Documentation | News | Download | Feedback and Support | Project Information
EmScan - scanning incoming mail for viruses
External router for VPOP3, using command line virus scanners
Hosted by 
You use EmScan to scan incoming POP3 email for viruses. EmScan will function as an external router with the VPOP3 mailserver. Virus scanning can be done with any virus checker that supports a command line. Currently EmScan works with using Grisoft's AVG and Computer Associate's eTrust EZ Antivirus (formally InoculateIT).
To use EmScan "out of the box" you must be running VPOP3. You must collect your email via POP3 (not SMTP). EmScan is for Windows 95 or later. EmScan has been tested on Windows 95, Windows 98 and Windows XP Home Edition. I have no reason to expect it wouldn't work on Windows ME, Windows 2000 or Windows XP Professional Edition but I have not tested it.
- Does EmScan check all mail for viruses that VPOP3 collects even if it does not have an attachment?
Yes. So this covers Javascript and other embedded viruses in HTML formatted mail messages. EmScan will pick up anything that AVG would pick up. Since AVG has it's own email scanner, this means AVG is already aware of viruses that are not attachments and so AVG (and hence EmScan) does pick them up.
- What is a good way to test that I have installed the program correctly (as I
don't want to wait until i get a virus and find it is too late!)?
Send yourself the eicar virus test file. Make sure that this mail message actually comes in through your POP3 mailbox - sending the message locally will probably not work because VPOP3 will just route the message locally without going through your ISP. You can send yourself the Eicar virus test file from this web site.
- Can you tell me if you need to disable any of the resident shields?
Not since version 1.2. I keep resident shield off because the only incoming source of viruses I have is email, I like to leave the computer running unattended (and resident shield waits for a response) and I don't like the way resident shield slows down my (already slow) computer.
- I get a message from the VPOP3 housekeeper reporting a problem running an external router. The Windows error code returned was 87.
This is an uncommon problem and a known fault with VPOP3 running external routers under Windows 2000 (and probably other versions). All the recipients of the mail message (not just local recipients) are stored in 'environment variables'. If a messages has many names (typically over 300) on the TO or CC line, then there is not enough environment space to store all these names. The effect of this is that the message is not scanned for viruses but is delivered. There is a fix for this in version 1.5.6 which provides an option to suppress storage of all (raw) recipients in the environment variables. You can use this registry file to make the change or you can edit the registry manually:
[HKEY_LOCAL_MACHINE\SOFTWARE\PaulSmith\VPOP3\Extensions]
"AddRawRecipientsToExternalRouter"=dword:00000000
Download and unzip the latest version and run setup.exe
How to install as an external router in VPOP3
- Place the file emscan.exe into your VPOP3 programme folder (usually c:\program files\vpop3)
- Make changes to VPOP3
You can either use this registry file or you can do it manually:
- In the settings for VPOP3 click on the Misc tab and click on Define VPOP3 Extensions (this will vary slightly in different versions of VPOP3 - you are looking for an external router setting).
- For external router enter emscan.exe, tick Ignore Return code, tick Hide and set a timeout of 480 seconds (this time needs to be long enough for the virus checker to scan the file so it depends on file size and computer speed - 480 seconds is very generous and allows an email containing several large Word documents (for example) to be scanned. In the worst case of a timeout, the mail is still delivered but unscanned, and a warning message is sent to the VPOP3 mail administrator.
- Add mappings - infected should map to someone to handle virus infected email (you can map this to noone so the mail is simply deleted). Optionally add banned to map to someone to handle banned attachments (you can redirect various file attachments in this way, eg all .exe attachments)
EmScan will attempt to configure itself based on assumed defaults (that AVG and VPOP3 are installed in their default folders under Program Files on drive C). If EmScan can't find these programmes it will display the configuration screen. You can also bring up this screen by double clicking on EmScan.
You can adjust settings as follow:
- Scan incoming emails for viruses. If unticked then only the "ban attachments" option will work.
- Scan all file types or only types listed - the default list is supposed to contain all file types that can carry an infection. But new software (or special software you have) and changes to Windows changes this list. Scan all file types is safer.
- You can add to the list of file types to scan, and you can add file types to ban - you can only ban file types that you have also chosen to scan
- Email path is the location of VPOP3 eg c:\program files\vpop3
- Send virus notification to the intended recipient - if you choose this option the original, infected email is not sent to the infected user mapping. Instead an email with the original headers (subject, sender, date, etc) is sent to the intended recipient(s) with a note stating that access to the email has been blocked and giving details on the virus. If you choose this option then you also need to enter the SMTP server and SMTP port. These would normally be 127.0.0.1 and 25 respectively. Yes, you could direct virus notifications to another SMTP server, but because the virus notifications are sent to the original intended recipient(s) the alternative SMTP server must also accept the same recipients.
- Debug level. If this is set to a number between 1 and 5, then the program logs it's activity in the file EmScan.log. This log file will be archive each month using the month number as an extension (so February's log file will be archived is emscan.2). This gives you up to 12 months of log files. The higher the number, the more information is recorded. Debug level 5 records detailed information about each mail message and will cause your log file to grow very quickly. It is not recommended that you leave debug level set at 5 except for specific testing purposes.
A change log tells you what has changed from each version
Version 1.61
- Include eminstall.reg file for automating setting EmScan as an external router in VPOP3 and suppressing raw recipient information being passed on to external routers. The programme itself is unchange from version 1.6
Version 1.6
- Add support for Grisoft's AVG 7 (currently in beta)
Version 1.5
- Make sure virus notification is correctly formatted when the original mail message is not plain text
Version 1.4
- Bug fix: EmScan would enter configuration mode if it couldn't find an email to process as a VPOP3 external router. Sometimes this would happen during general operations. A blank message? Now check for VPOP3 environment variables to determine whether we are invokled as an external router, or as a stand alone program (which triggers configuration mode).
- Changed log file name extension to .log (from .txt) and added monthly archiving of log files
Version 1.3
- Delete temporary files immediately after processing the email (rather than when the next email is processed).
- Store all file names as .ZIP (rather than the designated extension). AVG will still correctly scan such files, and saving as .ZIP avoids triggering the resident shield (real-time virus scanner)
Version 1.2
- Now gives you the option of having an infected email sent to either the INFECTED user/mapping (as per version 1.0) or else a notification to intended recipient. The notification consists of the original email headers (rather than the entire message) and also which virus was detected. Notification is now the default option.
- Stores temporary files in folder _qtine under the main VPOP3 folder, rather than q_tine
Version 1.1
- Bug fix: Incorrectly terminated processing message headers when a header lined was terminated by a rather than a simple .
Version 1.0
- Added support for AVG
- Dropped public support for InoculateIT (this could be added back if there is demand for it
Version 0.9
EmScan version 1.6, Copyright (C) 2003 Wayne McDougall
EmScan comes with ABSOLUTELY NO WARRANTY; for details read GPL.txt
This is free software, and you are welcome to redistribute it under certain conditions;
read GPL.txt for details.
My thanks to Geoff Lane who identified the bug fixed in version 1.1. And if you're looking for a freelance technical writer, I found Geoff Lane to be intelligent, knowledgeable and patience and a pleasure to deal with. He works mainly for the software and IT industries on fairly technical stuff. His role usually includes some testing and bug reporting. He's also done some development work (database-driven websites, VBA, etc.) http://www.gjctech.co.uk
My thanks to Michael Foreman, distrbutor of AVG in the UK, for suggesting and testing updates and fixes includes in version 1.2 to 1.5. http://www.f1services.co.uk
You can download the latest file releases from the project summary page
You can check out the latest source code in development using CVS
This website and these services are kindly provided by Sourceforge.Net. You can acces all these services, and more, at the EmScan Project Summary Page. If you want to post a message or join a mailing list, you need to login to Sourceforge.Net. If you are not an existing member you can create a new account for free.
You can read any news about EmScan. We report on new versions and anything that may affect your use of EmScan. You can add your own comments to news items if you login.
There are web-based discussion forums where you can ask for help or just have a general discussion about EmScan. You can read all the messages but to post your own message, you need to login.
If you prefer email, you can join a mailing list
You can report any bugs, ask for help or request new features in the online tracking system