Unterschiede

Hier werden die Unterschiede zwischen zwei Versionen angezeigt.

--- centos:mailserver:grundinstallation_von_amavis [14.07.2009 18:58. ] – amavisd-new Version angepasst django
+++ centos:mailserver:grundinstallation_von_amavis [20.05.2021 07:51. ] (aktuell) – Externe Bearbeitung 127.0.0.1
@@ Zeile 1: / Zeile 1: @@
+====== Virenschutz mit AMaViS ======
+Für die eMailkommunikation in unserem SOHO(( Small Office Home Office ))-LAN bedienen wir uns des SMTP-Server **Postfix**. Zur weiteren Absichereung (Viren- und Spam-Schutz) nutzen wir weitere Programme und Dämonen, wie [[http://amavisd.de.postfix.org/|amavisd-new]], [[http://www.clamav.net/|clamav]] und [[http://spamassassin.apache.org/|spamassassin]]. Die Installation und Konfiguration, der einzelnen //Getriebezahnräder// beschreibt diese und nachfolgende Seite.
+===== Postfix-AMaViS-Cyrus Zusammenspiel =====
+<uml>
+state "MTA" as smtp_25
+smtp_25 : (Mail Transport Agent)
+smtp_25 : andere SMTP-Server
+smtp_25 : im Internet bzw. Intranet
+smtp_25 : TCP/IP - Port 25
+state Postfix {
+  state "smtpd:25" as smtpd_25
+  smtpd_25 : SMTP-Daemon
+  smtpd_25 : TCP/IP Port 25
+  smtpd_25 : mit smtpd_proxy_filter
+  state "smtpd:10025" as smtpd_10025
+  smtpd_10025 : SMTP-Daemon
+  smtpd_10025 : TCP/IP Port 10025
+  smtpd_10025 : *ohne* smtpd_proxy_filter
+  state "Postfix" as work
+  work : weitere Be-/Abarbeitung
+  work : der eMail durch den
+  work : Mail-Transport-Agent Postfix
+}
+state AMaViS {
+  state "smtpd:10024" as smtpd_10024
+  smtpd_10024 : SMTP-Daemon
+  smtpd_10024 : TCP/IP Port 10024
+  state "AMaViS" as amavis
+  amavis : Master Prozess
+  amavis : (Frontend-System)
+  state "Entpacker" as packer
+  packer : Backend-System zum
+  packer : Entpacken von Dateianhängen
+  state "Virenscanner" as virus
+  virus : Backend-System zum
+  virus : Prüfen der eMail und der
+  virus : Anhänge auf Schadcode
+  state "Spamassassin" as spam
+  spam : Backend-System zum
+  spam : Prüfen der eMail auf
+  spam : unerwünschte Inhalte
+}
+state Cyrus {
+  state "IMAP-Server" as smtpd_24
+  smtpd_24 : Mail-Delivery-Agent
+  smtpd_24 : Cyrus IMAP-Server
+}
+ smtp_25 --> smtpd_25
+ smtpd_10025 -right-> work
+ smtpd_25 -right-> smtpd_10024
+ smtpd_10024 --> amavis
+ amavis -right-> packer
+ packer -left-> amavis
+ amavis -down-> virus
+ virus -up-> amavis
+ amavis -left-> spam
+ spam -right-> amavis
+ amavis -left-> smtpd_10025
+ work -right-> smtpd_24
+</uml>
+===== Installation =====
+Die Installation erfolgt, wie soll es auch anders sein, wie gewohnt via **yum**:
+<code>yum install amavisd-new</code>
+==== Info ====
+Was uns //**amavisd-new**// bietet, entnehmen wir am einfachsten dem rpm
+<code># yum info amavisd-new
+Name   : amavisd-new
+...
+Summary: Mail virus-scanner
+Description: AMaViS is a program that interfaces a mail transfer agent (MTA) with one or more virus scanners.
+Amavisd-new is a branch created by Mark Martinec that adds serveral performance and robustness features. It's
+partly based on work being done on the official amavisd branch. Please see the README.amavisd-new-RELNOTES
+file for a detailed description.</code>
+==== Programmpfade und -inhalte ====
+Über die einzelnen Dateien und Pfade der installierten Programme, informieren wir uns mittels:
+<code># rpm -ql amavisd-new
+/etc/amavisd.conf
+/etc/cron.daily/amavisd
+/etc/logrotate.d/amavisd
+/etc/openldap/schema/amavisd-new.schema
+/etc/rc.d/init.d/amavisd
+/etc/sysconfig/amavisd
+/usr/sbin/amavisd
+/usr/sbin/amavisd-agent
+/usr/sbin/amavisd-nanny
+/usr/sbin/amavisd-release
+/usr/sbin/p0f-analyzer
+/usr/share/doc/amavisd-new-2.6.4
+/usr/share/doc/amavisd-new-2.6.4/AAAREADME.first
+/usr/share/doc/amavisd-new-2.6.4/LDAP.schema
+/usr/share/doc/amavisd-new-2.6.4/LICENSE
+/usr/share/doc/amavisd-new-2.6.4/MANIFEST
+/usr/share/doc/amavisd-new-2.6.4/README.banned
+/usr/share/doc/amavisd-new-2.6.4/README.chroot
+/usr/share/doc/amavisd-new-2.6.4/README.contributed
+/usr/share/doc/amavisd-new-2.6.4/README.courier
+/usr/share/doc/amavisd-new-2.6.4/README.courier-old
+/usr/share/doc/amavisd-new-2.6.4/README.customize
+/usr/share/doc/amavisd-new-2.6.4/README.exim_v3
+/usr/share/doc/amavisd-new-2.6.4/README.exim_v3_app
+/usr/share/doc/amavisd-new-2.6.4/README.exim_v4
+/usr/share/doc/amavisd-new-2.6.4/README.exim_v4_app
+/usr/share/doc/amavisd-new-2.6.4/README.exim_v4_app2
+/usr/share/doc/amavisd-new-2.6.4/README.ldap
+/usr/share/doc/amavisd-new-2.6.4/README.lookups
+/usr/share/doc/amavisd-new-2.6.4/README.milter
+/usr/share/doc/amavisd-new-2.6.4/README.old.scanners
+/usr/share/doc/amavisd-new-2.6.4/README.performance
+/usr/share/doc/amavisd-new-2.6.4/README.policy-on-notifications
+/usr/share/doc/amavisd-new-2.6.4/README.postfix
+/usr/share/doc/amavisd-new-2.6.4/README.postfix.html
+/usr/share/doc/amavisd-new-2.6.4/README.protocol
+/usr/share/doc/amavisd-new-2.6.4/README.sendmail
+/usr/share/doc/amavisd-new-2.6.4/README.sendmail-dual
+/usr/share/doc/amavisd-new-2.6.4/README.sendmail-dual.old
+/usr/share/doc/amavisd-new-2.6.4/README.sql
+/usr/share/doc/amavisd-new-2.6.4/README.sql-mysql
+/usr/share/doc/amavisd-new-2.6.4/README.sql-pg
+/usr/share/doc/amavisd-new-2.6.4/RELEASE_NOTES
+/usr/share/doc/amavisd-new-2.6.4/amavisd-new-docs.html
+/usr/share/doc/amavisd-new-2.6.4/amavisd.conf
+/usr/share/doc/amavisd-new-2.6.4/amavisd.conf-default
+/usr/share/doc/amavisd-new-2.6.4/amavisd.conf-sample
+/usr/share/doc/amavisd-new-2.6.4/amavisd.conf.orig
+/usr/share/doc/amavisd-new-2.6.4/images
+/usr/share/doc/amavisd-new-2.6.4/images/blank.png
+/usr/share/doc/amavisd-new-2.6.4/images/callouts
+/usr/share/doc/amavisd-new-2.6.4/images/callouts/1.png
+/usr/share/doc/amavisd-new-2.6.4/images/callouts/10.png
+/usr/share/doc/amavisd-new-2.6.4/images/callouts/11.png
+/usr/share/doc/amavisd-new-2.6.4/images/callouts/12.png
+/usr/share/doc/amavisd-new-2.6.4/images/callouts/13.png
+/usr/share/doc/amavisd-new-2.6.4/images/callouts/14.png
+/usr/share/doc/amavisd-new-2.6.4/images/callouts/15.png
+/usr/share/doc/amavisd-new-2.6.4/images/callouts/2.png
+/usr/share/doc/amavisd-new-2.6.4/images/callouts/3.png
+/usr/share/doc/amavisd-new-2.6.4/images/callouts/4.png
+/usr/share/doc/amavisd-new-2.6.4/images/callouts/5.png
+/usr/share/doc/amavisd-new-2.6.4/images/callouts/6.png
+/usr/share/doc/amavisd-new-2.6.4/images/callouts/7.png
+/usr/share/doc/amavisd-new-2.6.4/images/callouts/8.png
+/usr/share/doc/amavisd-new-2.6.4/images/callouts/9.png
+/usr/share/doc/amavisd-new-2.6.4/images/caution.png
+/usr/share/doc/amavisd-new-2.6.4/images/draft.png
+/usr/share/doc/amavisd-new-2.6.4/images/home.png
+/usr/share/doc/amavisd-new-2.6.4/images/important.png
+/usr/share/doc/amavisd-new-2.6.4/images/next.png
+/usr/share/doc/amavisd-new-2.6.4/images/note.png
+/usr/share/doc/amavisd-new-2.6.4/images/prev.png
+/usr/share/doc/amavisd-new-2.6.4/images/tip.png
+/usr/share/doc/amavisd-new-2.6.4/images/toc-blank.png
+/usr/share/doc/amavisd-new-2.6.4/images/toc-minus.png
+/usr/share/doc/amavisd-new-2.6.4/images/toc-plus.png
+/usr/share/doc/amavisd-new-2.6.4/images/up.png
+/usr/share/doc/amavisd-new-2.6.4/images/warning.png
+/usr/share/doc/amavisd-new-2.6.4/screen.css
+/usr/share/doc/amavisd-new-2.6.4/test-messages
+/usr/share/doc/amavisd-new-2.6.4/test-messages/README
+/usr/share/doc/amavisd-new-2.6.4/test-messages/sample.tar.gz.compl
+/var/amavis
+/var/amavis/db
+/var/amavis/tmp
+/var/amavis/var
+/var/log/amavis.log
+/var/virusmails</code>
+===== Konfiguration =====
+==== Grundkonfiguration ====
+Für die weitere Viren- und Spam-Prüfung der uns angetragenen elektronischen Post, verwenden wir die **smtp_proxy_filter**-Funktionen, also die //Pre-Queue// unseres Postfixes. Somit können wir die Nachricht in Echtzeit filtern und wenn uns diese "//nicht gefällt//", einfach abweisen.\\
+\\
+Der externe Mailserver versucht mit unserer neuen Konfiguration eine eMail bei uns auf Port **25** abzusetzen. Unser Postfix reicht diese direkt an den Port 10024 unseres **AMaViS-Daemon** weiter, der die Nachricht //on-the-fly// weiteren daemons zum Virenscanner und Spambewerten unterzieht. Wird dabei die Nachricht für **O.K.** befunden, so reicht **AMaViS** die Mail zurück an den Postfix auf Port 10025, oder signalisiert **Postfix**, dass die Nachricht O.K. ist und der externe SMTP-Dialog erfolgreich zu Ende gebracht werden kann.
+\\
+Im ersten Schritt definieren wir also die ersten drei Parameter, **Hostnamen**, **Domäne** und **Port** in der Konfigurationsdatei unter **/etc/amavisd.conf**.
+<code>...
+$myhostname = 'amavis.nausch.org'; # hostname
+$mydomain = 'nausch.org';          # a convenient default for other settings
+...
+$inet_socket_port = 10024;         # listen on this local TCP port(s)
+...</code>
+==== Gesamtkonfiguration ====
+Unser lauffähges System benötigt eine umfangreiche Konfiguration, die wir unseren Bedürfnissen anpassen.
+<code> # egrep -v '(^#|^$)' /etc/amavisd.conf
+use strict;
+$max_servers = 5;            # num of pre-forked children (2..30 is common), -m
+$daemon_user  = "amavis";     # (no default;  customary: vscan or amavis), -u
+$daemon_group = "amavis";     # (no default;  customary: vscan or amavis), -g
+$myhostname = 'amavis.nausch.org'; # hostname
+$mydomain = 'nausch.org';   # a convenient default for other settings
+$MYHOME = '/var/amavis';   # a convenient default for other settings, -H
+$TEMPBASE = "$MYHOME/tmp";   # working directory, needs to exist, -T
+$ENV{TMPDIR} = $TEMPBASE;    # environment variable TMPDIR, used by SA, etc.
+$QUARANTINEDIR = "/var/virusmails";
+$db_home   = "$MYHOME/db";      # dir for bdb nanny/cache/snmp databases, -D
+$helpers_home = "$MYHOME/var";  # working directory for SpamAssassin, -S
+$lock_file = "$MYHOME/var/amavisd.lock";  # -L
+$pid_file  = "$MYHOME/var/amavisd.pid";   # -P
+$log_level = 3;              # verbosity 0..5, -d
+$log_recip_templ = undef;    # disable by-recipient level-0 log entries
+$DO_SYSLOG = 1;              # log via syslogd (preferred)
+$syslog_facility = 'mail';   # Syslog facility as a string
+           # e.g.: mail, daemon, user, local0, ... local7
+$syslog_priority = 'debug';  # Syslog base (minimal) priority as a string,
+           # choose from: emerg, alert, crit, err, warning, notice, info, debug
+$enable_db = 1;              # enable use of BerkeleyDB/libdb (SNMP and nanny)
+$enable_global_cache = 1;    # enable use of libdb-based cache if $enable_db=1
+$nanny_details_level = 2;    # nanny verbosity: 1: traditional, 2: detailed
+$enable_dkim_verification = 1;  # enable DKIM signatures verification
+$enable_dkim_signing = 1;    # load DKIM signing code, keys defined by dkim_key
+@local_domains_maps = ( [".$mydomain"] );  # list of all local domains
+@mynetworks = qw( 127.0.0.0/8 [::1] [FE80::]/10 [FEC0::]/10
+.0.0.0/8 172.16.0.0/12 192.168.0.0/16 );
+$unix_socketname = "$MYHOME/amavisd.sock";  # amavisd-release or amavis-milter
+               # option(s) -p overrides $inet_socket_port and $unix_socketname
+$inet_socket_port = 10024;   # listen on this local TCP port(s)
+$policy_bank{'MYNETS'} = {   # mail originating from @mynetworks
+  originating => 1,  # is true in MYNETS by default, but let's make it explicit
+  os_fingerprint_method => undef,  # don't query p0f for internal clients
+};
+$interface_policy{'10026'} = 'ORIGINATING';
+$policy_bank{'ORIGINATING'} = {  # mail supposedly originating from our users
+  originating => 1,  # declare that mail was submitted by our smtp client
+  allow_disclaimers => 1,  # enables disclaimer insertion if available
+  # notify administrator of locally originating malware
+  virus_admin_maps => ["virusalert\@$mydomain"],
+  spam_admin_maps  => ["virusalert\@$mydomain"],
+  warnbadhsender   => 1,
+  # forward to a smtpd service providing DKIM signing service
+  forward_method => 'smtp:[127.0.0.1]:10027',
+  # force MTA conversion to 7-bit (e.g. before DKIM signing)
+  smtpd_discard_ehlo_keywords => ['8BITMIME'],
+  bypass_banned_checks_maps => [1],  # allow sending any file names and types
+  terminate_dsn_on_notify_success => 0,  # don't remove NOTIFY=SUCCESS option
+};
+$interface_policy{'SOCK'} = 'AM.PDP-SOCK'; # only applies with $unix_socketname
+$policy_bank{'AM.PDP-SOCK'} = {
+  protocol => 'AM.PDP',
+  auth_required_release => 0,  # do not require secret_id for amavisd-release
+};
+$sa_tag_level_deflt  = 2.0;  # add spam info headers if at, or above that level
+$sa_tag2_level_deflt = 6.31;  # add 'spam detected' headers at that level
+$sa_kill_level_deflt = 6.31;  # triggers spam evasive actions (e.g. blocks mail)
+$sa_dsn_cutoff_level = 10;   # spam level beyond which a DSN is not sent
+$sa_crediblefrom_dsn_cutoff_level = 18; # likewise, but for a likely valid From
+$penpals_bonus_score = 8;    # (no effect without a @storage_sql_dsn database)
+$penpals_threshold_high = $sa_kill_level_deflt;  # don't waste time on hi spam
+$bounce_killer_score = 100;  # spam score points to add for joe-jobbed bounces
+$sa_mail_body_size_limit = 400*1024; # don't waste time on SA if mail is larger
+$sa_local_tests_only = 0;    # only tests which do not require internet access?
+$virus_admin               = "virusalert\@$mydomain";  # notifications recip.
+$mailfrom_notify_admin     = "virusalert\@$mydomain";  # notifications sender
+$mailfrom_notify_recip     = "virusalert\@$mydomain";  # notifications sender
+$mailfrom_notify_spamadmin = "spam.police\@$mydomain"; # notifications sender
+$mailfrom_to_quarantine = ''; # null return path; uses original sender if undef
+@addr_extension_virus_maps      = ('virus');
+@addr_extension_banned_maps     = ('banned');
+@addr_extension_spam_maps       = ('spam');
+@addr_extension_bad_header_maps = ('badh');
+$path = '/usr/local/sbin:/usr/local/bin:/usr/sbin:/sbin:/usr/bin:/bin';
+$MAXLEVELS = 14;
+$MAXFILES = 1500;
+$MIN_EXPANSION_QUOTA =      100*1024;  # bytes  (default undef, not enforced)
+$MAX_EXPANSION_QUOTA = 300*1024*1024;  # bytes  (default undef, not enforced)
+$sa_spam_subject_tag = '***SPAM*** ';
+$defang_virus  = 1;  # MIME-wrap passed infected mail
+$defang_banned = 1;  # MIME-wrap passed mail containing banned name
+$defang_by_ccat{+CC_BADH.",3"} = 1;  # NUL or CR character in header
+$defang_by_ccat{+CC_BADH.",5"} = 1;  # header line longer than 998 characters
+$defang_by_ccat{+CC_BADH.",6"} = 1;  # header field syntax error
+$final_virus_destiny      = D_REJECT;
+$final_banned_destiny     = D_REJECT;
+$final_spam_destiny       = D_REJECT;
+$virus_quarantine_to = undef;
+$banned_quarantine_to = undef;
+$spam_quarantine_to = undef;
+$bad_header_quarantine_to = undef;
+@keep_decoded_original_maps = (new_RE(
+  qr'^MAIL$',   # retain full original message for virus checking
+  qr'^MAIL-UNDECIPHERABLE$', # recheck full mail if it contains undecipherables
+  qr'^(ASCII(?! cpio)|text|uuencoded|xxencoded|binhex)'i,
+));
+$banned_filename_re = new_RE(
+  qr'^\.(exe-ms|dll)$',                   # banned file(1) types, rudimentary
+  [ qr'^\.(rpm|cpio|tar)$'       => 0 ],  # allow any in Unix-type archives
+  qr'.\.(pif|scr)$'i,                     # banned extensions - rudimentary
+  qr'^application/x-msdownload$'i,        # block these MIME types
+  qr'^application/x-msdos-program$'i,
+  qr'^application/hta$'i,
+  # block certain double extensions in filenames
+  qr'\.[^./]*[A-Za-z][^./]*\.\s*(exe|vbs|pif|scr|bat|cmd|com|cpl|dll)[.\s]*$'i,
+  qr'.\.(exe|vbs|pif|scr|cpl)$'i,             # banned extension - basic
+);
+@score_sender_maps = ({ # a by-recipient hash lookup table,
+                        # results from all matching recipient tables are summed
+  ## site-wide opinions about senders (the '.' matches any recipient)
+  '.' => [  # the _first_ matching sender determines the score boost
+   new_RE(  # regexp-type lookup table, just happens to be all soft-blacklist
+    [qr'^(bulkmail|offers|cheapbenefits|earnmoney|foryou)@'i         => 5.0],
+    [qr'^(greatcasino|investments|lose_weight_today|market\.alert)@'i=> 5.0],
+    [qr'^(money2you|MyGreenCard|new\.tld\.registry|opt-out|opt-in)@'i=> 5.0],
+    [qr'^(optin|saveonlsmoking2002k|specialoffer|specialoffers)@'i   => 5.0],
+    [qr'^(stockalert|stopsnoring|wantsome|workathome|yesitsfree)@'i  => 5.0],
+    [qr'^(your_friend|greatoffers)@'i                                => 5.0],
+    [qr'^(inkjetplanet|marketopt|MakeMoney)\d*@'i                    => 5.0],
+   ),
+   { # a hash-type lookup table (associative array)
+     'nobody@cert.org'                        => -3.0,
+     'cert-advisory@us-cert.gov'              => -3.0,
+     'owner-alert@iss.net'                    => -3.0,
+     'slashdot@slashdot.org'                  => -3.0,
+     'securityfocus.com'                      => -3.0,
+     'ntbugtraq@listserv.ntbugtraq.com'       => -3.0,
+     'security-alerts@linuxsecurity.com'      => -3.0,
+     'mailman-announce-admin@python.org'      => -3.0,
+     'amavis-user-admin@lists.sourceforge.net'=> -3.0,
+     'amavis-user-bounces@lists.sourceforge.net' => -3.0,
+     'spamassassin.apache.org'                => -3.0,
+     'notification-return@lists.sophos.com'   => -3.0,
+     'owner-postfix-users@postfix.org'        => -3.0,
+     'owner-postfix-announce@postfix.org'     => -3.0,
+     'owner-sendmail-announce@lists.sendmail.org'   => -3.0,
+     'sendmail-announce-request@lists.sendmail.org' => -3.0,
+     'donotreply@sendmail.org'                => -3.0,
+     'ca+envelope@sendmail.org'               => -3.0,
+     'noreply@freshmeat.net'                  => -3.0,
+     'owner-technews@postel.acm.org'          => -3.0,
+     'ietf-123-owner@loki.ietf.org'           => -3.0,
+     'cvs-commits-list-admin@gnome.org'       => -3.0,
+     'rt-users-admin@lists.fsck.com'          => -3.0,
+     'clp-request@comp.nus.edu.sg'            => -3.0,
+     'surveys-errors@lists.nua.ie'            => -3.0,
+     'emailnews@genomeweb.com'                => -5.0,
+     'yahoo-dev-null@yahoo-inc.com'           => -3.0,
+     'returns.groups.yahoo.com'               => -3.0,
+     'clusternews@linuxnetworx.com'           => -3.0,
+     lc('lvs-users-admin@LinuxVirtualServer.org')    => -3.0,
+     lc('owner-textbreakingnews@CNNIMAIL12.CNN.COM') => -5.0,
+     # soft-blacklisting (positive score)
+     'sender@example.net'                     =>  3.0,
+     '.example.net'                           =>  1.0,
+   },
+  ],  # end of site-wide tables
+});
+@decoders = (
+  ['mail', \&do_mime_decode],
+  ['asc',  \&do_ascii],
+  ['uue',  \&do_ascii],
+  ['hqx',  \&do_ascii],
+  ['ync',  \&do_ascii],
+  ['F',    \&do_uncompress, ['unfreeze','freeze -d','melt','fcat'] ],
+  ['Z',    \&do_uncompress, ['uncompress','gzip -d','zcat'] ],
+  ['gz',   \&do_uncompress,  'gzip -d'],
+  ['gz',   \&do_gunzip],
+  ['bz2',  \&do_uncompress,  'bzip2 -d'],
+  ['lzo',  \&do_uncompress,  'lzop -d'],
+  ['rpm',  \&do_uncompress, ['rpm2cpio.pl','rpm2cpio'] ],
+  ['cpio', \&do_pax_cpio,   ['pax','gcpio','cpio'] ],
+  ['tar',  \&do_pax_cpio,   ['pax','gcpio','cpio'] ],
+  ['deb',  \&do_ar,          'ar'],
+  ['zip',  \&do_unzip],
+  ['7z',   \&do_7zip,       ['7zr','7za','7z'] ],
+  ['rar',  \&do_unrar,      ['rar','unrar'] ],
+  ['arj',  \&do_unarj,      ['arj','unarj'] ],
+  ['arc',  \&do_arc,        ['nomarch','arc'] ],
+  ['zoo',  \&do_zoo,        ['zoo','unzoo'] ],
+  ['lha',  \&do_lha,         'lha'],
+  ['cab',  \&do_cabextract,  'cabextract'],
+  ['tnef', \&do_tnef_ext,    'tnef'],
+  ['tnef', \&do_tnef],
+  ['exe',  \&do_executable, ['rar','unrar'], 'lha', ['arj','unarj'] ],
+);
+@av_scanners = (
+['ClamAV-clamd',
+  \&ask_daemon, ["CONTSCAN {}\n", "/tmp/clamd.socket"],
+  qr/\bOK$/m, qr/\bFOUND$/m,
+  qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ],
+  ### http://www.kaspersky.com/  (kav4mailservers)
+  ['KasperskyLab AVP - aveclient',
+    ['/usr/local/kav/bin/aveclient','/usr/local/share/kav/bin/aveclient',
+     '/opt/kav/5.5/kav4mailservers/bin/aveclient','aveclient'],
+    '-p /var/run/aveserver -s {}/*',
+    [0,3,6,8], qr/\b(INFECTED|SUSPICION|SUSPICIOUS)\b/m,
+    qr/(?:INFECTED|WARNING|SUSPICION|SUSPICIOUS) (.+)/m,
+  ],
+  # NOTE: one may prefer [0],[2,3,4,5], depending on how suspicious,
+  # currupted or protected archives are to be handled
+  ### http://www.kaspersky.com/
+  ['KasperskyLab AntiViral Toolkit Pro (AVP)', ['avp'],
+    '-* -P -B -Y -O- {}', [0,3,6,8], [2,4],    # any use for -A -K   ?
+    qr/infected: (.+)/m,
+    sub {chdir('/opt/AVP') or die "Can't chdir to AVP: $!"},
+    sub {chdir($TEMPBASE) or die "Can't chdir back to $TEMPBASE $!"},
+  ],
+  ### The kavdaemon and AVPDaemonClient have been removed from Kasperky
+  ### products and replaced by aveserver and aveclient
+  ['KasperskyLab AVPDaemonClient',
+    [ '/opt/AVP/kavdaemon',       'kavdaemon',
+      '/opt/AVP/AvpDaemonClient', 'AvpDaemonClient',
+      '/opt/AVP/AvpTeamDream',    'AvpTeamDream',
+      '/opt/AVP/avpdc', 'avpdc' ],
+    "-f=$TEMPBASE {}", [0,8], [3,4,5,6], qr/infected: ([^\r\n]+)/m ],
+    # change the startup-script in /etc/init.d/kavd to:
+    #   DPARMS="-* -Y -dl -f=/var/amavis /var/amavis"
+    #   (or perhaps:   DPARMS="-I0 -Y -* /var/amavis" )
+    # adjusting /var/amavis above to match your $TEMPBASE.
+    # The '-f=/var/amavis' is needed if not running it as root, so it
+    # can find, read, and write its pid file, etc., see 'man kavdaemon'.
+    # defUnix.prf: there must be an entry "*/var/amavis" (or whatever
+    #   directory $TEMPBASE specifies) in the 'Names=' section.
+    # cd /opt/AVP/DaemonClients; configure; cd Sample; make
+    # cp AvpDaemonClient /opt/AVP/
+    # su - vscan -c "${PREFIX}/kavdaemon ${DPARMS}"
+  ### http://www.centralcommand.com/
+  ['CentralCommand Vexira (new) vascan',
+    ['vascan','/usr/lib/Vexira/vascan'],
+    "-a s --timeout=60 --temp=$TEMPBASE -y $QUARANTINEDIR ".
+    "--log=/var/log/vascan.log {}",
+    [0,3], [1,2,5],
+    qr/(?x)^\s* (?:virus|iworm|macro|mutant|sequence|trojan)\ found:\ ( [^\]\s']+ )\ \.\.\.\ /m ],
+    # Adjust the path of the binary and the virus database as needed.
+    # 'vascan' does not allow to have the temp directory to be the same as
+    # the quarantine directory, and the quarantine option can not be disabled.
+    # If $QUARANTINEDIR is not used, then another directory must be specified
+    # to appease 'vascan'. Move status 3 to the second list if password
+    # protected files are to be considered infected.
+  ### http://www.avira.com/
+  ### Avira AntiVir (formerly H+BEDV) or (old) CentralCommand Vexira Antivirus
+  ['Avira AntiVir', ['antivir','vexira'],
+    '--allfiles -noboot -nombr -rs -s -z {}', [0], qr/ALERT:|VIRUS:/m,
+    qr/(?x)^\s* (?: ALERT: \s* (?: \[ | [^']* ' ) |
+         (?i) VIRUS:\ .*?\ virus\ '?) ( [^\]\s']+ )/m ],
+    # NOTE: if you only have a demo version, remove -z and add 214, as in:
+    #  '--allfiles -noboot -nombr -rs -s {}', [0,214], qr/ALERT:|VIRUS:/,
+  ### http://www.commandsoftware.com/
+  ['Command AntiVirus for Linux', 'csav',
+    '-all -archive -packed {}', [50], [51,52,53],
+    qr/Infection: (.+)/m ],
+  ### http://www.symantec.com/
+  ['Symantec CarrierScan via Symantec CommandLineScanner',
+    'cscmdline', '-a scan -i 1 -v -s 127.0.0.1:7777 {}',
+    qr/^Files Infected:\s+0$/m, qr/^Infected\b/m,
+    qr/^(?:Info|Virus Name):\s+(.+)/m ],
+  ### http://www.symantec.com/
+  ['Symantec AntiVirus Scan Engine',
+    'savsecls', '-server 127.0.0.1:7777 -mode scanrepair -details -verbose {}',
+    [0], qr/^Infected\b/m,
+    qr/^(?:Info|Virus Name):\s+(.+)/m ],
+    # NOTE: check options and patterns to see which entry better applies
+  ### http://www.f-secure.com/products/anti-virus/  version 5.52
+   ['F-Secure Antivirus for Linux servers',
+    ['/opt/f-secure/fsav/bin/fsav', 'fsav'],
+    '--virus-action1=report --archive=yes --auto=yes '.
+    '--dumb=yes --list=no --mime=yes {}', [0], [3,4,6,8],
+    qr/(?:infection|Infected|Suspected|Riskware): (.+)/m ],
+    # NOTE: internal archive handling may be switched off by '--archive=no'
+    #   to prevent fsav from exiting with status 9 on broken archives
+  ['CAI InoculateIT', 'inocucmd',  # retired product
+    '-sec -nex {}', [0], [100],
+    qr/was infected by virus (.+)/m ],
+  # see: http://www.flatmtn.com/computer/Linux-Antivirus_CAI.html
+  ### http://www3.ca.com/Solutions/Product.asp?ID=156  (ex InoculateIT)
+  ['CAI eTrust Antivirus', 'etrust-wrapper',
+    '-arc -nex -spm h {}', [0], [101],
+    qr/is infected by virus: (.+)/m ],
+    # NOTE: requires suid wrapper around inocmd32; consider flag: -mod reviewer
+    # see http://marc.theaimsgroup.com/?l=amavis-user&m=109229779912783
+  ### http://mks.com.pl/english.html
+  ['MkS_Vir for Linux (beta)', ['mks32','mks'],
+    '-s {}/*', [0], [1,2],
+    qr/--[ \t]*(.+)/m ],
+  ### http://mks.com.pl/english.html
+  ['MkS_Vir daemon', 'mksscan',
+    '-s -q {}', [0], [1..7],
+    qr/^... (\S+)/m ],
+  ### http://www.eset.com/, version 3.0
+  ['ESET Software ESETS Command Line Interface',
+    ['/usr/bin/esets_cli', 'esets_cli'],
+    '--subdir {}', [0], [1,2,3],
+    qr/:\s*action="(?!accepted)[^"]*"\n.*:\s*virus="([^"]*)"/m ],
+  ## http://www.nod32.com/,  NOD32LFS version 2.5 and above
+  ['ESET NOD32 for Linux File servers',
+    ['/opt/eset/nod32/sbin/nod32','nod32'],
+    '--files -z --mail --sfx --rtp --adware --unsafe --pattern --heur '.
+    '-w -a --action=1 -b {}',
+    [0], [1,10], qr/^object=.*, virus="(.*?)",/m ],
+  ### http://www.norman.com/products_nvc.shtml
+  ['Norman Virus Control v5 / Linux', 'nvcc',
+    '-c -l:0 -s -u -temp:$TEMPBASE {}', [0,10,11], [1,2,14],
+    qr/(?i).* virus in .* -> \'(.+)\'/m ],
+  ### http://www.pandasoftware.com/
+  ['Panda CommandLineSecure 9 for Linux',
+    ['/opt/pavcl/usr/bin/pavcl','pavcl'],
+    '-auto -aex -heu -cmp -nbr -nor -nos -eng -nob {}',
+    qr/Number of files infected[ .]*: 0+(?!\d)/m,
+    qr/Number of files infected[ .]*: 0*[1-9]/m,
+    qr/Found virus :\s*(\S+)/m ],
+  # NOTE: for efficiency, start the Panda in resident mode with 'pavcl -tsr'
+  # before starting amavisd - the bases are then loaded only once at startup.
+  # To reload bases in a signature update script:
+  #   /opt/pavcl/usr/bin/pavcl -tsr -ulr; /opt/pavcl/usr/bin/pavcl -tsr
+  # Please review other options of pavcl, for example:
+  #  -nomalw, -nojoke, -nodial, -nohackt, -nospyw, -nocookies
+  ### http://www.nai.com/
+  ['NAI McAfee AntiVirus (uvscan)', 'uvscan',
+    '--secure -rv --mime --summary --noboot - {}', [0], [13],
+    qr/(?x) Found (?:
+        \ the\ (.+)\ (?:virus|trojan)  |
+        \ (?:virus|trojan)\ or\ variant\ ([^ ]+)  |
+        :\ (.+)\ NOT\ a\ virus)/m,
+  # sub {$ENV{LD_PRELOAD}='/lib/libc.so.6'},
+  # sub {delete $ENV{LD_PRELOAD}},
+  ],
+  # NOTE1: with RH9: force the dynamic linker to look at /lib/libc.so.6 before
+  # anything else by setting environment variable LD_PRELOAD=/lib/libc.so.6
+  # and then clear it when finished to avoid confusing anything else.
+  # NOTE2: to treat encrypted files as viruses replace the [13] with:
+  #  qr/^\s{5,}(Found|is password-protected|.*(virus|trojan))/
+  ### http://www.virusbuster.hu/en/
+  ['VirusBuster', ['vbuster', 'vbengcl'],
+    "{} -ss -i '*' -log=$MYHOME/vbuster.log", [0], [1],
+    qr/: '(.*)' - Virus/m ],
+  # VirusBuster Ltd. does not support the daemon version for the workstation
+  # engine (vbuster-eng-1.12-linux-i386-libc6.tgz) any longer. The names of
+  # binaries, some parameters AND return codes have changed (from 3 to 1).
+  # See also the new Vexira entry 'vascan' which is possibly related.
+  ### http://www.cyber.com/
+  ['CyberSoft VFind', 'vfind',
+    '--vexit {}/*', [0], [23], qr/##==>>>> VIRUS ID: CVDL (.+)/m,
+  # sub {$ENV{VSTK_HOME}='/usr/lib/vstk'},
+  ],
+  ### http://www.avast.com/
+  ['avast! Antivirus', ['/usr/bin/avastcmd','avastcmd'],
+    '-a -i -n -t=A {}', [0], [1], qr/\binfected by:\s+([^ \t\n\[\]]+)/m ],
+  ### http://www.ikarus-software.com/
+  ['Ikarus AntiVirus for Linux', 'ikarus',
+    '{}', [0], [40], qr/Signature (.+) found/m ],
+  ### http://www.bitdefender.com/
+  ['BitDefender', 'bdscan',  # new version
+    '--action=ignore --no-list {}', qr/^Infected files\s*:\s*0+(?!\d)/m,
+    qr/^(?:Infected files|Identified viruses|Suspect files)\s*:\s*0*[1-9]/m,
+    qr/(?:suspected|infected)\s*:\s*(.*)(?:\033|$)/m ],
+  ### http://www.bitdefender.com/
+  ['BitDefender', 'bdc',  # old version
+    '--arc --mail {}', qr/^Infected files *:0+(?!\d)/m,
+    qr/^(?:Infected files|Identified viruses|Suspect files) *:0*[1-9]/m,
+    qr/(?:suspected|infected): (.*)(?:\033|$)/m ],
+  # consider also: --all --nowarn --alev=15 --flev=15.  The --all argument may
+  # not apply to your version of bdc, check documentation and see 'bdc --help'
+  ### ArcaVir for Linux and Unix http://www.arcabit.pl/
+  ['ArcaVir for Linux', ['arcacmd','arcacmd.static'],
+    '-v 1 -summary 0 -s {}', [0], [1,2],
+    qr/(?:VIR|WIR):[ \t]*(.+)/m ],
+);
+@av_scanners_backup = (
+  ### http://www.clamav.net/   - backs up clamd or Mail::ClamAV
+  ['ClamAV-clamscan', 'clamscan',
+    "--stdout --no-summary -r --tempdir=$TEMPBASE {}",
+    [0], qr/:.*\sFOUND$/m, qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ],
+  ### http://www.f-prot.com/   - backs up F-Prot Daemon, V6
+  ['F-PROT Antivirus for UNIX', ['fpscan'],
+    '--report --mount --adware {}',  # consider: --applications -s 4 -u 3 -z 10
+    [0,8,64],  [1,2,3, 4+1,4+2,4+3, 8+1,8+2,8+3, 12+1,12+2,12+3],
+    qr/^\[Found\s+[^\]]*\]\s+<([^ \t(>]*)/m ],
+  ### http://www.f-prot.com/   - backs up F-Prot Daemon (old)
+  ['FRISK F-Prot Antivirus', ['f-prot','f-prot.sh'],
+    '-dumb -archive -packed {}', [0,8], [3,6],   # or: [0], [3,6,8],
+    qr/(?:Infection:|security risk named) (.+)|\s+contains\s+(.+)$/m ],
+  ### http://www.trendmicro.com/   - backs up Trophie
+  ['Trend Micro FileScanner', ['/etc/iscan/vscan','vscan'],
+    '-za -a {}', [0], qr/Found virus/m, qr/Found virus (.+) in/m ],
+  ### http://www.sald.com/, http://drweb.imshop.de/   - backs up DrWebD
+  ['drweb - DrWeb Antivirus',  # security LHA hole in Dr.Web 4.33 and earlier
+    ['/usr/local/drweb/drweb', '/opt/drweb/drweb', 'drweb'],
+    '-path={} -al -go -ot -cn -upn -ok-',
+    [0,32], [1,9,33], qr' infected (?:with|by)(?: virus)? (.*)$'m ],
+   ### http://www.kaspersky.com/
+   ['Kaspersky Antivirus v5.5',
+     ['/opt/kaspersky/kav4fs/bin/kav4fs-kavscanner',
+      '/opt/kav/5.5/kav4unix/bin/kavscanner',
+      '/opt/kav/5.5/kav4mailservers/bin/kavscanner', 'kavscanner'],
+     '-i0 -xn -xp -mn -R -ePASBME {}/*', [0,10,15], [5,20,21,25],
+     qr/(?:INFECTED|WARNING|SUSPICION|SUSPICIOUS) (.*)/m,
+   ],
+);
+;  # insure a defined return value </code>
+===== erster Programmstart =====
+Nun ist es an der Zeit unseren //**A** **MA**il **Vi**rus **S**canner// das erste mal zu starten.
+   # service amavisd start
+   Mail Virus Scanner (amavisd) starten:                      [  OK  ]
+Im **/var/log/maillog** wird der erfolgreiche Start ausreichend dokumentiert:
+<code>Jul 14 19:58:46 nss amavis[16065]: starting.  /usr/sbin/amavisd at amavis.nausch.org amavisd-new-2.6.4 (20090625), Unicode aware, LANG="de_DE.UTF-8"
+Jul 14 19:58:46 nss amavis[16065]: user=103, EUID: 103 (103);  group=, EGID: 106 106 (106 106)
+Jul 14 19:58:46 nss amavis[16065]: Perl version               5.008008
+Jul 14 19:58:47 nss amavis[16065]: SpamControl: scanner SpamAssassin, module Amavis::SpamControl::SpamAssassin
+Jul 14 19:58:47 nss amavis[16065]: INFO: SA version: 3.2.5, 3.002005, no optional modules: Net::CIDR::Lite Sys::Hostname::Long Encode::Detect Razor2::Client::Agent IP::Coun
+try::Fast Image::Info Image::Info::GIF Image::Info::JPEG Image::Info::PNG Image::Info::TIFF Mail::SPF Mail::SPF::Server Mail::SPF::Request Mail::SPF::Mech Mail::SPF::Mech::
+A Mail::SPF::Mech::PTR Mail::SPF::Mech::All Mail::SPF::Mech::Exists Mail::SPF::Mech::IP4 Mail::SPF::Mech::IP6 Mail::SPF::Mech::Include Mail::SPF::Mech::MX Mail::SPF::Mod Ma
+il::SPF::Mod::Exp Mail::SPF::Mod::Redirect Mail::SPF::SenderIPAddrMech Mail::SPF::v1::Record Mail::SPF::v2::Record NetAddr::IP NetAddr::IP::Util auto::NetAddr::IP::Util::in
+et_n2dx auto::NetAddr::IP::Util::ipv6_n2d auto::NetAddr::IP::Util::ipv6_n2x Error
+Jul 14 19:58:47 nss amavis[16065]: SpamControl: init_pre_chroot on SpamAssassin done
+Jul 14 19:58:47 nss amavis[16106]: Net::Server: Process Backgrounded
+Jul 14 19:58:47 nss amavis[16106]: Net::Server: 2009/07/14-19:58:47 Amavis (type Net::Server::PreForkSimple) starting! pid(16106)
+Jul 14 19:58:47 nss amavis[16106]: Net::Server: Binding to UNIX socket file /var/amavis/amavisd.sock using SOCK_STREAM
+Jul 14 19:58:47 nss amavis[16106]: Net::Server: Binding to TCP port 10024 on host 127.0.0.1
+Jul 14 19:58:47 nss amavis[16106]: Net::Server: Group Not Defined.  Defaulting to EGID '106 106'
+Jul 14 19:58:47 nss amavis[16106]: Net::Server: User Not Defined.  Defaulting to EUID '103'
+Jul 14 19:58:47 nss amavis[16106]: config files read: /etc/amavisd.conf
+Jul 14 19:58:47 nss amavis[16106]: Module Amavis::Conf        2.207
+Jul 14 19:58:47 nss amavis[16106]: Module Archive::Zip        1.16
+Jul 14 19:58:47 nss amavis[16106]: Module BerkeleyDB          0.36
+Jul 14 19:58:47 nss amavis[16106]: Module Compress::Zlib      2.02
+Jul 14 19:58:47 nss amavis[16106]: Module Convert::TNEF       0.17
+Jul 14 19:58:47 nss amavis[16106]: Module Convert::UUlib      1.051
+Jul 14 19:58:47 nss amavis[16106]: Module Crypt::OpenSSL::RSA 0.25
+Jul 14 19:58:47 nss amavis[16106]: Module DBD::mysql          4.012
+Jul 14 19:58:47 nss amavis[16106]: Module DBI                 1.52
+Jul 14 19:58:47 nss amavis[16106]: Module DB_File             1.814
+Jul 14 19:58:47 nss amavis[16106]: Module Digest::MD5         2.36
+Jul 14 19:58:47 nss amavis[16106]: Module Digest::SHA         5.47
+Jul 14 19:58:47 nss amavis[16106]: Module Digest::SHA1        2.11
+Jul 14 19:58:47 nss amavis[16106]: Module IO::Socket::INET6   2.51
+Jul 14 19:58:47 nss amavis[16106]: Module MIME::Entity        5.420
+Jul 14 19:58:47 nss amavis[16106]: Module MIME::Parser        5.420
+Jul 14 19:58:47 nss amavis[16106]: Module MIME::Tools         5.420
+Jul 14 19:58:47 nss amavis[16106]: Module Mail::DKIM::Verifier 0.36
+Jul 14 19:58:47 nss amavis[16106]: Module Mail::Header        1.77
+Jul 14 19:58:47 nss amavis[16106]: Module Mail::Internet      1.77
+Jul 14 19:58:47 nss amavis[16106]: Module Mail::SpamAssassin  3.002005
+Jul 14 19:58:47 nss amavis[16106]: Module Net::DNS            0.59
+Jul 14 19:58:47 nss amavis[16106]: Module Net::Server         0.97
+Jul 14 19:58:47 nss amavis[16106]: Module Socket6             0.19
+Jul 14 19:58:47 nss amavis[16106]: Module Time::HiRes         1.9715
+Jul 14 19:58:47 nss amavis[16106]: Module URI                 1.35
+Jul 14 19:58:47 nss amavis[16106]: Module Unix::Syslog        1.1
+Jul 14 19:58:47 nss amavis[16106]: Amavis::DB code      loaded
+Jul 14 19:58:47 nss amavis[16106]: Amavis::Cache code   loaded
+Jul 14 19:58:47 nss amavis[16106]: SQL base code        NOT loaded
+Jul 14 19:58:47 nss amavis[16106]: SQL::Log code        NOT loaded
+Jul 14 19:58:47 nss amavis[16106]: SQL::Quarantine      NOT loaded
+Jul 14 19:58:47 nss amavis[16106]: Lookup::SQL code     NOT loaded
+Jul 14 19:58:47 nss amavis[16106]: Lookup::LDAP code    NOT loaded
+Jul 14 19:58:47 nss amavis[16106]: AM.PDP-in proto code loaded
+Jul 14 19:58:47 nss amavis[16106]: SMTP-in proto code   loaded
+Jul 14 19:58:47 nss amavis[16106]: Courier proto code   NOT loaded
+Jul 14 19:58:47 nss amavis[16106]: SMTP-out proto code  loaded
+Jul 14 19:58:47 nss amavis[16106]: Pipe-out proto code  NOT loaded
+Jul 14 19:58:47 nss amavis[16106]: BSMTP-out proto code NOT loaded
+Jul 14 19:58:47 nss amavis[16106]: Local-out proto code loaded
+Jul 14 19:58:47 nss amavis[16106]: OS_Fingerprint code  NOT loaded
+Jul 14 19:58:47 nss amavis[16106]: ANTI-VIRUS code      loaded
+Jul 14 19:58:47 nss amavis[16106]: ANTI-SPAM code       loaded
+Jul 14 19:58:47 nss amavis[16106]: ANTI-SPAM-EXT code   NOT loaded
+Jul 14 19:58:47 nss amavis[16106]: ANTI-SPAM-C code     NOT loaded
+Jul 14 19:58:47 nss amavis[16106]: ANTI-SPAM-SA code    loaded
+Jul 14 19:58:47 nss amavis[16106]: Unpackers code       loaded
+Jul 14 19:58:47 nss amavis[16106]: DKIM code            NOT loaded
+Jul 14 19:58:47 nss amavis[16106]: Tools code           NOT loaded
+Jul 14 19:58:47 nss amavis[16106]: Found $file            at /usr/bin/file
+Jul 14 19:58:47 nss amavis[16106]: No $altermime,         not using it
+Jul 14 19:58:47 nss amavis[16106]: Internal decoder for .mail
+Jul 14 19:58:47 nss amavis[16106]: Internal decoder for .asc
+Jul 14 19:58:47 nss amavis[16106]: Internal decoder for .uue
+Jul 14 19:58:47 nss amavis[16106]: Internal decoder for .hqx
+Jul 14 19:58:47 nss amavis[16106]: Internal decoder for .ync
+Jul 14 19:58:47 nss amavis[16106]: Found decoder for    .F    at /usr/bin/unfreeze
+Jul 14 19:58:47 nss amavis[16106]: Found decoder for    .Z    at /usr/bin/uncompress
+Jul 14 19:58:47 nss amavis[16106]: Found decoder for    .gz   at /usr/bin/gzip -d
+Jul 14 19:58:47 nss amavis[16106]: Internal decoder for .gz   (backup, not used)
+Jul 14 19:58:47 nss amavis[16106]: Found decoder for    .bz2  at /usr/bin/bzip2 -d
+Jul 14 19:58:47 nss amavis[16106]: Found decoder for    .lzo  at /usr/bin/lzop -d
+Jul 14 19:58:47 nss amavis[16106]: Found decoder for    .rpm  at /usr/bin/rpm2cpio
+Jul 14 19:58:47 nss amavis[16106]: Found decoder for    .cpio at /usr/bin/pax
+Jul 14 19:58:47 nss amavis[16106]: Found decoder for    .tar  at /usr/bin/pax
+Jul 14 19:58:47 nss amavis[16106]: Found decoder for    .deb  at /usr/bin/ar
+Jul 14 19:58:47 nss amavis[16106]: Internal decoder for .zip
+Jul 14 19:58:47 nss amavis[16106]: No decoder for       .7z   tried: 7zr, 7za, 7z
+Jul 14 19:58:47 nss amavis[16106]: Found decoder for    .rar  at /usr/bin/unrar
+Jul 14 19:58:47 nss amavis[16106]: Found decoder for    .arj  at /usr/bin/arj
+Jul 14 19:58:47 nss amavis[16106]: Found decoder for    .arc  at /usr/bin/nomarch
+Jul 14 19:58:47 nss amavis[16106]: Found decoder for    .zoo  at /usr/bin/zoo
+Jul 14 19:58:47 nss amavis[16106]: Found decoder for    .lha  at /usr/bin/lha
+Jul 14 19:58:47 nss amavis[16106]: Found decoder for    .cab  at /usr/bin/cabextract
+Jul 14 19:58:47 nss amavis[16106]: No decoder for       .tnef tried: tnef
+Jul 14 19:58:47 nss amavis[16106]: Internal decoder for .tnef
+Jul 14 19:58:47 nss amavis[16106]: Found decoder for    .exe  at /usr/bin/unrar; /usr/bin/lha; /usr/bin/arj
+Jul 14 19:58:47 nss amavis[16106]: Using primary internal av scanner code for ClamAV-clamd
+Jul 14 19:58:47 nss amavis[16106]: No primary av scanner: KasperskyLab AVP - aveclient
+Jul 14 19:58:47 nss amavis[16106]: No primary av scanner: KasperskyLab AntiViral Toolkit Pro (AVP)
+Jul 14 19:58:47 nss amavis[16106]: No primary av scanner: KasperskyLab AVPDaemonClient
+Jul 14 19:58:47 nss amavis[16106]: No primary av scanner: CentralCommand Vexira (new) vascan
+Jul 14 19:58:47 nss amavis[16106]: No primary av scanner: Avira AntiVir
+Jul 14 19:58:47 nss amavis[16106]: No primary av scanner: Command AntiVirus for Linux
+Jul 14 19:58:47 nss amavis[16106]: No primary av scanner: Symantec CarrierScan via Symantec CommandLineScanner
+Jul 14 19:58:47 nss amavis[16106]: No primary av scanner: Symantec AntiVirus Scan Engine
+Jul 14 19:58:47 nss amavis[16106]: No primary av scanner: F-Secure Antivirus for Linux servers
+Jul 14 19:58:47 nss amavis[16106]: No primary av scanner: CAI InoculateIT
+Jul 14 19:58:47 nss amavis[16106]: No primary av scanner: CAI eTrust Antivirus
+Jul 14 19:58:47 nss amavis[16106]: No primary av scanner: MkS_Vir for Linux (beta)
+Jul 14 19:58:47 nss amavis[16106]: No primary av scanner: MkS_Vir daemon
+Jul 14 19:58:47 nss amavis[16106]: No primary av scanner: ESET NOD32 Linux Mail Server - command line interface
+Jul 14 19:58:47 nss amavis[16106]: No primary av scanner: ESET NOD32 for Linux File servers
+Jul 14 19:58:47 nss amavis[16106]: No primary av scanner: Norman Virus Control v5 / Linux
+Jul 14 19:58:47 nss amavis[16106]: No primary av scanner: Panda CommandLineSecure 9 for Linux
+Jul 14 19:58:47 nss amavis[16106]: No primary av scanner: NAI McAfee AntiVirus (uvscan)
+Jul 14 19:58:47 nss amavis[16106]: No primary av scanner: VirusBuster
+Jul 14 19:58:47 nss amavis[16106]: No primary av scanner: CyberSoft VFind
+Jul 14 19:58:47 nss amavis[16106]: No primary av scanner: avast! Antivirus
+Jul 14 19:58:47 nss amavis[16106]: No primary av scanner: Ikarus AntiVirus for Linux
+Jul 14 19:58:47 nss amavis[16106]: No primary av scanner: BitDefender
+Jul 14 19:58:47 nss amavis[16106]: No primary av scanner: BitDefender
+Jul 14 19:58:47 nss amavis[16106]: No primary av scanner: ArcaVir for Linux
+Jul 14 19:58:47 nss amavis[16106]: Found secondary av scanner ClamAV-clamscan at /usr/bin/clamscan
+Jul 14 19:58:47 nss amavis[16106]: No secondary av scanner: F-PROT Antivirus for UNIX
+Jul 14 19:58:47 nss amavis[16106]: No secondary av scanner: FRISK F-Prot Antivirus
+Jul 14 19:58:47 nss amavis[16106]: No secondary av scanner: Trend Micro FileScanner
+Jul 14 19:58:47 nss amavis[16106]: No secondary av scanner: drweb - DrWeb Antivirus
+Jul 14 19:58:47 nss amavis[16106]: No secondary av scanner: Kaspersky Antivirus v5.5
+Jul 14 19:58:47 nss amavis[16106]: Creating db in /var/amavis/db/; BerkeleyDB 0.36, libdb 4.3
+Jul 14 19:58:47 nss amavis[16106]: initializing Mail::SpamAssassin
+Jul 14 19:58:47 nss amavis[16106]: SpamAssassin debug facilities: info
+Jul 14 19:58:49 nss amavis[16106]: SpamAssassin loaded plugins: AWL, AutoLearnThreshold, Bayes, BodyEval, Check, DNSEval, HTMLEval, HTTPSMismatch, Hashcash, HeaderEval, Ima
+geInfo, MIMEEval, MIMEHeader, Pyzor, Razor2, RelayEval, ReplaceTags, SPF, SpamCop, URIDNSBL, URIDetail, URIEval, VBounce, WLBLEval, WhiteListSubject
+Jul 14 19:58:49 nss amavis[16106]: SpamControl: init_pre_fork on SpamAssassin done
+Jul 14 19:58:49 nss amavis[16106]: DKIM signature verification disabled, corresponding features not available. If not intentional, consider enabling it by setting: $enable_
+dkim_verification to 1, or explicitly disable it by setting it to 0 to quench down this warning.
+Jul 14 19:58:49 nss amavis[16130]: TIMING [total 7 ms] - bdb-open: 7 (100%)100, rundown: 0 (0%)100
+Jul 14 19:58:49 nss amavis[16131]: TIMING [total 6 ms] - bdb-open: 6 (100%)100, rundown: 0 (0%)100
+Jul 14 19:58:49 nss amavis[16132]: TIMING [total 7 ms] - bdb-open: 7 (100%)100, rundown: 0 (0%)100
+Jul 14 19:58:49 nss amavis[16133]: TIMING [total 6 ms] - bdb-open: 6 (100%)100, rundown: 0 (0%)100 </code>
+Über den Port **10024** sollte nun unser daemon ansprechbar sein. Was wir auch sehr einfach mittels **lsof** überprüfen können:
+<code>lsof -i :10024
+COMMAND   PID   USER   FD   TYPE  DEVICE SIZE NODE NAME
+amavisd 29499 amavis    6u  IPv4 6036705       TCP localhost.localdomain:10024 (LISTEN)
+amavisd 29501 amavis    6u  IPv4 6036705       TCP localhost.localdomain:10024 (LISTEN)
+amavisd 29502 amavis    6u  IPv4 6036705       TCP localhost.localdomain:10024 (LISTEN)</code>
+Via **telnet localhost 10024** können wir uns nun zum virusscanner-daemon verbinden.
+<code>telnet localhost 10024
+Trying 127.0.0.1...
+Connected to localhost.localdomain (127.0.0.1).
+Escape character is '^]'.
+[127.0.0.1] ESMTP amavisd-new service ready
+quit
+2.0.0 [127.0.0.1] amavisd-new closing transmission channel
+Connection closed by foreign host.
+</code>
+===== automatisches Starten des Dienste beim Systemstart =====
+Damit nun unser AMaViS-Server beim Booten automatisch gestartet wird, nehmen wir noch folgende Konfigurationsschritte vor.
+<code>chkconfig amavisd on</code>
+Anschließend überprüfen wir noch unsere Änderung:
+<code>chkconfig --list | grep amavisd
+amavisd         0:Aus   1:Aus   2:Ein   3:Ein   4:Ein   5:Ein   6:Aus</code>
+===== Postfix =====
+==== Konfiguration ====
+Wie schon beim Punkt **//Konfiguration//** beschrieben, erweitern wir nun unsere Postfixkonfiguration so, dass die zwei Ports **10024** und **10025** von Postfix bedient werden.\\
+\\
+Diese Ergänzungen definieren wir in der **vim /etc/postfix/master.cf**.
+<code>vim /etc/postfix/master.cf
+#
+# Postfix master process configuration file.  For details on the format
+# of the file, see the master(5) manual page (command: "man 5 master").
+#
+# ==========================================================================
+# service       type  private unpriv  chroot  wakeup  maxproc command + args
+#                     (yes)   (yes)   (yes)   (never) (100)
+# ==========================================================================
+smtp            inet  n       -       n       -       -       smtpd
+        -o smtpd_proxy_filter=localhost:10024
+        -o content_filter=
+localhost:10025 inet  n       -       n       -       -       smtpd
+        -o content_filter=
+        -o smtpd_proxy_filter=
+        -o smtpd_authorized_xforward_hosts=127.0.0.0/8
+        -o smtp_client_restrictions=
+        -o smtp_helo_restrictions=
+        -o smtp_sender_restrictions=
+        -o smtpd_recipient_restrictions=permit_mynetworks,reject
+        -o smtp_data_restrictions=
+        -o mynetworks=127.0.0.0/8
+        -o receive_override_options=no_unknown_recipient_checks</code>
+==== Neustart ====
+Zur aktivierung unserer Änderung starten wir unseren Mailserver einmal durch:
+<code>service postfix restart
+Postfix beenden:                                           [  OK  ]
+Postfix starten:                                           [  OK  ]</code>
+==== Test ====
+Über den Port **10024** sollte nun unser daemon ansprechbar sein. Was wir auch sehr einfach mittels **lsof** überprüfen können:
+<code>lsof -i :25
+COMMAND   PID    USER   FD   TYPE  DEVICE SIZE NODE NAME
+master  28235    root   11u  IPv4 1396426       TCP *:smtp (LISTEN)
+smtpd   28242 postfix    6u  IPv4 1396426       TCP *:smtp (LISTEN)</code>
+Von der Konsole aus testen wir nun den Zugang über Port**25**:
+<code>telnet localhost 25
+Trying 127.0.0.1...
+Connected to localhost.localdomain (127.0.0.1).
+Escape character is '^]'.
+mx1.nausch.org ESMTP Postfix
+quit
+2.0.0 Bye
+Connection closed by foreign host.</code>
+Für den zweiten Port **10025** machen wir auch noch den gleichen Test.
+<code>lsof -i :10025
+COMMAND   PID    USER   FD   TYPE  DEVICE SIZE NODE NAME
+master  28235    root   14u  IPv4 1396432       TCP localhost.localdomain:10025 (LISTEN)
+smtpd   28248 postfix    6u  IPv4 1396432       TCP localhost.localdomain:10025 (LISTEN)</code>
+Auch hier prüfen wir via telnet, ob unser Postfix auf Anfragen auf Port **10025** reagiert.
+<code>telnet localhost 10025
+Trying 127.0.0.1...
+Connected to localhost.localdomain (127.0.0.1).
+Escape character is '^]'.
+mx1.nausch.org ESMTP Postfix
+quit
+2.0.0 Bye
+Connection closed by foreign host.
+</code>
+===== RAM-Disk für AMaViS =====
+Da sich bei entsprechenden Trafic die Zugriffe auf die Harddisk ungünstig auf die Performance auswirkt, legen wir eine RAM-Disk für den Virenscanner an. Dort kann er dann die Attachments ablegen und entpacken.\\
+\\
+Wir legen uns eine 250 MB große RAM-Disk an:
+   vim /etc/fstab
+   /dev/shm                /var/amavis/tmp         tmpfs   defaults,size=250m,mode=750,uid=103,gid=106 0 0
+Anschließend mounten wir unser neues Laufwerk mit
+   mount /var/amavis/tmp
+Je nach Belastung werden nun in unserem Arbeitsverzeichnis die Daten abgelegt
+   df -h -t tmpfs
+   Dateisystem          Größe Benut  Verf Ben% Eingehängt auf
+   /dev/shm              250M   16K  250M   1% /var/amavis/tmp