summaryrefslogtreecommitdiff
path: root/doc
diff options
context:
space:
mode:
authorStef Walter <stef@memberwebs.com>2004-09-18 03:04:14 +0000
committerStef Walter <stef@memberwebs.com>2004-09-18 03:04:14 +0000
commit0233fd9704025b2472445448282a73dcb223adb7 (patch)
tree4741786126322a03ea4ed28f983781241310513e /doc
parentd1395329541644273d15f7c9b11aa396da308512 (diff)
More warnings about the virus action functionality
Diffstat (limited to 'doc')
-rw-r--r--doc/clamsmtpd.844
-rw-r--r--doc/clamsmtpd.conf.539
2 files changed, 47 insertions, 36 deletions
diff --git a/doc/clamsmtpd.8 b/doc/clamsmtpd.8
index b25f082..526f4ae 100644
--- a/doc/clamsmtpd.8
+++ b/doc/clamsmtpd.8
@@ -137,6 +137,44 @@ setting is set high enough for your transparent proxying. Because
.Nm
is not being used as a filter inside a queue, which usually throttles the amount
of email going through, this setting may need to be higher than usual.
+.Sh VIRUS ACTIONS
+Using the
+.Ar VirusAction
+option you can run a script or program whenever a virus is found. This may
+be handy in certain circumstances but it has several drawbacks. For one, the
+performance of the virus filtering will take a hit, perhaps DOS'ing your
+machine under heavy load. Secondly as with running any program there are
+security implications to be considered.
+.Pp
+.Please consider the above carefully before implementing a virus action.
+.Pp
+The script is run without its output being logged, or return value being
+checked. Because of this you should test it thoroughly. Make sure it runs
+without problems under the user that
+.Xr clamsmtpd 8
+is being run as.
+.Pp
+Various environment variables will be present when your script is run. You
+may need to escape them properly before use in your favorite scripting
+language. Failure to do this could lead to a REMOTE COMPROMISE of your
+machine.
+.Bl -tag -width Fl
+.It Ar EMAIL
+When the
+.Ar Quarantine
+option is enabled, this specifies the file that the virus was saved to.
+.It Ar RECIPIENTS
+The email addresses of the email recipients. These are specified one per
+line, in standard address format.
+.It Ar SENDER
+The email address for the sender of the email.
+.It Ar TMP
+The path to the temp directory in use. This is the same as the
+.Ar TempDirectory
+option.
+.It Ar VIRUS
+The name of the virus found.
+.El
.Sh SECURITY
There's no reason to run this daemon as root. It is meant as a filter and should
listen on a high TCP port. It's probably a good idea to run it using the same
@@ -152,6 +190,12 @@ writeable location. Specify the directory using the
.Ar TempDirectory
setting.
.Pp
+When using the
+.Ar VirusAction
+option make sure you understand the security issues involved. Unescaped
+environment variables can lead to execution of arbitrary shell commands
+on your machine.
+.Pp
If running
.Nm
on a publicly accessible IP address or without a firewall please be sure to
diff --git a/doc/clamsmtpd.conf.5 b/doc/clamsmtpd.conf.5
index f79be11..f528eb9 100644
--- a/doc/clamsmtpd.conf.5
+++ b/doc/clamsmtpd.conf.5
@@ -130,7 +130,9 @@ must be started as root. It will then drop root privileges and run as the
specified user. The user can either be a name or a numerical user id.
.It Ar VirusAction
This is a command to run when a virus is found. See the VIRUS ACTION section
-below for a discussion of this option.
+in
+.Xr clamsmtpd 8
+for a discussion of this option.
.El
.Sh ADDRESSES
Addresses can be specified in multiple formats:
@@ -144,41 +146,6 @@ the port number (ie: '127.0.0.1:3310').
.It
IPv6 addresses are implemented but disabled. The code needs testing.
.El
-.Sh VIRUS ACTIONS
-Using the
-.Ar VirusAction
-option you can run a script or program whenever a virus is found. This may
-be handy in certain circumstances but it has several drawbacks. For one, the
-performance of the virus filtering will take a hit, perhaps DOS'ing your
-machine under heavy load. Secondly as with running any program there are
-security implications to be considered.
-.Pp
-.Please consider the above carefully before implementing a virus action.
-.Pp
-The script is run without its output being logged, or return value being
-checked. Because of this you should test it thoroughly. Make sure it runs
-without problems under the user that
-.Xr clamsmtpd 8
-is being run as.
-.Pp
-Various environment variables will be present when your script is run:
-.Bl -tag -width Fl
-.It Ar EMAIL
-When the
-.Ar Quarantine
-option is enabled, this specifies the file that the virus was saved to.
-.It Ar RECIPIENTS
-The email addresses of the email recipients. These are specified one per
-line, in standard address format.
-.It Ar SENDER
-The email address for the sender of the email.
-.It Ar TMP
-The path to the temp directory in use. This is the same as the
-.Ar TempDirectory
-option.
-.It Ar VIRUS
-The name of the virus found.
-.El
.Sh SEE ALSO
.Xr clamsmtpd 8
.Sh AUTHOR