tft.conf - There are two configuration files named tft.conf. Each is described in its own section of this man page. The first of the two is for setting the general scanning options for the policy tests that use true file type detection.

The other tft.conf is stored in the opt/pmx6/etc/scanlimit.d directory and is used to specify the actions that PureMessage should take whenever a message attachment is deemed unscannable.




Determines whether any of the tests with true file type detection capabilities can also search inside of message attachments. This is set to ``yes'' by default.

The maximum number of recursive scans to perform when searching a message attachment. The default is 16.




<scan_failed_action Action>
Specifies what action pmx_cantscan should take if any of the policy tests that use true file type detection fail to scan a message attachment. Failure codes are returned whenever an attachment cannot be scanned. Some common failure codes are:
The attachment was encrypted. Password-protected archives will trigger this failure code.

The attachment was corrupted in some way.

The attachment took too long to scan.

The file format is unknown.

The configured number of recursive scans to perform was exceeded while searching a message attachment.

The file could not be scanned due an internal failsafe mechanism in the scanning engine.

A scan_failed_action section contains the following:

Each section can contain one id, specifying which failure condition to take action upon. A definition of that identifier follows. A particular failure code can only have one associated action.

description = ``The description associated with this error''
Some text that describes the error. This text replaces occurrences of %%DESC%% in the relevant template.

action = (allow | deny)
The action can be either 'allow' or 'deny'.

The action to be taken for this failure code. If a message matches more than one failure code, a 'deny' action always overrides any other actions. Also, if the message contains unscannable parts, the action is always to 'deny'.

This value indicates that the particular true file type test should ignore this failure code and allow the data to pass through.

This value causes the attachment to be dropped and substitutes a template.

template = scanlimit.d/cantscan.tmpl
The filename of the template to use with this action. The default template is cantscan.tmpl. If a full path is not specified, PureMessage searches the etc/scanlimit.d directory, then the etc/templates/<language>/scanlimit.d directory for this template. The language-specific path used in this search is taken from the language setting above.

The various true file type tests always log a message to the message log (located by default in /opt/pmx6/var/log) when they fail to scan an attachment.



Copyright (C) 2000-2008 Sophos Group. All rights reserved. Sophos and PureMessage are trademarks of Sophos Plc and Sophos Group.