Each entry in the [Disposal]
configuration section is a directive that maps a <Response>
to a disposition. It is this disposition that
controls the actions performed to dispose of the message or Web
data.
The name of the directive is the <Response>, the value is the disposition.
For example (FTP.CFG): | ![]() |
For example: | ![]() |
The entries in the [Disposal]
section are listed in ascending order of
priority, as determined by the <Response>. The
first entry has the lowest priority,
the last entry has the highest priority.
DEFAULTDISPOSAL
. LOADFAILURE
.The final disposition for the message or Web data is determined by the highest priority <Response> generated as a result of validation.
For example: | ![]() |
Assume the following <Response> values are generated for a message:
In this example, VIRUSPRESENT
1
is the highest priority <Response> generated
(using the [Disposal]
section shown on page 7-23). The final
disposition for the message will therefore be Virus
.
![]() |
As a virus has been detected, the next stage of processing should be to quarantine the message in one of the quarantine areas. See page 7-25 for an example. |
For example: | ![]() |
Assume the following <Response> values are generated for a downloaded file:
In this example, VIRUSPRESENT
1 is the highest priority <Response>
generated (using the [Disposal]
section shown
on page 7-22). The
final disposition for the data will therefore be Virus
.
![]() |
As a virus has been detected, the next stage of processing should be to discard the Web page and inform the requesting browser accordingly. See page 7-25 for an example. |
For example: | ![]() |
[Virus] Quarantine=VirusQuarantine Inform=VirusList
In this example, the
message is quarantined in the VirusQuarantine
quarantine area and an Inform message is sent to the names listed
in the VirusList
configuration section.
For example: | ![]() |
[Virus] InformText=Page blocked - virus detected.
In this example, the
page is discarded and replaced with a message indicating that the
download was not successful. The message text sent is the string
specified by the value of the InformText
directive.
You may occasionally
need to add a new disposal entry. For example, when a new
validator instance is configured, or, in the case of MAILsweeper,
when an AMUcheck rule uses a new <Response>, or
you wish to add the NoFrom
<Response>.
The new disposal
should be entered into the appropriate place in the [Disposal]
section, depending on its considered priority. The disposal can
re-use an existing disposition, or a new disposition can be
created.
![]() |
If a new disposition is created, remember to create a corresponding disposition configuration section in the same file. |
There are several <Response>
values that are mandatory and must always appear
in the [Disposal]
section. These are shown below:
The directives listed in a disposition configuration section control the actions performed to dispose of the message or Web data.
MAILsweeper disposal actions are controlled by the following directives:
Deliver
- see page 7-28. Quarantine
- see page 7-28. Inform
- see page 7-30. Edit
- see page 7-34. ave
- see page 7-36. Event
- see page 7-36. Trap
- see page 7-37.The disposal actions are performed in the order that these directives appear in the configuration section.
![]() |
An exception
is the Edit directive which specifies an
editing action performed during message delivery. See page 7-34 for
details. |
[Virus] Quarantine=VirusQuarantine Inform=VirusList
If the message is simply to be deleted, with no other action, then the configuration section needs no directives.
[JustDelete]
This deletes the message with no further processing.
[Clean] Deliver=
The Quarantine
directive is
used to quarantine a message in one of the quarantine areas.
[Virus] Quarantine=VirusQuarantine Inform=VirusList
[VirusQuarantine] Comment=Virus in message from %SENDER% Area=Blocked Messages
The Comment
directive specifies the comment that is attached to the message
when it is placed in the quarantine area. The comment string can
contain any of the following tokens:
%SENDER%
- replaced by the
address of the sender. %SUBJECT%
- replaced by
the message subject. %DATE%
- replaced by the
message date. The Area
directive specifies the quarantine area that the message is to be
placed in. It is usual to have different areas configured for
different quarantine reasons. Currently, up to ten quarantine
areas can be configured.
There must be a configuration section for the quarantine area in the same file as the disposition configuration section, that is, MIMESWP.CFG. The name of the section must be the same as the name of the quarantine area. This section uses several directives, as explained below.
[Blocked Messages] Location=C:\MSW\Qtine\Blocked File=C:\MSW\Qtine\Blocked\Quarntne.lst
The Location
directive specifies the path to the quarantine area.
The File
directive specifies the path to the file that holds details of
the messages stored in the quarantine area.
[Parked Messages] Location=C:\MSW\Qtine\Parked File=C:\MSW\Qtine\Parked\QUARNTNE.LST ReleaseTime=21:00-22:00 ReleaseCount=6 ReleaseDisposal=AddMessage
![]() |
This example is used for message `parking'. See page 5-33 for more details on how to utilise message parking. |
The ReleaseTime
directive enables timed release of `parked' messages stored in
the quarantine area. The value of this directive is the time
range between which the messages are released. In the above
example, messages are released between 21:00
and 22:00
hrs.
There can be more
than one ReleaseTime
directive listed in the
configuration section.
![]() |
The ReleaseTime
directive should be used with great care. It is advised
that it is only used in the
configuration sections for quarantine areas that store
`parked' messages. |
The ReleaseCount
directive is only
used in conjunction with the ReleaseTime
directive,
to specify the number of messages released during each
MAILsweeper pass. If the ReleaseCount
directive is
not present the default value used is 1
. The
frequency of passes is controlled by the IdleTime
directive, see page 7-11
for details.
The ReleaseDisposal
directive specifies the <Response> that is
assigned to a message when it is released from the quarantine
area. It is used to control the disposal actions that are
performed when the quarantined message is released.
The ReleaseDisposal
directive is normally only used to control the release of parked
messages, but it can be specified in any of the quarantine areas
if desired. If it is not present then the Release
<Response>
is used.
For example, a
message may be `parked' in one of the quarantine areas for later
release, due to its large size. You can inform the message
recipients of the reason for delay when the message is released.
This is achieved by specifying an appropriate <Response>
in the configuration section, for example, AddMessage
.
The disposition for this <Response> could then
utilise the automated editing facility. See page 7-41 for an example.
![]() |
The <Response>
specified by the ReleaseDisposal directive
must always have a corresponding entry
in the [Disposal] configuration section. |
[Virus]
Quarantine=VirusQuarantine
Inform=VirusList
![]() |
There can be
more than one Inform directive listed, for
sending different inform messages to different users. See
page 7-38
for a configuration example. |
The value of the Inform
directive is the name of the configuration section that controls
the inform actions. This section can contain several directives,
as shown below. It may also contain a PerformIf
or SkipIf
directive, see page 7-33
for details.
[VirusList] FromAdr=%SERVER% ToAdr=%ADMIN% Subject=A message from %SENDER% contains a virus. Body=C:\MSW\CONFIG\VIRUS.TXT WithLog=TRUE WithCopy=FALSE
The FromAdr
directive specifies the sender of the inform
message. The value of the FromAdr
directive is an
address in MAILsweeper generic address format, or one of the
following tokens:
%ADMIN%
- replaced by the
address specified by the ADMINISTRATOR
directive, see page
7-11 for details. %SERVER%
- replaced by the
address specified by the SERVER
directive,
see page 7-12
for details. %SENDER%
- replaced by the
address of the sender. The ToAdr
,
CCAdr
and BCCAdr
directives specify the
recipient(s) of the message, that is, to whom the inform
message is being sent. These determine the To, CC and BCC
addresses respectively. The value of these directives is an
address in MAILsweeper generic address format, or one of the
following tokens:
%ADMIN%
- replaced by the
address specified by the ADMINISTRATOR
directive, see page
7-11 for details. %SENDER%
- replaced by the
address of the sender. %RCPTS%
-
replaced
by the address(es) of the recipient(s). The Subject
directive specifies the string that is used as the subject of the
inform message. It may contain the following tokens:
%SENDER%
- replaced by the
address of the sender. %SUBJECT%
- replaced by
the message subject. %DATE%
- replaced by the
message date.%ADMIN%
- replaced by the
address specified by the ADMINISTRATOR
directive, see page
7-11 for details. %SENDER%
- replaced by the
address of the sender. %RCPTS%
-
replaced
by the address(es) of the recipient(s). %SUBJECT%
- replaced by
the message subject. %DATE%
- replaced by the
message date. If the Body
directive is not present then a standard generated message is
used instead.
The WithLog
directive specifies whether a copy of the message log is added as
an attachment to the inform message. The value of this directive
is either TRUE
or FALSE
. Default value
is FALSE
.
The WithCopy
directive specifies whether a copy of the original message is
added as a series of attachments to the inform message. The value
of this directive is either TRUE
or FALSE
.
Default value is FALSE
.
If required, a SkipIf
or PerformIf
directive can be included in the
configuration section that controls the inform actions.
These directives can be used to conditionally send inform messages, depending on the values of previously set attributes. For example, an attribute could be set using AMUcheck to give the message a sense of direction. This information could then be used to send:
In this way, you can keep all inform messages inside your company.
[Virus] Quarantine=VirusQuarantine Inform=VirusList
[VirusList]PerformIf=direction==in
2
FromAdr=%SERVER% ToAdr=%RCPTS% ToAdr=%ADMIN% Subject=A message from %SENDER% contains a virus. Body=C:\MSW\CONFIG\VIRUS.TXT WithLog=TRUE WithCopy=FALSE
![]() |
The section cannot
be configured with a PerformIf and a SkipIf
directive at the same time. For more details on the |
[Clean]
Edit=AMEOut
Deliver=
![]() |
There can be
more than one Edit directive listed in the
configuration section, for controlling different editing
actions. |
The value of the Edit
directive is the name of a configuration section that controls
the edit actions.
[AMEOut] PerformIf=direction==out PrependToBody=C:\MSW\CONFIG\header.txt AppendToBody=C:\MSW\CONFIG\disclaim.txt
The PerformIf
directive controls the circumstances under which the edit actions
are performed. The value of the PeformIf
directive
is an attribute expression.3
If the attribute expression evaluates to TRUE
then
the edit actions are performed.
In this example, if
the value of the direction
attribute is out
then the edit actions are performed.
There may be more
than one PerformIf
directive listed in the
configuration section:
TRUE
then
the edit actions are performed. TRUE
then
the edit actions are not performed. ![]() |
If there are
no PerformIf directives listed then the edit
actions are always performed. |
The edit actions are controlled by the following two directives:
PrependToBody
- adds text
to the beginning of the message body. AppendToBody
- adds text
to the end of the message body.The value of each directive is the path to a file. This file contains the text that is appended or prepended to the message body.
PrependToBody=C:\MSW\CONFIG\header.txt AppendToBody=C:\MSW\CONFIG\disclaim.txt
In this example, the text contained in header.txt is prepended to the message body. The text contained in disclaim.txt is appended to the message body.
![]() |
Lotus Notes and Exchange
systems only. The PrependToBody
directive is not available during automated message
editing. The directive can still be used but the text
will always be appended to the message
body.
SMTP systems only. The default SMTP configuration uses automated message editing to append a disclaimer to all outgoing mail, see page 2-38 for more details, or append a warning message if there are signs of spoofing, see page 5-15 for more details. |
It is also used if
the FailedDisposal
disposal entry fails. This could
happen, for example, when MAILsweeper has failed to perform the
backup disposition correctly, usually due to environmental
reasons such as lack of disk space. In this event MAILsweeper
uses the Save
disposal action as a last resort, to
try and save the message for future processing, and then shuts
itself down.
The Save
directive has no value.
[FailedLoad]
Save=
Inform=FailedLoadList
[Virus]
Quarantine=VirusQuarantine
Inform=VirusList
Event=A virus has been detected.
[Virus]
Quarantine=VirusQuarantine
Inform=VirusList
Trap=A virus was detected in the message.
[BlockSize]
Inform=SizeList
;Trap=A message was blocked
[BlockSize]
Inform=SizeList
Trap=An incoming message was blocked
![]() |
The IP address of the SNMP Manager and the SNMP community name are configured in the mail configuration file, MIMESWP.CFG. See page 7-19 for details. |
This is achieved by making changes to the original configuration files, as shown below. Changes are shown in bold.
[Virus] Quarantine=VirusQuarantine Inform=VirusListInform=SenderList
[VirusList] FromAdr=%SERVER% ToAdr=%ADMIN% Subject=A Virus was detected in the message. Body=C:\MSW\CONFIG\VIRUS.TXT WithLog=TRUE WithCopy=FALSE[SenderList] ToAdr=%SENDER% FromAdr=%ADMIN% Subject=A Virus was detected in your message. Body=C:\MSW\CONFIG\INFORM.TXT WithLog=FALSE
A new Inform
directive is added to the [Virus]
configuration
section. The value of the Inform
directive is the
name of a configuration section that controls the inform actions.
The INFORM.TXT file contains a suitable message. For example: Your message entitled %SUBJECT% has been quarantined.
RESPONSE allow_in PRIORITY 1 RESPONSE allow_out PRIORITY 1 FROM *@* TO *@sales allow_in ;add text to incoming mail FROM *@sales TO *@* allow_out ;add text to outgoing mail
Two new AMUcheck
rules are defined. These rules determine the <Response>
generated by AMUcheck for any sales related message, that is, allow_in
or allow_out
respectively.
Two new RESPONSE
statements are also listed in the first section of the file, to
define the allow_in
and allow_out
<Responses>.
[AMU]
AuthFile=C:\MSW\CONFIG\AUTHFILE.TXT
If=allow_in,direction=in,allow
If=allow_out,direction=out,allow
The If
directive checks the <Response> generated by
AMUcheck.
If the <Response>
is allow_in
or allow_out
then an
attribute called direction
is created, with the
value in
or out
respectively. The <Response>
is then reset to allow
. This is the actual <Response>
generated by AMUcheck. It allows the message to be delivered
normally, assuming no higher priority <Response>
is returned from one of the other validator instances.
[Disposal] DefaultDisposal=Cleanallow=Clean
...LOADFAILURE=FAILEDLOAD
[Clean]Edit=AMEIn Edit=AMEOut
Deliver=[AMEIn] PerformIf=direction==in PrependToBody=C:\MSW\CONFIG\inward.txt
[AMEOut] PerformIf=direction==out AppendToBody=C:\MSW\CONFIG\outward.txt
Assume that allow
is the highest priority <Response> returned from
validation. This gives the message a final disposition of Clean
.
The [Clean]
disposition configuration section lists two Edit
directives. The value of each Edit
directive is the
name of an editing configuration section that is used to control
the message editing actions.
In each editing
configuration section, the value of the direction
attribute is checked, using the PerformIf
directive.
If the value of the direction
attribute is in
then the actions listed in the [AMEIn]
configuration section are performed. This results in the contents
of inward.txt being prepended to message body.
If the value of the direction
attribute is out
then the actions listed in the [AMEOut]
configuration section are performed. This results in the contents
of outward.txt being appended to message body.
![]() |
For Lotus Notes and Exchange restrictions see page 7-35. |
This is achieved by
specifying a <Response> in the quarantine area
configuration section (using the ReleaseDisposal
directive), then utilising automated message editing during
disposal of the message.
[Parked Messages]
Location=C:\MSW\Qtine\Parked
File=C:\MSW\Qtine\Parked\QUARNTNE.LST
ReleaseTime=21:00-22:00
ReleaseCount=6
ReleaseDisposal=AddMessage
The value of ReleaseDisposal
directive specifies the <Response> that is
assigned to each message as it is released from the quarantine
area. In this example the <Response> is AddMessage
.
[Disposal]
DEFAULTDISPOSAL=Clean
...
AddMessage=SizeMessage
...
LOADFAILURE=FAILEDLOAD
The AddMessage
<Response> has an entry in the [Disposal]
configuration section which determines the final disposition for
the message. In this example the final disposition is SizeMessage
.
[SizeMessage]
Edit=AddSizeMessage
Deliver=
The value of the Edit
directive is the name of the configuration section that will
control the editing actions. In this example the name of the
configuration section is [AddSizeMessage]
.
[AddSizeMessage]
AppendToBody=C:\MSW\CONFIG\size.txt
WEBsweeper disposal actions are controlled by the following directives:
![]() |
If Web data is blocked it is always deleted, regardless of the blocking reason. |
[Clean] Deliver=
[Virus] InformText=Page blocked - virus detected.
The value of the InformText
directive is a text string.This text string should not
contain any commas. The string represents the message
that is sent to the Web browser and is inserted into an HTML
template, shown on page
7-44.
![]() |
You would normally use the InformText
directive for short, one line messages. Use InformFile
for larger messages, or messages containing links to
other resources. |
[ScriptMail] InformFile=C:\MSW\CONFIG\ScriptMail.txt
![]() |
The replacement file can be written in HTML. This makes it is easy to generate documents that contain links to other resources. |
<HTML> <HEAD> <TITLE> WEBsweeper Notice </TITLE> </HEAD> <BODY> <H1> WEBsweeper Notice</H1>
Your message text is inserted here.
</BODY> </HTML>
1 The VIRUSPRESENT
<Response>
is used to indicate that a virus has been detected in the data.
2 The direction
attribute is usually set by AMUcheck, using the If
directive. See page 7-102
for details.
3 This attribute expression is
usually set by AMUcheck, using the If
directive. See
page 7-102 for
details.
Copyright © 1998, Content Technologies Limited. All rights reserved.