MailScanner Configuration Index

 Do you want to add the Envelope-From: header?
 This is very useful for tracking where spam came from as it
 contains the envelope sender address.
 This can also be the filename of a ruleset.

 Do you want to add the Envelope-To: header?
 This can be useful for tracking spam destinations, but should be
 used with care due to possible privacy concerns with the use of
 Bcc: headers by users.
 This can also be the filename of a ruleset.

 Anything on the next line that appears in brackets at the end of a line
 of output from Sophos will cause the error/infection to be ignored.
 Use of this option is dangerous, and should only be used if you are having
 trouble with lots of corrupt PDF files, for example.
 If you need to specify more than 1 string to find in the error message,
 then put each string in quotes and separate them with a comma.
 For example:
Allowed Sophos Error Messages = "corrupt", "format not supported", "File was encrypted", "The main body of virus data is out of date"

 Do you want to allow messages whose body is stored somewhere else on the
 internet, which is downloaded separately by the user's email package?
 There is no way to guarantee that the file fetched by the user's email
 package is free from viruses, as MailScanner never sees it.
 This feature is dangerous as it can allow viruses to be fetched from
 other Internet sites by a user's email package. The user would just
 think it was a normal email attachment and would have been scanned by
 MailScanner.
 It is only currently supported by Netscape 6 anyway, and the only people
 who it are the IETF. So I would strongly advise leaving this switched off.
 This can also be the filename of a ruleset.

 Allow any attachment filenames matching any of the patters listed here.
 If this setting is empty, it is ignored and no matches are made.
 This can also be the filename of a ruleset.

 Allow any attachment filetypes matching any of the patters listed here.
 If this setting is empty, it is ignored and no matches are made.
 This can also be the filetype of a ruleset.

 Do you want to allow <Form> tags in email messages? This is a bad idea
 as these are used as scams to pursuade people to part with credit card
 information and other personal data.
 Value: yes     => Allow these tags to be in the message
        no      => Ban messages containing these tags
        disarm  => Allow these tags, but stop these tags from working
                   Note: Disarming can be defeated, it is not 100% safe!
 This can also be the filename of a ruleset.

 Do you want to allow <IFrame> tags in email messages? This is not a good
 idea as it allows various Microsoft Outlook security vulnerabilities to
 remain unprotected, but if you have a load of mailing lists sending them,
 then you will want to allow them to keep your users happy.
 Value: yes     => Allow these tags to be in the message
        no      => Ban messages containing these tags
        disarm  => Allow these tags, but stop these tags from working
 This can also be the filename of a ruleset, so you can allow them from
 known mailing lists but ban them from everywhere else.

 Do you want to allow <Object Codebase=...> or <Object Data=...> tags
 in email messages?
 This is a bad idea as it leaves you unprotected against various
 Microsoft-specific security vulnerabilities. But if your users demand
 it, you can do it.
 Value: yes     => Allow these tags to be in the message
        no      => Ban messages containing these tags
        disarm  => Allow these tags, but stop these tags from working
 This can also be the filename of a ruleset, so you can allow them just
 for specific users or domains.

 Do you want to allow partial messages, which only contain a fraction of
 the attachments, not the whole thing? There is absolutely no way to
 scan these "partial messages" properly for viruses, as MailScanner never
 sees all of the attachment at the same time. Enabling this option can
 allow viruses through. You have been warned.
 This can also be the filename of a ruleset so you can, for example, allow
 them in outgoing mail but not in incoming mail.

 Should archives which contain any password-protected files be allowed?
 Leaving this set to "no" is a good way of protecting against all the
 protected zip files used by viruses at the moment.
 This can also be the filename of a ruleset.

 Do you want to allow <Script> tags in email messages? This is a bad idea
 as these are used to exploit vulnerabilities in email applications and
 web browsers.
 Value: yes     => Allow these tags to be in the message
        no      => Ban messages containing these tags
        disarm  => Allow these tags, but stop these tags from working
                   Note: Disarming can be defeated, it is not 100% safe!
 This can also be the filename of a ruleset.

 Do you want to allow <Img> tags with very small images in email messages?
 This is a bad idea as these are used as 'web bugs' to find out if a message
 has been read. It is not dangerous, it is just used to make you give away
 information.
 Value: yes     => Allow these tags to be in the message
        disarm  => Allow these tags, but stop these tags from working
                   Note: Disarming can be defeated, it is not 100% safe!
 Note: You cannot block messages containing web bugs as their detection
       is very vulnerable to false alarms.
 This can also be the filename of a ruleset.

 While detecting "Phishing" attacks, do you also want to point out links
 to numeric IP addresses. Genuine links to totally numeric IP addresses
 are very rare, so this option is set to "yes" by default. If a numeric
 IP address is found in a link, the same phishing warning message is used
 as in the Find Phishing Fraud option above.
 This can also be the filename of a ruleset.

 Do you want to always include the Spam Report in the SpamCheck
 header, even if the message wasn't spam?
 This can also be the filename of a ruleset.

 This option is intended for people who want to log more information
 about messages than what is put in syslog. It is intended to be used
 with a Custom Function which has the side-effect of logging information,
 perhaps to an SQL database, or any other processing you want to do
 after each message is processed.
 Its value is completely ignored, it is purely there to have side
 effects.
 If you want to use it, read CustomConfig.pm.

 This option is intended for people who want to log per-batch information.
 This is evaluated after the "Always Looked Up Last" configuration option
 for each message in the batch. This is looked up once for the entire batch.
 Its value is completely ignored, it is purely there to have side effects.
 If you want to use it, read CustomConfig.pm.

 Space-separated list of any combination of
 1. email addresses to which mail should be forwarded,
 2. directory names where you want mail to be stored,
 3. file names (they must already exist!) to which mail will be appended
    in "mbox" format suitable for most Unix mail systems.

 Any of the items above can contain the magic string _DATE_ in them
 which will be replaced with the current date in yyyymmdd format.
 This will make archive-rolling and maintenance much easier, as you can
 guarantee that yesterday's mail archive will not be in active use today.

 If you give this option a ruleset, you can control exactly whose mail
 is archived or forwarded. If you do this, beware of the legal implications
 as this could be deemed to be illegal interception unless the police have
 asked you to do this.

 Note: This setting still works even if "Scan Messages" is no.

Archive Mail = /var/spool/MailScanner/archive

 What character set do you want to use for the attachment that
 replaces viruses (VirusWarning.txt)?
 The default is ISO-8859-1 as even Americans have to talk to the
 rest of the world occasionally :-)
 This can also be the filename of a ruleset.

 If the attachments are to be compressed into a single zip file,
 this is the filename of the zip file.
 This can also be the filename of a ruleset.

 When a virus or attachment is replaced by a plain-text warning,
 and that warning is an attachment, this is the filename of the
 new attachment.
 This can also be the filename of a ruleset.

 Should encrypted messages be blocked?
 This is useful if you are wary about your users sending encrypted
 messages to your competition.
 This can be a ruleset so you can block encrypted message to certain domains.

 Should unencrypted messages be blocked?
 This could be used to ensure all your users send messages outside your
 company encrypted to avoid snooping of mail to your business partners.
 This can be a ruleset so you can just check mail to certain users/domains.

 When you bounce a spam message back to the sender, do you want to
 encapsulate it in another message, rather like the "attachment" option
 when delivering spam to the original recipient?
 NOTE: If you enable this option, be sure to whitelist your local server
       ie. 127.0.0.1 as otherwise the spam bounce message will be detected
       as spam again, which will cause another spam bounce and so on
       until your mail queues fill up and your server crashes!
 This can also be the filename of a ruleset.

 Many naive spammers send out the same message to lots of people.
 These messages are very likely to have roughly the same SpamAssassin score.
 For extra speed, cache the SpamAssassin results for the messages
 being processed so that you only call SpamAssassin once for all of the
 messages.
 This can also be the filename of a ruleset.

 If the message sender is on any of the Spam Lists, do you still want
 to do the SpamAssassin checks? Setting this to "no" will reduce the load
 on your server, but will stop the High Scoring Spam Actions from ever
 happening.
 This can also be the filename of a ruleset.

 ClamAVModule only: set limits when scanning for viruses.

 The maximum recursion level of archives,
 The maximum number of files per batch,
 The maximum file of each file,
 The maximum compression ratio of archive.
 These settings *cannot* be the filename of a ruleset, only a simple number.

 Set the "Mail Header" to these values for clean/infected/disinfected messages.
 This can also be the filename of a ruleset.

 If an attachment triggered a content check, but there was nothing
 else wrong with the message, do you want to modify the subject line?
 This can be 1 of 4 values:
      no    = Do not modify the subject line, or
      start = Add text to the start of the subject line, or
      yes   = Add text to the start of the subject line, or
      end   = Add text to the end of the subject line.
 This makes filtering in Outlook very easy.
 This can also be the filename of a ruleset.

 This is the text to add to the start of the subject if the
 "Content Modify Subject" option is set.
 You might want to change this so your users can see at a glance
 whether it just was just the content that MailScanner rejected.
 This can also be the filename of a ruleset.

 This option interacts with the "Allow ... Tags" options above like this:

 Allow...Tags    Convert Danger...    Action Taken on HTML Message
 ============    =================    ============================
    no              no                Blocked
    no              yes               Blocked
    disarm          no                Specified HTML tags disarmed
    disarm          yes               Specified HTML tags disarmed
    yes             no                Nothing, allowed to pass
    yes             yes               All HTML tags stripped

 If an "Allow ... Tags = yes" is triggered by a message, and this
 "Convert Dangerous HTML To Text" is set to "yes", then the HTML
 message will be converted to plain text.  This makes the HTML
 harmless, while still allowing your users to see the text content
 of the messages.  Note that all graphical content will be removed.

 This can also be the filename of a ruleset, so you can make this apply
 only to specific users or domains.

 Do you want to convert all HTML messages into plain text?
 This is very useful for users who are children or are easily offended
 by nasty things like pornographic spam.
 This can also be the filename of a ruleset, so you can switch this
 feature on and off for particular users or domains.

 This file lists all the countries that use 2nd-level and 3rd-level
 domain names to classify distinct types of website within their country.
 This cannot be the name of a ruleset, it is just a simple setting.

 Where to put the code for your "Custom Functions". No code in this
 directory should be over-written by the installation or upgrade process.
 All files starting with "." or ending with ".rpmnew" will be ignored,
 all other files will be compiled and may be used with Custom Functions.

 How long should the custom spam scanner take to run? If it takes more
 seconds than this, then it should be considered to have crashed and
 should be killed. This stops denial-of-service attacks.

 The total number of Custom Spam Scanner attempts during which "Max
 Custom Spam Scanner Timeouts" will cause the Custom Spam Scanner to
 be marked as "unavailable". See the previous comment for more information.
 The default values of 10 and 20 mean that 10 timeouts in any sequence of
 20 attempts will trigger the behaviour described above, until the next
 periodic restart (see "Restart Every").

 Do you want to scan the messages for potentially dangerous content?
 Setting this to "no" will disable all the content-based checks except
 Virus Scanning, Allow Partial Messages and Allow External Message Bodies.
 This can also be the filename of a ruleset.

 Set Debug to "yes" to stop it running as a daemon and just process
 one batch of messages and then exit.

 Do you want to debug SpamAssassin from within MailScanner?

 Setting this to yes means that spam found in the blacklist is treated
 as "High Scoring Spam" in the "Spam Actions" section below. Setting it
 to no means that it will be treated as "normal" spam.
 This can also be the filename of a ruleset.

 Set where to find the message text sent to users when one of their
 attachments has been deleted from a message.
 These can also be the filenames of rulesets.

 Do you want to deliver messages once they have been cleaned of any
 viruses?
 By making this a ruleset, you can re-create the "Deliver From Local"
 facility of previous versions.

 Should I attempt to disinfect infected attachments and then deliver
 the clean ones. "Disinfection" involves removing viruses from files
 (such as removing macro viruses from documents). "Cleaning" is the
 replacement of infected attachments with "VirusWarning.txt" text
 attachments.
 Less than 1% of viruses in the wild can be successfully disinfected,
 as macro viruses are now a rare occurrence. So the default has been
 changed to "no" as it gives a significant performance improvement.

 This can also be the filename of a ruleset.

 When attempting delivery of outgoing messages, should we do it in the
 background or wait for it to complete? The danger of doing it in the
 background is that the machine load goes ever upwards while all the
 slow sendmail processes run to completion. However, running it in the
 foreground may cause the mail server to run too slowly.

 Some versions of Microsoft Outlook generate unparsable Rich Text
 format attachments. Do we want to deliver these bad attachments anyway?
 Setting this to yes introduces the slight risk of a virus getting through,
 but if you have a lot of troubled Outlook users you might need to do this.
 We are working on a replacement for the TNEF decoder.
 This can also be the filename of a ruleset.

 Attempt immediate delivery of messages, or just place them in the outgoing
 queue for the MTA to deliver when it wants to?
      batch -- attempt delivery of messages, in batches of up to 20 at once.
      queue -- just place them in the queue and let the MTA find them.
 This can also be the filename of a ruleset. For example, you could use a
 ruleset here so that messages coming to you are immediately delivered,
 while messages going to any other site are just placed in the queue in
 case the remote delivery is very slow.

 Deny any attachment filenames matching any of the patters listed here.
 If this setting is empty, it is ignored and no matches are made.
 This can also be the filename of a ruleset.

 Deny any attachment filetypes matching any of the patters listed here.
 If this setting is empty, it is ignored and no matches are made.
 This can also be the filetype of a ruleset.

 Do you want the full spam report, or just a simple "spam / not spam" report?

 If HTML tags in the message were "disarmed" by using the HTML "Allow"
 options above with the "disarm" settings, do you want to modify the
 subject line?
 This can be 1 of 4 values:
      no    = Do not modify the subject line, or
      start = Add text to the start of the subject line, or
      yes   = Add text to the start of the subject line, or
      end   = Add text to the end of the subject line.
 This can also be the filename of a ruleset.

 This is the text to add to the start of the subject if the
 "Disarmed Modify Subject" option is set.
 This can also be the filename of a ruleset.

 Set where to find the message text sent to users explaining about the
 attached disinfected documents.
 This can also be the filename of a ruleset.

 You can use this ruleset to enable the "bounce" Spam Action.
 You must *only* enable this for mail from sites with which you have
 agreed to bounce possible spam. Use it on low-scoring spam only (<10)
 and only to your regular customers for use in the rare case that a
 message is mis-tagged as spam when it shouldn't have been.
 Beware that many sites will automatically delete the bounce messages
 created by using this option unless you have agreed this with them in
 advance.
 If you enable this, be prepared to handle the irate responses from
 people to whom you are essentially sending more spam!

 This is the name of the Envelope From header
 controlled by the option above.
 This can also be the filename of a ruleset.

 This is the name of the Envelope To header
 controlled by the option above.
 This can also be the filename of a ruleset.

 Expand TNEF attachments using an external program (or a Perl module)?
 This should be "yes" unless the scanner you are using (Sophos, McAfee) has
 the facility built-in. However, if you set it to "no", then the filenames
 within the TNEF attachment will not be checked against the filename rules.

 Where the "file" command is installed.
 This is used for checking the content type of files, regardless of their
 filename.
 To disable Filetype checking, set this value to blank.

 If an attachment triggered a filename check, but there was nothing
 else wrong with the message, do you want to modify the subject line?
 This can be 1 of 4 values:
      no    = Do not modify the subject line, or
      start = Add text to the start of the subject line, or
      yes   = Add text to the start of the subject line, or
      end   = Add text to the end of the subject line.
 This makes filtering in Outlook very easy.
 This can also be the filename of a ruleset.

 
 Set where to find the attachment filename ruleset.
 The structure of this file is explained elsewhere, but it is used to
 accept or reject file attachments based on their name, regardless of
 whether they are infected or not.

 This can also point to a ruleset, but the ruleset filename must end in
 ".rules" so that MailScanner can determine if the filename given is
 a ruleset or not!

 This is the text to add to the start of the subject if the
 "Filename Modify Subject" option is set.
 You might want to change this so your users can see at a glance
 whether it just was just the filename that MailScanner rejected.
 This can also be the filename of a ruleset.

 The maximum length of time the "file" command is allowed to run for 1
 batch of messages (in seconds).

 Set where to find the attachment filetype ruleset.
 The structure of this file is explained elsewhere, but it is used to
 accept or reject file attachments based on their content as determined
 by the "file" command, regardless of whether they are infected or not.

 This can also point to a ruleset, but the ruleset filename must end in
 ".rules" so that MailScanner can determine if the filename given is
 a ruleset or not!

 To disable this feature, set this to just "Filetype Rules =" or set
 the location of the file command to a blank string.

 Find zip archives by filename or by file contents?
 Finding them by content is a far more reliable way of finding them, but
 it does mean that you cannot tell your users to avoid zip file checking
 by renaming the file from ".zip" to "_zip" and tricks like that.
 Only set this to no (i.e. check by filename only) if you don't want to
 reliably check the contents of zip files. Note this does not affect
 virus checking, but it will affect all the other checks done on the contents
 of the zip file.
 This can also be the filename of a ruleset.

 Do you want to check for "Phishing" attacks?
 These are attacks that look like a genuine email message from your bank,
 which contain a link to click on to take you to the web site where you
 will be asked to type in personal information such as your account number
 or credit card details.
 Except it is not the real bank's web site at all, it is a very good copy
 of it run by thieves who want to steal your personal information or
 credit card details.
 These can be spotted because the real address of the link in the message
 is not the same as the text that appears to be the link.
 Note: This does cause extra load, particularly on systems receiving lots
       of spam such as secondary MX hosts.
 This can also be the filename of a ruleset.

 A few viruses store their infected data in UU-encoded files, to try to
 catch out virus scanners. This rarely succeeds at all.
 Setting this option to yes means that you can apply filename and filetype
 checks to the contents of UU-encoded files. This may occasionally be
 useful, in which case you should set to yes.
 This can also be the filename of a ruleset.

 Do the spam checks first, or the MCP checks first?
 This cannot be the filename of a ruleset, only a fixed value.

 Where the "gunzip" command is installed.
 This is used for expanding .gz files.
 To disable gzipped file checking, set this value to blank
 and the timeout to 0.

 The maximum length of time the "gunzip" command is allowed to run to expand
 1 attachment file (in seconds).

 Hide the directory path from all virus scanner reports sent to users.
 The extra directory paths give away information about your setup, and
 tend to just confuse users.
 This can also be the filename of a ruleset.

 Hide the directory path from all the system administrator notices.
 The extra directory paths give away information about your setup, and
 tend to just confuse users but are still useful for local sys admins.
 This can also be the filename of a ruleset.

 If a phishing fraud is detected, do you want to highlight the tag with
 a message stating that the link may be to a fraudulent web site.
 This can also be the filename of a ruleeset.

 This is just like the "Spam Actions" option above, except that it applies
 when the score from SpamAssassin is higher than the "High SpamAssassin Score"
 value.
    deliver                 - deliver the message as normal
    delete                  - delete the message
    store                   - store the message in the quarantine
    forward user@domain.com - forward a copy of the message to user@domain.com
    striphtml               - convert all in-line HTML content to plain text.
                              You need to specify "deliver" as well for the
                              message to reach the original recipient.
    attachment              - Convert the original message into an attachment
                              of the message. This means the user has to take
                              an extra step to open the spam, and stops "web
                              bugs" very effectively.
    notify                  - Send the recipients a short notification that
                              spam addressed to them was not delivered. They
                              can then take action to request retrieval of
                              the original message if they think it was not
                              spam.
    header "name: value"    - Add the header
                                name: value
                              to the message. name must not contain any spaces.

 The default value I have set here enables Thunderbird 1.5 to automatically
 handle spam when set to trust the "SpamAssassin" headers.

 This can also be the filename of a ruleset, in which case the filename
 must end in ".rule" or ".rules".

 This is just like the "Spam Modify Subject" option above, except that
 it applies when the score from SpamAssassin is higher than the
 "High SpamAssassin Score" value.
 This can be 1 of 4 values:
      no    = Do not modify the subject line, or
      start = Add text to the start of the subject line, or
      yes   = Add text to the start of the subject line, or
      end   = Add text to the end of the subject line.
 This can also be the filename of a ruleset.

 This is just like the "Spam Subject Text" option above, except that
 it applies when the score from SpamAssassin is higher than the
 "High SpamAssassin Score" value.
 The exact string "_SCORE_" will be replaced by the numeric
 SpamAssassin score.
 The exact string "_STARS_" will be replaced by a row of stars
 whose length is the SpamAssassin score.
 This can also be the filename of a ruleset.

 If a message achieves a SpamAssassin score higher than this value,
 then the "High Scoring Spam Actions" are used. You may want to use
 this to deliver moderate scores, while deleting very high scoring messsages.
 This can also be the filename of a ruleset.

 Name of this host, or a name like "the MailScanner" if you want to hide
 the real hostname. It is used in the Help Desk note contained in the
 virus warnings sent to users.
 Remember you can use $HOSTNAME in here, so you might want to set it to
 Hostname = the %org-name% ($HOSTNAME) MailScanner
 This can also be the filename of a ruleset.

 This is a list of filenames (or parts of filenames) that may appear in
 the filename of a web bug URL. They are only checked in the filename,
 not any directories or hostnames in the URL of the possible web bug.

 If it appears, then the web bug is assumed to be a harmless "spacer" for
 page layout purposes and not a real web bug at all.
 It should be a space- and/or comma-separated list of filename parts.

 Note: Use this with care, as spammers may use this to circumvent the
       web bug trap. It is disabled by default because of this problem.

 This can also be the filename of a ruleset.
Ignored Web Bug Filenames = spacer pixel.gif pixel.png

 Spammers have learnt that they can get their message through by sending
 a message with lots of recipients, one of which chooses to whitelist
 everything coming to them, including the spammer.
 So if a message arrives with more than this number of recipients, ignore
 the "Is Definitely Not Spam" whitelist.

 Include the name of the virus scanner in each of the scanner reports.
 This also includes the translation of "MailScanner" in each of the report
 lines resulting from one of MailScanner's own checks such as filename,
 filetype or dangerous HTML content. To change the name "MailScanner", look
 in reports/...../languages.conf.

 Very useful if you use several virus scanners, but a bad idea if you
 don't want to let your customers know which scanners you use.

 Do you want to include the numerical scores in the detailed SpamAssassin
 report, or just list the names of the scores

 Set location of incoming mail queue

 This can be any one of
 1. A directory name
    Example: /var/spool/mqueue.in
 2. A wildcard giving directory names
    Example: /var/spool/mqueue.in/*
 3. The name of a file containing a list of directory names,
    which can in turn contain wildcards.
    Example: /opt/MailScanner/etc/mqueue.in.list.conf

 If you are using sendmail and have your queues split into qf, df, xf
 directories, then just specify the main directory, do not give me the
 directory names of the qf,df,xf directories.
 Example: if you have /var/spool/mqueue.in/qf
                      /var/spool/mqueue.in/df
                      /var/spool/mqueue.in/xf
 then just tell me /var/spool/mqueue.in. I will find the subdirectories
 automatically.

 Set where to unpack incoming messages before scanning them
 This can completely safely use tmpfs or a ramdisk, which will
 give you a significant performance improvement.
 NOTE: The path given here must not include any links at all,
 NOTE: but must be the absolute path to the directory.

 If you want processes running under the same *group* as MailScanner to
 be able to read the working files (and list what is in the
 directories, of course), set to 0640. If you want *all* other users to
 be able to read them, set to 0644. For a detailed description, if
 you're not already familiar with it, refer to `man 2 chmod`.
 Typical use: external helper programs of virus scanners (notably ClamAV),
 like unpackers.
 Use with care, you may well open security holes.

 Note: If the "Run As User" is "root" (or not set at all) and you are
       using the "clamd" virus scanner, then this must be set:
       Incoming Work Group = clamav
       Incoming Work Permissions = 0640

 If you want to create the temporary working files so they are owned
 by a user other than the "Run As User" setting at the top of this file,
 you can change that here.
 Note: If the "Run As User" is not "root" then you cannot change the
       user but may still be able to change the group, if the
       "Run As User" is a member of both of the groups "Run As Group"
       and "Incoming Work Group".
 Note: If the "Run As User" is "root" (or not set at all) and you are
       using the "clamd" virus scanner, then this must be set:
       Incoming Work Group = clamav
       Incoming Work Permissions = 0640

 Add this extra header to all mail as it is processed.
 The contents is set by "Information Header Value" and is intended for
 you to be able to insert a help URL for your users.
 If you don't want an information header at all, just comment out this
 setting or set it to be blank.
 This can also be the filename of a ruleset.

 Set the "Information Header" to this value.
 This can also be the filename of a ruleset.

 Set where to find the HTML and text versions that will be added to the
 end of all clean messages, if "Sign Clean Messages" is set.
 These can also be the filenames of rulesets.

 Set where to find the HTML and text versions that will be inserted at
 the top of messages that have had viruses removed from them.
 These can also be the filenames of rulesets.

