|
|
|
Main configuration file
## Sagator configuration file.
## (c) 2003-2010 Jan ONDREJ (SAL)
## Lines beginning with double # (##) are comments. Lines beginning
## with single # are commented examples. In default configuration
## there is one antivir scanner and one spam scanner uncomented,
## other scanner are commented out.
## Debugging level, 0=errors only, 1=return status, init messages,
## 2=smtp server communication, 3=detailed smtp server communication,
## 4=tracebacks, 5=smtp client communication
## Do not use debug level higher than 9!
DEBUG_LEVEL = 3
## Language used by web access
## You can define a locale language for which there are translations.
LANG = ['en_US']
## Where is new root path. For example '/var/spool/vscan'
## Comment out this line, if you don't need to run sagator in chroot.
CHROOT = '/var/spool/vscan'
## Logfile (use logfile in chroot to allow rotating)
LOGFILE = CHROOT + '/var/log/sagator/sagator.log'
## User and group, under which this program runs.
USER, GROUP = 'vscan', 'vscan'
## SMTP server host and port. You must define this smtp server
## in postfix without filtering.
SMTP_SERVER = ('127.0.0.1', 26)
## Scanners and services
from scanners import *
from srv import *
## Database engine definitions
#DB_ENGINE = db.sqlite(dbname='/var/lib/sagator/sqlitedb')
#DB_ENGINE = db.pymysql(host='127.0.0.1', port=3306, dbname='sagator',
# dbuser='sagator', dbpasswd='your_pass')
#DB_ENGINE = db.pgdb(host='127.0.0.1', port=5432, dbname='sagator',
# dbuser='sagator', dbpasswd='your_pass')
## Local IPs
LOCAL_IPS = '^(192\.168|172\.(1[6789]|2[0-9]|3[01])|10|127)\.'
## If you are using libclam() scanner, it's better to define one instance
## here and then use it later.
CLAMAV = libclam()
