centos:mailserver:grundinstallation_von_amavis

Unterschiede

Hier werden die Unterschiede zwischen zwei Versionen angezeigt.

Link zu dieser Vergleichsansicht

Beide Seiten der vorigen Revision Vorhergehende Überarbeitung
Nächste ÜberarbeitungBeide Seiten der Revision
centos:mailserver:grundinstallation_von_amavis [28.11.2011 21:22. ] – [Grundkonfiguration] Rechtschreibkorrektur djangocentos:mailserver:grundinstallation_von_amavis [12.04.2012 11:18. ] – [Virenschutz mit AMaViS] django
Zeile 1: Zeile 1:
 +====== Virenschutz mit AMaViS ======
 +Für die eMailkommunikation in unserem SOHO(( Small Office Home Office ))-LAN bedienen wir uns des SMTP-Server **Postfix**. Zur weiteren Absichereung (Viren- und Spam-Schutz) nutzen wir weitere Programme und Dämonen, wie [[http://amavisd.de.postfix.org/|amavisd-new]], [[http://www.clamav.net/|clamav]] und [[http://spamassassin.apache.org/|spamassassin]]. Die Installation und Konfiguration, der einzelnen //Getriebezahnräder// beschreibt diese und nachfolgende Seite. 
  
 +===== Postfix-AMaViS-Cyrus Zusammenspiel =====
 +<uml width=550 title="Postfix MTA">
 +
 +state "MTA" as smtp_25
 +smtp_25 : (Mail Transport Agent) 
 +smtp_25 : andere SMTP-Server
 +smtp_25 : im Internet bzw. Intranet
 +smtp_25 : TCP/IP - Port 25
 +
 +state Postfix {
 +  state "smtpd:25" as smtpd_25
 +  smtpd_25 : SMTP-Daemon
 +  smtpd_25 : TCP/IP Port 25
 +  smtpd_25 : mit smtpd_proxy_filter
 +
 +  state "smtpd:10025" as smtpd_10025
 +  smtpd_10025 : SMTP-Daemon
 +  smtpd_10025 : TCP/IP Port 10025
 +  smtpd_10025 : *ohne* smtpd_proxy_filter
 +
 +  state "Postfix" as work
 +  work : weitere Be-/Abarbeitung
 +  work : der eMail durch den
 +  work : Mail-Transport-Agent Postfix 
 +}
 +
 +state AMaViS {
 +  state "smtpd:10024" as smtpd_10024
 +  smtpd_10024 : SMTP-Daemon
 +  smtpd_10024 : TCP/IP Port 10024
 +
 +  state "AMaViS" as amavis
 +  amavis : Master Prozess
 +  amavis : (Frontend-System)
 +  
 +  state "Entpacker" as packer
 +  packer : Backend-System zum
 +  packer : Entpacken von Dateianhängen
 +  state "Virenscanner" as virus
 +  virus : Backend-System zum
 +  virus : Prüfen der eMail und der
 +  virus : Anhänge auf Schadcode
 +  state "Spamassassin" as spam
 +  spam : Backend-System zum
 +  spam : Prüfen der eMail auf
 +  spam : unerwünschte Inhalte
 +}
 +
 +state Cyrus {
 +  state "IMAP-Server" as smtpd_24
 +  smtpd_24 : Mail-Delivery-Agent
 +  smtpd_24 : Cyrus IMAP-Server
 +}
 +
 +
 + smtp_25 --> smtpd_25
 + smtpd_10025 -right-> work
 +
 + smtpd_25 -right-> smtpd_10024
 + smtpd_10024 --> amavis
 +
 + amavis -right-> packer
 + packer -left-> amavis
 + amavis -down-> virus
 + virus -up-> amavis
 + amavis -left-> spam
 + spam -right-> amavis
 +
 + amavis -left-> smtpd_10025
 +
 + work -right-> smtpd_24
 +</uml>
 +
 +===== Installation =====
 +Die Installation erfolgt, wie soll es auch anders sein, wie gewohnt via **yum**:
 +<code>yum install amavisd-new</code>
 +==== Info ====
 +Was uns //**amavisd-new**// bietet, entnehmen wir am einfachsten dem rpm
 +<code># yum info amavisd-new
 +
 +Name   : amavisd-new
 +...
 +Summary: Mail virus-scanner
 +Description: AMaViS is a program that interfaces a mail transfer agent (MTA) with one or more virus scanners.  
 +Amavisd-new is a branch created by Mark Martinec that adds serveral performance and robustness features. It'
 +partly based on work being done on the official amavisd branch. Please see the README.amavisd-new-RELNOTES 
 +file for a detailed description.</code>
 +
 +==== Programmpfade und -inhalte ====
 +Über die einzelnen Dateien und Pfade der installierten Programme, informieren wir uns mittels:
 +<code># rpm -ql amavisd-new
 +
 +/etc/amavisd.conf
 +/etc/cron.daily/amavisd
 +/etc/logrotate.d/amavisd
 +/etc/openldap/schema/amavisd-new.schema
 +/etc/rc.d/init.d/amavisd
 +/etc/sysconfig/amavisd
 +/usr/sbin/amavisd
 +/usr/sbin/amavisd-agent
 +/usr/sbin/amavisd-nanny
 +/usr/sbin/amavisd-release
 +/usr/sbin/p0f-analyzer
 +/usr/share/doc/amavisd-new-2.6.4
 +/usr/share/doc/amavisd-new-2.6.4/AAAREADME.first
 +/usr/share/doc/amavisd-new-2.6.4/LDAP.schema
 +/usr/share/doc/amavisd-new-2.6.4/LICENSE
 +/usr/share/doc/amavisd-new-2.6.4/MANIFEST
 +/usr/share/doc/amavisd-new-2.6.4/README.banned
 +/usr/share/doc/amavisd-new-2.6.4/README.chroot
 +/usr/share/doc/amavisd-new-2.6.4/README.contributed
 +/usr/share/doc/amavisd-new-2.6.4/README.courier
 +/usr/share/doc/amavisd-new-2.6.4/README.courier-old
 +/usr/share/doc/amavisd-new-2.6.4/README.customize
 +/usr/share/doc/amavisd-new-2.6.4/README.exim_v3
 +/usr/share/doc/amavisd-new-2.6.4/README.exim_v3_app
 +/usr/share/doc/amavisd-new-2.6.4/README.exim_v4
 +/usr/share/doc/amavisd-new-2.6.4/README.exim_v4_app
 +/usr/share/doc/amavisd-new-2.6.4/README.exim_v4_app2
 +/usr/share/doc/amavisd-new-2.6.4/README.ldap
 +/usr/share/doc/amavisd-new-2.6.4/README.lookups
 +/usr/share/doc/amavisd-new-2.6.4/README.milter
 +/usr/share/doc/amavisd-new-2.6.4/README.old.scanners
 +/usr/share/doc/amavisd-new-2.6.4/README.performance
 +/usr/share/doc/amavisd-new-2.6.4/README.policy-on-notifications
 +/usr/share/doc/amavisd-new-2.6.4/README.postfix
 +/usr/share/doc/amavisd-new-2.6.4/README.postfix.html
 +/usr/share/doc/amavisd-new-2.6.4/README.protocol
 +/usr/share/doc/amavisd-new-2.6.4/README.sendmail
 +/usr/share/doc/amavisd-new-2.6.4/README.sendmail-dual
 +/usr/share/doc/amavisd-new-2.6.4/README.sendmail-dual.old
 +/usr/share/doc/amavisd-new-2.6.4/README.sql
 +/usr/share/doc/amavisd-new-2.6.4/README.sql-mysql
 +/usr/share/doc/amavisd-new-2.6.4/README.sql-pg
 +/usr/share/doc/amavisd-new-2.6.4/RELEASE_NOTES
 +/usr/share/doc/amavisd-new-2.6.4/amavisd-new-docs.html
 +/usr/share/doc/amavisd-new-2.6.4/amavisd.conf
 +/usr/share/doc/amavisd-new-2.6.4/amavisd.conf-default
 +/usr/share/doc/amavisd-new-2.6.4/amavisd.conf-sample
 +/usr/share/doc/amavisd-new-2.6.4/amavisd.conf.orig
 +/usr/share/doc/amavisd-new-2.6.4/images
 +/usr/share/doc/amavisd-new-2.6.4/images/blank.png
 +/usr/share/doc/amavisd-new-2.6.4/images/callouts
 +/usr/share/doc/amavisd-new-2.6.4/images/callouts/1.png
 +/usr/share/doc/amavisd-new-2.6.4/images/callouts/10.png
 +/usr/share/doc/amavisd-new-2.6.4/images/callouts/11.png
 +/usr/share/doc/amavisd-new-2.6.4/images/callouts/12.png
 +/usr/share/doc/amavisd-new-2.6.4/images/callouts/13.png
 +/usr/share/doc/amavisd-new-2.6.4/images/callouts/14.png
 +/usr/share/doc/amavisd-new-2.6.4/images/callouts/15.png
 +/usr/share/doc/amavisd-new-2.6.4/images/callouts/2.png
 +/usr/share/doc/amavisd-new-2.6.4/images/callouts/3.png
 +/usr/share/doc/amavisd-new-2.6.4/images/callouts/4.png
 +/usr/share/doc/amavisd-new-2.6.4/images/callouts/5.png
 +/usr/share/doc/amavisd-new-2.6.4/images/callouts/6.png
 +/usr/share/doc/amavisd-new-2.6.4/images/callouts/7.png
 +/usr/share/doc/amavisd-new-2.6.4/images/callouts/8.png
 +/usr/share/doc/amavisd-new-2.6.4/images/callouts/9.png
 +/usr/share/doc/amavisd-new-2.6.4/images/caution.png
 +/usr/share/doc/amavisd-new-2.6.4/images/draft.png
 +/usr/share/doc/amavisd-new-2.6.4/images/home.png
 +/usr/share/doc/amavisd-new-2.6.4/images/important.png
 +/usr/share/doc/amavisd-new-2.6.4/images/next.png
 +/usr/share/doc/amavisd-new-2.6.4/images/note.png
 +/usr/share/doc/amavisd-new-2.6.4/images/prev.png
 +/usr/share/doc/amavisd-new-2.6.4/images/tip.png
 +/usr/share/doc/amavisd-new-2.6.4/images/toc-blank.png
 +/usr/share/doc/amavisd-new-2.6.4/images/toc-minus.png
 +/usr/share/doc/amavisd-new-2.6.4/images/toc-plus.png
 +/usr/share/doc/amavisd-new-2.6.4/images/up.png
 +/usr/share/doc/amavisd-new-2.6.4/images/warning.png
 +/usr/share/doc/amavisd-new-2.6.4/screen.css
 +/usr/share/doc/amavisd-new-2.6.4/test-messages
 +/usr/share/doc/amavisd-new-2.6.4/test-messages/README
 +/usr/share/doc/amavisd-new-2.6.4/test-messages/sample.tar.gz.compl
 +/var/amavis
 +/var/amavis/db
 +/var/amavis/tmp
 +/var/amavis/var
 +/var/log/amavis.log
 +/var/virusmails</code>
 +
 +===== Konfiguration =====
 +==== Grundkonfiguration ====
 +Für die weitere Viren- und Spam-Prüfung der uns angetragenen elektronischen Post, verwenden wir die **smtp_proxy_filter**-Funktionen, also die //Pre-Queue// unseres Postfixes. Somit können wir die Nachricht in Echtzeit filtern und wenn uns diese "//nicht gefällt//", einfach abweisen.\\
 +\\
 +Der externe Mailserver versucht mit unserer neuen Konfiguration eine eMail bei uns auf Port **25** abzusetzen. Unser Postfix reicht diese direkt an den Port 10024 unseres **AMaViS-Daemon** weiter, der die Nachricht //on-the-fly// weiteren daemons zum Virenscanner und Spambewerten unterzieht. Wird dabei die Nachricht für **O.K.** befunden, so reicht **AMaViS** die Mail zurück an den Postfix auf Port 10025, oder signalisiert **Postfix**, dass die Nachricht O.K. ist und der externe SMTP-Dialog erfolgreich zu Ende gebracht werden kann.
 +\\
 +Im ersten Schritt definieren wir also die ersten drei Parameter, **Hostnamen**, **Domäne** und **Port** in der Konfigurationsdatei unter **/etc/amavisd.conf**. 
 +<code>...
 +
 +$myhostname = 'amavis.nausch.org'; # hostname 
 +$mydomain = 'nausch.org';          # a convenient default for other settings
 +
 +...
 +
 +$inet_socket_port = 10024;         # listen on this local TCP port(s)
 +
 +...</code>
 +==== Gesamtkonfiguration ====
 +Unser lauffähges System benötigt eine umfangreiche Konfiguration, die wir unseren Bedürfnissen anpassen.
 +<code> # egrep -v '(^#|^$)' /etc/amavisd.conf
 +use strict;
 +$max_servers = 5;            # num of pre-forked children (2..30 is common), -m
 +$daemon_user  = "amavis";     # (no default;  customary: vscan or amavis), -u
 +$daemon_group = "amavis";     # (no default;  customary: vscan or amavis), -g
 +$myhostname = 'amavis.nausch.org'; # hostname
 +$mydomain = 'nausch.org';   # a convenient default for other settings
 +$MYHOME = '/var/amavis';   # a convenient default for other settings, -H
 +$TEMPBASE = "$MYHOME/tmp";   # working directory, needs to exist, -T
 +$ENV{TMPDIR} = $TEMPBASE;    # environment variable TMPDIR, used by SA, etc.
 +$QUARANTINEDIR = "/var/virusmails";
 +$db_home   = "$MYHOME/db";      # dir for bdb nanny/cache/snmp databases, -D
 +$helpers_home = "$MYHOME/var";  # working directory for SpamAssassin, -S
 +$lock_file = "$MYHOME/var/amavisd.lock";  # -L
 +$pid_file  = "$MYHOME/var/amavisd.pid";   # -P
 +$log_level = 3;              # verbosity 0..5, -d
 +$log_recip_templ = undef;    # disable by-recipient level-0 log entries
 +$DO_SYSLOG = 1;              # log via syslogd (preferred)
 +$syslog_facility = 'mail';   # Syslog facility as a string
 +           # e.g.: mail, daemon, user, local0, ... local7
 +$syslog_priority = 'debug';  # Syslog base (minimal) priority as a string,
 +           # choose from: emerg, alert, crit, err, warning, notice, info, debug
 +$enable_db = 1;              # enable use of BerkeleyDB/libdb (SNMP and nanny)
 +$enable_global_cache = 1;    # enable use of libdb-based cache if $enable_db=1
 +$nanny_details_level = 2;    # nanny verbosity: 1: traditional, 2: detailed
 +$enable_dkim_verification = 1;  # enable DKIM signatures verification
 +$enable_dkim_signing = 1;    # load DKIM signing code, keys defined by dkim_key
 +@local_domains_maps = ( [".$mydomain"] );  # list of all local domains
 +@mynetworks = qw( 127.0.0.0/8 [::1] [FE80::]/10 [FEC0::]/10
 +                  10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 );
 +$unix_socketname = "$MYHOME/amavisd.sock";  # amavisd-release or amavis-milter
 +               # option(s) -p overrides $inet_socket_port and $unix_socketname
 +$inet_socket_port = 10024;   # listen on this local TCP port(s)
 +$policy_bank{'MYNETS'} = {   # mail originating from @mynetworks
 +  originating => 1,  # is true in MYNETS by default, but let's make it explicit
 +  os_fingerprint_method => undef,  # don't query p0f for internal clients
 +};
 +$interface_policy{'10026'} = 'ORIGINATING';
 +$policy_bank{'ORIGINATING'} = {  # mail supposedly originating from our users
 +  originating => 1,  # declare that mail was submitted by our smtp client
 +  allow_disclaimers => 1,  # enables disclaimer insertion if available
 +  # notify administrator of locally originating malware
 +  virus_admin_maps => ["virusalert\@$mydomain"],
 +  spam_admin_maps  => ["virusalert\@$mydomain"],
 +  warnbadhsender   => 1,
 +  # forward to a smtpd service providing DKIM signing service
 +  forward_method => 'smtp:[127.0.0.1]:10027',
 +  # force MTA conversion to 7-bit (e.g. before DKIM signing)
 +  smtpd_discard_ehlo_keywords => ['8BITMIME'],
 +  bypass_banned_checks_maps => [1],  # allow sending any file names and types
 +  terminate_dsn_on_notify_success => 0,  # don't remove NOTIFY=SUCCESS option
 +};
 +$interface_policy{'SOCK'} = 'AM.PDP-SOCK'; # only applies with $unix_socketname
 +$policy_bank{'AM.PDP-SOCK'} = {
 +  protocol => 'AM.PDP',
 +  auth_required_release => 0,  # do not require secret_id for amavisd-release
 +};
 +$sa_tag_level_deflt  = 2.0;  # add spam info headers if at, or above that level
 +$sa_tag2_level_deflt = 6.31;  # add 'spam detected' headers at that level
 +$sa_kill_level_deflt = 6.31;  # triggers spam evasive actions (e.g. blocks mail)
 +$sa_dsn_cutoff_level = 10;   # spam level beyond which a DSN is not sent
 +$sa_crediblefrom_dsn_cutoff_level = 18; # likewise, but for a likely valid From
 +$penpals_bonus_score = 8;    # (no effect without a @storage_sql_dsn database)
 +$penpals_threshold_high = $sa_kill_level_deflt;  # don't waste time on hi spam
 +$bounce_killer_score = 100;  # spam score points to add for joe-jobbed bounces
 +$sa_mail_body_size_limit = 400*1024; # don't waste time on SA if mail is larger
 +$sa_local_tests_only = 0;    # only tests which do not require internet access?
 +$virus_admin               = "virusalert\@$mydomain";  # notifications recip.
 +$mailfrom_notify_admin     = "virusalert\@$mydomain";  # notifications sender
 +$mailfrom_notify_recip     = "virusalert\@$mydomain";  # notifications sender
 +$mailfrom_notify_spamadmin = "spam.police\@$mydomain"; # notifications sender
 +$mailfrom_to_quarantine = ''; # null return path; uses original sender if undef
 +@addr_extension_virus_maps      = ('virus');
 +@addr_extension_banned_maps     = ('banned');
 +@addr_extension_spam_maps       = ('spam');
 +@addr_extension_bad_header_maps = ('badh');
 +$path = '/usr/local/sbin:/usr/local/bin:/usr/sbin:/sbin:/usr/bin:/bin';
 +$MAXLEVELS = 14;
 +$MAXFILES = 1500;
 +$MIN_EXPANSION_QUOTA =      100*1024;  # bytes  (default undef, not enforced)
 +$MAX_EXPANSION_QUOTA = 300*1024*1024;  # bytes  (default undef, not enforced)
 +$sa_spam_subject_tag = '***SPAM*** ';
 +$defang_virus  = 1;  # MIME-wrap passed infected mail
 +$defang_banned = 1;  # MIME-wrap passed mail containing banned name
 +$defang_by_ccat{+CC_BADH.",3"} = 1;  # NUL or CR character in header
 +$defang_by_ccat{+CC_BADH.",5"} = 1;  # header line longer than 998 characters
 +$defang_by_ccat{+CC_BADH.",6"} = 1;  # header field syntax error
 +$final_virus_destiny      = D_REJECT;
 +$final_banned_destiny     = D_REJECT;
 +$final_spam_destiny       = D_REJECT;
 +$virus_quarantine_to = undef;
 +$banned_quarantine_to = undef;
 +$spam_quarantine_to = undef;
 +$bad_header_quarantine_to = undef;
 +@keep_decoded_original_maps = (new_RE(
 +  qr'^MAIL$',   # retain full original message for virus checking
 +  qr'^MAIL-UNDECIPHERABLE$', # recheck full mail if it contains undecipherables
 +  qr'^(ASCII(?! cpio)|text|uuencoded|xxencoded|binhex)'i,
 +));
 +$banned_filename_re = new_RE(
 +  qr'^\.(exe-ms|dll)$',                   # banned file(1) types, rudimentary
 +  [ qr'^\.(rpm|cpio|tar)$'       => 0 ],  # allow any in Unix-type archives
 +  qr'.\.(pif|scr)$'i,                     # banned extensions - rudimentary
 +  qr'^application/x-msdownload$'i,        # block these MIME types
 +  qr'^application/x-msdos-program$'i,
 +  qr'^application/hta$'i,
 +  # block certain double extensions in filenames
 +  qr'\.[^./]*[A-Za-z][^./]*\.\s*(exe|vbs|pif|scr|bat|cmd|com|cpl|dll)[.\s]*$'i,
 +  qr'.\.(exe|vbs|pif|scr|cpl)$'i,             # banned extension - basic
 +);
 +@score_sender_maps = ({ # a by-recipient hash lookup table,
 +                        # results from all matching recipient tables are summed
 +  ## site-wide opinions about senders (the '.' matches any recipient)
 +  '.' => [  # the _first_ matching sender determines the score boost
 +   new_RE(  # regexp-type lookup table, just happens to be all soft-blacklist
 +    [qr'^(bulkmail|offers|cheapbenefits|earnmoney|foryou)@'        => 5.0],
 +    [qr'^(greatcasino|investments|lose_weight_today|market\.alert)@'i=> 5.0],
 +    [qr'^(money2you|MyGreenCard|new\.tld\.registry|opt-out|opt-in)@'i=> 5.0],
 +    [qr'^(optin|saveonlsmoking2002k|specialoffer|specialoffers)@'  => 5.0],
 +    [qr'^(stockalert|stopsnoring|wantsome|workathome|yesitsfree)@' => 5.0],
 +    [qr'^(your_friend|greatoffers)@'                               => 5.0],
 +    [qr'^(inkjetplanet|marketopt|MakeMoney)\d*@'                   => 5.0],
 +   ),
 +   { # a hash-type lookup table (associative array)
 +     'nobody@cert.org'                        => -3.0,
 +     'cert-advisory@us-cert.gov'              => -3.0,
 +     'owner-alert@iss.net'                    => -3.0,
 +     'slashdot@slashdot.org'                  => -3.0,
 +     'securityfocus.com'                      => -3.0,
 +     'ntbugtraq@listserv.ntbugtraq.com'       => -3.0,
 +     'security-alerts@linuxsecurity.com'      => -3.0,
 +     'mailman-announce-admin@python.org'      => -3.0,
 +     'amavis-user-admin@lists.sourceforge.net'=> -3.0,
 +     'amavis-user-bounces@lists.sourceforge.net' => -3.0,
 +     'spamassassin.apache.org'                => -3.0,
 +     'notification-return@lists.sophos.com'   => -3.0,
 +     'owner-postfix-users@postfix.org'        => -3.0,
 +     'owner-postfix-announce@postfix.org'     => -3.0,
 +     'owner-sendmail-announce@lists.sendmail.org'   => -3.0,
 +     'sendmail-announce-request@lists.sendmail.org' => -3.0,
 +     'donotreply@sendmail.org'                => -3.0,
 +     'ca+envelope@sendmail.org'               => -3.0,
 +     'noreply@freshmeat.net'                  => -3.0,
 +     'owner-technews@postel.acm.org'          => -3.0,
 +     'ietf-123-owner@loki.ietf.org'           => -3.0,
 +     'cvs-commits-list-admin@gnome.org'       => -3.0,
 +     'rt-users-admin@lists.fsck.com'          => -3.0,
 +     'clp-request@comp.nus.edu.sg'            => -3.0,
 +     'surveys-errors@lists.nua.ie'            => -3.0,
 +     'emailnews@genomeweb.com'                => -5.0,
 +     'yahoo-dev-null@yahoo-inc.com'           => -3.0,
 +     'returns.groups.yahoo.com'               => -3.0,
 +     'clusternews@linuxnetworx.com'           => -3.0,
 +     lc('lvs-users-admin@LinuxVirtualServer.org'   => -3.0,
 +     lc('owner-textbreakingnews@CNNIMAIL12.CNN.COM') => -5.0,
 +     # soft-blacklisting (positive score)
 +     'sender@example.net'                     =>  3.0,
 +     '.example.net'                           =>  1.0,
 +   },
 +  ],  # end of site-wide tables
 +});
 +@decoders = (
 +  ['mail', \&do_mime_decode],
 +  ['asc',  \&do_ascii],
 +  ['uue',  \&do_ascii],
 +  ['hqx',  \&do_ascii],
 +  ['ync',  \&do_ascii],
 +  ['F',    \&do_uncompress, ['unfreeze','freeze -d','melt','fcat'] ],
 +  ['Z',    \&do_uncompress, ['uncompress','gzip -d','zcat'] ],
 +  ['gz',   \&do_uncompress,  'gzip -d'],
 +  ['gz',   \&do_gunzip],
 +  ['bz2',  \&do_uncompress,  'bzip2 -d'],
 +  ['lzo',  \&do_uncompress,  'lzop -d'],
 +  ['rpm',  \&do_uncompress, ['rpm2cpio.pl','rpm2cpio'] ],
 +  ['cpio', \&do_pax_cpio,   ['pax','gcpio','cpio'] ],
 +  ['tar',  \&do_pax_cpio,   ['pax','gcpio','cpio'] ],
 +  ['deb',  \&do_ar,          'ar'],
 +  ['zip',  \&do_unzip],
 +  ['7z',   \&do_7zip,       ['7zr','7za','7z'] ],
 +  ['rar',  \&do_unrar,      ['rar','unrar'] ],
 +  ['arj',  \&do_unarj,      ['arj','unarj'] ],
 +  ['arc',  \&do_arc,        ['nomarch','arc'] ],
 +  ['zoo',  \&do_zoo,        ['zoo','unzoo'] ],
 +  ['lha',  \&do_lha,         'lha'],
 +  ['cab',  \&do_cabextract,  'cabextract'],
 +  ['tnef', \&do_tnef_ext,    'tnef'],
 +  ['tnef', \&do_tnef],
 +  ['exe',  \&do_executable, ['rar','unrar'], 'lha', ['arj','unarj'] ],
 +);
 +@av_scanners = (
 +['ClamAV-clamd',
 +  \&ask_daemon, ["CONTSCAN {}\n", "/tmp/clamd.socket"],
 +  qr/\bOK$/m, qr/\bFOUND$/m,
 +  qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ],
 +  ### http://www.kaspersky.com/  (kav4mailservers)
 +  ['KasperskyLab AVP - aveclient',
 +    ['/usr/local/kav/bin/aveclient','/usr/local/share/kav/bin/aveclient',
 +     '/opt/kav/5.5/kav4mailservers/bin/aveclient','aveclient'],
 +    '-p /var/run/aveserver -s {}/*',
 +    [0,3,6,8], qr/\b(INFECTED|SUSPICION|SUSPICIOUS)\b/m,
 +    qr/(?:INFECTED|WARNING|SUSPICION|SUSPICIOUS) (.+)/m,
 +  ],
 +  # NOTE: one may prefer [0],[2,3,4,5], depending on how suspicious,
 +  # currupted or protected archives are to be handled
 +  ### http://www.kaspersky.com/
 +  ['KasperskyLab AntiViral Toolkit Pro (AVP)', ['avp'],
 +    '-* -P -B -Y -O- {}', [0,3,6,8], [2,4],    # any use for -A -K   ?
 +    qr/infected: (.+)/m,
 +    sub {chdir('/opt/AVP') or die "Can't chdir to AVP: $!"},
 +    sub {chdir($TEMPBASE) or die "Can't chdir back to $TEMPBASE $!"},
 +  ],
 +  ### The kavdaemon and AVPDaemonClient have been removed from Kasperky
 +  ### products and replaced by aveserver and aveclient
 +  ['KasperskyLab AVPDaemonClient',
 +    [ '/opt/AVP/kavdaemon',       'kavdaemon',
 +      '/opt/AVP/AvpDaemonClient', 'AvpDaemonClient',
 +      '/opt/AVP/AvpTeamDream',    'AvpTeamDream',
 +      '/opt/AVP/avpdc', 'avpdc' ],
 +    "-f=$TEMPBASE {}", [0,8], [3,4,5,6], qr/infected: ([^\r\n]+)/m ],
 +    # change the startup-script in /etc/init.d/kavd to:
 +    #   DPARMS="-* -Y -dl -f=/var/amavis /var/amavis"
 +    #   (or perhaps:   DPARMS="-I0 -Y -* /var/amavis" )
 +    # adjusting /var/amavis above to match your $TEMPBASE.
 +    # The '-f=/var/amavis' is needed if not running it as root, so it
 +    # can find, read, and write its pid file, etc., see 'man kavdaemon'.
 +    # defUnix.prf: there must be an entry "*/var/amavis" (or whatever
 +    #   directory $TEMPBASE specifies) in the 'Names=' section.
 +    # cd /opt/AVP/DaemonClients; configure; cd Sample; make
 +    # cp AvpDaemonClient /opt/AVP/
 +    # su - vscan -c "${PREFIX}/kavdaemon ${DPARMS}"
 +  ### http://www.centralcommand.com/
 +  ['CentralCommand Vexira (new) vascan',
 +    ['vascan','/usr/lib/Vexira/vascan'],
 +    "-a s --timeout=60 --temp=$TEMPBASE -y $QUARANTINEDIR ".
 +    "--log=/var/log/vascan.log {}",
 +    [0,3], [1,2,5],
 +    qr/(?x)^\s* (?:virus|iworm|macro|mutant|sequence|trojan)\ found:\ ( [^\]\s']+ )\ \.\.\.\ /m ],
 +    # Adjust the path of the binary and the virus database as needed.
 +    # 'vascan' does not allow to have the temp directory to be the same as
 +    # the quarantine directory, and the quarantine option can not be disabled.
 +    # If $QUARANTINEDIR is not used, then another directory must be specified
 +    # to appease 'vascan'. Move status 3 to the second list if password
 +    # protected files are to be considered infected.
 +  ### http://www.avira.com/
 +  ### Avira AntiVir (formerly H+BEDV) or (old) CentralCommand Vexira Antivirus
 +  ['Avira AntiVir', ['antivir','vexira'],
 +    '--allfiles -noboot -nombr -rs -s -z {}', [0], qr/ALERT:|VIRUS:/m,
 +    qr/(?x)^\s* (?: ALERT: \s* (?: \[ | [^']* ' ) |
 +         (?i) VIRUS:\ .*?\ virus\ '?) ( [^\]\s']+ )/m ],
 +    # NOTE: if you only have a demo version, remove -z and add 214, as in:
 +    #  '--allfiles -noboot -nombr -rs -s {}', [0,214], qr/ALERT:|VIRUS:/,
 +  ### http://www.commandsoftware.com/
 +  ['Command AntiVirus for Linux', 'csav',
 +    '-all -archive -packed {}', [50], [51,52,53],
 +    qr/Infection: (.+)/m ],
 +  ### http://www.symantec.com/
 +  ['Symantec CarrierScan via Symantec CommandLineScanner',
 +    'cscmdline', '-a scan -i 1 -v -s 127.0.0.1:7777 {}',
 +    qr/^Files Infected:\s+0$/m, qr/^Infected\b/m,
 +    qr/^(?:Info|Virus Name):\s+(.+)/m ],
 +  ### http://www.symantec.com/
 +  ['Symantec AntiVirus Scan Engine',
 +    'savsecls', '-server 127.0.0.1:7777 -mode scanrepair -details -verbose {}',
 +    [0], qr/^Infected\b/m,
 +    qr/^(?:Info|Virus Name):\s+(.+)/m ],
 +    # NOTE: check options and patterns to see which entry better applies
 +  ### http://www.f-secure.com/products/anti-virus/  version 5.52
 +   ['F-Secure Antivirus for Linux servers',
 +    ['/opt/f-secure/fsav/bin/fsav', 'fsav'],
 +    '--virus-action1=report --archive=yes --auto=yes '.
