[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Amavis + Postfix + Clamav

Pessoal,

Configurei o Postfix para trabalhar com o Amavis-New + Clamav

A configuraçao ficou da seguinte forma:

/etc/postfix/main.cf

# Para o Clamav trabalhar com Postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
soft_bounce = yes

/etc/postfix/master.cf

# Amavis + Clamav
smtp-amavis unix - - n - 2 smtp -o smtp_data_done_timeout=1200 -o disable_dns_lookups=yes
127.0.0.1:10025 inet n - n - - smtpd -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_client_restrictions= -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o mynetworks=127.0.0.0/8 -o strict_rfc821_envelopes=yes
Esta funcionando ... Qdo envio um virus a um usuario da rede ele é barrado e eu recebo a notificaçao que tentei enviar um virus ... 

mas estou achando meu log estranho ....

Vamos por partes ....

Iniciando o Amavis-New
Mar 17 18:35:38 diamond amavis[28927]: starting. amavisd-new at diamond amavisd-new-20030616-p5 
Mar 17 18:35:38 diamond amavis[28927]: Perl version               5.006001
Mar 17 18:35:38 diamond amavis[28927]: Module Amavis::Conf        1.15
Mar 17 18:35:38 diamond amavis[28927]: Module Archive::Tar        0.22
Mar 17 18:35:38 diamond amavis[28927]: Module Archive::Zip        0.11
Mar 17 18:35:38 diamond amavis[28927]: Module Compress::Zlib      1.16
Mar 17 18:35:38 diamond amavis[28927]: Module Convert::TNEF       0.16
Mar 17 18:35:38 diamond amavis[28927]: Module Convert::UUlib      0.201
Mar 17 18:35:38 diamond amavis[28927]: Module MIME::Entity        5.404
Mar 17 18:35:38 diamond amavis[28927]: Module MIME::Parser        5.406
Mar 17 18:35:38 diamond amavis[28927]: Module MIME::Tools         5.411
Mar 17 18:35:38 diamond amavis[28927]: Module Mail::Header        1.44
Mar 17 18:35:38 diamond amavis[28927]: Module Mail::Internet      1.44
Mar 17 18:35:38 diamond amavis[28927]: Module Net::Cmd            2.24
Mar 17 18:35:38 diamond amavis[28927]: Module Net::SMTP           2.26
Mar 17 18:35:38 diamond amavis[28927]: Module Net::Server         0.84
Mar 17 18:35:38 diamond amavis[28927]: Module Time::HiRes         01.20
Mar 17 18:35:38 diamond amavis[28927]: Module Unix::Syslog        0.98
Mar 17 18:35:38 diamond amavis[28927]: Found myself: /usr/sbin/amavisd-new -c /etc/amavis/amavisd.conf 
Mar 17 18:35:38 diamond amavis[28927]: Lookup::SQL code       NOT loaded
Mar 17 18:35:38 diamond amavis[28927]: Lookup::LDAP code      NOT loaded
Mar 17 18:35:38 diamond amavis[28927]: AMCL-in protocol code  NOT loaded
Mar 17 18:35:38 diamond amavis[28927]: SMTP-in protocol code  loaded
Mar 17 18:35:38 diamond amavis[28927]: ANTI-VIRUS code        loaded
Mar 17 18:35:38 diamond amavis[28927]: ANTI-SPAM  code        NOT loaded
Mar 17 18:35:38 diamond amavis[28928]: Net::Server: Process Backgrounded
Mar 17 18:35:38 diamond amavis[28928]: Net::Server: 2004/03/17-18:35:38 Amavis (type Net::Server::PreForkSimple) starting! pid(28928) Mar 17 18:35:38 diamond amavis[28928]: Net::Server: Binding to TCP port 10024 on host 127.0.0.1 
Mar 17 18:35:38 diamond amavis[28928]: Net::Server: Setting gid to "104 104"
Mar 17 18:35:38 diamond amavis[28928]: Net::Server: Setting uid to "102"
Mar 17 18:35:38 diamond amavis[28928]: Found $file       at /usr/bin/file
Mar 17 18:35:38 diamond amavis[28928]: Found $arc        at /usr/bin/arc
Mar 17 18:35:38 diamond amavis[28928]: Found $gzip       at /bin/gzip
Mar 17 18:35:38 diamond amavis[28928]: Found $bzip2      at /usr/bin/bzip2
Mar 17 18:35:38 diamond amavis[28928]: No $lzop,         not using it
Mar 17 18:35:38 diamond amavis[28928]: Found $lha        at /usr/bin/lha
Mar 17 18:35:38 diamond amavis[28928]: Found $unarj      at /usr/bin/unarj
Mar 17 18:35:38 diamond amavis[28928]: Found $uncompress at /bin/uncompress
Mar 17 18:35:38 diamond amavis[28928]: No $unfreeze,     not using it
Mar 17 18:35:38 diamond amavis[28928]: Found $unrar      at /usr/bin/unrar
Mar 17 18:35:38 diamond amavis[28928]: No $zoo,          not using it
Mar 17 18:35:38 diamond amavis[28928]: Found $cpio       at /bin/cpio
Mar 17 18:35:38 diamond amavis[28928]: Using internal av scanner code for (primary) Clam Antivirus-clamd Mar 17 18:35:38 diamond amavis[28928]: Found secondary av scanner Clam Antivirus - clamscan at /usr/bin/clamscan 

Iniciando o Clamd... nao tem problemas....


