Qscanc home : internet : mail : toaster : filtering : content filtering : Qmail-Scanner qmailscanner statistics

QMAIL-SCANNER

Qmail-Scanner is a very lovable content scanner that offers some excellent filtering capabilities. It can filter based on content type, file extensions, key words, viruses, spam, etc. It supports a very long list of virus and spam filters including ClamAV, SpamAsssassin, F-prot, etc.

Unfortunatelly, it's written in perl and thus carries lots of overhead. It can quickly crush a busy mail server. Also, rather than blocking messages during the SMTP conversation, it writes them into it's own quarantine and thus it can't "deny" the message, only bounce it. Of course, most of the virus laden messages can't be bounced because they're sent by zombie PC's so q-s leaves behind all the virus laden or otherwise blocked messages.

By popular request, I wrote an extension to toaster-watcher.pl that regularly cleans up the quarantine. Qmail-scanner is installed by running "toaster_setup.pl -s qmailscanner".

Qmail-Scanner is still in use by many but nearly everyone with any significant load on their email servers has switched to simscan.

C wrapper or suid perl?

Older versions of Mail::Toaster installed /var/qmail/bin/qmail-scanner-queue.pl with permissions of 4755. This requires having a setuid perl. However, newer versions default to using the C wrapper included with qmail-scanner. This removes the setuid perl dependency.

As such, the permissions on qmail-scanner-queue.pl should be 0755, while the permissions on the C wrapper (qmail-scanner-queue) should be 4755. All should be owned by the clamav user/group.

There was a deprecated use of chmod in my script so the permissions on the C wrapper weren't being set properly. You can fix this by running "chmod 4755 /var/qmail/bin/qmail-scanner-queue". Version 4.05 of Mail::Toaster includes this update.

Note that to use the C wrapper, you should set QMAILQUEUE to point to the C wrapper, not the perl version of the script. -- Matt

Q: How do I enable or disable Qmail-Scanner?

A: Qmail-Scanner is enabled based on if the QMAILQUEUE environment variable is set for that SMTP connection. You must set this in some fashion. It is recommended that you edit ~vpopmail/etc/tcp.smtp and add a line such as:

  • 10.1.1.1:allow,QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl"
  • 10.1.1.2:allow,QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue"

where 10.0.1.1 is the IP you wish to enable Qmail-Scanner for. The second example is using the C wrapper, which is what you should be using.

Don't forget to rebuild tcp.smtp after editing that file. (qmail cdb)

Versions of Mail::Toaster after 3.4x may add QMAILQUEUE to your smtp/run based on your settings in toaster-watcher.conf.


sub-sections
qmailscanner statistics

Last modified on 4/28/05.