[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Request for review of new debconf questions (clamav)

Hi dle-team,

As pointed out by bubulle my initial set of questions for clamav-milter (part of
the ClamAV package, which is now configurable via debconf) was severely broken.
I've tried to fix the major problems, but there might still be some technical
issues, and surely there is room for improvement in terms of wording and

I'd be grateful if the attached new debconf questions could be reviewed. There
is no deadline from our the clamav maintainer's perspective. Once the review is
finished I'll send out call for translations.

Thanks a lot,

Template: clamav-milter/debconf
Type: boolean
Default: true
_Description: Handle the configuration file automatically?
 Some options must be configured for clamav-milter.
 The ClamAV suite won't work if it isn't configured. If you do not
 configure it automatically, you'll have to configure
 /etc/clamav/clamav-milter.conf manually or run 'dpkg-reconfigure clamav-milter'
 later. In any case, manual changes in /etc/clamav/clamav-milter.conf will
 be respected.

Template: clamav-milter/MilterSocket
Type: string
Default: /var/run/clamav/milter.ctl
_Description: Define the interface through to communicate with sendmail:
 Possible formats are:
 Unix domain socket: [[unix|local]:]/path/to/file
 IPv4 socket: inet:port@[hostname|ip-address]
 IPv6 socket: inet6:port@[hostname|ip-address]

Template: clamav-milter/FixStaleSocket
Type: boolean
Default: true
_Description: Remove stale socket after unclean shutdown?

Template: clamav-milter/User
Type: string
Default: clamav
_Description: User to run clamav-milter as:
 It is recommended to run the ClamAV programs as a non-privileged user.
 This will work with most MTAs with a little tweaking, but if you want to
 use clamd for filesystem scans, running as root is probably unavoidable.
 Please see README.Debian in the clamav-base package for details.

Template: clamav-milter/AddGroups
Type: string
_Description: Groups for clamav-milter (space-separated):
 By default, clamav-milter runs as a non-privileged user. If you need
 clamav-milter to be able to access files owned by another user (e.g., in
 combination with an MTA), then you will need to add clamav to the group for
 that piece of software. Please see README.Debian in the clamav-base package for

Template: clamav-milter/ReadTimeout
Type: string
Default: 120
_Description: Waiting for data from clamd will timeout after this time (seconds):
 Set to a value of '0' to disable the timeout.

Template: clamav-milter/Foreground
Type: boolean
Default: false
_Description: Stay in foreground (don't fork)?

Template: clamav-milter/Chroot
Type: string
_Description: Chroot to directory:
 Chrooting is performed just after reading the config file and before dropping
 privileges. An empty value means don't chroot.

Template: clamav-milter/PidFile
Type: string
Default: /var/run/clamav/clamav-milter.pid
_Description: PID file:
 This option allows you to save a process identifier of the listening daemon
 (main thread).

Template: clamav-milter/TemporaryDirectory
Type: string
Default: /tmp
_Description: Optional path to the global temporary directory:
  If unset, $TMPDIR and $TEMP will be honored.

Template: clamav-milter/ClamdSocket
Type: string
Default: unix:/var/run/clamav/clamd.ctl
_Description: Define the clamd socket to connect to for scanning:
 To refer to a local unix socket using a absolute path, use unix:path (e.g.,
 unix:/var/run/clamd/clamd.socket). A local or remote TCP socket is specified
 using the tcp:host:port syntax. The host can be a hostname or an ip address;
 the ":port" field is only required for IPv6 addresses, otherwise it defaults to
 3310 (e.g., tcp:
 This option can be repeated several times (separated by whitespace) with
 different sockets or even with the same socket: clamd servers will be selected
 in a round-robin fashion.

Template: clamav-milter/LocalNet
Type: string
_Description: Exclusions - IP ranges:
 Messages originating from these hosts/networks will not be scanned.  This
 option takes a host(name)/mask pair in CIRD notation and can be repeated
 several times (separated by whitespace). If "/mask" is omitted, a host is
 assumed.  To specify a locally originated, non-smtp, email use the keyword
 If unset, everything regardless of the origin is scanned.

Template: clamav-milter/Whitelist
Type: string
_Description: Exclusions - Regular expressions:
 This option specifies a file which contains a list of POSIX regular
 expressions. Addresses (sent to or from) matching these regexes will not be
 scanned.  Optionally each line can start with the string "From:" or "To:"
 (note: no whitespace after the colon) indicating if it is, respectively, the
 sender or recipient that is to be whitelisted.  If the field is missing, "To:"
 is assumed.
 Lines in this file starting with #, : or ! are ignored.

Template: clamav-milter/OnClean
Type: select
Choices: Accept, Reject, Defer, Blackhole, Quarantine
Default: Accept
_Description: Action to be performed on clean messages (mostly useful for testing):
 The following actions are available:
 - Accept: The message is accepted for delievery
 - Reject: Immediately refuse delievery (a 5xx error is returned to the peer)
 - Defer: Return a temporary failure message (4xx) to the peer
 - Blackhole (not available for OnFail): Like accept but the message is sent to
 - Quarantine (not available for OnFail): Like accept but message is quarantined
   instead of being delivered In sendmail the quarantine queue can be examined
   via mailq -qQ For Postfix this causes the message to be accepted but placed
   on hold

Template: clamav-milter/OnInfected
Type: select
Choices: Accept, Reject, Defer, Blackhole, Quarantine
Default: Quarantine
_Description: Action to be performed on infected messages:

Template: clamav-milter/OnFail
Type: select
Choices: Accept, Reject, Defer, Blackhole, Quarantine
Default: Defer
_Description: Action to be performed on error conditions:
 This includes failure to allocate data structures, no scanners available,
 network timeouts, unknown scanner replies and the like)

Template: clamav-milter/RejectMsg
Type: string
_Description: Specific rejection reason for infected messages:
 It is only useful together with "OnInfected Reject".  The string "%v", if
 present, will be replaced with the virus name.

Template: clamav-milter/AddHeader
Type: boolean
Default: false
_Description: Add headers to processed messages?
 If adding headers is enabled, "X-Virus-Scanned" and "X-Virus-Status" headers
 will be attached to each processed message, possibly replacing existing

Template: clamav-milter/LogFile
Type: string
Default: none
_Description: Log to file:
 LogFile must be writable for the user running daemon.  A full path is required.
 Logging via syslog is configured independently of this entry.

Template: clamav-milter/LogFileUnlock
Type: boolean
Default: false
_Description: Disable log file locking?
 By default the log file is locked for writing.  The lock protects against
 running clamav-milter multiple times.  This option disables log file locking.

Template: clamav-milter/LogFileMaxSize
Type: string
Default: 1M
_Description: Maximum size of the log file (unit Mb):
 Set to a value of '0' to disable the timeout.

Template: clamav-milter/LogTime
Type: boolean
Default: false
_Description: Log time with each message?

Template: clamav-milter/LogSyslog
Type: boolean
Default: false
_Description: Use system logger (can work together with LogFile)?

Template: clamav-milter/LogFacility
Type: string
Default: LOG_LOCAL6
_Description: Specify the type of syslog messages:
 Please refer to 'man syslog' for facility names.

Template: clamav-milter/LogVerbose
Type: boolean
Default: false
_Description: Enable verbose logging?

Template: clamav-milter/LogInfected
Type: select
Choices: Off, Basic, Full
Default: Off
_Description: What should be logged when a message is infected:
 Possible values are Off (the default - nothing is logged), Basic (minimal info
 logged), Full (verbose info logged)

Template: clamav-milter/MaxFileSize
Type: string
Default: 25M
_Description: Messages larger than this value won't be scanned (unit Mb):
 Make sure this value is lower than StreamMaxLength in clamd.conf

Attachment: pgpfSfj9byGen.pgp
Description: PGP signature

Reply to: