The SAVSE option file is really a more generic ICAP option file. Its name and location is set by spamfilterX_config_file in option.dat. It consists of lines of the form option=value. The one required option is HOST. It must be set to the name of system where the ICAP filtering server is running. This option must be set even if the ICAP server is running on the local host. The option file is shown below.
Table 14–6 ICAP Options
Options |
Description |
Default |
---|---|---|
Enables or disables debug output from the ICAP interface module. 0 or 1. |
0 |
|
Specifies the prefix for the ICAP result. SAVSE result strings look like this: Virus-Test: False Virus-Test: True; W32.Mydoom.A@mm.enc This option provides a way to change the Virus-Test: part of the result. Note that the “: “ is removed if an empty field value is specified. |
Virus-test |
|
The name of the system where the ICAP filtering server is running |
localhost |
|
Controls the translation of ICAP filter results to verdict information. That is, it specifies the string information returned after a message is processed. Four modes are available. See The ICAP mode Option for further explanation 0 - Returns a verdict string (specified by the verdict option), if the message contains a virus. The MTA option spamfilterX_string_action can be used to specify what to do if a verdict string is returned. If the verdict option is empty or not set, a null verdict is returned. The MTA option spamfilterX_null_action can be used to specify what to do if a null verdict is returned and if you want to override the default action, which is to discard the message. If the message does not contain a virus, a default string is returned. A default string is unconfigurable and always means to take no action and deliver as normal. 1 - Return the ICAP result string if the message is found to contain a virus. If the message does not contain a virus, a default string is returned. A default string always means to take no action and deliver as normal. Below are two examples of a ICAP result string: VIRUS TEST: FALSEVIRUS-TEST: TRUE; W32.Mydoom.A@mm.enc 2 - Return an ICAP result string unconditionally; no default or null verdict is ever returned and the verdict option is never used. This setting is intended for cases in which an action needs to be taken regardless of whether or not the message was determined to contain a virus. The addition of a header field that can subsequently be tested is an obvious application for mode 2: spamfilterX_string_action=data:,require ["addheader"];addheader "$U" 3 - Return the ICAP result string if the message is found to contain a virus; return the verdict string specified by the verdict option if it does not. This setting is intended for cases in which one action needs to be taken if a virus is found and another taken if one is not. You can control the action for the ICAP result string by using the spamfilterX_verdict_n and spamfilterX_action_n matched pair. You can control the action for the verdict string by using spamfilterX_string_action. |
0 |
|
Specifies the port number on which the ICAP server is running. |
1344 |
|
String. Specifies the name of an intermediate SOCKS server. If this option is specified, the ICAP connection is made through the specified SOCKS server and not directly. |
"" |
|
Integer. Specifies the port on which the intermediate SOCKS server is running. |
1080 |
|
String. Specifies a password to use in establishing the connection through the SOCKS server. Whether or not a username/password is required depends on the SOCKS server configuration. |
"" |
|
String. Specifies a username to use in establishing the connection through the SOCKS server. |
"" |
|
Specifies the verdict string used for MODE 0 and 3. |
"" |
After processing a message, ICAP anti-virus programs like SASVE determines whether a message has a virus or not. mode allows you to specify the string returned by the ICAP program indicating this verdict. The string choices are null, default, ICAP result string, or a verdict string (specified with the verdict option). Note that default is not null, the ICAP result string, nor the string specified by verdict, but some other non-configurable string returned by the program. The mode operations are outlined in the table below.
Table 14–7 Returned Verdict String for the ICAP mode Option
verdict\Setting |
Virus? |
mode=0 |
mode=1 |
mode=2 |
mode=3 |
---|---|---|---|---|---|
verdict="" (not set) |
yes |
null |
ICAP result |
ICAP result |
ICAP result |
no |
default |
default |
ICAP result |
default |
|
verdict=string |
yes |
verdict string |
ICAP result |
ICAP result |
ICAP result |
no |
default |
default |
ICAP result |
verdict string |
The first column indicates whether the verdict option is set or not set. The second column indicates whether the message contains a virus or not. The mode columns indicate the string returned for the various modes. For example, if verdict is not set and mode is set to 0 and a message does not have a virus, the ICAP program returns a default. If the verdict is set to WARNING VIRUS! and mode is set to 0 and a message does have a virus, the ICAP program returns the string WARNING VIRUS!