Instantly share code, notes, and snippets.

Embed
What would you like to do?
#
# Sopos SAVDI 2.6 example Config to be used with Rspamd (https://rspamd.com)
#
# Heinlein Support 2018 <support@heinlein-support.de>
#
pidfile: /var/run/savdi.pid
# adjust to local system
user: sophos
group: sophos
# adjust to local system
virusdatadir: /opt/savdi-spamfilter-av/lib/sav
idedir: /opt/savdi-spamfilter-av/lib/sav
threadcount: 30
maxqueuedsessions: 2
# What to do when the daemon must exit
# Options are:-
# DONTWAIT (just exit now!)
# REQUEST (wait for current requests to complete)
# SESSION (wait for current sessions to complete)
# Case 1) An exception has occurred and operation could be compromised
onexception: REQUEST
# Case 2) A request has been made for it to exit
# If there are long running sessions then REQUEST should be considered
onrequest: REQUEST
log {
# Specify the logging mechanism {CONSOLE|FILE|SYSLOG}
type: FILE
# Where to write the log files (if FILE is selected)
logdir: /var/log/savdi/
# Specify the level of logging required
# 0 = errors+threats
# 1 = (0) + process events
# 2 = (1) + session events
# Default is 2
loglevel: 1
}
channel {
commprotocol {
# Use TCP socket
type: IP
address: 127.0.0.1
subnet: 127.0.0.0/8
port: 4010
# Use unix socket
#type: UNIX
#socket: /var/run/savdid/savdid.sock
# idle timeout in secs when waiting for a request
# 0, the default, is forever
requesttimeout: 120
# timeout in secs between characters when sending data
sendtimeout: 2
# idle timeout in secs between characters when receiving data
recvtimeout: 5
}
scanprotocol {
type: SSSP
# allow sending data over TCP connection
allowscandata: YES
# disable local file scanning (only needed by Amavis)
#allowscanfile: NO
#allowscanfile: SUBDIR
# max size of a mail or file
maxscandata: 1024000
# max filesize to be scanned in memory
maxmemorysize: 512000
# path for tmp files (when maxmemorysize < filesize < maxscandata)
tmpfilestub: /tmp/savid_tmp
# Log each request made by a client? (DEBUG)
# logrequests: YES
}
scanner {
type: SAVI
inprocess: YES
maxscantime: 5
maxrequesttime: 10
# deny scanning local dirs
deny: /dev
deny: /etc
deny: /home
deny: /var
### EXPERIMENTAL NOT OFFICIAL DOCUMENTED SETTING START
#
# CXMail is our context based detection
#
# This particular detection is fired on Microsoft office
# attachments(often compressed) that have macros inside. These macros
# work as a file dropper/downloader and access the internet to download
# a malware payload. The URL's accessed by these attachments change on a
# regular basis and will automatically switch to a new one if the
# existing one is blocked. /
contextstr: Genes/Extn/ProdVer OEM:Email:1.0.0
### EXPERIMENTAL NOT OFFICIAL DOCUMENTED SETTING END
#Some SAVI/Engine options
# Any option that is part of a group is also included in this group.
savigrp: GrpSuper 1
# All archive and compressed archive file formats (e.g. ZIP, UUE, etc).
savigrp: GrpArchiveUnpack 1
# All “clean” file formats.
savigrp: GrpClean 1
# Executable files.
savigrp: GrpExecutable 1
# File formats commonly in use on the internet.
savigrp: GrpInternet 1
# File formats that do not fall into any of the above categories.
savigrp: GrpMisc 1
# Office suite file formats from Microsfoft and other supported vendors.
savigrp: GrpMSOffice 1
# File formats that contain an executable stub that
# automatically decompresses the body of the file.
savigrp: GrpSelfExtract 1
# Compression formats commonly used in HTTP and supported by web browsers.
savigrp: GrpWebArchive 1
# HTML encoding schemes commonly used in web pages.
savigrp: GrpWebEncoding 1
# Enables or disables disinfection of all files for which disinfection is supported.
savigrp: GrpDisinfect 0
savists: Base64 1
savists: Bzip2 1
savists: EnableAutoStop 1
savists: ITSS 1
#savists: Mime 1
savists: MSCabinet 1
savists: MSCompress 1
savists: Msi 1
savists: StrictPdf 1
savists: StrongPdf 1
savists: Xml 1
savists: TnefAttachmentHandling 1
savists: TnefEmbedHandling 1
savists: GzipDecompression 1
savists: TarDecompression 1
savists: RarDecompression 1
savists: ArjDecompression 1
savists: ZipDecompression 1
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment