Virustotal integration for amavisd-new
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

amavisvt_example.cfg 2.3KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364
  1. [DEFAULT]
  2. # Your Virustotal public API key. You can find it after registration on virustotal.com under "My API key"
  3. # api-key =
  4. # Number of positive scans required to consider this file as infected
  5. # hits-required = 5
  6. # Expiration dates. Will be passed to memcached so be aware of memcached exceptions about the expire time
  7. # (expire times greater than 30 days will be treated as a timestamp!).
  8. # Number of seconds to cache positive results (results with more than `hits-required` positive scans).
  9. # Defaults to 21 days
  10. # positive-expire = 1814400
  11. # Number of seconds to cache negative results (results with less than `hits-required` positive scans).
  12. # Defaults to 12 hours
  13. # negative-expire = 43200
  14. # Number of seconds to cache results without a scan result. Defaults to 12 hours.
  15. # unknown-expire = 43200
  16. # HTTP Request timeout in seconds
  17. # timeout = 10
  18. # URL to the Virustotal API for file scan reports
  19. # api-url = https://www.virustotal.com/vtapi/v2/file/report
  20. # URL to the Virustotal API to scan files
  21. # report-url = https://www.virustotal.com/vtapi/v2/file/scan
  22. # Path to the AmavisVT database
  23. # database-path = /var/lib/amavisvt/amavisvt.sqlite3
  24. # Filename pattern detection - creates a history of filenames scanned through AmavisVT
  25. # and flags suspicious attachments as possibly infected.
  26. # You will need python with sqlite support to use this feature
  27. #
  28. # WARNING - WARNING - WARNING - WARNING - WARNING - WARNING - WARNING - WARNING - WARNING
  29. #
  30. # DO NOT enable this features if
  31. # - you receive a lot of mails with the same or similar attachment names
  32. # - the attachments have a high risk of false-positive
  33. #
  34. # WARNING - WARNING - WARNING - WARNING - WARNING - WARNING - WARNING - WARNING - WARNING
  35. # Enable this feature (default: false)
  36. # filename-pattern-detection = false
  37. # minimum number of filename patterns required (default: 20)
  38. # min-filename-patterns = 20
  39. # percent of mails identified as infected within a pattern before flagging the mail (default: 0.4)
  40. # infected-percent = 0.7
  41. # automatically report files to Virustotal if filename pattern matches (default: false)
  42. # WARNING: This will send the actual content of the attachments to Virustotal. DO NOT enable this setting if
  43. # a legitimate attachment may be caught by the pattern detection!
  44. # auto-report = false
  45. [daemon]
  46. # Socket path
  47. # socket-path = /run/amavisvtd.sock