cutemeli/server
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

hilfe mein git ist komisch

Browse Source
This commit is contained in:
cutemeli
2026-01-08 18:34:49 +01:00
parent 710537a25d
commit b2d2dce845
4644 changed files with 94994 additions and 1763 deletions
Download Patch File Download Diff File Expand all files Collapse all files

462
etc/drweb/drweb_handler.conf Normal file
View File

@@ -0,0 +1,462 @@
#
# Configuration file for Plesk Premium Antivirus Filters
# $Revision: 1.70 $
#
#########################
# Communication section #
#########################
[DaemonCommunication]
# Definition of daemon's addresses separated by `,' and given
# in a special form {FAMILY}:{ADDRESS}
# where FAMILY is one of:
# inet - TCP/IP socket used`,' then {ADDRESS} is {PORT}@{HOST}
# local - UNIX socket used`,' then {ADDRESS} is {SOCKETFILE}
# pid - get daemon address from pidfile`,' then {ADDRESS} is {PIDFILE}
# Examples:
# Address = inet:3000@localhost
# Address = local:/usr/local/drweb/run/drwebd.skt
# Address = pid:/usr/local/drweb/run/drwebd.pid
# Address = pid:/var/drweb/run/drwebd.pid`,' inet:3000@backup_server.example.com
Address = inet:3000@localhost
# Enable/disable caching of the resolved daemon host
# (useful only if daemon uses TCP/IP communications)
Cache = yes
# Timeout for the whole scanning session (seconds)
Timeout = 120
# Set/unset socket option TCP_NODELAY
# (Do not set this option if you have not network problem)
UseTcpNodelay = no
########################
# Scan options section #
########################
[Scanning]
# Enable or disable heuristic analyzer in virus-finding engine (on/off)
HeuristicAnalysis = on
# Strip the smallest prefix containing StripPath leading slashes
# NOTE: This option works same as the -p parameter in patch utility
# StripPath = 2
# Path that prefixes scan paths. Applied to path processed by StripPath.
# NOTE: PrefixPath MUST NOT end with a slash (/)
# PrefixPath = /sandbox/mail
# Include DrWeb report to notifications into $REPORT$
# or as a separate macros $DAEMON_REPORT$ (yes/no)
IncludeReport = yes
# Include DrWeb extended codes to notifications into $REPORT$
# or as a separate macros $SCAN_STAT$ (yes/no)
IncludeStats = yes
# Max size of the report that will be created if IncludeReport is "yes",
# Specify 0 for the non-restrictable size, but it's a bad idea - report can
# grow to Mbytes for nested archives
ReportMaxSize = 8192
# Enable or disable local scanning mode (see daemon documentation) (yes/no)
# LocalScan affects only connection with first daemon in the Address list
# If enabled then spool directory must be readable (writable for EVAL key)
# for drwebd process (see drweb32.ini option User)
LocalScan = yes
# Enable or disable daemon rule filter (on/off)
RuleFilter = on
# Set rule to deny scanning by addresses:
# * byAll - deny if all addresses (sender and recipients) are denied in DenyList
# (obsolete DenyOnOne = no)
# * byOne - deny if only one address (sender or recipient) is denied in DenyList
# (obsolete DenyOnOne = yes)
# * bySender - deny if sender's address is denied (recipients are not checked)
# * bySenderAndOneRecipient - deny if sender's and one of the recipient's addresses
# are denied in DenyList
# * byOneRecipient - deny if one of the recipient's addresses are denied in DenyList
# (sender address is not checked)
# * byAllRecipients - deny if all of the recipient's addresses are denied in DenyList
# (sender's address is not checked)
DenyMode = byAllRecipients
# Set deny(yes)/allow(no) scanning for addresses
# which were not found in DenyList (see below)
DenyByDefault = no
# List with rules for users or domains to block scanning
DenyList = /etc/drweb/users.conf
# Directory used to store temporary files
Spool = /var/spool/drweb/spool
# Permissions for created spool files
SpoolFilesMode = 0664
# Naming convention for spool files
# * Std - standard, using mkstemp (template: drweb.tmp.XXXXXX)
# * Tai - use TAI format template (template: %sec.%usec.drweb.tmp.XXXXXX)
# * Rand48 - using exclusive open and lrand48 (template: drweb.tmp.XXXXXXXX)
SpoolFilenamesMode = Std
# Prefix for the spool filename (%{Spool}/%{SpoolFilenamesPrefix}XXXXXX)
SpoolFilenamesPrefix = drweb.tmp.
