vcf
vcf — Content Filtering Server
Synopsis
vcf
[options]
Description
The Content Filtering Server (CF) is a content scanning framework providing stream
and file scanning services for vela(8). CF runs as a separate
application and can be accessed over TCP, UNIX domain sockets and standard input and output
file handles. The behaviour of CF can be controlled via the
vcf.cfg(5)
configuration file.
Options
- --verbose <verbosity> or -v <verbosity>
Set verbosity level to <verbosity>, or if <verbosity> is omitted increment it by one. Default the verbosity level is 3; possible values are 0-10.
- --no-syslog or -l
Send log messages to the standard output instead of syslog. This option implies foreground mode, overriding the contradicting process options if present.
- --log-spec <spec> or -s <spec>
Set verbosity mask on a per category basis. The format of this value is described in vela(8).
- --log-tags or -T
Enable logging of message tags.
- --foreground or -F
Do not daemonize, run in the foreground.
- --help or -h
Display a brief help message.
- --vela-mode <ctrl-fd> or -z <ctrl-fd>
Start in Vela mode using the <ctrl-fd> file descriptor and remain in the foreground. In this mode only a single scan is performed on the data on the standard input. Results are sent to the standard output. (Naturally, log messages are not sent to the standard output in this mode, as this would interfere with the scanning results.) This mode is used mainly for testing purposes.
- --rule-group <rule-group> or -R <rule-group>
The value for the vcf_rule_group routing variable in Vela mode.
- --config <file> or -c <file>
Use the configuration file <file> instead of the default
/etc/vcf/vcf.cfg
file.- --pidfile <file> or -P <file>
Use <file> as pid file instead of the default
/var/run/vcf/vcf.pid
file.
Operation
CF scans the contents of incoming streams. CF has multiple channels, each performing a possibly different set of actions on the incoming stream. These channels are called "scanpaths", i.e. a scanpath is an ordered set of modules and their associated settings. The scanpath to be used is selected based on meta information provided by Vela and meta information gathered about the stream by CF itself. This scanpath selection mechanism is called "routing decision" and is controlled by the router rules.
To summarize, CF operates as follows: A connection is established between Vela and CF. CF selects a scanpath (i.e. makes the routing decision) based the collected information, the router rules and information received from Vela. The scanpath determines the modules to use and their associated settings. After the modules process the data received in the stream, the result of the scanning operation is sent back to Vela.
© 2021 BalaSys IT Security.
Send your comments to support@balasys.hu