Beispiel #1
    def __init__(self, config, section=None):
        ScannerPlugin.__init__(self, config, section)
        self.requiredvars = {
            'template_blockedfile': {
                'default': '/etc/fuglu/templates/blockedfile.tmpl',
                'description': 'Mail template for the bounce to inform sender about blocked attachment',

            'sendbounce': {
                'default': '1',
                'description': 'inform the sender about blocked attachments.\nIf a previous plugin tagged the message as spam or infected, no bounce will be sent to prevent backscatter',

            'rulesdir': {
                'default': '/etc/fuglu/rules',
                'description': 'directory that contains attachment rules',

            'blockaction': {
                'default': 'DELETE',
                'description': 'what should the plugin do when a blocked attachment is detected\nREJECT : reject the message (recommended in pre-queue mode)\nDELETE : discard messages\nDUNNO  : mark as blocked but continue anyway (eg. if you have a later quarantine plugin)',

            'dbconnectstring': {
                'default': '',
                'description': 'sqlalchemy connectstring to load rules from a database and use files only as fallback. requires SQL extension to be enabled',
                'confidential': True,

            'query': {
                'default': 'SELECT action,regex,description FROM attachmentrules WHERE scope=:scope AND checktype=:checktype ORDER BY prio',
                'description': "sql query to load rules from a db. #:scope will be replaced by the recipient address first, then by the recipient domain\n:check will be replaced 'filename','contenttype','archive-filename' or 'archive-contenttype'",

            'checkarchivenames': {
                'default': '0',
                'description': "enable scanning of filenames within archives (zip,rar). This does not actually extract the files, it just looks at the filenames found in the archive."

            'checkarchivecontent': {
                'default': '0',
                'description': 'extract compressed archives(zip,rar) and check file content type with libmagics\nnote that the files will be extracted into memory - tune archivecontentmaxsize  accordingly.\nfuglu does not extract archives within the archive(recursion)',

            'archivecontentmaxsize': {
                'default': '5000000',
                'description': 'only extract and examine files up to this amount of (uncompressed) bytes',


        self.logger = self._logger()
        self.rulescache = None
        self.extremeverbosity = False

        # remember that the order is important here, if we support tar.gz and
        # gz in the future make sure tar.gz comes first!
        self.supported_archive_extensions = ['zip', ]
Beispiel #2
    def __init__(self, section=None):
        ScannerPlugin.__init__(self, section)
        self.filelist = FileList(strip=True, skip_empty=True, skip_comments=True, lowercase=True,
                                 additional_filters=None, minimum_time_between_reloads=30)

        self.requiredvars = {
            'domainsfile': {
                'default': '/etc/fuglu/spearphish-domains',
                'description': 'Filename where we load spearphish domains from. One domain per line. If this setting is empty, the check will be applied to all domains.',
            'virusenginename': {
                'default': 'Fuglu SpearPhishing Protection',
                'description': 'Name of this plugins av engine',
            'virusname': {
                'default': 'TRAIT.SPEARPHISH',
                'description': 'Name to use as virus signature',
            'virusaction': {
                'default': 'DEFAULTVIRUSACTION',
                'description': "action if spear phishing attempt is detected (DUNNO, REJECT, DELETE)",
            'rejectmessage': {
                'default': 'threat detected: ${virusname}',
                'description': "reject message template if running in pre-queue mode and virusaction=REJECT",
Beispiel #3
 def __init__(self, config, section=None):
     ScannerPlugin.__init__(self, config, section)
     self.logger = self._logger()
     self.requiredvars = {
         'maxsize': {
             'default': self.MAX_SIZE * 2,
             'description': 'Maximum message size',
         'caldav_url': {
             'CalDAV server URL (%s will be replaced with recipient email)'
         'caldav_username': {
             'default': '',
             'description': 'CalDAV server username'
         'caldav_password': {
             'default': '',
             'description': 'CalDAV server password'
         'caldav_ssl_skip_verify': {
             'default': 'False',
             'Skip CalDAV server SSL certificate verification'
Beispiel #4
 def __init__(self, config, section=None):
     ScannerPlugin.__init__(self, config, section)
     self.logger = self._logger()
     self.skiplist = FileList(filename=None,
     self.requiredvars = {
         'max_lookups': {
             'default': '10',
             'maximum number of lookups (RFC defaults to 10)',
         'skiplist': {
             'File containing a list of domains (one per line) which are not checked'
         'temperror_retries': {
             'default': '3',
             'description': 'maximum number of retries on temp error',
         'temperror_sleep': {
             'default': '3',
             'waiting interval between retries on temp error',
Beispiel #5
    def __init__(self, config, section=None):
        ScannerPlugin.__init__(self, config, section)
        self.logger = logging.getLogger('fuglu.plugin.DomainAction')

        self.requiredvars = {
            'blacklistconfig': {
                'default': '/etc/fuglu/rbl.conf',
                'description': 'RBL Lookup config file',
            'checksubdomains': {
                'check subdomains as well (from top to bottom, eg.,,',
            'action': {
                'default': 'reject',
                'description': 'action on hit (reject, delete, etc)',
            'message': {
                'default': '5.7.1 black listed URL ${domain} by ${blacklist}',
                'description': 'message template for rejects/ok messages',
            'maxdomains': {
                'default': '10',
                'maximum number of domains to check per message',

        self.rbllookup = None
        self.tldmagic = None
    def __init__(self, config, section=None):
        ScannerPlugin.__init__(self, config, section)
        self.requiredvars = {
            'limiterfile': {
                'default': '/etc/fuglu/ratelimit.conf',
                'description': 'file based rate limits',
            'backendtype': {
                'type of backend where the events are stored. memory is only recommended for low traffic standalone systems. alternatives are: redis, sqlalchemy'
            'backendconfig': {
                'backend specific configuration. sqlalchemy: the database url, redis: hostname:port:db'

        self.logger = self._logger()
        self.backend_instance = None
        self.limiters = None
        self.filter = SuspectFilter(None)
Beispiel #7
 def __init__(self, config, section=None):
     ScannerPlugin.__init__(self, config, section)
     self.backend = None
     self.logger = self._logger()
     self.requiredvars = {
         'redis': {
             'default': 'localhost:6379:0',
             'description': 'redis config: host:port:db',
         # commented, for now we only want the count
         # 'lowthreshold':{
         #     'default':'1',
         #     'description': 'threshold for adding <headername>: LOW',
         # },
         # 'highthreshold':{
         #     'default':'3',
         #     'description': 'threshold for adding <headername>: HIGH',
         # },
         'headername': {
             'default': 'X-FuZor',
              'description': 'header name',
         'maxsize': {
             'default': '600000',
                 'maxsize in bytes, larger messages will be skipped'
         'timeout': {
             'default': '2',
             'description': 'timeout in seconds'
Beispiel #8
    def __init__(self, config, section=None):
        ScannerPlugin.__init__(self, config, section)

        self.requiredvars = {
            "yararulesdir": {
                "default": "/etc/fuglu/yararules",
                "description": "Directory containing one or more YARA rule files",
            "archivecontentmaxsize": {
                "default": "5000000",
                "description": "only extract and examine files up to this amount of (uncompressed) bytes",
            "virusaction": {
                "default": "DEFAULTVIRUSACTION",
                "description": "action if infection is detected (DUNNO, REJECT, DELETE)",
            "problemaction": {"default": "DEFER", "description": "action if there is a problem (DUNNO, DEFER)"},
            "rejectmessage": {
                "default": "threat detected in ${infectedfile}: ${virusname}",
                "description": "reject message template if running in pre-queue mode and virusaction=REJECT",
        self.filter = None
        self.logger = self._logger()
        self.lastreload = 0
        self.compiled_rules = None

        # remember that the order is important here, if we support tar.gz and
        # gz in the future make sure tar.gz comes first!
        self.supported_archive_extensions = ["zip"]
Beispiel #9
 def __init__(self, config, section=None):
     ScannerPlugin.__init__(self, config, section)
     self.requiredvars = {
         'domainsfile': {
             "File containing a list of domains (one per line) which must be DKIM and/or SPF authenticated",
             'default': "/etc/fuglu/auth_required_domains.txt",
         'failaction': {
             "action if the message doesn't pass authentication (DUNNO, REJECT)",
         'rejectmessage': {
             'sender domain ${header_from_domain} must pass DKIM and/or SPF authentication',
             "reject message template if running in pre-queue mode",
     self.logger = self._logger()
     self.filelist = FileList(filename=None,
 def __init__(self,config,section=None):
             'description':'RBL Lookup config file',
             'description':'check subdomains as well (from top to bottom, eg.,,',
             'description':'action on hit (reject, delete, etc)',
             'default':'5.7.1 black listed URL ${domain} by ${blacklist}',
             'description':'message template for rejects/ok messages',
             'description':'maximum number of domains to check per message',
Beispiel #11
    def __init__(self, config, section=None):
        ScannerPlugin.__init__(self, config, section)

        self.requiredvars = {
            "path": {
                "default": "/usr/local/fuglu/deliver/${to_address}",
                "description": "Path to maildir / mbox file, supports templates",
            # maybe we need to support our own locking later, for now we use python's built-ins
            #    'default':'',
            #    'description':"flock, ...",
            # },
            "boxtype": {"default": "mbox", "description": "mbox, maildir"},
            # maybe we need to support various mbox types later, for now we use python's built-in module
            #    'default':'',
            #    'description':"what type of mbox... ",
            # },
            "filterfile": {"default": "", "description": "only store messages which use filter..."},
        self.logger = self._logger()
        self.filter = None

        self.boxtypemap = {"mbox": self.deliver_mbox, "maildir": self.deliver_maildir}
Beispiel #12
 def __init__(self,config,section=None):
             'description':'Path to maildir / mbox file, supports templates',
         #maybe we need to support our own locking later, for now we use python's built-ins
         #    'default':'',
         #    'description':"flock, ...",
             'description':"mbox, maildir",
         #maybe we need to support various mbox types later, for now we use python's built-in module
         #    'default':'',
         #    'description':"what type of mbox... ",
             'description':"only store messages which use filter...",
 def __init__(self,config,section=None):
              'description':"Location of the private key file. supports standard template variables plus additional ${header_from_domain} which extracts the domain name from the From: -Header",
              'description':"Type of header canonicalization (simple or relaxed)",
              'description':"Type of body canonicalization (simple or relaxed)",
              'description':'selector to use when signing, supports templates',
              'description':'comma separated list of headers to sign. empty string=sign all headers',
               'description':'include l= tag in dkim header',
Beispiel #14
    def __init__(self, config, section=None):
        ScannerPlugin.__init__(self, config, section)
        self.requiredvars = {
            'privatekeyfile': {
                'description': "Location of the private key file. supports standard template variables plus additional ${header_from_domain} which extracts the domain name from the From: -Header",
                'default': "/etc/fuglu/dkim/${header_from_domain}.key",

            'canonicalizeheaders': {
                'description': "Type of header canonicalization (simple or relaxed)",
                'default': "relaxed",

            'canonicalizebody': {
                'description': "Type of body canonicalization (simple or relaxed)",
                'default': "relaxed",

            'selector': {
                'description': 'selector to use when signing, supports templates',
                'default': 'default',

            'signheaders': {
                'description': 'comma separated list of headers to sign. empty string=sign all headers',
                'default': 'From,Reply-To,Subject,Date,To,CC,Resent-Date,Resent-From,Resent-To,Resent-CC,In-Reply-To,References,List-Id,List-Help,List-Unsubscribe,List-Subscribe,List-Post,List-Owner,List-Archive',

            'signbodylength': {
                'description': 'include l= tag in dkim header',
                'default': 'False',
Beispiel #15
 def __init__(self, config, section=None):
     ScannerPlugin.__init__(self, config, section)
     self.backend = None
     self.logger = self._logger()
     self.requiredvars = {
         'redis': {
             'default': 'localhost:6379:0',
             'description': 'redis config: host:port:db',
         # commented, for now we only want the count
         # 'lowthreshold':{
         #     'default':'1',
         #     'description': 'threshold for adding <headername>: LOW',
         # },
         # 'highthreshold':{
         #     'default':'3',
         #     'description': 'threshold for adding <headername>: HIGH',
         # },
         'headername': {
             'default': 'X-FuZor',
             'description': 'header name',
         'maxsize': {
             'default': '600000',
             'maxsize in bytes, larger messages will be skipped'
         'timeout': {
             'default': '2',
             'description': 'timeout in seconds'
Beispiel #16
    def __init__(self, config, section=None):
        ScannerPlugin.__init__(self, config, section)
        self.requiredvars = {
            'template_blockedfile': {
                'default': '/etc/fuglu/templates/blockedfile.tmpl',
                'description': 'Mail template for the bounce to inform sender about blocked attachment',

            'sendbounce': {
                'default': '1',
                'description': 'inform the sender about blocked attachments.\nIf a previous plugin tagged the message as spam or infected, no bounce will be sent to prevent backscatter',

            'rulesdir': {
                'default': '/etc/fuglu/rules',
                'description': 'directory that contains attachment rules',

            'blockaction': {
                'default': 'DELETE',
                'description': 'what should the plugin do when a blocked attachment is detected\nREJECT : reject the message (recommended in pre-queue mode)\nDELETE : discard messages\nDUNNO  : mark as blocked but continue anyway (eg. if you have a later quarantine plugin)',

            'dbconnectstring': {
                'default': '',
                'description': 'sqlalchemy connectstring to load rules from a database and use files only as fallback. requires SQL extension to be enabled',
                'confidential': True,

            'query': {
                'default': 'SELECT action,regex,description FROM attachmentrules WHERE scope=:scope AND checktype=:checktype ORDER BY prio',
                'description': "sql query to load rules from a db. #:scope will be replaced by the recipient address first, then by the recipient domain\n:check will be replaced 'filename','contenttype','archive-filename' or 'archive-contenttype'",

            'checkarchivenames': {
                'default': '0',
                'description': "enable scanning of filenames within archives (zip,rar). This does not actually extract the files, it just looks at the filenames found in the archive."

            'checkarchivecontent': {
                'default': '0',
                'description': 'extract compressed archives(zip,rar) and check file content type with libmagics\nnote that the files will be extracted into memory - tune archivecontentmaxsize  accordingly.\nfuglu does not extract archives within the archive(recursion)',

            'archivecontentmaxsize': {
                'default': '5000000',
                'description': 'only extract and examine files up to this amount of (uncompressed) bytes',


        self.logger = self._logger()
        self.rulescache = None
        self.extremeverbosity = False

        #remember that the order is important here, if we support tar.gz and gz in the future make sure tar.gz comes first!
Beispiel #17
 def __init__(self, config, section=None):
     ScannerPlugin.__init__(self, config, section)
     self.requiredvars = {
         'rbllist': {
             'default': '/etc/fuglu/rbllist.list',
             'description': "File which contains the used RBL lists",
Beispiel #18
 def __init__(self, config, section=None):
     ScannerPlugin.__init__(self, config, section)
     self.requiredvars = { # this defines the configuration options for a plugin
         'greeting': { # name of the config
             'default': 'hello world!', # default value, always use strings here
             'description': 'greeting message the plugin should log to the console', #  included as comment when generating default config files
Beispiel #19
 def __init__(self,config,section=None):
             'default':'hello world!',
             'description':'greeting the plugin should log to the console',
    def __init__(self, config, section=None):
        ScannerPlugin.__init__(self, config, section)
        self.logger = self._logger()

        self.whitelist = None

        self.requiredvars = {
            'whitelist_file': {
                'path to file containing whitelisted sender domains',
            'dnszone': {
                'default': '',
                'the DNS zone to query. defaults to',
            'hash': {
                'hash function used by DNS zone. Use one of md5, sha1, sha224, sha256, sha384, sha512'
            'response': {
                'default': '',
                'description': 'expected response of zone query',
            'action': {
                'action on hit (dunno, reject, defer, delete). if set to dunno will tag as spam. do not use reject/defer in after queue mode',
            'messagetemplate': {
                'default': '${sender} listed by ${dnszone} : ${message}',
                'description': 'reject message template',
            'maxlookups': {
                'maximum number of email addresses to check per message',
            'check_always': {
                'set to True to check every suspect. set to False to only check mail that has not yet been classified as spam or virus',
            'normalisation': {
                'type of normalisation to be applied to email addresses before hashing. choose one of ebl (full normalisation according to standard), low (lowercase only)'
Beispiel #21
 def __init__(self, config, section=None):
     ScannerPlugin.__init__(self, config, section)
     self.logger = self._logger()
     self.requiredvars = {
         'scriptdir': {
             'default': '/etc/fuglu/scriptfilter',
             'description': 'Dir that contains the scripts (*.fgf files)',
Beispiel #22
 def __init__(self, config, section=None):
     ScannerPlugin.__init__(self, config, section)
     self.logger = self._logger()
     self.requiredvars = {
         'scriptdir': {
             'default': '/etc/fuglu/scriptfilter',
             'description': 'Dir that contains the scripts (*.fgf files)',
Beispiel #23
 def __init__(self, config, section=None):
     ScannerPlugin.__init__(self, config, section)
     self.requiredvars = {
         'host': {
             'default': 'localhost',
             'description': 'hostname where the ICAP server runs',
         'port': {
             'default': '1344',
             'description': "tcp port or path to unix socket",
         'timeout': {
             'default': '10',
             'description': 'socket timeout',
         'maxsize': {
             "maximum message size, larger messages will not be scanned. ",
         'retries': {
             'how often should fuglu retry the connection before giving up',
         'virusaction': {
             "action if infection is detected (DUNNO, REJECT, DELETE)",
         'problemaction': {
             'default': 'DEFER',
             'description': "action if there is a problem (DUNNO, DEFER)",
         'rejectmessage': {
             'threat detected: ${virusname}',
             "reject message template if running in pre-queue mode and virusaction=REJECT",
         'service': {
             'ICAP Av scan service, usually AVSCAN (sophos, symantec)',
         'enginename': {
             "name of the virus engine behind the icap service. used to inform other plugins. can be anything like 'sophos', 'symantec', ...",
     self.logger = self._logger()
Beispiel #24
    def __init__(self, section=None):
        ScannerPlugin.__init__(self, section)
        self.logger = self._logger()
        self.filelist = FileList(strip=True,

        self.requiredvars = {
            'domainsfile': {
                'Filename where we load spearphish domains from. One domain per line. If this setting is empty, the check will be applied to all domains.',
            'virusenginename': {
                'default': 'Fuglu SpearPhishing Protection',
                'description': 'Name of this plugins av engine',
            'virusname': {
                'default': 'TRAIT.SPEARPHISH',
                'description': 'Name to use as virus signature',
            'virusaction': {
                "action if spear phishing attempt is detected (DUNNO, REJECT, DELETE)",
            'rejectmessage': {
                'threat detected: ${virusname}',
                "reject message template if running in pre-queue mode and virusaction=REJECT",
            'dbconnection': {
                'SQLAlchemy Connection string. Leave empty to disable SQL lookups',
            'domain_sql_query': {
                "SELECT check_spearphish from domain where domain_name=:domain",
                'get from sql database :domain will be replaced with the actual domain name. must return boolean field check_spearphish',
            'check_display_part': {
                "set to True to also check display part of From header (else email part only)",
Beispiel #25
 def __init__(self, config, section=None):
     ScannerPlugin.__init__(self, config, section)
     self.requiredvars = {  # this defines the configuration options for a plugin
         'greeting': {  # name of the config
             # default value, always use strings here
             'default': 'hello world!',
             # included as comment when generating default config files
             'description': 'greeting message the plugin should log to the console',
Beispiel #26
 def __init__(self, config, section=None):
     ScannerPlugin.__init__(self, config, section)
     self.logger = self._logger()
     self.requiredvars = {
         'actionrules': {
             'default': '/etc/fuglu/actionrules.regex',
             'description': 'Rules file',
     self.filter = None
Beispiel #27
 def __init__(self, config, section=None):
     ScannerPlugin.__init__(self, config, section)
     self.logger = self._logger()
     self.requiredvars = {
         'actionrules': {
             'default': '/etc/fuglu/actionrules.regex',
             'description': 'Rules file',
     self.filter = None
Beispiel #28
 def __init__(self, config, section=None):
     ScannerPlugin.__init__(self, config, section)
     self.logger = self._logger()
         'headername': {
             'default': 'X-FuZor',
             'description': 'header name',
Beispiel #29
 def __init__(self, config, section=None):
     ScannerPlugin.__init__(self, config, section)
     self.requiredvars = {
         'regex': {
             'default': '',
             'description': "regex to match",
     self.regex = None
     self.logger = self._logger()
Beispiel #30
    def __init__(self, config, section=None):
        ScannerPlugin.__init__(self, config, section)
        self.requiredvars = {
            'host': {
                'default': 'localhost',
                'description': 'hostname where the ICAP server runs',

            'port': {
                'default': '1344',
                'description': "tcp port or path to unix socket",

            'timeout': {
                'default': '10',
                'description': 'socket timeout',

            'maxsize': {
                'default': '22000000',
                'description': "maximum message size, larger messages will not be scanned. ",

            'retries': {
                'default': '3',
                'description': 'how often should fuglu retry the connection before giving up',

            'virusaction': {
                'default': 'DEFAULTVIRUSACTION',
                'description': "action if infection is detected (DUNNO, REJECT, DELETE)",

