463 lines
17 KiB
Plaintext
463 lines
17 KiB
Plaintext
#
|
|
# Configuration file for Plesk Premium Antivirus Filters
|
|
# $Revision: 1.70 $
|
|
#
|
|
|
|
#########################
|
|
# Communication section #
|
|
#########################
|
|
[DaemonCommunication]
|
|
# Definition of daemon's addresses separated by `,' and given
|
|
# in a special form {FAMILY}:{ADDRESS}
|
|
# where FAMILY is one of:
|
|
# inet - TCP/IP socket used`,' then {ADDRESS} is {PORT}@{HOST}
|
|
# local - UNIX socket used`,' then {ADDRESS} is {SOCKETFILE}
|
|
# pid - get daemon address from pidfile`,' then {ADDRESS} is {PIDFILE}
|
|
# Examples:
|
|
# Address = inet:3000@localhost
|
|
# Address = local:/usr/local/drweb/run/drwebd.skt
|
|
# Address = pid:/usr/local/drweb/run/drwebd.pid
|
|
# Address = pid:/var/drweb/run/drwebd.pid`,' inet:3000@backup_server.example.com
|
|
Address = inet:3000@localhost
|
|
|
|
# Enable/disable caching of the resolved daemon host
|
|
# (useful only if daemon uses TCP/IP communications)
|
|
Cache = yes
|
|
|
|
# Timeout for the whole scanning session (seconds)
|
|
Timeout = 120
|
|
|
|
# Set/unset socket option TCP_NODELAY
|
|
# (Do not set this option if you have not network problem)
|
|
UseTcpNodelay = no
|
|
|
|
########################
|
|
# Scan options section #
|
|
########################
|
|
[Scanning]
|
|
# Enable or disable heuristic analyzer in virus-finding engine (on/off)
|
|
HeuristicAnalysis = on
|
|
|
|
# Strip the smallest prefix containing StripPath leading slashes
|
|
# NOTE: This option works same as the -p parameter in patch utility
|
|
# StripPath = 2
|
|
|
|
# Path that prefixes scan paths. Applied to path processed by StripPath.
|
|
# NOTE: PrefixPath MUST NOT end with a slash (/)
|
|
# PrefixPath = /sandbox/mail
|
|
|
|
# Include DrWeb report to notifications into $REPORT$
|
|
# or as a separate macros $DAEMON_REPORT$ (yes/no)
|
|
IncludeReport = yes
|
|
|
|
# Include DrWeb extended codes to notifications into $REPORT$
|
|
# or as a separate macros $SCAN_STAT$ (yes/no)
|
|
IncludeStats = yes
|
|
|
|
# Max size of the report that will be created if IncludeReport is "yes",
|
|
# Specify 0 for the non-restrictable size, but it's a bad idea - report can
|
|
# grow to Mbytes for nested archives
|
|
ReportMaxSize = 8192
|
|
|
|
# Enable or disable local scanning mode (see daemon documentation) (yes/no)
|
|
# LocalScan affects only connection with first daemon in the Address list
|
|
# If enabled then spool directory must be readable (writable for EVAL key)
|
|
# for drwebd process (see drweb32.ini option User)
|
|
LocalScan = yes
|
|
|
|
# Enable or disable daemon rule filter (on/off)
|
|
RuleFilter = on
|
|
|
|
# Set rule to deny scanning by addresses:
|
|
# * byAll - deny if all addresses (sender and recipients) are denied in DenyList
|
|
# (obsolete DenyOnOne = no)
|
|
# * byOne - deny if only one address (sender or recipient) is denied in DenyList
|
|
# (obsolete DenyOnOne = yes)
|
|
# * bySender - deny if sender's address is denied (recipients are not checked)
|
|
# * bySenderAndOneRecipient - deny if sender's and one of the recipient's addresses
|
|
# are denied in DenyList
|
|
# * byOneRecipient - deny if one of the recipient's addresses are denied in DenyList
|
|
# (sender address is not checked)
|
|
# * byAllRecipients - deny if all of the recipient's addresses are denied in DenyList
|
|
# (sender's address is not checked)
|
|
DenyMode = byAllRecipients
|
|
|
|
# Set deny(yes)/allow(no) scanning for addresses
|
|
# which were not found in DenyList (see below)
|
|
DenyByDefault = no
|
|
|
|
# List with rules for users or domains to block scanning
|
|
DenyList = /etc/drweb/users.conf
|
|
|
|
# Directory used to store temporary files
|
|
Spool = /var/spool/drweb/spool
|
|
|
|
# Permissions for created spool files
|
|
SpoolFilesMode = 0664
|
|
|
|
# Naming convention for spool files
|
|
# * Std - standard, using mkstemp (template: drweb.tmp.XXXXXX)
|
|
# * Tai - use TAI format template (template: %sec.%usec.drweb.tmp.XXXXXX)
|
|
# * Rand48 - using exclusive open and lrand48 (template: drweb.tmp.XXXXXXXX)
|
|
SpoolFilenamesMode = Std
|
|
|
|
# Prefix for the spool filename (%{Spool}/%{SpoolFilenamesPrefix}XXXXXX)
|
|
SpoolFilenamesPrefix = drweb.tmp.
|
|
|
|
###################
|
|
# Actions section #
|
|
###################
|
|
[Actions]
|
|
# ---------------------------------------------------------------------------
|
|
# NOTES:
|
|
#
|
|
# 1) If you don't use quarantine action for some reason, please check
|
|
# appropriate notification message templates. If needed, remove text specifying
|
|
# the location where the original message is saved.
|
|
#
|
|
# 2) Disinfected message should be repacked if you use "cure" or "remove" actions.
|
|
# If the repacking procedure fails, then CureFail action should be applied.
|
|
# Incurable and CureFail actions will never be used if you do not use
|
|
# "cure" action for Infected.
|
|
# ---------------------------------------------------------------------------
|
|
#
|
|
# The action taken if an object was not checked by license limitations.
|
|
# Actions:
|
|
# pass - pass such messages
|
|
# reject - reject such messages with permanent error
|
|
# tempfail - reject such message with temporary error
|
|
LicenseLimit = pass
|
|
|
|
# Infected means that a message is infected with one of the known virus
|
|
# Actions:
|
|
# cure - cure infected attachment(s) and generate cleaned message
|
|
# remove - remove infected attachment(s) and generate cleaned message
|
|
# quarantine - move such messages to quarantine and discard
|
|
# (or reject if discard does not supported)
|
|
# redirect - redirect to RedirectMail and discard message
|
|
# (or reject if discard does not supported)
|
|
# discard - discard such messages
|
|
# reject - reject such messages with permanent error
|
|
Infected = quarantine
|
|
|
|
# Suspicious means that a message is possibly infected with one of the new virus
|
|
# it may be a false alarm (can occur if HeuristicAnalysis is on only)
|
|
# Actions:
|
|
# pass - pass such messages
|
|
# quarantine - move such messages to quarantine and discard
|
|
# (or reject if discard does not supported)
|
|
# redirect - redirect to RedirectMail and discard message
|
|
# (or reject if discard does not supported)
|
|
# discard - discard such messages
|
|
# reject - reject such messages with permanent error
|
|
Suspicious = quarantine
|
|
|
|
# Incurable means that a message contains infected attachment(s)
|
|
# which cannot be cured.
|
|
# This action is applied only if Infected = cure
|
|
# Actions:
|
|
# remove - remove infected attachment(s) and generate cleaned message
|
|
# quarantine - move such messages to quarantine and discard
|
|
# (or reject if discard does not supported)
|
|
# redirect - redirect to RedirectMail and discard message
|
|
# (or reject if discard does not supported)
|
|
# discard - discard such messages
|
|
# reject - reject such messages with permanent error
|
|
Incurable = quarantine
|
|
|
|
# CureFail means that daemon failed to cure (remove) files
|
|
# or generated cleaned message
|
|
# Actions:
|
|
# quarantine - move such messages to quarantine and discard
|
|
# (or reject if discard does not supported)
|
|
# redirect - redirect to RedirectMail and discard message
|
|
# (or reject if discard does not supported)
|
|
# discard - discard such messages
|
|
# reject - reject such messages with permanent error
|
|
CureFail = quarantine
|
|
|
|
# RuleFilterAlert - means that the message matches FiltersRule in drweb32.ini
|
|
# possible only if RuleFilter = on
|
|
# Actions:
|
|
# discard - discard such messages
|
|
# quarantine - move such messages to quarantine and discard
|
|
# (or reject if discard does not supported)
|
|
# redirect - redirect to RedirectMail and discard message
|
|
# (or reject if discard does not supported)
|
|
# reject - reject such messages with permanent error
|
|
RuleFilterAlert = reject
|
|
|
|
# Adware means that a message contains an advertizing program.
|
|
# Actions:
|
|
# pass - pass such messages
|
|
# quarantine - move such messages to quarantine and discard
|
|
# (or reject if discard does not supported)
|
|
# redirect - redirect to RedirectMail and discard message
|
|
# (or reject if discard does not supported)
|
|
# discard - discard such messages
|
|
# reject - reject such messages with permanent error
|
|
Adware = quarantine
|
|
|
|
# Dialer means that a message contains a dialer program that usually is
|
|
# used by porno sites.
|
|
# Actions:
|
|
# pass - pass such messages
|
|
# quarantine - move such messages to quarantine and discard
|
|
# (or reject if discard does not supported)
|
|
# redirect - redirect to RedirectMail and discard message
|
|
# (or reject if discard does not supported)
|
|
# discard - discard such messages
|
|
# reject - reject such messages with permanent error
|
|
Dialers = quarantine
|
|
|
|
# Joke means that a message contains a joke program (hoax).
|
|
# Actions:
|
|
# pass - pass such messages
|
|
# quarantine - move such messages to quarantine and discard
|
|
# (or reject if discard does not supported)
|
|
# redirect - redirect to RedirectMail and discard message
|
|
# (or reject if discard does not supported)
|
|
# discard - discard such messages
|
|
# reject - reject such messages with permanent error
|
|
Jokes = quarantine
|
|
|
|
# Riskware means that a message contains a potentially dangerous software.
|
|
# Actions:
|
|
# pass - pass such messages
|
|
# quarantine - move such messages to quarantine and discard
|
|
# (or reject if discard does not supported)
|
|
# redirect - redirect to RedirectMail and discard message
|
|
# (or reject if discard does not supported)
|
|
# discard - discard such messages
|
|
# reject - reject such messages with permanent error
|
|
Riskware = quarantine
|
|
|
|
# Hacktool means that a message contains an intrusion tool.
|
|
# Actions:
|
|
# pass - pass such messages
|
|
# quarantine - move such messages to quarantine and discard
|
|
# (or reject if discard does not supported)
|
|
# redirect - redirect to RedirectMail and discard message
|
|
# (or reject if discard does not supported)
|
|
# discard - discard such messages
|
|
# reject - reject such messages with permanent error
|
|
Hacktools = quarantine
|
|
|
|
# EmptyFrom means that SMTP session was initiated with empty envelope From:
|
|
# used for mail notifications (reports) and by spammers
|
|
# Actions:
|
|
# continue - continue processing such messages
|
|
#
|
|
# ATTENTION: Your MTA would not be RFC-compliant if you set up
|
|
# non-continue action and can be banned by www.rfc-ignorant.org site.
|
|
# "The MTA MUST accept messages with <> sender."
|
|
# (rfc-2505 see 2.6.1)
|
|
#
|
|
# discard - discard such messages
|
|
# reject - reject such messages with permanent error
|
|
EmptyFrom = continue
|
|
|
|
# SkipObject means that daemon found an object that cannot be checked:
|
|
# password protected archive, broken archive, sym-link,
|
|
# non regular file, timeout
|
|
# (see SocketTimeout and FileTimeout in drweb32.ini).
|
|
# Actions:
|
|
# pass - pass such messages
|
|
# quarantine - move such messages to quarantine and discard
|
|
# (or reject if discard does not supported)
|
|
# redirect - redirect to RedirectMail and discard message
|
|
# (or reject if discard does not supported)
|
|
# reject - reject such messages with permanent error
|
|
SkipObject = pass
|
|
|
|
# ArchiveRestriction means that daemon found an object in archive with
|
|
# compression ratio exceeding MaxCompressionRation, size of object is greater
|
|
# than MaxFileSizeToExtract or level of nested archive is greater
|
|
# than MaxArchiveLevel from drweb32.ini
|
|
# Actions:
|
|
# pass - pass such messages
|
|
# quarantine - move such messages to quarantine and discard
|
|
# (or reject if discard does not supported)
|
|
# redirect - redirect to RedirectMail and discard message
|
|
# (or reject if discard does not supported)
|
|
# reject - reject such messages with permanent error
|
|
ArchiveRestriction = quarantine
|
|
|
|
# ScanningErrors means that daemon fails to scan current object. Example of
|
|
# cases: no memory, cannot read file for check (no permissions).
|
|
# Actions:
|
|
# pass - pass such messages
|
|
# quarantine - move such messages to quarantine and discard
|
|
# (or reject if discard does not supported)
|
|
# redirect - redirect to RedirectMail and discard message
|
|
# (or reject if discard does not supported)
|
|
# reject - reject such messages with permanent error
|
|
# tempfail - reject such message with temporary error
|
|
ScanningErrors = quarantine
|
|
|
|
# ProcessingErrors means errors in proxy-client: no memory, misconfigured,
|
|
# timeout on communication with daemon and etc.
|
|
# Actions:
|
|
# pass - pass such messages
|
|
# quarantine - move such messages to quarantine and discard
|
|
# (or reject if discard does not supported)
|
|
# reject - reject such messages with permanent error
|
|
# tempfail - reject such message with temporary error
|
|
ProcessingErrors = reject
|
|
|
|
# PassEmptyFromIfNoDaemon - if this parameter is set to yes, then messages from
|
|
# <> would be passed if filter cannot connect to
|
|
# daemon and ProcessingErrors is set to "reject"
|
|
PassEmptyFromIfNoDaemon = no
|
|
|
|
# Admin mail address (should be qualified)
|
|
AdminMail = postmaster
|
|
|
|
# Mail address for redirect action (should be qualified)
|
|
RedirectMail = postmaster
|
|
|
|
# Filter address to be used in From: (should be qualified)
|
|
FilterMail = DrWEB-DAEMON
|
|
|
|
# List of unnotificable viruses
|
|
UnnotificableVirusesList = /etc/drweb/viruses.conf
|
|
|
|
# List of unnotificable addresses
|
|
UnnotificableAddressesList = /etc/drweb/addresses.conf
|
|
|
|
# Quarantine directory.
|
|
# The infected files could be moved in that dir
|
|
# if you leave this field empty or commented out then
|
|
# infected messages will not be stored
|
|
Quarantine = /var/spool/drweb/infected
|
|
|
|
# Permissions for quarantined files
|
|
QuarantineFilesMode = 0660
|
|
|
|
# Naming convention for spool files
|
|
# * Std - using mkstemp (template: drweb.quarantine.XXXXXX)
|
|
# * Tai - use TAI format (template: %sec.%usec.drweb.quarantine.XXXXXX)
|
|
# * Rand48 - using lrand48 (template: drweb.quarantine.XXXXXXXX)
|
|
QuarantineFilenamesMode = Std
|
|
|
|
# Prefix for spool filename (%{Quarantine}/%{QuarantineFilenamesPrefix}XXXXXX)
|
|
QuarantineFilenamesPrefix = drweb.quarantine.
|
|
|
|
#########################
|
|
# Notifications section #
|
|
#########################
|
|
[VirusNotifications]
|
|
# Enable or disable sending notifications to persons (yes/no)
|
|
SenderNotify = yes
|
|
AdminNotify = yes
|
|
RcptsNotify = yes
|
|
|
|
# Files with notification templates
|
|
SenderTemplate = /etc/drweb/templates/en/sender_virus.msg
|
|
AdminTemplate = /etc/drweb/templates/en/admin_virus.msg
|
|
RcptsTemplate = /etc/drweb/templates/en/rcpts_virus.msg
|
|
|
|
[MalwareNotifications]
|
|
# Enable or disable sending notifications to persons (yes/no)
|
|
SenderNotify = yes
|
|
AdminNotify = yes
|
|
RcptsNotify = yes
|
|
|
|
# Files with notification templates
|
|
SenderTemplate = /etc/drweb/templates/en/sender_malware.msg
|
|
AdminTemplate = /etc/drweb/templates/en/admin_malware.msg
|
|
RcptsTemplate = /etc/drweb/templates/en/rcpts_malware.msg
|
|
|
|
[CuredNotifications]
|
|
SenderNotify = yes
|
|
AdminNotify = yes
|
|
SenderTemplate = /etc/drweb/templates/en/sender_cured.msg
|
|
AdminTemplate = /etc/drweb/templates/en/admin_cured.msg
|
|
|
|
[SkipNotifications]
|
|
SenderNotify = yes
|
|
AdminNotify = no
|
|
RcptsNotify = no
|
|
SenderTemplate = /etc/drweb/templates/en/sender_skip.msg
|
|
AdminTemplate =
|
|
RcptsTemplate =
|
|
|
|
[ArchiveRestrictionNotifications]
|
|
SenderNotify = yes
|
|
AdminNotify = yes
|
|
RcptsNotify = no
|
|
SenderTemplate = /etc/drweb/templates/en/sender_archive.msg
|
|
AdminTemplate = /etc/drweb/templates/en/admin_archive.msg
|
|
RcptsTemplate =
|
|
|
|
[ErrorNotifications]
|
|
SenderNotify = yes
|
|
AdminNotify = yes
|
|
RcptsNotify = no
|
|
SenderTemplate = /etc/drweb/templates/en/sender_error.msg
|
|
AdminTemplate = /etc/drweb/templates/en/admin_error.msg
|
|
RcptsTemplate =
|
|
|
|
[RuleFilterNotifications]
|
|
SenderNotify = no
|
|
AdminNotify = yes
|
|
RcptsNotify = no
|
|
SenderTemplate =
|
|
AdminTemplate = /etc/drweb/templates/en/admin_rule.msg
|
|
RcptsTemplate =
|
|
|
|
[LicenseLimitNotifications]
|
|
AdminNotify = no
|
|
AdminTemplate = /etc/drweb/templates/en/admin_license.msg
|
|
|
|
###################
|
|
# Logging section #
|
|
###################
|
|
[Logging]
|
|
# Logging detalization ( Quiet, Errors, Alerts, Info, Verbose, Debug )
|
|
Level = Info
|
|
|
|
# Facility used for logging to syslog ( Daemon, Mail, Local0..7 )
|
|
SyslogFacility = Mail
|
|
|
|
# Priority used for logging to syslog ( Debug, Info, Notice, Alert )
|
|
SyslogPriority = Info
|
|
|
|
################################
|
|
# Mail system settings section #
|
|
################################
|
|
[Mailer]
|
|
# Name of the mail system
|
|
MailSystem = QMail
|
|
|
|
# Submission program (used to send notifications) called as
|
|
# ${Sendmail} ${SendmailArgs} ${DefaultArgs} -f ${Sender} -- ${Recipients}
|
|
# and message has been written to stdin of submission program
|
|
Sendmail = /usr/sbin/sendmail
|
|
|
|
# Additional (to default) arguments for submission program
|
|
# Default arguments:
|
|
# Qmail: no args
|
|
# Exim: -i -bm -oMr drweb_scanned
|
|
# Others: -i -bm
|
|
# Examples:
|
|
# SendmailArgs = "-FUserName"
|
|
#
|
|
# SendmailArgs = ""
|
|
|
|
# qmail-queue program path
|
|
QmailQueue =
|
|
|
|
################################
|
|
# Mail system settings section #
|
|
################################
|
|
[Agent]
|
|
# Definition of agent's address. Agent is used for collecting statistic
|
|
# from mail filters and sending it to stat.drweb.com.
|
|
# Note: FAMILY pid is not valid
|
|
# Agent should be started before mail filter.
|
|
#Address = inet:3003@localhost
|
|
|
|
# Timeout for the whole session (seconds)
|
|
#Timeout = 10
|