inicio o postfix .... tudo ok... agora qdo chega um virus ... olha só
Mar 17 18:38:16 diamond postfix/qmgr[29031]: 20D3516DC7: from=<thiagozerbinato@yahoo.com.br>, size=1557, nrcpt=1 (queue active) Mar 17 18:38:16 diamond amavis[28929]: (28929-01) ESMTP::10024 /var/lib/amavis/amavis-20040317T183816-28929: <thiagozerbinato@yahoo.com.br> -> <thiagomz@logisticaeprocessos.com.br> Received: SIZE=1557 from diamond ([127.0.0.1]) by localhost (diamond [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 28929-01 for <thiagomz@logisticaeprocessos.com.br>; Wed, 17 Mar 2004 18:38:16 -0300 (BRT) Mar 17 18:38:16 diamond amavis[28929]: (28929-01) Checking: <thiagozerbinato@yahoo.com.br> -> <thiagomz@logisticaeprocessos.com.br> Mar 17 18:38:16 diamond amavis[28929]: (28929-01) Clam Antivirus-clamd: Can't connect to UNIX socket /var/run/clamd.ctl: No such file or directory, retrying (1) Mar 17 18:38:16 diamond postfix/smtpd[29038]: disconnect from smtp104.mail.sc5.yahoo.com[66.163.169.223] Mar 17 18:38:17 diamond amavis[28929]: (28929-01) Clam Antivirus-clamd: Can't connect to UNIX socket /var/run/clamd.ctl: No such file or directory, retrying (2) Mar 17 18:38:23 diamond amavis[28929]: (28929-01) Clam Antivirus-clamd: Can't connect to UNIX socket /var/run/clamd.ctl: No such file or directory, retrying (3) Mar 17 18:38:34 diamond amavis[28929]: (28929-01) Clam Antivirus-clamd av-scanner FAILED: Too many retries to talk to /var/run/clamd.ctl (Can't connect to UNIX socket /var/run/clamd.ctl: No such file or directory) at (eval 34) line 179. Mar 17 18:38:34 diamond amavis[28929]: (28929-01) WARN: all primary virus scanners failed, considering backups Mar 17 18:38:35 diamond amavis[28929]: (28929-01) local delivery: <thiagozerbinato@yahoo.com.br> -> <virus-quarantine>, mbx=/var/lib/amavis/virusmails/virus-20040317-183835-28929-01 Mar 17 18:38:35 diamond amavis[28929]: (28929-01) SEND via SMTP: [127.0.0.1:10025] <> -> <thiagozerbinato@yahoo.com.br> Mar 17 18:38:35 diamond postfix/smtpd[29048]: connect from localhost[127.0.0.1] Mar 17 18:38:35 diamond postfix/smtpd[29048]: D7F1817CA7: client=localhost[127.0.0.1] Mar 17 18:38:35 diamond postfix/cleanup[29039]: D7F1817CA7: message-id=<VS28929-01@diamond> Mar 17 18:38:35 diamond postfix/qmgr[29031]: D7F1817CA7: from=<>, size=3740, nrcpt=1 (queue active) Mar 17 18:38:35 diamond postfix/smtpd[29048]: disconnect from localhost[127.0.0.1] Mar 17 18:38:35 diamond amavis[28929]: (28929-01) INFECTED (Eicar-Test-Signature), <thiagozerbinato@yahoo.com.br> -> <thiagomz@logisticaeprocessos.com.br>, quarantine virus-20040317-183835-28929-01, Message-ID: <4058C3FE.1000504@yahoo.com.br>, Hits: - Mar 17 18:38:35 diamond amavis[28929]: (28929-01) TIMING [total 19939 ms] - SMTP EHLO: 8 (0%), SMTP pre-MAIL: 1 (0%), mkdir tempdir: 1 (0%), create email.txt: 1 (0%), SMTP pre-DATA-flush: 6 (0%), SMTP DATA: 32 (0%), body hash: 1 (0%), mkdir parts: 1 (0%), mime_decode: 47 (0%), get-file-type: 15 (0%), get-file-type: 10 (0%), decompose_part: 3 (0%), decompose_part: 1 (0%), parts: 0 (0%), AV-scan-1: 18033 (90%), AV-scan-2: 1629 (8%), write-header: 8 (0%), save-to-local-mailbox: 1 (0%), fwd-connect: 61 (0%), fwd-mail-from: 3 (0%), fwd-rcpt-to: 3 (0%), write-header: 6 (0%), fwd-data: 26 (0%), fwd-data-end: 34 (0%), fwd-rundown: 2 (0%), unlink-2-files: 6 (0%), rundown: 1 (0%) Mar 17 18:38:35 diamond postfix/smtp[29044]: 20D3516DC7: to=<thiagomz@logisticaeprocessos.com.br>, relay=127.0.0.1[127.0.0.1], delay=20, status=sent (250 2.5.0 Ok, id=28929-01, BOUNCE) Mar 17 18:38:38 diamond postfix/smtp[29033]: D7F1817CA7: to=<thiagozerbinato@yahoo.com.br>, relay=mx2.mail.yahoo.com[64.157.4.78], delay=3, status=sent (250 ok dirdel) 

ele falha varias vezes ...
Can't connect to UNIX socket /var/run/clamd.ctl: No such file or directory, retrying (1) 

Outro coisa estranha é isso
Mar 17 18:35:38 diamond amavis[28928]: Using internal av scanner code for (primary) Clam Antivirus-clamd Mar 17 18:35:38 diamond amavis[28928]: Found secondary av scanner Clam Antivirus - clamscan at /usr/bin/clamscan 

nao deveria se o contrario ????

--
Att.

 .''`.   Thiago Marangoni Zerbinato - thiagomz
: :'  :  thiagomz@ig.com.br - UIN #75311127
`. `'`   http://mod-extreme.kit.net - http://forumgdh.net
  `-     irc.debian.org #debian-br
         GNU/Linux User #286429 - Debian User #534
Reply to: