DOKK / manpages / debian 12 / cyrus-common / cyr_virusscan.8.en
CYR_VIRUSSCAN(8) Cyrus IMAP CYR_VIRUSSCAN(8)

cyr_virusscan - Cyrus IMAP documentation

Scan for viruses using configured virus scanner or manage infected messages using search criteria.

cyr_virusscan [ -C config-file ] [ -s imap-search-string ] [ -r [ -n] ] [-v] [ mboxpattern1 ... ]

cyr_virusscan can be used to invoke an external virus scanner (currently only ClamAV is supported) to scan specified IMAP mailboxes. If no mboxpattern is given, cyr_virusscan works on all mailboxes.

Alternately, with the -s option, the IMAP SEARCH string will be used as a specification of messages which are assumed to be infected, and will be treated as such. The virus scanner is not invoked. Useful for removing messages without a distinct signature, such as Phish.

A table of infected messages will be output.

To remove infected messages, use the -r flag. Infected messages will be expunged from the user’s mailbox.

With the notify flag, -n, notifications will be appended to the inbox of the mailbox owner, containing message digest information for the affected mail. This flag only works in combination with -r. The notification message can by customised by template, for details see Notifications below.

cyr_virusscan can be configured to run periodically by cron(8) via crontab(5) or your preferred method (i.e. /etc/cron.hourly), or by master(8) via the EVENTS{} section in cyrus.conf(5).

cyr_virusscan reads its configuration options out of the imapd.conf(5) file unless specified otherwise by -C.

Note that Cyrus does not ship with any virus scanners: you need to install one separately to make use of it with Cyrus.

Use the specified configuration file config-file rather than the default imapd.conf(5).

Notify mailbox owner of deleted messages via email. This flag is only operable in combination with -r.

Remove infected messages.

Rather than scanning for viruses, messages matching the search criteria will be treated as infected.

Produce more verbose output

When the -n flag is provided, notifications are sent to mailbox owners when infected messages are removed. One notification is sent per owner, containing a digest of each message that was deleted from any of their mailboxes.

The default notification subject is “Automatically deleted mail”, which can be overridden by setting virusscan_notification_subject in imapd.conf(5) to a UTF-8 value.

Each infected message will be described according to the following template:

The following message was deleted from mailbox '%MAILBOX%'
because it was infected with virus '%VIRUS%'


    Message-ID: %MSG_ID%


    Date: %MSG_DATE%


    From: %MSG_FROM%


    Subject: %MSG_SUBJECT%


    IMAP UID: %MSG_UID%

To use a custom template, create a UTF-8 file containing your desired text and using the same %-delimited substitutions as above, and set the virusscan_notification_template option in imapd.conf(5) to its path.

The notification message will be properly MIME-encoded at delivery. Do not pre-encode the template file or the subject!

When cyr_virusscan starts up, if notifications have been requested (with the -n flag), a basic sanity check of the template will be performed prior to initialising the antivirus engine. If it appears that the resultant notifications would be undeliverable for some reason, cyr_virusscan will exit immediately with an error, rather than risk deleting messages without notifying.

cyr_virusscan
Scan all mailboxes, printing report on the screen. Do not remove infected messages.


cyr_virusscan -r -n user/bovik
Scan mailbox user/bovik, removing infected messages and append notifications to Bovik’s inbox.


cyr_virusscan -r -n -s 'SUBJECT "Fedex"' user/bovik
Search mailbox user/bovik for messages which have Fedex in the subject line, removing them all, and appending notifications to Bovik’s inbox.


Virus scan support was first introduced in Cyrus version 3.0.

/etc/imapd.conf

imapd.conf(5), master(8), ClamAV

The Cyrus Team, Nic Bernstein (Onlight)

1993–2023, The Cyrus Team

February 13, 2023 3.6.1