centos:mail_c6:spam_3

Unterschiede

Hier werden die Unterschiede zwischen zwei Versionen angezeigt.

Link zu dieser Vergleichsansicht

Beide Seiten der vorigen Revision Vorhergehende Überarbeitung
Nächste Überarbeitung		 Vorhergehende Überarbeitung
centos:mail_c6:spam_3 [10.06.2012 12:28. ] – [Installation] djangocentos:mail_c6:spam_3 [20.05.2021 12:42. ] (aktuell) – Externe Bearbeitung 127.0.0.1
Zeile 1: Zeile 1:
 +====== Grundinstallation von AMaViS ======
 +{{:centos:mail_c6:amavis-2.png?nolink&200 |AMaViS Logo}}
 +
 +===== Grundlagen =====
 +Bei der Definition der [[centos:mail_c6:mta_1#anforderungen_an_unseren_mailserver|Anforderungen an unseren Mailserver]] hatten wir unter anderem ein mehrstufiges Anti-SPAM- und Anti-Viren-schutzkonzept vorgesehen. 
 +  * **Stufe 1** : Greylisting mit Hilfe von [[centos:mail_c6:spam_1|postgrey]] \\ In diesem ersten Schritt erfolgt eine Überprüfung, ob von dem Absender bereits eine Nachricht für einen Empfänger angenommen wurde (greylisting). Nachrichten von unbekannten Absendern werden erst einmal mit einem temporären Fehler **450** abgewiesen. SPAMer geben i.d.R. hier schon auf und ordnungsgemäß konfigurierte Mailserver versuchen die erneute Zustellung in ein paar Minuten. So kann erfolgreich die erste Welle von unerwünschter Post bekämpft und deren Zustellung verweigert werden.
 +  * **Stufe 2** : Nutzung des Policy-Daemon [[centos:mail_c6:spam_2|policyd-weight]] \\ bei Stufe 2 wird mit Hilfe des Policy-Daemon **policyd-weight** die Mail bei der Einlieferung untersucht. An Hand des Envelope Sender, des Envelope To und der HELO-Daten, die während des SMTP-Handshakes übertragen werden, werden für verschiedene Kriterien Punkte vergeben. Dabei werden z.B. Realtime Blackhole Listen abgefragt oder die DNS-Konfiguration des Absenders überprüft. Für jeden Regelverstoß gibt es negative Punkte und ab einer bestimmten Wertung wird die Mail abgelehnt.
 +  * **Stufe 3** : Einbindung und Nutzung von [[|SpamAssassin]] und [[|ClamAV]] mit Hilfe von [[http://www.ijs.si/software/amavisd/|AMaViS]]. \\ Bei der **Stufe 3**, also bei der inhaltlichen Prüfung auf SPAM und Schadcode, setzen wir auf das Open Source-Projekt **AMaViS**((**A** **Ma**il **Vi**rus **S**canner)), das ihren kommerziellen und kostenpflichtigen Konkurrenzprodukten nicht nur ebenbürtig, sondern in vielerlei Hinblick sogar überlegen ist! \\ In dieser Stufe wird noch während des Einlieferungsversuches des externen Mailservers, die Nachricht an den AMaViS-Host auf **Port 10024** zur Prüfung übergeben. Dort wird die Nachricht auf unerwünschte Inhalte SPAM und möglichen Schadcode (Viren) hin überprüft. Fällt diese Prüfung negativ aus, quittiert der AMaViS-Host die Einlieferung mit einem **250er** und leitet die eMail an den betreffenden MTA auf **Port 10025** zurück. Unser MTX quittiert sodann die Einlieferung und Annahme der Nachricht mit einem **250er** und leitet anschließend die ihm anvertraute Nachricht an das jeweilige Backend **Dovecot-IMAP-server** bzw. **Mailman Mailinglisten-Server** weiter. Bei einer positiven Bewertung auf unerwünschte Inhalte und/oder Schadcode, quittiert der AMaViS-Daemon die Annahme mit einem **500**-Code, was wiederum unser externes Mailrelay **Postfix** veranlasst, die annahme ebenfalls mit einem **500**er-Fehlercode abzulehnen. Somit müssen wir uns um eine eventuelle quarantäne oder SPAM-Verwaltung erst gar nicht kümmern!
 +
 +Der prinzipielle Ablauf und die Einbindung des AMaViS veranschaulich folgende Skizze.
 +
 +<uml>
 +
 +state MX_ISP {
 +  MX_ISP : =====================================
 +  MX_ISP : Internet Service Provider - Austausch von eMails
 +  MX_ISP : von und an Kunden, Interessenten, Geschäftspartner
 +  MX_ISP : =====================================
 +}
 +
 +state eMail_Infrastruktur {
 + state Mailserver {
 +  state MX_smtp {
 +    MX_smtp : Postfix 2.6.6 
 +    MX_smtp : ----------------
 +    MX_smtp : SMTP "client" 
 +    MX_smtp : versendet
 +    MX_smtp : Nachrichten
 +  }
 +  state MX_smtpd_25 {
 +    MX_smtpd_25 : Postfix 2.6.6
 +    MX_smtpd_25 : ------------------------------------
 +    MX_smtpd_25 : SMTP Daemon - Port 25
 +    MX_smtpd_25 : ext. Interface (eth0) 88.217.127.21
 +    MX_smtpd_25 : int. Interface (eth1) 10.0.0.80
 +  }
 +    state MX_smtpd_10025 {
 +    MX_smtpd_10025 : Postfix 2.6.6
 +    MX_smtpd_10025 : -------------------------------
 +    MX_smtpd_10025 : SMTP Daemon - Port 10025
 +    MX_smtpd_10025 : int. Interface (eth1) 10.0.0.80
 +    MX_smtpd_10025 : zur Rückleitung der AMaViS 
 +    MX_smtpd_10025 : Verbindungen
 +  }
 +  state MX_postgrey {
 +    MX_postgrey : postgrey 1.34
 +    MX_postgrey : -----------------------------------------
 +    MX_postgrey : Greylisting Daemon - UNIX Socket
 +    MX_postgrey : verzögerte Annahme von eMails von
 +    MX_postgrey : unbekannten Kommunikationspartnern
 +  }
 +   state MX_policyd_weight {
 +    MX_policyd_weight : policyd-weight 0.1.15
 +    MX_policyd_weight : ------------------------------------
 +    MX_policyd_weight : Greylisting Daemon - Port 12525
 +    MX_policyd_weight : gewichtete Prüfung anhand des 
 +    MX_policyd_weight : Envelope Sender, Envelope To 
 +    MX_policyd_weight : und der HELO-Daten
 +  } 
 + }
 + state AMaViS {
 +  state AMaViS_10024 {
 +    AMaViS_10024 : amavisd-new 2.5.4
 +    AMaViS_10024 : -------------------------------------
 +    AMaViS_10024 : AMaViS (A MAil Virus Scanner)
 +    AMaViS_10024 : Frontendsystem zur Steuerung 
 +    AMaViS_10024 : der Hilfsprogramme wie Entpacker,
 +    AMaViS_10024 : Scanner und Spamassassin
 +    AMaViS_10024 : Einbindung als smtpd_proxy_filter
 +    AMaViS_10024 : Einlieferung auf Port 10024
 +    AMaViS_10024 : Host : amavis.dmz.nausch.org
 +  }
 +  state AMaViS_smtp {
 +    AMaViS_smtp : amavisd-new 2.5.4
 +    AMaViS_smtp : ---------------------
 +    AMaViS_smtp : SMTP "client" 
 +    AMaViS_smtp : leitet eMail
 +    AMaViS_smtp : an Quelle-MTA 
 +    AMaViS_smtp : zurück
 +  }
 +  state Spamassassin {
 +    Spamassassin : SpamAssassin 3.3.1
 +    Spamassassin : ----------------------------------
 +    Spamassassin : SPAM-Berwertungs Daemon
 +    Spamassassin : via UNIX Socket 
 +    Spamassassin : Überprüfung und Bewertung 
 +    Spamassassin : ein- und ausgehender eMails
 +    Spamassassin : auf unerwünschte Inhalte
 +  }
 +   state ClamD {
 +    ClamD : clamav 0.9.73
 +    ClamD : -----------------------------------
 +    ClamD : Clam AntiVirus Daemon
 +    ClamD : via Port 3310 
 +    ClamD : zum Scannen auf Schadcode 
 +    ClamD : ein- und ausgehender eMails
 +  }
 + }
 +
 + state Backend_Systeme {
 +  state dovecot {
 +    dovecot : dovecot 2.0.9
 +    dovecot : -------------------------------------
 +    dovecot : Dovecot IMAP-Server
 +    dovecot : Einlieferung auf Port 24 (LMTP)
 +    dovecot : Auslieferung via Port 143 (IMAP) 
 +    dovecot : und 993 (IMAPS)
 +    dovecot : Sieve Mail Filter Daemon 
 +    dovecot : Port 4190 (SIEVE)
 +    dovecot : Host imap.dmz.nausch.org
 +  }
 +  state mailman {
 +    mailman : mailman 2.1.12
 +    mailman : ---------------------------------
 +    mailman : Mailinglisten Server / Daemon
 +    mailman : Host mailman.dmz.nausch.org
 +  }
 + }
 +}
 +
 + MX_ISP -down-> MX_smtpd_25
 + MX_smtpd_25 -right-> MX_postgrey
 + MX_smtpd_25 -down-> MX_policyd_weight
 + MX_postgrey -left-> MX_smtpd_25
 + MX_policyd_weight -up-> MX_smtpd_25
 + MX_smtpd_25 --> MX_smtp
 +
 + MX_smtp -right-> AMaViS_10024
 + MX_smtpd_10025 -left-> MX_smtp
 +
 + AMaViS_smtp -up-> MX_smtpd_10025
 +
 + AMaViS_10024 --> ClamD
 + AMaViS_10024 --> Spamassassin
 + ClamD --> AMaViS_10024
 + Spamassassin --> AMaViS_10024
 + AMaViS_10024 --> AMaViS_smtp
 +
 + MX_smtp -left-> dovecot
 + MX_smtp -up-> mailman
 +
 +</uml>
 +
 +AMaVis übernimmt in unserem eMailworkflow eigentlich nur die Steuerung des Ablaufes, sie nimmt also die eMail vom MTA an und leitet diese an die Backendsysteme weiter:
 +  * **PACKER** Zum Entpacken von Dateianhängen
 +  * **Virenscanner** Zur Prüfung der eMail und der Inhalte auf Schadcode, in unserem Fall übernimmt dies das freie Projekt **ClamAV**
 +  * **Spamassassin** Zur Prüfung der eMail auf unerwünschte Inhalte (SPAM und UCE)
 +
 +===== Installation =====
 +Wie gerade schon erwähnt, stellt **AMaViS** das Frontend-System zur Verfügung. Daher werden wir im ersten Schritt mit der Installation von **amavisd-new** beginnen. Es ist natürlich klar, dass ohne die Backend-Systeme wie **SpamAssassin** oder **ClamAV**, der Einsatz von **AMaViS** nicht gerade viel bringt, sehen wir mal von der Möglichkeit vom Einfügen der **DKIM-Signaturen** ab. Auf diese gehen wir später in einem gesonderten [[centos:mail_c6:mta_9|Kapitel]] ein.
 +
 +Für die Installation von **amavisd-new** und der zugehörigen Pakete nutzen wir am besten das Repository [[centos:rpmforge6|rpmforge]] - die Installation selbst nehmen wir mit Unterstützung von **yum** vor. 
 +   # yum install amavisd-new -y
 +
 +Was uns das Paket alle bei der Installation mitgebracht hat, zeigt uns ein Blick in das installierte **rpm**.
 +   # rpm -qil amavisd-new
 +<code>Name        : amavisd-new                  Relocations: (not relocatable)
 +Version     : 2.6.6                             Vendor: Dag Apt Repository, http://dag.wieers.com/apt/
 +Release     : 2.el6.rf                      Build Date: Fri 20 Jan 2012 11:44:48 PM CET
 +Install Date: Sun 10 Jun 2012 12:35:06 PM CEST      Build Host: lisse.hasselt.wieers.com
 +Group       : System Environment/Daemons    Source RPM: amavisd-new-2.6.6-2.el6.rf.src.rpm
 +Size        : 2796438                          License: GPL
 +Signature   : DSA/SHA1, Sat 21 Jan 2012 12:21:44 AM CET, Key ID a20e52146b8d79e6
 +Packager    : Dag Wieers <dag@wieers.com>
 +URL         : http://www.ijs.si/software/amavisd/
 +Summary     : Mail virus-scanner
 +Description :
 +AMaViS is a program that interfaces a mail transfer agent (MTA) with
 +one or more virus scanners.
