== Services ============================== chroot_execvp() | Execute an external command (or start an daemon). | | This service can be used to start external daemons used by sagator. | | Usage: chroot_execvp('daemon_name',args=[],pid_file='') | | Where: daemon_name is a string, which defines command name | args are strings, which defines command line arguments | pid_file is an string to filename with PID of started daemon | pgrp_file is an string to a process group filename | | Example: chroot_execvp('/usr/sbin/clamd','-c','/etc/clamav.conf') | | New in version 0.7.0. chroot_execvpe() | Execute an external command (or start an daemon) and update variables. | | This service can be used to start external daemons used by sagator. | You also can set environment varibles. | | Usage: chroot_execvpe('daemon_name',args=[],env={}) | | Where: daemon_name is a string, which defines command name | args are strings, which defines command line arguments | env is an dictionary of environment variables | pid_file is an string to filename with PID of started daemon | pgrp_file is an string to a process group filename | | Example: chroot_execvpe('/usr/sbin/clamd',['-c','/etc/clamav.conf'], | {'LANG': 'C'}) | | New in version 0.7.0. collector() | Statistics collector service. | | This service can be used to collect some data for statistics. | | Usage: collector(ip_or_hostname='', port=-1, | statfile='/var/lib/sagator/status') | | Where: ip_or_hostname is an string, which defines IP to bind to | port is an integer, which defines port number to bind to. | If port<0 (default), no tcp socket will listen and only | statistics from file will be processed. It is effective | for large servers. | statfile is an string, which defines where to store status | | Examples: collector() | or: collector('0.0.0.0',28) fusefs() | Fuse filesystem with antivirus checking. | | This service can be used to check filesystem access for viruses. | | Usage: fusefs(SCANNERS, mountpoint, root_path='/') | | Where: mountpoint is a string, which defines an directory, where files | will be accessed. | root_path is a path, which files will real files. | | Example: fusefs(SCANNERS, '/home', '/realhome') | | New in version 0.8.0. http_proxy() | HTTP proxy service (experimental). | | !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! | !!! WARNING! This service is experimental! Use at your risk! !!! | !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! | | This service can be used as filtering HTTP proxy. | | Usage: http_proxy(scanners, host, port, prefork=2) | | Where: scanners is an array of scanners (see README.scanners for more info) | host is a an ip address to bind | port is a port to bind | prefork is a number, which defines preforked process count | | Example: http_proxy(SCANNERS, '127.0.0.1', 3128) | | Warning! Do not forget to block access to this port for non-local users. lmtpd() | LMTP daemon service. | | This service can be used to start sagator as separate filtering LMTP | daemon. Is is useful for postfix and any other LMTP client, which | can use these filters. | LMTP protocol is useful, if you want to set different filters for | different users. | | Usage: lmtpd(scanners, host, port, prefork=2) | | Where: scanners is an array of scanners (see README.scanners for more info) | host is a an ip address to bind | port is a port to bind | prefork is a number, which defines preforked process count. | Set this parameter to actual processor count + 1 | or leave it's default (2). | | Example: lmtpd(SCANNERS, '127.0.0.1', 27) | | New in version 0.7.0. milter() | Milter support service. | | This service can be used to start sagator as milter filter. | | Usage: milter(scanners, name, connection, umask) | | Where: scanners is an array of scanners (see README.scanners for more info) | name is an string, milter service name | connection in an string, which defines, where should milter service | listen | umask is an integer, which defines which umask should be set before | creating local socket | | Example: milter(SCANNERS, "sagator", "inet:3333@127.0.0.1") | | For more information about milter's parameters see milter documentation. | | You need python's milter module to run this service: | http://www.bmsi.com/python/milter.html recipient_policy() | Virtual recipient policy. | | This policy check is invoked after an "RCPT TO:" smtp command is received. | You can use an policy scanner combination as scanner. It is useable for | postfix's before-queue policy filter or an policy filter for milter. | This service must be defined before service, which want to use it. | | Usage: recipient_policy(scanners, dbc) | | Where: scanners is an array of policy scanners | (see README.scanners for more info) | dbc is an database connection | | Example: recipient_policy(POLICY_SCANNERS, db.sqlite()) | | New in version 0.8.0. reporter() | Reporter virtual service. | | This service is only a virtual service to configure parameters for | reporter script. | | Usage: reporter(...parameters...) | | There you can define some parameters: | "begin", "body", "end", "include", "exclude", "include_fx", "exclude_fx" | and "groups". | | First three parameters are email templates. "begin" is report header. | It must contain RFC2822 headers. "body" is message part displayed for each | rejected/dropped message. "end" is report's tailer, added to message | after all "body"s. See srv/reporter.py file for example. | | "webq" parameter must define base URL to webq() service. This parameter | is autodetected as your server hostname + standard webq() root directory. | A row with this URL is added to your standard body, if no user body | defined. | | "groups" parameter can be used to define email groups, for example you | can define to send reports only to admin for each domain on you server: | reporter(groups=[ | ['@mydomain1.com$', 'admin@mydomain1.com'], | ['@domain2.sk$', 'admin@domain2.sk'], | ['.', 'root@localhost'] # send other to root | ]) | It is possible to define empty string as target to ignore some records. | | Example: reporter(include='@mydomain.sk$') | | Groups are new in version 0.9.0. rlimit() | Resource limit virtual service. | | This service can be used to set resource limits for sagator. | | Usage: rlimit(PARAM1=value1, PARAM2=value1, ...) | | Where: PARAM1,... are resource parameter names | value1,... are resource values | | For example you can use there resource parameter names: | AS for the maximum area (in bytes) of address space which may be | taken by the process. | NOFILE for the maximum number of open file descriptors for the | current process. | VMEM for the largest area of mapped memory which the process may occupy. | DATA for the maximum size (in bytes) of the process's heap. | RSS for the maximum resident set size that should be made available | to the process. | STACK for the maximum size (in bytes) of the call stack for the current | process. | FSIZE for the maximum size of a file which the process may create. | This only affects the stack of the main thread in a multi-threaded | process. | CPU for the maximum amount of processor time (in seconds) that a process | can use | | Aprox. 100 MB address space is required only for libclamav database. | | Example: rlimit(AS=30000000) scand() | Scanner daemon with a preload library ability. | | This service can be used to scan for viruses with an library, which | can be "preloaded" as LD_PRELOAD library. | | Usage: scand(scanner,ld_preload='', | sock='/tmp/scand.sock', | pid_file='/var/run/scand.pid', | as_root=False) | | Where: scanner is a scand scanner | ld_preload is an library name, which can be preloaded with | LD_PRELOAD parameter. By default by library will be preloaded. | sock is path to communicate with scanner | pid_file is a path to store daemon's pid file. This will be loaded | at exit and this process will be killed. | as_root is an boolean. Set it to True if you want to run scanners | in scand as root. | | Example: scand(nod2pac(),ld_preload='/usr/lib/libnod32pac.so') | or: scand(usrquota('mydomain.sk'),as_root=True) | | New in version 0.8.0. sgfilterd() | A service to filter data sent by sgfilter command. | | This service can be used to filter an email through sagator. | Some headers should be added to filtered email. A client for this | service is the sgfilter script. See man sgfilter for more information. | | Usage: sgfilterd(scanners,host='127.0.0.1',port=27,prefork=2) | | Where: scanners is an array of scanners (see README.scanners for more info) | host is a hostname to bind | port is a tcp port to bind | prefork is a number, which defines preforked process count. | Set this parameter to actual processor count + 1 | or leave it's default (2). | | Example: sgfilterd(SCANNERS) | | Input protocol description: | MAIL FROM: sender_email | RCPT TO: recipient_email | DATA length | ... | | Where: sender_email is sender's email address | recipient_email is recipient's email address. You can send more | RCPT TO: lines. | length is whole data length in bytes (including control characters, | as newlines, ...) | | Output protocol description: | XXX L.LL VIRNAME | ... | ^D | | Where: XXX is three digit status, one from these: | 250 - clean | 251 - not clean, but sending forced | 451 - an internal error occured during scanning | 550 - reject | 551 - drop | L.LL is an floating number of virus/spam level status | VIRNAME is an short description (like virus name, 'SPAM' string | or other one line short description | ... is modified email message (if some scanners are defined | to modify scanned message) | ^D is an EOF character, after message the communication is closed | | New in version 0.7.0. smtpd() | SMTP daemon service. | | This service can be used to start sagator as separate filtering SMTP | daemon. Is is useful for postfix and any other SMTP daemon, which | can use these filters. | | Usage: smtpd(scanners, host, port, prefork=2) | | Where: scanners is an array of scanners (see README.scanners for more info) | host is a an ip address to bind | port is a port to bind | prefork is a number, which defines preforked process count. | Set this parameter to actual processor count + 1 | or leave it's default (2). For multicore servers you can use | core_count() function to use autodetection. | | Example: smtpd(SCANNERS, '127.0.0.1', 27) smtpd_policy() | SMTP policy service. | | This service can be used as smtpd policy service for postfix. | | Usage: smtpd_polixy(scanners, dbc, host, port, max_children=200) | | Where: scanners is an array of policy scanners | (see README.scanners for more info) | dbc is an database connection | host is a an ip address to bind | port is a port to bind | max_children is a number defining maximal number of childrens | for this service | | Example: smtpd_policy(SCANNERS, db.sqlite(), '127.0.0.1', 29) | | Postfix configuration example: | /etc/postfix/main.cf: | smtpd_recipient_restrictions= | ... | check_policy_service inet:127.0.0.1:29 | ... | | New in version 0.8.0. webq_jinja() | Web service for sagator's quaratine access. | | This service can be used to access email collected by sagator via | web interface. | | Requirements: python-jinja2 or python-jinja | | Usage: webq_jinja(host='0.0.0.0', port=8008, db, | log='/var/log/sagator/webq.log', | scanner, userconv) | | Where: host is an string, which defines IP address to bind, | default: 0.0.0.0 | port is an integer, which defines tcp port to listen, default: 8008 | db is a database connection. For description see Databases.txt. | log is defining a log file name, by default /var/log/sagator/webq.log | scanner is a scanner to use for checking (only one scanner | can be used here and it must be a buffer scanner!) | userconv is an array, which defines regular expression | and substitution strings. Usernames from login prompt | are matched against this regular expression and substitued | by substitution string. | request_handler is an SimpleHTTPRequestHandler class. | By default webq_jinja_request_handler is used. | Use this class as parent if you need to override some functions. | This parameter was introduced in sagator 1.3. | | It is recommended to use apache mod_proxy module to redirect standard | web traffic from port 80 to webq()'s 8008. For example: | ProxyPass /webq http://localhost:8008 | ProxyPassReverse /webq http://localhost:8008 | | Example: See default config file for example. | | New in version 1.3.0.