aboutsummaryrefslogtreecommitdiffstats
path: root/conf/modules.d/external_services.conf
blob: a4f9a6aeaffab6a6a80e18c8d94928b621488916 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
# Please don't modify this file as your changes might be overwritten with
# the next update.
#
# You can modify '$LOCAL_CONFDIR/rspamd.conf.local.override' to redefine
# parameters defined on the top level
#
# You can modify '$LOCAL_CONFDIR/rspamd.conf.local' to add
# parameters defined on the top level
#
# For specific modules or configuration you can also modify
# '$LOCAL_CONFDIR/local.d/file.conf' - to add your options or rewrite defaults
# '$LOCAL_CONFDIR/override.d/file.conf' - to override the defaults
#
# See https://rspamd.com/doc/tutorials/writing_rules.html for details

external_services {
  oletools {
    # If set force this action if any virus is found (default unset: no action is forced)
    # action = "reject";
    # If set, then rejection message is set to this value (mention single quotes)
    # If `max_size` is set, messages > n bytes in size are not scanned
    # max_size = 20000000;
    # log_clean = true;
    # servers = "127.0.0.1:10050";
    # cache_expire = 86400;
    # scan_mime_parts = true;
    # extended = false;
    # if `patterns` is specified virus name will be matched against provided regexes and the related
    # symbol will be yielded if a match is found. If no match is found, default symbol is yielded.
    patterns {
      # symbol_name = "pattern";
      JUST_EICAR = "^Eicar-Test-Signature$";
    }
    # mime-part regex matching in content-type or filename
    mime_parts_filter_regex {
      #GEN1 = "application\/octet-stream";
      DOC2 = "application\/msword";
      DOC3 = "application\/vnd\.ms-word.*";
      XLS = "application\/vnd\.ms-excel.*";
      PPT = "application\/vnd\.ms-powerpoint.*";
      GEN2 = "application\/vnd\.openxmlformats-officedocument.*";
    }
    # Mime-Part filename extension matching (no regex)
    mime_parts_filter_ext {
      doc = "doc";
      dot = "dot";
      docx = "docx";
      dotx = "dotx";
      docm = "docm";
      dotm = "dotm";
      xls = "xls";
      xlt = "xlt";
      xla = "xla";
      xlsx = "xlsx";
      xltx = "xltx";
      xlsm = "xlsm";
      xltm = "xltm";
      xlam = "xlam";
      xlsb = "xlsb";
      ppt = "ppt";
      pot = "pot";
      pps = "pps";
      ppa = "ppa";
      pptx = "pptx";
      potx = "potx";
      ppsx = "ppsx";
      ppam = "ppam";
      pptm = "pptm";
      potm = "potm";
      ppsm = "ppsm";
    }
    # `whitelist` points to a map of IP addresses. Mail from these addresses is not scanned.
    whitelist = "/etc/rspamd/antivirus.wl";
  }
  dcc {
    # If set force this action if any virus is found (default unset: no action is forced)
    # action = "reject";
    # If set, then rejection message is set to this value (mention single quotes)
    # If `max_size` is set, messages > n bytes in size are not scanned
    max_size = 20000000;
    #servers = "127.0.0.1:10045";
    # if `patterns` is specified virus name will be matched against provided regexes and the related
    # symbol will be yielded if a match is found. If no match is found, default symbol is yielded.
    patterns {
      # symbol_name = "pattern";
      JUST_EICAR = "^Eicar-Test-Signature$";
    }
    # `whitelist` points to a map of IP addresses. Mail from these addresses is not scanned.
    whitelist = "/etc/rspamd/antivirus.wl";
  }

  .include(try=true,priority=5) "${DBDIR}/dynamic/external_services.conf"
  .include(try=true,priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/external_services.conf"
  .include(try=true,priority=10) "$LOCAL_CONFDIR/override.d/external_services.conf"
}