Documentation (for latest development release)

Scanners.txt - scanner documentation
add_header Add email headers.
add_listed Add one record into SQL list for a policy. [new in 0.8.0]
alternatives Alternative scanners.
b2f An alias for buffer2file() interscanner.
buffer2file Buffer to file converter.
buffer2mbox An alias for buffer2file(...,1) interscanner.
cache Cache return value of a scanner. [new in 0.7.0]
check_level Select scanner based on tested scanner return status. [new in 0.9.0]
custom_action Interscanner to set custom action. [new in 0.9.0]
decompress Scanner used to decompress archives (zip,rar,arj,zoo,tar,...).
deliver A scanner to force sending some viruses/spams to original recipients.
deliver_to Interscanner to send emails to admins.
drop Interscanner to drop viruses/spams. By default they are rejected.
f2b An alias for file2buffer() interscanner.
file2buffer File to buffer converter.
interscanner Default scanner used for building all other interscanners.
log Advanced logger interscanner.
log_cleanup Clean old records from SQL log database table. [new in 1.1.0]
log_sql SQL interscanner for python DB-API 2.0 compatible DB modules. [new in 0.7.0]
log_syslog Syslog logger interscanner to log via syslog.
match_all Returns a virus only if all scanners returns a virus.
match_any Match for any sub-scanner is required.
modify_header Modify email headers.
modify_subject Modify email Subject.
nothing This scanner does nothing. :-)
parsemail Email parser interscanner.
quarantine Quarantine into a directory.
recover Recover from an error.
regexp_find Recipient email address to index scanner, operating with regexp. [new in 0.9.0]
rename Interscanner to rewrite virus name returned by an scanner.
report Report any message to admin, user or anybody.
report_recipients Report any message to email recipients.
retry Retry scanner more times.
sql_find Recipient email address to index scanner, operating on SQL database. [new in 0.9.0]
status This interscanner can be used to collect some other statistics.
time_limit Interscanner to limit scanner execution time. [new in 0.7.0]
ascanner Default scanner user for building all other realscanners.
attach_name Attachment name scanner.
avgd AVG daemon realscanner.
bdc Bitdefender realscanner.
clamd ClamAV daemon realscanner for clamav-1.0 or higher.
clamd0 ClamAV daemon realscanner for clamav-0.103 or older.
clamscan ClamAV command line realscanner.
cmd A realscanner used to scan over command line programs.
cmd_bdc This scanner uses bdc command from BitDefender antivirus.
cmd_clamav This scanner uses clamscan command from clamav project.
cmd_drweb This scanner uses drweb command from DRWEB antivirus.
cmd_fprot This scanner uses f-prot command from FRISK F-Prot antivirus.
cmd_kavscanner This scanner uses kavscanner command from KasperskyLab kavscanner.
cmd_mks This scanner uses mks antivirus.
cmd_trendmicro This scanner uses trendmicro command from Trend Micro FileScanner.
cmd_uvscan This scanner uses uvscan command from McAfee AntiVirus.
cmd_vbuster This scanner uses vbuster command from VirusBuster.
const Realscanner to return a constant value (virus or clean).
dspam This realscanner uses dspam library.
dspam_classify Realscanner to classify emails for DSPAM.
esetspac ESETs scanner over it's preload library module. [new in 1.1.1]
file_magic File magic test (like "file -i command").
file_type Realscanner, which scans type of a file.
filesys Scanner which uses filesystem scanners. [new in 0.7.0]
kav Kaspersky Antivirus realscanner.
kavclient Kaspersky antivirus client realscanner.
libclam ClamAV realscanner - uses libclamavmodule python library.
max_file_size Realscanner to test email's size.
nod2 NOD2 scanner. Works with nod32lfs.
nod2pac NOD32lfs scanner over it's preload library module. [new in 0.8.0]
regexp_scan Primitive regexp pattern scanner.
remove_headers Remove email headers.
sanitize Sanitize (rename attachment filenames) an email.
savse Symantec antivirus scan engine scanner.
scanc Scanner daemon client. [new in 0.8.0]
sender_regexp Sender IP address regexp scanner.
smtp_comm Primitive regexp pattern scanner for SMTP communication.
sophie Sophie realscanner.
string_scan Primitive string pattern scanner.
trophie Trophie realscanner.
usrquota Check user quota for an recipient.
bogofilter BogoFilter scanner.
filter Filter a message through a command.
qsf Quick Spam Filter scanner.
spamassassind SpamAssassin daemon scanner.
auto_whitelist Whitelist IP addresses after sending some emails properly. [new in 0.8.0]
dns_check IP to domain (and back) resolving checker. [new in 0.8.0]
elisted SQL blacklist for a policy. Enhanced version. [new in 1.1.1]
geoip2_country GeoIP2 country match (using mmdb files). [new in 2.0.0]
geoip_country GeoIP country match. [new in 1.3.1]
greylist A greylist policy scanner. [new in 0.8.0]
list_cleanup Cleanup obsolete records from an SQL list. [new in 0.8.0]
listed SQL blacklist for a policy. [new in 0.8.0]
not_listed SQL whitelist for a policy. [new in 0.8.0]
policy_quota_auth_limit A policy quota for authorized users. [new in 1.3.0]
policy_quota_cleanup Clean old records from SQL policy database table. [new in 1.3.0]
rbl_check RBL (Real-time Blackhole list) checker. [new in 1.1.0]
set_action An interscanner to return a status to set an action to return. [new in 0.8.0]
spf_check SPF (Sender Permitted From) checker. [new in 0.8.0]
Services.txt - service documentation
chroot_execvp Execute an external command (or start an daemon). [new in 0.7.0]
chroot_execvpe Execute an external command (or start an daemon) and update variables. [new in 0.7.0]
collector Statistics collector service.
fusefs Fuse filesystem with antivirus checking. [new in 0.8.0]
http_proxy HTTP proxy service (experimental).
lmtpd LMTP daemon service. [new in 0.7.0]
milter Milter support service.
recipient_policy Virtual recipient policy. [new in 0.8.0]
reporter Reporter virtual service.
rlimit Resource limit virtual service.
scand Scanner daemon with a preload library ability. [new in 0.8.0]
sgfilterd A service to filter data sent by sgfilter command. [new in 0.7.0]
smtpd SMTP daemon service.
smtpd_policy SMTP policy service. [new in 0.8.0]
webq_jinja Web service for sagator's quaratine access. [new in 1.3.0]
Databases.txt - database connections for SAGATOR
MySQLdb MySQL database connection.
pg PostgreSQL support via pg python module.
pgdb PostgreSQL support via pgdb python module. [recomended]
psycopg PostgreSQL support via psycopg python module.
pymysql MySQL database connection.
sqlite SQLite database conenction.
Manual pages: FAQ
ChangeLog (for development release)
Slides (only in Slovak language)
Articles by David Zejda from root.cz (Czech language): Tecmint article by Gabriel Cánepa: Examples:
Documentation for developers: