33
5.2. Handle Object Policy
The Handle Object Policy (see gure 5-1) is a mechanism that provides handling of the scanned objects depending
on their scanning status. The mechanism is based on so-called action conguration options (’action_on_processed’,
’action_on_infected’, ‚action_on_uncleanable‘, ‚action_on_notscanned‘) combined with Anti-Virus enabling
conguration option (‚av_enabled‘). To get detailed information on these conguration options, please refer to the
nod32.cfg(5) manual page.
Every object processed by NOD32LMS/NOD32BMS is at rst handled with respect to the setting of the conguration
option ’action_on_processed’. Once this parameter is set to ’accept’, the object is handled according to the setting of
conguration option ’av_enabled’. Note that this parameter is of paramount importance if combined with so-called
User Specic Conguration mechanism. In this case various types of black-lists and white-lists can be congured.
Once ’av_enabled’ is enabled the object processed is scanned for virus inltrations and set of action conguration
options ’action_on_infected’, ’action_on_uncleanable’ and ’action_on_notscanned’ is taken into account to evaluate
further handling of the object. If action ’accept’ has been taken as a result of the three above action options or ’av_
enabled’ is disabled the object is accepted for further delivery. In case any of action conguration options caused other
than ‚accept‘ value, the object is blocked and will be handled according to the particular action taken.
5.3. Black-list and white-list
In this section we describe the black-list and/or white-list creation using the combination of already discussed
NOD32LS/NOD32BS conguration mechanisms. In particular the black-list or white-list can be created using the Handle
Object Policy features and User Specic Conguration mechanism. Thus the black-list or white-list can be created for
recipients and/or senders of e-mail messages scanned by NOD32LS/NOD32BS.
In the next example we demonstrate the black-list and also white-list creation for the nod32smtp module as a
content lter of MTA Postx. The original conguration section related to the module is as follows,
agent_enabled = yes
listen_addr = “localhost“
listen_port=2526
chapter 5 / Important NOD32LMS/NOD32BMS Mechanisms
Figure 5-1. Scheme of Handle Object Policy mechanism.
accept defer, discard, reject
action_on_processed
object not accepted
NO YES
av_enabled
accept defer, discard, reject
action_on_infected
action_on_uncleanable
action_on_notscanned
object not accepted
object accepted
To Next Page
Loading...
Need help?
General
