amavis - postfix - clamav - antvir - bdc -fprot -spamassassin - Re: Kein Header-Eintrag von amavis
Am Sonntag, 22. Januar 2006 23:22 schrieb Al Bogner:
> Ich habe viele Mais an die ML bzgl. amavisd gelesen, bin aber nicht fündig
> geworden, warum ich keinen Header-Eintrag mit client4 habe.
Ich habe nun zusammengeschrieben, was ich tat, damit es bei _mir_ nun klappt.
Es wurden so weit möglich Default-Werte übernommen.
Laut Amavis-ML fehlen dem Debian-Paket von amavisd-new mit aufgeteilten
Konfigurationsdateien wichtige Variablen. Achtung auf die umbrochenen Zeilen!
# purge amavis *clam* *spam* um sicherzugehen,
#dass alte Konfigurationen nicht Dienste blocken
# install amavis *clam* *spam*
# darauf achten, dass auch clamav-daemon installiert ist
dpkg-reconfigure --priority=low postfix
#Internet with smarthost
/etc/postfix/main.cf
# zu Default hinzufügen:
# content_filter = smtp-amavis:[127.0.0.1]:10024 hinzufügen
# myhostname anpassen
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no
append_dot_mydomain = no
myhostname = client8.local.FQDN
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = client8.local.FQDN, localhost.local.FQDN, localhost
relayhost = smtp.local.FQDN
mynetworks = 127.0.0.0/8
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
content_filter = smtp-amavis:[127.0.0.1]:10024
/etc/postfix/master.cf
# ab smtp-amavis unix u.a. hinzufügen
smtp inet n - - - - smtpd
pickup fifo n - - 60 1 pickup
cleanup unix n - - - 0 cleanup
qmgr fifo n - - 300 1 qmgr
rewrite unix - - - - - trivial-rewrite
bounce unix - - - - 0 bounce
defer unix - - - - 0 bounce
trace unix - - - - 0 bounce
verify unix - - - - 1 verify
flush unix n - - 1000? 0 flush
proxymap unix - - n - - proxymap
smtp unix - - - - - smtp
relay unix - - - - - smtp
showq unix n - - - - showq
error unix - - - - - error
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail
($recipient)
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -d -t$nexthop -f$sender
$recipient
scalemail-backend unix - n n - 2 pipe
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store
${nexthop} ${user} ${extension}
tlsmgr unix - - - 1000? 1 tlsmgr
scache unix - - - - 1 scache
discard unix - - - - - discard
smtp-amavis unix - - - - 2 smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
-o disable_dns_lookups=yes
-o max_use=20
127.0.0.1:10025 inet n - - - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_delay_reject=no
-o smtpd_client_restrictions=permit_mynetworks,reject
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o smtpd_data_restrictions=reject_unauth_pipelining
-o smtpd_end_of_data_restrictions=
-o mynetworks=127.0.0.0/8
-o strict_rfc821_envelopes=yes
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
-o smtpd_client_connection_count_limit=0
-o smtpd_client_connection_rate_limit=0
-o
receive_override_options=no_header_body_checks,no_unknown_recipient_checks
#/etc/init.d/postfix reload
/etc/amavis/conf.d/15-av_scanners
# F-prot muss aus dem Backup-Bereich (secondary scanner) in den Bereich davor
kopiert werden
use strict;
@av_scanners = (
['ClamAV-clamd',
\&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd.ctl"],
qr/\bOK$/, qr/\bFOUND$/,
qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
['KasperskyLab AVP - aveclient',
['/usr/local/kav/bin/aveclient','/usr/local/share/kav/bin/aveclient',
'/opt/kav/bin/aveclient','aveclient'],
'-p /var/run/aveserver -s {}/*', [0,3,6,8], qr/\b(INFECTED|SUSPICION)\b/,
qr/(?:INFECTED|SUSPICION) (.+)/,
],
['KasperskyLab AntiViral Toolkit Pro (AVP)', ['avp'],
'-* -P -B -Y -O- {}', [0,3,6,8], [2,4], # any use for -A -K ?
qr/infected: (.+)/,
sub {chdir('/opt/AVP') or die "Can't chdir to AVP: $!"},
sub {chdir($TEMPBASE) or die "Can't chdir back to $TEMPBASE $!"},
],
['KasperskyLab AVPDaemonClient',
[ '/opt/AVP/kavdaemon', 'kavdaemon',
'/opt/AVP/AvpDaemonClient', 'AvpDaemonClient',
'/opt/AVP/AvpTeamDream', 'AvpTeamDream',
'/opt/AVP/avpdc', 'avpdc' ],
"-f=$TEMPBASE {}", [0,8], [3,4,5,6], qr/infected: ([^\r\n]+)/ ],
['H+BEDV AntiVir or CentralCommand Vexira Antivirus',
['antivir','vexira'],
'--allfiles -noboot -nombr -rs -s -z {}', [0], qr/ALERT:|VIRUS:/,
qr/(?x)^\s* (?: ALERT: \s* (?: \[ | [^']* ' ) |
(?i) VIRUS:\ .*?\ virus\ '?) ( [^\]\s']+ )/ ],
['Command AntiVirus for Linux', 'csav',
'-all -archive -packed {}', [50], [51,52,53],
qr/Infection: (.+)/ ],
['Symantec CarrierScan via Symantec CommandLineScanner',
'cscmdline', '-a scan -i 1 -v -s 127.0.0.1:7777 {}',
qr/^Files Infected:\s+0$/, qr/^Infected\b/,
qr/^(?:Info|Virus Name):\s+(.+)/ ],
['Symantec AntiVirus Scan Engine',
'savsecls', '-server 127.0.0.1:7777 -mode scanrepair -details -verbose
{}',
[0], qr/^Infected\b/,
qr/^(?:Info|Virus Name):\s+(.+)/ ],
['F-Secure Antivirus', 'fsav',
'--dumb --mime --archive {}', [0], [3,8],
qr/(?:infection|Infected|Suspected): (.+)/ ],
['CAI InoculateIT', 'inocucmd', # retired product
'-sec -nex {}', [0], [100],
qr/was infected by virus (.+)/ ],
['CAI eTrust Antivirus', 'etrust-wrapper',
'-arc -nex -spm h {}', [0], [101],
qr/is infected by virus: (.+)/ ],
['MkS_Vir for Linux (beta)', ['mks32','mks'],
'-s {}/*', [0], [1,2],
qr/--[ \t]*(.+)/ ],
['MkS_Vir daemon', 'mksscan',
'-s -q {}', [0], [1..7],
qr/^... (\S+)/ ],
['ESET Software NOD32', 'nod32',
'--arch --mail {}', [0], [1,10], qr/^object=.*, virus="(.*?)",/ ],
['ESET Software NOD32 - Client/Server Version', 'nod32cli',
'-a -r -d recurse --heur standard {}', [0], [10,11],
qr/^\S+\s+infected:\s+(.+)/ ],
['Norman Virus Control v5 / Linux', 'nvcc',
'-c -l:0 -s -u -temp:$TEMPBASE {}', [0,10,11], [1,2,14],
qr/(?i).* virus in .* -> \'(.+)\'/ ],
['Panda Antivirus for Linux', ['pavcl'],
'-aut -aex -heu -cmp -nbr -nor -nso -eng {}',
qr/Number of files infected[ .]*: 0+(?!\d)/,
qr/Number of files infected[ .]*: 0*[1-9]/,
qr/Found virus :\s*(\S+)/ ],
['NAI McAfee AntiVirus (uvscan)', 'uvscan',
'--secure -rv --mime --summary --noboot - {}', [0], [13],
qr/(?x) Found (?:
\ the\ (.+)\ (?:virus|trojan) |
\ (?:virus|trojan)\ or\ variant\ ([^ ]+) |
:\ (.+)\ NOT\ a\ virus)/,
],
['VirusBuster', ['vbuster', 'vbengcl'],
"{} -ss -i '*' -log=$MYHOME/vbuster.log", [0], [1],
qr/: '(.*)' - Virus/ ],
['CyberSoft VFind', 'vfind',
'--vexit {}/*', [0], [23], qr/##==>>>> VIRUS ID: CVDL (.+)/,
],
['Ikarus AntiVirus for Linux', 'ikarus',
'{}', [0], [40], qr/Signature (.+) found/ ],
['BitDefender', 'bdc',
'--all --arc --mail {}', qr/^Infected files *:0+(?!\d)/,
qr/^(?:Infected files|Identified viruses|Suspect files) *:0*[1-9]/,
qr/(?:suspected|infected): (.*)(?:\033|$)/ ],
['FRISK F-Prot Antivirus', ['f-prot','f-prot.sh'],
'-dumb -archive -packed {}', [0,8], [3,6],
qr/Infection: (.+)/ ],
['check-jpeg',
sub { use JpegTester (); Amavis::AV::ask_av(\&JpegTester::test_jpeg, @_) },
["{}/*"], undef, [1], qr/^(bad jpeg: .*)$/ ],
);
@av_scanners_backup = (
['ClamAV-clamscan', 'clamscan',
"--stdout --disable-summary -r --tempdir=$TEMPBASE {}", [0], [1],
qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
['FRISK F-Prot Antivirus', ['f-prot','f-prot.sh'],
'-dumb -archive -packed {}', [0,8], [3,6],
qr/Infection: (.+)/ ],
['Trend Micro FileScanner', ['/etc/iscan/vscan','vscan'],
'-za -a {}', [0], qr/Found virus/, qr/Found virus (.+) in/ ],
['drweb - DrWeb Antivirus',
['/usr/local/drweb/drweb', '/opt/drweb/drweb', 'drweb'],
'-path={} -al -go -ot -cn -upn -ok-',
[0,32], [1,9,33], qr' infected (?:with|by)(?: virus)? (.*)$'],
['KasperskyLab kavscanner', ['/opt/kav/bin/kavscanner','kavscanner'],
'-i1 -xp {}', [0,10,15], [5,20,21,25],
qr/(?:CURED|INFECTED|CUREFAILED|WARNING|SUSPICION) (.*)/ ,
sub {chdir('/opt/kav/bin') or die "Can't chdir to kav: $!"},
sub {chdir($TEMPBASE) or die "Can't chdir back to $TEMPBASE $!"},
],
);
1; # insure a defined return
dpkg-reconfigure clamav-base
# darauf achten, dass der User clamav in die Gruppe amavis eingetragen wird
z.B. amavis:x:112:clamav
Alternative:
gpasswd -a clamav amavis
#/etc/clamav/clamd.conf benötigt diesen Eintrag:
#AllowSupplementaryGroups
# war aber nicht auf allen PC so:
chown -R amavis:amavis /var/lib/amavis
chmod -R 750 /var/lib/amavis
#/etc/init.d/amavis stop
#/etc/init.d/clamav-daemon stop
#/etc/init.d/clamav-daemon start
#/etc/init.d/amavis start
/etc/amavis/conf.d/15-content_filter_mode
# darauf achten, dass die Zeilen unten freigeschaltet sind
use strict;
@bypass_virus_checks_maps = (
\%bypass_virus_checks, \@bypass_virus_checks_acl,
\$bypass_virus_checks_re);
@bypass_spam_checks_maps = (
\%bypass_spam_checks, \@bypass_spam_checks_acl, \$bypass_spam_checks_re);
1; # insure a defined return
/etc/amavis/conf.d/50-user
use strict;
# mydomain anpassen
# sa_tag_level_deflt anpassen, Wert kann benutzt werden um unterschiedliche
# Rechner zu identifizieren
$mydomain = 'client8.local.FQDN';
@local_domains_maps = ( [".$mydomain"] );
$sa_tag_level_deflt = -28.0; # add spam info headers if at, or above that
level
$max_servers = 2; # number of pre-forked children (default 2)
$max_requests = 20; # retire a child after that many accepts (default 10)
$child_timeout=5*60; # abort child if it does not complete each task in
1; # insure a defined return
/etc/init.d/postfix reload
/etc/init.d/amavis stop
/etc/init.d/clamav-daemon stop
/etc/init.d/clamav-daemon start
/etc/init.d/amavis start
oder Neustart
Danach kann das Finetuning beginnen.
Al
Reply to: