def __init__(self, config, section=None):
ScannerPlugin.__init__(self, config, section)
self.requiredvars = {
"path": {
"default": "/usr/local/fuglu/deliver/${to_address}",
"description": "Path to maildir / mbox file, supports templates",
},
# maybe we need to support our own locking later, for now we use python's built-ins
#'locktype':{
# 'default':'',
# 'description':"flock, ...",
# },
"boxtype": {"default": "mbox", "description": "mbox, maildir"},
# maybe we need to support various mbox types later, for now we use python's built-in module
#'subtype':{
# 'default':'',
# 'description':"what type of mbox... ",
# },
"filterfile": {"default": "", "description": "only store messages which use filter..."},
}
self.logger = self._logger()
self.filter = None
self.boxtypemap = {"mbox": self.deliver_mbox, "maildir": self.deliver_maildir}
def __init__(self, section=None):
ScannerPlugin.__init__(self, section)
self.filelist = FileList(strip=True, skip_empty=True, skip_comments=True, lowercase=True,
additional_filters=None, minimum_time_between_reloads=30)
self.requiredvars = {
'domainsfile': {
'default': '/etc/fuglu/spearphish-domains',
'description': 'Filename where we load spearphish domains from. One domain per line. If this setting is empty, the check will be applied to all domains.',
},
'virusenginename': {
'default': 'Fuglu SpearPhishing Protection',
'description': 'Name of this plugins av engine',
},
'virusname': {
'default': 'TRAIT.SPEARPHISH',
'description': 'Name to use as virus signature',
},
'virusaction': {
'default': 'DEFAULTVIRUSACTION',
'description': "action if spear phishing attempt is detected (DUNNO, REJECT, DELETE)",
},
'rejectmessage': {
'default': 'threat detected: ${virusname}',
'description': "reject message template if running in pre-queue mode and virusaction=REJECT",
},
}
def __init__(self,config,section=None):
ScannerPlugin.__init__(self,config,section)
self.logger=logging.getLogger('fuglu.plugin.DomainAction')
self.requiredvars={
'blacklistconfig':{
'default':'/etc/fuglu/rbl.conf',
'description':'RBL Lookup config file',
},
'checksubdomains':{
'default':'yes',
'description':'check subdomains as well (from top to bottom, eg. example.com, bla.example.com, blubb.bla.example.com',
},
'action':{
'default':'reject',
'description':'action on hit (reject, delete, etc)',
},
'message':{
'default':'5.7.1 black listed URL ${domain} by ${blacklist}',
'description':'message template for rejects/ok messages',
},
'maxdomains':{
'default':'10',
'description':'maximum number of domains to check per message',
}
}
self.rbllookup=None
self.tldmagic=None
def __init__(self, config, section=None):
ScannerPlugin.__init__(self, config, section)
self.requiredvars = {
"yararulesdir": {
"default": "/etc/fuglu/yararules",
"description": "Directory containing one or more YARA rule files",
},
"archivecontentmaxsize": {
"default": "5000000",
"description": "only extract and examine files up to this amount of (uncompressed) bytes",
},
"virusaction": {
"default": "DEFAULTVIRUSACTION",
"description": "action if infection is detected (DUNNO, REJECT, DELETE)",
},
"problemaction": {"default": "DEFER", "description": "action if there is a problem (DUNNO, DEFER)"},
"rejectmessage": {
"default": "threat detected in ${infectedfile}: ${virusname}",
"description": "reject message template if running in pre-queue mode and virusaction=REJECT",
},
}
self.filter = None
self.logger = self._logger()
self.lastreload = 0
self.compiled_rules = None
# remember that the order is important here, if we support tar.gz and
# gz in the future make sure tar.gz comes first!
self.supported_archive_extensions = ["zip"]
if RARFILE_AVAILABLE:
self.supported_archive_extensions.append("rar")
def __init__(self, config, section=None):
ScannerPlugin.__init__(self, config, section)
self.requiredvars = {
'template_blockedfile': {
'default': '/etc/fuglu/templates/blockedfile.tmpl',
'description': 'Mail template for the bounce to inform sender about blocked attachment',
},
'sendbounce': {
'default': '1',
'description': 'inform the sender about blocked attachments.\nIf a previous plugin tagged the message as spam or infected, no bounce will be sent to prevent backscatter',
},
'rulesdir': {
'default': '/etc/fuglu/rules',
'description': 'directory that contains attachment rules',
},
'blockaction': {
'default': 'DELETE',
'description': 'what should the plugin do when a blocked attachment is detected\nREJECT : reject the message (recommended in pre-queue mode)\nDELETE : discard messages\nDUNNO : mark as blocked but continue anyway (eg. if you have a later quarantine plugin)',
},
'dbconnectstring': {
'default': '',
'description': 'sqlalchemy connectstring to load rules from a database and use files only as fallback. requires SQL extension to be enabled',
'confidential': True,
},
'query': {
'default': 'SELECT action,regex,description FROM attachmentrules WHERE scope=:scope AND checktype=:checktype ORDER BY prio',
'description': "sql query to load rules from a db. #:scope will be replaced by the recipient address first, then by the recipient domain\n:check will be replaced 'filename','contenttype','archive-filename' or 'archive-contenttype'",
},
'checkarchivenames': {
'default': '0',
'description': "enable scanning of filenames within archives (zip,rar). This does not actually extract the files, it just looks at the filenames found in the archive."
},
'checkarchivecontent': {
'default': '0',
'description': 'extract compressed archives(zip,rar) and check file content type with libmagics\nnote that the files will be extracted into memory - tune archivecontentmaxsize accordingly.\nfuglu does not extract archives within the archive(recursion)',
},
'archivecontentmaxsize': {
'default': '5000000',
'description': 'only extract and examine files up to this amount of (uncompressed) bytes',
},
}
self.logger = self._logger()
self.rulescache = None
self.extremeverbosity = False
# remember that the order is important here, if we support tar.gz and
# gz in the future make sure tar.gz comes first!
self.supported_archive_extensions = ['zip', ]
if RARFILE_AVAILABLE:
self.supported_archive_extensions.append('rar')
def __init__(self, config, section=None):
ScannerPlugin.__init__(self, config, section)
self.backend = None
self.logger = self._logger()
self.requiredvars = {
'redis': {
'default': 'localhost:6379:0',
'description': 'redis config: host:port:db',
},
# commented, for now we only want the count
# 'lowthreshold':{
# 'default':'1',
# 'description': 'threshold for adding <headername>: LOW',
# },
# 'highthreshold':{
# 'default':'3',
# 'description': 'threshold for adding <headername>: HIGH',
# },
'headername': {
'default': 'X-FuZor',
'description': 'header name',
},
'maxsize': {
'default': '600000',
'description':
'maxsize in bytes, larger messages will be skipped'
},
'timeout': {
'default': '2',
'description': 'timeout in seconds'
},
}
def __init__(self,config,section=None):
ScannerPlugin.__init__(self,config,section)
self.requiredvars={
'privatekeyfile':{
'description':"Location of the private key file. supports standard template variables plus additional ${header_from_domain} which extracts the domain name from the From: -Header",
'default':"/etc/fuglu/dkim/${header_from_domain}.key",
},
'canonicalizeheaders':{
'description':"Type of header canonicalization (simple or relaxed)",
'default':"relaxed",
},
'canonicalizebody':{
'description':"Type of body canonicalization (simple or relaxed)",
'default':"relaxed",
},
'selector':{
'description':'selector to use when signing, supports templates',
'default':'default',
},
'signheaders':{
'description':'comma separated list of headers to sign. empty string=sign all headers',
'default':'',
},
'signbodylength':{
'description':'include l= tag in dkim header',
'default':'False',
},
}
def __init__(self,config,section=None):
ScannerPlugin.__init__(self,config,section)
self.requiredvars={
'greeting':{
'default':'hello world!',
'description':'greeting the plugin should log to the console',
}
}
def __init__(self, config, section=None):
ScannerPlugin.__init__(self, config, section)
self.requiredvars = { # this defines the configuration options for a plugin
'greeting': { # name of the config
'default': 'hello world!', # default value, always use strings here
'description': 'greeting message the plugin should log to the console', # included as comment when generating default config files
}
}
def __init__(self, config, section=None):
ScannerPlugin.__init__(self, config, section)
self.logger = self._logger()
self.requiredvars = {
'scriptdir': {
'default': '/etc/fuglu/scriptfilter',
'description': 'Dir that contains the scripts (*.fgf files)',
}
}
def __init__(self, config, section=None):
ScannerPlugin.__init__(self, config, section)
self.logger = self._logger()
self.requiredvars = {
'actionrules': {
'default': '/etc/fuglu/actionrules.regex',
'description': 'Rules file',
}
}
self.filter = None
def __init__(self, config, section=None):
ScannerPlugin.__init__(self, config, section)
self.requiredvars = {
'host': {
'default': 'localhost',
'description': 'hostname where the ICAP server runs',
},
'port': {
'default': '1344',
'description': "tcp port or path to unix socket",
},
'timeout': {
'default': '10',
'description': 'socket timeout',
},
'maxsize': {
'default': '22000000',
'description': "maximum message size, larger messages will not be scanned. ",
},
'retries': {
'default': '3',
'description': 'how often should fuglu retry the connection before giving up',
},
'virusaction': {
'default': 'DEFAULTVIRUSACTION',
'description': "action if infection is detected (DUNNO, REJECT, DELETE)",
},
'problemaction': {
'default': 'DEFER',
'description': "action if there is a problem (DUNNO, DEFER)",
},
'rejectmessage': {
'default': 'threat detected: ${virusname}',
'description': "reject message template if running in pre-queue mode and virusaction=REJECT",
},
'service': {
'default': 'AVSCAN',
'description': 'ICAP Av scan service, usually AVSCAN (sophos, symantec)',
},
'enginename': {
'default': 'icap-generic',
'description': "name of the virus engine behind the icap service. used to inform other plugins. can be anything like 'sophos', 'symantec', ...",
},
}
self.logger = self._logger()
def __init__(self, config, section=None):
ScannerPlugin.__init__(self, config, section)
self.requiredvars = {
"dbconnectstring": {
"default": "",
"description": "sqlalchemy connectstring to load vacations",
"confidential": True,
}
}
self.logger = self._logger()
self.cache = None
def __init__(self,config,section=None):
ScannerPlugin.__init__(self,config,section)
self.requiredvars={
'dbconnectstring':{
'default':'....todo',
'description':'sqlalchemy connectstring to store the greylist',
'confidential':True,
},
}
self.logger=self._logger()
self.cache=None
def __init__(self, config, section=None):
ScannerPlugin.__init__(self, config, section)
self.requiredvars = {
'dbconnectstring': {
'default': '',
'description': 'sqlalchemy connectstring to load vacations',
'confidential': True,
},
}
self.logger = self._logger()
self.cache = None
def __init__(self,config,section=None):
ScannerPlugin.__init__(self,config,section)
self.requiredvars={
'imapcopyrules':{
'default':'/etc/fuglu/imapcopy.regex',
'description':'IMAP copy suspectFilter File',
},
'storeoriginal':{
'default':'1',
'description':"if true/1/yes: store original message\nif false/0/no: store message probably altered by previous plugins, eg with spamassassin headers",
}
}
self.filter=None
self.logger=self._logger()
def __init__(self, config, section=None):
ScannerPlugin.__init__(self, config, section)
self.requiredvars = {
'host': {
'default': 'localhost',
'description': 'hostname where clamd runs',
},
'port': {
'default': '3310',
'description': "tcp port number or path to clamd.sock for unix domain sockets\nexample /var/lib/clamav/clamd.sock or on ubuntu: /var/run/clamav/clamd.ctl ",
},
'timeout': {
'default': '30',
'description': 'socket timeout',
},
'pipelining': {
'default': '0',
'description': "*EXPERIMENTAL*: Perform multiple scans over the same connection. May improve performance on busy systems.",
},
'maxsize': {
'default': '22000000',
'description': "maximum message size, larger messages will not be scanned. \nshould match the 'StreamMaxLength' config option in clamd.conf ",
},
'retries': {
'default': '3',
'description': 'how often should fuglu retry the connection before giving up',
},
'virusaction': {
'default': 'DEFAULTVIRUSACTION',
'description': "action if infection is detected (DUNNO, REJECT, DELETE)",
},
'problemaction': {
'default': 'DEFER',
'description': "action if there is a problem (DUNNO, DEFER)",
},
'rejectmessage': {
'default': 'threat detected: ${virusname}',
'description': "reject message template if running in pre-queue mode and virusaction=REJECT",
},
}
self.logger = self._logger()
def __init__(self, config, section=None):
ScannerPlugin.__init__(self, config, section)
self.requiredvars = {
'host': {
'default': 'localhost',
'description': 'hostname where fpscand runs',
},
'port': {
'default': '10200',
'description': "fpscand port",
},
'timeout': {
'default': '30',
'description': "network timeout",
},
'networkmode': {
