**cyr_virusscan**
*****************

Scan for viruses using configured virus scanner or manage infected
messages using search criteria.


Synopsis
========

   **cyr_virusscan** [ **-C** *config-file* ] [ **-s** *imap-search-string* ] [ **-r** [ **-n**] ] [**-v**] [ *mboxpattern1* ... ]


Description
===========

**cyr_virusscan** can be used to invoke an external virus scanner
(currently only ClamAV is supported) to scan specified IMAP mailboxes.
If no mboxpattern is given, **cyr_virusscan** works on all mailboxes.

Alternately, with the **-s** option, the IMAP SEARCH string will be
used as a specification of messages which are *assumed* to be
infected, and will be treated as such.  The virus scanner is not
invoked. Useful for removing messages without a distinct signature,
such as Phish.

A table of infected messages will be output.

To remove infected messages, use the **-r** flag. Infected messages
will be expunged from the user's mailbox.

With the notify flag, **-n**, notifications will be appended to the
inbox of the mailbox owner, containing message digest information for
the affected mail. This flag only works in combination with **-r**.
The notification message can by customised by template, for details
see Notifications below.

**cyr_virusscan** can be configured to run periodically by cron(8) via
crontab(5) or your preferred method (i.e. /etc/cron.hourly), or by
master(8) via the EVENTS{} section in cyrus.conf(5).

**cyr_virusscan** reads its configuration options out of the
imapd.conf(5) file unless specified otherwise by **-C**.

Note that Cyrus does not ship with any virus scanners: you need to
install one separately to make use of it with Cyrus.


Options
=======

-C config-file

   Use the specified configuration file *config-file* rather than the
   default imapd.conf(5).

-n

   Notify mailbox owner of deleted messages via email.  This flag is
   only operable in combination with **-r**.

-r

   Remove infected messages.

-s imap-search-string

   Rather than scanning for viruses, messages matching the search
   criteria will be treated as infected.

-v

   Produce more verbose output


Notifications
=============

When the **-n** flag is provided, notifications are sent to mailbox
owners when infected messages are removed.  One notification is sent
per owner, containing a digest of each message that was deleted from
any of their mailboxes.

The default notification subject is "Automatically deleted mail",
which can be overridden by setting "virusscan_notification_subject" in
imapd.conf(5) to a UTF-8 value.

Each infected message will be described according to the following
template:

   The following message was deleted from mailbox '%MAILBOX%'
   because it was infected with virus '%VIRUS%'

       Message-ID: %MSG_ID%
       Date: %MSG_DATE%
       From: %MSG_FROM%
       Subject: %MSG_SUBJECT%
       IMAP UID: %MSG_UID%

To use a custom template, create a UTF-8 file containing your desired
text and using the same %-delimited substitutions as above, and set
the "virusscan_notification_template" option in imapd.conf(5) to its
path.

The notification message will be properly MIME-encoded at delivery. Do
not pre-encode the template file or the subject!

When **cyr_virusscan** starts up, if notifications have been requested
(with the **-n** flag), a basic sanity check of the template will be
performed prior to initialising the antivirus engine.  If it appears
that the resultant notifications would be undeliverable for some
reason, **cyr_virusscan** will exit immediately with an error, rather
than risk deleting messages without notifying.


Examples
========

   **cyr_virusscan**

   Scan all mailboxes, printing report on the screen.  Do not remove
   infected messages.

   **cyr_virusscan** -r -n user/bovik

   Scan mailbox *user/bovik*, removing infected messages and append
   notifications to Bovik's inbox.

   **cyr_virusscan** -r -n -s 'SUBJECT "Fedex"' user/bovik

   Search mailbox user/bovik for messages which have Fedex in the
   subject line, removing them all, and appending notifications to
   Bovik's inbox.


History
=======

Virus scan support was first introduced in Cyrus version 3.0.


Files
=====

/etc/imapd.conf


See Also
========

imapd.conf(5), master(8), ClamAV
