centos:mailserver:grundinstallation_von_amavis

Unterschiede

Hier werden die Unterschiede zwischen zwei Versionen angezeigt.

Link zu dieser Vergleichsansicht

Beide Seiten der vorigen Revision Vorhergehende Überarbeitung
Nächste Überarbeitung		 Vorhergehende Überarbeitung
Letzte ÜberarbeitungBeide Seiten der Revision
centos:mailserver:grundinstallation_von_amavis [28.11.2011 21:22. ] – [Grundkonfiguration] Rechtschreibkorrektur djangocentos:mailserver:grundinstallation_von_amavis [31.05.2017 16:42. ] django
Zeile 1: Zeile 1:
 +====== Virenschutz mit AMaViS ======
 +Für die eMailkommunikation in unserem SOHO(( Small Office Home Office ))-LAN bedienen wir uns des SMTP-Server **Postfix**. Zur weiteren Absichereung (Viren- und Spam-Schutz) nutzen wir weitere Programme und Dämonen, wie [[http://amavisd.de.postfix.org/|amavisd-new]], [[http://www.clamav.net/|clamav]] und [[http://spamassassin.apache.org/|spamassassin]]. Die Installation und Konfiguration, der einzelnen //Getriebezahnräder// beschreibt diese und nachfolgende Seite. 
 +
 +===== Postfix-AMaViS-Cyrus Zusammenspiel =====
 +<uml width=550 title="Postfix MTA">
 +
 +state "MTA" as smtp_25
 +smtp_25 : (Mail Transport Agent) 
 +smtp_25 : andere SMTP-Server
 +smtp_25 : im Internet bzw. Intranet
 +smtp_25 : TCP/IP - Port 25
 +
 +state Postfix {
 +  state "smtpd:25" as smtpd_25
 +  smtpd_25 : SMTP-Daemon
 +  smtpd_25 : TCP/IP Port 25
 +  smtpd_25 : mit smtpd_proxy_filter
 +
 +  state "smtpd:10025" as smtpd_10025
 +  smtpd_10025 : SMTP-Daemon
 +  smtpd_10025 : TCP/IP Port 10025
 +  smtpd_10025 : *ohne* smtpd_proxy_filter
 +
 +  state "Postfix" as work
 +  work : weitere Be-/Abarbeitung
 +  work : der eMail durch den
 +  work : Mail-Transport-Agent Postfix 
 +}
 +
 +state AMaViS {
 +  state "smtpd:10024" as smtpd_10024
 +  smtpd_10024 : SMTP-Daemon
 +  smtpd_10024 : TCP/IP Port 10024
 +
 +  state "AMaViS" as amavis
 +  amavis : Master Prozess
 +  amavis : (Frontend-System)
 +  
 +  state "Entpacker" as packer
 +  packer : Backend-System zum
 +  packer : Entpacken von Dateianhängen
 +  state "Virenscanner" as virus
 +  virus : Backend-System zum
 +  virus : Prüfen der eMail und der
 +  virus : Anhänge auf Schadcode
 +  state "Spamassassin" as spam
 +  spam : Backend-System zum
 +  spam : Prüfen der eMail auf
 +  spam : unerwünschte Inhalte
 +}
 +
 +state Cyrus {
 +  state "IMAP-Server" as smtpd_24
 +  smtpd_24 : Mail-Delivery-Agent
 +  smtpd_24 : Cyrus IMAP-Server
 +}
 +
 +
 + smtp_25 --> smtpd_25
 + smtpd_10025 -right-> work
 +
 + smtpd_25 -right-> smtpd_10024
 + smtpd_10024 --> amavis
 +
 + amavis -right-> packer
 + packer -left-> amavis
 + amavis -down-> virus
 + virus -up-> amavis
 + amavis -left-> spam
 + spam -right-> amavis
 +
 + amavis -left-> smtpd_10025
 +
 + work -right-> smtpd_24
 +</uml>
 +
 +===== Installation =====
 +Die Installation erfolgt, wie soll es auch anders sein, wie gewohnt via **yum**:
 +<code>yum install amavisd-new</code>
 +==== Info ====
 +Was uns //**amavisd-new**// bietet, entnehmen wir am einfachsten dem rpm
 +<code># yum info amavisd-new
 +
 +Name   : amavisd-new
 +...
 +Summary: Mail virus-scanner
 +Description: AMaViS is a program that interfaces a mail transfer agent (MTA) with one or more virus scanners.  
 +Amavisd-new is a branch created by Mark Martinec that adds serveral performance and robustness features. It'
 +partly based on work being done on the official amavisd branch. Please see the README.amavisd-new-RELNOTES 
 +file for a detailed description.</code>
 +
 +==== Programmpfade und -inhalte ====
 +Über die einzelnen Dateien und Pfade der installierten Programme, informieren wir uns mittels:
 +<code># rpm -ql amavisd-new
 +
 +/etc/amavisd.conf
 +/etc/cron.daily/amavisd
 +/etc/logrotate.d/amavisd
 +/etc/openldap/schema/amavisd-new.schema
 +/etc/rc.d/init.d/amavisd
 +/etc/sysconfig/amavisd
 +/usr/sbin/amavisd
 +/usr/sbin/amavisd-agent
 +/usr/sbin/amavisd-nanny
 +/usr/sbin/amavisd-release
 +/usr/sbin/p0f-analyzer
 +/usr/share/doc/amavisd-new-2.6.4
 +/usr/share/doc/amavisd-new-2.6.4/AAAREADME.first
 +/usr/share/doc/amavisd-new-2.6.4/LDAP.schema
 +/usr/share/doc/amavisd-new-2.6.4/LICENSE
 +/usr/share/doc/amavisd-new-2.6.4/MANIFEST
 +/usr/share/doc/amavisd-new-2.6.4/README.banned
 +/usr/share/doc/amavisd-new-2.6.4/README.chroot
 +/usr/share/doc/amavisd-new-2.6.4/README.contributed
 +/usr/share/doc/amavisd-new-2.6.4/README.courier
 +/usr/share/doc/amavisd-new-2.6.4/README.courier-old
 +/usr/share/doc/amavisd-new-2.6.4/README.customize
 +/usr/share/doc/amavisd-new-2.6.4/README.exim_v3
 +/usr/share/doc/amavisd-new-2.6.4/README.exim_v3_app
 +/usr/share/doc/amavisd-new-2.6.4/README.exim_v4
 +/usr/share/doc/amavisd-new-2.6.4/README.exim_v4_app
 +/usr/share/doc/amavisd-new-2.6.4/README.exim_v4_app2
 +/usr/share/doc/amavisd-new-2.6.4/README.ldap
 +/usr/share/doc/amavisd-new-2.6.4/README.lookups
 +/usr/share/doc/amavisd-new-2.6.4/README.milter
 +/usr/share/doc/amavisd-new-2.6.4/README.old.scanners
 +/usr/share/doc/amavisd-new-2.6.4/README.performance
 +/usr/share/doc/amavisd-new-2.6.4/README.policy-on-notifications
 +/usr/share/doc/amavisd-new-2.6.4/README.postfix
 +/usr/share/doc/amavisd-new-2.6.4/README.postfix.html
 +/usr/share/doc/amavisd-new-2.6.4/README.protocol
 +/usr/share/doc/amavisd-new-2.6.4/README.sendmail
 +/usr/share/doc/amavisd-new-2.6.4/README.sendmail-dual
 +/usr/share/doc/amavisd-new-2.6.4/README.sendmail-dual.old
 +/usr/share/doc/amavisd-new-2.6.4/README.sql
 +/usr/share/doc/amavisd-new-2.6.4/README.sql-mysql
 +/usr/share/doc/amavisd-new-2.6.4/README.sql-pg
 +/usr/share/doc/amavisd-new-2.6.4/RELEASE_NOTES
 +/usr/share/doc/amavisd-new-2.6.4/amavisd-new-docs.html
 +/usr/share/doc/amavisd-new-2.6.4/amavisd.conf
 +/usr/share/doc/amavisd-new-2.6.4/amavisd.conf-default
 +/usr/share/doc/amavisd-new-2.6.4/amavisd.conf-sample
 +/usr/share/doc/amavisd-new-2.6.4/amavisd.conf.orig
 +/usr/share/doc/amavisd-new-2.6.4/images
 +/usr/share/doc/amavisd-new-2.6.4/images/blank.png
 +/usr/share/doc/amavisd-new-2.6.4/images/callouts
 +/usr/share/doc/amavisd-new-2.6.4/images/callouts/1.png
 +/usr/share/doc/amavisd-new-2.6.4/images/callouts/10.png
 +/usr/share/doc/amavisd-new-2.6.4/images/callouts/11.png
 +/usr/share/doc/amavisd-new-2.6.4/images/callouts/12.png
 +/usr/share/doc/amavisd-new-2.6.4/images/callouts/13.png
 +/usr/share/doc/amavisd-new-2.6.4/images/callouts/14.png
 +/usr/share/doc/amavisd-new-2.6.4/images/callouts/15.png
 +/usr/share/doc/amavisd-new-2.6.4/images/callouts/2.png
 +/usr/share/doc/amavisd-new-2.6.4/images/callouts/3.png
 +/usr/share/doc/amavisd-new-2.6.4/images/callouts/4.png
 +/usr/share/doc/amavisd-new-2.6.4/images/callouts/5.png
 +/usr/share/doc/amavisd-new-2.6.4/images/callouts/6.png
 +/usr/share/doc/amavisd-new-2.6.4/images/callouts/7.png
 +/usr/share/doc/amavisd-new-2.6.4/images/callouts/8.png
 +/usr/share/doc/amavisd-new-2.6.4/images/callouts/9.png
 +/usr/share/doc/amavisd-new-2.6.4/images/caution.png
 +/usr/share/doc/amavisd-new-2.6.4/images/draft.png
 +/usr/share/doc/amavisd-new-2.6.4/images/home.png
 +/usr/share/doc/amavisd-new-2.6.4/images/important.png
 +/usr/share/doc/amavisd-new-2.6.4/images/next.png
 +/usr/share/doc/amavisd-new-2.6.4/images/note.png
 +/usr/share/doc/amavisd-new-2.6.4/images/prev.png
 +/usr/share/doc/amavisd-new-2.6.4/images/tip.png
 +/usr/share/doc/amavisd-new-2.6.4/images/toc-blank.png
 +/usr/share/doc/amavisd-new-2.6.4/images/toc-minus.png
 +/usr/share/doc/amavisd-new-2.6.4/images/toc-plus.png
 +/usr/share/doc/amavisd-new-2.6.4/images/up.png
 +/usr/share/doc/amavisd-new-2.6.4/images/warning.png
 +/usr/share/doc/amavisd-new-2.6.4/screen.css
 +/usr/share/doc/amavisd-new-2.6.4/test-messages
 +/usr/share/doc/amavisd-new-2.6.4/test-messages/README
 +/usr/share/doc/amavisd-new-2.6.4/test-messages/sample.tar.gz.compl
 +/var/amavis
 +/var/amavis/db
 +/var/amavis/tmp
 +/var/amavis/var
 +/var/log/amavis.log
 +/var/virusmails</code>
 +
 +===== Konfiguration =====
 +==== Grundkonfiguration ====
 +Für die weitere Viren- und Spam-Prüfung der uns angetragenen elektronischen Post, verwenden wir die **smtp_proxy_filter**-Funktionen, also die //Pre-Queue// unseres Postfixes. Somit können wir die Nachricht in Echtzeit filtern und wenn uns diese "//nicht gefällt//", einfach abweisen.\\
 +\\
 +Der externe Mailserver versucht mit unserer neuen Konfiguration eine eMail bei uns auf Port **25** abzusetzen. Unser Postfix reicht diese direkt an den Port 10024 unseres **AMaViS-Daemon** weiter, der die Nachricht //on-the-fly// weiteren daemons zum Virenscanner und Spambewerten unterzieht. Wird dabei die Nachricht für **O.K.** befunden, so reicht **AMaViS** die Mail zurück an den Postfix auf Port 10025, oder signalisiert **Postfix**, dass die Nachricht O.K. ist und der externe SMTP-Dialog erfolgreich zu Ende gebracht werden kann.
 +\\
 +Im ersten Schritt definieren wir also die ersten drei Parameter, **Hostnamen**, **Domäne** und **Port** in der Konfigurationsdatei unter **/etc/amavisd.conf**. 
 +<code>...
 +
 +$myhostname = 'amavis.nausch.org'; # hostname 
 +$mydomain = 'nausch.org';          # a convenient default for other settings
 +
 +...
 +
 +$inet_socket_port = 10024;         # listen on this local TCP port(s)
 +
 +...</code>
 +==== Gesamtkonfiguration ====
 +Unser lauffähges System benötigt eine umfangreiche Konfiguration, die wir unseren Bedürfnissen anpassen.
 +<code> # egrep -v '(^#|^$)' /etc/amavisd.conf
 +use strict;
 +$max_servers = 5;            # num of pre-forked children (2..30 is common), -m
 +$daemon_user  = "amavis";     # (no default;  customary: vscan or amavis), -u
 +$daemon_group = "amavis";     # (no default;  customary: vscan or amavis), -g
 +$myhostname = 'amavis.nausch.org'; # hostname
 +$mydomain = 'nausch.org';   # a convenient default for other settings
 +$MYHOME = '/var/amavis';   # a convenient default for other settings, -H
 +$TEMPBASE = "$MYHOME/tmp";   # working directory, needs to exist, -T
 +$ENV{TMPDIR} = $TEMPBASE;    # environment variable TMPDIR, used by SA, etc.
 +$QUARANTINEDIR = "/var/virusmails";
 +$db_home   = "$MYHOME/db";      # dir for bdb nanny/cache/snmp databases, -D
 +$helpers_home = "$MYHOME/var";  # working directory for SpamAssassin, -S
 +$lock_file = "$MYHOME/var/amavisd.lock";  # -L
 +$pid_file  = "$MYHOME/var/amavisd.pid";   # -P
 +$log_level = 3;              # verbosity 0..5, -d
 +$log_recip_templ = undef;    # disable by-recipient level-0 log entries
 +$DO_SYSLOG = 1;              # log via syslogd (preferred)
 +$syslog_facility = 'mail';   # Syslog facility as a string
 +           # e.g.: mail, daemon, user, local0, ... local7
 +$syslog_priority = 'debug';  # Syslog base (minimal) priority as a string,
 +           # choose from: emerg, alert, crit, err, warning, notice, info, debug
 +$enable_db = 1;              # enable use of BerkeleyDB/libdb (SNMP and nanny)
 +$enable_global_cache = 1;    # enable use of libdb-based cache if $enable_db=1
 +$nanny_details_level = 2;    # nanny verbosity: 1: traditional, 2: detailed
 +$enable_dkim_verification = 1;  # enable DKIM signatures verification
 +$enable_dkim_signing = 1;    # load DKIM signing code, keys defined by dkim_key
 +@local_domains_maps = ( [".$mydomain"] );  # list of all local domains
 +@mynetworks = qw( 127.0.0.0/8 [::1] [FE80::]/10 [FEC0::]/10
 +                  10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 );
 +$unix_socketname = "$MYHOME/amavisd.sock";  # amavisd-release or amavis-milter
 +               # option(s) -p overrides $inet_socket_port and $unix_socketname
 +$inet_socket_port = 10024;   # listen on this local TCP port(s)
 +$policy_bank{'MYNETS'} = {   # mail originating from @mynetworks
 +  originating => 1,  # is true in MYNETS by default, but let's make it explicit
 +  os_fingerprint_method => undef,  # don't query p0f for internal clients
 +};
 +$interface_policy{'10026'} = 'ORIGINATING';
 +$policy_bank{'ORIGINATING'} = {  # mail supposedly originating from our users
 +  originating => 1,  # declare that mail was submitted by our smtp client
 +  allow_disclaimers => 1,  # enables disclaimer insertion if available
 +  # notify administrator of locally originating malware
 +  virus_admin_maps => ["virusalert\@$mydomain"],
 +  spam_admin_maps  => ["virusalert\@$mydomain"],
 +  warnbadhsender   => 1,
 +  # forward to a smtpd service providing DKIM signing service
 +  forward_method => 'smtp:[127.0.0.1]:10027',
 +  # force MTA conversion to 7-bit (e.g. before DKIM signing)
 +  smtpd_discard_ehlo_keywords => ['8BITMIME'],
 +  bypass_banned_checks_maps => [1],  # allow sending any file names and types
 +  terminate_dsn_on_notify_success => 0,  # don't remove NOTIFY=SUCCESS option
 +};
 +$interface_policy{'SOCK'} = 'AM.PDP-SOCK'; # only applies with $unix_socketname
 +$policy_bank{'AM.PDP-SOCK'} = {
 +  protocol => 'AM.PDP',
 +  auth_required_release => 0,  # do not require secret_id for amavisd-release
 +};
 +$sa_tag_level_deflt  = 2.0;  # add spam info headers if at, or above that level
 +$sa_tag2_level_deflt = 6.31;  # add 'spam detected' headers at that level
 +$sa_kill_level_deflt = 6.31;  # triggers spam evasive actions (e.g. blocks mail)
 +$sa_dsn_cutoff_level = 10;   # spam level beyond which a DSN is not sent
 +$sa_crediblefrom_dsn_cutoff_level = 18; # likewise, but for a likely valid From
 +$penpals_bonus_score = 8;    # (no effect without a @storage_sql_dsn database)
 +$penpals_threshold_high = $sa_kill_level_deflt;  # don't waste time on hi spam
 +$bounce_killer_score = 100;  # spam score points to add for joe-jobbed bounces
 +$sa_mail_body_size_limit = 400*1024; # don't waste time on SA if mail is larger
 +$sa_local_tests_only = 0;    # only tests which do not require internet access?
 +$virus_admin               = "virusalert\@$mydomain";  # notifications recip.
 +$mailfrom_notify_admin     = "virusalert\@$mydomain";  # notifications sender
 +$mailfrom_notify_recip     = "virusalert\@$mydomain";  # notifications sender
 +$mailfrom_notify_spamadmin = "spam.police\@$mydomain"; # notifications sender
 +$mailfrom_to_quarantine = ''; # null return path; uses original sender if undef
 +@addr_extension_virus_maps      = ('virus');
 +@addr_extension_banned_maps     = ('banned');
 +@addr_extension_spam_maps       = ('spam');
 +@addr_extension_bad_header_maps = ('badh');
 +$path = '/usr/local/sbin:/usr/local/bin:/usr/sbin:/sbin:/usr/bin:/bin';
 +$MAXLEVELS = 14;
 +$MAXFILES = 1500;
 +$MIN_EXPANSION_QUOTA =      100*1024;  # bytes  (default undef, not enforced)
 +$MAX_EXPANSION_QUOTA = 300*1024*1024;  # bytes  (default undef, not enforced)
 +$sa_spam_subject_tag = '***SPAM*** ';
 +$defang_virus  = 1;  # MIME-wrap passed infected mail
 +$defang_banned = 1;  # MIME-wrap passed mail containing banned name
 +$defang_by_ccat{+CC_BADH.",3"} = 1;  # NUL or CR character in header
 +$defang_by_ccat{+CC_BADH.",5"} = 1;  # header line longer than 998 characters
 +$defang_by_ccat{+CC_BADH.",6"} = 1;  # header field syntax error
 +$final_virus_destiny      = D_REJECT;
 +$final_banned_destiny     = D_REJECT;
 +$final_spam_destiny       = D_REJECT;
 +$virus_quarantine_to = undef;
 +$banned_quarantine_to = undef;
 +$spam_quarantine_to = undef;
 +$bad_header_quarantine_to = undef;
 +@keep_decoded_original_maps = (new_RE(
 +  qr'^MAIL$',   # retain full original message for virus checking
 +  qr'^MAIL-UNDECIPHERABLE$', # recheck full mail if it contains undecipherables
 +  qr'^(ASCII(?! cpio)|text|uuencoded|xxencoded|binhex)'i,
 +));
 +$banned_filename_re = new_RE(
 +  qr'^\.(exe-ms|dll)$',                   # banned file(1) types, rudimentary
 +  [ qr'^\.(rpm|cpio|tar)$'       => 0 ],  # allow any in Unix-type archives
 +  qr'.\.(pif|scr)$'i,                     # banned extensions - rudimentary
 +  qr'^application/x-msdownload$'i,        # block these MIME types
 +  qr'^application/x-msdos-program$'i,
 +  qr'^application/hta$'i,
 +  # block certain double extensions in filenames
 +  qr'\.[^./]*[A-Za-z][^./]*\.\s*(exe|vbs|pif|scr|bat|cmd|com|cpl|dll)[.\s]*$'i,
 +  qr'.\.(exe|vbs|pif|scr|cpl)$'i,             # banned extension - basic
 +);
 +@score_sender_maps = ({ # a by-recipient hash lookup table,
 +                        # results from all matching recipient tables are summed
 +  ## site-wide opinions about senders (the '.' matches any recipient)
 +  '.' => [  # the _first_ matching sender determines the score boost
 +   new_RE(  # regexp-type lookup table, just happens to be all soft-blacklist
 +    [qr'^(bulkmail|offers|cheapbenefits|earnmoney|foryou)@'        => 5.0],
 +    [qr'^(greatcasino|investments|lose_weight_today|market\.alert)@'i=> 5.0],
 +    [qr'^(money2you|MyGreenCard|new\.tld\.registry|opt-out|opt-in)@'i=> 5.0],
 +    [qr'^(optin|saveonlsmoking2002k|specialoffer|specialoffers)@'  => 5.0],
 +    [qr'^(stockalert|stopsnoring|wantsome|workathome|yesitsfree)@' => 5.0],
 +    [qr'^(your_friend|greatoffers)@'                               => 5.0],
 +    [qr'^(inkjetplanet|marketopt|MakeMoney)\d*@'                   => 5.0],
 +   ),
 +   { # a hash-type lookup table (associative array)
 +     'nobody@cert.org'                        => -3.0,
 +     'cert-advisory@us-cert.gov'              => -3.0,
 +     'owner-alert@iss.net'                    => -3.0,
 +     'slashdot@slashdot.org'                  => -3.0,
 +     'securityfocus.com'                      => -3.0,
 +     'ntbugtraq@listserv.ntbugtraq.com'       => -3.0,
 +     'security-alerts@linuxsecurity.com'      => -3.0,
 +     'mailman-announce-admin@python.org'      => -3.0,
 +     'amavis-user-admin@lists.sourceforge.net'=> -3.0,
 +     'amavis-user-bounces@lists.sourceforge.net' => -3.0,
 +     'spamassassin.apache.org'                => -3.0,
 +     'notification-return@lists.sophos.com'   => -3.0,
 +     'owner-postfix-users@postfix.org'        => -3.0,
 +     'owner-postfix-announce@postfix.org'     => -3.0,
 +     'owner-sendmail-announce@lists.sendmail.org'   => -3.0,
 +     'sendmail-announce-request@lists.sendmail.org' => -3.0,
 +     'donotreply@sendmail.org'                => -3.0,
 +     'ca+envelope@sendmail.org'               => -3.0,
 +     'noreply@freshmeat.net'                  => -3.0,
 +     'owner-technews@postel.acm.org'          => -3.0,
 +     'ietf-123-owner@loki.ietf.org'           => -3.0,
 +     'cvs-commits-list-admin@gnome.org'       => -3.0,
 +     'rt-users-admin@lists.fsck.com'          => -3.0,
 +     'clp-request@comp.nus.edu.sg'            => -3.0,
 +     'surveys-errors@lists.nua.ie'            => -3.0,
 +     'emailnews@genomeweb.com'                => -5.0,
 +     'yahoo-dev-null@yahoo-inc.com'           => -3.0,
 +     'returns.groups.yahoo.com'               => -3.0,
 +     'clusternews@linuxnetworx.com'           => -3.0,
 +     lc('lvs-users-admin@LinuxVirtualServer.org'   => -3.0,
 +     lc('owner-textbreakingnews@CNNIMAIL12.CNN.COM') => -5.0,
 +     # soft-blacklisting (positive score)
 +     'sender@example.net'                     =>  3.0,
 +     '.example.net'                           =>  1.0,
 +   },
 +  ],  # end of site-wide tables
 +});
 +@decoders = (
 +  ['mail', \&do_mime_decode],
 +  ['asc',  \&do_ascii],
 +  ['uue',  \&do_ascii],
 +  ['hqx',  \&do_ascii],
 +  ['ync',  \&do_ascii],
 +  ['F',    \&do_uncompress, ['unfreeze','freeze -d','melt','fcat'] ],
 +  ['Z',    \&do_uncompress, ['uncompress','gzip -d','zcat'] ],
 +  ['gz',   \&do_uncompress,  'gzip -d'],
 +  ['gz',   \&do_gunzip],
 +  ['bz2',  \&do_uncompress,  'bzip2 -d'],
 +  ['lzo',  \&do_uncompress,  'lzop -d'],
 +  ['rpm',  \&do_uncompress, ['rpm2cpio.pl','rpm2cpio'] ],
 +  ['cpio', \&do_pax_cpio,   ['pax','gcpio','cpio'] ],
 +  ['tar',  \&do_pax_cpio,   ['pax','gcpio','cpio'] ],
 +  ['deb',  \&do_ar,          'ar'],
 +  ['zip',  \&do_unzip],
 +  ['7z',   \&do_7zip,       ['7zr','7za','7z'] ],
 +  ['rar',  \&do_unrar,      ['rar','unrar'] ],
 +  ['arj',  \&do_unarj,      ['arj','unarj'] ],
 +  ['arc',  \&do_arc,        ['nomarch','arc'] ],
 +  ['zoo',  \&do_zoo,        ['zoo','unzoo'] ],
 +  ['lha',  \&do_lha,         'lha'],
 +  ['cab',  \&do_cabextract,  'cabextract'],
 +  ['tnef', \&do_tnef_ext,    'tnef'],
 +  ['tnef', \&do_tnef],
 +  ['exe',  \&do_executable, ['rar','unrar'], 'lha', ['arj','unarj'] ],
 +);
 +@av_scanners = (
 +['ClamAV-clamd',
 +  \&ask_daemon, ["CONTSCAN {}\n", "/tmp/clamd.socket"],
 +  qr/\bOK$/m, qr/\bFOUND$/m,
 +  qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ],
 +  ### http://www.kaspersky.com/  (kav4mailservers)
 +  ['KasperskyLab AVP - aveclient',
 +    ['/usr/local/kav/bin/aveclient','/usr/local/share/kav/bin/aveclient',
 +     '/opt/kav/5.5/kav4mailservers/bin/aveclient','aveclient'],
 +    '-p /var/run/aveserver -s {}/*',
 +    [0,3,6,8], qr/\b(INFECTED|SUSPICION|SUSPICIOUS)\b/m,
 +    qr/(?:INFECTED|WARNING|SUSPICION|SUSPICIOUS) (.+)/m,
 +  ],
 +  # NOTE: one may prefer [0],[2,3,4,5], depending on how suspicious,
 +  # currupted or protected archives are to be handled
 +  ### http://www.kaspersky.com/
 +  ['KasperskyLab AntiViral Toolkit Pro (AVP)', ['avp'],
 +    '-* -P -B -Y -O- {}', [0,3,6,8], [2,4],    # any use for -A -K   ?
 +    qr/infected: (.+)/m,
 +    sub {chdir('/opt/AVP') or die "Can't chdir to AVP: $!"},
 +    sub {chdir($TEMPBASE) or die "Can't chdir back to $TEMPBASE $!"},
 +  ],
 +  ### The kavdaemon and AVPDaemonClient have been removed from Kasperky
 +  ### products and replaced by aveserver and aveclient
 +  ['KasperskyLab AVPDaemonClient',
 +    [ '/opt/AVP/kavdaemon',       'kavdaemon',
 +      '/opt/AVP/AvpDaemonClient', 'AvpDaemonClient',
 +      '/opt/AVP/AvpTeamDream',    'AvpTeamDream',
 +      '/opt/AVP/avpdc', 'avpdc' ],
 +    "-f=$TEMPBASE {}", [0,8], [3,4,5,6], qr/infected: ([^\r\n]+)/m ],
 +    # change the startup-script in /etc/init.d/kavd to:
 +    #   DPARMS="-* -Y -dl -f=/var/amavis /var/amavis"
 +    #   (or perhaps:   DPARMS="-I0 -Y -* /var/amavis" )
 +    # adjusting /var/amavis above to match your $TEMPBASE.
 +    # The '-f=/var/amavis' is needed if not running it as root, so it
 +    # can find, read, and write its pid file, etc., see 'man kavdaemon'.
 +    # defUnix.prf: there must be an entry "*/var/amavis" (or whatever
 +    #   directory $TEMPBASE specifies) in the 'Names=' section.
 +    # cd /opt/AVP/DaemonClients; configure; cd Sample; make
 +    # cp AvpDaemonClient /opt/AVP/
 +    # su - vscan -c "${PREFIX}/kavdaemon ${DPARMS}"
 +  ### http://www.centralcommand.com/
 +  ['CentralCommand Vexira (new) vascan',
 +    ['vascan','/usr/lib/Vexira/vascan'],
 +    "-a s --timeout=60 --temp=$TEMPBASE -y $QUARANTINEDIR ".
 +    "--log=/var/log/vascan.log {}",
 +    [0,3], [1,2,5],
 +    qr/(?x)^\s* (?:virus|iworm|macro|mutant|sequence|trojan)\ found:\ ( [^\]\s']+ )\ \.\.\.\ /m ],
 +    # Adjust the path of the binary and the virus database as needed.
 +    # 'vascan' does not allow to have the temp directory to be the same as
 +    # the quarantine directory, and the quarantine option can not be disabled.
 +    # If $QUARANTINEDIR is not used, then another directory must be specified
 +    # to appease 'vascan'. Move status 3 to the second list if password
 +    # protected files are to be considered infected.
 +  ### http://www.avira.com/
 +  ### Avira AntiVir (formerly H+BEDV) or (old) CentralCommand Vexira Antivirus
 +  ['Avira AntiVir', ['antivir','vexira'],
 +    '--allfiles -noboot -nombr -rs -s -z {}', [0], qr/ALERT:|VIRUS:/m,
 +    qr/(?x)^\s* (?: ALERT: \s* (?: \[ | [^']* ' ) |
 +         (?i) VIRUS:\ .*?\ virus\ '?) ( [^\]\s']+ )/m ],
 +    # NOTE: if you only have a demo version, remove -z and add 214, as in:
 +    #  '--allfiles -noboot -nombr -rs -s {}', [0,214], qr/ALERT:|VIRUS:/,
 +  ### http://www.commandsoftware.com/
 +  ['Command AntiVirus for Linux', 'csav',
 +    '-all -archive -packed {}', [50], [51,52,53],
 +    qr/Infection: (.+)/m ],
 +  ### http://www.symantec.com/
 +  ['Symantec CarrierScan via Symantec CommandLineScanner',
 +    'cscmdline', '-a scan -i 1 -v -s 127.0.0.1:7777 {}',
 +    qr/^Files Infected:\s+0$/m, qr/^Infected\b/m,
 +    qr/^(?:Info|Virus Name):\s+(.+)/m ],
 +  ### http://www.symantec.com/
 +  ['Symantec AntiVirus Scan Engine',
 +    'savsecls', '-server 127.0.0.1:7777 -mode scanrepair -details -verbose {}',
 +    [0], qr/^Infected\b/m,
 +    qr/^(?:Info|Virus Name):\s+(.+)/m ],
 +    # NOTE: check options and patterns to see which entry better applies
 +  ### http://www.f-secure.com/products/anti-virus/  version 5.52
 +   ['F-Secure Antivirus for Linux servers',
 +    ['/opt/f-secure/fsav/bin/fsav', 'fsav'],
 +    '--virus-action1=report --archive=yes --auto=yes '.
 +    '--dumb=yes --list=no --mime=yes {}', [0], [3,4,6,8],
 +    qr/(?:infection|Infected|Suspected|Riskware): (.+)/m ],
 +    # NOTE: internal archive handling may be switched off by '--archive=no'
 +    #   to prevent fsav from exiting with status 9 on broken archives
 +  ['CAI InoculateIT', 'inocucmd',  # retired product
 +    '-sec -nex {}', [0], [100],
 +    qr/was infected by virus (.+)/m ],
 +  # see: http://www.flatmtn.com/computer/Linux-Antivirus_CAI.html
 +  ### http://www3.ca.com/Solutions/Product.asp?ID=156  (ex InoculateIT)
 +  ['CAI eTrust Antivirus', 'etrust-wrapper',
 +    '-arc -nex -spm h {}', [0], [101],
 +    qr/is infected by virus: (.+)/m ],
 +    # NOTE: requires suid wrapper around inocmd32; consider flag: -mod reviewer
 +    # see http://marc.theaimsgroup.com/?l=amavis-user&m=109229779912783
 +  ### http://mks.com.pl/english.html
 +  ['MkS_Vir for Linux (beta)', ['mks32','mks'],
 +    '-s {}/*', [0], [1,2],
 +    qr/--[ \t]*(.+)/m ],
 +  ### http://mks.com.pl/english.html
 +  ['MkS_Vir daemon', 'mksscan',
 +    '-s -q {}', [0], [1..7],
 +    qr/^... (\S+)/m ],
 +  ### http://www.eset.com/, version 3.0
 +  ['ESET Software ESETS Command Line Interface',
 +    ['/usr/bin/esets_cli', 'esets_cli'],
 +    '--subdir {}', [0], [1,2,3],
 +    qr/:\s*action="(?!accepted)[^"]*"\n.*:\s*virus="([^"]*)"/m ],
 +  ## http://www.nod32.com/,  NOD32LFS version 2.5 and above
 +  ['ESET NOD32 for Linux File servers',
 +    ['/opt/eset/nod32/sbin/nod32','nod32'],
 +    '--files -z --mail --sfx --rtp --adware --unsafe --pattern --heur '.
 +    '-w -a --action=1 -b {}',
 +    [0], [1,10], qr/^object=.*, virus="(.*?)",/m ],
 +  ### http://www.norman.com/products_nvc.shtml
 +  ['Norman Virus Control v5 / Linux', 'nvcc',
 +    '-c -l:0 -s -u -temp:$TEMPBASE {}', [0,10,11], [1,2,14],
 +    qr/(?i).* virus in .* -> \'(.+)\'/m ],
 +  ### http://www.pandasoftware.com/
 +  ['Panda CommandLineSecure 9 for Linux',
 +    ['/opt/pavcl/usr/bin/pavcl','pavcl'],
 +    '-auto -aex -heu -cmp -nbr -nor -nos -eng -nob {}',
 +    qr/Number of files infected[ .]*: 0+(?!\d)/m,
 +    qr/Number of files infected[ .]*: 0*[1-9]/m,
 +    qr/Found virus :\s*(\S+)/m ],
 +  # NOTE: for efficiency, start the Panda in resident mode with 'pavcl -tsr'
 +  # before starting amavisd - the bases are then loaded only once at startup.
 +  # To reload bases in a signature update script:
 +  #   /opt/pavcl/usr/bin/pavcl -tsr -ulr; /opt/pavcl/usr/bin/pavcl -tsr
 +  # Please review other options of pavcl, for example:
 +  #  -nomalw, -nojoke, -nodial, -nohackt, -nospyw, -nocookies
 +  ### http://www.nai.com/
 +  ['NAI McAfee AntiVirus (uvscan)', 'uvscan',
 +    '--secure -rv --mime --summary --noboot - {}', [0], [13],
 +    qr/(?x) Found (?:
 +        \ the\ (.+)\ (?:virus|trojan)  |
 +        \ (?:virus|trojan)\ or\ variant\ ([^ ]+)  |
 +        :\ (.+)\ NOT\ a\ virus)/m,
 +  # sub {$ENV{LD_PRELOAD}='/lib/libc.so.6'},
 +  # sub {delete $ENV{LD_PRELOAD}},
 +  ],
 +  # NOTE1: with RH9: force the dynamic linker to look at /lib/libc.so.6 before
 +  # anything else by setting environment variable LD_PRELOAD=/lib/libc.so.6
 +  # and then clear it when finished to avoid confusing anything else.
 +  # NOTE2: to treat encrypted files as viruses replace the [13] with:
 +  #  qr/^\s{5,}(Found|is password-protected|.*(virus|trojan))/
 +  ### http://www.virusbuster.hu/en/
 +  ['VirusBuster', ['vbuster', 'vbengcl'],
 +    "{} -ss -i '*' -log=$MYHOME/vbuster.log", [0], [1],
 +    qr/: '(.*)' - Virus/m ],
 +  # VirusBuster Ltd. does not support the daemon version for the workstation
 +  # engine (vbuster-eng-1.12-linux-i386-libc6.tgz) any longer. The names of
 +  # binaries, some parameters AND return codes have changed (from 3 to 1).
 +  # See also the new Vexira entry 'vascan' which is possibly related.
 +  ### http://www.cyber.com/
 +  ['CyberSoft VFind', 'vfind',
 +    '--vexit {}/*', [0], [23], qr/##==>>>> VIRUS ID: CVDL (.+)/m,
 +  # sub {$ENV{VSTK_HOME}='/usr/lib/vstk'},
 +  ],
 +  ### http://www.avast.com/
 +  ['avast! Antivirus', ['/usr/bin/avastcmd','avastcmd'],
 +    '-a -i -n -t=A {}', [0], [1], qr/\binfected by:\s+([^ \t\n\[\]]+)/m ],
 +  ### http://www.ikarus-software.com/
 +  ['Ikarus AntiVirus for Linux', 'ikarus',
 +    '{}', [0], [40], qr/Signature (.+) found/m ],
 +  ### http://www.bitdefender.com/
 +  ['BitDefender', 'bdscan',  # new version
 +    '--action=ignore --no-list {}', qr/^Infected files\s*:\s*0+(?!\d)/m,
 +    qr/^(?:Infected files|Identified viruses|Suspect files)\s*:\s*0*[1-9]/m,
 +    qr/(?:suspected|infected)\s*:\s*(.*)(?:\033|$)/m ],
 +  ### http://www.bitdefender.com/
 +  ['BitDefender', 'bdc',  # old version
 +    '--arc --mail {}', qr/^Infected files *:0+(?!\d)/m,
 +    qr/^(?:Infected files|Identified viruses|Suspect files) *:0*[1-9]/m,
 +    qr/(?:suspected|infected): (.*)(?:\033|$)/m ],
 +  # consider also: --all --nowarn --alev=15 --flev=15.  The --all argument may
 +  # not apply to your version of bdc, check documentation and see 'bdc --help'
 +  ### ArcaVir for Linux and Unix http://www.arcabit.pl/
 +  ['ArcaVir for Linux', ['arcacmd','arcacmd.static'],
 +    '-v 1 -summary 0 -s {}', [0], [1,2],
 +    qr/(?:VIR|WIR):[ \t]*(.+)/m ],
 +);
 +@av_scanners_backup = (
 +  ### http://www.clamav.net/   - backs up clamd or Mail::ClamAV
 +  ['ClamAV-clamscan', 'clamscan',
 +    "--stdout --no-summary -r --tempdir=$TEMPBASE {}",
 +    [0], qr/:.*\sFOUND$/m, qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ],
 +  ### http://www.f-prot.com/   - backs up F-Prot Daemon, V6
 +  ['F-PROT Antivirus for UNIX', ['fpscan'],
 +    '--report --mount --adware {}',  # consider: --applications -s 4 -u 3 -z 10
 +    [0,8,64],  [1,2,3, 4+1,4+2,4+3, 8+1,8+2,8+3, 12+1,12+2,12+3],
 +    qr/^\[Found\s+[^\]]*\]\s+<([^ \t(>]*)/m ],
 +  ### http://www.f-prot.com/   - backs up F-Prot Daemon (old)
 +  ['FRISK F-Prot Antivirus', ['f-prot','f-prot.sh'],
 +    '-dumb -archive -packed {}', [0,8], [3,6],   # or: [0], [3,6,8],
 +    qr/(?:Infection:|security risk named) (.+)|\s+contains\s+(.+)$/m ],
 +  ### http://www.trendmicro.com/   - backs up Trophie
 +  ['Trend Micro FileScanner', ['/etc/iscan/vscan','vscan'],
 +    '-za -a {}', [0], qr/Found virus/m, qr/Found virus (.+) in/m ],
 +  ### http://www.sald.com/, http://drweb.imshop.de/   - backs up DrWebD
 +  ['drweb - DrWeb Antivirus',  # security LHA hole in Dr.Web 4.33 and earlier
 +    ['/usr/local/drweb/drweb', '/opt/drweb/drweb', 'drweb'],
 +    '-path={} -al -go -ot -cn -upn -ok-',
 +    [0,32], [1,9,33], qr' infected (?:with|by)(?: virus)? (.*)$'m ],
 +   ### http://www.kaspersky.com/
 +   ['Kaspersky Antivirus v5.5',
 +     ['/opt/kaspersky/kav4fs/bin/kav4fs-kavscanner',
 +      '/opt/kav/5.5/kav4unix/bin/kavscanner',
 +      '/opt/kav/5.5/kav4mailservers/bin/kavscanner', 'kavscanner'],
 +     '-i0 -xn -xp -mn -R -ePASBME {}/*', [0,10,15], [5,20,21,25],
 +     qr/(?:INFECTED|WARNING|SUSPICION|SUSPICIOUS) (.*)/m,
 +   ],
 +);
 +1;  # insure a defined return value </code>
 +
 +===== erster Programmstart =====
 +Nun ist es an der Zeit unseren //**A** **MA**il **Vi**rus **S**canner// das erste mal zu starten.
 +   # service amavisd start
 +   Mail Virus Scanner (amavisd) starten:                      [  OK  ]
 +Im **/var/log/maillog** wird der erfolgreiche Start ausreichend dokumentiert:
 +<code>Jul 14 19:58:46 nss amavis[16065]: starting.  /usr/sbin/amavisd at amavis.nausch.org amavisd-new-2.6.4 (20090625), Unicode aware, LANG="de_DE.UTF-8"
 +Jul 14 19:58:46 nss amavis[16065]: user=103, EUID: 103 (103);  group=, EGID: 106 106 (106 106)
 +Jul 14 19:58:46 nss amavis[16065]: Perl version               5.008008
 +Jul 14 19:58:47 nss amavis[16065]: SpamControl: scanner SpamAssassin, module Amavis::SpamControl::SpamAssassin
 +Jul 14 19:58:47 nss amavis[16065]: INFO: SA version: 3.2.5, 3.002005, no optional modules: Net::CIDR::Lite Sys::Hostname::Long Encode::Detect Razor2::Client::Agent IP::Coun
 +try::Fast Image::Info Image::Info::GIF Image::Info::JPEG Image::Info::PNG Image::Info::TIFF Mail::SPF Mail::SPF::Server Mail::SPF::Request Mail::SPF::Mech Mail::SPF::Mech::
 +A Mail::SPF::Mech::PTR Mail::SPF::Mech::All Mail::SPF::Mech::Exists Mail::SPF::Mech::IP4 Mail::SPF::Mech::IP6 Mail::SPF::Mech::Include Mail::SPF::Mech::MX Mail::SPF::Mod Ma
 +il::SPF::Mod::Exp Mail::SPF::Mod::Redirect Mail::SPF::SenderIPAddrMech Mail::SPF::v1::Record Mail::SPF::v2::Record NetAddr::IP NetAddr::IP::Util auto::NetAddr::IP::Util::in
 +et_n2dx auto::NetAddr::IP::Util::ipv6_n2d auto::NetAddr::IP::Util::ipv6_n2x Error
 +Jul 14 19:58:47 nss amavis[16065]: SpamControl: init_pre_chroot on SpamAssassin done
 +Jul 14 19:58:47 nss amavis[16106]: Net::Server: Process Backgrounded
 +Jul 14 19:58:47 nss amavis[16106]: Net::Server: 2009/07/14-19:58:47 Amavis (type Net::Server::PreForkSimple) starting! pid(16106)
 +Jul 14 19:58:47 nss amavis[16106]: Net::Server: Binding to UNIX socket file /var/amavis/amavisd.sock using SOCK_STREAM
 +Jul 14 19:58:47 nss amavis[16106]: Net::Server: Binding to TCP port 10024 on host 127.0.0.1
 +Jul 14 19:58:47 nss amavis[16106]: Net::Server: Group Not Defined.  Defaulting to EGID '106 106'
 +Jul 14 19:58:47 nss amavis[16106]: Net::Server: User Not Defined.  Defaulting to EUID '103'
 +Jul 14 19:58:47 nss amavis[16106]: config files read: /etc/amavisd.conf
 +Jul 14 19:58:47 nss amavis[16106]: Module Amavis::Conf        2.207
 +Jul 14 19:58:47 nss amavis[16106]: Module Archive::Zip        1.16
 +Jul 14 19:58:47 nss amavis[16106]: Module BerkeleyDB          0.36
 +Jul 14 19:58:47 nss amavis[16106]: Module Compress::Zlib      2.02
 +Jul 14 19:58:47 nss amavis[16106]: Module Convert::TNEF       0.17
 +Jul 14 19:58:47 nss amavis[16106]: Module Convert::UUlib      1.051
 +Jul 14 19:58:47 nss amavis[16106]: Module Crypt::OpenSSL::RSA 0.25
 +Jul 14 19:58:47 nss amavis[16106]: Module DBD::mysql          4.012
 +Jul 14 19:58:47 nss amavis[16106]: Module DBI                 1.52
 +Jul 14 19:58:47 nss amavis[16106]: Module DB_File             1.814
 +Jul 14 19:58:47 nss amavis[16106]: Module Digest::MD5         2.36
 +Jul 14 19:58:47 nss amavis[16106]: Module Digest::SHA         5.47
 +Jul 14 19:58:47 nss amavis[16106]: Module Digest::SHA1        2.11
 +Jul 14 19:58:47 nss amavis[16106]: Module IO::Socket::INET6   2.51
 +Jul 14 19:58:47 nss amavis[16106]: Module MIME::Entity        5.420
 +Jul 14 19:58:47 nss amavis[16106]: Module MIME::Parser        5.420
 +Jul 14 19:58:47 nss amavis[16106]: Module MIME::Tools         5.420
 +Jul 14 19:58:47 nss amavis[16106]: Module Mail::DKIM::Verifier 0.36
 +Jul 14 19:58:47 nss amavis[16106]: Module Mail::Header        1.77
 +Jul 14 19:58:47 nss amavis[16106]: Module Mail::Internet      1.77
 +Jul 14 19:58:47 nss amavis[16106]: Module Mail::SpamAssassin  3.002005
 +Jul 14 19:58:47 nss amavis[16106]: Module Net::DNS            0.59
 +Jul 14 19:58:47 nss amavis[16106]: Module Net::Server         0.97
 +Jul 14 19:58:47 nss amavis[16106]: Module Socket6             0.19
 +Jul 14 19:58:47 nss amavis[16106]: Module Time::HiRes         1.9715
 +Jul 14 19:58:47 nss amavis[16106]: Module URI                 1.35
 +Jul 14 19:58:47 nss amavis[16106]: Module Unix::Syslog        1.1
 +Jul 14 19:58:47 nss amavis[16106]: Amavis::DB code      loaded
 +Jul 14 19:58:47 nss amavis[16106]: Amavis::Cache code   loaded
 +Jul 14 19:58:47 nss amavis[16106]: SQL base code        NOT loaded
 +Jul 14 19:58:47 nss amavis[16106]: SQL::Log code        NOT loaded
 +Jul 14 19:58:47 nss amavis[16106]: SQL::Quarantine      NOT loaded
 +Jul 14 19:58:47 nss amavis[16106]: Lookup::SQL code     NOT loaded
 +Jul 14 19:58:47 nss amavis[16106]: Lookup::LDAP code    NOT loaded
 +Jul 14 19:58:47 nss amavis[16106]: AM.PDP-in proto code loaded
 +Jul 14 19:58:47 nss amavis[16106]: SMTP-in proto code   loaded
 +Jul 14 19:58:47 nss amavis[16106]: Courier proto code   NOT loaded
 +Jul 14 19:58:47 nss amavis[16106]: SMTP-out proto code  loaded
 +Jul 14 19:58:47 nss amavis[16106]: Pipe-out proto code  NOT loaded
 +Jul 14 19:58:47 nss amavis[16106]: BSMTP-out proto code NOT loaded
 +Jul 14 19:58:47 nss amavis[16106]: Local-out proto code loaded
 +Jul 14 19:58:47 nss amavis[16106]: OS_Fingerprint code  NOT loaded
 +Jul 14 19:58:47 nss amavis[16106]: ANTI-VIRUS code      loaded
 +Jul 14 19:58:47 nss amavis[16106]: ANTI-SPAM code       loaded
 +Jul 14 19:58:47 nss amavis[16106]: ANTI-SPAM-EXT code   NOT loaded
 +Jul 14 19:58:47 nss amavis[16106]: ANTI-SPAM-C code     NOT loaded
 +Jul 14 19:58:47 nss amavis[16106]: ANTI-SPAM-SA code    loaded
 +Jul 14 19:58:47 nss amavis[16106]: Unpackers code       loaded
 +Jul 14 19:58:47 nss amavis[16106]: DKIM code            NOT loaded
 +Jul 14 19:58:47 nss amavis[16106]: Tools code           NOT loaded
 +Jul 14 19:58:47 nss amavis[16106]: Found $file            at /usr/bin/file
 +Jul 14 19:58:47 nss amavis[16106]: No $altermime,         not using it
 +Jul 14 19:58:47 nss amavis[16106]: Internal decoder for .mail
 +Jul 14 19:58:47 nss amavis[16106]: Internal decoder for .asc 
 +Jul 14 19:58:47 nss amavis[16106]: Internal decoder for .uue 
 +Jul 14 19:58:47 nss amavis[16106]: Internal decoder for .hqx 
 +Jul 14 19:58:47 nss amavis[16106]: Internal decoder for .ync 
 +Jul 14 19:58:47 nss amavis[16106]: Found decoder for    .F    at /usr/bin/unfreeze
 +Jul 14 19:58:47 nss amavis[16106]: Found decoder for    .Z    at /usr/bin/uncompress
 +Jul 14 19:58:47 nss amavis[16106]: Found decoder for    .gz   at /usr/bin/gzip -d
 +Jul 14 19:58:47 nss amavis[16106]: Internal decoder for .gz   (backup, not used)
 +Jul 14 19:58:47 nss amavis[16106]: Found decoder for    .bz2  at /usr/bin/bzip2 -d
 +Jul 14 19:58:47 nss amavis[16106]: Found decoder for    .lzo  at /usr/bin/lzop -d
 +Jul 14 19:58:47 nss amavis[16106]: Found decoder for    .rpm  at /usr/bin/rpm2cpio
 +Jul 14 19:58:47 nss amavis[16106]: Found decoder for    .cpio at /usr/bin/pax
 +Jul 14 19:58:47 nss amavis[16106]: Found decoder for    .tar  at /usr/bin/pax
 +Jul 14 19:58:47 nss amavis[16106]: Found decoder for    .deb  at /usr/bin/ar
 +Jul 14 19:58:47 nss amavis[16106]: Internal decoder for .zip 
 +Jul 14 19:58:47 nss amavis[16106]: No decoder for       .7z   tried: 7zr, 7za, 7z
 +Jul 14 19:58:47 nss amavis[16106]: Found decoder for    .rar  at /usr/bin/unrar
 +Jul 14 19:58:47 nss amavis[16106]: Found decoder for    .arj  at /usr/bin/arj
 +Jul 14 19:58:47 nss amavis[16106]: Found decoder for    .arc  at /usr/bin/nomarch
 +Jul 14 19:58:47 nss amavis[16106]: Found decoder for    .zoo  at /usr/bin/zoo
 +Jul 14 19:58:47 nss amavis[16106]: Found decoder for    .lha  at /usr/bin/lha
 +Jul 14 19:58:47 nss amavis[16106]: Found decoder for    .cab  at /usr/bin/cabextract
 +Jul 14 19:58:47 nss amavis[16106]: No decoder for       .tnef tried: tnef
 +Jul 14 19:58:47 nss amavis[16106]: Internal decoder for .tnef
 +Jul 14 19:58:47 nss amavis[16106]: Found decoder for    .exe  at /usr/bin/unrar; /usr/bin/lha; /usr/bin/arj
 +Jul 14 19:58:47 nss amavis[16106]: Using primary internal av scanner code for ClamAV-clamd
 +Jul 14 19:58:47 nss amavis[16106]: No primary av scanner: KasperskyLab AVP - aveclient
 +Jul 14 19:58:47 nss amavis[16106]: No primary av scanner: KasperskyLab AntiViral Toolkit Pro (AVP)
 +Jul 14 19:58:47 nss amavis[16106]: No primary av scanner: KasperskyLab AVPDaemonClient
 +Jul 14 19:58:47 nss amavis[16106]: No primary av scanner: CentralCommand Vexira (new) vascan
 +Jul 14 19:58:47 nss amavis[16106]: No primary av scanner: Avira AntiVir
 +Jul 14 19:58:47 nss amavis[16106]: No primary av scanner: Command AntiVirus for Linux
 +Jul 14 19:58:47 nss amavis[16106]: No primary av scanner: Symantec CarrierScan via Symantec CommandLineScanner
 +Jul 14 19:58:47 nss amavis[16106]: No primary av scanner: Symantec AntiVirus Scan Engine
 +Jul 14 19:58:47 nss amavis[16106]: No primary av scanner: F-Secure Antivirus for Linux servers
 +Jul 14 19:58:47 nss amavis[16106]: No primary av scanner: CAI InoculateIT
 +Jul 14 19:58:47 nss amavis[16106]: No primary av scanner: CAI eTrust Antivirus
 +Jul 14 19:58:47 nss amavis[16106]: No primary av scanner: MkS_Vir for Linux (beta)
 +Jul 14 19:58:47 nss amavis[16106]: No primary av scanner: MkS_Vir daemon
 +Jul 14 19:58:47 nss amavis[16106]: No primary av scanner: ESET NOD32 Linux Mail Server - command line interface
 +Jul 14 19:58:47 nss amavis[16106]: No primary av scanner: ESET NOD32 for Linux File servers
 +Jul 14 19:58:47 nss amavis[16106]: No primary av scanner: Norman Virus Control v5 / Linux
 +Jul 14 19:58:47 nss amavis[16106]: No primary av scanner: Panda CommandLineSecure 9 for Linux
 +Jul 14 19:58:47 nss amavis[16106]: No primary av scanner: NAI McAfee AntiVirus (uvscan)
 +Jul 14 19:58:47 nss amavis[16106]: No primary av scanner: VirusBuster
 +Jul 14 19:58:47 nss amavis[16106]: No primary av scanner: CyberSoft VFind
 +Jul 14 19:58:47 nss amavis[16106]: No primary av scanner: avast! Antivirus
 +Jul 14 19:58:47 nss amavis[16106]: No primary av scanner: Ikarus AntiVirus for Linux
 +Jul 14 19:58:47 nss amavis[16106]: No primary av scanner: BitDefender
 +Jul 14 19:58:47 nss amavis[16106]: No primary av scanner: BitDefender
 +Jul 14 19:58:47 nss amavis[16106]: No primary av scanner: ArcaVir for Linux
 +Jul 14 19:58:47 nss amavis[16106]: Found secondary av scanner ClamAV-clamscan at /usr/bin/clamscan
 +Jul 14 19:58:47 nss amavis[16106]: No secondary av scanner: F-PROT Antivirus for UNIX
 +Jul 14 19:58:47 nss amavis[16106]: No secondary av scanner: FRISK F-Prot Antivirus
 +Jul 14 19:58:47 nss amavis[16106]: No secondary av scanner: Trend Micro FileScanner
 +Jul 14 19:58:47 nss amavis[16106]: No secondary av scanner: drweb - DrWeb Antivirus
 +Jul 14 19:58:47 nss amavis[16106]: No secondary av scanner: Kaspersky Antivirus v5.5
 +Jul 14 19:58:47 nss amavis[16106]: Creating db in /var/amavis/db/; BerkeleyDB 0.36, libdb 4.3
 +Jul 14 19:58:47 nss amavis[16106]: initializing Mail::SpamAssassin
 +Jul 14 19:58:47 nss amavis[16106]: SpamAssassin debug facilities: info
 +Jul 14 19:58:49 nss amavis[16106]: SpamAssassin loaded plugins: AWL, AutoLearnThreshold, Bayes, BodyEval, Check, DNSEval, HTMLEval, HTTPSMismatch, Hashcash, HeaderEval, Ima
 +geInfo, MIMEEval, MIMEHeader, Pyzor, Razor2, RelayEval, ReplaceTags, SPF, SpamCop, URIDNSBL, URIDetail, URIEval, VBounce, WLBLEval, WhiteListSubject
 +Jul 14 19:58:49 nss amavis[16106]: SpamControl: init_pre_fork on SpamAssassin done
 +Jul 14 19:58:49 nss amavis[16106]: DKIM signature verification disabled, corresponding features not available. If not intentional, consider enabling it by setting: $enable_
 +dkim_verification to 1, or explicitly disable it by setting it to 0 to quench down this warning.
 +Jul 14 19:58:49 nss amavis[16130]: TIMING [total 7 ms] - bdb-open: 7 (100%)100, rundown: 0 (0%)100
 +Jul 14 19:58:49 nss amavis[16131]: TIMING [total 6 ms] - bdb-open: 6 (100%)100, rundown: 0 (0%)100
 +Jul 14 19:58:49 nss amavis[16132]: TIMING [total 7 ms] - bdb-open: 7 (100%)100, rundown: 0 (0%)100
 +Jul 14 19:58:49 nss amavis[16133]: TIMING [total 6 ms] - bdb-open: 6 (100%)100, rundown: 0 (0%)100 </code>
 +Über den Port **10024** sollte nun unser daemon ansprechbar sein. Was wir auch sehr einfach mittels **lsof** überprüfen können:
 +<code>lsof -i :10024
 +COMMAND   PID   USER   FD   TYPE  DEVICE SIZE NODE NAME
 +amavisd 29499 amavis    6u  IPv4 6036705       TCP localhost.localdomain:10024 (LISTEN)
 +amavisd 29501 amavis    6u  IPv4 6036705       TCP localhost.localdomain:10024 (LISTEN)
 +amavisd 29502 amavis    6u  IPv4 6036705       TCP localhost.localdomain:10024 (LISTEN)</code>
 +Via **telnet localhost 10024** können wir uns nun zum virusscanner-daemon verbinden.
 +<code>telnet localhost 10024
 +Trying 127.0.0.1...
 +Connected to localhost.localdomain (127.0.0.1).
 +Escape character is '^]'.
 +220 [127.0.0.1] ESMTP amavisd-new service ready
 +quit
 +221 2.0.0 [127.0.0.1] amavisd-new closing transmission channel
 +Connection closed by foreign host.
 +</code>
 +
 +===== automatisches Starten des Dienste beim Systemstart ===== 
 +Damit nun unser AMaViS-Server beim Booten automatisch gestartet wird, nehmen wir noch folgende Konfigurationsschritte vor.
 +<code>chkconfig amavisd on</code>
 +Anschließend überprüfen wir noch unsere Änderung:
 +<code>chkconfig --list | grep amavisd
 +amavisd         0:Aus   1:Aus   2:Ein   3:Ein   4:Ein   5:Ein   6:Aus</code>
 +===== Postfix =====
 +==== Konfiguration ====
 +Wie schon beim Punkt **//Konfiguration//** beschrieben, erweitern wir nun unsere Postfixkonfiguration so, dass die zwei Ports **10024** und **10025** von Postfix bedient werden.\\
 +\\
 +Diese Ergänzungen definieren wir in der **vim /etc/postfix/master.cf**.
 +<code>vim /etc/postfix/master.cf
 +
 +#
 +# Postfix master process configuration file.  For details on the format
 +# of the file, see the master(5) manual page (command: "man 5 master").
 +#
 +# ==========================================================================
 +# service       type  private unpriv  chroot  wakeup  maxproc command + args
 +#                     (yes)   (yes)   (yes)   (never) (100)
 +# ==========================================================================
 +smtp            inet  n                               smtpd
 +        -o smtpd_proxy_filter=localhost:10024
 +        -o content_filter=
 +localhost:10025 inet  n                               smtpd
 +        -o content_filter=
 +        -o smtpd_proxy_filter=
 +        -o smtpd_authorized_xforward_hosts=127.0.0.0/8
 +        -o smtp_client_restrictions=
 +        -o smtp_helo_restrictions=
 +        -o smtp_sender_restrictions=
 +        -o smtpd_recipient_restrictions=permit_mynetworks,reject
 +        -o smtp_data_restrictions=
 +        -o mynetworks=127.0.0.0/8
 +        -o receive_override_options=no_unknown_recipient_checks</code>
 +==== Neustart ====
 +Zur aktivierung unserer Änderung starten wir unseren Mailserver einmal durch:
 +<code>service postfix restart
 +Postfix beenden:                                            OK  ]
 +Postfix starten:                                            OK  ]</code>
 +==== Test ====
 +Über den Port **10024** sollte nun unser daemon ansprechbar sein. Was wir auch sehr einfach mittels **lsof** überprüfen können:
 +<code>lsof -i :25
 +COMMAND   PID    USER   FD   TYPE  DEVICE SIZE NODE NAME
 +master  28235    root   11u  IPv4 1396426       TCP *:smtp (LISTEN)
 +smtpd   28242 postfix    6u  IPv4 1396426       TCP *:smtp (LISTEN)</code>
 +Von der Konsole aus testen wir nun den Zugang über Port**25**:
 +<code>telnet localhost 25
 +
 +Trying 127.0.0.1...
 +Connected to localhost.localdomain (127.0.0.1).
 +Escape character is '^]'.
 +220 mx1.nausch.org ESMTP Postfix
 +quit
 +221 2.0.0 Bye
 +Connection closed by foreign host.</code>
 +Für den zweiten Port **10025** machen wir auch noch den gleichen Test.
 +<code>lsof -i :10025
 +COMMAND   PID    USER   FD   TYPE  DEVICE SIZE NODE NAME
 +master  28235    root   14u  IPv4 1396432       TCP localhost.localdomain:10025 (LISTEN)
 +smtpd   28248 postfix    6u  IPv4 1396432       TCP localhost.localdomain:10025 (LISTEN)</code>
 +Auch hier prüfen wir via telnet, ob unser Postfix auf Anfragen auf Port **10025** reagiert.
 +<code>telnet localhost 10025
 +
 +Trying 127.0.0.1...
 +Connected to localhost.localdomain (127.0.0.1).
 +Escape character is '^]'.
 +220 mx1.nausch.org ESMTP Postfix
 +quit
 +221 2.0.0 Bye
 +Connection closed by foreign host.
 +</code>
 +===== RAM-Disk für AMaViS =====
 +Da sich bei entsprechenden Trafic die Zugriffe auf die Harddisk ungünstig auf die Performance auswirkt, legen wir eine RAM-Disk für den Virenscanner an. Dort kann er dann die Attachments ablegen und entpacken.\\
 +\\
 +Wir legen uns eine 250 MB große RAM-Disk an:
 +   vim /etc/fstab
 +   /dev/shm                /var/amavis/tmp         tmpfs   defaults,size=250m,mode=750,uid=103,gid=106 0 0
 +Anschließend mounten wir unser neues Laufwerk mit
 +   mount /var/amavis/tmp
 +Je nach Belastung werden nun in unserem Arbeitsverzeichnis die Daten abgelegt
 +   df -h -t tmpfs
 +   Dateisystem          Größe Benut  Verf Ben% Eingehängt auf
 +   /dev/shm              250M   16K  250M   1% /var/amavis/tmp
  
  • centos/mailserver/grundinstallation_von_amavis.txt
  • Zuletzt geändert: 20.05.2021 07:51.
  • von 127.0.0.1