Last active
February 6, 2024 14:36
-
-
Save c-rosenberg/671b0a5d8b1b5a937e3e161f8515c666 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# | |
# Sopos SAVDI 2.6 example Config to be used with Rspamd (https://rspamd.com) | |
# | |
# Heinlein Support 2018 <support@heinlein-support.de> | |
# | |
pidfile: /var/run/savdi.pid | |
# adjust to local system | |
user: sophos | |
group: sophos | |
# adjust to local system | |
virusdatadir: /opt/savdi-spamfilter-av/lib/sav | |
idedir: /opt/savdi-spamfilter-av/lib/sav | |
threadcount: 30 | |
maxqueuedsessions: 2 | |
# What to do when the daemon must exit | |
# Options are:- | |
# DONTWAIT (just exit now!) | |
# REQUEST (wait for current requests to complete) | |
# SESSION (wait for current sessions to complete) | |
# Case 1) An exception has occurred and operation could be compromised | |
onexception: REQUEST | |
# Case 2) A request has been made for it to exit | |
# If there are long running sessions then REQUEST should be considered | |
onrequest: REQUEST | |
log { | |
# Specify the logging mechanism {CONSOLE|FILE|SYSLOG} | |
type: SYSLOG | |
# Specify the level of logging required | |
# 0 = errors+threats | |
# 1 = (0) + process events | |
# 2 = (1) + session events | |
# Default is 2 | |
loglevel: 1 | |
} | |
channel { | |
commprotocol { | |
# Use TCP socket | |
type: IP | |
address: 127.0.0.1 | |
subnet: 127.0.0.0/8 | |
port: 4010 | |
# Use unix socket | |
#type: UNIX | |
#socket: /var/run/savdid/savdid.sock | |
# idle timeout in secs when waiting for a request | |
# 0, the default, is forever | |
requesttimeout: 120 | |
# timeout in secs between characters when sending data | |
sendtimeout: 2 | |
# idle timeout in secs between characters when receiving data | |
recvtimeout: 5 | |
} | |
scanprotocol { | |
type: SSSP | |
# allow sending data over TCP connection | |
allowscandata: YES | |
# disable local file scanning (only needed by Amavis) | |
#allowscanfile: NO | |
#allowscanfile: SUBDIR | |
# max size of a mail or file | |
maxscandata: 1024000 | |
# max filesize to be scanned in memory | |
maxmemorysize: 512000 | |
# path for tmp files (when maxmemorysize < filesize < maxscandata) | |
tmpfilestub: /tmp/savid_tmp | |
# Log each request made by a client? (DEBUG) | |
# logrequests: YES | |
} | |
scanner { | |
type: SAVI | |
inprocess: YES | |
maxscantime: 5 | |
maxrequesttime: 10 | |
# deny scanning local dirs | |
deny: /dev | |
deny: /etc | |
deny: /home | |
deny: /var | |
### EXPERIMENTAL NOT OFFICIAL DOCUMENTED SETTING START | |
# | |
# CXMail is our context based detection | |
# | |
# This particular detection is fired on Microsoft office | |
# attachments(often compressed) that have macros inside. These macros | |
# work as a file dropper/downloader and access the internet to download | |
# a malware payload. The URL's accessed by these attachments change on a | |
# regular basis and will automatically switch to a new one if the | |
# existing one is blocked. / | |
contextstr: Genes/Extn/ProdVer OEM:Email:1.0.0 | |
### EXPERIMENTAL NOT OFFICIAL DOCUMENTED SETTING END | |
#Some SAVI/Engine options | |
# Any option that is part of a group is also included in this group. | |
savigrp: GrpSuper 1 | |
# All archive and compressed archive file formats (e.g. ZIP, UUE, etc). | |
savigrp: GrpArchiveUnpack 1 | |
# All “clean” file formats. | |
savigrp: GrpClean 1 | |
# Executable files. | |
savigrp: GrpExecutable 1 | |
# File formats commonly in use on the internet. | |
savigrp: GrpInternet 1 | |
# File formats that do not fall into any of the above categories. | |
savigrp: GrpMisc 1 | |
# Office suite file formats from Microsfoft and other supported vendors. | |
savigrp: GrpMSOffice 1 | |
# File formats that contain an executable stub that | |
# automatically decompresses the body of the file. | |
savigrp: GrpSelfExtract 1 | |
# Compression formats commonly used in HTTP and supported by web browsers. | |
savigrp: GrpWebArchive 1 | |
# HTML encoding schemes commonly used in web pages. | |
savigrp: GrpWebEncoding 1 | |
# Enables or disables disinfection of all files for which disinfection is supported. | |
savigrp: GrpDisinfect 0 | |
savists: Base64 1 | |
savists: Bzip2 1 | |
savists: EnableAutoStop 1 | |
savists: ITSS 1 | |
#savists: Mime 1 | |
savists: MSCabinet 1 | |
savists: MSCompress 1 | |
savists: Msi 1 | |
savists: StrictPdf 1 | |
savists: StrongPdf 1 | |
savists: Xml 1 | |
savists: TnefAttachmentHandling 1 | |
savists: TnefEmbedHandling 1 | |
savists: GzipDecompression 1 | |
savists: TarDecompression 1 | |
savists: RarDecompression 1 | |
savists: ArjDecompression 1 | |
savists: ZipDecompression 1 | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment