This page is out of date, please use our new website https://surgemail.com

Virus Protection

SurgeMail has a variety of mechanisms for integrating with various scanners.

The rest of this page is for more obscure configurations...


External SMTP scanner

External smtp scanners (sometimes called "virus wall" scanners) can be used by surgemail. If this kind of scanner is used it is _strongly recommended_ to let surgemail receive the mail from the internet, and then have surgemail pass all mail through the external virus scanner before delivering this locally. This will allow you to make full use of surgemail's spam prevention measures - primarily measures such as SPF, RBL etc that use sender's IP address. If mail is passed through the external scanner BEFORE it gets to surgemail, surgemail will see the external scanners ip address for all inbound mail.

This is configured using gateway rules as follows:

g_gateway domain="*" to="scanner.ip" user="" pass="" relay="false" check="" sms="" local="TRUE"
g_gateway_ifnot "scanner.ip"
g_gateway_ignorewild_ip "scanner.ip"
g_relay_allow_ip "scanner.ip"

=> pass all mail to scanner*
=> deliver local deliveries if from scanner
=> deliver remote deliveries if from scanner
=> allow scanner to send outbound scanned messages

* notes: local="TRUE" means "only accepts mail for local domain if the account exists" and relay="FALSE" means "only accept outbound mail if using smtp authentication or other relay enabling setting" - this is called "restricted relay" in the web admin interface)

Mail getting gatewayed to specific domains through the use of the standard gateway rules can also be scanned. To configure this make sure you have the external smtp scanner setup as described above and the wildcard scanner g_gateway rule is before any gatewayed domains to make sure gatewayed mail is sent to the scanner before the normal gateway rule is matched.

g_gateway domain="*" to="scanner.ip" user="" pass="" relay="false" check="" sms="" local="TRUE"
g_gateway domain="gateway.domain" to="dest.server" user="" pass="" relay="" check="TRUE" sms="" local=""

Arbitrary command line scanner (deleting message or return code)

SurgeMail has the ability to integrate with a variety of other external scanners. These are all less efficient as a separate external process gets executed for each message that passes through the system

  • g_virus_cmd

If defined the mail server will extract MIME parts in a multi part message and run the virus scanner over the extracted file. The command line can include $FILE$ which will be replaced with the actual file name of the extracted part. An intelligent cache is used so mailing lists, etc, will not require running the virus scanner on every message sent.

If you set this to "do_not_run" then SurgeMail will extract the MIME parts but not actually run any program, some virus scanners scan all files on the system so the file is deleted magically and SurgeMail will notice and bounce the message.

If your scanner supports the returning of return codes if a virus is found then you should use g_virus_cmd_codes with this setting as this is more reliable than having to detect if a file is deleted and also means also will work on viruses in archives which a lot of scanners won't delete.

  • g_virus_cmd_codes

This lets SurgeMail listen to the return codes from g_virus_cmd and if the return code matches one specified in this command then it will assume its a virus and reject the message. This is often more reliable than detecting only by using g_virus_cmd as some virus scanners do things a bit differently. Also a lot of scanners won't delete archives containing viruses so this is the best way if your scanner supports it.