Enable JavaScript filtering: Remove all JavaScripts. Enabling this option removes all javascript and script tags, and the conditional value prefixes (for example, onclick, onreset, and so on).

Enable ActiveX filtering: Remove all ActiveX components. Enabling this option removes the applet tags and the classid value prefix.

Enable Java filtering: Remove all Java code references. Enabling this option removes the java: and application/java-archive inclusions, as well as the applet tags.

Enable CSS filtering: Remove cascading stylesheet (CSS) elements. Enabling this option removes the single link tags, the style tags and options, as well as the class options.

Filter HTML tags: Custom filters can be added to remove certain elements of the HTML code using the New button. The filter can remove the specified values from HTML tags, single tags, options and prefixes (specified through the Filter place combobox). The Filter value specifies the name of the tag/header to be removed.

Figure 14.7. Filtering HTML tags

The options of the Filter place parameter have the following meanings:

In tags: Remove everything between the specified tag and its closing tag. Embedded structures are also handled.

In single tags: Remove all occurrences of the specified single tag. A single tag is a tag that does not have a closing element, for example, img, hr, and so on).

In options: Remove options and their values (for example, width, and so on).

In prefixes: Remove all options starting with the string set as Filter value. For example, on will remove all options like onclick, and so on.

Disinfect: Attempt to remove the virus from infected files.

Scan packed: Perform virus scanning on archived files.

Scan suspicious: Perform virus scanning on suspicious files (for example, suspicious files are often new variants of known viruses).

Heuristic scan level: Level of heuristic (non-database based) sensitivity. The available levels are OFF, and NORMAL.

Archive max size: Archived files larger than the specified value (in megabytes) are not scanned. For example, if a 2.5 MB .zip file contains a file that is 80 MB uncompressed, and the Archive max size option is set to 10 MB, the file will not be scanned for viruses. However, if the Archive max size option is set to 100 MB, CF will scan the file.

Socket timeout: Timeout value in secnds.

Socket: The domain socket used to communicate with the nod32 engine. Default value: /var/run/nod32/nod32d.sock

Temporary directory: Path to the temporary directory used by the Nod32 engine.

Header pattern: The search string to be found in the headers. Regular expressions can be used. The following options are also available for regular expressions:

Action: The action to be performed on the header line or the whole message if the pattern is found in the message. The following actions are available:

Argument: The Regular expression will be replaced with this string if found in the stream. The replacement can contain \n (n being a number from 1 to 9, inclusive) references, which refer to the portion of the match which is contained between the nth \( and its matching \). Also, the replacement can contain unescaped & characters which will reference the whole matched portion of the pattern space.

Case insensitive: The case sensitive mode can be disabled by selecting this checkbox.

Maximum number of headers: The maximal number of headers permitted in a MIME object. The object is removed if it exceeds this limit.

Maximum length of a header: The maximal length of a header in characters. Applies to the total length of the header. The header is removed if it exceeds this limit.

Maximum length of a header line: The maximal length of a header line in characters. Applies to every single line of the header. The header is removed if it exceeds this limit.

Ignore invalid headers: If enabled, headers not complying to the related RFCs or violating the limits set in the previous options are automatically removed (dropped).

Silently drop rejected attachment: By default, the mime CF module replaces the removed objects (attachments) with the following note that informs the recipient of the message about the removed attachments: The original content of this attachment was rejected by local policy settings. If the Silently drop rejected attachment option is enabled, no note is added to the e-mail.

Enable rewriting messages: If disabled, the mime module does not modify the messages.

Set mime entity to append: The mime CF module can automatically add a MIME object to the inspected messages. To use this feature, verify that the Enable rewriting messages option is enabled, select Set mime entity to append, paste the MIME object into the appearing dialog box, and select OK.

Program: The application to be executed.

Timeout: If the application set in the Program field does not provide a return value within this interval, it is assumed to be frozen.

The program may modify the data: The program may make changes to the data and return the modified version to CF.

Regular expression: The search string to be found in the stream. Regular expressions can be used. The following options are also available for regular expressions:

Replacement: The Regular expression will be replaced with this string if found in the stream. The replacement can contain \n (n being a number from 1 to 9, inclusive) references, which refer to the portion of the match which is contained between the nth \( and its matching \). Also, the replacement can contain unescaped & characters which will reference the whole matched portion of the pattern space.

Global: Replace all occurrences of the search string. If not checked, the filter will replace only the first occurrence of the string.

Case insensitive: Disable case sensitive mode.

Policy related options

Server address

Other options