# sample group configuration.
# if you wish to do a group of your own please copy this file (ie)
# to /etc/opt/rav/groups/mygroup and modify it to your needs.
# Then make sure you include mygroup into the last part of 
# /etc/opt/rav/ravmd.conf like this:
#
# ____ c u t   h e r e __________________________________
#
# # other groups
# [my_customized_group]
# _include /etc/opt/rav/groups/mygroup
#
# ____ c u t   h e r e __________________________________


# Define group members
# You must define at least one member for your group.
# Syntax:
# keyword = enumeration
#
# senders' e-mail addresses
# ex:
sender = user1@mail.domain.com, user2@info.domain.com

# receivers' e-mail addresses
# ex:
#receiver = user1@domain1.org

# specify sender host name
# ex:
# from_host = domain1.net, mail.domain1.net, www.domain2.org
# from_host = domain3.com

# specify destination host name
# ex:
# to_host = domain4.net, info.domain4.net

# Specify if this group is scanned or not. This way some e-mail addresses
# and/or domains can be excepted from the scanning.
# DEFAULT: NO
#do_not_scan = yes

# Specify a variable name defined in _define_actions section, which contains
# the actions to be performed when an infected object is found.

# the act_for_infected_files is defined in the ravmd.conf file
infected_actions = act_for_infected_files

# Specify a variable name defined in _define_actions section, which contains
# the actions to be performed when a suspicious object is found.
suspicious_actions = act_for_suspicious_files

# These are the messages used to create the warning notifications when a virus
# is found in the e-mail.
# Select the language of the warning message (make sure that the language
# you use here is also enabled in the ravmd.conf file).
# select only ONE language here, please. Both absolute and relative paths
# to the included files are supported.

_include ../languages/english.equiv
#_include ../languages/german.equiv
#_include ../languages/french.equiv
#_include ../languages/hungarian.equiv
#_include ../languages/romanian.equiv
#_include ../languages/italian.equiv
#_include ../languages/russian.equiv
#_include /etc/opt/rav/languages/spanish.equiv
#_include /etc/opt/rav/languages/pt_br.equiv
#_include /etc/opt/rav/languages/turkish-us-ascii.equiv
#_include /etc/opt/rav/languages/turkish-iso-8859-9.equiv

# The administrators e-mail addresses
# The administrator(s) e-mail address(es) where a warning e-mail will
# be sent when an infected or suspicious file has been detected. That
# warning e-mail contains messages created using the strings specified
# for every situation.
# admin_addr = admin1@domain.com, admin2@domain.net

# These messages contain information about the virus name, detection date,
# sender's address and receiver's address. The messages are treated as
# confidential information. The only purpose of the messages are to build
# statistics in order to evaluate the spreading level of viruses. Based on
# virus spreading level RAV AntiVirus laboratories issue reports, such as
# Virus Alerts and Virus Advisories. If you'll comment out the next line
# then these messages will not be sent to us.
admin_addr = ravmails@stats.ravantivirus.com

# Specify who is warned by RAV and when
# Syntax:
# keyword = enumeration
# enumeration can contain:
# found_virus   -> when a virus is found
# found_subject -> when the subject matches a content filtering rule
# found_attach  -> when an attached file name matches a content filtering rule
# found_content -> when the mail body contains a string matched by a rule
# warn_domains  -> send notifications only to users inside scanned domains
# never  -> never send notifications
# always -> send notifications in all the above situations

# send notifications to e-mail sender
#warn_sender = found_virus, found_subject, found_attach, found_content
warn_sender = always warn_domains
# send notifications to e-mail receiver(s)
warn_receivers = found_virus
# send notifications to administrator(s)
warn_admin = always

# E-mail address that will not be notified.
#do_not_warn = user8@domain.com
# E-mail address that will be hidden in all e-mail notifications.
#do_not_show = user8@domain.com

# Parameters (with boolean value) used for specifying if the addresses
# of the corresponding sender/receivers/administrators will or
# will not be disclosed in the warning mail's To: header.
# DEFAULT: NO
#disclose_sender = yes
#disclose_receivers = yes
#disclose_admin = yes

# Specify if the infected e-mail files will be saved to the local disk.
# Please note that the infected/suspicious messages will be placed in the
# quarantine regardless of the infected_actions and suspicious_actions.

