Virenschutz mit Hilfe von AMaViS und SpamAssassin
Zur weiteren Absicherung unseres Mailservers bzw. -verkehrs bedienen wir uns der beiden Dienste amavisd-new und spamassassin.
Installation
Wie üblich installieren wir die benötiten Programmpakete via YUM.
yum install amavisd-new spamassassin clamav clamd
Programminfo
amavisd-new
Info
Was uns amavisd-new bietet, entnehmen wir am einfachsten dem rpm
# yum info amavisd-new
Name : amavisd-new
...
Summary: Mail virus-scanner
Description: AMaViS is a program that interfaces a mail transfer agent (MTA) with one or more virus scanners.
Amavisd-new is a branch created by Mark Martinec that adds serveral performance and robustness features. It's
partly based on work being done on the official amavisd branch. Please see the README.amavisd-new-RELNOTES
file for a detailed description.
Programmpfade und -inhalte
Über die einzelnen Dateien und Pfade der installierten Programme, informieren wir uns mittels:
# rpm -ql amavisd-new /etc/amavisd.conf /etc/cron.daily/amavisd /etc/logrotate.d/amavisd /etc/openldap/schema/amavisd-new.schema /etc/rc.d/init.d/amavisd /etc/sysconfig/amavisd /usr/sbin/amavisd /usr/sbin/amavisd-agent /usr/sbin/amavisd-nanny /usr/sbin/amavisd-release /usr/sbin/p0f-analyzer /usr/share/doc/amavisd-new-2.6.4 /usr/share/doc/amavisd-new-2.6.4/AAAREADME.first /usr/share/doc/amavisd-new-2.6.4/LDAP.schema /usr/share/doc/amavisd-new-2.6.4/LICENSE /usr/share/doc/amavisd-new-2.6.4/MANIFEST /usr/share/doc/amavisd-new-2.6.4/README.banned /usr/share/doc/amavisd-new-2.6.4/README.chroot /usr/share/doc/amavisd-new-2.6.4/README.contributed /usr/share/doc/amavisd-new-2.6.4/README.courier /usr/share/doc/amavisd-new-2.6.4/README.courier-old /usr/share/doc/amavisd-new-2.6.4/README.customize /usr/share/doc/amavisd-new-2.6.4/README.exim_v3 /usr/share/doc/amavisd-new-2.6.4/README.exim_v3_app /usr/share/doc/amavisd-new-2.6.4/README.exim_v4 /usr/share/doc/amavisd-new-2.6.4/README.exim_v4_app /usr/share/doc/amavisd-new-2.6.4/README.exim_v4_app2 /usr/share/doc/amavisd-new-2.6.4/README.ldap /usr/share/doc/amavisd-new-2.6.4/README.lookups /usr/share/doc/amavisd-new-2.6.4/README.milter /usr/share/doc/amavisd-new-2.6.4/README.old.scanners /usr/share/doc/amavisd-new-2.6.4/README.performance /usr/share/doc/amavisd-new-2.6.4/README.policy-on-notifications /usr/share/doc/amavisd-new-2.6.4/README.postfix /usr/share/doc/amavisd-new-2.6.4/README.postfix.html /usr/share/doc/amavisd-new-2.6.4/README.protocol /usr/share/doc/amavisd-new-2.6.4/README.sendmail /usr/share/doc/amavisd-new-2.6.4/README.sendmail-dual /usr/share/doc/amavisd-new-2.6.4/README.sendmail-dual.old /usr/share/doc/amavisd-new-2.6.4/README.sql /usr/share/doc/amavisd-new-2.6.4/README.sql-mysql /usr/share/doc/amavisd-new-2.6.4/README.sql-pg /usr/share/doc/amavisd-new-2.6.4/RELEASE_NOTES /usr/share/doc/amavisd-new-2.6.4/amavisd-new-docs.html /usr/share/doc/amavisd-new-2.6.4/amavisd.conf /usr/share/doc/amavisd-new-2.6.4/amavisd.conf-default /usr/share/doc/amavisd-new-2.6.4/amavisd.conf-sample /usr/share/doc/amavisd-new-2.6.4/amavisd.conf.orig /usr/share/doc/amavisd-new-2.6.4/images /usr/share/doc/amavisd-new-2.6.4/images/blank.png /usr/share/doc/amavisd-new-2.6.4/images/callouts /usr/share/doc/amavisd-new-2.6.4/images/callouts/1.png /usr/share/doc/amavisd-new-2.6.4/images/callouts/10.png /usr/share/doc/amavisd-new-2.6.4/images/callouts/11.png /usr/share/doc/amavisd-new-2.6.4/images/callouts/12.png /usr/share/doc/amavisd-new-2.6.4/images/callouts/13.png /usr/share/doc/amavisd-new-2.6.4/images/callouts/14.png /usr/share/doc/amavisd-new-2.6.4/images/callouts/15.png /usr/share/doc/amavisd-new-2.6.4/images/callouts/2.png /usr/share/doc/amavisd-new-2.6.4/images/callouts/3.png /usr/share/doc/amavisd-new-2.6.4/images/callouts/4.png /usr/share/doc/amavisd-new-2.6.4/images/callouts/5.png /usr/share/doc/amavisd-new-2.6.4/images/callouts/6.png /usr/share/doc/amavisd-new-2.6.4/images/callouts/7.png /usr/share/doc/amavisd-new-2.6.4/images/callouts/8.png /usr/share/doc/amavisd-new-2.6.4/images/callouts/9.png /usr/share/doc/amavisd-new-2.6.4/images/caution.png /usr/share/doc/amavisd-new-2.6.4/images/draft.png /usr/share/doc/amavisd-new-2.6.4/images/home.png /usr/share/doc/amavisd-new-2.6.4/images/important.png /usr/share/doc/amavisd-new-2.6.4/images/next.png /usr/share/doc/amavisd-new-2.6.4/images/note.png /usr/share/doc/amavisd-new-2.6.4/images/prev.png /usr/share/doc/amavisd-new-2.6.4/images/tip.png /usr/share/doc/amavisd-new-2.6.4/images/toc-blank.png /usr/share/doc/amavisd-new-2.6.4/images/toc-minus.png /usr/share/doc/amavisd-new-2.6.4/images/toc-plus.png /usr/share/doc/amavisd-new-2.6.4/images/up.png /usr/share/doc/amavisd-new-2.6.4/images/warning.png /usr/share/doc/amavisd-new-2.6.4/screen.css /usr/share/doc/amavisd-new-2.6.4/test-messages /usr/share/doc/amavisd-new-2.6.4/test-messages/README /usr/share/doc/amavisd-new-2.6.4/test-messages/sample.tar.gz.compl /var/amavis /var/amavis/db /var/amavis/tmp /var/amavis/var /var/log/amavis.log /var/virusmails
spamassassin
Info
Auch beim Paket spamassassin informieren wir uns erst einmal an Hand der RPM-Info:
yum info spamassassin Name : spamassassin ... Summary: Spam-Filter für E-Mails, der durch Mail-Agenten aufgerufen werden kann. Description: SpamAssassin provides you with a way to reduce if not completely eliminate Unsolicited Commercial Email (SPAM) from your incoming email. It can be invoked by a MDA such as sendmail or postfix, or can be called from a procmail script, .forward file, etc. It uses a genetic-algorithm evolved scoring system to identify messages which look spammy, then adds headers to the message so they can be filtered by the user's mail reading software. This distribution includes the spamd/spamc components which create a server that considerably speeds processing of mail. To enable spamassassin, if you are receiving mail locally, simply add this line to your ~/.procmailrc: INCLUDERC=/etc/mail/spamassassin/spamassassin-default.rc To filter spam for all users, add that line to /etc/procmailrc (creating if necessary).