## Now you can define SCANNERS array. This array contains definitions
## for all scanners used in sagator and it's scripts.
## You can define other array names for different services.
## SCANNERS array for sgscan must have this name.
SCANNERS = [
## We are defining an logger scanner. This scanner will log some
## special data into logfile. See log() scanner documentation
## for more information. You can comment out this line, if you don't
## need extra information in your logs.
log(1, log.SUMMARY_REPORT,
## Also you can use SQL logger. If you uncomment a scanner here,
## do not forget to uncomment it's parenthesis below!
#log_sql(DB_ENGINE, log_sql.FORMAT,
## Next scanner defines a status line for statistics collector.
## This line stores "Virus" count in collector.
## You don't need it if you don't need MRTG statistics.
status("Virus",
## If you need to send some virus reports to adminstrator,
## you can use following line. For of message template (MSG_TMPL)
## syntax read scanner documentation and/or source.
## You can comment out this, if you don't need reports.
## .ifscan() extra parameter at end of this scanner is used to
## send these reports only for local IP addresses.
report(['root@localhost'], report.MSG_TMPL,
## Following scanner defines, if you are need to reject, drop
## or deliver messages with viruses. By default viruses are
## rejected (and sent back to sender). Some viruses fakes
## it's sender and it is better do drop these emails.
## You can define virus names, which you want to drop.
drop(drop.DEFAULT,
## Following scanner can quarantine all infected emails into
## files on server. This example quarantines files into a directory
## named /var/spool/sagator/quarantine/... in sagator's chroot.
## In this directory there will be each subdirectory for each
## year/month/day (for example 2007/01/30).
quarantine('/var/spool/sagator/quarantine/%Y/%m/%d', '',
## Antivirus scanners follows here.
## Simple scanners
## Following scanner reports as virus all email larger than 10kB.
#max_file_size(10*1024),
## Following scanner parses email for attachments and if
## one of them is executable, virus will be identified.
#parsemail(file_type({'exe': 'Executable'})),
## Next scanner scans for viruses, if you can define a pattern,
## which is contained in each virus of this type.
## You can use it for it's own purposes to stop delivering
## of any king of emails.
#string_scan(VIR_PATTERNS),
## This scanner is similiar to previous. It scans for regular
## expressions.
#regexp_scan({'virname': ['___PATTERN___']}),
## Exec any program
## You can use this scanner for unsuported antivirus,
## if you can define, which exit statuses are returned
## for viruses and for clean emails.
#b2f(exec_any(['/bin/grep', '-q', '^TVqQ'], [1], [0])),
## ClamAV - clam antivirus
## Uncoment one or more following lines.
#alternatives(
## Next scanner uses clamav's library directly in sagator.
## This scanner is the best scanner from all clamav scanners.
## It's performance and stability is very high.
buffer2mbox(CLAMAV),
## If you need to parse emails mime attachments, you
## can use parsemail() interscanner before calling clamav.
## Uncomment following line if you need this.
## Don't forget to comment out previous scanner, because
## it is useless to define two scanner for one antivirus.
#parsemail(CLAMAV),
## Next scanner adds sagator's own decompression for clamav.
## It is only an example. You can use it for antivirs,
## which hasn't this feature implemented.
#parsemail(buffer2file(decompress(CLAMAV))),
## Next scanner calls clamav scan over clamav's daemon.
## This daemon is waiting on local port 3310/tcp.
#clamd(['127.0.0.1', 3310]),
## Next scanner calls clamav scan over clamav's daemon.
## This daemon is waiting on socket /var/run/clamav/clamd.sock.
#clamd('/var/run/clamav/clamd.sock'),
## Following scanner is obsolete. It calls clamscan binary
## to scan for viruses. This scanner is very slow.
#buffer2mbox(clamscan(['/usr/bin/clamscan', '--stdout',
# '--infected', '--disable-summary',
# '-r', '--mbox'])),
#),
## AVG7 for linux
## This scanner can be used with AVG antivirus for linux.
## Uncomment next line, if you have it.
#b2f(avgd(chroot=CHROOT)),
## Bitdefender bdc
## This scanner can be used with bitdefender antivirus.
## Uncomment next line, if you have it.
#b2f(bdc()),
## NOD32 (by ESET)
## There are three ways to use this antivirus.
## Following scanner uses nod32pac (preload library) over scand().
#scanc(),
## Next scanner uses nod32 version 2 as command line scanner.
#buffer2mbox(nod2()),
## Next scanner uses nod32lfs's dazuko support.
#nod2dazuko('/tmp/dazuko/mb-', '/var/log/nod32fac.log'),
## Sophie (sophos libsavi)
## Following scanner can be used with Sophie. Sophie
## is a daemon which uses libsavi library from Sophos antivirus.
#parsemail(b2f(decompress(sophie('/tmp/sophie', CHROOT)))),
## Kaspersky antivirus
## You can use following scanner for Kaspersky antivurus
## command line scanner.
#b2f(kav()),
## Symantec antivirus scan engine.
## You can use following scanner for Symantec antivurus
## scan engine. Do not forget to configure ICAP protocol
## on port 1344.
#savse('127.0.0.1', 1344),
)
)
## This extra parameter is used to send reports only if virus is
## comming from LOCAL_IPS (defined abowe).
).ifscan(sender_regexp({'LOCAL_IP': [LOCAL_IPS]}))
),
## Now we are defining status for "Spam",
status("Spam",
# and dropping of all spams.
drop('.', # drop all spams
## quarantine for spams,
quarantine('/var/spool/sagator/quarantine/%Y/%m/%d', '',
## Antispam scanners follows here.
## SpamAssassin
## This scanner using default configuration for spamd
## (spamassassin daemon) on local port 783/tcp.
## It is using spamassassin's default configuration.
spamassassind(['127.0.0.1', 783], sa_user=USER),
## Bogofilter
#bogofilter(['/usr/bin/bogofilter', '-v']),
## QuickSpamFilter
#qsf(['/usr/bin/qsf', '-r']),
## Anomy Sanitizer
#filter(['/usr/local/bin/sanitizer.pl'])
)
)
)
#)
)
]
