def __init__(self, config, section=None): ScannerPlugin.__init__(self, config, section) self.requiredvars = { 'template_blockedfile': { 'default': '/etc/fuglu/templates/blockedfile.tmpl', 'description': 'Mail template for the bounce to inform sender about blocked attachment', }, 'sendbounce': { 'default': '1', 'description': 'inform the sender about blocked attachments.\nIf a previous plugin tagged the message as spam or infected, no bounce will be sent to prevent backscatter', }, 'rulesdir': { 'default': '/etc/fuglu/rules', 'description': 'directory that contains attachment rules', }, 'blockaction': { 'default': 'DELETE', 'description': 'what should the plugin do when a blocked attachment is detected\nREJECT : reject the message (recommended in pre-queue mode)\nDELETE : discard messages\nDUNNO : mark as blocked but continue anyway (eg. if you have a later quarantine plugin)', }, 'dbconnectstring': { 'default': '', 'description': 'sqlalchemy connectstring to load rules from a database and use files only as fallback. requires SQL extension to be enabled', 'confidential': True, }, 'query': { 'default': 'SELECT action,regex,description FROM attachmentrules WHERE scope=:scope AND checktype=:checktype ORDER BY prio', 'description': "sql query to load rules from a db. #:scope will be replaced by the recipient address first, then by the recipient domain\n:check will be replaced 'filename','contenttype','archive-filename' or 'archive-contenttype'", }, 'checkarchivenames': { 'default': '0', 'description': "enable scanning of filenames within archives (zip,rar). This does not actually extract the files, it just looks at the filenames found in the archive." }, 'checkarchivecontent': { 'default': '0', 'description': 'extract compressed archives(zip,rar) and check file content type with libmagics\nnote that the files will be extracted into memory - tune archivecontentmaxsize accordingly.\nfuglu does not extract archives within the archive(recursion)', }, 'archivecontentmaxsize': { 'default': '5000000', 'description': 'only extract and examine files up to this amount of (uncompressed) bytes', }, } self.logger = self._logger() self.rulescache = None self.extremeverbosity = False # remember that the order is important here, if we support tar.gz and # gz in the future make sure tar.gz comes first! self.supported_archive_extensions = ['zip', ] if RARFILE_AVAILABLE: self.supported_archive_extensions.append('rar')
def __init__(self, section=None): ScannerPlugin.__init__(self, section) self.filelist = FileList(strip=True, skip_empty=True, skip_comments=True, lowercase=True, additional_filters=None, minimum_time_between_reloads=30) self.requiredvars = { 'domainsfile': { 'default': '/etc/fuglu/spearphish-domains', 'description': 'Filename where we load spearphish domains from. One domain per line. If this setting is empty, the check will be applied to all domains.', }, 'virusenginename': { 'default': 'Fuglu SpearPhishing Protection', 'description': 'Name of this plugins av engine', }, 'virusname': { 'default': 'TRAIT.SPEARPHISH', 'description': 'Name to use as virus signature', }, 'virusaction': { 'default': 'DEFAULTVIRUSACTION', 'description': "action if spear phishing attempt is detected (DUNNO, REJECT, DELETE)", }, 'rejectmessage': { 'default': 'threat detected: ${virusname}', 'description': "reject message template if running in pre-queue mode and virusaction=REJECT", }, }
def __init__(self, config, section=None): ScannerPlugin.__init__(self, config, section) self.logger = self._logger() self.requiredvars = { 'maxsize': { 'default': self.MAX_SIZE * 2, 'description': 'Maximum message size', }, 'caldav_url': { 'default': '', 'description': 'CalDAV server URL (%s will be replaced with recipient email)' }, 'caldav_username': { 'default': '', 'description': 'CalDAV server username' }, 'caldav_password': { 'default': '', 'description': 'CalDAV server password' }, 'caldav_ssl_skip_verify': { 'default': 'False', 'description': 'Skip CalDAV server SSL certificate verification' } }
def __init__(self, config, section=None): ScannerPlugin.__init__(self, config, section) self.logger = self._logger() self.skiplist = FileList(filename=None, strip=True, skip_empty=True, skip_comments=True, lowercase=True) self.requiredvars = { 'max_lookups': { 'default': '10', 'description': 'maximum number of lookups (RFC defaults to 10)', }, 'skiplist': { 'default': '', 'description': 'File containing a list of domains (one per line) which are not checked' }, 'temperror_retries': { 'default': '3', 'description': 'maximum number of retries on temp error', }, 'temperror_sleep': { 'default': '3', 'description': 'waiting interval between retries on temp error', }, }
def __init__(self, config, section=None): ScannerPlugin.__init__(self, config, section) self.logger = logging.getLogger('fuglu.plugin.DomainAction') self.requiredvars = { 'blacklistconfig': { 'default': '/etc/fuglu/rbl.conf', 'description': 'RBL Lookup config file', }, 'checksubdomains': { 'default': 'yes', 'description': 'check subdomains as well (from top to bottom, eg. example.com, bla.example.com, blubb.bla.example.com', }, 'action': { 'default': 'reject', 'description': 'action on hit (reject, delete, etc)', }, 'message': { 'default': '5.7.1 black listed URL ${domain} by ${blacklist}', 'description': 'message template for rejects/ok messages', }, 'maxdomains': { 'default': '10', 'description': 'maximum number of domains to check per message', }, } self.rbllookup = None self.tldmagic = None
def __init__(self, config, section=None): ScannerPlugin.__init__(self, config, section) self.requiredvars = { 'limiterfile': { 'default': '/etc/fuglu/ratelimit.conf', 'description': 'file based rate limits', }, 'backendtype': { 'default': 'memory', 'description': 'type of backend where the events are stored. memory is only recommended for low traffic standalone systems. alternatives are: redis, sqlalchemy' }, 'backendconfig': { 'default': '', 'description': 'backend specific configuration. sqlalchemy: the database url, redis: hostname:port:db' } } self.logger = self._logger() self.backend_instance = None self.limiters = None self.filter = SuspectFilter(None)
def __init__(self, config, section=None): ScannerPlugin.__init__(self, config, section) self.backend = None self.logger = self._logger() self.requiredvars = { 'redis': { 'default': 'localhost:6379:0', 'description': 'redis config: host:port:db', }, # commented, for now we only want the count # 'lowthreshold':{ # 'default':'1', # 'description': 'threshold for adding <headername>: LOW', # }, # 'highthreshold':{ # 'default':'3', # 'description': 'threshold for adding <headername>: HIGH', # }, 'headername': { 'default': 'X-FuZor', 'description': 'header name', }, 'maxsize': { 'default': '600000', 'description': 'maxsize in bytes, larger messages will be skipped' }, 'timeout': { 'default': '2', 'description': 'timeout in seconds' }, }
def __init__(self, config, section=None): ScannerPlugin.__init__(self, config, section) self.requiredvars = { "yararulesdir": { "default": "/etc/fuglu/yararules", "description": "Directory containing one or more YARA rule files", }, "archivecontentmaxsize": { "default": "5000000", "description": "only extract and examine files up to this amount of (uncompressed) bytes", }, "virusaction": { "default": "DEFAULTVIRUSACTION", "description": "action if infection is detected (DUNNO, REJECT, DELETE)", }, "problemaction": {"default": "DEFER", "description": "action if there is a problem (DUNNO, DEFER)"}, "rejectmessage": { "default": "threat detected in ${infectedfile}: ${virusname}", "description": "reject message template if running in pre-queue mode and virusaction=REJECT", }, } self.filter = None self.logger = self._logger() self.lastreload = 0 self.compiled_rules = None # remember that the order is important here, if we support tar.gz and # gz in the future make sure tar.gz comes first! self.supported_archive_extensions = ["zip"] if RARFILE_AVAILABLE: self.supported_archive_extensions.append("rar")
def __init__(self, config, section=None): ScannerPlugin.__init__(self, config, section) self.requiredvars = { 'domainsfile': { 'description': "File containing a list of domains (one per line) which must be DKIM and/or SPF authenticated", 'default': "/etc/fuglu/auth_required_domains.txt", }, 'failaction': { 'default': 'DUNNO', 'description': "action if the message doesn't pass authentication (DUNNO, REJECT)", }, 'rejectmessage': { 'default': 'sender domain ${header_from_domain} must pass DKIM and/or SPF authentication', 'description': "reject message template if running in pre-queue mode", }, } self.logger = self._logger() self.filelist = FileList(filename=None, strip=True, skip_empty=True, skip_comments=True, lowercase=True)
def __init__(self,config,section=None): ScannerPlugin.__init__(self,config,section) self.logger=logging.getLogger('fuglu.plugin.DomainAction') self.requiredvars={ 'blacklistconfig':{ 'default':'/etc/fuglu/rbl.conf', 'description':'RBL Lookup config file', }, 'checksubdomains':{ 'default':'yes', 'description':'check subdomains as well (from top to bottom, eg. example.com, bla.example.com, blubb.bla.example.com', }, 'action':{ 'default':'reject', 'description':'action on hit (reject, delete, etc)', }, 'message':{ 'default':'5.7.1 black listed URL ${domain} by ${blacklist}', 'description':'message template for rejects/ok messages', }, 'maxdomains':{ 'default':'10', 'description':'maximum number of domains to check per message', } } self.rbllookup=None self.tldmagic=None
def __init__(self, config, section=None): ScannerPlugin.__init__(self, config, section) self.requiredvars = { "path": { "default": "/usr/local/fuglu/deliver/${to_address}", "description": "Path to maildir / mbox file, supports templates", }, # maybe we need to support our own locking later, for now we use python's built-ins #'locktype':{ # 'default':'', # 'description':"flock, ...", # }, "boxtype": {"default": "mbox", "description": "mbox, maildir"}, # maybe we need to support various mbox types later, for now we use python's built-in module #'subtype':{ # 'default':'', # 'description':"what type of mbox... ", # }, "filterfile": {"default": "", "description": "only store messages which use filter..."}, } self.logger = self._logger() self.filter = None self.boxtypemap = {"mbox": self.deliver_mbox, "maildir": self.deliver_maildir}
def __init__(self,config,section=None): ScannerPlugin.__init__(self,config,section) self.requiredvars={ 'path':{ 'default':'/usr/local/fuglu/deliver/${to_address}', 'description':'Path to maildir / mbox file, supports templates', }, #maybe we need to support our own locking later, for now we use python's built-ins #'locktype':{ # 'default':'', # 'description':"flock, ...", #}, 'boxtype':{ 'default':'mbox', 'description':"mbox, maildir", }, #maybe we need to support various mbox types later, for now we use python's built-in module #'subtype':{ # 'default':'', # 'description':"what type of mbox... ", #}, 'filterfile':{ 'default':'', 'description':"only store messages which use filter...", }, } self.logger=self._logger() self.filter=None self.boxtypemap={ 'mbox':self.deliver_mbox, 'maildir':self.deliver_maildir, }
def __init__(self,config,section=None): ScannerPlugin.__init__(self,config,section) self.requiredvars={ 'privatekeyfile':{ 'description':"Location of the private key file. supports standard template variables plus additional ${header_from_domain} which extracts the domain name from the From: -Header", 'default':"/etc/fuglu/dkim/${header_from_domain}.key", }, 'canonicalizeheaders':{ 'description':"Type of header canonicalization (simple or relaxed)", 'default':"relaxed", }, 'canonicalizebody':{ 'description':"Type of body canonicalization (simple or relaxed)", 'default':"relaxed", }, 'selector':{ 'description':'selector to use when signing, supports templates', 'default':'default', }, 'signheaders':{ 'description':'comma separated list of headers to sign. empty string=sign all headers', 'default':'', }, 'signbodylength':{ 'description':'include l= tag in dkim header', 'default':'False', }, }
def __init__(self, config, section=None): ScannerPlugin.__init__(self, config, section) self.requiredvars = { 'privatekeyfile': { 'description': "Location of the private key file. supports standard template variables plus additional ${header_from_domain} which extracts the domain name from the From: -Header", 'default': "/etc/fuglu/dkim/${header_from_domain}.key", }, 'canonicalizeheaders': { 'description': "Type of header canonicalization (simple or relaxed)", 'default': "relaxed", }, 'canonicalizebody': { 'description': "Type of body canonicalization (simple or relaxed)", 'default': "relaxed", }, 'selector': { 'description': 'selector to use when signing, supports templates', 'default': 'default', }, 'signheaders': { 'description': 'comma separated list of headers to sign. empty string=sign all headers', 'default': 'From,Reply-To,Subject,Date,To,CC,Resent-Date,Resent-From,Resent-To,Resent-CC,In-Reply-To,References,List-Id,List-Help,List-Unsubscribe,List-Subscribe,List-Post,List-Owner,List-Archive', }, 'signbodylength': { 'description': 'include l= tag in dkim header', 'default': 'False', }, }
def __init__(self, config, section=None): ScannerPlugin.__init__(self, config, section) self.requiredvars = { 'template_blockedfile': { 'default': '/etc/fuglu/templates/blockedfile.tmpl', 'description': 'Mail template for the bounce to inform sender about blocked attachment', }, 'sendbounce': { 'default': '1', 'description': 'inform the sender about blocked attachments.\nIf a previous plugin tagged the message as spam or infected, no bounce will be sent to prevent backscatter', }, 'rulesdir': { 'default': '/etc/fuglu/rules', 'description': 'directory that contains attachment rules', }, 'blockaction': { 'default': 'DELETE', 'description': 'what should the plugin do when a blocked attachment is detected\nREJECT : reject the message (recommended in pre-queue mode)\nDELETE : discard messages\nDUNNO : mark as blocked but continue anyway (eg. if you have a later quarantine plugin)', }, 'dbconnectstring': { 'default': '', 'description': 'sqlalchemy connectstring to load rules from a database and use files only as fallback. requires SQL extension to be enabled', 'confidential': True, }, 'query': { 'default': 'SELECT action,regex,description FROM attachmentrules WHERE scope=:scope AND checktype=:checktype ORDER BY prio', 'description': "sql query to load rules from a db. #:scope will be replaced by the recipient address first, then by the recipient domain\n:check will be replaced 'filename','contenttype','archive-filename' or 'archive-contenttype'", }, 'checkarchivenames': { 'default': '0', 'description': "enable scanning of filenames within archives (zip,rar). This does not actually extract the files, it just looks at the filenames found in the archive." }, 'checkarchivecontent': { 'default': '0', 'description': 'extract compressed archives(zip,rar) and check file content type with libmagics\nnote that the files will be extracted into memory - tune archivecontentmaxsize accordingly.\nfuglu does not extract archives within the archive(recursion)', }, 'archivecontentmaxsize': { 'default': '5000000', 'description': 'only extract and examine files up to this amount of (uncompressed) bytes', }, } self.logger = self._logger() self.rulescache = None self.extremeverbosity = False #remember that the order is important here, if we support tar.gz and gz in the future make sure tar.gz comes first! self.supported_archive_extensions=['zip',] if RARFILE_AVAILABLE: self.supported_archive_extensions.append('rar')
def __init__(self, config, section=None): ScannerPlugin.__init__(self, config, section) self.requiredvars = { 'rbllist': { 'default': '/etc/fuglu/rbllist.list', 'description': "File which contains the used RBL lists", }, }
def __init__(self, config, section=None): ScannerPlugin.__init__(self, config, section) self.requiredvars = { # this defines the configuration options for a plugin 'greeting': { # name of the config 'default': 'hello world!', # default value, always use strings here 'description': 'greeting message the plugin should log to the console', # included as comment when generating default config files } }
def __init__(self,config,section=None): ScannerPlugin.__init__(self,config,section) self.requiredvars={ 'greeting':{ 'default':'hello world!', 'description':'greeting the plugin should log to the console', } }
def __init__(self, config, section=None): ScannerPlugin.__init__(self, config, section) self.logger = self._logger() self.whitelist = None self.requiredvars = { 'whitelist_file': { 'default': '/etc/fuglu/conf.d/ebl-whitelist.txt', 'description': 'path to file containing whitelisted sender domains', }, 'dnszone': { 'default': 'ebl.msbl.org', 'description': 'the DNS zone to query. defaults to ebl.msbl.org', }, 'hash': { 'default': 'sha1', 'description': 'hash function used by DNS zone. Use one of md5, sha1, sha224, sha256, sha384, sha512' }, 'response': { 'default': '127.0.0.2', 'description': 'expected response of zone query', }, 'action': { 'default': 'dunno', 'description': 'action on hit (dunno, reject, defer, delete). if set to dunno will tag as spam. do not use reject/defer in after queue mode', }, 'messagetemplate': { 'default': '${sender} listed by ${dnszone} : ${message}', 'description': 'reject message template', }, 'maxlookups': { 'default': '10', 'description': 'maximum number of email addresses to check per message', }, 'check_always': { 'default': 'False', 'description': 'set to True to check every suspect. set to False to only check mail that has not yet been classified as spam or virus', }, 'normalisation': { 'default': 'ebl', 'description': 'type of normalisation to be applied to email addresses before hashing. choose one of ebl (full normalisation according to ebl.msbl.org standard), low (lowercase only)' } }
def __init__(self, config, section=None): ScannerPlugin.__init__(self, config, section) self.logger = self._logger() self.requiredvars = { 'scriptdir': { 'default': '/etc/fuglu/scriptfilter', 'description': 'Dir that contains the scripts (*.fgf files)', } }
def __init__(self, config, section=None): ScannerPlugin.__init__(self, config, section) self.requiredvars = { 'host': { 'default': 'localhost', 'description': 'hostname where the ICAP server runs', }, 'port': { 'default': '1344', 'description': "tcp port or path to unix socket", }, 'timeout': { 'default': '10', 'description': 'socket timeout', }, 'maxsize': { 'default': '22000000', 'description': "maximum message size, larger messages will not be scanned. ", }, 'retries': { 'default': '3', 'description': 'how often should fuglu retry the connection before giving up', }, 'virusaction': { 'default': 'DEFAULTVIRUSACTION', 'description': "action if infection is detected (DUNNO, REJECT, DELETE)", }, 'problemaction': { 'default': 'DEFER', 'description': "action if there is a problem (DUNNO, DEFER)", }, 'rejectmessage': { 'default': 'threat detected: ${virusname}', 'description': "reject message template if running in pre-queue mode and virusaction=REJECT", }, 'service': { 'default': 'AVSCAN', 'description': 'ICAP Av scan service, usually AVSCAN (sophos, symantec)', }, 'enginename': { 'default': 'icap-generic', 'description': "name of the virus engine behind the icap service. used to inform other plugins. can be anything like 'sophos', 'symantec', ...", }, } self.logger = self._logger()
def __init__(self, section=None): ScannerPlugin.__init__(self, section) self.logger = self._logger() self.filelist = FileList(strip=True, skip_empty=True, skip_comments=True, lowercase=True, additional_filters=None, minimum_time_between_reloads=30) self.requiredvars = { 'domainsfile': { 'default': '/etc/fuglu/spearphish-domains', 'description': 'Filename where we load spearphish domains from. One domain per line. If this setting is empty, the check will be applied to all domains.', }, 'virusenginename': { 'default': 'Fuglu SpearPhishing Protection', 'description': 'Name of this plugins av engine', }, 'virusname': { 'default': 'TRAIT.SPEARPHISH', 'description': 'Name to use as virus signature', }, 'virusaction': { 'default': 'DEFAULTVIRUSACTION', 'description': "action if spear phishing attempt is detected (DUNNO, REJECT, DELETE)", }, 'rejectmessage': { 'default': 'threat detected: ${virusname}', 'description': "reject message template if running in pre-queue mode and virusaction=REJECT", }, 'dbconnection': { 'default': "mysql://root@localhost/spfcheck?charset=utf8", 'description': 'SQLAlchemy Connection string. Leave empty to disable SQL lookups', }, 'domain_sql_query': { 'default': "SELECT check_spearphish from domain where domain_name=:domain", 'description': 'get from sql database :domain will be replaced with the actual domain name. must return boolean field check_spearphish', }, 'check_display_part': { 'default': 'False', 'description': "set to True to also check display part of From header (else email part only)", }, }
def __init__(self, config, section=None): ScannerPlugin.__init__(self, config, section) self.requiredvars = { # this defines the configuration options for a plugin 'greeting': { # name of the config # default value, always use strings here 'default': 'hello world!', # included as comment when generating default config files 'description': 'greeting message the plugin should log to the console', } }
def __init__(self, config, section=None): ScannerPlugin.__init__(self, config, section) self.logger = self._logger() self.requiredvars = { 'actionrules': { 'default': '/etc/fuglu/actionrules.regex', 'description': 'Rules file', } } self.filter = None
def __init__(self, config, section=None): ScannerPlugin.__init__(self, config, section) FuzorMixin.__init__(self) self.logger = self._logger() self.requiredvars.update({ 'headername': { 'default': 'X-FuZor', 'description': 'header name', }, })
def __init__(self, config, section=None): ScannerPlugin.__init__(self, config, section) self.requiredvars = { 'regex': { 'default': '', 'description': "regex to match", }, } self.regex = None self.logger = self._logger()
def __init__(self, config, section=None): ScannerPlugin.__init__(self, config, section) self.requiredvars = { 'dummy': { 'default': 'bla', 'description': 'blabla', }, 'dummy2': { 'description': 'this var has to be defined', }, }
def __init__(self, config, section=None): ScannerPlugin.__init__(self, config, section) self.requiredvars = { "dbconnectstring": { "default": "", "description": "sqlalchemy connectstring to load vacations", "confidential": True, } } self.logger = self._logger() self.cache = None
def __init__(self,config,section=None): ScannerPlugin.__init__(self,config,section) self.requiredvars={ 'dbconnectstring':{ 'default':'....todo', 'description':'sqlalchemy connectstring to store the greylist', 'confidential':True, }, } self.logger=self._logger() self.cache=None
def __init__(self, config, section=None): ScannerPlugin.__init__(self, config, section) self.requiredvars = { 'host': { 'default': 'localhost', 'description': 'hostname where fpscand runs', }, 'port': { 'default': '10200', 'description': "fpscand port", }, 'timeout': { 'default': '30', 'description': "network timeout", }, 'networkmode': { 'default': '0', 'description': "if fpscand runs on a different host than fuglu, set this to 1 to send the message over the network instead of just the filename", }, 'scanoptions': { 'default': '', 'description': 'additional scan options (see `man fpscand` -> SCANNING OPTIONS for possible values)', }, 'maxsize': { 'default': '10485000', 'description': "maximum message size to scan", }, 'retries': { 'default': '3', 'description': "maximum retries on failed connections", }, 'virusaction': { 'default': 'DEFAULTVIRUSACTION', 'description': "plugin action if threat is detected", }, 'problemaction': { 'default': 'DEFER', 'description': "plugin action if scan fails", }, 'rejectmessage': { 'default': 'threat detected: ${virusname}', 'description': "reject message template if running in pre-queue mode and virusaction=REJECT", }, } self.pattern = re.compile('^(\d)+ <(.+)> (.+)$')
def __init__(self, config, section=None): ScannerPlugin.__init__(self, config, section) self.requiredvars = { 'dbconnectstring': { 'default': '', 'description': 'sqlalchemy connectstring to load vacations', 'confidential': True, }, } self.logger = self._logger() self.cache = None
def __init__(self, config, section=None): ScannerPlugin.__init__(self, config, section) self.logger = logging.getLogger('fuglu.plugin.DomainAction') self.requiredvars = { 'blockedaddheader': { 'default': '0', 'description': 'if set to non zero value a header will be added for blocked files and the message will be accepted\n1:\tonly filename appended as header\n2:\tfilename and details will be added as header\nany other string value will be added as-it-is to header', } }
def __init__(self, config, section=None): ScannerPlugin.__init__(self, config, section) self.requiredvars = { 'dbconnectstring': { 'default': '....todo', 'description': 'sqlalchemy connectstring to store the greylist', 'confidential': True, }, } self.logger = self._logger() self.cache = None
def __init__(self,config,section=None): ScannerPlugin.__init__(self,config,section) self.requiredvars={ 'imapcopyrules':{ 'default':'/etc/fuglu/imapcopy.regex', 'description':'IMAP copy suspectFilter File', }, 'storeoriginal':{ 'default':'1', 'description':"if true/1/yes: store original message\nif false/0/no: store message probably altered by previous plugins, eg with spamassassin headers", } } self.filter=None self.logger=self._logger()
def __init__(self, config, section=None): ScannerPlugin.__init__(self, config, section) self.requiredvars = { 'host': { 'default': 'localhost', 'description': 'hostname where clamd runs', }, 'port': { 'default': '3310', 'description': "tcp port number or path to clamd.sock for unix domain sockets\nexample /var/lib/clamav/clamd.sock or on ubuntu: /var/run/clamav/clamd.ctl ", }, 'timeout': { 'default': '30', 'description': 'socket timeout', }, 'pipelining': { 'default': '0', 'description': "*EXPERIMENTAL*: Perform multiple scans over the same connection. May improve performance on busy systems.", }, 'maxsize': { 'default': '22000000', 'description': "maximum message size, larger messages will not be scanned. \nshould match the 'StreamMaxLength' config option in clamd.conf ", }, 'retries': { 'default': '3', 'description': 'how often should fuglu retry the connection before giving up', }, 'virusaction': { 'default': 'DEFAULTVIRUSACTION', 'description': "action if infection is detected (DUNNO, REJECT, DELETE)", }, 'problemaction': { 'default': 'DEFER', 'description': "action if there is a problem (DUNNO, DEFER)", }, 'rejectmessage': { 'default': 'threat detected: ${virusname}', 'description': "reject message template if running in pre-queue mode and virusaction=REJECT", }, } self.logger = self._logger()
def __init__(self, config, section=None): ScannerPlugin.__init__(self, config, section) self.logger = self._logger() self.skiplist = FileList(filename=None, strip=True, skip_empty=True, skip_comments=True, lowercase=True) self.requiredvars = { 'skiplist': { 'default': '', 'description': 'File containing a list of domains (one per line) which are not checked' }, }
def __init__(self, section=None): ScannerPlugin.__init__(self, section) self.logger = self._logger() self.requiredvars = { 'dbconnection': { 'default': "mysql://root@localhost/spfcheck?charset=utf8", 'description': 'SQLAlchemy Connection string. Leave empty to rewrite all senders', }, 'domain_sql_query': { 'default': "SELECT use_srs from domain where domain_name=:domain", 'description': 'get from sql database :domain will be replaced with the actual domain name. must return field use_srs', }, 'forward_domain': { 'default': 'example.com', 'description': 'the new envelope sender domain', }, 'secret': { 'default': '', 'description': 'cryptographic secret. set the same random value on all your machines', }, 'maxage': { 'default': '8', 'description': 'maximum lifetime of bounces', }, 'hashlength': { 'default': '8', 'description': 'size of auth code', }, 'separator': { 'default': '=', 'description': 'SRS token separator', }, 'rewrite_header_to': { 'default': 'True', 'description': 'set True to rewrite address in To: header in bounce messages (reverse/decrypt mode)', }, }
def __init__(self, config, section=None): ScannerPlugin.__init__(self, config, section) self.requiredvars = { 'archiverules': { 'default': '/etc/fuglu/archive.regex', 'description': 'Archiving SuspectFilter File', }, 'archivedir': { 'default': '/tmp', 'description': 'storage for archived messages', }, 'subdirtemplate': { 'default': '${to_domain}', 'description': 'subdirectory within archivedir', }, 'filenametemplate': { 'default': '${id}.eml', 'description': 'filename template for the archived messages', }, 'storeoriginal': { 'default': '1', 'description': "if true/1/yes: store original message\nif false/0/no: store message probably altered by previous plugins, eg with spamassassin headers", }, 'chown': { 'default': '', 'description': "change owner of saved messages (username or numeric id) - this only works if fuglu is running as root (which is NOT recommended)", }, 'chgrp': { 'default': '', 'description': "change group of saved messages (groupname or numeric id) - the user running fuglu must be a member of the target group for this to work", }, 'chmod': { 'default': '', 'description': "set file permissions of saved messages", }, } self.filter = None self.logger = self._logger()
def __init__(self, config, section=None): ScannerPlugin.__init__(self, config, section) self.requiredvars = { 'imapcopyrules': { 'default': '/etc/fuglu/imapcopy.regex', 'description': 'IMAP copy suspectFilter File', }, 'storeoriginal': { 'default': '1', 'description': "if true/1/yes: store original message\nif false/0/no: store message probably altered by previous plugins, eg with spamassassin headers", } } self.filter = None self.logger = self._logger()
def __init__(self, config, section=None): ScannerPlugin.__init__(self, config, section) self.requiredvars = { 'host': { 'default': 'localhost', 'description': 'hostname where the SSSP server runs', }, 'port': { 'default': '4010', 'description': "tcp port or path to unix socket", }, 'timeout': { 'default': '30', 'description': 'socket timeout', }, 'maxsize': { 'default': '22000000', 'description': "maximum message size, larger messages will not be scanned. ", }, 'retries': { 'default': '3', 'description': 'how often should fuglu retry the connection before giving up', }, 'virusaction': { 'default': 'DEFAULTVIRUSACTION', 'description': "action if infection is detected (DUNNO, REJECT, DELETE)", }, 'problemaction': { 'default': 'DEFER', 'description': "action if there is a problem (DUNNO, DEFER)", }, 'rejectmessage': { 'default': 'threat detected: ${virusname}', 'description': "reject message template if running in pre-queue mode and virusaction=REJECT", }, } self.logger = self._logger()
def __init__(self, config, section=None): ScannerPlugin.__init__(self, config, section) self.logger = logging.getLogger('fuglu.plugin.DomainAction') self.requiredvars = { 'addheaderinfected': { 'default': '0', 'description': 'if set to non zero value a header will be added for infected files\n1:\tonly virusname appended as header\n2:\tvirusname and details will be added as header\nany other string value will be added as-it-is to header', }, 'addheaderclean': { 'default': '0', 'description': 'add header if message is clean\nany string value will be used as-it-is', } }
def __init__(self,config,section=None): ScannerPlugin.__init__(self,config,section) self.requiredvars={ 'template_blockedfile':{ 'default':'/etc/fuglu/templates/blockedfile.tmpl', 'description':'Mail template for the bounce to inform sender about blocked attachment', }, 'sendbounce':{ 'default':'1', 'description':'inform the sender about blocked attachments', }, 'rulesdir':{ 'default':'/etc/fuglu/rules', 'description':'directory that contains attachment rules', }, 'blockaction':{ 'default':'DELETE', 'description':'what should the plugin do when a blocked attachment is detected\nREJECT : reject the message (recommended in pre-queue mode)\nDELETE : discard messages\nDUNNO : mark as blocked but continue anyway (eg. if you have a later quarantine plugin)', }, 'dbconnectstring':{ 'default':'', 'description':'sqlalchemy connectstring to load rules from a database and use files only as fallback. requires SQL extension to be enabled', 'confidential':True, }, 'query':{ 'default':'SELECT action,regex,description FROM attachmentrules WHERE scope=:scope AND checktype=:checktype ORDER BY prio', 'description':"sql query to load rules from a db. #:scope will be replaced by the recipient address first, then by the recipient domain\n:check will be replaced by either 'filename' to get filename rules or 'contenttype' to get content type rules", }, } self.logger=self._logger() if MAGIC_AVAILABLE: if MAGIC_AVAILABLE==MAGIC_PYTHON_FILE: self.ms = magic.open(magic.MAGIC_MIME) self.ms.load() else: self.logger.warning('python-magic not available') self.rulescache=None self.extremeverbosity=False
def __init__(self, config, section=None): ScannerPlugin.__init__(self, config, section) self.requiredvars = { 'domainsfile': { 'description': "File containing a list of domains (one per line) which must be DKIM and/or SPF authenticated", 'default': "/etc/fuglu/auth_required_domains.txt", }, 'failaction': { 'default': 'DUNNO', 'description': "action if the message doesn't pass authentication (DUNNO, REJECT)", }, 'rejectmessage': { 'default': 'sender domain ${header_from_domain} must pass DKIM and/or SPF authentication', 'description': "reject message template if running in pre-queue mode", }, } self.logger = self._logger() self.filelist=FileList(filename=None,strip=True, skip_empty=True, skip_comments=True,lowercase=True)
def __init__(self,config,section=None): ScannerPlugin.__init__(self,config,section) self.requiredvars={ 'filterfile':{ 'default':'/etc/fuglu/headerwriter.regex', 'description':'Suspectfilter File', }, 'outputfile':{ 'default':'', 'description':'Output File', }, 'defaultlinetemplate':{ 'default':'${fieldname}: ${matchedvalue}', 'description':'Default line output template if nothing is specified in filter config', } } self.filter=None
def __init__(self, config, section=None): ScannerPlugin.__init__(self, config, section) self.requiredvars = { 'host': { 'default': 'localhost', 'description': 'hostname where fpscand runs', }, 'port': { 'default': '3000', 'description': "DrWeb daemon port", }, 'timeout': { 'default': '30', 'description': "network timeout", }, 'maxsize': { 'default': '22000000', 'description': "maximum message size to scan", }, 'retries': { 'default': '3', 'description': "maximum retries on failed connections", }, 'virusaction': { 'default': 'DEFAULTVIRUSACTION', 'description': "plugin action if threat is detected", }, 'problemaction': { 'default': 'DEFER', 'description': "plugin action if scan fails", }, 'rejectmessage': { 'default': 'threat detected: ${virusname}', 'description': "reject message template if running in pre-queue mode and virusaction=REJECT", }, } self.logger = self._logger() self.pattern = re.compile(r'(?:DATA\[\d+\])(.+) infected with (.+)$')
def __init__(self, section=None): ScannerPlugin.__init__(self, section) self.logger = self._logger() self.filelist = FileList(strip=True, skip_empty=True, skip_comments=True, lowercase=True, additional_filters=None, minimum_time_between_reloads=30) self.requiredvars = { 'domainsfile': { 'default': '/etc/fuglu/spearphish-domains', 'description': 'Filename where we load spearphish domains from. One domain per line. If this setting is empty, the check will be applied to all domains.', }, 'virusenginename': { 'default': 'Fuglu SpearPhishing Protection', 'description': 'Name of this plugins av engine', }, 'virusname': { 'default': 'TRAIT.SPEARPHISH', 'description': 'Name to use as virus signature', }, 'virusaction': { 'default': 'DEFAULTVIRUSACTION', 'description': "action if spear phishing attempt is detected (DUNNO, REJECT, DELETE)", }, 'rejectmessage': { 'default': 'threat detected: ${virusname}', 'description': "reject message template if running in pre-queue mode and virusaction=REJECT", }, 'dbconnection':{ 'default':"mysql://root@localhost/spfcheck?charset=utf8", 'description':'SQLAlchemy Connection string. Leave empty to disable SQL lookups', }, 'domain_sql_query':{ 'default':"SELECT check_spearphish from domain where domain_name=:domain", 'description':'get from sql database :domain will be replaced with the actual domain name. must return boolean field check_spearphish', }, 'check_display_part': { 'default': 'False', 'description': "set to True to also check display part of From header (else email part only)", }, }
def __init__(self, config, section=None): ScannerPlugin.__init__(self, config, section) self.requiredvars = { "host": {"default": "localhost", "description": "hostname where the SSSP server runs"}, "port": {"default": "4010", "description": "tcp port or path to unix socket"}, "timeout": {"default": "30", "description": "socket timeout"}, "maxsize": { "default": "22000000", "description": "maximum message size, larger messages will not be scanned. ", }, "retries": {"default": "3", "description": "how often should fuglu retry the connection before giving up"}, "virusaction": { "default": "DEFAULTVIRUSACTION", "description": "action if infection is detected (DUNNO, REJECT, DELETE)", }, "problemaction": {"default": "DEFER", "description": "action if there is a problem (DUNNO, DEFER)"}, "rejectmessage": { "default": "threat detected: ${virusname}", "description": "reject message template if running in pre-queue mode and virusaction=REJECT", }, } self.logger = self._logger()
def __init__(self,config,section=None): ScannerPlugin.__init__(self,config,section) self.extractor=None self.logger=logging.getLogger('fuglu.plugin.URIExtract') self.requiredvars={ 'domainskiplist':{ 'default':'/etc/fuglu/extract-skip-domains.txt', 'description':'Domain skip list', }, 'maxsize':{ 'default':'10485000', 'description':'Maximum size of processed mails. Larger mail will be skipped.', }, 'loguris':{ 'default':'no', 'description':'print extracted uris in fuglu log', } }
def __init__(self, config, section=None): ScannerPlugin.__init__(self, config, section) self.requiredvars = { 'redis': { 'default': 'localhost:6379:0', 'description': 'redis config: host:port:db', }, 'ttl': { 'default': '604800', 'description': 'hash ttl in seconds', }, 'maxsize': { 'default': '600000', 'description': 'maxsize in bytes, larger messages will be skipped' }, 'timeout': { 'default': '2', 'description': 'timeout in seconds' }, } self.backend = None self.logger = self._logger()
def __init__(self, config, section=None): ScannerPlugin.__init__(self, config, section) self.logger=self._logger() self.requiredvars = { 'identifier': { 'default': 'CommandlineAV', 'description': 'identifier used in the virus tag', }, 'exectemplate': { 'default': '', 'description': 'full path to the scan executable and arguments. ${suspectpath} will be replaced with the message file', }, 'timeout': { 'default': '10', 'description': "process timeout", }, 'viruspattern': { 'default': '', 'description': 'regular expression for infected messages. use virusname and filename groups', }, 'maxsize': { 'default': '10485000', 'description': "maximum message size to scan", }, 'virusaction': { 'default': 'DEFAULTVIRUSACTION', 'description': "plugin action if threat is detected", }, 'problemaction': { 'default': 'DEFER', 'description': "plugin action if scan fails", }, 'rejectmessage': { 'default': 'threat detected: ${virusname}', 'description': "reject message template if running in pre-queue mode and virusaction=REJECT", }, }
def __init__(self, config, section=None): ScannerPlugin.__init__(self, config, section) self.logger = self._logger()