tft.conf - There are two configuration files named tft.conf. Each is
described in its own section of this man page. The first of the two is for
setting the general scanning options for the policy tests that use true file
type detection.
The other tft.conf is stored in the opt/pmx6/etc/scanlimit.d directory and
is used to specify the actions that PureMessage should take whenever a message
attachment is deemed unscannable.
/opt/pmx6/etc/tft.conf
- enabled
-
Determines whether any of the tests with true file type detection capabilities
can also search inside of message attachments. This is set to ``yes'' by default.
- max_recursion_depth
-
The maximum number of recursive scans to perform when searching a message
attachment. The default is 16.
/opt/pmx6/etc/scanlimit.d/tft.conf
- <scan_failed_action Action>
-
Specifies what action
pmx_cantscan should take if any of the policy tests
that use true file type detection fail to scan a message attachment. Failure
codes are returned whenever an attachment cannot be scanned. Some common
failure codes are:
- SOPHOS_SAVI_FILE_ENCRYPTED
-
The attachment was encrypted. Password-protected archives will trigger this
failure code.
- SOPHOS_SAVI_FILE_CORRUPT
-
The attachment was corrupted in some way.
- SOPHOS_SAVI_FILE_TIMEOUT
-
The attachment took too long to scan.
- SOPHOS_SAVI_NOT_SUPPORTED
-
The file format is unknown.
- SOPHOS_SAVI_RECURSION_LIMIT
-
The configured number of recursive scans to perform was exceeded while searching
a message attachment.
- SOPHOS_SAVI_SCAN_ABORTED
-
The file could not be scanned due an internal failsafe mechanism in the
scanning engine.
A scan_failed_action section contains the following:
- id = FAILURE_CODE
-
Each section can contain one
id, specifying which failure condition to take
action upon. A definition of that identifier follows. A particular failure code
can only have one associated action.
- description = ``The description associated with this error''
-
Some text that describes the error. This text replaces occurrences of
%%DESC%% in the relevant template.
- action = (allow | deny)
-
The action can be either 'allow' or 'deny'.
The action to be taken for this failure code. If a message matches more
than one failure code, a 'deny' action always overrides any other actions.
Also, if the message contains unscannable parts, the action is always to 'deny'.
- allow
-
This value indicates that the particular true file type test should ignore this
failure code and allow the data to pass through.
- deny
-
This value causes the attachment to be dropped and substitutes a template.
- template = scanlimit.d/cantscan.tmpl
-
The filename of the template to use with this action. The default
template is cantscan.tmpl. If a full path is not specified,
PureMessage searches the etc/scanlimit.d directory, then the
etc/templates/<language>/scanlimit.d directory for this template.
The language-specific path used in this search is taken from the
language setting above.
The various true file type tests always log a message to the message log
(located by default in /opt/pmx6/var/log) when they fail to scan an
attachment.
- </scan_failed_action>
-
Copyright (C) 2000-2008 Sophos Group. All rights reserved. Sophos and
PureMessage are trademarks of Sophos Plc and Sophos Group.