Initial revision.

git-svn-id: https://svn.microneil.com/svn/SNF4CGP/trunk@39 59e8e3e7-56fa-483b-b4b4-fa6ab0af3dfc

Misc/GBUdbIgnoreList.txt.sample

@@ -0,0 +1,9 @@
+# List of IPs to Ignore on startup
+# Each IP in this list is set to Ignore in GBUdb when
+# The configuration is loaded.
+# Hash mark on the beginning of a line indicates a comment.
+# Comments after an IP are also ignored.
+# One line per IP. Sorry, no CIDR yet.
+# Be sure to list ALL of your gateways :-)
+
+127.0.0.1	# ignore localhost, of course.

Misc/Makefile.am

@@ -0,0 +1,40 @@
+## Process this file with automake to produce Makefile.in
+##
+## $Id$
+##
+## automake input for the MicroNeil SNF4CGP config files.
+##
+## Author:  Alban Deniz
+##
+## Copyright (C) 2009 ARM Research Labs, LLC.
+## See www.armresearch.com for the copyright terms.
+##
+##
+
+CONFDATA =					\
+	SNF4CGP.xml.sample			\
+	identity.xml.sample
+
+sampleconfdir = @sysconfdir@/@PACKAGE_NAME@
+sampleconf_DATA = $(CONFDATA)
+
+SNF4CGP.xml.sample:	SNF4CGP.xml.sample.in Makefile
+	cat @top_srcdir@/config_files/SNF4CGP.xml.sample.in | sed -e s+SYSCONFDIR+@sysconfdir@+ -e s+PREFIX+@prefix@+ -e s+PACKAGE_NAME+@PACKAGE_NAME@+  > $@
+
+identity.xml.sample:	identity.xml.sample.in
+	cp @top_srcdir@/config_files/identity.xml.sample.in $@
+
+pkgdata_DATA =                       		\
+	GBUdbIgnoreList.txt.sample
+
+EXTRA_DIST = 					\
+	SNF4CGP.xml.sample.in			\
+	identity.xml.sample.in			\
+	GBUdbIgnoreList.txt.sample		\
+	Makefile.am
+
+CLEANFILES =					\
+	$(CONFDATA)
+
+clean-local:
+	rm -f *.gcno *.gcov *.gcda *~

Misc/SNF4CGP.xml.sample.in

@@ -0,0 +1,162 @@
+<!-- SNFMulti V3.0 Configuration File, Setup: Typical of SNF4CGP -->
+<!-- http://www.armresearch.com/support/articles/software/snfServer/config/snfEngine.jsp -->
+
+<snf>
+    <node identity='SYSCONFDIR/PACKAGE_NAME/identity.xml'>
+
+        <paths>
+            <log path='/var/log/PACKAGE_NAME/'/>
+            <rulebase path='PREFIX/share/PACKAGE_NAME/'/>
+            <workspace path='PREFIX/share/PACKAGE_NAME/'/>
+        </paths>
+
+        <logs>
+
+            <rotation localtime='no'/>
+
+            <status>
+                <second log='yes' append='no'/>
+                <minute log='yes' append='no'/>
+                <hour log='no' append='no'/>
+            </status>
+
+            <scan>
+                <identifier force-message-id='no'/>
+                <classic mode='api' rotate='yes' matches='unique'/>
+                <xml mode='file' rotate='yes' matches='all' performance='yes' gbudb='yes'/>
+
+                <xheaders>
+                    <output mode='api'/>
+
+                    <version on-off='off'>X-MessageSniffer-Version</version>
+                    <license on-off='off'>X-MessageSniffer-License</license>
+                    <rulebase on-off='off'>X-MessageSniffer-RulebaseUTC</rulebase>
+                    <identifier  on-off='off'>X-MessageSniffer-Identifier</identifier>
+                    <gbudb on-off='on'>X-GBUdb-Analysis</gbudb>
+                    <result on-off='on'>X-MessageSniffer-Scan-Result</result>
+                    <matches on-off='on'>X-MessageSniffer-Rules</matches>
+
+                    <black on-off='off'>X-MessageSniffer-Spam: Yes</black>
+                    <white on-off='off'>X-MessageSniffer-White: Yes</white>
+                    <clean on-off='off'>X-MessageSniffer-Clean: Yes</clean>
+                    <symbol on-off='off' n='0'>X-MessageSniffer-SNF-Group: OK</symbol>
+                    <symbol on-off='off' n='20'>X-MessageSniffer-SNF-Group: Truncated</symbol>
+                    <symbol on-off='off' n='40'>X-MessageSniffer-SNF-Group: Caution</symbol>
+                    <symbol on-off='off' n='63'>X-MessageSniffer-SNF-Group: Black</symbol>
+                    <symbol on-off='off' n='62'>X-MessageSniffer-SNF-Group: Obfuscation</symbol>
+                    <symbol on-off='off' n='61'>X-MessageSniffer-SNF-Group: Abstract</symbol>
+                    <symbol on-off='off' n='60'>X-MessageSniffer-SNF-Group: General</symbol>
+                    <symbol on-off='off' n='59'>X-MessageSniffer-SNF-Group: Casinos-Gambling</symbol>
+                    <symbol on-off='off' n='58'>X-MessageSniffer-SNF-Group: Debt-Credit</symbol>
+                    <symbol on-off='off' n='57'>X-MessageSniffer-SNF-Group: Get-Rich</symbol>
+                    <symbol on-off='off' n='56'>X-MessageSniffer-SNF-Group: Ink-Toner</symbol>
+                    <symbol on-off='off' n='55'>X-MessageSniffer-SNF-Group: Malware</symbol>
+                    <symbol on-off='off' n='54'>X-MessageSniffer-SNF-Group: Porn-Dating-Adult</symbol>
+                    <symbol on-off='off' n='53'>X-MessageSniffer-SNF-Group: Scam-Phishing</symbol>
+                    <symbol on-off='off' n='52'>X-MessageSniffer-SNF-Group: Snake-Oil</symbol>
+                    <symbol on-off='off' n='51'>X-MessageSniffer-SNF-Group: Spamware</symbol>
+                    <symbol on-off='off' n='50'>X-MessageSniffer-SNF-Group: Media-Theft</symbol>
+                    <symbol on-off='off' n='49'>X-MessageSniffer-SNF-Group: AV-Push</symbol>
+                    <symbol on-off='off' n='48'>X-MessageSniffer-SNF-Group: Insurance</symbol>
+                    <symbol on-off='off' n='47'>X-MessageSniffer-SNF-Group: Travel</symbol>
+
+                </xheaders>
+            </scan>
+        </logs>
+
+        <network>
+            <sync secs='30' host='sync.messagesniffer.net' port='25'/>
+            <update-script on-off='on' call='PREFIX/sbin/getRulebase' guard-time='180'/>
+        </network>
+
+        <xci on-off='on' port='9001'/>
+
+        <gbudb>
+            <database>
+
+                <condense minimum-seconds-between='600'>
+                    <time-trigger on-off='on' seconds='86400'/>
+                    <posts-trigger on-off='off' posts='1200000'/>
+                    <records-trigger on-off='off' records='600000'/>
+                    <size-trigger on-off='on' megabytes='150'/>
+                </condense>
+
+                <checkpoint on-off='on' secs='3600'/>
+
+            </database>
+
+            <regions>
+
+                <white on-off='on' symbol='0'>
+                    <edge probability='-1.0' confidence='0.4'/>
+                    <edge probability='-0.8' confidence='1.0'/>
+                    <panic on-off='on' rule-range='1000'/>
+                </white>
+
+                <caution on-off='on' symbol='40'>
+                    <edge probability='0.4' confidence='0.0'/>
+                    <edge probability='0.8' confidence='0.5'/>
+                </caution>
+
+                <black on-off='on' symbol='63'>
+                    <edge probability='0.8' confidence='0.2'/>
+                    <edge probability='0.8' confidence='1.0'/>
+                    <truncate on-off='on' probability='0.9' peek-one-in='5' symbol='20'/>
+                    <sample on-off='on' probability='0.8' grab-one-in='5' passthrough='no' passthrough-symbol='0'/>
+                </black>
+
+            </regions>
+
+            <training on-off='on'>
+
+                <bypass>
+                    <!-- <header name='To:' find='spam@example.com'/> -->
+                    <!-- <header name='Received:' ordinal='1' find='friendlyhost.com'/> -->
+                </bypass>
+
+                <drilldown>
+                    <!-- <received ordinal='0' find='[12.34.56.'/> where we want to ignore 12.34.56.0/24 -->
+                    <!-- <received ordinal='0' find='mixed-source.com'/> -->
+                    <!-- <received ordinal='1' find='mixed-source-internal.com'/> -->
+                </drilldown>
+
+                <source>
+                    <!-- <header name='X-Use-This-Source:' received='mixedsource.com [' ordinal='0' /> -->
+                    <!-- <header name='X-Originating-IP:' received='hotmail.com [' ordinal='0' /> -->
+                </source>
+
+                <white>
+                    <result code='1'/>
+                    <!-- <header name='Received:' ordinal='0' find='.friendlyhost.com'/> -->
+                </white>
+
+            </training>
+
+         </gbudb>
+
+         <rule-panics>
+             <!--
+             <rule id='123456'/>
+             <rule id='123457'/>
+             -->
+         </rule-panics>
+
+         <platform>
+             <snf4cgp>
+                 <ham action='Allow' reason='Message OK' comment='Message OK' headers='yes' xml='yes'>
+                     <result code='0' comment='(0) Not Spam/Malware' />
+                     <result code='1' comment='(1) White Rule/IP-Range' />
+                 </ham>
+                 <spam action='Allow' reason='Spam/Malware' comment='Spam/Malware' headers='yes' classic='no' xml='no' hold-path='quarantine'>
+                     <result code='40' comment='(40) Caution' />
+                     <result code='63' action='Reject' reason='Source IP black listed (GBUdb/black)' comment='(63) Black' />
+                     <result code='20' action='Reject' reason='Source IP black listed (GBUdb/truncate)' comment='(20) Truncate' />
+                 </spam>
+             </snf4cgp>
+         </platform>
+
+         <msg-file type='cgp'/>
+
+    </node>
+</snf>
+

Misc/identity.xml.sample.in

@@ -0,0 +1,2 @@
+<snf><identity licenseid='licensid' authentication='authenticationxx'/></snf>
+