# Copyright (c) 2010 Flowerfire, Inc.  All Rights Reserved.
scanmail_for_exchange = {

  plugin_version = "1.0"

  # 2007-09-13 - 1.0 - KBB - added version number and changed file name from
  #                          beta_scanmail_for_exchange.cfg

  # The name of the log format
  log.format.format_label = "Scanmail For Exchange Log Format"
  log.miscellaneous.log_data_type = "csv"
  log.miscellaneous.log_format_type = "mail_server"

  # The log is in this format if any of the first few lines match this regular expression
  log.format.autodetect_expression = `
(volatile.log_data_line eq 'Date & time,Description,') or
(volatile.log_data_line eq 'Scan time,Delivery time,Found at,Sender,Recipient,Subject,Policy/Rule name,Filename,Action,') or
(volatile.log_data_line eq 'Scan time,Delivery time,Found at,Sender,Recipient,Subject,Virus name,Filename,Action,')
`
  log.format.autodetect_lines = "3"

  # Log fields
  log.fields = {

    date = ""
    time = ""
    date___time.label = "Date & time"
    description = ""
    scan_time = ""
    delivery_time = ""
    found_at = ""
    sender = ""
    recipient = ""
    subject = ""
    policy_rule_name = ""
    filename = ""
    action = ""
    virus_name = ""

  } # log.fields


  # Log Parsing Filters
  log.parsing_filters.parse = `
if (matches_regular_expression(date___time, '^([0-9-]+) ([0-9:]+)$')) then (
  date = $1;
  time = $2;
);
else if (matches_regular_expression(scan_time, '^([0-9-]+) ([0-9:]+)$')) then (
  date = $1;
  time = $2;
);
`


  # Database fields
  database.fields = {

    date_time = ""
    hour_of_day = ""
    day_of_week = ""
    description = ""
    scan_time = ""
    delivery_time = ""
    found_at = ""
    sender = ""
    recipient = ""
    subject = ""
    policy_rule_name = ""
    filename = ""
    action = ""
    virus_name = ""

  } # database.fields

  database.numerical_fields = {

    events = {
      default = true
      requires_log_field = false
      entries_field = true
    } # events

  } # database.numerical_fields

  log.filters = {

    mark_entry = {
      label = '$lang_admin.log_filters.mark_entry_label'
      comment = '$lang_admin.log_filters.mark_entry_comment'
      value = 'events = 1;'
    } # mark_entry

  } # log.filters

  create_profile_wizard_options = {

    # How the reports should be grouped in the report menu
    report_groups = {
      date_time_group = ""
      description = true
      scan_time = true
      delivery_time = true
      found_at = true
      sender = true
      recipient = true
      subject = true
      policy_rule_name = true
      filename = true
      action = true
      virus_name = true
    } # report_groups

  } # create_profile_wizard_options

} # scanmail_for_exchange