Last active
December 14, 2022 16:12
-
-
Save c-rosenberg/561d31f793842a3c0a50a1772d9feaf3 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<!-- | |
Heinlein Support Quick Install: | |
Kaspersky Web Traffic Security (kwts) | |
as ICAP server | |
for Rspamd | |
Prerequisites: less, nginx | |
Download Site: https://support.kaspersky.com/de/kwts6#downloads | |
Trial License: https://www.kaspersky.de/small-to-medium-business-security/downloads/internet-gateway-free-trial | |
Install: | |
- e.g. wget https://products.s.kaspersky-labs.com/administrationkit/kwts6.0/6.1.0.4762/multilanguage-INT-6.1.0.4762/3236323635357c44454c7c31/kwts_6.1.0-4762_amd64.deb | |
- e.g. dpkg -i kwts_6.1.0-4762_amd64.deb | |
basic setup: | |
- /opt/kaspersky/kwts/bin/setup.py -i | |
download and import this settings file (KSN activated & KSN upload disabled): | |
- wget -o hs_kwts.xml <this-gist-as-raw> | |
- /opt/kaspersky/kwts/bin/kwts-control \-\-import-settings \-f hs_kwts.xml | |
enable your license: | |
- /opt/kaspersky/kwts/bin/kwts-control -l \-\-activate-license-code <license-code> | |
wait for virus signature updates and reboot: | |
- /opt/kaspersky/kwts/bin/kwts-control \-\-get-avs-bases-info | |
- systemctl reboot | |
Rspamd kwts settings /etc/rspamd/local.d/external_services.conf: | |
kaspersky_icap { | |
scan_mime_parts = true; | |
scan_text_mime = true; | |
#scan_image_mime = true; | |
symbol = "KASPERSKY_KWTS" | |
type = "icap"; | |
name = "kaspersky_icap"; | |
log_clean = true; | |
servers = "<ip-of-your-server>:1344"; | |
scheme = "av/respmod"; | |
} | |
--> | |
<root> | |
<arrayOfAppSettings> | |
<item> | |
<info> | |
<taskId>0</taskId> | |
<version>2</version> | |
<name></name> | |
<taskType>0</taskType> | |
<isGroupTask>0</isGroupTask> | |
<groupId>0</groupId> | |
<isAdminKitTask>0</isAdminKitTask> | |
</info> | |
<settings> | |
<tracerSettings> | |
<enable>1</enable> | |
<level>Error</level> | |
<destination>Files</destination> | |
<rotationPeriod>NoRotation</rotationPeriod> | |
<rotationFileSize>52428800</rotationFileSize> | |
<maxFileCount>3</maxFileCount> | |
<facility>Local0</facility> | |
</tracerSettings> | |
<replyEmailAddress></replyEmailAddress> | |
<adminEmailAddresses></adminEmailAddresses> | |
<proxySettings> | |
<enable>0</enable> | |
<serverAddress></serverAddress> | |
<port>8080</port> | |
<authenticationType>NotRequired</authenticationType> | |
<user></user> | |
<password></password> | |
<proxyBypassLocalAddresses>0</proxyBypassLocalAddresses> | |
</proxySettings> | |
<securityCenterClusterID>Kaspersky Web Traffic Security</securityCenterClusterID> | |
</settings> | |
</item> | |
</arrayOfAppSettings> | |
<slotForAppPolicy /> | |
<arrayOfAuthMailSettings /> | |
<slotForAuthMailPolicy /> | |
<arrayOfScanLogicSettings /> | |
<slotForScanLogicPolicy /> | |
<arrayOfBackupSettings /> | |
<slotForBackupPolicy /> | |
<arrayOfFacadeSettings> | |
<item> | |
<info> | |
<taskId>4</taskId> | |
<version>1</version> | |
<name>Facade</name> | |
<taskType>4</taskType> | |
<isGroupTask>0</isGroupTask> | |
<groupId>0</groupId> | |
<isAdminKitTask>0</isAdminKitTask> | |
</info> | |
<settings /> | |
</item> | |
</arrayOfFacadeSettings> | |
<slotForFacadePolicy /> | |
<arrayOfSettingsManagerSettings /> | |
<slotForSettingsManagerPolicy /> | |
<arrayOfEventManagerSettings> | |
<item> | |
<info> | |
<taskId>7</taskId> | |
<version>1</version> | |
<name>EventManager</name> | |
<taskType>8</taskType> | |
<isGroupTask>0</isGroupTask> | |
<groupId>0</groupId> | |
<isAdminKitTask>0</isAdminKitTask> | |
</info> | |
<settings /> | |
</item> | |
</arrayOfEventManagerSettings> | |
<slotForEventManagerPolicy /> | |
<arrayOfNotifierMailSettings /> | |
<slotForNotifierMailPolicy /> | |
<arrayOfStatisticsSettings> | |
<item> | |
<info> | |
<taskId>10</taskId> | |
<version>1</version> | |
<name>Statistics</name> | |
<taskType>11</taskType> | |
<isGroupTask>0</isGroupTask> | |
<groupId>0</groupId> | |
<isAdminKitTask>0</isAdminKitTask> | |
</info> | |
<settings /> | |
</item> | |
</arrayOfStatisticsSettings> | |
<slotForStatisticsPolicy /> | |
<arrayOfUpdaterSettings> | |
<item> | |
<info> | |
<taskId>11</taskId> | |
<version>2</version> | |
<name>Updater</name> | |
<taskType>6</taskType> | |
<isGroupTask>0</isGroupTask> | |
<groupId>0</groupId> | |
<isAdminKitTask>0</isAdminKitTask> | |
</info> | |
<settings> | |
<updateCommonSettings> | |
<sourceType>KLServersSecure</sourceType> | |
<customSources /> | |
<useKlServersWhenUnavailable>0</useKlServersWhenUnavailable> | |
<connectionTimeout>10</connectionTimeout> | |
</updateCommonSettings> | |
<schedule> | |
<ruleType>Minutely</ruleType> | |
<startByTime> | |
<year>0</year> | |
<month>Unknown</month> | |
<day>0</day> | |
<hour>0</hour> | |
<min>0</min> | |
<sec>0</sec> | |
<dayOfMonth>0</dayOfMonth> | |
<dayOfWeek>Unknown</dayOfWeek> | |
<timePeriod>15</timePeriod> | |
</startByTime> | |
<randInterval>10</randInterval> | |
<execTimeLimit>180</execTimeLimit> | |
<runMissed>1</runMissed> | |
</schedule> | |
</settings> | |
</item> | |
</arrayOfUpdaterSettings> | |
<slotForUpdaterPolicy /> | |
<arrayOfLicenserSettings> | |
<item> | |
<info> | |
<taskId>8</taskId> | |
<version>1</version> | |
<name>Licenser</name> | |
<taskType>14</taskType> | |
<isGroupTask>0</isGroupTask> | |
<groupId>0</groupId> | |
<isAdminKitTask>0</isAdminKitTask> | |
</info> | |
<settings> | |
<LicenseExpiresSoonWarningDays>30</LicenseExpiresSoonWarningDays> | |
</settings> | |
</item> | |
</arrayOfLicenserSettings> | |
<slotForLicenserPolicy /> | |
<arrayOfAspMoebiusSettings /> | |
<slotForAspMoebiusPolicy /> | |
<arrayOfAspQuarantineSettings /> | |
<slotForAspQuarantinePolicy /> | |
<arrayOfSmtpSenderSettings /> | |
<slotForSmtpSenderPolicy /> | |
<arrayOfSnmpSettings> | |
<item> | |
<info> | |
<taskId>16</taskId> | |
<version>2</version> | |
<name>Snmp</name> | |
<taskType>18</taskType> | |
<isGroupTask>0</isGroupTask> | |
<groupId>0</groupId> | |
<isAdminKitTask>0</isAdminKitTask> | |
</info> | |
<settings> | |
<enableSNMP>0</enableSNMP> | |
<pingIntervalInSeconds>15</pingIntervalInSeconds> | |
<masterAgentAddress>unix:/var/run/agentx-master.socket</masterAgentAddress> | |
<trapsEnable>0</trapsEnable> | |
</settings> | |
</item> | |
</arrayOfSnmpSettings> | |
<slotForSnmpPolicy /> | |
<arrayOfEventLoggerSettings> | |
<item> | |
<info> | |
<taskId>20</taskId> | |
<version>2</version> | |
<name>EventLogger</name> | |
<taskType>22</taskType> | |
<isGroupTask>0</isGroupTask> | |
<groupId>0</groupId> | |
<isAdminKitTask>0</isAdminKitTask> | |
</info> | |
<settings> | |
<facility>Local1</facility> | |
<logLevel>Info</logLevel> | |
<maxMessageSize>65528</maxMessageSize> | |
<maxJournalRecords>100000</maxJournalRecords> | |
<trafficEventsSettings> | |
<eventsLogLevel>AllEvents</eventsLogLevel> | |
<eventsStoragePeriod>3</eventsStoragePeriod> | |
<totalDiscSpaceLimit>1073741824</totalDiscSpaceLimit> | |
<enableTrafficProfileLogging>0</enableTrafficProfileLogging> | |
</trafficEventsSettings> | |
<kataEventsSettings> | |
<eventsStoragePeriod>3</eventsStoragePeriod> | |
<totalDiscSpaceLimit>1073741824</totalDiscSpaceLimit> | |
</kataEventsSettings> | |
<siemSettings> | |
<enabled>0</enabled> | |
<facility>Local0</facility> | |
<logLevel>Info</logLevel> | |
<formatting> | |
<prefix>CEF:0|AO Kaspersky Lab|%PRODUCT%|%VERSION%|%ID%|%NAME%|%SEVERITY%|</prefix> | |
<paramsDelimeter>|</paramsDelimeter> | |
<severityError>High</severityError> | |
<severityInfo>Low</severityInfo> | |
<settingsEvents> | |
<taskId>cn1=%VALUE% cn1Label=TaskId</taskId> | |
<taskName>cs1=%VALUE% cs1Label=TaskName</taskName> | |
<destUser>duser=%VALUE%</destUser> | |
<sourceUser>suser=%VALUE%</sourceUser> | |
<action>act=%VALUE%</action> | |
</settingsEvents> | |
<tasksEvents> | |
<processName>deviceProcessName=%VALUE%</processName> | |
<count>cnt=%VALUE%</count> | |
<errorReason>reason=%VALUE%</errorReason> | |
<result>outcome=%VALUE%</result> | |
<mode>cs1=%VALUE% cs1Label=Mode</mode> | |
</tasksEvents> | |
<exportImportEvents> | |
<result>outcome=%VALUE%</result> | |
<importedAreas>cs1=%VALUE% cs1Label=ImportedAreas</importedAreas> | |
<errorReason>reason=%VALUE%</errorReason> | |
</exportImportEvents> | |
<backupEvents> | |
<msgId>cs1=%VALUE% cs1Label=MessageId</msgId> | |
<count>cnt=%VALUE%</count> | |
<action>act=%VALUE%</action> | |
<account>suser=%VALUE%</account> | |
<avStatus>cs2=%VALUE% cs2Label=AvStatus</avStatus> | |
<asStatus>cs3=%VALUE% cs3Label=AsStatus</asStatus> | |
<apStatus>cs4=%VALUE% cs4Label=ApStatus</apStatus> | |
<threat>cs5=%VALUE% cs5Label=Threat</threat> | |
<cfStatus>cs6=%VALUE% cs6Label=CfStatus</cfStatus> | |
<recipients>duser=%VALUE%</recipients> | |
<reason>reason=%VALUE%</reason> | |
<result>outcome=%VALUE%</result> | |
<msgSize>cn1=%VALUE% cn1Label=MessageSize</msgSize> | |
<maxBackupSize>cn2=%VALUE% cn2Label=MaxBackupSize</maxBackupSize> | |
<msgCount>cn3=%VALUE% cn3Label=MessageCount</msgCount> | |
</backupEvents> | |
<scanLogicBackupEvents> | |
<messageInfo> | |
<msgId>cs1=%VALUE% cs1Label=MessageId</msgId> | |
<relayIp>src=%VALUE%</relayIp> | |
<action>act=%VALUE%</action> | |
<msgSize>fsize=%VALUE%</msgSize> | |
<from>suser=%VALUE%</from> | |
<recipients>duser=%VALUE%</recipients> | |
</messageInfo> | |
<backupReason>reason=%VALUE%</backupReason> | |
<rules>cs2=%VALUE% cs2Label=Rules</rules> | |
</scanLogicBackupEvents> | |
<licenseEvents> | |
<licenseId>cs1=%VALUE% cs1Label=LicenseID</licenseId> | |
<functionalityLevel>cs2=%VALUE% cs2Label=FunctionalityLevel</functionalityLevel> | |
<keyType>cs3=%VALUE% cs3Label=KeyType</keyType> | |
<daysLeft>cn1=%VALUE% cn1Label=DaysLeft</daysLeft> | |
<errorReason>reason=%VALUE%</errorReason> | |
<expirationDate>deviceCustomDate1=%VALUE% deviceCustomDate1Label=ExpirationDate</expirationDate> | |
</licenseEvents> | |
<ruleEvents> | |
<ruleId>cn1=%VALUE% cn1Label=RuleId</ruleId> | |
<ruleName>cs1=%VALUE% cs1Label=RuleName</ruleName> | |
<action>act=%VALUE%</action> | |
</ruleEvents> | |
<quarantineEvents> | |
<msgId>cs1=%VALUE% cs1Label=MessageId</msgId> | |
<relayIp>src=%VALUE%</relayIp> | |
<rules>cs2=%VALUE% cs2Label=Rules</rules> | |
<action>act=%VALUE%</action> | |
<account>cs3=%VALUE% cs3Label=account</account> | |
<recipients>duser=%VALUE%</recipients> | |
<sender>suser=%VALUE%</sender> | |
</quarantineEvents> | |
<applianceEvents> | |
<queue>cs1=%VALUE% cs1Label=Queue</queue> | |
<incoming>cs2=%VALUE% cs2Label=Incoming</incoming> | |
<outgoing>cs3=%VALUE% cs3Label=Outgoing</outgoing> | |
<user>cs4=%VALUE% cs4Label=User</user> | |
<changedValues>cs5=%VALUE% cs5Label=ChangedValues</changedValues> | |
<queueMsgId>cn1=%VALUE% cn1Label=QueueMessageId</queueMsgId> | |
<queueSize>cn2=%VALUE% cn2Label=QueueSize</queueSize> | |
<receiptTime>rt=%VALUE%</receiptTime> | |
<from>suser=%VALUE%</from> | |
<recipients>duser=%VALUE%</recipients> | |
<result>outcome=%VALUE%</result> | |
<errorReason>reason=%VALUE%</errorReason> | |
<newName>fname=%VALUE%</newName> | |
<oldName>oldFileName=%VALUE%</oldName> | |
</applianceEvents> | |
<notScannedEvents> | |
<messageInfo> | |
<msgId>cs1=%VALUE% cs1Label=MessageId</msgId> | |
<relayIp>src=%VALUE%</relayIp> | |
<action>act=%VALUE%</action> | |
<msgSize>fsize=%VALUE%</msgSize> | |
<from>suser=%VALUE%</from> | |
<recipients>duser=%VALUE%</recipients> | |
</messageInfo> | |
<reason>reason=%VALUE%</reason> | |
</notScannedEvents> | |
<avScanEvents> | |
<scanEventInfo> | |
<messageInfo> | |
<msgId>cs1=%VALUE% cs1Label=MessageId</msgId> | |
<relayIp>src=%VALUE%</relayIp> | |
<action>act=%VALUE%</action> | |
<msgSize>fsize=%VALUE%</msgSize> | |
<from>suser=%VALUE%</from> | |
<recipients>duser=%VALUE%</recipients> | |
</messageInfo> | |
<rules>cs2=%VALUE% cs2Label=Rules</rules> | |
<status>outcome=%VALUE%</status> | |
<unsafeRecipients>cs3=%VALUE% cs3Label=UnsafeRecipients</unsafeRecipients> | |
<reason>reason=%VALUE%</reason> | |
<sizeLimit>cn1=%VALUE% cn1Label=SizeLimit</sizeLimit> | |
</scanEventInfo> | |
</avScanEvents> | |
<asScanEvents> | |
<scanEventInfo> | |
<messageInfo> | |
<msgId>cs1=%VALUE% cs1Label=MessageId</msgId> | |
<relayIp>src=%VALUE%</relayIp> | |
<action>act=%VALUE%</action> | |
<msgSize>fsize=%VALUE%</msgSize> | |
<from>suser=%VALUE%</from> | |
<recipients>duser=%VALUE%</recipients> | |
</messageInfo> | |
<rules>cs2=%VALUE% cs2Label=Rules</rules> | |
<status>outcome=%VALUE%</status> | |
<unsafeRecipients>cs3=%VALUE% cs3Label=UnsafeRecipients</unsafeRecipients> | |
<reason>reason=%VALUE%</reason> | |
<sizeLimit>cn1=%VALUE% cn1Label=SizeLimit</sizeLimit> | |
</scanEventInfo> | |
<detectionMethod>cs4=%VALUE% cs4Label=Method</detectionMethod> | |
</asScanEvents> | |
<apScanEvents> | |
<scanEventInfo> | |
<messageInfo> | |
<msgId>cs1=%VALUE% cs1Label=MessageId</msgId> | |
<relayIp>src=%VALUE%</relayIp> | |
<action>act=%VALUE%</action> | |
<msgSize>fsize=%VALUE%</msgSize> | |
<from>suser=%VALUE%</from> | |
<recipients>duser=%VALUE%</recipients> | |
</messageInfo> | |
<rules>cs2=%VALUE% cs2Label=Rules</rules> | |
<status>outcome=%VALUE%</status> | |
<unsafeRecipients>cs3=%VALUE% cs3Label=UnsafeRecipients</unsafeRecipients> | |
<reason>reason=%VALUE%</reason> | |
<sizeLimit>cn1=%VALUE% cn1Label=SizeLimit</sizeLimit> | |
</scanEventInfo> | |
<detectionMethod>cs4=%VALUE% cs4Label=Method</detectionMethod> | |
</apScanEvents> | |
<maScanEvents> | |
<scanEventInfo> | |
<messageInfo> | |
<msgId>cs1=%VALUE% cs1Label=MessageId</msgId> | |
<relayIp>src=%VALUE%</relayIp> | |
<action>act=%VALUE%</action> | |
<msgSize>fsize=%VALUE%</msgSize> | |
<from>suser=%VALUE%</from> | |
<recipients>duser=%VALUE%</recipients> | |
</messageInfo> | |
<rules>cs2=%VALUE% cs2Label=Rules</rules> | |
<status>outcome=%VALUE%</status> | |
<unsafeRecipients>cs3=%VALUE% cs3Label=UnsafeRecipients</unsafeRecipients> | |
<reason>reason=%VALUE%</reason> | |
<sizeLimit>cn1=%VALUE% cn1Label=SizeLimit</sizeLimit> | |
</scanEventInfo> | |
<spfVerdict>cs4=%VALUE% cs4Label=SpfVerdict</spfVerdict> | |
<dkimVerdict>cs5=%VALUE% cs5Label=DkimVerdict</dkimVerdict> | |
<dmarcVerdict>cs6=%VALUE% cs6Label=DmarcVerdict</dmarcVerdict> | |
</maScanEvents> | |
<ktScanEvents> | |
<scanEventInfo> | |
<messageInfo> | |
<msgId>cs1=%VALUE% cs1Label=MessageId</msgId> | |
<relayIp>src=%VALUE%</relayIp> | |
<action>act=%VALUE%</action> | |
<msgSize>fsize=%VALUE%</msgSize> | |
<from>suser=%VALUE%</from> | |
<recipients>duser=%VALUE%</recipients> | |
</messageInfo> | |
<rules>cs2=%VALUE% cs2Label=Rules</rules> | |
<status>outcome=%VALUE%</status> | |
<unsafeRecipients>cs3=%VALUE% cs3Label=UnsafeRecipients</unsafeRecipients> | |
<reason>reason=%VALUE%</reason> | |
<sizeLimit>cn1=%VALUE% cn1Label=SizeLimit</sizeLimit> | |
</scanEventInfo> | |
<proceedBy>suser=%VALUE%</proceedBy> | |
<skipReason>cs4=%VALUE% cs4Label=SkipReason</skipReason> | |
</ktScanEvents> | |
<cfScanEvents> | |
<scanEventInfo> | |
<messageInfo> | |
<msgId>cs1=%VALUE% cs1Label=MessageId</msgId> | |
<relayIp>src=%VALUE%</relayIp> | |
<action>act=%VALUE%</action> | |
<msgSize>fsize=%VALUE%</msgSize> | |
<from>suser=%VALUE%</from> | |
<recipients>duser=%VALUE%</recipients> | |
</messageInfo> | |
<rules>cs2=%VALUE% cs2Label=Rules</rules> | |
<status>outcome=%VALUE%</status> | |
<unsafeRecipients>cs3=%VALUE% cs3Label=UnsafeRecipients</unsafeRecipients> | |
