HOWTO mailscanner for sendmail
==============================
by Thomas Chung (tchung AT openwebmail.org)
Last Update: 2002-09-23

1. Download virus scanner software

   fp-linux_sb.rpm from https://www.f-prot.com/download/getfplinfree.html

2. Rename software for future reference

   mv fp-linux_sb.rpm f-prot-3.12a-1.i386.rpm

3. Install virus scanner software

   rpm -Uvh f-prot-3.12a-1.i386.rpm
   
4. Create Daily Cron Job to update virus definition automatically

   cd /etc/cron.daily
   ln -s /usr/local/f-prot/check-updates.sh f-prot.cron

5. Download mail scanner software

   mailscanner-3.22-10.i386.rpm from https://www.sng.ecs.soton.ac.uk/mailscanner/downloads.shtml

6. Install mail scanner software

   rpm -Uvh mailscanner-3.22-10.i386.rpm
   and remove "Sophos.autoupdate" from /etc/cron.daily which is unnecessary since we installed f-prot instead.

7. Change mailscanner config file for f-prot (by default, sophos is used)

  vi /usr/local/MailScanner/etc/mailscanner.conf

  1) Virus Scanner = f-prot

  2) Sweep = /usr/local/f-prot/f-protwrapper


8. Start mailscanner service:

   service mailscanner start

9. That's it!  Now if you receive any email with suspicious attachment, you will be notified by email
   as an example shown below:

=====
This is a message from the MailScanner E-Mail Virus Protection Service
----------------------------------------------------------------------
The original e-mail attachment "07 不一樣 Different.pif"
was believed to be infected by a virus and has been replaced by this warning
message.

If you wish to receive a copy of the *infected* attachment, please
e-mail helpdesk and include the whole of this message
in your request. Alternatively, you can call them, with
the contents of this message to hand when you call.

At Sun Jul 21 16:06:35 2002 the virus scanner said:
   /var/spool/MailScanner/incoming/g6LN6K421609/07 不一樣 Different.pif  Infection: W32/Klez.H@mm
   Shortcuts to MS-Dos programs are very dangerous in email in 07 不一樣 Different.pif

Note to Help Desk: Look on the MailScanner in /var/spool/MailScanner/quarantine (message g6LN6K421609).
-- 
Postmaster

Minor URL Issue in Virus Report
================================
To correct the URL for mailscanner web site in Open Wembail message,

1) cd /usr/local/MailScanner/etc

2) add "https://" in front of "www.mailscanner.info" in following files
   - sender.error.report.txt
   - sender.filename.report.txt
   - sender.virus.report.txt


More tweak on /usr/local/MailScanner/etc/mailscanner.conf
=========================================================

1) If you don't want to deliver the email with virus removed to recipients
   
   Deliver To Recipients = no

2) If you don't want to notify the infected message to sender

   Notify Senders = no

3) If you don't want to keep (quarantine) the infected message

   Action = delete