## Sagator SCANNER configuration example. ## (c) 2003-2004 Jan ONDREJ (SAL) SCANNERS=[ ## Check for marked message, rename it to '' (virus level is not changed) ## and store it into 'REALLY_CLEAN' variable. ## If a string NOSPAM is first string in subject, then ## REALLY_CLEAN=(1.0,'',[]) ## else: ## REALLY_CLEAN=(0.0,'',[]) cache('REALLY_CLEAN', rename('', regexp_scan({'':['^Subject: NOSPAM'],'&':['.']},-1) ) ) & const(0), ## Check for viruses report(['root@localhost'],report.MSG_TMPL, quarantine('/tmp/quarantine/%Y%m','', drop(drop.DEFAULT, ## Check with ClamAV all emails stream2mbox(libclam(limits={'maxratio':1000})), ## Restore from 'REALLY_CLEAN' and check for possible infections ## Do not check, if 'REALLY_CLEAN' is not set. cache('REALLY_CLEAN') & ( ## Parse for attachments parsemail( ## Check with libmagic (file utility). #file_magic({'Executable_magic': '/.*exec'},re.I), ## Check with sagator's internal content recognition. file_type({'exe': 'Executable'}), ## Check for attachment filenames. attach_name({'Executable':'\.(exe|com|vxd|dll|cpl|scr|pif|lnk|bat|vbs|js)$'}) ## Return clean, if no virusis found. ) | const(0) ) ) ) ), # Check for spams quarantine('/tmp/quarantine/%Y%m','', ## Check with spamassassin only if 'REALLY_CLEAN' is not set. cache('REALLY_CLEAN') \ & spamassassind(['localhost',783]) ) ]