def __init__(self, config, section=None):
ScannerPlugin.__init__(self, config, section)
self.requiredvars = {
'template_blockedfile': {
'default': '/etc/fuglu/templates/blockedfile.tmpl',
'description': 'Mail template for the bounce to inform sender about blocked attachment',
},
'sendbounce': {
'default': '1',
'description': 'inform the sender about blocked attachments.\nIf a previous plugin tagged the message as spam or infected, no bounce will be sent to prevent backscatter',
},
'rulesdir': {
'default': '/etc/fuglu/rules',
'description': 'directory that contains attachment rules',
},
'blockaction': {
'default': 'DELETE',
'description': 'what should the plugin do when a blocked attachment is detected\nREJECT : reject the message (recommended in pre-queue mode)\nDELETE : discard messages\nDUNNO : mark as blocked but continue anyway (eg. if you have a later quarantine plugin)',
},
'dbconnectstring': {
'default': '',
'description': 'sqlalchemy connectstring to load rules from a database and use files only as fallback. requires SQL extension to be enabled',
'confidential': True,
},
'query': {
'default': 'SELECT action,regex,description FROM attachmentrules WHERE scope=:scope AND checktype=:checktype ORDER BY prio',
'description': "sql query to load rules from a db. #:scope will be replaced by the recipient address first, then by the recipient domain\n:check will be replaced 'filename','contenttype','archive-filename' or 'archive-contenttype'",
},
'checkarchivenames': {
'default': '0',
'description': "enable scanning of filenames within archives (zip,rar). This does not actually extract the files, it just looks at the filenames found in the archive."
},
'checkarchivecontent': {
'default': '0',
'description': 'extract compressed archives(zip,rar) and check file content type with libmagics\nnote that the files will be extracted into memory - tune archivecontentmaxsize accordingly.\nfuglu does not extract archives within the archive(recursion)',
},
'archivecontentmaxsize': {
'default': '5000000',
'description': 'only extract and examine files up to this amount of (uncompressed) bytes',
},
}
self.logger = self._logger()
self.rulescache = None
self.extremeverbosity = False
# remember that the order is important here, if we support tar.gz and
# gz in the future make sure tar.gz comes first!
self.supported_archive_extensions = ['zip', ]
if RARFILE_AVAILABLE:
self.supported_archive_extensions.append('rar')
def __init__(self, section=None):
ScannerPlugin.__init__(self, section)
self.filelist = FileList(strip=True, skip_empty=True, skip_comments=True, lowercase=True,
additional_filters=None, minimum_time_between_reloads=30)
self.requiredvars = {
'domainsfile': {
'default': '/etc/fuglu/spearphish-domains',
'description': 'Filename where we load spearphish domains from. One domain per line. If this setting is empty, the check will be applied to all domains.',
},
'virusenginename': {
'default': 'Fuglu SpearPhishing Protection',
'description': 'Name of this plugins av engine',
},
'virusname': {
'default': 'TRAIT.SPEARPHISH',
'description': 'Name to use as virus signature',
},
'virusaction': {
'default': 'DEFAULTVIRUSACTION',
'description': "action if spear phishing attempt is detected (DUNNO, REJECT, DELETE)",
},
'rejectmessage': {
'default': 'threat detected: ${virusname}',
'description': "reject message template if running in pre-queue mode and virusaction=REJECT",
},
}
def __init__(self, config, section=None):
ScannerPlugin.__init__(self, config, section)
self.logger = self._logger()
self.requiredvars = {
'maxsize': {
'default': self.MAX_SIZE * 2,
'description': 'Maximum message size',
},
'caldav_url': {
'default':
'',
'description':
'CalDAV server URL (%s will be replaced with recipient email)'
},
'caldav_username': {
'default': '',
'description': 'CalDAV server username'
},
'caldav_password': {
'default': '',
'description': 'CalDAV server password'
},
'caldav_ssl_skip_verify': {
'default': 'False',
'description':
'Skip CalDAV server SSL certificate verification'
}
}
def __init__(self, config, section=None):
ScannerPlugin.__init__(self, config, section)
self.logger = self._logger()
self.skiplist = FileList(filename=None,
strip=True,
skip_empty=True,
skip_comments=True,
lowercase=True)
self.requiredvars = {
'max_lookups': {
'default': '10',
'description':
'maximum number of lookups (RFC defaults to 10)',
},
'skiplist': {
'default':
'',
'description':
'File containing a list of domains (one per line) which are not checked'
},
'temperror_retries': {
'default': '3',
'description': 'maximum number of retries on temp error',
},
'temperror_sleep': {
'default': '3',
'description':
'waiting interval between retries on temp error',
},
}
def __init__(self, config, section=None):
ScannerPlugin.__init__(self, config, section)
self.logger = logging.getLogger('fuglu.plugin.DomainAction')
self.requiredvars = {
'blacklistconfig': {
'default': '/etc/fuglu/rbl.conf',
'description': 'RBL Lookup config file',
},
'checksubdomains': {
'default':
'yes',
'description':
'check subdomains as well (from top to bottom, eg. example.com, bla.example.com, blubb.bla.example.com',
},
'action': {
'default': 'reject',
'description': 'action on hit (reject, delete, etc)',
},
'message': {
'default': '5.7.1 black listed URL ${domain} by ${blacklist}',
'description': 'message template for rejects/ok messages',
},
'maxdomains': {
'default': '10',
'description':
