable bool

g_virus_allow_unmonitorable – Allow unmonitorable content (avast antivirus)

By default messages that cannot be scanned (eg as they contain password protected archive files) are blocked by the avast virus scanner. This setting allows unmonitorable contect to be sent.

Syntax: g_virus_allow_unmonitorable bool

g_virus_avast_attachments – Only scan messages with suspect attachments (windows only currently)

This setting has no further documentation currently available

Syntax: g_virus_avast_attachments bool

Not recommended, now use the anti virus config page to configure surgemail to use your system scanner.

g_virus_avast – Set Avast update time

This is a string based setting that allows you to specify when Avast updates are attempted.

eg: to update at 12 midnight, 6am,12noon and 6 pm.

g_virus_avast_hour “0,6,12,18”

Syntax: g_virus_avast_hour int

g_virus_avast_old – Enable AVAST virus scanner integration, OBSOLETE, DO NOT USE

This setting has no further documentation currently available

Syntax: g_virus_avast_old bool

Enables the cloud scanner for inbox delivered messages if clamav is in use, this does send samples to an external system for scanning so may not be appropriate in all situations. It should only be used on systems where ‘clamav’ is the primary scanner with less than 1000 users.

Syntax: g_virus_cloud bool

g_virus_cloud_wild – File types to cloud scan *.exe,*.com

Best left as default

Syntax: g_virus_cloud_wild string

g_virus_cmd – Command line virus checker to run on MIME parts

If defined the mail server will extract MIME parts in a multi part message and run the virus scanner over the extracted file. The command line can include $FILE$ which will be replaced with the actual file name of the extracted part. An intelligent cache is used so mailing lists, etc, will not require running the virus scanner on every message sent. If you set this to “do_not_run” then SurgeMail will extract the MIME parts but not actually run any program, some virus scanners scan all files on the system so the file is deleted magically and SurgeMail will notice and bounce the message. If your scanner supports the returning of return codes if a virus is found then you should use g_virus_cmd_codes with this setting as this is more reliable than having to detect if a file is deleted and also means also will work on viruses in archives which a lot of scanners won’t delete.

Syntax: g_virus_cmd string

g_virus_cmd_body – Scan raw msg file too

This setting has no further documentation currently available

Syntax: g_virus_cmd_body bool

g_virus_cmd_codes – Return codes to bounce message

Accept return codes from virus scanner as a confirmation that the scanned file is infected, eg: 1,2,3,4,5.

Lets SurgeMail check the return code from g_virus_cmd and if the code matches
one in the above setting assumes its a virus and bounces it.

g_virus_cmd_codes “10,12”

This would assume its a virus if the scanner returns return code 10 or 12 and then will bounce the message.

Syntax: g_virus_cmd_codes string

This should only be used when your front end server is not scanning for viruses and your back end server then rejects the message generating back scatter on the front end server.

Syntax: g_virus_cmd_drop bool

g_virus_cmd_email – Set if scanner can understand email message files

If this is set then then the scanner is responsible for extracting the mime parts of a message and scanning them

Syntax: g_virus_cmd_email bool

g_virus_cmd_log – Log stdout of virus command line scanner to vcmd.log

This setting has no further documentation currently available

Syntax: g_virus_cmd_log bool

g_virus_cmd_max – Maximum number of concurrent threads to use for scanning

Syntax: g_virus_cmd_max “number of threads”

This sets the maximum number of threads that be used for running the virus scanner set by g_virus_cmd. Some scanners can take a while to scan a message and if the server is very busy this can tie up many channels and drain the cpu slowing down the entire mail server. When the maximum has been reached any messages coming in will be passed on without being run through the scanner – although this is not the best, it’s better than the mail server grinding to a halt.

Syntax: g_virus_cmd_max int

g_virus_cmd_nodel – Do not delete scanned files

Disables cleanup of scanned files, so you can test manually. The files are extracted to the “toscan” directory inside the SurgeMail directory. You should never normally need this on unless for debugging purposes.

Syntax: g_virus_cmd_nodel bool

g_virus_cmd_size – Max size of messages to scan

Useful to stop scanning of huge files, e.g. 1mb or bigger

Syntax: g_virus_cmd_size int

g_virus_cmd_sleep – Wait after g_virus_cmd incase delete is not immediate

Milli seconds to wait after g_virus_cmd incase delete is not immediate, eg: 500 = half a second.

Syntax: g_virus_cmd_sleep int

g_virus_cmd_test – Continue after virus found to compare scanners

This setting has no further documentation currently available

Syntax: g_virus_cmd_test bool

g_virus_debug3 – Testing virus scanners do not use

Do not use

Syntax: g_virus_debug3 bool

g_virus_disable_local – Disable scanning for local trusted users

Skip virus scanner for authenticated users and 127.0.0.1

Syntax: g_virus_disable_local bool

g_virus_disable_remote – Disable virus scans for non-local addresses

By default SurgeMail scans incoming messages from non-local senders, this disables that behaviour so scans will only occur if any recipient has virus scan access. You will probably need g_user_virus_scan true as well.

Syntax: g_virus_disable_remote bool

g_virus_filter – Virus checker or filter that takes commands on stdin and response on stdout

Virus filters use the following protocol the process is run continuously and sent on STDIN a command of the form, “nnn CHECK fullfilename envelopefilename\r\n” and in response it must send back is “nnn OK|REJECT|ERROR reason text\r\n”

It can modify the file directly and then respond with ‘ok’, however if it does this it must maintain the crlf line terminated and dot stuffed nature of the file.

Here is an example test of a virus filter

c:\surgemail> vfilter.exe
 1 check c:\surgemail\work\a.itm c:\surgemail\work\a.hdr
 1 REJECT Found something bad in that file
 2 check c:\surgemail\work\a.itm c:\surgemail\work\a.hdr
 2 OK send message along

a.hdr would contain:

From: bob@domain.com
 To: xyz@thisdomain.com
 To: xyz3@thisdomain.com

Syntax: g_virus_filter cmd=string type=string

g_virus_filter_require – Require filter pipe

If any g_virus_filter pipe fails bounce messages rather than allow to continue.

Syntax: g_virus_filter_require bool

g_virus_fprot – Set F-PROT port for mail scanning

Typically set this to 11200

First install f-prot virus scanner, exact steps will vary depending on platform so follow your F-Prot install instructions, but as an example on Linux we did this:

cd /usr/local
gunzip DISTRIBUTION.tar.gz
tar -xvf DISTRIBUTION.tar
cd f-prot
./install-f-prot.pl
cd tools
# Now start mail scanner as user 'mail'
su mail -c"/usr/local/f-prot/tools/scan-mail.pl -server -daemon"
 

Your will also need to start the scanner as above in your startup scripts (e.g. rc.local)

Then lastly in surgemail.ini set

g_virus_fprot 11200

When a message is scanned a header X-Fprot: … is added giving some informational status.

Syntax: g_virus_fprot int

g_virus_late – Run virus scan after most spam filter processing

This can reduce load on virus scanner which is often a slow process

Syntax: g_virus_late bool

g_virus_localhost – Don’t skip virus checks for 127.0.0.1 originating emails

This setting should not normally be used, it will make it scan locally generated emails, dlist messages etc…

Syntax: g_virus_localhost bool

g_virus_recent_skip – Skip recent virus cache

Skip virus recent cache which attempts to speed up virus scanners.

Syntax: g_virus_recent_skip bool

g_virus_rename – Rename attached executables to prevent autorun

If enabled SurgeMail will rename dangerous executable files by replacing the ‘.’ with an ‘_’. This will stop many autorun viruses. This is name

Syntax: g_virus_rename bool

g_virus_rename_skip – Skip rename for these from/to addresses

This setting has no further documentation currently available

Syntax: g_virus_rename_skip string

g_virus_rename_skipauth – Skip rename if user sending is authenticated local user

This setting has no further documentation currently available

Syntax: g_virus_rename_skipauth bool

g_virus_report – Report detected viruses to someone

Sends an email report to the specified address when a virus comes in.

Syntax: g_virus_report string

g_virus_report_all – Report every virus using g_virus_report

This setting has no further documentation currently available

Syntax: g_virus_report_all bool

g_virus_report_user – Report virus to recipients

This setting has no further documentation currently available

Syntax: g_virus_report_user bool

g_virus_restart – Restart vpipe virus scanners

Restart vpipe virus scanners every this many items.

Syntax: g_virus_restart int

g_virus_scanner_list – List of files to be virus scanned *.exe,*.bat,etc…

Use this to over-ride the default

Syntax: g_virus_scanner_list string

g_virus_simple – Enable internal simple virus scanner

This scanner simply blocks dangerous attachments, it’s fast, and effective.

Syntax: g_virus_simple bool

g_virus_simple_list – List of dangerous file extensions, *.exe,*.bat,etc…

Use this setting to replace the default list

Syntax: g_virus_simple_list string

g_virus_simple_skip – Skip simple check for from/to addresses

This setting has no further documentation currently available

Syntax: g_virus_simple_skip string

g_virus_simple_skipauth – Skip simple virus if user sending is authenticated local user

This setting has no further documentation currently available

Syntax: g_virus_simple_skipauth bool

g_virus_simple_test – Compare with avast results

This scanner simply blocks dangerous attachments, it’s fast, and effective.

Syntax: g_virus_simple_test bool

g_virus_simple_zip – Check zip files for executables and block

This can be used to stop many types of viruses

Syntax: g_virus_simple_zip bool

g_virus_strangers – Use simple attachment filter for non friends

This setting can stop zero hour attacks as it blocks any attachment that might be a virus if it’s not from a friend

Syntax: g_virus_strangers bool

g_vpipe_concurrent – Concurrent requests to vpipe process

Concurrent requests to vpipe process, default is 7, set to 1 to debug vpipe issues

Syntax: g_vpipe_concurrent int

g_vpipe_fail_crash – Crash if vpipe fails

Crash SurgeMail if vpipe fails. This is for debugging purposes only.

Syntax: g_vpipe_fail_crash bool

g_vpipe_notag – Disable vpipe result headers

Disable headers showing vpipe results in messages.

Syntax: g_vpipe_notag bool

g_vpipe_skip – Skip virus filter checks per IP address

Disable virus and crc checking for known safe bulk mailers that would otherwise overload the server. This setting affects the virus checker.
Example: g_vpipe_skip “20.0.0.2”

  • g_virus_cmd
  • virus filters (g_virus_filter)
  • filter program (g_filter_pipe)
  • F-Prot in daemon mode (g_virus_fprot)

Syntax: g_vpipe_skip string

g_vpipe_timeout – Timeout for firus filters (default 60s)

The timeout in second that SurgeMail will wait for a virus filter (defined by g_virus_filter) to complete. If after this time the virus filter has not responded the message will be let through and the following line logged in mail.log:

“Virus filter not responding, stuck on <msg file> allowing message through”

Syntax: g_vpipe_timeout int

Use the online HTML beautifier to maximize your web content composing efficiency.

Was this article helpful?

Related Articles