Сейчас функционала по повторной проверке карантина нет.
Dr. Web для почтовых серверов Unix
Автор
SchTiRlic
, мар 21 2008 15:03
22 ответов в этой теме
#22
SchTiRlic
-
- Members
- 12 Сообщений:
Newbie
Отправлено 25 Март 2008 - 18:27
Сразу по двум вопроса здесь отпишу:
1) Записи в логах немного изменились:
===Maillog=========================================
Mar 25 16:25:57 gw drweb-maild: [826c000] drweb.ipc ERROR Session::Execute - error for address(es) [inet:3000@127.0.0.1]: attempt to create connection to inet:3000@127.0.0.1 failed because Socket::Connect: [61] Connection refused
Mar 25 16:25:57 gw drweb-maild: [826c000] drweb ERROR Error during connect to daemon:attempt to create connection to inet:3000@127.0.0.1 failed because Socket::Connect: [61] Connection refused
===drweb config======================================
[Antivirus]
#Address = pid:/var/drweb/run/drwebd.pid
Address = inet:3000@127.0.0.1
Timeout = 30s
TCP_NODELAY = no
HeuristicAnalysis = yes
ReportMaxSize = 50k
AddXHeaders = yes
LocalScan = yes
Paranoid = no
LicenseLimit = pass
Infected = cure, quarantine
Suspicious = reject, quarantine, notify
Incurable = reject, quarantine, notify
CureFail = reject, quarantine, notify
Adware = reject, quarantine, notify
Dialers = reject, quarantine, notify
Jokes = reject, quarantine, notify
Riskware = reject, quarantine, notify
Hacktools = reject, quarantine, notify
SkipObject = pass
ArchiveRestriction = reject, quarantine, notify
ScanningErrors = tempfail, notify
ProcessingErrors = tempfail, notify
UseCustomReply = no
ReplyInfected = "DrWEB Antivirus: Message is rejected because it contains a virus."
ReplyMalware = "DrWEB Antivirus: Message is rejected because it contains a malware."
ReplySuspicious = "DrWEB Antivirus: Message is rejected because it contains suspicious content."
ReplySkipObject = "DrWEB Antivirus: Message is rejected because it cannot be checked."
ReplyArchiveRestriction = "DrWEB Antivirus: Message is rejected because it contains archive which violates restrictions."
ReplyError = "DrWEB Antivirus: Message is rejected due to software error."
2) А насчёт какрантина. Какимо образом тогда например производить поиск потерянного письма, вложения и восстанавливать его? Если нет механизма восстановления, то какой смысл в карантине?
1) Записи в логах немного изменились:
===Maillog=========================================
Mar 25 16:25:57 gw drweb-maild: [826c000] drweb.ipc ERROR Session::Execute - error for address(es) [inet:3000@127.0.0.1]: attempt to create connection to inet:3000@127.0.0.1 failed because Socket::Connect: [61] Connection refused
Mar 25 16:25:57 gw drweb-maild: [826c000] drweb ERROR Error during connect to daemon:attempt to create connection to inet:3000@127.0.0.1 failed because Socket::Connect: [61] Connection refused
===drweb config======================================
[Antivirus]
#Address = pid:/var/drweb/run/drwebd.pid
Address = inet:3000@127.0.0.1
Timeout = 30s
TCP_NODELAY = no
HeuristicAnalysis = yes
ReportMaxSize = 50k
AddXHeaders = yes
LocalScan = yes
Paranoid = no
LicenseLimit = pass
Infected = cure, quarantine
Suspicious = reject, quarantine, notify
Incurable = reject, quarantine, notify
CureFail = reject, quarantine, notify
Adware = reject, quarantine, notify
Dialers = reject, quarantine, notify
Jokes = reject, quarantine, notify
Riskware = reject, quarantine, notify
Hacktools = reject, quarantine, notify
SkipObject = pass
ArchiveRestriction = reject, quarantine, notify
ScanningErrors = tempfail, notify
ProcessingErrors = tempfail, notify
UseCustomReply = no
ReplyInfected = "DrWEB Antivirus: Message is rejected because it contains a virus."
ReplyMalware = "DrWEB Antivirus: Message is rejected because it contains a malware."
ReplySuspicious = "DrWEB Antivirus: Message is rejected because it contains suspicious content."
ReplySkipObject = "DrWEB Antivirus: Message is rejected because it cannot be checked."
ReplyArchiveRestriction = "DrWEB Antivirus: Message is rejected because it contains archive which violates restrictions."
ReplyError = "DrWEB Antivirus: Message is rejected due to software error."
2) А насчёт какрантина. Какимо образом тогда например производить поиск потерянного письма, вложения и восстанавливать его? Если нет механизма восстановления, то какой смысл в карантине?
#23
Anton Ivanov
-
- Posters
- 842 Сообщений:
Advanced Member
Отправлено 26 Март 2008 - 09:41
1) Видимо эти ошибки выводятся только однократно при старте когда drwebd еще не запущен - тогда это нормально.
2) идентификатор письма в карантине указывается как в отправляемых отчетах так и в логах - по нему и можно производить поиск и восстановление сообщения
2) идентификатор письма в карантине указывается как в отправляемых отчетах так и в логах - по нему и можно производить поиск и восстановление сообщения