Programmpfade und -inhalte
Über die einzelnen Dateien und Pfade der installierten Programme, informieren wir uns auch hier mittels:
rpm -ql spamassassin /etc/cron.d/sa-update /etc/logrotate.d/sa-update /etc/mail/spamassassin /etc/mail/spamassassin/init.pre /etc/mail/spamassassin/local.cf /etc/mail/spamassassin/spamassassin-default.rc /etc/mail/spamassassin/spamassassin-helper.sh /etc/mail/spamassassin/spamassassin-spamc.rc /etc/mail/spamassassin/v310.pre /etc/mail/spamassassin/v312.pre /etc/mail/spamassassin/v320.pre /etc/rc.d/init.d/spamassassin /etc/sysconfig/spamassassin /usr/bin/sa-compile /usr/bin/sa-learn /usr/bin/sa-update /usr/bin/spamassassin /usr/bin/spamc /usr/bin/spamd /usr/lib/perl5/vendor_perl/5.8.8/Mail /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin.pm /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/AICache.pm /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/ArchiveIterator.pm /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/AsyncLoop.pm /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/AutoWhitelist.pm /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/Bayes /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/Bayes.pm /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/Bayes/CombineChi.pm /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/Bayes/CombineNaiveBayes.pm /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/BayesStore /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/BayesStore.pm /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/BayesStore/DBM.pm /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/BayesStore/MySQL.pm /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/BayesStore/PgSQL.pm /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/BayesStore/SDBM.pm /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/BayesStore/SQL.pm /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/Client.pm /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/Conf /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/Conf.pm /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/Conf/LDAP.pm /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/Conf/Parser.pm /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/Conf/SQL.pm /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/Constants.pm /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/DBBasedAddrList.pm /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/Dns.pm /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/DnsResolver.pm /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/HTML.pm /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/Locales.pm /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/Locker /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/Locker.pm /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/Locker/Flock.pm /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/Locker/UnixNFSSafe.pm /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/Locker/Win32.pm /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/Logger /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/Logger.pm /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/Logger/File.pm /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/Logger/Stderr.pm /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/Logger/Syslog.pm /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/MailingList.pm /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/Message /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/Message.pm /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/Message/Metadata /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/Message/Metadata.pm /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/Message/Metadata/Received.pm /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/Message/Node.pm /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/NetSet.pm /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/PerMsgLearner.pm /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/PerMsgStatus.pm /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/PersistentAddrList.pm /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/Plugin /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/Plugin.pm /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/Plugin/ASN.pm /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/Plugin/AWL.pm /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/Plugin/AccessDB.pm /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/Plugin/AntiVirus.pm /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/Plugin/AutoLearnThreshold.pm /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/Plugin/Bayes.pm /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/Plugin/BodyEval.pm /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/Plugin/BodyRuleBaseExtractor.pm /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/Plugin/Check.pm /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/Plugin/DCC.pm /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/Plugin/DKIM.pm /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/Plugin/DNSEval.pm /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/Plugin/DomainKeys.pm /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/Plugin/HTMLEval.pm /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/Plugin/HTTPSMismatch.pm /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/Plugin/Hashcash.pm /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/Plugin/HeaderEval.pm /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/Plugin/ImageInfo.pm /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/Plugin/MIMEEval.pm /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/Plugin/MIMEHeader.pm /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/Plugin/OneLineBodyRuleType.pm /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/Plugin/Pyzor.pm /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/Plugin/Razor2.pm /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/Plugin/RelayCountry.pm /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/Plugin/RelayEval.pm /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/Plugin/ReplaceTags.pm /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/Plugin/Rule2XSBody.pm /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/Plugin/SPF.pm /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/Plugin/Shortcircuit.pm /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/Plugin/SpamCop.pm /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/Plugin/Test.pm /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/Plugin/TextCat.pm /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/Plugin/URIDNSBL.pm /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/Plugin/URIDetail.pm /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/Plugin/URIEval.pm /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/Plugin/VBounce.pm /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/Plugin/WLBLEval.pm /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/Plugin/WhiteListSubject.pm /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/PluginHandler.pm /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/Reporter.pm /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/SQLBasedAddrList.pm /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/SpamdForkScaling.pm /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/SubProcBackChannel.pm /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/Timeout.pm /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/Util /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/Util.pm /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/Util/DependencyInfo.pm /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/Util/Progress.pm /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/Util/RegistrarBoundaries.pm /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/Util/TieOneStringHash.pm /usr/lib/perl5/vendor_perl/5.8.8/spamassassin-run.pod /usr/share/doc/spamassassin-3.2.4 /usr/share/doc/spamassassin-3.2.4/CREDITS /usr/share/doc/spamassassin-3.2.4/Changes /usr/share/doc/spamassassin-3.2.4/LICENSE /usr/share/doc/spamassassin-3.2.4/NOTICE /usr/share/doc/spamassassin-3.2.4/README /usr/share/doc/spamassassin-3.2.4/TRADEMARK /usr/share/doc/spamassassin-3.2.4/UPGRADE /usr/share/doc/spamassassin-3.2.4/USAGE /usr/share/doc/spamassassin-3.2.4/sample-nonspam.txt /usr/share/doc/spamassassin-3.2.4/sample-spam.txt /usr/share/man/man1/sa-compile.1.gz /usr/share/man/man1/sa-learn.1.gz /usr/share/man/man1/sa-update.1.gz /usr/share/man/man1/spamassassin-run.1.gz /usr/share/man/man1/spamassassin.1.gz /usr/share/man/man1/spamc.1.gz /usr/share/man/man1/spamd.1.gz /usr/share/man/man3/Mail::SpamAssassin.3pm.gz /usr/share/man/man3/Mail::SpamAssassin::AICache.3pm.gz /usr/share/man/man3/Mail::SpamAssassin::ArchiveIterator.3pm.gz /usr/share/man/man3/Mail::SpamAssassin::AsyncLoop.3pm.gz /usr/share/man/man3/Mail::SpamAssassin::AutoWhitelist.3pm.gz /usr/share/man/man3/Mail::SpamAssassin::Bayes.3pm.gz /usr/share/man/man3/Mail::SpamAssassin::BayesStore.3pm.gz /usr/share/man/man3/Mail::SpamAssassin::BayesStore::MySQL.3pm.gz /usr/share/man/man3/Mail::SpamAssassin::BayesStore::PgSQL.3pm.gz /usr/share/man/man3/Mail::SpamAssassin::BayesStore::SQL.3pm.gz /usr/share/man/man3/Mail::SpamAssassin::Client.3pm.gz /usr/share/man/man3/Mail::SpamAssassin::Conf.3pm.gz /usr/share/man/man3/Mail::SpamAssassin::Conf::LDAP.3pm.gz /usr/share/man/man3/Mail::SpamAssassin::Conf::Parser.3pm.gz /usr/share/man/man3/Mail::SpamAssassin::Conf::SQL.3pm.gz /usr/share/man/man3/Mail::SpamAssassin::DnsResolver.3pm.gz /usr/share/man/man3/Mail::SpamAssassin::Logger.3pm.gz /usr/share/man/man3/Mail::SpamAssassin::Logger::File.3pm.gz /usr/share/man/man3/Mail::SpamAssassin::Logger::Stderr.3pm.gz /usr/share/man/man3/Mail::SpamAssassin::Logger::Syslog.3pm.gz /usr/share/man/man3/Mail::SpamAssassin::Message.3pm.gz /usr/share/man/man3/Mail::SpamAssassin::Message::Metadata.3pm.gz /usr/share/man/man3/Mail::SpamAssassin::Message::Node.3pm.gz /usr/share/man/man3/Mail::SpamAssassin::PerMsgLearner.3pm.gz /usr/share/man/man3/Mail::SpamAssassin::PerMsgStatus.3pm.gz /usr/share/man/man3/Mail::SpamAssassin::PersistentAddrList.3pm.gz /usr/share/man/man3/Mail::SpamAssassin::Plugin.3pm.gz /usr/share/man/man3/Mail::SpamAssassin::Plugin::ASN.3pm.gz /usr/share/man/man3/Mail::SpamAssassin::Plugin::AWL.3pm.gz /usr/share/man/man3/Mail::SpamAssassin::Plugin::AccessDB.3pm.gz /usr/share/man/man3/Mail::SpamAssassin::Plugin::AntiVirus.3pm.gz /usr/share/man/man3/Mail::SpamAssassin::Plugin::AutoLearnThreshold.3pm.gz /usr/share/man/man3/Mail::SpamAssassin::Plugin::BodyRuleBaseExtractor.3pm.gz /usr/share/man/man3/Mail::SpamAssassin::Plugin::Check.3pm.gz /usr/share/man/man3/Mail::SpamAssassin::Plugin::DCC.3pm.gz /usr/share/man/man3/Mail::SpamAssassin::Plugin::DKIM.3pm.gz /usr/share/man/man3/Mail::SpamAssassin::Plugin::DomainKeys.3pm.gz /usr/share/man/man3/Mail::SpamAssassin::Plugin::Hashcash.3pm.gz /usr/share/man/man3/Mail::SpamAssassin::Plugin::MIMEHeader.3pm.gz /usr/share/man/man3/Mail::SpamAssassin::Plugin::OneLineBodyRuleType.3pm.gz /usr/share/man/man3/Mail::SpamAssassin::Plugin::Pyzor.3pm.gz /usr/share/man/man3/Mail::SpamAssassin::Plugin::Razor2.3pm.gz /usr/share/man/man3/Mail::SpamAssassin::Plugin::RelayCountry.3pm.gz /usr/share/man/man3/Mail::SpamAssassin::Plugin::ReplaceTags.3pm.gz /usr/share/man/man3/Mail::SpamAssassin::Plugin::Rule2XSBody.3pm.gz /usr/share/man/man3/Mail::SpamAssassin::Plugin::SPF.3pm.gz /usr/share/man/man3/Mail::SpamAssassin::Plugin::Shortcircuit.3pm.gz /usr/share/man/man3/Mail::SpamAssassin::Plugin::SpamCop.3pm.gz /usr/share/man/man3/Mail::SpamAssassin::Plugin::Test.3pm.gz /usr/share/man/man3/Mail::SpamAssassin::Plugin::TextCat.3pm.gz /usr/share/man/man3/Mail::SpamAssassin::Plugin::URIDNSBL.3pm.gz /usr/share/man/man3/Mail::SpamAssassin::Plugin::URIDetail.3pm.gz /usr/share/man/man3/Mail::SpamAssassin::Plugin::VBounce.3pm.gz /usr/share/man/man3/Mail::SpamAssassin::Plugin::WhiteListSubject.3pm.gz /usr/share/man/man3/Mail::SpamAssassin::PluginHandler.3pm.gz /usr/share/man/man3/Mail::SpamAssassin::SQLBasedAddrList.3pm.gz /usr/share/man/man3/Mail::SpamAssassin::SubProcBackChannel.3pm.gz /usr/share/man/man3/Mail::SpamAssassin::Timeout.3pm.gz /usr/share/man/man3/Mail::SpamAssassin::Util.3pm.gz /usr/share/man/man3/Mail::SpamAssassin::Util::Progress.3pm.gz /usr/share/man/man3/spamassassin-run.3pm.gz /usr/share/spamassassin /usr/share/spamassassin/10_default_prefs.cf /usr/share/spamassassin/20_advance_fee.cf /usr/share/spamassassin/20_body_tests.cf /usr/share/spamassassin/20_compensate.cf /usr/share/spamassassin/20_dnsbl_tests.cf /usr/share/spamassassin/20_drugs.cf /usr/share/spamassassin/20_dynrdns.cf /usr/share/spamassassin/20_fake_helo_tests.cf /usr/share/spamassassin/20_head_tests.cf /usr/share/spamassassin/20_html_tests.cf /usr/share/spamassassin/20_imageinfo.cf /usr/share/spamassassin/20_meta_tests.cf /usr/share/spamassassin/20_net_tests.cf /usr/share/spamassassin/20_phrases.cf /usr/share/spamassassin/20_porn.cf /usr/share/spamassassin/20_ratware.cf /usr/share/spamassassin/20_uri_tests.cf /usr/share/spamassassin/20_vbounce.cf /usr/share/spamassassin/23_bayes.cf /usr/share/spamassassin/25_accessdb.cf /usr/share/spamassassin/25_antivirus.cf /usr/share/spamassassin/25_asn.cf /usr/share/spamassassin/25_dcc.cf /usr/share/spamassassin/25_dkim.cf /usr/share/spamassassin/25_domainkeys.cf /usr/share/spamassassin/25_hashcash.cf /usr/share/spamassassin/25_pyzor.cf /usr/share/spamassassin/25_razor2.cf /usr/share/spamassassin/25_replace.cf /usr/share/spamassassin/25_spf.cf /usr/share/spamassassin/25_textcat.cf /usr/share/spamassassin/25_uribl.cf /usr/share/spamassassin/30_text_de.cf /usr/share/spamassassin/30_text_fr.cf /usr/share/spamassassin/30_text_it.cf /usr/share/spamassassin/30_text_nl.cf /usr/share/spamassassin/30_text_pl.cf /usr/share/spamassassin/30_text_pt_br.cf /usr/share/spamassassin/50_scores.cf /usr/share/spamassassin/60_awl.cf /usr/share/spamassassin/60_shortcircuit.cf /usr/share/spamassassin/60_whitelist.cf /usr/share/spamassassin/60_whitelist_dk.cf /usr/share/spamassassin/60_whitelist_dkim.cf /usr/share/spamassassin/60_whitelist_spf.cf /usr/share/spamassassin/60_whitelist_subject.cf /usr/share/spamassassin/72_active.cf /usr/share/spamassassin/languages /usr/share/spamassassin/sa-update-pubkey.txt /usr/share/spamassassin/sa-update.cron /usr/share/spamassassin/user_prefs.template /var/lib/spamassassin /var/run/spamassassin
clamav
Info
Die Leistung(en) des clamav entnehmen wir dem rpm
yum info clamav Name : clamav ... Summary: Anti-virus software Description: Clam AntiVirus is a GPL anti-virus toolkit for UNIX. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a command line scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use with your own software. Most importantly, the virus database is kept up to date
Programmpfade und -inhalte
Über die einzelnen Dateien und Pfade des installierten clamav-Paketes, informieren wir uns auch hier mittels:
rpm -ql clamav /etc/freshclam.conf /usr/bin/clamscan /usr/bin/freshclam /usr/bin/sigtool /usr/lib/libclamav.so.5 /usr/lib/libclamav.so.5.0.3 /usr/lib/libclamunrar.so.5 /usr/lib/libclamunrar.so.5.0.3 /usr/lib/libclamunrar_iface.so.5 /usr/lib/libclamunrar_iface.so.5.0.3 /usr/share/doc/clamav-0.94.1 /usr/share/doc/clamav-0.94.1/AUTHORS /usr/share/doc/clamav-0.94.1/BUGS /usr/share/doc/clamav-0.94.1/COPYING /usr/share/doc/clamav-0.94.1/ChangeLog /usr/share/doc/clamav-0.94.1/FAQ /usr/share/doc/clamav-0.94.1/INSTALL /usr/share/doc/clamav-0.94.1/NEWS /usr/share/doc/clamav-0.94.1/README /usr/share/doc/clamav-0.94.1/clamav-mirror-howto.pdf /usr/share/doc/clamav-0.94.1/clamdoc.pdf /usr/share/doc/clamav-0.94.1/freshclam.conf /usr/share/doc/clamav-0.94.1/phishsigs_howto.pdf /usr/share/doc/clamav-0.94.1/signatures.pdf /usr/share/doc/clamav-0.94.1/test /usr/share/doc/clamav-0.94.1/test/.split /usr/share/doc/clamav-0.94.1/test/.split/split.clam-aspack.exeaa /usr/share/doc/clamav-0.94.1/test/.split/split.clam-aspack.exeab /usr/share/doc/clamav-0.94.1/test/.split/split.clam-fsg.exeaa /usr/share/doc/clamav-0.94.1/test/.split/split.clam-fsg.exeab /usr/share/doc/clamav-0.94.1/test/.split/split.clam-mew.exeaa /usr/share/doc/clamav-0.94.1/test/.split/split.clam-mew.exeab /usr/share/doc/clamav-0.94.1/test/.split/split.clam-nsis.exeaa /usr/share/doc/clamav-0.94.1/test/.split/split.clam-nsis.exeab /usr/share/doc/clamav-0.94.1/test/.split/split.clam-pespin.exeaa /usr/share/doc/clamav-0.94.1/test/.split/split.clam-pespin.exeab /usr/share/doc/clamav-0.94.1/test/.split/split.clam-petite.exeaa /usr/share/doc/clamav-0.94.1/test/.split/split.clam-petite.exeab /usr/share/doc/clamav-0.94.1/test/.split/split.clam-upack.exeaa /usr/share/doc/clamav-0.94.1/test/.split/split.clam-upack.exeab /usr/share/doc/clamav-0.94.1/test/.split/split.clam-upx.exeaa /usr/share/doc/clamav-0.94.1/test/.split/split.clam-upx.exeab /usr/share/doc/clamav-0.94.1/test/.split/split.clam-v2.raraa /usr/share/doc/clamav-0.94.1/test/.split/split.clam-v2.rarab /usr/share/doc/clamav-0.94.1/test/.split/split.clam-v3.raraa /usr/share/doc/clamav-0.94.1/test/.split/split.clam-v3.rarab /usr/share/doc/clamav-0.94.1/test/.split/split.clam-wwpack.exeaa /usr/share/doc/clamav-0.94.1/test/.split/split.clam-wwpack.exeab /usr/share/doc/clamav-0.94.1/test/.split/split.clam.arjaa /usr/share/doc/clamav-0.94.1/test/.split/split.clam.arjab /usr/share/doc/clamav-0.94.1/test/.split/split.clam.bz2.zipaa /usr/share/doc/clamav-0.94.1/test/.split/split.clam.bz2.zipab /usr/share/doc/clamav-0.94.1/test/.split/split.clam.cabaa /usr/share/doc/clamav-0.94.1/test/.split/split.clam.cabab /usr/share/doc/clamav-0.94.1/test/.split/split.clam.chmaa /usr/share/doc/clamav-0.94.1/test/.split/split.clam.chmab /usr/share/doc/clamav-0.94.1/test/.split/split.clam.d64.zipaa /usr/share/doc/clamav-0.94.1/test/.split/split.clam.d64.zipab /usr/share/doc/clamav-0.94.1/test/.split/split.clam.ea05.exeaa /usr/share/doc/clamav-0.94.1/test/.split/split.clam.ea05.exeab /usr/share/doc/clamav-0.94.1/test/.split/split.clam.ea06.exeaa /usr/share/doc/clamav-0.94.1/test/.split/split.clam.ea06.exeab /usr/share/doc/clamav-0.94.1/test/.split/split.clam.exe.binhexaa /usr/share/doc/clamav-0.94.1/test/.split/split.clam.exe.binhexab /usr/share/doc/clamav-0.94.1/test/.split/split.clam.exe.bz2aa /usr/share/doc/clamav-0.94.1/test/.split/split.clam.exe.bz2ab /usr/share/doc/clamav-0.94.1/test/.split/split.clam.exe.htmlaa /usr/share/doc/clamav-0.94.1/test/.split/split.clam.exe.htmlab /usr/share/doc/clamav-0.94.1/test/.split/split.clam.exe.mbox.base64aa /usr/share/doc/clamav-0.94.1/test/.split/split.clam.exe.mbox.base64ab /usr/share/doc/clamav-0.94.1/test/.split/split.clam.exe.mbox.uuaa /usr/share/doc/clamav-0.94.1/test/.split/split.clam.exe.mbox.uuab /usr/share/doc/clamav-0.94.1/test/.split/split.clam.exe.rtfaa /usr/share/doc/clamav-0.94.1/test/.split/split.clam.exe.rtfab /usr/share/doc/clamav-0.94.1/test/.split/split.clam.exe.szddaa /usr/share/doc/clamav-0.94.1/test/.split/split.clam.exe.szddab /usr/share/doc/clamav-0.94.1/test/.split/split.clam.exeaa /usr/share/doc/clamav-0.94.1/test/.split/split.clam.exeab /usr/share/doc/clamav-0.94.1/test/.split/split.clam.impl.zipaa /usr/share/doc/clamav-0.94.1/test/.split/split.clam.impl.zipab /usr/share/doc/clamav-0.94.1/test/.split/split.clam.mailaa /usr/share/doc/clamav-0.94.1/test/.split/split.clam.mailab /usr/share/doc/clamav-0.94.1/test/.split/split.clam.ole.docaa /usr/share/doc/clamav-0.94.1/test/.split/split.clam.ole.docab /usr/share/doc/clamav-0.94.1/test/.split/split.clam.pdfaa /usr/share/doc/clamav-0.94.1/test/.split/split.clam.pdfab /usr/share/doc/clamav-0.94.1/test/.split/split.clam.pptaa /usr/share/doc/clamav-0.94.1/test/.split/split.clam.pptab /usr/share/doc/clamav-0.94.1/test/.split/split.clam.sisaa /usr/share/doc/clamav-0.94.1/test/.split/split.clam.sisab /usr/share/doc/clamav-0.94.1/test/.split/split.clam.tar.gzaa /usr/share/doc/clamav-0.94.1/test/.split/split.clam.tar.gzab /usr/share/doc/clamav-0.94.1/test/.split/split.clam.tnefaa /usr/share/doc/clamav-0.94.1/test/.split/split.clam.tnefab /usr/share/doc/clamav-0.94.1/test/.split/split.clam.zipaa /usr/share/doc/clamav-0.94.1/test/.split/split.clam.zipab /usr/share/doc/clamav-0.94.1/test/Makefile /usr/share/doc/clamav-0.94.1/test/Makefile.am /usr/share/doc/clamav-0.94.1/test/Makefile.in /usr/share/doc/clamav-0.94.1/test/README /usr/share/doc/clamav-0.94.1/test/clam-aspack.exe /usr/share/doc/clamav-0.94.1/test/clam-fsg.exe /usr/share/doc/clamav-0.94.1/test/clam-mew.exe /usr/share/doc/clamav-0.94.1/test/clam-nsis.exe /usr/share/doc/clamav-0.94.1/test/clam-pespin.exe /usr/share/doc/clamav-0.94.1/test/clam-petite.exe /usr/share/doc/clamav-0.94.1/test/clam-upack.exe /usr/share/doc/clamav-0.94.1/test/clam-upx.exe /usr/share/doc/clamav-0.94.1/test/clam-v2.rar /usr/share/doc/clamav-0.94.1/test/clam-v3.rar /usr/share/doc/clamav-0.94.1/test/clam-wwpack.exe /usr/share/doc/clamav-0.94.1/test/clam.arj /usr/share/doc/clamav-0.94.1/test/clam.bz2.zip /usr/share/doc/clamav-0.94.1/test/clam.cab /usr/share/doc/clamav-0.94.1/test/clam.chm /usr/share/doc/clamav-0.94.1/test/clam.d64.zip /usr/share/doc/clamav-0.94.1/test/clam.ea05.exe /usr/share/doc/clamav-0.94.1/test/clam.ea06.exe /usr/share/doc/clamav-0.94.1/test/clam.exe /usr/share/doc/clamav-0.94.1/test/clam.exe.binhex /usr/share/doc/clamav-0.94.1/test/clam.exe.bz2 /usr/share/doc/clamav-0.94.1/test/clam.exe.html /usr/share/doc/clamav-0.94.1/test/clam.exe.mbox.base64 /usr/share/doc/clamav-0.94.1/test/clam.exe.mbox.uu /usr/share/doc/clamav-0.94.1/test/clam.exe.rtf /usr/share/doc/clamav-0.94.1/test/clam.exe.szdd /usr/share/doc/clamav-0.94.1/test/clam.impl.zip /usr/share/doc/clamav-0.94.1/test/clam.mail /usr/share/doc/clamav-0.94.1/test/clam.ole.doc /usr/share/doc/clamav-0.94.1/test/clam.pdf /usr/share/doc/clamav-0.94.1/test/clam.ppt /usr/share/doc/clamav-0.94.1/test/clam.sis /usr/share/doc/clamav-0.94.1/test/clam.tar.gz /usr/share/doc/clamav-0.94.1/test/clam.tnef /usr/share/doc/clamav-0.94.1/test/clam.zip /usr/share/man/man1/clamscan.1.gz /usr/share/man/man1/freshclam.1.gz /usr/share/man/man1/sigtool.1.gz /usr/share/man/man5/freshclam.conf.5.gz
clamd
Info
Was uns clamd leistet, finden wir im rpm
yum info clamd Name : clamd ... Summary: The Clam AntiVirus Daemon Description: The Clam AntiVirus Daemon
Na ja, nicht gerade viel, aber immerhin kurz und prägnant. ;)
Programmpfade und -inhalte
Über die einzelnen Dateien und Pfade des installierten clamad-Paketes, informieren wir uns auch hier mittels:
rpm -ql clamd /etc/clamd.conf /etc/logrotate.d/clamav /etc/rc.d/init.d/clamd /usr/bin/clamconf /usr/bin/clamdscan /usr/sbin/clamd /usr/share/doc/clamd-0.94.1 /usr/share/doc/clamd-0.94.1/clamd.conf /usr/share/doc/clamd-0.94.1/clamdwatch /usr/share/doc/clamd-0.94.1/clamdwatch/clamdwatch.tar.gz /usr/share/man/man1/clamconf.1.gz /usr/share/man/man1/clamdscan.1.gz /usr/share/man/man5/clamd.conf.5.gz /usr/share/man/man8/clamd.8.gz /var/clamav /var/log/clamav /var/run/clamav
erste Programmstarts
amavisd
Als erstes starten wir mal unseren A MAil Virus Scanner via:
# service amavisd start Mail Virus Scanner (amavisd) starten: [ OK ]
Im /var/log/maillog wird der erfolgreiche Start ausreichend dokumentiert:
Jul 14 19:58:46 nss amavis[16065]: starting. /usr/sbin/amavisd at amavis.nausch.org amavisd-new-2.6.4 (20090625), Unicode aware, LANG="de_DE.UTF-8" Jul 14 19:58:46 nss amavis[16065]: user=103, EUID: 103 (103); group=, EGID: 106 106 (106 106) Jul 14 19:58:46 nss amavis[16065]: Perl version 5.008008 Jul 14 19:58:47 nss amavis[16065]: SpamControl: scanner SpamAssassin, module Amavis::SpamControl::SpamAssassin Jul 14 19:58:47 nss amavis[16065]: INFO: SA version: 3.2.5, 3.002005, no optional modules: Net::CIDR::Lite Sys::Hostname::Long Encode::Detect Razor2::Client::Agent IP::Coun try::Fast Image::Info Image::Info::GIF Image::Info::JPEG Image::Info::PNG Image::Info::TIFF Mail::SPF Mail::SPF::Server Mail::SPF::Request Mail::SPF::Mech Mail::SPF::Mech:: A Mail::SPF::Mech::PTR Mail::SPF::Mech::All Mail::SPF::Mech::Exists Mail::SPF::Mech::IP4 Mail::SPF::Mech::IP6 Mail::SPF::Mech::Include Mail::SPF::Mech::MX Mail::SPF::Mod Ma il::SPF::Mod::Exp Mail::SPF::Mod::Redirect Mail::SPF::SenderIPAddrMech Mail::SPF::v1::Record Mail::SPF::v2::Record NetAddr::IP NetAddr::IP::Util auto::NetAddr::IP::Util::in et_n2dx auto::NetAddr::IP::Util::ipv6_n2d auto::NetAddr::IP::Util::ipv6_n2x Error Jul 14 19:58:47 nss amavis[16065]: SpamControl: init_pre_chroot on SpamAssassin done Jul 14 19:58:47 nss amavis[16106]: Net::Server: Process Backgrounded Jul 14 19:58:47 nss amavis[16106]: Net::Server: 2009/07/14-19:58:47 Amavis (type Net::Server::PreForkSimple) starting! pid(16106) Jul 14 19:58:47 nss amavis[16106]: Net::Server: Binding to UNIX socket file /var/amavis/amavisd.sock using SOCK_STREAM Jul 14 19:58:47 nss amavis[16106]: Net::Server: Binding to TCP port 10024 on host 127.0.0.1 Jul 14 19:58:47 nss amavis[16106]: Net::Server: Group Not Defined. Defaulting to EGID '106 106' Jul 14 19:58:47 nss amavis[16106]: Net::Server: User Not Defined. Defaulting to EUID '103' Jul 14 19:58:47 nss amavis[16106]: config files read: /etc/amavisd.conf Jul 14 19:58:47 nss amavis[16106]: Module Amavis::Conf 2.207 Jul 14 19:58:47 nss amavis[16106]: Module Archive::Zip 1.16 Jul 14 19:58:47 nss amavis[16106]: Module BerkeleyDB 0.36 Jul 14 19:58:47 nss amavis[16106]: Module Compress::Zlib 2.02 Jul 14 19:58:47 nss amavis[16106]: Module Convert::TNEF 0.17 Jul 14 19:58:47 nss amavis[16106]: Module Convert::UUlib 1.051 Jul 14 19:58:47 nss amavis[16106]: Module Crypt::OpenSSL::RSA 0.25 Jul 14 19:58:47 nss amavis[16106]: Module DBD::mysql 4.012 Jul 14 19:58:47 nss amavis[16106]: Module DBI 1.52 Jul 14 19:58:47 nss amavis[16106]: Module DB_File 1.814 Jul 14 19:58:47 nss amavis[16106]: Module Digest::MD5 2.36 Jul 14 19:58:47 nss amavis[16106]: Module Digest::SHA 5.47 Jul 14 19:58:47 nss amavis[16106]: Module Digest::SHA1 2.11 Jul 14 19:58:47 nss amavis[16106]: Module IO::Socket::INET6 2.51 Jul 14 19:58:47 nss amavis[16106]: Module MIME::Entity 5.420 Jul 14 19:58:47 nss amavis[16106]: Module MIME::Parser 5.420 Jul 14 19:58:47 nss amavis[16106]: Module MIME::Tools 5.420 Jul 14 19:58:47 nss amavis[16106]: Module Mail::DKIM::Verifier 0.36 Jul 14 19:58:47 nss amavis[16106]: Module Mail::Header 1.77 Jul 14 19:58:47 nss amavis[16106]: Module Mail::Internet 1.77 Jul 14 19:58:47 nss amavis[16106]: Module Mail::SpamAssassin 3.002005 Jul 14 19:58:47 nss amavis[16106]: Module Net::DNS 0.59 Jul 14 19:58:47 nss amavis[16106]: Module Net::Server 0.97 Jul 14 19:58:47 nss amavis[16106]: Module Socket6 0.19 Jul 14 19:58:47 nss amavis[16106]: Module Time::HiRes 1.9715 Jul 14 19:58:47 nss amavis[16106]: Module URI 1.35 Jul 14 19:58:47 nss amavis[16106]: Module Unix::Syslog 1.1 Jul 14 19:58:47 nss amavis[16106]: Amavis::DB code loaded Jul 14 19:58:47 nss amavis[16106]: Amavis::Cache code loaded Jul 14 19:58:47 nss amavis[16106]: SQL base code NOT loaded Jul 14 19:58:47 nss amavis[16106]: SQL::Log code NOT loaded Jul 14 19:58:47 nss amavis[16106]: SQL::Quarantine NOT loaded Jul 14 19:58:47 nss amavis[16106]: Lookup::SQL code NOT loaded Jul 14 19:58:47 nss amavis[16106]: Lookup::LDAP code NOT loaded Jul 14 19:58:47 nss amavis[16106]: AM.PDP-in proto code loaded Jul 14 19:58:47 nss amavis[16106]: SMTP-in proto code loaded Jul 14 19:58:47 nss amavis[16106]: Courier proto code NOT loaded Jul 14 19:58:47 nss amavis[16106]: SMTP-out proto code loaded Jul 14 19:58:47 nss amavis[16106]: Pipe-out proto code NOT loaded Jul 14 19:58:47 nss amavis[16106]: BSMTP-out proto code NOT loaded Jul 14 19:58:47 nss amavis[16106]: Local-out proto code loaded Jul 14 19:58:47 nss amavis[16106]: OS_Fingerprint code NOT loaded Jul 14 19:58:47 nss amavis[16106]: ANTI-VIRUS code loaded Jul 14 19:58:47 nss amavis[16106]: ANTI-SPAM code loaded Jul 14 19:58:47 nss amavis[16106]: ANTI-SPAM-EXT code NOT loaded Jul 14 19:58:47 nss amavis[16106]: ANTI-SPAM-C code NOT loaded Jul 14 19:58:47 nss amavis[16106]: ANTI-SPAM-SA code loaded Jul 14 19:58:47 nss amavis[16106]: Unpackers code loaded Jul 14 19:58:47 nss amavis[16106]: DKIM code NOT loaded Jul 14 19:58:47 nss amavis[16106]: Tools code NOT loaded Jul 14 19:58:47 nss amavis[16106]: Found $file at /usr/bin/file Jul 14 19:58:47 nss amavis[16106]: No $altermime, not using it Jul 14 19:58:47 nss amavis[16106]: Internal decoder for .mail Jul 14 19:58:47 nss amavis[16106]: Internal decoder for .asc Jul 14 19:58:47 nss amavis[16106]: Internal decoder for .uue Jul 14 19:58:47 nss amavis[16106]: Internal decoder for .hqx Jul 14 19:58:47 nss amavis[16106]: Internal decoder for .ync Jul 14 19:58:47 nss amavis[16106]: Found decoder for .F at /usr/bin/unfreeze Jul 14 19:58:47 nss amavis[16106]: Found decoder for .Z at /usr/bin/uncompress Jul 14 19:58:47 nss amavis[16106]: Found decoder for .gz at /usr/bin/gzip -d Jul 14 19:58:47 nss amavis[16106]: Internal decoder for .gz (backup, not used) Jul 14 19:58:47 nss amavis[16106]: Found decoder for .bz2 at /usr/bin/bzip2 -d Jul 14 19:58:47 nss amavis[16106]: Found decoder for .lzo at /usr/bin/lzop -d Jul 14 19:58:47 nss amavis[16106]: Found decoder for .rpm at /usr/bin/rpm2cpio Jul 14 19:58:47 nss amavis[16106]: Found decoder for .cpio at /usr/bin/pax Jul 14 19:58:47 nss amavis[16106]: Found decoder for .tar at /usr/bin/pax Jul 14 19:58:47 nss amavis[16106]: Found decoder for .deb at /usr/bin/ar Jul 14 19:58:47 nss amavis[16106]: Internal decoder for .zip Jul 14 19:58:47 nss amavis[16106]: No decoder for .7z tried: 7zr, 7za, 7z Jul 14 19:58:47 nss amavis[16106]: Found decoder for .rar at /usr/bin/unrar Jul 14 19:58:47 nss amavis[16106]: Found decoder for .arj at /usr/bin/arj Jul 14 19:58:47 nss amavis[16106]: Found decoder for .arc at /usr/bin/nomarch Jul 14 19:58:47 nss amavis[16106]: Found decoder for .zoo at /usr/bin/zoo Jul 14 19:58:47 nss amavis[16106]: Found decoder for .lha at /usr/bin/lha Jul 14 19:58:47 nss amavis[16106]: Found decoder for .cab at /usr/bin/cabextract Jul 14 19:58:47 nss amavis[16106]: No decoder for .tnef tried: tnef Jul 14 19:58:47 nss amavis[16106]: Internal decoder for .tnef Jul 14 19:58:47 nss amavis[16106]: Found decoder for .exe at /usr/bin/unrar; /usr/bin/lha; /usr/bin/arj Jul 14 19:58:47 nss amavis[16106]: Using primary internal av scanner code for ClamAV-clamd Jul 14 19:58:47 nss amavis[16106]: No primary av scanner: KasperskyLab AVP - aveclient Jul 14 19:58:47 nss amavis[16106]: No primary av scanner: KasperskyLab AntiViral Toolkit Pro (AVP) Jul 14 19:58:47 nss amavis[16106]: No primary av scanner: KasperskyLab AVPDaemonClient Jul 14 19:58:47 nss amavis[16106]: No primary av scanner: CentralCommand Vexira (new) vascan Jul 14 19:58:47 nss amavis[16106]: No primary av scanner: Avira AntiVir Jul 14 19:58:47 nss amavis[16106]: No primary av scanner: Command AntiVirus for Linux Jul 14 19:58:47 nss amavis[16106]: No primary av scanner: Symantec CarrierScan via Symantec CommandLineScanner Jul 14 19:58:47 nss amavis[16106]: No primary av scanner: Symantec AntiVirus Scan Engine Jul 14 19:58:47 nss amavis[16106]: No primary av scanner: F-Secure Antivirus for Linux servers Jul 14 19:58:47 nss amavis[16106]: No primary av scanner: CAI InoculateIT Jul 14 19:58:47 nss amavis[16106]: No primary av scanner: CAI eTrust Antivirus Jul 14 19:58:47 nss amavis[16106]: No primary av scanner: MkS_Vir for Linux (beta) Jul 14 19:58:47 nss amavis[16106]: No primary av scanner: MkS_Vir daemon Jul 14 19:58:47 nss amavis[16106]: No primary av scanner: ESET NOD32 Linux Mail Server - command line interface Jul 14 19:58:47 nss amavis[16106]: No primary av scanner: ESET NOD32 for Linux File servers Jul 14 19:58:47 nss amavis[16106]: No primary av scanner: Norman Virus Control v5 / Linux Jul 14 19:58:47 nss amavis[16106]: No primary av scanner: Panda CommandLineSecure 9 for Linux Jul 14 19:58:47 nss amavis[16106]: No primary av scanner: NAI McAfee AntiVirus (uvscan) Jul 14 19:58:47 nss amavis[16106]: No primary av scanner: VirusBuster Jul 14 19:58:47 nss amavis[16106]: No primary av scanner: CyberSoft VFind Jul 14 19:58:47 nss amavis[16106]: No primary av scanner: avast! Antivirus Jul 14 19:58:47 nss amavis[16106]: No primary av scanner: Ikarus AntiVirus for Linux Jul 14 19:58:47 nss amavis[16106]: No primary av scanner: BitDefender Jul 14 19:58:47 nss amavis[16106]: No primary av scanner: BitDefender Jul 14 19:58:47 nss amavis[16106]: No primary av scanner: ArcaVir for Linux Jul 14 19:58:47 nss amavis[16106]: Found secondary av scanner ClamAV-clamscan at /usr/bin/clamscan Jul 14 19:58:47 nss amavis[16106]: No secondary av scanner: F-PROT Antivirus for UNIX Jul 14 19:58:47 nss amavis[16106]: No secondary av scanner: FRISK F-Prot Antivirus Jul 14 19:58:47 nss amavis[16106]: No secondary av scanner: Trend Micro FileScanner Jul 14 19:58:47 nss amavis[16106]: No secondary av scanner: drweb - DrWeb Antivirus Jul 14 19:58:47 nss amavis[16106]: No secondary av scanner: Kaspersky Antivirus v5.5 Jul 14 19:58:47 nss amavis[16106]: Creating db in /var/amavis/db/; BerkeleyDB 0.36, libdb 4.3 Jul 14 19:58:47 nss amavis[16106]: initializing Mail::SpamAssassin Jul 14 19:58:47 nss amavis[16106]: SpamAssassin debug facilities: info Jul 14 19:58:49 nss amavis[16106]: SpamAssassin loaded plugins: AWL, AutoLearnThreshold, Bayes, BodyEval, Check, DNSEval, HTMLEval, HTTPSMismatch, Hashcash, HeaderEval, Ima geInfo, MIMEEval, MIMEHeader, Pyzor, Razor2, RelayEval, ReplaceTags, SPF, SpamCop, URIDNSBL, URIDetail, URIEval, VBounce, WLBLEval, WhiteListSubject Jul 14 19:58:49 nss amavis[16106]: SpamControl: init_pre_fork on SpamAssassin done Jul 14 19:58:49 nss amavis[16106]: DKIM signature verification disabled, corresponding features not available. If not intentional, consider enabling it by setting: $enable_ dkim_verification to 1, or explicitly disable it by setting it to 0 to quench down this warning. Jul 14 19:58:49 nss amavis[16130]: TIMING [total 7 ms] - bdb-open: 7 (100%)100, rundown: 0 (0%)100 Jul 14 19:58:49 nss amavis[16131]: TIMING [total 6 ms] - bdb-open: 6 (100%)100, rundown: 0 (0%)100 Jul 14 19:58:49 nss amavis[16132]: TIMING [total 7 ms] - bdb-open: 7 (100%)100, rundown: 0 (0%)100 Jul 14 19:58:49 nss amavis[16133]: TIMING [total 6 ms] - bdb-open: 6 (100%)100, rundown: 0 (0%)100
Über den Port 10024 sollte nun unser daemon ansprechbar sein. Was wir auch sehr einfach mittels lsof überprüfen können:
lsof -i :10024 COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME amavisd 29499 amavis 6u IPv4 6036705 TCP localhost.localdomain:10024 (LISTEN) amavisd 29501 amavis 6u IPv4 6036705 TCP localhost.localdomain:10024 (LISTEN) amavisd 29502 amavis 6u IPv4 6036705 TCP localhost.localdomain:10024 (LISTEN)
Via telnet localhost 10024 können wir uns nun zum virusscanner-daemon verbinden.
telnet localhost 10024 Trying 127.0.0.1... Connected to localhost.localdomain (127.0.0.1). Escape character is '^]'. 220 [127.0.0.1] ESMTP amavisd-new service ready quit 221 2.0.0 [127.0.0.1] amavisd-new closing transmission channel Connection closed by foreign host.
clamav
Hier haben wir es einfach, da der Virenkiller on-demand gestartet wird.
Lediglich über die Virenpattern-Updates müssen wir uns Gedanken machen.