Qmail-Scanner Frequently Asked Questions

  1. Can't do suid: some perl distributions have decided that as running suid perl scripts is a rare event, they won't enable it by default. On these systems this package won't work. Typically the fix is:
     
    chown root /usr/bin/suidperl
    chmod 4711 /usr/bin/suidperl
    
    
    This will allow you to run setuid perl scripts.
  2. YOU HAVEN'T DISABLED SET-ID SCRIPTS IN THE KERNEL YET: some perl distributions have decided that running suid perl scripts is BAD, and they specifically don't support it. For these systems, you have no option but to either
    1. install perl from source - compiling in setuid support, or
    2. install a compiled setuid "wrapper" - which then calls qmail-scanner-queue.pl. Until such time that I can be relatively happy with the security of such C programs, I am not willing to provide such a beast, but I am intending to do so at some stage (hopefully soon). Others using Qmail-Scanner have produced such wrappers...
  3. Scanner XXX isn't supported. If you can read perl, see how the other scanners are supported (e.g. sub-uvscan.pl) and write one to match your scanner! Send me the results and it'll be added! (I cannot justify buying every scanner in existence just to support it - so I must rely on you for that!)
  4. Syslog reports
    perl: error in loading shared
    libraries:
    This is due to Qmail's startup script (e.g. /etc/rc.d/init.d/qmail) having it's ulimits set too low. There isn't enough memory available to the process to deal with invoking perl/etc (see next comment)
  5. Resource Issues: Ensure your Qmail startup script (e.g. /etc/rc.d/init.d/qmail) has high enough ulimits to allow the extra load of perl and the virus scanners it calls! Increase via ulimit (or softlimit) the amount of memory a process can use to ~6M to cover it
  6. How to install Perl modules: I find the CPAN auto-install module to be the easiest way of doing it. e.g. to install Time::HiRes, try
     perl -e 'use CPAN; install Time::HiRes'
    - now that's sweet :-)
  7. AVP is slow Apparently the -V option really slows it down. Removing that from the sub avp_scanner {...} may improve performance at a loss of scanning strength.
  8. Can I install over an existing scan4virus/qmail-scanner system?: Yes you can :-). It's what I did. The only downside is that when antivirus-qmail-queue.pl is overwritten by the newer version, any running copies of it would potentially crash. However, this will just lead to a requeue - so no harm done :-). Also, any od copies of antivirus-qmail-queue.pl is replaced with a symbolic link to the new qmail-scanner-queue.pl. After upgrading you must alter your Qmail startup scripts so that QMAILQUEUE=qmail-scanner-queue.pl
  9. Can I use metamail instead of reformime?: No. metamail used to be supported, but has been found to totally barf on Email containing multipart/alternative MIME attachments - which all HTML Email viruses contain. As such it is not supported.

Jason Haar
Last modified: Thu Aug 24 11:07:19 NZST 2000