 +
 +Amavisd-new is a branch created by Mark Martinec that adds serveral
 +performance and robustness features. It's partly based on
 +work being done on the official amavisd branch. Please see the
 +README.amavisd-new-RELNOTES file for a detailed description.
 +/etc/amavisd.conf
 +/etc/cron.daily/amavisd
 +/etc/logrotate.d/amavisd
 +/etc/openldap/schema/amavisd-new.schema
 +/etc/rc.d/init.d/amavisd
 +/etc/sysconfig/amavisd
 +/usr/sbin/amavisd
 +/usr/sbin/amavisd-agent
 +/usr/sbin/amavisd-nanny
 +/usr/sbin/amavisd-release
 +/usr/sbin/p0f-analyzer
 +/usr/share/doc/amavisd-new-2.6.6
 +/usr/share/doc/amavisd-new-2.6.6/AAAREADME.first
 +/usr/share/doc/amavisd-new-2.6.6/LDAP.schema
 +/usr/share/doc/amavisd-new-2.6.6/LICENSE
 +/usr/share/doc/amavisd-new-2.6.6/MANIFEST
 +/usr/share/doc/amavisd-new-2.6.6/README.banned
 +/usr/share/doc/amavisd-new-2.6.6/README.chroot
 +/usr/share/doc/amavisd-new-2.6.6/README.contributed
 +/usr/share/doc/amavisd-new-2.6.6/README.courier
 +/usr/share/doc/amavisd-new-2.6.6/README.courier-old
 +/usr/share/doc/amavisd-new-2.6.6/README.customize
 +/usr/share/doc/amavisd-new-2.6.6/README.exim_v3
 +/usr/share/doc/amavisd-new-2.6.6/README.exim_v3_app
 +/usr/share/doc/amavisd-new-2.6.6/README.exim_v4
 +/usr/share/doc/amavisd-new-2.6.6/README.exim_v4_app
 +/usr/share/doc/amavisd-new-2.6.6/README.exim_v4_app2
 +/usr/share/doc/amavisd-new-2.6.6/README.ldap
 +/usr/share/doc/amavisd-new-2.6.6/README.lookups
 +/usr/share/doc/amavisd-new-2.6.6/README.milter
 +/usr/share/doc/amavisd-new-2.6.6/README.old.scanners
 +/usr/share/doc/amavisd-new-2.6.6/README.performance
 +/usr/share/doc/amavisd-new-2.6.6/README.policy-on-notifications
 +/usr/share/doc/amavisd-new-2.6.6/README.postfix
 +/usr/share/doc/amavisd-new-2.6.6/README.postfix.html
 +/usr/share/doc/amavisd-new-2.6.6/README.protocol
 +/usr/share/doc/amavisd-new-2.6.6/README.sendmail
 +/usr/share/doc/amavisd-new-2.6.6/README.sendmail-dual
 +/usr/share/doc/amavisd-new-2.6.6/README.sendmail-dual.old
 +/usr/share/doc/amavisd-new-2.6.6/README.sql
 +/usr/share/doc/amavisd-new-2.6.6/README.sql-mysql
 +/usr/share/doc/amavisd-new-2.6.6/README.sql-pg
 +/usr/share/doc/amavisd-new-2.6.6/RELEASE_NOTES
 +/usr/share/doc/amavisd-new-2.6.6/amavisd-new-docs.html
 +/usr/share/doc/amavisd-new-2.6.6/amavisd.conf
 +/usr/share/doc/amavisd-new-2.6.6/amavisd.conf-default
 +/usr/share/doc/amavisd-new-2.6.6/amavisd.conf-sample
 +/usr/share/doc/amavisd-new-2.6.6/amavisd.conf.orig
 +/usr/share/doc/amavisd-new-2.6.6/images
 +/usr/share/doc/amavisd-new-2.6.6/images/blank.png
 +/usr/share/doc/amavisd-new-2.6.6/images/callouts
 +/usr/share/doc/amavisd-new-2.6.6/images/callouts/1.png
 +/usr/share/doc/amavisd-new-2.6.6/images/callouts/10.png
 +/usr/share/doc/amavisd-new-2.6.6/images/callouts/11.png
 +/usr/share/doc/amavisd-new-2.6.6/images/callouts/12.png
 +/usr/share/doc/amavisd-new-2.6.6/images/callouts/13.png
 +/usr/share/doc/amavisd-new-2.6.6/images/callouts/14.png
 +/usr/share/doc/amavisd-new-2.6.6/images/callouts/15.png
 +/usr/share/doc/amavisd-new-2.6.6/images/callouts/2.png
 +/usr/share/doc/amavisd-new-2.6.6/images/callouts/3.png
 +/usr/share/doc/amavisd-new-2.6.6/images/callouts/4.png
 +/usr/share/doc/amavisd-new-2.6.6/images/callouts/5.png
 +/usr/share/doc/amavisd-new-2.6.6/images/callouts/6.png
 +/usr/share/doc/amavisd-new-2.6.6/images/callouts/7.png
 +/usr/share/doc/amavisd-new-2.6.6/images/callouts/8.png
 +/usr/share/doc/amavisd-new-2.6.6/images/callouts/9.png
 +/usr/share/doc/amavisd-new-2.6.6/images/caution.png
 +/usr/share/doc/amavisd-new-2.6.6/images/draft.png
 +/usr/share/doc/amavisd-new-2.6.6/images/home.png
 +/usr/share/doc/amavisd-new-2.6.6/images/important.png
 +/usr/share/doc/amavisd-new-2.6.6/images/next.png
 +/usr/share/doc/amavisd-new-2.6.6/images/note.png
 +/usr/share/doc/amavisd-new-2.6.6/images/prev.png
 +/usr/share/doc/amavisd-new-2.6.6/images/tip.png
 +/usr/share/doc/amavisd-new-2.6.6/images/toc-blank.png
 +/usr/share/doc/amavisd-new-2.6.6/images/toc-minus.png
 +/usr/share/doc/amavisd-new-2.6.6/images/toc-plus.png
 +/usr/share/doc/amavisd-new-2.6.6/images/up.png
 +/usr/share/doc/amavisd-new-2.6.6/images/warning.png
 +/usr/share/doc/amavisd-new-2.6.6/screen.css
 +/usr/share/doc/amavisd-new-2.6.6/test-messages
 +/usr/share/doc/amavisd-new-2.6.6/test-messages/README
 +/usr/share/doc/amavisd-new-2.6.6/test-messages/sample.tar.gz.compl
 +/var/amavis
 +/var/amavis/db
 +/var/amavis/tmp
 +/var/amavis/var
 +/var/log/amavis.log
 +/var/virusmails
 +</code>
 +
 +
 +===== Grundkonfiguration =====
 +Für die weitere Viren- und Spam-Prüfung der uns angetragenen elektronischen Post, verwenden wir die **smtp_proxy_filter**-Funktionen, also die //Pre-Queue// unseres Postfixes. Somit können wir die Nachricht in Echtzeit filtern und wenn uns diese "//nicht gefällt//", einfach abweisen.
 +
 +Der externe Mailserver versucht mit unserer neuen Konfiguration eine eMail bei uns auf Port **25** abzusetzen. Unser Postfix reicht diese direkt an den Port 10024 unseres **AMaViS-Daemon** weiter, der die Nachricht //on-the-fly// weiteren daemons zum Virenscanner und Spambewerten unterzieht. Wird dabei die Nachricht für **O.K.** befunden, so reicht **AMaViS** die Mail zurück an den Postfix auf Port 10025, oder signalisiert **Postfix**, dass die Nachricht O.K. ist und der externe SMTP-Dialog erfolgreich zu Ende gebracht werden kann.
 +
 +==== AMaViS ====
 +Im ersten Schritt definieren wir also die ersten drei Parameter, **Hostnamen**, **Domäne** und **Port** in der Konfigurationsdatei unter **/etc/amavisd.conf**. 
 +   # vim /etc/amavisd.conf
 +<code>...
 +
 +# Django : 2012-05-21
 +# default: $mydomain = 'example.com';
 +$mydomain = 'nausch.org';               # a convenient default for other settings
 +
 +...
 +
 +# Django : 2012-05-21
 +# default: $log_level = 0;
 +$log_level = 3;                         # verbosity 0..5, -d
 +
 +...
 +
 +# Django : 2012-05-21
 +# @mynetworks = qw( 127.0.0.0/8 [::1] [FE80::]/10 [FEC0::]/10
 +#                   10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 );
 +@mynetworks = qw( 127.0.0.0/8 10.0.0.0/24 );
 +
 +...
 +
 +# Django : 2012-05-21
 +# default: unset             # listening only on localhost
 +$inet_socket_bind = '*';     # listen on this port 10024 on all network-interfaces
 +
 +# Django : 2012-05-21
 +# default: @inet_acl = qw( 127.0.0.1 ::1 );
 +@inet_acl = qw( 127.0.0.1 10.0.0.80/32 );  # access allowed from this hosts
 +
 +...
 +
 +# Django : 2012-05-21
 +# default: $sa_tag2_level_deflt = 6.2;
 +$sa_tag2_level_deflt = 6.31;  # add 'spam detected' headers at that level
 +# Django : 2012-05-21
 +# default: $sa_kill_level_deflt = 6.9;
 +$sa_kill_level_deflt = 6.31;  # triggers spam evasive actions (e.g. blocks mail)
 +
 +...
 +
 +# Django : 2010-05-21
 +# default: unset 
 +$myhostname = 'amavis.dmz.nausch.org';  # must be a fully-qualified domain name!
 +
 +...
 +
 +# Django : 2010-05-21
 +# definiert wohin der amavisd-new SMTP-Client überprüfte eMails senden soll
 +# default: # $notify_method  = 'smtp:[127.0.0.1]:10025';
 +$notify_method  = 'smtp:[mail.dmz.nausch.org]:10025';
 +# Django : 2010-05-21
 +# definiert wohin der amavisd-new SMTP-Client Benachrichtigungen, also die zu überprüften eMails, senden soll.
 +# default: # $forward_method = 'smtp:[127.0.0.1]:10025';
 +$forward_method = 'smtp:[mail.dmz.nausch.org]:10025';  # set to undef with milter!
 +
 +...
 +
 +</code>
 +
 +
 +==== Postfix ====
 +Wie schon beim Punkt [[centos:mail_c6:spam_3#grundlagen|Grundlagen]] beschrieben, erweitern wir nun unsere Postfixkonfiguration so, dass die zwei Ports **10024** und **10025** von Postfix bedient werden.
 +
 +Bei der Konfiguration unseres Postfix-Mailservers kommt es nun darauf an, ob **Postfix** und **AMaViS** auf einem Host betrieben wird, oder ob beide Daemons auf getrennten Hosts laufen.
 +
 +=== single based host ===
 +Im ersten Beispiel gehen wir auf die Konfiguration beider Daemon auf einem gemeinsamen Host ein.
 +Die Konfiguration selbst wird in der Konfigurationsdatei **master.cf** vorgenommen - wir erweitern also die Datei **/etc/postfix/master.cf** wie folgt.
 +   # vim /etc/postfix/master.cf
 +<code bash>#
 +# Postfix master process configuration file.  For details on the format
 +# of the file, see the master(5) manual page (command: "man 5 master").
 +#
 +# ==========================================================================
 +# service       type  private unpriv  chroot  wakeup  maxproc command + args
 +#                     (yes)   (yes)   (yes)   (never) (100)
 +# ==========================================================================
 +smtp            inet  n                               smtpd
 +# Django : 2012-05-21
 +# AMaViS-Intergration als smtpd_proxy_filter
 +        -o smtpd_proxy_filter=localhost:10024
 +        -o content_filter=
 +
 +# Django : 2012-05-21
 +# AMaViS-Intergration als smtpd_proxy_filter
 +localhost:10025 inet  n                               smtpd
 +        -o content_filter=
 +        -o smtpd_proxy_filter=
 +        -o smtpd_authorized_xforward_hosts=127.0.0.0/8
 +        -o smtp_client_restrictions=
 +        -o smtp_helo_restrictions=
 +        -o smtp_sender_restrictions=
 +        -o smtpd_recipient_restrictions=permit_mynetworks,reject
 +        -o smtp_data_restrictions=
 +        -o mynetworks=127.0.0.0/8
 +        -o receive_override_options=no_unknown_recipient_checks
 +</code>
 +
 +=== dual based host ===
 +Laufen **Postfix** und **AMaViS** auf zwei getrennten Maschinen, sieht die Konfiguration geringfügig anders aus. Auf dem Host **10.0.0.80** läuft in dem Beispiel **Postfix** und auf dem Host  **10.0.0.60** **AMaViS**.
 +   # vim /etc/postfix/master.cf
 +<code bash>#
 +# Postfix master process configuration file.  For details on the format
 +# of the file, see the master(5) manual page (command: "man 5 master").
 +#
 +# ==========================================================================
 +# service       type  private unpriv  chroot  wakeup  maxproc command + args
 +#                     (yes)   (yes)   (yes)   (never) (100)
 +# ==========================================================================
 +smtp            inet  n                               smtpd
 +# Django : 2012-05-21
 +# AMaViS-Intergration als smtpd_proxy_filter
 +          -o smtpd_proxy_filter=10.0.0.60:10024
 +          -o content_filter=
 +
 +# Django : 2012-05-21
 +# AMaViS-Intergration als smtpd_proxy_filter
 +10.0.0.80:10025 inet  n                               smtpd
 +          -o content_filter=
 +          -o smtpd_proxy_filter=
 +          -o smtpd_authorized_xforward_hosts=10.0.0.60/32
 +          -o smtp_client_restrictions=
 +          -o smtp_helo_restrictions=
 +          -o smtp_sender_restrictions=
 +          -o smtpd_recipient_restrictions=permit_mynetworks,reject
 +          -o smtp_data_restrictions=
 +          -o mynetworks=10.0.0.60/32
 +          -o receive_override_options=no_unknown_recipient_checks
 +</code>
 +
 +===== erster Programmstart - Aktivierung der Konfiguration =====
 +==== AMaViS ====
 +Nun ist es an der Zeit, unser **AMaViS**-System das erste mal zu starten.
 +   # service amavisd start
 +
 +   Starting Mail Virus Scanner (amavisd):                      OK  ]
 +
 +Im Maillog wird uns der Start entsprechend quittiert.
 +<code>Jun 10 19:00:24 vml000060 amavis[14167]: logging initialized, log level 3, syslog: amavis.mail
 +Jun 10 19:00:24 vml000060 amavis[14167]: starting.  /usr/sbin/amavisd at amavis.dmz.nausch.org amavisd-new-2.6.6 (20110518), Unicode aware, LANG="en_US.UTF-8"
 +Jun 10 19:00:24 vml000060 amavis[14167]: user=497, EUID: 497 (497);  group=, EGID: 494 494 (494 494)
 +Jun 10 19:00:24 vml000060 amavis[14167]: Perl version               5.010001
 +Jun 10 19:00:25 vml000060 amavis[14167]: SpamControl: scanner SpamAssassin, module Amavis::SpamControl::SpamAssassin
 +Jun 10 19:00:25 vml000060 amavis[14167]: INFO: SA version: 3.3.1, 3.003001, no optional modules: Net::CIDR::Lite Sys::Hostname::Long Razor2::Client::Agent IP::Country::Fast Image::Info Image::Info::GIF Image::Info::JPEG Image::Info::PNG Image::Info::TIFF Mail::SPF Mail::SPF::Server Mail::SPF::Request Mail::SPF::Mech Mail::SPF::Mech::A Mail::SPF::Mech::PTR Mail::SPF::Mech::All Mail::SPF::Mech::Exists Mail::SPF::Mech::IP4 Mail::SPF::Mech::IP6 Mail::SPF::Mech::Include Mail::SPF::Mech::MX Mail::SPF::Mod Mail::SPF::Mod::Exp Mail::SPF::Mod::Redirect Mail::SPF::SenderIPAddrMech Mail::SPF::v1::Record Mail::SPF::v2::Record Error
 +Jun 10 19:00:25 vml000060 amavis[14167]: SpamControl: init_pre_chroot on SpamAssassin done
 +Jun 10 19:00:25 vml000060 amavis[14168]: Net::Server: Process Backgrounded
 +Jun 10 19:00:25 vml000060 amavis[14168]: Net::Server: 2012/06/10-19:00:25 Amavis (type Net::Server::PreForkSimple) starting! pid(14168)
 +Jun 10 19:00:25 vml000060 amavis[14168]: Net::Server: Using default listen value of 128
 +Jun 10 19:00:25 vml000060 amavis[14168]: Net::Server: Binding to UNIX socket file /var/amavis/amavisd.sock using SOCK_STREAM
 +Jun 10 19:00:25 vml000060 amavis[14168]: Net::Server: Binding to TCP port 10024 on host 127.0.0.1
 +Jun 10 19:00:25 vml000060 amavis[14168]: Net::Server: Group Not Defined.  Defaulting to EGID '494 494'
 +Jun 10 19:00:25 vml000060 amavis[14168]: Net::Server: User Not Defined.  Defaulting to EUID '497'
 +Jun 10 19:00:25 vml000060 amavis[14168]: config files read: /etc/amavisd.conf
 +Jun 10 19:00:25 vml000060 amavis[14168]: Module Amavis::Conf        2.209
 +Jun 10 19:00:25 vml000060 amavis[14168]: Module Archive::Zip        1.30
 +Jun 10 19:00:25 vml000060 amavis[14168]: Module BerkeleyDB          0.43
 +Jun 10 19:00:25 vml000060 amavis[14168]: Module Compress::Zlib      2.02
 +Jun 10 19:00:25 vml000060 amavis[14168]: Module Convert::TNEF       0.17
 +Jun 10 19:00:25 vml000060 amavis[14168]: Module Convert::UUlib      1.34
 +Jun 10 19:00:25 vml000060 amavis[14168]: Module Crypt::OpenSSL::RSA 0.25
 +Jun 10 19:00:25 vml000060 amavis[14168]: Module DB_File             1.82
 +Jun 10 19:00:25 vml000060 amavis[14168]: Module Digest::MD5         2.39
 +Jun 10 19:00:25 vml000060 amavis[14168]: Module Digest::SHA         5.47
 +Jun 10 19:00:25 vml000060 amavis[14168]: Module IO::Socket::INET6   2.56
 +Jun 10 19:00:25 vml000060 amavis[14168]: Module MIME::Entity        5.427
 +Jun 10 19:00:25 vml000060 amavis[14168]: Module MIME::Parser        5.427
 +Jun 10 19:00:25 vml000060 amavis[14168]: Module MIME::Tools         5.427
 +Jun 10 19:00:25 vml000060 amavis[14168]: Module Mail::DKIM::Signer  0.37
 +Jun 10 19:00:25 vml000060 amavis[14168]: Module Mail::DKIM::Verifier 0.37
 +Jun 10 19:00:25 vml000060 amavis[14168]: Module Mail::Header        2.04
 +Jun 10 19:00:25 vml000060 amavis[14168]: Module Mail::Internet      2.04
 +Jun 10 19:00:25 vml000060 amavis[14168]: Module Mail::SpamAssassin  3.003001
 +Jun 10 19:00:25 vml000060 amavis[14168]: Module Net::DNS            0.65
 +Jun 10 19:00:25 vml000060 amavis[14168]: Module Net::Server         0.99
 +Jun 10 19:00:25 vml000060 amavis[14168]: Module NetAddr::IP         4.027
 +Jun 10 19:00:25 vml000060 amavis[14168]: Module Socket6             0.23
 +Jun 10 19:00:25 vml000060 amavis[14168]: Module Time::HiRes         1.9721
 +Jun 10 19:00:25 vml000060 amavis[14168]: Module URI                 1.40
 +Jun 10 19:00:25 vml000060 amavis[14168]: Module Unix::Syslog        1.1
 +Jun 10 19:00:25 vml000060 amavis[14168]: Amavis::DB code      loaded
 +Jun 10 19:00:25 vml000060 amavis[14168]: Amavis::Cache code   loaded
 +Jun 10 19:00:25 vml000060 amavis[14168]: SQL base code        NOT loaded
 +Jun 10 19:00:25 vml000060 amavis[14168]: SQL::Log code        NOT loaded
 +Jun 10 19:00:25 vml000060 amavis[14168]: SQL::Quarantine      NOT loaded
 +Jun 10 19:00:25 vml000060 amavis[14168]: Lookup::SQL code     NOT loaded
 +Jun 10 19:00:25 vml000060 amavis[14168]: Lookup::LDAP code    NOT loaded
 +Jun 10 19:00:25 vml000060 amavis[14168]: AM.PDP-in proto code loaded
 +Jun 10 19:00:25 vml000060 amavis[14168]: SMTP-in proto code   loaded
 +Jun 10 19:00:25 vml000060 amavis[14168]: Courier proto code   NOT loaded
 +Jun 10 19:00:25 vml000060 amavis[14168]: SMTP-out proto code  loaded
 +Jun 10 19:00:25 vml000060 amavis[14168]: Pipe-out proto code  NOT loaded
 +Jun 10 19:00:25 vml000060 amavis[14168]: BSMTP-out proto code NOT loaded
 +Jun 10 19:00:25 vml000060 amavis[14168]: Local-out proto code loaded
 +Jun 10 19:00:25 vml000060 amavis[14168]: OS_Fingerprint code  NOT loaded
 +Jun 10 19:00:25 vml000060 amavis[14168]: ANTI-VIRUS code      loaded
 +Jun 10 19:00:25 vml000060 amavis[14168]: ANTI-SPAM code       loaded
 +Jun 10 19:00:25 vml000060 amavis[14168]: ANTI-SPAM-EXT code   NOT loaded
 +Jun 10 19:00:25 vml000060 amavis[14168]: ANTI-SPAM-C code     NOT loaded
 +Jun 10 19:00:25 vml000060 amavis[14168]: ANTI-SPAM-SA code    loaded
 +Jun 10 19:00:25 vml000060 amavis[14168]: Unpackers code       loaded
 +Jun 10 19:00:25 vml000060 amavis[14168]: DKIM code            loaded
 +Jun 10 19:00:25 vml000060 amavis[14168]: Tools code           NOT loaded
 +Jun 10 19:00:25 vml000060 amavis[14168]: Found $file            at /usr/bin/file
 +Jun 10 19:00:25 vml000060 amavis[14168]: Found $altermime       at /usr/bin/altermime
 +Jun 10 19:00:25 vml000060 amavis[14168]: Internal decoder for .mail
 +Jun 10 19:00:25 vml000060 amavis[14168]: Internal decoder for .asc 
 +Jun 10 19:00:25 vml000060 amavis[14168]: Internal decoder for .uue 
 +Jun 10 19:00:25 vml000060 amavis[14168]: Internal decoder for .hqx 
 +Jun 10 19:00:25 vml000060 amavis[14168]: Internal decoder for .ync 
 +Jun 10 19:00:25 vml000060 amavis[14168]: Found decoder for    .F    at /usr/bin/unfreeze
 +Jun 10 19:00:25 vml000060 amavis[14168]: Found decoder for    .Z    at /usr/bin/uncompress
 +Jun 10 19:00:25 vml000060 amavis[14168]: Found decoder for    .gz   at /usr/bin/gzip -d
 +Jun 10 19:00:25 vml000060 amavis[14168]: Internal decoder for .gz   (backup, not used)
 +Jun 10 19:00:25 vml000060 amavis[14168]: Found decoder for    .bz2  at /usr/bin/bzip2 -d
 +Jun 10 19:00:25 vml000060 amavis[14168]: Found decoder for    .lzo  at /usr/bin/lzop -d
 +Jun 10 19:00:25 vml000060 amavis[14168]: Found decoder for    .rpm  at /usr/bin/rpm2cpio
 +Jun 10 19:00:25 vml000060 amavis[14168]: Found decoder for    .cpio at /bin/cpio
 +Jun 10 19:00:25 vml000060 amavis[14168]: Found decoder for    .tar  at /bin/cpio
 +Jun 10 19:00:25 vml000060 amavis[14168]: Found decoder for    .deb  at /usr/bin/ar
 +Jun 10 19:00:25 vml000060 amavis[14168]: Internal decoder for .zip 
 +Jun 10 19:00:25 vml000060 amavis[14168]: Found decoder for    .7z   at /usr/bin/7za
 +Jun 10 19:00:25 vml000060 amavis[14168]: Found decoder for    .rar  at /usr/bin/unrar
 +Jun 10 19:00:25 vml000060 amavis[14168]: Found decoder for    .arj  at /usr/bin/arj
 +Jun 10 19:00:25 vml000060 amavis[14168]: Found decoder for    .arc  at /usr/bin/nomarch
 +Jun 10 19:00:25 vml000060 amavis[14168]: Found decoder for    .zoo  at /usr/bin/zoo
 +Jun 10 19:00:25 vml000060 amavis[14168]: Found decoder for    .lha  at /usr/bin/lha
 +Jun 10 19:00:25 vml000060 amavis[14168]: Found decoder for    .cab  at /usr/bin/cabextract
 +Jun 10 19:00:25 vml000060 amavis[14168]: No decoder for       .tnef tried: tnef
 +Jun 10 19:00:25 vml000060 amavis[14168]: Internal decoder for .tnef
 +Jun 10 19:00:25 vml000060 amavis[14168]: Found decoder for    .exe  at /usr/bin/unrar; /usr/bin/lha; /usr/bin/arj
 +Jun 10 19:00:25 vml000060 amavis[14168]: No primary av scanner: KasperskyLab AVP - aveclient
 +Jun 10 19:00:25 vml000060 amavis[14168]: No primary av scanner: KasperskyLab AntiViral Toolkit Pro (AVP)
 +Jun 10 19:00:25 vml000060 amavis[14168]: No primary av scanner: KasperskyLab AVPDaemonClient
 +Jun 10 19:00:25 vml000060 amavis[14168]: No primary av scanner: CentralCommand Vexira (new) vascan
 +Jun 10 19:00:25 vml000060 amavis[14168]: No primary av scanner: Avira AntiVir
 +Jun 10 19:00:25 vml000060 amavis[14168]: No primary av scanner: Command AntiVirus for Linux
 +Jun 10 19:00:25 vml000060 amavis[14168]: No primary av scanner: Symantec CarrierScan via Symantec CommandLineScanner
 +Jun 10 19:00:25 vml000060 amavis[14168]: No primary av scanner: Symantec AntiVirus Scan Engine
 +Jun 10 19:00:25 vml000060 amavis[14168]: No primary av scanner: F-Secure Antivirus for Linux servers
 +Jun 10 19:00:25 vml000060 amavis[14168]: No primary av scanner: CAI InoculateIT
 +Jun 10 19:00:25 vml000060 amavis[14168]: No primary av scanner: CAI eTrust Antivirus
 +Jun 10 19:00:25 vml000060 amavis[14168]: No primary av scanner: MkS_Vir for Linux (beta)
 +Jun 10 19:00:25 vml000060 amavis[14168]: No primary av scanner: MkS_Vir daemon
 +Jun 10 19:00:25 vml000060 amavis[14168]: No primary av scanner: ESET Software ESETS Command Line Interface
 +Jun 10 19:00:25 vml000060 amavis[14168]: No primary av scanner: ESET NOD32 for Linux File servers
 +Jun 10 19:00:25 vml000060 amavis[14168]: No primary av scanner: Norman Virus Control v5 / Linux
 +Jun 10 19:00:25 vml000060 amavis[14168]: No primary av scanner: Panda CommandLineSecure 9 for Linux
 +Jun 10 19:00:25 vml000060 amavis[14168]: No primary av scanner: NAI McAfee AntiVirus (uvscan)
 +Jun 10 19:00:25 vml000060 amavis[14168]: No primary av scanner: VirusBuster
 +Jun 10 19:00:25 vml000060 amavis[14168]: No primary av scanner: CyberSoft VFind
 +Jun 10 19:00:25 vml000060 amavis[14168]: No primary av scanner: avast! Antivirus
 +Jun 10 19:00:25 vml000060 amavis[14168]: No primary av scanner: Ikarus AntiVirus for Linux
 +Jun 10 19:00:25 vml000060 amavis[14168]: No primary av scanner: BitDefender
 +Jun 10 19:00:25 vml000060 amavis[14168]: No primary av scanner: BitDefender
 +Jun 10 19:00:25 vml000060 amavis[14168]: No primary av scanner: ArcaVir for Linux
 +Jun 10 19:00:25 vml000060 amavis[14168]: No secondary av scanner: ClamAV-clamscan
 +Jun 10 19:00:25 vml000060 amavis[14168]: No secondary av scanner: F-PROT Antivirus for UNIX
 +Jun 10 19:00:25 vml000060 amavis[14168]: No secondary av scanner: FRISK F-Prot Antivirus
 +Jun 10 19:00:25 vml000060 amavis[14168]: No secondary av scanner: Trend Micro FileScanner
 +Jun 10 19:00:25 vml000060 amavis[14168]: No secondary av scanner: drweb - DrWeb Antivirus
 +Jun 10 19:00:25 vml000060 amavis[14168]: No secondary av scanner: Kaspersky Antivirus v5.5
 +Jun 10 19:00:25 vml000060 amavis[14168]: Creating db in /var/amavis/db/; BerkeleyDB 0.43, libdb 4.7
 +Jun 10 19:00:25 vml000060 amavis[14168]: initializing Mail::SpamAssassin
 +Jun 10 19:00:25 vml000060 amavis[14168]: SpamAssassin debug facilities: info
 +Jun 10 19:00:28 vml000060 amavis[14168]: SA info: rules: meta test FROM_41_FREEMAIL has dependency 'NSL_RCVD_FROM_41' with a zero score
 +Jun 10 19:00:28 vml000060 amavis[14168]: SpamAssassin loaded plugins: AutoLearnThreshold, Bayes, BodyEval, Check, DKIM, DNSEval, FreeMail, HTMLEval, HTTPSMismatch, Hashcash, HeaderEval, ImageInfo, MIMEEval, MIMEHeader, Pyzor, Razor2, RelayEval, ReplaceTags, SPF, SpamCop, URIDNSBL, URIDetail, URIEval, VBounce, WLBLEval, WhiteListSubject
 +Jun 10 19:00:28 vml000060 amavis[14168]: SpamControl: init_pre_fork on SpamAssassin done
 +Jun 10 19:00:28 vml000060 amavis[14168]: extra modules loaded after daemonizing/chrooting: Mail/SpamAssassin/Plugin/FreeMail.pm
 +Jun 10 19:00:28 vml000060 amavis[14182]: TIMING [total 14 ms] - bdb-open: 14 (100%)100, rundown: 0 (0%)100
 +Jun 10 19:00:28 vml000060 amavis[14183]: TIMING [total 13 ms] - bdb-open: 13 (100%)100, rundown: 0 (0%)100
 +</code>
 +Die Meldungen **No primary av scanner** und **No secondary av scanner** braucht uns nicht zu beunruhigen, schließlich haben wir noch keinen // **AV-Scanner** // installiert. Dies werden wir erst im nächsten [[|Kapitel]] vornehmen.
 +
 +Über den Port **10024** sollte nun unser daemon ansprechbar sein. Was wir auch sehr einfach mittels **lsof** überprüfen können:
 +   # lsof -i :10024
 +<code>COMMAND   PID   USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
 +amavisd 14168 amavis    5u  IPv4  57830      0t0  TCP localhost:10024 (LISTEN)
 +amavisd 14182 amavis    5u  IPv4  57830      0t0  TCP localhost:10024 (LISTEN)
 +amavisd 14183 amavis    5u  IPv4  57830      0t0  TCP localhost:10024 (LISTEN)
 +</code>
 +
 +Via **netstat -tulpen** können wir ebenfalls abfragen, ob der amavis-Daemon läuft.
 +   # netstat -tulpen | grep 10024
 +
 +   tcp        0      0 127.0.0.1:10024             0.0.0.0:                  LISTEN      497        57830      14168/amavisd (mast
 +
 +Via **telnet localhost 10024** können wir uns nun zum virusscanner-daemon verbinden.
 +   # telnet localhost 10024
 +<code>Trying 127.0.0.1...
 +Connected to localhost.
 +Escape character is '^]'.
 +220 [127.0.0.1] ESMTP amavisd-new service ready
 +quit
 +221 2.0.0 [127.0.0.1] amavisd-new closing transmission channel
 +Connection closed by foreign host.
 +</code>
 +
 +==== Postfix ====
 +Zum Aktivieren der Konfigurationsänderung am **Postfix**-Mailserver starten wir diesen einmal durch.
 +   # service postfix restart
 +
 +   Shutting down postfix:                                      OK  ]
 +   Starting postfix:                                          [  OK  ]
 +
 +Ob nun neben unserem Standard SMTP-Port **25** auch der weitere **10025** können wir nun wie folgt überprüfen.
 +   # netstat -tulpen | grep master
 +
 +   tcp        0      0 10.0.0.80:10025             0.0.0.0:                  LISTEN      0          86905      24751/master        
 +   tcp        0      0 0.0.0.0:25                  0.0.0.0:                  LISTEN      0          86898      24751/master
 +
 +===== iptables Paketfilter =====
 +Betreiben wir unseren **AMaViS**-Host und unseren **Postfix**-Mailserver auf zwei getrennten Hosts müssen wir noch unsere Paketfilter entsprechend anpassen.
 +
 +==== AMaVis ====
 +Für die Einlieferung der Nachrichten auf Port 10024 öffnen wir nun Port **10024** auf unserem AMaViS-Host, so dass der Postfix-Mailserver mit der IP **10.0.0.80** diesen Port auch erreichen kann.
 +
 +Hierzu tragen wir folgende Zeile in die Konfigurationsdatei ** /etc/sysconfig/iptables ** ein.
 +   # vim /etc/sysconfig/iptables
 +<code bash># Django : 2012-05-21 Port 10024 für den Postfix-Mailserver in der DMZ geöffnet 
 +-A INPUT -m state --state NEW -m tcp -i eth0 -s 10.0.0.80 -p tcp --dport 10024 -j ACCEPT
 +# Django : end
 +</code>
 +
 +Anschließend starten wir den Paketfilter einmal durch.
 +   # service iptables restart
 +
 +   iptables: Flushing firewall rules:                          OK  ]
 +   iptables: Setting chains to policy ACCEPT: filter          [  OK  ]
 +   iptables: Unloading modules:                                OK  ]
 +   iptables: Applying firewall rules:                          OK  ]
 +
 +Nun können wir vom Postfix-Mailserver aus den AMaVS-Host auf Port 10024 erreichen.
 +   # telnet amavis.dmz.nausch.org 10024
 +<code>Trying 10.0.0.60...
 +Connected to amavis.dmz.nausch.org.
 +Escape character is '^]'.
 +220 [10.0.0.60] ESMTP amavisd-new service ready
 +quit
 +221 2.0.0 [10.0.0.60] amavisd-new closing transmission channel
 +Connection closed by foreign host.
 +</code>
 +
 +==== Postfix ====
 +Für die Rückleitung der Nachrichten auf Port 10025 öffnen wir nun Port **10025** auf unserem Postfix-Mailserver, so dass der AMaViS-Host mit der IP **10.0.0.60** diesen Port auch erreichen kann.
 +
 +Hierzu tragen wir folgende Zeile in die Konfigurationsdatei ** /etc/sysconfig/iptables ** ein.
 +   # vim /etc/sysconfig/iptables
 +<code bash># Django : 2012-05-21 Port 10025 für die Rückleitung der AMaViS-Verbindung in der DMZ geöffnet 
 +-A INPUT -m state --state NEW -m tcp -i eth0 -s 10.0.0.60 -p tcp --dport 10025 -j ACCEPT
 +# Django : end
 +</code>
 +
 +Anschließend starten wir den Paketfilter einmal durch.
 +   # service iptables restart
 +
 +   iptables: Flushing firewall rules:                          OK  ]
 +   iptables: Setting chains to policy ACCEPT: filter          [  OK  ]
 +   iptables: Unloading modules:                                OK  ]
 +   iptables: Applying firewall rules:                          OK  ]
 +
 +Nun können wir vom AMaViS-Host aus den Postfix-Mailserver auf Port 10025 erreichen.
 +
 +   # telnet mail.dmz.nausch.org 10025
 +<code>Trying 10.0.0.80...
 +Connected to mail.dmz.nausch.org.
 +Escape character is '^]'.
 +220 mx1.nausch.org ESMTP Postfix
 +quit 
 +221 2.0.0 Bye
 +Connection closed by foreign host.
 +</code>
 +
 +===== automatisches Starten des Dienste beim Systemstart ===== 
 +Damit nun unser AMaViS-Server beim Booten automatisch gestartet wird, nehmen wir noch folgende Konfigurationsschritte vor.
 +   # chkconfig amavisd on
 +Anschließend überprüfen wir noch unsere Änderung:
 +   # chkconfig --list | grep amavisd
 +
 +   amavisd        0:off 1:off 2:on 3:on 4:on 5:on 6:off
 +
 +
 +===== vorläufige Konfiguration =====
 +Bevor wir uns nun an die Konfiguration der beiden Backend-Systeme [[centos:mail_c6:spam_5|SpamAssassin]] und [[centos:mail_c6:spam_4|ClamAV]] befassen, werfen wir noch einen abschließenden Blick in die vorläufige Konfigurationsdatei.
 +   # vim /etc/amavisd.conf
 +<file perl /etc/amavisd.conf>use strict;
 +
 +# a minimalistic configuration file for amavisd-new with all necessary settings
 +#
 +#   see amavisd.conf-default for a list of all variables with their defaults;
 +#   see amavisd.conf-sample for a traditional-style commented file;
 +#   for more details see documentation in INSTALL, README_FILES/*
 +#   and at http://www.ijs.si/software/amavisd/amavisd-new-docs.html
 +
 +
 +# COMMONLY ADJUSTED SETTINGS:
 +
 +# @bypass_virus_checks_maps = (1);  # controls running of anti-virus code
 +# @bypass_spam_checks_maps  = (1);  # controls running of anti-spam code
 +# $bypass_decode_parts = 1;         # controls running of decoders&dearchivers
 +
 +$max_servers = 2;            # num of pre-forked children (2..30 is common), -m
 +$daemon_user  = "amavis";     # (no default;  customary: vscan or amavis), -u
 +$daemon_group = "amavis";     # (no default;  customary: vscan or amavis), -g
 +
 +# Django : 2012-05-21
 +# default: $mydomain = 'example.com';
 +$mydomain = 'nausch.org';    # a convenient default for other settings
 +
 +# Django : 2012-06-25 "by localhost" in den Haederzeilen durch "" ersetzen
 +# default: unset
 +$localhost_name = "";
 +
 +# $MYHOME = '/var/amavis';   # a convenient default for other settings, -H
 +$TEMPBASE = "$MYHOME/tmp";   # working directory, needs to exist, -T
 +$ENV{TMPDIR} = $TEMPBASE;    # environment variable TMPDIR, used by SA, etc.
 +$QUARANTINEDIR = "/var/virusmails";
 +# $quarantine_subdir_levels = 1;  # add level of subdirs to disperse quarantine
 +# $release_format = 'resend';     # 'attach', 'plain', 'resend'
 +# $report_format  = 'arf';        # 'attach', 'plain', 'resend', 'arf'
 +
 +# $daemon_chroot_dir = $MYHOME;   # chroot directory or undef, -R
 +
 +$db_home   = "$MYHOME/db";      # dir for bdb nanny/cache/snmp databases, -D
 +# $helpers_home = "$MYHOME/var";  # working directory for SpamAssassin, -S
 +# $lock_file = "$MYHOME/var/amavisd.lock";  # -L
 +# $pid_file  = "$MYHOME/var/amavisd.pid";   # -P
 +#NOTE: create directories $MYHOME/tmp, $MYHOME/var, $MYHOME/db manually
 +
 +# Django : 2012-05-21
 +# default: $log_level = 0;
 +$log_level = 3;      # verbosity 0..5, -d
 +$log_recip_templ = undef;    # disable by-recipient level-0 log entries
 +$DO_SYSLOG = 1;              # log via syslogd (preferred)
 +$syslog_facility = 'mail';   # Syslog facility as a string
 +           # e.g.: mail, daemon, user, local0, ... local7
 +$syslog_priority = 'debug';  # Syslog base (minimal) priority as a string,
 +           # choose from: emerg, alert, crit, err, warning, notice, info, debug
 +
 +$enable_db = 1;              # enable use of BerkeleyDB/libdb (SNMP and nanny)
 +$enable_global_cache = 1;    # enable use of libdb-based cache if $enable_db=1
 +$nanny_details_level = 2;    # nanny verbosity: 1: traditional, 2: detailed
 +$enable_dkim_verification = 1;  # enable DKIM signatures verification
 +$enable_dkim_signing = 1;    # load DKIM signing code, keys defined by dkim_key
 +
 +@local_domains_maps = ( [".$mydomain"] );  # list of all local domains
 +
 +# Django : 2012-05-21
 +# @mynetworks = qw( 127.0.0.0/8 [::1] [FE80::]/10 [FEC0::]/10
 +#                   10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 );
 +@mynetworks = qw( 127.0.0.0/8 10.0.0.0/24 );
 +
 +$unix_socketname = "$MYHOME/amavisd.sock";  # amavisd-release or amavis-milter
 +               # option(s) -p overrides $inet_socket_port and $unix_socketname
 +
 +$inet_socket_port = 10024;   # listen on this local TCP port(s)
 +# $inet_socket_port = [10024,10026];  # listen on multiple TCP ports
 +
 +# Django : 2012-05-21
 +# default: unset             # listening only on localhost
 +$inet_socket_bind = '*';     # listen on this port 10024 on all network-interfaces
 +
 +# Django : 2012-05-21
 +# default: @inet_acl = qw( 127.0.0.1 ::1 );
 +@inet_acl = qw( 127.0.0.1 10.0.0.80/32 );  # access allowed from this hosts
 +
 +$policy_bank{'MYNETS'} = {   # mail originating from @mynetworks
 +  originating => 1,  # is true in MYNETS by default, but let's make it explicit
 +  os_fingerprint_method => undef,  # don't query p0f for internal clients
 +};
 +
 +# it is up to MTA to re-route mail from authenticated roaming users or
 +# from internal hosts to a dedicated TCP port (such as 10026) for filtering
 +$interface_policy{'10026'} = 'ORIGINATING';
 +
 +$policy_bank{'ORIGINATING'} = {  # mail supposedly originating from our users
 +  originating => 1,  # declare that mail was submitted by our smtp client
 +  allow_disclaimers => 1,  # enables disclaimer insertion if available
 +  # notify administrator of locally originating malware
 +  virus_admin_maps => ["virusalert\@$mydomain"],
 +  spam_admin_maps  => ["virusalert\@$mydomain"],
 +  warnbadhsender   => 1,
 +  # forward to a smtpd service providing DKIM signing service
 +  forward_method => 'smtp:[127.0.0.1]:10027',
 +  # force MTA conversion to 7-bit (e.g. before DKIM signing)
 +  smtpd_discard_ehlo_keywords => ['8BITMIME'],
 +  bypass_banned_checks_maps => [1],  # allow sending any file names and types
 +  terminate_dsn_on_notify_success => 0,  # don't remove NOTIFY=SUCCESS option
 +};
 +
 +$interface_policy{'SOCK'} = 'AM.PDP-SOCK'; # only applies with $unix_socketname
 +
 +# Use with amavis-release over a socket or with Petr Rehor's amavis-milter.c
 +# (with amavis-milter.c from this package or old amavis.c client use 'AM.CL'):
 +$policy_bank{'AM.PDP-SOCK'} = {
 +  protocol => 'AM.PDP',
 +  auth_required_release => 0,  # do not require secret_id for amavisd-release
 +};
 +
 +$sa_tag_level_deflt  = 2.0;  # add spam info headers if at, or above that level
 +# Django : 2012-05-21
 +# default: $sa_tag2_level_deflt = 6.2;
 +$sa_tag2_level_deflt = 6.31;  # add 'spam detected' headers at that level
 +# Django : 2012-05-21
 +# default: $sa_kill_level_deflt = 6.9;
 +$sa_kill_level_deflt = 6.31;  # triggers spam evasive actions (e.g. blocks mail)
 +$sa_dsn_cutoff_level = 10;   # spam level beyond which a DSN is not sent
 +$sa_crediblefrom_dsn_cutoff_level = 18; # likewise, but for a likely valid From
 +# $sa_quarantine_cutoff_level = 25; # spam level beyond which quarantine is off
 +$penpals_bonus_score = 8;    # (no effect without a @storage_sql_dsn database)
 +$penpals_threshold_high = $sa_kill_level_deflt;  # don't waste time on hi spam
 +$bounce_killer_score = 100;  # spam score points to add for joe-jobbed bounces
 +
 +$sa_mail_body_size_limit = 400*1024; # don't waste time on SA if mail is larger
 +$sa_local_tests_only = 0;    # only tests which do not require internet access?
 +
 +# @lookup_sql_dsn =
 +#   ( ['DBI:mysql:database=mail;host=127.0.0.1;port=3306', 'user1', 'passwd1'],
 +#     ['DBI:mysql:database=mail;host=host2', 'username2', 'password2'],
 +#     ["DBI:SQLite:dbname=$MYHOME/sql/mail_prefs.sqlite", '', ''] );
 +# @storage_sql_dsn = @lookup_sql_dsn;  # none, same, or separate database
 +
 +# $timestamp_fmt_mysql = 1; # if using MySQL *and* msgs.time_iso is TIMESTAMP;
 +#   defaults to 0, which is good for non-MySQL or if msgs.time_iso is CHAR(16)
 +
 +$virus_admin               = "virusalert\@$mydomain";  # notifications recip.
 +
 +$mailfrom_notify_admin     = "virusalert\@$mydomain";  # notifications sender
 +$mailfrom_notify_recip     = "virusalert\@$mydomain";  # notifications sender
 +$mailfrom_notify_spamadmin = "spam.police\@$mydomain"; # notifications sender
 +$mailfrom_to_quarantine = ''; # null return path; uses original sender if undef
 +
 +@addr_extension_virus_maps      = ('virus');
 +@addr_extension_banned_maps     = ('banned');
 +@addr_extension_spam_maps       = ('spam');
 +@addr_extension_bad_header_maps = ('badh');
 +# $recipient_delimiter = '+';  # undef disables address extensions altogether
 +# when enabling addr extensions do also Postfix/main.cf: recipient_delimiter=+
 +
 +$path = '/usr/local/sbin:/usr/local/bin:/usr/sbin:/sbin:/usr/bin:/bin';
 +# $dspam = 'dspam';
 +
 +$MAXLEVELS = 14;
 +$MAXFILES = 1500;
 +$MIN_EXPANSION_QUOTA =      100*1024;  # bytes  (default undef, not enforced)
 +$MAX_EXPANSION_QUOTA = 300*1024*1024;  # bytes  (default undef, not enforced)
 +
 +$sa_spam_subject_tag = '***SPAM*** ';
 +$defang_virus  = 1;  # MIME-wrap passed infected mail
 +$defang_banned = 1;  # MIME-wrap passed mail containing banned name
 +# for defanging bad headers only turn on certain minor contents categories:
 +$defang_by_ccat{+CC_BADH.",3"} = 1;  # NUL or CR character in header
 +$defang_by_ccat{+CC_BADH.",5"} = 1;  # header line longer than 998 characters
 +$defang_by_ccat{+CC_BADH.",6"} = 1;  # header field syntax error
 +
 +
 +# OTHER MORE COMMON SETTINGS (defaults may suffice):
 +
 +# Django : 2010-05-21
 +# default: unset 
 +$myhostname = 'amavis.dmz.nausch.org';  # must be a fully-qualified domain name!
 +
 +# Django : 2010-05-21
 +# default: # $notify_method  = 'smtp:[127.0.0.1]:10025';
 +$notify_method  = 'smtp:[mail.dmz.nausch.org]:10025';
 +# Django : 2010-05-21
 +# default: # $forward_method = 'smtp:[127.0.0.1]:10025';
 +$forward_method = 'smtp:[mail.dmz.nausch.org]:10025';  # set to undef with milter!
 +
 +# $final_virus_destiny      = D_DISCARD;
 +# $final_banned_destiny     = D_BOUNCE;
 +# $final_spam_destiny       = D_BOUNCE;
 +# $final_bad_header_destiny = D_PASS;
 +# $bad_header_quarantine_method = undef;
 +
 +# $os_fingerprint_method = 'p0f:*:2345';  # to query p0f-analyzer.pl
 +
 +## hierarchy by which a final setting is chosen:
 +##   policy bank (based on port or IP address) -> *_by_ccat
 +##   *_by_ccat (based on mail contents) -> *_maps
 +##   *_maps (based on recipient address) -> final configuration value
 +
 +
 +# SOME OTHER VARIABLES WORTH CONSIDERING (see amavisd.conf-default for all)
 +
 +# $warnbadhsender,
 +# $warnvirusrecip, $warnbannedrecip, $warnbadhrecip, (or @warn*recip_maps)
 +#
 +# @bypass_virus_checks_maps, @bypass_spam_checks_maps,
 +# @bypass_banned_checks_maps, @bypass_header_checks_maps,
 +#
 +# @virus_lovers_maps, @spam_lovers_maps,
 +# @banned_files_lovers_maps, @bad_header_lovers_maps,
 +#
 +# @blacklist_sender_maps, @score_sender_maps,
 +#
 +# $clean_quarantine_method, $virus_quarantine_to, $banned_quarantine_to,
 +# $bad_header_quarantine_to, $spam_quarantine_to,
 +#
 +# $defang_bad_header, $defang_undecipherable, $defang_spam
 +
 +
 +# REMAINING IMPORTANT VARIABLES ARE LISTED HERE BECAUSE OF LONGER ASSIGNMENTS
 +
 +@keep_decoded_original_maps = (new_RE(
 +  qr'^MAIL$',   # retain full original message for virus checking
 +  qr'^MAIL-UNDECIPHERABLE$', # recheck full mail if it contains undecipherables
 +  qr'^(ASCII(?! cpio)|text|uuencoded|xxencoded|binhex)'i,
 +# qr'^Zip archive data',     # don't trust Archive::Zip
 +));
 +
 +
 +# for $banned_namepath_re (a new-style of banned table) see amavisd.conf-sample
 +
 +$banned_filename_re = new_RE(
 +
 +### BLOCKED ANYWHERE
 +# qr'^UNDECIPHERABLE$',  # is or contains any undecipherable components
 +  qr'^\.(exe-ms|dll)$',                   # banned file(1) types, rudimentary
 +# qr'^\.(exe|lha|cab|dll)$',              # banned file(1) types
 +
 +### BLOCK THE FOLLOWING, EXCEPT WITHIN UNIX ARCHIVES:
 +# [ qr'^\.(gz|bz2)$'             => 0 ],  # allow any in gzip or bzip2
 +  [ qr'^\.(rpm|cpio|tar)$'       => 0 ],  # allow any in Unix-type archives
 +
 +  qr'.\.(pif|scr)$'i,                     # banned extensions - rudimentary
 +# qr'^\.zip$',                            # block zip type
 +
 +### BLOCK THE FOLLOWING, EXCEPT WITHIN ARCHIVES:
 +# [ qr'^\.(zip|rar|arc|arj|zoo)$'=> 0 ],  # allow any within these archives
 +
 +  qr'^application/x-msdownload$'i,        # block these MIME types
 +  qr'^application/x-msdos-program$'i,
 +  qr'^application/hta$'i,
 +
 +# qr'^message/partial$'i,         # rfc2046 MIME type
 +# qr'^message/external-body$'i,   # rfc2046 MIME type
 +
 +# qr'^(application/x-msmetafile|image/x-wmf)$'i,  # Windows Metafile MIME type
 +# qr'^\.wmf$',                            # Windows Metafile file(1) type
 +
 +  # block certain double extensions in filenames
 +  qr'^(?!cid:).*\.[^./]*[A-Za-z][^./]*\.\s*(exe|vbs|pif|scr|bat|cmd|com|cpl|dll)[.\s]*$'i,
 +
 +# qr'\{[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12}\}?'i, # Class ID CLSID, strict
 +# qr'\{[0-9a-z]{4,}(-[0-9a-z]{4,}){0,7}\}?'i, # Class ID extension CLSID, loose
 +
 +  qr'.\.(exe|vbs|pif|scr|cpl)$'i,             # banned extension - basic
 +# qr'.\.(exe|vbs|pif|scr|cpl|bat|cmd|com)$'i, # banned extension - basic+cmd
 +# qr'.\.(ade|adp|app|bas|bat|chm|cmd|com|cpl|crt|emf|exe|fxp|grp|hlp|hta|
 +#        inf|ins|isp|js|jse|lnk|mda|mdb|mde|mdw|mdt|mdz|msc|msi|msp|mst|
 +#        ops|pcd|pif|prg|reg|scr|sct|shb|shs|vb|vbe|vbs|
 +#        wmf|wsc|wsf|wsh)$'ix,  # banned ext - long
 +# qr'.\.(ani|cur|ico)$'i,                 # banned cursors and icons filename
 +# qr'^\.ani$',                            # banned animated cursor file(1) type
 +
 +# qr'.\.(mim|b64|bhx|hqx|xxe|uu|uue)$'i,  # banned extension - WinZip vulnerab.
 +);
 +# See http://support.microsoft.com/default.aspx?scid=kb;EN-US;q262631
 +# and http://www.cknow.com/vtutor/vtextensions.htm
 +
 +
 +# ENVELOPE SENDER SOFT-WHITELISTING / SOFT-BLACKLISTING
 +
 +@score_sender_maps = ({ # a by-recipient hash lookup table,
 +                        # results from all matching recipient tables are summed
 +
 +# ## per-recipient personal tables  (NOTE: positive: black, negative: white)
 +# 'user1@example.com'  => [{'bla-mobile.press@example.com' => 10.0}],
 +# 'user3@example.com'  => [{'.ebay.com'                 => -3.0}],
 +# 'user4@example.com'  => [{'cleargreen@cleargreen.com' => -7.0,
 +#                           '.cleargreen.com'           => -5.0}],
 +
 +  ## site-wide opinions about senders (the '.' matches any recipient)
 +  '.' => [  # the _first_ matching sender determines the score boost
 +
 +   new_RE(  # regexp-type lookup table, just happens to be all soft-blacklist
 +    [qr'^(bulkmail|offers|cheapbenefits|earnmoney|foryou)@'        => 5.0],
 +    [qr'^(greatcasino|investments|lose_weight_today|market\.alert)@'i=> 5.0],
 +    [qr'^(money2you|MyGreenCard|new\.tld\.registry|opt-out|opt-in)@'i=> 5.0],
 +    [qr'^(optin|saveonlsmoking2002k|specialoffer|specialoffers)@'  => 5.0],
 +    [qr'^(stockalert|stopsnoring|wantsome|workathome|yesitsfree)@' => 5.0],
 +    [qr'^(your_friend|greatoffers)@'                               => 5.0],
 +    [qr'^(inkjetplanet|marketopt|MakeMoney)\d*@'                   => 5.0],
 +   ),
 +
 +#  read_hash("/var/amavis/sender_scores_sitewide"),
 +
 +   { # a hash-type lookup table (associative array)
 +     'nobody@cert.org'                        => -3.0,
 +     'cert-advisory@us-cert.gov'              => -3.0,
 +     'owner-alert@iss.net'                    => -3.0,
 +     'slashdot@slashdot.org'                  => -3.0,
 +     'securityfocus.com'                      => -3.0,
 +     'ntbugtraq@listserv.ntbugtraq.com'       => -3.0,
 +     'security-alerts@linuxsecurity.com'      => -3.0,
 +     'mailman-announce-admin@python.org'      => -3.0,
 +     'amavis-user-admin@lists.sourceforge.net'=> -3.0,
 +     'amavis-user-bounces@lists.sourceforge.net' => -3.0,
 +     'spamassassin.apache.org'                => -3.0,
 +     'notification-return@lists.sophos.com'   => -3.0,
 +     'owner-postfix-users@postfix.org'        => -3.0,
 +     'owner-postfix-announce@postfix.org'     => -3.0,
 +     'owner-sendmail-announce@lists.sendmail.org'   => -3.0,
 +     'sendmail-announce-request@lists.sendmail.org' => -3.0,
 +     'donotreply@sendmail.org'                => -3.0,
 +     'ca+envelope@sendmail.org'               => -3.0,
 +     'noreply@freshmeat.net'                  => -3.0,
 +     'owner-technews@postel.acm.org'          => -3.0,
 +     'ietf-123-owner@loki.ietf.org'           => -3.0,
 +     'cvs-commits-list-admin@gnome.org'       => -3.0,
 +     'rt-users-admin@lists.fsck.com'          => -3.0,
 +     'clp-request@comp.nus.edu.sg'            => -3.0,
 +     'surveys-errors@lists.nua.ie'            => -3.0,
 +     'emailnews@genomeweb.com'                => -5.0,
 +     'yahoo-dev-null@yahoo-inc.com'           => -3.0,
 +     'returns.groups.yahoo.com'               => -3.0,
 +     'clusternews@linuxnetworx.com'           => -3.0,
 +     lc('lvs-users-admin@LinuxVirtualServer.org'   => -3.0,
 +     lc('owner-textbreakingnews@CNNIMAIL12.CNN.COM') => -5.0,
 +
 +     # soft-blacklisting (positive score)
 +     'sender@example.net'                     =>  3.0,
 +     '.example.net'                           =>  1.0,
 +
 +   },
 +  ],  # end of site-wide tables
 +});
 +
 +
 +@decoders = (
 +  ['mail', \&do_mime_decode],
 +  ['asc',  \&do_ascii],
 +  ['uue',  \&do_ascii],
 +  ['hqx',  \&do_ascii],
 +  ['ync',  \&do_ascii],
 +  ['F',    \&do_uncompress, ['unfreeze','freeze -d','melt','fcat'] ],
 +  ['Z',    \&do_uncompress, ['uncompress','gzip -d','zcat'] ],
 +  ['gz',   \&do_uncompress,  'gzip -d'],
 +  ['gz',   \&do_gunzip],
 +  ['bz2',  \&do_uncompress,  'bzip2 -d'],
 +  ['lzo',  \&do_uncompress,  'lzop -d'],
 +  ['rpm',  \&do_uncompress, ['rpm2cpio.pl','rpm2cpio'] ],
 +  ['cpio', \&do_pax_cpio,   ['pax','gcpio','cpio'] ],
 +  ['tar',  \&do_pax_cpio,   ['pax','gcpio','cpio'] ],
 +  ['deb',  \&do_ar,          'ar'],
 +# ['a',    \&do_ar,          'ar'],  # unpacking .a seems an overkill
 +  ['zip',  \&do_unzip],
 +  ['7z',   \&do_7zip,       ['7zr','7za','7z'] ],
 +  ['rar',  \&do_unrar,      ['rar','unrar'] ],
 +  ['arj',  \&do_unarj,      ['arj','unarj'] ],
 +  ['arc',  \&do_arc,        ['nomarch','arc'] ],
 +  ['zoo',  \&do_zoo,        ['zoo','unzoo'] ],
 +  ['lha',  \&do_lha,         'lha'],
 +# ['doc',  \&do_ole,         'ripole'],
 +  ['cab',  \&do_cabextract,  'cabextract'],
 +  ['tnef', \&do_tnef_ext,    'tnef'],
 +  ['tnef', \&do_tnef],
 +# ['sit',  \&do_unstuff,     'unstuff'],  # broken/unsafe decoder
 +  ['exe',  \&do_executable, ['rar','unrar'], 'lha', ['arj','unarj'] ],
 +);
 +
 +
 +@av_scanners = (
 +
 +# ### http://www.clanfield.info/sophie/ (http://www.vanja.com/tools/sophie/)
 +# ['Sophie',
 +#   \&ask_daemon, ["{}/\n", '/var/run/sophie'],
 +#   qr/(?x)^ 0+ ( : | [\000\r\n]* $)/m,  qr/(?x)^ 1 ( : | [\000\r\n]* $)/m,
 +#   qr/(?x)^ [-+]? \d+ : (.*?) [\000\r\n]* $/m ],
 +
 +# ### http://www.csupomona.edu/~henson/www/projects/SAVI-Perl/
 +# ['Sophos SAVI', \&sophos_savi ],
 +
 +# ### http://www.clamav.net/
 +# ['ClamAV-clamd',
 +#   \&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd"],
 +#   qr/\bOK$/m, qr/\bFOUND$/m,
 +#   qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ],
 +# # NOTE: run clamd under the same user as amavisd, or run it under its own
 +# #   uid such as clamav, add user clamav to the amavis group, and then add
 +# #   AllowSupplementaryGroups to clamd.conf;
 +# # NOTE: match socket name (LocalSocket) in clamav.conf to the socket name in
 +# #   this entry; when running chrooted one may prefer socket "$MYHOME/clamd".
 +
 +# ### http://www.clamav.net/ and CPAN  (memory-hungry! clamd is preferred)
 +# # note that Mail::ClamAV requires perl to be build with threading!
 +# ['Mail::ClamAV', \&ask_clamav, "*", [0], [1], qr/^INFECTED: (.+)/m ],
 +
 +# ### http://www.openantivirus.org/
 +# ['OpenAntiVirus ScannerDaemon (OAV)',
 +#   \&ask_daemon, ["SCAN {}\n", '127.0.0.1:8127'],
 +#   qr/^OK/m, qr/^FOUND: /m, qr/^FOUND: (.+)/m ],
 +
 +# ### http://www.vanja.com/tools/trophie/
 +# ['Trophie',
 +#   \&ask_daemon, ["{}/\n", '/var/run/trophie'],
 +#   qr/(?x)^ 0+ ( : | [\000\r\n]* $)/m,  qr/(?x)^ 1 ( : | [\000\r\n]* $)/m,
 +#   qr/(?x)^ [-+]? \d+ : (.*?) [\000\r\n]* $/m ],
 +
 +# ### http://www.grisoft.com/
 +# ['AVG Anti-Virus',
 +#   \&ask_daemon, ["SCAN {}\n", '127.0.0.1:55555'],
 +#   qr/^200/m, qr/^403/m, qr/^403 .*?: ([^\r\n]+)/m ],
 +
 +# ### http://www.f-prot.com/
 +# ['F-Prot fpscand',  # F-PROT Antivirus for BSD/Linux/Solaris, version 6
 +#   \&ask_daemon,
 +#   ["SCAN FILE {}/*\n", '127.0.0.1:10200'],
 +#   qr/^(0|8|64) /m,
 +#   qr/^([1235679]|1[01345]) |<[^>:]*(?i)(infected|suspicious|unwanted)/m,
 +#   qr/(?i)<[^>:]*(?:infected|suspicious|unwanted)[^>:]*: ([^>]*)>/m ],
 +
 +# ### http://www.f-prot.com/
 +# ['F-Prot f-protd',  # old version
 +#   \&ask_daemon,
 +#   ["GET {}/*?-dumb%20-archive%20-packed HTTP/1.0\r\n\r\n",
 +#     ['127.0.0.1:10200', '127.0.0.1:10201', '127.0.0.1:10202',
 +#      '127.0.0.1:10203', '127.0.0.1:10204'] ],
 +#   qr/(?i)<summary[^>]*>clean<\/summary>/m,
 +#   qr/(?i)<summary[^>]*>infected<\/summary>/m,
 +#   qr/(?i)<name>(.+)<\/name>/m ],
 +
 +# ### http://www.sald.com/, http://www.dials.ru/english/, http://www.drweb.ru/
 +# ['DrWebD', \&ask_daemon,   # DrWebD 4.31 or later
 +#   [pack('N',1).  # DRWEBD_SCAN_CMD
 +#    pack('N',0x00280001).   # DONT_CHANGEMAIL, IS_MAIL, RETURN_VIRUSES
 +#    pack('N',     # path length
 +#      length("$TEMPBASE/amavis-yyyymmddTHHMMSS-xxxxx/parts/pxxx")).
 +#    '{}/*'      # path
 +#    pack('N',0).  # content size
 +#    pack('N',0),
 +#    '/var/drweb/run/drwebd.sock',
 +#  # '/var/amavis/var/run/drwebd.sock',   # suitable for chroot
 +#  # '/usr/local/drweb/run/drwebd.sock',  # FreeBSD drweb ports default
 +#  # '127.0.0.1:3000',                    # or over an inet socket
 +#   ],
 +#   qr/\A\x00[\x10\x11][\x00\x10]\x00/sm,        # IS_CLEAN,EVAL_KEY; SKIPPED
 +#   qr/\A\x00[\x00\x01][\x00\x10][\x20\x40\x80]/sm,# KNOWN_V,UNKNOWN_V,V._MODIF
 +#   qr/\A.{12}(?:infected with )?([^\x00]+)\x00/sm,
 +# ],
 +# # NOTE: If using amavis-milter, change length to:
 +# # length("$TEMPBASE/amavis-milter-xxxxxxxxxxxxxx/parts/pxxx").
 +
 +  ### http://www.kaspersky.com/  (kav4mailservers)
 +  ['KasperskyLab AVP - aveclient',
 +    ['/usr/local/kav/bin/aveclient','/usr/local/share/kav/bin/aveclient',
 +     '/opt/kav/5.5/kav4mailservers/bin/aveclient','aveclient'],
 +    '-p /var/run/aveserver -s {}/*',
 +    [0,3,6,8], qr/\b(INFECTED|SUSPICION|SUSPICIOUS)\b/m,
 +    qr/(?:INFECTED|WARNING|SUSPICION|SUSPICIOUS) (.+)/m,
 +  ],
 +  # NOTE: one may prefer [0],[2,3,4,5], depending on how suspicious,
 +  # currupted or protected archives are to be handled
 +
 +  ### http://www.kaspersky.com/
 +  ['KasperskyLab AntiViral Toolkit Pro (AVP)', ['avp'],
 +    '-* -P -B -Y -O- {}', [0,3,6,8], [2,4],    # any use for -A -K   ?
 +    qr/infected: (.+)/m,
 +    sub {chdir('/opt/AVP') or die "Can't chdir to AVP: $!"},
 +    sub {chdir($TEMPBASE) or die "Can't chdir back to $TEMPBASE $!"},
 +  ],
 +
 +  ### The kavdaemon and AVPDaemonClient have been removed from Kasperky
 +  ### products and replaced by aveserver and aveclient
 +  ['KasperskyLab AVPDaemonClient',
 +    [ '/opt/AVP/kavdaemon',       'kavdaemon',
 +      '/opt/AVP/AvpDaemonClient', 'AvpDaemonClient',
 +      '/opt/AVP/AvpTeamDream',    'AvpTeamDream',
 +      '/opt/AVP/avpdc', 'avpdc' ],
 +    "-f=$TEMPBASE {}", [0,8], [3,4,5,6], qr/infected: ([^\r\n]+)/m ],
 +    # change the startup-script in /etc/init.d/kavd to:
 +    #   DPARMS="-* -Y -dl -f=/var/amavis /var/amavis"
 +    #   (or perhaps:   DPARMS="-I0 -Y -* /var/amavis" )
 +    # adjusting /var/amavis above to match your $TEMPBASE.
 +    # The '-f=/var/amavis' is needed if not running it as root, so it
 +    # can find, read, and write its pid file, etc., see 'man kavdaemon'.
 +    # defUnix.prf: there must be an entry "*/var/amavis" (or whatever
 +    #   directory $TEMPBASE specifies) in the 'Names=' section.
 +    # cd /opt/AVP/DaemonClients; configure; cd Sample; make
 +    # cp AvpDaemonClient /opt/AVP/
 +    # su - vscan -c "${PREFIX}/kavdaemon ${DPARMS}"
 +
 +  ### http://www.centralcommand.com/
 +  ['CentralCommand Vexira (new) vascan',
 +    ['vascan','/usr/lib/Vexira/vascan'],
 +    "-a s --timeout=60 --temp=$TEMPBASE -y $QUARANTINEDIR ".
 +    "--log=/var/log/vascan.log {}",
 +    [0,3], [1,2,5],
 +    qr/(?x)^\s* (?:virus|iworm|macro|mutant|sequence|trojan)\ found:\ ( [^\]\s']+ )\ \.\.\.\ /m ],
 +    # Adjust the path of the binary and the virus database as needed.
 +    # 'vascan' does not allow to have the temp directory to be the same as
 +    # the quarantine directory, and the quarantine option can not be disabled.
 +    # If $QUARANTINEDIR is not used, then another directory must be specified
 +    # to appease 'vascan'. Move status 3 to the second list if password
 +    # protected files are to be considered infected.
 +
 +  ### http://www.avira.com/
 +  ### Avira AntiVir (formerly H+BEDV) or (old) CentralCommand Vexira Antivirus
 +  ['Avira AntiVir', ['antivir','vexira'],
 +    '--allfiles -noboot -nombr -rs -s -z {}', [0], qr/ALERT:|VIRUS:/m,
 +    qr/(?x)^\s* (?: ALERT: \s* (?: \[ | [^']* ' ) |
 +         (?i) VIRUS:\ .*?\ virus\ '?) ( [^\]\s']+ )/m ],
 +    # NOTE: if you only have a demo version, remove -z and add 214, as in:
 +    #  '--allfiles -noboot -nombr -rs -s {}', [0,214], qr/ALERT:|VIRUS:/,
 +
 +  ### http://www.commandsoftware.com/
 +  ['Command AntiVirus for Linux', 'csav',
 +    '-all -archive -packed {}', [50], [51,52,53],
 +    qr/Infection: (.+)/m ],
 +
 +  ### http://www.symantec.com/
 +  ['Symantec CarrierScan via Symantec CommandLineScanner',
 +    'cscmdline', '-a scan -i 1 -v -s 127.0.0.1:7777 {}',
 +    qr/^Files Infected:\s+0$/m, qr/^Infected\b/m,
 +    qr/^(?:Info|Virus Name):\s+(.+)/m ],
 +
 +  ### http://www.symantec.com/
 +  ['Symantec AntiVirus Scan Engine',
 +    'savsecls', '-server 127.0.0.1:7777 -mode scanrepair -details -verbose {}',
 +    [0], qr/^Infected\b/m,
 +    qr/^(?:Info|Virus Name):\s+(.+)/m ],
 +    # NOTE: check options and patterns to see which entry better applies
 +
 +# ### http://www.f-secure.com/products/anti-virus/  version 4.65
 +#  ['F-Secure Antivirus for Linux servers',
 +#   ['/opt/f-secure/fsav/bin/fsav', 'fsav'],
 +#   '--delete=no --disinf=no --rename=no --archive=yes --auto=yes '.
 +#   '--dumb=yes --list=no --mime=yes {}', [0], [3,6,8],
 +#   qr/(?:infection|Infected|Suspected): (.+)/m ],
 +
 +  ### http://www.f-secure.com/products/anti-virus/  version 5.52
 +   ['F-Secure Antivirus for Linux servers',
 +    ['/opt/f-secure/fsav/bin/fsav', 'fsav'],
 +    '--virus-action1=report --archive=yes --auto=yes '.
 +    '--dumb=yes --list=no --mime=yes {}', [0], [3,4,6,8],
 +    qr/(?:infection|Infected|Suspected|Riskware): (.+)/m ],
 +    # NOTE: internal archive handling may be switched off by '--archive=no'
 +    #   to prevent fsav from exiting with status 9 on broken archives
 +
 +# ### http://www.avast.com/
 +# ['avast! Antivirus daemon',
 +#   \&ask_daemon, # greets with 220, terminate with QUIT
 +#   ["SCAN {}\015\012QUIT\015\012", '/var/run/avast4/mailscanner.sock'],
 +#   qr/\t\[\+\]/m, qr/\t\[L\]\t/m, qr/\t\[L\]\t([^[ \t\015\012]+)/m ],
 +
 +# ### http://www.avast.com/
 +# ['avast! Antivirus - Client/Server Version', 'avastlite',
 +#   '-a /var/run/avast4/mailscanner.sock -n {}', [0], [1],
 +#   qr/\t\[L\]\t([^[ \t\015\012]+)/m ],
 +
 +  ['CAI InoculateIT', 'inocucmd',  # retired product
 +    '-sec -nex {}', [0], [100],
 +    qr/was infected by virus (.+)/m ],
 +  # see: http://www.flatmtn.com/computer/Linux-Antivirus_CAI.html
 +
 +  ### http://www3.ca.com/Solutions/Product.asp?ID=156  (ex InoculateIT)
 +  ['CAI eTrust Antivirus', 'etrust-wrapper',
 +    '-arc -nex -spm h {}', [0], [101],
 +    qr/is infected by virus: (.+)/m ],
 +    # NOTE: requires suid wrapper around inocmd32; consider flag: -mod reviewer
 +    # see http://marc.theaimsgroup.com/?l=amavis-user&m=109229779912783
 +
 +  ### http://mks.com.pl/english.html
 +  ['MkS_Vir for Linux (beta)', ['mks32','mks'],
 +    '-s {}/*', [0], [1,2],
 +    qr/--[ \t]*(.+)/m ],
 +
 +  ### http://mks.com.pl/english.html
 +  ['MkS_Vir daemon', 'mksscan',
 +    '-s -q {}', [0], [1..7],
 +    qr/^... (\S+)/m ],
 +
 +# ### http://www.nod32.com/,  version v2.52 (old)
 +# ['ESET NOD32 for Linux Mail servers',
 +#   ['/opt/eset/nod32/bin/nod32cli', 'nod32cli'],
 +#    '--subdir --files -z --sfx --rtp --adware --unsafe --pattern --heur '.
 +#    '-w -a --action-on-infected=accept --action-on-uncleanable=accept '.
 +#    '--action-on-notscanned=accept {}',
 +#   [0,3], [1,2], qr/virus="([^"]+)"/m ],
 +
 +# ### http://www.eset.com/, version v2.7 (old)
 +# ['ESET NOD32 Linux Mail Server - command line interface',
 +#   ['/usr/bin/nod32cli', '/opt/eset/nod32/bin/nod32cli', 'nod32cli'],
 +#   '--subdir {}', [0,3], [1,2], qr/virus="([^"]+)"/m ],
 +
 +# ### http://www.eset.com/, version 2.71.12
 +# ['ESET Software ESETS Command Line Interface',
 +#   ['/usr/bin/esets_cli', 'esets_cli'],
 +#   '--subdir {}', [0], [1,2,3], qr/virus="([^"]+)"/m ],
 +
 +  ### http://www.eset.com/, version 3.0
 +  ['ESET Software ESETS Command Line Interface',
 +    ['/usr/bin/esets_cli', 'esets_cli'],
 +    '--subdir {}', [0], [1,2,3],
 +    qr/:\s*action="(?!accepted)[^"]*"\n.*:\s*virus="([^"]*)"/m ],
 +
 +  ## http://www.nod32.com/,  NOD32LFS version 2.5 and above
 +  ['ESET NOD32 for Linux File servers',
 +    ['/opt/eset/nod32/sbin/nod32','nod32'],
 +    '--files -z --mail --sfx --rtp --adware --unsafe --pattern --heur '.
