Sun Java System Messaging Server 6.3 Administration Guide

14.5.4 SAVSE Configuration Example

The following example tests messages arriving at the local message store and discards messages with attached viruses. The first three steps can be done in any order.

ProcedureTo Configure SAVSE

  1. Create the SAVSE configuration file.

    The name and location of this file is specified in the next step. The name used here is SAVSE.opt. An example of this file is shown below:


    host and port specify the name of the system where the SAVSE program is running and the port (1344 is the default for SAVSE) on which it listens for incoming requests. mode=0 specifies that a string, specified by verdict (in this case the word virus), will be returned if the message is perceived to contain a virus. debug=1 turns on debugging. See 14.5.5 SAVSE Options for a description of the ICAP configuration parameters.

  2. Create an option.dat file. Example:

    ! for Symantex Anti-virus Scan Engine

    spamfilter1_config_files specifies the SAVSE configuration file.

    spamfilter1_library specifies the location of the SAVSE shared library.

    spamfilter1_optional=1 specifies that the MTA continue operation if there is a failure by the SAVSE program.

    spamfilter1_string_action specifies the Sieve action to take for a spam messages. This value specifies that messages with viruses are discarded. Since this is the default value, you don’t have to specify it unless you are changing the value.

  3. Specify the messages to be filtered.

    To filter all messages coming into the local message store, change the imta.cnf file by adding the destinationspamfilter1optin spam keywords on the ims-ms channel:

    ! ims-ms
    ims-ms defragment subdirs 20 notices 1 7 14 21 28 backoff "pt5m" "pt10m"
    "pt30m" "pt1h"  "pt2h" "pt4h" maxjobs 4 pool IMS_POOL fileinto
    $U+$S@$D destinationspamfilter1optin virus
  4. Recompile the configuration and restart the server. Only the MTA needs to be restarted. You do not need to execute stop-msg.

    # imsimta cnbuild
    # imsimta restart
  5. Make sure SAVSE is started.

    It should have started automatically, but if not, the start command might looks something like this: /etc/init.d/symcscna start Other Possible Configurations

Setting mode to 0 can be used with a spamfilterX_null_option to take some other action, such as filing messages in a particular folder when they are determined to be spam. For example:

spamfilter1_null_option=data:,require "fileinto"; fileinto "VIRUS";

Note that filing infected messages into a folder is not a good idea in most cases.

Setting mode to 1 can be used to start an action. For example, the spam result could be included in the reject message by setting mode to 1 and the spamfilterX_string_action option in the MTA to something like:

spamfilter1_string_action=data:,require "reject"; reject "Message contained a virus [$U]";

Like fileinto, using the reject action to deal with viruses is rarely a good idea because it sends the virus back to the sender.

You could also add a tag to the spam message header by adding a line to the option.dat file. Example:

spamfilter1_string_action=data:,addtag “[SPAM detected!]”;

Setting mode to 2 can be used where an action needs to be taken regardless of whether or not the message was determined to contain a virus. The addition of a header field that can subsequently be tested is an obvious application for mode 2:

spamfilterX_string_action=data:,require ["addheader"];addheader "$U"