SYMBOS_ZEUSMIT.A


 
Thread Tools Search this Thread
Special Forums Cybersecurity Malware Advisories (RSS) SYMBOS_ZEUSMIT.A
# 1  
Old 02-02-2011
SYMBOS_ZEUSMIT.A

Low

More...
Login or Register to Ask a Question

Previous Thread | Next Thread
Login or Register to Ask a Question
Courier::Filter::Module::ClamAVd(3pm)			User Contributed Perl Documentation		     Courier::Filter::Module::ClamAVd(3pm)

NAME
Courier::Filter::Module::ClamAVd - ClamAV clamd filter module for the Courier::Filter framework SYNOPSIS
use Courier::Filter::Module::ClamAVd; my $module = Courier::Filter::Module::ClamAVd->new( # See the socket options description for details. socket_name => '/var/run/clamav/clamd.ctl', socket_host => 'clamav.example.com', socket_port => '3310', max_message_size => $max_message_size, max_part_size => $max_part_size, response => $response_text, logger => $logger, inverse => 0, trusting => 0, testing => 0, debugging => 0 ); my $filter = Courier::Filter->new( ... modules => [ $module ], ... ); DESCRIPTION
This class is a filter module class for use with Courier::Filter. It matches a message if the configured ClamAV "clamd" daemon detects malware in it. Constructor The following constructor is provided: new(%options): returns Courier::Filter::Module::ClamAVd Creates a new ClamAVd filter module. %options is a list of key/value pairs representing any of the following options: socket_name socket_host socket_port These options describe the Unix domain or TCP/IP socket that should be used to connect to the ClamAV daemon. If no socket options are specified, first the socket options from the local "clamd.conf" configuration file are tried, then the Unix domain socket /var/run/clamav/clamd.ctl is tried, then finally the TCP/IP socket at 127.0.0.1 on port 3310 is tried. If either Unix domain or TCP/IP socket options are explicitly specified, only these are used. max_message_size An integer value controlling the maximum size (in bytes) of the overall message text for a message to be processed by this filter module. Messages larger than this value will never be processed, and thus will never match. If undef, there is no size limit. Defaults to 1024**2(1MB). As MIME multipart processing can be quite CPU- and memory-intensive, you should definitely restrict the message size to some sensible value that easily fits in your server's memory. 1024**2(1MB) should be appropriate for most uses of this filter module. max_part_size An integer value controlling the maximum size (in bytes) of any single MIME part for that part to be processed by this filter module. Parts larger than this value will never be processed, and thus will never match. If undef, there is no size limit. Defaults to the value of the "max_message_size" option, so you don't really need to specify a part size limit if you are comfortable with using the same value for both. See the "max_message_size" option for its default. response A string that is to be returned as the match result in case of a match. The name of the detected malware is appended to the response text. Defaults to "Malware detected:". All options of the Courier::Filter::Module constructor are also supported by the constructor of the ClamAVd filter module. Please see "new" in Courier::Filter::Module for their descriptions. Instance methods See "Instance methods" in Courier::Filter::Module for a description of the provided instance methods. SEE ALSO
Courier::Filter::Module, Courier::Filter::Overview. For AVAILABILITY, SUPPORT, and LICENSE information, see Courier::Filter::Overview. AUTHOR
Julian Mehnle <julian@mehnle.net> perl v5.14.2 2011-12-27 Courier::Filter::Module::ClamAVd(3pm)