Address = {address}

Socket for interaction between anti-virus plug-in and Dr.Web Daemon.

It is possible to specify several sockets for interaction with Dr.Web Daemons that are located on different servers. At that, feature of balancing load on the used servers is enabled.

Addresses are listed in the following format:

ADDRESS1 [WEIGHT1], ADDRESS2 [WEIGHT2] ...

where ADDRESS is a socket address (in the standard form) and WEIGHT is an optional parameter defining priority of this Dr.Web Daemon instance (can be from 0 to 100 inclusive). At least one address in the list must be correct and accessible.

Apart from standard address types, you can specify path to the PID file of Dr.Web Daemon, from which necessary information about the sockets can be retrieved.

Examples:

Specifying path to the PID file:

Address = pid:%var_dir/run/drwebd.pid

Specifying several addresses:

Address = pid:%var_dir/run/drwebd.pid 10, inet:3000@srv2.example.com 5

Timeout = {time}

Timeout for Dr.Web Daemon to execute a command.

When the parameter value is set to 0, time is not limited.

ScanType = {local | remote | auto}

Mode of interaction with Dr.Web Daemon for scanning of email messages. The following modes are allowed:

•local – only names of files to scan are transferred;

•remote – only file content is transferred;

•auto – Automatic mode. Either file names or file content are transferred. The mode is selected according to the message size, whether local or remote Dr.Web Daemon is used, and mode (synchronous or asynchronous) of message processing by the plug-in.

It is strongly recommended to use the auto mode that is specified by default.

The local mode can be used only if the scanning Dr.Web Daemon operates on the local host (it is determined by the address type specified in the Address parameter). If at least one of the addresses is remote, it is not recommended to set ScanType=local.

Important! If the ScanType parameter has local or auto value, then setting ScanFiles = ByType in the Dr.Web Daemon settings causes Dr.Web Daemon to pass email messages without any check!

HeuristicAnalysis = {logical}

Heuristic analyzer allows Dr.Web Daemon to detect unknown viruses.

When Heuristic analyzer is disabled, only known viruses (information on which is stored in virus databases) is detected. Enabling of Heuristic analyzer can result in emergence of false alarms because of the similarity between operation of a legitimate program and virus activity.

Usage of Heuristic analyzer can also slightly increase scan time.

TCP_NODELAY = {logical}

If the values is set to Yes, a socket with the enabled TCP_NODELAY parameter will be created.

Do not change the default parameter value (No) if you do not have network problems.

ReportMaxSize = {size}

Maximum size of Dr.Web Daemon log file.

When ReportMaxSize = 0, log file size is not limited.

It is not recommended to set the parameter value to 0, otherwise  log file size can exceed several Mbytes after detection of malware or mail bombs in messages.

AddXHeaders = {logical}

If the value is set to Yes, X-Anti-Virus and X-Anti-Virus-Code headers are added to scanned messages.

Paranoid = {logical}

If Yes value is specified, messages are scanned in the paranoid mode.

With this mode enabled, messages are sent to Dr.Web Daemon segment by segment as well as all-in-one-piece. Such strategy allows to increase efficiency of virus detection, but it also increases scan time.

Please note, that if a message contains an object to which action pass is applied, then duplication of statistical information on this object may occur (if a virus is detected when processing the attachment or the message itself). Besides, some additional actions (notify, redirect) may be applied twice.

RegexsForCheckedFilename = {list of regular expressions}

List of regular expressions, used by an anti-virus plug-in to check file names in a report provided by Dr.Web Daemon after a message scan.

Names of archived files start with the ">" symbol (number of ">" symbols depends on the archive nesting level). If any part of a file name matches a regular expression from the list, the action specified in the BlockByFilename parameter settings is applied.

This check is performed only to files, where no viruses are found.

LicenseLimit = {actions}

Actions to be applied to messages which were not scanned by Dr.Web Daemon due to license expiration.

In addition to one mandatory action, you can specify several optional actions.

Mandatory actions are:

pass, tempfail, discard, reject.

Optional actions are:

quarantine, redirect, notify, add-header, score.

Infected = {actions}

Actions to be applied to messages, infected with a known virus.

In addition to one mandatory action, you can specify several optional actions.

Mandatory actions are:

cure, remove, discard, reject.

Optional actions are:

quarantine, redirect, notify.

Suspicious = {actions}

Actions to be applied to messages which could be infected with an unknown virus.

In addition to one mandatory action, you can specify several optional actions.

Mandatory actions are:

pass, remove, discard, reject.

Optional actions are:

quarantine, redirect, notify, add-header, score.

Incurable = {actions}

Actions to be applied to incurable messages.

In addition to one mandatory action, you can specify several optional actions.

Mandatory actions are:

remove, discard, reject.

Optional actions are:

quarantine, redirect, notify, add-header, score.

Adware = {actions}

Actions to be applied to messages containing adware.

In addition to one mandatory action, you can specify several optional actions.

Mandatory actions are:

pass, remove, discard, reject.

Optional actions are:

quarantine, redirect, notify, add-header, score.

Dialers = {actions}

Actions to be applied to messages containing dialers.

In addition to one mandatory action, you can specify several optional actions.

Mandatory actions are:

pass, remove, discard, reject.

Optional actions are:

quarantine, redirect, notify, add-header, score.

Jokes = {actions}

Actions to be applied to messages containing jokes, which can scare or annoy users.

In addition to one mandatory action, you can specify several optional actions.

Mandatory actions are:

pass, remove, discard, reject.

Optional actions are:

quarantine, redirect, notify, add-header, score.

Please note, that several values may be specified at one time.

Riskware = {actions}

Actions to be applied to messages containing riskware.

In addition to one mandatory action, you can specify several optional actions.

Mandatory actions are:

pass, remove, discard, reject.

Optional actions are:

quarantine, redirect, notify, add-header, score.

Hacktools = {actions}

Actions to be applied to messages containing programs used to gain unauthorized access to computer systems.

In addition to one mandatory action, you can specify several optional actions.

Mandatory actions are:

pass, remove, discard, reject.

Optional actions are:

quarantine, redirect, notify, add-header, score.

SkipObject = {actions}

Actions to be applied to messages containing objects which cannot be scanned by Dr.Web Daemon due to the following reasons:

•attachment includes a password-protected or corrupted archive, a symbolic link, a file in a nonstandard format, or an encrypted file

•message scan is aborted due to timeout (for details, refer to the description of the SocketTimeout and FileTimeout parameters in the main configuration file drweb32.ini).

In addition to one mandatory action, you can specify several optional actions.

Mandatory actions are:

pass, remove, discard, reject.

Optional actions are:

quarantine, redirect, notify, add-header, score.

ArchiveRestriction = {actions}

Actions to be applied to messages containing archives which cannot be scanned by Dr.Web Daemon due to any of the following restriction exceedings:

•archive compression ratio exceeds the MaxCompressionRatio parameter value

•size of packed object exceeds the MaxFileSizeToExtract parameter value

•archive nesting level exceeds the MaxArchiveLevel parameter value.

All these restrictions are defined in Dr.Web Daemon settings.

In addition to one mandatory action, you can specify several optional actions.

Mandatory actions are:

pass, remove, discard, reject.

Optional actions are:

quarantine, redirect, notify, add-header, score.

ScanningErrors = {actions}

Actions to be applied to messages causing Dr.Web Daemon errors during scan.

In addition to one mandatory action, you can specify several optional actions.

Mandatory actions are:

pass, remove, discard, reject, tempfail.

Optional actions are:

quarantine, redirect, notify, add-header, score.

ProcessingErrors = {actions}

Actions to be applied to messages causing Dr.Web Daemon errors during scan.

In addition to one mandatory action, you can specify several optional actions.

Mandatory actions are:

pass, discard, reject, tempfail.

Optional actions are:

quarantine, redirect, notify, add-header, score.

BlockByFilename = {actions}

Actions to be applied when one of regular expressions from the RegexsForCheckedFilename parameter matches any file name in Dr.Web Daemon report.

In addition to one mandatory action, you can specify several optional actions.

Mandatory actions are:

pass, discard, reject, tempfail.

Optional actions are:

quarantine, redirect, notify, add-header, score.

Please note that when communication with Dr.Web Daemon is performed via the TCP socket, a different format of file names is used in reports.

Example:

127.0.0.1 [17078] >/var/drweb/msgs/db/6/00007976/.msg/1.part - Ok

That is, they do not start with the ">" symbol, but with an IP address and the number of the scanning process. So, regular expressions in the value of the RegexsForCheckedFilename parameter must be created with consideration of this difference.

UseCustomReply = {logical}

Use custom messages as an SMTP reply if a message is rejected.

ReplyInfected = {text value}

Custom message used as an SMTP reply when Infected = reject or Incurable = reject actions are applied, and also when UseCustomReply = yes.

You can specify only the text part of the message. Text must be quoted if it contains white spaces.

Example:

550 5.7.0 "Text part of reply"

ReplyMalware = {text value}

Custom message used as an SMTP reply when Adware, Dialers, Jokes, Riskware, Hacktools = reject actions are applied and also when UseCustomReply = Yes.

You can specify only the text part of the message. Text must be quoted if it contains white spaces.

Example:

550 5.7.0 "Text part of reply"

ReplySuspicious = {text value}

Custom message used as an SMTP reply when Suspicious = reject action is applied, and also when UseCustomReply = Yes.

You can specify only the text part of the message. Text must be quoted if it contains white spaces.

Example:

550 5.7.0 "Text part of reply"

ReplySkipObject = {text value}

Custom message used as an SMTP reply when SkipObject = reject action is applied, and also when UseCustomReply = Yes.

You can specify only the text part of the message. Text must be quoted if it contains white spaces.

Example:

550 5.7.0 "Text part of reply"

ReplyArchiveRestriction = {text value}

Custom message used as an SMTP reply when ArchiveRestriction = reject action is applied, and also when UseCustomReply = Yes.

You can specify only the text part of the message. Text must be quoted if it contains white spaces.

Example:

550 5.7.0 "Text part of reply"

ReplyError = {text value}

Custom message used as an SMTP reply when one of the following actions are applied: ScanningErrors, ProcessingErrors, and also when UseCustomReply = Yes.

You can specify only the text part of the message. Text must be quoted if it contains white spaces.

Example:

550 5.7.0 "Text part of reply"

ReplyBlockByFilename = {text value}

Custom message used as an SMTP reply when BlockByFilename = reject action is applied, and also when UseCustomReply = Yes.

You can specify only the text part of the message. Text must be quoted if it contains white spaces.

Example:

550 5.7.0 "Text part of reply"