 +    '-w -a --action=1 -b {}',
 +    [0], [1,10], qr/^object=.*, virus="(.*?)",/m ],
 +
 +# Experimental, based on posting from Rado Dibarbora (Dibo) on 2002-05-31
 +# ['ESET Software NOD32 Client/Server (NOD32SS)',
 +#   \&ask_daemon2,    # greets with 200, persistent, terminate with QUIT
 +#   ["SCAN {}/*\r\n", '127.0.0.1:8448' ],
 +#   qr/^200 File OK/m, qr/^201 /m, qr/^201 (.+)/m ],
 +
 +  ### http://www.norman.com/products_nvc.shtml
 +  ['Norman Virus Control v5 / Linux', 'nvcc',
 +    '-c -l:0 -s -u -temp:$TEMPBASE {}', [0,10,11], [1,2,14],
 +    qr/(?i).* virus in .* -> \'(.+)\'/m ],
 +
 +  ### http://www.pandasoftware.com/
 +  ['Panda CommandLineSecure 9 for Linux',
 +    ['/opt/pavcl/usr/bin/pavcl','pavcl'],
 +    '-auto -aex -heu -cmp -nbr -nor -nos -eng -nob {}',
 +    qr/Number of files infected[ .]*: 0+(?!\d)/m,
 +    qr/Number of files infected[ .]*: 0*[1-9]/m,
 +    qr/Found virus :\s*(\S+)/m ],
 +  # NOTE: for efficiency, start the Panda in resident mode with 'pavcl -tsr'
 +  # before starting amavisd - the bases are then loaded only once at startup.
 +  # To reload bases in a signature update script:
 +  #   /opt/pavcl/usr/bin/pavcl -tsr -ulr; /opt/pavcl/usr/bin/pavcl -tsr
 +  # Please review other options of pavcl, for example:
 +  #  -nomalw, -nojoke, -nodial, -nohackt, -nospyw, -nocookies
 +
 +# ### http://www.pandasoftware.com/
 +# ['Panda Antivirus for Linux', ['pavcl'],
 +#   '-TSR -aut -aex -heu -cmp -nbr -nor -nso -eng {}',
 +#   [0], [0x10, 0x30, 0x50, 0x70, 0x90, 0xB0, 0xD0, 0xF0],
 +#   qr/Found virus :\s*(\S+)/m ],
 +
 +# GeCAD AV technology is acquired by Microsoft; RAV has been discontinued.
 +# Check your RAV license terms before fiddling with the following two lines!
 +# ['GeCAD RAV AntiVirus 8', 'ravav',
 +#   '--all --archive --mail {}', [1], [2,3,4,5], qr/Infected: (.+)/m ],
 +# # NOTE: the command line switches changed with scan engine 8.5 !
 +# # (btw, assigning stdin to /dev/null causes RAV to fail)
 +
 +  ### http://www.nai.com/
 +  ['NAI McAfee AntiVirus (uvscan)', 'uvscan',
 +    '--secure -rv --mime --summary --noboot - {}', [0], [13],
 +    qr/(?x) Found (?:
 +        \ the\ (.+)\ (?:virus|trojan)  |
 +        \ (?:virus|trojan)\ or\ variant\ ([^ ]+)  |
 +        :\ (.+)\ NOT\ a\ virus)/m,
 +  # sub {$ENV{LD_PRELOAD}='/lib/libc.so.6'},
 +  # sub {delete $ENV{LD_PRELOAD}},
 +  ],
 +  # NOTE1: with RH9: force the dynamic linker to look at /lib/libc.so.6 before
 +  # anything else by setting environment variable LD_PRELOAD=/lib/libc.so.6
 +  # and then clear it when finished to avoid confusing anything else.
 +  # NOTE2: to treat encrypted files as viruses replace the [13] with:
 +  #  qr/^\s{5,}(Found|is password-protected|.*(virus|trojan))/
 +
 +  ### http://www.virusbuster.hu/en/
 +  ['VirusBuster', ['vbuster', 'vbengcl'],
 +    "{} -ss -i '*' -log=$MYHOME/vbuster.log", [0], [1],
 +    qr/: '(.*)' - Virus/m ],
 +  # VirusBuster Ltd. does not support the daemon version for the workstation
 +  # engine (vbuster-eng-1.12-linux-i386-libc6.tgz) any longer. The names of
 +  # binaries, some parameters AND return codes have changed (from 3 to 1).
 +  # See also the new Vexira entry 'vascan' which is possibly related.
 +
 +# ### http://www.virusbuster.hu/en/
 +# ['VirusBuster (Client + Daemon)', 'vbengd',
 +#   '-f -log scandir {}', [0], [3],
 +#   qr/Virus found = (.*);/m ],
 +# # HINT: for an infected file it always returns 3,
 +# # although the man-page tells a different story
 +
 +  ### http://www.cyber.com/
 +  ['CyberSoft VFind', 'vfind',
 +    '--vexit {}/*', [0], [23], qr/##==>>>> VIRUS ID: CVDL (.+)/m,
 +  # sub {$ENV{VSTK_HOME}='/usr/lib/vstk'},
 +  ],
 +
 +  ### http://www.avast.com/
 +  ['avast! Antivirus', ['/usr/bin/avastcmd','avastcmd'],
 +    '-a -i -n -t=A {}', [0], [1], qr/\binfected by:\s+([^ \t\n\[\]]+)/m ],
 +
 +  ### http://www.ikarus-software.com/
 +  ['Ikarus AntiVirus for Linux', 'ikarus',
 +    '{}', [0], [40], qr/Signature (.+) found/m ],
 +
 +  ### http://www.bitdefender.com/
 +  ['BitDefender', 'bdscan',  # new version
 +    '--action=ignore --no-list {}', qr/^Infected files\s*:\s*0+(?!\d)/m,
 +    qr/^(?:Infected files|Identified viruses|Suspect files)\s*:\s*0*[1-9]/m,
 +    qr/(?:suspected|infected)\s*:\s*(.*)(?:\033|$)/m ],
 +
 +  ### http://www.bitdefender.com/
 +  ['BitDefender', 'bdc',  # old version
 +    '--arc --mail {}', qr/^Infected files *:0+(?!\d)/m,
 +    qr/^(?:Infected files|Identified viruses|Suspect files) *:0*[1-9]/m,
 +    qr/(?:suspected|infected): (.*)(?:\033|$)/m ],
 +  # consider also: --all --nowarn --alev=15 --flev=15.  The --all argument may
 +  # not apply to your version of bdc, check documentation and see 'bdc --help'
 +
 +  ### ArcaVir for Linux and Unix http://www.arcabit.pl/
 +  ['ArcaVir for Linux', ['arcacmd','arcacmd.static'],
 +    '-v 1 -summary 0 -s {}', [0], [1,2],
 +    qr/(?:VIR|WIR):[ \t]*(.+)/m ],
 +
 +# ### a generic SMTP-client interface to a SMTP-based virus scanner
 +# ['av_smtp', \&ask_av_smtp,
 +#   ['{}', 'smtp:[127.0.0.1]:5525', 'dummy@localhost'],
 +#   qr/^2/, qr/^5/, qr/^\s*(.*?)\s*$/m ],
 +
 +# ['File::Scan', sub {Amavis::AV::ask_av(sub{
 +#   use File::Scan; my($fn)=@_;
 +#   my($f)=File::Scan->new(max_txt_size=>0, max_bin_size=>0);
 +#   my($vname) = $f->scan($fn);
 +#   $f->error ? (2,"Error: ".$f->error)
 +#   : ($vname ne '') ? (1,"$vname FOUND") : (0,"Clean")}, @_) },
 +#   ["{}/*"], [0], [1], qr/^(.*) FOUND$/m ],
 +
 +# ### fully-fledged checker for JPEG marker segments of invalid length
 +# ['check-jpeg',
 +#   sub { use JpegTester (); Amavis::AV::ask_av(\&JpegTester::test_jpeg, @_) },
 +#   ["{}/*"], undef, [1], qr/^(bad jpeg: .*)$/m ],
 +# # NOTE: place file JpegTester.pm somewhere where Perl can find it,
 +# #       for example in /usr/local/lib/perl5/site_perl
 +
 +);
 +
 +
 +@av_scanners_backup = (
 +
 +  ### http://www.clamav.net/   - backs up clamd or Mail::ClamAV
 +  ['ClamAV-clamscan', 'clamscan',
 +    "--stdout --no-summary -r --tempdir=$TEMPBASE {}",
 +    [0], qr/:.*\sFOUND$/m, qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ],
 +
 +  ### http://www.f-prot.com/   - backs up F-Prot Daemon, V6
 +  ['F-PROT Antivirus for UNIX', ['fpscan'],
 +    '--report --mount --adware {}',  # consider: --applications -s 4 -u 3 -z 10
 +    [0,8,64],  [1,2,3, 4+1,4+2,4+3, 8+1,8+2,8+3, 12+1,12+2,12+3],
 +    qr/^\[Found\s+[^\]]*\]\s+<([^ \t(>]*)/m ],
 +
 +  ### http://www.f-prot.com/   - backs up F-Prot Daemon (old)
 +  ['FRISK F-Prot Antivirus', ['f-prot','f-prot.sh'],
 +    '-dumb -archive -packed {}', [0,8], [3,6],   # or: [0], [3,6,8],
 +    qr/(?:Infection:|security risk named) (.+)|\s+contains\s+(.+)$/m ],
 +
 +  ### http://www.trendmicro.com/   - backs up Trophie
 +  ['Trend Micro FileScanner', ['/etc/iscan/vscan','vscan'],
 +    '-za -a {}', [0], qr/Found virus/m, qr/Found virus (.+) in/m ],
 +
 +  ### http://www.sald.com/, http://drweb.imshop.de/   - backs up DrWebD
 +  ['drweb - DrWeb Antivirus',  # security LHA hole in Dr.Web 4.33 and earlier
 +    ['/usr/local/drweb/drweb', '/opt/drweb/drweb', 'drweb'],
 +    '-path={} -al -go -ot -cn -upn -ok-',
 +    [0,32], [1,9,33], qr' infected (?:with|by)(?: virus)? (.*)$'m ],
 +
 +   ### http://www.kaspersky.com/
 +   ['Kaspersky Antivirus v5.5',
 +     ['/opt/kaspersky/kav4fs/bin/kav4fs-kavscanner',
 +      '/opt/kav/5.5/kav4unix/bin/kavscanner',
 +      '/opt/kav/5.5/kav4mailservers/bin/kavscanner', 'kavscanner'],
 +     '-i0 -xn -xp -mn -R -ePASBME {}/*', [0,10,15], [5,20,21,25],
 +     qr/(?:INFECTED|WARNING|SUSPICION|SUSPICIOUS) (.*)/m,
 +#    sub {chdir('/opt/kav/bin') or die "Can't chdir to kav: $!"},
 +#    sub {chdir($TEMPBASE) or die "Can't chdir back to $TEMPBASE $!"},
 +   ],
 +
 +# Commented out because the name 'sweep' clashes with Debian and FreeBSD
 +# package/port of an audio editor. Make sure the correct 'sweep' is found
 +# in the path when enabling.
 +#
 +# ### http://www.sophos.com/   - backs up Sophie or SAVI-Perl
 +# ['Sophos Anti Virus (sweep)', 'sweep',
 +#   '-nb -f -all -rec -ss -sc -archive -cab -mime -oe -tnef '.
 +#   '--no-reset-atime {}',
 +#   [0,2], qr/Virus .*? found/m,
 +#   qr/^>>> Virus(?: fragment)? '?(.*?)'? found/m,
 +# ],
 +# # other options to consider: -idedir=/usr/local/sav
 +
 +# Always succeeds and considers mail clean.
 +# Potentially useful when all other scanners fail and it is desirable
 +# to let mail continue to flow with no virus checking (when uncommented).
 +# ['always-clean', sub {0}],
 +
 +);
 +
 +
 +1;  # insure a defined return value
 +</file>
 +
 +====== Links ======
 +  * **[[centos:mail_c6:start|Zurück zum Kapitel >>Mailserverinstallation unter CentOS 6<<]]**
 +  * **[[wiki:start|Zurück zu >>Projekte und Themenkapitel<<]]**
 +  * **[[http://dokuwiki.nausch.org/doku.php/|Zurück zur Startseite]]**
 +