Allowed Actions

You can configure Dr.Web for UNIX mail servers components to apply specified actions to objects that are detected to be malicious, suspicious or potentially dangerous.

You can specify one main action and one to three additional actions for each parameter when configuring Dr.Web MailD and its plug-ins. The main action is the first in the list. When configuring Dr.Web Scanner, only one action can be specified. Different parameters can have different available actions, they are listed in each parameter description.

You can use the following actions when configuring the settings:

oCure     – try to cure the infected object;

oRemove   – delete the infected object;

oDiscard – reject the email message without notifying the sender and delete the message;

oContinue – ignore the problem and continue email message processing;

oPass     – pass the email message to its recipient without further processing;

oReject   – reject the email message, delete it and notify the sender;

oTempfail – notify the sender that the email message cannot temporarily be delivered and delete the message;

The following additional actions are available:

oQuarantine   – move the email message to the Quarantine folder;

oRedirect [(address[|address|...])] – redirect the email message to the address specified within the brackets. If no address is specified, the message is redirected according to the RedirectMail parameter value in the [MailD] section of Dr.Web MailD configuration file. You can specify several addresses, separating them by the "|" character;

oNotify       – send a report about detected threats, message processing is not stopped;

oScore (score) – add a SCORE to the message counter. The SCORE value can be negative;

oAdd-header (HEADER) – add a header of the following type [NAME:]BODY to the email message, where NAME – is the name of the header (the default name is X-DrWeb-MailD) and BODY is the text of the header.

Please note that you can use strings from language files (.lng). String to be inserted is defined by a number, for example:

add-header (X-Added-Header:$3)

In this case, the X-Added-Header header is to be added with the <value> value which is taken from the 3="<value>" string of the used language file.

If you use ";", "(" and ")" characters, it is necessary to escape them in order to avoid incorrect interpretation of the header.

To escape characters:

To escape a punctuation character in a header, use 3 backslashes "\".

Example:

EmptyFrom = continue, add-header (header:Empty header\\\; spam)

To escape parenthesis, use a backslash "\".

Example:

ProcessingErrors = tempfail,add-header(\(header:header\))

To escape a whole header, use quotes: "add-header (BODY)".

Example:

ProcessingErrors = tempfail,"add-header(header:(spam))"

To escape double quotation marks, use 3 backslashes "\".

Examples:

EmptyFrom = continue,"add-header(header[X-Header]:new\\\"header\\\")"
EmptyFrom = continue,add-header(header\[X-Header\]:new\\\"header\\\")

You can use the following actions when configuring Dr.Web Scanner:

oMove   – move the file to the Quarantine folder;

oDelete – delete the infected file;

oRename – rename the file;

oIgnore – ignore the file;

oReport – only log information about the file;

oCure   – try to cure the infected object.