Protector FAQ
This topic will gather together a list of frequently asked questions, and their answers. This is a new addition to the web site - which is why it is currently rather empty. If you have a question that doesnt appear here - then ask it in an e-mail to protector@lowth.com. The question and it's answer may even appear here eventually. If your question is to do with the "bash" scripting language (in which the part_filter is written in version 1.00.x), or "perl" (in which it is written in version 1.01-betaX) or "sendmail" (the most mail server most frequently associated with "protector), then consider getting hold of one of the books on the right (Available through Amazon.com at very reasonable prices).1 Features and philosophy
- 1.1 - What languages is "protector" available in?
So far, the product is available in English, American and Australian. A Spanish version of the messages files for the 1.00 releases has been contributed by a kind user. The web site has links to translate into a range of languages using the "google" engine.
2 Installation
For information on the platforms on which protector can be run, and the mail servers it works with, please refer to SupportedPlatforms.- 2.1 - Does protector work with 'postfix'?
Yes - a number of users have got "protector" working with "postfix" instead of sendmail. This configuration is not directly supported by the sources, RPMs etc, but information on the (simple) changes needed is included in PostfixSetup.
- 2.2 - Does protector work with any other mail servers?
Yes - check the SupportedPlatforms page. In particular, note the paragraph about working with other servers, near the end of the page.
- 2.3 - Does it work on Sun Solaris?
The 1.00 range of versions have been ported to Solaris and seems to work. I dont currently have access to a Solaris system to test each new release - so my answer is "yes I think so - but let me know if it doesnt". The 1.01 line of versions hasnt (to my knowledge) been tried on Solaris yet. If you fancy having a go - then please let me know how you get on
- 2.4 - My sendmail.cf does not have an "Mprocmail" entry , what should I do?
That's fine - just skip the part of the installation that tells you to edit the Mprocmail mailer definition. Some recent RedHat installations tend not to have this section - and protector stil works without it.
- 2.5 - Can I configure sendmail using the sendmail.mc mechanism?
Yes if you like! The reason I document the configuration as a sendmail.cf hack is that not everyone uses sendmail.mc. Tools like "linuxconf" and others generate the file using their own internal mechanisms. So the only "works with all generators" logic is to hack the generated file after generating it. As new versions of the protector software develop I plan to document a few more of the wizard methods.
3 Configuration
- 3.1 - I dont want to ban ALL BUT a specified list of files - I want to ban specific types only. How can I do this?
This is not a feature supported in the 1.00.x range of protector versions, but has been added as a possibility to the 1.01 range - You need to edit the part_filter.pl script to make the changes you want. I need to say at this point that this goes against the philosophy of "protector" which aims to keep you safe from the unknown rather than just known threats - so think carefully about your reasons for making such a change - I dont recommend it. However, if you really have to make changes to the logic in this way (for the 1.00.x versions), refer to PartFilterEdits100.
- 3.2 - How can I allow PDF files through?
Firstly, you need to know that viruses can be spread through PDFs (Click here for details), so think carefully before choosing to tweak "protector" to allow them through. If you really want to open your users up to PDF viruses, then refer to PartFilterEdits100 (for the 1.00.x versions) for instructions.
- 3.3 - How can I allow MS "Word" and/or "Excel" files that contain macros through?
This really is a very bad idea indeed - unless you can be sure that the files concerned only come from trusted "virus-free" sources, and that your user's workstations have up-to-date anti-virus software. Recently, I have had a number of people ask this question, saying that they are getting a lot of documents blocked due to macro content. Having given them instructions on how to avoid checking for macros, a number have come back more or less immediately to say that it was a mistake, and that MS Office viruses have become a real problem. In the office I wrote this stuff for, we get almost twice as many genuine MS office macro viruses then windows or DOS executable ones. So think very carefully indeed about making this change. If you are happy to take the risk (and it is a big one), or that all your users are adequately protected via other means, then refer to PartFilterEdits100 (for the 1.00.x version of protector) for instructions on how to make the changes you need.
- 3.4 - I want to turn "protector" on for specific users / mailboxes, but not others - How do I do it? (Note added at the request of Geoff Bowen - Oct 2002)
- First: dont edit the
/etc/sendmail.cffile, but leave theMlocalandMprocmailentries untouched - referring to the usual procmail binary. - Then: create
".forward"files in the home directories of the users you want to protect.- The file should contain one line reading
"|/usr/bin/protector"(including the quotes) - Make sure that the file owner and group match those of the user
- Make sure that it's mode is no more open than
"-rw-r--r--". - If you dont want the user to delete, rename or modify this file then use "chattr" to make it "immutable". The command must be run as root, and looks like this:
chattr +i .forward.
- The file should contain one line reading
- First: dont edit the
4 Problem solving
- 4.1 - It doesnt work - can you help me?
If you have a question about a non-working installation that isnt covered in the notes on this page - then please try the most recent version first, and if that fails - feel free to mail me at protector@lowth.com, and I'll try (no guarantees) to help - but be sure to send me as much info as possible, including as many as possible of..- The "protector" version you are using.
- Information about operating system type and version
- List of installed packages (output of "rpm -qa")
- The contents of your sendmail.cf file
- The relevant lines from the maillog file (usually in /var/log/maillog)
- A copy of a mail message that I can use to reproduce the problem on my own system.
- If you have made any edits to the protector scripts or sources - include copies of the changed files.
- 4.2 - It wont compile on RedHat 8.0
Versions before 1.00.7 wont compile cleanly under this version of Linux - version 1.00.8 solves the problem - please download the latest version and try with that.
- 4.3 - It wont let my excel spreadsheets through
This problem relates to version 1.00.x - you'll be glad to hear that it is fixed in version 1.01-betaX. Protector versions 1.00.x use a very simple method of classifying MS office documents - simply by looking for combinations of magic strings in the file. MS Excel seems to vary these strings, depending on the Locale (nationality) of the installation - so the classifier program (classify_msoffice) makes some mistakes. If you have an example of an MS Excel document that should be "passed" be protector, but is actually "rejected", then send me a copy (if you can) and I will try to arrange that similar documents are handled correctly in future. Alternatively - take a chance on the 1.01-beta line of versions - these are a lot richer in features, but currently are not 100% finished.
Sendmail
Bash Shell
E-mail virus protection handbook