Unterschiede

Hier werden die Unterschiede zwischen zwei Versionen angezeigt.

Link zu dieser Vergleichsansicht

Beide Seiten der vorigen Revision Vorhergehende Überarbeitung
Nächste Überarbeitung
Vorhergehende Überarbeitung
centos:mailserver:installation_von_clamav [04.08.2011 06:00. ]
django [amavisd]
centos:mailserver:installation_von_clamav [20.04.2018 10:34. ] (aktuell)
Zeile 1: Zeile 1:
 +====== Virenschutz mit ClamAV ======
 +Als **//​Viren-Scanner//​** und **//​-Killer//​** verwenden wir [[http://​www.clamav.net/​|clamav]].
 +===== Installation =====
 +Wir installieren uns hierzu den entsprechenden **daemon** via **yum**.
 +<​code>​yum install clamd clamav clamav-db</​code>​
 +==== Info ====
 +Was uns die einzelnen Pakete liefern, entnehmen wir den jeweiligen rpm's.
 +<​code>​yum info clamd
 +
 +Name   : clamd
 +...
 +Summary: The Clam AntiVirus Daemon
 +Description:​
 +The Clam AntiVirus Daemon</​code>​
 +
 +<​code>​yum info clamav
 +
 +
 +Name   : clamav
 +...
 +Summary: Anti-virus software
 +Description:​
 +Clam AntiVirus is a GPL anti-virus toolkit for UNIX. The main purpose of
 +this software is the integration with mail servers (attachment scanning).
 +The package provides a flexible and scalable multi-threaded daemon, a
 +command line scanner, and a tool for automatic updating via Internet.
 +
 +The programs are based on a shared library distributed with the Clam
 +AntiVirus package, which you can use with your own software. Most
 +importantly,​ the virus database is kept up to date</​code>​
 +
 +<​code>​yum info clamav-db
 +
 +Name   : clamav-db
 +...
 +Summary: Virus database for clamav
 +Description:​
 +The actual virus database for clamav</​code>​
 +==== Programmpfade und -inhalte ====
 +Über die einzelnen Dateien und Pfade der installierten Programme, informieren wir uns mittels:
 +<​code>​rpm -ql clamd
 +
 +/​etc/​clamd.conf
 +/​etc/​logrotate.d/​clamav
 +/​etc/​rc.d/​init.d/​clamd
 +/​usr/​bin/​clamconf
 +/​usr/​bin/​clamdscan
 +/​usr/​sbin/​clamd
 +/​usr/​share/​doc/​clamd-0.94.1
 +/​usr/​share/​doc/​clamd-0.94.1/​clamd.conf
 +/​usr/​share/​doc/​clamd-0.94.1/​clamdwatch
 +/​usr/​share/​doc/​clamd-0.94.1/​clamdwatch/​clamdwatch.tar.gz
 +/​usr/​share/​man/​man1/​clamconf.1.gz
 +/​usr/​share/​man/​man1/​clamdscan.1.gz
 +/​usr/​share/​man/​man5/​clamd.conf.5.gz
 +/​usr/​share/​man/​man8/​clamd.8.gz
 +/var/clamav
 +/​var/​log/​clamav
 +/​var/​run/​clamav
 +</​code>​
 +
 +<​code>​rpm -ql clamav
 +
 +/​etc/​freshclam.conf
 +/​usr/​bin/​clamscan
 +/​usr/​bin/​freshclam
 +/​usr/​bin/​sigtool
 +/​usr/​lib/​libclamav.so.5
 +/​usr/​lib/​libclamav.so.5.0.3
 +/​usr/​lib/​libclamunrar.so.5
 +/​usr/​lib/​libclamunrar.so.5.0.3
 +/​usr/​lib/​libclamunrar_iface.so.5
 +/​usr/​lib/​libclamunrar_iface.so.5.0.3
 +/​usr/​share/​doc/​clamav-0.94.1
 +/​usr/​share/​doc/​clamav-0.94.1/​AUTHORS
 +/​usr/​share/​doc/​clamav-0.94.1/​BUGS
 +/​usr/​share/​doc/​clamav-0.94.1/​COPYING
 +/​usr/​share/​doc/​clamav-0.94.1/​ChangeLog
 +/​usr/​share/​doc/​clamav-0.94.1/​FAQ
 +/​usr/​share/​doc/​clamav-0.94.1/​INSTALL
 +/​usr/​share/​doc/​clamav-0.94.1/​NEWS
 +/​usr/​share/​doc/​clamav-0.94.1/​README
 +/​usr/​share/​doc/​clamav-0.94.1/​clamav-mirror-howto.pdf
 +/​usr/​share/​doc/​clamav-0.94.1/​clamdoc.pdf
 +/​usr/​share/​doc/​clamav-0.94.1/​freshclam.conf
 +/​usr/​share/​doc/​clamav-0.94.1/​phishsigs_howto.pdf
 +/​usr/​share/​doc/​clamav-0.94.1/​signatures.pdf
 +/​usr/​share/​doc/​clamav-0.94.1/​test
 +/​usr/​share/​doc/​clamav-0.94.1/​test/​.split
 +/​usr/​share/​doc/​clamav-0.94.1/​test/​.split/​split.clam-aspack.exeaa
 +/​usr/​share/​doc/​clamav-0.94.1/​test/​.split/​split.clam-aspack.exeab
 +/​usr/​share/​doc/​clamav-0.94.1/​test/​.split/​split.clam-fsg.exeaa
 +/​usr/​share/​doc/​clamav-0.94.1/​test/​.split/​split.clam-fsg.exeab
 +/​usr/​share/​doc/​clamav-0.94.1/​test/​.split/​split.clam-mew.exeaa
 +/​usr/​share/​doc/​clamav-0.94.1/​test/​.split/​split.clam-mew.exeab
 +/​usr/​share/​doc/​clamav-0.94.1/​test/​.split/​split.clam-nsis.exeaa
 +/​usr/​share/​doc/​clamav-0.94.1/​test/​.split/​split.clam-nsis.exeab
 +/​usr/​share/​doc/​clamav-0.94.1/​test/​.split/​split.clam-pespin.exeaa
 +/​usr/​share/​doc/​clamav-0.94.1/​test/​.split/​split.clam-pespin.exeab
 +/​usr/​share/​doc/​clamav-0.94.1/​test/​.split/​split.clam-petite.exeaa
 +/​usr/​share/​doc/​clamav-0.94.1/​test/​.split/​split.clam-petite.exeab
 +/​usr/​share/​doc/​clamav-0.94.1/​test/​.split/​split.clam-upack.exeaa
 +/​usr/​share/​doc/​clamav-0.94.1/​test/​.split/​split.clam-upack.exeab
 +/​usr/​share/​doc/​clamav-0.94.1/​test/​.split/​split.clam-upx.exeaa
 +/​usr/​share/​doc/​clamav-0.94.1/​test/​.split/​split.clam-upx.exeab
 +/​usr/​share/​doc/​clamav-0.94.1/​test/​.split/​split.clam-v2.raraa
 +/​usr/​share/​doc/​clamav-0.94.1/​test/​.split/​split.clam-v2.rarab
 +/​usr/​share/​doc/​clamav-0.94.1/​test/​.split/​split.clam-v3.raraa
 +/​usr/​share/​doc/​clamav-0.94.1/​test/​.split/​split.clam-v3.rarab
 +/​usr/​share/​doc/​clamav-0.94.1/​test/​.split/​split.clam-wwpack.exeaa
 +/​usr/​share/​doc/​clamav-0.94.1/​test/​.split/​split.clam-wwpack.exeab
 +/​usr/​share/​doc/​clamav-0.94.1/​test/​.split/​split.clam.arjaa
 +/​usr/​share/​doc/​clamav-0.94.1/​test/​.split/​split.clam.arjab
 +/​usr/​share/​doc/​clamav-0.94.1/​test/​.split/​split.clam.bz2.zipaa
 +/​usr/​share/​doc/​clamav-0.94.1/​test/​.split/​split.clam.bz2.zipab
 +/​usr/​share/​doc/​clamav-0.94.1/​test/​.split/​split.clam.cabaa
 +/​usr/​share/​doc/​clamav-0.94.1/​test/​.split/​split.clam.cabab
 +/​usr/​share/​doc/​clamav-0.94.1/​test/​.split/​split.clam.chmaa
 +/​usr/​share/​doc/​clamav-0.94.1/​test/​.split/​split.clam.chmab
 +/​usr/​share/​doc/​clamav-0.94.1/​test/​.split/​split.clam.d64.zipaa
 +/​usr/​share/​doc/​clamav-0.94.1/​test/​.split/​split.clam.d64.zipab
 +/​usr/​share/​doc/​clamav-0.94.1/​test/​.split/​split.clam.ea05.exeaa
 +/​usr/​share/​doc/​clamav-0.94.1/​test/​.split/​split.clam.ea05.exeab
 +/​usr/​share/​doc/​clamav-0.94.1/​test/​.split/​split.clam.ea06.exeaa
 +/​usr/​share/​doc/​clamav-0.94.1/​test/​.split/​split.clam.ea06.exeab
 +/​usr/​share/​doc/​clamav-0.94.1/​test/​.split/​split.clam.exe.binhexaa
 +/​usr/​share/​doc/​clamav-0.94.1/​test/​.split/​split.clam.exe.binhexab
 +/​usr/​share/​doc/​clamav-0.94.1/​test/​.split/​split.clam.exe.bz2aa
 +/​usr/​share/​doc/​clamav-0.94.1/​test/​.split/​split.clam.exe.bz2ab
 +/​usr/​share/​doc/​clamav-0.94.1/​test/​.split/​split.clam.exe.htmlaa
 +/​usr/​share/​doc/​clamav-0.94.1/​test/​.split/​split.clam.exe.htmlab
 +/​usr/​share/​doc/​clamav-0.94.1/​test/​.split/​split.clam.exe.mbox.base64aa
 +/​usr/​share/​doc/​clamav-0.94.1/​test/​.split/​split.clam.exe.mbox.base64ab
 +/​usr/​share/​doc/​clamav-0.94.1/​test/​.split/​split.clam.exe.mbox.uuaa
 +/​usr/​share/​doc/​clamav-0.94.1/​test/​.split/​split.clam.exe.mbox.uuab
 +/​usr/​share/​doc/​clamav-0.94.1/​test/​.split/​split.clam.exe.rtfaa
 +/​usr/​share/​doc/​clamav-0.94.1/​test/​.split/​split.clam.exe.rtfab
 +/​usr/​share/​doc/​clamav-0.94.1/​test/​.split/​split.clam.exe.szddaa
 +/​usr/​share/​doc/​clamav-0.94.1/​test/​.split/​split.clam.exe.szddab
 +/​usr/​share/​doc/​clamav-0.94.1/​test/​.split/​split.clam.exeaa
 +/​usr/​share/​doc/​clamav-0.94.1/​test/​.split/​split.clam.exeab
 +/​usr/​share/​doc/​clamav-0.94.1/​test/​.split/​split.clam.impl.zipaa
 +/​usr/​share/​doc/​clamav-0.94.1/​test/​.split/​split.clam.impl.zipab
 +/​usr/​share/​doc/​clamav-0.94.1/​test/​.split/​split.clam.mailaa
 +/​usr/​share/​doc/​clamav-0.94.1/​test/​.split/​split.clam.mailab
 +/​usr/​share/​doc/​clamav-0.94.1/​test/​.split/​split.clam.ole.docaa
 +/​usr/​share/​doc/​clamav-0.94.1/​test/​.split/​split.clam.ole.docab
 +/​usr/​share/​doc/​clamav-0.94.1/​test/​.split/​split.clam.pdfaa
 +/​usr/​share/​doc/​clamav-0.94.1/​test/​.split/​split.clam.pdfab
 +/​usr/​share/​doc/​clamav-0.94.1/​test/​.split/​split.clam.pptaa
 +/​usr/​share/​doc/​clamav-0.94.1/​test/​.split/​split.clam.pptab
 +/​usr/​share/​doc/​clamav-0.94.1/​test/​.split/​split.clam.sisaa
 +/​usr/​share/​doc/​clamav-0.94.1/​test/​.split/​split.clam.sisab
 +/​usr/​share/​doc/​clamav-0.94.1/​test/​.split/​split.clam.tar.gzaa
 +/​usr/​share/​doc/​clamav-0.94.1/​test/​.split/​split.clam.tar.gzab
 +/​usr/​share/​doc/​clamav-0.94.1/​test/​.split/​split.clam.tnefaa
 +/​usr/​share/​doc/​clamav-0.94.1/​test/​.split/​split.clam.tnefab
 +/​usr/​share/​doc/​clamav-0.94.1/​test/​.split/​split.clam.zipaa
 +/​usr/​share/​doc/​clamav-0.94.1/​test/​.split/​split.clam.zipab
 +/​usr/​share/​doc/​clamav-0.94.1/​test/​Makefile
 +/​usr/​share/​doc/​clamav-0.94.1/​test/​Makefile.am
 +/​usr/​share/​doc/​clamav-0.94.1/​test/​Makefile.in
 +/​usr/​share/​doc/​clamav-0.94.1/​test/​README
 +/​usr/​share/​doc/​clamav-0.94.1/​test/​clam-aspack.exe
 +/​usr/​share/​doc/​clamav-0.94.1/​test/​clam-fsg.exe
 +/​usr/​share/​doc/​clamav-0.94.1/​test/​clam-mew.exe
 +/​usr/​share/​doc/​clamav-0.94.1/​test/​clam-nsis.exe
 +/​usr/​share/​doc/​clamav-0.94.1/​test/​clam-pespin.exe
 +/​usr/​share/​doc/​clamav-0.94.1/​test/​clam-petite.exe
 +/​usr/​share/​doc/​clamav-0.94.1/​test/​clam-upack.exe
 +/​usr/​share/​doc/​clamav-0.94.1/​test/​clam-upx.exe
 +/​usr/​share/​doc/​clamav-0.94.1/​test/​clam-v2.rar
 +/​usr/​share/​doc/​clamav-0.94.1/​test/​clam-v3.rar
 +/​usr/​share/​doc/​clamav-0.94.1/​test/​clam-wwpack.exe
 +/​usr/​share/​doc/​clamav-0.94.1/​test/​clam.arj
 +/​usr/​share/​doc/​clamav-0.94.1/​test/​clam.bz2.zip
 +/​usr/​share/​doc/​clamav-0.94.1/​test/​clam.cab
 +/​usr/​share/​doc/​clamav-0.94.1/​test/​clam.chm
 +/​usr/​share/​doc/​clamav-0.94.1/​test/​clam.d64.zip
 +/​usr/​share/​doc/​clamav-0.94.1/​test/​clam.ea05.exe
 +/​usr/​share/​doc/​clamav-0.94.1/​test/​clam.ea06.exe
 +/​usr/​share/​doc/​clamav-0.94.1/​test/​clam.exe
 +/​usr/​share/​doc/​clamav-0.94.1/​test/​clam.exe.binhex
 +/​usr/​share/​doc/​clamav-0.94.1/​test/​clam.exe.bz2
 +/​usr/​share/​doc/​clamav-0.94.1/​test/​clam.exe.html
 +/​usr/​share/​doc/​clamav-0.94.1/​test/​clam.exe.mbox.base64
 +/​usr/​share/​doc/​clamav-0.94.1/​test/​clam.exe.mbox.uu
 +/​usr/​share/​doc/​clamav-0.94.1/​test/​clam.exe.rtf
 +/​usr/​share/​doc/​clamav-0.94.1/​test/​clam.exe.szdd
 +/​usr/​share/​doc/​clamav-0.94.1/​test/​clam.impl.zip
 +/​usr/​share/​doc/​clamav-0.94.1/​test/​clam.mail
 +/​usr/​share/​doc/​clamav-0.94.1/​test/​clam.ole.doc
 +/​usr/​share/​doc/​clamav-0.94.1/​test/​clam.pdf
 +/​usr/​share/​doc/​clamav-0.94.1/​test/​clam.ppt
 +/​usr/​share/​doc/​clamav-0.94.1/​test/​clam.sis
 +/​usr/​share/​doc/​clamav-0.94.1/​test/​clam.tar.gz
 +/​usr/​share/​doc/​clamav-0.94.1/​test/​clam.tnef
 +/​usr/​share/​doc/​clamav-0.94.1/​test/​clam.zip
 +/​usr/​share/​man/​man1/​clamscan.1.gz
 +/​usr/​share/​man/​man1/​freshclam.1.gz
 +/​usr/​share/​man/​man1/​sigtool.1.gz
 +/​usr/​share/​man/​man5/​freshclam.conf.5.gz
 +</​code>​
 +
 +<​code>​rpm -ql clamav-db
 +/​etc/​cron.daily/​freshclam
 +/​etc/​logrotate.d/​freshclam
 +/var/clamav
 +/​var/​clamav/​daily.cvd
 +/​var/​clamav/​main.cvd
 +/​var/​log/​clamav
 +</​code>​
 +===== Konfiguration =====
 +==== clamd ====
 +Die Konfigurationsdatei des ClamAV-Daemons **/​etc/​clamd.conf** passen wir unseren Gegebenheiten entsprechend an. 
 +Wichtig sind dabei insbesonders die drei Paramter:
 +  * **User clamav**
 +  * **AllowSupplementaryGroups yes**
 +  * **LocalSocket /​tmp/​clamd.socket**
 +In Summe ergibt sich also folgende Gesamtkonfiguration: ​
 +<​code>​egrep -v '​(^.*#​|^$)'​ /​etc/​clamd.conf ​
 +
 +LogFile /​var/​log/​clamav/​clamd.log
 +LogFileMaxSize 0
 +LogTime yes
 +LogSyslog yes
 +PidFile /​var/​run/​clamav/​clamd.pid
 +TemporaryDirectory /var/tmp
 +DatabaseDirectory /var/clamav
 +LocalSocket /​tmp/​clamd.socket
 +FixStaleSocket yes
 +TCPSocket 3310
 +TCPAddr 127.0.0.1
 +MaxConnectionQueueLength 30
 +MaxThreads 50
 +ReadTimeout 300
 +User clamav
 +AllowSupplementaryGroups yes
 +ScanPE yes
 +ScanELF yes
 +DetectBrokenExecutables yes
 +ScanOLE2 yes
 +ScanMail yes
 +ScanArchive yes
 +ArchiveBlockEncrypted no</​code>​
 +Wie in der **/​etc/​amavisd.conf** vermerkt <​code>#​ # NOTE: run clamd under the same user as amavisd, or run it under its own
 +# #   uid such as clamav, add user clamav to the amavis group, and then add
 +# # AllowSupplementaryGroups to clamd.conf;</​code>​ erweitern wir die Gruppe **amavis** um den User **clamav**.
 +<​code>​vim /etc/group
 +
 +amavis:​x:​106:​clamav</​code>​
 +==== amavisd ====
 +Die Konfiguration unseres Virenkillers [[http://​www.clamav.net/​|clamav]] erfolgt über dessen frontend [[centos:​grundinstallation_von_amavis|AMaViS]]. Wir bearbeiten also die Datei **amavisd.conf**.
 +
 +   vim /​etc/​amavisd.conf
 +
 +Die Pfadangaben passen wir unseren Gegebenheiten an:
 +   ​$MYHOME = '/​var/​amavis'; ​                   # a convenient default for other settings, -H
 +   ​$TEMPBASE = "​$MYHOME/​tmp"; ​                 # working directory, needs to exist, -T
 +   ​$ENV{TMPDIR} = $TEMPBASE; ​                  # environment variable TMPDIR, used by SA, etc.
 +   ​$QUARANTINEDIR = "/​var/​virusmails";​
 +Ebenso:
 +   ​$db_home ​  = "​$MYHOME/​db"; ​                 # dir for bdb nanny/​cache/​snmp databases, -D
 +   ​$helpers_home = "​$MYHOME/​var"; ​             # working directory for SpamAssassin,​ -S
 +   ​$lock_file = "​$MYHOME/​var/​amavisd.lock"; ​   # -L
 +   ​$pid_file ​ = "​$MYHOME/​var/​amavisd.pid"; ​    # -P
 +   ​$unix_socketname = "​$MYHOME/​amavisd.sock"; ​ # amavisd-release or amavis-milter
 +Für den ersten Programmstart drehen wir den Loglevel auf den Wert **3**, den wir im späteren Produktivbetrieb dann auf **2** herabsetzen können. Somit erhalten wir in der Anfangsphase wertvolle und ausreichende Hinweise, falls etwas nicht wie geplant laufen sollte.
 +   ​$log_level = 3;                             # verbosity 0..5, -d
 +Da wir uns weder mit **Viren**, noch mit **Spam** oder den **unerwünschten Dateianhängen** herumschlagen wollen, weisen wir AMaViS an, diese Nachrichten über den Mailserver direkt ablehnt.
 +   ​$final_virus_destiny ​     = D_REJECT;
 +   ​$final_banned_destiny ​    = D_REJECT;
 +   ​$final_spam_destiny ​      = D_REJECT;
 +Da wir AMaViS in erster Linie in der dämonisierten Variante und als Fallback ​ als Backup-Scanner verwenden wollen, ​ aktivieren wir die entsprechenden Konfigurationszeilen kurz nach der Zeile **@av_scanners = (**. Die Pfadangaben des **Socket** müssen zu den Angaben in der vorweg beschriebenen **/​etc/​clamd.conf** passen!
 +   # ### http://​www.clamav.net/​
 +   ​['​ClamAV-clamd',​
 +     ​\&​ask_daemon,​ ["​CONTSCAN {}\n", "/​tmp/​clamd.socket"​],​
 +     ​qr/​\bOK$/,​ qr/​\bFOUND$/,​
 +     ​qr/​^.*?:​ (?!Infected Archive)(.*) FOUND$/ ],
 +   # # NOTE: run clamd under the same user as amavisd, or run it under its own
 +   # #   uid such as clamav, add user clamav to the amavis group, and then add
 +   # # AllowSupplementaryGroups to clamd.conf;
 +   # # NOTE: match socket name (LocalSocket) in clamav.conf to the socket name in
 +   # #   this entry; when running chrooted one may prefer socket "​$MYHOME/​clamd"​.
 +Die komplette AMaViS.Konfiguration lautet dann.
 +  # egrep -v '​(^#​|^$)'​ /​etc/​amavisd.conf
 +<code perl amavisd.conf >
 +use strict;
 +$max_servers = 5;            # num of pre-forked children (2..30 is common), -m
 +$daemon_user ​ = "​amavis"; ​    # (no default; ​ customary: vscan or amavis), -u
 +$daemon_group = "​amavis"; ​    # (no default; ​ customary: vscan or amavis), -g
 +$myhostname = '​amavis.nausch.org';​ # hostname
 +$mydomain = '​nausch.org'; ​  # a convenient default for other settings
 +$MYHOME = '/​var/​amavis'; ​  # a convenient default for other settings, -H
 +$TEMPBASE = "​$MYHOME/​tmp"; ​  # working directory, needs to exist, -T
 +$ENV{TMPDIR} = $TEMPBASE; ​   # environment variable TMPDIR, used by SA, etc.
 +$QUARANTINEDIR = "/​var/​virusmails";​
 +$db_home ​  = "​$MYHOME/​db"; ​     # dir for bdb nanny/​cache/​snmp databases, -D
 +$helpers_home = "​$MYHOME/​var"; ​ # working directory for SpamAssassin,​ -S
 +$lock_file = "​$MYHOME/​var/​amavisd.lock"; ​ # -L
 +$pid_file ​ = "​$MYHOME/​var/​amavisd.pid"; ​  # -P
 +$log_level = 3;              # verbosity 0..5, -d
 +$log_recip_templ = undef; ​   # disable by-recipient level-0 log entries
 +$DO_SYSLOG = 1;              # log via syslogd (preferred)
 +$syslog_facility = '​mail'; ​  # Syslog facility as a string
 +           # e.g.: mail, daemon, user, local0, ... local7
 +$syslog_priority = '​debug'; ​ # Syslog base (minimal) priority as a string,
 +           # choose from: emerg, alert, crit, err, warning, notice, info, debug
 +$enable_db = 1;              # enable use of BerkeleyDB/​libdb (SNMP and nanny)
 +$enable_global_cache = 1;    # enable use of libdb-based cache if $enable_db=1
 +$nanny_details_level = 2;    # nanny verbosity: 1: traditional,​ 2: detailed
 +$enable_dkim_verification = 1;  # enable DKIM signatures verification
 +$enable_dkim_signing = 1;    # load DKIM signing code, keys defined by dkim_key
 +@local_domains_maps = ( ["​.$mydomain"​] );  # list of all local domains
 +@mynetworks = qw( 127.0.0.0/8 [::1] [FE80::]/10 [FEC0::]/10
 +                  10.0.0.0/8 172.16.0.0/​12 192.168.0.0/​16 );
 +$unix_socketname = "​$MYHOME/​amavisd.sock"; ​ # amavisd-release or amavis-milter
 +               # option(s) -p overrides $inet_socket_port and $unix_socketname
 +$inet_socket_port = 10024; ​  # listen on this local TCP port(s)
 +$policy_bank{'​MYNETS'​} = {   # mail originating from @mynetworks
 +  originating => 1,  # is true in MYNETS by default, but let's make it explicit
 +  os_fingerprint_method => undef, ​ # don't query p0f for internal clients
 +};
 +$interface_policy{'​10026'​} = '​ORIGINATING';​
 +$policy_bank{'​ORIGINATING'​} = {  # mail supposedly originating from our users
 +  originating => 1,  # declare that mail was submitted by our smtp client
 +  allow_disclaimers => 1,  # enables disclaimer insertion if available
 +  # notify administrator of locally originating malware
 +  virus_admin_maps => ["​virusalert\@$mydomain"​],​
 +  spam_admin_maps ​ => ["​virusalert\@$mydomain"​],​
 +  warnbadhsender ​  => 1,
 +  # forward to a smtpd service providing DKIM signing service
 +  forward_method => '​smtp:​[127.0.0.1]:​10027',​
 +  # force MTA conversion to 7-bit (e.g. before DKIM signing)
 +  smtpd_discard_ehlo_keywords => ['​8BITMIME'​],​
 +  bypass_banned_checks_maps => [1],  # allow sending any file names and types
 +  terminate_dsn_on_notify_success => 0,  # don't remove NOTIFY=SUCCESS option
 +};
 +$interface_policy{'​SOCK'​} = '​AM.PDP-SOCK';​ # only applies with $unix_socketname
 +$policy_bank{'​AM.PDP-SOCK'​} = {
 +  protocol => '​AM.PDP',​
 +  auth_required_release => 0,  # do not require secret_id for amavisd-release
 +};
 +$sa_tag_level_deflt ​ = 2.0;  # add spam info headers if at, or above that level
 +$sa_tag2_level_deflt = 6.31;  # add 'spam detected'​ headers at that level
 +$sa_kill_level_deflt = 6.31;  # triggers spam evasive actions (e.g. blocks mail)
 +$sa_dsn_cutoff_level = 10;   # spam level beyond which a DSN is not sent
 +$sa_crediblefrom_dsn_cutoff_level = 18; # likewise, but for a likely valid From
 +$penpals_bonus_score = 8;    # (no effect without a @storage_sql_dsn database)
 +$penpals_threshold_high = $sa_kill_level_deflt; ​ # don't waste time on hi spam
 +$bounce_killer_score = 100;  # spam score points to add for joe-jobbed bounces
 +$sa_mail_body_size_limit = 400*1024; # don't waste time on SA if mail is larger
 +$sa_local_tests_only = 0;    # only tests which do not require internet access?
 +$virus_admin ​              = "​virusalert\@$mydomain"; ​ # notifications recip.
 +$mailfrom_notify_admin ​    = "​virusalert\@$mydomain"; ​ # notifications sender
 +$mailfrom_notify_recip ​    = "​virusalert\@$mydomain"; ​ # notifications sender
 +$mailfrom_notify_spamadmin = "​spam.police\@$mydomain";​ # notifications sender
 +$mailfrom_to_quarantine = '';​ # null return path; uses original sender if undef
 +@addr_extension_virus_maps ​     = ('​virus'​);​
 +@addr_extension_banned_maps ​    = ('​banned'​);​
 +@addr_extension_spam_maps ​      = ('​spam'​);​
 +@addr_extension_bad_header_maps = ('​badh'​);​
 +$path = '/​usr/​local/​sbin:/​usr/​local/​bin:/​usr/​sbin:/​sbin:/​usr/​bin:/​bin';​
 +$MAXLEVELS = 14;
 +$MAXFILES = 1500;
 +$MIN_EXPANSION_QUOTA =      100*1024; ​ # bytes  (default undef, not enforced)
 +$MAX_EXPANSION_QUOTA = 300*1024*1024; ​ # bytes  (default undef, not enforced)
 +$sa_spam_subject_tag = '​***SPAM*** ';
 +$defang_virus ​ = 1;  # MIME-wrap passed infected mail
 +$defang_banned = 1;  # MIME-wrap passed mail containing banned name
 +$defang_by_ccat{+CC_BADH.",​3"​} = 1;  # NUL or CR character in header
 +$defang_by_ccat{+CC_BADH.",​5"​} = 1;  # header line longer than 998 characters
 +$defang_by_ccat{+CC_BADH.",​6"​} = 1;  # header field syntax error
 +$final_virus_destiny ​     = D_REJECT;
 +$final_banned_destiny ​    = D_REJECT;
 +$final_spam_destiny ​      = D_REJECT;
 +$virus_quarantine_to = undef;
 +$banned_quarantine_to = undef;
 +$spam_quarantine_to = undef;
 +$bad_header_quarantine_to = undef;
 +@keep_decoded_original_maps = (new_RE(
 +  qr'​^MAIL$', ​  # retain full original message for virus checking
 +  qr'​^MAIL-UNDECIPHERABLE$',​ # recheck full mail if it contains undecipherables
 +  qr'​^(ASCII(?​! cpio)|text|uuencoded|xxencoded|binhex)'​i,​
 +));
 +$banned_filename_re = new_RE(
 +  qr'​^\.(exe-ms|dll)$', ​                  # banned file(1) types, rudimentary
 +  [ qr'​^\.(rpm|cpio|tar)$' ​      => 0 ],  # allow any in Unix-type archives
 +  qr'​.\.(pif|scr)$'​i, ​                    # banned extensions - rudimentary
 +  qr'​^application/​x-msdownload$'​i, ​       # block these MIME types
 +  qr'​^application/​x-msdos-program$'​i,​
 +  qr'​^application/​hta$'​i,​
 +  # block certain double extensions in filenames
 +  qr'​\.[^./​]*[A-Za-z][^./​]*\.\s*(exe|vbs|pif|scr|bat|cmd|com|cpl|dll)[.\s]*$'​i,​
 +  qr'​.\.(exe|vbs|pif|scr|cpl)$'​i, ​            # banned extension - basic
 +);
 +@score_sender_maps = ({ # a by-recipient hash lookup table,
 +                        # results from all matching recipient tables are summed
 +  ## site-wide opinions about senders (the '​.'​ matches any recipient)
 +  '​.'​ => [  # the _first_ matching sender determines the score boost
 +   ​new_RE( ​ # regexp-type lookup table, just happens to be all soft-blacklist
 +    [qr'​^(bulkmail|offers|cheapbenefits|earnmoney|foryou)@'​i ​        => 5.0],
 +    [qr'​^(greatcasino|investments|lose_weight_today|market\.alert)@'​i=>​ 5.0],
 +    [qr'​^(money2you|MyGreenCard|new\.tld\.registry|opt-out|opt-in)@'​i=>​ 5.0],
 +    [qr'​^(optin|saveonlsmoking2002k|specialoffer|specialoffers)@'​i ​  => 5.0],
 +    [qr'​^(stockalert|stopsnoring|wantsome|workathome|yesitsfree)@'​i ​ => 5.0],
 +    [qr'​^(your_friend|greatoffers)@'​i ​                               => 5.0],
 +    [qr'​^(inkjetplanet|marketopt|MakeMoney)\d*@'​i ​                   => 5.0],
 +   ),
 +   { # a hash-type lookup table (associative array)
 +     '​nobody@cert.org' ​                       => -3.0,
 +     '​cert-advisory@us-cert.gov' ​             => -3.0,
 +     '​owner-alert@iss.net' ​                   => -3.0,
 +     '​slashdot@slashdot.org' ​                 => -3.0,
 +     '​securityfocus.com' ​                     => -3.0,
 +     '​ntbugtraq@listserv.ntbugtraq.com' ​      => -3.0,
 +     '​security-alerts@linuxsecurity.com' ​     => -3.0,
 +     '​mailman-announce-admin@python.org' ​     => -3.0,
 +     '​amavis-user-admin@lists.sourceforge.net'​=>​ -3.0,
 +     '​amavis-user-bounces@lists.sourceforge.net'​ => -3.0,
 +     '​spamassassin.apache.org' ​               => -3.0,
 +     '​notification-return@lists.sophos.com' ​  => -3.0,
 +     '​owner-postfix-users@postfix.org' ​       => -3.0,
 +     '​owner-postfix-announce@postfix.org' ​    => -3.0,
 +     '​owner-sendmail-announce@lists.sendmail.org' ​  => -3.0,
 +     '​sendmail-announce-request@lists.sendmail.org'​ => -3.0,
 +     '​donotreply@sendmail.org' ​               => -3.0,
 +     '​ca+envelope@sendmail.org' ​              => -3.0,
 +     '​noreply@freshmeat.net' ​                 => -3.0,
 +     '​owner-technews@postel.acm.org' ​         => -3.0,
 +     '​ietf-123-owner@loki.ietf.org' ​          => -3.0,
 +     '​cvs-commits-list-admin@gnome.org' ​      => -3.0,
 +     '​rt-users-admin@lists.fsck.com' ​         => -3.0,
 +     '​clp-request@comp.nus.edu.sg' ​           => -3.0,
 +     '​surveys-errors@lists.nua.ie' ​           => -3.0,
 +     '​emailnews@genomeweb.com' ​               => -5.0,
 +     '​yahoo-dev-null@yahoo-inc.com' ​          => -3.0,
 +     '​returns.groups.yahoo.com' ​              => -3.0,
 +     '​clusternews@linuxnetworx.com' ​          => -3.0,
 +     ​lc('​lvs-users-admin@LinuxVirtualServer.org'​) ​   => -3.0,
 +     ​lc('​owner-textbreakingnews@CNNIMAIL12.CNN.COM'​) => -5.0,
 +     # soft-blacklisting (positive score)
 +     '​sender@example.net' ​                    ​=> ​ 3.0,
 +     '​.example.net' ​                          ​=> ​ 1.0,
 +   },
 +  ],  # end of site-wide tables
 +});
 +@decoders = (
 +  ['​mail',​ \&​do_mime_decode],​
 +  ['​asc', ​ \&​do_ascii],​
 +  ['​uue', ​ \&​do_ascii],​
 +  ['​hqx', ​ \&​do_ascii],​
 +  ['​ync', ​ \&​do_ascii],​
 +  ['​F', ​   \&​do_uncompress,​ ['​unfreeze','​freeze -d','​melt','​fcat'​] ],
 +  ['​Z', ​   \&​do_uncompress,​ ['​uncompress','​gzip -d','​zcat'​] ],
 +  ['​gz', ​  ​\&​do_uncompress, ​ 'gzip -d'],
 +  ['​gz', ​  ​\&​do_gunzip],​
 +  ['​bz2', ​ \&​do_uncompress, ​ 'bzip2 -d'],
 +  ['​lzo', ​ \&​do_uncompress, ​ 'lzop -d'],
 +  ['​rpm', ​ \&​do_uncompress,​ ['​rpm2cpio.pl','​rpm2cpio'​] ],
 +  ['​cpio',​ \&​do_pax_cpio, ​  ​['​pax','​gcpio','​cpio'​] ],
 +  ['​tar', ​ \&​do_pax_cpio, ​  ​['​pax','​gcpio','​cpio'​] ],
 +  ['​deb', ​ \&​do_ar, ​         '​ar'​],​
 +  ['​zip', ​ \&​do_unzip],​
 +  ['​7z', ​  ​\&​do_7zip, ​      ​['​7zr','​7za','​7z'​] ],
 +  ['​rar', ​ \&​do_unrar, ​     ['​rar','​unrar'​] ],
 +  ['​arj', ​ \&​do_unarj, ​     ['​arj','​unarj'​] ],
 +  ['​arc', ​ \&​do_arc, ​       ['​nomarch','​arc'​] ],
 +  ['​zoo', ​ \&​do_zoo, ​       ['​zoo','​unzoo'​] ],
 +  ['​lha', ​ \&​do_lha, ​        '​lha'​],​
 +  ['​cab', ​ \&​do_cabextract, ​ '​cabextract'​],​
 +  ['​tnef',​ \&​do_tnef_ext, ​   '​tnef'​],​
 +  ['​tnef',​ \&​do_tnef],​
 +  ['​exe', ​ \&​do_executable,​ ['​rar','​unrar'​],​ '​lha',​ ['​arj','​unarj'​] ],
 +);
 +@av_scanners = (
 +['​ClamAV-clamd',​
 +  \&​ask_daemon,​ ["​CONTSCAN {}\n", "/​tmp/​clamd.socket"​],​
 +  qr/\bOK$/m, qr/​\bFOUND$/​m,​
 +  qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ],
 +  ### http://​www.kaspersky.com/ ​ (kav4mailservers)
 +  ['​KasperskyLab AVP - aveclient',​
 +    ['/​usr/​local/​kav/​bin/​aveclient','/​usr/​local/​share/​kav/​bin/​aveclient',​
 +     '/​opt/​kav/​5.5/​kav4mailservers/​bin/​aveclient','​aveclient'​],​
 +    '-p /​var/​run/​aveserver -s {}/*',
 +    [0,3,6,8], qr/​\b(INFECTED|SUSPICION|SUSPICIOUS)\b/​m,​
 +    qr/​(?:​INFECTED|WARNING|SUSPICION|SUSPICIOUS) (.+)/m,
 +  ],
 +  # NOTE: one may prefer [0],​[2,​3,​4,​5],​ depending on how suspicious,
 +  # currupted or protected archives are to be handled
 +  ### http://​www.kaspersky.com/​
 +  ['​KasperskyLab AntiViral Toolkit Pro (AVP)',​ ['​avp'​],​
 +    '-* -P -B -Y -O- {}', [0,3,6,8], [2,​4], ​   # any use for -A -K   ?
 +    qr/​infected:​ (.+)/m,
 +    sub {chdir('/​opt/​AVP'​) or die "​Can'​t chdir to AVP: $!"},
 +    sub {chdir($TEMPBASE) or die "​Can'​t chdir back to $TEMPBASE $!"},
 +  ],
 +  ### The kavdaemon and AVPDaemonClient have been removed from Kasperky
 +  ### products and replaced by aveserver and aveclient
 +  ['​KasperskyLab AVPDaemonClient',​
 +    [ '/​opt/​AVP/​kavdaemon', ​      '​kavdaemon',​
 +      '/​opt/​AVP/​AvpDaemonClient',​ '​AvpDaemonClient',​
 +      '/​opt/​AVP/​AvpTeamDream', ​   '​AvpTeamDream',​
 +      '/​opt/​AVP/​avpdc',​ '​avpdc'​ ],
 +    "​-f=$TEMPBASE {}", [0,8], [3,4,5,6], qr/​infected:​ ([^\r\n]+)/​m ],
 +    # change the startup-script in /​etc/​init.d/​kavd to:
 +    #   ​DPARMS="​-* -Y -dl -f=/​var/​amavis /​var/​amavis"​
 +    #   (or perhaps: ​  ​DPARMS="​-I0 -Y -* /​var/​amavis"​ )
 +    # adjusting /var/amavis above to match your $TEMPBASE.
 +    # The '​-f=/​var/​amavis'​ is needed if not running it as root, so it
 +    # can find, read, and write its pid file, etc., see 'man kavdaemon'​.
 +    # defUnix.prf:​ there must be an entry "​*/​var/​amavis"​ (or whatever
 +    #   ​directory $TEMPBASE specifies) in the '​Names='​ section.
 +    # cd /​opt/​AVP/​DaemonClients;​ configure; cd Sample; make
 +    # cp AvpDaemonClient /opt/AVP/
 +    # su - vscan -c "​${PREFIX}/​kavdaemon ${DPARMS}"​
 +  ### http://​www.centralcommand.com/​
 +  ['​CentralCommand Vexira (new) vascan',​
 +    ['​vascan','/​usr/​lib/​Vexira/​vascan'​],​
 +    "-a s --timeout=60 --temp=$TEMPBASE -y $QUARANTINEDIR ".
 +    "​--log=/​var/​log/​vascan.log {}",
 +    [0,3], [1,2,5],
 +    qr/(?x)^\s* (?:​virus|iworm|macro|mutant|sequence|trojan)\ found:\ ( [^\]\s'​]+ )\ \.\.\.\ /m ],
 +    # Adjust the path of the binary and the virus database as needed.
 +    # '​vascan'​ does not allow to have the temp directory to be the same as
 +    # the quarantine directory, and the quarantine option can not be disabled.
 +    # If $QUARANTINEDIR is not used, then another directory must be specified
 +    # to appease '​vascan'​. Move status 3 to the second list if password
 +    # protected files are to be considered infected.
 +  ### http://​www.avira.com/​
 +  ### Avira AntiVir (formerly H+BEDV) or (old) CentralCommand Vexira Antivirus
 +  ['​Avira AntiVir',​ ['​antivir','​vexira'​],​
 +    '​--allfiles -noboot -nombr -rs -s -z {}', [0], qr/​ALERT:​|VIRUS:/​m,​
 +    qr/(?x)^\s* (?: ALERT: \s* (?: \[ | [^']* ' ) |
 +         (?i) VIRUS:\ .*?\ virus\ '?) ( [^\]\s'​]+ )/m ],
 +    # NOTE: if you only have a demo version, remove -z and add 214, as in:
 +    #  '​--allfiles -noboot -nombr -rs -s {}', [0,214], qr/​ALERT:​|VIRUS:/,​
 +  ### http://​www.commandsoftware.com/​
 +  ['​Command AntiVirus for Linux',​ '​csav',​
 +    '-all -archive -packed {}', [50], [51,52,53],
 +    qr/​Infection:​ (.+)/m ],
 +  ### http://​www.symantec.com/​
 +  ['​Symantec CarrierScan via Symantec CommandLineScanner',​
 +    '​cscmdline',​ '-a scan -i 1 -v -s 127.0.0.1:​7777 {}',
 +    qr/^Files Infected:​\s+0$/​m,​ qr/​^Infected\b/​m,​
 +    qr/​^(?:​Info|Virus Name):​\s+(.+)/​m ],
 +  ### http://​www.symantec.com/​
 +  ['​Symantec AntiVirus Scan Engine',​
 +    '​savsecls',​ '​-server 127.0.0.1:​7777 -mode scanrepair -details -verbose {}',
 +    [0], qr/​^Infected\b/​m,​
 +    qr/​^(?:​Info|Virus Name):​\s+(.+)/​m ],
 +    # NOTE: check options and patterns to see which entry better applies
 +  ### http://​www.f-secure.com/​products/​anti-virus/ ​ version 5.52
 +   ​['​F-Secure Antivirus for Linux servers',​
 +    ['/​opt/​f-secure/​fsav/​bin/​fsav',​ '​fsav'​],​
 +    '​--virus-action1=report --archive=yes --auto=yes '.
 +    '​--dumb=yes --list=no --mime=yes {}', [0], [3,4,6,8],
 +    qr/​(?:​infection|Infected|Suspected|Riskware):​ (.+)/m ],
 +    # NOTE: internal archive handling may be switched off by '​--archive=no'​
 +    #   to prevent fsav from exiting with status 9 on broken archives
 +  ['CAI InoculateIT',​ '​inocucmd', ​ # retired product
 +    '-sec -nex {}', [0], [100],
 +    qr/was infected by virus (.+)/m ],
 +  # see: http://​www.flatmtn.com/​computer/​Linux-Antivirus_CAI.html
 +  ### http://​www3.ca.com/​Solutions/​Product.asp?​ID=156 ​ (ex InoculateIT)
 +  ['CAI eTrust Antivirus',​ '​etrust-wrapper',​
 +    '-arc -nex -spm h {}', [0], [101],
 +    qr/is infected by virus: (.+)/m ],
 +    # NOTE: requires suid wrapper around inocmd32; consider flag: -mod reviewer
 +    # see http://​marc.theaimsgroup.com/?​l=amavis-user&​m=109229779912783
 +  ### http://​mks.com.pl/​english.html
 +  ['​MkS_Vir for Linux (beta)',​ ['​mks32','​mks'​],​
 +    '-s {}/*', [0], [1,2],
 +    qr/--[ \t]*(.+)/m ],
 +  ### http://​mks.com.pl/​english.html
 +  ['​MkS_Vir daemon',​ '​mksscan',​
 +    '-s -q {}', [0], [1..7],
 +    qr/^... (\S+)/m ],
 +  ### http://​www.eset.com/,​ version 3.0
 +  ['ESET Software ESETS Command Line Interface',​
 +    ['/​usr/​bin/​esets_cli',​ '​esets_cli'​],​
 +    '​--subdir {}', [0], [1,2,3],
 +    qr/:​\s*action="​(?​!accepted)[^"​]*"​\n.*:​\s*virus="​([^"​]*)"/​m ],
 +  ## http://​www.nod32.com/, ​ NOD32LFS version 2.5 and above
 +  ['ESET NOD32 for Linux File servers',​
 +    ['/​opt/​eset/​nod32/​sbin/​nod32','​nod32'​],​
 +    '​--files -z --mail --sfx --rtp --adware --unsafe --pattern --heur '.
 +    '-w -a --action=1 -b {}',
 +    [0], [1,10], qr/​^object=.*,​ virus="​(.*?​)",/​m ],
 +  ### http://​www.norman.com/​products_nvc.shtml
 +  ['​Norman Virus Control v5 / Linux',​ '​nvcc',​
 +    '-c -l:0 -s -u -temp:​$TEMPBASE {}', [0,10,11], [1,2,14],
 +    qr/(?i).* virus in .* -> \'​(.+)\'/​m ],
 +  ### http://​www.pandasoftware.com/​
 +  ['​Panda CommandLineSecure 9 for Linux',​
 +    ['/​opt/​pavcl/​usr/​bin/​pavcl','​pavcl'​],​
 +    '-auto -aex -heu -cmp -nbr -nor -nos -eng -nob {}',
 +    qr/Number of files infected[ .]*: 0+(?!\d)/m,
 +    qr/Number of files infected[ .]*: 0*[1-9]/m,
 +    qr/Found virus :\s*(\S+)/m ],
 +  # NOTE: for efficiency, start the Panda in resident mode with 'pavcl -tsr'
 +  # before starting amavisd - the bases are then loaded only once at startup.
 +  # To reload bases in a signature update script:
 +  #   /​opt/​pavcl/​usr/​bin/​pavcl -tsr -ulr; /​opt/​pavcl/​usr/​bin/​pavcl -tsr
 +  # Please review other options of pavcl, for example:
 +  #  -nomalw, -nojoke, -nodial, -nohackt, -nospyw, -nocookies
 +  ### http://​www.nai.com/​
 +  ['NAI McAfee AntiVirus (uvscan)',​ '​uvscan',​
 +    '​--secure -rv --mime --summary --noboot - {}', [0], [13],
 +    qr/(?x) Found (?:
 +        \ the\ (.+)\ (?:​virus|trojan) ​ |
 +        \ (?:​virus|trojan)\ or\ variant\ ([^ ]+)  |
 +        :\ (.+)\ NOT\ a\ virus)/m,
 +  # sub {$ENV{LD_PRELOAD}='/​lib/​libc.so.6'​},​
 +  # sub {delete $ENV{LD_PRELOAD}},​
 +  ],
 +  # NOTE1: with RH9: force the dynamic linker to look at /​lib/​libc.so.6 before
 +  # anything else by setting environment variable LD_PRELOAD=/​lib/​libc.so.6
 +  # and then clear it when finished to avoid confusing anything else.
 +  # NOTE2: to treat encrypted files as viruses replace the [13] with:
 +  #  qr/​^\s{5,​}(Found|is password-protected|.*(virus|trojan))/​
 +  ### http://​www.virusbuster.hu/​en/​
 +  ['​VirusBuster',​ ['​vbuster',​ '​vbengcl'​],​
 +    "{} -ss -i '​*'​ -log=$MYHOME/​vbuster.log",​ [0], [1],
 +    qr/: '​(.*)'​ - Virus/m ],
 +  # VirusBuster Ltd. does not support the daemon version for the workstation
 +  # engine (vbuster-eng-1.12-linux-i386-libc6.tgz) any longer. The names of
 +  # binaries, some parameters AND return codes have changed (from 3 to 1).
 +  # See also the new Vexira entry '​vascan'​ which is possibly related.
 +  ### http://​www.cyber.com/​
 +  ['​CyberSoft VFind',​ '​vfind',​
 +    '​--vexit {}/*', [0], [23], qr/##​==>>>>​ VIRUS ID: CVDL (.+)/m,
 +  # sub {$ENV{VSTK_HOME}='/​usr/​lib/​vstk'​},​
 +  ],
 +  ### http://​www.avast.com/​
 +  ['​avast! Antivirus',​ ['/​usr/​bin/​avastcmd','​avastcmd'​],​
 +    '-a -i -n -t=A {}', [0], [1], qr/​\binfected by:\s+([^ \t\n\[\]]+)/​m ],
 +  ### http://​www.ikarus-software.com/​
 +  ['​Ikarus AntiVirus for Linux',​ '​ikarus',​
 +    '​{}',​ [0], [40], qr/​Signature (.+) found/m ],
 +  ### http://​www.bitdefender.com/​
 +  ['​BitDefender',​ '​bdscan', ​ # new version
 +    '​--action=ignore --no-list {}', qr/​^Infected files\s*:​\s*0+(?​!\d)/​m,​
 +    qr/​^(?:​Infected files|Identified viruses|Suspect files)\s*:​\s*0*[1-9]/​m,​
 +    qr/​(?:​suspected|infected)\s*:​\s*(.*)(?:​\033|$)/​m ],
 +  ### http://​www.bitdefender.com/​
 +  ['​BitDefender',​ '​bdc', ​ # old version
 +    '--arc --mail {}', qr/​^Infected files *:​0+(?​!\d)/​m,​
 +    qr/​^(?:​Infected files|Identified viruses|Suspect files) *:​0*[1-9]/​m,​
 +    qr/​(?:​suspected|infected):​ (.*)(?:​\033|$)/​m ],
 +  # consider also: --all --nowarn --alev=15 --flev=15. ​ The --all argument may
 +  # not apply to your version of bdc, check documentation and see 'bdc --help'​
 +  ### ArcaVir for Linux and Unix http://​www.arcabit.pl/​
 +  ['​ArcaVir for Linux',​ ['​arcacmd','​arcacmd.static'​],​
 +    '-v 1 -summary 0 -s {}', [0], [1,2],
 +    qr/​(?:​VIR|WIR):​[ \t]*(.+)/m ],
 +);
 +@av_scanners_backup = (
 +  ### http://​www.clamav.net/ ​  - backs up clamd or Mail::​ClamAV
 +  ['​ClamAV-clamscan',​ '​clamscan',​
 +    "​--stdout --no-summary -r --tempdir=$TEMPBASE {}",
 +    [0], qr/:​.*\sFOUND$/​m,​ qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ],
 +  ### http://​www.f-prot.com/ ​  - backs up F-Prot Daemon, V6
 +  ['​F-PROT Antivirus for UNIX', ['​fpscan'​],​
 +    '​--report --mount --adware {}', ​ # consider: --applications -s 4 -u 3 -z 10
 +    [0,​8,​64], ​ [1,2,3, 4+1,​4+2,​4+3,​ 8+1,​8+2,​8+3,​ 12+1,​12+2,​12+3],​
 +    qr/​^\[Found\s+[^\]]*\]\s+<​([^ \t(>​]*)/​m ],
 +  ### http://​www.f-prot.com/ ​  - backs up F-Prot Daemon (old)
 +  ['​FRISK F-Prot Antivirus',​ ['​f-prot','​f-prot.sh'​],​
 +    '-dumb -archive -packed {}', [0,8], [3,​6], ​  # or: [0], [3,6,8],
 +    qr/​(?:​Infection:​|security risk named) (.+)|\s+contains\s+(.+)$/​m ],
 +  ### http://​www.trendmicro.com/ ​  - backs up Trophie
 +  ['​Trend Micro FileScanner',​ ['/​etc/​iscan/​vscan','​vscan'​],​
 +    '-za -a {}', [0], qr/Found virus/m, qr/Found virus (.+) in/m ],
 +  ### http://​www.sald.com/,​ http://​drweb.imshop.de/ ​  - backs up DrWebD
 +  ['​drweb - DrWeb Antivirus', ​ # security LHA hole in Dr.Web 4.33 and earlier
 +    ['/​usr/​local/​drweb/​drweb',​ '/​opt/​drweb/​drweb',​ '​drweb'​],​
 +    '​-path={} -al -go -ot -cn -upn -ok-',
 +    [0,32], [1,9,33], qr' infected (?:​with|by)(?:​ virus)? (.*)$'​m ],
 +   ### http://​www.kaspersky.com/​
 +   ​['​Kaspersky Antivirus v5.5',
 +     ​['/​opt/​kaspersky/​kav4fs/​bin/​kav4fs-kavscanner',​
 +      '/​opt/​kav/​5.5/​kav4unix/​bin/​kavscanner',​
 +      '/​opt/​kav/​5.5/​kav4mailservers/​bin/​kavscanner',​ '​kavscanner'​],​
 +     '​-i0 -xn -xp -mn -R -ePASBME {}/*', [0,10,15], [5,​20,​21,​25],​
 +     ​qr/​(?:​INFECTED|WARNING|SUSPICION|SUSPICIOUS) (.*)/m,
 +   ],
 +);
 +1;  # insure a defined return value </​code>​
 +
 +===== Programmstart =====
 +==== clamd ====
 +Nun ist es an der Zeit unseren **ClamAV**-Daemon das erste mal zu starten. ​
 +   # service clamd start
 +<​code>​Starting Clam AntiVirus Daemon: LibClamAV Warning: **************************************************
 +LibClamAV Warning: ***  The virus database is older than 7 days!  ***
 +LibClamAV Warning: ***   ​Please update it as soon as possible. ​   ***
 +LibClamAV Warning: **************************************************
 +                                                           ​[ ​ OK  ]</​code>​
 +Wir müssen also unser Virendatenbank erst einmal updaten - Hierzu nutzen wir das Programm **freshclam** aus dem Paket **//​clamav//​**. Wir stoppen nun erst einmal unseren Daemon uns fahren mit der Installation und Konfiguration der weiteren Schritte fort.
 +   # service clamd stop
 +
 +   ​Stopping Clam AntiVirus Daemon: ​                           [  OK  ]
 +
 +==== amavisd ====
 +Zum Aktivieren der vorgenannten Konfigurationsänderungen in der **/​etc/​amavisd.conf**,​ führen wir nun einen Restart unseres //**A** **MA**il **Vi**rus **S**canners//​ durch.
 +   # service amavisd restart
 +
 +   Mail Virus Scanner (amavisd) beenden: ​                     [  OK  ]
 +   Mail Virus Scanner (amavisd) starten: ​                     [  OK  ]
 +   Mail Virus Scanner (amavisd) starten: ​                     [  OK  ]
 +Im Maillog **/​var/​log/​maillog** wird der erfolgreiche Restart entsprechend vermerkt:
 +<​code>​Nov 20 22:52:07 nss amavis[27959]:​ (27959-10) TempDir removal: empty tempdir is being removed: /​var/​amavis/​tmp/​amavis-20081120T212043-27959
 +Nov 20 22:52:07 nss amavis[27960]:​ (27960-09) TempDir removal: empty tempdir is being removed: /​var/​amavis/​tmp/​amavis-20081120T211933-27960
 +Nov 20 22:52:07 nss amavis[27957]:​ Net::​Server:​ 2008/​11/​20-22:​52:​07 Server closing!
 +Nov 20 22:52:09 nss amavis[29613]:​ logging initialized,​ log level 3, syslog: amavis.mail
 +Nov 20 22:52:09 nss amavis[29613]:​ starting. ​ /​usr/​sbin/​amavisd at amavis.nausch.org amavisd-new-2.5.4 (20080312), Unicode aware, LANG="​de_DE.UTF-8"​
 +Nov 20 22:52:09 nss amavis[29613]:​ user=103, EUID: 103 (103); ​ group=, EGID: 106 106 (106 106)
 +Nov 20 22:52:09 nss amavis[29613]:​ Perl version ​              ​5.008008
 +Nov 20 22:52:09 nss amavis[29613]:​ INFO: SA version: 3.2.4, 3.002004, no optional modules: Net::​CIDR::​Lite Sys::​Hostname::​Long Mail::​SpamAssassin::​BayesStore::​PgSQL Encode::​Detect Mail::​SpamAssassin::​Plugin::​DKIM Razor2::​Client::​Agent IP::​Country::​Fast Mail::DKIM Mail::​DKIM::​Verifier Image::Info Image::​Info::​GIF Image::​Info::​JPEG Image::​Info::​PNG Image::​Info::​TIFF Mail::SPF Mail::​SPF::​Server Mail::​SPF::​Request Mail::​SPF::​Mech Mail::​SPF::​Mech::​A Mail::​SPF::​Mech::​PTR Mail::​SPF::​Mech::​All Mail::​SPF::​Mech::​Exists Mail::​SPF::​Mech::​IP4 Mail::​SPF::​Mech::​IP6 Mail::​SPF::​Mech::​Include Mail::​SPF::​Mech::​MX Mail::​SPF::​Mod Mail::​SPF::​Mod::​Exp Mail::​SPF::​Mod::​Redirect Mail::​SPF::​SenderIPAddrMech Mail::​SPF::​v1::​Record Mail::​SPF::​v2::​Record NetAddr::IP NetAddr::​IP::​Util auto::​NetAddr::​IP::​Util::​inet_n2dx auto::​NetAddr::​IP::​Util::​ipv6_n2d Mail::​SPF::​Query Crypt::​OpenSSL::​RSA auto::​Crypt::​OpenSSL::​RSA::​new_public_key auto::​Crypt::​OpenSSL::​RSA::​new_key_from_parameters auto::​Crypt::​OpenSSL::​RSA::​get_key_parameters aut...
 +Nov 20 22:52:09 nss amavis[29613]:​ ...o::​Crypt::​OpenSSL::​RSA::​import_random_seed Digest::SHA Error
 +Nov 20 22:52:09 nss amavis[29613]:​ SpamControl:​ init_pre_chroot done
 +Nov 20 22:52:09 nss amavis[29614]:​ Net::​Server:​ Process Backgrounded
 +Nov 20 22:52:09 nss amavis[29614]:​ Net::​Server:​ 2008/​11/​20-22:​52:​09 Amavis (type Net::​Server::​PreForkSimple) starting! pid(29614)
 +Nov 20 22:52:09 nss amavis[29614]:​ Net::​Server:​ Binding to UNIX socket file /​var/​amavis/​amavisd.sock using SOCK_STREAM
 +Nov 20 22:52:09 nss amavis[29614]:​ Net::​Server:​ Binding to TCP port 10024 on host 127.0.0.1
 +Nov 20 22:52:09 nss amavis[29614]:​ Net::​Server:​ Group Not Defined. ​ Defaulting to EGID '106 106'
 +Nov 20 22:52:09 nss amavis[29614]:​ Net::​Server:​ User Not Defined. ​ Defaulting to EUID '​103'​
 +Nov 20 22:52:09 nss amavis[29614]:​ config files read: /​etc/​amavisd.conf
 +Nov 20 22:52:09 nss amavis[29614]:​ Module Amavis::​Conf ​       2.094
 +Nov 20 22:52:09 nss amavis[29614]:​ Module Archive::​Zip ​       1.16
 +Nov 20 22:52:09 nss amavis[29614]:​ Module BerkeleyDB ​         0.36
 +Nov 20 22:52:09 nss amavis[29614]:​ Module Compress::​Zlib ​     1.42
 +Nov 20 22:52:09 nss amavis[29614]:​ Module Convert::​TNEF ​      0.17
 +Nov 20 22:52:09 nss amavis[29614]:​ Module Convert::​UUlib ​     1.051
 +Nov 20 22:52:09 nss amavis[29614]:​ Module DBD::​mysql ​         4.008
 +Nov 20 22:52:09 nss amavis[29614]:​ Module DBI                 1.52
 +Nov 20 22:52:09 nss amavis[29614]:​ Module DB_File ​            1.814
 +Nov 20 22:52:09 nss amavis[29614]:​ Module Digest::​MD5 ​        2.36
 +Nov 20 22:52:09 nss amavis[29614]:​ Module Digest::​SHA1 ​       2.11
 +Nov 20 22:52:09 nss amavis[29614]:​ Module IO::​Socket::​INET6 ​  2.51
 +Nov 20 22:52:09 nss amavis[29614]:​ Module MIME::​Entity ​       5.420
 +Nov 20 22:52:09 nss amavis[29614]:​ Module MIME::​Parser ​       5.420
 +Nov 20 22:52:09 nss amavis[29614]:​ Module MIME::​Tools ​        5.420
 +Nov 20 22:52:09 nss amavis[29614]:​ Module Mail::​Header ​       1.77
 +Nov 20 22:52:09 nss amavis[29614]:​ Module Mail::​Internet ​     1.77
 +Nov 20 22:52:09 nss amavis[29614]:​ Module Mail::​SpamAssassin ​ 3.002004
 +Nov 20 22:52:09 nss amavis[29614]:​ Module Net::​DNS ​           0.59
 +Nov 20 22:52:09 nss amavis[29614]:​ Module Net::​Server ​        0.97
 +Nov 20 22:52:09 nss amavis[29614]:​ Module Time::​HiRes ​        1.86
 +Nov 20 22:52:09 nss amavis[29614]:​ Module URI                 1.35
 +Nov 20 22:52:09 nss amavis[29614]:​ Module Unix::​Syslog ​       1.0
 +Nov 20 22:52:09 nss amavis[29614]:​ Amavis::DB code      loaded
 +Nov 20 22:52:09 nss amavis[29614]:​ Amavis::​Cache code   ​loaded
 +Nov 20 22:52:09 nss amavis[29614]:​ SQL base code        NOT loaded
 +Nov 20 22:52:09 nss amavis[29614]:​ SQL::Log code        NOT loaded
 +Nov 20 22:52:09 nss amavis[29614]:​ SQL::​Quarantine ​     NOT loaded
 +Nov 20 22:52:09 nss amavis[29614]:​ Lookup::SQL code     NOT loaded
 +Nov 20 22:52:09 nss amavis[29614]:​ Lookup::​LDAP code    NOT loaded
 +Nov 20 22:52:09 nss amavis[29614]:​ AM.PDP-in proto code loaded
 +Nov 20 22:52:09 nss amavis[29614]:​ SMTP-in proto code   ​loaded
 +Nov 20 22:52:09 nss amavis[29614]:​ Courier proto code   NOT loaded
 +Nov 20 22:52:09 nss amavis[29614]:​ SMTP-out proto code  loaded
 +Nov 20 22:52:09 nss amavis[29614]:​ Pipe-out proto code  NOT loaded
 +Nov 20 22:52:09 nss amavis[29614]:​ BSMTP-out proto code NOT loaded
 +Nov 20 22:52:09 nss amavis[29614]:​ Local-out proto code loaded
 +Nov 20 22:52:09 nss amavis[29614]:​ OS_Fingerprint code  NOT loaded
 +Nov 20 22:52:09 nss amavis[29614]:​ ANTI-VIRUS code      loaded
 +Nov 20 22:52:09 nss amavis[29614]:​ ANTI-SPAM code       ​loaded
 +Nov 20 22:52:09 nss amavis[29614]:​ ANTI-SPAM-SA code    loaded
 +Nov 20 22:52:09 nss amavis[29614]:​ Unpackers code       ​loaded
 +Nov 20 22:52:09 nss amavis[29614]:​ Found $file            at /​usr/​bin/​file
 +Nov 20 22:52:09 nss amavis[29614]:​ No $dspam, ​            not using it
 +Nov 20 22:52:09 nss amavis[29614]:​ No $altermime, ​        not using it
 +Nov 20 22:52:09 nss amavis[29614]:​ Internal decoder for .mail
 +Nov 20 22:52:09 nss amavis[29614]:​ Internal decoder for .asc 
 +Nov 20 22:52:09 nss amavis[29614]:​ Internal decoder for .uue 
 +Nov 20 22:52:09 nss amavis[29614]:​ Internal decoder for .hqx 
 +Nov 20 22:52:09 nss amavis[29614]:​ Internal decoder for .ync 
 +Nov 20 22:52:09 nss amavis[29614]:​ Found decoder for    .F    at /​usr/​bin/​unfreeze
 +Nov 20 22:52:09 nss amavis[29614]:​ Found decoder for    .Z    at /​usr/​bin/​uncompress
 +Nov 20 22:52:09 nss amavis[29614]:​ Found decoder for    .gz   at /​usr/​bin/​gzip -d
 +Nov 20 22:52:09 nss amavis[29614]:​ Internal decoder for .gz   ​(backup,​ not used)
 +Nov 20 22:52:09 nss amavis[29614]:​ Found decoder for    .bz2  at /​usr/​bin/​bzip2 -d
 +Nov 20 22:52:09 nss amavis[29614]:​ Found decoder for    .lzo  at /​usr/​bin/​lzop -d
 +Nov 20 22:52:09 nss amavis[29614]:​ Found decoder for    .rpm  at /​usr/​bin/​rpm2cpio
 +Nov 20 22:52:09 nss amavis[29614]:​ Found decoder for    .cpio at /​usr/​bin/​pax
 +Nov 20 22:52:09 nss amavis[29614]:​ Found decoder for    .tar  at /​usr/​bin/​pax
 +Nov 20 22:52:09 nss amavis[29614]:​ Found decoder for    .deb  at /usr/bin/ar
 +Nov 20 22:52:09 nss amavis[29614]:​ Internal decoder for .zip 
 +Nov 20 22:52:09 nss amavis[29614]:​ No decoder for       ​.7z ​  ​tried:​ 7zr, 7za, 7z
 +Nov 20 22:52:09 nss amavis[29614]:​ Found decoder for    .rar  at /​usr/​bin/​unrar
 +Nov 20 22:52:09 nss amavis[29614]:​ Found decoder for    .arj  at /​usr/​bin/​arj
 +Nov 20 22:52:09 nss amavis[29614]:​ Found decoder for    .arc  at /​usr/​bin/​nomarch
 +Nov 20 22:52:09 nss amavis[29614]:​ Found decoder for    .zoo  at /​usr/​bin/​zoo
 +Nov 20 22:52:09 nss amavis[29614]:​ Found decoder for    .lha  at /​usr/​bin/​lha
 +Nov 20 22:52:09 nss amavis[29614]:​ Found decoder for    .cab  at /​usr/​bin/​cabextract
 +Nov 20 22:52:09 nss amavis[29614]:​ No decoder for       .tnef tried: tnef
 +Nov 20 22:52:09 nss amavis[29614]:​ Internal decoder for .tnef
 +Nov 20 22:52:09 nss amavis[29614]:​ Found decoder for    .exe  at /​usr/​bin/​unrar;​ /​usr/​bin/​lha;​ /​usr/​bin/​arj
 +Nov 20 22:52:09 nss amavis[29614]:​ Using primary internal av scanner code for ClamAV-clamd
 +Nov 20 22:52:09 nss amavis[29614]:​ No primary av scanner: KasperskyLab AVP - aveclient
 +Nov 20 22:52:09 nss amavis[29614]:​ No primary av scanner: KasperskyLab AntiViral Toolkit Pro (AVP)
 +Nov 20 22:52:09 nss amavis[29614]:​ No primary av scanner: KasperskyLab AVPDaemonClient
 +Nov 20 22:52:09 nss amavis[29614]:​ No primary av scanner: CentralCommand Vexira (new) vascan
 +Nov 20 22:52:09 nss amavis[29614]:​ No primary av scanner: Avira AntiVir
 +Nov 20 22:52:09 nss amavis[29614]:​ No primary av scanner: Command AntiVirus for Linux
 +Nov 20 22:52:09 nss amavis[29614]:​ No primary av scanner: Symantec CarrierScan via Symantec CommandLineScanner
 +Nov 20 22:52:09 nss amavis[29614]:​ No primary av scanner: Symantec AntiVirus Scan Engine
 +Nov 20 22:52:09 nss amavis[29614]:​ No primary av scanner: F-Secure Antivirus for Linux servers
 +Nov 20 22:52:09 nss amavis[29614]:​ No primary av scanner: CAI InoculateIT
 +Nov 20 22:52:09 nss amavis[29614]:​ No primary av scanner: CAI eTrust Antivirus
 +Nov 20 22:52:09 nss amavis[29614]:​ No primary av scanner: MkS_Vir for Linux (beta)
 +Nov 20 22:52:09 nss amavis[29614]:​ No primary av scanner: MkS_Vir daemon
 +Nov 20 22:52:09 nss amavis[29614]:​ No primary av scanner: ESET NOD32 Linux Mail Server - command line interface
 +Nov 20 22:52:09 nss amavis[29614]:​ No primary av scanner: ESET NOD32 for Linux File servers
 +Nov 20 22:52:09 nss amavis[29614]:​ No primary av scanner: Norman Virus Control v5 / Linux
 +Nov 20 22:52:09 nss amavis[29614]:​ No primary av scanner: Panda CommandLineSecure 9 for Linux
 +Nov 20 22:52:09 nss amavis[29614]:​ No primary av scanner: NAI McAfee AntiVirus (uvscan)
 +Nov 20 22:52:09 nss amavis[29614]:​ No primary av scanner: VirusBuster
 +Nov 20 22:52:09 nss amavis[29614]:​ No primary av scanner: CyberSoft VFind
 +Nov 20 22:52:09 nss amavis[29614]:​ No primary av scanner: avast! Antivirus
 +Nov 20 22:52:09 nss amavis[29614]:​ No primary av scanner: Ikarus AntiVirus for Linux
 +Nov 20 22:52:09 nss amavis[29614]:​ No primary av scanner: BitDefender
 +Nov 20 22:52:09 nss amavis[29614]:​ No primary av scanner: BitDefender
 +Nov 20 22:52:09 nss amavis[29614]:​ No primary av scanner: ArcaVir for Linux
 +Nov 20 22:52:09 nss amavis[29614]:​ Found secondary av scanner ClamAV-clamscan at /​usr/​bin/​clamscan
 +Nov 20 22:52:09 nss amavis[29614]:​ No secondary av scanner: F-PROT Antivirus for UNIX
 +Nov 20 22:52:09 nss amavis[29614]:​ No secondary av scanner: FRISK F-Prot Antivirus
 +Nov 20 22:52:09 nss amavis[29614]:​ No secondary av scanner: Trend Micro FileScanner
 +Nov 20 22:52:09 nss amavis[29614]:​ No secondary av scanner: drweb - DrWeb Antivirus
 +Nov 20 22:52:09 nss amavis[29614]:​ No secondary av scanner: Kaspersky Antivirus v5.5
 +Nov 20 22:52:09 nss amavis[29614]:​ Creating db in /​var/​amavis/​db/;​ BerkeleyDB 0.36, libdb 4.3
 +Nov 20 22:52:09 nss amavis[29614]:​ SpamControl:​ initializing Mail::​SpamAssassin
 +Nov 20 22:52:10 nss amavis[29614]:​ SpamControl:​ init_pre_fork done
 +Nov 20 22:52:10 nss amavis[29620]:​ TIMING [total 5 ms] - bdb-open: 5 (100%)100, rundown: 0 (0%)100
 +Nov 20 22:52:10 nss amavis[29621]:​ TIMING [total 5 ms] - bdb-open: 5 (100%)100, rundown: 0 (0%)100</​code>​
 +===== automatisches Starten der Dienste beim Systemstart =====
 +==== clamd ==== 
 +Damit nun unser clamav-daemon beim Booten automatisch gestartet wird, nehmen wir noch folgende Konfigurationsschritte vor.
 +<​code>​chkconfig clamd on</​code>​
 +Anschließend überprüfen wir noch unsere Änderung:
 +   ​chkconfig --list | grep clamd
 +   ​clamd ​          ​0:​Aus ​  ​1:​Aus ​  ​2:​Ein ​  ​3:​Ein ​  ​4:​Ein ​  ​5:​Ein ​  6:Aus
 +==== amavisd ====
 +Den automatischen Start haben wir bereits im Kapitel [[centos:​mailserver:​grundinstallation_von_amavis]] vorgenommen.
 +
  
  • centos/mailserver/installation_von_clamav.txt
  • Zuletzt geändert: 20.04.2018 10:34.
  • (Externe Bearbeitung)