centos:mailserver:installation_von_clamav

Unterschiede

Hier werden die Unterschiede zwischen zwei Versionen angezeigt.

Link zu dieser Vergleichsansicht

Beide Seiten der vorigen Revision Vorhergehende Überarbeitung
Nächste Überarbeitung
Vorhergehende Überarbeitung
centos:mailserver:installation_von_clamav [08.03.2011 13:42. ] – [amavisd] djangocentos:mailserver:installation_von_clamav [20.04.2018 10:34. ] (aktuell) – Externe Bearbeitung 127.0.0.1
Zeile 1: Zeile 1:
 +====== Virenschutz mit ClamAV ======
 +Als **//Viren-Scanner//** und **//-Killer//** verwenden wir [[http://www.clamav.net/|clamav]].
 +===== Installation =====
 +Wir installieren uns hierzu den entsprechenden **daemon** via **yum**.
 +<code>yum install clamd clamav clamav-db</code>
 +==== Info ====
 +Was uns die einzelnen Pakete liefern, entnehmen wir den jeweiligen rpm's.
 +<code>yum info clamd
 +
 +Name   : clamd
 +...
 +Summary: The Clam AntiVirus Daemon
 +Description:
 +The Clam AntiVirus Daemon</code>
 +
 +<code>yum info clamav
 +
 +
 +Name   : clamav
 +...
 +Summary: Anti-virus software
 +Description:
 +Clam AntiVirus is a GPL anti-virus toolkit for UNIX. The main purpose of
 +this software is the integration with mail servers (attachment scanning).
 +The package provides a flexible and scalable multi-threaded daemon, a
 +command line scanner, and a tool for automatic updating via Internet.
 +
 +The programs are based on a shared library distributed with the Clam
 +AntiVirus package, which you can use with your own software. Most
 +importantly, the virus database is kept up to date</code>
 +
 +<code>yum info clamav-db
 +
 +Name   : clamav-db
 +...
 +Summary: Virus database for clamav
 +Description:
 +The actual virus database for clamav</code>
 +==== Programmpfade und -inhalte ====
 +Über die einzelnen Dateien und Pfade der installierten Programme, informieren wir uns mittels:
 +<code>rpm -ql clamd
 +
 +/etc/clamd.conf
 +/etc/logrotate.d/clamav
 +/etc/rc.d/init.d/clamd
 +/usr/bin/clamconf
 +/usr/bin/clamdscan
 +/usr/sbin/clamd
 +/usr/share/doc/clamd-0.94.1
 +/usr/share/doc/clamd-0.94.1/clamd.conf
 +/usr/share/doc/clamd-0.94.1/clamdwatch
 +/usr/share/doc/clamd-0.94.1/clamdwatch/clamdwatch.tar.gz
 +/usr/share/man/man1/clamconf.1.gz
 +/usr/share/man/man1/clamdscan.1.gz
 +/usr/share/man/man5/clamd.conf.5.gz
 +/usr/share/man/man8/clamd.8.gz
 +/var/clamav
 +/var/log/clamav
 +/var/run/clamav
 +</code>
 +
 +<code>rpm -ql clamav
 +
 +/etc/freshclam.conf
 +/usr/bin/clamscan
 +/usr/bin/freshclam
 +/usr/bin/sigtool
 +/usr/lib/libclamav.so.5
 +/usr/lib/libclamav.so.5.0.3
 +/usr/lib/libclamunrar.so.5
 +/usr/lib/libclamunrar.so.5.0.3
 +/usr/lib/libclamunrar_iface.so.5
 +/usr/lib/libclamunrar_iface.so.5.0.3
 +/usr/share/doc/clamav-0.94.1
 +/usr/share/doc/clamav-0.94.1/AUTHORS
 +/usr/share/doc/clamav-0.94.1/BUGS
 +/usr/share/doc/clamav-0.94.1/COPYING
 +/usr/share/doc/clamav-0.94.1/ChangeLog
 +/usr/share/doc/clamav-0.94.1/FAQ
 +/usr/share/doc/clamav-0.94.1/INSTALL
 +/usr/share/doc/clamav-0.94.1/NEWS
 +/usr/share/doc/clamav-0.94.1/README
 +/usr/share/doc/clamav-0.94.1/clamav-mirror-howto.pdf
 +/usr/share/doc/clamav-0.94.1/clamdoc.pdf
 +/usr/share/doc/clamav-0.94.1/freshclam.conf
 +/usr/share/doc/clamav-0.94.1/phishsigs_howto.pdf
 +/usr/share/doc/clamav-0.94.1/signatures.pdf
 +/usr/share/doc/clamav-0.94.1/test
 +/usr/share/doc/clamav-0.94.1/test/.split
 +/usr/share/doc/clamav-0.94.1/test/.split/split.clam-aspack.exeaa
 +/usr/share/doc/clamav-0.94.1/test/.split/split.clam-aspack.exeab
 +/usr/share/doc/clamav-0.94.1/test/.split/split.clam-fsg.exeaa
 +/usr/share/doc/clamav-0.94.1/test/.split/split.clam-fsg.exeab
 +/usr/share/doc/clamav-0.94.1/test/.split/split.clam-mew.exeaa
 +/usr/share/doc/clamav-0.94.1/test/.split/split.clam-mew.exeab
 +/usr/share/doc/clamav-0.94.1/test/.split/split.clam-nsis.exeaa
 +/usr/share/doc/clamav-0.94.1/test/.split/split.clam-nsis.exeab
 +/usr/share/doc/clamav-0.94.1/test/.split/split.clam-pespin.exeaa
 +/usr/share/doc/clamav-0.94.1/test/.split/split.clam-pespin.exeab
 +/usr/share/doc/clamav-0.94.1/test/.split/split.clam-petite.exeaa
 +/usr/share/doc/clamav-0.94.1/test/.split/split.clam-petite.exeab
 +/usr/share/doc/clamav-0.94.1/test/.split/split.clam-upack.exeaa
 +/usr/share/doc/clamav-0.94.1/test/.split/split.clam-upack.exeab
 +/usr/share/doc/clamav-0.94.1/test/.split/split.clam-upx.exeaa
 +/usr/share/doc/clamav-0.94.1/test/.split/split.clam-upx.exeab
 +/usr/share/doc/clamav-0.94.1/test/.split/split.clam-v2.raraa
 +/usr/share/doc/clamav-0.94.1/test/.split/split.clam-v2.rarab
 +/usr/share/doc/clamav-0.94.1/test/.split/split.clam-v3.raraa
 +/usr/share/doc/clamav-0.94.1/test/.split/split.clam-v3.rarab
 +/usr/share/doc/clamav-0.94.1/test/.split/split.clam-wwpack.exeaa
 +/usr/share/doc/clamav-0.94.1/test/.split/split.clam-wwpack.exeab
 +/usr/share/doc/clamav-0.94.1/test/.split/split.clam.arjaa
 +/usr/share/doc/clamav-0.94.1/test/.split/split.clam.arjab
 +/usr/share/doc/clamav-0.94.1/test/.split/split.clam.bz2.zipaa
 +/usr/share/doc/clamav-0.94.1/test/.split/split.clam.bz2.zipab
 +/usr/share/doc/clamav-0.94.1/test/.split/split.clam.cabaa
 +/usr/share/doc/clamav-0.94.1/test/.split/split.clam.cabab
 +/usr/share/doc/clamav-0.94.1/test/.split/split.clam.chmaa
 +/usr/share/doc/clamav-0.94.1/test/.split/split.clam.chmab
 +/usr/share/doc/clamav-0.94.1/test/.split/split.clam.d64.zipaa
 +/usr/share/doc/clamav-0.94.1/test/.split/split.clam.d64.zipab
 +/usr/share/doc/clamav-0.94.1/test/.split/split.clam.ea05.exeaa
 +/usr/share/doc/clamav-0.94.1/test/.split/split.clam.ea05.exeab
 +/usr/share/doc/clamav-0.94.1/test/.split/split.clam.ea06.exeaa
 +/usr/share/doc/clamav-0.94.1/test/.split/split.clam.ea06.exeab
 +/usr/share/doc/clamav-0.94.1/test/.split/split.clam.exe.binhexaa
 +/usr/share/doc/clamav-0.94.1/test/.split/split.clam.exe.binhexab
 +/usr/share/doc/clamav-0.94.1/test/.split/split.clam.exe.bz2aa
 +/usr/share/doc/clamav-0.94.1/test/.split/split.clam.exe.bz2ab
 +/usr/share/doc/clamav-0.94.1/test/.split/split.clam.exe.htmlaa
 +/usr/share/doc/clamav-0.94.1/test/.split/split.clam.exe.htmlab
 +/usr/share/doc/clamav-0.94.1/test/.split/split.clam.exe.mbox.base64aa
 +/usr/share/doc/clamav-0.94.1/test/.split/split.clam.exe.mbox.base64ab
 +/usr/share/doc/clamav-0.94.1/test/.split/split.clam.exe.mbox.uuaa
 +/usr/share/doc/clamav-0.94.1/test/.split/split.clam.exe.mbox.uuab
 +/usr/share/doc/clamav-0.94.1/test/.split/split.clam.exe.rtfaa
 +/usr/share/doc/clamav-0.94.1/test/.split/split.clam.exe.rtfab
 +/usr/share/doc/clamav-0.94.1/test/.split/split.clam.exe.szddaa
 +/usr/share/doc/clamav-0.94.1/test/.split/split.clam.exe.szddab
 +/usr/share/doc/clamav-0.94.1/test/.split/split.clam.exeaa
 +/usr/share/doc/clamav-0.94.1/test/.split/split.clam.exeab
 +/usr/share/doc/clamav-0.94.1/test/.split/split.clam.impl.zipaa
 +/usr/share/doc/clamav-0.94.1/test/.split/split.clam.impl.zipab
 +/usr/share/doc/clamav-0.94.1/test/.split/split.clam.mailaa
 +/usr/share/doc/clamav-0.94.1/test/.split/split.clam.mailab
 +/usr/share/doc/clamav-0.94.1/test/.split/split.clam.ole.docaa
 +/usr/share/doc/clamav-0.94.1/test/.split/split.clam.ole.docab
 +/usr/share/doc/clamav-0.94.1/test/.split/split.clam.pdfaa
 +/usr/share/doc/clamav-0.94.1/test/.split/split.clam.pdfab
 +/usr/share/doc/clamav-0.94.1/test/.split/split.clam.pptaa
 +/usr/share/doc/clamav-0.94.1/test/.split/split.clam.pptab
 +/usr/share/doc/clamav-0.94.1/test/.split/split.clam.sisaa
 +/usr/share/doc/clamav-0.94.1/test/.split/split.clam.sisab
 +/usr/share/doc/clamav-0.94.1/test/.split/split.clam.tar.gzaa
 +/usr/share/doc/clamav-0.94.1/test/.split/split.clam.tar.gzab
 +/usr/share/doc/clamav-0.94.1/test/.split/split.clam.tnefaa
 +/usr/share/doc/clamav-0.94.1/test/.split/split.clam.tnefab
 +/usr/share/doc/clamav-0.94.1/test/.split/split.clam.zipaa
 +/usr/share/doc/clamav-0.94.1/test/.split/split.clam.zipab
 +/usr/share/doc/clamav-0.94.1/test/Makefile
 +/usr/share/doc/clamav-0.94.1/test/Makefile.am
 +/usr/share/doc/clamav-0.94.1/test/Makefile.in
 +/usr/share/doc/clamav-0.94.1/test/README
 +/usr/share/doc/clamav-0.94.1/test/clam-aspack.exe
 +/usr/share/doc/clamav-0.94.1/test/clam-fsg.exe
 +/usr/share/doc/clamav-0.94.1/test/clam-mew.exe
 +/usr/share/doc/clamav-0.94.1/test/clam-nsis.exe
 +/usr/share/doc/clamav-0.94.1/test/clam-pespin.exe
 +/usr/share/doc/clamav-0.94.1/test/clam-petite.exe
 +/usr/share/doc/clamav-0.94.1/test/clam-upack.exe
 +/usr/share/doc/clamav-0.94.1/test/clam-upx.exe
 +/usr/share/doc/clamav-0.94.1/test/clam-v2.rar
 +/usr/share/doc/clamav-0.94.1/test/clam-v3.rar
 +/usr/share/doc/clamav-0.94.1/test/clam-wwpack.exe
 +/usr/share/doc/clamav-0.94.1/test/clam.arj
 +/usr/share/doc/clamav-0.94.1/test/clam.bz2.zip
 +/usr/share/doc/clamav-0.94.1/test/clam.cab
 +/usr/share/doc/clamav-0.94.1/test/clam.chm
 +/usr/share/doc/clamav-0.94.1/test/clam.d64.zip
 +/usr/share/doc/clamav-0.94.1/test/clam.ea05.exe
 +/usr/share/doc/clamav-0.94.1/test/clam.ea06.exe
 +/usr/share/doc/clamav-0.94.1/test/clam.exe
 +/usr/share/doc/clamav-0.94.1/test/clam.exe.binhex
 +/usr/share/doc/clamav-0.94.1/test/clam.exe.bz2
 +/usr/share/doc/clamav-0.94.1/test/clam.exe.html
 +/usr/share/doc/clamav-0.94.1/test/clam.exe.mbox.base64
 +/usr/share/doc/clamav-0.94.1/test/clam.exe.mbox.uu
 +/usr/share/doc/clamav-0.94.1/test/clam.exe.rtf
 +/usr/share/doc/clamav-0.94.1/test/clam.exe.szdd
 +/usr/share/doc/clamav-0.94.1/test/clam.impl.zip
 +/usr/share/doc/clamav-0.94.1/test/clam.mail
 +/usr/share/doc/clamav-0.94.1/test/clam.ole.doc
 +/usr/share/doc/clamav-0.94.1/test/clam.pdf
 +/usr/share/doc/clamav-0.94.1/test/clam.ppt
 +/usr/share/doc/clamav-0.94.1/test/clam.sis
 +/usr/share/doc/clamav-0.94.1/test/clam.tar.gz
 +/usr/share/doc/clamav-0.94.1/test/clam.tnef
 +/usr/share/doc/clamav-0.94.1/test/clam.zip
 +/usr/share/man/man1/clamscan.1.gz
 +/usr/share/man/man1/freshclam.1.gz
 +/usr/share/man/man1/sigtool.1.gz
 +/usr/share/man/man5/freshclam.conf.5.gz
 +</code>
 +
 +<code>rpm -ql clamav-db
 +/etc/cron.daily/freshclam
 +/etc/logrotate.d/freshclam
 +/var/clamav
 +/var/clamav/daily.cvd
 +/var/clamav/main.cvd
 +/var/log/clamav
 +</code>
 +===== Konfiguration =====
 +==== clamd ====
 +Die Konfigurationsdatei des ClamAV-Daemons **/etc/clamd.conf** passen wir unseren Gegebenheiten entsprechend an. 
 +Wichtig sind dabei insbesonders die drei Paramter:
 +  * **User clamav**
 +  * **AllowSupplementaryGroups yes**
 +  * **LocalSocket /tmp/clamd.socket**
 +In Summe ergibt sich also folgende Gesamtkonfiguration: 
 +<code>egrep -v '(^.*#|^$)' /etc/clamd.conf 
 +
 +LogFile /var/log/clamav/clamd.log
 +LogFileMaxSize 0
 +LogTime yes
 +LogSyslog yes
 +PidFile /var/run/clamav/clamd.pid
 +TemporaryDirectory /var/tmp
 +DatabaseDirectory /var/clamav
 +LocalSocket /tmp/clamd.socket
 +FixStaleSocket yes
 +TCPSocket 3310
 +TCPAddr 127.0.0.1
 +MaxConnectionQueueLength 30
 +MaxThreads 50
 +ReadTimeout 300
 +User clamav
 +AllowSupplementaryGroups yes
 +ScanPE yes
 +ScanELF yes
 +DetectBrokenExecutables yes
 +ScanOLE2 yes
 +ScanMail yes
 +ScanArchive yes
 +ArchiveBlockEncrypted no</code>
 +Wie in der **/etc/amavisd.conf** vermerkt <code># # NOTE: run clamd under the same user as amavisd, or run it under its own
 +# #   uid such as clamav, add user clamav to the amavis group, and then add
 +# # AllowSupplementaryGroups to clamd.conf;</code> erweitern wir die Gruppe **amavis** um den User **clamav**.
 +<code>vim /etc/group
 +
 +amavis:x:106:clamav</code>
 +==== amavisd ====
 +Die Konfiguration unseres Virenkillers [[http://www.clamav.net/|clamav]] erfolgt über dessen frontend [[centos:grundinstallation_von_amavis|AMaViS]]. Wir bearbeiten also die Datei **amavisd.conf**.
 +
 +   vim /etc/amavisd.conf
 +
 +Die Pfadangaben passen wir unseren Gegebenheiten an:
 +   $MYHOME = '/var/amavis';                    # a convenient default for other settings, -H
 +   $TEMPBASE = "$MYHOME/tmp";                  # working directory, needs to exist, -T
 +   $ENV{TMPDIR} = $TEMPBASE;                   # environment variable TMPDIR, used by SA, etc.
 +   $QUARANTINEDIR = "/var/virusmails";
 +Ebenso:
 +   $db_home   = "$MYHOME/db";                  # dir for bdb nanny/cache/snmp databases, -D
 +   $helpers_home = "$MYHOME/var";              # working directory for SpamAssassin, -S
 +   $lock_file = "$MYHOME/var/amavisd.lock";    # -L
 +   $pid_file  = "$MYHOME/var/amavisd.pid";     # -P
 +   $unix_socketname = "$MYHOME/amavisd.sock";  # amavisd-release or amavis-milter
 +Für den ersten Programmstart drehen wir den Loglevel auf den Wert **3**, den wir im späteren Produktivbetrieb dann auf **2** herabsetzen können. Somit erhalten wir in der Anfangsphase wertvolle und ausreichende Hinweise, falls etwas nicht wie geplant laufen sollte.
 +   $log_level = 3;                             # verbosity 0..5, -d
 +Da wir uns weder mit **Viren**, noch mit **Spam** oder den **unerwünschten Dateianhängen** herumschlagen wollen, weisen wir AMaViS an, diese Nachrichten über den Mailserver direkt ablehnt.
 +   $final_virus_destiny      = D_REJECT;
 +   $final_banned_destiny     = D_REJECT;
 +   $final_spam_destiny       = D_REJECT;
 +Da wir AMaViS in erster Linie in der dämonisierten Variante und als Fallback  als Backup-Scanner verwenden wollen,  aktivieren wir die entsprechenden Konfigurationszeilen kurz nach der Zeile **@av_scanners = (**. Die Pfadangaben des **Socket** müssen zu den Angaben in der vorweg beschriebenen **/etc/clamd.conf** passen!
 +   # ### http://www.clamav.net/
 +   ['ClamAV-clamd',
 +     \&ask_daemon, ["CONTSCAN {}\n", "/tmp/clamd.socket"],
 +     qr/\bOK$/, qr/\bFOUND$/,
 +     qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
 +   # # NOTE: run clamd under the same user as amavisd, or run it under its own
 +   # #   uid such as clamav, add user clamav to the amavis group, and then add
 +   # # AllowSupplementaryGroups to clamd.conf;
 +   # # NOTE: match socket name (LocalSocket) in clamav.conf to the socket name in
 +   # #   this entry; when running chrooted one may prefer socket "$MYHOME/clamd".
 +Die komplette AMaViS.Konfiguration lautet dann.
 +  # egrep -v '(^#|^$)' /etc/amavisd.conf
 +<code perl amavisd.conf >
 +use strict;
 +$max_servers = 5;            # num of pre-forked children (2..30 is common), -m
 +$daemon_user  = "amavis";     # (no default;  customary: vscan or amavis), -u
 +$daemon_group = "amavis";     # (no default;  customary: vscan or amavis), -g
 +$myhostname = 'amavis.nausch.org'; # hostname
 +$mydomain = 'nausch.org';   # a convenient default for other settings
 +$MYHOME = '/var/amavis';   # a convenient default for other settings, -H
 +$TEMPBASE = "$MYHOME/tmp";   # working directory, needs to exist, -T
 +$ENV{TMPDIR} = $TEMPBASE;    # environment variable TMPDIR, used by SA, etc.
 +$QUARANTINEDIR = "/var/virusmails";
 +$db_home   = "$MYHOME/db";      # dir for bdb nanny/cache/snmp databases, -D
 +$helpers_home = "$MYHOME/var";  # working directory for SpamAssassin, -S
 +$lock_file = "$MYHOME/var/amavisd.lock";  # -L
 +$pid_file  = "$MYHOME/var/amavisd.pid";   # -P
 +$log_level = 3;              # verbosity 0..5, -d
 +$log_recip_templ = undef;    # disable by-recipient level-0 log entries
 +$DO_SYSLOG = 1;              # log via syslogd (preferred)
 +$syslog_facility = 'mail';   # Syslog facility as a string
 +           # e.g.: mail, daemon, user, local0, ... local7
 +$syslog_priority = 'debug';  # Syslog base (minimal) priority as a string,
 +           # choose from: emerg, alert, crit, err, warning, notice, info, debug
 +$enable_db = 1;              # enable use of BerkeleyDB/libdb (SNMP and nanny)
 +$enable_global_cache = 1;    # enable use of libdb-based cache if $enable_db=1
 +$nanny_details_level = 2;    # nanny verbosity: 1: traditional, 2: detailed
 +$enable_dkim_verification = 1;  # enable DKIM signatures verification
 +$enable_dkim_signing = 1;    # load DKIM signing code, keys defined by dkim_key
 +@local_domains_maps = ( [".$mydomain"] );  # list of all local domains
 +@mynetworks = qw( 127.0.0.0/8 [::1] [FE80::]/10 [FEC0::]/10
 +                  10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 );
 +$unix_socketname = "$MYHOME/amavisd.sock";  # amavisd-release or amavis-milter
 +               # option(s) -p overrides $inet_socket_port and $unix_socketname
 +$inet_socket_port = 10024;   # listen on this local TCP port(s)
 +$policy_bank{'MYNETS'} = {   # mail originating from @mynetworks
 +  originating => 1,  # is true in MYNETS by default, but let's make it explicit
 +  os_fingerprint_method => undef,  # don't query p0f for internal clients
 +};
 +$interface_policy{'10026'} = 'ORIGINATING';
 +$policy_bank{'ORIGINATING'} = {  # mail supposedly originating from our users
 +  originating => 1,  # declare that mail was submitted by our smtp client
 +  allow_disclaimers => 1,  # enables disclaimer insertion if available
 +  # notify administrator of locally originating malware
 +  virus_admin_maps => ["virusalert\@$mydomain"],
 +  spam_admin_maps  => ["virusalert\@$mydomain"],
 +  warnbadhsender   => 1,
 +  # forward to a smtpd service providing DKIM signing service
 +  forward_method => 'smtp:[127.0.0.1]:10027',
 +  # force MTA conversion to 7-bit (e.g. before DKIM signing)
 +  smtpd_discard_ehlo_keywords => ['8BITMIME'],
 +  bypass_banned_checks_maps => [1],  # allow sending any file names and types
 +  terminate_dsn_on_notify_success => 0,  # don't remove NOTIFY=SUCCESS option
 +};
 +$interface_policy{'SOCK'} = 'AM.PDP-SOCK'; # only applies with $unix_socketname
 +$policy_bank{'AM.PDP-SOCK'} = {
 +  protocol => 'AM.PDP',
 +  auth_required_release => 0,  # do not require secret_id for amavisd-release
 +};
 +$sa_tag_level_deflt  = 2.0;  # add spam info headers if at, or above that level
 +$sa_tag2_level_deflt = 6.31;  # add 'spam detected' headers at that level
 +$sa_kill_level_deflt = 6.31;  # triggers spam evasive actions (e.g. blocks mail)
 +$sa_dsn_cutoff_level = 10;   # spam level beyond which a DSN is not sent
 +$sa_crediblefrom_dsn_cutoff_level = 18; # likewise, but for a likely valid From
 +$penpals_bonus_score = 8;    # (no effect without a @storage_sql_dsn database)
 +$penpals_threshold_high = $sa_kill_level_deflt;  # don't waste time on hi spam
 +$bounce_killer_score = 100;  # spam score points to add for joe-jobbed bounces
 +$sa_mail_body_size_limit = 400*1024; # don't waste time on SA if mail is larger
 +$sa_local_tests_only = 0;    # only tests which do not require internet access?
 +$virus_admin               = "virusalert\@$mydomain";  # notifications recip.
 +$mailfrom_notify_admin     = "virusalert\@$mydomain";  # notifications sender
 +$mailfrom_notify_recip     = "virusalert\@$mydomain";  # notifications sender
 +$mailfrom_notify_spamadmin = "spam.police\@$mydomain"; # notifications sender
 +$mailfrom_to_quarantine = ''; # null return path; uses original sender if undef
 +@addr_extension_virus_maps      = ('virus');
 +@addr_extension_banned_maps     = ('banned');
 +@addr_extension_spam_maps       = ('spam');
 +@addr_extension_bad_header_maps = ('badh');
 +$path = '/usr/local/sbin:/usr/local/bin:/usr/sbin:/sbin:/usr/bin:/bin';
 +$MAXLEVELS = 14;
 +$MAXFILES = 1500;
 +$MIN_EXPANSION_QUOTA =      100*1024;  # bytes  (default undef, not enforced)
 +$MAX_EXPANSION_QUOTA = 300*1024*1024;  # bytes  (default undef, not enforced)
 +$sa_spam_subject_tag = '***SPAM*** ';
 +$defang_virus  = 1;  # MIME-wrap passed infected mail
 +$defang_banned = 1;  # MIME-wrap passed mail containing banned name
 +$defang_by_ccat{+CC_BADH.",3"} = 1;  # NUL or CR character in header
 +$defang_by_ccat{+CC_BADH.",5"} = 1;  # header line longer than 998 characters
 +$defang_by_ccat{+CC_BADH.",6"} = 1;  # header field syntax error
 +$final_virus_destiny      = D_REJECT;
 +$final_banned_destiny     = D_REJECT;
 +$final_spam_destiny       = D_REJECT;
 +$virus_quarantine_to = undef;
 +$banned_quarantine_to = undef;
 +$spam_quarantine_to = undef;
 +$bad_header_quarantine_to = undef;
 +@keep_decoded_original_maps = (new_RE(
 +  qr'^MAIL$',   # retain full original message for virus checking
 +  qr'^MAIL-UNDECIPHERABLE$', # recheck full mail if it contains undecipherables
 +  qr'^(ASCII(?! cpio)|text|uuencoded|xxencoded|binhex)'i,
 +));
 +$banned_filename_re = new_RE(
 +  qr'^\.(exe-ms|dll)$',                   # banned file(1) types, rudimentary
 +  [ qr'^\.(rpm|cpio|tar)$'       => 0 ],  # allow any in Unix-type archives
 +  qr'.\.(pif|scr)$'i,                     # banned extensions - rudimentary
 +  qr'^application/x-msdownload$'i,        # block these MIME types
 +  qr'^application/x-msdos-program$'i,
 +  qr'^application/hta$'i,
 +  # block certain double extensions in filenames
 +  qr'\.[^./]*[A-Za-z][^./]*\.\s*(exe|vbs|pif|scr|bat|cmd|com|cpl|dll)[.\s]*$'i,
 +  qr'.\.(exe|vbs|pif|scr|cpl)$'i,             # banned extension - basic
 +);
 +@score_sender_maps = ({ # a by-recipient hash lookup table,
 +                        # results from all matching recipient tables are summed
 +  ## site-wide opinions about senders (the '.' matches any recipient)
 +  '.' => [  # the _first_ matching sender determines the score boost
 +   new_RE(  # regexp-type lookup table, just happens to be all soft-blacklist
 +    [qr'^(bulkmail|offers|cheapbenefits|earnmoney|foryou)@'        => 5.0],
 +    [qr'^(greatcasino|investments|lose_weight_today|market\.alert)@'i=> 5.0],
 +    [qr'^(money2you|MyGreenCard|new\.tld\.registry|opt-out|opt-in)@'i=> 5.0],
 +    [qr'^(optin|saveonlsmoking2002k|specialoffer|specialoffers)@'  => 5.0],
 +    [qr'^(stockalert|stopsnoring|wantsome|workathome|yesitsfree)@' => 5.0],
 +    [qr'^(your_friend|greatoffers)@'                               => 5.0],
 +    [qr'^(inkjetplanet|marketopt|MakeMoney)\d*@'                   => 5.0],
 +   ),
 +   { # a hash-type lookup table (associative array)
 +     'nobody@cert.org'                        => -3.0,
 +     'cert-advisory@us-cert.gov'              => -3.0,
 +     'owner-alert@iss.net'                    => -3.0,
 +     'slashdot@slashdot.org'                  => -3.0,
 +     'securityfocus.com'                      => -3.0,
 +     'ntbugtraq@listserv.ntbugtraq.com'       => -3.0,
 +     'security-alerts@linuxsecurity.com'      => -3.0,
 +     'mailman-announce-admin@python.org'      => -3.0,
 +     'amavis-user-admin@lists.sourceforge.net'=> -3.0,
 +     'amavis-user-bounces@lists.sourceforge.net' => -3.0,
 +     'spamassassin.apache.org'                => -3.0,
 +     'notification-return@lists.sophos.com'   => -3.0,
 +     'owner-postfix-users@postfix.org'        => -3.0,
 +     'owner-postfix-announce@postfix.org'     => -3.0,
 +     'owner-sendmail-announce@lists.sendmail.org'   => -3.0,
 +     'sendmail-announce-request@lists.sendmail.org' => -3.0,
 +     'donotreply@sendmail.org'                => -3.0,
 +     'ca+envelope@sendmail.org'               => -3.0,
 +     'noreply@freshmeat.net'                  => -3.0,
 +     'owner-technews@postel.acm.org'          => -3.0,
 +     'ietf-123-owner@loki.ietf.org'           => -3.0,
 +     'cvs-commits-list-admin@gnome.org'       => -3.0,
 +     'rt-users-admin@lists.fsck.com'          => -3.0,
 +     'clp-request@comp.nus.edu.sg'            => -3.0,
 +     'surveys-errors@lists.nua.ie'            => -3.0,
 +     'emailnews@genomeweb.com'                => -5.0,
 +     'yahoo-dev-null@yahoo-inc.com'           => -3.0,
 +     'returns.groups.yahoo.com'               => -3.0,
 +     'clusternews@linuxnetworx.com'           => -3.0,
 +     lc('lvs-users-admin@LinuxVirtualServer.org'   => -3.0,
 +     lc('owner-textbreakingnews@CNNIMAIL12.CNN.COM') => -5.0,
 +     # soft-blacklisting (positive score)
 +     'sender@example.net'                     =>  3.0,
 +     '.example.net'                           =>  1.0,
 +   },
 +  ],  # end of site-wide tables
 +});
 +@decoders = (
 +  ['mail', \&do_mime_decode],
 +  ['asc',  \&do_ascii],
 +  ['uue',  \&do_ascii],
 +  ['hqx',  \&do_ascii],
 +  ['ync',  \&do_ascii],
 +  ['F',    \&do_uncompress, ['unfreeze','freeze -d','melt','fcat'] ],
 +  ['Z',    \&do_uncompress, ['uncompress','gzip -d','zcat'] ],
 +  ['gz',   \&do_uncompress,  'gzip -d'],
 +  ['gz',   \&do_gunzip],
 +  ['bz2',  \&do_uncompress,  'bzip2 -d'],
 +  ['lzo',  \&do_uncompress,  'lzop -d'],
 +  ['rpm',  \&do_uncompress, ['rpm2cpio.pl','rpm2cpio'] ],
 +  ['cpio', \&do_pax_cpio,   ['pax','gcpio','cpio'] ],
 +  ['tar',  \&do_pax_cpio,   ['pax','gcpio','cpio'] ],
 +  ['deb',  \&do_ar,          'ar'],
 +  ['zip',  \&do_unzip],
 +  ['7z',   \&do_7zip,       ['7zr','7za','7z'] ],
 +  ['rar',  \&do_unrar,      ['rar','unrar'] ],
 +  ['arj',  \&do_unarj,      ['arj','unarj'] ],
 +  ['arc',  \&do_arc,        ['nomarch','arc'] ],
 +  ['zoo',  \&do_zoo,        ['zoo','unzoo'] ],
 +  ['lha',  \&do_lha,         'lha'],
 +  ['cab',  \&do_cabextract,  'cabextract'],
 +  ['tnef', \&do_tnef_ext,    'tnef'],
 +  ['tnef', \&do_tnef],
 +  ['exe',  \&do_executable, ['rar','unrar'], 'lha', ['arj','unarj'] ],
 +);
 +@av_scanners = (
 +['ClamAV-clamd',
 +  \&ask_daemon, ["CONTSCAN {}\n", "/tmp/clamd.socket"],
 +  qr/\bOK$/m, qr/\bFOUND$/m,
 +  qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ],
 +  ### http://www.kaspersky.com/  (kav4mailservers)
 +  ['KasperskyLab AVP - aveclient',
 +    ['/usr/local/kav/bin/aveclient','/usr/local/share/kav/bin/aveclient',
 +     '/opt/kav/5.5/kav4mailservers/bin/aveclient','aveclient'],
 +    '-p /var/run/aveserver -s {}/*',
 +    [0,3,6,8], qr/\b(INFECTED|SUSPICION|SUSPICIOUS)\b/m,
 +    qr/(?:INFECTED|WARNING|SUSPICION|SUSPICIOUS) (.+)/m,
 +  ],
 +  # NOTE: one may prefer [0],[2,3,4,5], depending on how suspicious,
 +  # currupted or protected archives are to be handled
 +  ### http://www.kaspersky.com/
 +  ['KasperskyLab AntiViral Toolkit Pro (AVP)', ['avp'],
 +    '-* -P -B -Y -O- {}', [0,3,6,8], [2,4],    # any use for -A -K   ?
 +    qr/infected: (.+)/m,
 +    sub {chdir('/opt/AVP') or die "Can't chdir to AVP: $!"},
 +    sub {chdir($TEMPBASE) or die "Can't chdir back to $TEMPBASE $!"},
 +  ],
 +  ### The kavdaemon and AVPDaemonClient have been removed from Kasperky
 +  ### products and replaced by aveserver and aveclient
 +  ['KasperskyLab AVPDaemonClient',
 +    [ '/opt/AVP/kavdaemon',       'kavdaemon',
 +      '/opt/AVP/AvpDaemonClient', 'AvpDaemonClient',
 +      '/opt/AVP/AvpTeamDream',    'AvpTeamDream',
 +      '/opt/AVP/avpdc', 'avpdc' ],
 +    "-f=$TEMPBASE {}", [0,8], [3,4,5,6], qr/infected: ([^\r\n]+)/m ],
 +    # change the startup-script in /etc/init.d/kavd to:
 +    #   DPARMS="-* -Y -dl -f=/var/amavis /var/amavis"
 +    #   (or perhaps:   DPARMS="-I0 -Y -* /var/amavis" )
 +    # adjusting /var/amavis above to match your $TEMPBASE.
 +    # The '-f=/var/amavis' is needed if not running it as root, so it
 +    # can find, read, and write its pid file, etc., see 'man kavdaemon'.
 +    # defUnix.prf: there must be an entry "*/var/amavis" (or whatever
 +    #   directory $TEMPBASE specifies) in the 'Names=' section.
 +    # cd /opt/AVP/DaemonClients; configure; cd Sample; make
 +    # cp AvpDaemonClient /opt/AVP/
 +    # su - vscan -c "${PREFIX}/kavdaemon ${DPARMS}"
 +  ### http://www.centralcommand.com/
 +  ['CentralCommand Vexira (new) vascan',
 +    ['vascan','/usr/lib/Vexira/vascan'],
 +    "-a s --timeout=60 --temp=$TEMPBASE -y $QUARANTINEDIR ".
 +    "--log=/var/log/vascan.log {}",
 +    [0,3], [1,2,5],
 +    qr/(?x)^\s* (?:virus|iworm|macro|mutant|sequence|trojan)\ found:\ ( [^\]\s']+ )\ \.\.\.\ /m ],
 +    # Adjust the path of the binary and the virus database as needed.
 +    # 'vascan' does not allow to have the temp directory to be the same as
 +    # the quarantine directory, and the quarantine option can not be disabled.
 +    # If $QUARANTINEDIR is not used, then another directory must be specified
 +    # to appease 'vascan'. Move status 3 to the second list if password
 +    # protected files are to be considered infected.
 +  ### http://www.avira.com/
 +  ### Avira AntiVir (formerly H+BEDV) or (old) CentralCommand Vexira Antivirus
 +  ['Avira AntiVir', ['antivir','vexira'],
 +    '--allfiles -noboot -nombr -rs -s -z {}', [0], qr/ALERT:|VIRUS:/m,
 +    qr/(?x)^\s* (?: ALERT: \s* (?: \[ | [^']* ' ) |
 +         (?i) VIRUS:\ .*?\ virus\ '?) ( [^\]\s']+ )/m ],
 +    # NOTE: if you only have a demo version, remove -z and add 214, as in:
 +    #  '--allfiles -noboot -nombr -rs -s {}', [0,214], qr/ALERT:|VIRUS:/,
 +  ### http://www.commandsoftware.com/
 +  ['Command AntiVirus for Linux', 'csav',
 +    '-all -archive -packed {}', [50], [51,52,53],
 +    qr/Infection: (.+)/m ],
 +  ### http://www.symantec.com/
 +  ['Symantec CarrierScan via Symantec CommandLineScanner',
 +    'cscmdline', '-a scan -i 1 -v -s 127.0.0.1:7777 {}',
 +    qr/^Files Infected:\s+0$/m, qr/^Infected\b/m,
 +    qr/^(?:Info|Virus Name):\s+(.+)/m ],
 +  ### http://www.symantec.com/
 +  ['Symantec AntiVirus Scan Engine',
 +    'savsecls', '-server 127.0.0.1:7777 -mode scanrepair -details -verbose {}',
 +    [0], qr/^Infected\b/m,
 +    qr/^(?:Info|Virus Name):\s+(.+)/m ],
 +    # NOTE: check options and patterns to see which entry better applies
 +  ### http://www.f-secure.com/products/anti-virus/  version 5.52
 +   ['F-Secure Antivirus for Linux servers',
 +    ['/opt/f-secure/fsav/bin/fsav', 'fsav'],
 +    '--virus-action1=report --archive=yes --auto=yes '.
 +    '--dumb=yes --list=no --mime=yes {}', [0], [3,4,6,8],
 +    qr/(?:infection|Infected|Suspected|Riskware): (.+)/m ],
 +    # NOTE: internal archive handling may be switched off by '--archive=no'
 +    #   to prevent fsav from exiting with status 9 on broken archives
 +  ['CAI InoculateIT', 'inocucmd',  # retired product
 +    '-sec -nex {}', [0], [100],
 +    qr/was infected by virus (.+)/m ],
 +  # see: http://www.flatmtn.com/computer/Linux-Antivirus_CAI.html
 +  ### http://www3.ca.com/Solutions/Product.asp?ID=156  (ex InoculateIT)
 +  ['CAI eTrust Antivirus', 'etrust-wrapper',
 +    '-arc -nex -spm h {}', [0], [101],
 +    qr/is infected by virus: (.+)/m ],
 +    # NOTE: requires suid wrapper around inocmd32; consider flag: -mod reviewer
 +    # see http://marc.theaimsgroup.com/?l=amavis-user&m=109229779912783
 +  ### http://mks.com.pl/english.html
 +  ['MkS_Vir for Linux (beta)', ['mks32','mks'],
 +    '-s {}/*', [0], [1,2],
 +    qr/--[ \t]*(.+)/m ],
 +  ### http://mks.com.pl/english.html
 +  ['MkS_Vir daemon', 'mksscan',
 +    '-s -q {}', [0], [1..7],
 +    qr/^... (\S+)/m ],
 +  ### http://www.eset.com/, version 3.0
 +  ['ESET Software ESETS Command Line Interface',
 +    ['/usr/bin/esets_cli', 'esets_cli'],
 +    '--subdir {}', [0], [1,2,3],
 +    qr/:\s*action="(?!accepted)[^"]*"\n.*:\s*virus="([^"]*)"/m ],
 +  ## http://www.nod32.com/,  NOD32LFS version 2.5 and above
 +  ['ESET NOD32 for Linux File servers',
 +    ['/opt/eset/nod32/sbin/nod32','nod32'],
 +    '--files -z --mail --sfx --rtp --adware --unsafe --pattern --heur '.
 +    '-w -a --action=1 -b {}',
 +    [0], [1,10], qr/^object=.*, virus="(.*?)",/m ],
 +  ### http://www.norman.com/products_nvc.shtml
 +  ['Norman Virus Control v5 / Linux', 'nvcc',
 +    '-c -l:0 -s -u -temp:$TEMPBASE {}', [0,10,11], [1,2,14],
 +    qr/(?i).* virus in .* -> \'(.+)\'/m ],
 +  ### http://www.pandasoftware.com/
 +  ['Panda CommandLineSecure 9 for Linux',
 +    ['/opt/pavcl/usr/bin/pavcl','pavcl'],
 +    '-auto -aex -heu -cmp -nbr -nor -nos -eng -nob {}',
 +    qr/Number of files infected[ .]*: 0+(?!\d)/m,
 +    qr/Number of files infected[ .]*: 0*[1-9]/m,
 +    qr/Found virus :\s*(\S+)/m ],
 +  # NOTE: for efficiency, start the Panda in resident mode with 'pavcl -tsr'
 +  # before starting amavisd - the bases are then loaded only once at startup.
 +  # To reload bases in a signature update script:
 +  #   /opt/pavcl/usr/bin/pavcl -tsr -ulr; /opt/pavcl/usr/bin/pavcl -tsr
 +  # Please review other options of pavcl, for example:
 +  #  -nomalw, -nojoke, -nodial, -nohackt, -nospyw, -nocookies
 +  ### http://www.nai.com/
 +  ['NAI McAfee AntiVirus (uvscan)', 'uvscan',
 +    '--secure -rv --mime --summary --noboot - {}', [0], [13],
 +    qr/(?x) Found (?:
 +        \ the\ (.+)\ (?:virus|trojan)  |
 +        \ (?:virus|trojan)\ or\ variant\ ([^ ]+)  |
 +        :\ (.+)\ NOT\ a\ virus)/m,
 +  # sub {$ENV{LD_PRELOAD}='/lib/libc.so.6'},
 +  # sub {delete $ENV{LD_PRELOAD}},
 +  ],
 +  # NOTE1: with RH9: force the dynamic linker to look at /lib/libc.so.6 before
 +  # anything else by setting environment variable LD_PRELOAD=/lib/libc.so.6
 +  # and then clear it when finished to avoid confusing anything else.
 +  # NOTE2: to treat encrypted files as viruses replace the [13] with:
 +  #  qr/^\s{5,}(Found|is password-protected|.*(virus|trojan))/
 +  ### http://www.virusbuster.hu/en/
 +  ['VirusBuster', ['vbuster', 'vbengcl'],
 +    "{} -ss -i '*' -log=$MYHOME/vbuster.log", [0], [1],
 +    qr/: '(.*)' - Virus/m ],
 +  # VirusBuster Ltd. does not support the daemon version for the workstation
 +  # engine (vbuster-eng-1.12-linux-i386-libc6.tgz) any longer. The names of
 +  # binaries, some parameters AND return codes have changed (from 3 to 1).
 +  # See also the new Vexira entry 'vascan' which is possibly related.
 +  ### http://www.cyber.com/
 +  ['CyberSoft VFind', 'vfind',
 +    '--vexit {}/*', [0], [23], qr/##==>>>> VIRUS ID: CVDL (.+)/m,
 +  # sub {$ENV{VSTK_HOME}='/usr/lib/vstk'},
 +  ],
 +  ### http://www.avast.com/
 +  ['avast! Antivirus', ['/usr/bin/avastcmd','avastcmd'],
 +    '-a -i -n -t=A {}', [0], [1], qr/\binfected by:\s+([^ \t\n\[\]]+)/m ],
 +  ### http://www.ikarus-software.com/
 +  ['Ikarus AntiVirus for Linux', 'ikarus',
 +    '{}', [0], [40], qr/Signature (.+) found/m ],
 +  ### http://www.bitdefender.com/
 +  ['BitDefender', 'bdscan',  # new version
 +    '--action=ignore --no-list {}', qr/^Infected files\s*:\s*0+(?!\d)/m,
 +    qr/^(?:Infected files|Identified viruses|Suspect files)\s*:\s*0*[1-9]/m,
 +    qr/(?:suspected|infected)\s*:\s*(.*)(?:\033|$)/m ],
 +  ### http://www.bitdefender.com/
 +  ['BitDefender', 'bdc',  # old version
 +    '--arc --mail {}', qr/^Infected files *:0+(?!\d)/m,
 +    qr/^(?:Infected files|Identified viruses|Suspect files) *:0*[1-9]/m,
 +    qr/(?:suspected|infected): (.*)(?:\033|$)/m ],
 +  # consider also: --all --nowarn --alev=15 --flev=15.  The --all argument may
 +  # not apply to your version of bdc, check documentation and see 'bdc --help'
 +  ### ArcaVir for Linux and Unix http://www.arcabit.pl/
 +  ['ArcaVir for Linux', ['arcacmd','arcacmd.static'],
 +    '-v 1 -summary 0 -s {}', [0], [1,2],
 +    qr/(?:VIR|WIR):[ \t]*(.+)/m ],
 +);
 +@av_scanners_backup = (
 +  ### http://www.clamav.net/   - backs up clamd or Mail::ClamAV
 +  ['ClamAV-clamscan', 'clamscan',
 +    "--stdout --no-summary -r --tempdir=$TEMPBASE {}",
 +    [0], qr/:.*\sFOUND$/m, qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ],
 +  ### http://www.f-prot.com/   - backs up F-Prot Daemon, V6
 +  ['F-PROT Antivirus for UNIX', ['fpscan'],
 +    '--report --mount --adware {}',  # consider: --applications -s 4 -u 3 -z 10
 +    [0,8,64],  [1,2,3, 4+1,4+2,4+3, 8+1,8+2,8+3, 12+1,12+2,12+3],
 +    qr/^\[Found\s+[^\]]*\]\s+<([^ \t(>]*)/m ],
 +  ### http://www.f-prot.com/   - backs up F-Prot Daemon (old)
 +  ['FRISK F-Prot Antivirus', ['f-prot','f-prot.sh'],
 +    '-dumb -archive -packed {}', [0,8], [3,6],   # or: [0], [3,6,8],
 +    qr/(?:Infection:|security risk named) (.+)|\s+contains\s+(.+)$/m ],
 +  ### http://www.trendmicro.com/   - backs up Trophie
 +  ['Trend Micro FileScanner', ['/etc/iscan/vscan','vscan'],
 +    '-za -a {}', [0], qr/Found virus/m, qr/Found virus (.+) in/m ],
 +  ### http://www.sald.com/, http://drweb.imshop.de/   - backs up DrWebD
 +  ['drweb - DrWeb Antivirus',  # security LHA hole in Dr.Web 4.33 and earlier
 +    ['/usr/local/drweb/drweb', '/opt/drweb/drweb', 'drweb'],
 +    '-path={} -al -go -ot -cn -upn -ok-',
 +    [0,32], [1,9,33], qr' infected (?:with|by)(?: virus)? (.*)$'m ],
 +   ### http://www.kaspersky.com/
 +   ['Kaspersky Antivirus v5.5',
 +     ['/opt/kaspersky/kav4fs/bin/kav4fs-kavscanner',
 +      '/opt/kav/5.5/kav4unix/bin/kavscanner',
 +      '/opt/kav/5.5/kav4mailservers/bin/kavscanner', 'kavscanner'],
 +     '-i0 -xn -xp -mn -R -ePASBME {}/*', [0,10,15], [5,20,21,25],
 +     qr/(?:INFECTED|WARNING|SUSPICION|SUSPICIOUS) (.*)/m,
 +   ],
 +);
 +1;  # insure a defined return value </code>
 +
 +===== Programmstart =====
 +==== clamd ====
 +Nun ist es an der Zeit unseren **ClamAV**-Daemon das erste mal zu starten. 
 +   # service clamd start
 +<code>Starting Clam AntiVirus Daemon: LibClamAV Warning: **************************************************
 +LibClamAV Warning: ***  The virus database is older than 7 days!  ***
 +LibClamAV Warning: ***   Please update it as soon as possible.    ***
 +LibClamAV Warning: **************************************************
 +                                                            OK  ]</code>
 +Wir müssen also unser Virendatenbank erst einmal updaten - Hierzu nutzen wir das Programm **freshclam** aus dem Paket **//clamav//**. Wir stoppen nun erst einmal unseren Daemon uns fahren mit der Installation und Konfiguration der weiteren Schritte fort.
 +   # service clamd stop
 +
 +   Stopping Clam AntiVirus Daemon:                            [  OK  ]
 +
 +==== amavisd ====
 +Zum Aktivieren der vorgenannten Konfigurationsänderungen in der **/etc/amavisd.conf**, führen wir nun einen Restart unseres //**A** **MA**il **Vi**rus **S**canners// durch.
 +   # service amavisd restart
 +
 +   Mail Virus Scanner (amavisd) beenden:                      [  OK  ]
 +   Mail Virus Scanner (amavisd) starten:                      [  OK  ]
 +   Mail Virus Scanner (amavisd) starten:                      [  OK  ]
 +Im Maillog **/var/log/maillog** wird der erfolgreiche Restart entsprechend vermerkt:
 +<code>Nov 20 22:52:07 nss amavis[27959]: (27959-10) TempDir removal: empty tempdir is being removed: /var/amavis/tmp/amavis-20081120T212043-27959
 +Nov 20 22:52:07 nss amavis[27960]: (27960-09) TempDir removal: empty tempdir is being removed: /var/amavis/tmp/amavis-20081120T211933-27960
 +Nov 20 22:52:07 nss amavis[27957]: Net::Server: 2008/11/20-22:52:07 Server closing!
 +Nov 20 22:52:09 nss amavis[29613]: logging initialized, log level 3, syslog: amavis.mail
 +Nov 20 22:52:09 nss amavis[29613]: starting.  /usr/sbin/amavisd at amavis.nausch.org amavisd-new-2.5.4 (20080312), Unicode aware, LANG="de_DE.UTF-8"
 +Nov 20 22:52:09 nss amavis[29613]: user=103, EUID: 103 (103);  group=, EGID: 106 106 (106 106)
 +Nov 20 22:52:09 nss amavis[29613]: Perl version               5.008008
 +Nov 20 22:52:09 nss amavis[29613]: INFO: SA version: 3.2.4, 3.002004, no optional modules: Net::CIDR::Lite Sys::Hostname::Long Mail::SpamAssassin::BayesStore::PgSQL Encode::Detect Mail::SpamAssassin::Plugin::DKIM Razor2::Client::Agent IP::Country::Fast Mail::DKIM Mail::DKIM::Verifier Image::Info Image::Info::GIF Image::Info::JPEG Image::Info::PNG Image::Info::TIFF Mail::SPF Mail::SPF::Server Mail::SPF::Request Mail::SPF::Mech Mail::SPF::Mech::A Mail::SPF::Mech::PTR Mail::SPF::Mech::All Mail::SPF::Mech::Exists Mail::SPF::Mech::IP4 Mail::SPF::Mech::IP6 Mail::SPF::Mech::Include Mail::SPF::Mech::MX Mail::SPF::Mod Mail::SPF::Mod::Exp Mail::SPF::Mod::Redirect Mail::SPF::SenderIPAddrMech Mail::SPF::v1::Record Mail::SPF::v2::Record NetAddr::IP NetAddr::IP::Util auto::NetAddr::IP::Util::inet_n2dx auto::NetAddr::IP::Util::ipv6_n2d Mail::SPF::Query Crypt::OpenSSL::RSA auto::Crypt::OpenSSL::RSA::new_public_key auto::Crypt::OpenSSL::RSA::new_key_from_parameters auto::Crypt::OpenSSL::RSA::get_key_parameters aut...
 +Nov 20 22:52:09 nss amavis[29613]: ...o::Crypt::OpenSSL::RSA::import_random_seed Digest::SHA Error
 +Nov 20 22:52:09 nss amavis[29613]: SpamControl: init_pre_chroot done
 +Nov 20 22:52:09 nss amavis[29614]: Net::Server: Process Backgrounded
 +Nov 20 22:52:09 nss amavis[29614]: Net::Server: 2008/11/20-22:52:09 Amavis (type Net::Server::PreForkSimple) starting! pid(29614)
 +Nov 20 22:52:09 nss amavis[29614]: Net::Server: Binding to UNIX socket file /var/amavis/amavisd.sock using SOCK_STREAM
 +Nov 20 22:52:09 nss amavis[29614]: Net::Server: Binding to TCP port 10024 on host 127.0.0.1
 +Nov 20 22:52:09 nss amavis[29614]: Net::Server: Group Not Defined.  Defaulting to EGID '106 106'
 +Nov 20 22:52:09 nss amavis[29614]: Net::Server: User Not Defined.  Defaulting to EUID '103'
 +Nov 20 22:52:09 nss amavis[29614]: config files read: /etc/amavisd.conf
 +Nov 20 22:52:09 nss amavis[29614]: Module Amavis::Conf        2.094
 +Nov 20 22:52:09 nss amavis[29614]: Module Archive::Zip        1.16
 +Nov 20 22:52:09 nss amavis[29614]: Module BerkeleyDB          0.36
 +Nov 20 22:52:09 nss amavis[29614]: Module Compress::Zlib      1.42
 +Nov 20 22:52:09 nss amavis[29614]: Module Convert::TNEF       0.17
 +Nov 20 22:52:09 nss amavis[29614]: Module Convert::UUlib      1.051
 +Nov 20 22:52:09 nss amavis[29614]: Module DBD::mysql          4.008
 +Nov 20 22:52:09 nss amavis[29614]: Module DBI                 1.52
 +Nov 20 22:52:09 nss amavis[29614]: Module DB_File             1.814
 +Nov 20 22:52:09 nss amavis[29614]: Module Digest::MD5         2.36
 +Nov 20 22:52:09 nss amavis[29614]: Module Digest::SHA1        2.11
 +Nov 20 22:52:09 nss amavis[29614]: Module IO::Socket::INET6   2.51
 +Nov 20 22:52:09 nss amavis[29614]: Module MIME::Entity        5.420
 +Nov 20 22:52:09 nss amavis[29614]: Module MIME::Parser        5.420
 +Nov 20 22:52:09 nss amavis[29614]: Module MIME::Tools         5.420
 +Nov 20 22:52:09 nss amavis[29614]: Module Mail::Header        1.77
 +Nov 20 22:52:09 nss amavis[29614]: Module Mail::Internet      1.77
 +Nov 20 22:52:09 nss amavis[29614]: Module Mail::SpamAssassin  3.002004
 +Nov 20 22:52:09 nss amavis[29614]: Module Net::DNS            0.59
 +Nov 20 22:52:09 nss amavis[29614]: Module Net::Server         0.97
 +Nov 20 22:52:09 nss amavis[29614]: Module Time::HiRes         1.86
 +Nov 20 22:52:09 nss amavis[29614]: Module URI                 1.35
 +Nov 20 22:52:09 nss amavis[29614]: Module Unix::Syslog        1.0
 +Nov 20 22:52:09 nss amavis[29614]: Amavis::DB code      loaded
 +Nov 20 22:52:09 nss amavis[29614]: Amavis::Cache code   loaded
 +Nov 20 22:52:09 nss amavis[29614]: SQL base code        NOT loaded
 +Nov 20 22:52:09 nss amavis[29614]: SQL::Log code        NOT loaded
 +Nov 20 22:52:09 nss amavis[29614]: SQL::Quarantine      NOT loaded
 +Nov 20 22:52:09 nss amavis[29614]: Lookup::SQL code     NOT loaded
 +Nov 20 22:52:09 nss amavis[29614]: Lookup::LDAP code    NOT loaded
 +Nov 20 22:52:09 nss amavis[29614]: AM.PDP-in proto code loaded
 +Nov 20 22:52:09 nss amavis[29614]: SMTP-in proto code   loaded
 +Nov 20 22:52:09 nss amavis[29614]: Courier proto code   NOT loaded
 +Nov 20 22:52:09 nss amavis[29614]: SMTP-out proto code  loaded
 +Nov 20 22:52:09 nss amavis[29614]: Pipe-out proto code  NOT loaded
 +Nov 20 22:52:09 nss amavis[29614]: BSMTP-out proto code NOT loaded
 +Nov 20 22:52:09 nss amavis[29614]: Local-out proto code loaded
 +Nov 20 22:52:09 nss amavis[29614]: OS_Fingerprint code  NOT loaded
 +Nov 20 22:52:09 nss amavis[29614]: ANTI-VIRUS code      loaded
 +Nov 20 22:52:09 nss amavis[29614]: ANTI-SPAM code       loaded
 +Nov 20 22:52:09 nss amavis[29614]: ANTI-SPAM-SA code    loaded
 +Nov 20 22:52:09 nss amavis[29614]: Unpackers code       loaded
 +Nov 20 22:52:09 nss amavis[29614]: Found $file            at /usr/bin/file
 +Nov 20 22:52:09 nss amavis[29614]: No $dspam,             not using it
 +Nov 20 22:52:09 nss amavis[29614]: No $altermime,         not using it
 +Nov 20 22:52:09 nss amavis[29614]: Internal decoder for .mail
 +Nov 20 22:52:09 nss amavis[29614]: Internal decoder for .asc 
 +Nov 20 22:52:09 nss amavis[29614]: Internal decoder for .uue 
 +Nov 20 22:52:09 nss amavis[29614]: Internal decoder for .hqx 
 +Nov 20 22:52:09 nss amavis[29614]: Internal decoder for .ync 
 +Nov 20 22:52:09 nss amavis[29614]: Found decoder for    .F    at /usr/bin/unfreeze
 +Nov 20 22:52:09 nss amavis[29614]: Found decoder for    .Z    at /usr/bin/uncompress
 +Nov 20 22:52:09 nss amavis[29614]: Found decoder for    .gz   at /usr/bin/gzip -d
 +Nov 20 22:52:09 nss amavis[29614]: Internal decoder for .gz   (backup, not used)
 +Nov 20 22:52:09 nss amavis[29614]: Found decoder for    .bz2  at /usr/bin/bzip2 -d
 +Nov 20 22:52:09 nss amavis[29614]: Found decoder for    .lzo  at /usr/bin/lzop -d
 +Nov 20 22:52:09 nss amavis[29614]: Found decoder for    .rpm  at /usr/bin/rpm2cpio
 +Nov 20 22:52:09 nss amavis[29614]: Found decoder for    .cpio at /usr/bin/pax
 +Nov 20 22:52:09 nss amavis[29614]: Found decoder for    .tar  at /usr/bin/pax
 +Nov 20 22:52:09 nss amavis[29614]: Found decoder for    .deb  at /usr/bin/ar
 +Nov 20 22:52:09 nss amavis[29614]: Internal decoder for .zip 
 +Nov 20 22:52:09 nss amavis[29614]: No decoder for       .7z   tried: 7zr, 7za, 7z
 +Nov 20 22:52:09 nss amavis[29614]: Found decoder for    .rar  at /usr/bin/unrar
 +Nov 20 22:52:09 nss amavis[29614]: Found decoder for    .arj  at /usr/bin/arj
 +Nov 20 22:52:09 nss amavis[29614]: Found decoder for    .arc  at /usr/bin/nomarch
 +Nov 20 22:52:09 nss amavis[29614]: Found decoder for    .zoo  at /usr/bin/zoo
 +Nov 20 22:52:09 nss amavis[29614]: Found decoder for    .lha  at /usr/bin/lha
 +Nov 20 22:52:09 nss amavis[29614]: Found decoder for    .cab  at /usr/bin/cabextract
 +Nov 20 22:52:09 nss amavis[29614]: No decoder for       .tnef tried: tnef
 +Nov 20 22:52:09 nss amavis[29614]: Internal decoder for .tnef
 +Nov 20 22:52:09 nss amavis[29614]: Found decoder for    .exe  at /usr/bin/unrar; /usr/bin/lha; /usr/bin/arj
 +Nov 20 22:52:09 nss amavis[29614]: Using primary internal av scanner code for ClamAV-clamd
 +Nov 20 22:52:09 nss amavis[29614]: No primary av scanner: KasperskyLab AVP - aveclient
 +Nov 20 22:52:09 nss amavis[29614]: No primary av scanner: KasperskyLab AntiViral Toolkit Pro (AVP)
 +Nov 20 22:52:09 nss amavis[29614]: No primary av scanner: KasperskyLab AVPDaemonClient
 +Nov 20 22:52:09 nss amavis[29614]: No primary av scanner: CentralCommand Vexira (new) vascan
 +Nov 20 22:52:09 nss amavis[29614]: No primary av scanner: Avira AntiVir
 +Nov 20 22:52:09 nss amavis[29614]: No primary av scanner: Command AntiVirus for Linux
 +Nov 20 22:52:09 nss amavis[29614]: No primary av scanner: Symantec CarrierScan via Symantec CommandLineScanner
 +Nov 20 22:52:09 nss amavis[29614]: No primary av scanner: Symantec AntiVirus Scan Engine
 +Nov 20 22:52:09 nss amavis[29614]: No primary av scanner: F-Secure Antivirus for Linux servers
 +Nov 20 22:52:09 nss amavis[29614]: No primary av scanner: CAI InoculateIT
 +Nov 20 22:52:09 nss amavis[29614]: No primary av scanner: CAI eTrust Antivirus
 +Nov 20 22:52:09 nss amavis[29614]: No primary av scanner: MkS_Vir for Linux (beta)
 +Nov 20 22:52:09 nss amavis[29614]: No primary av scanner: MkS_Vir daemon
 +Nov 20 22:52:09 nss amavis[29614]: No primary av scanner: ESET NOD32 Linux Mail Server - command line interface
 +Nov 20 22:52:09 nss amavis[29614]: No primary av scanner: ESET NOD32 for Linux File servers
 +Nov 20 22:52:09 nss amavis[29614]: No primary av scanner: Norman Virus Control v5 / Linux
 +Nov 20 22:52:09 nss amavis[29614]: No primary av scanner: Panda CommandLineSecure 9 for Linux
 +Nov 20 22:52:09 nss amavis[29614]: No primary av scanner: NAI McAfee AntiVirus (uvscan)
 +Nov 20 22:52:09 nss amavis[29614]: No primary av scanner: VirusBuster
 +Nov 20 22:52:09 nss amavis[29614]: No primary av scanner: CyberSoft VFind
 +Nov 20 22:52:09 nss amavis[29614]: No primary av scanner: avast! Antivirus
 +Nov 20 22:52:09 nss amavis[29614]: No primary av scanner: Ikarus AntiVirus for Linux
 +Nov 20 22:52:09 nss amavis[29614]: No primary av scanner: BitDefender
 +Nov 20 22:52:09 nss amavis[29614]: No primary av scanner: BitDefender
 +Nov 20 22:52:09 nss amavis[29614]: No primary av scanner: ArcaVir for Linux
 +Nov 20 22:52:09 nss amavis[29614]: Found secondary av scanner ClamAV-clamscan at /usr/bin/clamscan
 +Nov 20 22:52:09 nss amavis[29614]: No secondary av scanner: F-PROT Antivirus for UNIX
 +Nov 20 22:52:09 nss amavis[29614]: No secondary av scanner: FRISK F-Prot Antivirus
 +Nov 20 22:52:09 nss amavis[29614]: No secondary av scanner: Trend Micro FileScanner
 +Nov 20 22:52:09 nss amavis[29614]: No secondary av scanner: drweb - DrWeb Antivirus
 +Nov 20 22:52:09 nss amavis[29614]: No secondary av scanner: Kaspersky Antivirus v5.5
 +Nov 20 22:52:09 nss amavis[29614]: Creating db in /var/amavis/db/; BerkeleyDB 0.36, libdb 4.3
 +Nov 20 22:52:09 nss amavis[29614]: SpamControl: initializing Mail::SpamAssassin
 +Nov 20 22:52:10 nss amavis[29614]: SpamControl: init_pre_fork done
 +Nov 20 22:52:10 nss amavis[29620]: TIMING [total 5 ms] - bdb-open: 5 (100%)100, rundown: 0 (0%)100
 +Nov 20 22:52:10 nss amavis[29621]: TIMING [total 5 ms] - bdb-open: 5 (100%)100, rundown: 0 (0%)100</code>
 +===== automatisches Starten der Dienste beim Systemstart =====
 +==== clamd ==== 
 +Damit nun unser clamav-daemon beim Booten automatisch gestartet wird, nehmen wir noch folgende Konfigurationsschritte vor.
 +<code>chkconfig clamd on</code>
 +Anschließend überprüfen wir noch unsere Änderung:
 +   chkconfig --list | grep clamd
 +   clamd           0:Aus   1:Aus   2:Ein   3:Ein   4:Ein   5:Ein   6:Aus
 +==== amavisd ====
 +Den automatischen Start haben wir bereits im Kapitel [[centos:mailserver:grundinstallation_von_amavis]] vorgenommen.
 +