
                         +----------------------+
                         |                      
                         |   AntiVir MailGate   
                         |                      
                         |      USER MANUAL     
                         |                      
                         |    last modified:    
                         |      27.01.2005      
                         |                      
                         +----------------------+




Contents
========

    Introduction
        Intended Audience
        AntiVir MailGate Overview

    avgated
        avgated usage

    avgatefwd
        avgatefwd usage
	The rejected directory

    Configuration File

        General parameters
            User
            Group
            Postmaster
            MyHostName
            SpoolDir
            AntiVirDir
            TemporaryDir
            PidDir
	    MaxIncomingConnections
            SMTPTimeout 
            MaxMessageSize
            MaxRecipientsPerMessage
            MinFreeBlocks
            MaxForwarders
            BlockSuspiciousMime
            ExposeAlerts
            ListenAddress
            ForwardTo
            RefuseEmptyMailFrom
            PollPeriod
	    AlertsUser
            BounceMessageUser
	    AddPrecedenceHeader
	    AddressFilter
	    FilterTableOrder
	    UseProxy
	    ProxyServers
	    ProxyConnections
 	    LogFile
	    MaxAttachments
	    AddHeaderToNotice
	    BounceMessageSizeBody
	    BounceMessageSizeHeader
	    AddXHeader
	    AddReceivedByHeader
	    MaxHopCount
	    ThrottleMessageCount
	    ThrottleDelay
	    ForwarderRetryDelay
	    QueueLifetime
	    SMTPHeloTimeout
	    SMTPMailFromTimeout
	    SMTPRcptTimeout
	    SMTPDataTimeout
	    SMTPDataBlockTimeout
	    SMTPDataPeriodTimeout

        Scanning of files in an archive
	    ArchiveMaxRecursion 
	    ArchiveMaxSize
	    ArchiveMaxRatio
            BlockSuspiciousArchive

        Handling Envelope Recipient Addresses
            AllowSourceRouting
            InEnvelopeAddressesBangIs
            InEnvelopeAddressesPercentIs
            AcceptLooseDomainName
            Examples
            Recommended settings

        Adding a notification in the body of transmitted emails
            AddStatusInBody
            ForwardAllEmailAsMIME

    Access Control Lists File

    Notification Templates

    Notice Mail Restrictions (avmailgate.warn)

    Address Filter Tables (avmailgate.scan and avmailgate.ignore)



Introduction
============

    Intended Audience
    -----------------

        This document is intended  for the UNIX adminstrators who will
        install and configure  AntiVir MailGate, the anti-virus  email
        filter from H+BEDV Datentechnik GmbH.

        General  UNIX  administration  skills  and  MTA  configuration
        knowledge are pre-requisites.

        Questions, comments and suggestions regarding this document or
        AntiVir MailGate may be directed to:

            mailto:support@antivir.de

        For more  information  on AntiVir  please visit  our web  site
        http://www.antivir.de or http://www.hbedv.com 



    AntiVir MailGate Overview
    -------------------------

                           +-----------------------+
                           |       avgated         |
                           +-----------------------+
                                       |
                                       |
                                       |
                                       V
                             +-------------------+
                             |    Input Queue    |+
                             |                   ||
                             +-------------------+|
                              +-------------------+
                                       |
                                       V
                            +-----------------------+
                            |       avgatefwd       |
                            +-----------------------+
                                  |          |
                   +--------------+          +--------------+
                   |                                        |
                   V                                        V
         +-------------------+  force Delivery     +-------------------+
         | Error/Alerts Queue|+ ------------------>|  Output Queue     |+
         |                   ||                    |                   ||
         +-------------------+|                    +-------------------+|
          +-------------------+                     +-------------------+
                                                            |
                                                            V
                                                  +-----------------------+
                                                  |      avgatefwd        |
                                                  +-----------------------+
                                                        |    |
                        +-------------------------------+    |
                        |                                    |
                        V                                    V
             +-----------------------+            +-----------------------+
             | other MTA sendmail    |            |         SMTP          |
             +-----------------------+            +-----------------------+


        AntiVir MailGate is composed of two kind of processes:

            - avgated:       the smtpd receiver that stores incoming emails
                             into the input queue. (daemon)

            - avgatefwd:     scanning function and SMTP forwarder and
                             sendmail invoker. (daemon)



avgated
=======

    avgated usage
    -------------

        avgated [-V|--version] [-i] [-p port] [-C config-file] [-D debug-level]


        -V or --version     Print the version number and exit.

        -C config-file      Specify an alternative configuration file,
                            instead        of        the       default
                            '/etc/avmailgate.conf'.

        -A acl-file         Specify an alternative Access Control List
                            file,     instead    of     the    default
                            '/etc/avmailgate.acl'.

        -i                  Runs  avgated  in  inetd mode  doing  SMTP
                            conversation  via  stdin  and stdout.  See
                            inetd(8)  for   information  on  how  this
                            works.

        -p port             Specify  the port  at  which avgated  will
                            listen for incoming SMTP sessions, instead
                            of the normal smpt (25) port.

        The following options are used while debugging:

        -D debug-level      Set the debug level (a small integer).

        -R remote.host      Specify the remote host domain name.
                            Imply -i.

        -r remote-ip-addr   Specify the remote host IP address (aaa.bbb.ccc.ddd).
                            Imply -i.

        -q port             Specify the remote host TCP port.

        When run interactively, the SMTP daemon directly converse with
        the terminal instead of working with a TCP port.



avgatefwd
=========

    avgatefwd usage
    ---------------

        avgatefwd [-V|--version] [-C config file] [-D debug level]"

        -V or --version     print the version number and exit.

        -C config-file      specify an alternative configuration file,
                            instead        of        the       default
                            '/etc/avmailgate.conf'.

        -D debug-level      set the debug level (a small integer).


    The rejected directory
    ----------------------

    	Mails that were rejected are moved to the rejected directory.
	NOTE:
	You have to manually remove the files from the rejected
	directory!


Configuration File
==================

    The configuration for AntiVir MailGate is  '/etc/avmailgate.conf'.
    It's  used  by  all  the  programs  of AntiVir  MailGate (avgated,
    avgatefwd).

    Comments can be written anywhere in the configuration file (but in
    a quoted string), starting with a  '#' character, up to the end of
    the line.

    Spaces or tabulations can be placed anywhere.

    Parameter  names  and  parameter  values  may  be  quoted  (')  or
    double-quoted ("), and must be  quoted when they contain spaces or
    tabulations or a double-quote or  a quote. The quotes don't affect
    the values, or the type (numeric or alphanumeric) of the value.

        ParamExampleNumber      1234
        ParamExampleNumber      "1234"
        ParamExampleSimple      a-name
        ParamExampleSpace       "One Space"
        ParamExampleQuote       "6'"
        ParamExampleDblQuote    '3"1/2'
        'QuotedParamExample'    quoted
        "DblQuotedParamExample" dbl-quoted

    Usually parameters  are merely given  with the parameter  name and
    the parameter value on the same line. However some parameters have
    a more  complex syntax,  but all stand  on a single  line starting
    with the parameter name.

    The  parameter  names  and  and  the  parameter  values  that  are
    keywords, are not case sensitive:

       BoolParamExample         Yes   # Could be written as TRUE too.
       BoolParamExample         YEs
       BoolParamExample         yEs
       BOOLPARAMEXAMPLE         yes
       boolparamexample         YES   # Well, you get the point...

    are all the same.

    Boolean parameters values can be written  as YES or NO, or as TRUE
    or FALSE.


    First  are presented  general  parameters that  apply  to all  the
    programs  composing  AntiVir  MailGate,  then  those  specific  to
    avgated, and lastly those specific to avgatefwd.



    General parameters
    ------------------

        The  parameters presented  in this  section are  used  by both
        avgated and avgatefwd.



        User
        ....

            This  parameter allow  the administrator  to set  the UNIX
            user  under  which AntiVir MailGate  will run  (the  owner
            of AntiVir MailGate).

            This should NOT be root.

            The  parameter  must be  a  login  name  as found  in  the
            /etc/passwd file.


            Syntax:
              User    "string"

            Default value:
              User    uucp




        Group
        .....

            This  parameter allows  the administrator  to set  the UNIX
            group under which AntiVir MailGate will run.

            This should NOT be root.

            The  parameter  must  be  a group name  as  found  in  the
            /etc/group file.


            Syntax:
              Group    "string"

            Default value:
              Group    antivir




        Postmaster
        ..........

            This   parameter   specifies    the   email   address   of
            Postmaster. It's  the address where  notifications that an
            email contained  an alert are  sent (beside the  sender and
            recipient of the veroled email).


            Syntax:
              Postmaster    "string"

            Default value:
              Postmaster    postmaster.

            An example of value may be:
              Postmaster virusmaster@admins.department.example.com



        MyHostName
        ..........

            This parameter specifies the FQDN of the localhost.


            Syntax:
              MyHostName    "string"

            Default value:
              If not set in configuration  file, is  that obtained  by
              gethostname(2), or if this fails, "localhost".



        SpoolDir
        ........

            This  parameter   specifies  the  spool   directory  where
            AntiVir MailGate stores the messages it processes.


            Syntax:
              SpoolDir    "string"

            Default value:
              SpoolDir    /var/spool/avmailgate



        AntiVirDir
        ..........

            This   parameter  specifies   the  library   directory  of
            AntiVir  MailGate,   where   the  key   file,  the  alert 
            definition  file  and  other  critical  data  for  AntiVir
            MailGate are stored.


            Syntax:
              AntiVirDir    "string"

            Default value:
              AntiVirDir    /usr/lib/AntiVir



        TemporaryDir
        ............

            This  parameter specifies  the  temporary  directory  name
            where emails will be extracted and scanned.


            Syntax:
              TemporaryDir    "string"

            Default value:
              TemporaryDir    /var/tmp



        PidDir
	......

            This parameter specifies  the location of the pid files  of
            the daemons.


            Syntax:
              PidDir /var/tmp

            Default value:
              PidDir /var/tmp



	LogFile
	.......

	    Specify a full path with a filename to which AntiVir MailGate
	    will write its log messages. AntiVir MailGate still logs to syslog
	    even if this option is set.

	    Syntax:
	      LogFile /var/log/avmailgate.log

	    Default value:
	      LogFile NO



        MaxIncomingConnections
        ......................

            This   parameter  specifies   the  number  of  simultanous
            connections.

            The number  of simultanous connections  from  remote sites
            should be limited. A limit of 0 disables this feature.


            Syntax:
              MaxIncomingConnections    "integer"

            Default value:
              MaxIncomingConnections    0



        SMTPTimeout 
        ...........

            This  parameter  specifies the number of  seconds until  a
            timeout occures in SMTP conversation.


            Syntax:
              SMTPTimeout    "integer"

            Default value:
              SMTPTimeout    300



        SMTPGreetingTimeout
	...................

	    This parameter specifies the number of seconds until a timeout
	    occurs when waiting for the SMTP greeting message of the remote host.

	    Syntax:
	      SMTPGreetingTimeout	"integer"

	    Default value:
	      SMTPGreetingTimeout	300



        SMTPHeloTimeout
	...............

	    This parameter specifies the number of seconds until a timeout
	    occurs when waiting for the SMTP HELO/EHLO reply of the remote host.

	    Syntax:
	      SMTPHeloTimeout	"integer"

	    Default value:
	      SMTPHeloTimeout	300



        SMTPMailFromTimeout
	...................

	    This parameter specifies the number of seconds until a timeout
	    occurs when waiting for the SMTP MAIL FROM reply of the remote host.

	    Syntax:
	      SMTPMailFromTimeout	"integer"

	    Default value:
	      SMTPMailFromTimeout	300



        SMTPRcptTimeout
	...............

	    This parameter specifies the number of seconds until a timeout
	    occurs when waiting for the SMTP RCPT TO reply of the remote host.

	    Syntax:
	      SMTPRcptTimeout	"integer"

	    Default value:
	      SMTPRcptTimeout	300



        SMTPDataTimeout
	...............

	    This parameter specifies the number of seconds until a timeout
	    occurs when waiting for the SMTP DATA reply of the remote host.

	    Syntax:
	      SMTPDataTimeout	"integer"

	    Default value:
	      SMTPDataTimeout	120



        SMTPDataBlockTimeout
	....................

	    This parameter specifies the number of seconds until a timeout
	    occurs when sending data to the remote host.

	    Syntax:
	      SMTPDataBlockTimeout	"integer"

	    Default value:
	      SMTPDataBlockTimeout	180



        SMTPDataPeriodTimeout
	.....................

	    This parameter specifies the number of seconds until a timeout
	    occurs when waiting for the reply to the terminating '.' of the DATA command.

	    Syntax:
	      SMTPDataPeriodTimeout	"integer"

	    Default value:
	      SMTPDataPeriodTimeout	600



        MaxMessageSize
        ..............

            This parameter  specifies the maximum of message  size  in
            bytes.

            This value should be  set to  the same number used by your
            MTA.
            A limit of 0 disables this feature.


            Syntax:
              MaxMessageSize    "integer"

            Default value:
              MaxMessageSize    0



        MaxRecipientsPerMessage
        .......................

            This parameter specifies the maximum number of recipients.

            This limit  should be  limited to  100 as  recommended  in
            REC 821.
            A limit of 0 disables this feature.


            Syntax:
              MaxRecipientsPerMessage    "integer"

            Default value:
              MaxRecipientsPerMessage    100



        MinFreeBlocks
        .............

            This parameter specifies the number of free blocks on file
            system.
            The  incoming  connection  will  not be  accepted, if  the
            number of free blocks reaches this limit.
            A limit of 0 disables this feature.


            Syntax:
              MinFreeBlocks    "integer"

            Default value:
              MinFreeBlocks    0



        MaxForwarders
        .............

            This parameter  specifies the  maximum number  of  forward
            processes of avgatefwd.
            The number is  dependend on the performance of mail system
            and quality of network connection.
            The default value should be increased, if the  performance
            of the used mail system and the connection to the  network
            is low.


            Syntax:
              MaxForwarders    "integer"

            Default value:
              MaxForwarders    10



        BlockSuspiciousMime
        ...................

            This parameter specifies if suspicious MIME emails will be
            blocked.
            The delivery  of suspicious  MIME emails  will be stopped,
            if more than the number given with "MaxAttachments"
	    attachments is reached.


            Syntax:
              BlockSuspiciousMime    YES | NO

            Default value:
              BlockSuspiciousMime    YES



        Expose*Alerts
        ............

            These  parameters specify  if alerts will  be  sent
            to the sender and/or recipient and/or postmaster.


            Syntax:
              Expose*Alerts    YES | NO | LOCAL

            Default value:
	      Please have a look at the configuration file.



	AlertsUser
	...............

	     User name of sender of alerts, if an alert was found in a mail.

	     Syntax:
	       AlertsUser username
	       or
	       AlertsUser username@domainname
	       (versions > 2.0.1.16)

 	     Default value:
	     	AlertsUser AvMailGate



        ListenAddress
        .............

            This parameter specifies the interface  and port  the SMTP 
            daemon will listen on. The default interface 0.0.0.0 means
            all interfaces.


            Syntax:
              ListenAddress "string" port "integer"

            Default value:
              ListenAddress 0.0.0.0 port 25

            An example of value may be:
              ListenAdress 192.168.5.20 port 25



        ForwardTo
        .........

            This  parameter  specifies the  type of  email forwarding.
            There are two possibilities  how to  sent emails  further.
            First is, emails could be send by piping  it thru sendmail
            (this is default).
            Second is, to send emails further by SMTP.


            Syntax (by piping):
              ForwardTo string

            Syntax (by SMTP):
              ForwardTo   SMTP: "string" port "string"
               or
              ForwardTo   SMTP: "string" port "integer"

            Default value:
              ForwardTo    /usr/sbin/sendmail -oem -oi

            An example of Syntax when sending by SMTP may be:
              ForwardTo    SMTP: localhost port smtp-backdoor



        RefuseEmptyMailFrom
        ...................

            This  parameter  specifies  if emails  containing a  blank
            sender address will be blocked.

            RFC 1123 explicitly  says in  section 5.2.9  that a  blank
            sender  address  must  be accepted.  If you  don't  accept
            a  blank  sender  address,  then  you  don't have  an SMTP
            server.  Additionally,  you   will   greatly  annoy  other
            postmasters,  possibly  to  the  point  of  being  blocked
            yourself.


            Syntax:
              RefuseEmptyMailFrom    YES | NO

            Default value:
              RefuseEmptyMailFrom    NO



        PollPeriod
        ..........

            PollPeriod specifies the periodicity, in seconds, of  the
            queue scanning done by avgatefwd.


            Syntax:
              PollPeriod    "integer"

            Default value:
              PollPeriod    30	



      	QueueLifetime
        .............

            QueueLifetime specifies the maximum time a message can stay in the
	    queue before it will be bounced.
	    A value of 0 disables this feature.

            Syntax:
              QueueLifetime	"integer""s" | "d" | "m"

            Default value:
              QueueLifetime	0



      	ForwarderRetryDelay
        ...................

            ForwarderRetryDelay specifies the maximum time between retrying
	    to send a queued message.

            Syntax:
              ForwarderRetryDelay "integer""s" | "d" | "m"

            Default value:
              ForwarderRetryDelay	30m



	ThrottleMessageCount
	....................

	    ThrottleMessageCount is only needed if you have a huge queue and you do not
	    want the mails to be processed at once after starting the forwarder daemon.
	    Usually you do not need this option.

	    If this option and the option "ThrottleDelay" is set, only
	    "ThrottleMessageCount" mails will be reprocessed at once. After reprocessing
	    the mails, the forwarder daemon will sleep for "ThrottleDelay" seconds.
	    After "ThrottleDelay" seconds, the daemon will process the next
	    "ThrottleMessageCount" messages. This will be done until all messages
	    are reprocessed.
	    If the queue is empty this option will not be used anymore and throttling
	    will be disabled.

	    NOTE: If the queue gets filled during a throttled reprocessing of mails,
	    the new mails will not be processed immediately!
	    You should not accept mails while a throttled reprocessing of mails is active!

	    A value of 0 disables this feature.

	    Syntax:
	      ThrottleMessageCount	"integer""s" | "d" | "m"

	    Default value:
	      ThrottleMessageCount	0



	ThrottleDelay
	.............

	    ThrottleDelay specifies the amount of seconds the forwarder daemon will
	    sleep after reprocessing "ThrottleMessageCount" queued mails.
	    See option "ThrottleMessageCount".
 
	    A value of 0 disables this feature.

	    Syntax:
	      ThrottleDelay	"integer"

	    Default value:
	      ThrottleDelay	0


 
        BounceMessageUser
        .................

             User name of sender of error (bounce) messages if a  mail
             couldn't be deliverd via MTA.

             Syntax:
               BounceMessageUser     "string"
            
             Default value:
               BounceMessageUser     MAILER-DAEMON 
	       or
               BounceMessageUser     MAILER-DAEMON@domainname




    Scanning of files in an archive
    ----------------------------


         ArchiveMaxRecursion (MaxRecursionDepthInArchive)
         ................................................

            This  parameter  specifies the  maximum of  recursion depth
            of scanning in  archives. If  ArchiveMaxRecursion is
            0,  recursive  archives are going  to be  unpacked with an
            unlimited recursion deep.

            If  ArchiveMaxRecursion is  >0, recursive  archives
            are  going to  be unpacked  up to  the adjusted  recursion
            depth.


            Syntax:
              ArchiveMaxRecursion "integer"

            Default value:
              ArchiveMaxRecursion 20


	 ArchiveMaxSize (MaxFilesizeInArchive)
 	 .....................................

	     If ArchiveMaxSize is 0, all files in an archive
	     will be extracted, don't care of their unpacked size.

	     If ArchiveMaxSize is >0, all files up to the adjusted size will be
	     extracted (in bytes).

	     Syntax:
	       ArchiveMaxSize "integer"

	     Default value:
	       ArchiveMaxSize  0


	 ArchiveMaxRatio
 	 .....................................

	     If the compression ratio of an archive is above the value specified here,
	     the mail will not be scanned completely.  
	   
	     If ArchiveMaxRatio is 0, the mail be scanned completely.
	     You should NOT set this to 0.

	     This option is used to detect "mailbombs".
		  
	     Syntax:
	       ArchiveMaxRatio	integer

	     Default value:
	       ArchiveMaxRatio 150


         BlockSuspiciousArchive
         ......................

             This parameter specifies if  emails containing suspicious
             archives will  be blocked  when ArchiveMaxRecursion, ArchiveMaxRatio
	     or ArchiveMaxSize has been reached.

	     If BlockSuspiciousArchive is NO, don't stop delivery of mails 
	     containing suspicious archives.

	     If BlockSuspiciousArchive is YES, stop delivery of mails
	     containing archives that reached the limits of ArchiveMaxRecursion,
	     ArchiveMaxSize or ArchiveMaxRatio.

             Syntax:
               BlockSuspiciousArchive    YES | NO

             Default value:
               BlockSuspiciousArchive    NO

	       
	 BlockEncryptedArchive
	 .....................

	     Block archives that are encrypted.

	     Syntax:
	       BlockEncryptedArchive    YES | NO 

	     Default value:
	       BlockEncryptedArchive	NO


	 BlockUnsupportedArchive
	 .......................

	     Block archives that can not be handled
	     by the scanner.

	     Syntax:
	       BlockUnsupportedArchive	YES | NO

	     Default value:
	       BlockUnsupportedArchive	NO
	     

	 BlockOnError
	 .......................

	     Block if the mail could not be scanned
	     due to scan timeout or a process error.

	     Syntax:
	       BlockOnError	YES | NO

	     Default value:
	       BlockOnError	NO


    Handling Envelope Recipient Addresses
    ------------------------------------


        The parameters  presented in this section are  used by avgated
        only.

        Two orthogonal  processings are  at hand here:  source routing
        (which normaly  is prohibed now ), and  interpreting bangs and
        percents (which normaly should  be refused, but can be allowed
        for interoperability with  UUCP or strange gateways) [RFC0821,
        RFC0976, RFC1123].

        These processings are  directed by the following configuration
        parameters:


        AllowSourceRouting             YES | NO
        InEnvelopeAddressesBangIs       IGNORED | REFUSED | INTERPRETED
        InEnvelopeAddressesPercentIs    IGNORED | REFUSED | INTERPRETED
        AcceptLooseDomainName          YES | NO



        AllowSourceRouting
        ..................


            When  AllowSourceRouting  is  NO,  if  source  routing  is
            present in the given path, it's removed.
            When  AllowSourceRouting is  YES, then  source  routing is
            honored, and  the messages is  forwared to the  first host
            specified in the route (if relaying is allowed for it, see
            section "Access Control Lists").


            Syntax:
              AllowSourceRouting    YES | NO

            Default value:
              AllowSourceRouting    NO.



        InEnvelopeAddressesBangIs
        ........................

            This configuration parameter directs the interpretation of
            the  bang   character,  "!",  in   the  envelope  recipient
            addresses.

            When InEnvelopeAddressesBangIs is  REFUSED, the presence of
            an unquoted  "!" in the recipient  envelope address implies
            that the message will be refused.

            When InEnvelopeAddressesBangIs is IGNORED, any unquoted "!"
            will be  processed as  any other non-special  character of
            the address.

            When  InEnvelopeAddressesBangIs  is  INTERPRETED, then  the
            address is  rewritten in RFC821 standard  form. An address
            such as:

                hostA!hostB!hostC!user

            is rewritten as:

                @hostA,@hostB:user@hostC

            Then,  if  source  routing  is  allowed,  the  message  is
            transmited  to  hostA,  otherwise  it's directly  sent  to
            hostC.

            Thus, this  rewritting allow us to  discover the recipient
            host, in the case where all the UUCP gateways on the route
            would have interpreted the address the same way as us. (If
            that were not the case, then this parameters should be set
            to IGNORED).


            Syntax:
              InEnvelopeAddressesBangIs    IGNORED | REFUSED | INTERPRETED

            Default:
              InEnvelopeAddressesBangIs    REFUSED



        InEnvelopeAddressesPercentIs
        ...........................

            This configuration parameter directs the interpretation of
            the  percent  character,  "%",  in the  envelope  recipient
            addresses.

            When InEnvelopeAddressesPercentIs  is REFUSED, the presence
            of  an  unquoted  "%"  in the  recipient  envelope  address
            implies that the message will be refused.

            When InEnvelopeAddressesPercentIs  is IGNORED, any unquoted
            "%" will  be processed as any  other non-special character
            of the address.

            When InEnvelopeAddressesPercentIs  is INTERPRETED, then the
            address is  rewritten in RFC821 standard  form. An address
            such as:

                user%hostC%hostB@hostA

            is rewritten as:

                @hostA,@hostB:user@hostC

            Then,  if  source  routing  is  allowed,  the  message  is
            transmited  to  hostA,  otherwise  it's directly  sent  to
            hostC.

            Thus, this  rewritting allow us to  discover the recipient
            host,  in the  case where  all the  gateways on  the route
            would have interpreted the address the same way as us. (If
            that were not the case, then this parameters should be set
            to IGNORED).


            Syntax:
            InEnvelopeAddressesPercentIs    IGNORED | REFUSED | INTERPRETED

            Default:
            InEnvelopeAddressesPercentIs    REFUSED


        AcceptLooseDomainName
        .....................


            The  AcceptLooseDomainName   parameter  allow  to  process
            domain names  even if  they don't respect  strictly domain
            name  syntax, that  is:  a domain  name  can contain  only
            [-.0-9A-Za-z], each  name being at most  63 characters not
            beginning nor ending with a  '-', the last name  not being
            digit-only and in total less than 256 characters.

            When  AcceptLooseDomainName  is NO,  if  the  name of  the
            domain selected for delivery (depending on source routing)
            does not  strictly conform it the  domain name syntax,then
            it's refused.

            When AcceptLooseDomainName  is YES, then no  check is done
            on the domain name, apart of  interpreting the domain name
            syntax for numerical IP addresses.

            In any cases, then domain name can be either a true domain
            name (a  sequence of names  separated by dots), or  else a
            numerical IP address with either one of these syntax:

                # <decimal-number>
                [ <small-numer> . <small-numer> . <small-numer> . <small-numer> ]

            Note that we won't  accept mixing IP addresses with domain
            names  as  would  be  allowed  by the  syntax  defined  in
            RFC0821, since no semantics are defined for these forms.


            Syntax:
              AcceptLooseDomainName    YES | NO

            Default value:
              AcceptLooseDomainName    NO



        Examples
        ........

            The "!", "%" and "@" can be combined in an address.

            With the configuration paremeters set as:

                InEnvelopeAddressesBangIs       INTERPRETED
                InEnvelopeAddressesPercentIs    INTERPRETED

            PATH:       <host-b!host-c!user@host-a>
            FIRST-HOST: host-a
            LAST-HOST:  host-c
            LOCAL-PART: user
            RECIPIENT:  <user@host-c>
            ROUTE:      <@host-a,@host-b:user@host-c>


            PATH:       <user%host-c%host-b@host-a>
            FIRST-HOST: host-a
            LAST-HOST:  host-c
            LOCAL-PART: user
            RECIPIENT:  <user@host-c>
            ROUTE:      <@host-a,@host-b:user@host-c>


            PATH:       <@host-a:host-b!user%host-c>
            FIRST-HOST: host-a
            LAST-HOST:  host-c
            LOCAL-PART: user
            RECIPIENT:  <user@host-c>
            ROUTE:      <@host-a,@host-b:user@host-c>



        Recommended settings
        ....................

            The recommended settings of the parameters are:


            For a pure Internet (RFC0822) MTA:

                AllowSourceRouting             NO
                InEnvelopeAddressesBangIs       IGNORED


            For an Internet -> UUCP gateway MTA:

                AllowSourceRouting             YES
                InEnvelopeAddressesBangIs       INTERPRETED


            For a UUCP MTA (hypothetical case, given that avgated is a
            SMTP daemon  ; this  could occur if  the UUCP  rmail would
            inject  the  emails  thru  SMTP  into  avgated  for
            checking):

                AllowSourceRouting             YES
                InEnvelopeAddressesBangIs       INTERPRETED


            However, all depends on the processing done by the forward
            MTA.



    Adding a notification in the body of transmitted emails
    ------------------------------------------------------

        The parameters presented in this section are used by avgatefwd
        only.

        The following configuration  parameters allow the insertion of
        a  paragraph  stating  the  AntiVir  MailGate  status  of  the
        forwarded email:

            AddStatusInBody         YES | NO
            ForwardAllEmailAsMIME   YES | NO


        AddStatusInBody
        ...............


            When AddStatusInBody is NO,  no not status notification is
            inserted in the body of the emails.

	    If a file named body-state exists in the templates folder,
	    the text in this file will be inserted.
	    This is only available in
	    commercial mode.

            When AddStatusInBody is YES:

            For  plain  rfc822  email  (non  MIME),  just  insert  the
            notification paragraph in the beginning of the body.

            For MIME email,  transmit the checked email as  a new MIME
            multipart/mixed  email, with  a  first text/plain  section
            containing the  status notification paragraph,  and with a
            second   message/rfc822  section   containing   the  whole
            original  message.  Most  headers  from the  original  are
            copied to the transmitted message.


            Syntax:
              AddStatusInBody    YES | NO

            Default value:
              AddStatusInBody    NO.



        ForwardAllEmailAsMIME
        .....................


            When ForwardAllEmailAsMIME is NO, incoming emails that are
            not MIME emails get out as they came, non-MIME.

            When ForwardAllEmailAsMIME is YES:

            The  behaviour does  not  change for  MIME emails.

            However, plain rfc822 emails  are encapsulated into a MIME
            message/rfc822  section of  a  multipart/mixed email  that
            will  inherit  all  the  headers  of the  user  email.  If
            AddStatusInBody is YES too, then  our text is added into a
            text/plain  entity   inserted  before  the  message/rfc822
            entity.


            Syntax:
              ForwardAllEmailAsMIME    YES | NO

            Default value:
              ForwardAllEmailAsMIME    NO


	AddPrecedenceHeader
	...................

	
            When AddPrecedenceHeader is YES, each notice mail
	    contains a headerline "Precedence: junk".
	    If neither YES nor NO is given, the custom text
	    will be inserted.
	    This causes some programs (e.g. vacation) that respond
	    automatically to incoming mails,
	    to NOT respond to the received email.

	    Syntax:
	      AddPrecedenceHeader               YES | NO | custom text

	    Default value:
	      AddPrecedenceHeader		NO


	AddressFilter
	.............


	     If set to YES, each sender and/or recipient address
	     will be matched against two tables containing email addresses.
	     The table that has to be matched first is specified with the
	     option FilterTableOrder.
	     With the address filter enabled any decision of scanning a mail or not,
	     will be printed to syslog:
	     (avgated[1234]: Mail from foo@bar.tld to john@doe.tld will be scanned!)

	     The tables are: /etc/avmailgate.scan and /etc/avmailgate.ignore.
	     Example files are included in this package.
	     Each table consists of an address that contains regular expressions
	     and one and/or two flags:

	     Examples:
	     ----------------------
	     /etc/avmailgate.scan:
	     The i is an option for the regexp and it means ignore case.

	     #The following matches exactly the *recipient* address "foo@bar.tld"
	     /^foo@bar\.tld$/i
	     
	     #The following would match *foobar@anywhere.tld*
	     /foo.*@.*\.tld/i

	     The two flags are r and s:
	     -------------------------
	     r means recipient.
	     s means from.

	     *NOTE* If no flag is specified only the recipient address will be matched.

	     *NOTE* the filtering of addresses is based on the SMTP-protocol and not
	     on parsing the email header!

	     *NOTE* the FROM address may be forged!

	     *NOTE* make sure to pay attention of addresses that are rewritten by a (your)
	     prior MTA.

	     Example:
	     ---------
	     1.)
	
	     Mails for foo@bar.tld, a@b.tld and abc@d.tld will be scanned. 
	     If there's a recipient address in a mail that doesn't match the
	     avmailgate.scan table the address will be matched against the
	     avmailgate.ignore table. In the avmailgate.ignore table any address matches
	     due to the /.*/ entry. The mail won't be scanned.

	     avmailgate.conf:
	     ----------------
	     AddressFilter YES
	     FilterTableOrder scan,ignore
	
	     avmailgate.scan:
	     ----------------
	     /^foo@bar\.tld$/i
	     /^a@b\.tld$/i
	     /^abc@d\.tld$/i

	     avmailgate.ignore:
	     ------------------
	     /.*/

	     If an address doesn't match any entry in any table,
	     the mail will be scanned.

	     Syntax:
	       AddressFilter YES | NO
	    
	     Default value:
	       AddressFilter NO


	FilterTableOrder
	................


	     With this option one can specify, against which filter table
	     an address should be matched first if the option AddressFilter
	     is set to yes.

	     Syntax:
	       FilterTableOrder scan,ignore | ignore,scan

	     Default value:
	       FilterTableOrder scan,ignore


	UseProxy
	........


	     The proxy feature in SAVAPI performs scans more efficiently
	     by using and reusing a prepared pool of AntiVir scanners.  While this
	     pool increases throughput this feature requires the pool size 
	     to be wisely chosen -- too many scanners will put load on the
	     machine without gaining more performance, too few scanners may
	     have the SAVAPI using applications wait unnecessarily.

	     Syntax:
	       UseProxy YES | NO

	     Default value:
	       UseProxy NO


	ProxyScanners
	.............


	     The number of prepared AntiVir scanners in the pool.
	     See option "UseProxy"

	     Syntax:
	       ProxyScanners "integer"

	     Default value:
	       ProxyScanners 8


	ProxyConnections
	................


	     The maximum number of simultaneous allowed connections
	     from AntiVir MailGate to the scanner pool.

	     Syntax:
	       ProxyConnections "integer"

	     Default value:
	       ProxyConnections 32
	       

	AddHeaderToNotice
	.................


	     This option adds the mail header to postmaster notice mails.
	     YES is only available in commercial mode.

	     Syntax:
	       AddHeaderToNotice YES | NO

	     Default value:
	       AddHeaderToNotice NO


	BounceMessageSizeBody BounceMessageSizeHeader
	.............................................


	     These options limit the size of bounce mails.
	     A value of 0 means unlimited.

	     Syntax:
	       BounceMessageSizeBody "integer"

	     Default value:
	       BounceMessageSizeBody 0


	AddXHeaderInfo
	..............


	     Add information about scanning status to the header of the checked mail.

	     Syntax:
	       AddXHeaderInfo YES | NO

	     Default value:
	       AddXHeaderInfo YES


	AddReceivedByHeader
	...................

	     Adds a "Received:" stamp to the header of the mail.

	     Syntax:
	       AddReceivedByHeader YES | NO

	     Default value:
	       AddReceivedByHeader YES


	MaxHopCount
	...........

	     Prevent mail loops.
	     If there are more than MaxHopCount "Received:"
	     lines in the header, the mail will not be accepted.

	     Syntax:
	       MaxHopCount "integer"

	     Default value:
	       MaxHopCount 100


Access Control Lists File
=========================


    The file '/etc/avmailgate.acl'  defines which hosts are considered
    local and for which we are allowed to relay emails.

    Comments can be written anywhere in  the ACL file (but in a quoted
    string), starting with a '#' character, up to the end of the line.

    Spaces or tabulations can be placed anywhere.

    Parameter  names  and  parameter  values  may  be  quoted  (')  or
    double-quoted ("), and must be  quoted when they contain spaces or
    tabulations or a double-quote or  a quote. The quotes don't affect
    the values, or the type (numeric or alphanumeric) of the value.

    The parameter names and the parameter values that are domain names,
    are not case sensitive.


    ACL  lines may  add either  to the  list of  local  host ('local:'
    parameter  name) or to  the list  of hosts  for which  relaying is
    allowed ('relay:' parameter name).

    In either case,  the parameter name can be  followed of any number
    of space separated domain names or IP addresses/masks.

    The  IP addresses  can  be  written either  as  a network  address
    prefix, or with a '/' and a number of bits to match.

         192.168.0.0/16
         192.168.0.0
         192.168.0.
         192.168.0
         192.168.
         192.168

    are  all  equivalent. When  the  '/' and  number  of  bits is  not
    present, the mask is either 8, 16, 24 bits if the 24, 16, or 8 low
    order  bits are  null, or  else 32  bits for  an exact  IP address
    match.


    Example:
        +----------------------+
        | /etc/avmailgate.acl  |
        +----------------------+------------------------------+
        |# Access lists for AvMailGate                        
        |                                                     
        |# These hosts and/or domains are local.              
        |local: localhost 127.0.0.1                           
        |local: antivir.de
        |                                                     
        |# These hosts and networks are allowed to relay.     
        |relay: 127.0.0.1/8  192.168.0.0/16                   
        +-----------------------------------------------------+




Notification Templates
======================

    If you are running a commercial or a private license you have the 
    possibility to define your own message in alert and  pathological 
    notification mails.

    Create the following directory:
    /usr/lib/AntiVir/templates

    Copy the sample template files from archive directory templates to 
    /usr/lib/AntiVir/templates

    Change to the directory /usr/lib/AntiVir/templates. Now there exist
    the following files:

     patho-administrator
     patho-recipient
     patho-sender
     virus-administrator
     virus-recipient
     virus-sender


    Edit all files and insert your own messages. Pay attention on the 
    format of these files. The first line is the subject of an mail. 
    After this line there must be follow an empty line (new line), 
    then the body.
    The virus-* and patho-* files may contain the following keywords,
    that will be replaced by the corresponding text:
 
       LICENSE      Centered license text (one or two lines).
 
       SENDER       The email address of the sender of the bad email.
 
       VIRUSES      A list of alerts found in the bad email, one per line,
                    the prefix and postfix substring being repeated on each
                    line.
 
       REASON       The cause explaining why the email could not be scanned.
                    (one short sentence).
 
       ADVICE       A suggestion as to what the sender can do to remediate
                    the problem (see REASON). (About one line long).
 
       QUEUEID      The ID of the message in the AvMailGate queue.

       SUBJECT      The Subject line of the email. 

    For example see the file virus-recipient:


     Subject: AntiVir ALERT [mail from: SENDER]
 
     * * * * * * * * * * * * * * * AntiVir ALERT * * * * * * * * * * * * * * *
     LICENSE

     AntiVir has detected the following in a mail addressed to you:

	     VIRUSES	

     The mail was not delivered.
 


Notice Mail Restrictions
========================

	Please note that in case of an alert, that was entitled as "worm",
       	no notice mail will be sent to the recipient(s) and the sender!
	This behaviour can not be changed.

	In the /etc/avmailgate.warn file one can specify who receives a
	mail in case of an alert. Please create this file manually.
	The definition there is used instead of the definition in the
	avmailgate.conf (Expose*Alerts).

	E.g:

	The "virus" Sobig or Klez are known for faking the "From" field (MAIL FROM).
	To prevent sending a notice mail to the sender one can specify a line like this
	in avmailgate.warn:

	/klez/i RP

	This means that in case of an alert that found a *klez* in an email only the
	recipient (R) and the postmaster (P) will get a notice mail. Even if
	ExposeSenderAlerts is set to YES (avmailgate.conf)!

	*NOTE* the syntax of the entries has changed to regular expressions!

	*NOTE* "/klez/i" and "/sobig/i" are default values, you don't need to add them
	to avmailgate.warn.



Address Filter Tables
=====================

	Please see option "AddressFilter" and "FilterTableOrder".
