zcv

zcv — Zorp Content Vectoring Server

Synopsis

zcv [options]

Description

The Zorp Content Vectoring Server (ZCV) is a content scanning framework providing stream and file scanning services for zorp(8). ZCV runs as a separate application and can be accessed over TCP, UNIX domain sockets and standard input and output file handles. The behaviour of ZCV can be controlled via the zcv.cfg(5) configuration file.

Options

--verbose <verbosity> or -v <verbosity>

Set verbosity level to <verbosity>, or if <verbosity> is omitted increment it by one. Default the verbosity level is 3; possible values are 0-10.

--no-syslog or -l

Send log messages to the standard output instead of syslog. This option implies foreground mode, overriding the contradicting process options if present.

--log-spec <spec> or -s <spec>

Set verbosity mask on a per category basis. The format of this value is described in zorp(8).

--log-tags or -T

Enable logging of message tags.

--foreground or -F

Do not daemonize, run in the foreground.

--help or -h

Display a brief help message.

--zorp-mode <ctrl-fd> or -z <ctrl-fd>

Start in Zorp mode using the <ctrl-fd> file descriptor and remain in the foreground. In this mode only a single scan is performed on the data on the standard input. Results are sent to the standard output. (Naturally, log messages are not sent to the standard output in this mode, as this would interfere with the scanning results.) This mode is used mainly for testing purposes.

--rule-group <rule-group> or -R <rule-group>

The value for the zcv_rule_group routing variable in Zorp mode.

--config <file> or -c <file>

Use the configuration file <file> instead of the default /etc/zcv/zcv.cfg file.

--pidfile <file> or -P <file>

Use <file> as pid file instead of the default /var/run/zcv/zcv.pid file.

Operation

ZCV scans the contents of incoming streams. ZCV has multiple channels, each performing a possibly different set of actions on the incoming stream. These channels are called "scanpaths", i.e. a scanpath is an ordered set of modules and their associated settings. The scanpath to be used is selected based on meta information provided by Zorp and meta information gathered about the stream by ZCV itself. This scanpath selection mechanism is called "routing decision" and is controlled by the router rules.

To summarize, ZCV operates as follows: A connection is established between Zorp and ZCV. ZCV selects a scanpath (i.e. makes the routing decision) based the collected information, the router rules and information received from Zorp. The scanpath determines the modules to use and their associated settings. After the modules process the data received in the stream, the result of the scanning operation is sent back to Zorp.

Files

/etc/zcv/

The routing and configuration file formats are described in /etc/zcv/zcv.cfg and /etc/zcv/router.cfg.

Author

This manual page was written by the BalaSys Documentation Team <documentation@balasys.hu>.

Copyright

Copyright © 2006-2015 BalaBit IT Security, 2015-2017 BalaSys IT Security. All rights reserved.