<reason>reason=%VALUE%</reason> | |
<sizeLimit>cn1=%VALUE% cn1Label=SizeLimit</sizeLimit> | |
</scanEventInfo> | |
<bannedEntities>cs4=%VALUE% cs4Label=BannedEntity</bannedEntities> | |
</cfScanEvents> | |
<messagePartScanEvents> | |
<msgId>cs1=%VALUE% cs1Label=MessageId</msgId> | |
<rules>cs2=%VALUE% cs2Label=Rules</rules> | |
<fileName>fname=%VALUE%</fileName> | |
<avAction>act=%VALUE%</avAction> | |
<objects>cn1=%VALUE% cn1Label=ObjectsNumber</objects> | |
<skipReason>reason=%VALUE%</skipReason> | |
<avExclude>cs3=%VALUE% cs3Label=AvExclude</avExclude> | |
<avStatuses>outcome=%VALUE%</avStatuses> | |
<threats>cs4=%VALUE% cs4Label=Threats</threats> | |
<bannedFileName>cs5=%VALUE% cs5Label=BannedFileName</bannedFileName> | |
<bannedFileFormat>cs6=%VALUE% cs6Label=BannedFileFormat</bannedFileFormat> | |
</messagePartScanEvents> | |
<updateEvents> | |
<reason>reason=%VALUE%</reason> | |
<days>cn1=%VALUE% cn1Label=Days</days> | |
<hours>cn2=%VALUE% cn2Label=Hours</hours> | |
<recordCount>cnt=%VALUE%</recordCount> | |
<publishingTime>deviceCustomDate1=%VALUE% deviceCustomDate1Label=PublishingTime</publishingTime> | |
<indexPublishingTime>deviceCustomDate2=%VALUE% deviceCustomDate2Label=IndexPublishingTime</indexPublishingTime> | |
</updateEvents> | |
<authEvents> | |
<reason>reason=%VALUE%</reason> | |
<serviceName>deviceServiceName=%VALUE%</serviceName> | |
<integrationType>cs1=%VALUE% cs1Label=IntegrationType</integrationType> | |
<firstEventTime>rt=%VALUE%</firstEventTime> | |
<startTime>start=%VALUE%</startTime> | |
<endTime>end=%VALUE%</endTime> | |
<seconds>cn1=%VALUE% cn1Label=Seconds</seconds> | |
</authEvents> | |
<icapEvents> | |
<sourceIp>src=%VALUE%</sourceIp> | |
<userName>cs1=%VALUE% cs1Label=UserName</userName> | |
<request>request=%VALUE%</request> | |
<userAgent>requestClientApplication=%VALUE%</userAgent> | |
<workspace>cs2=%VALUE% cs2Label=Workspace</workspace> | |
<rulesNames>cs3=%VALUE% cs3Label=RulesNames</rulesNames> | |
<action>act=%VALUE%</action> | |
</icapEvents> | |
</formatting> | |
</siemSettings> | |
</settings> | |
</item> | |
</arrayOfEventLoggerSettings> | |
<slotForEventLoggerPolicy /> | |
<arrayOfScanServerSettings> | |
<item> | |
<info> | |
<taskId>21</taskId> | |
<version>1</version> | |
<name>ScanServer</name> | |
<taskType>23</taskType> | |
<isGroupTask>0</isGroupTask> | |
<groupId>0</groupId> | |
<isAdminKitTask>0</isAdminKitTask> | |
</info> | |
<settings /> | |
</item> | |
</arrayOfScanServerSettings> | |
<slotForScanServerPolicy /> | |
<arrayOfRDSSettings /> | |
<slotForRDSPolicy /> | |
<arrayOfKsnSettings> | |
<item> | |
<info> | |
<taskId>23</taskId> | |
<version>3</version> | |
<name>Ksn</name> | |
<taskType>25</taskType> | |
<isGroupTask>0</isGroupTask> | |
<groupId>0</groupId> | |
<isAdminKitTask>0</isAdminKitTask> | |
</info> | |
<settings> | |
<ksnParticipationActivated>0</ksnParticipationActivated> | |
<ksnStatisticsEnabled>1</ksnStatisticsEnabled> | |
<ksnMode>Global</ksnMode> | |
</settings> | |
</item> | |
</arrayOfKsnSettings> | |
<slotForKsnPolicy /> | |
<arrayOfICAPServerSettings> | |
<item> | |
<info> | |
<taskId>24</taskId> | |
<version>8</version> | |
<name>ICAPServer</name> | |
<taskType>26</taskType> | |
<isGroupTask>0</isGroupTask> | |
<groupId>0</groupId> | |
<isAdminKitTask>0</isAdminKitTask> | |
</info> | |
<settings> | |
<bypassPartition> | |
<rules> | |
<item> | |
<settings> | |
<id>1</id> | |
<name>Default protection settings</name> | |
<enable>1</enable> | |
<condition> | |
<subjectCriterias></subjectCriterias> | |
<objectCriterias> | |
<![CDATA[{"rules": [{"field": "ContentLength", "data": [{"min": 10485760, "max": null}]}], "operation": "OR"}]]> | |
</objectCriterias> | |
</condition> | |
<exclusions /> | |
<enableRevokeAt>0</enableRevokeAt> | |
<revokeAt>116444736000000000</revokeAt> | |
<enableSchedule>0</enableSchedule> | |
<schedule> | |
<days> | |
<Mon>0</Mon> | |
<Tue>0</Tue> | |
<Wed>0</Wed> | |
<Thu>0</Thu> | |
<Fri>0</Fri> | |
<Sat>0</Sat> | |
<Sun>0</Sun> | |
</days> | |
<from> | |
<hour>0</hour> | |
<minute>0</minute> | |
<second>0</second> | |
</from> | |
<to> | |
<hour>0</hour> | |
<minute>0</minute> | |
<second>0</second> | |
</to> | |
</schedule> | |
</settings> | |
<action> | |
<action>Allow</action> | |
<redirectTo></redirectTo> | |
<denyText></denyText> | |
</action> | |
</item> | |
</rules> | |
</bypassPartition> | |
<accessPartition> | |
<list /> | |
<rules /> | |
<groups /> | |
</accessPartition> | |
<protectionPartition> | |
<list /> | |
<rules /> | |
<groups /> | |
</protectionPartition> | |
<workspaces /> | |
<defaultPolicy> | |
<protectionAction> | |
<malwareAction>Block</malwareAction> | |
<encryptedAction>Block</encryptedAction> | |
<docWithMacroAction>Block</docWithMacroAction> | |
<phishingAction>Block</phishingAction> | |
<maliciousLinkAction>Block</maliciousLinkAction> | |
<kataAlertAction>Block</kataAlertAction> | |
<denyText></denyText> | |
</protectionAction> | |
</defaultPolicy> | |
<avSettings> | |
<enableScan>1</enableScan> | |
<useKsnStatus>1</useKsnStatus> | |
<scanArchives>1</scanArchives> | |
<maxScanTime>120</maxScanTime> | |
<useAnalyzer>1</useAnalyzer> | |
<heuristicLevel>Medium</heuristicLevel> | |
<maxNestingLevel>32</maxNestingLevel> | |
<blockScanLevelExceeded>1</blockScanLevelExceeded> | |
<blockMaxArchiveSizeExceeded>1</blockMaxArchiveSizeExceeded> | |
<otherProgramsDetection> | |
<regardOtherProgramsAsThreats>0</regardOtherProgramsAsThreats> | |
<otherProgramsDetectionSwitch> | |
<enableOtherProgramsDetection>0</enableOtherProgramsDetection> | |
</otherProgramsDetectionSwitch> | |
</otherProgramsDetection> | |
</avSettings> | |
<apSettings> | |
<enableScan>1</enableScan> | |
<scanTimeLimit>120</scanTimeLimit> | |
<enableHeuristic>1</enableHeuristic> | |
<detectAdwareAsMalicious>0</detectAdwareAsMalicious> | |
<detectOtherAsMalicious>0</detectOtherAsMalicious> | |
<useKsnStatus>1</useKsnStatus> | |
</apSettings> | |
<externalServices> | |
<ksnTimeout>10</ksnTimeout> | |
<useKsnStatus>1</useKsnStatus> | |
</externalServices> | |
<listenAddress> | |