            'problemaction': {
                'default': 'DEFER',
                'description': "action if there is a problem (DUNNO, DEFER)",

            'rejectmessage': {
                'default': 'threat detected: ${virusname}',
                'description': "reject message template if running in pre-queue mode and virusaction=REJECT",

            'service': {
                'default': 'AVSCAN',
                'description': 'ICAP Av scan service, usually AVSCAN (sophos, symantec)',

            'enginename': {
                'default': 'icap-generic',
                'description': "name of the virus engine behind the icap service. used to inform other plugins. can be anything like 'sophos', 'symantec', ...",
        self.logger = self._logger()
Beispiel #31
 def __init__(self, config, section=None):
     ScannerPlugin.__init__(self, config, section)
     self.requiredvars = {
         'dummy': {
             'default': 'bla',
             'description': 'blabla',
         'dummy2': {
             'description': 'this var has to be defined',
Beispiel #32
    def __init__(self, config, section=None):
        ScannerPlugin.__init__(self, config, section)
        self.requiredvars = {
            "dbconnectstring": {
                "default": "",
                "description": "sqlalchemy connectstring to load vacations",
                "confidential": True,

        self.logger = self._logger()
        self.cache = None
Beispiel #33
 def __init__(self,config,section=None):
             'description':'sqlalchemy connectstring to store the greylist',
Beispiel #34
    def __init__(self, config, section=None):
        ScannerPlugin.__init__(self, config, section)

        self.requiredvars = {
            'host': {
                'default': 'localhost',
                'description': 'hostname where fpscand runs',
            'port': {
                'default': '10200',
                'description': "fpscand port",
            'timeout': {
                'default': '30',
                'description': "network timeout",
            'networkmode': {
                "if fpscand runs on a different host than fuglu, set this to 1 to send the message over the network instead of just the filename",
            'scanoptions': {
                'additional scan options  (see `man fpscand` -> SCANNING OPTIONS for possible values)',
            'maxsize': {
                'default': '10485000',
                'description': "maximum message size to scan",
            'retries': {
                'default': '3',
                'description': "maximum retries on failed connections",
            'virusaction': {
                'default': 'DEFAULTVIRUSACTION',
                'description': "plugin action if threat is detected",
            'problemaction': {
                'default': 'DEFER',
                'description': "plugin action if scan fails",
            'rejectmessage': {
                'threat detected: ${virusname}',
                "reject message template if running in pre-queue mode and virusaction=REJECT",

        self.pattern = re.compile('^(\d)+ <(.+)> (.+)$')
Beispiel #35
    def __init__(self, config, section=None):
        ScannerPlugin.__init__(self, config, section)
        self.requiredvars = {
            'dbconnectstring': {
                'default': '',
                'description': 'sqlalchemy connectstring to load vacations',
                'confidential': True,

        self.logger = self._logger()
        self.cache = None
Beispiel #36
    def __init__(self, config, section=None):
        ScannerPlugin.__init__(self, config, section)
        self.requiredvars = {
            'dbconnectstring': {
                'default': '',
                'description': 'sqlalchemy connectstring to load vacations',
                'confidential': True,

        self.logger = self._logger()
        self.cache = None
Beispiel #37
    def __init__(self, config, section=None):
        ScannerPlugin.__init__(self, config, section)
        self.logger = logging.getLogger('fuglu.plugin.DomainAction')

        self.requiredvars = {
            'blockedaddheader': {
                'if set to non zero value a header will be added for blocked files and the message will be accepted\n1:\tonly filename appended as header\n2:\tfilename and details will be added as header\nany other string value will be added as-it-is to header',
Beispiel #38
    def __init__(self, config, section=None):
        ScannerPlugin.__init__(self, config, section)
        self.requiredvars = {
            'dbconnectstring': {
                'default': '....todo',
                'sqlalchemy connectstring to store the greylist',
                'confidential': True,

        self.logger = self._logger()
        self.cache = None
 def __init__(self,config,section=None):
             'description':'IMAP copy suspectFilter File',
             'description':"if true/1/yes: store original message\nif false/0/no: store message probably altered by previous plugins, eg with spamassassin headers",
Beispiel #40
    def __init__(self, config, section=None):
        ScannerPlugin.__init__(self, config, section)
        self.requiredvars = {
            'host': {
                'default': 'localhost',
                'description': 'hostname where clamd runs',

            'port': {
                'default': '3310',
                'description': "tcp port number or path to clamd.sock for unix domain sockets\nexample /var/lib/clamav/clamd.sock or on ubuntu: /var/run/clamav/clamd.ctl ",

            'timeout': {
                'default': '30',
                'description': 'socket timeout',

            'pipelining': {
                'default': '0',
                'description': "*EXPERIMENTAL*: Perform multiple scans over the same connection. May improve performance on busy systems.",

            'maxsize': {
                'default': '22000000',
                'description': "maximum message size, larger messages will not be scanned.  \nshould match the 'StreamMaxLength' config option in clamd.conf ",
            'retries': {
                'default': '3',
                'description': 'how often should fuglu retry the connection before giving up',

            'virusaction': {
                'default': 'DEFAULTVIRUSACTION',
                'description': "action if infection is detected (DUNNO, REJECT, DELETE)",

            'problemaction': {
                'default': 'DEFER',
                'description': "action if there is a problem (DUNNO, DEFER)",

            'rejectmessage': {
                'default': 'threat detected: ${virusname}',
                'description': "reject message template if running in pre-queue mode and virusaction=REJECT",
        self.logger = self._logger()
Beispiel #41
    def __init__(self, config, section=None):
        ScannerPlugin.__init__(self, config, section)

        self.requiredvars = {
            'host': {
                'default': 'localhost',
                'description': 'hostname where fpscand runs',
            'port': {
                'default': '10200',
                'description': "fpscand port",
            'timeout': {
                'default': '30',
                'description': "network timeout",
            'networkmode': {
                'default': '0',
                'description': "if fpscand runs on a different host than fuglu, set this to 1 to send the message over the network instead of just the filename",
            'scanoptions': {
                'default': '',
                'description': 'additional scan options  (see `man fpscand` -> SCANNING OPTIONS for possible values)',
            'maxsize': {
                'default': '10485000',
                'description': "maximum message size to scan",
            'retries': {
                'default': '3',
                'description': "maximum retries on failed connections",
            'virusaction': {
                'default': 'DEFAULTVIRUSACTION',
                'description': "plugin action if threat is detected",
            'problemaction': {
                'default': 'DEFER',
                'description': "plugin action if scan fails",

            'rejectmessage': {
                'default': 'threat detected: ${virusname}',
                'description': "reject message template if running in pre-queue mode and virusaction=REJECT",

        self.pattern = re.compile('^(\d)+ <(.+)> (.+)$')
Beispiel #42
    def __init__(self, config, section=None):
        ScannerPlugin.__init__(self, config, section)
        self.requiredvars = {
            'host': {
                'default': 'localhost',
                'description': 'hostname where clamd runs',

            'port': {
                'default': '3310',
                'description': "tcp port number or path to clamd.sock for unix domain sockets\nexample /var/lib/clamav/clamd.sock or on ubuntu: /var/run/clamav/clamd.ctl ",

            'timeout': {
                'default': '30',
                'description': 'socket timeout',

            'pipelining': {
                'default': '0',
                'description': "*EXPERIMENTAL*: Perform multiple scans over the same connection. May improve performance on busy systems.",

            'maxsize': {
                'default': '22000000',
                'description': "maximum message size, larger messages will not be scanned.  \nshould match the 'StreamMaxLength' config option in clamd.conf ",
            'retries': {
                'default': '3',
                'description': 'how often should fuglu retry the connection before giving up',

            'virusaction': {
                'default': 'DEFAULTVIRUSACTION',
                'description': "action if infection is detected (DUNNO, REJECT, DELETE)",

            'problemaction': {
                'default': 'DEFER',
                'description': "action if there is a problem (DUNNO, DEFER)",

            'rejectmessage': {
                'default': 'threat detected: ${virusname}',
                'description': "reject message template if running in pre-queue mode and virusaction=REJECT",
        self.logger = self._logger()
Beispiel #43
 def __init__(self, config, section=None):
     ScannerPlugin.__init__(self, config, section)
     self.logger = self._logger()
     self.skiplist = FileList(filename=None,
     self.requiredvars = {
         'skiplist': {
             'File containing a list of domains (one per line) which are not checked'
Beispiel #44
    def __init__(self, section=None):
        ScannerPlugin.__init__(self, section)
        self.logger = self._logger()

        self.requiredvars = {
            'dbconnection': {
                'SQLAlchemy Connection string. Leave empty to rewrite all senders',
            'domain_sql_query': {
                "SELECT use_srs from domain where domain_name=:domain",
                'get from sql database :domain will be replaced with the actual domain name. must return field use_srs',
            'forward_domain': {
                'default': '',
                'description': 'the new envelope sender domain',
            'secret': {
                'cryptographic secret. set the same random value on all your machines',
            'maxage': {
                'default': '8',
                'description': 'maximum lifetime of bounces',
            'hashlength': {
                'default': '8',
                'description': 'size of auth code',
            'separator': {
                'default': '=',
                'description': 'SRS token separator',
            'rewrite_header_to': {
                'set True to rewrite address in To: header in bounce messages (reverse/decrypt mode)',
Beispiel #45
    def __init__(self, config, section=None):
        ScannerPlugin.__init__(self, config, section)

        self.requiredvars = {
            'archiverules': {
                'default': '/etc/fuglu/archive.regex',
                'description': 'Archiving SuspectFilter File',
            'archivedir': {
                'default': '/tmp',
                'description': 'storage for archived messages',
            'subdirtemplate': {
                'default': '${to_domain}',
                'description': 'subdirectory within archivedir',
            'filenametemplate': {
                'default': '${id}.eml',
                'description': 'filename template for the archived messages',
            'storeoriginal': {
                "if true/1/yes: store original message\nif false/0/no: store message probably altered by previous plugins, eg with spamassassin headers",
            'chown': {
                "change owner of saved messages (username or numeric id) - this only works if fuglu is running as root (which is NOT recommended)",
            'chgrp': {
                "change group of saved messages (groupname or numeric id) - the user running fuglu must be a member of the target group for this to work",
            'chmod': {
                'default': '',
                'description': "set file permissions of saved messages",

        self.filter = None
        self.logger = self._logger()
Beispiel #46
    def __init__(self, config, section=None):
        ScannerPlugin.__init__(self, config, section)

        self.requiredvars = {
            'imapcopyrules': {
                'default': '/etc/fuglu/imapcopy.regex',
                'description': 'IMAP copy suspectFilter File',
            'storeoriginal': {
                "if true/1/yes: store original message\nif false/0/no: store message probably altered by previous plugins, eg with spamassassin headers",
        self.filter = None
        self.logger = self._logger()
Beispiel #47
 def __init__(self, config, section=None):
     ScannerPlugin.__init__(self, config, section)
     self.requiredvars = {
         'host': {
             'default': 'localhost',
             'description': 'hostname where the SSSP server runs',
         'port': {
             'default': '4010',
             'description': "tcp port or path to unix socket",
         'timeout': {
             'default': '30',
             'description': 'socket timeout',
         'maxsize': {
             "maximum message size, larger messages will not be scanned. ",
         'retries': {
             'how often should fuglu retry the connection before giving up',
         'virusaction': {
             "action if infection is detected (DUNNO, REJECT, DELETE)",
         'problemaction': {
             'default': 'DEFER',
             'description': "action if there is a problem (DUNNO, DEFER)",
         'rejectmessage': {
             'threat detected: ${virusname}',
             "reject message template if running in pre-queue mode and virusaction=REJECT",
     self.logger = self._logger()
Beispiel #48
    def __init__(self, config, section=None):
        ScannerPlugin.__init__(self, config, section)
        self.logger = logging.getLogger('fuglu.plugin.DomainAction')

        self.requiredvars = {
            'addheaderinfected': {
                'if set to non zero value a header will be added for infected files\n1:\tonly virusname appended as header\n2:\tvirusname and details will be added as header\nany other string value will be added as-it-is to header',
            'addheaderclean': {
                'add header if message is clean\nany string value will be used as-it-is',
 def __init__(self,config,section=None):
             'description':'Mail template for the bounce to inform sender about blocked attachment',
             'description':'inform the sender about blocked attachments',
             'description':'directory that contains attachment rules',
             'description':'what should the plugin do when a blocked attachment is detected\nREJECT : reject the message (recommended in pre-queue mode)\nDELETE : discard messages\nDUNNO  : mark as blocked but continue anyway (eg. if you have a later quarantine plugin)',
             'description':'sqlalchemy connectstring to load rules from a database and use files only as fallback. requires SQL extension to be enabled',
             'default':'SELECT action,regex,description FROM attachmentrules WHERE scope=:scope AND checktype=:checktype ORDER BY prio',
             'description':"sql query to load rules from a db. #:scope will be replaced by the recipient address first, then by the recipient domain\n:check will be replaced by either 'filename' to get filename rules or 'contenttype' to get content type rules",
         self.logger.warning('python-magic not available')
Beispiel #50
    def __init__(self, config, section=None):
        ScannerPlugin.__init__(self, config, section)
        self.requiredvars = {
            'host': {
                'default': 'localhost',
                'description': 'hostname where the SSSP server runs',

            'port': {
                'default': '4010',
                'description': "tcp port or path to unix socket",

            'timeout': {
                'default': '30',
                'description': 'socket timeout',

            'maxsize': {
                'default': '22000000',
                'description': "maximum message size, larger messages will not be scanned. ",

            'retries': {
                'default': '3',
                'description': 'how often should fuglu retry the connection before giving up',

            'virusaction': {
                'default': 'DEFAULTVIRUSACTION',
                'description': "action if infection is detected (DUNNO, REJECT, DELETE)",

            'problemaction': {
                'default': 'DEFER',
                'description': "action if there is a problem (DUNNO, DEFER)",

            'rejectmessage': {
                'default': 'threat detected: ${virusname}',
                'description': "reject message template if running in pre-queue mode and virusaction=REJECT",
        self.logger = self._logger()
Beispiel #51
    def __init__(self, config, section=None):
        ScannerPlugin.__init__(self, config, section)
        self.requiredvars = {
            'domainsfile': {
                'description': "File containing a list of domains (one per line) which must be DKIM and/or SPF authenticated",
                'default': "/etc/fuglu/auth_required_domains.txt",
            'failaction': {
                'default': 'DUNNO',
                'description': "action if the message doesn't pass authentication (DUNNO, REJECT)",

            'rejectmessage': {
                'default': 'sender domain ${header_from_domain} must pass DKIM and/or SPF authentication',
                'description': "reject message template if running in pre-queue mode",
        self.logger = self._logger()
        self.filelist=FileList(filename=None,strip=True, skip_empty=True, skip_comments=True,lowercase=True)
Beispiel #52
    def __init__(self, config, section=None):
        ScannerPlugin.__init__(self, config, section)

        self.requiredvars = {
            'archiverules': {
                'default': '/etc/fuglu/archive.regex',
                'description': 'Archiving SuspectFilter File',

            'archivedir': {
                'default': '/tmp',
                'description': 'storage for archived messages',
            'subdirtemplate': {
                'default': '${to_domain}',
                'description': 'subdirectory within archivedir',
            'filenametemplate': {
                'default': '${id}.eml',
                'description': 'filename template for the archived messages',
            'storeoriginal': {
                'default': '1',
                'description': "if true/1/yes: store original message\nif false/0/no: store message probably altered by previous plugins, eg with spamassassin headers",
            'chown': {
                'default': '',
                'description': "change owner of saved messages (username or numeric id) - this only works if fuglu is running as root (which is NOT recommended)",
            'chgrp': {
                'default': '',
                'description': "change group of saved messages (groupname or numeric id) - the user running fuglu must be a member of the target group for this to work",
            'chmod': {
                'default': '',
                'description': "set file permissions of saved messages",


        self.filter = None
        self.logger = self._logger()
 def __init__(self,config,section=None):
             'description':'Suspectfilter File',
             'description':'Output File',
              'default':'${fieldname}: ${matchedvalue}',
             'description':'Default line output template if nothing is specified in filter config',                  
Beispiel #54
    def __init__(self, config, section=None):
        ScannerPlugin.__init__(self, config, section)

        self.requiredvars = {
            'host': {
                'default': 'localhost',
                'description': 'hostname where fpscand runs',
            'port': {
                'default': '3000',
                'description': "DrWeb daemon port",
            'timeout': {
                'default': '30',
                'description': "network timeout",
            'maxsize': {
                'default': '22000000',
                'description': "maximum message size to scan",
            'retries': {
                'default': '3',
                'description': "maximum retries on failed connections",
            'virusaction': {
                'default': 'DEFAULTVIRUSACTION',
                'description': "plugin action if threat is detected",
            'problemaction': {
                'default': 'DEFER',
                'description': "plugin action if scan fails",

            'rejectmessage': {
                'default': 'threat detected: ${virusname}',
                'description': "reject message template if running in pre-queue mode and virusaction=REJECT",
        self.logger = self._logger()
        self.pattern = re.compile(r'(?:DATA\[\d+\])(.+) infected with (.+)$')
Beispiel #55
    def __init__(self, section=None):
        ScannerPlugin.__init__(self, section)
        self.logger = self._logger()
        self.filelist = FileList(strip=True, skip_empty=True, skip_comments=True, lowercase=True,
                                 additional_filters=None, minimum_time_between_reloads=30)

        self.requiredvars = {
            'domainsfile': {
                'default': '/etc/fuglu/spearphish-domains',
                'description': 'Filename where we load spearphish domains from. One domain per line. If this setting is empty, the check will be applied to all domains.',
            'virusenginename': {
                'default': 'Fuglu SpearPhishing Protection',
                'description': 'Name of this plugins av engine',
            'virusname': {
                'default': 'TRAIT.SPEARPHISH',
                'description': 'Name to use as virus signature',
            'virusaction': {
                'default': 'DEFAULTVIRUSACTION',
                'description': "action if spear phishing attempt is detected (DUNNO, REJECT, DELETE)",
            'rejectmessage': {
                'default': 'threat detected: ${virusname}',
                'description': "reject message template if running in pre-queue mode and virusaction=REJECT",
                'description':'SQLAlchemy Connection string. Leave empty to disable SQL lookups',
                'default':"SELECT check_spearphish from domain where domain_name=:domain",
                'description':'get from sql database :domain will be replaced with the actual domain name. must return boolean field check_spearphish',
            'check_display_part': {
                'default': 'False',
                'description': "set to True to also check display part of From header (else email part only)",
Beispiel #56
 def __init__(self, config, section=None):
     ScannerPlugin.__init__(self, config, section)
     self.requiredvars = {
         "host": {"default": "localhost", "description": "hostname where the SSSP server runs"},
         "port": {"default": "4010", "description": "tcp port or path to unix socket"},
         "timeout": {"default": "30", "description": "socket timeout"},
         "maxsize": {
             "default": "22000000",
             "description": "maximum message size, larger messages will not be scanned. ",
         "retries": {"default": "3", "description": "how often should fuglu retry the connection before giving up"},
         "virusaction": {
             "default": "DEFAULTVIRUSACTION",
             "description": "action if infection is detected (DUNNO, REJECT, DELETE)",
         "problemaction": {"default": "DEFER", "description": "action if there is a problem (DUNNO, DEFER)"},
         "rejectmessage": {
             "default": "threat detected: ${virusname}",
             "description": "reject message template if running in pre-queue mode and virusaction=REJECT",
     self.logger = self._logger()
 def __init__(self,config,section=None):
             'description':'Domain skip list',
             'description':'Maximum size of processed mails. Larger mail will be skipped.',
             'description':'print extracted uris in fuglu log',
Beispiel #58
 def __init__(self, config, section=None):
     ScannerPlugin.__init__(self, config, section)
     self.requiredvars = {
         'redis': {
             'default': 'localhost:6379:0',
             'description': 'redis config: host:port:db',
         'ttl': {
             'default': '604800',
             'description': 'hash ttl in seconds',
         'maxsize': {
             'default': '600000',
                 'maxsize in bytes, larger messages will be skipped'
         'timeout': {
             'default': '2',
             'description': 'timeout in seconds'
     self.backend = None
     self.logger = self._logger()
 def __init__(self, config, section=None):
     ScannerPlugin.__init__(self, config, section)
     self.requiredvars = {
         'identifier': {
             'default': 'CommandlineAV',
             'description': 'identifier used in the virus tag',
         'exectemplate': {
             'default': '',
             'description': 'full path to the scan executable and arguments. ${suspectpath} will be replaced with the message file',
         'timeout': {
             'default': '10',
             'description': "process timeout",
         'viruspattern': {
             'default': '',
             'description': 'regular expression for infected messages. use virusname and filename groups',
         'maxsize': {
             'default': '10485000',
             'description': "maximum message size to scan",
         'virusaction': {
             'default': 'DEFAULTVIRUSACTION',
             'description': "plugin action if threat is detected",
         'problemaction': {
             'default': 'DEFER',
             'description': "plugin action if scan fails",
         'rejectmessage': {
             'default': 'threat detected: ${virusname}',
             'description': "reject message template if running in pre-queue mode and virusaction=REJECT",
Beispiel #60
 def __init__(self, config, section=None):
     ScannerPlugin.__init__(self, config, section)
     self.logger = self._logger()