QmailtoasterMain Page | About | Help | FAQ | Special pages | Log in

Printable version | Disclaimers | Privacy policy

Simscan

From Qmailtoaster

Disclaimer: Most of the following is selectively copied from the fine folks at Inter7 (Reference: http://www.qmailwiki.org/Simscan/Guide). What will go here will be the essentials to help you understand simscan and how to tweak the toaster to you liking/needs. Things in the Inter7 documentation, such as compile time options, are omitted--because that is taken care of for us by the qmail-toaster team.

Simscan: what is it? Simscan was written for people who need a fast and efficent way to do virus scanning or spamassassin processing or attachment blocking. Simscan is less than 100K and uses the standard system libraries so it loads and runs much faster that the other well-known option for pre-processing, qmail-scanner.

Simscan: control files? Located at /var/qmail/control, simcontrol is the one and only file you need to edit to enable and controls these three features: Clamav and SpamAssassin and attachment blocking. Simscan reads info in from simcontrol.cdb and simversions.cbd and uses that info to scan and mark mails. Build the cdb's anytime you make changes to the simcontrol file or update SA or ClamAV by executing:

#/var/qmail/bin/simscanmk
#/var/qmail/bin/simscanmk -g

They say you do not have to stop the toaster to build this file. Rebuilding assures simscan is using the current simcontrol file and marking (in email headers) the current installed versions of spamassassin and clamav.

I cannot seem to remember the commands to rebuild the cdb, so I bashed one up to do it for me, automagically...put it in /etc/cron.hourly...this way all your cdbs are never more than an hour old.

#!/bin/bash
/var/qmail/bin/simscanmk
sleep 2
/var/qmail/bin/simscanmk -g
sleep 2
/var/qmail/bin/qmail-badloadertypes
sleep 2
/var/qmail/bin/qmail-badmimetypes
sleep 2
qmailctl cdb
#eof


WORKSFORME. (don't forget to chmod x the file you save that as, like I did)


Stock 1-line simcontrol file Your fresh toaster-install simcontrol file would look very much like this:

:clam=yes,spam=yes,spam_hits=12,attach=.exe:.pif:.scr

Breaking this down using parentheses() to help with clarity: (:) is default, as in default processing rule--higher ranking rules can be applied. (clam=yes) scan with clamd (spam=yes) scan with spamd (spam_hits=12) spam score of 12 or greater will be deleted--not delivered once the score hits 12 in this case (attach=.exe:.pif:.scr) block messages with attachments that have these extensions. If that is the only rule in simcontrol, every single mail for every single recipient on every single domain that is accepted by the toaster would be processed by those parameters.

The order of precedence for simcontrol file processing is:

email address (overrides all)
domain (overrides default)
default (only used if not overridden by domain or email address)

Lets get complicated (1 file, 3 lines):

postmaster@example.com:clam=yes,spam=no,attach=.txt:.com
example.com:clam=no,spam=yes,attach=.mp3
:clam=yes,spam=yes,spam_hits=5

Breaking this down:

--mail specifically for postmaster@example.com gets clamd and blocked attachments for .com and .txt, no spamd--mail for every user at example.com (except postmaster) gets spamd and blocked mp3 files, no clamd--all mail not destined for the first 2 user/domain conditionals gets clamd and spamd with spam scoring more than 5 deleted, no attachment blocking. That applies to all domains accepting mail on the toaster.

Regex matching is supported in the toaster, and it would be configured in simcontrol...see http://www.qmailwiki.org/Simscan/Guide (don't know nuthin 'bout it)

About Extension Blocking

You need to consider what your users will be sending and determine which extensions to block. Of course, it seems to me that they can get around this by zipping them up, so this is not a failsafe, hard and fast way to secure your mail domain. Note that you add extensions to block by: (dot)(extension-letters)(:)

NOTE: the(:) in this case is a separator, the last trailing (:) not required


Here is a list to save you some typing and give you ideas of files to block:

.ade:.adp:.app:.asd:.asf:.asp:.asx:.avi:.bas:.bat:.bin:.chm:.cil:.cla:.class: .cmd:.com:.cpl:.crt:.csh:.css:.dll:.dot:.email:.eml:.exe:.fxp:.hlp:.hta:.htm: .html:.inf:.ins:.isp:.js:.jse:.ksh:.lnk:.mda:.mdb:.mde:.mdt:.mdw:.mdz:.mov:.mp3: .mpe:.mpeg:.mpg:.msc:.msi:.msp:.mst:.nws:.ocx:.ops:.pcd:.pif:.pl:.pm:.pot:.pps: .prf:.prg:.ps:.rar:.reg:.scf:.scr:.sct:.shb:.shm:.shs:.url:.vb:.vbe:.vbs:.vxd: .wav:.wmd:.wmf:.wms:.wmz:.wsc:.wsf:.wsh:.wsz:.xsl:.xlt:.xlw:


ALSO RELATED

Located at /etc/tcprules.d, tcp.smtp is the file that controls how these rules are applied by delivery-type (local,remote). It also calls chkuser to perform authentication, abuse checks and handles domainkey stuff and many other functions. This simple file is really complex in the instructions it contains and requires further examination. Watch for a more definitive explanation in a new sub-topic coming soon.

Retrieved from "http://wiki.qmailtoaster.com/index.php/Simscan"

This page has been accessed 47,941 times. This page was last modified on 12 July 2008, at 08:16. Content is available under GNU Free Documentation License 1.2.


Find

Browse
Main page
Community portal
Current events
Recent changes
Random page
Help
Edit
View source
Editing help
This page
Discuss this page
New section
Printable version
Context
Page history
What links here
Related changes
My pages
Log in / create account
Special pages
New pages
File list
Statistics
More...