Index: p3scan-2.3.2/p3scan.c
===================================================================
--- p3scan-2.3.2.orig/p3scan.c	2012-05-21 08:38:32.000000000 -0700
+++ p3scan-2.3.2/p3scan.c	2012-05-21 08:38:32.000000000 -0700
@@ -61,6 +61,7 @@
 #include <syslog.h>
 #include <sys/param.h>
 #include <ctype.h>
+#include <linux/types.h>
 #include <linux/netfilter_ipv4.h>
 #include <malloc.h>
 #include <getopt.h>
@@ -742,7 +743,7 @@
       /* Only rename non-infected attachments */
       len=strlen(config->virusdir)+strlen(NEWMSG);
       snprintf(newmsg, len, "%s%s", config->virusdir,NEWMSG);
-      if ((spamfd=open(newmsg,O_WRONLY | O_CREAT | O_TRUNC,  S_IRUSR | S_IWUSR))<0){
+      if ((spamfd=open(newmsg,O_WRONLY | O_CREAT | O_TRUNC,  S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP))<0){
          p->errmsg=1;
          do_log(LOG_ALERT, "ERR: Can't create newmsg!");
          return SCANNER_RET_CRIT;
@@ -799,7 +800,7 @@
    if (config->demime){
       /* extract MIME Parts into maildir */
       do_log(LOG_DEBUG, "DeMIMEing to %s", p->maildir);
-      viret = mkdir(p->maildir, S_IRWXU);
+      viret = mkdir(p->maildir, S_IRWXU | S_IRGRP | S_IXGRP);
       if ((viret == -1)&&(errno != EEXIST)){
          do_log(LOG_CRIT, "ERR: Cannot create directory '%s' (%s). Can't scan mail.\n",
          p->maildir, strerror(errno));
@@ -876,7 +877,7 @@
       do_log(LOG_DEBUG, "Checking for spam");
       len=strlen(config->virusdir)+strlen(NEWMSG);
       snprintf(newmsg, len, "%s%s", config->virusdir,NEWMSG);
-      if ((spamfd=open(newmsg,O_WRONLY | O_CREAT | O_TRUNC,  S_IRUSR | S_IWUSR))<0){
+      if ((spamfd=open(newmsg,O_WRONLY | O_CREAT | O_TRUNC,  S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP))<0){
          do_log(LOG_ALERT, "ERR: Can't create newmsg!");
          p->errmsg=1;
          return SCANNER_RET_CRIT;
@@ -954,7 +955,7 @@
       /* Do not parse infected mail as client will not see it anyway. */
       len=strlen(config->virusdir)+strlen(NEWMSG);
       snprintf(newmsg, len, "%s%s", config->virusdir,NEWMSG);
-      if ((htmlfd=open(newmsg,O_WRONLY | O_CREAT | O_TRUNC,  S_IRUSR | S_IWUSR))<0){
+      if ((htmlfd=open(newmsg,O_WRONLY | O_CREAT | O_TRUNC,  S_IRUSR | S_IWUSR |S_IRGRP | S_IWGRP))<0){
          p->errmsg=1;
          do_log(LOG_ALERT, "ERR: Can't create newmsg!");
          return SCANNER_RET_CRIT;
@@ -2064,6 +2065,14 @@
                /* mail is complete */
                error=0;
                close(scanfd);
+               /* make the temp file group readable - needed when
+                * virus scanner is not running as the same user as
+                * p3scan */
+               if (chmod(p->mailfile, S_IRUSR | S_IWUSR | S_IRGRP) < 0) {
+                   do_log(LOG_WARNING,
+                           "Unable to make file '%s' group readable",
+                           p->mailfile);
+               }
                do_log(LOG_DEBUG, "got '.\\r\\n', mail is complete.");
                if (p->ismail==2) closehdrfile(p);
                p->ismail=4;
@@ -2931,7 +2940,8 @@
       do_log(LOG_NOTICE, "Changing uid (we are root)");
       pws = getpwnam(config->runasuser);
       if (pws == NULL) do_log(LOG_EMERG,"ERR: Unknown User '%s'",config->runasuser);
-      setuid(pws->pw_uid);
+      if (setgid(pws->pw_gid) == -1) do_log(LOG_EMERG, "Can't change to group of user %s (%i.%i)", config->runasuser, pws->pw_uid, pws->pw_gid);
+      if (setuid(pws->pw_uid) == -1) do_log(LOG_EMERG, "Can't change to user %s (%i)", config->runasuser, pws->pw_uid);
    }
    cuid=getuid();
    pws = getpwuid(cuid);
@@ -3059,7 +3069,7 @@
             config->emergency="Error calling clean child directory!";
             do_log(LOG_EMERG, "ERR: Error calling clean child directory!");
          }
-         if((mkdir (config->virusdir, S_IRWXU)<0)){
+         if((mkdir (config->virusdir, S_IRWXU | S_IRGRP | S_IXGRP)<0)){
             config->emergency=make_message("Could not create virusdir %s", config->virusdir);
             do_log(LOG_EMERG,"ERR: Could not create virusdir %s",config->virusdir);
          }
Index: p3scan-2.3.2/p3scan.8
===================================================================
--- /dev/null	1970-01-01 00:00:00.000000000 +0000
+++ p3scan-2.3.2/p3scan.8	2012-05-21 08:38:32.000000000 -0700
@@ -0,0 +1,301 @@
+.TH p3scan 8 "November 6, 2005" "v2.3.0"
+.SH NAME
+p3scan \- fully transparent proxy scanning server for POP3 and SMTP
+.SH SYNOPSIS
+.nf
+.fam C
+
+\fBp3scan\fP [\fIoptions\fP]
+.fam T
+.fi
+.SH DESCRIPTION
+p3scan is a fully transparent proxy scanning server for POP3, SMTP, and limited
+POP3S email clients. It runs on a Linux box with iptables (for port redirection).
+
+It implements a centralized email scanning point, transparently inspecting
+messages fetched by internal network hosts from servers "in the wild"
+(the Internet) for viruses, worms, trojans, spam and potentially dangerous
+attachments. Since HTML email can be used by spammers to validate the recipient
+address (via Web Bugs) p3scan can also provide HTML stripping by using the
+associated p3pmail (or other) program.
+
+It can also inspect outgoing SMTP messages for virus's.
+
+p3scan can help you in protecting your "Other OS" LAN especially if used
+synergically with a firewall and other proxy servers.
+
+.SH OPTIONS
+.TP
+.B
+-a, --renattach=FILE
+Specify location of renattach if wanted
+.TP
+.B
+-A, --altvnmsg
+Creates a copy of 'template=FILE' for manipulation
+prior to use. /var/spool/p3scan/children/<pid>/vnmsg
+.TP
+.B
+-b, --bytesfree=NUM
+Number (in KBytes) that should be available before we
+can process messages. If not enough, report it and die.
+.TP
+.B
+-B, --broken
+Enable broken processing (some Outlook/Outlook Express clients).
+.TP
+.B
+-c, --viruscode=N[,N]
+The code(s) the scanner returns when a virus is found
+.TP
+.B
+-C, --checksize=NUM
+Number (in KBytes) of the maximum smtp message size.
+.TP
+.B
+-d, --debug
+Turn on debugging. See /etc/p3scan/p3scan.conf for recommended
+debug procedure.
+.TP
+.B
+-e, --extra
+Extra notification of recipient's email address
+.TP
+.B
+-f, --configfile=FILE
+Specify a configfile
+Default is /etc/p3scan/p3scan.conf
+.TP
+.B
+-F, --footer=CMD
+Specify a command to get the version info of your scanner
+if using the smtp footer feature file /etc/p3scan/p3scan.footer
+.TP
+.B
+-g, --virusregexp=RX
+Specify a RegularExpression which describes where to
+get the name of the virus. The first substring is
+used, or if regexp ends with /X the X substring
+.TP
+.B
+-G  --goodcode
+The codes that enable the message to be delivered without a
+warning. For example Kaspersky AV reports code 10 for an
+encrypted .zip file
+.TP
+.B
+-h, --help
+Prints this text
+.TP
+.B
+-i, --ip=IP
+Listen only on IP <IP>. Default: ANY
+.TP
+.B
+-I, --targetip=IP
+Connect only to IP <IP>. Default: use transparent-proxy
+.TP
+.B
+-j, --justdelete
+Just delete infected mail after reporting infection
+.TP
+.B
+-k, --checkspam
+Turn on Spam Checking
+.TP
+.B
+-K, --emergcon
+Emergency Contact email address to be notified in event
+of program termination like no disk space.
+.TP
+.B
+-l, --pidfile=FILE
+Specify where to write a pid-file
+.TP
+.B
+-L, --sslport=PORT
+Use SSL on connections to port <PORT>. Default 995
+.TP
+.B
+-m, --maxchilds=NUM
+Allow not more then NUM childs
+.TP
+.B
+-M, --ispspam
+Specify a line used by your ISP to mark Spam
+For example, cox.net uses -- Spam --
+.TP
+.B
+-n, --notifydir=DIR
+Create notification mails in <DIR>
+Default: /var/spool/p3scan/notify
+Also used for temporary storage.
+.TP
+.B
+-N, --notify
+Change infected file status line
+.TP
+.B
+-o, --overwrite
+Specify path to HTML parsing program executable.
+Default none
+.TP
+.B
+-O, --timeout=NUM
+Specify seconds to use for timeout notification.
+.TP
+.B
+-p, --port=PORT
+Listen on port <PORT>. Default: 8110
+.TP
+.B
+-P, --targetport=PORT
+Connect to port <PORT>. Default: 8110
+Ignored in transparent proxy mode
+.TP
+.B
+-q, --quiet
+Turn off normal reporting
+.TP
+.B
+-r, --virusdir=DIR
+Save infected mails in <DIR>
+Default: /var/spool/p3scan
+.TP
+.B
+-R, --smtprset
+Change smtp reject message line
+.TP
+.B
+-s, --scanner=FILE
+Specify the scanner. Every scannertype handles this
+in a specific way. This could be the scanner-
+executable or a FIFO, Socket, ...
+.TP
+.B
+-S, --subject=TEXT
+Change virus reporting subject line
+.TP
+.B
+-t, --template=FILE
+Use virus-notification-template <FILE>
+.TP
+.B
+-T, --scannertype=T
+Define which buildin scanner-frontend to use.
+Supported types:
+  basic: Basic file invocation scanner
+   avpd: Kaspersky AVPDaemon
+trophie: Trophie antivirus daemon (for Trend Antivirus)
+.TP
+.B
+-u, --user=[UID|NAME]
+Run as user <UID>. Default: mail
+Only takes effect when started as superuser
+.TP
+.B
+-U, --useurl
+Parse username for destination "username#url:port" vice using iptables redirection.
+.TP
+.B
+-v, --version
+Prints version information
+.TP
+.B
+-x, --demime
+eXtract all MIME-Parts before scanning
+.TP
+.B
+-X, --Xtra mail program=FILE
+Xtra notification reciept mail program. Default: /bin/mail
+.TP
+.B
+-z, --spamcheck=FILE
+Specify path to Spam Checking program executable
+Default /usr/bin/spamc (Mail::SpamAssassin)
+.RE
+.PP
+.SH DIRECTORIES/FILES
+
+.nf
+.fam C
+/etc/p3scan
+/var/run/p3scan
+/var/spool/p3scan
+/var/spool/p3scan/children
+/var/spool/p3scan/notify
+/usr/doc/p3scan-<version>/AUTHORS
+/usr/doc/p3scan-<version>/ChangeLog
+/usr/doc/p3scan-<version>/CONTRIBUTERS
+/usr/doc/p3scan-<version>/LICENSE
+/usr/doc/p3scan-<version>/NEWS
+/usr/doc/p3scan-<version>/README
+/usr/doc/p3scan-<version>/README-ripmime
+/usr/doc/p3scan-<version>/README-rpm
+/usr/doc/pscan-<version>/TODO.list
+/usr/doc/p3scan-<version>/spamfaq.html
+/usr/doc/p3scan-<version>/spamfaq.txt
+/usr/man/man8/p3scan.8.gz
+/usr/man/man8/p3scan_readme.8.gz
+
+/etc/p3scan/p3scan.conf
+  Configuration file
+/etc/p3scan/p3scan.mail
+  Symlink to the email message templates sent to client in event
+  a virus is found. You can create a symlink, or copy a language
+  file p3scan-??.mail for any language provided. If you translate
+  a mail file into your own language, please consider contributing
+  it to the project so that others may enjoy your work.
+/etc/p3scan/p3scan-??.mail
+/etc/p3scan/p3scan-??-??.mail
+  Email templates for specific languages.
+/etc/p3scan/p3scan.footer (optional)
+  This file is used to add the virus definition info from your scanner
+  to an smtp message. It will only be added as a footer if the message
+  is not signed cryptographically and is only a text message.
+  It is used in conjunction with the "footer" option in the
+  following fashion:
+
+  1) If file does not exist and "footer" is defined:
+     No footer information will added to outgoing messages, but the p3scan
+     version and scanner info will be added to the header.
+
+  2) If file exists but blank and "footer" is defined:
+     P3Scan version/host info and scanner info will be added to end of
+     message and header.
+
+  3) If file contains information and "footer" is defined:
+     All lines of this file will be added to the end of the smtp message and
+     then p3scan version/host info and scanner info will be appended.
+
+  4) If file does not exist and "footer" is not defined:
+     P3Scan will only insert p3scan version info into the header.
+/usr/sbin/p3scan
+  Executable program file
+/var/run/p3scan/p3scan.pid
+  This file is written when p3scan is running.
+/var/spool/p3scan/children/$FILES
+  Each email scanned is manipulated in this directory
+/var/spool/p3scan/notify/$FILES
+  When a virus is found, the email sent to the client is generated here.
+
+.fam T
+.fi
+.SH SEE ALSO
+.TP
+.B
+p3scan_readme /etc/p3scan/p3scan.conf /etc/p3scan/p3scan.mail dspam spamc spamd renattach p3pmail
+.SH BUGS/SUPPORT
+.nf
+.fam C
+Please report any bugs to the \fBp3scan\fP support mailing list accessable through:
+http://sourceforge.net/projects/\fBp3scan\fP
+.fam T
+.fi
+.SH AUTHORS
+.nf
+.fam C
+Jack S. Lai <laitcg at cox dot net>
+and contributers (see CONTRIBUTERS file).
+.fam T
+.fi
Index: p3scan-2.3.2/p3scan.conf
===================================================================
--- p3scan-2.3.2.orig/p3scan.conf	2012-05-21 08:38:32.000000000 -0700
+++ p3scan-2.3.2/p3scan.conf	2012-05-21 08:38:32.000000000 -0700
@@ -7,42 +7,6 @@
 #                                                                        #
 ##########################################################################
 
-/*
- * P3Scan v2.3.2
- *
- * (C) 2003-2005 by Jack S. Lai <laitcg@cox.net>
- *
- * It's intent is to provide a follow on program to POP3-Virusscan-Proxy 0.4
- * by Folke Ashberg <folke@ashberg.de>.
- *
- * It is based upon his program but provides numerous changes to include
- * scanning pop3 mail for spam, hardening the program, addaption to todays
- * email environment, and many other changes.
- *
- * The initial release of p3scan includes patches made and submitted to the
- * original project but were never incorporated. Please see the README for
- * further information.
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
- *
- * This program is released under the GPL with the additional exemption that
- * compiling, linking, and/or using OpenSSL is allowed."
- * (http://www.openssl.org/support/faq.html#LEGAL2)
- *
- */
-
 #
 # PID File
 #
@@ -50,7 +14,7 @@
 #
 #   default: /var/run/p3scan/p3scan.pid
 #
-# pidfile = /var/run/p3scan/p3scan.pid
+pidfile = /var/run/p3scan/p3scan.pid
 
 #
 # Max Child's
@@ -61,14 +25,14 @@
 #
 #   default: 10
 #
-# maxchilds = 10
+maxchilds = 10
 
 #
 # IP Address
 #
 #   The IP Address we listen on default: 0.0.0.0 (any address)
 #
-# ip = 0.0.0.0
+ip = 0.0.0.0
 
 #
 # Port
@@ -80,7 +44,7 @@
 #
 #   default: 8110
 #
-# port = 8110
+port = 8110
 
 #
 # TargetIP, TargetPort
@@ -129,7 +93,7 @@
 #
 #   default: mail
 #
-# user = mail
+user = p3scan
 
 #
 # Notify Directory
@@ -137,7 +101,7 @@
 #   Create notification mails in <DIR>. Also used for temporary storage.
 #
 #  default: /var/spool/p3scan/notify
-# notifydir = /var/spool/p3scan/notify
+notifydir = /var/spool/p3scan/notify
 
 #
 # Virus Directory
@@ -148,7 +112,7 @@
 #
 #   default: /var/spool/p3scan
 #
-# virusdir = /var/spool/p3scan
+virusdir = /var/spool/p3scan
 
 #
 # Just Delete
@@ -292,6 +256,10 @@
 #
 #     Un-comment appropriate options below.
 #     Use default scannertype = basic
+
+scannertype = basic
+
+
 #
 #   Clam Anti-Virus: http://www.clamav.net
 #
@@ -355,6 +323,9 @@
 # Sample: scannertype bash using p3scan.sh for testing:
 # scanner = /usr/local/sbin/p3scan.sh
 
+scanner = /usr/bin/clamdscan --no-summary
+
+
 #
 # Scanner Returncode
 #
@@ -402,7 +373,7 @@
 # Sample: FRISK F-Prot Antivirus
 # virusregexp = (?=Infection\:)[[:space:]]*(.*)$
 # Sample: ClamAV
-# virusregexp = .*: (.*) FOUND
+#virusregexp = .*: (.*) FOUND
 
 #
 # deMIME Setting
@@ -412,7 +383,7 @@
 #   natively handle email attachments.
 #
 #   default: <no demime>
-# demime
+#demime
 
 #
 # Broken email clients
@@ -509,7 +480,7 @@
 #
 #  default: none
 #
-# renattach = /usr/local/bin/renattach
+#renattach = /usr/bin/renattach
 
 #
 # Overwrite (disable) HTML
@@ -527,18 +498,6 @@
 # overwrite = /usr/bin/p3pmail
 
 #
-# Debug
-#
-#   Turn on debugging. The recommended debug procedure is to
-#   call p3scan as follows:
-#      p3scan -d > debug 2>&1
-#   This will trap debug information to the file "debug".
-#   You can then monitor it with a 'tail' command.
-#
-#   default: off
-# debug
-
-#
 # Quiet
 #
 #   Disable reporting of normal operating messages. Only report errors
Index: p3scan-2.3.2/p3scan_readme.8
===================================================================
--- /dev/null	1970-01-01 00:00:00.000000000 +0000
+++ p3scan-2.3.2/p3scan_readme.8	2012-05-21 08:38:32.000000000 -0700
@@ -0,0 +1,365 @@
+.TH p3scan_readme 8 "November 6, 2005" "v2.3.0"
+.SH NAME
+p3scan_readme \- readme for the p3scan tool
+.SH DESCRIPTION
+This is a fully transparent proxy-server for POP3, SMTP, and limited POP3S
+Clients. It runs on a Linux box with iptables (for port re-direction).
+.PP
+It can be used to provide email scanning from/to the internet, to/from any
+internal network and is ideal for helping to protect your "Other OS" LAN from
+harm, especially when used synergically with a firewall and other Internet
+Proxy servers.
+.PP
+It is designed to enable scanning of email messages for Viruses, Worms,
+Trojans, Spam (read as "Un-solicited Bulk Email"), and harmfull attachments.
+Because viewing HTML mail can enable a "Spammer" to validate an email address
+(via web bugs), it can also provide dangerous HTML tag stripping.
+.SH OVERVIEW
+It works typically in situations where the linux box lies between the network
+you wish to protect and the "outer world".
+.PP
+You have to set up a port redirection rule with iptables (see "IP-Tables / Port
+redirecting") so that all connections from e.g. inside your office to any POP3,
+POP3S, and SMTP server outside in the world will not leave your router, but come
+to a local port, on which P3Scan listens.
+.PP
+P3Scan receives the original destination address of the "outer world" server
+from the Linux kernel and connects to that address.
+.PP
+Anything received from the client will be sent to the server, and vice versa
+but with a little enhancement: when a message is sent from the server it's
+parsed, stored into a file, and scanned. If a virus is found a virus
+notification is sent instead of the original infected message, which can be
+quarantined or optionally deleted. If the message is destined for a server and
+a virus is found, the client will be notified that the server rejected their
+message due to a virus.
+.PP
+The message can also be scanned for spam, have potentially dangerous
+attachments renamed, and have potentially malicious HTML parts
+stripped. In the case of incoming messages, this is performed in the following order:
+
+.nf
+.fam C
+Attachments are scanned/renamed/deleted (optional)
+The message is scanned for virus's
+The message is scanned for SPAM (optional)
+The message is parsed for web bugs (optional)
+.fam T
+.fi
+.PP
+It should be possible to use any virus scanner using the scannertype=basic
+configuration option. Known to work with this scanner are FRISK F-Prot and
+Clam Anti Virus scanners.
+.PP
+P3Scan provides other scannertype's for scanning using Kaspersky, Trophie,
+Clam (TCP) Anti-Virus Daemon's and also a bash script. Any C programmer can
+easily adapt p3scan for other scan-daemons.
+.PP
+Neither the client nor the server has to be configured. None of them will ever
+notice that there's a mail scanner. From the server point of view the incoming
+connections are from the linux box IP. From the client point of view the only
+evidence of the presence of p3scan are virus notifications and some additional
+X-headers.
+.SH REQUIREMENTS
+.nf
+.fam C
+iptables - Normally installed by default on major Linux Distributions.
+   http://www.netfilter.org
+libpcre - Normally installed by default on major Linux Distributions.
+   http://www.pcre.org
+ripmime - Needed if your virus scanner does not support email.
+   http://www.pldaniels.com/ripmime/
+An Anti-Virus program
+   P3Scan is known to work with:
+      Kaspersky Anti-Virus for Linux (AVPD)
+         http://www.kaspersky.com/
+      Trophie Anti-Virus Daemon
+         http://www.vanja.com/tools/trophie/
+      FRISK F-Prot Antivirus
+         http://www.f-prot.com/
+      Clam Anti-Virus
+         http://www.clamav.net/
+      F-Secure Anti-Virus
+         http://www.f-secure.com/
+   Any other virus scanner that can output it's report to the console (stdout) so that it can be captured with "2>&1".
+DSPAM (optional) - http://www.nuclearelephant.com/projects/dspam/
+Mail::SpamAssassin (optional) - http://www.spamassassin.org
+renattach (optional) - http://www.pc-tools.net/unix/renattach/
+p3pmail (optional) - http://p3scan.sourceforge.net/#p3pmail
+.fam T
+.fi
+.PP
+Kernel:
+The following kernel-parameters have to be enabled to get P3Scan to work.
+If you have no clue about kernel-compiling, then here is some good news:
+Most of Linux Distributions (with kernel 2.4.x or greater) support what
+we need by default. However, if your distribution does not have it, please
+read your system documentation on how to add it to your kernel.
+.PP
+.nf
+.fam C
+   -CONFIG_NETFILTER=y
+   -CONFIG_IP_NF_IPTABLES=[y/m]
+   -CONFIG_IP_NF_TARGET_REDIRECT=[y/m]
+
+.fam T
+.fi
+.SH COMPILATION
+
+Change to the directory where you untar'ed the program and make any system
+specific changes as needed to the "user options" area of the Makefile,
+then as user:
+$ make
+and as root (su root)
+# make install
+.PP
+The only binary will be copied to /usr/sbin/p3scan.
+.PP
+Make install will also copy p3scan.conf and the p3scan-xx.mail files into
+/etc/p3scan while creating directories /etc/p3scan, /var/run/p3scan,
+/var/spool/p3scan, /var/spool/p3scan/children, and /var/spool/p3scan/notify.
+It will also create a symbolic link of /etc/p3scan/p3scan.mail to the language
+file specified in the Makefile.
+.PP
+After this, you must prepare your configuration file as described below.
+.PP
+Preparing / Manual Configuration:
+.PP
+If you decide not to use "make install" (for example, you don't want gcc on
+your firewall machine where p3scan is going to run). Please ensure the
+following directories are created and that they are owned and
+readable/writable by only the user "mail" (default).
+.PP
+As root, create the following directories:
+# mkdir /etc/p3scan
+# mkdir /var/run/p3scan
+# mkdir -p /var/spool/p3scan/children
+# mkdir -p /var/spool/p3scan/notify
+.PP
+Make them "owned" by the user "mail" (default):
+# chown mail.mail /etc/p3scan
+# chown mail.mail /var/run/p3scan
+# chown -R mail.mail /var/spool/p3scan
+.PP
+Then make them read/write by only our user:
+# chmod 700 /etc/p3scan
+# chmod 700 /var/run/p3scan
+# chmod -R 700 /var/spool/p3scan
+.PP
+If you don't have the user "mail" and do not know how to create this user,
+please see your operating systems documentation on how to create a user.
+.PP
+Change the symlink /etc/p3scan/p3scan.mail if you wish (this points to the
+template which is sent instead of a virus). If you use any special character
+(like German-umlauts) don't forget to set the charset to "utf8"
+(charset="utf8" vice charset="iso-8859-1"). Also, ensure the leading dot at
+the end of the file is there and has a carriage return after the dot.
+.SH CONFIGURATION
+
+The configuration file defaults to /etc/p3scan/p3scan.conf
+.PP
+This file is a mixture of configuration data and documentation and MUST be
+modified to work correctly upon initial installation. You must specify
+AT LEAST how to call your anti-virus program and how to extract the virus
+name (if one is found).
+.PP
+The purpose of p3scan is to provide virus protection to an internal network.
+So, not having a virus scanner is not an option. That being said, if you still
+do not want a virus scanner enabled, you can just set the scannertype/scanner
+to basic/"/usr/bin/cat".
+.PP
+Currently, the default configuration is as follows (see p3scan.conf for more
+info):
+.PP
+.nf
+.fam C
+   The PID file is stored in: pidfile = /var/run/p3scan/p3scan.pid
+   The maximum simultaneous scans is: maxchilds = 10
+   We listen to any address: ip = 0.0.0.0
+   We listen only on: port = 8110
+   targetip and targetport are disabled.
+   We extract destination url:port from iptables redirected packets.
+   We run as: user = mail
+   We create notification mails in: notifydir = /var/spool/p3scan/notify
+      before sending.
+   We default to storing infected messages in: virusdir = /var/spool/p3scan
+   We keep infected mail.
+      "justdelete" is not set.
+   We send emergency notification emails to root and postmaster @localhost.
+   We notify only the email client when a virus is detected.
+      "extra" is not set.
+   We use the default /bin/mail to send extra notification email when required.
+   We do not check remaining disk space before scanning mail.
+      "bytesfree" is not set
+   We DO NOT have an Anti-Virus program selected, scanner return code, nor
+      regular expression on how to extract a virus name.
+      scannertype=basic
+      "scanner" is not set
+      "viruscode" is not set
+      "virusregexp" is not set
+   We DO NOT have any "Good" return codes set other than "0" (zero).
+      "goodcode" is not set
+   We DO NOT demime the message or separate attachments from the original mail
+      before scanning.
+      "demime" is not set
+   We DO NOT send entire lines of email header while processing to keep the
+      email client "alive". We send characters instead.
+      "broken" is not set.
+   The default timeout is 30 seconds when processing a large email message.
+   We DO NOT check for email marked as "Spam" by your ISP.
+      "ispspam" is not set.
+   We DO NOT check for "Spam".
+      "checkspam/spamcheck" is not set
+   We DO NOT rename attachments.
+      "renattach" is not pointing to any external program.
+   We DO NOT parse HTML code.
+      "overwrite" is not pointing to any external program.
+   We DO NOT have debug messages being displayed.
+      *"debug" is not set.
+      * Note: The recommended debug procedure is to call p3scan as such:
+         p3scan -d > debug 2>&1
+         You can then keep track of the debug messages on another terminal
+        with: tail -n 50 -f debug
+   We report all program steps to syslog less debug info.
+      "quiet" is not set.
+   The Virus Report template defaults to /etc/p3scan/p3scan.mail which is
+      a symlink to /etc/p3scan/p3scan-xx.mail generated during "make install",
+      where xx equals the LANG option set in the Makefile.
+   We do not copy the virus template message for the bash scanner to modify.
+      "altvnmsg" is not set.
+   We generate the Virus Report Subject line as:
+     "[Virus] found in a mail to you:" <virus name>
+     you can change this with the "subject" line in p3scan.conf.
+   We generate the Virus Report file disposition line (when justdelete is set):
+   notify = Per instruction, the message has been deleted.
+   When an outgoing message is rejected, the default of "Virus detected! P3scan
+      rejected message!" is used.
+   Outgoing message size is not checked before parsing.
+   The port for SSL messages is 995.
+   We do not generate Virus Definition data for outgoing/notification messages.
+      "footer" is not set.
+
+.fam T
+.fi
+IP-Tables / Port redirecting:
+.PP
+.nf
+.fam C
+   Rules like:
+
+iptables -t nat -A PREROUTING -p tcp -i eth0 --dport pop3 -j REDIRECT --to 8110
+iptables -t nat -A PREROUTING -p tcp -i eth0 --dport smtp -j REDIRECT --to 8110
+iptables -t nat -A PREROUTING -p tcp -i eth0 --dport pop3s -j REDIRECT --to 8110
+
+   are enough. Change eth0 to your device for the inbound connections (your
+   office or home network).
+
+   Also, "pop3", "smtp", and/or "pop3s" must be defined in your "services" file.
+   Normally locate at: /etc/services.
+
+   If it is not defined, enter the definition you have for 110/tcp. IE: pop-3, or
+   just enter the port number(s). IE: 110, 25, or 995
+
+.fam T
+.fi
+Spam Checking
+.PP
+.nf
+.fam C
+   The spam checking capability of p3scan has only been tested using
+   DSPAM >= 3.0.0-rc2 and Mail::SpamAssassin v2.6 >= v3.0.1
+
+   If using dspam, you need to install the program according to the
+   documentation found at http://www.nuclearelephant.com/projects/dspam/
+
+   The recommended procedure is the virtual-users interface of the mysql
+   driver.
+
+   If you will be scanning for spam using SpamAssassin, you need to install the
+   program according to the documentation found at http://www.spamassassin.org
+
+   The easiest (as fastest) interface to Mail::SpamAssassin is through it's
+   daemon program "spamd" using "spamc".
+
+   You can start spamd as follows before running p3scan:
+   *Note: This example is for using SpamAssassin w/mysql
+   /usr/bin/spamd -d -u spamd -x -q &
+
+.fam T
+.fi
+SSL Message parsing:
+.PP
+.nf
+.fam C
+   We are able to perform limited checking of messages using SSL.
+   To use this feature, you must tell your email client NOT to use SSL and just
+   change the pop3 port from 110 to 995. If p3scan sees a destination port of 995
+   (or whatever port "sslport" is set to) it will initiate an SSL conversation.
+
+   NOTE: This is limited support as p3scan will not show you the SSL certificate
+   and will just accept any certificate as sent by the actual server.
+
+.fam T
+.fi
+renattach:
+Is used to rename attachments and is totally configurable.
+.RS
+.PP
+Renattach must be compiled, installed, and configured before enabling this
+feature. See the renattach documentation INSTALL and README for further
+information.
+.RE
+.PP
+HTML Parsing:
+The HTML parsing option is now an external program to p3scan. This
+facilitates using any program you can find. I have written a separate
+program for this function called p3pmail which can be found on the p3scan
+web site.
+.RS
+.PP
+P3PMail will obfuscate the tags "href" and "src" the two most dangerous
+HTML tags (IMHO) for email. Of course, if your using a non-html email
+client, you will not have to worry about "web-bugs".
+.RE
+.PP
+Startup:
+Call p3scan without any parameters, it will move into the background.
+You can monitor it's operation via your systems log file.
+You should also test your installation by sending yourself an eicar test
+virus (which will not damage your system). You can get versions of this
+file at http://www.eicar.org/anti_virus_test_file.htm
+.RS
+.PP
+If you think too much information is being sent to your system logs, you
+can enable the "quiet" option. This will inhibit "normal" messages.
+.PP
+If p3scan is started by root, it will change it's user to "mail" (default)
+after it finishes it's initial startup.
+.PP
+If you are using Mail::SpamAssassin, start spamd BEFORE running p3scan.
+.RE
+.PP
+RC System / Boot up:
+"make install" should determine the correct p3scan startup file and place it
+in the proper directory.
+.RS
+.PP
+If for some reason this does not happen, you can add p3scan to your normal
+default startup file. For example, in Slackware place p3scan as follows:
+.PP
+# echo "/usr/sbin/p3scan" >> /etc/rc.d/rc.local
+.PP
+and please notify the p3scan-main mailing list of this problem.
+.RE
+.RE
+.PP
+
+.SH SEE ALSO
+"p3scan" "p3scan.conf"
+.PP
+BUGS/SUPPORT
+Please report any bugs to the p3scan support mailing list accessable through:
+http://sourceforge.net/projects/p3scan
+.SH AUTHORS
+Jack S. Lai <laitcg at cox dot net>
+and contributers (see CONTRIBUTERS file).
Index: p3scan-2.3.2/Makefile-ripmime
===================================================================
--- p3scan-2.3.2.orig/Makefile-ripmime	2012-05-21 08:38:32.000000000 -0700
+++ p3scan-2.3.2/Makefile-ripmime	2012-05-21 08:38:32.000000000 -0700
@@ -91,12 +91,12 @@
 install: p3scan
 	$(SYSINS) -v -m 550 --strip p3scan $(PREFIX)/sbin/
 	@if [ -f $(DESTDIR)/etc/sysconfig/init ] ; then $(SYSINS) -v -m 755 p3scan-init.d $(DESTDIR)/etc/init.d/p3scan; fi
-	@if [ -f $(DESTDIR)/etc/rc.d/rc.p3scan ] ; then \
-	   echo "rc.p3scan already exists, copying to $(DESTDIR)/etc/rc.d/rc.p3scan.new" ; \
-	   $(SYSINS) -v -m 660 rc.p3scan $(DESTDIR)/etc/rc.d/rc.p3scan.new ; \
-	else \
-	   $(SYSINS) -v -m 755 rc.p3scan $(DESTDIR)/etc/rc.d ; \
-	fi
+	#@if [ -f $(DESTDIR)/etc/rc.d/rc.p3scan ] ; then \
+	#   echo "rc.p3scan already exists, copying to $(DESTDIR)/etc/rc.d/rc.p3scan.new" ; \
+	#   $(SYSINS) -v -m 660 rc.p3scan $(DESTDIR)/etc/rc.d/rc.p3scan.new ; \
+	#else \
+	#   $(SYSINS) -v -m 755 rc.p3scan $(DESTDIR)/etc/rc.d ; \
+	#fi
 	@if test -d $(DESTDIR)$(piddir); then echo "$(DESTDIR)$(piddir) exists, not creating."; else mkdir -p $(DESTDIR)$(piddir); fi
 	@if test -d $(DESTDIR)$(userdir); then echo "$(DESTDIR)$(userdir) exits, not creating."; \
 	else mkdir -p $(DESTDIR)$(userdir); chown $(user) $(DESTDIR)$(userdir); fi