###################
# Actions section #
###################
[Actions]
# ---------------------------------------------------------------------------
# NOTES:
#
# 1) If you don't use quarantine action for some reason, please check
# appropriate notification message templates. If needed, remove text specifying
# the location where the original message is saved.
#
# 2) Disinfected message should be repacked if you use "cure" or "remove" actions.
# If the repacking procedure fails, then CureFail action should be applied.
# Incurable and CureFail actions will never be used if you do not use
# "cure" action for Infected.
# ---------------------------------------------------------------------------
#
# The action taken if an object was not checked by license limitations.
# Actions:
# pass - pass such messages
# reject - reject such messages with permanent error
# tempfail - reject such message with temporary error
LicenseLimit = pass
# Infected means that a message is infected with one of the known virus
# Actions:
# cure - cure infected attachment(s) and generate cleaned message
# remove - remove infected attachment(s) and generate cleaned message
# quarantine - move such messages to quarantine and discard
# (or reject if discard does not supported)
# redirect - redirect to RedirectMail and discard message
# (or reject if discard does not supported)
# discard - discard such messages
# reject - reject such messages with permanent error
Infected = quarantine
# Suspicious means that a message is possibly infected with one of the new virus
# it may be a false alarm (can occur if HeuristicAnalysis is on only)
# Actions:
# pass - pass such messages
# quarantine - move such messages to quarantine and discard
# (or reject if discard does not supported)
# redirect - redirect to RedirectMail and discard message
# (or reject if discard does not supported)
# discard - discard such messages
# reject - reject such messages with permanent error
Suspicious = quarantine
# Incurable means that a message contains infected attachment(s)
# which cannot be cured.
# This action is applied only if Infected = cure
# Actions:
# remove - remove infected attachment(s) and generate cleaned message
# quarantine - move such messages to quarantine and discard
# (or reject if discard does not supported)
# redirect - redirect to RedirectMail and discard message
# (or reject if discard does not supported)
# discard - discard such messages
# reject - reject such messages with permanent error
Incurable = quarantine
# CureFail means that daemon failed to cure (remove) files
# or generated cleaned message
# Actions:
# quarantine - move such messages to quarantine and discard
# (or reject if discard does not supported)
# redirect - redirect to RedirectMail and discard message
# (or reject if discard does not supported)
# discard - discard such messages
# reject - reject such messages with permanent error
CureFail = quarantine
# RuleFilterAlert - means that the message matches FiltersRule in drweb32.ini
# possible only if RuleFilter = on
# Actions:
# discard - discard such messages
# quarantine - move such messages to quarantine and discard
# (or reject if discard does not supported)
# redirect - redirect to RedirectMail and discard message
# (or reject if discard does not supported)
# reject - reject such messages with permanent error
RuleFilterAlert = reject
# Adware means that a message contains an advertizing program.
# Actions:
# pass - pass such messages
# quarantine - move such messages to quarantine and discard
# (or reject if discard does not supported)
# redirect - redirect to RedirectMail and discard message
# (or reject if discard does not supported)
# discard - discard such messages
# reject - reject such messages with permanent error
Adware = quarantine
# Dialer means that a message contains a dialer program that usually is
# used by porno sites.
# Actions:
# pass - pass such messages
# quarantine - move such messages to quarantine and discard
# (or reject if discard does not supported)
# redirect - redirect to RedirectMail and discard message
# (or reject if discard does not supported)
# discard - discard such messages
# reject - reject such messages with permanent error
Dialers = quarantine
# Joke means that a message contains a joke program (hoax).
# Actions:
# pass - pass such messages
# quarantine - move such messages to quarantine and discard
# (or reject if discard does not supported)
# redirect - redirect to RedirectMail and discard message
# (or reject if discard does not supported)
# discard - discard such messages
# reject - reject such messages with permanent error
Jokes = quarantine
# Riskware means that a message contains a potentially dangerous software.
# Actions:
# pass - pass such messages
# quarantine - move such messages to quarantine and discard
# (or reject if discard does not supported)
# redirect - redirect to RedirectMail and discard message
# (or reject if discard does not supported)
# discard - discard such messages
# reject - reject such messages with permanent error
Riskware = quarantine
# Hacktool means that a message contains an intrusion tool.
# Actions:
# pass - pass such messages
# quarantine - move such messages to quarantine and discard
# (or reject if discard does not supported)
# redirect - redirect to RedirectMail and discard message
# (or reject if discard does not supported)
# discard - discard such messages
# reject - reject such messages with permanent error
Hacktools = quarantine
# EmptyFrom means that SMTP session was initiated with empty envelope From:
# used for mail notifications (reports) and by spammers
# Actions:
# continue - continue processing such messages
#
# ATTENTION: Your MTA would not be RFC-compliant if you set up
# non-continue action and can be banned by www.rfc-ignorant.org site.
# "The MTA MUST accept messages with <> sender."
# (rfc-2505 see 2.6.1)
#
# discard - discard such messages
# reject - reject such messages with permanent error
EmptyFrom = continue
# SkipObject means that daemon found an object that cannot be checked:
# password protected archive, broken archive, sym-link,
# non regular file, timeout
# (see SocketTimeout and FileTimeout in drweb32.ini).
# Actions:
# pass - pass such messages
# quarantine - move such messages to quarantine and discard
# (or reject if discard does not supported)
# redirect - redirect to RedirectMail and discard message
# (or reject if discard does not supported)
# reject - reject such messages with permanent error
SkipObject = pass
# ArchiveRestriction means that daemon found an object in archive with
# compression ratio exceeding MaxCompressionRation, size of object is greater
# than MaxFileSizeToExtract or level of nested archive is greater
# than MaxArchiveLevel from drweb32.ini
# Actions:
# pass - pass such messages
# quarantine - move such messages to quarantine and discard
# (or reject if discard does not supported)
# redirect - redirect to RedirectMail and discard message
# (or reject if discard does not supported)
# reject - reject such messages with permanent error
ArchiveRestriction = quarantine
# ScanningErrors means that daemon fails to scan current object. Example of
# cases: no memory, cannot read file for check (no permissions).
# Actions:
# pass - pass such messages
# quarantine - move such messages to quarantine and discard
# (or reject if discard does not supported)
# redirect - redirect to RedirectMail and discard message
# (or reject if discard does not supported)
# reject - reject such messages with permanent error
# tempfail - reject such message with temporary error
ScanningErrors = quarantine
# ProcessingErrors means errors in proxy-client: no memory, misconfigured,
# timeout on communication with daemon and etc.
# Actions:
# pass - pass such messages
# quarantine - move such messages to quarantine and discard
# (or reject if discard does not supported)
# reject - reject such messages with permanent error
# tempfail - reject such message with temporary error
ProcessingErrors = reject
# PassEmptyFromIfNoDaemon - if this parameter is set to yes, then messages from
# <> would be passed if filter cannot connect to
# daemon and ProcessingErrors is set to "reject"
PassEmptyFromIfNoDaemon = no
# Admin mail address (should be qualified)
AdminMail = postmaster
# Mail address for redirect action (should be qualified)
RedirectMail = postmaster
# Filter address to be used in From: (should be qualified)
FilterMail = DrWEB-DAEMON
# List of unnotificable viruses
UnnotificableVirusesList = /etc/drweb/viruses.conf
# List of unnotificable addresses
UnnotificableAddressesList = /etc/drweb/addresses.conf
# Quarantine directory.
# The infected files could be moved in that dir
# if you leave this field empty or commented out then
# infected messages will not be stored
Quarantine = /var/spool/drweb/infected
# Permissions for quarantined files
QuarantineFilesMode = 0660
# Naming convention for spool files
# * Std - using mkstemp (template: drweb.quarantine.XXXXXX)
# * Tai - use TAI format (template: %sec.%usec.drweb.quarantine.XXXXXX)
# * Rand48 - using lrand48 (template: drweb.quarantine.XXXXXXXX)
QuarantineFilenamesMode = Std
# Prefix for spool filename (%{Quarantine}/%{QuarantineFilenamesPrefix}XXXXXX)
QuarantineFilenamesPrefix = drweb.quarantine.
#########################
# Notifications section #
#########################
[VirusNotifications]
# Enable or disable sending notifications to persons (yes/no)
SenderNotify = yes
AdminNotify = yes
RcptsNotify = yes
# Files with notification templates
SenderTemplate = /etc/drweb/templates/en/sender_virus.msg
AdminTemplate = /etc/drweb/templates/en/admin_virus.msg
RcptsTemplate = /etc/drweb/templates/en/rcpts_virus.msg
[MalwareNotifications]
# Enable or disable sending notifications to persons (yes/no)
SenderNotify = yes
AdminNotify = yes
RcptsNotify = yes
# Files with notification templates
SenderTemplate = /etc/drweb/templates/en/sender_malware.msg
AdminTemplate = /etc/drweb/templates/en/admin_malware.msg
RcptsTemplate = /etc/drweb/templates/en/rcpts_malware.msg
[CuredNotifications]
SenderNotify = yes
AdminNotify = yes
SenderTemplate = /etc/drweb/templates/en/sender_cured.msg
AdminTemplate = /etc/drweb/templates/en/admin_cured.msg
[SkipNotifications]
SenderNotify = yes
AdminNotify = no
RcptsNotify = no
SenderTemplate = /etc/drweb/templates/en/sender_skip.msg
AdminTemplate =
RcptsTemplate =
[ArchiveRestrictionNotifications]
SenderNotify = yes
AdminNotify = yes
RcptsNotify = no
SenderTemplate = /etc/drweb/templates/en/sender_archive.msg
AdminTemplate = /etc/drweb/templates/en/admin_archive.msg
RcptsTemplate =
[ErrorNotifications]
SenderNotify = yes
AdminNotify = yes
RcptsNotify = no
SenderTemplate = /etc/drweb/templates/en/sender_error.msg
AdminTemplate = /etc/drweb/templates/en/admin_error.msg
RcptsTemplate =
[RuleFilterNotifications]
SenderNotify = no
AdminNotify = yes
RcptsNotify = no
SenderTemplate =
AdminTemplate = /etc/drweb/templates/en/admin_rule.msg
RcptsTemplate =
[LicenseLimitNotifications]
AdminNotify = no
AdminTemplate = /etc/drweb/templates/en/admin_license.msg
###################
# Logging section #
###################
[Logging]
# Logging detalization ( Quiet, Errors, Alerts, Info, Verbose, Debug )
Level = Info
# Facility used for logging to syslog ( Daemon, Mail, Local0..7 )
SyslogFacility = Mail
# Priority used for logging to syslog ( Debug, Info, Notice, Alert )
SyslogPriority = Info
################################
# Mail system settings section #
################################
[Mailer]
# Name of the mail system
MailSystem = QMail
# Submission program (used to send notifications) called as
# ${Sendmail} ${SendmailArgs} ${DefaultArgs} -f ${Sender} -- ${Recipients}
# and message has been written to stdin of submission program
Sendmail = /usr/sbin/sendmail
# Additional (to default) arguments for submission program
# Default arguments:
# Qmail: no args
# Exim: -i -bm -oMr drweb_scanned
# Others: -i -bm
# Examples:
# SendmailArgs = "-FUserName"
#
# SendmailArgs = ""
# qmail-queue program path
QmailQueue =
################################
# Mail system settings section #
################################
[Agent]
# Definition of agent's address. Agent is used for collecting statistic
# from mail filters and sending it to stat.drweb.com.
# Note: FAMILY pid is not valid
# Agent should be started before mail filter.
#Address = inet:3003@localhost
# Timeout for the whole session (seconds)
#Timeout = 10