# default configuration sockets: # #listen = 127.0.0.1:5036 # #listen = /var/run/avast4/mailscanner.sock # #listen = 127.0.0.1:5037 # #listen = /var/run/avast4/filescanner.sock # listen = /var/run/avast4/local.sock %definitions #The filter name that will be used when logging message #TYPE=STRING #REQUIRED filterName = "AVAST" #The size of the block, used when reading or writing binary #TYPE=SIZE #DEFAULT=12K #rwBlockSize = 12K #Specifies if this filter modifies the mail file #TYPE=CHOICE: yes|no #DEFAULT=no readOnly = yes #Specifies the end of line terminator used both for reading and for writing #TYPE=CHOICE: CRLF|LF|CRLF_OR_LF|DOUBLE_NULL #DEFAULT CRLF eolTerminator = CRLF #Specified the encoding usend in communication #TYPE=CHOICE: NONE|HTML #DEFAULT NONE #encoding = NONE #Specifies the size of the line to which padding should be added if such token is used #TYPE=SIZE #DEFAULT=256 #paddingSize = 256 %flow # # Nov 2015 - Tested with avast core security for linux, v2.0.0 # # Flow based on information provided by 'man avast-protocol' # .RECV_UNTIL "^[0-9]+ " .ISMATCH "^220 .*$" .SEND "SCAN " $filename .RECV_UNTIL "\t\[L\]|^200 |^451 |^466 " .ISMATCH "\t\[L\]" .MATCH_VIRUS_LVL .SET_RESPONSE LOG_CURRENT .RECV_UNTIL "^200 " .ISMATCH "^200 " .MATCH PREV_RESPONSE .NOMATCH .ERROR "Unexpected response" .END_MATCH .END_RECV .ISMATCH "^200 " .MATCH_VIRUS_LVL .PASS "Mail OK" .ISMATCH "^451 |^466 " .ERROR LOG_CURRENT .NOMATCH .ERROR "Unexpected response" .END_MATCH .END_RECV .NOMATCH .ERROR LOG_CURRENT .END_MATCH .END_RECV %sieve .VIRUS_MAX_LVL "\t\[L\]" .VIRUS_MIN_LVL ""