Please find, for review, the debconf templates and packages descriptions for the clamav source package. This review will last for 5 days only Please send reviews as unified diffs (diff -u) against the original files. Comments about your proposed changes will be appreciated. Your review should be sent as an answer to this mail. When appropriate, I will send intermediate requests for review, with "[RFRn]" (n>=2) as a subject tag. When we will reach a consensus, I send a "Last Chance For Comments" mail with "[LCFC]" as a subject tag. Finally, the reviewed templates will be sent to the package maintainer as a bug report, and a mail will be sent to this list with "[BTS]" as a subject tag. Rationale: --- clamav.old/debian/clamav-milter.templates 2009-03-26 19:12:49.816449140 +0100 +++ clamav/debian/clamav-milter.templates 2009-03-26 19:12:52.020445732 +0100 @@ -4,23 +4,21 @@ _Description: Handle the configuration file automatically? Some options must be configured for clamav-milter. . - The ClamAV suite won't work if it isn't configured. If you do not + It won't work if it isn't configured. If you do not configure it automatically, you'll have to configure - /etc/clamav/clamav-milter.conf manually or run 'dpkg-reconfigure clamav-milter' + /etc/clamav/clamav-milter.conf manually or run "dpkg-reconfigure clamav-milter" later. In any case, manual changes in /etc/clamav/clamav-milter.conf will be respected. What won't work is clamav-milter....not ClamAV. I suspect this to be inherited from other clamav templates. Move to double quotes which is what we now recommend Template: clamav-milter/MilterSocket Type: string Default: /var/run/clamav/milter.ctl -_Description: Define the interface through to communicate with sendmail: - Possible formats are: - . - Unix domain socket: [[unix|local]:]/path/to/file - . - IPv4 socket: inet:port@[hostname|ip-address] - . - IPv6 socket: inet6:port@[hostname|ip-address] +_Description: Communication interface with sendmail: + Please choose the method that should be used by clamav-milter to + communicate with sendmail. The following formats can be used: + - Unix domain socket: [[unix|local]:]/path/to/file + - IPv4 socket : inet:port@[hostname|ip-address] + - IPv6 socket : inet6:port@[hostname|ip-address] Complete layout reformatting to: - hard-format the itemized list - shorten it down Template: clamav-milter/FixStaleSocket Type: boolean @@ -32,142 +30,181 @@ Default: clamav _Description: User to run clamav-milter as: It is recommended to run the ClamAV programs as a non-privileged user. - This will work with most MTAs with a little tweaking, but if you want to - use clamd for filesystem scans, running as root is probably unavoidable. + This will work with most MTAs with a little tweaking. However, using + clamd for filesystem scans while require running clamav-milter as root. + . Please see README.Debian in the clamav-base package for details. Split in two sentences and rephrase to drop the "this is probably unavoidable" part. Maybe "file system" by the way.... Template: clamav-milter/AddGroups Type: string _Description: Groups for clamav-milter (space-separated): By default, clamav-milter runs as a non-privileged user. If you need - clamav-milter to be able to access files owned by another user (e.g., in - combination with an MTA), then you will need to add clamav to the group for - that piece of software. Please see README.Debian in the clamav-base package for + clamav-milter to be able to access files owned by another user (for + instance when it is used in combination with an MTA), this user + need to be added to the relevant group(s). + . + Please see README.Debian in the clamav-base package for details. "e.g." is a latinism and we try to discourage them. The previous phrasing is quite jerky. Not sure that mine is better but I find it clearer. Template: clamav-milter/ReadTimeout Type: string Default: 120 -_Description: Waiting for data from clamd will timeout after this time (seconds): - Set to a value of '0' to disable the timeout. +_Description: Wait timeout for data coming from clamd: + Please enter the delay (in seconds) before clamav-milter times out when it is + waiting for incoming data from clamd. + . + Choosing "0" will disable this timeout. Shorten the synopsis and make it a better "prompt". Template: clamav-milter/Foreground Type: boolean Default: false -_Description: Stay in foreground (don't fork)? +_Description: Should clamav-milter stay in foreground (don't fork)? "what should stay in foreground"? :-) Template: clamav-milter/Chroot Type: string _Description: Chroot to directory: - Chrooting is performed just after reading the config file and before dropping - privileges. An empty value means don't chroot. + Clamav-milter can run in a chroot jail. It will enter it after reading + the configuration file and before dropping root privileges. + . + If that field is left empty, no chrooting will occur. Well, "chroot" is jargonic enough for a little introduction to be worth it. Template: clamav-milter/PidFile Type: string Default: /var/run/clamav/clamav-milter.pid _Description: PID file: - This option allows you to save a process identifier of the listening daemon - (main thread). + Please specify the process identifier file location for clamav-milter's + listening daemon (main thread). Use the "please specify" formula which we use very often. Specify what listening daeming this is about... Template: clamav-milter/TemporaryDirectory Type: string Default: /tmp -_Description: Optional path to the global temporary directory: - If unset, $TMPDIR and $TEMP will be honored. +_Description: Global temporary directory path: + Please specify the directory for clamav-milter's temporary files. + If unset, $TMPDIR and $TEMP will be honored. I'm not really comfortable with that "global" tempdir thing because I don't really know what clamav-milter is doing with it..:) Template: clamav-milter/ClamdSocket Type: string Default: unix:/var/run/clamav/clamd.ctl -_Description: Define the clamd socket to connect to for scanning: - To refer to a local unix socket using a absolute path, use unix:path (e.g., - unix:/var/run/clamd/clamd.socket). A local or remote TCP socket is specified - using the tcp:host:port syntax. The host can be a hostname or an ip address; - the ":port" field is only required for IPv6 addresses, otherwise it defaults to - 3310 (e.g., tcp:192.168.0.1). - . - This option can be repeated several times (separated by whitespace) with - different sockets or even with the same socket: clamd servers will be selected - in a round-robin fashion. +_Description: Clamd socket to connect to for scanning: + Please specify the socket to use to connect to the ClamAV daemon for + scanning purposes. Possible choices are: + unix:path : local unix socket using a absolute path. + Example: unix:/var/run/clamd/clamd.socket + tcp:host:port : local or remote TCP socket. The "host" value can be + either a hostname or an IP address. The "port" + is only required for IPv6 addresses (default: 3310). + Example: tcp:192.168.0.1 + . + You may specify multiple choices, separated by spaces. In such cases, the + clamd servers will be selected in a round-robin fashion. Complete reformatting. I tried to make this clearer and hard-formatting is IMHO mandatory for this. Template: clamav-milter/LocalNet Type: string -_Description: Exclusions - IP ranges: - Messages originating from these hosts/networks will not be scanned. This - option takes a host(name)/mask pair in CIRD notation and can be repeated - several times (separated by whitespace). If "/mask" is omitted, a host is - assumed. To specify a locally originated, non-smtp, email use the keyword - "local". +_Description: Hosts excluded from scanning: + Please specify, in CIDR notation (host(name)/mask), the hosts for + which no scanning should be performed on incoming mail. Multiple entries + should be separated by spaces. The "local" shortcut can be used to + specify locally-originated (non SMTP) email. . - If unset, everything regardless of the origin is scanned. + If this field is left empty, all incoming mail will be scanned. Again, nearly completely rewritten. This is a really tricky template. Hopefully, my version is an enhancement..:) Template: clamav-milter/Whitelist Type: string -_Description: Exclusions - Regular expressions: - This option specifies a file which contains a list of POSIX regular - expressions. Addresses (sent to or from) matching these regexes will not be - scanned. Optionally each line can start with the string "From:" or "To:" - (note: no whitespace after the colon) indicating if it is, respectively, the - sender or recipient that is to be whitelisted. If the field is missing, "To:" - is assumed. +_Description: Mail addresses whitelist: + Please specify the path to a file which contains a list of POSIX regular + expressions to specify mail addresses for which no scanning should be + performed. + . + Eeach line in this file may start with "From:" or "To:" to + restrict whitelisting to either the sender (From:) or recipient (To:) + addresses. Without such prefix, whitelisting is restricted to + recipients (To:). . - Lines in this file starting with #, : or ! are ignored. + That file may include comments, prefixed by "#", ":" or "!" characters. Another completely rewritten template. I'm slightly unhappy because it is still quite long (but I don't really find how to shorten it more). Template: clamav-milter/OnClean Type: select -Choices: Accept, Reject, Defer, Blackhole, Quarantine +__Choices: Accept, Reject, Defer, Blackhole, Quarantine Default: Accept -_Description: Action to be performed on clean messages (mostly useful for testing): - The following actions are available: +_Description: Action to perform on clean messages: + Please choose the action to perform on "clean" messages: . - - Accept: The message is accepted for delievery + - Accept : the message is accepted for delivery; + - Reject : immediately refuse delivery (with a 5xx error); + - Defer : return a temporary failure message (4xx); + - Blackhole : accept the message then drop it; + (not available for OnFail) + - Quarantine: accept the message then quarantine it. With + sendmail, the quarantine queue can be examined + with "mailq -qQ". With Postfix, such mails are placed + on hold. + (not available for OnFail) . - - Reject: Immediately refuse delievery (a 5xx error is returned to the peer) - . - - Defer: Return a temporary failure message (4xx) to the peer - . - - Blackhole (not available for OnFail): Like accept but the message is sent to - oblivion - . - - Quarantine (not available for OnFail): Like accept but message is quarantined - instead of being delivered In sendmail the quarantine queue can be examined - via mailq -qQ For Postfix this causes the message to be accepted but placed - on hold + This setting is meant for testing purposes only. And yet another big rewrite...:-) First of all, I think the choices should be translatable. Of course, debconf will put the non translated value in the config file, don't worry. So making the values translatable is safe. The "__" trick allows splitting choices in case more options are added in the future. The itemized list is of course hard-formatted (yours wasn't....which is one of the big mess I mentioned). Move the "for test) in the long description... Template: clamav-milter/OnInfected Type: select -Choices: Accept, Reject, Defer, Blackhole, Quarantine +__Choices: Accept, Reject, Defer, Blackhole, Quarantine Default: Quarantine -_Description: Action to be performed on infected messages: +_Description: Action to perform on infected messages: + Please choose the action to perform on "infected" messages: + . + - Accept : the message is accepted for delivery; + - Reject : immediately refuse delivery (with a 5xx error); + - Defer : return a temporary failure message (4xx); + - Blackhole : accept the message then drop it; + (not available for OnFail) + - Quarantine: accept the message then quarantine it. With + sendmail, the quarantine queue can be examined + with "mailq -qQ". With Postfix, such mails are placed + on hold. + (not available for OnFail) Same rewrite. Paragraphs being the same for the similar 3 templates...will make translators happy. :-) Template: clamav-milter/OnFail Type: select -Choices: Accept, Reject, Defer, Blackhole, Quarantine +__Choices: Accept, Reject, Defer, Blackhole, Quarantine Default: Defer -_Description: Action to be performed on error conditions: - This includes failure to allocate data structures, no scanners available, - network timeouts, unknown scanner replies and the like) +_Description: Action to perform on error conditions: + Please choose the action to perform on errors such as failure to + allocate data structures, no scanners available, + network timeouts, unknown scanner replies...: + . + - Accept : the message is accepted for delivery; + - Reject : immediately refuse delivery (with a 5xx error); + - Defer : return a temporary failure message (4xx); + - Blackhole : accept the message then drop it; + (not available for OnFail) + - Quarantine: accept the message then quarantine it. With + sendmail, the quarantine queue can be examined + with "mailq -qQ". With Postfix, such mails are placed + on hold. + (not available for OnFail) Ditto Template: clamav-milter/RejectMsg Type: string _Description: Specific rejection reason for infected messages: - It is only useful together with "OnInfected Reject". The string "%v", if - present, will be replaced with the virus name. + Please specify the rejection reason that will be included in reject mails. + . + This option is only useful together with "OnInfected Reject". + . + The "%v" string may be used to include the virus name. Introduce the setting in the long description ("Please <foo>"). Using "It is..." makes a link between the synopsis and the long description, which is discouraged (it assumes that the long description comes after the synopsis, which is not always true). Template: clamav-milter/AddHeader Type: boolean Default: false _Description: Add headers to processed messages? - If adding headers is enabled, "X-Virus-Scanned" and "X-Virus-Status" headers + If you choose this option, "X-Virus-Scanned" and "X-Virus-Status" headers will be attached to each processed message, possibly replacing existing - headers. + similar headers. Use "standard" phrasing (if you choose this option). Template: clamav-milter/LogFile Type: string Default: none -_Description: Log to file: - LogFile must be writable for the user running daemon. A full path is required. +_Description: Log file for clamav-milter: + The clamav-milter log file must be writable for the user running daemon. + You should specify a full path. . - Logging via syslog is configured independently of this entry. + Logging via syslog is configured independently of this setting. Be more explicit as "LogFile" is the name of the setting. Template: clamav-milter/LogFileUnlock Type: boolean @@ -179,8 +216,9 @@ Template: clamav-milter/LogFileMaxSize Type: string Default: 1M -_Description: Maximum size of the log file (unit Mb): - Set to a value of '0' to disable the timeout. +_Description: Maximum size of the log file (MB): + Please specify the maximu size for the log file. Using "0" will + allow that file to grow indefinitely. Mb-->MB. I don't think the size is in Megabits...:) I made a wild guess that 0 is indeed really for not limiting the file size. Is it? Template: clamav-milter/LogTime Type: boolean @@ -190,13 +228,16 @@ Template: clamav-milter/LogSyslog Type: boolean Default: false -_Description: Use system logger (can work together with LogFile)? +_Description: Use system logger? + Please choose whether you want to use the system logger (syslog). That + option can be used along with logging in a dedicated file. Should "syslog" be used as an explanation for "system logger". We know that syslog could indeed be "rsyslog"...but I think the term is really common jargon so it can be used here, imho. Template: clamav-milter/LogFacility Type: string Default: LOG_LOCAL6 -_Description: Specify the type of syslog messages: - Please refer to 'man syslog' for facility names. +_Description: Type of syslog messages: + Please choose the type of syslog messages as detailed in the system + logger manpage. When using rsyslog, "man syslog" doesn't work..:-) Template: clamav-milter/LogVerbose Type: boolean @@ -205,15 +246,21 @@ Template: clamav-milter/LogInfected Type: select -Choices: Off, Basic, Full +__Choices: Off, Basic, Full Default: Off -_Description: What should be logged when a message is infected: - Possible values are Off (the default - nothing is logged), Basic (minimal info - logged), Full (verbose info logged) +_Description: Information to log on infected messages: + Please choose the level of information that will be logged when infected + messages are found: + - Off : no logging; + - Basic: minimal information; + - Full : verbose information. Option values can be translated. Use an itemized list. info->information Template: clamav-milter/MaxFileSize Type: string Default: 25M -_Description: Messages larger than this value won't be scanned (unit Mb): - Make sure this value is lower than StreamMaxLength in clamd.conf - +_Description: Size limit for scanend messages (MB): + Please specify the maximum size for scanned messages. Messages bigger than + this limit will not be scanned. + . + You should check that this value is lower than the value of "StreamMaxLength" + in the clamd.conf file. Turn the synopsis into a better "prompt". Introduce things with a "Please specify"... --
Template: clamav-milter/debconf Type: boolean Default: true _Description: Handle the configuration file automatically? Some options must be configured for clamav-milter. . It won't work if it isn't configured. If you do not configure it automatically, you'll have to configure /etc/clamav/clamav-milter.conf manually or run "dpkg-reconfigure clamav-milter" later. In any case, manual changes in /etc/clamav/clamav-milter.conf will be respected. Template: clamav-milter/MilterSocket Type: string Default: /var/run/clamav/milter.ctl _Description: Communication interface with sendmail: Please choose the method that should be used by clamav-milter to communicate with sendmail. The following formats can be used: - Unix domain socket: [[unix|local]:]/path/to/file - IPv4 socket : inet:port@[hostname|ip-address] - IPv6 socket : inet6:port@[hostname|ip-address] Template: clamav-milter/FixStaleSocket Type: boolean Default: true _Description: Remove stale socket after unclean shutdown? Template: clamav-milter/User Type: string Default: clamav _Description: User to run clamav-milter as: It is recommended to run the ClamAV programs as a non-privileged user. This will work with most MTAs with a little tweaking. However, using clamd for filesystem scans while require running clamav-milter as root. . Please see README.Debian in the clamav-base package for details. Template: clamav-milter/AddGroups Type: string _Description: Groups for clamav-milter (space-separated): By default, clamav-milter runs as a non-privileged user. If you need clamav-milter to be able to access files owned by another user (for instance when it is used in combination with an MTA), this user need to be added to the relevant group(s). . Please see README.Debian in the clamav-base package for details. Template: clamav-milter/ReadTimeout Type: string Default: 120 _Description: Wait timeout for data coming from clamd: Please enter the delay (in seconds) before clamav-milter times out when it is waiting for incoming data from clamd. . Choosing "0" will disable this timeout. Template: clamav-milter/Foreground Type: boolean Default: false _Description: Should clamav-milter stay in foreground (don't fork)? Template: clamav-milter/Chroot Type: string _Description: Chroot to directory: Clamav-milter can run in a chroot jail. It will enter it after reading the configuration file and before dropping root privileges. . If that field is left empty, no chrooting will occur. Template: clamav-milter/PidFile Type: string Default: /var/run/clamav/clamav-milter.pid _Description: PID file: Please specify the process identifier file location for clamav-milter's listening daemon (main thread). Template: clamav-milter/TemporaryDirectory Type: string Default: /tmp _Description: Global temporary directory path: Please specify the directory for clamav-milter's temporary files. If unset, $TMPDIR and $TEMP will be honored. Template: clamav-milter/ClamdSocket Type: string Default: unix:/var/run/clamav/clamd.ctl _Description: Clamd socket to connect to for scanning: Please specify the socket to use to connect to the ClamAV daemon for scanning purposes. Possible choices are: unix:path : local unix socket using a absolute path. Example: unix:/var/run/clamd/clamd.socket tcp:host:port : local or remote TCP socket. The "host" value can be either a hostname or an IP address. The "port" is only required for IPv6 addresses (default: 3310). Example: tcp:192.168.0.1 . You may specify multiple choices, separated by spaces. In such cases, the clamd servers will be selected in a round-robin fashion. Template: clamav-milter/LocalNet Type: string _Description: Hosts excluded from scanning: Please specify, in CIDR notation (host(name)/mask), the hosts for which no scanning should be performed on incoming mail. Multiple entries should be separated by spaces. The "local" shortcut can be used to specify locally-originated (non SMTP) email. . If this field is left empty, all incoming mail will be scanned. Template: clamav-milter/Whitelist Type: string _Description: Mail addresses whitelist: Please specify the path to a file which contains a list of POSIX regular expressions to specify mail addresses for which no scanning should be performed. . Eeach line in this file may start with "From:" or "To:" to restrict whitelisting to either the sender (From:) or recipient (To:) addresses. Without such prefix, whitelisting is restricted to recipients (To:). . That file may include comments, prefixed by "#", ":" or "!" characters. Template: clamav-milter/OnClean Type: select __Choices: Accept, Reject, Defer, Blackhole, Quarantine Default: Accept _Description: Action to perform on clean messages: Please choose the action to perform on "clean" messages: . - Accept : the message is accepted for delivery; - Reject : immediately refuse delivery (with a 5xx error); - Defer : return a temporary failure message (4xx); - Blackhole : accept the message then drop it; (not available for OnFail) - Quarantine: accept the message then quarantine it. With sendmail, the quarantine queue can be examined with "mailq -qQ". With Postfix, such mails are placed on hold. (not available for OnFail) . This setting is meant for testing purposes only. Template: clamav-milter/OnInfected Type: select __Choices: Accept, Reject, Defer, Blackhole, Quarantine Default: Quarantine _Description: Action to perform on infected messages: Please choose the action to perform on "infected" messages: . - Accept : the message is accepted for delivery; - Reject : immediately refuse delivery (with a 5xx error); - Defer : return a temporary failure message (4xx); - Blackhole : accept the message then drop it; (not available for OnFail) - Quarantine: accept the message then quarantine it. With sendmail, the quarantine queue can be examined with "mailq -qQ". With Postfix, such mails are placed on hold. (not available for OnFail) Template: clamav-milter/OnFail Type: select __Choices: Accept, Reject, Defer, Blackhole, Quarantine Default: Defer _Description: Action to perform on error conditions: Please choose the action to perform on errors such as failure to allocate data structures, no scanners available, network timeouts, unknown scanner replies...: . - Accept : the message is accepted for delivery; - Reject : immediately refuse delivery (with a 5xx error); - Defer : return a temporary failure message (4xx); - Blackhole : accept the message then drop it; (not available for OnFail) - Quarantine: accept the message then quarantine it. With sendmail, the quarantine queue can be examined with "mailq -qQ". With Postfix, such mails are placed on hold. (not available for OnFail) Template: clamav-milter/RejectMsg Type: string _Description: Specific rejection reason for infected messages: Please specify the rejection reason that will be included in reject mails. . This option is only useful together with "OnInfected Reject". . The "%v" string may be used to include the virus name. Template: clamav-milter/AddHeader Type: boolean Default: false _Description: Add headers to processed messages? If you choose this option, "X-Virus-Scanned" and "X-Virus-Status" headers will be attached to each processed message, possibly replacing existing similar headers. Template: clamav-milter/LogFile Type: string Default: none _Description: Log file for clamav-milter: The clamav-milter log file must be writable for the user running daemon. You should specify a full path. . Logging via syslog is configured independently of this setting. Template: clamav-milter/LogFileUnlock Type: boolean Default: false _Description: Disable log file locking? By default the log file is locked for writing. The lock protects against running clamav-milter multiple times. This option disables log file locking. Template: clamav-milter/LogFileMaxSize Type: string Default: 1M _Description: Maximum size of the log file (MB): Please specify the maximu size for the log file. Using "0" will allow that file to grow indefinitely. Template: clamav-milter/LogTime Type: boolean Default: false _Description: Log time with each message? Template: clamav-milter/LogSyslog Type: boolean Default: false _Description: Use system logger? Please choose whether you want to use the system logger (syslog). That option can be used along with logging in a dedicated file. Template: clamav-milter/LogFacility Type: string Default: LOG_LOCAL6 _Description: Type of syslog messages: Please choose the type of syslog messages as detailed in the system logger manpage. Template: clamav-milter/LogVerbose Type: boolean Default: false _Description: Enable verbose logging? Template: clamav-milter/LogInfected Type: select __Choices: Off, Basic, Full Default: Off _Description: Information to log on infected messages: Please choose the level of information that will be logged when infected messages are found: - Off : no logging; - Basic: minimal information; - Full : verbose information. Template: clamav-milter/MaxFileSize Type: string Default: 25M _Description: Size limit for scanend messages (MB): Please specify the maximum size for scanned messages. Messages bigger than this limit will not be scanned. . You should check that this value is lower than the value of "StreamMaxLength" in the clamd.conf file.
--- clamav.old/debian/clamav-milter.templates 2009-03-26 19:12:49.816449140 +0100 +++ clamav/debian/clamav-milter.templates 2009-03-26 19:37:02.560281704 +0100 @@ -4,23 +4,21 @@ _Description: Handle the configuration file automatically? Some options must be configured for clamav-milter. . - The ClamAV suite won't work if it isn't configured. If you do not + It won't work if it isn't configured. If you do not configure it automatically, you'll have to configure - /etc/clamav/clamav-milter.conf manually or run 'dpkg-reconfigure clamav-milter' + /etc/clamav/clamav-milter.conf manually or run "dpkg-reconfigure clamav-milter" later. In any case, manual changes in /etc/clamav/clamav-milter.conf will be respected. Template: clamav-milter/MilterSocket Type: string Default: /var/run/clamav/milter.ctl -_Description: Define the interface through to communicate with sendmail: - Possible formats are: - . - Unix domain socket: [[unix|local]:]/path/to/file - . - IPv4 socket: inet:port@[hostname|ip-address] - . - IPv6 socket: inet6:port@[hostname|ip-address] +_Description: Communication interface with sendmail: + Please choose the method that should be used by clamav-milter to + communicate with sendmail. The following formats can be used: + - Unix domain socket: [[unix|local]:]/path/to/file + - IPv4 socket : inet:port@[hostname|ip-address] + - IPv6 socket : inet6:port@[hostname|ip-address] Template: clamav-milter/FixStaleSocket Type: boolean @@ -32,142 +30,181 @@ Default: clamav _Description: User to run clamav-milter as: It is recommended to run the ClamAV programs as a non-privileged user. - This will work with most MTAs with a little tweaking, but if you want to - use clamd for filesystem scans, running as root is probably unavoidable. + This will work with most MTAs with a little tweaking. However, using + clamd for filesystem scans while require running clamav-milter as root. + . Please see README.Debian in the clamav-base package for details. Template: clamav-milter/AddGroups Type: string _Description: Groups for clamav-milter (space-separated): By default, clamav-milter runs as a non-privileged user. If you need - clamav-milter to be able to access files owned by another user (e.g., in - combination with an MTA), then you will need to add clamav to the group for - that piece of software. Please see README.Debian in the clamav-base package for + clamav-milter to be able to access files owned by another user (for + instance when it is used in combination with an MTA), this user + need to be added to the relevant group(s). + . + Please see README.Debian in the clamav-base package for details. Template: clamav-milter/ReadTimeout Type: string Default: 120 -_Description: Waiting for data from clamd will timeout after this time (seconds): - Set to a value of '0' to disable the timeout. +_Description: Wait timeout for data coming from clamd: + Please enter the delay (in seconds) before clamav-milter times out when it is + waiting for incoming data from clamd. + . + Choosing "0" will disable this timeout. Template: clamav-milter/Foreground Type: boolean Default: false -_Description: Stay in foreground (don't fork)? +_Description: Should clamav-milter stay in foreground (don't fork)? Template: clamav-milter/Chroot Type: string _Description: Chroot to directory: - Chrooting is performed just after reading the config file and before dropping - privileges. An empty value means don't chroot. + Clamav-milter can run in a chroot jail. It will enter it after reading + the configuration file and before dropping root privileges. + . + If that field is left empty, no chrooting will occur. Template: clamav-milter/PidFile Type: string Default: /var/run/clamav/clamav-milter.pid _Description: PID file: - This option allows you to save a process identifier of the listening daemon - (main thread). + Please specify the process identifier file location for clamav-milter's + listening daemon (main thread). Template: clamav-milter/TemporaryDirectory Type: string Default: /tmp -_Description: Optional path to the global temporary directory: - If unset, $TMPDIR and $TEMP will be honored. +_Description: Global temporary directory path: + Please specify the directory for clamav-milter's temporary files. + If unset, $TMPDIR and $TEMP will be honored. Template: clamav-milter/ClamdSocket Type: string Default: unix:/var/run/clamav/clamd.ctl -_Description: Define the clamd socket to connect to for scanning: - To refer to a local unix socket using a absolute path, use unix:path (e.g., - unix:/var/run/clamd/clamd.socket). A local or remote TCP socket is specified - using the tcp:host:port syntax. The host can be a hostname or an ip address; - the ":port" field is only required for IPv6 addresses, otherwise it defaults to - 3310 (e.g., tcp:192.168.0.1). - . - This option can be repeated several times (separated by whitespace) with - different sockets or even with the same socket: clamd servers will be selected - in a round-robin fashion. +_Description: Clamd socket to connect to for scanning: + Please specify the socket to use to connect to the ClamAV daemon for + scanning purposes. Possible choices are: + unix:path : local unix socket using a absolute path. + Example: unix:/var/run/clamd/clamd.socket + tcp:host:port : local or remote TCP socket. The "host" value can be + either a hostname or an IP address. The "port" + is only required for IPv6 addresses (default: 3310). + Example: tcp:192.168.0.1 + . + You may specify multiple choices, separated by spaces. In such cases, the + clamd servers will be selected in a round-robin fashion. Template: clamav-milter/LocalNet Type: string -_Description: Exclusions - IP ranges: - Messages originating from these hosts/networks will not be scanned. This - option takes a host(name)/mask pair in CIRD notation and can be repeated - several times (separated by whitespace). If "/mask" is omitted, a host is - assumed. To specify a locally originated, non-smtp, email use the keyword - "local". +_Description: Hosts excluded from scanning: + Please specify, in CIDR notation (host(name)/mask), the hosts for + which no scanning should be performed on incoming mail. Multiple entries + should be separated by spaces. The "local" shortcut can be used to + specify locally-originated (non SMTP) email. . - If unset, everything regardless of the origin is scanned. + If this field is left empty, all incoming mail will be scanned. Template: clamav-milter/Whitelist Type: string -_Description: Exclusions - Regular expressions: - This option specifies a file which contains a list of POSIX regular - expressions. Addresses (sent to or from) matching these regexes will not be - scanned. Optionally each line can start with the string "From:" or "To:" - (note: no whitespace after the colon) indicating if it is, respectively, the - sender or recipient that is to be whitelisted. If the field is missing, "To:" - is assumed. +_Description: Mail addresses whitelist: + Please specify the path to a file which contains a list of POSIX regular + expressions to specify mail addresses for which no scanning should be + performed. + . + Eeach line in this file may start with "From:" or "To:" to + restrict whitelisting to either the sender (From:) or recipient (To:) + addresses. Without such prefix, whitelisting is restricted to + recipients (To:). . - Lines in this file starting with #, : or ! are ignored. + That file may include comments, prefixed by "#", ":" or "!" characters. Template: clamav-milter/OnClean Type: select -Choices: Accept, Reject, Defer, Blackhole, Quarantine +__Choices: Accept, Reject, Defer, Blackhole, Quarantine Default: Accept -_Description: Action to be performed on clean messages (mostly useful for testing): - The following actions are available: +_Description: Action to perform on clean messages: + Please choose the action to perform on "clean" messages: . - - Accept: The message is accepted for delievery + - Accept : the message is accepted for delivery; + - Reject : immediately refuse delievery (with a 5xx error); + - Defer : return a temporary failure message (4xx); + - Blackhole : accept the message then drop it; + (not available for OnFail) + - Quarantine: accept the message then quarantine it. With + sendmail, the quarantine queue can be examined + with "mailq -qQ". With Postfix, such mails are placed + on hold. + (not available for OnFail) . - - Reject: Immediately refuse delievery (a 5xx error is returned to the peer) - . - - Defer: Return a temporary failure message (4xx) to the peer - . - - Blackhole (not available for OnFail): Like accept but the message is sent to - oblivion - . - - Quarantine (not available for OnFail): Like accept but message is quarantined - instead of being delivered In sendmail the quarantine queue can be examined - via mailq -qQ For Postfix this causes the message to be accepted but placed - on hold + This setting is meant for testing purposes only. Template: clamav-milter/OnInfected Type: select -Choices: Accept, Reject, Defer, Blackhole, Quarantine +__Choices: Accept, Reject, Defer, Blackhole, Quarantine Default: Quarantine -_Description: Action to be performed on infected messages: +_Description: Action to perform on infected messages: + Please choose the action to perform on "infected" messages: + . + - Accept : the message is accepted for delivery; + - Reject : immediately refuse delievery (with a 5xx error); + - Defer : return a temporary failure message (4xx); + - Blackhole : accept the message then drop it; + (not available for OnFail) + - Quarantine: accept the message then quarantine it. With + sendmail, the quarantine queue can be examined + with "mailq -qQ". With Postfix, such mails are placed + on hold. + (not available for OnFail) Template: clamav-milter/OnFail Type: select -Choices: Accept, Reject, Defer, Blackhole, Quarantine +__Choices: Accept, Reject, Defer, Blackhole, Quarantine Default: Defer -_Description: Action to be performed on error conditions: - This includes failure to allocate data structures, no scanners available, - network timeouts, unknown scanner replies and the like) +_Description: Action to perform on error conditions: + Please choose the action to perform on errors such as failure to + allocate data structures, no scanners available, + network timeouts, unknown scanner replies...: + . + - Accept : the message is accepted for delivery; + - Reject : immediately refuse delievery (with a 5xx error); + - Defer : return a temporary failure message (4xx); + - Blackhole : accept the message then drop it; + (not available for OnFail) + - Quarantine: accept the message then quarantine it. With + sendmail, the quarantine queue can be examined + with "mailq -qQ". With Postfix, such mails are placed + on hold. + (not available for OnFail) Template: clamav-milter/RejectMsg Type: string _Description: Specific rejection reason for infected messages: - It is only useful together with "OnInfected Reject". The string "%v", if - present, will be replaced with the virus name. + Please specify the rejection reason that will be included in reject mails. + . + This option is only useful together with "OnInfected Reject". + . + The "%v" string may be used to include the virus name. Template: clamav-milter/AddHeader Type: boolean Default: false _Description: Add headers to processed messages? - If adding headers is enabled, "X-Virus-Scanned" and "X-Virus-Status" headers + If you choose this option, "X-Virus-Scanned" and "X-Virus-Status" headers will be attached to each processed message, possibly replacing existing - headers. + similar headers. Template: clamav-milter/LogFile Type: string Default: none -_Description: Log to file: - LogFile must be writable for the user running daemon. A full path is required. +_Description: Log file for clamav-milter: + The clamav-milter log file must be writable for the user running daemon. + You should specify a full path. . - Logging via syslog is configured independently of this entry. + Logging via syslog is configured independently of this setting. Template: clamav-milter/LogFileUnlock Type: boolean @@ -179,8 +216,9 @@ Template: clamav-milter/LogFileMaxSize Type: string Default: 1M -_Description: Maximum size of the log file (unit Mb): - Set to a value of '0' to disable the timeout. +_Description: Maximum size of the log file (MB): + Please specify the maximu size for the log file. Using "0" will + allow that file to grow indefinitely. Template: clamav-milter/LogTime Type: boolean @@ -190,13 +228,16 @@ Template: clamav-milter/LogSyslog Type: boolean Default: false -_Description: Use system logger (can work together with LogFile)? +_Description: Use system logger? + Please choose whether you want to use the system logger (syslog). That + option can be used along with logging in a dedicated file. Template: clamav-milter/LogFacility Type: string Default: LOG_LOCAL6 -_Description: Specify the type of syslog messages: - Please refer to 'man syslog' for facility names. +_Description: Type of syslog messages: + Please choose the type of syslog messages as detailed in the system + logger manpage. Template: clamav-milter/LogVerbose Type: boolean @@ -205,15 +246,21 @@ Template: clamav-milter/LogInfected Type: select -Choices: Off, Basic, Full +__Choices: Off, Basic, Full Default: Off -_Description: What should be logged when a message is infected: - Possible values are Off (the default - nothing is logged), Basic (minimal info - logged), Full (verbose info logged) +_Description: Information to log on infected messages: + Please choose the level of information that will be logged when infected + messages are found: + - Off : no logging; + - Basic: minimal information; + - Full : verbose information. Template: clamav-milter/MaxFileSize Type: string Default: 25M -_Description: Messages larger than this value won't be scanned (unit Mb): - Make sure this value is lower than StreamMaxLength in clamd.conf - +_Description: Size limit for scanend messages (MB): + Please specify the maximum size for scanned messages. Messages bigger than + this limit will not be scanned. + . + You should check that this value is lower than the value of "StreamMaxLength" + in the clamd.conf file.
Attachment:
signature.asc
Description: Digital signature