mod-antivirus
Prev Kernun Firewall Reference (5) Next

Name

mod-antivirus — format of mod-antivirus component configuration

DESCRIPTION

General syntax rules of Kernun Firewall configuration files are described in configuration(7). This man page describes types, sections and items specific for the mod-antivirus component configuration.

Repeatable sections/items are marked by the '*' before section/item name.

TYPES

Configuration directives have attributes of several value-types. For the basic types description, see configuration(7).

Enumeration is a list of words (names) representing integer values. Some enumerations accept both names and direct integer values; in this case, enumeration description contains values for every name (in parenthesis next to name). For other enumerations, using of names is obligatory.

The following enumerations are used in mod-antivirus configuration directives:

enabling (see common(5))

antivirus-protocol (name-usage obligatory)

Which antivirus software is used (selects communication protocol).

drweb-file

DrWeb antivirus communicating via file

drweb-net

DrWeb antivirus communicating via network

clamav-file

Clam AntiVirus communicating via file

clamav-net

Clam AntiVirus communicating via network

nod32-file

NOD32 antivirus communicating via file

virus-status (name-usage obligatory)

Antivirus detection status. This enumeration is used when checking results of an antivirus run.

free

Mail or document scanned, no virus was found.

found

Mail or document scanned, at least one virus found.

skipped

Mail or document not scanned or antivirus disabled.

unknown

Antivirus returned an unknown response.

error

Antivirus failed.

ITEMS AND SECTIONS

Configuration of mod-antivirus library component consists of following prototypes:


* antivirus name { ... }
  antivirus-keepalive ... ;
  use-antivirus ... ;
  antivirus-mode ... ;
  accept-antivirus-status ... ;
    

Description:

antivirus name {


  connection ... ;
  sock-opt { ... }
  comm-dir ... ;
  altq ... ;
  max-checked-size ... ;
}

        

Settings of antivirus checking.

Items & subsections:

connection drweb-file inet-socket;

connection drweb-net inet-socket;

connection clamav-file inet-socket;

connection clamav-net inet-socket;

connection nod32-file unix-socket;

Connection to antivirus (socket and protocol).

<branching element> (type: antivirus-protocol)

inet-socket (type: sock)

unix-socket (type: str)

sock-opt {


  conn-timeout ... ;
  recv-bufsize ... ;
  close-timeout ... ;
  send-bufsize ... ;
  log-limit ... ;
}

            

Connection to antivirus options.

The sock-opt section is derived from sock-opt section prototype. For detail description of it, see netio(5).

Changes to the sock-opt section:

Item recv-timeout is not valid.

Item send-timeout is not valid.

comm-dir [path];

Directory used for communication with antivirus.

path (type: str, optional, default: "/tmp/antivirus")

altq altq [paltq paltq];

ALTQ queues for data sent to antivirus.

altq (type: str)

queue name

paltq paltq (type: str, optional, default: "")

priority queue name (if set, used for TCP ACK without data)

max-checked-size bytes;

Files larger than this size will not be checked and status SKIPPED will be returned.

bytes (type: uint64)

[End of section antivirus description.]

antivirus-keepalive channel [interval interval] [chunk chunk] [limit limit];

Antivirus usage mode/

Check document by antivirus, with settings for passing initial part of unchecked data through the antivirus module during antivirus checking.

channel (type: name of antivirus, see above)

Name of ANTIVIRUS global section used.

interval interval (type: uint16, optional, default: 0)

Seconds between passing blocks of unchecked data (0 = do not send unchecked data).

chunk chunk (type: uint16, optional, default: 0)

Size of each block of unchecked data.

limit limit (type: uint16, optional, default: 0)

Maximum size of unchecked data passed before antivirus check is completed. Remaining data will be passed only after successful checking.

use-antivirus disable;

use-antivirus enable channel;

Antivirus usage mode.

If omitted, or disabled, no antivirus is enabled. In this case, neither any ANTIVIRUS global section can be present nor any MAIL-ACL and DOC-ACL can have VIRUS item specified.

<branching element> (type: enabling)

channel (type: name of antivirus, see above)

antivirus-mode disable [interval interval] [chunk chunk] [limit limit];

antivirus-mode enable channel [interval interval] [chunk chunk] [limit limit];

Antivirus usage mode.

If omitted, or disabled, no antivirus is enabled. In this case, neither any ANTIVIRUS global section can be present nor any ACL can have VIRUS item specified.

If enabled, it can be configured for passing initial part of unchecked data to the client before the antivirus check is completed. In this case, if a virus is found later, the connection to the client is broken.

<branching element> (type: enabling)

channel (type: name of antivirus, see above)

interval interval (type: uint16, optional, default: 0)

Seconds between passing blocks of unchecked data (0 = do not send unchecked data).

chunk chunk (type: uint16, optional, default: 0)

Size of each block of unchecked data.

limit limit (type: uint16, optional, default: 0)

Maximum size of unchecked data passed before antivirus check is completed. Remaining data will be passed only after successful checking.

accept-antivirus-status status;

Defines set of antivirus status codes (in addition to FREE) that allow further passing of data. Other status codes cause termination of data transfer. If not set, data are passed only if the antivirus returns status FREE.

status (type: virus-status-set)

SEE ALSO

configuration(7), common(5), netio(5)

Prev Up Next
mod-antispam Home mod-html-filter