Pessoal,
Configurei o Postfix para trabalhar com o Amavis-New + Clamav
A configuraçao ficou da seguinte forma:
/etc/postfix/main.cf
# Para o Clamav trabalhar com Postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
soft_bounce = yes
/etc/postfix/master.cf
# Amavis + Clamav
smtp-amavis unix - - n - 2 smtp -o
smtp_data_done_timeout=1200 -o disable_dns_lookups=yes
127.0.0.1:10025 inet n - n - - smtpd -o
content_filter= -o local_recipient_maps= -o relay_recipient_maps=
-o smtpd_restriction_classes= -o smtpd_client_restrictions= -o
smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o
smtpd_recipient_restrictions=permit_mynetworks,reject -o
mynetworks=127.0.0.0/8 -o strict_rfc821_envelopes=yes
Esta funcionando ... Qdo envio um virus a um usuario da rede ele é
barrado e eu recebo a notificaçao que tentei enviar um virus ...
mas estou achando meu log estranho ....
Vamos por partes ....
Iniciando o Amavis-New
Mar 17 18:35:38 diamond amavis[28927]: starting. amavisd-new at diamond
amavisd-new-20030616-p5
Mar 17 18:35:38 diamond amavis[28927]: Perl version 5.006001
Mar 17 18:35:38 diamond amavis[28927]: Module Amavis::Conf 1.15
Mar 17 18:35:38 diamond amavis[28927]: Module Archive::Tar 0.22
Mar 17 18:35:38 diamond amavis[28927]: Module Archive::Zip 0.11
Mar 17 18:35:38 diamond amavis[28927]: Module Compress::Zlib 1.16
Mar 17 18:35:38 diamond amavis[28927]: Module Convert::TNEF 0.16
Mar 17 18:35:38 diamond amavis[28927]: Module Convert::UUlib 0.201
Mar 17 18:35:38 diamond amavis[28927]: Module MIME::Entity 5.404
Mar 17 18:35:38 diamond amavis[28927]: Module MIME::Parser 5.406
Mar 17 18:35:38 diamond amavis[28927]: Module MIME::Tools 5.411
Mar 17 18:35:38 diamond amavis[28927]: Module Mail::Header 1.44
Mar 17 18:35:38 diamond amavis[28927]: Module Mail::Internet 1.44
Mar 17 18:35:38 diamond amavis[28927]: Module Net::Cmd 2.24
Mar 17 18:35:38 diamond amavis[28927]: Module Net::SMTP 2.26
Mar 17 18:35:38 diamond amavis[28927]: Module Net::Server 0.84
Mar 17 18:35:38 diamond amavis[28927]: Module Time::HiRes 01.20
Mar 17 18:35:38 diamond amavis[28927]: Module Unix::Syslog 0.98
Mar 17 18:35:38 diamond amavis[28927]: Found myself:
/usr/sbin/amavisd-new -c /etc/amavis/amavisd.conf
Mar 17 18:35:38 diamond amavis[28927]: Lookup::SQL code NOT loaded
Mar 17 18:35:38 diamond amavis[28927]: Lookup::LDAP code NOT loaded
Mar 17 18:35:38 diamond amavis[28927]: AMCL-in protocol code NOT loaded
Mar 17 18:35:38 diamond amavis[28927]: SMTP-in protocol code loaded
Mar 17 18:35:38 diamond amavis[28927]: ANTI-VIRUS code loaded
Mar 17 18:35:38 diamond amavis[28927]: ANTI-SPAM code NOT loaded
Mar 17 18:35:38 diamond amavis[28928]: Net::Server: Process Backgrounded
Mar 17 18:35:38 diamond amavis[28928]: Net::Server: 2004/03/17-18:35:38
Amavis (type Net::Server::PreForkSimple) starting! pid(28928)
Mar 17 18:35:38 diamond amavis[28928]: Net::Server: Binding to TCP port
10024 on host 127.0.0.1
Mar 17 18:35:38 diamond amavis[28928]: Net::Server: Setting gid to "104 104"
Mar 17 18:35:38 diamond amavis[28928]: Net::Server: Setting uid to "102"
Mar 17 18:35:38 diamond amavis[28928]: Found $file at /usr/bin/file
Mar 17 18:35:38 diamond amavis[28928]: Found $arc at /usr/bin/arc
Mar 17 18:35:38 diamond amavis[28928]: Found $gzip at /bin/gzip
Mar 17 18:35:38 diamond amavis[28928]: Found $bzip2 at /usr/bin/bzip2
Mar 17 18:35:38 diamond amavis[28928]: No $lzop, not using it
Mar 17 18:35:38 diamond amavis[28928]: Found $lha at /usr/bin/lha
Mar 17 18:35:38 diamond amavis[28928]: Found $unarj at /usr/bin/unarj
Mar 17 18:35:38 diamond amavis[28928]: Found $uncompress at /bin/uncompress
Mar 17 18:35:38 diamond amavis[28928]: No $unfreeze, not using it
Mar 17 18:35:38 diamond amavis[28928]: Found $unrar at /usr/bin/unrar
Mar 17 18:35:38 diamond amavis[28928]: No $zoo, not using it
Mar 17 18:35:38 diamond amavis[28928]: Found $cpio at /bin/cpio
Mar 17 18:35:38 diamond amavis[28928]: Using internal av scanner code
for (primary) Clam Antivirus-clamd
Mar 17 18:35:38 diamond amavis[28928]: Found secondary av scanner Clam
Antivirus - clamscan at /usr/bin/clamscan
Iniciando o Clamd... nao tem problemas....
inicio o postfix .... tudo ok... agora qdo chega um virus ... olha só
Mar 17 18:38:16 diamond postfix/qmgr[29031]: 20D3516DC7:
from=<thiagozerbinato@yahoo.com.br>, size=1557, nrcpt=1 (queue active)
Mar 17 18:38:16 diamond amavis[28929]: (28929-01) ESMTP::10024
/var/lib/amavis/amavis-20040317T183816-28929:
<thiagozerbinato@yahoo.com.br> -> <thiagomz@logisticaeprocessos.com.br>
Received: SIZE=1557 from diamond ([127.0.0.1]) by localhost (diamond
[127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 28929-01 for
<thiagomz@logisticaeprocessos.com.br>; Wed, 17 Mar 2004 18:38:16 -0300 (BRT)
Mar 17 18:38:16 diamond amavis[28929]: (28929-01) Checking:
<thiagozerbinato@yahoo.com.br> -> <thiagomz@logisticaeprocessos.com.br>
Mar 17 18:38:16 diamond amavis[28929]: (28929-01) Clam Antivirus-clamd:
Can't connect to UNIX socket /var/run/clamd.ctl: No such file or
directory, retrying (1)
Mar 17 18:38:16 diamond postfix/smtpd[29038]: disconnect from
smtp104.mail.sc5.yahoo.com[66.163.169.223]
Mar 17 18:38:17 diamond amavis[28929]: (28929-01) Clam Antivirus-clamd:
Can't connect to UNIX socket /var/run/clamd.ctl: No such file or
directory, retrying (2)
Mar 17 18:38:23 diamond amavis[28929]: (28929-01) Clam Antivirus-clamd:
Can't connect to UNIX socket /var/run/clamd.ctl: No such file or
directory, retrying (3)
Mar 17 18:38:34 diamond amavis[28929]: (28929-01) Clam Antivirus-clamd
av-scanner FAILED: Too many retries to talk to /var/run/clamd.ctl (Can't
connect to UNIX socket /var/run/clamd.ctl: No such file or directory) at
(eval 34) line 179.
Mar 17 18:38:34 diamond amavis[28929]: (28929-01) WARN: all primary
virus scanners failed, considering backups
Mar 17 18:38:35 diamond amavis[28929]: (28929-01) local delivery:
<thiagozerbinato@yahoo.com.br> -> <virus-quarantine>,
mbx=/var/lib/amavis/virusmails/virus-20040317-183835-28929-01
Mar 17 18:38:35 diamond amavis[28929]: (28929-01) SEND via SMTP:
[127.0.0.1:10025] <> -> <thiagozerbinato@yahoo.com.br>
Mar 17 18:38:35 diamond postfix/smtpd[29048]: connect from
localhost[127.0.0.1]
Mar 17 18:38:35 diamond postfix/smtpd[29048]: D7F1817CA7:
client=localhost[127.0.0.1]
Mar 17 18:38:35 diamond postfix/cleanup[29039]: D7F1817CA7:
message-id=<VS28929-01@diamond>
Mar 17 18:38:35 diamond postfix/qmgr[29031]: D7F1817CA7: from=<>,
size=3740, nrcpt=1 (queue active)
Mar 17 18:38:35 diamond postfix/smtpd[29048]: disconnect from
localhost[127.0.0.1]
Mar 17 18:38:35 diamond amavis[28929]: (28929-01) INFECTED
(Eicar-Test-Signature), <thiagozerbinato@yahoo.com.br> ->
<thiagomz@logisticaeprocessos.com.br>, quarantine
virus-20040317-183835-28929-01, Message-ID:
<4058C3FE.1000504@yahoo.com.br>, Hits: -
Mar 17 18:38:35 diamond amavis[28929]: (28929-01) TIMING [total 19939
ms] - SMTP EHLO: 8 (0%), SMTP pre-MAIL: 1 (0%), mkdir tempdir: 1 (0%),
create email.txt: 1 (0%), SMTP pre-DATA-flush: 6 (0%), SMTP DATA: 32
(0%), body hash: 1 (0%), mkdir parts: 1 (0%), mime_decode: 47 (0%),
get-file-type: 15 (0%), get-file-type: 10 (0%), decompose_part: 3 (0%),
decompose_part: 1 (0%), parts: 0 (0%), AV-scan-1: 18033 (90%),
AV-scan-2: 1629 (8%), write-header: 8 (0%), save-to-local-mailbox: 1
(0%), fwd-connect: 61 (0%), fwd-mail-from: 3 (0%), fwd-rcpt-to: 3 (0%),
write-header: 6 (0%), fwd-data: 26 (0%), fwd-data-end: 34 (0%),
fwd-rundown: 2 (0%), unlink-2-files: 6 (0%), rundown: 1 (0%)
Mar 17 18:38:35 diamond postfix/smtp[29044]: 20D3516DC7:
to=<thiagomz@logisticaeprocessos.com.br>, relay=127.0.0.1[127.0.0.1],
delay=20, status=sent (250 2.5.0 Ok, id=28929-01, BOUNCE)
Mar 17 18:38:38 diamond postfix/smtp[29033]: D7F1817CA7:
to=<thiagozerbinato@yahoo.com.br>,
relay=mx2.mail.yahoo.com[64.157.4.78], delay=3, status=sent (250 ok dirdel)
ele falha varias vezes ...
Can't connect to UNIX socket /var/run/clamd.ctl: No such file or
directory, retrying (1)
Outro coisa estranha é isso
Mar 17 18:35:38 diamond amavis[28928]: Using internal av scanner code
for (primary) Clam Antivirus-clamd
Mar 17 18:35:38 diamond amavis[28928]: Found secondary av scanner Clam
Antivirus - clamscan at /usr/bin/clamscan
nao deveria se o contrario ????
--
Att.
.''`. Thiago Marangoni Zerbinato - thiagomz
: :' : thiagomz@ig.com.br - UIN #75311127
`. `'` http://mod-extreme.kit.net - http://forumgdh.net
`- irc.debian.org #debian-br
GNU/Linux User #286429 - Debian User #534
--
To UNSUBSCRIBE, email to debian-user-portuguese-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org