 If you use the 'attachment' Spam Action or High Scoring Spam Action
 then this is the location of inline spam report that is inserted at
 the top of the message.

 Spam Whitelist:
 Make this point to a ruleset, and anything in that ruleset whose value
 is "yes" will *never* be marked as spam.
 The whitelist check is done before the blacklist check. If anyone whitelists
 a message, then all recipients get the message. If no-one has whitelisted it,
 then the blacklist is checked.
 This setting over-rides the "Is Definitely Spam" setting.
 This can also be the filename of a ruleset.
Is Definitely Not Spam = no

 Spam Blacklist:
 Make this point to a ruleset, and anything in that ruleset whose value
 is "yes" will *always* be marked as spam.
 This value can be over-ridden by the "Is Definitely Not Spam" setting.
 This can also be the filename of a ruleset.

 Do you want to stop any virus-infected spam getting into the spam or MCP
 archives? If you have a system where users can release messages from the
 spam or MCP archives, then you probably want to stop them being able to
 release any infected messages, so set this to yes.
 It is set to no by default as it causes a small hit in performance, and
 many people don't allow users to access the spam quarantine, so don't
 need it.
 This can also be the filename of a ruleset.

 Set where to find all the strings used so they can be translated into
 your local language.
 This can also be the filename of a ruleset so you can produce different
 languages for different messages.

 Address of the local Postmaster, which is used as the "From" address in
 virus warnings sent to users.
 This can also be the filename of a ruleset.

 Where to put the virus scanning engine lock files.
 These lock files are used between MailScanner and the virus signature
 "autoupdate" scripts, to ensure that they aren't both working at the
 same time (which could cause MailScanner to let a virus through).

 How to lock spool files.
 Don't set this unless you *know* you need to.
 For sendmail, it defaults to "posix".
 For sendmail 8.12 and older, you will probably need to change it to flock,
 particularly on Linux systems.
 For Exim, it defaults to "posix".
 No other type is implemented.

 Log all occurrences of HTML tags found in messages, that can be blocked.
 This will help you build up your whitelist of message sources for which
 particular HTML tags should be allowed, such as mail from newsletters
 and daily cartoon strips.
 This can also be the filename of a ruleset.

 Do you want all non-spam to be logged? Useful if you want to see
 all the SpamAssassin reports of mail that was marked as non-spam.
 Note: It will generate a lot of log traffic.

 Log all the filenames that are allowed by the Filename Rules, or just
 the filenames that are denied?
 This can also be the filename of a ruleset.

 Log all the filenames that are allowed by the Filetype Rules, or just
 the filetypes that are denied?
 This can also be the filename of a ruleset.

 Log all occurrences of "Silent Viruses" as defined above?
 This can only be a simple yes/no value, not a ruleset.

 Do you want all spam to be logged? Useful if you want to gather
 spam statistics from your logs, but can increase the system load quite
 a bit if you get a lot of spam.

 Do you want to log the processing speed for each section of the code
 for a batch? This can be very useful for diagnosing speed problems,
 particularly in spam checking.

 Add this extra header to all mail as it is processed.
 This *must* include the colon ":" at the end.
 This can also be the filename of a ruleset.

 This is the version number of the MailScanner distribution that created
 this configuration file. Please do not change this value.

 Add the "Inline HTML Warning" or "Inline Text Warning" to the top of
 messages that have had attachments removed from them?
 This can also be the filename of a ruleset.

 When a message is to not be virus-scanned (which may happen depending
 upon the setting of "Virus Scanning", especially if it is a ruleset),
 do you want to add the header advising the users to get their email
 virus-scanned by you?
 Very good for advertising your MailScanning service and encouraging
 users to give you some more money and sign up to virus scanning.
 This can also be the filename of a ruleset.

 How many MailScanner processes do you want to run at a time?
 There is no point increasing this figure if your MailScanner server
 is happily keeping up with your mail traffic.
 If you are running on a server with more than 1 CPU, or you have a
 high mail load (and/or slow DNS lookups) then you should see better
 performance if you increase this figure.
 If you are running on a small system with limited RAM, you should
 note that each child takes just over 20MB.

 As a rough guide, try 5 children per CPU. But read the notes above.

 How much of the message should be passed tot he Custom Spam Scanner.
 Most spam tools only need the first 20kbytes of the message to determine
 if it is spam or not. Passing more than is necessary only slows things
 down.
 This can also be the filename of a ruleset.

 If the Custom Spam Scanner times out more times in a row than this,
 then it will be marked as "unavailable" until MailScanner next re-
 starts itself.

 The maximum depth to which zip archives will be unpacked, to allow for
 checking filenames and filetypes within zip archives.

 Note: This setting does *not* affect virus scanning in archives at all.

 To disable this feature set this to 0.
 A common useful setting is this option = 0, and Allow Password-Protected
 Archives = no. That block password-protected archives but does not do
 any filename/filetype checks on the files within the archive.
 This can also be the filename of a ruleset.

 The maximum size, in bytes, of any attachment in a message.
 If this is set to zero, effectively no attachments are allowed.
 If this is set less than zero, then no size checking is done.
 This can also be the filename of a ruleset, so you can have different
 settings for different users. You might want to set this quite small for
 large mailing lists so they don't get deluged by large attachments.

 The maximum number of attachments allowed in a message before it is
 considered to be an error. Some email systems, if bouncing a message
 between 2 addresses repeatedly, add information about each bounce as
 an attachment, creating a message with thousands of attachments in just
 a few minutes. This can slow down or even stop MailScanner as it uses
 all available memory to unpack these thousands of attachments.
 This can also be the filename of a ruleset.

 The maximum size, in bytes, of any message including the headers.
 If this is set to zero, then no size checking is done.
 This can also be the filename of a ruleset, so you can have different
 settings for different users. You might want to set this quite small for
 dialup users so their email applications don't time out downloading huge
 messages.

 If more messages are found in the queue than this, then switch to an
 "accelerated" mode of processing messages. This will cause it to stop
 scanning messages in strict date order, but in the order it finds them
 in the queue. If your queue is bigger than this size a lot of the time,
 then some messages could be greatly delayed. So treat this option as
 "in emergency only".

 SpamAssassin is not very fast when scanning huge messages, so messages
 bigger than this value will be truncated to this length for SpamAssassin
 testing. The original message will not be affected by this. This value
 is a good compromise as very few spam messages are bigger than this.

 Now for the options:
 1) <length of data in bytes>
 2) <length of data in bytes> trackback
 3) <length of data in bytes> continue <max extra bytes allowed>

 1) Put in a simple number.
    This will be the simple cut-off point for messages that are larger than
    this number.
 2) Put in a number followed by 'trackback'.
    Once the size limit is reached, MailScanner reverses towards the start
    of the message, until it hits a line that is blank. The message passed
    to SpamAssassin is truncated there. This stops any part-images being
    passed to SpamAssassin, and so avoids rules which trigger on this.
 3) Put in a number followed by 'continue' followed by another number.
    Once the size limit is reached, MailScanner continues adding to the data
    passed to SpamAssassin, until at most the 2nd number of bytes have been
    added looking for a blank line. This tries to complete the image data
    that has been started when the 1st number of bytes has been reached,
    while imposing a limit on the amount that can be added (to avoid attacks).

 If all this confuses you, just leave it alone at "40k" as that is good.

 If SpamAssassin times out more times in a row than this, then it will be
 marked as "unavailable" until MailScanner next re-starts itself.
 This means that remote network failures causing SpamAssassin trouble will
 not mean your mail stops flowing.

 Spammers do not have the power to send out huge messages to everyone as
 it costs them too much (more smaller messages makes more profit than less
 very large messages). So if a message is bigger than a certain size, it
 is highly unlikely to be spam. Limiting this saves a lot of time checking
 huge messages.
 Disable this option by setting it to a huge value.
 This is measured in bytes.
 This can also be the filename of a ruleset.

 The maximum number of timeouts caused by any individual "Spam List" or
 "Spam Domain List" before it is marked as "unavailable". Once marked,
 the list will be ignored until the next automatic re-start (see
 "Restart Every" for the longest time it will wait).
 This can also be the filename of a ruleset.

 The rest of these options are clones of the equivalent spam options

 The minimum size, in bytes, of any attachment in a message.
 If this is set less than or equal to zero, then no size checking is done.
 It is very useful to set this to 1 as it removes any zero-length
 attachments which may be created by broken viruses.
 This can also be the filename of a ruleset.

 Minimum acceptable code stability status -- if we come across code
 that's not at least as stable as this, we barf.
 This is currently only used to check that you don't end up using untested
 virus scanner support code without realising it.
 Levels used are:
 none          - there may not even be any code.
 unsupported   - code may be completely untested, a contributed dirty hack,
                 anything, really.
 alpha         - code is pretty well untested. Don't assume it will work.
 beta          - code is tested a bit. It should work.
 supported     - code *should* be reliable.

 Don't even *think* about setting this to anything other than "beta" or
 "supported" on a system that receives real mail until you have tested it
 yourself and are happy that it is all working as you expect it to.
 Don't set it to anything other than "supported" on a system that could
 ever receive important mail.

 READ and UNDERSTAND the above text BEFORE changing this.

 This sets the minimum number of "Spam Score Characters" which will appear
 if a message triggered the "Spam List" setting but received a very low
 SpamAssassin score. This means that people who only filter on the "Spam
 Stars" will still be able to catch messages which receive a very low
 SpamAssassin score. Set this value to 0 to disable it.
 This can also be the filename of a ruleset.

 ClamAVModule only: monitor each of these files for changes in size to
 detect when a ClamAV update has happened.
 This is only used by the "clamavmodule" virus scanner, not the "clamav"
 scanner setting.

 SophosSAVI only: monitor each of these files for changes in size to
 detect when a Sophos update has happened. The date of the Sophos Lib Dir
 is also monitored.
 This is only used by the "sophossavi" virus scanner, not the "sophos"
 scanner setting.

 Set whether to use postfix, sendmail, exim or zmailer.
 If you are using postfix, then see the "SpamAssassin User State Dir"
 setting near the end of this file

 What to do when you get several MailScanner headers in one message,
 from multiple MailScanner servers. Values are
      "append"  : Append the new data to the existing header
      "add"     : Add a new header
      "replace" : Replace the old data with the new data
 Default is "append"
 This can also be the filename of a ruleset.

 If you supply a space-separated list of message "precedence" settings,
 then senders of those messages will not be warned about anything you
 rejected. This is particularly suitable for mailing lists, so that any
 MailScanner responses do not get sent to the entire list.

 Strings listed here will be searched for in the output of the virus scanners.
 It works to achieve the opposite effect of the "Silent Viruses" listed above.
 If a string here is found in the output of the virus scanners, then the
 message will be treated as if it were not infected with a "Silent Virus".
 If a message is detected as both a silent virus and a non-forging virus,
 then the ___non-forging status will override the silent status.___
 In simple terms, you should list virus names (or parts of them) that you
 know do *not* forge the From address.
 A good example of this is a document macro virus or a Joke program.
 Another word that can be put in this list is the special keyword
    Zip-Password  : inserting this will cause senders to be warned about
                    password-protected zip files, when they are not allowed.
                    This will over-ride the All-Viruses setting in the list
                    of "Silent Viruses" above.

 This is just like the "Spam Actions" option above, except that it applies
 to messages that are *NOT* spam.
    deliver                 - deliver the message as normal
    delete                  - delete the message
    store                   - store the message in the quarantine
    forward user@domain.com - forward a copy of the message to user@domain.com
    striphtml               - convert all in-line HTML content to plain text
    header "name: value"    - Add the header
                                name: value
                              to the message. name must not contain any spaces.

 The default value I have set here enables Thunderbird 1.5 to automatically
 handle spam when set to trust the "SpamAssassin" headers.

 This can also be the filename of a ruleset, in which case the filename
 must end in ".rule" or ".rules".

 The visible part of the email address used in the "From:" line of the
 notices. The <user@domain> part of the email address is set to the
 "Local Postmaster" setting.

 What signature to add to the bottom of the notices.
 To insert a line-break in there, use the sequence "\n".

 Include the full headers of each message in the notices sent to the local
 system administrators?
 This can also be the filename of a ruleset.

 Where to send the notices.
 This can also be the filename of a ruleset.

 Do you want to notify the people who sent you messages containing
 viruses or badly-named filenames?
 This can also be the filename of a ruleset.

 *If* "Notify Senders" is set to yes, do you want to notify people
 who sent you messages containing attachments that are blocked due to
 their filename or file contents?
 This can also be the filename of a ruleset.

 *If* "Notify Senders" is set to yes, do you want to notify people
 who sent you messages containing attachments that are blocked due to
 being too small or too large?
 This can also be the filename of a ruleset.

 *If* "Notify Senders" is set to yes, do you want to notify people
 who sent you messages containing other blocked content, such as
 partial messages or messages with external bodies?
 This can also be the filename of a ruleset.

 *If* "Notify Senders" is set to yes, do you want to notify people
 who sent you messages containing viruses?
 The default value has been changed to "no" as most viruses now fake
 sender addresses and therefore should be on the "Silent Viruses" list.
 This can also be the filename of a ruleset.

 Set location of outgoing mail queue.
 This can also be the filename of a ruleset.

 If a potential phishing attack is found in the message, do you want to
 modify the subject line?
 This can be 1 of 4 values:
      no    = Do not modify the subject line, or
      start = Add text to the start of the subject line, or
      yes   = Add text to the start of the subject line, or
      end   = Add text to the end of the subject line.
 This can also be the filename of a ruleset.

 There are some companies, such as banks, that insist on sending out
 email messages with links in them that are caught by the "Find Phishing
 Fraud" test described above.
 This is the name of a file which contains a list of link destinations
 which should be ignored in the test. This may, for example, contain
 the known websites of some banks.
 See the file itself for more information.
 This can only be the name of the file containing the list, it *cannot*
 be the filename of a ruleset.

 This is the text to add to the start of the subject if the "Phishing
 Modify Subhect" option is set.
 This can also be the filename of a ruleset.

 Set where to store the process id number so you can stop MailScanner

 Set where to store infected and message attachments (if they are kept)
 This can also be the filename of a ruleset.

 Do you want to store copies of the infected attachments and messages?
 This can also be the filename of a ruleset.

 Do you want to store copies of messages which have been disarmed by
 having their HTML modified at all?
 This can also be the filename of a ruleset.

 If you want processes running under the same *group* as MailScanner to
 be able to read the quarantined files (and list what is in the
 directories, of course), set to 0640. If you want *all* other users to
 be able to read them, set to 0644. For a detailed description, if
 you're not already familiar with it, refer to `man 2 chmod`.
 Typical use: let the webserver have access to the files so users can
 download them if they really want to.
 Use with care, you may well open security holes.

 There is no point quarantining most viruses these days as the infected
 messages contain no useful content, so if you set this to "no" then no
 infections listed in your "Silent Viruses" setting will be quarantined,
 even if you have chosen to quarantine infections in general. This is
 currently set to "yes" so the behaviour is the same as it was in
 previous versions.
 This can also be the filename of a ruleset.

 If you want to create the quarantine/archive so the files are owned
 by a user other than the "Run As User" setting at the top of this file,
 you can change that here.
 Note: If the "Run As User" is not "root" then you cannot change the
       user but may still be able to change the group, if the
       "Run As User" is a member of both of the groups "Run As Group"
       and "Quarantine Group".

 Do you want to quarantine the original *entire* message as well as
 just the infected attachments?
 This can also be the filename of a ruleset.

 When you quarantine an entire message, do you want to store it as
 raw mail queue files (so you can easily send them onto users) or
 as human-readable files (header then body in 1 file)?

 How often (in seconds) should each process check the incoming mail
 queue for new messages? If you have a quiet mail server, you might
 want to increase this value so it causes less load on your server, at
 the cost of slightly increasing the time taken for an average message
 to be processed.

 If you are using the Bayesian statistics engine on a busy server,
 you may well need to force a Bayesian database rebuild and expiry
 at regular intervals. This is measures in seconds.
 1 day = 86400 seconds.
 To disable this feature set this to 0.
 Note: If you enable this feature, set "bayes_auto_expire 0" in
       spam.assasssin.prefs.conf which you will find in the same
       directory as this file.

 If you use the 'notify' Spam Action or High Scoring Spam Action then
 this is the location of the notification message that is sent to the
 original recipients of the message.

 Set where to find the message text sent to users who triggered the ruleset
 you are using with the "Reject Message" option.

 You may not want to receive mail from certain addresses and/or to certain
 addresses. If so, you can do this with your email transport (sendmail,
 Postfix, etc) but that will just send a one-line message which is not
 helpful to the user sending the message.
 If this is set to yes, then the message set by the "Rejection Report"
 will be sent instead, and the incoming message will be deleted.
 If you want to store a copy of the original incoming message then use the
 "Archive Mail" setting to archive a copy of it.
 The purpose of this option is to set it to be a ruleset, so that you
 can reject messages from a few offending addresses where you need to  send
 a polite reply instead of just a brief 1-line rejection message.

 If any of these headers are included in a a message, they will be deleted.
 This is very useful for removing return-receipt requests and any headers
 which mean special things to your email client application.
 X-Mozilla-Status is bad as it allows spammers to make a message appear to
 have already been read, which is believed to bypass some naive spam
 filtering systems.
 Receipt requests are bad as they give any attacker confirmation that an
 account is active and being read. You don't want this sort of information
 to leak outside your corporation. So you might want to remove
     Disposition-Notification-To and Return-Receipt-To.
 If you are having problems with duplicate message-id headers when you
 release spam from the quarantine and send it to an Exchange server, then add
     Message-Id.
 Each header should end in a ":", but MailScanner will add it if you forget.
 Headers should be separated by commas or spaces.
 This can also be the filename of a ruleset.

 This replaces the SpamAssassin configuration value 'required_hits'.
 If a message achieves a SpamAssassin score higher than this value,
 it is spam. See also the High SpamAssassin Score configuration option.
 This can also be the filename of a ruleset, so the SpamAssassin
 required_hits value can be set to different values for different messages.

 To avoid resource leaks, re-start periodically

 Group to run as (not normally used for sendmail)
Run As Group = mail
Run As Group = postfix

 User to run as (not normally used for sendmail)
 If you want to change the ownership or permissions of the quarantine or
 temporary files created by MailScanner, please see the "Incoming Work"
 settings later in this file.
Run As User = mail
Run As User = postfix

 Set Run In Foreground to "yes" if you want MailScanner to operate
 normally in foreground (and not as a background daemon).
 Use this if you are controlling the execution of MailScanner
 with a tool like DJB's 'supervise' (see http://cr.yp.to/daemontools.html).

 If this is set to yes, then email messages passing through MailScanner
 will be processed and checked, and all the other options in this file
 will be used to control what checks are made on the message.
 If this is set to no, then email messages will NOT be processed or
 checked *at all*, and so any viruses or other problems will be ignored.

 The purpose of this option is to set it to be a ruleset, so that you
 can skip all scanning of mail destined for some of your users/customers
 and still scan all the rest.
 A sample ruleset would look like this:
   To:       bad.customer.com  no
   From:     ignore.domain.com no
   FromOrTo: default           yes
 That will scan all mail except mail to bad.customer.com and mail from
 ignore.domain.com. To set this up, put the 3 lines above into a file
 called /etc/MailScanner/rules/scan.messages.rules and set the next line to
 Scan Messages = %rules-dir%/scan.messages.rules
 This can also be the filename of a ruleset (as illustrated above).

 When the message has been scanned but no other subject line changes
 have happened, do you want modify the subject line?
 This can be 1 of 4 values:
      no    = Do not modify the subject line, or
      start = Add text to the start of the subject line, or
      end   = Add text to the end of the subject line, or
      yes   = Add text to the end of the subject line.
 This makes very good advertising of your MailScanning service.
 This can also be the filename of a ruleset.

 This is the text to add to the start/end of the subject line if the
 "Scanned Modify Subject" option is set.
 This can also be the filename of a ruleset.

 Set where to find the messages that are delivered to the sender, when they
 sent an email containing either an error, banned content, a banned filename
 or a virus infection.
 These can also be the filenames of rulesets.

 There are 3 reports:
   Sender Spam Report         -  sent when a message triggers both a Spam
                                 List and SpamAssassin,
   Sender Spam List Report    -  sent when a message triggers a Spam List,
   Sender SpamAssassin Report -  sent when a message triggers SpamAssassin.

 These can also be the filenames of rulesets.

 Set how to invoke MTA when sending messages MailScanner has created
 (e.g. to sender/recipient saying "found a virus in your message")
 This can also be the filename of a ruleset.

 Sendmail2 is provided for Exim users.
 It is the command used to attempt delivery of outgoing cleaned/disinfected
 messages.
 This is not usually required for sendmail.
 This can also be the filename of a ruleset.
For Exim users: Sendmail2 = /usr/sbin/exim -C /etc/exim/exim_send.conf
For sendmail users: Sendmail2 = /usr/lib/sendmail
Sendmail2 = /usr/sbin/sendmail -C /etc/exim/exim_send.conf

 Notify the local system administrators ("Notices To") when any infections
 are found?
 This can also be the filename of a ruleset.

 Add the "Inline HTML Signature" or "Inline Text Signature" to the end
 of uninfected messages?
 This can also be the filename of a ruleset.

 If this is "no", then (as far as possible) messages which have already
 been processed by another MailScanner server will not have the clean
 signature added to the message. This prevents messages getting many
 copies of the signature as they flow through your site.
 This can also be the filename of a ruleset.

 Strings listed here will be searched for in the output of the virus scanners.
 It is used to list which viruses should be handled differently from other
 viruses. If a virus name is given here, then
 1) The sender will not be warned that he sent it
 2) No attempt at true disinfection will take place
    (but it will still be "cleaned" by removing the nasty attachments
     from the message)
 3) The recipient will not receive the message,
    unless the "Still Deliver Silent Viruses" option is set
 Other words that can be put in this list are the 5 special keywords
    HTML-IFrame   : inserting this will stop senders being warned about
                    HTML Iframe tags, when they are not allowed.
    HTML-Codebase : inserting this will stop senders being warned about
                    HTML Object Codebase/Data tags, when they are not allowed.
    HTML-Script   : inserting this will stop senders being warned about
                    HTML Script tags, when they are not allowed.
    HTML-Form     : inserting this will stop senders being warned about
                    HTML Form tags, when they are not allowed.
    Zip-Password  : inserting this will stop senders being warned about
                    password-protected zip files, when they are not allowed.
                    This keyword is not needed if you include All-Viruses.
    All-Viruses   : inserting this will stop senders being warned about
                    any virus, while still allowing you to warn senders
                    about HTML-based attacks. This includes Zip-Password
                    so you don't need to include both.

 The default of "All-Viruses" means that no senders of viruses will be
 notified (as the sender address is always forged these days anyway),
 but anyone who sends a message that is blocked for other reasons will
 still be notified.

 This can also be the filename of a ruleset.

 If an attachment or the entire message triggered a size check, but
 there was nothing else wrong with the message, do you want to modify
 the subject line?
 This can be 1 of 4 values:
      no    = Do not modify the subject line, or
      start = Add text to the start of the subject line, or
      yes   = Add text to the start of the subject line, or
      end   = Add text to the end of the subject line.
 This makes filtering in Outlook very easy.
 This can also be the filename of a ruleset.

 This is the text to add to the start of the subject if the
 "Size Modify Subject" option is set.
 You might want to change this so your users can see at a glance
 whether it just was just the message or attachment size that
 MailScanner rejected.
 This can also be the filename of a ruleset.

 The directory (or a link to it) containing all the Sophos *.ide files.
 This is only used by the "sophossavi" virus scanner, and is irrelevant
 for all other scanners.

 The directory (or a link to it) containing all the Sophos *.so libraries.
 This is only used by the "sophossavi" virus scanner, and is irrelevant
 for all other scanners.

 This is a list of actions to take when a message is spam.
 It can be any combination of the following:
    deliver                 - deliver the message as normal
    delete                  - delete the message
    store                   - store the message in the quarantine
    bounce                  - send a rejection message back to the sender
    forward user@domain.com - forward a copy of the message to user@domain.com
    striphtml               - convert all in-line HTML content to plain text.
                              You need to specify "deliver" as well for the
                              message to reach the original recipient.
    attachment              - Convert the original message into an attachment
                              of the message. This means the user has to take
                              an extra step to open the spam, and stops "web
                              bugs" very effectively.
    notify                  - Send the recipients a short notification that
                              spam addressed to them was not delivered. They
                              can then take action to request retrieval of
                              the original message if they think it was not
                              spam.
    header "name: value"    - Add the header
                                name: value
                              to the message. name must not contain any spaces.

 The default value I have set here enables Thunderbird 1.5 to automatically
 handle spam when set to trust the "SpamAssassin" headers.

 This can also be the filename of a ruleset, in which case the filename
 must end in ".rule" or ".rules".
Spam Actions = store forward anonymous@ecs.soton.ac.uk

 Set this option to "yes" to enable the automatic whitelisting functions
 available within SpamAssassin. This will cause addresses from which you
 get real mail, to be marked so that it will never incorrectly spam-tag
 messages from those addresses.
 To disable whitelisting, you must set "use_auto_whitelist 0" in your
 spam.assassin.prefs.conf file as well as set this to no.

 The SpamAssassin cache uses a database file which needs to be writable
 by the MailScanner "Run As User". This file will be created and setup for
 you automatically when MailScanner is started.

 Do not change this unless you absolutely have to, these numbers have
 been carefully calculated.
 They affect the length of time that different types of message are
 stored in the SpamAssassin cache which can be configured earlier in
 this file (look for "Cache").
 The numbers are all set in seconds. They are:
 1. Non-Spam cache lifetime                           = 30 minutes
 2. Spam (low scoring) cache lifetime                 = 5 minutes
 3. High-Scoring spam cache lifetime                  = 3 hours
 4. Viruses cache lifetime                            = 2 days
 5. How often to check the cache for expired messages = 10 minutes

 The default rules are searched for here, and in prefix/share/spamassassin,
 /usr/local/share/spamassassin, /usr/share/spamassassin, and maybe others.
 If this is set then it adds to the list of places that are searched;
 otherwise it has no effect.
SpamAssassin Default Rules Dir = /opt/MailScanner/share/spamassassin

 This setting is useful if SpamAssassin is installed in an unusual place,
 e.g. /opt/MailScanner. The install prefix is used to find some fallback
 directories if neither of the following two settings work.
 If this is set then it adds to the list of places that are searched;
 otherwise it has no effect.
SpamAssassin Install Prefix = /opt/MailScanner

 The site-local rules are searched for here, and in prefix/etc/spamassassin,
 prefix/etc/mail/spamassassin, /usr/local/etc/spamassassin, /etc/spamassassin,
 /etc/mail/spamassassin, and maybe others.
 Be careful of setting this: it may mean the spam.assassin.prefs.conf file
 is missed out, you will need to insert a soft-link with "ln -s" to link
 the file into mailscanner.cf in the new directory.
 If this is set then it replaces the list of places that are searched;
 otherwise it has no effect.
SpamAssassin Local Rules Dir = /opt/MailScanner/etc/mail/spamassassin

 The rules created by the "sa-update" tool are searched for here.
 This directory contains the 3.001001/updates_spamassassin_org
 directory structure beneath it.
 Only un-comment this setting once you have proved that the sa-update
 cron job has run successfully and has created a directory structure under
 the spamassassin directory within this one and has put some *.cf files in
 there. Otherwise it will ignore all your current rules!
 The default location may be /var/opt on Solaris systems.

 The site rules are searched for here.
 Normal location on most systems is /etc/mail/spamassassin.

 If SpamAssassin takes longer than this (in seconds), the check is
 abandoned and the timeout noted.

 The total number of SpamAssassin attempts during which "Max SpamAssassin
 Timeouts" will cause SpamAssassin to stop doing all network-based tests.
 If double the timeout value is reached (i.e. it continues to timeout at
 the same frequency as before) then it is marked as "unavailable".
 See the previous comment for more information.
 The default values of 10 and 20 mean that 10 timeouts in any sequence of
 20 attempts will trigger the behaviour described above, until the next
 periodic restart (see "Restart Every").

 The per-user files (bayes, auto-whitelist, user_prefs) are looked
 for here and in ~/.spamassassin/. Note the files are mutable.
 If this is unset then no extra places are searched for.
 If using Postfix, you probably want to set this as shown in the example
 line at the end of this comment, and do
      mkdir /var/spool/MailScanner/spamassassin
      chown postfix.postfix /var/spool/MailScanner/spamassassin
 NOTE: SpamAssassin is always called from MailScanner as the same user,
       and that is the "Run As" user specified above. So you can only
       have 1 set of "per-user" files, it's just that you might possibly
       need to modify this location.
       You should not normally need to set this at all.
SpamAssassin User State Dir = /var/spool/MailScanner/spamassassin

 Do you want to check messages to see if they are spam?
 Note: If you switch this off then *no* spam checks will be done at all.
       This includes both MailScanner's own checks and SpamAssassin.
       If you want to just disable the "Spam List" feature then set
       "Spam List =" (i.e. an empty list) in the setting below.
 This can also be the filename of a ruleset.

 This is the list of spam domain blacklists which you are using
 (such as the "rfc-ignorant" domains). See the "Spam List Definitions"
 file for more information about what you can put here.
 This can also be the filename of a ruleset.

 Add this extra header to all messages found to be spam.
 This can also be the filename of a ruleset.

 This is the list of spam blacklists (RBLs) which you are using.
 See the "Spam List Definitions" file for more information about what
 you can put here.
 This can also be the filename of a ruleset.

 This is the name of the file that translates the names of the "Spam List"
 values to the real DNS names of the spam blacklists.

 If a message appears in at least this number of "Spam Lists" (as defined
 above), then the message will be treated as spam and so the "Spam
 Actions" will happen, unless the message reaches the levels for "High
 Scoring Spam". By default this is set to 1 to mimic the previous
 behaviour, which means that appearing in any "Spam Lists" will cause
 the message to be treated as spam.
 This can also be the filename of a ruleset.

 If a message appears in at least this number of "Spam Lists" (as defined
 above), then the message will be treated as "High Scoring Spam" and so
 the "High Scoring Spam Actions" will happen. You probably want to set
 this to 2 if you are actually using this feature. 5 is high enough that
 it will never happen unless you use lots of "Spam Lists".
 This can also be the filename of a ruleset.

 If an individual "Spam List" or "Spam Domain List" check takes longer
 that this (in seconds), the check is abandoned and the timeout noted.

 The total number of Spam List attempts during which "Max Spam List Timeouts"
 will cause the spam list fo be marked as "unavailable". See the previous
 comment for more information.
 The default values of 5 and 10 mean that 5 timeouts in any sequence of 10
 attempts will cause the list to be marked as "unavailable" until the next
 periodic restart (see "Restart Every").

 If the message is spam, do you want to modify the subject line?
 This can be 1 of 4 values:
      no    = Do not modify the subject line, or
      start = Add text to the start of the subject line, or
      yes   = Add text to the start of the subject line, or
      end   = Add text to the end of the subject line.
 This makes filtering in Outlook very easy.
 This can also be the filename of a ruleset.

 Do you want to include the "Spam Score" header. This shows 1 character
 (Spam Score Character) for every point of the SpamAssassin score. This
 makes it very easy for users to be able to filter their mail using
 whatever SpamAssassin threshold they want. For example, they just look
 for "sssss" for every message whose score is > 5, for example.
 This can also be the filename of a ruleset.

 The character to use in the "Spam Score Header".
 Don't use: x as a score of 3 is "xxx" which the users will think is porn,
             as it will cause confusion with comments in procmail as well
              as MailScanner itself,
            * as it will cause confusion with pattern matches in procmail,
            . as it will cause confusion with pattern matches in procmail,
            ? as it will cause the users to think something went wrong.
 "s" is nice and safe and stands for "spam".

 Add this extra header if "Spam Score" = yes. The header will
 contain 1 character for every point of the SpamAssassin score.

 When putting the value of the spam score of a message into the headers,
 how do you want to format it. If you don't know how to use sprintf() or
 printf() in C, please *do not modify* this value. A few examples for you:
 %d     ==> 12
 %5.2f  ==> 12.34
 %05.1f ==> 012.3
 This can also be the filename of a ruleset.

 If this option is set to yes, you will get a spam-score header saying just
 the value of the spam score, instead of the row of characters representing
 the score.
 This can also be the filename of a ruleset.

 This is the text to add to the start of the subject if the
 "Spam Modify Subject" option is set.
 The exact string "_SCORE_" will be replaced by the numeric
 SpamAssassin score.
 The exact string "_STARS_" will be replaced by a row of stars
 whose length is the SpamAssassin score.
 This can also be the filename of a ruleset.

 Are you using Exim with split spool directories? If you don't understand
 this, the answer is probably "no". Refer to the Exim documentation for
 more information about split spool directories.

 Still deliver (after cleaning) messages that contained viruses listed
 in the above option ("Silent Viruses") to the recipient?
 Setting this to "yes" is good when you are testing everything, and
 because it shows management that MailScanner is protecting them,
 but it is bad because they have to filter/delete all the incoming virus
 warnings.

 Note: Once you have deployed this into "production" use, you should set
 Note: this option to "no" so you don't bombard thousands of people with
 Note: useless messages they don't want!

 This can also be the filename of a ruleset.

 Set where to find the message text sent to users when one of their
 attachments has been deleted from a message and stored in the quarantine.
 These can also be the filenames of rulesets.

 This is the syslog "facility" name that MailScanner uses. If you don't
 know what a syslog facility name is, then either don't change this value
 or else go and read "man syslog.conf". The default value of "mail" will
 cause the MailScanner logs to go into the same place as all your other
 mail logs.

 Where the MS-TNEF expander is installed.
 This is EITHER the full command (including maxsize option) that runs
 the external TNEF expander binary,
 OR the keyword "internal" which will make MailScanner use the Perl
 module that does the same job.
 They are both provided as I am unsure which one is faster and which
 one is capable of expanding more file formats (there are plenty!).

 The --maxsize option limits the maximum size that any expanded attachment
 may be. It helps protect against Denial Of Service attacks in TNEF files.
 This can also be the filename of a ruleset.
TNEF Expander  = internal

 The maximum length of time the TNEF Expander is allowed to run for 1 message.
 (in seconds)

 Where the "unrar" command is installed.
 If you haven't got this command, look at www.rarlab.com.

 This is used for unpacking rar archives so that the contents can be
 checked for banned filenames and filetypes, and also that the
 archive can be tested to see if it is password-protected.
 Virus scanning the contents of rar archives is still left to the virus
 scanner, with one exception:
 If using the clavavmodule virus scanner, this adds external RAR checking
 to that scanner which is needed for archives which are RAR version 3.

 The maximum length of time the "unrar" command is allowed to run for 1
 RAR archive (in seconds)

 This is the text used by the "Mark Unscanned Messages" option above.
 This can also be the filename of a ruleset.

 Use the Custom Spam Scanner. This is code you will have to write yourself,
 a function called "GenericSpamScanner" stored in the file
 MailScanner/lib/MailScanner/CustomFunctions/GenericSpamScanner.pm
 It will be passed
  $IP      - the numeric IP address of the system on the remote end
             of the SMTP connections
  $From    - the address of the envelope sender of the message
  $To      - a perl reference to the envelope recipients of the message
  $Message - a perl reference to the list of line of the message
 A sample function is given in the correct file in the distribution.
 This sample function also includes code to show you how to make it run
 an external program to produce a spam score.
 This can also be the filename of a ruleset.

 When trying to work out the value of configuration parameters which are
 using a ruleset, this controls the behaviour when a rule is checking the
 "To:" addresses.
 If this option is set to "yes", then the following happens when checking
 the ruleset:
   a) 1 recipient. Same behaviour as normal.
   b) Several recipients, but all in the same domain (domain.com for example).
      The rules are checked for one that matches the string "*@domain.com".
   c) Several recipients, not all in the same domain.
      The rules are checked for one that matches the string "*@*".

 If this option is set to "no", then some rules will use the result they
 get from the first matching rule for any of the recipients of a message,
 so the exact value cannot be predicted for messages with more than 1
 recipient.

 This value *cannot* be the filename of a ruleset.

 Do you want to find spam using the "SpamAssassin" package?
 This can also be the filename of a ruleset.

 If this is set to yes, then most of the URL in a link must match the
 destination address it claims to take you to. This is the default as it is
 a much stronger test and is very hard to maliciously avoid.
 If this is set to no, then just the company name and country (and any
 names between the two, dependent on the specific country) must match.
 This is not as strict as it will not protect you against internal
 malicious sites based within the company being abused. For example, it would
 not find www.nasty.company-name.co.uk pretending to be
 www.nice.company-name.co.uk. But it will still detect most phishing attacks
 of the type www.nasty.co.jp versus www.nice.co.jp.
 Depending on the country code it knows how many levels of domain need to
 be checked.
 This can also be the filename of a ruleset.

 When the TNEF (winmail.dat) attachments are expanded, should the
 attachments contained in there be added to the list of attachments in
 the message?
 If you set this to "add" or "replace" then recipients of messages sent
 in "Outlook Rich Text Format" (TNEF) will be able to read the attachments
 if they are not using Microsoft Outlook.

 no      => Leave winmail.dat TNEF attachments alone.
 add     => Add the contents of winmail.dat as extra attachments, but also
            still include the winmail.dat file itself. This will result in
            TNEF messages being doubled in size.
 replace => Replace the winmail.dat TNEF attachment with the files it
            contains, and delete the original winmail.dat file itself.
            This means the message stays the same size, but is usable by
            non-Outlook recipients.

 This can also be the filename of a ruleset.

 If the message contained a virus, do you want to modify the subject line?
 This can be 1 of 4 values:
      no    = Do not modify the subject line, or
      start = Add text to the start of the subject line, or
      yes   = Add text to the start of the subject line, or
      end   = Add text to the end of the subject line.
 This makes filtering in Outlook very easy.
 This can also be the filename of a ruleset.

 This is the name of the file that translates the names of the virus
 scanners into the commands that have to be run to do the actual scanning.

 Which Virus Scanning package to use:
 sophos    from www.sophos.com, or
 sophossavi (also from www.sophos.com, using the SAVI perl module), or
 mcafee    from www.mcafee.com, or
 command   from www.command.co.uk, or
 bitdefender from www.bitdefender.com, or
 drweb     from www.dials.ru/english/dsav_toolkit/drwebunix.htm, or
 kaspersky-4.5 from www.kaspersky.com (Version 4.5 and newer), or
 kaspersky from www.kaspersky.com, or
 kavdaemonclient from www.kaspersky.com, or
 etrust    from http://www3.ca.com/Solutions/Product.asp?ID=156, or
 inoculate from www.cai.com/products/inoculateit.htm, or
 inoculan  from ftp.ca.com/pub/getbbs/linux.eng/inoctar.LINUX.Z, or
 nod32     for No32 before version 1.99 from www.nod32.com, or
 nod32-1.99 for Nod32 1.99 and later, from www.nod32.com, or
 f-secure  from www.f-secure.com, or
 f-prot    from www.f-prot.com, or
 panda     from www.pandasoftware.com, or
 rav       from www.ravantivirus.com, or
 antivir   from www.antivir.de, or
 clamav    from www.clamav.net, or
 clamavmodule (also from www.clamav.net using the ClamAV perl module), or
 clamd     (also from www.clamav.net using the clamd daemon)
           *Note: read the comments above the "Incoming Work Group" setting*,
           or
 trend     from www.trendmicro.com, or
 norman    from www.norman.de, or
 css       from www.symantec.com, or
 avg       from www.grisoft.com, or
 vexira    from www.centralcommand.com, or
 symscanengine from www.symantec.com (Symantec Scan Engine, not CSS), or
 avast     from www.avast.com, or
 avastd    (also from www.avast.com and relies on avastd to be configured
           [read 'man avastd.conf'] and running), or
 generic   One you wrote: edit the generic-wrapper and generic-autoupdate
           to fit your own needs. The output spec is in generic-wrapper, or
 none      No virus scanning at all.

 Note for McAfee users: do not use any symlinks with McAfee at all. It is
                        very strange but may not detect all viruses when
                        started from a symlink or scanning a directory path
                        including symlinks.

 Note: If you want to use multiple virus scanners, then this should be a
       space-separated list of virus scanners. For example:
       Virus Scanners = sophos f-prot mcafee

 Note: Make sure that you check that the base installation directory in the
       3rd column of virus.scanners.conf matches the location you have
       installed each of your virus scanners. The supplied
       virus.scanners.conf file assumes the default installation locations
       recommended by each of the virus scanner installation guides.

 Note: If you specify "auto" then MailScanner will search for all the
       scanners you have installed and will use all of them. If you really
       want none, then specify "none".

 This *cannot* be the filename of a ruleset.

 The maximum length of time the commercial virus scanner is allowed to run
 for 1 batch of messages (in seconds).

 Do you want to scan email for viruses?
 A few people don't have a virus scanner licence and so want to disable
 all the virus scanning.
 If you use a ruleset for this setting, then the mail will be scanned if
 *any* of the rules match (except the default). That way unscanned mail
 never reaches a user who is having their mail virus-scanned.

 If you want to be able to switch scanning on/off for different users or
 different domains, set this to the filename of a ruleset.
 This can also be the filename of a ruleset.

 This is the text to add to the start of the subject if the
 "Virus Modify Subject" option is set.
 This can also be the filename of a ruleset.