Konfiguration von Amavis

[.RJ.]

Hi,

habe ein Problem mit meiner Konfig von Amavis, allerdings fällt mir nicht auf wo. Hab ich da irgendwas vergessen einzufügen oder irgendeinen Parameter falsch gesetzt?

Habe es in Kombination mit Postfix am laufen. (zumindest ist das der Plan )

Habe versucht Mails über telnet zu verschicken, als Test, hier ist die Ausgabe aus /var/log/mail (die mails kamen auch nicht an, sondern kamen zurück an den absender):

May 30 17:01:58 name postfix/smtpd[6537]: connect from localhost[127.0.0.1]

May 30 17:02:37 name postfix/smtpd[6537]: 8F43CF0BF: client=localhost[127.0.0.1]

May 30 17:02:45 name postfix/cleanup[6629]: 8F43CF0BF: message-id=<20050530150225.8F43CF0BF@name.domain.de>

May 30 17:02:45 name postfix/qmgr[6532]: 8F43CF0BF: from=<someone@domain.de>, size=362, nrcpt=1 (queue active)

May 30 17:02:45 name postfix/smtp[6583]: 8F43CF0BF: to=<ah@domain.de>, relay=none, delay=20, status=bounced (Host or

May 30 17:02:45 name postfix/cleanup[6629]: 1A062F0F8: message-id=<20050530150245.1A062F0F8@name.domain.de>

May 30 17:02:45 name postfix/qmgr[6532]: 1A062F0F8: from=<>, size=2210, nrcpt=1 (queue active)

May 30 17:02:45 name postfix/qmgr[6532]: 8F43CF0BF: removed

May 30 17:02:45 name postfix/smtp[6583]: 1A062F0F8: to=<someone@domain.de>, relay=name.domain.de[ip]

May 30 17:02:45 name postfix/qmgr[6532]: 1A062F0F8: removed

May 30 17:02:48 name postfix/smtpd[6537]: disconnect from localhost[127.0.0.1]

Meine Konfig:

use strict;

# a minimalistic configuration file for amavisd-new with all necessary settings

#

# see amavisd.conf-default for a list of all variables with their defaults;

# see amavisd.conf-sample for a traditional-style commented file;

# for more details see documentation in INSTALL, README_FILES/*

# and at http://www.ijs.si/software/amavisd/amavisd-new-docs.html

# COMMONLY ADJUSTED SETTINGS:

# @bypass_virus_checks_maps = (1); # uncomment to DISABLE anti-virus code

# @bypass_spam_checks_maps = (1); # uncomment to DISABLE anti-spam code

$max_servers = 3; # number of pre-forked children (2..15 is common)

$child_timeout=5*60; # abort child if it does not complete each task in n sec

# (default: 8*60 seconds)

$daemon_user = 'amavis'; # (no default; customary: vscan or amavis)

$daemon_group = 'amavis'; # (no default; customary: vscan or amavis)

$mydomain = 'domain.tld'; # (rausgenommen) a convenient default for other settings

$MYHOME = '/usr/amavis'; # a convenient default for other settings

$TEMPBASE = "$MYHOME/tmp"; # working directory, needs to be created manually

$ENV{TMPDIR} = $TEMPBASE; # environment variable TMPDIR

$QUARANTINEDIR = '/var/virusmails';

# $quarantine_subdir_levels = 1; # add level of subdirs to disperse quarantine

# $daemon_chroot_dir = $MYHOME; # chroot directory or undef

# $db_home = "$MYHOME/db";

# $helpers_home = "$MYHOME/var"; # prefer $MYHOME clean and owned by root?

# $pid_file = "$MYHOME/var/amavisd.pid";

# $lock_file = "$MYHOME/var/amavisd.lock";

#NOTE: create directories $MYHOME/tmp, $MYHOME/var, $MYHOME/db manually

@local_domains_maps = ( [".$mydomain"] );

# @mynetworks = qw( 127.0.0.0/8 [::1] [FE80::]/10 [FEC0::]/10

# 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 );

$log_level = 2; # verbosity 0..5

$log_recip_templ = undef; # disable by-recipient level-0 log entries

$DO_SYSLOG = 1; # log via syslogd (preferred)

$SYSLOG_LEVEL = 'mail.debug';

$enable_db = 1; # enable use of BerkeleyDB/libdb (SNMP and nanny)

$enable_global_cache = 1; # enable use of libdb-based cache if $enable_db=1

$inet_socket_port = 10024; # listen on this local TCP port(s) (see $protocol)

# $unix_socketname = "$MYHOME/amavisd.sock"; # when using sendmail milter

$sa_tag_level_deflt = 2.0; # add spam info headers if at, or above that level

$sa_tag2_level_deflt = 6.3; # add 'spam detected' headers at that level

$sa_kill_level_deflt = 6.3; # triggers spam evasive actions

$sa_dsn_cutoff_level = 9; # spam level beyond which a DSN is not sent

$sa_quarantine_cutoff_level = 20; # spam level beyond which quarantine is off

$sa_mail_body_size_limit = 200*1024; # don't waste time on SA if mail is larger

$sa_local_tests_only = 0; # only tests which do not require internet access?

