This article explains how to integrate an antispam/antivirus filter with an AXIGEN's SIEVE script.
Solution
1. A short explanation of the spamtest and virustest implementation in AXIGEN's SIEVE extension
This implementation supports the spamtest and virustest extensions as described in the RFC 3685 but in each case the following constrains appear:
spamtest
- a separate functionality has been implemented that will map vendor specific information from the antispam application and a new header named X-AxigenSpam-Level is added to every scanned message, which can have the following values:
1 - message was tested and is clear of spam
2-9 - message was tested and has a varying likehood of containing spam in ascending order
10 - message was tested and definitely containes spam
In case you are using SpamAssassin as an antispam filter, with spam score range set to -10 -> 10 (the required_score parameter set to 10 in the local.cf configuration file), AXIGEN's score map will be:
< -10 score 1
>=-10 - <=10 score 2-9
>10 score 10
virustest
- a separate functionality has been implemented that will map vendor specific information from the antispam application and a new header named X-AxigenVirus-Level is added to every scanned message, which can have the following values:
1 - message was tested and contains no known viruses
2 - message was tested and contained a known virus which was replaced with harmless content
3 - message was tested and contained a known virus which was "cured" such that it is now harmless
4 - message was tested and possibly contains a known virus
5 - message was tested and definitely contains a known virus
2. SIEVE rule example
In order to create a SIEVE rule for all messages tagged as spam to be delivered directly in the Spam folder, you may insert the following rule in a SIEVE script:
This implementation supports the spamtest and virustest extensions as described in the RFC 3685 but in each case the following constrains appear:
spamtest
- a separate functionality has been implemented that will map vendor specific information from the antispam application and a new header named X-AxigenSpam-Level is added to every scanned message, which can have the following values:
1 - message was tested and is clear of spam
2-9 - message was tested and has a varying likehood of containing spam in ascending order
10 - message was tested and definitely containes spam
In case you are using SpamAssassin as an antispam filter, with spam score range set to -10 -> 10 (the required_score parameter set to 10 in the local.cf configuration file), AXIGEN's score map will be:
< -10 score 1
>=-10 - <=10 score 2-9
>10 score 10
virustest
- a separate functionality has been implemented that will map vendor specific information from the antispam application and a new header named X-AxigenVirus-Level is added to every scanned message, which can have the following values:
1 - message was tested and contains no known viruses
2 - message was tested and contained a known virus which was replaced with harmless content
3 - message was tested and contained a known virus which was "cured" such that it is now harmless
4 - message was tested and possibly contains a known virus
5 - message was tested and definitely contains a known virus
2. SIEVE rule example
In order to create a SIEVE rule for all messages tagged as spam to be delivered directly in the Spam folder, you may insert the following rule in a SIEVE script:
require ["fileinto", "spamtest"];
require ["relational", "comparator-i;ascii-numeric"];
# Possible spam is delivered directly into the "Spam" folder
if allof (
spamtest :value "ge" :comparator "i;ascii-numeric" "6",
spamtest :value "le" :comparator "i;ascii-numeric" "9"
) {
fileinto "Spam";
}
/* Messages tagged as spam with a score greater than
the maximum required score will be discarded */
if spamtest :value "eq" :comparator "i;ascii-numeric" "10" {
discard;
}
OS:
LinuxWindowsFreeBSDMACOpenBSDNetBSDSolaris
Distros:
Windows