Skip to content

Instantly share code, notes, and snippets.

@c-rosenberg

c-rosenberg/Kaspersky Web Traffic Security (KWTS) for Rspamd)

Last active December 14, 2022 16:12
Show Gist options
  • Save c-rosenberg/561d31f793842a3c0a50a1772d9feaf3 to your computer and use it in GitHub Desktop.
Save c-rosenberg/561d31f793842a3c0a50a1772d9feaf3 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
Kaspersky Web Traffic Security (KWTS) for Rspamd)
<!--
Heinlein Support Quick Install:
Kaspersky Web Traffic Security (kwts)
as ICAP server
for Rspamd
Prerequisites: less, nginx
Download Site: https://support.kaspersky.com/de/kwts6#downloads
Trial License: https://www.kaspersky.de/small-to-medium-business-security/downloads/internet-gateway-free-trial
Install:
- e.g. wget https://products.s.kaspersky-labs.com/administrationkit/kwts6.0/6.1.0.4762/multilanguage-INT-6.1.0.4762/3236323635357c44454c7c31/kwts_6.1.0-4762_amd64.deb
- e.g. dpkg -i kwts_6.1.0-4762_amd64.deb
basic setup:
- /opt/kaspersky/kwts/bin/setup.py -i
download and import this settings file (KSN activated & KSN upload disabled):
- wget -o hs_kwts.xml <this-gist-as-raw>
- /opt/kaspersky/kwts/bin/kwts-control \-\-import-settings \-f hs_kwts.xml
enable your license:
- /opt/kaspersky/kwts/bin/kwts-control -l \-\-activate-license-code <license-code>
wait for virus signature updates and reboot:
- /opt/kaspersky/kwts/bin/kwts-control \-\-get-avs-bases-info
- systemctl reboot
Rspamd kwts settings /etc/rspamd/local.d/external_services.conf:
kaspersky_icap {
scan_mime_parts = true;
scan_text_mime = true;
#scan_image_mime = true;
symbol = "KASPERSKY_KWTS"
type = "icap";
name = "kaspersky_icap";
log_clean = true;
servers = "<ip-of-your-server>:1344";
scheme = "av/respmod";
}
-->
<root>
<arrayOfAppSettings>
<item>
<info>
<taskId>0</taskId>
<version>2</version>
<name></name>
<taskType>0</taskType>
<isGroupTask>0</isGroupTask>
<groupId>0</groupId>
<isAdminKitTask>0</isAdminKitTask>
</info>
<settings>
<tracerSettings>
<enable>1</enable>
<level>Error</level>
<destination>Files</destination>
<rotationPeriod>NoRotation</rotationPeriod>
<rotationFileSize>52428800</rotationFileSize>
<maxFileCount>3</maxFileCount>
<facility>Local0</facility>
</tracerSettings>
<replyEmailAddress></replyEmailAddress>
<adminEmailAddresses></adminEmailAddresses>
<proxySettings>
<enable>0</enable>
<serverAddress></serverAddress>
<port>8080</port>
<authenticationType>NotRequired</authenticationType>
<user></user>
<password></password>
<proxyBypassLocalAddresses>0</proxyBypassLocalAddresses>
</proxySettings>
<securityCenterClusterID>Kaspersky Web Traffic Security</securityCenterClusterID>
</settings>
</item>
</arrayOfAppSettings>
<slotForAppPolicy />
<arrayOfAuthMailSettings />
<slotForAuthMailPolicy />
<arrayOfScanLogicSettings />
<slotForScanLogicPolicy />
<arrayOfBackupSettings />
<slotForBackupPolicy />
<arrayOfFacadeSettings>
<item>
<info>
<taskId>4</taskId>
<version>1</version>
<name>Facade</name>
<taskType>4</taskType>
<isGroupTask>0</isGroupTask>
<groupId>0</groupId>
<isAdminKitTask>0</isAdminKitTask>
</info>
<settings />
</item>
</arrayOfFacadeSettings>
<slotForFacadePolicy />
<arrayOfSettingsManagerSettings />
<slotForSettingsManagerPolicy />
<arrayOfEventManagerSettings>
<item>
<info>
<taskId>7</taskId>
<version>1</version>
<name>EventManager</name>
<taskType>8</taskType>
<isGroupTask>0</isGroupTask>
<groupId>0</groupId>
<isAdminKitTask>0</isAdminKitTask>
</info>
<settings />
</item>
</arrayOfEventManagerSettings>
<slotForEventManagerPolicy />
<arrayOfNotifierMailSettings />
<slotForNotifierMailPolicy />
<arrayOfStatisticsSettings>
<item>
<info>
<taskId>10</taskId>
<version>1</version>
<name>Statistics</name>
<taskType>11</taskType>
<isGroupTask>0</isGroupTask>
<groupId>0</groupId>
<isAdminKitTask>0</isAdminKitTask>
</info>
<settings />
</item>
</arrayOfStatisticsSettings>
<slotForStatisticsPolicy />
<arrayOfUpdaterSettings>
<item>
<info>
<taskId>11</taskId>
<version>2</version>
<name>Updater</name>
<taskType>6</taskType>
<isGroupTask>0</isGroupTask>
<groupId>0</groupId>
<isAdminKitTask>0</isAdminKitTask>
</info>
<settings>
<updateCommonSettings>
<sourceType>KLServersSecure</sourceType>
<customSources />
<useKlServersWhenUnavailable>0</useKlServersWhenUnavailable>
<connectionTimeout>10</connectionTimeout>
</updateCommonSettings>
<schedule>
<ruleType>Minutely</ruleType>
<startByTime>
<year>0</year>
<month>Unknown</month>
<day>0</day>
<hour>0</hour>
<min>0</min>
<sec>0</sec>
<dayOfMonth>0</dayOfMonth>
<dayOfWeek>Unknown</dayOfWeek>
<timePeriod>15</timePeriod>
</startByTime>
<randInterval>10</randInterval>
<execTimeLimit>180</execTimeLimit>
<runMissed>1</runMissed>
</schedule>
</settings>
</item>
</arrayOfUpdaterSettings>
<slotForUpdaterPolicy />
<arrayOfLicenserSettings>
<item>
<info>
<taskId>8</taskId>
<version>1</version>
<name>Licenser</name>
<taskType>14</taskType>
<isGroupTask>0</isGroupTask>
<groupId>0</groupId>
<isAdminKitTask>0</isAdminKitTask>
</info>
<settings>
<LicenseExpiresSoonWarningDays>30</LicenseExpiresSoonWarningDays>
</settings>
</item>
</arrayOfLicenserSettings>
<slotForLicenserPolicy />
<arrayOfAspMoebiusSettings />
<slotForAspMoebiusPolicy />
<arrayOfAspQuarantineSettings />
<slotForAspQuarantinePolicy />
<arrayOfSmtpSenderSettings />
<slotForSmtpSenderPolicy />
<arrayOfSnmpSettings>
<item>
<info>
<taskId>16</taskId>
<version>2</version>
<name>Snmp</name>
<taskType>18</taskType>
<isGroupTask>0</isGroupTask>
<groupId>0</groupId>
<isAdminKitTask>0</isAdminKitTask>
</info>
<settings>
<enableSNMP>0</enableSNMP>
<pingIntervalInSeconds>15</pingIntervalInSeconds>
<masterAgentAddress>unix:/var/run/agentx-master.socket</masterAgentAddress>
<trapsEnable>0</trapsEnable>
</settings>
</item>
</arrayOfSnmpSettings>
<slotForSnmpPolicy />
<arrayOfEventLoggerSettings>
<item>
<info>
<taskId>20</taskId>
<version>2</version>
<name>EventLogger</name>
<taskType>22</taskType>
<isGroupTask>0</isGroupTask>
<groupId>0</groupId>
<isAdminKitTask>0</isAdminKitTask>
</info>
<settings>
<facility>Local1</facility>
<logLevel>Info</logLevel>
<maxMessageSize>65528</maxMessageSize>
<maxJournalRecords>100000</maxJournalRecords>
<trafficEventsSettings>
<eventsLogLevel>AllEvents</eventsLogLevel>
<eventsStoragePeriod>3</eventsStoragePeriod>
<totalDiscSpaceLimit>1073741824</totalDiscSpaceLimit>
<enableTrafficProfileLogging>0</enableTrafficProfileLogging>
</trafficEventsSettings>
<kataEventsSettings>
<eventsStoragePeriod>3</eventsStoragePeriod>
<totalDiscSpaceLimit>1073741824</totalDiscSpaceLimit>
</kataEventsSettings>
<siemSettings>
<enabled>0</enabled>
<facility>Local0</facility>
<logLevel>Info</logLevel>
<formatting>
<prefix>CEF:0|AO Kaspersky Lab|%PRODUCT%|%VERSION%|%ID%|%NAME%|%SEVERITY%|</prefix>
<paramsDelimeter>|</paramsDelimeter>
<severityError>High</severityError>
<severityInfo>Low</severityInfo>
<settingsEvents>
<taskId>cn1=%VALUE% cn1Label=TaskId</taskId>
<taskName>cs1=%VALUE% cs1Label=TaskName</taskName>
<destUser>duser=%VALUE%</destUser>
<sourceUser>suser=%VALUE%</sourceUser>
<action>act=%VALUE%</action>
</settingsEvents>
<tasksEvents>
<processName>deviceProcessName=%VALUE%</processName>
<count>cnt=%VALUE%</count>
<errorReason>reason=%VALUE%</errorReason>
<result>outcome=%VALUE%</result>
<mode>cs1=%VALUE% cs1Label=Mode</mode>
</tasksEvents>
<exportImportEvents>
<result>outcome=%VALUE%</result>
<importedAreas>cs1=%VALUE% cs1Label=ImportedAreas</importedAreas>
<errorReason>reason=%VALUE%</errorReason>
</exportImportEvents>
<backupEvents>
<msgId>cs1=%VALUE% cs1Label=MessageId</msgId>
<count>cnt=%VALUE%</count>
<action>act=%VALUE%</action>
<account>suser=%VALUE%</account>
<avStatus>cs2=%VALUE% cs2Label=AvStatus</avStatus>
<asStatus>cs3=%VALUE% cs3Label=AsStatus</asStatus>
<apStatus>cs4=%VALUE% cs4Label=ApStatus</apStatus>
<threat>cs5=%VALUE% cs5Label=Threat</threat>
<cfStatus>cs6=%VALUE% cs6Label=CfStatus</cfStatus>
<recipients>duser=%VALUE%</recipients>
<reason>reason=%VALUE%</reason>
<result>outcome=%VALUE%</result>
<msgSize>cn1=%VALUE% cn1Label=MessageSize</msgSize>
<maxBackupSize>cn2=%VALUE% cn2Label=MaxBackupSize</maxBackupSize>
<msgCount>cn3=%VALUE% cn3Label=MessageCount</msgCount>
</backupEvents>
<scanLogicBackupEvents>
<messageInfo>
<msgId>cs1=%VALUE% cs1Label=MessageId</msgId>
<relayIp>src=%VALUE%</relayIp>
<action>act=%VALUE%</action>
<msgSize>fsize=%VALUE%</msgSize>
<from>suser=%VALUE%</from>
<recipients>duser=%VALUE%</recipients>
</messageInfo>
<backupReason>reason=%VALUE%</backupReason>
<rules>cs2=%VALUE% cs2Label=Rules</rules>
</scanLogicBackupEvents>
<licenseEvents>
<licenseId>cs1=%VALUE% cs1Label=LicenseID</licenseId>
<functionalityLevel>cs2=%VALUE% cs2Label=FunctionalityLevel</functionalityLevel>
<keyType>cs3=%VALUE% cs3Label=KeyType</keyType>
<daysLeft>cn1=%VALUE% cn1Label=DaysLeft</daysLeft>
<errorReason>reason=%VALUE%</errorReason>
<expirationDate>deviceCustomDate1=%VALUE% deviceCustomDate1Label=ExpirationDate</expirationDate>
</licenseEvents>
<ruleEvents>
<ruleId>cn1=%VALUE% cn1Label=RuleId</ruleId>
<ruleName>cs1=%VALUE% cs1Label=RuleName</ruleName>
<action>act=%VALUE%</action>
</ruleEvents>
<quarantineEvents>
<msgId>cs1=%VALUE% cs1Label=MessageId</msgId>
<relayIp>src=%VALUE%</relayIp>
<rules>cs2=%VALUE% cs2Label=Rules</rules>
<action>act=%VALUE%</action>
<account>cs3=%VALUE% cs3Label=account</account>
<recipients>duser=%VALUE%</recipients>
<sender>suser=%VALUE%</sender>
</quarantineEvents>
<applianceEvents>
<queue>cs1=%VALUE% cs1Label=Queue</queue>
<incoming>cs2=%VALUE% cs2Label=Incoming</incoming>
<outgoing>cs3=%VALUE% cs3Label=Outgoing</outgoing>
<user>cs4=%VALUE% cs4Label=User</user>
<changedValues>cs5=%VALUE% cs5Label=ChangedValues</changedValues>
<queueMsgId>cn1=%VALUE% cn1Label=QueueMessageId</queueMsgId>
<queueSize>cn2=%VALUE% cn2Label=QueueSize</queueSize>
<receiptTime>rt=%VALUE%</receiptTime>
<from>suser=%VALUE%</from>
<recipients>duser=%VALUE%</recipients>
<result>outcome=%VALUE%</result>
<errorReason>reason=%VALUE%</errorReason>
<newName>fname=%VALUE%</newName>
<oldName>oldFileName=%VALUE%</oldName>
</applianceEvents>
<notScannedEvents>
<messageInfo>
<msgId>cs1=%VALUE% cs1Label=MessageId</msgId>
<relayIp>src=%VALUE%</relayIp>
<action>act=%VALUE%</action>
<msgSize>fsize=%VALUE%</msgSize>
<from>suser=%VALUE%</from>
<recipients>duser=%VALUE%</recipients>
</messageInfo>
<reason>reason=%VALUE%</reason>
</notScannedEvents>
<avScanEvents>
<scanEventInfo>
<messageInfo>
<msgId>cs1=%VALUE% cs1Label=MessageId</msgId>
<relayIp>src=%VALUE%</relayIp>
<action>act=%VALUE%</action>
<msgSize>fsize=%VALUE%</msgSize>
<from>suser=%VALUE%</from>
<recipients>duser=%VALUE%</recipients>
</messageInfo>
<rules>cs2=%VALUE% cs2Label=Rules</rules>
<status>outcome=%VALUE%</status>
<unsafeRecipients>cs3=%VALUE% cs3Label=UnsafeRecipients</unsafeRecipients>
<reason>reason=%VALUE%</reason>
<sizeLimit>cn1=%VALUE% cn1Label=SizeLimit</sizeLimit>
</scanEventInfo>
</avScanEvents>
<asScanEvents>
<scanEventInfo>
<messageInfo>
<msgId>cs1=%VALUE% cs1Label=MessageId</msgId>
<relayIp>src=%VALUE%</relayIp>
<action>act=%VALUE%</action>
<msgSize>fsize=%VALUE%</msgSize>
<from>suser=%VALUE%</from>
<recipients>duser=%VALUE%</recipients>
</messageInfo>
<rules>cs2=%VALUE% cs2Label=Rules</rules>
<status>outcome=%VALUE%</status>
<unsafeRecipients>cs3=%VALUE% cs3Label=UnsafeRecipients</unsafeRecipients>
<reason>reason=%VALUE%</reason>
<sizeLimit>cn1=%VALUE% cn1Label=SizeLimit</sizeLimit>
</scanEventInfo>
<detectionMethod>cs4=%VALUE% cs4Label=Method</detectionMethod>
</asScanEvents>
<apScanEvents>
<scanEventInfo>
<messageInfo>
<msgId>cs1=%VALUE% cs1Label=MessageId</msgId>
<relayIp>src=%VALUE%</relayIp>
<action>act=%VALUE%</action>
<msgSize>fsize=%VALUE%</msgSize>
<from>suser=%VALUE%</from>
<recipients>duser=%VALUE%</recipients>
</messageInfo>
<rules>cs2=%VALUE% cs2Label=Rules</rules>
<status>outcome=%VALUE%</status>
<unsafeRecipients>cs3=%VALUE% cs3Label=UnsafeRecipients</unsafeRecipients>
<reason>reason=%VALUE%</reason>
<sizeLimit>cn1=%VALUE% cn1Label=SizeLimit</sizeLimit>
</scanEventInfo>
<detectionMethod>cs4=%VALUE% cs4Label=Method</detectionMethod>
</apScanEvents>
<maScanEvents>
<scanEventInfo>
<messageInfo>
<msgId>cs1=%VALUE% cs1Label=MessageId</msgId>
<relayIp>src=%VALUE%</relayIp>
<action>act=%VALUE%</action>
<msgSize>fsize=%VALUE%</msgSize>
<from>suser=%VALUE%</from>
<recipients>duser=%VALUE%</recipients>
</messageInfo>
<rules>cs2=%VALUE% cs2Label=Rules</rules>
<status>outcome=%VALUE%</status>