## LMTP scanner dictionary example:
## This definition is very simple. Use SCANNERS konfiguration for more
## examples and read sagator's documentation.
#LMTP_SCANNERS = {
# 'antivir_only:
# log(1, log.SUMMARY_REPORT,
# quarantine('/var/spool/sagator/quarantine/%Y%m', '',
# drop(drop.DEFAULT,
# buffer2mbox(CLAMAV)
# )
# )
# )
# 'DEFAULT': # 'DEFAULT' string is hardcoded
# SCANNERS[0], # define this as first scanner from SCANNERS
#}
## smtpd_policy scanners:
POLICY_SCANNERS = [
## check SPF records
#spf_check(),
## check if sender IP is resolvable
#dns_check(),
## standard blacklist, users with "BA","BS" or "BR" are blacklisted
status('Blacklist', listed('B')),
## Fast greylist
status('Greylist',
## check for whitelist ("WA", "WS", "WR" flags),
## if user is not in whitelist, try to greylist them
not_listed('W') &
## Greylist only IP from RBL
#rbl_check(
# 'bl.spamcop.net.',
# 'zen.spamhaus.org.',
#) &
greylist(600) # greylist for 5 minutes
),
## return "dunno" to leave postfix's other restriction to effect
set_action('dunno')
]
POLICY_DATA_SCANNERS = [
status('Quota',
policy_quota_auth_limit(interval=[300], max_conn=[30], max_rcpt=[300]),
),
## return "dunno" to leave postfix's other restriction to effect
set_action('dunno')
]
CLEANUP = {
#DB_ENGINE: [
## clean obsolete greylist records first
#list_cleanup(),
## autogenerate some whitelist records
## POLICY_SCANNER
#auto_whitelist(),
#policy_quota_cleanup(),
## clean old logs from database
#log_cleanup()
#]
}
## In this section you need to define services, which will be started
## by SAGATOR. You need at least one service to start. An SMTP gateway
## or a command can communicate with SAGATOR over this/these services.
SRV = [
## External daemons used by SAGATOR
## Uncomment following line, if you want to use clamd in chroot.
#chroot_execvp('/usr/sbin/clamd', ['-c', '/etc/clamav.conf']),
## Uncomment following line, if you want to use AVG daemon in chroot.
#chroot_execvpe('/opt/grisoft/avg7/bin/avgscan', ['-d'],
# {'LANG':'C'}, pgrp_file='/var/run/avgd.pgrp'),
## Uncomment following line, if you want to use KAV daemon in chroot.
#chroot_execvp('/opt/kav/5.5/kav4mailservers/bin/aveserver'),
## Line below is required by nod2pac() scanner.
#scand(nod2pac(), '/usr/lib/libnod32pac.so'),
## Line below is required for esetspac() scanner.
#scand(esetspac(), '/usr/lib/libesets_pac.so'),
## Resource limits (like ulimit)
## You can define resource limits for sagator processes.
## In this example address space is limited to 400 MB.
## Aprox. 100 MB address space is required only for libclamav database.
#rlimit(AS=4096*MB),
## Statistics collector
## This service can be used to collect statistics data and an program
## (like RRDTOOL or MRTG) can use these data to show nice graphs.
## By default leave this service running, because there is a script
## in sagator, which using this service.
collector(),
## SMTP daemon policy (can be used as postfix policy scanner)
#smtpd_policy(POLICY_SCANNERS, DB_ENGINE, '127.0.0.1', 29),
#smtpd_policy(POCLIY_DATA_SCANNERS, DB_ENGINE, '127.0.0.1', 30),
## Following scanner can be used to scan for policies in smtpd() or milter()
## services. It must be defined before them.
#recipient_policy(POLICY_SCANNERS, DB_ENGINE),
## SMTP daemon (for postfix, ...)
## This service can be used by postfix or any other SMTP daemon.
## You need to configure your SMTPd to send all viruses over
## this SMTPd. It sends clean emails back to SMTPd defined above
## (by SMTP_SERVER variable).
smtpd(SCANNERS, '127.0.0.1', 27, core_count()),
## LMTP daemon (for postfix, ...)
## This service can be used to scan each email recipient with different
## scanner. Configure postfix to use lmtp protocol (lmtp:IP:port).
#lmtpd(SCANNERS, '0.0.0.0', 27),
## Milter daemon
## This service can be used by sendmail's milter. Leave it commented,
## if you don't use sendmail SMTP.
#milter(SCANNERS, "sagator", "inet:3333@127.0.0.1"),
## sgfilter daemon (use sgfilter command as client)
#sgfilterd(SCANNERS),
## Standard input filter
## Over this service you can use sagator as STDIN -> STDOUT filter.
## Configure avfilter service and run sagator:
## sagator --nodaemon < email
## and you will obtain modified email on standard output.
#avfilter(SCANNERS),
## HTTP proxy filter
## This service can be used to scan HTTP connection for viruses.
## Please read proxy() service documentation for client configuration.
## WARNING: This service is in beta stage. USE WITH CAUTION!
#http_proxy(SCANNERS, '127.0.0.1', 3129),
## FUSE daemon (to create a scanner filesystem)
## Please use only "quick" scanners, not command line scanners!
#fusefs(SCANNERS, '/home', '/realhome'),
## Reporter virtual service
#reporter(include = '@mydomain.com'),
## Web quarantine access
#webq_jinja(
# db=DB_ENGINE,
# scanner=b2f(CLAMAV),
# userconv=['^(.*)$','"\\1"@mydomain.com'] # not required
#),
]
|
