9. Integrations¶
Halon provides integrations with various security vendors, the embedded anti-spam and anti-virus engines are only available in the full system distribution (virtual machine) package. All connectors are available in the script library.
| Context | Cyren IPrep | Cyren RPD | SophosAV | ClamAV | SpamAssassin |
|---|---|---|---|---|---|
| Connect | ✓ | ||||
| HELO | ✓ | ||||
| AUTH | ✓ | ||||
| MAIL FROM | ✓ | ||||
| RCPT TO | ✓ | ||||
| End-of-DATA | ✓ | ✓ | ✓ | ✓ | ✓ |
| Proxy | ✓ | ||||
| Disconnect | ✓ | ||||
| Pre-delivery | ✓ | ||||
| Post-delivery | ✓ |
9.1. Functions¶
-
globalview(ip)¶ Query the embedded Cyren IP reputation,
ctipd.Parameters: ip (string) – IP or IPv6 address to check Returns: the recommended action to take for the ip accept,tempfailorpermfail.Return type: string
-
ScanRPD([options])¶ Scan the message using Cyren; anti-spam
ctasd(RPD and LocalView) and zero-hour malware detection (VOD). It runs in either inbound or outbound mode, and it’s important to configure this correctly with the outbound option.Parameters: options (array) – options array Returns: score or refid Return type: number, string or array The following options are available in the options array.
- refid (boolean) Return RefID (used to report FN and FP). The default is
false. - outbound (boolean) Use RPD in outbound mode. The default is
false. - extended_result (boolean) Return extended results. The default is
false. - senderip (string) Change the value of the X-CTCH-SenderIP header.
- mailfrom (string) Change the value of the X-CTCH-MailFrom header.
- senderid (string) Set the value of the X-CTCH-SenderID header (only for outbound).
- rcptcount (number) Set the value of the X-CTCH-RcptCount header (only for outbound).
The following results are available in the extended results array.
- refid (string) The refid
- rules (array) The LocalView spam rules matched
- spam_score (number) The spam score
- spam_class (string) The spam class
- virus_score (number) The virus score
- virus_class (string) The virus class
On error the following items are available.
- error (boolean) Indicates if there was an error during the scanning
RPD’s anti-spam classification scores and class names
Score Class Description 0 non-spam, unknown Unknown 10 suspect Suspect 40 valid-bulk Valid bulk 50 bulk Bulk 100 spam Spam RPD’s anti-virus classification scores and class names
Score Class Description 0 non-virus, unknown Unknown 50 medium Medium probability 100 virus, high High probability - refid (boolean) Return RefID (used to report FN and FP). The default is
-
ScanSA([options])¶ Scan the message using SpamAssassin.
Parameters: options (array) – options array Returns: score or rules Return type: number or array The following options are available in the options array.
- rules (boolean) Return rules in an associative array with scores. The default is
false. - extended_result (boolean) Return extended results. The default is
false. - sender (string) Change the value of the X-Envelope-From header. The default is the sender address.
The following results are available in the extended results array.
- rules (array) The rules matched
- scantime (number) The actual scan time in seconds (excluding waiting time)
On error the following items are available.
- error (boolean) Indicates if there was an error during the scanning
- scantime (number) The actual scan time in seconds (excluding waiting time)
Builtin rules Score Description NOT_SCANNED_TOO_BIG 0 Message was to big too big to be scanned NOT_SCANNED_QUEUE_TOO_LONG 0 Queue was too long to SpamAssassin Note
A score of 5 or higher is what most people accept to be considered spam.
- rules (boolean) Return rules in an associative array with scores. The default is
-
ScanKAV([options])¶ Scan the message using the Sophos anti-virus.
Parameters: options (array) – options array Returns: any viruses found Return type: array The following options are available in the options array.
- extended_result (boolean) Return extended results. The default is
false.
The following results are available in the extended results array.
- rules (array) The rules matched
- result (array) The result
code(number) andtext(string) from Sophos (if available)
On error the following items are available.
- error (boolean) Indicates if there was an error during the scanning
- result (array) The result
code(number) andtext(string) from Sophos (if available)
- extended_result (boolean) Return extended results. The default is
-
ScanCLAM([options])¶ Scan the message using ClamAV anti-virus.
Parameters: options (array) – options array Returns: any viruses found Return type: array The following options are available in the options array.
- extended_result (boolean) Return extended results. The default is
false. - signature_exclude (array) List of signatures to ignore / whitelist.
The following results are available in the extended results array.
- rules (array) The rules matched
On error the following items are available.
- error (boolean) Indicates if there was an error during the scanning
- extended_result (boolean) Return extended results. The default is