$sa_auto_whitelist = 1; # turn on AWL in SA 2.63 or older (irrelevant

# for SA 3.0, cf option is 'use_auto_whitelist')

# @lookup_sql_dsn =

# ( ['DBI:mysql:database=mail;host=127.0.0.1;port=3306', 'user1', 'passwd1'],

# ['DBI:mysql:database=mail;host=host2', 'username2', 'password2'],

# ["DBI:SQLite:dbname=$MYHOME/sql/mail_prefs.sqlite", '', ''] );

# @storage_sql_dsn = @lookup_sql_dsn; # none, same, or separate database

$spam_admin = {

'.domain.de' => 'report@domain.de',

'.domain.de' => 'report@domain.de',

'.domain.org' => 'report@domain.de',

'.domain.info' => 'report@domain.de',

'.domain.com' => 'report@domain.de',

};

$virus_admin = {

'domain.de' => 'viruswarnung@domain.de',

'domain.biz' => 'viruswarnung@domain.de',

'domain.com' => 'viruswarnung@domain.de',

'domain.com' => 'viruswarnung@domain.de',

'domain.us' => 'viruswarnung@domain.de',

'domain.com' => 'viruswarnung@domain.de',

'domain.us' => 'viruswarnung@domain.de',

'domain.com' => 'viruswarnung@domain.de',

'domain.de' => 'viruswarnung@domain.de',

};

#$virus_admin = "virusalert\@$mydomain"; # notifications recip.

$mailfrom_notify_admin = "postmaster\@$mydomain"; # notifications sender

$mailfrom_notify_recip = "postmaster\@$mydomain"; # notifications sender

$mailfrom_notify_spamadmin = "postmaster\@$mydomain"; # notifications sender

$mailfrom_to_quarantine = ''; # null return path; uses original sender if undef

@addr_extension_virus_maps = ('virus');

@addr_extension_spam_maps = ('spam');

@addr_extension_banned_maps = ('banned');

@addr_extension_bad_header_maps = ('badh');

# $recipient_delimiter = '+'; # undef disables address extensions altogether

# when enabling addr extensions do also Postfix/main.cf: recipient_delimiter=+

$path = '/usr/local/sbin:/usr/local/bin:/usr/sbin:/sbin:/usr/bin:/bin';

# $dspam = 'dspam';

$MAXLEVELS = 14;

$MAXFILES = 1500;

$MIN_EXPANSION_QUOTA = 100*1024; # bytes (default undef, not enforced)

$MAX_EXPANSION_QUOTA = 300*1024*1024; # bytes (default undef, not enforced)

$sa_spam_modifies_subj = 1;

$sa_spam_subject_tag = '***SPAM*** ';

$defang_virus = 1; # MIME-wrap passed infected mail

$defang_banned = 1; # MIME-wrap passed mail containing banned name

# OTHER MORE COMMON SETTINGS (defaults may suffice):

# $myhostname = 'host.example.com'; # must be a fully-qualified domain name!

# $notify_method = 'smtp:[127.0.0.1]:10025';

# $forward_method = 'smtp:[127.0.0.1]:10025'; # set to undef with milter!

# $final_virus_destiny = D_DISCARD;

# $final_banned_destiny = D_BOUNCE;

# $final_spam_destiny = D_BOUNCE;

# $final_bad_header_destiny = D_PASS;

# SOME OTHER VARIABLES WORTH CONSIDERING (see amavisd.conf-default for all)

# $warnbadhsender,

# $warnvirusrecip, $warnbannedrecip, $warnbadhrecip, (or @warn*recip_maps)

#

# @bypass_virus_checks_maps, @bypass_spam_checks_maps,

# @bypass_banned_checks_maps, @bypass_header_checks_maps,

#

# @virus_lovers_maps, @spam_lovers_maps,

# @banned_files_lovers_maps, @bad_header_lovers_maps,

#

# @blacklist_sender_maps, @score_sender_maps,

#

# $virus_quarantine_to, $banned_quarantine_to,

# $bad_header_quarantine_to, $spam_quarantine_to,

#

# $defang_bad_header, $defang_undecipherable, $defang_spam

[.RJ.]

# REMAINING IMPORTANT VARIABLES ARE LISTED HERE BECAUSE OF LONGER ASSIGNMENTS

@viruses_that_fake_sender_maps = (new_RE(

# [qr'\bEICAR\b'i => 0], # av test pattern name

# [qr'^(WM97|OF97|Joke\.)'i => 0], # adjust names to match your AV scanner

[qr/^/ => 1], # true for everything else

));

@keep_decoded_original_maps = (new_RE(

# qr'^MAIL$', # retain full original message for virus checking (can be slow)

qr'^MAIL-UNDECIPHERABLE$', # recheck full mail if it contains undecipherables

qr'^(ASCII(?! cpio)|text|uuencoded|xxencoded|binhex)'i,

# qr'^Zip archive data', # don't trust Archive::Zip

));

# for $banned_namepath_re, a new-style of banned table, see amavisd.conf-sample

$banned_filename_re = new_RE(

# qr'^UNDECIPHERABLE$', # is or contains any undecipherable components

# block certain double extensions anywhere in the base name

qr'\.[^./]*[A-Za-z][^./]*\.(exe|vbs|pif|scr|bat|cmd|com|cpl|dll)\.?$'i,

# qr'\{[0-9a-z]{4,}(-[0-9a-z]{4,}){0,7}\}?'i, # Class ID extensions - CLSID

qr'^application/x-msdownload$'i, # block these MIME types

qr'^application/x-msdos-progra***'i,

qr'^application/hta$'i,

# qr'^message/partial$'i, # rfc2046 MIME type

# qr'^message/external-body$'i, # rfc2046 MIME type

# [ qr'^\.(Z|gz|bz2)$' => 0 ], # allow any in Unix-compressed

[ qr'^\.(rpm|cpio|tar)$' => 0 ], # allow any in Unix-type archives

# [ qr'^\.(zip|rar|arc|arj|zoo)$'=> 0 ], # allow any within such archives

qr'.\.(exe|vbs|pif|scr|bat|cmd|com|cpl)$'i, # banned extension - basic

# qr'.\.(ade|adp|app|bas|bat|chm|cmd|com|cpl|crt|emf|exe|fxp|grp|hlp|hta|

# inf|ins|isp|js|jse|lnk|mda|mdb|mde|mdw|mdt|mdz|msc|msi|msp|mst|

# ops|pcd|pif|prg|reg|scr|sct|shb|shs|vb|vbe|vbs|

# wmf|wsc|wsf|wsh)$'ix, # banned ext - long

# qr'.\.(mim|b64|bhx|hqx|xxe|uu|uue)$'i, # banned extension - WinZip vulnerab.

qr'^\.(exe-ms)$', # banned file(1) types

# qr'^\.(exe|lha|tnef|cab|dll)$', # banned file(1) types

);

# See http://support.microsoft.com/default.aspx?scid=kb;EN-US;q262631

# and http://www.cknow.com/vtutor/vtextensions.htm

# ENVELOPE SENDER SOFT-WHITELISTING / SOFT-BLACKLISTING

@score_sender_maps = ({ # a by-recipient hash lookup table,

# results from all matching recipient tables are summed

# ## per-recipient personal tables (NOTE: positive: black, negative: white)

# 'user1@example.com' => [{'bla-mobile.press@example.com' => 10.0}],

# 'user3@example.com' => [{'.ebay.com' => -3.0}],

# 'user4@example.com' => [{'cleargreen@cleargreen.com' => -7.0,

# '.cleargreen.com' => -5.0}],

## site-wide opinions about senders (the '.' matches any recipient)

'.' => [ # the _first_ matching sender determines the score boost

new_RE( # regexp-type lookup table, just happens to be all soft-blacklist

[qr'^(bulkmail|offers|cheapbenefits|earnmoney|foryou)@'i => 5.0],

[qr'^(greatcasino|investments|lose_weight_today|market\.alert)@'i=> 5.0],

[qr'^(money2you|MyGreenCard|new\.tld\.registry|opt-out|opt-in)@'i=> 5.0],

[qr'^(optin|saveonlsmoking2002k|specialoffer|specialoffers)@'i => 5.0],

[qr'^(stockalert|stopsnoring|wantsome|workathome|yesitsfree)@'i => 5.0],

[qr'^(your_friend|greatoffers)@'i => 5.0],

[qr'^(inkjetplanet|marketopt|MakeMoney)\d*@'i => 5.0],

),

# read_hash("/var/amavis/sender_scores_sitewide"),

{ # a hash-type lookup table (associative array)

'nobody@cert.org' => -3.0,

'cert-advisory@us-cert.gov' => -3.0,

'owner-alert@iss.net' => -3.0,

'slashdot@slashdot.org' => -3.0,

'bugtraq@securityfocus.com' => -3.0,

'ntbugtraq@listserv.ntbugtraq.com' => -3.0,

'security-alerts@linuxsecurity.com' => -3.0,

'mailman-announce-admin@python.org' => -3.0,

'amavis-user-admin@lists.sourceforge.net'=> -3.0,

'notification-return@lists.sophos.com' => -3.0,

'owner-postfix-users@postfix.org' => -3.0,

'owner-postfix-announce@postfix.org' => -3.0,

'owner-sendmail-announce@lists.sendmail.org' => -3.0,

'sendmail-announce-request@lists.sendmail.org' => -3.0,

'donotreply@sendmail.org' => -3.0,

'ca+envelope@sendmail.org' => -3.0,

'noreply@freshmeat.net' => -3.0,

'owner-technews@postel.acm.org' => -3.0,

'ietf-123-owner@loki.ietf.org' => -3.0,

'cvs-commits-list-admin@gnome.org' => -3.0,

'rt-users-admin@lists.fsck.com' => -3.0,

'clp-request@comp.nus.edu.sg' => -3.0,

'surveys-errors@lists.nua.ie' => -3.0,

'emailnews@genomeweb.com' => -5.0,

'yahoo-dev-null@yahoo-inc.com' => -3.0,

'returns.groups.yahoo.com' => -3.0,

'clusternews@linuxnetworx.com' => -3.0,

lc('lvs-users-admin@LinuxVirtualServer.org') => -3.0,

lc('owner-textbreakingnews@CNNIMAIL12.CNN.COM') => -5.0,

# soft-blacklisting (positive score)

'sender@example.net' => 3.0,

'.example.net' => 1.0,

},

], # end of site-wide tables

});

@decoders = (

['mail', \&do_mime_decode],

['asc', \&do_ascii],

['uue', \&do_ascii],

['hqx', \&do_ascii],

['ync', \&do_ascii],

['F', \&do_uncompress, ['unfreeze','freeze -d','melt','fcat'] ],

['Z', \&do_uncompress, ['uncompress','gzip -d','zcat'] ],

['gz', \&do_gunzip],

['gz', \&do_uncompress, 'gzip -d'],

['bz2', \&do_uncompress, 'bzip2 -d'],

['lzo', \&do_uncompress, 'lzop -d'],

['rpm', \&do_uncompress, ['rpm2cpio.pl','rpm2cpio'] ],

['cpio', \&do_pax_cpio, ['pax','gcpio','cpio'] ],

['tar', \&do_pax_cpio, ['pax','gcpio','cpio'] ],

['tar', \&do_tar],

['deb', \&do_ar, 'ar'],

# ['a', \&do_ar, 'ar'], # unpacking .a seems an overkill

['zip', \&do_unzip],

['rar', \&do_unrar, ['rar','unrar'] ],

['arj', \&do_unarj, ['arj','unarj'] ],

['arc', \&do_arc, ['nomarch','arc'] ],

['zoo', \&do_zoo, 'zoo'],

['lha', \&do_lha, 'lha'],

# ['doc', \&do_ole, 'ripole'],

['cab', \&do_cabextract, 'cabextract'],

['tnef', \&do_tnef_ext, 'tnef'],

['tnef', \&do_tnef],

['exe', \&do_executable, ['rar','unrar'], 'lha', ['arj','unarj'] ],

);

@av_scanners = (

# ### http://www.vanja.com/tools/sophie/

# ['Sophie',

# \&ask_daemon, ["{}/\n", '/var/run/sophie'],

# qr/(?x)^ 0+ ( : | [\000\r\n]* $)/, qr/(?x)^ 1 ( : | [\000\r\n]* $)/,

# qr/(?x)^ [-+]? \d+ : (.*?) [\000\r\n]* $/ ],

# ### http://www.csupomona.edu/~henson/www/projects/SAVI-Perl/

# ['Sophos SAVI', \&sophos_savi ],

# ### http://www.clamav.net/

# ['ClamAV-clamd',

# \&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd"],

# qr/\bOK$/, qr/\bFOUND$/,

# qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],

# # NOTE: the easiest is to run clamd under the same user as amavisd; match the

# # socket name (LocalSocket) in clamav.conf to the socket name in this entry

# # When running chrooted one may prefer: ["CONTSCAN {}\n","$MYHOME/clamd"],

# ### http://www.clamav.net/ and CPAN (memory-hungry! clamd is preferred)

# ['Mail::ClamAV', \&ask_clamav, "*", [0], [1], qr/^INFECTED: (.+)/],

# ### http://www.openantivirus.org/

# ['OpenAntiVirus ScannerDaemon (OAV)',

# \&ask_daemon, ["SCAN {}\n", '127.0.0.1:8127'],

# qr/^OK/, qr/^FOUND: /, qr/^FOUND: (.+)/ ],

# ### http://www.vanja.com/tools/trophie/

# ['Trophie',

# \&ask_daemon, ["{}/\n", '/var/run/trophie'],

# qr/(?x)^ 0+ ( : | [\000\r\n]* $)/, qr/(?x)^ 1 ( : | [\000\r\n]* $)/,

# qr/(?x)^ [-+]? \d+ : (.*?) [\000\r\n]* $/ ],

# ### http://www.grisoft.com/

# ['AVG Anti-Virus',

# \&ask_daemon, ["SCAN {}\n", '127.0.0.1:55555'],

# qr/^200/, qr/^403/, qr/^403 .*?: ([^\r\n]+)/ ],

# ### http://www.f-prot.com/

# ['FRISK F-Prot Daemon',

# \&ask_daemon,

# ["GET {}/*?-dumb%20-archive%20-packed HTTP/1.0\r\n\r\n",

# ['127.0.0.1:10200','127.0.0.1:10201','127.0.0.1:10202',

# '127.0.0.1:10203','127.0.0.1:10204'] ],

# qr/(?i)<summary[^>]*>clean<\/summary>/,

# qr/(?i)<summary[^>]*>infected<\/summary>/,

# qr/(?i)<name>(.+)<\/name>/ ],

# ### http://www.sald.com/, http://www.dials.ru/english/, http://www.drweb.ru/

# ['DrWebD', \&ask_daemon, # DrWebD 4.31 or later

# [pack('N',1). # DRWEBD_SCAN_CMD

# pack('N',0x00280001). # DONT_CHANGEMAIL, IS_MAIL, RETURN_VIRUSES

# pack('N', # path length

# length("$TEMPBASE/amavis-yyyymmddTHHMMSS-xxxxx/parts/pxxx")).

# '{}/*'. # path

# pack('N',0). # content size

# pack('N',0),

# '/var/drweb/run/drwebd.sock',

# # '/var/amavis/var/run/drwebd.sock', # suitable for chroot

# # '/usr/local/drweb/run/drwebd.sock', # FreeBSD drweb ports default

# # '127.0.0.1:3000', # or over an inet socket

# ],

# qr/\A\x00[\x10\x11][\x00\x10]\x00/s, # IS_CLEAN,EVAL_KEY; SKIPPED

# qr/\A\x00[\x00\x01][\x00\x10][\x20\x40\x80]/s, # KNOWN_V,UNKNOWN_V,V._MODIF

# qr/\A.{12}(?:infected with )?([^\x00]+)\x00/s,

# ],

# # NOTE: If using amavis-milter, change length to:

# # length("$TEMPBASE/amavis-milter-xxxxxxxxxxxxxx/parts/pxxx").

[.RJ.]

### http://www.kaspersky.com/ (in the 'file server version')

['KasperskyLab AVP - aveclient',

['/usr/local/kav/bin/aveclient','/usr/local/share/kav/bin/aveclient',

'/opt/kav/bin/aveclient','aveclient'],

'-p /var/run/aveserver -s {}/*', [0,3,6,8], qr/\b(INFECTED|SUSPICION)\b/,

qr/(?:INFECTED|SUSPICION) (.+)/,

],

### http://www.kaspersky.com/

['KasperskyLab AntiViral Toolkit Pro (AVP)', ['avp'],

'-* -P -B -Y -O- {}', [0,3,6,8], [2,4], # any use for -A -K ?

qr/infected: (.+)/,

sub {chdir('/opt/AVP') or die "Can't chdir to AVP: $!"},

sub {chdir($TEMPBASE) or die "Can't chdir back to $TEMPBASE $!"},

],

### The kavdaemon and AVPDaemonClient have been removed from Kasperky

### products and replaced by aveserver and aveclient

['KasperskyLab AVPDaemonClient',

[ '/opt/AVP/kavdaemon', 'kavdaemon',

'/opt/AVP/AvpDaemonClient', 'AvpDaemonClient',

'/opt/AVP/AvpTeamDream', 'AvpTeamDream',

'/opt/AVP/avpdc', 'avpdc' ],

"-f=$TEMPBASE {}", [0,8], [3,4,5,6], qr/infected: ([^\r\n]+)/ ],

# change the startup-script in /etc/init.d/kavd to:

# DPARMS="-* -Y -dl -f=/var/amavis /var/amavis"

# (or perhaps: DPARMS="-I0 -Y -* /var/amavis" )

# adjusting /var/amavis above to match your $TEMPBASE.

# The '-f=/var/amavis' is needed if not running it as root, so it

# can find, read, and write its pid file, etc., see 'man kavdaemon'.

# defUnix.prf: there must be an entry "*/var/amavis" (or whatever

# directory $TEMPBASE specifies) in the 'Names=' section.

# cd /opt/AVP/DaemonClients; configure; cd Sample; make

# cp AvpDaemonClient /opt/AVP/

# su - vscan -c "${PREFIX}/kavdaemon ${DPARMS}"

### http://www.centralcommand.com/

['CentralCommand Vexira (new) vascan',

['vascan','/usr/lib/Vexira/vascan'],

"-a s --timeout=60 --temp=$TEMPBASE -y $QUARANTINEDIR ".

"--vdb=/usr/lib/Vexira/vexira8.vdb --log=/var/log/vascan.log {}",

[0,3], [1,2,5],

qr/(?x)^\s* (?:virus|iworm|macro|mutant|sequence|trojan)\ found:\ ( [^\]\s']+ )\ \.\.\.\ / ],

# Adjust the path of the binary and the virus database as needed.

# 'vascan' does not allow to have the temp directory to be the same as

# the quarantine directory, and the quarantine option can not be disabled.

# If $QUARANTINEDIR is not used, then another directory must be specified

# to appease 'vascan'. Move status 3 to the second list if password

# protected files are to be considered infected.

### http://www.hbedv.com/

['H+BEDV AntiVir or the (old) CentralCommand Vexira Antivirus',

['antivir','vexira'],

'--allfiles -noboot -nombr -rs -s -z {}', [0], qr/ALERT:|VIRUS:/,

qr/(?x)^\s* (?: ALERT: \s* (?: \[ | [^']* ' ) |

(?i) VIRUS:\ .*?\ virus\ '?) ( [^\]\s']+ )/ ],

# NOTE: if you only have a demo version, remove -z and add 214, as in:

# '--allfiles -noboot -nombr -rs -s {}', [0,214], qr/ALERT:|VIRUS:/,

### http://www.commandsoftware.com/

['Command AntiVirus for Linux', 'csav',

'-all -archive -packed {}', [50], [51,52,53],

qr/Infection: (.+)/ ],

### http://www.symantec.com/

['Symantec CarrierScan via Symantec CommandLineScanner',

'cscmdline', '-a scan -i 1 -v -s 127.0.0.1:7777 {}',

qr/^Files Infected:\s+0$/, qr/^Infected\b/,

qr/^(?:Info|Virus Name):\s+(.+)/ ],

### http://www.symantec.com/

['Symantec AntiVirus Scan Engine',

'savsecls', '-server 127.0.0.1:7777 -mode scanrepair -details -verbose {}',

[0], qr/^Infected\b/,

qr/^(?:Info|Virus Name):\s+(.+)/ ],

# NOTE: check options and patterns to see which entry better applies

### http://www.f-secure.com/products/anti-virus/

['F-Secure Antivirus', 'fsav',

'--dumb --mime --archive {}', [0], [3,8],

qr/(?:infection|Infected|Suspected): (.+)/ ],

['CAI InoculateIT', 'inocucmd', # retired product

'-sec -nex {}', [0], [100],

qr/was infected by virus (.+)/ ],

# see: http://www.flatmtn.com/computer/Linux-Antivirus_CAI.html

### http://www3.ca.com/Solutions/Product.asp?ID=156 (ex InoculateIT)

['CAI eTrust Antivirus', 'etrust-wrapper',

'-arc -nex -spm h {}', [0], [101],

qr/is infected by virus: (.+)/ ],

# NOTE: requires suid wrapper around inocmd32; consider flag: -mod reviewer

# see http://marc.theaimsgroup.com/?l=amavis-user&m=109229779912783

### http://mks.com.pl/english.html

['MkS_Vir for Linux (beta)', ['mks32','mks'],

'-s {}/*', [0], [1,2],

qr/--[ \t]*(.+)/ ],

### http://mks.com.pl/english.html

['MkS_Vir daemon', 'mksscan',

'-s -q {}', [0], [1..7],

qr/^... (\S+)/ ],

### http://www.nod32.com/

['ESET Software NOD32', 'nod32',

'--arch --mail {}', [0], [1,10], qr/^object=.*, virus="(.*?)",/ ],

# with old versions use:

# '-all -subdir+ {}', [0], [1,2],

# qr/^.+? - (.+?)\s*(?:backdoor|joke|trojan|virus|worm)/ ],

### http://www.nod32.com/

['ESET Software NOD32 - Client/Server Version', 'nod32cli',

'-a -r -d recurse --heur standard {}', [0], [10,11],

qr/^\S+\s+infected:\s+(.+)/ ],

# Experimental, based on posting from Rado Dibarbora (Dibo) on 2002-05-31

# ['ESET Software NOD32 Client/Server (NOD32SS)',

# \&ask_daemon2, # greets with 200, persistent, terminate with QUIT

# ["SCAN {}/*\r\n", '127.0.0.1:8448' ],

# qr/^200 File OK/, qr/^201 /, qr/^201 (.+)/ ],

### http://www.norman.com/products_nvc.shtml

['Norman Virus Control v5 / Linux', 'nvcc',

'-c -l:0 -s -u -temp:$TEMPBASE {}', [0,10,11], [1,2,14],

qr/(?i).* virus in .* -> \'(.+)\'/ ],

### http://www.pandasoftware.com/

['Panda Antivirus for Linux', ['pavcl'],

'-aut -aex -heu -cmp -nbr -nor -nso -eng {}',

qr/Number of files infected[ .]*: 0+(?!\d)/,

qr/Number of files infected[ .]*: 0*[1-9]/,

qr/Found virus :\s*(\S+)/ ],

### http://www.nai.com/

['NAI McAfee AntiVirus (uvscan)', 'uvscan',

'--secure -rv --mime --summary --noboot - {}', [0], [13],

qr/(?x) Found (?:

\ the\ (.+)\ (?:virus|trojan) |

\ (?:virus|trojan)\ or\ variant\ ([^ ]+) |

:\ (.+)\ NOT\ a\ virus)/,

# sub {$ENV{LD_PRELOAD}='/lib/libc.so.6'},

# sub {delete $ENV{LD_PRELOAD}},

],

# NOTE1: with RH9: force the dynamic linker to look at /lib/libc.so.6 before

# anything else by setting environment variable LD_PRELOAD=/lib/libc.so.6

# and then clear it when finished to avoid confusing anything else.

# NOTE2: to treat encrypted files as viruses replace the [13] with:

# qr/^\s{5,}(Found|is password-protected|.*(virus|trojan))/

### http://www.virusbuster.hu/en/

['VirusBuster', ['vbuster', 'vbengcl'],

"{} -ss -i '*' -log=$MYHOME/vbuster.log", [0], [1],

qr/: '(.*)' - Virus/ ],

# VirusBuster Ltd. does not support the daemon version for the workstation

# engine (vbuster-eng-1.12-linux-i386-libc6.tgz) any longer. The names of

# binaries, some parameters AND return codes have changed (from 3 to 1).

# See also the new Vexira entry 'vascan' which is possibly related.

# ### http://www.virusbuster.hu/en/

# ['VirusBuster (Client + Daemon)', 'vbengd',

# '-f -log scandir {}', [0], [3],

# qr/Virus found = (.*);/ ],

# # HINT: for an infected file it always returns 3,

# # although the man-page tells a different story

### http://www.cyber.com/

['CyberSoft VFind', 'vfind',

'--vexit {}/*', [0], [23], qr/##==>>>> VIRUS ID: CVDL (.+)/,

# sub {$ENV{VSTK_HOME}='/usr/lib/vstk'},

],

### http://www.ikarus-software.com/

['Ikarus AntiVirus for Linux', 'ikarus',

'{}', [0], [40], qr/Signature (.+) found/ ],

### http://www.bitdefender.com/

['BitDefender', 'bdc',

'--all --arc --mail {}', qr/^Infected files *:0+(?!\d)/,

qr/^(?:Infected files|Identified viruses|Suspect files) *:0*[1-9]/,

qr/(?:suspected|infected): (.*)(?:\033|$)/ ],

# ['File::Scan', sub {Amavis::AV::ask_av(sub{

# use File::Scan; my($fn)=@_;

# my($f)=File::Scan->new(max_txt_size=>0, max_bin_size=>0);

# my($vname) = $f->scan($fn);

# $f->error ? (2,"Error: ".$f->error)

# : ($vname ne '') ? (1,"$vname FOUND") : (0,"Clean")}, @_) },

# ["{}/*"], [0], [1], qr/^(.*) FOUND$/ ],

);

@av_scanners_backup = (

### http://www.clamav.net/ - backs up clamd or Mail::ClamAV

['ClamAV-clamscan', 'clamscan',

"--stdout --disable-summary -r --tempdir=$TEMPBASE {}", [0], [1],

qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],

### http://www.f-prot.com/ - backs up F-Prot Daemon

['FRISK F-Prot Antivirus', ['f-prot','f-prot.sh'],

'-dumb -archive -packed {}', [0,8], [3,6],

qr/Infection: (.+)|\s+contains\s+(.+)$/ ],

### http://www.trendmicro.com/ - backs up Trophie

['Trend Micro FileScanner', ['/etc/iscan/vscan','vscan'],

'-za -a {}', [0], qr/Found virus/, qr/Found virus (.+) in/ ],

### http://www.sald.com/, http://drweb.imshop.de/ - backs up DrWebD

['drweb - DrWeb Antivirus',

['/usr/local/drweb/drweb', '/opt/drweb/drweb', 'drweb'],

'-path={} -al -go -ot -cn -upn -ok-',

[0,32], [1,9,33], qr' infected (?:with|by)(?: virus)? (.*)$'],

['KasperskyLab kavscanner', ['/opt/kav/bin/kavscanner','kavscanner'],

'-i1 -xp {}', [0,10,15], [5,20,21,25],

qr/(?:CURED|INFECTED|CUREFAILED|WARNING|SUSPICION) (.*)/ ,

sub {chdir('/opt/kav/bin') or die "Can't chdir to kav: $!"},

sub {chdir($TEMPBASE) or die "Can't chdir back to $TEMPBASE $!"},

],

);

1; # insure a defined return

[Wolle]

habe ein Problem mit meiner Konfig von Amavis

Und was für eins?

[.RJ.]

es scheint nicht zu laufen und ich weiß nicht woran das noch liegen kann... die mails kommen nicht an, sondern gehen zurück an den absender.

es kommt die meldung:

Host or domain name not found. Name service error for name=localhost type=A: Host not found

[Monty82]

Wie sieht denn die Postfix Konfiguration aus?

postconf -n

Und die master.cf würde mich auch interessieren (Bitte keine Kommentarzeilen posten )

Welche Postfix-Version?

[.RJ.]

version postfix-2.2.3

postconf -n :

command_directory = /usr/sbin

config_directory = /etc/postfix

daemon_directory = /usr/libexec/postfix

debug_peer_level = 2

html_directory = no

mail_owner = postfix

mailq_path = /usr/bin/mailq

manpage_directory = /usr/local/man

myhostname = name.domain.de

newaliases_path = /usr/bin/newaliases

queue_directory = /var/spool/postfix

readme_directory = no

sample_directory = /etc/postfix

sendmail_path = /usr/sbin/sendmail

setgid_group = maildrop

unknown_local_recipient_reject_code = 550

master.cf :

smtp inet n - n - 2 smtpd

-o content_filter=smtp:[localhost]:10024

127.0.0.1:10025 inet n - y - - smtpd

-o content_filter=

-o local_recipient_maps=

-o relay_recipient_maps=

-o smtpd_restriction_classes=

-o smtpd_client_restrictions=

-o smtpd_helo_restrictions=

-o smtpd_sender_restrictions=

-o smtpd_recipient_restrictions=permit_mynetworks,reject

-o mynetworks=127.0.0.0/8

-o strict_rfc821_envelopes=yes

pickup fifo n - n 60 1 pickup

cleanup unix n - n - 0 cleanup

qmgr fifo n - n 300 1 qmgr

tlsmgr unix - - n 1000? 1 tlsmgr

rewrite unix - - n - - trivial-rewrite

bounce unix - - n - 0 bounce

defer unix - - n - 0 bounce

trace unix - - n - 0 bounce

verify unix - - n - 1 verify

flush unix n - n 1000? 0 flush

proxymap unix - - n - - proxymap

smtp unix - - n - - smtp

relay unix - - n - - smtp

-o fallback_relay=

showq unix n - n - - showq

error unix - - n - - error

discard unix - - n - - discard

local unix - n n - - local

virtual unix - n n - - virtual

lmtp unix - - n - - lmtp

anvil unix - - n - 1 anvil

scache unix - - n - 1 scache

maildrop unix - n n - - pipe

flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}

old-cyrus unix - n n - - pipe

flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}

cyrus unix - n n - - pipe

user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}

uucp unix - n n - - pipe

flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)

ifmail unix - n n - - pipe

flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)

bsmtp unix - n n - - pipe

flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient

[Monty82]

Schonmal anstelle von

smtp inet n - n - 2 smtpd

-o content_filter=smtp:[[B]localhost[/B]]:10024

127.0.0.1 probiert? Wie sieht Deine hosts-Datei aus? Was liefert ein

host -t A localhost

?

Läuft Postfix in einem Chroot?

[.RJ.]

habs mal durch die 127.0.0.1 ersetzt, fehler tritt aber immer noch auf

hosts :

127.0.0.1 localhost

# special IPv6 addresses

#::1 localhost ipv6-localhost ipv6-loopback

#fe00::0 ipv6-localnet

#ff00::0 ipv6-mcastprefix

#ff02::1 ipv6-allnodes

#ff02::2 ipv6-allrouters

#ff02::3 ipv6-allhosts

127.0.0.2 name.site name

habe da das ipv6 krams grad auskommentiert, glaub nicht das ich das brauche, der rest scheint aber trotzdem zu passen...

host -t A localhost :

localhost has address 127.0.0.1

drwxr-xr-x 2 root root 936 May 30 14:21 postfix/

[Monty82]

Der gleiche Fehler tritt noch auf??

Hast Du danach mal ein "postfix reload" gemacht?

Zumindst dürfte im Fehler jetzt nicht mehr localhost stehen....

[.RJ.]

YAHOOOOOO DANKE DIR !!!

die mail ist angekommen!!

der reload hats dann gebracht