table of contents
other versions
| p3scan(8) | System Manager's Manual | p3scan(8) |
NAME¶
p3scan - fully transparent proxy scanning server for POP3 and SMTP
SYNOPSIS¶
p3scan [options]
DESCRIPTION¶
p3scan is a fully transparent proxy scanning server for POP3, SMTP, and limited POP3S email clients. It runs on a Linux box with iptables (for port redirection).
It implements a centralized email scanning point, transparently inspecting messages fetched by internal network hosts from servers "in the wild" (the Internet) for viruses, worms, trojans, spam and potentially dangerous attachments. Since HTML email can be used by spammers to validate the recipient address (via Web Bugs) p3scan can also provide HTML stripping by using the associated p3pmail (or other) program.
It can also inspect outgoing SMTP messages for virus's.
p3scan can help you in protecting your "Other OS" LAN especially if used synergically with a firewall and other proxy servers.
OPTIONS¶
- -a, --renattach=FILE
- Specify location of renattach if wanted
- -A, --altvnmsg
- Creates a copy of 'template=FILE' for manipulation prior to use. /var/spool/p3scan/children/<pid>/vnmsg
- -b, --bytesfree=NUM
- Number (in KBytes) that should be available before we can process messages. If not enough, report it and die.
- -B, --broken
- Enable broken processing (some Outlook/Outlook Express clients).
- -c, --viruscode=N[,N]
- The code(s) the scanner returns when a virus is found
- -C, --checksize=NUM
- Number (in KBytes) of the maximum smtp message size.
- -d, --debug
- Turn on debugging. See /etc/p3scan/p3scan.conf for recommended debug procedure.
- -e, --extra
- Extra notification of recipient's email address
- -f, --configfile=FILE
- Specify a configfile Default is /etc/p3scan/p3scan.conf
- -F, --footer=CMD
- Specify a command to get the version info of your scanner if using the smtp footer feature file /etc/p3scan/p3scan.footer
- -g, --virusregexp=RX
- Specify a RegularExpression which describes where to get the name of the virus. The first substring is used, or if regexp ends with /X the X substring
- -G --goodcode
- The codes that enable the message to be delivered without a warning. For example Kaspersky AV reports code 10 for an encrypted .zip file
- -h, --help
- Prints this text
- -i, --ip=IP
- Listen only on IP <IP>. Default: ANY
- -I, --targetip=IP
- Connect only to IP <IP>. Default: use transparent-proxy
- -j, --justdelete
- Just delete infected mail after reporting infection
- -k, --checkspam
- Turn on Spam Checking
- -K, --emergcon
- Emergency Contact email address to be notified in event of program termination like no disk space.
- -l, --pidfile=FILE
- Specify where to write a pid-file
- -L, --sslport=PORT
- Use SSL on connections to port <PORT>. Default 995
- -m, --maxchilds=NUM
- Allow not more then NUM childs
- -M, --ispspam
- Specify a line used by your ISP to mark Spam For example, cox.net uses -- Spam --
- -n, --notifydir=DIR
- Create notification mails in <DIR> Default: /var/spool/p3scan/notify Also used for temporary storage.
- -N, --notify
- Change infected file status line
- -o, --overwrite
- Specify path to HTML parsing program executable. Default none
- -O, --timeout=NUM
- Specify seconds to use for timeout notification.
- -p, --port=PORT
- Listen on port <PORT>. Default: 8110
- -P, --targetport=PORT
- Connect to port <PORT>. Default: 8110 Ignored in transparent proxy mode
- -q, --quiet
- Turn off normal reporting
- -r, --virusdir=DIR
- Save infected mails in <DIR> Default: /var/spool/p3scan
- -R, --smtprset
- Change smtp reject message line
- -s, --scanner=FILE
- Specify the scanner. Every scannertype handles this in a specific way. This could be the scanner- executable or a FIFO, Socket, ...
- -S, --subject=TEXT
- Change virus reporting subject line
- -t, --template=FILE
- Use virus-notification-template <FILE>
- -T, --scannertype=T
- Define which buildin scanner-frontend to use. Supported types:
basic: Basic file invocation scanner
avpd: Kaspersky AVPDaemon trophie: Trophie antivirus daemon (for Trend Antivirus) - -u, --user=[UID|NAME]
- Run as user <UID>. Default: mail Only takes effect when started as superuser
- -U, --useurl
- Parse username for destination "username#url:port" vice using iptables redirection.
- -v, --version
- Prints version information
- -x, --demime
- eXtract all MIME-Parts before scanning
- -X, --Xtra mail program=FILE
- Xtra notification reciept mail program. Default: /bin/mail
- -z, --spamcheck=FILE
- Specify path to Spam Checking program executable Default /usr/bin/spamc (Mail::SpamAssassin)
DIRECTORIES/FILES¶
/etc/p3scan /var/run/p3scan /var/spool/p3scan /var/spool/p3scan/children /var/spool/p3scan/notify /usr/doc/p3scan-<version>/AUTHORS /usr/doc/p3scan-<version>/ChangeLog /usr/doc/p3scan-<version>/CONTRIBUTERS /usr/doc/p3scan-<version>/LICENSE /usr/doc/p3scan-<version>/NEWS /usr/doc/p3scan-<version>/README /usr/doc/p3scan-<version>/README-ripmime /usr/doc/p3scan-<version>/README-rpm /usr/doc/pscan-<version>/TODO.list /usr/doc/p3scan-<version>/spamfaq.html /usr/doc/p3scan-<version>/spamfaq.txt /usr/man/man8/p3scan.8.gz /usr/man/man8/p3scan_readme.8.gz /etc/p3scan/p3scan.conf
Configuration file /etc/p3scan/p3scan.mail
Symlink to the email message templates sent to client in event
a virus is found. You can create a symlink, or copy a language
file p3scan-??.mail for any language provided. If you translate
a mail file into your own language, please consider contributing
it to the project so that others may enjoy your work. /etc/p3scan/p3scan-??.mail /etc/p3scan/p3scan-??-??.mail
Email templates for specific languages. /etc/p3scan/p3scan.footer (optional)
This file is used to add the virus definition info from your scanner
to an smtp message. It will only be added as a footer if the message
is not signed cryptographically and is only a text message.
It is used in conjunction with the "footer" option in the
following fashion:
1) If file does not exist and "footer" is defined:
No footer information will added to outgoing messages, but the p3scan
version and scanner info will be added to the header.
2) If file exists but blank and "footer" is defined:
P3Scan version/host info and scanner info will be added to end of
message and header.
3) If file contains information and "footer" is defined:
All lines of this file will be added to the end of the smtp message and
then p3scan version/host info and scanner info will be appended.
4) If file does not exist and "footer" is not defined:
P3Scan will only insert p3scan version info into the header. /usr/sbin/p3scan
Executable program file /var/run/p3scan/p3scan.pid
This file is written when p3scan is running. /var/spool/p3scan/children/$FILES
Each email scanned is manipulated in this directory /var/spool/p3scan/notify/$FILES
When a virus is found, the email sent to the client is generated here.
SEE ALSO¶
BUGS/SUPPORT¶
Please report any bugs to the p3scan support mailing list accessable through: http://sourceforge.net/projects/p3scan
AUTHORS¶
Jack S. Lai <laitcg at cox dot net> and contributers (see CONTRIBUTERS file).
| November 6, 2005 | v2.3.0 |