Table of Contents

Configuration files

Introduction

There are three kind of files used to configure ze-filter and to set up filtering parameters.

The first one, ze-filter.cf, is the main configuration file, and contains information like activation of some filtering methods, global thresholds, action to be taken when some criteria is matched.

The other two, tables and databases, typically contain detailed information needed to perform filtering. Tables are text files loaded by the filter into memory while databases are large sets of data stored in files.

Databases are used when the filter needs to get the value associated to some key → this means it can get the information needed in a well defined and upper bounded number of queries. Tables are used when the filter need to browse all parameters. Usually, databases are better, but many times they aren't well suited to be used. E.g., a regular expression can't be used to define a key in a database.

As a consequence, filter performance is much more sensitive to the number of entries in tables than in databases.

Global configuration file

Configuration tables

ze-regex regular expressions
ze-oradata Heuristic oracle filter
ze-xfiles Define exe file extensions
ze-error-msg Error/reject messages returned by filter
ze-tables

Configuration databases

Those databases are bdb databases, produced from text files and generated by a “make”. A simple make inside the /var/ze-filter/cdb and the modified databases are rebuilt and the filter reloaded. The source files are text files and imagine lines like that:

Prefix:Key          Value
Some notes :
  • A line beginning with a “#” is considered as a comment and discarded - Comments aren't allowed in the same line containing database entries
  • Lines can't be continued
  • When duplicate entries are found, the last one is discarded

Policy Database is very important, it contains the definitions of your network and the associated privileges (checks or not), class for rate limiting

Database Contents
ze-policy.db Policy Database
ze-rcpt.db Recipient access database if enabled
ze-urlbl.db URL blacklist if enabled
ze-bayes.db
ze-bayes-md5.db
Bayesian filter database if enabled