'maximum number of domains to check per message',
},
}
self.rbllookup = None
self.tldmagic = None
def __init__(self, config, section=None):
ScannerPlugin.__init__(self, config, section)
self.requiredvars = {
'limiterfile': {
'default': '/etc/fuglu/ratelimit.conf',
'description': 'file based rate limits',
},
'backendtype': {
'default':
'memory',
'description':
'type of backend where the events are stored. memory is only recommended for low traffic standalone systems. alternatives are: redis, sqlalchemy'
},
'backendconfig': {
'default':
'',
'description':
'backend specific configuration. sqlalchemy: the database url, redis: hostname:port:db'
}
}
self.logger = self._logger()
self.backend_instance = None
self.limiters = None
self.filter = SuspectFilter(None)
def __init__(self, config, section=None):
ScannerPlugin.__init__(self, config, section)
self.backend = None
self.logger = self._logger()
self.requiredvars = {
'redis': {
'default': 'localhost:6379:0',
'description': 'redis config: host:port:db',
},
# commented, for now we only want the count
# 'lowthreshold':{
# 'default':'1',
# 'description': 'threshold for adding <headername>: LOW',
# },
# 'highthreshold':{
# 'default':'3',
# 'description': 'threshold for adding <headername>: HIGH',
# },
'headername': {
'default': 'X-FuZor',
'description': 'header name',
},
'maxsize': {
'default': '600000',
'description':
'maxsize in bytes, larger messages will be skipped'
},
'timeout': {
'default': '2',
'description': 'timeout in seconds'
},
}
def __init__(self, config, section=None):
ScannerPlugin.__init__(self, config, section)
self.requiredvars = {
"yararulesdir": {
"default": "/etc/fuglu/yararules",
"description": "Directory containing one or more YARA rule files",
},
"archivecontentmaxsize": {
"default": "5000000",
"description": "only extract and examine files up to this amount of (uncompressed) bytes",
},
"virusaction": {
"default": "DEFAULTVIRUSACTION",
"description": "action if infection is detected (DUNNO, REJECT, DELETE)",
},
"problemaction": {"default": "DEFER", "description": "action if there is a problem (DUNNO, DEFER)"},
"rejectmessage": {
"default": "threat detected in ${infectedfile}: ${virusname}",
"description": "reject message template if running in pre-queue mode and virusaction=REJECT",
},
}
self.filter = None
self.logger = self._logger()
self.lastreload = 0
self.compiled_rules = None
# remember that the order is important here, if we support tar.gz and
# gz in the future make sure tar.gz comes first!
self.supported_archive_extensions = ["zip"]
if RARFILE_AVAILABLE:
self.supported_archive_extensions.append("rar")
def __init__(self, config, section=None):
ScannerPlugin.__init__(self, config, section)
self.requiredvars = {
'domainsfile': {
'description':
"File containing a list of domains (one per line) which must be DKIM and/or SPF authenticated",
'default': "/etc/fuglu/auth_required_domains.txt",
},
'failaction': {
'default':
'DUNNO',
'description':
"action if the message doesn't pass authentication (DUNNO, REJECT)",
},
'rejectmessage': {
'default':
'sender domain ${header_from_domain} must pass DKIM and/or SPF authentication',
'description':
"reject message template if running in pre-queue mode",
},
}
self.logger = self._logger()
self.filelist = FileList(filename=None,
strip=True,
skip_empty=True,
skip_comments=True,
lowercase=True)
def __init__(self,config,section=None):
ScannerPlugin.__init__(self,config,section)
self.logger=logging.getLogger('fuglu.plugin.DomainAction')
self.requiredvars={
'blacklistconfig':{
'default':'/etc/fuglu/rbl.conf',
'description':'RBL Lookup config file',
},
'checksubdomains':{
'default':'yes',
'description':'check subdomains as well (from top to bottom, eg. example.com, bla.example.com, blubb.bla.example.com',
},
'action':{
'default':'reject',
'description':'action on hit (reject, delete, etc)',
},
'message':{
'default':'5.7.1 black listed URL ${domain} by ${blacklist}',
'description':'message template for rejects/ok messages',
},
'maxdomains':{
'default':'10',
'description':'maximum number of domains to check per message',
}
}
self.rbllookup=None
self.tldmagic=None
def __init__(self, config, section=None):
ScannerPlugin.__init__(self, config, section)
self.requiredvars = {
"path": {
"default": "/usr/local/fuglu/deliver/${to_address}",
"description": "Path to maildir / mbox file, supports templates",
},
# maybe we need to support our own locking later, for now we use python's built-ins
#'locktype':{
# 'default':'',
# 'description':"flock, ...",
# },
"boxtype": {"default": "mbox", "description": "mbox, maildir"},
# maybe we need to support various mbox types later, for now we use python's built-in module
#'subtype':{
# 'default':'',
# 'description':"what type of mbox... ",
# },
"filterfile": {"default": "", "description": "only store messages which use filter..."},
}
self.logger = self._logger()
self.filter = None
self.boxtypemap = {"mbox": self.deliver_mbox, "maildir": self.deliver_maildir}
def __init__(self,config,section=None):
ScannerPlugin.__init__(self,config,section)
self.requiredvars={
'path':{
'default':'/usr/local/fuglu/deliver/${to_address}',
'description':'Path to maildir / mbox file, supports templates',
},
#maybe we need to support our own locking later, for now we use python's built-ins
#'locktype':{
# 'default':'',
# 'description':"flock, ...",
#},
'boxtype':{
'default':'mbox',
'description':"mbox, maildir",
},
#maybe we need to support various mbox types later, for now we use python's built-in module
#'subtype':{
# 'default':'',
# 'description':"what type of mbox... ",
#},
'filterfile':{
'default':'',
'description':"only store messages which use filter...",
},
}
self.logger=self._logger()
self.filter=None
self.boxtypemap={
'mbox':self.deliver_mbox,
'maildir':self.deliver_maildir,
}
def __init__(self,config,section=None):
ScannerPlugin.__init__(self,config,section)
self.requiredvars={
'privatekeyfile':{
'description':"Location of the private key file. supports standard template variables plus additional ${header_from_domain} which extracts the domain name from the From: -Header",
'default':"/etc/fuglu/dkim/${header_from_domain}.key",
},
'canonicalizeheaders':{
'description':"Type of header canonicalization (simple or relaxed)",
'default':"relaxed",
},
'canonicalizebody':{
'description':"Type of body canonicalization (simple or relaxed)",
'default':"relaxed",
},
'selector':{
'description':'selector to use when signing, supports templates',
'default':'default',
},
'signheaders':{
'description':'comma separated list of headers to sign. empty string=sign all headers',
'default':'',
},
'signbodylength':{
'description':'include l= tag in dkim header',
'default':'False',
},
}
def __init__(self, config, section=None):
ScannerPlugin.__init__(self, config, section)
self.requiredvars = {
'privatekeyfile': {
'description': "Location of the private key file. supports standard template variables plus additional ${header_from_domain} which extracts the domain name from the From: -Header",
'default': "/etc/fuglu/dkim/${header_from_domain}.key",
},
'canonicalizeheaders': {
'description': "Type of header canonicalization (simple or relaxed)",
'default': "relaxed",
},
'canonicalizebody': {
'description': "Type of body canonicalization (simple or relaxed)",
'default': "relaxed",
},
'selector': {
'description': 'selector to use when signing, supports templates',
'default': 'default',
},
'signheaders': {
'description': 'comma separated list of headers to sign. empty string=sign all headers',
'default': 'From,Reply-To,Subject,Date,To,CC,Resent-Date,Resent-From,Resent-To,Resent-CC,In-Reply-To,References,List-Id,List-Help,List-Unsubscribe,List-Subscribe,List-Post,List-Owner,List-Archive',
},
'signbodylength': {
'description': 'include l= tag in dkim header',
'default': 'False',
},
}
def __init__(self, config, section=None):
ScannerPlugin.__init__(self, config, section)
self.backend = None
self.logger = self._logger()
self.requiredvars = {
'redis': {
'default': 'localhost:6379:0',
'description': 'redis config: host:port:db',
},
# commented, for now we only want the count
# 'lowthreshold':{
# 'default':'1',
# 'description': 'threshold for adding <headername>: LOW',
# },
# 'highthreshold':{
# 'default':'3',
# 'description': 'threshold for adding <headername>: HIGH',
# },
'headername': {
'default': 'X-FuZor',
'description': 'header name',
},
'maxsize': {
'default': '600000',
'description':
'maxsize in bytes, larger messages will be skipped'
},
'timeout': {
'default': '2',
'description': 'timeout in seconds'
},
}
def __init__(self, config, section=None):
ScannerPlugin.__init__(self, config, section)
self.requiredvars = {
'template_blockedfile': {
'default': '/etc/fuglu/templates/blockedfile.tmpl',
'description': 'Mail template for the bounce to inform sender about blocked attachment',
},
'sendbounce': {
'default': '1',
'description': 'inform the sender about blocked attachments.\nIf a previous plugin tagged the message as spam or infected, no bounce will be sent to prevent backscatter',
},
'rulesdir': {
'default': '/etc/fuglu/rules',
'description': 'directory that contains attachment rules',
},
'blockaction': {
'default': 'DELETE',
'description': 'what should the plugin do when a blocked attachment is detected\nREJECT : reject the message (recommended in pre-queue mode)\nDELETE : discard messages\nDUNNO : mark as blocked but continue anyway (eg. if you have a later quarantine plugin)',
},
'dbconnectstring': {
'default': '',
'description': 'sqlalchemy connectstring to load rules from a database and use files only as fallback. requires SQL extension to be enabled',
'confidential': True,
},
'query': {
'default': 'SELECT action,regex,description FROM attachmentrules WHERE scope=:scope AND checktype=:checktype ORDER BY prio',
'description': "sql query to load rules from a db. #:scope will be replaced by the recipient address first, then by the recipient domain\n:check will be replaced 'filename','contenttype','archive-filename' or 'archive-contenttype'",
},
'checkarchivenames': {
'default': '0',
'description': "enable scanning of filenames within archives (zip,rar). This does not actually extract the files, it just looks at the filenames found in the archive."
},
'checkarchivecontent': {
'default': '0',
'description': 'extract compressed archives(zip,rar) and check file content type with libmagics\nnote that the files will be extracted into memory - tune archivecontentmaxsize accordingly.\nfuglu does not extract archives within the archive(recursion)',
},
'archivecontentmaxsize': {
'default': '5000000',
'description': 'only extract and examine files up to this amount of (uncompressed) bytes',
},
}
self.logger = self._logger()
self.rulescache = None
self.extremeverbosity = False
#remember that the order is important here, if we support tar.gz and gz in the future make sure tar.gz comes first!
self.supported_archive_extensions=['zip',]
if RARFILE_AVAILABLE:
self.supported_archive_extensions.append('rar')
def __init__(self, config, section=None):
ScannerPlugin.__init__(self, config, section)
self.requiredvars = {
'rbllist': {
'default': '/etc/fuglu/rbllist.list',
'description': "File which contains the used RBL lists",
},
}
def __init__(self, config, section=None):
ScannerPlugin.__init__(self, config, section)
self.requiredvars = { # this defines the configuration options for a plugin
'greeting': { # name of the config
'default': 'hello world!', # default value, always use strings here
'description': 'greeting message the plugin should log to the console', # included as comment when generating default config files
}
}
def __init__(self,config,section=None):
ScannerPlugin.__init__(self,config,section)
self.requiredvars={
'greeting':{
'default':'hello world!',
'description':'greeting the plugin should log to the console',
}
}
def __init__(self, config, section=None):
ScannerPlugin.__init__(self, config, section)
self.logger = self._logger()
self.whitelist = None
self.requiredvars = {
'whitelist_file': {
'default':
'/etc/fuglu/conf.d/ebl-whitelist.txt',
'description':
'path to file containing whitelisted sender domains',
},
'dnszone': {
'default': 'ebl.msbl.org',
'description':
'the DNS zone to query. defaults to ebl.msbl.org',
},
'hash': {
'default':
'sha1',
'description':
'hash function used by DNS zone. Use one of md5, sha1, sha224, sha256, sha384, sha512'
},
'response': {
'default': '127.0.0.2',
'description': 'expected response of zone query',
},
'action': {
'default':
'dunno',
'description':
'action on hit (dunno, reject, defer, delete). if set to dunno will tag as spam. do not use reject/defer in after queue mode',
},
'messagetemplate': {
'default': '${sender} listed by ${dnszone} : ${message}',
'description': 'reject message template',
},
'maxlookups': {
'default':
'10',
'description':
'maximum number of email addresses to check per message',
},
'check_always': {
'default':
'False',
'description':
'set to True to check every suspect. set to False to only check mail that has not yet been classified as spam or virus',
},
'normalisation': {
'default':
'ebl',
'description':
'type of normalisation to be applied to email addresses before hashing. choose one of ebl (full normalisation according to ebl.msbl.org standard), low (lowercase only)'
}
}
def __init__(self, config, section=None):
ScannerPlugin.__init__(self, config, section)
self.logger = self._logger()
self.requiredvars = {
'scriptdir': {
'default': '/etc/fuglu/scriptfilter',
'description': 'Dir that contains the scripts (*.fgf files)',
}
}
def __init__(self, config, section=None):
ScannerPlugin.__init__(self, config, section)
self.logger = self._logger()
self.requiredvars = {
'scriptdir': {
'default': '/etc/fuglu/scriptfilter',
'description': 'Dir that contains the scripts (*.fgf files)',
}
}
def __init__(self, config, section=None):
ScannerPlugin.__init__(self, config, section)
self.requiredvars = {
'host': {
'default': 'localhost',
'description': 'hostname where the ICAP server runs',
},
'port': {
'default': '1344',
'description': "tcp port or path to unix socket",
},
'timeout': {
'default': '10',
'description': 'socket timeout',
},
'maxsize': {
'default':
'22000000',
'description':
"maximum message size, larger messages will not be scanned. ",
},
'retries': {
'default':
'3',
'description':
'how often should fuglu retry the connection before giving up',
},
'virusaction': {
'default':
'DEFAULTVIRUSACTION',
'description':
"action if infection is detected (DUNNO, REJECT, DELETE)",
},
'problemaction': {
'default': 'DEFER',
'description': "action if there is a problem (DUNNO, DEFER)",
},
'rejectmessage': {
'default':
'threat detected: ${virusname}',
'description':
"reject message template if running in pre-queue mode and virusaction=REJECT",
},
'service': {
'default':
'AVSCAN',
'description':
'ICAP Av scan service, usually AVSCAN (sophos, symantec)',
},
'enginename': {
'default':
'icap-generic',
'description':
"name of the virus engine behind the icap service. used to inform other plugins. can be anything like 'sophos', 'symantec', ...",
},
}
self.logger = self._logger()
def __init__(self, section=None):
ScannerPlugin.__init__(self, section)
self.logger = self._logger()
self.filelist = FileList(strip=True,
skip_empty=True,
skip_comments=True,
lowercase=True,
additional_filters=None,
minimum_time_between_reloads=30)
self.requiredvars = {
'domainsfile': {
'default':
'/etc/fuglu/spearphish-domains',
'description':
'Filename where we load spearphish domains from. One domain per line. If this setting is empty, the check will be applied to all domains.',
},
'virusenginename': {
'default': 'Fuglu SpearPhishing Protection',
'description': 'Name of this plugins av engine',
},
'virusname': {
'default': 'TRAIT.SPEARPHISH',
'description': 'Name to use as virus signature',
},
'virusaction': {
'default':
'DEFAULTVIRUSACTION',
'description':
"action if spear phishing attempt is detected (DUNNO, REJECT, DELETE)",
},
'rejectmessage': {
'default':
'threat detected: ${virusname}',
'description':
"reject message template if running in pre-queue mode and virusaction=REJECT",
},
'dbconnection': {
'default':
"mysql://root@localhost/spfcheck?charset=utf8",
'description':
'SQLAlchemy Connection string. Leave empty to disable SQL lookups',
},
'domain_sql_query': {
'default':
"SELECT check_spearphish from domain where domain_name=:domain",
'description':
'get from sql database :domain will be replaced with the actual domain name. must return boolean field check_spearphish',
},
'check_display_part': {
'default':
'False',
'description':
"set to True to also check display part of From header (else email part only)",
},
}
def __init__(self, config, section=None):
ScannerPlugin.__init__(self, config, section)
self.requiredvars = { # this defines the configuration options for a plugin
'greeting': { # name of the config
# default value, always use strings here
'default': 'hello world!',
# included as comment when generating default config files
'description': 'greeting message the plugin should log to the console',
}
}
def __init__(self, config, section=None):
ScannerPlugin.__init__(self, config, section)
self.logger = self._logger()
self.requiredvars = {
'actionrules': {
'default': '/etc/fuglu/actionrules.regex',
'description': 'Rules file',
}
}
self.filter = None
def __init__(self, config, section=None):
ScannerPlugin.__init__(self, config, section)
self.logger = self._logger()
self.requiredvars = {
'actionrules': {
'default': '/etc/fuglu/actionrules.regex',
'description': 'Rules file',
}
}
self.filter = None
def __init__(self, config, section=None):
ScannerPlugin.__init__(self, config, section)
FuzorMixin.__init__(self)
self.logger = self._logger()
self.requiredvars.update({
'headername': {
'default': 'X-FuZor',
'description': 'header name',
},
})
def __init__(self, config, section=None):
ScannerPlugin.__init__(self, config, section)
self.requiredvars = {
'regex': {
'default': '',
'description': "regex to match",
},
}
self.regex = None
self.logger = self._logger()
def __init__(self, config, section=None):
ScannerPlugin.__init__(self, config, section)
self.requiredvars = {
'host': {
'default': 'localhost',
'description': 'hostname where the ICAP server runs',
},
'port': {
'default': '1344',
'description': "tcp port or path to unix socket",
},
'timeout': {
'default': '10',
'description': 'socket timeout',
},
'maxsize': {
'default': '22000000',
'description': "maximum message size, larger messages will not be scanned. ",
},
'retries': {
'default': '3',
'description': 'how often should fuglu retry the connection before giving up',
},
'virusaction': {
'default': 'DEFAULTVIRUSACTION',
'description': "action if infection is detected (DUNNO, REJECT, DELETE)",
},
'problemaction': {
'default': 'DEFER',
'description': "action if there is a problem (DUNNO, DEFER)",
},
'rejectmessage': {
'default': 'threat detected: ${virusname}',
'description': "reject message template if running in pre-queue mode and virusaction=REJECT",
},
'service': {
'default': 'AVSCAN',
'description': 'ICAP Av scan service, usually AVSCAN (sophos, symantec)',
},
'enginename': {
'default': 'icap-generic',
'description': "name of the virus engine behind the icap service. used to inform other plugins. can be anything like 'sophos', 'symantec', ...",
},
}
self.logger = self._logger()
def __init__(self, config, section=None):
ScannerPlugin.__init__(self, config, section)
self.requiredvars = {
'dummy': {
'default': 'bla',
'description': 'blabla',
},
'dummy2': {
'description': 'this var has to be defined',
},
}
def __init__(self, config, section=None):
ScannerPlugin.__init__(self, config, section)
self.requiredvars = {
"dbconnectstring": {
"default": "",
"description": "sqlalchemy connectstring to load vacations",
"confidential": True,
}
}
self.logger = self._logger()
self.cache = None
def __init__(self,config,section=None):
ScannerPlugin.__init__(self,config,section)
self.requiredvars={
'dbconnectstring':{
'default':'....todo',
'description':'sqlalchemy connectstring to store the greylist',
'confidential':True,
},
}
self.logger=self._logger()
self.cache=None
def __init__(self, config, section=None):
ScannerPlugin.__init__(self, config, section)
self.requiredvars = {
'host': {
'default': 'localhost',
'description': 'hostname where fpscand runs',
},
'port': {
'default': '10200',
'description': "fpscand port",
},
'timeout': {
'default': '30',
'description': "network timeout",
},
'networkmode': {
'default':
'0',
'description':
"if fpscand runs on a different host than fuglu, set this to 1 to send the message over the network instead of just the filename",
},
'scanoptions': {
'default':
'',
'description':
'additional scan options (see `man fpscand` -> SCANNING OPTIONS for possible values)',
},
'maxsize': {
'default': '10485000',
'description': "maximum message size to scan",
},
'retries': {
'default': '3',
'description': "maximum retries on failed connections",
},
'virusaction': {
'default': 'DEFAULTVIRUSACTION',
'description': "plugin action if threat is detected",
},
'problemaction': {
'default': 'DEFER',
'description': "plugin action if scan fails",
},
'rejectmessage': {
'default':
'threat detected: ${virusname}',
'description':
"reject message template if running in pre-queue mode and virusaction=REJECT",
},
}
self.pattern = re.compile('^(\d)+ <(.+)> (.+)$')
def __init__(self, config, section=None):
ScannerPlugin.__init__(self, config, section)
self.requiredvars = {
'dbconnectstring': {
'default': '',
'description': 'sqlalchemy connectstring to load vacations',
'confidential': True,
},
}
self.logger = self._logger()
self.cache = None
def __init__(self, config, section=None):
ScannerPlugin.__init__(self, config, section)
self.requiredvars = {
'dbconnectstring': {
'default': '',
'description': 'sqlalchemy connectstring to load vacations',
'confidential': True,
},
}
self.logger = self._logger()
self.cache = None
def __init__(self, config, section=None):
ScannerPlugin.__init__(self, config, section)
self.logger = logging.getLogger('fuglu.plugin.DomainAction')
self.requiredvars = {
'blockedaddheader': {
'default':
'0',
'description':
'if set to non zero value a header will be added for blocked files and the message will be accepted\n1:\tonly filename appended as header\n2:\tfilename and details will be added as header\nany other string value will be added as-it-is to header',
}
}
def __init__(self, config, section=None):
ScannerPlugin.__init__(self, config, section)
self.requiredvars = {
'dbconnectstring': {
'default': '....todo',
'description':
'sqlalchemy connectstring to store the greylist',
'confidential': True,
},
}
self.logger = self._logger()
self.cache = None
def __init__(self,config,section=None):
ScannerPlugin.__init__(self,config,section)
self.requiredvars={
'imapcopyrules':{
'default':'/etc/fuglu/imapcopy.regex',
'description':'IMAP copy suspectFilter File',
},
'storeoriginal':{
'default':'1',
'description':"if true/1/yes: store original message\nif false/0/no: store message probably altered by previous plugins, eg with spamassassin headers",
}
}
self.filter=None
self.logger=self._logger()
def __init__(self, config, section=None):
ScannerPlugin.__init__(self, config, section)
self.requiredvars = {
'host': {
'default': 'localhost',
'description': 'hostname where clamd runs',
},
'port': {
'default': '3310',
'description': "tcp port number or path to clamd.sock for unix domain sockets\nexample /var/lib/clamav/clamd.sock or on ubuntu: /var/run/clamav/clamd.ctl ",
},
'timeout': {
'default': '30',
'description': 'socket timeout',
},
'pipelining': {
'default': '0',
'description': "*EXPERIMENTAL*: Perform multiple scans over the same connection. May improve performance on busy systems.",
},
'maxsize': {
'default': '22000000',
'description': "maximum message size, larger messages will not be scanned. \nshould match the 'StreamMaxLength' config option in clamd.conf ",
},
'retries': {
'default': '3',
'description': 'how often should fuglu retry the connection before giving up',
},
'virusaction': {
'default': 'DEFAULTVIRUSACTION',
'description': "action if infection is detected (DUNNO, REJECT, DELETE)",
},
'problemaction': {
'default': 'DEFER',
'description': "action if there is a problem (DUNNO, DEFER)",
},
'rejectmessage': {
'default': 'threat detected: ${virusname}',
'description': "reject message template if running in pre-queue mode and virusaction=REJECT",
},
}
self.logger = self._logger()
def __init__(self, config, section=None):
ScannerPlugin.__init__(self, config, section)
self.requiredvars = {
'host': {
'default': 'localhost',
'description': 'hostname where fpscand runs',
},
'port': {
'default': '10200',
'description': "fpscand port",
},
'timeout': {
'default': '30',
'description': "network timeout",
},
'networkmode': {
'default': '0',
'description': "if fpscand runs on a different host than fuglu, set this to 1 to send the message over the network instead of just the filename",
},
'scanoptions': {
'default': '',
'description': 'additional scan options (see `man fpscand` -> SCANNING OPTIONS for possible values)',
},
'maxsize': {
'default': '10485000',
'description': "maximum message size to scan",
},
'retries': {
'default': '3',
'description': "maximum retries on failed connections",
},
'virusaction': {
'default': 'DEFAULTVIRUSACTION',
'description': "plugin action if threat is detected",
},
'problemaction': {
'default': 'DEFER',
'description': "plugin action if scan fails",
},
'rejectmessage': {
'default': 'threat detected: ${virusname}',
'description': "reject message template if running in pre-queue mode and virusaction=REJECT",
},
}
self.pattern = re.compile('^(\d)+ <(.+)> (.+)$')
def __init__(self, config, section=None):
ScannerPlugin.__init__(self, config, section)
self.requiredvars = {
'host': {
'default': 'localhost',
'description': 'hostname where clamd runs',
},
'port': {
'default': '3310',
'description': "tcp port number or path to clamd.sock for unix domain sockets\nexample /var/lib/clamav/clamd.sock or on ubuntu: /var/run/clamav/clamd.ctl ",
},
'timeout': {
'default': '30',
'description': 'socket timeout',
},
'pipelining': {
'default': '0',
'description': "*EXPERIMENTAL*: Perform multiple scans over the same connection. May improve performance on busy systems.",
},
'maxsize': {
'default': '22000000',
'description': "maximum message size, larger messages will not be scanned. \nshould match the 'StreamMaxLength' config option in clamd.conf ",
},
'retries': {
'default': '3',
'description': 'how often should fuglu retry the connection before giving up',
},
'virusaction': {
'default': 'DEFAULTVIRUSACTION',
'description': "action if infection is detected (DUNNO, REJECT, DELETE)",
},
'problemaction': {
'default': 'DEFER',
'description': "action if there is a problem (DUNNO, DEFER)",
},
'rejectmessage': {
'default': 'threat detected: ${virusname}',
'description': "reject message template if running in pre-queue mode and virusaction=REJECT",
},
}
self.logger = self._logger()
def __init__(self, config, section=None):
ScannerPlugin.__init__(self, config, section)
self.logger = self._logger()
self.skiplist = FileList(filename=None,
strip=True,
skip_empty=True,
skip_comments=True,
lowercase=True)
self.requiredvars = {
'skiplist': {
'default':
'',
'description':
'File containing a list of domains (one per line) which are not checked'
},
}
def __init__(self, section=None):
ScannerPlugin.__init__(self, section)
self.logger = self._logger()
self.requiredvars = {
'dbconnection': {
'default':
"mysql://root@localhost/spfcheck?charset=utf8",
'description':
'SQLAlchemy Connection string. Leave empty to rewrite all senders',
},
'domain_sql_query': {
'default':
"SELECT use_srs from domain where domain_name=:domain",
'description':
'get from sql database :domain will be replaced with the actual domain name. must return field use_srs',
},
'forward_domain': {
'default': 'example.com',
'description': 'the new envelope sender domain',
},
'secret': {
'default':
'',
'description':
'cryptographic secret. set the same random value on all your machines',
},
'maxage': {
'default': '8',
'description': 'maximum lifetime of bounces',
},
'hashlength': {
'default': '8',
'description': 'size of auth code',
},
'separator': {
'default': '=',
'description': 'SRS token separator',
},
'rewrite_header_to': {
'default':
'True',
'description':
'set True to rewrite address in To: header in bounce messages (reverse/decrypt mode)',
},
}
def __init__(self, config, section=None):
ScannerPlugin.__init__(self, config, section)
self.requiredvars = {
'archiverules': {
'default': '/etc/fuglu/archive.regex',
'description': 'Archiving SuspectFilter File',
},
'archivedir': {
'default': '/tmp',
'description': 'storage for archived messages',
},
'subdirtemplate': {
'default': '${to_domain}',
'description': 'subdirectory within archivedir',
},
'filenametemplate': {
'default': '${id}.eml',
'description': 'filename template for the archived messages',
},
'storeoriginal': {
'default':
'1',
'description':
"if true/1/yes: store original message\nif false/0/no: store message probably altered by previous plugins, eg with spamassassin headers",
},
'chown': {
'default':
'',
'description':
"change owner of saved messages (username or numeric id) - this only works if fuglu is running as root (which is NOT recommended)",
},
'chgrp': {
'default':
'',
'description':
"change group of saved messages (groupname or numeric id) - the user running fuglu must be a member of the target group for this to work",
},
'chmod': {
'default': '',
'description': "set file permissions of saved messages",
},
}
self.filter = None
self.logger = self._logger()
def __init__(self, config, section=None):
ScannerPlugin.__init__(self, config, section)
self.requiredvars = {
'imapcopyrules': {
'default': '/etc/fuglu/imapcopy.regex',
'description': 'IMAP copy suspectFilter File',
},
'storeoriginal': {
'default':
'1',
'description':
"if true/1/yes: store original message\nif false/0/no: store message probably altered by previous plugins, eg with spamassassin headers",
}
}
self.filter = None
self.logger = self._logger()
def __init__(self, config, section=None):
ScannerPlugin.__init__(self, config, section)
self.requiredvars = {
'host': {
'default': 'localhost',
'description': 'hostname where the SSSP server runs',
},
'port': {
'default': '4010',
'description': "tcp port or path to unix socket",
},
'timeout': {
'default': '30',
'description': 'socket timeout',
},
'maxsize': {
'default':
'22000000',
'description':
"maximum message size, larger messages will not be scanned. ",
},
'retries': {
'default':
'3',
'description':
'how often should fuglu retry the connection before giving up',
},
'virusaction': {
'default':
'DEFAULTVIRUSACTION',
'description':
"action if infection is detected (DUNNO, REJECT, DELETE)",
},
'problemaction': {
'default': 'DEFER',
'description': "action if there is a problem (DUNNO, DEFER)",
},
'rejectmessage': {
'default':
'threat detected: ${virusname}',
'description':
"reject message template if running in pre-queue mode and virusaction=REJECT",
},
}
self.logger = self._logger()
def __init__(self, config, section=None):
ScannerPlugin.__init__(self, config, section)
self.logger = logging.getLogger('fuglu.plugin.DomainAction')
self.requiredvars = {
'addheaderinfected': {
'default':
'0',
'description':
'if set to non zero value a header will be added for infected files\n1:\tonly virusname appended as header\n2:\tvirusname and details will be added as header\nany other string value will be added as-it-is to header',
},
'addheaderclean': {
'default':
'0',
'description':
'add header if message is clean\nany string value will be used as-it-is',
}
}
def __init__(self,config,section=None):
ScannerPlugin.__init__(self,config,section)
self.requiredvars={
'template_blockedfile':{
'default':'/etc/fuglu/templates/blockedfile.tmpl',
'description':'Mail template for the bounce to inform sender about blocked attachment',
},
'sendbounce':{
'default':'1',
'description':'inform the sender about blocked attachments',
},
'rulesdir':{
'default':'/etc/fuglu/rules',
'description':'directory that contains attachment rules',
},
'blockaction':{
'default':'DELETE',
'description':'what should the plugin do when a blocked attachment is detected\nREJECT : reject the message (recommended in pre-queue mode)\nDELETE : discard messages\nDUNNO : mark as blocked but continue anyway (eg. if you have a later quarantine plugin)',
},
'dbconnectstring':{
'default':'',
'description':'sqlalchemy connectstring to load rules from a database and use files only as fallback. requires SQL extension to be enabled',
'confidential':True,
},
'query':{
'default':'SELECT action,regex,description FROM attachmentrules WHERE scope=:scope AND checktype=:checktype ORDER BY prio',
'description':"sql query to load rules from a db. #:scope will be replaced by the recipient address first, then by the recipient domain\n:check will be replaced by either 'filename' to get filename rules or 'contenttype' to get content type rules",
},
}
self.logger=self._logger()
if MAGIC_AVAILABLE:
if MAGIC_AVAILABLE==MAGIC_PYTHON_FILE:
self.ms = magic.open(magic.MAGIC_MIME)
self.ms.load()
else:
self.logger.warning('python-magic not available')
self.rulescache=None
self.extremeverbosity=False
def __init__(self, config, section=None):
ScannerPlugin.__init__(self, config, section)
self.requiredvars = {
'host': {
'default': 'localhost',
'description': 'hostname where the SSSP server runs',
},
'port': {
'default': '4010',
'description': "tcp port or path to unix socket",
},
'timeout': {
'default': '30',
'description': 'socket timeout',
},
'maxsize': {
'default': '22000000',
'description': "maximum message size, larger messages will not be scanned. ",
},
'retries': {
'default': '3',
'description': 'how often should fuglu retry the connection before giving up',
},
'virusaction': {
'default': 'DEFAULTVIRUSACTION',
'description': "action if infection is detected (DUNNO, REJECT, DELETE)",
},
'problemaction': {
'default': 'DEFER',
'description': "action if there is a problem (DUNNO, DEFER)",
},
'rejectmessage': {
'default': 'threat detected: ${virusname}',
'description': "reject message template if running in pre-queue mode and virusaction=REJECT",
},
}
self.logger = self._logger()
def __init__(self, config, section=None):
ScannerPlugin.__init__(self, config, section)
self.requiredvars = {
'domainsfile': {
'description': "File containing a list of domains (one per line) which must be DKIM and/or SPF authenticated",
'default': "/etc/fuglu/auth_required_domains.txt",
},
'failaction': {
'default': 'DUNNO',
'description': "action if the message doesn't pass authentication (DUNNO, REJECT)",
},
'rejectmessage': {
'default': 'sender domain ${header_from_domain} must pass DKIM and/or SPF authentication',
'description': "reject message template if running in pre-queue mode",
},
}
self.logger = self._logger()
self.filelist=FileList(filename=None,strip=True, skip_empty=True, skip_comments=True,lowercase=True)
def __init__(self, config, section=None):
ScannerPlugin.__init__(self, config, section)
self.requiredvars = {
'archiverules': {
'default': '/etc/fuglu/archive.regex',
'description': 'Archiving SuspectFilter File',
},
'archivedir': {
'default': '/tmp',
'description': 'storage for archived messages',
},
'subdirtemplate': {
'default': '${to_domain}',
'description': 'subdirectory within archivedir',
},
'filenametemplate': {
'default': '${id}.eml',
'description': 'filename template for the archived messages',
},
'storeoriginal': {
'default': '1',
'description': "if true/1/yes: store original message\nif false/0/no: store message probably altered by previous plugins, eg with spamassassin headers",
},
'chown': {
'default': '',
'description': "change owner of saved messages (username or numeric id) - this only works if fuglu is running as root (which is NOT recommended)",
},
'chgrp': {
'default': '',
'description': "change group of saved messages (groupname or numeric id) - the user running fuglu must be a member of the target group for this to work",
},
'chmod': {
'default': '',
'description': "set file permissions of saved messages",
},
}
self.filter = None
self.logger = self._logger()
def __init__(self,config,section=None):
ScannerPlugin.__init__(self,config,section)
self.requiredvars={
'filterfile':{
'default':'/etc/fuglu/headerwriter.regex',
'description':'Suspectfilter File',
},
'outputfile':{
'default':'',
'description':'Output File',
},
'defaultlinetemplate':{
'default':'${fieldname}: ${matchedvalue}',
'description':'Default line output template if nothing is specified in filter config',
}
}
self.filter=None
def __init__(self, config, section=None):
ScannerPlugin.__init__(self, config, section)
self.requiredvars = {
'host': {
'default': 'localhost',
'description': 'hostname where fpscand runs',
},
'port': {
'default': '3000',
'description': "DrWeb daemon port",
},
'timeout': {
'default': '30',
'description': "network timeout",
},
'maxsize': {
'default': '22000000',
'description': "maximum message size to scan",
},
'retries': {
'default': '3',
'description': "maximum retries on failed connections",
},
'virusaction': {
'default': 'DEFAULTVIRUSACTION',
'description': "plugin action if threat is detected",
},
'problemaction': {
'default': 'DEFER',
'description': "plugin action if scan fails",
},
'rejectmessage': {
'default': 'threat detected: ${virusname}',
'description': "reject message template if running in pre-queue mode and virusaction=REJECT",
},
}
self.logger = self._logger()
self.pattern = re.compile(r'(?:DATA\[\d+\])(.+) infected with (.+)$')
def __init__(self, section=None):
ScannerPlugin.__init__(self, section)
self.logger = self._logger()
self.filelist = FileList(strip=True, skip_empty=True, skip_comments=True, lowercase=True,
additional_filters=None, minimum_time_between_reloads=30)
self.requiredvars = {
'domainsfile': {
'default': '/etc/fuglu/spearphish-domains',
'description': 'Filename where we load spearphish domains from. One domain per line. If this setting is empty, the check will be applied to all domains.',
},
'virusenginename': {
'default': 'Fuglu SpearPhishing Protection',
'description': 'Name of this plugins av engine',
},
'virusname': {
'default': 'TRAIT.SPEARPHISH',
'description': 'Name to use as virus signature',
},
'virusaction': {
'default': 'DEFAULTVIRUSACTION',
'description': "action if spear phishing attempt is detected (DUNNO, REJECT, DELETE)",
},
'rejectmessage': {
'default': 'threat detected: ${virusname}',
'description': "reject message template if running in pre-queue mode and virusaction=REJECT",
},
'dbconnection':{
'default':"mysql://root@localhost/spfcheck?charset=utf8",
'description':'SQLAlchemy Connection string. Leave empty to disable SQL lookups',
},
'domain_sql_query':{
'default':"SELECT check_spearphish from domain where domain_name=:domain",
'description':'get from sql database :domain will be replaced with the actual domain name. must return boolean field check_spearphish',
},
'check_display_part': {
'default': 'False',
'description': "set to True to also check display part of From header (else email part only)",
},
}
def __init__(self, config, section=None):
ScannerPlugin.__init__(self, config, section)
self.requiredvars = {
"host": {"default": "localhost", "description": "hostname where the SSSP server runs"},
"port": {"default": "4010", "description": "tcp port or path to unix socket"},
"timeout": {"default": "30", "description": "socket timeout"},
"maxsize": {
"default": "22000000",
"description": "maximum message size, larger messages will not be scanned. ",
},
"retries": {"default": "3", "description": "how often should fuglu retry the connection before giving up"},
"virusaction": {
"default": "DEFAULTVIRUSACTION",
"description": "action if infection is detected (DUNNO, REJECT, DELETE)",
},
"problemaction": {"default": "DEFER", "description": "action if there is a problem (DUNNO, DEFER)"},
"rejectmessage": {
"default": "threat detected: ${virusname}",
"description": "reject message template if running in pre-queue mode and virusaction=REJECT",
},
}
self.logger = self._logger()
def __init__(self,config,section=None):
ScannerPlugin.__init__(self,config,section)
self.extractor=None
self.logger=logging.getLogger('fuglu.plugin.URIExtract')
self.requiredvars={
'domainskiplist':{
'default':'/etc/fuglu/extract-skip-domains.txt',
'description':'Domain skip list',
},
'maxsize':{
'default':'10485000',
'description':'Maximum size of processed mails. Larger mail will be skipped.',
},
'loguris':{
'default':'no',
'description':'print extracted uris in fuglu log',
}
}
def __init__(self, config, section=None):
ScannerPlugin.__init__(self, config, section)
self.requiredvars = {
'redis': {
'default': 'localhost:6379:0',
'description': 'redis config: host:port:db',
},
'ttl': {
'default': '604800',
'description': 'hash ttl in seconds',
},
'maxsize': {
'default': '600000',
'description':
'maxsize in bytes, larger messages will be skipped'
},
'timeout': {
'default': '2',
'description': 'timeout in seconds'
},
}
self.backend = None
self.logger = self._logger()
def __init__(self, config, section=None):
ScannerPlugin.__init__(self, config, section)
self.logger=self._logger()
self.requiredvars = {
'identifier': {
'default': 'CommandlineAV',
'description': 'identifier used in the virus tag',
},
'exectemplate': {
'default': '',
'description': 'full path to the scan executable and arguments. ${suspectpath} will be replaced with the message file',
},
'timeout': {
'default': '10',
'description': "process timeout",
},
'viruspattern': {
'default': '',
'description': 'regular expression for infected messages. use virusname and filename groups',
},
'maxsize': {
'default': '10485000',
'description': "maximum message size to scan",
},
'virusaction': {
'default': 'DEFAULTVIRUSACTION',
'description': "plugin action if threat is detected",
},
'problemaction': {
'default': 'DEFER',
'description': "plugin action if scan fails",
},
'rejectmessage': {
'default': 'threat detected: ${virusname}',
'description': "reject message template if running in pre-queue mode and virusaction=REJECT",
},
}
def __init__(self, config, section=None):
ScannerPlugin.__init__(self, config, section)
self.logger = self._logger()
