9. Integrations

Halon provides integrations with various security vendors, the embedded anti-spam and anti-virus engines are only available in the full system distribution (virtual machine) package. All connectors are available in the script library.

Context Cyren IPrep Cyren RPD SophosAV ClamAV SpamAssassin
Connect        
HELO        
AUTH        
MAIL FROM        
RCPT TO        
End-of-DATA
Proxy        
Disconnect        
Pre-delivery        
Post-delivery        

9.1. Functions

integrations.globalview(ip)

Query the embedded Cyren IP reputation, ctipd.

Parameters:ip (string) – IP or IPv6 address to check
Returns:the recommended action to take for the ip accept, tempfail or permfail.
Return type:string
integrations.ScanRPD([options])

Scan the message using Cyren; anti-spam ctasd (RPD and LocalView) and zero-hour malware detection (VOD). It runs in either inbound or outbound mode, and it’s important to configure this correctly with the outbound option.

Parameters:options (array) – options array
Returns:score or refid
Return type:number, string or array

The following options are available in the options array.

  • refid (boolean) Return RefID (used to report FN and FP). The default is false.
  • outbound (boolean) Use RPD in outbound mode. The default is false.
  • extended_result (boolean) Return extended results. The default is false.
  • senderip (string) Change the value of the X-CTCH-SenderIP header.
  • mailfrom (string) Change the value of the X-CTCH-MailFrom header.
  • senderid (string) Set the value of the X-CTCH-SenderID header (only for outbound).
  • rcptcount (number) Set the value of the X-CTCH-RcptCount header (only for outbound).

The following results are available in the extended results array.

  • refid (string) The refid
  • rules (array) The LocalView spam rules matched
  • spam_score (number) The spam score
  • spam_class (string) The spam class
  • virus_score (number) The virus score
  • virus_class (string) The virus class

On error the following items are available.

  • error (boolean) Indicates if there was an error during the scanning

RPD’s anti-spam classification scores and class names

Score Class Description
0 non-spam, unknown Unknown
10 suspect Suspect
40 valid-bulk Valid bulk
50 bulk Bulk
100 spam Spam

RPD’s anti-virus classification scores and class names

Score Class Description
0 non-virus, unknown Unknown
50 medium Medium probability
100 virus, high High probability
integrations.ScanSA([options])

Scan the message using SpamAssassin.

Parameters:options (array) – options array
Returns:score or rules
Return type:number or array

The following options are available in the options array.

  • rules (boolean) Return rules in an associative array with scores. The default is false.
  • extended_result (boolean) Return extended results. The default is false.
  • sender (string) Change the value of the X-Envelope-From header. The default is the sender address.

The following results are available in the extended results array.

  • rules (array) The rules matched
  • scantime (number) The actual scan time in seconds (excluding waiting time)

On error the following items are available.

  • error (boolean) Indicates if there was an error during the scanning
  • scantime (number) The actual scan time in seconds (excluding waiting time)
Builtin rules Score Description
NOT_SCANNED_TOO_BIG 0 Message was to big too big to be scanned
NOT_SCANNED_QUEUE_TOO_LONG 0 Queue was too long to SpamAssassin

Note

A score of 5 or higher is what most people accept to be considered spam.

integrations.ScanKAV([options])

Scan the message using the Sophos anti-virus.

Parameters:options (array) – options array
Returns:any viruses found
Return type:array

The following options are available in the options array.

  • extended_result (boolean) Return extended results. The default is false.

The following results are available in the extended results array.

  • rules (array) The rules matched
  • result (array) The result code (number) and text (string) from Sophos (if available)

On error the following items are available.

  • error (boolean) Indicates if there was an error during the scanning
  • result (array) The result code (number) and text (string) from Sophos (if available)
integrations.ScanCLAM([options])

Scan the message using ClamAV anti-virus.

Parameters:options (array) – options array
Returns:any viruses found
Return type:array

The following options are available in the options array.

  • extended_result (boolean) Return extended results. The default is false.
  • signature_exclude (array) List of signatures to ignore / whitelist.

The following results are available in the extended results array.

  • rules (array) The rules matched

On error the following items are available.

  • error (boolean) Indicates if there was an error during the scanning