 +    '--dumb=yes --list=no --mime=yes {}', [0], [3,4,6,8],
 +    qr/(?:infection|Infected|Suspected|Riskware): (.+)/m ],
 +    # NOTE: internal archive handling may be switched off by '--archive=no'
 +    #   to prevent fsav from exiting with status 9 on broken archives
 +  ['CAI InoculateIT', 'inocucmd',  # retired product
 +    '-sec -nex {}', [0], [100],
 +    qr/was infected by virus (.+)/m ],
 +  # see: http://www.flatmtn.com/computer/Linux-Antivirus_CAI.html
 +  ### http://www3.ca.com/Solutions/Product.asp?ID=156  (ex InoculateIT)
 +  ['CAI eTrust Antivirus', 'etrust-wrapper',
 +    '-arc -nex -spm h {}', [0], [101],
 +    qr/is infected by virus: (.+)/m ],
 +    # NOTE: requires suid wrapper around inocmd32; consider flag: -mod reviewer
 +    # see http://marc.theaimsgroup.com/?l=amavis-user&m=109229779912783
 +  ### http://mks.com.pl/english.html
 +  ['MkS_Vir for Linux (beta)', ['mks32','mks'],
 +    '-s {}/*', [0], [1,2],
 +    qr/--[ \t]*(.+)/m ],
 +  ### http://mks.com.pl/english.html
 +  ['MkS_Vir daemon', 'mksscan',
 +    '-s -q {}', [0], [1..7],
 +    qr/^... (\S+)/m ],
 +  ### http://www.eset.com/, version 3.0
 +  ['ESET Software ESETS Command Line Interface',
 +    ['/usr/bin/esets_cli', 'esets_cli'],
 +    '--subdir {}', [0], [1,2,3],
 +    qr/:\s*action="(?!accepted)[^"]*"\n.*:\s*virus="([^"]*)"/m ],
 +  ## http://www.nod32.com/,  NOD32LFS version 2.5 and above
 +  ['ESET NOD32 for Linux File servers',
 +    ['/opt/eset/nod32/sbin/nod32','nod32'],
 +    '--files -z --mail --sfx --rtp --adware --unsafe --pattern --heur '.
 +    '-w -a --action=1 -b {}',
 +    [0], [1,10], qr/^object=.*, virus="(.*?)",/m ],
 +  ### http://www.norman.com/products_nvc.shtml
 +  ['Norman Virus Control v5 / Linux', 'nvcc',
 +    '-c -l:0 -s -u -temp:$TEMPBASE {}', [0,10,11], [1,2,14],
 +    qr/(?i).* virus in .* -> \'(.+)\'/m ],
 +  ### http://www.pandasoftware.com/
 +  ['Panda CommandLineSecure 9 for Linux',
 +    ['/opt/pavcl/usr/bin/pavcl','pavcl'],
 +    '-auto -aex -heu -cmp -nbr -nor -nos -eng -nob {}',
 +    qr/Number of files infected[ .]*: 0+(?!\d)/m,
 +    qr/Number of files infected[ .]*: 0*[1-9]/m,
 +    qr/Found virus :\s*(\S+)/m ],
 +  # NOTE: for efficiency, start the Panda in resident mode with 'pavcl -tsr'
 +  # before starting amavisd - the bases are then loaded only once at startup.
 +  # To reload bases in a signature update script:
 +  #   /opt/pavcl/usr/bin/pavcl -tsr -ulr; /opt/pavcl/usr/bin/pavcl -tsr
 +  # Please review other options of pavcl, for example:
 +  #  -nomalw, -nojoke, -nodial, -nohackt, -nospyw, -nocookies
 +  ### http://www.nai.com/
 +  ['NAI McAfee AntiVirus (uvscan)', 'uvscan',
 +    '--secure -rv --mime --summary --noboot - {}', [0], [13],
 +    qr/(?x) Found (?:
 +        \ the\ (.+)\ (?:virus|trojan)  |
 +        \ (?:virus|trojan)\ or\ variant\ ([^ ]+)  |
 +        :\ (.+)\ NOT\ a\ virus)/m,
 +  # sub {$ENV{LD_PRELOAD}='/lib/libc.so.6'},
 +  # sub {delete $ENV{LD_PRELOAD}},
 +  ],
 +  # NOTE1: with RH9: force the dynamic linker to look at /lib/libc.so.6 before
 +  # anything else by setting environment variable LD_PRELOAD=/lib/libc.so.6
 +  # and then clear it when finished to avoid confusing anything else.
 +  # NOTE2: to treat encrypted files as viruses replace the [13] with:
 +  #  qr/^\s{5,}(Found|is password-protected|.*(virus|trojan))/
 +  ### http://www.virusbuster.hu/en/
 +  ['VirusBuster', ['vbuster', 'vbengcl'],
 +    "{} -ss -i '*' -log=$MYHOME/vbuster.log", [0], [1],
 +    qr/: '(.*)' - Virus/m ],
 +  # VirusBuster Ltd. does not support the daemon version for the workstation
 +  # engine (vbuster-eng-1.12-linux-i386-libc6.tgz) any longer. The names of
 +  # binaries, some parameters AND return codes have changed (from 3 to 1).
 +  # See also the new Vexira entry 'vascan' which is possibly related.
 +  ### http://www.cyber.com/
 +  ['CyberSoft VFind', 'vfind',
 +    '--vexit {}/*', [0], [23], qr/##==>>>> VIRUS ID: CVDL (.+)/m,
 +  # sub {$ENV{VSTK_HOME}='/usr/lib/vstk'},
 +  ],
 +  ### http://www.avast.com/
 +  ['avast! Antivirus', ['/usr/bin/avastcmd','avastcmd'],
 +    '-a -i -n -t=A {}', [0], [1], qr/\binfected by:\s+([^ \t\n\[\]]+)/m ],
 +  ### http://www.ikarus-software.com/
 +  ['Ikarus AntiVirus for Linux', 'ikarus',
 +    '{}', [0], [40], qr/Signature (.+) found/m ],
 +  ### http://www.bitdefender.com/
 +  ['BitDefender', 'bdscan',  # new version
 +    '--action=ignore --no-list {}', qr/^Infected files\s*:\s*0+(?!\d)/m,
 +    qr/^(?:Infected files|Identified viruses|Suspect files)\s*:\s*0*[1-9]/m,
 +    qr/(?:suspected|infected)\s*:\s*(.*)(?:\033|$)/m ],
 +  ### http://www.bitdefender.com/
 +  ['BitDefender', 'bdc',  # old version
 +    '--arc --mail {}', qr/^Infected files *:0+(?!\d)/m,
 +    qr/^(?:Infected files|Identified viruses|Suspect files) *:0*[1-9]/m,
 +    qr/(?:suspected|infected): (.*)(?:\033|$)/m ],
 +  # consider also: --all --nowarn --alev=15 --flev=15.  The --all argument may
 +  # not apply to your version of bdc, check documentation and see 'bdc --help'
 +  ### ArcaVir for Linux and Unix http://www.arcabit.pl/
 +  ['ArcaVir for Linux', ['arcacmd','arcacmd.static'],
 +    '-v 1 -summary 0 -s {}', [0], [1,2],
 +    qr/(?:VIR|WIR):[ \t]*(.+)/m ],
 +);
 +@av_scanners_backup = (
 +  ### http://www.clamav.net/   - backs up clamd or Mail::ClamAV
 +  ['ClamAV-clamscan', 'clamscan',
 +    "--stdout --no-summary -r --tempdir=$TEMPBASE {}",
 +    [0], qr/:.*\sFOUND$/m, qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ],
 +  ### http://www.f-prot.com/   - backs up F-Prot Daemon, V6
 +  ['F-PROT Antivirus for UNIX', ['fpscan'],
 +    '--report --mount --adware {}',  # consider: --applications -s 4 -u 3 -z 10
 +    [0,8,64],  [1,2,3, 4+1,4+2,4+3, 8+1,8+2,8+3, 12+1,12+2,12+3],
 +    qr/^\[Found\s+[^\]]*\]\s+<([^ \t(>]*)/m ],
 +  ### http://www.f-prot.com/   - backs up F-Prot Daemon (old)
 +  ['FRISK F-Prot Antivirus', ['f-prot','f-prot.sh'],
 +    '-dumb -archive -packed {}', [0,8], [3,6],   # or: [0], [3,6,8],
 +    qr/(?:Infection:|security risk named) (.+)|\s+contains\s+(.+)$/m ],
 +  ### http://www.trendmicro.com/   - backs up Trophie
 +  ['Trend Micro FileScanner', ['/etc/iscan/vscan','vscan'],
 +    '-za -a {}', [0], qr/Found virus/m, qr/Found virus (.+) in/m ],
 +  ### http://www.sald.com/, http://drweb.imshop.de/   - backs up DrWebD
 +  ['drweb - DrWeb Antivirus',  # security LHA hole in Dr.Web 4.33 and earlier
 +    ['/usr/local/drweb/drweb', '/opt/drweb/drweb', 'drweb'],
 +    '-path={} -al -go -ot -cn -upn -ok-',
 +    [0,32], [1,9,33], qr' infected (?:with|by)(?: virus)? (.*)$'m ],
 +   ### http://www.kaspersky.com/
 +   ['Kaspersky Antivirus v5.5',
 +     ['/opt/kaspersky/kav4fs/bin/kav4fs-kavscanner',
 +      '/opt/kav/5.5/kav4unix/bin/kavscanner',
 +      '/opt/kav/5.5/kav4mailservers/bin/kavscanner', 'kavscanner'],
 +     '-i0 -xn -xp -mn -R -ePASBME {}/*', [0,10,15], [5,20,21,25],
 +     qr/(?:INFECTED|WARNING|SUSPICION|SUSPICIOUS) (.*)/m,
 +   ],
 +);
 +1;  # insure a defined return value </code>
 +
 +===== erster Programmstart =====
 +Nun ist es an der Zeit unseren //**A** **MA**il **Vi**rus **S**canner// das erste mal zu starten.
 +   # service amavisd start
 +   Mail Virus Scanner (amavisd) starten:                      [  OK  ]
 +Im **/var/log/maillog** wird der erfolgreiche Start ausreichend dokumentiert:
 +<code>Jul 14 19:58:46 nss amavis[16065]: starting.  /usr/sbin/amavisd at amavis.nausch.org amavisd-new-2.6.4 (20090625), Unicode aware, LANG="de_DE.UTF-8"
 +Jul 14 19:58:46 nss amavis[16065]: user=103, EUID: 103 (103);  group=, EGID: 106 106 (106 106)
 +Jul 14 19:58:46 nss amavis[16065]: Perl version               5.008008
 +Jul 14 19:58:47 nss amavis[16065]: SpamControl: scanner SpamAssassin, module Amavis::SpamControl::SpamAssassin
 +Jul 14 19:58:47 nss amavis[16065]: INFO: SA version: 3.2.5, 3.002005, no optional modules: Net::CIDR::Lite Sys::Hostname::Long Encode::Detect Razor2::Client::Agent IP::Coun
 +try::Fast Image::Info Image::Info::GIF Image::Info::JPEG Image::Info::PNG Image::Info::TIFF Mail::SPF Mail::SPF::Server Mail::SPF::Request Mail::SPF::Mech Mail::SPF::Mech::
 +A Mail::SPF::Mech::PTR Mail::SPF::Mech::All Mail::SPF::Mech::Exists Mail::SPF::Mech::IP4 Mail::SPF::Mech::IP6 Mail::SPF::Mech::Include Mail::SPF::Mech::MX Mail::SPF::Mod Ma
 +il::SPF::Mod::Exp Mail::SPF::Mod::Redirect Mail::SPF::SenderIPAddrMech Mail::SPF::v1::Record Mail::SPF::v2::Record NetAddr::IP NetAddr::IP::Util auto::NetAddr::IP::Util::in
 +et_n2dx auto::NetAddr::IP::Util::ipv6_n2d auto::NetAddr::IP::Util::ipv6_n2x Error
 +Jul 14 19:58:47 nss amavis[16065]: SpamControl: init_pre_chroot on SpamAssassin done
 +Jul 14 19:58:47 nss amavis[16106]: Net::Server: Process Backgrounded
 +Jul 14 19:58:47 nss amavis[16106]: Net::Server: 2009/07/14-19:58:47 Amavis (type Net::Server::PreForkSimple) starting! pid(16106)
 +Jul 14 19:58:47 nss amavis[16106]: Net::Server: Binding to UNIX socket file /var/amavis/amavisd.sock using SOCK_STREAM
 +Jul 14 19:58:47 nss amavis[16106]: Net::Server: Binding to TCP port 10024 on host 127.0.0.1
 +Jul 14 19:58:47 nss amavis[16106]: Net::Server: Group Not Defined.  Defaulting to EGID '106 106'
 +Jul 14 19:58:47 nss amavis[16106]: Net::Server: User Not Defined.  Defaulting to EUID '103'
 +Jul 14 19:58:47 nss amavis[16106]: config files read: /etc/amavisd.conf
 +Jul 14 19:58:47 nss amavis[16106]: Module Amavis::Conf        2.207
 +Jul 14 19:58:47 nss amavis[16106]: Module Archive::Zip        1.16
 +Jul 14 19:58:47 nss amavis[16106]: Module BerkeleyDB          0.36
 +Jul 14 19:58:47 nss amavis[16106]: Module Compress::Zlib      2.02
 +Jul 14 19:58:47 nss amavis[16106]: Module Convert::TNEF       0.17
 +Jul 14 19:58:47 nss amavis[16106]: Module Convert::UUlib      1.051
 +Jul 14 19:58:47 nss amavis[16106]: Module Crypt::OpenSSL::RSA 0.25
 +Jul 14 19:58:47 nss amavis[16106]: Module DBD::mysql          4.012
 +Jul 14 19:58:47 nss amavis[16106]: Module DBI                 1.52
 +Jul 14 19:58:47 nss amavis[16106]: Module DB_File             1.814
 +Jul 14 19:58:47 nss amavis[16106]: Module Digest::MD5         2.36
 +Jul 14 19:58:47 nss amavis[16106]: Module Digest::SHA         5.47
 +Jul 14 19:58:47 nss amavis[16106]: Module Digest::SHA1        2.11
 +Jul 14 19:58:47 nss amavis[16106]: Module IO::Socket::INET6   2.51
 +Jul 14 19:58:47 nss amavis[16106]: Module MIME::Entity        5.420
 +Jul 14 19:58:47 nss amavis[16106]: Module MIME::Parser        5.420
 +Jul 14 19:58:47 nss amavis[16106]: Module MIME::Tools         5.420
 +Jul 14 19:58:47 nss amavis[16106]: Module Mail::DKIM::Verifier 0.36
 +Jul 14 19:58:47 nss amavis[16106]: Module Mail::Header        1.77
 +Jul 14 19:58:47 nss amavis[16106]: Module Mail::Internet      1.77
 +Jul 14 19:58:47 nss amavis[16106]: Module Mail::SpamAssassin  3.002005
 +Jul 14 19:58:47 nss amavis[16106]: Module Net::DNS            0.59
 +Jul 14 19:58:47 nss amavis[16106]: Module Net::Server         0.97
 +Jul 14 19:58:47 nss amavis[16106]: Module Socket6             0.19
 +Jul 14 19:58:47 nss amavis[16106]: Module Time::HiRes         1.9715
 +Jul 14 19:58:47 nss amavis[16106]: Module URI                 1.35
 +Jul 14 19:58:47 nss amavis[16106]: Module Unix::Syslog        1.1
 +Jul 14 19:58:47 nss amavis[16106]: Amavis::DB code      loaded
 +Jul 14 19:58:47 nss amavis[16106]: Amavis::Cache code   loaded
 +Jul 14 19:58:47 nss amavis[16106]: SQL base code        NOT loaded
 +Jul 14 19:58:47 nss amavis[16106]: SQL::Log code        NOT loaded
 +Jul 14 19:58:47 nss amavis[16106]: SQL::Quarantine      NOT loaded
 +Jul 14 19:58:47 nss amavis[16106]: Lookup::SQL code     NOT loaded
 +Jul 14 19:58:47 nss amavis[16106]: Lookup::LDAP code    NOT loaded
 +Jul 14 19:58:47 nss amavis[16106]: AM.PDP-in proto code loaded
 +Jul 14 19:58:47 nss amavis[16106]: SMTP-in proto code   loaded
 +Jul 14 19:58:47 nss amavis[16106]: Courier proto code   NOT loaded
 +Jul 14 19:58:47 nss amavis[16106]: SMTP-out proto code  loaded
 +Jul 14 19:58:47 nss amavis[16106]: Pipe-out proto code  NOT loaded
 +Jul 14 19:58:47 nss amavis[16106]: BSMTP-out proto code NOT loaded
 +Jul 14 19:58:47 nss amavis[16106]: Local-out proto code loaded
 +Jul 14 19:58:47 nss amavis[16106]: OS_Fingerprint code  NOT loaded
 +Jul 14 19:58:47 nss amavis[16106]: ANTI-VIRUS code      loaded
 +Jul 14 19:58:47 nss amavis[16106]: ANTI-SPAM code       loaded
 +Jul 14 19:58:47 nss amavis[16106]: ANTI-SPAM-EXT code   NOT loaded
 +Jul 14 19:58:47 nss amavis[16106]: ANTI-SPAM-C code     NOT loaded
 +Jul 14 19:58:47 nss amavis[16106]: ANTI-SPAM-SA code    loaded
 +Jul 14 19:58:47 nss amavis[16106]: Unpackers code       loaded
 +Jul 14 19:58:47 nss amavis[16106]: DKIM code            NOT loaded
 +Jul 14 19:58:47 nss amavis[16106]: Tools code           NOT loaded
 +Jul 14 19:58:47 nss amavis[16106]: Found $file            at /usr/bin/file
 +Jul 14 19:58:47 nss amavis[16106]: No $altermime,         not using it
 +Jul 14 19:58:47 nss amavis[16106]: Internal decoder for .mail
 +Jul 14 19:58:47 nss amavis[16106]: Internal decoder for .asc 
 +Jul 14 19:58:47 nss amavis[16106]: Internal decoder for .uue 
 +Jul 14 19:58:47 nss amavis[16106]: Internal decoder for .hqx 
 +Jul 14 19:58:47 nss amavis[16106]: Internal decoder for .ync 
 +Jul 14 19:58:47 nss amavis[16106]: Found decoder for    .F    at /usr/bin/unfreeze
 +Jul 14 19:58:47 nss amavis[16106]: Found decoder for    .Z    at /usr/bin/uncompress
 +Jul 14 19:58:47 nss amavis[16106]: Found decoder for    .gz   at /usr/bin/gzip -d
 +Jul 14 19:58:47 nss amavis[16106]: Internal decoder for .gz   (backup, not used)
 +Jul 14 19:58:47 nss amavis[16106]: Found decoder for    .bz2  at /usr/bin/bzip2 -d
 +Jul 14 19:58:47 nss amavis[16106]: Found decoder for    .lzo  at /usr/bin/lzop -d
 +Jul 14 19:58:47 nss amavis[16106]: Found decoder for    .rpm  at /usr/bin/rpm2cpio
 +Jul 14 19:58:47 nss amavis[16106]: Found decoder for    .cpio at /usr/bin/pax
 +Jul 14 19:58:47 nss amavis[16106]: Found decoder for    .tar  at /usr/bin/pax
 +Jul 14 19:58:47 nss amavis[16106]: Found decoder for    .deb  at /usr/bin/ar
 +Jul 14 19:58:47 nss amavis[16106]: Internal decoder for .zip 
 +Jul 14 19:58:47 nss amavis[16106]: No decoder for       .7z   tried: 7zr, 7za, 7z
 +Jul 14 19:58:47 nss amavis[16106]: Found decoder for    .rar  at /usr/bin/unrar
 +Jul 14 19:58:47 nss amavis[16106]: Found decoder for    .arj  at /usr/bin/arj
 +Jul 14 19:58:47 nss amavis[16106]: Found decoder for    .arc  at /usr/bin/nomarch
 +Jul 14 19:58:47 nss amavis[16106]: Found decoder for    .zoo  at /usr/bin/zoo
 +Jul 14 19:58:47 nss amavis[16106]: Found decoder for    .lha  at /usr/bin/lha
 +Jul 14 19:58:47 nss amavis[16106]: Found decoder for    .cab  at /usr/bin/cabextract
 +Jul 14 19:58:47 nss amavis[16106]: No decoder for       .tnef tried: tnef
 +Jul 14 19:58:47 nss amavis[16106]: Internal decoder for .tnef
 +Jul 14 19:58:47 nss amavis[16106]: Found decoder for    .exe  at /usr/bin/unrar; /usr/bin/lha; /usr/bin/arj
 +Jul 14 19:58:47 nss amavis[16106]: Using primary internal av scanner code for ClamAV-clamd
 +Jul 14 19:58:47 nss amavis[16106]: No primary av scanner: KasperskyLab AVP - aveclient
 +Jul 14 19:58:47 nss amavis[16106]: No primary av scanner: KasperskyLab AntiViral Toolkit Pro (AVP)
 +Jul 14 19:58:47 nss amavis[16106]: No primary av scanner: KasperskyLab AVPDaemonClient
 +Jul 14 19:58:47 nss amavis[16106]: No primary av scanner: CentralCommand Vexira (new) vascan
 +Jul 14 19:58:47 nss amavis[16106]: No primary av scanner: Avira AntiVir
 +Jul 14 19:58:47 nss amavis[16106]: No primary av scanner: Command AntiVirus for Linux
 +Jul 14 19:58:47 nss amavis[16106]: No primary av scanner: Symantec CarrierScan via Symantec CommandLineScanner
 +Jul 14 19:58:47 nss amavis[16106]: No primary av scanner: Symantec AntiVirus Scan Engine
 +Jul 14 19:58:47 nss amavis[16106]: No primary av scanner: F-Secure Antivirus for Linux servers
 +Jul 14 19:58:47 nss amavis[16106]: No primary av scanner: CAI InoculateIT
 +Jul 14 19:58:47 nss amavis[16106]: No primary av scanner: CAI eTrust Antivirus
 +Jul 14 19:58:47 nss amavis[16106]: No primary av scanner: MkS_Vir for Linux (beta)
 +Jul 14 19:58:47 nss amavis[16106]: No primary av scanner: MkS_Vir daemon
 +Jul 14 19:58:47 nss amavis[16106]: No primary av scanner: ESET NOD32 Linux Mail Server - command line interface
 +Jul 14 19:58:47 nss amavis[16106]: No primary av scanner: ESET NOD32 for Linux File servers
 +Jul 14 19:58:47 nss amavis[16106]: No primary av scanner: Norman Virus Control v5 / Linux
 +Jul 14 19:58:47 nss amavis[16106]: No primary av scanner: Panda CommandLineSecure 9 for Linux
 +Jul 14 19:58:47 nss amavis[16106]: No primary av scanner: NAI McAfee AntiVirus (uvscan)
 +Jul 14 19:58:47 nss amavis[16106]: No primary av scanner: VirusBuster
 +Jul 14 19:58:47 nss amavis[16106]: No primary av scanner: CyberSoft VFind
 +Jul 14 19:58:47 nss amavis[16106]: No primary av scanner: avast! Antivirus
 +Jul 14 19:58:47 nss amavis[16106]: No primary av scanner: Ikarus AntiVirus for Linux
 +Jul 14 19:58:47 nss amavis[16106]: No primary av scanner: BitDefender
 +Jul 14 19:58:47 nss amavis[16106]: No primary av scanner: BitDefender
 +Jul 14 19:58:47 nss amavis[16106]: No primary av scanner: ArcaVir for Linux
 +Jul 14 19:58:47 nss amavis[16106]: Found secondary av scanner ClamAV-clamscan at /usr/bin/clamscan
 +Jul 14 19:58:47 nss amavis[16106]: No secondary av scanner: F-PROT Antivirus for UNIX
 +Jul 14 19:58:47 nss amavis[16106]: No secondary av scanner: FRISK F-Prot Antivirus
 +Jul 14 19:58:47 nss amavis[16106]: No secondary av scanner: Trend Micro FileScanner
 +Jul 14 19:58:47 nss amavis[16106]: No secondary av scanner: drweb - DrWeb Antivirus
 +Jul 14 19:58:47 nss amavis[16106]: No secondary av scanner: Kaspersky Antivirus v5.5
 +Jul 14 19:58:47 nss amavis[16106]: Creating db in /var/amavis/db/; BerkeleyDB 0.36, libdb 4.3
 +Jul 14 19:58:47 nss amavis[16106]: initializing Mail::SpamAssassin
 +Jul 14 19:58:47 nss amavis[16106]: SpamAssassin debug facilities: info
 +Jul 14 19:58:49 nss amavis[16106]: SpamAssassin loaded plugins: AWL, AutoLearnThreshold, Bayes, BodyEval, Check, DNSEval, HTMLEval, HTTPSMismatch, Hashcash, HeaderEval, Ima
 +geInfo, MIMEEval, MIMEHeader, Pyzor, Razor2, RelayEval, ReplaceTags, SPF, SpamCop, URIDNSBL, URIDetail, URIEval, VBounce, WLBLEval, WhiteListSubject
 +Jul 14 19:58:49 nss amavis[16106]: SpamControl: init_pre_fork on SpamAssassin done
 +Jul 14 19:58:49 nss amavis[16106]: DKIM signature verification disabled, corresponding features not available. If not intentional, consider enabling it by setting: $enable_
 +dkim_verification to 1, or explicitly disable it by setting it to 0 to quench down this warning.
 +Jul 14 19:58:49 nss amavis[16130]: TIMING [total 7 ms] - bdb-open: 7 (100%)100, rundown: 0 (0%)100
 +Jul 14 19:58:49 nss amavis[16131]: TIMING [total 6 ms] - bdb-open: 6 (100%)100, rundown: 0 (0%)100
 +Jul 14 19:58:49 nss amavis[16132]: TIMING [total 7 ms] - bdb-open: 7 (100%)100, rundown: 0 (0%)100
 +Jul 14 19:58:49 nss amavis[16133]: TIMING [total 6 ms] - bdb-open: 6 (100%)100, rundown: 0 (0%)100 </code>
 +Über den Port **10024** sollte nun unser daemon ansprechbar sein. Was wir auch sehr einfach mittels **lsof** überprüfen können:
 +<code>lsof -i :10024
 +COMMAND   PID   USER   FD   TYPE  DEVICE SIZE NODE NAME
 +amavisd 29499 amavis    6u  IPv4 6036705       TCP localhost.localdomain:10024 (LISTEN)
 +amavisd 29501 amavis    6u  IPv4 6036705       TCP localhost.localdomain:10024 (LISTEN)
 +amavisd 29502 amavis    6u  IPv4 6036705       TCP localhost.localdomain:10024 (LISTEN)</code>
 +Via **telnet localhost 10024** können wir uns nun zum virusscanner-daemon verbinden.
 +<code>telnet localhost 10024
 +Trying 127.0.0.1...
 +Connected to localhost.localdomain (127.0.0.1).
 +Escape character is '^]'.
 +220 [127.0.0.1] ESMTP amavisd-new service ready
 +quit
 +221 2.0.0 [127.0.0.1] amavisd-new closing transmission channel
 +Connection closed by foreign host.
 +</code>
 +
 +===== automatisches Starten des Dienste beim Systemstart ===== 
 +Damit nun unser AMaViS-Server beim Booten automatisch gestartet wird, nehmen wir noch folgende Konfigurationsschritte vor.
 +<code>chkconfig amavisd on</code>
 +Anschließend überprüfen wir noch unsere Änderung:
 +<code>chkconfig --list | grep amavisd
 +amavisd         0:Aus   1:Aus   2:Ein   3:Ein   4:Ein   5:Ein   6:Aus</code>
 +===== Postfix =====
 +==== Konfiguration ====
 +Wie schon beim Punkt **//Konfiguration//** beschrieben, erweitern wir nun unsere Postfixkonfiguration so, dass die zwei Ports **10024** und **10025** von Postfix bedient werden.\\
 +\\
 +Diese Ergänzungen definieren wir in der **vim /etc/postfix/master.cf**.
 +<code>vim /etc/postfix/master.cf
 +
 +#
 +# Postfix master process configuration file.  For details on the format
 +# of the file, see the master(5) manual page (command: "man 5 master").
 +#
 +# ==========================================================================
 +# service       type  private unpriv  chroot  wakeup  maxproc command + args
 +#                     (yes)   (yes)   (yes)   (never) (100)
 +# ==========================================================================
 +smtp            inet  n                               smtpd
 +        -o smtpd_proxy_filter=localhost:10024
 +        -o content_filter=
 +localhost:10025 inet  n                               smtpd
 +        -o content_filter=
 +        -o smtpd_proxy_filter=
 +        -o smtpd_authorized_xforward_hosts=127.0.0.0/8
 +        -o smtp_client_restrictions=
 +        -o smtp_helo_restrictions=
 +        -o smtp_sender_restrictions=
 +        -o smtpd_recipient_restrictions=permit_mynetworks,reject
 +        -o smtp_data_restrictions=
 +        -o mynetworks=127.0.0.0/8
 +        -o receive_override_options=no_unknown_recipient_checks</code>
 +==== Neustart ====
 +Zur aktivierung unserer Änderung starten wir unseren Mailserver einmal durch:
 +<code>service postfix restart
 +Postfix beenden:                                            OK  ]
 +Postfix starten:                                            OK  ]</code>
 +==== Test ====
 +Über den Port **10024** sollte nun unser daemon ansprechbar sein. Was wir auch sehr einfach mittels **lsof** überprüfen können:
 +<code>lsof -i :25
 +COMMAND   PID    USER   FD   TYPE  DEVICE SIZE NODE NAME
 +master  28235    root   11u  IPv4 1396426       TCP *:smtp (LISTEN)
 +smtpd   28242 postfix    6u  IPv4 1396426       TCP *:smtp (LISTEN)</code>
 +Von der Konsole aus testen wir nun den Zugang über Port**25**:
 +<code>telnet localhost 25
 +
 +Trying 127.0.0.1...
 +Connected to localhost.localdomain (127.0.0.1).
 +Escape character is '^]'.
 +220 mx1.nausch.org ESMTP Postfix
 +quit
 +221 2.0.0 Bye
 +Connection closed by foreign host.</code>
 +Für den zweiten Port **10025** machen wir auch noch den gleichen Test.
 +<code>lsof -i :10025
 +COMMAND   PID    USER   FD   TYPE  DEVICE SIZE NODE NAME
 +master  28235    root   14u  IPv4 1396432       TCP localhost.localdomain:10025 (LISTEN)
 +smtpd   28248 postfix    6u  IPv4 1396432       TCP localhost.localdomain:10025 (LISTEN)</code>
 +Auch hier prüfen wir via telnet, ob unser Postfix auf Anfragen auf Port **10025** reagiert.
 +<code>telnet localhost 10025
 +
 +Trying 127.0.0.1...
 +Connected to localhost.localdomain (127.0.0.1).
 +Escape character is '^]'.
 +220 mx1.nausch.org ESMTP Postfix
 +quit
 +221 2.0.0 Bye
 +Connection closed by foreign host.
 +</code>
 +===== RAM-Disk für AMaViS =====
 +Da sich bei entsprechenden Trafic die Zugriffe auf die Harddisk ungünstig auf die Performance auswirkt, legen wir eine RAM-Disk für den Virenscanner an. Dort kann er dann die Attachments ablegen und entpacken.\\
 +\\
 +Wir legen uns eine 250 MB große RAM-Disk an:
 +   vim /etc/fstab
 +   /dev/shm                /var/amavis/tmp         tmpfs   defaults,size=250m,mode=750,uid=103,gid=106 0 0
 +Anschließend mounten wir unser neues Laufwerk mit
 +   mount /var/amavis/tmp
 +Je nach Belastung werden nun in unserem Arbeitsverzeichnis die Daten abgelegt
 +   df -h -t tmpfs
 +   Dateisystem          Größe Benut  Verf Ben% Eingehängt auf
 +   /dev/shm              250M   16K  250M   1% /var/amavis/tmp
 +
 +~~DISCUSSION~~
  • centos/mailserver/grundinstallation_von_amavis.txt
  • Zuletzt geändert: 20.05.2021 07:51.
  • von 127.0.0.1