path: root/app-antivirus/antivir-webgate/files/1.3.0_p12/avwebgate.conf

#
# sample AvWebGate configuration file
#

# This file shows the available options to configure AvWebGate.
# Lines beginning with '#' are comments and are ignored. If you
# want to change the value of an option, please uncomment the
# line. Otherwise default values (shown here) are used, unless
# otherwise indicated.

# Used to specify the location of the antivir binary, the VDF,
# the keyfile, and some other files.
AntiVirDir %AVHOMEDIR%

# Template directory
TemplateDir %AVHOMEDIR%/avwebgate.tpl

# Maximum number of open files
OpenMax 1024

# Processes
NumDaemons 16
DNSHelpers 8

# Timeouts
ClientTimeout 60
ServerTimeout 300

# Specify the port on which AvWebGate listens for HTTP requests.
# Web-based FTP requests are also handled on this port. In addition
# to the port number, you may optionally specify a hostname or IP
# address to which AvWebGate binds the socket. If you do not specify
# any port(s), AvWebGate listens on port 8080 for HTTP requests by
# default. If you specify at least one of FTPPort or ICAPPort,
# AvWebGate does not open a port for HTTP requests as long as
# HTTPPort is commented out (default).
# Usage: HTTPPort [hostname_or_ip:]port
# Note: If you have installed AvWebGate as a parent proxy on the
#       same machine as your existing proxy, it is recommended to
#       use "HTTPPort 127.0.0.1:8080" for example. If a hostname
#       or IP is not given, then the port will be bound to all
#       interfaces.
HTTPPort 127.0.0.1:80

# AvWebGate can be used as a "real" FTP proxy (talking FTP to the
# clients). In order to enable this feature, you need to specify
# a port on which AvWebGate listens for FTP connections. In addition
# to the port number, you may optionally specify a hostname or IP
# address to which AvWebGate binds the socket. If you specify an
# FTPPort, AvWebGate does not open a port for HTTP requests unless 
# HTTPPort is specified explicitly (uncommented).
# Usage: FTPPort [hostname_or_ip:]port
#FTPPort 127.0.0.1:2121

# AvWebGate can be used as an ICAP server. To enable ICAP support,
# you need to specify a port, optionally along with a hostname or
# IP address, to which AvWebGate binds the socket. If you specify an
# ICAPPort, AvWebGate does not open a port for HTTP requests unless
# HTTPPort is specified explicitly (uncommented).
# Usage: ICAPPort [hostname_or_ip:]port
# AvWebGate supports ICAP version "1.0"
#ICAPPort 127.0.0.1:1344

# AvWebGate will switch the user and group as soon as possible after
# the startup. You may specify a user and/or group to which AvWebGate
# will switch to. Note that you must run AvWebGate as root initially.
# If you don't want AvWebGate to start as root initially, you must
# specify the current user/group here, otherwise the start will
# fail.
User %AVUSER%
Group %AVGROUP%

# AvWebGate is able to tunnel requests performed over SSL (HTTPS).
# Because the data can not be decrypted, the data will NOT be
# scanned. However, the handshake is checked to determine if it 
# is a valid  SSL handshake. Although this adds an extra security
# check, this does not solve the underlaying problem, SSL data will
# NOT be checked, AvWebGate does not interfere with the transaction,
# but merely forwards the data. 
# Attention: HTTPS data will _NOT_ be scanned.
AllowHTTPSTunnel 1

# Allows AvWebGate to establish a tunnel connection to any port
# allowed for HTTP if a CONNECT method request is received.
# WARNING: USE THIS OPTION WITH CAUTION. AvWebGate does not
# check the data transferred over the tunnel connection! Use
# "AllowHTTPSTunnel" instead if you want to limit the allowed
# connections to the ports 443 (HTTPS) and 563 (SNEWS).
AllowHTTPConnect 1

# For security reasons, AvWebGate restricts HTTPS connections to 
# IANA-assigned ports 443 (HTTPS) and 563 (SNEWS). If you want to
# allow HTTPS connections to non-standard ports, you can do so by
# adding the desired ports to this list. Each port will be separated 
# by a comma or a whitespace. 
AllowedHTTPConnectPorts 443 873

# It is possible to limit the maximum number of allowed simultaneous
# connections AvWebGate accepts.
MaxConnections 256

# In order to prevent client timeouts with large downloads, AvWebGate
# must send the client keepalive messages. There are three different
# methods for timeout prevention. If the client was identified as
# a browser, the progress status is sent as refreshing HTML pages.
# The RefreshInterval specifies the number of seconds between
# status updates. This method of timeout prevention can be disabled
# by setting RefreshInterval to 0. If RefreshInterval is not
# specified, this method of timeout prevention is disabled.
#RefreshInterval 10
#RefreshDelay 3
#RefreshTimeout 60
#RefreshSkipFileExtensions htm,html,shtml,css,gif,jpg,jpeg,png,swf,flv

# If the refresh method is not used (because it is disabled or
# the client is a non-browser) redirect messages can be sent to the
# client. The RedirectInterval specifies the delay time in seconds
# for sending redirect messages. This method of timeout prevention
# can be disabled by settings RedirectInterval to 0. If
# RedirectInterval is not specified, this method of timeout
# prevention is disabled.
# Note: This method does not work with every client. Use the
#       KeepaliveInterval option instead if problems occur.
#RedirectInterval 10

# If the refresh and redirect methods are not used (because they
# are disabled or they are not appropriate) extended header data can
# be sent to the client to prevent timeouts. The KeepaliveInterval
# specifies the delay time in seconds for sending extended header
# data. This method of timeout prevention can be disabled by
# setting KeepaliveInterval to 0.
KeepaliveInterval 10
KeepaliveMode header
#KeepaliveMode trickle
#KeepaliveDelay 30

# Used for Refresh and Redirect client timeout prevention methods
#ProgressAutoSend 1
#ProgressFilesizeThreshold 20MB
#ProgressHoldTime 3600
#ProgressHoldTimeAfterGetFile 1800
#ProgressHost proxy.example.com

# If you want to use an optional parent HTTP proxy, AvWebGate needs
# information to connect to the proxy where the requests are forwarded.
# You can also specify a username and password if they are needed for
# the proxy.
#HTTPProxyServer 127.0.0.1
#HTTPProxyPort 3128
#HTTPProxyUsername username
#HTTPProxyPassword password

# If you want to use an optional parent FTP proxy, you need to specify
# the hostname or IP address of that proxy along with the port number
# on which the proxy is accepting "real" FTP connections.
#FTPProxyServer your.proxy
#FTPProxyPort 8080

# You can change the directory where temporary files are stored
# (for example, while they are being scanned).
TemporaryDir %AVTMPDIR%

# By default, all files in archives are going to be extracted
# and scanned. Limits can be specified with ArchiveMaxSize,
# ArchiveMaxRecursion and ArchiveMaxRatio. It is NOT recommended
# that this option is disabled (value of 0).
ArchiveScan 1

# If ArchiveMaxSize is 0, all files in archives will be extracted,
# otherwise files only up to the given size will be extracted.
ArchiveMaxSize 100MB

# If ArchiveMaxRecursion is 0, recursive archives are going to be
# unpacked with an unlimited recursion depth, otherwise recursive
# archives are going to be unpacked up to the given recursion
# depth.
ArchiveMaxRecursion 20

# If ArchiveMaxRatio is 0, archives will always be unpacked completely,
# otherwise they will only be unpacked completely if the compression
# ratio is below the specified value.
ArchiveMaxRatio 150

# If BlockSuspiciousArchive is enabled, archives that reach one
# of the limits above will be blocked.
BlockSuspiciousArchive 0

# If BlockEncryptedArchive is enabled, encrypted archives will
# be blocked.
BlockEncryptedArchive 0

# If BlockPartialArchive is enabled, multi-volume archives will
# be blocked.
BlockPartialArchive 0

# AvWebGate will block files that have one of the specified file
# extensions. Note that filenames in archives will also be matched.
# The extensions can be separated by either space, comma or semicolon.
# There is no default value for this directive.
#BlockExtensions exe scr pif

# By default, blocked files are discarded. In order to move the
# concerning files to a quarantine directory, you may specify a
# directory where the files will be moved to.
MoveConcerningFilesTo %AVSPOOLDIR%/quarantine

# Concerning activity may also be logged to a specified file
# (in addition to syslog). You must specify the file. If this
# directive is not specified, logging will only occur through
# syslog.
#LogFile /var/log/avwebgate.log

# It is possible to specify the amount of events that are logged by
# AvWebGate (0-7). 0 logs only critical information, whereas 7 will
# log everything (including debugging output). A value of 4 or 5 is
# recommended.
LogLevel 4
DebugLevel 4

# Regardless of the above configuration settings, AvWebGate will
# always log important information using syslog. It is possible
# to specify which syslog facility you would like AvWebGate to
# use.
SyslogFacility daemon

# You can receive email notifications of alerts using this
# directive. You must specify the email address to which the
# notification will be sent. There is no default value for
# this directive.
#EmailTo hostmaster@example.com

# AvWebGate can add an X-Forwarded-For header to the HTTP request
# including the IP address of the originating client. This
# is useful if a subsequent proxy (parent) wants to use the
# original client address in access controls, logs etc.
AddXForwardedForHeader 0

# You can restrict access to selected clients or (sub)networks
# based on their IP addresses. A network address can be specified
# with a '/' and a number of bits to match (e.g. 192.168.1.0/24).
# If the number of bits is not specified, the netmask will be
# determined from the given address (for example, 192.168.0.0 is
# treated the same as 192.168.0.0/16).
# Note: If you do not specify any IP addresses, access is granted
#       to everybody. If you specify one or more IP addresses,
#       access is allowed only to the specified addresses and
#       is denied for all others.
#AllowClientAddresses 127.0.0.0/8 192.168.0.0/16
AllowClientAddresses 127.0.0.0/8

# WebGate can deny access to specific user agents. You can specify
# one or more user agent string that will be denied access. The
# main purpose is to avoid unnecessary traffic generated by clients
# issuing range requests (such as Microsoft's BITS
# "Background Intelligent Transfer Service") or streaming services
# (such as Apple's iTunes). Range requests and data streaming are
# only permitted if specified in an AclConfigFile.
ForbiddenUserAgents BITS iTunes

# You can limit connections to selected destination ports. You
# may specify one or more single ports (e.g 21 and 80) or port
# ranges. You can specify ranges with a '-' between two port
# numbers (e.g. 1025-65535). Note that there are no whitespaces
# allowed between the two port numbers when specifying a range.
# Note: If you do not specify at least one port, connections
#       will be allowed to all destination ports.
AllowDestinationPorts 21 80 443 873 1025-65535

# WebGate can also support more complex rules by implementing a Squid-like 
# access control scheme. To use the access control scheme you must create
# a new configuration file containing the rules describing the desired
# behavior and have AclConfigFile contain the path to it. The syntax 
# supported by the access control scheme is described in the Manual.
AclConfigFile %AVCONFDIR%/avwebgate.acl

# List of categories that are blocked by WebGate when Avira Web Access 
# and Content Control library is enabled. Categories can be specified 
# as single categories (e.g 1 and 3 ) or category ranges. You can 
# specify ranges with a '-' between to category numbers. 
# To use the URL filtering capabilities of WebGate a valid WebGate Suite
# license must be installed
# Note: For a list of all categories please consult the Manual
#WSBlockCategories 0-2 12 14 61

# These settings allow for the detection of certain categories of software
# which are not viruses but might not be wanted. Here is a description of
# the categories.
# ADSPY: Software that displays advertising pop-ups or software that very
#        often without the user's consent sends user specific data to
#        third parties and might therefore be unwanted.
# APPL: The term APPL/ denotes an application of dubious origin or which
#       might be hazardous to use.
# BDC: Is the Control software for backdoors. Control software for
#      backdoors are generally harmless.
# DIAL: A Dial-Up program for connections that charge a fee. Its use might
#       lead to huge costs for the user.
# GAME: It concerns a game that causes no damage on your computer.
# HEUR-DBLEXT: File has an executable file extension but hides it behind a
#              harmless one.
# JOKE: A harmless joke program is present as file.
# PCK: File has been compressed with an unusual runtime compression tool.
#      Please make sure that this file comes from a trustworthy source.
# PHISH: Faked Emails that are supposed to prompt the victim to reveal
#        confidential information such as user accounts, passwords or
#        online-banking data on certain websites.
# SPR: Software that maybe able to compromise the security of your system,
#      initiate unwanted program activities, damage your privacy or spy
#      out your user behaviour and might therefore be unwanted.
# Detection can be enabled/disabled with yes/no parameters respectively.
DetectADSPY yes
DetectAPPL yes
DetectBDC yes
DetectDIAL yes
DetectGAME yes
DetectHEUR-DBLEXT yes
DetectJOKE yes
DetectPCK yes
DetectPHISH yes
DetectSPR yes

# AntiVir is capable of using heuristics to determine if a file
# may be malicious. This allows new or unknown malicious code to
# be detected before you have had a chance to perform an update.
# There are two types of heuristics that AntiVir uses. The
# first, HeuristicsMacro, only deals with macros in office
# documents. This can be enabled/disabled with yes/no respectively.
# The second, HeuristicsLevel, deals with all types of files and
# can be set to a certain level of intensity (0-3). 0 means
# disabled and 3 means full intensity.
# Note: Be aware that setting the HeuristicsLevel too high could
#       result in false alerts.
HeuristicsMacro yes
HeuristicsLevel 2

# Uncomment this directive to allow the GUI to communicate with
# AvWebGate. If this is enabled, AvWebGate will open an extra
# TCP Port on the loopback interface. This should only be used
# if you intend to use the GUI.
#GuiSupport yes

# These are SSL Parameters used for secure communication with
# the GUI.
#GuiCertFile /usr/lib/AntiVir/gui/cert/server.pem
#GuiCertPass antivir_default
#GuiCAFile /usr/lib/AntiVir/gui/cert/cacert.pem
#GuiRandFile /dev/urandom