<unsafeRecipients>cs3=%VALUE% cs3Label=UnsafeRecipients</unsafeRecipients>
<reason>reason=%VALUE%</reason>
<sizeLimit>cn1=%VALUE% cn1Label=SizeLimit</sizeLimit>
</scanEventInfo>
<spfVerdict>cs4=%VALUE% cs4Label=SpfVerdict</spfVerdict>
<dkimVerdict>cs5=%VALUE% cs5Label=DkimVerdict</dkimVerdict>
<dmarcVerdict>cs6=%VALUE% cs6Label=DmarcVerdict</dmarcVerdict>
</maScanEvents>
<ktScanEvents>
<scanEventInfo>
<messageInfo>
<msgId>cs1=%VALUE% cs1Label=MessageId</msgId>
<relayIp>src=%VALUE%</relayIp>
<action>act=%VALUE%</action>
<msgSize>fsize=%VALUE%</msgSize>
<from>suser=%VALUE%</from>
<recipients>duser=%VALUE%</recipients>
</messageInfo>
<rules>cs2=%VALUE% cs2Label=Rules</rules>
<status>outcome=%VALUE%</status>
<unsafeRecipients>cs3=%VALUE% cs3Label=UnsafeRecipients</unsafeRecipients>
<reason>reason=%VALUE%</reason>
<sizeLimit>cn1=%VALUE% cn1Label=SizeLimit</sizeLimit>
</scanEventInfo>
<proceedBy>suser=%VALUE%</proceedBy>
<skipReason>cs4=%VALUE% cs4Label=SkipReason</skipReason>
</ktScanEvents>
<cfScanEvents>
<scanEventInfo>
<messageInfo>
<msgId>cs1=%VALUE% cs1Label=MessageId</msgId>
<relayIp>src=%VALUE%</relayIp>
<action>act=%VALUE%</action>
<msgSize>fsize=%VALUE%</msgSize>
<from>suser=%VALUE%</from>
<recipients>duser=%VALUE%</recipients>
</messageInfo>
<rules>cs2=%VALUE% cs2Label=Rules</rules>
<status>outcome=%VALUE%</status>
<unsafeRecipients>cs3=%VALUE% cs3Label=UnsafeRecipients</unsafeRecipients>
<reason>reason=%VALUE%</reason>
<sizeLimit>cn1=%VALUE% cn1Label=SizeLimit</sizeLimit>
</scanEventInfo>
<bannedEntities>cs4=%VALUE% cs4Label=BannedEntity</bannedEntities>
</cfScanEvents>
<messagePartScanEvents>
<msgId>cs1=%VALUE% cs1Label=MessageId</msgId>
<rules>cs2=%VALUE% cs2Label=Rules</rules>
<fileName>fname=%VALUE%</fileName>
<avAction>act=%VALUE%</avAction>
<objects>cn1=%VALUE% cn1Label=ObjectsNumber</objects>
<skipReason>reason=%VALUE%</skipReason>
<avExclude>cs3=%VALUE% cs3Label=AvExclude</avExclude>
<avStatuses>outcome=%VALUE%</avStatuses>
<threats>cs4=%VALUE% cs4Label=Threats</threats>
<bannedFileName>cs5=%VALUE% cs5Label=BannedFileName</bannedFileName>
<bannedFileFormat>cs6=%VALUE% cs6Label=BannedFileFormat</bannedFileFormat>
</messagePartScanEvents>
<updateEvents>
<reason>reason=%VALUE%</reason>
<days>cn1=%VALUE% cn1Label=Days</days>
<hours>cn2=%VALUE% cn2Label=Hours</hours>
<recordCount>cnt=%VALUE%</recordCount>
<publishingTime>deviceCustomDate1=%VALUE% deviceCustomDate1Label=PublishingTime</publishingTime>
<indexPublishingTime>deviceCustomDate2=%VALUE% deviceCustomDate2Label=IndexPublishingTime</indexPublishingTime>
</updateEvents>
<authEvents>
<reason>reason=%VALUE%</reason>
<serviceName>deviceServiceName=%VALUE%</serviceName>
<integrationType>cs1=%VALUE% cs1Label=IntegrationType</integrationType>
<firstEventTime>rt=%VALUE%</firstEventTime>
<startTime>start=%VALUE%</startTime>
<endTime>end=%VALUE%</endTime>
<seconds>cn1=%VALUE% cn1Label=Seconds</seconds>
</authEvents>
<icapEvents>
<sourceIp>src=%VALUE%</sourceIp>
<userName>cs1=%VALUE% cs1Label=UserName</userName>
<request>request=%VALUE%</request>
<userAgent>requestClientApplication=%VALUE%</userAgent>
<workspace>cs2=%VALUE% cs2Label=Workspace</workspace>
<rulesNames>cs3=%VALUE% cs3Label=RulesNames</rulesNames>
<action>act=%VALUE%</action>
</icapEvents>
</formatting>
</siemSettings>
</settings>
</item>
</arrayOfEventLoggerSettings>
<slotForEventLoggerPolicy />
<arrayOfScanServerSettings>
<item>
<info>
<taskId>21</taskId>
<version>1</version>
<name>ScanServer</name>
<taskType>23</taskType>
<isGroupTask>0</isGroupTask>
<groupId>0</groupId>
<isAdminKitTask>0</isAdminKitTask>
</info>
<settings />
</item>
</arrayOfScanServerSettings>
<slotForScanServerPolicy />
<arrayOfRDSSettings />
<slotForRDSPolicy />
<arrayOfKsnSettings>
<item>
<info>
<taskId>23</taskId>
<version>3</version>
<name>Ksn</name>
<taskType>25</taskType>
<isGroupTask>0</isGroupTask>
<groupId>0</groupId>
<isAdminKitTask>0</isAdminKitTask>
</info>
<settings>
<ksnParticipationActivated>0</ksnParticipationActivated>
<ksnStatisticsEnabled>1</ksnStatisticsEnabled>
<ksnMode>Global</ksnMode>
</settings>
</item>
</arrayOfKsnSettings>
<slotForKsnPolicy />
<arrayOfICAPServerSettings>
<item>
<info>
<taskId>24</taskId>
<version>8</version>
<name>ICAPServer</name>
<taskType>26</taskType>
<isGroupTask>0</isGroupTask>
<groupId>0</groupId>
<isAdminKitTask>0</isAdminKitTask>
</info>
<settings>
<bypassPartition>
<rules>
<item>
<settings>
<id>1</id>
<name>Default protection settings</name>
<enable>1</enable>
<condition>
<subjectCriterias></subjectCriterias>
<objectCriterias>
<![CDATA[{"rules": [{"field": "ContentLength", "data": [{"min": 10485760, "max": null}]}], "operation": "OR"}]]>
</objectCriterias>
</condition>
<exclusions />
<enableRevokeAt>0</enableRevokeAt>
<revokeAt>116444736000000000</revokeAt>
<enableSchedule>0</enableSchedule>
<schedule>
<days>
<Mon>0</Mon>
<Tue>0</Tue>
<Wed>0</Wed>
<Thu>0</Thu>
<Fri>0</Fri>
<Sat>0</Sat>
<Sun>0</Sun>
</days>
<from>
<hour>0</hour>
<minute>0</minute>
<second>0</second>
</from>
<to>
<hour>0</hour>
<minute>0</minute>
<second>0</second>
</to>
</schedule>
</settings>
<action>
<action>Allow</action>
<redirectTo></redirectTo>
<denyText></denyText>
</action>
</item>
</rules>
</bypassPartition>
<accessPartition>
<list />
<rules />
<groups />
</accessPartition>
<protectionPartition>
<list />
<rules />
<groups />
</protectionPartition>
<workspaces />
<defaultPolicy>
<protectionAction>
<malwareAction>Block</malwareAction>
<encryptedAction>Block</encryptedAction>
<docWithMacroAction>Block</docWithMacroAction>
<phishingAction>Block</phishingAction>
<maliciousLinkAction>Block</maliciousLinkAction>
<kataAlertAction>Block</kataAlertAction>
<denyText></denyText>
</protectionAction>
</defaultPolicy>
<avSettings>
<enableScan>1</enableScan>
<useKsnStatus>1</useKsnStatus>
<scanArchives>1</scanArchives>
<maxScanTime>120</maxScanTime>
<useAnalyzer>1</useAnalyzer>
<heuristicLevel>Medium</heuristicLevel>
<maxNestingLevel>32</maxNestingLevel>
<blockScanLevelExceeded>1</blockScanLevelExceeded>
<blockMaxArchiveSizeExceeded>1</blockMaxArchiveSizeExceeded>
<otherProgramsDetection>
<regardOtherProgramsAsThreats>0</regardOtherProgramsAsThreats>
<otherProgramsDetectionSwitch>
<enableOtherProgramsDetection>0</enableOtherProgramsDetection>
</otherProgramsDetectionSwitch>
</otherProgramsDetection>
</avSettings>
<apSettings>
<enableScan>1</enableScan>
<scanTimeLimit>120</scanTimeLimit>
<enableHeuristic>1</enableHeuristic>
<detectAdwareAsMalicious>0</detectAdwareAsMalicious>
<detectOtherAsMalicious>0</detectOtherAsMalicious>
<useKsnStatus>1</useKsnStatus>
</apSettings>
<externalServices>
<ksnTimeout>10</ksnTimeout>
<useKsnStatus>1</useKsnStatus>
</externalServices>
<listenAddress>
<host>0.0.0.0</host>
<port>1344</port>
</listenAddress>
<clientTimeout>0</clientTimeout>
<fastTempDir></fastTempDir>
<tlsSettings>
<enableTls>0</enableTls>
<verifyClient>1</verifyClient>
<tlsCert></tlsCert>
<tlsKey></tlsKey>
<tlsCAfile></tlsCAfile>
</tlsSettings>
<performanceSettings>
<icapParserThreads>5</icapParserThreads>
<scanThreads>5</scanThreads>
<minLowPriorityThreads>2</minLowPriorityThreads>
<maxLowPriorityThreads>3</maxLowPriorityThreads>
<lowPriorityScore>10</lowPriorityScore>
</performanceSettings>
<protocolSettings>
<answerMode>Complete</answerMode>
<sendDelayTime>10</sendDelayTime>
<bitrate>4096</bitrate>
<previewSize>0</previewSize>
<maxConnections>5000</maxConnections>
<allow204>1</allow204>
<httpClientIpICAPHeader>X-Client-IP</httpClientIpICAPHeader>
<httpUserNameICAPHeader>X-Client-Username</httpUserNameICAPHeader>
<httpUserNameHasBase64Encoding>0</httpUserNameHasBase64Encoding>
<sendAVScanResult>1</sendAVScanResult>
<reqModeServiceUrl>av/reqmod</reqModeServiceUrl>
<respModeServiceUrl>av/respmod</respModeServiceUrl>
</protocolSettings>
<denyTemplate>
<markup />
<text />
</denyTemplate>
<blockScanError>1</blockScanError>
</settings>
</item>
</arrayOfICAPServerSettings>
<slotForICAPServerPolicy />
<arrayOfAuthWebSettings />
<slotForAuthWebPolicy />
<arrayOfNotifierWebSettings />
<slotForNotifierWebPolicy />
<arrayOfKataQuarantineSettings />
<slotForKataQuarantinePolicy />
<arrayOfLdapCacheSettings />
<slotForLdapCachePolicy />
<arrayOfKataClientSettings>
<item>
<info>
<taskId>27</taskId>
<version>3</version>
<name>KataClient</name>
<taskType>31</taskType>
<isGroupTask>0</isGroupTask>
<groupId>0</groupId>
<isAdminKitTask>0</isAdminKitTask>
</info>
<settings>
<kataServer>
<address></address>
<port>443</port>
<certificate></certificate>
</kataServer>
<sensorId></sensorId>
<certificate>
</certificate>
<privateKey>
</privateKey>
<uploadFileToKata>0</uploadFileToKata>
<uploadQueueSize>5000</uploadQueueSize>
<receiveDetectsFromKata>0</receiveDetectsFromKata>
<detectsCacheTtl>172800</detectsCacheTtl>
<kataRequestTimeout>600</kataRequestTimeout>
</settings>
</item>
</arrayOfKataClientSettings>
<slotForKataClientPolicy />
<arrayOfIntegrityCheckSettings>
<item>
<info>
<taskId>28</taskId>
<version>1</version>
<name>IntegrityCheck</name>
<taskType>32</taskType>
<isGroupTask>0</isGroupTask>
<groupId>0</groupId>
<isAdminKitTask>0</isAdminKitTask>
</info>
<settings />
</item>
</arrayOfIntegrityCheckSettings>
<slotForIntegrityCheckPolicy />
<arrayOfTaskManagerSettings />
<slotForTaskManagerPolicy />
<arrayOfFilterSettings />
<slotForFilterPolicy />
</root>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment