The MailShield uses shared memory (shm) for storing important run-time information on Unix systems. Because different platforms (or maybe different versions of the same platforms) have different size of shm, it can happen that the shm size is insufficient for the application (for example Solaris 9 have 8MB shm default, and Solaris 8 have 1MB, thus MailShield is unusable on Solaris 8 without setting it higher). It could be important in case of running another programs (e.g: Apache, PostgreSQL) in the system which also use the shm. The MailShield (from version 1.5x) requires approximately 1.5 MByte shm. If it returns the following error message at startup, check out the shm size:
Can't create shared memory segment: 'Invalid argument'

The shm handling/querying is not the same on different systems:

Linux
Use 'ipcs -l' command to get information about shm. With the help of the following sysctls you can set the limits (linux 2.4.26):
kernel.shmmni, kernel.shmall, kernel.shmmax.
The most important of these commands is the last one that sets the maximum size of shm. (for more information see the relating man page: man 8 sysctl)

OpenBSD
Use 'ipcs -M' command to get information about shm. Setting shm size during program running is available only from the version 3.4, below this version you need modify and rebuild the kernel.
3.4 sysctl options:
kern.shminfo.shmmax, kern.shminfo.shmmin, kern.shminfo.shmmni,
kern.shminfo.shmseg, kern.shminfo.shmall
The most important command is the kern.shminfo.shmall that sets the maximum size of shm. (for more information see the relating man page: man 8 sysctl)

Shm problem is announced frequently on this platform because the default shm size setting is 8 MByte.

FreeBSD
Use 'ipcs -M' command to get information about shm. The following sysctls modifies the shm size during program running:
kern.ipc.shmmax, kern.ipc.shmmin, kern.ipc.shmmni, kern.ipc.shmseg,
kern.ipc.shmall, kern.ipc.shm_use_phys

Solaris
Use the following command to get information about shm:
/usr/sbin/sysdef |grep SHM
The most important information is the size of SHMMAX. If it is less than 8388608 (8M) it must be increased as follows:

1. Insert/modify the following line into the /etc/system file:
set shmsys:shminfo_shmmax = 8388608
2. Restart computer. The sysdef command has to return the new SHMMAX value.

AIX
The AIX version 4.3 has 256 MByte shm. Higher versions have 2 GByte so there will not be problem with shm size on this system.

Query shm size allocated by MailShield

Use the 'ipcs' command to list allocated shm segments. The shm segment using by MailShield could be identified by its key (KEY column).
The key value is different by operating systems:
Linux, Solaris, AIX: 0x56424d53
FreeBSD, OpenBSD: 1447185747

If shm segment record with the mentioned keys could be found on the list and MailShield is not running, this segment must be deleted before running MailShield. Use the 'ipcrm' program to do it. Its parameters are not the same on different operating systems, see the man file of ipcrm for the actual parameters ('man ipcrm').

You should use the vbspool.sh program of the VBMailShield package to send out a mail from that directories. Basically, the program works as moves the required mail into the /var/spool/vbmailshield/ then the MailShield sends it out.

- Enter the required mail's directory (failed, resend or quarantine)
- Enter the "vbspool.sh list" command (or "vbspool.sh details" command if you want more detailed information)
- You should specify the required mail's ID after the "vbspool.sh send" command. It can be found in the first column of the displayed lines.
E.g: "vbspool.sh send 2B6D1AAC3"

If you get one of the following error messages:
hook [1234]:Can't create semaphore set: 'Invalid argument'
hook [1234]:Can't create shared memory segment: 'Invalid argument'

then stop the MailShield (entering "vbmailshield stop" command) and enter the following commands:

on Linux:
ipcrm sem `ipcs -s | grep 0x56424d53 | awk '{print }'`
ipcrm shm `ipcs -m | grep 0x56424d53 | awk '{print }'`

on Solaris:
ipcrm -M 0x56424d53
ipcrm -S 0x56424d53

on FreeBSD:
ipcrm -M 1447185747
ipcrm -S 1447185747

and restart MailShield!

Any number of templates can be set in the configuration file. But consider, that every new template must include all the existed templates (virusfilter, filefilter, etc.) defined in the default.

for example - somebody/one of the domains will not be protected by the VirusBuster MailShield:

[rules]
somebody@somewhere.com; *; passthrough;
*something.com; *; passthrough;

for example - somebody/one of the domains will be filtered according to file filter:

[template ffilteruser] virusfilter
messages = virusfilter_notify_sender_eng; virusfilter_notify_admin;
enable = yes

[template ffilteruser] filefilter
messages = filefilter_notify_sender_eng; filefilter_notify_admin;
enable = yes

[template ffilteruser] filegate
messages = filefilter_notify_sender_eng; filefilter_notify_admin
enable = no

[template ffilteruser] subjectfilter
messages = subjectfilter_notify_admin;
enable = no

[rules]
somebody@somewhere.com; *; ffilteruser;
*something.com; *; ffilteruser;

This is because a program reserves the port which is necessary for VirusBuster MailShield, too. It is possible that your old MTA's (sendmail, qmail, exim, portfix, etc.) port is not changed and it is still being attached to it.
For more information see the VirusBuster MailShield documentation (in mailservers-help file).

You can find the program which reserve the SMTP port 25 by this command:

"netstat -ap | grep :smtp" (or "netstat -ap | grep :25")

for example:

# netstat -ap | grep :smtp
tcp 0 0 *:smtp *:* LISTEN 7141/sendmail

In this case sendmail is reserving the port.

Unpack the downloaded package, for example:
tar -zxf vbmailshield-1.16.019-linux-i386-libc6.tgz

Stop the running MailShield:
vbmailshield stop

Uninstall the previous version:
vbmailshield-uninstall.pl

Install the new version (when you are asked if you want to use the old config, say: yes):
vbmailshield-install.pl (you must be in the root of the package)

Execute new MailShield:
vbmailshield start

Set the "action=delete mail" option in the "[template default] virusfilter" section of vbmailshield.conf file.

Attention! If you use this setting, all the mails will be deleted containing not only IWorms but any type of viruses.

First you have to update your VirusBuster MailShield for SMTP program up to 1.16.017 or newer version then insert the following line into the "[template default] virusfilter" section of the configuration file:

check-encrypted-archives = yes

This setting effects that the MailShield handles all the password protected archives as viruses so the virusfilter settings will be performed on them.

It returns 'connection refused' message. How can I solve this problem?

There are 2 ways to solve this problem:

1. (communication between Virusbuster MailShield for SMTP and Exim)
- Set smtp entry in /etc/services file: smtp 25/tcp mail
- Set daemon_smtp_port in exim.conf file: daemon_smtp_port = (default: 2525)

2. (in case of an Exim problem)
When sending e-mails to another domain, Exim uses the "remote_smtp" transporter, which has only one official parameter: driver = smtp. In this case, the smtp port number is specified in the /etc/services file. If the "port = 25" parameter is specified, it will use port 25 automatically.

Change the 'default-input = hostname:port' setting to the needed value in vbmailshield.conf configuration file.

Yes, you can by the help of command line scanner but if the mail's attachment contains any archives file then it is not able to remove viruses (in the 1.x versions).

Nowadays new viruses and virus incidents have been found by days or sometimes by hours.
The suggested period of updating virus database of MailShield is 1 hour.

By default VirusBuster MailShield for SMTP does not update its database, automatic updates can be set in cron and vbupdate.sh.

If the database is reloaded you can find information about this operation in the log entry on log level 1, but this entry doesn't include the version number of the database.
Example: < 1>: Engine ReInit successfull.

The Virusbuster MailShield for SMTP with VBEngine 3.0 only scans in .zip and .arj archives.

Yes, but Virusbuster MailShield for SMTP has only incoming mails because the Virusbuster MailShield for SMTP can’t deliver mails.

You can find the mails in the /var/spool/VirusbusterVirusbuster MailShield for SMTP directory.

If you have an automatic error handling mechanism, it is suggested using the "auto-relaying" option of Virusbuster MailShield for SMTP which can be a solution if the hook is malfunctioning.

Can MailShield be used as a "content-filter" of other mailer servers so that it is not need to be placed in front of the MTA?

Actually we do not plan intergrating this feature into MailShield, but these configuration settings may solve your problem:

/etc/postfix/main.cf
content_filter = mailfilter:[127.0.0.1]:10025

/etc/postfix/master.cf

mailfilter unix - - n - 2 smtp
-o smtp_data_done_timeout=1200
-o disable_dns_lookups=yes

127.0.0.1:10026 inet n - n - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_banner =
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o strict_rfc821_envelopes=yes

and vbMailShield.conf
default-input = localhost:10025

[target]

default = localhost:10026

If this configuration is not working properly, please try using and interface alias, for example eth0:0 with an other ip for example 10.1.1.1 and in /etc/hosts file insert the previous ip with with another machine name.

If you receive the following error message, the problem is the size of the shared memory:

In this case the solution is to make a kernel with the following option:

You can use the vdbupdate.sh script which can be found in the /bin directory of the installation package. The script saves the current virus database and downloads the latest one from our FTP server, then it tries to reload the database under MailShield with the "vbmailshield vdbreload" command.
If the downloaded database is damaged it will use the original one.

In case of manual updates you can download our virus database from our website in zip format or the extracted one from our FTP server /pub/vbuster/vdb.7 directory.
After download the - extracted - vbuster.vdb file has to be copied into the /user/lib/vbmailshield directory, by overwriting the old database. Once this has been done you can upload the new database under MailShield with the vdbreload comand.

Rename the files to begin with A2, then stop the MailShield program with the vbmailshield stop command and restart it with the vbmailshield start command.

If you only want to empty the spool then use the vbmailshield hook clean switch to forward the content without any checking.