Man Linux: Main Page and Category List


       p3scan - fully transparent proxy scanning server for POP3 and SMTP


       p3scan [options]


       p3scan is a fully transparent proxy scanning server for POP3, SMTP, and
       limited POP3S email clients. It runs on a Linux box with iptables  (for
       port redirection).

       It   implements  a  centralized  email  scanning  point,  transparently
       inspecting messages fetched by internal network hosts from servers  "in
       the  wild"  (the  Internet)  for  viruses,  worms,  trojans,  spam  and
       potentially dangerous attachments. Since HTML  email  can  be  used  by
       spammers  to  validate  the recipient address (via Web Bugs) p3scan can
       also provide HTML stripping by using the associated p3pmail (or  other)

       It can also inspect outgoing SMTP messages for virus’s.

       p3scan  can  help  you  in protecting your "Other OS" LAN especially if
       used synergically with a firewall and other proxy servers.


       -a, --renattach=FILE
              Specify location of renattach if wanted

       -A, --altvnmsg
              Creates a copy of ’template=FILE’ for manipulation prior to use.

       -b, --bytesfree=NUM
              Number  (in  KBytes)  that  should  be  available  before we can
              process messages. If not enough, report it and die.

       -B, --broken
              Enable broken processing (some Outlook/Outlook Express clients).

       -c, --viruscode=N[,N]
              The code(s) the scanner returns when a virus is found

       -C, --checksize=NUM
              Number (in KBytes) of the maximum smtp message size.

       -d, --debug
              Turn  on  debugging. See /etc/p3scan/p3scan.conf for recommended
              debug procedure.

       -e, --extra
              Extra notification of recipient’s email address

       -f, --configfile=FILE
              Specify a configfile Default is /etc/p3scan/p3scan.conf

       -F, --footer=CMD
              Specify a command to get the version info  of  your  scanner  if
              using the smtp footer feature file /etc/p3scan/p3scan.footer

       -g, --virusregexp=RX
              Specify  a  RegularExpression  which  describes where to get the
              name of the virus. The first substring is  used,  or  if  regexp
              ends with /X the X substring

       -G  --goodcode
              The  codes  that  enable  the  message to be delivered without a
              warning. For  example  Kaspersky  AV  reports  code  10  for  an
              encrypted .zip file

       -h, --help
              Prints this text

       -i, --ip=IP
              Listen only on IP <IP>. Default: ANY

       -I, --targetip=IP
              Connect only to IP <IP>. Default: use transparent-proxy

       -j, --justdelete
              Just delete infected mail after reporting infection

       -k, --checkspam
              Turn on Spam Checking

       -K, --emergcon
              Emergency  Contact  email  address  to  be  notified in event of
              program termination like no disk space.

       -l, --pidfile=FILE
              Specify where to write a pid-file

       -L, --sslport=PORT
              Use SSL on connections to port <PORT>. Default 995

       -m, --maxchilds=NUM
              Allow not more then NUM childs

       -M, --ispspam
              Specify a line used by  your  ISP  to  mark  Spam  For  example,
     uses -- Spam --

       -n, --notifydir=DIR
              Create      notification     mails     in     <DIR>     Default:
              /var/spool/p3scan/notify Also used for temporary storage.

       -N, --notify
              Change infected file status line

       -o, --overwrite
              Specify path to HTML parsing program executable.  Default none

       -O, --timeout=NUM
              Specify seconds to use for timeout notification.

       -p, --port=PORT
              Listen on port <PORT>. Default: 8110

       -P, --targetport=PORT
              Connect to port <PORT>. Default:  8110  Ignored  in  transparent
              proxy mode

       -q, --quiet
              Turn off normal reporting

       -r, --virusdir=DIR
              Save infected mails in <DIR> Default: /var/spool/p3scan

       -R, --smtprset
              Change smtp reject message line

       -s, --scanner=FILE
              Specify  the  scanner.  Every  scannertype  handles  this  in  a
              specific way. This could be the scanner- executable or  a  FIFO,
              Socket, ...

       -S, --subject=TEXT
              Change virus reporting subject line

       -t, --template=FILE
              Use virus-notification-template <FILE>

       -T, --scannertype=T
              Define which buildin scanner-frontend to use.  Supported types:
                basic: Basic file invocation scanner
                 avpd:  Kaspersky  AVPDaemon trophie: Trophie antivirus daemon
              (for Trend Antivirus)

       -u, --user=[UID|NAME]
              Run as user <UID>. Default: mail Only takes effect when  started
              as superuser

       -U, --useurl
              Parse  username  for  destination "username#url:port" vice using
              iptables redirection.

       -v, --version
              Prints version information

       -x, --demime
              eXtract all MIME-Parts before scanning

       -X, --Xtra mail program=FILE
              Xtra notification reciept mail program. Default: /bin/mail

       -z, --spamcheck=FILE
              Specify  path  to  Spam  Checking  program  executable   Default
              /usr/bin/spamc (Mail::SpamAssassin)



         Configuration file
         Symlink to the email message templates sent to client in event
         a virus is found. You can create a symlink, or copy a language
         file p3scan-??.mail for any language provided. If you translate
         a mail file into your own language, please consider contributing
         it to the project so that others may enjoy your work.
         Email templates for specific languages.
       /etc/p3scan/p3scan.footer (optional)
         This file is used to add the virus definition info from your scanner
         to an smtp message. It will only be added as a footer if the message
         is not signed cryptographically and is only a text message.
         It is used in conjunction with the "footer" option in the
         following fashion:

         1) If file does not exist and "footer" is defined:
            No footer information will added to outgoing messages, but the p3scan
            version and scanner info will be added to the header.

         2) If file exists but blank and "footer" is defined:
            P3Scan version/host info and scanner info will be added to end of
            message and header.

         3) If file contains information and "footer" is defined:
            All lines of this file will be added to the end of the smtp message and
            then p3scan version/host info and scanner info will be appended.

         4) If file does not exist and "footer" is not defined:
            P3Scan will only insert p3scan version info into the header.
         Executable program file
         This file is written when p3scan is running.
         Each email scanned is manipulated in this directory
         When a virus is found, the email sent to the client is generated here.


       p3scan_readme   /etc/p3scan/p3scan.conf  /etc/p3scan/p3scan.mail  dspam
       spamc spamd renattach p3pmail


       Please report any bugs to the p3scan support mailing list accessable through:


       Jack S. Lai <laitcg at cox dot net>
       and contributers (see CONTRIBUTERS file).