Nelze vybrat více než 25 témat Téma musí začínat písmenem nebo číslem, může obsahovat pomlčky („-“) a může být dlouhé až 35 znaků.

snf_engine.xml.sample.in 7.6KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166
  1. <?xml version="1.0"?>
  2. <?xml-stylesheet type="text/xsl"
  3. href="snf-configuration.xsl"?>
  4. <!-- SNFMulti V3.0 Configuration File, Setup: Typical of SNF4CGP -->
  5. <!-- http://www.armresearch.com/support/articles/software/snfServer/config/snfEngine.jsp -->
  6. <snf>
  7. <node identity='/var/CommuniGate/CGPSNF/identity.xml'>
  8. <paths>
  9. <log path='/var/CommuniGate/CGPSNF/'/>
  10. <rulebase path='/var/CommuniGate/CGPSNF/'/>
  11. <workspace path='/var/CommuniGate/CGPSNF/'/>
  12. </paths>
  13. <logs>
  14. <rotation localtime='no'/>
  15. <status>
  16. <second log='yes' append='no'/>
  17. <minute log='yes' append='no'/>
  18. <hour log='no' append='no'/>
  19. </status>
  20. <scan>
  21. <identifier force-message-id='no'/>
  22. <classic mode='api' rotate='yes' matches='unique'/>
  23. <xml mode='file' rotate='yes' matches='all' performance='yes' gbudb='yes'/>
  24. <xheaders>
  25. <output mode='api'/>
  26. <version on-off='off'>X-MessageSniffer-Version</version>
  27. <license on-off='off'>X-MessageSniffer-License</license>
  28. <rulebase on-off='off'>X-MessageSniffer-RulebaseUTC</rulebase>
  29. <identifier on-off='off'>X-MessageSniffer-Identifier</identifier>
  30. <gbudb on-off='on'>X-GBUdb-Analysis</gbudb>
  31. <result on-off='on'>X-MessageSniffer-Scan-Result</result>
  32. <matches on-off='on'>X-MessageSniffer-Rules</matches>
  33. <black on-off='off'>X-MessageSniffer-Spam: Yes</black>
  34. <white on-off='off'>X-MessageSniffer-White: Yes</white>
  35. <clean on-off='off'>X-MessageSniffer-Clean: Yes</clean>
  36. <symbol on-off='off' n='0'>X-MessageSniffer-SNF-Group: OK</symbol>
  37. <symbol on-off='off' n='20'>X-MessageSniffer-SNF-Group: Truncated</symbol>
  38. <symbol on-off='off' n='40'>X-MessageSniffer-SNF-Group: Caution</symbol>
  39. <symbol on-off='off' n='63'>X-MessageSniffer-SNF-Group: Black</symbol>
  40. <symbol on-off='off' n='62'>X-MessageSniffer-SNF-Group: Obfuscation</symbol>
  41. <symbol on-off='off' n='61'>X-MessageSniffer-SNF-Group: Abstract</symbol>
  42. <symbol on-off='off' n='60'>X-MessageSniffer-SNF-Group: General</symbol>
  43. <symbol on-off='off' n='59'>X-MessageSniffer-SNF-Group: Casinos-Gambling</symbol>
  44. <symbol on-off='off' n='58'>X-MessageSniffer-SNF-Group: Debt-Credit</symbol>
  45. <symbol on-off='off' n='57'>X-MessageSniffer-SNF-Group: Get-Rich</symbol>
  46. <symbol on-off='off' n='56'>X-MessageSniffer-SNF-Group: Ink-Toner</symbol>
  47. <symbol on-off='off' n='55'>X-MessageSniffer-SNF-Group: Malware</symbol>
  48. <symbol on-off='off' n='54'>X-MessageSniffer-SNF-Group: Porn-Dating-Adult</symbol>
  49. <symbol on-off='off' n='53'>X-MessageSniffer-SNF-Group: Scam-Phishing</symbol>
  50. <symbol on-off='off' n='52'>X-MessageSniffer-SNF-Group: Snake-Oil</symbol>
  51. <symbol on-off='off' n='51'>X-MessageSniffer-SNF-Group: Spamware</symbol>
  52. <symbol on-off='off' n='50'>X-MessageSniffer-SNF-Group: Media-Theft</symbol>
  53. <symbol on-off='off' n='49'>X-MessageSniffer-SNF-Group: AV-Push</symbol>
  54. <symbol on-off='off' n='48'>X-MessageSniffer-SNF-Group: Insurance</symbol>
  55. <symbol on-off='off' n='47'>X-MessageSniffer-SNF-Group: Travel</symbol>
  56. </xheaders>
  57. </scan>
  58. </logs>
  59. <network>
  60. <sync secs='30' host='sync.messagesniffer.net' port='25'/>
  61. <update-script on-off='on' call='/var/CommuniGate/CGPSNF/getRulebase' guard-time='180'/>
  62. </network>
  63. <xci on-off='on' port='9001'/>
  64. <gbudb>
  65. <database>
  66. <condense minimum-seconds-between='600'>
  67. <time-trigger on-off='on' seconds='86400'/>
  68. <posts-trigger on-off='off' posts='1200000'/>
  69. <records-trigger on-off='off' records='600000'/>
  70. <size-trigger on-off='on' megabytes='150'/>
  71. </condense>
  72. <checkpoint on-off='on' secs='3600'/>
  73. </database>
  74. <regions>
  75. <white on-off='on' symbol='0'>
  76. <edge probability='-1.0' confidence='0.4'/>
  77. <edge probability='-0.8' confidence='1.0'/>
  78. <panic on-off='on' rule-range='1000'/>
  79. </white>
  80. <caution on-off='on' symbol='40'>
  81. <edge probability='0.4' confidence='0.0'/>
  82. <edge probability='0.8' confidence='0.5'/>
  83. </caution>
  84. <black on-off='on' symbol='63'>
  85. <edge probability='0.8' confidence='0.2'/>
  86. <edge probability='0.8' confidence='1.0'/>
  87. <truncate on-off='on' probability='0.9' peek-one-in='5' symbol='20'/>
  88. <sample on-off='on' probability='0.8' grab-one-in='5' passthrough='no' passthrough-symbol='0'/>
  89. </black>
  90. </regions>
  91. <training on-off='on'>
  92. <bypass>
  93. <!-- <header name='To:' find='spam@example.com'/> -->
  94. <!-- <header name='Received:' ordinal='1' find='friendlyhost.com'/> -->
  95. </bypass>
  96. <drilldown>
  97. <!-- <received ordinal='0' find='[12.34.56.'/> where we want to ignore 12.34.56.0/24 -->
  98. <!-- <received ordinal='0' find='mixed-source.com'/> -->
  99. <!-- <received ordinal='1' find='mixed-source-internal.com'/> -->
  100. </drilldown>
  101. <source>
  102. <!-- <header name='X-Use-This-Source:' received='mixedsource.com [' ordinal='0' /> -->
  103. <!-- <header name='X-Originating-IP:' received='hotmail.com [' ordinal='0' /> -->
  104. </source>
  105. <white>
  106. <result code='1'/>
  107. <!-- <header name='Received:' ordinal='0' find='.friendlyhost.com'/> -->
  108. </white>
  109. </training>
  110. </gbudb>
  111. <rule-panics>
  112. <!--
  113. <rule id='123456'/>
  114. <rule id='123457'/>
  115. -->
  116. </rule-panics>
  117. <platform>
  118. <snf4cgp>
  119. <ham action='Allow' reason='Message OK' comment='Message OK' headers='no' classic='no' xml='no'>
  120. <result code='0' comment='(0) Not Spam/Malware' />
  121. <result code='1' comment='(1) White Rule/IP-Range' />
  122. </ham>
  123. <spam action='Allow' reason='Spam/Malware' comment='Spam/Malware' headers='yes' classic='no' xml='no' hold-path='quarantine'>
  124. <result code='20' action='Reject' reason='Source IP black listed (GBUdb/truncate)' comment='(20) Truncate' />
  125. <result code='40' action='Postpone' reason='Source IP suspect (GBUdb/caution)' comment='(40) Caution' />
  126. <result code='63' action='Postpone' reason='Source IP suspect (GBUdb/black)' comment='(63) Black' />
  127. </spam>
  128. </snf4cgp>
  129. </platform>
  130. <msg-file type='cgp'/>
  131. </node>
  132. </snf>