Dr.Web - AntiViren Programm

Postfix, QMail, Sendmail, Dovecot, Cyrus, Courier, Anti-Spam
hollg2000
Posts: 17
Joined: 2004-07-03 18:39

Dr.Web - AntiViren Programm

Post by hollg2000 » 2005-06-01 09:34

Wer kann mir hierbei helfen?
Es gibt im Programm Dr.Web einen Filter für Postfix und hier wiederrum eine Datei mit dem Namen user.conf . Hier kann man einstellen welche Mails gesacannt werden sollen und welche nicht. Aber da mein englisch sehr schlecht ist bekomme ich das irgendwie nicht richtig hin es werden immer alle mails gescannt egal was ich in der user.conf eintrage :(

Code: Select all

#
# Users list for DrWeb Mail Filters
#
#    The file with the "blocked" masks allows to specify the addresses not
# subject to antivirus check. The first variant of the file format is already
# out-of-date but is supported by all the filters. The new file format allows
# to widen possibilities through specifying file format version (do not mix up
# with product version).
#
#
# Format of file:
# ---------------
# Line beginning with # - it's a comments
# Empty lines are acceptable
#
# IMPORTANT: First non-empty (include comment-lines) should contain version 
# number, excluding version 1 (if first line do not contain version).
#
# IMPORTANT: Version tag can be specified only in first non-empty line.
#
# Version 2:
# [version=2]
# <check_flag> <who> <search> <string>
# where 
# <check_flag> and <string> see before
# <who> - shows where string searched:
#  from - search only in envelope-From
#  to   - search only in envelope-To
#  any  - search in both (from and to)
# <search> - defines comparision method for string
#  exact - address is decided altered if <string> equal to address
#          (case sensitive)
#  subst - address is decided altered if <string> is substring of address
#          (case sensitive)
#  regex - address is decided altered if <string> accords to regular expression
#          (case insensitive)
#  cregex - address is decided altered if <string> accords to regular expression
#          (case sensitive)
#
# NOTE: each line of version 1 images to next line version 2:
#   <check_flag> any subst <string>
#
#
[version=2]
#
# deny check incoming mail for all users exclude asv@ .. .ru
#
#deny    to      regex   ^asv@(.*).ru$
#
#
# deny check outgoing mail for all users of domain drweb.ru
#
#deny    from    regex   @(.*).drweb.ru$
#
#
# other rules
#
#deny    any     exact   asv@drweb.ru
#allow   from    subst   internal.drweb.ru
#deny    any     subst   drweb.ru
Hier noch mal die komplette Beschreibung:

Code: Select all

/*
 * --------------------------------------------------------------
 *
 * The description of the file with the "blocked" masks
 *
 *  $Revision: 1.12 $
 *
 * --------------------------------------------------------------
 */

    1. Purpose

    The file with the "blocked" masks allows to specify the addresses not
subject to antivirus check. The first variant of the file  is already
out-of-date but is supported by all the filters. The new file  allows
to widen possibilities through specifying file  version (do not mix up
with product version).

    The lines starting with # character are considered commentaries and
therefore get skipped, blank lines are also admissible. If the first
meaningful line contains the alike record:

[version=NN]

it means that the records are kept in the NN-version  of the file. If
there is no such a line the file is reputed as written in the  of the
1st version. Version record can be specify only once and only in first 
non-empty line.

    When checking the letter, its addresses (that of the sender and
addressee) get compared to every line of the file (the way they are ordered
in the file). If the correspondence to the address in some line is found
the search stops. If the correspondence to the address is not found in any
line than the letter check is permitted for the given address in any cases.

    2. Version 2 

OPERATION    WHO    METHOD    MASK
...

    OPERATION - { allow | deny } (i.e. either allow or deny value).
allow means that the addresses corresponding with the record are permitted
for checking, deny will prohibit checking for a given address.
    WHO - { from | to | any }. from value means that the record is
considered only if the address is the sender's one, if to is specified it
will be the recipients's address, if WHO is any the line is considered in
both cases.
    METHOD - { exact | subst | regex | cregex } specifies the address-mask 
comparision method. exact value means that the address should be precisely equal 
to correspond with the MASK. subst value means that it is sufficient that the
MASK is a substring in the address for the address to correspond with it.
regex or cregex values means that the addrss should according to regular 
expression (RE) in MASK (POSIX regexp used). Methods exact, subst and cregex is 
case sensitive, method regex case insensitive.
ATTENTION: in substring comparison and search the register is considered.
    MASK - the line not containing blanks. To contain blanks it should be
quoted.

    3. Version 1  (out-of-date)

OPERATION    MASK

    The descriptions of the fields agree with the described above. Any 1st
version record may be written as the record of the 2nd version this way:
OPERATION    any     subst   MASK


    4. Description in pseudocode 
        
IF DenyMode EQUAL "byAll" THEN
{
   IF sender_is_uncheckable AND all_rcpts_are_uncheckable
   THEN pass_message_without_check
   ELSE check_message
}
ELSE IF DenyMode EQUAL "byOne" THEN
{
   IF sender_is_uncheckable OR one_of_rcpts_is_uncheckable
   THEN pass_message_without_check
   ELSE check_message
}
ELSE IF DenyMode EQUAL "bySender" THEN
{
   IF sender_is_uncheckable 
   THEN pass_message_without_check
   ELSE check_message
}
ELSE IF DenyMode EQUAL "bySenderAndOneRecipient" THEN
{
   IF sender_is_uncheckable AND one_of_rcpts_is_uncheckable
   THEN pass_message_without_check
   ELSE check_message
}
ELSE IF DenyMode EQUAL "byOneRecipient" THEN
{
   IF one_of_rcpts_is_uncheckable
   THEN pass_message_without_check
   ELSE check_message
}
ELSE IF DenyMode EQUAL "byAllRecipients" THEN
{
   IF all_rcpts_are_uncheckable
   THEN pass_message_without_check
   ELSE check_message
}

* DenyMode is option from section [Scanning] your drweb_{mta}.conf, 
  where {mta} one of: smf, cgp, postfix, exim, qmail, zmailer or courier.
* sender_is_uncheckable true, if sender address accords to one of "any"- or 
  "from"- record with "deny" action
* rcpt_is_uncheckable true, if recipient address accords to one of "any"- or 
  "to"- record with "deny" action


    5. Examples
    
1) Deny check incoming mail for all users exclude asv@ .. .ru:

deny    to      regex   ^asv@(.*).ru$

2) Deny check outgoing mail for all users of domain drweb.ru:

deny    from    regex   @(.*).drweb.ru$

    
    6. FAQ

Q: What is "allow" needed for if all the addresses are permitted by default?
A: To create exceptions from general rules. For example:

allow   any   exact     someuser@any.domain.com
deny    any   subst     @any.domain.com

In the adduced example mail for someuser in any.domain.com domain will get
checked, all the other users will not check their mail.
Hat einer eine Idee wie ich z.B. alle mails (die auf dem Server eingerichtet sind) vom scann ausschließen kann und nur bestimmte mail-Adressen für den scann erlauben kann.

Danke Holger

hollg2000
Posts: 17
Joined: 2004-07-03 18:39

Dr.Web - AntiViren Programm

Post by hollg2000 » 2005-06-09 01:26

Eigendlich schade das hier keiner helfen kann mir würde eigendlich schon ne kleine übersetzung weiterhelfen

pfalzpower
Posts: 90
Joined: 2003-10-28 22:37
Location: Karlsruhe

Re: Dr.Web - AntiViren Programm

Post by pfalzpower » 2005-06-09 08:37

Ohne das programm zu kennen und nur beim überfliegen, die Passage

Code: Select all

1) Deny check incoming mail for all users exclude asv@ .. .ru: 

deny    to      regex   ^asv@(.*).ru$ 
Sollte ein Anfang sein.
Hollg2000 wrote:mir würde eigendlich schon ne kleine übersetzung weiterhelfen
Du erwartest jetzt aber nicht, daß dir das jemand übersetzt? 8O
Tipp: es gibt Ã?bersetzer im Netz, z.B. babelfish.altavista.com