Arabic  Chinese (simplified)  Chinese (traditional)  French  German  Italian  Japanese  Korean  Portuguese  Russian  Spanish 

Attachments / Viruses

From ASSPSMTP

Jump to: navigation, search
Advice
This article is incomplete. It is currently under construction and review for content, clarity and format. Help the community by adding content directly to this page or discuss what should go in this article on the discussion page!

On This Page

How It Works

Details

Attachments / Viruses FAQs

Attachments / Viruses Configuration

based upon version 1.3.5(9.18) External Attachment Blocking (DoBlockExes)

0 = disabled, 1 = block, 2 = monitor, 3 = score

External Attachment Blocking Level wiki (BlockExes)

Enter a number from 0-4 to set the level of Attachment Blocking for external senders. Enter 0 or leave blank for no attachment blocking.

Whitelisted & Local Attachment Blocking (BlockWLExes)

Enter a number from 0-4 to set the level of Attachment Blocking for whitelisted & local senders.

NoProcessing Attachment Blocking (BlockNPExes)

Enter a number from 0-4 to set the level of Attachment Blocking for no processing senders.

Level 1 rejected File Extensions (BadAttachL1)

This regular expression is used to identify Level 1 attachments that should be blocked. Separate entries with a pipe |. The dot . is assumed to precede these, so don't include it. For example: ad[ep]|asx|ba[st]|chm|cmd|com|cpl|crt|dbx|exe|hlp|ht[ab]|in[fs]|isp|js|jse|lnk|md[abez]|mht|ms[cipt]|nch|pcd|pif|prf|reg|sc[frt]|sh[bs]|vb|vb[es]|wms|ws[cfh]

Level 2 rejected File Extensions (BadAttachL2)

This regular expression is used to identify Level 2 attachments that should be blocked. Level 2 already includes all rejected extensions from Level 1. For example: (ad[ep]|asx|ba[st]|chm|cmd|com|cpl|crt|dbx|exe|hlp|ht[ab]|in[fs]|isp|js|jse|lnk|md[abez]|mht|ms[cipt]|nch|pcd|pif|prf|reg|sc[frt]|sh[bs]|vb|vb[es]|wms|ws[cfh]).zip

Level 3 rejected File Extensions (BadAttachL3)

This regular expression is used to identify Level 3 attachments that should be blocked. Level 3 includes Level 2 and Level 1. For example: zip|url

Level 4 Allowed File Extensions (GoodAttach)

This regular expression is used to identify attachments that should be allowed. All others are blocked. Separate entries with a pipe |. The dot . is assumed to precede these, so don't include it. For example: ai|asc|bhx|dat|doc|eps|gif|htm|html|ics|jpg|jpeg|hqx|od[tsp]|pdf|ppt|rar|rpt|rtf|snp|txt|xls|zip

Suspicious File Extensions (SuspiciousAttach)

This regular expression is used for suspicious attachments that should not be blocked but add to the score in MessageScoring. For example: gif|pdf

Reply Code to Refuse Rejected Attachments (AttachmentError)


Refuse Uuencoded Mails (BlockUuencoded)

Reply to Refuse Uuencoded Mails (UuencodedError)

For example: 554 5.7.1 This mail is uuencoded and will be blocked

Use ClamAV (UseAvClamd) If activated, the message is checked by ClamAV, this requires an installed File::Scan::ClamAV Perl module and a running Clamd (Windows) or Clamd (Unix). The viruses will be stored in a special folder 'quarantine' if the viruslog in >Collecting< is set to 5 and the Filepath is set properly.

Do Not Scan Messages from/to these Addresses* (noScan)

Accepts specific addresses (user@domain.com), user parts (user) or entire domains (@domain.com).

Skip ClamAV RegEx* (NoScanRe)

Put anything here to identify messages which should not be checked for viruses.

Suspicious Virus Scoring Regex (SuspiciousVirus)

If a Clamd result matches this expression it will be scored with the suspicious virus score and the message will not be blocked.

Scan Whitelisted Senders (ScanWL)

Scan No Processing Senders (ScanNP)

Scan Local Senders (ScanLocal)

Scan Copied Spam Mails (ScanCC)

Port or file socket for ClamAV (AvClamdPort)

A socket specified in the clamav.conf file - LocalSocket. For example /tmp/clamd. If the socket has been setup as a TCP/IP socket (see the TCPSocket option in the clamav.conf file), then specify the TCP socket. For example: 3310

Reply Code to Refuse Infected Messages (AvError)

Reply code to refuse infected messages. The string $infection is replaced with the name of the detected virus. For example: 554 5.7.1 Mail appears infected with '$infection' -- disinfect and resend.

Send Virus Report To Address (EmailVirusReportsTo)

If set an email containing the Message ID, Remote IP, Message Subject, Sender email address, Recipient email address, and the virus detected will be sent to this address. For example: admin@domain.com

Add Full Header To Virus Report To Mail Address Above (EmailVirusReportsHeader) If set the full message headers will also be added to Virus Reports.

Send Virus Report To Recipient (EmailVirusReportsToRCPT) If set the intended recepient of the message will be sent a copy of the Virus Report.

ClamAV Timeout (ClamAVtimeout)

ClamAV will timeout after: 10 seconds.

ClamAV Bytes (ClamAVBytes)

These many bytes of the message will be scanned for a virus. It is not recommended to set this > 100000. For example: 60000

Retrieved from "http://www.asspsmtp.org/wiki/Attachments_/_Viruses"
These icons link to social bookmarking sites where readers can share and discover new web pages. Blinklist  del.icio.us  digg  Furl  Google  ma.gnolia  Reddit  Slashdot  Spurl  YahooMyWeb 
Personal tools