Beide Seiten der vorigen Revision Vorhergehende Überarbeitung Nächste Überarbeitung | Vorhergehende Überarbeitung |
centos:mailserver:installation_von_clamav [08.03.2011 13:42. ] – [amavisd] django | centos:mailserver:installation_von_clamav [20.04.2018 10:34. ] (aktuell) – Externe Bearbeitung 127.0.0.1 |
---|
| ====== Virenschutz mit ClamAV ====== |
| Als **//Viren-Scanner//** und **//-Killer//** verwenden wir [[http://www.clamav.net/|clamav]]. |
| ===== Installation ===== |
| Wir installieren uns hierzu den entsprechenden **daemon** via **yum**. |
| <code>yum install clamd clamav clamav-db</code> |
| ==== Info ==== |
| Was uns die einzelnen Pakete liefern, entnehmen wir den jeweiligen rpm's. |
| <code>yum info clamd |
| |
| Name : clamd |
| ... |
| Summary: The Clam AntiVirus Daemon |
| Description: |
| The Clam AntiVirus Daemon</code> |
| |
| <code>yum info clamav |
| |
| |
| Name : clamav |
| ... |
| Summary: Anti-virus software |
| Description: |
| Clam AntiVirus is a GPL anti-virus toolkit for UNIX. The main purpose of |
| this software is the integration with mail servers (attachment scanning). |
| The package provides a flexible and scalable multi-threaded daemon, a |
| command line scanner, and a tool for automatic updating via Internet. |
| |
| The programs are based on a shared library distributed with the Clam |
| AntiVirus package, which you can use with your own software. Most |
| importantly, the virus database is kept up to date</code> |
| |
| <code>yum info clamav-db |
| |
| Name : clamav-db |
| ... |
| Summary: Virus database for clamav |
| Description: |
| The actual virus database for clamav</code> |
| ==== Programmpfade und -inhalte ==== |
| Über die einzelnen Dateien und Pfade der installierten Programme, informieren wir uns mittels: |
| <code>rpm -ql clamd |
| |
| /etc/clamd.conf |
| /etc/logrotate.d/clamav |
| /etc/rc.d/init.d/clamd |
| /usr/bin/clamconf |
| /usr/bin/clamdscan |
| /usr/sbin/clamd |
| /usr/share/doc/clamd-0.94.1 |
| /usr/share/doc/clamd-0.94.1/clamd.conf |
| /usr/share/doc/clamd-0.94.1/clamdwatch |
| /usr/share/doc/clamd-0.94.1/clamdwatch/clamdwatch.tar.gz |
| /usr/share/man/man1/clamconf.1.gz |
| /usr/share/man/man1/clamdscan.1.gz |
| /usr/share/man/man5/clamd.conf.5.gz |
| /usr/share/man/man8/clamd.8.gz |
| /var/clamav |
| /var/log/clamav |
| /var/run/clamav |
| </code> |
| |
| <code>rpm -ql clamav |
| |
| /etc/freshclam.conf |
| /usr/bin/clamscan |
| /usr/bin/freshclam |
| /usr/bin/sigtool |
| /usr/lib/libclamav.so.5 |
| /usr/lib/libclamav.so.5.0.3 |
| /usr/lib/libclamunrar.so.5 |
| /usr/lib/libclamunrar.so.5.0.3 |
| /usr/lib/libclamunrar_iface.so.5 |
| /usr/lib/libclamunrar_iface.so.5.0.3 |
| /usr/share/doc/clamav-0.94.1 |
| /usr/share/doc/clamav-0.94.1/AUTHORS |
| /usr/share/doc/clamav-0.94.1/BUGS |
| /usr/share/doc/clamav-0.94.1/COPYING |
| /usr/share/doc/clamav-0.94.1/ChangeLog |
| /usr/share/doc/clamav-0.94.1/FAQ |
| /usr/share/doc/clamav-0.94.1/INSTALL |
| /usr/share/doc/clamav-0.94.1/NEWS |
| /usr/share/doc/clamav-0.94.1/README |
| /usr/share/doc/clamav-0.94.1/clamav-mirror-howto.pdf |
| /usr/share/doc/clamav-0.94.1/clamdoc.pdf |
| /usr/share/doc/clamav-0.94.1/freshclam.conf |
| /usr/share/doc/clamav-0.94.1/phishsigs_howto.pdf |
| /usr/share/doc/clamav-0.94.1/signatures.pdf |
| /usr/share/doc/clamav-0.94.1/test |
| /usr/share/doc/clamav-0.94.1/test/.split |
| /usr/share/doc/clamav-0.94.1/test/.split/split.clam-aspack.exeaa |
| /usr/share/doc/clamav-0.94.1/test/.split/split.clam-aspack.exeab |
| /usr/share/doc/clamav-0.94.1/test/.split/split.clam-fsg.exeaa |
| /usr/share/doc/clamav-0.94.1/test/.split/split.clam-fsg.exeab |
| /usr/share/doc/clamav-0.94.1/test/.split/split.clam-mew.exeaa |
| /usr/share/doc/clamav-0.94.1/test/.split/split.clam-mew.exeab |
| /usr/share/doc/clamav-0.94.1/test/.split/split.clam-nsis.exeaa |
| /usr/share/doc/clamav-0.94.1/test/.split/split.clam-nsis.exeab |
| /usr/share/doc/clamav-0.94.1/test/.split/split.clam-pespin.exeaa |
| /usr/share/doc/clamav-0.94.1/test/.split/split.clam-pespin.exeab |
| /usr/share/doc/clamav-0.94.1/test/.split/split.clam-petite.exeaa |
| /usr/share/doc/clamav-0.94.1/test/.split/split.clam-petite.exeab |
| /usr/share/doc/clamav-0.94.1/test/.split/split.clam-upack.exeaa |
| /usr/share/doc/clamav-0.94.1/test/.split/split.clam-upack.exeab |
| /usr/share/doc/clamav-0.94.1/test/.split/split.clam-upx.exeaa |
| /usr/share/doc/clamav-0.94.1/test/.split/split.clam-upx.exeab |
| /usr/share/doc/clamav-0.94.1/test/.split/split.clam-v2.raraa |
| /usr/share/doc/clamav-0.94.1/test/.split/split.clam-v2.rarab |
| /usr/share/doc/clamav-0.94.1/test/.split/split.clam-v3.raraa |
| /usr/share/doc/clamav-0.94.1/test/.split/split.clam-v3.rarab |
| /usr/share/doc/clamav-0.94.1/test/.split/split.clam-wwpack.exeaa |
| /usr/share/doc/clamav-0.94.1/test/.split/split.clam-wwpack.exeab |
| /usr/share/doc/clamav-0.94.1/test/.split/split.clam.arjaa |
| /usr/share/doc/clamav-0.94.1/test/.split/split.clam.arjab |
| /usr/share/doc/clamav-0.94.1/test/.split/split.clam.bz2.zipaa |
| /usr/share/doc/clamav-0.94.1/test/.split/split.clam.bz2.zipab |
| /usr/share/doc/clamav-0.94.1/test/.split/split.clam.cabaa |
| /usr/share/doc/clamav-0.94.1/test/.split/split.clam.cabab |
| /usr/share/doc/clamav-0.94.1/test/.split/split.clam.chmaa |
| /usr/share/doc/clamav-0.94.1/test/.split/split.clam.chmab |
| /usr/share/doc/clamav-0.94.1/test/.split/split.clam.d64.zipaa |
| /usr/share/doc/clamav-0.94.1/test/.split/split.clam.d64.zipab |
| /usr/share/doc/clamav-0.94.1/test/.split/split.clam.ea05.exeaa |
| /usr/share/doc/clamav-0.94.1/test/.split/split.clam.ea05.exeab |
| /usr/share/doc/clamav-0.94.1/test/.split/split.clam.ea06.exeaa |
| /usr/share/doc/clamav-0.94.1/test/.split/split.clam.ea06.exeab |
| /usr/share/doc/clamav-0.94.1/test/.split/split.clam.exe.binhexaa |
| /usr/share/doc/clamav-0.94.1/test/.split/split.clam.exe.binhexab |
| /usr/share/doc/clamav-0.94.1/test/.split/split.clam.exe.bz2aa |
| /usr/share/doc/clamav-0.94.1/test/.split/split.clam.exe.bz2ab |
| /usr/share/doc/clamav-0.94.1/test/.split/split.clam.exe.htmlaa |
| /usr/share/doc/clamav-0.94.1/test/.split/split.clam.exe.htmlab |
| /usr/share/doc/clamav-0.94.1/test/.split/split.clam.exe.mbox.base64aa |
| /usr/share/doc/clamav-0.94.1/test/.split/split.clam.exe.mbox.base64ab |
| /usr/share/doc/clamav-0.94.1/test/.split/split.clam.exe.mbox.uuaa |
| /usr/share/doc/clamav-0.94.1/test/.split/split.clam.exe.mbox.uuab |
| /usr/share/doc/clamav-0.94.1/test/.split/split.clam.exe.rtfaa |
| /usr/share/doc/clamav-0.94.1/test/.split/split.clam.exe.rtfab |
| /usr/share/doc/clamav-0.94.1/test/.split/split.clam.exe.szddaa |
| /usr/share/doc/clamav-0.94.1/test/.split/split.clam.exe.szddab |
| /usr/share/doc/clamav-0.94.1/test/.split/split.clam.exeaa |
| /usr/share/doc/clamav-0.94.1/test/.split/split.clam.exeab |
| /usr/share/doc/clamav-0.94.1/test/.split/split.clam.impl.zipaa |
| /usr/share/doc/clamav-0.94.1/test/.split/split.clam.impl.zipab |
| /usr/share/doc/clamav-0.94.1/test/.split/split.clam.mailaa |
| /usr/share/doc/clamav-0.94.1/test/.split/split.clam.mailab |
| /usr/share/doc/clamav-0.94.1/test/.split/split.clam.ole.docaa |
| /usr/share/doc/clamav-0.94.1/test/.split/split.clam.ole.docab |
| /usr/share/doc/clamav-0.94.1/test/.split/split.clam.pdfaa |
| /usr/share/doc/clamav-0.94.1/test/.split/split.clam.pdfab |
| /usr/share/doc/clamav-0.94.1/test/.split/split.clam.pptaa |
| /usr/share/doc/clamav-0.94.1/test/.split/split.clam.pptab |
| /usr/share/doc/clamav-0.94.1/test/.split/split.clam.sisaa |
| /usr/share/doc/clamav-0.94.1/test/.split/split.clam.sisab |
| /usr/share/doc/clamav-0.94.1/test/.split/split.clam.tar.gzaa |
| /usr/share/doc/clamav-0.94.1/test/.split/split.clam.tar.gzab |
| /usr/share/doc/clamav-0.94.1/test/.split/split.clam.tnefaa |
| /usr/share/doc/clamav-0.94.1/test/.split/split.clam.tnefab |
| /usr/share/doc/clamav-0.94.1/test/.split/split.clam.zipaa |
| /usr/share/doc/clamav-0.94.1/test/.split/split.clam.zipab |
| /usr/share/doc/clamav-0.94.1/test/Makefile |
| /usr/share/doc/clamav-0.94.1/test/Makefile.am |
| /usr/share/doc/clamav-0.94.1/test/Makefile.in |
| /usr/share/doc/clamav-0.94.1/test/README |
| /usr/share/doc/clamav-0.94.1/test/clam-aspack.exe |
| /usr/share/doc/clamav-0.94.1/test/clam-fsg.exe |
| /usr/share/doc/clamav-0.94.1/test/clam-mew.exe |
| /usr/share/doc/clamav-0.94.1/test/clam-nsis.exe |
| /usr/share/doc/clamav-0.94.1/test/clam-pespin.exe |
| /usr/share/doc/clamav-0.94.1/test/clam-petite.exe |
| /usr/share/doc/clamav-0.94.1/test/clam-upack.exe |
| /usr/share/doc/clamav-0.94.1/test/clam-upx.exe |
| /usr/share/doc/clamav-0.94.1/test/clam-v2.rar |
| /usr/share/doc/clamav-0.94.1/test/clam-v3.rar |
| /usr/share/doc/clamav-0.94.1/test/clam-wwpack.exe |
| /usr/share/doc/clamav-0.94.1/test/clam.arj |
| /usr/share/doc/clamav-0.94.1/test/clam.bz2.zip |
| /usr/share/doc/clamav-0.94.1/test/clam.cab |
| /usr/share/doc/clamav-0.94.1/test/clam.chm |
| /usr/share/doc/clamav-0.94.1/test/clam.d64.zip |
| /usr/share/doc/clamav-0.94.1/test/clam.ea05.exe |
| /usr/share/doc/clamav-0.94.1/test/clam.ea06.exe |
| /usr/share/doc/clamav-0.94.1/test/clam.exe |
| /usr/share/doc/clamav-0.94.1/test/clam.exe.binhex |
| /usr/share/doc/clamav-0.94.1/test/clam.exe.bz2 |
| /usr/share/doc/clamav-0.94.1/test/clam.exe.html |
| /usr/share/doc/clamav-0.94.1/test/clam.exe.mbox.base64 |
| /usr/share/doc/clamav-0.94.1/test/clam.exe.mbox.uu |
| /usr/share/doc/clamav-0.94.1/test/clam.exe.rtf |
| /usr/share/doc/clamav-0.94.1/test/clam.exe.szdd |
| /usr/share/doc/clamav-0.94.1/test/clam.impl.zip |
| /usr/share/doc/clamav-0.94.1/test/clam.mail |
| /usr/share/doc/clamav-0.94.1/test/clam.ole.doc |
| /usr/share/doc/clamav-0.94.1/test/clam.pdf |
| /usr/share/doc/clamav-0.94.1/test/clam.ppt |
| /usr/share/doc/clamav-0.94.1/test/clam.sis |
| /usr/share/doc/clamav-0.94.1/test/clam.tar.gz |
| /usr/share/doc/clamav-0.94.1/test/clam.tnef |
| /usr/share/doc/clamav-0.94.1/test/clam.zip |
| /usr/share/man/man1/clamscan.1.gz |
| /usr/share/man/man1/freshclam.1.gz |
| /usr/share/man/man1/sigtool.1.gz |
| /usr/share/man/man5/freshclam.conf.5.gz |
| </code> |
| |
| <code>rpm -ql clamav-db |
| /etc/cron.daily/freshclam |
| /etc/logrotate.d/freshclam |
| /var/clamav |
| /var/clamav/daily.cvd |
| /var/clamav/main.cvd |
| /var/log/clamav |
| </code> |
| ===== Konfiguration ===== |
| ==== clamd ==== |
| Die Konfigurationsdatei des ClamAV-Daemons **/etc/clamd.conf** passen wir unseren Gegebenheiten entsprechend an. |
| Wichtig sind dabei insbesonders die drei Paramter: |
| * **User clamav** |
| * **AllowSupplementaryGroups yes** |
| * **LocalSocket /tmp/clamd.socket** |
| In Summe ergibt sich also folgende Gesamtkonfiguration: |
| <code>egrep -v '(^.*#|^$)' /etc/clamd.conf |
| |
| LogFile /var/log/clamav/clamd.log |
| LogFileMaxSize 0 |
| LogTime yes |
| LogSyslog yes |
| PidFile /var/run/clamav/clamd.pid |
| TemporaryDirectory /var/tmp |
| DatabaseDirectory /var/clamav |
| LocalSocket /tmp/clamd.socket |
| FixStaleSocket yes |
| TCPSocket 3310 |
| TCPAddr 127.0.0.1 |
| MaxConnectionQueueLength 30 |
| MaxThreads 50 |
| ReadTimeout 300 |
| User clamav |
| AllowSupplementaryGroups yes |
| ScanPE yes |
| ScanELF yes |
| DetectBrokenExecutables yes |
| ScanOLE2 yes |
| ScanMail yes |
| ScanArchive yes |
| ArchiveBlockEncrypted no</code> |
| Wie in der **/etc/amavisd.conf** vermerkt <code># # NOTE: run clamd under the same user as amavisd, or run it under its own |
| # # uid such as clamav, add user clamav to the amavis group, and then add |
| # # AllowSupplementaryGroups to clamd.conf;</code> erweitern wir die Gruppe **amavis** um den User **clamav**. |
| <code>vim /etc/group |
| |
| amavis:x:106:clamav</code> |
| ==== amavisd ==== |
| Die Konfiguration unseres Virenkillers [[http://www.clamav.net/|clamav]] erfolgt über dessen frontend [[centos:grundinstallation_von_amavis|AMaViS]]. Wir bearbeiten also die Datei **amavisd.conf**. |
| |
| vim /etc/amavisd.conf |
| |
| Die Pfadangaben passen wir unseren Gegebenheiten an: |
| $MYHOME = '/var/amavis'; # a convenient default for other settings, -H |
| $TEMPBASE = "$MYHOME/tmp"; # working directory, needs to exist, -T |
| $ENV{TMPDIR} = $TEMPBASE; # environment variable TMPDIR, used by SA, etc. |
| $QUARANTINEDIR = "/var/virusmails"; |
| Ebenso: |
| $db_home = "$MYHOME/db"; # dir for bdb nanny/cache/snmp databases, -D |
| $helpers_home = "$MYHOME/var"; # working directory for SpamAssassin, -S |
| $lock_file = "$MYHOME/var/amavisd.lock"; # -L |
| $pid_file = "$MYHOME/var/amavisd.pid"; # -P |
| $unix_socketname = "$MYHOME/amavisd.sock"; # amavisd-release or amavis-milter |
| Für den ersten Programmstart drehen wir den Loglevel auf den Wert **3**, den wir im späteren Produktivbetrieb dann auf **2** herabsetzen können. Somit erhalten wir in der Anfangsphase wertvolle und ausreichende Hinweise, falls etwas nicht wie geplant laufen sollte. |
| $log_level = 3; # verbosity 0..5, -d |
| Da wir uns weder mit **Viren**, noch mit **Spam** oder den **unerwünschten Dateianhängen** herumschlagen wollen, weisen wir AMaViS an, diese Nachrichten über den Mailserver direkt ablehnt. |
| $final_virus_destiny = D_REJECT; |
| $final_banned_destiny = D_REJECT; |
| $final_spam_destiny = D_REJECT; |
| Da wir AMaViS in erster Linie in der dämonisierten Variante und als Fallback als Backup-Scanner verwenden wollen, aktivieren wir die entsprechenden Konfigurationszeilen kurz nach der Zeile **@av_scanners = (**. Die Pfadangaben des **Socket** müssen zu den Angaben in der vorweg beschriebenen **/etc/clamd.conf** passen! |
| # ### http://www.clamav.net/ |
| ['ClamAV-clamd', |
| \&ask_daemon, ["CONTSCAN {}\n", "/tmp/clamd.socket"], |
| qr/\bOK$/, qr/\bFOUND$/, |
| qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ], |
| # # NOTE: run clamd under the same user as amavisd, or run it under its own |
| # # uid such as clamav, add user clamav to the amavis group, and then add |
| # # AllowSupplementaryGroups to clamd.conf; |
| # # NOTE: match socket name (LocalSocket) in clamav.conf to the socket name in |
| # # this entry; when running chrooted one may prefer socket "$MYHOME/clamd". |
| Die komplette AMaViS.Konfiguration lautet dann. |
| # egrep -v '(^#|^$)' /etc/amavisd.conf |
| <code perl amavisd.conf > |
| use strict; |
| $max_servers = 5; # num of pre-forked children (2..30 is common), -m |
| $daemon_user = "amavis"; # (no default; customary: vscan or amavis), -u |
| $daemon_group = "amavis"; # (no default; customary: vscan or amavis), -g |
| $myhostname = 'amavis.nausch.org'; # hostname |
| $mydomain = 'nausch.org'; # a convenient default for other settings |
| $MYHOME = '/var/amavis'; # a convenient default for other settings, -H |
| $TEMPBASE = "$MYHOME/tmp"; # working directory, needs to exist, -T |
| $ENV{TMPDIR} = $TEMPBASE; # environment variable TMPDIR, used by SA, etc. |
| $QUARANTINEDIR = "/var/virusmails"; |
| $db_home = "$MYHOME/db"; # dir for bdb nanny/cache/snmp databases, -D |
| $helpers_home = "$MYHOME/var"; # working directory for SpamAssassin, -S |
| $lock_file = "$MYHOME/var/amavisd.lock"; # -L |
| $pid_file = "$MYHOME/var/amavisd.pid"; # -P |
| $log_level = 3; # verbosity 0..5, -d |
| $log_recip_templ = undef; # disable by-recipient level-0 log entries |
| $DO_SYSLOG = 1; # log via syslogd (preferred) |
| $syslog_facility = 'mail'; # Syslog facility as a string |
| # e.g.: mail, daemon, user, local0, ... local7 |
| $syslog_priority = 'debug'; # Syslog base (minimal) priority as a string, |
| # choose from: emerg, alert, crit, err, warning, notice, info, debug |
| $enable_db = 1; # enable use of BerkeleyDB/libdb (SNMP and nanny) |
| $enable_global_cache = 1; # enable use of libdb-based cache if $enable_db=1 |
| $nanny_details_level = 2; # nanny verbosity: 1: traditional, 2: detailed |
| $enable_dkim_verification = 1; # enable DKIM signatures verification |
| $enable_dkim_signing = 1; # load DKIM signing code, keys defined by dkim_key |
| @local_domains_maps = ( [".$mydomain"] ); # list of all local domains |
| @mynetworks = qw( 127.0.0.0/8 [::1] [FE80::]/10 [FEC0::]/10 |
| 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 ); |
| $unix_socketname = "$MYHOME/amavisd.sock"; # amavisd-release or amavis-milter |
| # option(s) -p overrides $inet_socket_port and $unix_socketname |
| $inet_socket_port = 10024; # listen on this local TCP port(s) |
| $policy_bank{'MYNETS'} = { # mail originating from @mynetworks |
| originating => 1, # is true in MYNETS by default, but let's make it explicit |
| os_fingerprint_method => undef, # don't query p0f for internal clients |
| }; |
| $interface_policy{'10026'} = 'ORIGINATING'; |
| $policy_bank{'ORIGINATING'} = { # mail supposedly originating from our users |
| originating => 1, # declare that mail was submitted by our smtp client |
| allow_disclaimers => 1, # enables disclaimer insertion if available |
| # notify administrator of locally originating malware |
| virus_admin_maps => ["virusalert\@$mydomain"], |
| spam_admin_maps => ["virusalert\@$mydomain"], |
| warnbadhsender => 1, |
| # forward to a smtpd service providing DKIM signing service |
| forward_method => 'smtp:[127.0.0.1]:10027', |
| # force MTA conversion to 7-bit (e.g. before DKIM signing) |
| smtpd_discard_ehlo_keywords => ['8BITMIME'], |
| bypass_banned_checks_maps => [1], # allow sending any file names and types |
| terminate_dsn_on_notify_success => 0, # don't remove NOTIFY=SUCCESS option |
| }; |
| $interface_policy{'SOCK'} = 'AM.PDP-SOCK'; # only applies with $unix_socketname |
| $policy_bank{'AM.PDP-SOCK'} = { |
| protocol => 'AM.PDP', |
| auth_required_release => 0, # do not require secret_id for amavisd-release |
| }; |
| $sa_tag_level_deflt = 2.0; # add spam info headers if at, or above that level |
| $sa_tag2_level_deflt = 6.31; # add 'spam detected' headers at that level |
| $sa_kill_level_deflt = 6.31; # triggers spam evasive actions (e.g. blocks mail) |
| $sa_dsn_cutoff_level = 10; # spam level beyond which a DSN is not sent |
| $sa_crediblefrom_dsn_cutoff_level = 18; # likewise, but for a likely valid From |
| $penpals_bonus_score = 8; # (no effect without a @storage_sql_dsn database) |
| $penpals_threshold_high = $sa_kill_level_deflt; # don't waste time on hi spam |
| $bounce_killer_score = 100; # spam score points to add for joe-jobbed bounces |
| $sa_mail_body_size_limit = 400*1024; # don't waste time on SA if mail is larger |
| $sa_local_tests_only = 0; # only tests which do not require internet access? |
| $virus_admin = "virusalert\@$mydomain"; # notifications recip. |
| $mailfrom_notify_admin = "virusalert\@$mydomain"; # notifications sender |
| $mailfrom_notify_recip = "virusalert\@$mydomain"; # notifications sender |
| $mailfrom_notify_spamadmin = "spam.police\@$mydomain"; # notifications sender |
| $mailfrom_to_quarantine = ''; # null return path; uses original sender if undef |
| @addr_extension_virus_maps = ('virus'); |
| @addr_extension_banned_maps = ('banned'); |
| @addr_extension_spam_maps = ('spam'); |
| @addr_extension_bad_header_maps = ('badh'); |
| $path = '/usr/local/sbin:/usr/local/bin:/usr/sbin:/sbin:/usr/bin:/bin'; |
| $MAXLEVELS = 14; |
| $MAXFILES = 1500; |
| $MIN_EXPANSION_QUOTA = 100*1024; # bytes (default undef, not enforced) |
| $MAX_EXPANSION_QUOTA = 300*1024*1024; # bytes (default undef, not enforced) |
| $sa_spam_subject_tag = '***SPAM*** '; |
| $defang_virus = 1; # MIME-wrap passed infected mail |
| $defang_banned = 1; # MIME-wrap passed mail containing banned name |
| $defang_by_ccat{+CC_BADH.",3"} = 1; # NUL or CR character in header |
| $defang_by_ccat{+CC_BADH.",5"} = 1; # header line longer than 998 characters |
| $defang_by_ccat{+CC_BADH.",6"} = 1; # header field syntax error |
| $final_virus_destiny = D_REJECT; |
| $final_banned_destiny = D_REJECT; |
| $final_spam_destiny = D_REJECT; |
| $virus_quarantine_to = undef; |
| $banned_quarantine_to = undef; |
| $spam_quarantine_to = undef; |
| $bad_header_quarantine_to = undef; |
| @keep_decoded_original_maps = (new_RE( |
| qr'^MAIL$', # retain full original message for virus checking |
| qr'^MAIL-UNDECIPHERABLE$', # recheck full mail if it contains undecipherables |
| qr'^(ASCII(?! cpio)|text|uuencoded|xxencoded|binhex)'i, |
| )); |
| $banned_filename_re = new_RE( |
| qr'^\.(exe-ms|dll)$', # banned file(1) types, rudimentary |
| [ qr'^\.(rpm|cpio|tar)$' => 0 ], # allow any in Unix-type archives |
| qr'.\.(pif|scr)$'i, # banned extensions - rudimentary |
| qr'^application/x-msdownload$'i, # block these MIME types |
| qr'^application/x-msdos-program$'i, |
| qr'^application/hta$'i, |
| # block certain double extensions in filenames |
| qr'\.[^./]*[A-Za-z][^./]*\.\s*(exe|vbs|pif|scr|bat|cmd|com|cpl|dll)[.\s]*$'i, |
| qr'.\.(exe|vbs|pif|scr|cpl)$'i, # banned extension - basic |
| ); |
| @score_sender_maps = ({ # a by-recipient hash lookup table, |
| # results from all matching recipient tables are summed |
| ## site-wide opinions about senders (the '.' matches any recipient) |
| '.' => [ # the _first_ matching sender determines the score boost |
| new_RE( # regexp-type lookup table, just happens to be all soft-blacklist |
| [qr'^(bulkmail|offers|cheapbenefits|earnmoney|foryou)@'i => 5.0], |
| [qr'^(greatcasino|investments|lose_weight_today|market\.alert)@'i=> 5.0], |
| [qr'^(money2you|MyGreenCard|new\.tld\.registry|opt-out|opt-in)@'i=> 5.0], |
| [qr'^(optin|saveonlsmoking2002k|specialoffer|specialoffers)@'i => 5.0], |
| [qr'^(stockalert|stopsnoring|wantsome|workathome|yesitsfree)@'i => 5.0], |
| [qr'^(your_friend|greatoffers)@'i => 5.0], |
| [qr'^(inkjetplanet|marketopt|MakeMoney)\d*@'i => 5.0], |
| ), |
| { # a hash-type lookup table (associative array) |
| 'nobody@cert.org' => -3.0, |
| 'cert-advisory@us-cert.gov' => -3.0, |
| 'owner-alert@iss.net' => -3.0, |
| 'slashdot@slashdot.org' => -3.0, |
| 'securityfocus.com' => -3.0, |
| 'ntbugtraq@listserv.ntbugtraq.com' => -3.0, |
| 'security-alerts@linuxsecurity.com' => -3.0, |
| 'mailman-announce-admin@python.org' => -3.0, |
| 'amavis-user-admin@lists.sourceforge.net'=> -3.0, |
| 'amavis-user-bounces@lists.sourceforge.net' => -3.0, |
| 'spamassassin.apache.org' => -3.0, |
| 'notification-return@lists.sophos.com' => -3.0, |
| 'owner-postfix-users@postfix.org' => -3.0, |
| 'owner-postfix-announce@postfix.org' => -3.0, |
| 'owner-sendmail-announce@lists.sendmail.org' => -3.0, |
| 'sendmail-announce-request@lists.sendmail.org' => -3.0, |
| 'donotreply@sendmail.org' => -3.0, |
| 'ca+envelope@sendmail.org' => -3.0, |
| 'noreply@freshmeat.net' => -3.0, |
| 'owner-technews@postel.acm.org' => -3.0, |
| 'ietf-123-owner@loki.ietf.org' => -3.0, |
| 'cvs-commits-list-admin@gnome.org' => -3.0, |
| 'rt-users-admin@lists.fsck.com' => -3.0, |
| 'clp-request@comp.nus.edu.sg' => -3.0, |
| 'surveys-errors@lists.nua.ie' => -3.0, |
| 'emailnews@genomeweb.com' => -5.0, |
| 'yahoo-dev-null@yahoo-inc.com' => -3.0, |
| 'returns.groups.yahoo.com' => -3.0, |
| 'clusternews@linuxnetworx.com' => -3.0, |
| lc('lvs-users-admin@LinuxVirtualServer.org') => -3.0, |
| lc('owner-textbreakingnews@CNNIMAIL12.CNN.COM') => -5.0, |
| # soft-blacklisting (positive score) |
| 'sender@example.net' => 3.0, |
| '.example.net' => 1.0, |
| }, |
| ], # end of site-wide tables |
| }); |
| @decoders = ( |
| ['mail', \&do_mime_decode], |
| ['asc', \&do_ascii], |
| ['uue', \&do_ascii], |
| ['hqx', \&do_ascii], |
| ['ync', \&do_ascii], |
| ['F', \&do_uncompress, ['unfreeze','freeze -d','melt','fcat'] ], |
| ['Z', \&do_uncompress, ['uncompress','gzip -d','zcat'] ], |
| ['gz', \&do_uncompress, 'gzip -d'], |
| ['gz', \&do_gunzip], |
| ['bz2', \&do_uncompress, 'bzip2 -d'], |
| ['lzo', \&do_uncompress, 'lzop -d'], |
| ['rpm', \&do_uncompress, ['rpm2cpio.pl','rpm2cpio'] ], |
| ['cpio', \&do_pax_cpio, ['pax','gcpio','cpio'] ], |
| ['tar', \&do_pax_cpio, ['pax','gcpio','cpio'] ], |
| ['deb', \&do_ar, 'ar'], |
| ['zip', \&do_unzip], |
| ['7z', \&do_7zip, ['7zr','7za','7z'] ], |
| ['rar', \&do_unrar, ['rar','unrar'] ], |
| ['arj', \&do_unarj, ['arj','unarj'] ], |
| ['arc', \&do_arc, ['nomarch','arc'] ], |
| ['zoo', \&do_zoo, ['zoo','unzoo'] ], |
| ['lha', \&do_lha, 'lha'], |
| ['cab', \&do_cabextract, 'cabextract'], |
| ['tnef', \&do_tnef_ext, 'tnef'], |
| ['tnef', \&do_tnef], |
| ['exe', \&do_executable, ['rar','unrar'], 'lha', ['arj','unarj'] ], |
| ); |
| @av_scanners = ( |
| ['ClamAV-clamd', |
| \&ask_daemon, ["CONTSCAN {}\n", "/tmp/clamd.socket"], |
| qr/\bOK$/m, qr/\bFOUND$/m, |
| qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ], |
| ### http://www.kaspersky.com/ (kav4mailservers) |
| ['KasperskyLab AVP - aveclient', |
| ['/usr/local/kav/bin/aveclient','/usr/local/share/kav/bin/aveclient', |
| '/opt/kav/5.5/kav4mailservers/bin/aveclient','aveclient'], |
| '-p /var/run/aveserver -s {}/*', |
| [0,3,6,8], qr/\b(INFECTED|SUSPICION|SUSPICIOUS)\b/m, |
| qr/(?:INFECTED|WARNING|SUSPICION|SUSPICIOUS) (.+)/m, |
| ], |
| # NOTE: one may prefer [0],[2,3,4,5], depending on how suspicious, |
| # currupted or protected archives are to be handled |
| ### http://www.kaspersky.com/ |
| ['KasperskyLab AntiViral Toolkit Pro (AVP)', ['avp'], |
| '-* -P -B -Y -O- {}', [0,3,6,8], [2,4], # any use for -A -K ? |
| qr/infected: (.+)/m, |
| sub {chdir('/opt/AVP') or die "Can't chdir to AVP: $!"}, |
| sub {chdir($TEMPBASE) or die "Can't chdir back to $TEMPBASE $!"}, |
| ], |
| ### The kavdaemon and AVPDaemonClient have been removed from Kasperky |
| ### products and replaced by aveserver and aveclient |
| ['KasperskyLab AVPDaemonClient', |
| [ '/opt/AVP/kavdaemon', 'kavdaemon', |
| '/opt/AVP/AvpDaemonClient', 'AvpDaemonClient', |
| '/opt/AVP/AvpTeamDream', 'AvpTeamDream', |
| '/opt/AVP/avpdc', 'avpdc' ], |
| "-f=$TEMPBASE {}", [0,8], [3,4,5,6], qr/infected: ([^\r\n]+)/m ], |
| # change the startup-script in /etc/init.d/kavd to: |
| # DPARMS="-* -Y -dl -f=/var/amavis /var/amavis" |
| # (or perhaps: DPARMS="-I0 -Y -* /var/amavis" ) |
| # adjusting /var/amavis above to match your $TEMPBASE. |
| # The '-f=/var/amavis' is needed if not running it as root, so it |
| # can find, read, and write its pid file, etc., see 'man kavdaemon'. |
| # defUnix.prf: there must be an entry "*/var/amavis" (or whatever |
| # directory $TEMPBASE specifies) in the 'Names=' section. |
| # cd /opt/AVP/DaemonClients; configure; cd Sample; make |
| # cp AvpDaemonClient /opt/AVP/ |
| # su - vscan -c "${PREFIX}/kavdaemon ${DPARMS}" |
| ### http://www.centralcommand.com/ |
| ['CentralCommand Vexira (new) vascan', |
| ['vascan','/usr/lib/Vexira/vascan'], |
| "-a s --timeout=60 --temp=$TEMPBASE -y $QUARANTINEDIR ". |
| "--log=/var/log/vascan.log {}", |
| [0,3], [1,2,5], |
| qr/(?x)^\s* (?:virus|iworm|macro|mutant|sequence|trojan)\ found:\ ( [^\]\s']+ )\ \.\.\.\ /m ], |
| # Adjust the path of the binary and the virus database as needed. |
| # 'vascan' does not allow to have the temp directory to be the same as |
| # the quarantine directory, and the quarantine option can not be disabled. |
| # If $QUARANTINEDIR is not used, then another directory must be specified |
| # to appease 'vascan'. Move status 3 to the second list if password |
| # protected files are to be considered infected. |
| ### http://www.avira.com/ |
| ### Avira AntiVir (formerly H+BEDV) or (old) CentralCommand Vexira Antivirus |
| ['Avira AntiVir', ['antivir','vexira'], |
| '--allfiles -noboot -nombr -rs -s -z {}', [0], qr/ALERT:|VIRUS:/m, |
| qr/(?x)^\s* (?: ALERT: \s* (?: \[ | [^']* ' ) | |
| (?i) VIRUS:\ .*?\ virus\ '?) ( [^\]\s']+ )/m ], |
| # NOTE: if you only have a demo version, remove -z and add 214, as in: |
| # '--allfiles -noboot -nombr -rs -s {}', [0,214], qr/ALERT:|VIRUS:/, |
| ### http://www.commandsoftware.com/ |
| ['Command AntiVirus for Linux', 'csav', |
| '-all -archive -packed {}', [50], [51,52,53], |
| qr/Infection: (.+)/m ], |
| ### http://www.symantec.com/ |
| ['Symantec CarrierScan via Symantec CommandLineScanner', |
| 'cscmdline', '-a scan -i 1 -v -s 127.0.0.1:7777 {}', |
| qr/^Files Infected:\s+0$/m, qr/^Infected\b/m, |
| qr/^(?:Info|Virus Name):\s+(.+)/m ], |
| ### http://www.symantec.com/ |
| ['Symantec AntiVirus Scan Engine', |
| 'savsecls', '-server 127.0.0.1:7777 -mode scanrepair -details -verbose {}', |
| [0], qr/^Infected\b/m, |
| qr/^(?:Info|Virus Name):\s+(.+)/m ], |
| # NOTE: check options and patterns to see which entry better applies |
| ### http://www.f-secure.com/products/anti-virus/ version 5.52 |
| ['F-Secure Antivirus for Linux servers', |
| ['/opt/f-secure/fsav/bin/fsav', 'fsav'], |
| '--virus-action1=report --archive=yes --auto=yes '. |
| '--dumb=yes --list=no --mime=yes {}', [0], [3,4,6,8], |
| qr/(?:infection|Infected|Suspected|Riskware): (.+)/m ], |
| # NOTE: internal archive handling may be switched off by '--archive=no' |
| # to prevent fsav from exiting with status 9 on broken archives |
| ['CAI InoculateIT', 'inocucmd', # retired product |
| '-sec -nex {}', [0], [100], |
| qr/was infected by virus (.+)/m ], |
| # see: http://www.flatmtn.com/computer/Linux-Antivirus_CAI.html |
| ### http://www3.ca.com/Solutions/Product.asp?ID=156 (ex InoculateIT) |
| ['CAI eTrust Antivirus', 'etrust-wrapper', |
| '-arc -nex -spm h {}', [0], [101], |
| qr/is infected by virus: (.+)/m ], |
| # NOTE: requires suid wrapper around inocmd32; consider flag: -mod reviewer |
| # see http://marc.theaimsgroup.com/?l=amavis-user&m=109229779912783 |
| ### http://mks.com.pl/english.html |
| ['MkS_Vir for Linux (beta)', ['mks32','mks'], |
| '-s {}/*', [0], [1,2], |
| qr/--[ \t]*(.+)/m ], |
| ### http://mks.com.pl/english.html |
| ['MkS_Vir daemon', 'mksscan', |
| '-s -q {}', [0], [1..7], |
| qr/^... (\S+)/m ], |
| ### http://www.eset.com/, version 3.0 |
| ['ESET Software ESETS Command Line Interface', |
| ['/usr/bin/esets_cli', 'esets_cli'], |
| '--subdir {}', [0], [1,2,3], |
| qr/:\s*action="(?!accepted)[^"]*"\n.*:\s*virus="([^"]*)"/m ], |
| ## http://www.nod32.com/, NOD32LFS version 2.5 and above |
| ['ESET NOD32 for Linux File servers', |
| ['/opt/eset/nod32/sbin/nod32','nod32'], |
| '--files -z --mail --sfx --rtp --adware --unsafe --pattern --heur '. |
| '-w -a --action=1 -b {}', |
| [0], [1,10], qr/^object=.*, virus="(.*?)",/m ], |
| ### http://www.norman.com/products_nvc.shtml |
| ['Norman Virus Control v5 / Linux', 'nvcc', |
| '-c -l:0 -s -u -temp:$TEMPBASE {}', [0,10,11], [1,2,14], |
| qr/(?i).* virus in .* -> \'(.+)\'/m ], |
| ### http://www.pandasoftware.com/ |
| ['Panda CommandLineSecure 9 for Linux', |
| ['/opt/pavcl/usr/bin/pavcl','pavcl'], |
| '-auto -aex -heu -cmp -nbr -nor -nos -eng -nob {}', |
| qr/Number of files infected[ .]*: 0+(?!\d)/m, |
| qr/Number of files infected[ .]*: 0*[1-9]/m, |
| qr/Found virus :\s*(\S+)/m ], |
| # NOTE: for efficiency, start the Panda in resident mode with 'pavcl -tsr' |
| # before starting amavisd - the bases are then loaded only once at startup. |
| # To reload bases in a signature update script: |
| # /opt/pavcl/usr/bin/pavcl -tsr -ulr; /opt/pavcl/usr/bin/pavcl -tsr |
| # Please review other options of pavcl, for example: |
| # -nomalw, -nojoke, -nodial, -nohackt, -nospyw, -nocookies |
| ### http://www.nai.com/ |
| ['NAI McAfee AntiVirus (uvscan)', 'uvscan', |
| '--secure -rv --mime --summary --noboot - {}', [0], [13], |
| qr/(?x) Found (?: |
| \ the\ (.+)\ (?:virus|trojan) | |
| \ (?:virus|trojan)\ or\ variant\ ([^ ]+) | |
| :\ (.+)\ NOT\ a\ virus)/m, |
| # sub {$ENV{LD_PRELOAD}='/lib/libc.so.6'}, |
| # sub {delete $ENV{LD_PRELOAD}}, |
| ], |
| # NOTE1: with RH9: force the dynamic linker to look at /lib/libc.so.6 before |
| # anything else by setting environment variable LD_PRELOAD=/lib/libc.so.6 |
| # and then clear it when finished to avoid confusing anything else. |
| # NOTE2: to treat encrypted files as viruses replace the [13] with: |
| # qr/^\s{5,}(Found|is password-protected|.*(virus|trojan))/ |
| ### http://www.virusbuster.hu/en/ |
| ['VirusBuster', ['vbuster', 'vbengcl'], |
| "{} -ss -i '*' -log=$MYHOME/vbuster.log", [0], [1], |
| qr/: '(.*)' - Virus/m ], |
| # VirusBuster Ltd. does not support the daemon version for the workstation |
| # engine (vbuster-eng-1.12-linux-i386-libc6.tgz) any longer. The names of |
| # binaries, some parameters AND return codes have changed (from 3 to 1). |
| # See also the new Vexira entry 'vascan' which is possibly related. |
| ### http://www.cyber.com/ |
| ['CyberSoft VFind', 'vfind', |
| '--vexit {}/*', [0], [23], qr/##==>>>> VIRUS ID: CVDL (.+)/m, |
| # sub {$ENV{VSTK_HOME}='/usr/lib/vstk'}, |
| ], |
| ### http://www.avast.com/ |
| ['avast! Antivirus', ['/usr/bin/avastcmd','avastcmd'], |
| '-a -i -n -t=A {}', [0], [1], qr/\binfected by:\s+([^ \t\n\[\]]+)/m ], |
| ### http://www.ikarus-software.com/ |
| ['Ikarus AntiVirus for Linux', 'ikarus', |
| '{}', [0], [40], qr/Signature (.+) found/m ], |
| ### http://www.bitdefender.com/ |
| ['BitDefender', 'bdscan', # new version |
| '--action=ignore --no-list {}', qr/^Infected files\s*:\s*0+(?!\d)/m, |
| qr/^(?:Infected files|Identified viruses|Suspect files)\s*:\s*0*[1-9]/m, |
| qr/(?:suspected|infected)\s*:\s*(.*)(?:\033|$)/m ], |
| ### http://www.bitdefender.com/ |
| ['BitDefender', 'bdc', # old version |
| '--arc --mail {}', qr/^Infected files *:0+(?!\d)/m, |
| qr/^(?:Infected files|Identified viruses|Suspect files) *:0*[1-9]/m, |
| qr/(?:suspected|infected): (.*)(?:\033|$)/m ], |
| # consider also: --all --nowarn --alev=15 --flev=15. The --all argument may |
| # not apply to your version of bdc, check documentation and see 'bdc --help' |
| ### ArcaVir for Linux and Unix http://www.arcabit.pl/ |
| ['ArcaVir for Linux', ['arcacmd','arcacmd.static'], |
| '-v 1 -summary 0 -s {}', [0], [1,2], |
| qr/(?:VIR|WIR):[ \t]*(.+)/m ], |
| ); |
| @av_scanners_backup = ( |
| ### http://www.clamav.net/ - backs up clamd or Mail::ClamAV |
| ['ClamAV-clamscan', 'clamscan', |
| "--stdout --no-summary -r --tempdir=$TEMPBASE {}", |
| [0], qr/:.*\sFOUND$/m, qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ], |
| ### http://www.f-prot.com/ - backs up F-Prot Daemon, V6 |
| ['F-PROT Antivirus for UNIX', ['fpscan'], |
| '--report --mount --adware {}', # consider: --applications -s 4 -u 3 -z 10 |
| [0,8,64], [1,2,3, 4+1,4+2,4+3, 8+1,8+2,8+3, 12+1,12+2,12+3], |
| qr/^\[Found\s+[^\]]*\]\s+<([^ \t(>]*)/m ], |
| ### http://www.f-prot.com/ - backs up F-Prot Daemon (old) |
| ['FRISK F-Prot Antivirus', ['f-prot','f-prot.sh'], |
| '-dumb -archive -packed {}', [0,8], [3,6], # or: [0], [3,6,8], |
| qr/(?:Infection:|security risk named) (.+)|\s+contains\s+(.+)$/m ], |
| ### http://www.trendmicro.com/ - backs up Trophie |
| ['Trend Micro FileScanner', ['/etc/iscan/vscan','vscan'], |
| '-za -a {}', [0], qr/Found virus/m, qr/Found virus (.+) in/m ], |
| ### http://www.sald.com/, http://drweb.imshop.de/ - backs up DrWebD |
| ['drweb - DrWeb Antivirus', # security LHA hole in Dr.Web 4.33 and earlier |
| ['/usr/local/drweb/drweb', '/opt/drweb/drweb', 'drweb'], |
| '-path={} -al -go -ot -cn -upn -ok-', |
| [0,32], [1,9,33], qr' infected (?:with|by)(?: virus)? (.*)$'m ], |
| ### http://www.kaspersky.com/ |
| ['Kaspersky Antivirus v5.5', |
| ['/opt/kaspersky/kav4fs/bin/kav4fs-kavscanner', |
| '/opt/kav/5.5/kav4unix/bin/kavscanner', |
| '/opt/kav/5.5/kav4mailservers/bin/kavscanner', 'kavscanner'], |
| '-i0 -xn -xp -mn -R -ePASBME {}/*', [0,10,15], [5,20,21,25], |
| qr/(?:INFECTED|WARNING|SUSPICION|SUSPICIOUS) (.*)/m, |
| ], |
| ); |
| 1; # insure a defined return value </code> |
| |
| ===== Programmstart ===== |
| ==== clamd ==== |
| Nun ist es an der Zeit unseren **ClamAV**-Daemon das erste mal zu starten. |
| # service clamd start |
| <code>Starting Clam AntiVirus Daemon: LibClamAV Warning: ************************************************** |
| LibClamAV Warning: *** The virus database is older than 7 days! *** |
| LibClamAV Warning: *** Please update it as soon as possible. *** |
| LibClamAV Warning: ************************************************** |
| [ OK ]</code> |
| Wir müssen also unser Virendatenbank erst einmal updaten - Hierzu nutzen wir das Programm **freshclam** aus dem Paket **//clamav//**. Wir stoppen nun erst einmal unseren Daemon uns fahren mit der Installation und Konfiguration der weiteren Schritte fort. |
| # service clamd stop |
| |
| Stopping Clam AntiVirus Daemon: [ OK ] |
| |
| ==== amavisd ==== |
| Zum Aktivieren der vorgenannten Konfigurationsänderungen in der **/etc/amavisd.conf**, führen wir nun einen Restart unseres //**A** **MA**il **Vi**rus **S**canners// durch. |
| # service amavisd restart |
| |
| Mail Virus Scanner (amavisd) beenden: [ OK ] |
| Mail Virus Scanner (amavisd) starten: [ OK ] |
| Mail Virus Scanner (amavisd) starten: [ OK ] |
| Im Maillog **/var/log/maillog** wird der erfolgreiche Restart entsprechend vermerkt: |
| <code>Nov 20 22:52:07 nss amavis[27959]: (27959-10) TempDir removal: empty tempdir is being removed: /var/amavis/tmp/amavis-20081120T212043-27959 |
| Nov 20 22:52:07 nss amavis[27960]: (27960-09) TempDir removal: empty tempdir is being removed: /var/amavis/tmp/amavis-20081120T211933-27960 |
| Nov 20 22:52:07 nss amavis[27957]: Net::Server: 2008/11/20-22:52:07 Server closing! |
| Nov 20 22:52:09 nss amavis[29613]: logging initialized, log level 3, syslog: amavis.mail |
| Nov 20 22:52:09 nss amavis[29613]: starting. /usr/sbin/amavisd at amavis.nausch.org amavisd-new-2.5.4 (20080312), Unicode aware, LANG="de_DE.UTF-8" |
| Nov 20 22:52:09 nss amavis[29613]: user=103, EUID: 103 (103); group=, EGID: 106 106 (106 106) |
| Nov 20 22:52:09 nss amavis[29613]: Perl version 5.008008 |
| Nov 20 22:52:09 nss amavis[29613]: INFO: SA version: 3.2.4, 3.002004, no optional modules: Net::CIDR::Lite Sys::Hostname::Long Mail::SpamAssassin::BayesStore::PgSQL Encode::Detect Mail::SpamAssassin::Plugin::DKIM Razor2::Client::Agent IP::Country::Fast Mail::DKIM Mail::DKIM::Verifier Image::Info Image::Info::GIF Image::Info::JPEG Image::Info::PNG Image::Info::TIFF Mail::SPF Mail::SPF::Server Mail::SPF::Request Mail::SPF::Mech Mail::SPF::Mech::A Mail::SPF::Mech::PTR Mail::SPF::Mech::All Mail::SPF::Mech::Exists Mail::SPF::Mech::IP4 Mail::SPF::Mech::IP6 Mail::SPF::Mech::Include Mail::SPF::Mech::MX Mail::SPF::Mod Mail::SPF::Mod::Exp Mail::SPF::Mod::Redirect Mail::SPF::SenderIPAddrMech Mail::SPF::v1::Record Mail::SPF::v2::Record NetAddr::IP NetAddr::IP::Util auto::NetAddr::IP::Util::inet_n2dx auto::NetAddr::IP::Util::ipv6_n2d Mail::SPF::Query Crypt::OpenSSL::RSA auto::Crypt::OpenSSL::RSA::new_public_key auto::Crypt::OpenSSL::RSA::new_key_from_parameters auto::Crypt::OpenSSL::RSA::get_key_parameters aut... |
| Nov 20 22:52:09 nss amavis[29613]: ...o::Crypt::OpenSSL::RSA::import_random_seed Digest::SHA Error |
| Nov 20 22:52:09 nss amavis[29613]: SpamControl: init_pre_chroot done |
| Nov 20 22:52:09 nss amavis[29614]: Net::Server: Process Backgrounded |
| Nov 20 22:52:09 nss amavis[29614]: Net::Server: 2008/11/20-22:52:09 Amavis (type Net::Server::PreForkSimple) starting! pid(29614) |
| Nov 20 22:52:09 nss amavis[29614]: Net::Server: Binding to UNIX socket file /var/amavis/amavisd.sock using SOCK_STREAM |
| Nov 20 22:52:09 nss amavis[29614]: Net::Server: Binding to TCP port 10024 on host 127.0.0.1 |
| Nov 20 22:52:09 nss amavis[29614]: Net::Server: Group Not Defined. Defaulting to EGID '106 106' |
| Nov 20 22:52:09 nss amavis[29614]: Net::Server: User Not Defined. Defaulting to EUID '103' |
| Nov 20 22:52:09 nss amavis[29614]: config files read: /etc/amavisd.conf |
| Nov 20 22:52:09 nss amavis[29614]: Module Amavis::Conf 2.094 |
| Nov 20 22:52:09 nss amavis[29614]: Module Archive::Zip 1.16 |
| Nov 20 22:52:09 nss amavis[29614]: Module BerkeleyDB 0.36 |
| Nov 20 22:52:09 nss amavis[29614]: Module Compress::Zlib 1.42 |
| Nov 20 22:52:09 nss amavis[29614]: Module Convert::TNEF 0.17 |
| Nov 20 22:52:09 nss amavis[29614]: Module Convert::UUlib 1.051 |
| Nov 20 22:52:09 nss amavis[29614]: Module DBD::mysql 4.008 |
| Nov 20 22:52:09 nss amavis[29614]: Module DBI 1.52 |
| Nov 20 22:52:09 nss amavis[29614]: Module DB_File 1.814 |
| Nov 20 22:52:09 nss amavis[29614]: Module Digest::MD5 2.36 |
| Nov 20 22:52:09 nss amavis[29614]: Module Digest::SHA1 2.11 |
| Nov 20 22:52:09 nss amavis[29614]: Module IO::Socket::INET6 2.51 |
| Nov 20 22:52:09 nss amavis[29614]: Module MIME::Entity 5.420 |
| Nov 20 22:52:09 nss amavis[29614]: Module MIME::Parser 5.420 |
| Nov 20 22:52:09 nss amavis[29614]: Module MIME::Tools 5.420 |
| Nov 20 22:52:09 nss amavis[29614]: Module Mail::Header 1.77 |
| Nov 20 22:52:09 nss amavis[29614]: Module Mail::Internet 1.77 |
| Nov 20 22:52:09 nss amavis[29614]: Module Mail::SpamAssassin 3.002004 |
| Nov 20 22:52:09 nss amavis[29614]: Module Net::DNS 0.59 |
| Nov 20 22:52:09 nss amavis[29614]: Module Net::Server 0.97 |
| Nov 20 22:52:09 nss amavis[29614]: Module Time::HiRes 1.86 |
| Nov 20 22:52:09 nss amavis[29614]: Module URI 1.35 |
| Nov 20 22:52:09 nss amavis[29614]: Module Unix::Syslog 1.0 |
| Nov 20 22:52:09 nss amavis[29614]: Amavis::DB code loaded |
| Nov 20 22:52:09 nss amavis[29614]: Amavis::Cache code loaded |
| Nov 20 22:52:09 nss amavis[29614]: SQL base code NOT loaded |
| Nov 20 22:52:09 nss amavis[29614]: SQL::Log code NOT loaded |
| Nov 20 22:52:09 nss amavis[29614]: SQL::Quarantine NOT loaded |
| Nov 20 22:52:09 nss amavis[29614]: Lookup::SQL code NOT loaded |
| Nov 20 22:52:09 nss amavis[29614]: Lookup::LDAP code NOT loaded |
| Nov 20 22:52:09 nss amavis[29614]: AM.PDP-in proto code loaded |
| Nov 20 22:52:09 nss amavis[29614]: SMTP-in proto code loaded |
| Nov 20 22:52:09 nss amavis[29614]: Courier proto code NOT loaded |
| Nov 20 22:52:09 nss amavis[29614]: SMTP-out proto code loaded |
| Nov 20 22:52:09 nss amavis[29614]: Pipe-out proto code NOT loaded |
| Nov 20 22:52:09 nss amavis[29614]: BSMTP-out proto code NOT loaded |
| Nov 20 22:52:09 nss amavis[29614]: Local-out proto code loaded |
| Nov 20 22:52:09 nss amavis[29614]: OS_Fingerprint code NOT loaded |
| Nov 20 22:52:09 nss amavis[29614]: ANTI-VIRUS code loaded |
| Nov 20 22:52:09 nss amavis[29614]: ANTI-SPAM code loaded |
| Nov 20 22:52:09 nss amavis[29614]: ANTI-SPAM-SA code loaded |
| Nov 20 22:52:09 nss amavis[29614]: Unpackers code loaded |
| Nov 20 22:52:09 nss amavis[29614]: Found $file at /usr/bin/file |
| Nov 20 22:52:09 nss amavis[29614]: No $dspam, not using it |
| Nov 20 22:52:09 nss amavis[29614]: No $altermime, not using it |
| Nov 20 22:52:09 nss amavis[29614]: Internal decoder for .mail |
| Nov 20 22:52:09 nss amavis[29614]: Internal decoder for .asc |
| Nov 20 22:52:09 nss amavis[29614]: Internal decoder for .uue |
| Nov 20 22:52:09 nss amavis[29614]: Internal decoder for .hqx |
| Nov 20 22:52:09 nss amavis[29614]: Internal decoder for .ync |
| Nov 20 22:52:09 nss amavis[29614]: Found decoder for .F at /usr/bin/unfreeze |
| Nov 20 22:52:09 nss amavis[29614]: Found decoder for .Z at /usr/bin/uncompress |
| Nov 20 22:52:09 nss amavis[29614]: Found decoder for .gz at /usr/bin/gzip -d |
| Nov 20 22:52:09 nss amavis[29614]: Internal decoder for .gz (backup, not used) |
| Nov 20 22:52:09 nss amavis[29614]: Found decoder for .bz2 at /usr/bin/bzip2 -d |
| Nov 20 22:52:09 nss amavis[29614]: Found decoder for .lzo at /usr/bin/lzop -d |
| Nov 20 22:52:09 nss amavis[29614]: Found decoder for .rpm at /usr/bin/rpm2cpio |
| Nov 20 22:52:09 nss amavis[29614]: Found decoder for .cpio at /usr/bin/pax |
| Nov 20 22:52:09 nss amavis[29614]: Found decoder for .tar at /usr/bin/pax |
| Nov 20 22:52:09 nss amavis[29614]: Found decoder for .deb at /usr/bin/ar |
| Nov 20 22:52:09 nss amavis[29614]: Internal decoder for .zip |
| Nov 20 22:52:09 nss amavis[29614]: No decoder for .7z tried: 7zr, 7za, 7z |
| Nov 20 22:52:09 nss amavis[29614]: Found decoder for .rar at /usr/bin/unrar |
| Nov 20 22:52:09 nss amavis[29614]: Found decoder for .arj at /usr/bin/arj |
| Nov 20 22:52:09 nss amavis[29614]: Found decoder for .arc at /usr/bin/nomarch |
| Nov 20 22:52:09 nss amavis[29614]: Found decoder for .zoo at /usr/bin/zoo |
| Nov 20 22:52:09 nss amavis[29614]: Found decoder for .lha at /usr/bin/lha |
| Nov 20 22:52:09 nss amavis[29614]: Found decoder for .cab at /usr/bin/cabextract |
| Nov 20 22:52:09 nss amavis[29614]: No decoder for .tnef tried: tnef |
| Nov 20 22:52:09 nss amavis[29614]: Internal decoder for .tnef |
| Nov 20 22:52:09 nss amavis[29614]: Found decoder for .exe at /usr/bin/unrar; /usr/bin/lha; /usr/bin/arj |
| Nov 20 22:52:09 nss amavis[29614]: Using primary internal av scanner code for ClamAV-clamd |
| Nov 20 22:52:09 nss amavis[29614]: No primary av scanner: KasperskyLab AVP - aveclient |
| Nov 20 22:52:09 nss amavis[29614]: No primary av scanner: KasperskyLab AntiViral Toolkit Pro (AVP) |
| Nov 20 22:52:09 nss amavis[29614]: No primary av scanner: KasperskyLab AVPDaemonClient |
| Nov 20 22:52:09 nss amavis[29614]: No primary av scanner: CentralCommand Vexira (new) vascan |
| Nov 20 22:52:09 nss amavis[29614]: No primary av scanner: Avira AntiVir |
| Nov 20 22:52:09 nss amavis[29614]: No primary av scanner: Command AntiVirus for Linux |
| Nov 20 22:52:09 nss amavis[29614]: No primary av scanner: Symantec CarrierScan via Symantec CommandLineScanner |
| Nov 20 22:52:09 nss amavis[29614]: No primary av scanner: Symantec AntiVirus Scan Engine |
| Nov 20 22:52:09 nss amavis[29614]: No primary av scanner: F-Secure Antivirus for Linux servers |
| Nov 20 22:52:09 nss amavis[29614]: No primary av scanner: CAI InoculateIT |
| Nov 20 22:52:09 nss amavis[29614]: No primary av scanner: CAI eTrust Antivirus |
| Nov 20 22:52:09 nss amavis[29614]: No primary av scanner: MkS_Vir for Linux (beta) |
| Nov 20 22:52:09 nss amavis[29614]: No primary av scanner: MkS_Vir daemon |
| Nov 20 22:52:09 nss amavis[29614]: No primary av scanner: ESET NOD32 Linux Mail Server - command line interface |
| Nov 20 22:52:09 nss amavis[29614]: No primary av scanner: ESET NOD32 for Linux File servers |
| Nov 20 22:52:09 nss amavis[29614]: No primary av scanner: Norman Virus Control v5 / Linux |
| Nov 20 22:52:09 nss amavis[29614]: No primary av scanner: Panda CommandLineSecure 9 for Linux |
| Nov 20 22:52:09 nss amavis[29614]: No primary av scanner: NAI McAfee AntiVirus (uvscan) |
| Nov 20 22:52:09 nss amavis[29614]: No primary av scanner: VirusBuster |
| Nov 20 22:52:09 nss amavis[29614]: No primary av scanner: CyberSoft VFind |
| Nov 20 22:52:09 nss amavis[29614]: No primary av scanner: avast! Antivirus |
| Nov 20 22:52:09 nss amavis[29614]: No primary av scanner: Ikarus AntiVirus for Linux |
| Nov 20 22:52:09 nss amavis[29614]: No primary av scanner: BitDefender |
| Nov 20 22:52:09 nss amavis[29614]: No primary av scanner: BitDefender |
| Nov 20 22:52:09 nss amavis[29614]: No primary av scanner: ArcaVir for Linux |
| Nov 20 22:52:09 nss amavis[29614]: Found secondary av scanner ClamAV-clamscan at /usr/bin/clamscan |
| Nov 20 22:52:09 nss amavis[29614]: No secondary av scanner: F-PROT Antivirus for UNIX |
| Nov 20 22:52:09 nss amavis[29614]: No secondary av scanner: FRISK F-Prot Antivirus |
| Nov 20 22:52:09 nss amavis[29614]: No secondary av scanner: Trend Micro FileScanner |
| Nov 20 22:52:09 nss amavis[29614]: No secondary av scanner: drweb - DrWeb Antivirus |
| Nov 20 22:52:09 nss amavis[29614]: No secondary av scanner: Kaspersky Antivirus v5.5 |
| Nov 20 22:52:09 nss amavis[29614]: Creating db in /var/amavis/db/; BerkeleyDB 0.36, libdb 4.3 |
| Nov 20 22:52:09 nss amavis[29614]: SpamControl: initializing Mail::SpamAssassin |
| Nov 20 22:52:10 nss amavis[29614]: SpamControl: init_pre_fork done |
| Nov 20 22:52:10 nss amavis[29620]: TIMING [total 5 ms] - bdb-open: 5 (100%)100, rundown: 0 (0%)100 |
| Nov 20 22:52:10 nss amavis[29621]: TIMING [total 5 ms] - bdb-open: 5 (100%)100, rundown: 0 (0%)100</code> |
| ===== automatisches Starten der Dienste beim Systemstart ===== |
| ==== clamd ==== |
| Damit nun unser clamav-daemon beim Booten automatisch gestartet wird, nehmen wir noch folgende Konfigurationsschritte vor. |
| <code>chkconfig clamd on</code> |
| Anschließend überprüfen wir noch unsere Änderung: |
| chkconfig --list | grep clamd |
| clamd 0:Aus 1:Aus 2:Ein 3:Ein 4:Ein 5:Ein 6:Aus |
| ==== amavisd ==== |
| Den automatischen Start haben wir bereits im Kapitel [[centos:mailserver:grundinstallation_von_amavis]] vorgenommen. |
| |
| |