Qscanq creates a staging area in which local and remote incoming emails are scanned for viruses. By default, ripmime extracts the attachments from an email, and antivir scans the extracted files, but other apps can easily be substituted, allowing admins to run their preferred virus scanner.
Installation of qscanq involves no patches to qmail; you don't even have to stop your running instance. After installing qscanq, an admin can run install-wrap to atomically substitute qscanq for qmail-queue without stopping qmail. Similarly, the admin can disable scanning by running install-unwrap to atomically restore qmail-queue.
When users submit messages to qmail, qmail-inject (for local users) and qmail-smtpd (for remote users) normally runs qmail-queue. After the admin has run install-wrap, qmail-queue is replaced with a link to qscanq, which is then run instead. Qscanq unpacks the message to a staging area and scans it.
After scanning the message, qscanq runs the original qmail-queue if no virus was detected. If a virus was found, the email is permanently rejected, so it never reaches qmail's queue, and qmail never generates bounce messages. If some error prevents the scan from completing, the message is temporarily rejected, so it will be tried again. A separate process cleans up temporary folders after scanning is complete.