# DEFAULT = YES
# save_infected = no
# save_suspicious = no

#quarantine = "/var/opt/rav/quarantine"

# This option controls the heuristic methods for detecting new and
# unknown viruses. DEFAULT = YES
use_heuristics = yes

# Specify if the content filtering will search inside the embedded objects 
# (i.e. the files from archives) attached to the e-mail.
# Setting this parameter 'no' will determine ravmd to exclude files
# inside attachments from the content filtering search.
# DEFAULT = YES
#use_cf_inside_embedded_object = no

# Specify the extension of attached files excluded from content filtering.
# DEFAULT VALUE = not defined
# Accepted values: Valid file extensions (preceded by dot and separated by
# blank spaces and/or commas) plus 'all' (all the attachment files will be
# excluded from the content filtering search).
#cf_do_not_scan_extensions = all
cf_do_not_scan_extensions = .gif .jpeg .jpg .tiff .mp3 .mpeg

# This option controls scanning for packed executables like WWPACK, UCEXE,
# PEPACK, UPX etc.
# DEFAULT = YES
scan_packed_executables = yes

# This option controls scanning in archived files, like ZIP, GZ, BZIP2, TGZ, 
# ARJ, RAR, LHA, TAR, LHZ, ACE, CAB, IMP, Z, ZOO, ARC, etc.
# DEFAULT = YES
#scan_archives = no

# Extension used to rename infected/suspicious files. DEFAULT = "_??"
rename_ext = "_??"

# Define scan mode: scan all files or let RAV decide what files to scan.
# If smart_scan is not defined then RAV will scan all files.
# DEFAULT = YES
smart_scan = yes

# RAV log system settings

# Log level.
#	DEFAULT VALUE is 4095
# log_level = 0 -> no log information
# +1	-> log only errors (i.e. can't fork, can't read from socket, etc.)
# +2	-> mail file name
# +4	-> mime part scanned
# +8	-> final scan result
# +16 	-> actions taken during scanning
# +32	-> log the e-mail addresses of the sender and the first receiver
# +64	-> show the group name matched
# +128	-> information generated by the external triggered update
# +256	-> LICENSE LIMIT warnings
# +512  -> WBL information
# +1024 -> RBL information
# +2048 -> ANTISPAM actions
# +4096 -> show the IPs from the 'Received' mail header field
log_level = 4095

# Full path and name of the log file
#	DEFAULT VALUE: /var/opt/rav/log/<group_name>
# log_file_name = /var/opt/rav/ravlog

# A new log file is created after this period of time
#	DEFAULT VALUE is 6h (6 hours)
log_rotate_after = 1d

# The maximum log file size
#	DEFAULT VALUE is 500Kb
log_max_length = 0Kb

# Delete log files older than the specified period of time
#	DEFAULT VALUE is 7d (7 days)
log_delete_after = 7d

# Archive (using the libz library) the log files
#	DEFAULT VALUE is 'yes'
#log_use_zip = no

# Custom warning mails (for registered copy only)
#   DEFAULT VALUE is 255
# custom_msg = 0 -> show first antet line
# +1	-> add "Registered version ..."
# +2 	-> add "Running on host ..."
# +4	-> add "Scan engine ..."
# +8	-> add "Last update ..."
# +16	-> add "Scanning for ..."
# +32	-> add "To get a free ..."
# +64	-> add "Copyright ..."
# +128	-> add "RAV AntiVirus for ..."
custom_msg = 156

# Specify the scanning timeout in seconds. The timeout is computed
# using the following formula:
# timeout_per_file + timeout_per_mega * filesize/1Mb
# Default values:
timeout_per_file = 240
timeout_per_mega = 120

# Here you can specify warning mails sender e-mail address.
# The default values work in most cases. Define these fields only
# if no warning mails are sent when a virus is found or if you want
# to use a different account instead of ravms. Specify smtp_server IP address
# only if that machine is behind a firewall and ravmd can't get its dns name.
# If you are using Postfix as MTA then you can set ravmd to use a specified
# port to when sending warning mails. Setting smtp_port on 10026
# (in our configuration example) will make Postfix to send those mails
# without being scanned.
# DEFAULT VALUES:
# ravms_full_name = "RAV AntiVirus"
# ravms_name = ravms
# on_host = the official name returned by gethostbyname() function
# smtp_server = same as host (IP address)
# smtp_port = 25

#ravms_full_name = "RAV AntiVirus Filter"
#ravms_name = RAV
#on_host = myhost
#smtp_server = your_server's_IP_address
#smtp_port = 10026

# The following string is used to replace the SUBJECT macro in the warning email
# if RAV didn't find a valid subject in the infected email
no_subject = "original e-mail didn't contain any subject field"

# A name that will replace the FROM_USER macro when the sender is <>
mailer_daemon= "MAILER-DAEMON"

# ADVANCED CONTENT FILTERING
# RAV content filtering module uses POSIX regular expressions in order
# to find a pattern in the folowing e-mail components: subject, message
# body (including attachments content) and attached file names. Rules are
# processed in this order: subject, attachments, body. If more rules are
# defined for the same component, they will be processed in the same
# order they are specified.
#
# Syntax:
# keyword regexp_variable action_variable

# Filter the e-mail subject.
# ex:
# filter_subject subj_regexp subj_action
# filter_subject -- keyword
# subj_regexp    -- a variable defined in _define_regular_expressions section
# subj_action    -- an action variable defined in _define_actions section

#filter_subject subj_regexp subj_action

# Filter the names of the e-mail attachments
#filter_attachment file_regexp file_action

# Filter the e-mail body and attachment content
#filter_content body_string body_action

#well known viruses example
#filter_attachment file_wn_regexp file_wn_act
#filter_content body_wn_string body_wn_act

# WBL (static white/black list) settings
# keywords accepted: wbl_accept, wb_reject, wbl_discard

# Example 1: reject all mails from 'domain.com' except from 'office@domain.com'
# and 'support@domain.com' 
#wbl_accept office@domain.com support@domain.com
#wbl_reject domain.com

# Example 2: reject mails from address: 'spam@domain.com'
#wbl_reject spam@domain.com

# Example 3: discard mails from domain: 'spammer.domain.com'
#wbl_discard spammer.domain.com

# Example 4: reject an entire C class of IPs except one IP from that class
#wbl_accept aaa.bbb.ccc.ddd
#wbl_reject aaa.bbb.ccc.0/24
#or
#wbl_accept aaa.bbb.ccc.ddd
#wbl_reject aaa.bbb.ccc.0/255.255.255.0

# RBL (Realtime Blackhole List) control (yes|no)
#use_rbl = yes

# Embedded messages settings
# NOTE: RAV uses the 'sendmail' executable in order to inject
# the embedded mail in the MTA queue. Please make sure that the
# MTA's specific 'sendmail' program is in the search path for commands.
# Default value for 'embedded' parameters is 'no'.

# Embed clean mails (yes|no)
# embed_clean_mail = yes

# Embed cleaned (infected/suspicious mails that
# were cleaned/deleted) mails (yes|no)
# embed_cleaned_mail = yes

# Embed uncleaned (infected/suspicios mails that 
# cannot be cleaned/deleted) mails (yes|no)
# embed_unclean_mail = yes

# Add a custom message (defined by the 'embedded_clean_msg', 
# 'embedded_cleaned_msg' or "embedded_unclean_msg" parameters)
# to the embedded mail (yes|no)
# use_embedded_msg = yes

# Add the message generated for the warning mail to the embedded mail (yes|no)
# use_embedded_warning = yes

# Anti SPAM configuration
# Remove the '#' sign from the following line if you want to activate
# all antispam levels
#antispam_configuration = bulk_detection_low, bulk_detection_medium, bulk_high_precision, bulk_very_high_precision
antispam_configuration = bulk_high_precision, bulk_very_high_precision