<host>0.0.0.0</host> | |
<port>1344</port> | |
</listenAddress> | |
<clientTimeout>0</clientTimeout> | |
<fastTempDir></fastTempDir> | |
<tlsSettings> | |
<enableTls>0</enableTls> | |
<verifyClient>1</verifyClient> | |
<tlsCert></tlsCert> | |
<tlsKey></tlsKey> | |
<tlsCAfile></tlsCAfile> | |
</tlsSettings> | |
<performanceSettings> | |
<icapParserThreads>5</icapParserThreads> | |
<scanThreads>5</scanThreads> | |
<minLowPriorityThreads>2</minLowPriorityThreads> | |
<maxLowPriorityThreads>3</maxLowPriorityThreads> | |
<lowPriorityScore>10</lowPriorityScore> | |
</performanceSettings> | |
<protocolSettings> | |
<answerMode>Complete</answerMode> | |
<sendDelayTime>10</sendDelayTime> | |
<bitrate>4096</bitrate> | |
<previewSize>0</previewSize> | |
<maxConnections>5000</maxConnections> | |
<allow204>1</allow204> | |
<httpClientIpICAPHeader>X-Client-IP</httpClientIpICAPHeader> | |
<httpUserNameICAPHeader>X-Client-Username</httpUserNameICAPHeader> | |
<httpUserNameHasBase64Encoding>0</httpUserNameHasBase64Encoding> | |
<sendAVScanResult>1</sendAVScanResult> | |
<reqModeServiceUrl>av/reqmod</reqModeServiceUrl> | |
<respModeServiceUrl>av/respmod</respModeServiceUrl> | |
</protocolSettings> | |
<denyTemplate> | |
<markup /> | |
<text /> | |
</denyTemplate> | |
<blockScanError>1</blockScanError> | |
</settings> | |
</item> | |
</arrayOfICAPServerSettings> | |
<slotForICAPServerPolicy /> | |
<arrayOfAuthWebSettings /> | |
<slotForAuthWebPolicy /> | |
<arrayOfNotifierWebSettings /> | |
<slotForNotifierWebPolicy /> | |
<arrayOfKataQuarantineSettings /> | |
<slotForKataQuarantinePolicy /> | |
<arrayOfLdapCacheSettings /> | |
<slotForLdapCachePolicy /> | |
<arrayOfKataClientSettings> | |
<item> | |
<info> | |
<taskId>27</taskId> | |
<version>3</version> | |
<name>KataClient</name> | |
<taskType>31</taskType> | |
<isGroupTask>0</isGroupTask> | |
<groupId>0</groupId> | |
<isAdminKitTask>0</isAdminKitTask> | |
</info> | |
<settings> | |
<kataServer> | |
<address></address> | |
<port>443</port> | |
<certificate></certificate> | |
</kataServer> | |
<sensorId></sensorId> | |
<certificate> | |
</certificate> | |
<privateKey> | |
</privateKey> | |
<uploadFileToKata>0</uploadFileToKata> | |
<uploadQueueSize>5000</uploadQueueSize> | |
<receiveDetectsFromKata>0</receiveDetectsFromKata> | |
<detectsCacheTtl>172800</detectsCacheTtl> | |
<kataRequestTimeout>600</kataRequestTimeout> | |
</settings> | |
</item> | |
</arrayOfKataClientSettings> | |
<slotForKataClientPolicy /> | |
<arrayOfIntegrityCheckSettings> | |
<item> | |
<info> | |
<taskId>28</taskId> | |
<version>1</version> | |
<name>IntegrityCheck</name> | |
<taskType>32</taskType> | |
<isGroupTask>0</isGroupTask> | |
<groupId>0</groupId> | |
<isAdminKitTask>0</isAdminKitTask> | |
</info> | |
<settings /> | |
</item> | |
</arrayOfIntegrityCheckSettings> | |
<slotForIntegrityCheckPolicy /> | |
<arrayOfTaskManagerSettings /> | |
<slotForTaskManagerPolicy /> | |
<arrayOfFilterSettings /> | |
<slotForFilterPolicy /> | |
</root> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment