|
HOWTO install p3scan |
|
P3SCAN |
Download location (HTTP): http://p3scan.sourceforge.net Version used: 2.3.2 |
Before compiling some remarks. First, P3scan is able to "extract the attached files out of a MIME encoded email package".
This is only necessary when the virusscanner you want to use does not do that.
Here I'm using ClamAV which can handle this, so P3scan does not have to do this. This is possible to select this at compiletime:
make the symlink to the Makefile you want:
lrwxrwxrwx Makefile -> Makefile-noripmime
-rw-r--r-- Makefile-noripmime
-rw-r--r-- Makefile-ripmime
|
Futher, you'll have to adjust a header file: p3scan.h.
Change the line with:
#define DEMIME |
into:
#undef DEMIME |
With my version of P3scan (2.3.2) this define is at line 145.
Very important to note is that in some circumstances it's necessary to use the same account for P3scan as ClamAV is
running under: when using the commandlinetool clamdscan it's recommended. If this is the case you do not have to
create a new account. If not, you'll have to create an account, dedicated to P3scan:
groupadd -g 150 clamav useradd -c "Virusscan account" -d /dev/null -g clamav -u 150 -s /bin/false clamav |
Note:
the number 150 is arbitrary: of course you can take any number you want (suitable for your system).
the account for p3scan has to be the same as the virusscanner clamav is running with. In my case this is the same as the name
of the programm, clamav.
There is no configure script: compilation goes direct via the Makefile. This Makefile is ok for my system: installation
of the executable p3scan in /usr/sbin, configurationfiles in /etc/p3scan and runtimefiles in /var/spool/p3scan and
/var/run/p3scan. The only thing to change is the user for p3scan. In the configuration file there is a line like:
user=mail:mail |
Replace this with:
user=clamav:clamav |
or
user=clamav:clamav |
Compilation and installation is simple by just issueing:
|
Configuration files are in /etc/p3scan/, the executable p3scan is in /usr/sbin. Runtimefiles, like the pidfile, is
in /var/run/p3scan, and infected emails go in/var/spool/p3scan.
In the directory /etc/p3scan you'll find futher (templates of) notification emails for receiver.
As said above, templates are in /etc/p3scan directory.
When p3scan discovers that an email is infected, a notification email will be send to the reciever. In the configuration directory are
templates of these emails. Templates have the great benefit cause some values only known at runtime (like USERNAME and VIRUSNAME) are inserted
very easily. P3SCAN is able to insert various values. Look for an example in /etc/p3scan.
After inserting these values, the result will be forwarded to the reciever, instead of the infected email.
By default, p3scan will sent the email /etc/p3scan/p3scan.mail. This file is actually a symlink to the
mailfile in the language of your choice. By default some languages are available (version 2.3.2 : en,fr,ge,it,pl,pt-br,ru and sp) and
writing one myself in my language (nl) was very easy.
P3scan uses a lot parameters. Here I will describe only the most important ones.
P3scan offers you a choice of the ipaddress it wil listen to. Which address to choose depends on your configuration. Most of the times
it's sufficient it listens only to one address, the localhost (127.0.0.1). Iptables will redirect the traffic to the local address.
| Index |