'default': '0',
'description': "if fpscand runs on a different host than fuglu, set this to 1 to send the message over the network instead of just the filename",
},
'scanoptions': {
'default': '',
'description': 'additional scan options (see `man fpscand` -> SCANNING OPTIONS for possible values)',
},
'maxsize': {
'default': '10485000',
'description': "maximum message size to scan",
},
'retries': {
'default': '3',
'description': "maximum retries on failed connections",
},
'virusaction': {
'default': 'DEFAULTVIRUSACTION',
'description': "plugin action if threat is detected",
},
'problemaction': {
'default': 'DEFER',
'description': "plugin action if scan fails",
},
'rejectmessage': {
'default': 'threat detected: ${virusname}',
'description': "reject message template if running in pre-queue mode and virusaction=REJECT",
},
}
self.pattern = re.compile('^(\d)+ <(.+)> (.+)$')
def __init__(self, config, section=None):
ScannerPlugin.__init__(self, config, section)
self.requiredvars = {
'imapcopyrules': {
'default': '/etc/fuglu/imapcopy.regex',
'description': 'IMAP copy suspectFilter File',
},
'storeoriginal': {
'default':
'1',
'description':
"if true/1/yes: store original message\nif false/0/no: store message probably altered by previous plugins, eg with spamassassin headers",
}
}
self.filter = None
self.logger = self._logger()
def __init__(self, config, section=None):
ScannerPlugin.__init__(self, config, section)
self.requiredvars = {
'archiverules': {
'default': '/etc/fuglu/archive.regex',
'description': 'Archiving SuspectFilter File',
},
'archivedir': {
'default': '/tmp',
'description': 'storage for archived messages',
},
'subdirtemplate': {
'default': '${to_domain}',
'description': 'subdirectory within archivedir',
},
'filenametemplate': {
'default': '${id}.eml',
'description': 'filename template for the archived messages',
},
'storeoriginal': {
'default':
'1',
'description':
"if true/1/yes: store original message\nif false/0/no: store message probably altered by previous plugins, eg with spamassassin headers",
},
'chown': {
'default':
'',
'description':
"change owner of saved messages (username or numeric id) - this only works if fuglu is running as root (which is NOT recommended)",
},
'chgrp': {
'default':
'',
'description':
"change group of saved messages (groupname or numeric id) - the user running fuglu must be a member of the target group for this to work",
},
'chmod': {
'default': '',
'description': "set file permissions of saved messages",
},
}
self.filter = None
self.logger = self._logger()
def __init__(self, section=None):
ScannerPlugin.__init__(self, section)
self.logger = self._logger()
self.requiredvars = {
'dbconnection': {
'default':
"mysql://root@localhost/spfcheck?charset=utf8",
'description':
'SQLAlchemy Connection string. Leave empty to rewrite all senders',
},
'domain_sql_query': {
'default':
"SELECT use_srs from domain where domain_name=:domain",
'description':
'get from sql database :domain will be replaced with the actual domain name. must return field use_srs',
},
'forward_domain': {
'default': 'example.com',
'description': 'the new envelope sender domain',
},
'secret': {
'default':
'',
'description':
'cryptographic secret. set the same random value on all your machines',
},
'maxage': {
'default': '8',
'description': 'maximum lifetime of bounces',
},
'hashlength': {
'default': '8',
'description': 'size of auth code',
},
'separator': {
'default': '=',
'description': 'SRS token separator',
},
'rewrite_header_to': {
'default':
'True',
'description':
'set True to rewrite address in To: header in bounce messages (reverse/decrypt mode)',
},
}
def __init__(self, config, section=None):
ScannerPlugin.__init__(self, config, section)
self.requiredvars = {
'host': {
'default': 'localhost',
'description': 'hostname where the SSSP server runs',
},
'port': {
'default': '4010',
'description': "tcp port or path to unix socket",
},
'timeout': {
'default': '30',
'description': 'socket timeout',
},
'maxsize': {
'default':
'22000000',
'description':
"maximum message size, larger messages will not be scanned. ",
},
'retries': {
'default':
'3',
'description':
'how often should fuglu retry the connection before giving up',
},
'virusaction': {
'default':
'DEFAULTVIRUSACTION',
'description':
"action if infection is detected (DUNNO, REJECT, DELETE)",
},
'problemaction': {
'default': 'DEFER',
'description': "action if there is a problem (DUNNO, DEFER)",
},
'rejectmessage': {
'default':
'threat detected: ${virusname}',
'description':
"reject message template if running in pre-queue mode and virusaction=REJECT",
},
}
self.logger = self._logger()
def __init__(self, config, section=None):
ScannerPlugin.__init__(self, config, section)
self.logger = logging.getLogger('fuglu.plugin.DomainAction')
self.requiredvars = {
'addheaderinfected': {
'default':
'0',
'description':
'if set to non zero value a header will be added for infected files\n1:\tonly virusname appended as header\n2:\tvirusname and details will be added as header\nany other string value will be added as-it-is to header',
},
'addheaderclean': {
'default':
'0',
'description':
'add header if message is clean\nany string value will be used as-it-is',
}
}
def __init__(self, config, section=None):
ScannerPlugin.__init__(self, config, section)
self.requiredvars = {
'delay': {
'default': DelayPlugin.min_delay,
'description': 'execution time of the examine function',
},
'logfrequency': {
'default':
DelayPlugin.min_delay,
'description':
"frequency of writing a log message while waiting in the examine function",
},
}
self.logger = self._logger()
try:
self.delay = config.getfloat(
self.section,
"delay",
)
except Exception as e:
self.delay = DelayPlugin.min_delay
self.logger.debug("No config, setting delay to: %f" % self.delay)
try:
self.logfrequency = config.getfloat(self.section, "logfrequency")
except Exception:
self.logfrequency = self.delay
self.logger.debug("No config, setting frequency to: %f" %
self.delay)
self.delay = max(self.delay, DelayPlugin.min_delay)
self.logfrequency = max(self.logfrequency,
DelayPlugin.min_logfrequency)
self.logfrequency = min(self.logfrequency, self.delay)
if self.delay > 0:
self.logger.info("%s: delay = %f, logfrequency = %f" %
(os.getpid(), self.delay, self.logfrequency))
else:
self.logger.info("%s: delay = %f, logfrequ= %f" %
(os.getpid(), self.delay, self.logfrequency))
def __init__(self,config,section=None):
ScannerPlugin.__init__(self,config,section)
self.requiredvars={
'template_blockedfile':{
'default':'/etc/fuglu/templates/blockedfile.tmpl',
'description':'Mail template for the bounce to inform sender about blocked attachment',
},
'sendbounce':{
'default':'1',
'description':'inform the sender about blocked attachments',
},
'rulesdir':{
'default':'/etc/fuglu/rules',
'description':'directory that contains attachment rules',
},
'blockaction':{
'default':'DELETE',
'description':'what should the plugin do when a blocked attachment is detected\nREJECT : reject the message (recommended in pre-queue mode)\nDELETE : discard messages\nDUNNO : mark as blocked but continue anyway (eg. if you have a later quarantine plugin)',
},
'dbconnectstring':{
'default':'',
'description':'sqlalchemy connectstring to load rules from a database and use files only as fallback. requires SQL extension to be enabled',
'confidential':True,
},
'query':{
'default':'SELECT action,regex,description FROM attachmentrules WHERE scope=:scope AND checktype=:checktype ORDER BY prio',
'description':"sql query to load rules from a db. #:scope will be replaced by the recipient address first, then by the recipient domain\n:check will be replaced by either 'filename' to get filename rules or 'contenttype' to get content type rules",
},
}
self.logger=self._logger()
if MAGIC_AVAILABLE:
if MAGIC_AVAILABLE==MAGIC_PYTHON_FILE:
self.ms = magic.open(magic.MAGIC_MIME)
self.ms.load()
else:
self.logger.warning('python-magic not available')
self.rulescache=None
self.extremeverbosity=False
def __init__(self, config, section=None):
ScannerPlugin.__init__(self, config, section)
self.requiredvars = {
'host': {
'default': 'localhost',
'description': 'hostname where clamd runs',
},
'port': {
'default': '3310',
'description': "tcp port number or path to clamd.sock for unix domain sockets\nexample /var/lib/clamav/clamd.sock or on ubuntu: /var/run/clamav/clamd.ctl ",
},
'timeout': {
'default': '30',
'description': 'socket timeout',
},
'maxsize': {
'default': '22000000',
'description': "maximum message size, larger messages will not be scanned. \nshould match the 'StreamMaxLength' config option in clamd.conf ",
},
'retries': {
'default': '3',
'description': 'how often should fuglu retry the connection before giving up',
},
'virusaction': {
'default': 'DEFAULTVIRUSACTION',
'description': "action if infection is detected (DUNNO, REJECT, DELETE)",
},
'problemaction': {
'default': 'DEFER',
'description': "action if there is a problem (DUNNO, DEFER)",
},
'rejectmessage': {
'default': 'threat detected: ${virusname}',
'description': "reject message template if running in pre-queue mode and virusaction=REJECT",
},
}
self.logger = self._logger()
def __init__(self, config, section=None):
ScannerPlugin.__init__(self, config, section)
self.requiredvars = {
'host': {
'default': 'localhost',
'description': 'hostname where the SSSP server runs',
},
'port': {
'default': '4010',
'description': "tcp port or path to unix socket",
},
'timeout': {
'default': '30',
'description': 'socket timeout',
},
'maxsize': {
'default': '22000000',
'description': "maximum message size, larger messages will not be scanned. ",
},
'retries': {
'default': '3',
'description': 'how often should fuglu retry the connection before giving up',
},
'virusaction': {
'default': 'DEFAULTVIRUSACTION',
'description': "action if infection is detected (DUNNO, REJECT, DELETE)",
},
'problemaction': {
'default': 'DEFER',
'description': "action if there is a problem (DUNNO, DEFER)",
},
'rejectmessage': {
'default': 'threat detected: ${virusname}',
'description': "reject message template if running in pre-queue mode and virusaction=REJECT",
},
}
self.logger = self._logger()
def __init__(self, config, section=None):
ScannerPlugin.__init__(self, config, section)
self.logger = self._logger()
self.requiredvars = {
'identifier': {
'default': 'CommandlineAV',
'description': 'identifier used in the virus tag',
},
'exectemplate': {
'default':
'',
'description':
'full path to the scan executable and arguments. ${suspectpath} will be replaced with the message file',
},
'timeout': {
'default': '10',
'description': "process timeout",
},
'viruspattern': {
'default':
'',
'description':
'regular expression for infected messages. use virusname and filename groups',
},
'maxsize': {
'default': '10485000',
'description': "maximum message size to scan",
},
'virusaction': {
'default': 'DEFAULTVIRUSACTION',
'description': "plugin action if threat is detected",
},
'problemaction': {
'default': 'DEFER',
'description': "plugin action if scan fails",
},
'rejectmessage': {
'default':
'threat detected: ${virusname}',
'description':
"reject message template if running in pre-queue mode and virusaction=REJECT",
},
}
def __init__(self, config, section=None):
ScannerPlugin.__init__(self, config, section)
self.requiredvars = {
'domainsfile': {
'description': "File containing a list of domains (one per line) which must be DKIM and/or SPF authenticated",
'default': "/etc/fuglu/auth_required_domains.txt",
},
'failaction': {
'default': 'DUNNO',
'description': "action if the message doesn't pass authentication (DUNNO, REJECT)",
},
'rejectmessage': {
'default': 'sender domain ${header_from_domain} must pass DKIM and/or SPF authentication',
'description': "reject message template if running in pre-queue mode",
},
}
self.logger = self._logger()
self.filelist=FileList(filename=None,strip=True, skip_empty=True, skip_comments=True,lowercase=True)
def __init__(self, config, section=None):
ScannerPlugin.__init__(self, config, section)
self.requiredvars = {
'archiverules': {
'default': '/etc/fuglu/archive.regex',
'description': 'Archiving SuspectFilter File',
},
'archivedir': {
'default': '/tmp',
'description': 'storage for archived messages',
},
'subdirtemplate': {
'default': '${to_domain}',
'description': 'subdirectory within archivedir',
},
'filenametemplate': {
'default': '${id}.eml',
'description': 'filename template for the archived messages',
},
'storeoriginal': {
'default': '1',
'description': "if true/1/yes: store original message\nif false/0/no: store message probably altered by previous plugins, eg with spamassassin headers",
},
'chown': {
'default': '',
'description': "change owner of saved messages (username or numeric id) - this only works if fuglu is running as root (which is NOT recommended)",
},
'chgrp': {
'default': '',
'description': "change group of saved messages (groupname or numeric id) - the user running fuglu must be a member of the target group for this to work",
},
'chmod': {
'default': '',
'description': "set file permissions of saved messages",
},
}
self.filter = None
self.logger = self._logger()
def __init__(self, config, section=None):
ScannerPlugin.__init__(self, config, section)
self.requiredvars = {
'filterfile': {
'default': '/etc/fuglu/headerwriter.regex',
'description': 'Suspectfilter File',
},
'outputfile': {
'default': '',
'description': 'Output File',
},
'defaultlinetemplate': {
'default':
'${fieldname}: ${matchedvalue}',
'description':
'Default line output template if nothing is specified in filter config',
}
}
self.filter = None
def __init__(self, config, section=None):
ScannerPlugin.__init__(self, config, section)
self.requiredvars = {
'domainsfile': {
'description': "File containing a list of domains (one per line) which must be DKIM and/or SPF authenticated",
'default': "/etc/fuglu/auth_required_domains.txt",
},
'failaction': {
'default': 'DUNNO',
'description': "action if the message doesn't pass authentication (DUNNO, REJECT)",
},
'rejectmessage': {
'default': 'sender domain ${header_from_domain} must pass DKIM and/or SPF authentication',
'description': "reject message template if running in pre-queue mode",
},
}
self.logger = self._logger()
self.filelist = FileList(
filename=None, strip=True, skip_empty=True, skip_comments=True, lowercase=True)
def __init__(self, config, section=None):
ScannerPlugin.__init__(self, config, section)
self.logger = self._logger()
self.requiredvars = {
'socket': {
'default': 'inet:2424@localhost',
'description': 'the socket dspam server listens to',
},
'username': {
'default': 'user',
'description':
'the authentication user name to connect to dspam',
},
'password': {
'default': 'secretpass',
'description':
'the authentication password to connect to dspam',
},
'scanoriginal': {
'default':
'1',
'description':
"should we scan the original message as retreived from postfix or scan the current state \nin fuglu (which might have been altered by previous plugins)\nonly set this to disabled if you have a custom plugin that adds special headers to the message that will be \nused in rspamd rules",
},
'spamaction': {
'default':
'DEFAULTLOWSPAMACTION',
'description':
"what should we do with low spam (eg. detected as spam, but score not over highspamlevel)",
},
'problemaction': {
'default': 'DEFER',
'description': "action if there is a problem (DUNNO, DEFER)",
},
'rejectmessage': {
'default':
'message identified as spam',
'description':
"reject message template if running in pre-queue mode",
},
}
def __init__(self, config, section=None):
ScannerPlugin.__init__(self, config, section)
self.requiredvars = {
'host': {
'default': 'localhost',
'description': 'hostname where fpscand runs',
},
'port': {
'default': '3000',
'description': "DrWeb daemon port",
},
'timeout': {
'default': '30',
'description': "network timeout",
},
'maxsize': {
'default': '22000000',
'description': "maximum message size to scan",
},
'retries': {
'default': '3',
'description': "maximum retries on failed connections",
},
'virusaction': {
'default': 'DEFAULTVIRUSACTION',
'description': "plugin action if threat is detected",
},
'problemaction': {
'default': 'DEFER',
'description': "plugin action if scan fails",
},
'rejectmessage': {
'default':
'threat detected: ${virusname}',
'description':
"reject message template if running in pre-queue mode and virusaction=REJECT",
},
}
self.logger = self._logger()
self.pattern = re.compile(r'(?:DATA\[\d+\])(.+) infected with (.+)$')
def __init__(self,config,section=None):
ScannerPlugin.__init__(self,config,section)
self.requiredvars={
'filterfile':{
'default':'/etc/fuglu/headerwriter.regex',
'description':'Suspectfilter File',
},
'outputfile':{
'default':'',
'description':'Output File',
},
'defaultlinetemplate':{
'default':'${fieldname}: ${matchedvalue}',
'description':'Default line output template if nothing is specified in filter config',
}
}
self.filter=None
def __init__(self, section=None):
ScannerPlugin.__init__(self, section)
self.logger = self._logger()
self.filelist = FileList(strip=True, skip_empty=True, skip_comments=True, lowercase=True,
additional_filters=None, minimum_time_between_reloads=30)
self.requiredvars = {
'domainsfile': {
'default': '/etc/fuglu/spearphish-domains',
'description': 'Filename where we load spearphish domains from. One domain per line. If this setting is empty, the check will be applied to all domains.',
},
'virusenginename': {
'default': 'Fuglu SpearPhishing Protection',
'description': 'Name of this plugins av engine',
},
'virusname': {
'default': 'TRAIT.SPEARPHISH',
'description': 'Name to use as virus signature',
},
'virusaction': {
'default': 'DEFAULTVIRUSACTION',
'description': "action if spear phishing attempt is detected (DUNNO, REJECT, DELETE)",
},
'rejectmessage': {
'default': 'threat detected: ${virusname}',
'description': "reject message template if running in pre-queue mode and virusaction=REJECT",
},
'dbconnection':{
'default':"mysql://root@localhost/spfcheck?charset=utf8",
'description':'SQLAlchemy Connection string. Leave empty to disable SQL lookups',
},
'domain_sql_query':{
'default':"SELECT check_spearphish from domain where domain_name=:domain",
'description':'get from sql database :domain will be replaced with the actual domain name. must return boolean field check_spearphish',
},
'check_display_part': {
'default': 'False',
'description': "set to True to also check display part of From header (else email part only)",
},
}
def __init__(self, config, section=None):
ScannerPlugin.__init__(self, config, section)
self.logger = self._logger()
self.requiredvars = {
'blacklistconfig': {
'default': '/etc/fuglu/rbl.conf',
'description': 'RBL Lookup config file',
},
'checksubdomains': {
'default':
'yes',
'description':
'check subdomains as well (from top to bottom, eg. example.com, bla.example.com, blubb.bla.example.com',
},
'action': {
'default': 'reject',
'description': 'action on hit (reject, delete, etc)',
},
'message': {
'default': '5.7.1 black listed URL ${domain} by ${blacklist}',
'description': 'message template for rejects/ok messages',
},
'maxdomains': {
'default': '10',
'description':
'maximum number of domains to check per message',
},
'extra_tld_file': {
'default':
'',
'description':
'directory containing files with extra TLDs (2TLD or inofficial TLDs)'
},
}
self.rbllookup = None
self.tldmagic = None
self.extratlds = None
self.lasttlds = None
def __init__(self, section=None):
ScannerPlugin.__init__(self, section)
self.logger = self._logger()
self.filelist = FileList(strip=True, skip_empty=True, skip_comments=True, lowercase=True,
additional_filters=None, minimum_time_between_reloads=30)
self.requiredvars = {
'domainsfile': {
'default': '/etc/fuglu/spearphish-domains',
'description': 'Filename where we load spearphish domains from. One domain per line. If this setting is empty, the check will be applied to all domains.',
},
'virusenginename': {
'default': 'Fuglu SpearPhishing Protection',
'description': 'Name of this plugins av engine',
},
'virusname': {
'default': 'TRAIT.SPEARPHISH',
'description': 'Name to use as virus signature',
},
'virusaction': {
'default': 'DEFAULTVIRUSACTION',
'description': "action if spear phishing attempt is detected (DUNNO, REJECT, DELETE)",
},
'rejectmessage': {
'default': 'threat detected: ${virusname}',
'description': "reject message template if running in pre-queue mode and virusaction=REJECT",
},
'dbconnection':{
'default':"mysql://root@localhost/spfcheck?charset=utf8",
'description':'SQLAlchemy Connection string. Leave empty to disable SQL lookups',
},
'domain_sql_query':{
'default':"SELECT check_spearphish from domain where domain_name=:domain",
'description':'get from sql database :domain will be replaced with the actual domain name. must return boolean field check_spearphish',
},
'check_display_part': {
'default': 'False',
'description': "set to True to also check display part of From header (else email part only)",
},
}
def __init__(self, config, section=None):
ScannerPlugin.__init__(self, config, section)
self.requiredvars = {
'host': {
'default': 'localhost',
'description': 'hostname where fpscand runs',
},
'port': {
'default': '3000',
'description': "DrWeb daemon port",
},
'timeout': {
'default': '30',
'description': "network timeout",
},
'maxsize': {
'default': '22000000',
'description': "maximum message size to scan",
},
'retries': {
'default': '3',
'description': "maximum retries on failed connections",
},
'virusaction': {
'default': 'DEFAULTVIRUSACTION',
'description': "plugin action if threat is detected",
},
'problemaction': {
'default': 'DEFER',
'description': "plugin action if scan fails",
},
'rejectmessage': {
'default': 'threat detected: ${virusname}',
'description': "reject message template if running in pre-queue mode and virusaction=REJECT",
},
}
self.logger = self._logger()
self.pattern = re.compile(r'(?:DATA\[\d+\])(.+) infected with (.+)$')
def __init__(self, config, section=None):
ScannerPlugin.__init__(self, config, section)
self.extractor = None
self.logger = logging.getLogger('fuglu.plugin.URIExtract')
self.requiredvars = {
'domainskiplist': {
'default': '/etc/fuglu/extract-skip-domains.txt',
'description': 'Domain skip list',
},
'maxsize': {
'default':
'10485000',
'description':
'Maximum size of processed mails. Larger mail will be skipped.',
},
'loguris': {
'default': 'no',
'description': 'print extracted uris in fuglu log',
},
}
def __init__(self, config, section=None):
ScannerPlugin.__init__(self, config, section)
self.logger = logging.getLogger('fuglu.plugin.DomainAction')
self.requiredvars = {
'addheaderlinks': {
'default': 0,
'description': 'Add header with blacklisted uris',
},
'addheadercount': {
'default': 0,
'description': 'Add header with count of blacklisted uris',
},
'action': {
'default': 'DUNNO',
'description': 'action on hit (reject, delete, etc)',
},
'message': {
'default': '5.7.1 black listed URL ${domain} by ${blacklist}',
'description': 'message template for rejects/ok messages',
}
}
def __init__(self,config,section=None):
ScannerPlugin.__init__(self,config,section)
self.extractor=None
self.logger=logging.getLogger('fuglu.plugin.URIExtract')
self.requiredvars={
'domainskiplist':{
'default':'/etc/fuglu/extract-skip-domains.txt',
'description':'Domain skip list',
},
'maxsize':{
'default':'10485000',
'description':'Maximum size of processed mails. Larger mail will be skipped.',
},
'loguris':{
'default':'no',
'description':'print extracted uris in fuglu log',
}
}
def __init__(self, config, section=None):
ScannerPlugin.__init__(self, config, section)
self.requiredvars = {
"host": {"default": "localhost", "description": "hostname where the SSSP server runs"},
"port": {"default": "4010", "description": "tcp port or path to unix socket"},
"timeout": {"default": "30", "description": "socket timeout"},
"maxsize": {
"default": "22000000",
"description": "maximum message size, larger messages will not be scanned. ",
},
"retries": {"default": "3", "description": "how often should fuglu retry the connection before giving up"},
"virusaction": {
"default": "DEFAULTVIRUSACTION",
"description": "action if infection is detected (DUNNO, REJECT, DELETE)",
},
"problemaction": {"default": "DEFER", "description": "action if there is a problem (DUNNO, DEFER)"},
"rejectmessage": {
"default": "threat detected: ${virusname}",
"description": "reject message template if running in pre-queue mode and virusaction=REJECT",
},
}
self.logger = self._logger()
def __init__(self,config,section=None):
ScannerPlugin.__init__(self,config,section)
self.requiredvars={
'yararulesdir':{
'default':'/etc/fuglu/yararules',
'description':'Directory containing one or more YARA rule files',
},
'archivecontentmaxsize': {
'default': '5000000',
'description': 'only extract and examine files up to this amount of (uncompressed) bytes',
},
'virusaction': {
'default': 'DEFAULTVIRUSACTION',
'description': "action if infection is detected (DUNNO, REJECT, DELETE)",
},
'problemaction': {
'default': 'DEFER',
'description': "action if there is a problem (DUNNO, DEFER)",
},
'rejectmessage': {
'default': 'threat detected in ${infectedfile}: ${virusname}',
'description': "reject message template if running in pre-queue mode and virusaction=REJECT",
},
}
self.filter=None
self.logger=self._logger()
self.lastreload=0
self.compiled_rules=None
# remember that the order is important here, if we support tar.gz and
# gz in the future make sure tar.gz comes first!
self.supported_archive_extensions = ['zip', ]
if RARFILE_AVAILABLE:
self.supported_archive_extensions.append('rar')
def __init__(self, config, section=None):
ScannerPlugin.__init__(self, config, section)
self.requiredvars = {
'redis': {
'default': 'localhost:6379:0',
'description': 'redis config: host:port:db',
},
'ttl': {
'default': '604800',
'description': 'hash ttl in seconds',
},
'maxsize': {
'default': '600000',
'description':
'maxsize in bytes, larger messages will be skipped'
},
'timeout': {
'default': '2',
'description': 'timeout in seconds'
},
}
self.backend = None
self.logger = self._logger()
def __init__(self, config, section=None):
ScannerPlugin.__init__(self, config, section)
self.requiredvars = {
'redis': {
'default': 'localhost:6379:0',
'description': 'redis config: host:port:db',
},
'ttl': {
'default': '604800',
'description': 'hash ttl in seconds',
},
'maxsize': {
'default': '600000',
'description':
'maxsize in bytes, larger messages will be skipped'
},
'timeout': {
'default': '2',
'description': 'timeout in seconds'
},
}
self.backend = None
self.logger = self._logger()
def __init__(self, section=None):
ScannerPlugin.__init__(self, section)
self.filelist = FileList(strip=True,
skip_empty=True,
skip_comments=True,
lowercase=True,
additional_filters=None,
minimum_time_between_reloads=30)
self.requiredvars = {
'domainsfile': {
'default':
'/etc/fuglu/spearphish-domains',
'description':
'Filename where we load spearphish domains from. One domain per line. If this setting is empty, the check will be applied to all domains.',
},
'virusenginename': {
'default': 'Fuglu SpearPhishing Protection',
'description': 'Name of this plugins av engine',
},
'virusname': {
'default': 'TRAIT.SPEARPHISH',
'description': 'Name to use as virus signature',
},
'virusaction': {
'default':
'DEFAULTVIRUSACTION',
'description':
"action if spear phishing attempt is detected (DUNNO, REJECT, DELETE)",
},
'rejectmessage': {
'default':
'threat detected: ${virusname}',
'description':
"reject message template if running in pre-queue mode and virusaction=REJECT",
},
}
def __init__(self, config, section=None):
ScannerPlugin.__init__(self, config, section)
self.logger=self._logger()
self.requiredvars = {
'identifier': {
'default': 'CommandlineAV',
'description': 'identifier used in the virus tag',
},
'exectemplate': {
'default': '',
'description': 'full path to the scan executable and arguments. ${suspectpath} will be replaced with the message file',
},
'timeout': {
'default': '10',
'description': "process timeout",
},
'viruspattern': {
'default': '',
'description': 'regular expression for infected messages. use virusname and filename groups',
},
'maxsize': {
'default': '10485000',
'description': "maximum message size to scan",
},
'virusaction': {
'default': 'DEFAULTVIRUSACTION',
'description': "plugin action if threat is detected",
},
'problemaction': {
'default': 'DEFER',
'description': "plugin action if scan fails",
},
'rejectmessage': {
'default': 'threat detected: ${virusname}',
'description': "reject message template if running in pre-queue mode and virusaction=REJECT",
},
}
def __init__(self,config,section=None):
ScannerPlugin.__init__(self,config,section)
self.requiredvars={
'host':{
'default':'localhost',
'description':'LMTP target hostname',
},
'port':{
'default':'24',
'description':'LMTP target port',
},
'user':{
'default':'',
'description':'LMTP auth user. leave empty if no authentication is needed',
},
'password':{
'default':'',
'description':'LMTP auth password. leave empty if no authentication is needed',
},
'lmtpfrom':{
'default':'user@localhost',
'description':'LMTP envelope sender. Leave empty for original SMTP envelope sender',
},
'sendoriginal': {
'default': '0',
'description': """should we store the original message as retreived from postfix or store the
current state in fuglu (which might have been altered by previous plugins)""",
},
'successaction':{
'default':'DUNNO',
'description':'what action to return after successful transfor to LMTP? DELETE or DUNNO',
},
}
self.logger=self._logger()
def __init__(self, config):
ScannerPlugin.__init__(self, config)
self.logger = self._logger()
self.spamassassin = PythonSA()
self.spamassassin.load_config()
def __init__(self, config, section=None):
ScannerPlugin.__init__(self, config, section)
self.requiredvars = {
'template_blockedfile': {
'default':
'/etc/fuglu/templates/blockedfile.tmpl',
'description':
'Mail template for the bounce to inform sender about blocked attachment',
},
'sendbounce': {
'default':
'1',
'description':
'inform the sender about blocked attachments.\nIf a previous plugin tagged the message as spam or infected, no bounce will be sent to prevent backscatter',
},
'rulesdir': {
'default': '/etc/fuglu/rules',
'description': 'directory that contains attachment rules',
},
'blockaction': {
'default':
'DELETE',
'description':
'what should the plugin do when a blocked attachment is detected\nREJECT : reject the message (recommended in pre-queue mode)\nDELETE : discard messages\nDUNNO : mark as blocked but continue anyway (eg. if you have a later quarantine plugin)',
},
'dbconnectstring': {
'default': '',
'description':
'sqlalchemy connectstring to load rules from a database and use files only as fallback. requires SQL extension to be enabled',
'confidential': True,
},
'query': {
'default':
'SELECT action,regex,description FROM attachmentrules WHERE scope=:scope AND checktype=:checktype ORDER BY prio',
'description':
"sql query to load rules from a db. #:scope will be replaced by the recipient address first, then by the recipient domain\n:check will be replaced 'filename','contenttype','archive-filename' or 'archive-contenttype'",
},
'checkarchivenames': {
'default':
'0',
'description':
"enable scanning of filenames within archives (zip,rar). This does not actually extract the files, it just looks at the filenames found in the archive."
},
'checkarchivecontent': {
'default':
'0',
'description':
'extract compressed archives(zip,rar) and check file content type with libmagics\nnote that the files will be extracted into memory - tune archivecontentmaxsize accordingly.\nfuglu does not extract archives within the archive(recursion)',
},
'archivecontentmaxsize': {
'default':
'5000000',
'description':
'only extract and examine files up to this amount of (uncompressed) bytes',
},
'enabledarchivetypes': {
'default':
'',
'description':
'comma separated list of archive extensions. do only process archives of given types.',
}
}
self.logger = self._logger()
self.rulescache = None
self.extremeverbosity = False
self.blockedfiletemplate = ''
self.sendbounce = True
self.checkarchivenames = False
self.checkarchivecontent = False
# key: regex matching content type as returned by file magic, value: archive type
self.supported_archive_ctypes = {
'^application\/zip': 'zip',
'^application\/x-tar': 'tar',
'^application\/x-gzip': 'tar',
'^application\/x-bzip2': 'tar',
}
# key: file ending, value: archive type
self.supported_archive_extensions = {
'zip': 'zip',
'z': 'zip',
'tar': 'tar',
'tar.gz': 'tar',
'tgz': 'tar',
'tar.bz2': 'tar',
}
if RARFILE_AVAILABLE:
self.supported_archive_extensions['rar'] = 'rar'
self.supported_archive_ctypes['^application\/x-rar'] = 'rar'
if SEVENZIP_AVAILABLE:
self.supported_archive_extensions['7z'] = '7z'
self.supported_archive_ctypes[
'^application\/x-7z-compressed'] = '7z'
def __init__(self, config, section=None):
ScannerPlugin.__init__(self, config, section)
self.logger = self._logger()
self.requiredvars = {
'host': {
'default': '127.0.0.1',
'description': 'hostname where rspamd runs',
},
'port': {
'default':
'11333',
'description':
'port number of rspamd TCP socket ("normal" worker)',
},
'timeout': {
'default': '30',
'description':
'how long should we wait for an answer from rspamd',
},
'maxsize': {
'default':
'256000',
'description':
"maximum size in bytes. larger messages will be skipped",
},
'scanoriginal': {
'default':
'1',
'description':
"should we scan the original message as retreived from postfix or scan the current state \nin fuglu (which might have been altered by previous plugins)\nonly set this to disabled if you have a custom plugin that adds special headers to the message that will be \nused in rspamd rules",
},
'forwardoriginal': {
'default':
'0',
'description':
"""forward the original message or replace the content as returned by spamassassin\nif this is set to True/1/Yes , no spamassassin headers will be visible in the final message.\n"original" in this case means "as passed to spamassassin", eg. if 'scanoriginal' is set to 0 above this will forward the\nmessage as retreived from previous plugins """,
},
'highspamlevel': {
'default':
'15',
'description':
'spamscore threshold to mark a message as high spam',
},
'highspamaction': {
'default':
'DEFAULTHIGHSPAMACTION',
'description':
"what should we do with high spam (spam score above highspamlevel)",
},
'lowspamaction': {
'default':
'DEFAULTLOWSPAMACTION',
'description':
"what should we do with low spam (eg. detected as spam, but score not over highspamlevel)",
},
'problemaction': {
'default': 'DEFER',
'description': "action if there is a problem (DUNNO, DEFER)",
},
'rejectmessage': {
'default':
'message identified as spam',
'description':
"reject message template if running in pre-queue mode",
},
'mynetworks': {
'default':
'',
'description':
"a regular expression defining IP ranges of your internal networks, used to detect external ips",
},
}
def __init__(self, config, section=None):
ScannerPlugin.__init__(self, config, section)
self.requiredvars = {
'template_blockedfile': {
'default':
'/etc/fuglu/templates/blockedfile.tmpl',
'description':
'Mail template for the bounce to inform sender about blocked attachment',
},
'sendbounce': {
'default':
'True',
'description':
'inform the sender about blocked attachments.\nIf a previous plugin tagged the message as spam or infected, no bounce will be sent to prevent backscatter',
},
'rulesdir': {
'default': '/etc/fuglu/rules',
'description': 'directory that contains attachment rules',
},
'blockaction': {
'default':
'DELETE',
'description':
'what should the plugin do when a blocked attachment is detected\nREJECT : reject the message (recommended in pre-queue mode)\nDELETE : discard messages\nDUNNO : mark as blocked but continue anyway (eg. if you have a later quarantine plugin)',
},
'dbconnectstring': {
'default': '',
'description':
'sqlalchemy connectstring to load rules from a database and use files only as fallback. requires SQL extension to be enabled',
'confidential': True,
},
'query': {
'default':
'SELECT action,regex,description FROM attachmentrules WHERE scope=:scope AND checktype=:checktype ORDER BY prio',
'description':
"sql query to load rules from a db. #:scope will be replaced by the recipient address first, then by the recipient domain\n:check will be replaced 'filename','contenttype','archive-filename' or 'archive-contenttype'",
},
'checkarchivenames': {
'default':
'False',
'description':
"enable scanning of filenames within archives (zip,rar). This does not actually extract the files, it just looks at the filenames found in the archive."
},
'checkarchivecontent': {
'default':
'False',
'description':
'extract compressed archives(zip,rar) and check file content type with libmagics\nnote that the files will be extracted into memory - tune archivecontentmaxsize accordingly.\nfuglu does not extract archives within the archive(recursion)',
},
'archivecontentmaxsize': {
'default':
'5000000',
'description':
'only extract and examine files up to this amount of (uncompressed) bytes',
},
'archiveextractlevel': {
'default':
'1',
'description':
'recursive extraction level for archives. Undefined or negative value means extract until it\'s not an archive anymore'
},
'enabledarchivetypes': {
'default':
'',
'description':
'comma separated list of archive extensions. do only process archives of given types.',
}
}
self.logger = self._logger()
self.rulescache = None
self.extremeverbosity = False
self.blockedfiletemplate = ''
self.sendbounce = True
self.checkarchivenames = False
self.checkarchivecontent = False
# copy dict with available extensions from Archivehandle
# (deepcopy is not needed here although in general it is a good idea
# to use it in case a dict contains another dict)
#
# key: file ending, value: archive type
self.active_archive_extensions = dict(
Archivehandle.avail_archive_extensions)
def __init__(self, config, section=None):
ScannerPlugin.__init__(self, config, section)
self.logger = self._logger()
def __init__(self,config,section=None):
ScannerPlugin.__init__(self,config,section)
def __init__(self, config, section=None):
ScannerPlugin.__init__(self, config, section)
self.logger = self._logger()
def __init__(self, config, section=None):
ScannerPlugin.__init__(self, config, section)
self.requiredvars = {
'host': {
'default': 'localhost',
'description': 'hostname where clamd runs',
},
'port': {
'default':
'3310',
'description':
"tcp port number or path to clamd.sock for unix domain sockets\nexample /var/lib/clamav/clamd.sock or on ubuntu: /var/run/clamav/clamd.ctl ",
},
'timeout': {
'default': '30',
'description': 'socket timeout',
},
'pipelining': {
'default':
'0',
'description':
"*EXPERIMENTAL*: Perform multiple scans over the same connection. May improve performance on busy systems.",
},
'maxsize': {
'default':
'22000000',
'description':
"maximum message size, larger messages will not be scanned. \nshould match the 'StreamMaxLength' config option in clamd.conf ",
},
'retries': {
'default':
'3',
'description':
'how often should fuglu retry the connection before giving up',
},
'virusaction': {
'default':
'DEFAULTVIRUSACTION',
'description':
"action if infection is detected (DUNNO, REJECT, DELETE)",
},
'problemaction': {
'default': 'DEFER',
'description': "action if there is a problem (DUNNO, DEFER)",
},
'rejectmessage': {
'default':
'threat detected: ${virusname}',
'description':
"reject message template if running in pre-queue mode and virusaction=REJECT",
},
'clamscanfallback': {
'default':
'0',
'description':
"*EXPERIMENTAL*: fallback to clamscan if clamd is unavailable. YMMV, each scan can take 5-20 seconds and massively increase load on a busy system.",
},
'clamscan': {
'default': '/usr/bin/clamscan',
'description': "the path to clamscan executable",
},
'clamscantimeout': {
'default': '30',
'description': "process timeout",
},
}
self.logger = self._logger()
def __init__(self, config, section=None):
ScannerPlugin.__init__(self, config, section)
self.requiredvars = {
'host': {
'default': 'localhost',
'description': 'hostname where spamd runs',
},
'port': {
'default': '783',
'description': "tcp port number or path to spamd unix socket",
},
'timeout': {
'default': '30',
'description': 'how long should we wait for an answer from sa',
},
'maxsize': {
'default': '256000',
'description': "maximum size in bytes. larger messages will be skipped",
},
'strip_oversize':{
'default': '1',
'description': "enable scanning of messages larger than maxsize. all attachments will be stripped and only headers, plaintext and html part will be scanned. If message is still oversize it will be truncated.",
},
'retries': {
'default': '3',
'description': 'how often should fuglu retry the connection before giving up',
},
'scanoriginal': {
'default': 'True',
'description': "should we scan the original message as retreived from postfix or scan the current state \nin fuglu (which might have been altered by previous plugins)\nonly set this to disabled if you have a custom plugin that adds special headers to the message that will be \nused in spamassassin rules",
},
'forwardoriginal': {
'default': 'False',
'description': """forward the original message or replace the content as returned by spamassassin\nif this is enabled, no spamassassin headers will be visible in the final message.\n"original" in this case means "as passed to spamassassin", eg. if 'scanoriginal' above is disabled this will forward the\nmessage as retreived from previous plugins """,
},
'spamheader': {
'default': 'X-Spam-Status',
'description': """what header does SA set to indicate the spam status\nNote that fuglu requires a standard header template configuration for spamstatus and score extraction\nif 'forwardoriginal' is set to 0\neg. start with _YESNO_ or _YESNOCAPS_ and contain score=_SCORE_""",
},
'spamheader_prepend': {
'default': 'X-Spam-',
'description': 'tells fuglu what spamassassin prepends to its headers. Set this according to your spamassassin config especially if you forwardoriginal=0 and strip_oversize=1',
},
'peruserconfig': {
'default': 'True',
'description': 'enable user_prefs in SA. This hands the recipient address over the spamd connection which allows SA to search for configuration overrides',
},
'highspamlevel': {
'default': '15',
'description': 'spamscore threshold to mark a message as high spam',
},
'highspamaction': {
'default': 'DEFAULTHIGHSPAMACTION',
'description': "what should we do with high spam (spam score above highspamlevel)",
},
'lowspamaction': {
'default': 'DEFAULTLOWSPAMACTION',
'description': "what should we do with low spam (eg. detected as spam, but score not over highspamlevel)",
},
'problemaction': {
'default': 'DEFER',
'description': "action if there is a problem (DUNNO, DEFER)",
},
'rejectmessage': {
'default': 'message identified as spam',
'description': "reject message template if running in pre-queue mode",
},
'check_sql_blacklist': {
'default': 'False',
'description': "consult spamassassins(or any other) sql blacklist for messages that are too big for spam checks\nrequires the sql extension to be enabled",
},
'sql_blacklist_dbconnectstring': {
'default': 'mysql:///localhost/spamassassin',
'description': "sqlalchemy db connect string",
'confidential': True,
},
'sql_blacklist_sql': {
'default': """SELECT value FROM userpref WHERE prefid='blacklist_from' AND username in ('$GLOBAL',concat('%',${to_domain}),${to_address})""",
'description': "SQL query to get the blacklist entries for a suspect\nyou may use template variables: ${from_address} ${from_domain} ${to_address} ${to_domain}",
},
}
self.logger = self._logger()
