drweb-qcontrol: Quarantine Management

The drweb-qcontrol utility allows managing Quarantine and perform a search through it. The utility interface can be used for search of messages saved to DBI storage or in files on the disk.

If Quarantine is saved in files on the disk, it is required to start the drweb-maild module before.

The utility is launched with the following command:

drweb-qcontrol [parameters] command [, command, ...] <identifiers>

1. Command line parameters

The following command line parameters are available:

Short case

Extended case

Arguments

-h

--help

 

Description: Output short help information on the command line parameters to the console and exit

 

 

--version

 

Description: Output information on the utility version and exit

 

-v

--verbose

 

Description: Output information on all utility actions to the console

 

-l

--level

<verbosity level>

Description: Set the logging verbosity level. The following levels are available: Quiet, Error, Alert, Info, Debug

 

-i

--ipc-level

<verbosity level>

Description: Set the verbosity level for IPC records (interaction with drweb-maild). The following levels are available: Quiet, Error, Alert, Info, Debug

 

 

--syslogfacility

<syslog flag>

Description: Set the subsystem type used by syslog service for message output (if this service is used for logging, see the next parameter description). The following types are available: Daemon, Mail, Local0, ..., Local7

 

 

--log-filename

<file name>

Description: Set the name of the log file or syslog (if this service is to be used for logging)

 

 

--sendmail

<path to file>

Description: Set the path to the executable file of drweb-inject utility used for sending messages (by default, if the parameter is not specified, the %bin_dir%/drweb-inject path is used)

 

-s

--socket

<path to file>

Description: Set the path to the Dr.Web MailD control socket (by default, if the parameter is not specified, the %var_dir%/ipc/.ctl path is used)

 

 

--agent

<path to file>

Description: Set the path to the Dr.Web Agent socket to receive configuration (by default, if the parameter is not specified, the %var_dir%/ipc/.agent path is used). If the switch is specified without a path, configuration from Dr.Web Agent is not requested.

 

 

--timeout

<time period>

Description: Set the maximum allowed time to wait for response from Dr.Web Agent when requesting configuration

2. Commands

Commands are used to apply actions to messages selected from Quarantine by the specified criteria. The list of messages is composed according to the unique identifiers, that are relative paths to the quarantined messages. To set the identifiers, you can use the following special template symbols:

"%" – corresponds to the symbol sequence of zero or indefinite length;

"_" – corresponds to one arbitrary symbol.

Note that every identifier must start with def/.

Example:

def/%00014F7F% - all messages moved to Quarantine and number of which contains 00014F7F sequence or is equal to it;

def/drweb/% - all messages moved to Quarantine by Drweb plug-in.

File identifiers are taken from the command line or from search criteria specified on the startup (see below). If the search criteria and file identifiers in the command line are specified simultaneously, they are joined. If neither an identifier in the command line nor search criterion is specified, the identifier is expected in the standard input.

The following commands are available:

--view - view all messages with a certain identifier via the program specified in the PAGER environment variable. If no value is specified, the cat program is used.

--send - send all messages with a certain identifier to the original recipients. For dispatch, the drweb-inject utility is used.

--redirect [list_of_rcpts] - send all messages with a certain identifier to the addresses from the list_of_rcpts list. For dispatch, the drweb-inject utility is used.

--remove - remove all messages with a certain identifier from Quarantine.

--stat - output statistics on quarantined messages with a certain identifier.

Example:

drweb-qcontrol --stat def/%
1. def/backup/B/00014F8B.DW_SHOT_PRODUCT.U0dshM  from: ai@1; to: ai@fff; time: 2008-08-14 12:10:57
2. def/drweb/F/00014F8F.DW_SHOT_PRODUCT.QqFpdH  from: ai@4; to: ai@fff; time: 2008-08-14 13:00:50
3. def/backup/C/00014F8C.DW_SHOT_PRODUCT.A39xp7  from: ai@2; to: ai@fff; time: 2008-08-14 13:00:50
4. def/backup/F/00014F8F.DW_SHOT_PRODUCT.tMi6W2  from: ai@4; to: ai@fff; time: 2008-08-14 13:00:50
5. def/drweb/3/00014F93.DW_SHOT_PRODUCT.n9xPjU  from: ai@3; to: ai@fff; time: 2008-08-14 13:30:49
6. def/backup/3/00014F93.DW_SHOT_PRODUCT.ewYFVA  from: ai@3; to: ai@fff; time: 2008-08-14 13:30:49
7. def/backup/4/00014F94.DW_SHOT_PRODUCT.JQ3sLH  from: ai@3; to: ai@fff; time: 2008-08-14 13:30:49

Actions are applied in the order they are set, that is, you can specify several actions in one command.

Example:

drweb-qcontrol --send --remove def/backup/F/00014F7F.DW_SHOT_PRODUCT.yv4ro9

sends an email message with the def/backup/F/00014F7F.DW_SHOT_PRODUCT.yv4ro9 identifier to the original recipients and then deletes the message from Quarantine.

If Dr.Web MailD is set up to store quarantined messages in DBI storage, the following additional SQL command must be specified in the command line:

--sql-remove-command - allows to remove a message from Quarantine by the file identifier (the only parameter is the identifier).

Example:

drweb-qcontrol --sql-remove-command "DELETE FROM mail_export WHERE filename LIKE ?"

3. Message search

The drweb-qcontrol utility provides a simple interface for searching quarantined messages. The following search criteria are available:

--search-from {address} - search by sender in a message envelope;

--search-to {address} - search by recipient in a message envelope;

--search-headers {header_name[:value]} - search in headers of the top level.

where header_name is the name of the target header (full compliance is required). If value is not specified, a header is searched only by its name. Otherwise, the value is searched within the headers as a substring. Searched header name and its value are case insensitive;

--search-inbody {string} - performs a search of the specified substrings in the message body which is treated as a unit, without MIME decoding. Searched value is case insensitive.

Note that if *, ^, $ special symbols are used in values of the --search-headers or --search-inbody parameters, the symbols are to be escaped with a backslash "\".

Example:

drweb-qcontrol --search-inbody \* --stat

Outputs statistics on email messages satisfying the specified criteria of search in the body.

Each of the criteria is checked independently, that is, they are combined in a disjunction (OR).

Example:

drweb-qcontrol --search-to addr1 --search-to addr2

searches for email messages with envelopes that contain addr1 or addr2 addresses.

Example:

drweb-qcontrol --search-from from@drweb.com --search-to to@drweb.com —search-headers "Subject: [SPAM]" --search-inbody "spam"

finds all quarantined email messages sent by from@drweb.com, or sent to to@drweb.com, or topic of which contains the [SPAM] string, or body of which contains the word spam.

Note that if parameters of the utility contain a search criterion and a list of file identifiers, the search will be performed within these files (the search conditions are combined in a conjunction - AND).

drweb-qcontrol --stat --search-from ai@5 def/backup/%

outputs statistics on all archived messages to the console (the messages which identifier corresponds to the specified def/backup/% template ), sender of which is ai@5:

1. def/backup/5/00014F95.DW_SHOT_PRODUCT.1LXzg1 from: ai@5; to: to@drweb.com; time: 2008-8-14 15:1:46