Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-server

From: Ben Munat <bent@×××××.com>
To: gentoo-server@l.g.o
Subject: Re: [gentoo-server] amavisd-new disaster
Date: Fri, 03 Aug 2007 19:19:23
Message-Id: 46B37E94.6040903@munat.com
In Reply to: [gentoo-server] amavisd-new disaster by Jonathan Nichols
1 After my last hair-pulling experience with amavis, here's what I would do: amavisd usually logs to
2 /var/amavis/amavis.log; check in there for error messages.
3
4 If there's anything in there about permissions (or could not read file, or something like that),
5 then you've probably been bitten by the amavis/clamd ownership issues like I was. If amavisd is is
6 running as the amavis user, then there is clamd stuff needs to be writable by amavis... meaning
7 either give it a common group or just chown it to amavis.
8
9 Sorry I can't remember the specifics, but this should nudge you in the right direction...uh, unless
10 it's not a permission thing at all of course.
11
12 Hope this helps,
13
14 Ben
15
16
17 Jonathan Nichols wrote:
18 > Hey everyone. I just today updated to amavisd-new 2.4.1 and am having a
19 > problem that I cannot solve.
20 >
21 > Here's my forum post about it:
22 >
23 > http://forums.gentoo.org/viewtopic-p-4171870.html#4171870
24 >
25 > If anybody has any ideas, let me know. It's listening properly but not
26 > scanning anything at all.
27 >
28 > Here's my entire amavisd.conf file if anyone has any ideas.
29 >
30 >
31 >
32 > use strict;
33 >
34 > # Sample configuration file for amavisd-new (traditional style, chatty,
35 > # you may prefer to start with the more concise supplied amavisd.conf)
36 > #
37 > # See amavisd.conf-default for a list of all variables with their defaults;
38 > # for more details see documentation in INSTALL, README_FILES/*
39 > # and at http://www.ijs.si/software/amavisd/amavisd-new-docs.html
40 >
41 > # This software is licensed under the GNU General Public License (GPL).
42 > # See comments at the start of amavisd-new for the whole license text.
43 >
44 > #Sections:
45 > # Section I - Essential daemon and MTA settings
46 > # Section II - MTA specific
47 > # Section III - Logging
48 > # Section IV - Notifications/DSN, bounce/reject/discard/pass, quarantine
49 > # Section V - Per-recipient and per-sender handling, whitelisting, etc.
50 > # Section VI - Resource limits
51 > # Section VII - External programs, virus scanners, SpamAssassin
52 > # Section VIII - Debugging
53 > # Section IX - Policy banks (dynamic policy switching)
54 >
55 > #GENERAL NOTES:
56 > # This file is a normal Perl code, interpreted by Perl itself.
57 > # - make sure this file (or directory where it resides) is NOT WRITABLE
58 > # by mere mortals (not even vscan/amavis; best to make it owned by
59 > root),
60 > # otherwise it can represent a severe security risk!
61 > # - for values which are interpreted as booleans, it is recommended
62 > # to use 1 for true, and 0 or undef or '' for false;
63 > # Note that this interpretation of boolean values does not apply
64 > directly
65 > # to LDAP and SQL lookups, which follow their own rules - see
66 > README.lookups
67 > # and README.ldap (in short: use Y/N in SQL, and TRUE/FALSE in LDAP);
68 > # - Perl syntax applies. Most notably: strings in "" may include variables
69 > # (which start with $ or @); to include characters $ and @ and \ in
70 > double
71 > # quoted strings precede them by a backslash; in single-quoted strings
72 > # the $ and @ lose their special meaning, so it is usually easier to use
73 > # single quoted strings (or qw operator) for e-mail addresses.
74 > # In both types of quoting a backslash should to be doubled.
75 > # - variables with names starting with a '@' are lists, the values
76 > assigned
77 > # to them should be lists too, e.g. ('one@foo', $mydomain, "three");
78 > # note the comma-separation and parenthesis. If strings in the list
79 > # do not contain spaces nor variables, a Perl operator qw() may be used
80 > # as a shorthand to split its argument on whitespace and produce a list
81 > # of strings, e.g. qw( one@foo example.com three ); Note that the
82 > argument
83 > # to qw is quoted implicitly and no variable interpretation is done
84 > within
85 > # (no '$' variable evaluations). The #-initiated comments can NOT be
86 > used
87 > # within a string. In other words, $ and # lose their special meaning
88 > # within a qw argument, just like within '...' strings.
89 > # - all e-mail addresses in this file and as used internally by the daemon
90 > # are in their raw (rfc2821-unquoted and non-bracketed) form, i.e.
91 > # Bob "Funny" Dude@×××××××.com, not: "Bob \"Funny\" Dude"@example.com
92 > # and not <"Bob \"Funny\" Dude"@example.com>; also: '' and not '<>'.
93 > # - the term 'default value' in examples below refers to the value of a
94 > # variable pre-assigned to it by the program; any explicit assignment
95 > # to a variable in this configuration file overrides the default value;
96 >
97 >
98 > #
99 > # Section I - Essential daemon and MTA settings
100 > #
101 >
102 > # $MYHOME serves as a quick default for some other configuration settings.
103 > # More refined control is available with each individual setting further
104 > down.
105 > # $MYHOME is not used directly by the program. No trailing slash!
106 > $MYHOME = '/var/run/amavis'; # (default is '/var/amavis')
107 >
108 > # $mydomain serves as a quick default for some other configuration
109 > settings.
110 > # More refined control is available with each individual setting further
111 > down.
112 > # $mydomain is never used directly by the program.
113 > $mydomain = 'pbp.net'; # (no useful default)
114 >
115 > # $myhostname = 'host.example.com'; # fqdn of this host, default by
116 > uname(3)
117 > $myhostname = 'mailgate.pbp.net';
118 >
119 > # Set the user and group to which the daemon will change if started as root
120 > # (otherwise just keeps the UID unchanged, and these settings have no
121 > effect):
122 > $daemon_user = 'amavis'; # (no default; customary: vscan or amavis)
123 > $daemon_group = 'amavis'; # (no default; customary: vscan or amavis
124 > or sweep)
125 >
126 > # Runtime working directory (cwd), and a place where
127 > # temporary directories for unpacking mail are created.
128 > # (no trailing slash, may be a scratch file system)
129 > #$TEMPBASE = $MYHOME; # (must be set if other config vars use
130 > is)
131 > $TEMPBASE = "$MYHOME/tmp"; # prefer to keep home dir /var/amavis clean?
132 >
133 > #$db_home = "$MYHOME/db"; # DB databases directory, default "$MYHOME/db"
134 >
135 > # $helpers_home sets environment variable HOME, and is passed as option
136 > # 'home_dir_for_helpers' to Mail::SpamAssassin::new. It should be a
137 > directory
138 > # on a normal persistent file system, not a scratch or temporary file
139 > system
140 > #$helpers_home = $MYHOME; # (defaults to $MYHOME)
141 >
142 > # Run the daemon in the specified chroot jail if nonempty:
143 > #$daemon_chroot_dir = $MYHOME; # (default is undef, meaning: do not
144 > chroot)
145 >
146 > $pid_file = "$MYHOME/amavisd.pid"; # (default is "$MYHOME/amavisd.pid")
147 > #$lock_file = "$MYHOME/amavisd.lock"; # (default is "$MYHOME/amavisd.lock")
148 >
149 > # set environment variables if you want (no defaults):
150 > $ENV{TMPDIR} = $TEMPBASE; # wise to set TMPDIR, but not obligatory
151 > #...
152 >
153 > $enable_db = 1; # enable use of BerkeleyDB/libdb (SNMP and
154 > nanny)
155 > $enable_global_cache = 1; # enable use of libdb-based cache if
156 > $enable_db=1
157 >
158 > # MTA SETTINGS, UNCOMMENT AS APPROPRIATE,
159 > # both $forward_method and $notify_method default to
160 > 'smtp:[127.0.0.1]:10025'
161 >
162 > # POSTFIX, or SENDMAIL in dual-MTA setup, or EXIM V4
163 > # (set host and port number as required; host can be specified
164 > # as an IP address or a DNS name (A or CNAME, but MX is ignored)
165 > #$forward_method = 'smtp:[127.0.0.1]:10025'; # where to forward checked
166 > mail
167 > #$notify_method = $forward_method; # where to submit
168 > notifications
169 >
170 > #$os_fingerprint_method = 'p0f:127.0.0.1:2345'; # query p0f-analyzer.pl
171 >
172 > # To make it possible for several hosts to share one content checking
173 > daemon,
174 > # the IP address and/or the port number in $forward_method and
175 > $notify_method
176 > # may be spacified as an asterisk. An asterisk in the colon-separated
177 > # second field (host) will be replaced by the SMTP client peer address,
178 > # An asterisk in the third field (tcp port) will be replaced by the
179 > incoming
180 > # SMTP/LMTP session port number plus one. This obsoletes the previously
181 > used
182 > # less flexible configuration parameter $relayhost_is_client. An example:
183 > # $forward_method = 'smtp:*:*'; $notify_method = 'smtp:*:10587';
184 >
185 >
186 > # NOTE: The defaults (above) are good for Postfix or dual-sendmail. You
187 > MUST
188 > # uncomment the appropriate settings below if using other setups!
189 >
190 > # SENDMAIL MILTER, using amavis-milter.c helper program:
191 > #$forward_method = undef; # no explicit forwarding, sendmail does it by
192 > itself
193 > # milter; option -odd is needed to avoid deadlocks
194 > #$notify_method = 'pipe:flags=q argv=/usr/sbin/sendmail -Ac -i -odd -f
195 > ${sender} -- ${recipient}';
196 > # just a thought: can we use use -Am instead of -odd ?
197 >
198 > # SENDMAIL (old non-milter setup, as relay, deprecated):
199 > #$forward_method = 'pipe:flags=q argv=/usr/sbin/sendmail
200 > -C/etc/sendmail.orig.cf -i -f ${sender} -- ${recipient}';
201 > #$notify_method = $forward_method;
202 >
203 > # SENDMAIL (old non-milter setup, amavis.c calls local delivery agent,
204 > deprecated):
205 > #$forward_method = undef; # no explicit forwarding, amavis.c will call LDA
206 > #$notify_method = 'pipe:flags=q argv=/usr/sbin/sendmail -Ac -i -f
207 > ${sender} -- ${recipient}';
208 >
209 > # EXIM v3 (not recommended with v4 or later, which can use SMTP setup
210 > instead):
211 > #$forward_method = 'pipe:flags=q argv=/usr/sbin/exim -oMr scanned-ok -i
212 > -f ${sender} -- ${recipient}';
213 > #$notify_method = $forward_method;
214 >
215 > # prefer to collect mail for forwarding as BSMTP files?
216 > #$forward_method = "bsmtp:$MYHOME/out-%i-%n.bsmtp";
217 > #$notify_method = $forward_method;
218 >
219 >
220 > # Net::Server pre-forking settings
221 > # The $max_servers should match the width of your MTA pipe
222 > # feeding amavisd, e.g. with Postfix the 'Max procs' field in the
223 > # master.cf file, like the '2' in the: smtp-amavis unix - - n - 2 smtp
224 > #
225 > $max_servers = 4; # number of pre-forked children (default 2)
226 > $max_requests = 20; # retire a child after that many accepts (default 10)
227 >
228 > $child_timeout=5*60; # abort child if it does not complete its
229 > processing in
230 > # approximately n seconds (default: 8*60 seconds)
231 >
232 > $smtpd_timeout = 120; # disconnect session if client is idle for too long
233 > # (default: 8*60 seconds); should be higher than a
234 > # Postfix setting max_idle (default 100s)
235 >
236 > # Here is a QUICK WAY to completely DISABLE some sections of code
237 > # that WE DO NOT WANT (it won't even be compiled-in).
238 > # For more refined controls leave the following two lines commented out,
239 > # and see further down what these two lookup lists really mean.
240 > #
241 > # @bypass_virus_checks_maps = (1); # uncomment to DISABLE anti-virus code
242 > # @bypass_spam_checks_maps = (1); # uncomment to DISABLE anti-spam code
243 > #
244 > # Any setting can be changed with a new assignment, so make sure
245 > # you do not unintentionally override these settings further down!
246 >
247 > # Check also the settings of @av_scanners at the end if you want to use
248 > # virus scanners. If not, you may want to delete the whole long assignment
249 > # to the variable @av_scanners and @av_scanners_backup, which will also
250 > # remove the virus checking code (e.g. if you only want to do spam
251 > scanning).
252 >
253 >
254 > # Lookup list of local domains (see README.lookups for syntax details)
255 > #
256 > # @local_domains_maps list of lookup tables are used in deciding whether a
257 > # recipient is local or not, or in other words, if the message is outgoing
258 > # or not. This affects inserting spam-related headers for local recipients,
259 > # limiting recipient virus notifications (if enabled) to local recipients,
260 > # in deciding if address extension may be appended, and in SQL lookups
261 > # for non-fqdn addresses. Set it up correctly if you need features
262 > # that rely on this setting (or just leave empty otherwise).
263 > #
264 > # With Postfix (2.0) a quick hint on what local domains normally are:
265 > # a union of domains specified in: mydestination, virtual_alias_domains,
266 > # virtual_mailbox_domains, and relay_domains.
267 >
268 > #@local_domains_maps = ( [".$mydomain"] ); # $mydomain and its subdomains
269 > #@local_domains_maps = ( ["."] ); # everything is local
270 > # @local_domains_maps = (); # default is empty list, no recip.
271 > considered local
272 > # @local_domains_maps = # using ACL lookup table
273 > # ( [ ".$mydomain", 'sub.example.net', '.example.com' ] );
274 > # @local_domains_maps = # similar, split list elements on whitespace
275 > # ( [qw( .example.com !host.sub.example.net .sub.example.net )] );
276 > # @local_domains_maps = ( new_RE( qr'[@.]example\.com$'i ) ); # using
277 > regexp
278 > # @local_domains_maps = ( read_hash("$MYHOME/local_domains") ); # using
279 > hash
280 > #@local_domains_maps = ( read_hash("/etc/postfix/relay") ); # using hash
281 >
282 >
283 > #or try..
284 > #@local_domains_maps = ( ["."] ); # everything is local
285 >
286 > #didn't work
287 > #@local_domains_maps = ( '.' ); # everything is local
288 >
289 > #didn't work
290 > #@local_domains_maps = ( 1 );
291 >
292 > #@local_domains_acl = qw();
293 >
294 > # perhaps combined with Postfix: mydestination =
295 > /var/amavis/local_domains
296 > # for debugging purposes: dump_hash($local_domains_maps[0]);
297 > #
298 > # Section II - MTA specific (defaults should be ok)
299 > #
300 >
301 > #$insert_received_line = 1; # behave like MTA: insert 'Received:'
302 > header
303 > # (does not apply to sendmail/milter)
304 > # (default is true)
305 >
306 > # AMAVIS-CLIENT PROTOCOL INPUT SETTINGS (e.g. with sendmail milter)
307 > # (used with amavis helper clients like amavis-milter.c and amavis.c,
308 > # NOT needed for Postfix or Exim or dual-sendmail - keep it undefined.
309 > $unix_socketname = "$MYHOME/amavisd.sock"; # amavis helper protocol socket
310 > #$unix_socketname = undef; # disable listening on a unix socket
311 > # (default is undef, i.e. disabled)
312 > # (usual setting is $MYHOME/amavisd.sock)
313 >
314 > # SMTP SERVER (INPUT) PROTOCOL SETTINGS (e.g. with Postfix, Exim v4, ...)
315 > # (used when MTA is configured to pass mail to amavisd via SMTP or LMTP)
316 > $inet_socket_port = 10024; # accept SMTP on this local TCP port
317 > # (default is undef, i.e. disabled)
318 > # multiple ports may be provided: $inet_socket_port = [10024, 10026,
319 > 10028];
320 >
321 > # SMTP SERVER (INPUT) access control
322 > # - do not allow free access to the amavisd SMTP port !!!
323 > #
324 > # when MTA is at the same host, use the following (one or the other or
325 > both):
326 > #$inet_socket_bind = '127.0.0.1'; # limit socket bind to loopback interface
327 > # (default is '127.0.0.1')
328 > @inet_acl = qw(127.0.0.1 [::1]); # allow SMTP access only from
329 > localhost IP
330 > # (default is qw(127.0.0.1 [::1]) )
331 >
332 > # when MTA (one or more) is on a different host, use the following:
333 > #@inet_acl = qw(127.0.0.0/8 [::1] 10.1.0.1 10.1.0.2); # adjust list as
334 > needed
335 > #$inet_socket_bind = undef; # bind to all IP interfaces if undef
336 >
337 > #
338 > # Example1:
339 > # @inet_acl = qw( 127/8 10/8 172.16/12 192.168/16 );
340 > # permit only SMTP access from loopback and rfc1918 private address space
341 > #
342 > # Example2:
343 > # @inet_acl = qw( !192.168.1.12 172.16.3.3 !172.16.3/255.255.255.0
344 > # 127.0.0.1 10/8 172.16/12 192.168/16 );
345 > # matches loopback and rfc1918 private address space except host
346 > 192.168.1.12
347 > # and net 172.16.3/24 (but host 172.16.3.3 within 172.16.3/24 still
348 > matches)
349 > #
350 > # Example3:
351 > # @inet_acl = qw( 127/8
352 > # !172.16.3.0 !172.16.3.127 172.16.3.0/25
353 > # !172.16.3.128 !172.16.3.255 172.16.3.128/25 );
354 > # matches loopback and both halves of the 172.16.3/24 C-class,
355 > # split into two subnets, except all four broadcast addresses
356 > # for these subnets
357 >
358 >
359 > # @mynetworks is an IP access list which determines if the original SMTP
360 > client
361 > # IP address belongs to our internal networks, i.e. mail is coming from
362 > inside.
363 > # It is much like the Postfix parameter 'mynetworks' in semantics and
364 > similar
365 > # in syntax, and its value should normally match the Postfix counterpart.
366 > # It only affects the value of a macro %l (=sender-is-local),
367 > # and the loading of policy 'MYNETS' if present (see below).
368 > # Note that '-o smtp_send_xforward_command=yes' (or its lmtp counterpart)
369 > # must be enabled in the Postfix service that feeds amavisd, otherwise
370 > # client IP address is not available to amavisd-new.
371 > #
372 > # @mynetworks = qw( 127.0.0.0/8 [::1] [FE80::]/10 [FEC0::]/10
373 > # 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 ); # default
374 > #
375 > # A list of networks can also be read from a file, either as an IP acl in
376 > # CIDR notation, one address per line (comments and empty lines are
377 > allowed):
378 > # @mynetworks_maps = (read_array('/etc/amavisd-mynetworks'),
379 > \@mynetworks);
380 > #
381 > # or less flexibly (but provides faster lookups for large lists) by reading
382 > # into a hash lookup table, which only allows for full addresses or
383 > classful
384 > # IPv4 subnets with truncated octets, such as 127, 10, 192.168,
385 > 10.11.12.13,
386 > # one address per line (comments and empty lines are allowed):
387 > # @mynetworks_maps = (read_hash('/etc/amavisd-mynetworks'),
388 > \@mynetworks);
389 >
390 > # See README.lookups for details on specifying access control lists.
391 >
392 >
393 > #
394 > # Section III - Logging
395 > #
396 >
397 > # true (e.g. 1) => syslog; false (e.g. 0) => logging to file
398 > $DO_SYSLOG = 1; # (defaults to 0)
399 >
400 > $syslog_ident = 'amavis'; # Syslog ident string (defaults to 'amavis')
401 > $syslog_facility = 'mail'; # Syslog facility as a string
402 > # e.g.: mail, daemon, user, local0, ... local7, ...
403 > $syslog_priority = 'debug'; # Syslog base (minimal) priority as a string,
404 > # choose from: emerg, alert, crit, err, warning, notice,
405 > info, debug
406 >
407 > # Log file (if not using syslog)
408 > $LOGFILE = "$MYHOME/amavis.log"; # (defaults to empty, no log)
409 >
410 > #NOTE: levels are not strictly observed and are somewhat arbitrary
411 > # 0: startup/exit/failure messages, viruses detected
412 > # 1: args passed from client, some more interesting messages
413 > # 2: virus scanner output, timing
414 > # 3: server, client
415 > # 4: decompose parts
416 > # 5: more debug details
417 > $log_level = 2; # (defaults to 0)
418 >
419 > # Customizable template for the most interesting log file entry (e.g. with
420 > # $log_level=0) (take care to properly quote Perl special characters
421 > like '\')
422 > # For a list of available macros see README.customize .
423 >
424 > # $log_templ = undef; # undef disables by-message level-0 log entries
425 > $log_recip_templ = undef; # undef disables by-recipient level-0 log
426 > entries
427 >
428 >
429 > # log both infected and noninfected messages (as deflt, with
430 > size,subj,tests):
431 > # (remove the leading '#' and a space in the following lines to activate)
432 >
433 > # $log_templ = <<'EOD';
434 > # [?%#D|#|Passed #
435 > # [? [:ccat_maj] |OTHER|CLEAN|TEMPFAIL|OVERSIZED|BAD-HEADER|SPAMMY|SPAM|\
436 > # UNCHECKED|BANNED (%F)|INFECTED (%V)]#
437 > # #([:ccat_maj],[:ccat_min])#
438 > # , [? %p ||%p ][?%a||[?%l||LOCAL ]\[%a\] ][?%e||\[%e\] ]%s -> [%D|,]#
439 > # [? %q ||, quarantine: %q]#
440 > # [? %Q ||, Queue-ID: %Q]#
441 > # [? %m ||, Message-ID: %m]#
442 > # [? %r ||, Resent-Message-ID: %r]#
443 > # , mail_id: %i#
444 > # , Hits: %c#
445 > # , size: %z#
446 > # [~[:remote_mta_smtp_response]|["^$"]||[", queued_as: "]]\
447 > # [remote_mta_smtp_response|[~%x|["queued as
448 > ([0-9A-Z]+)$"]|["%1"]|["%0"]]|/]#
449 > # [? %j ||, Subject: "%j\"]#
450 > # [? %#T ||, Tests: \[[%T|,]\]]#
451 > # , %y ms#
452 > # ]
453 > # [?%#O|#|Blocked #
454 > # [? [:ccat_maj] |OTHER|CLEAN|TEMPFAIL|OVERSIZED|BAD-HEADER|SPAMMY|SPAM|\
455 > # UNCHECKED|BANNED (%F)|INFECTED (%V)]#
456 > # #([:ccat_maj],[:ccat_min])#
457 > # , [? %p ||%p ][?%a||[?%l||LOCAL ]\[%a\] ][?%e||\[%e\] ]%s -> [%O|,]#
458 > # [? %q ||, quarantine: %q]#
459 > # [? %Q ||, Queue-ID: %Q]#
460 > # [? %m ||, Message-ID: %m]#
461 > # [? %r ||, Resent-Message-ID: %r]#
462 > # , mail_id: %i#
463 > # , Hits: %c#
464 > # , size: %z#
465 > # #, smtp_resp: [:smtp_response]#
466 > # [? %j ||, Subject: "%j\"]#
467 > # [? %#T ||, Tests: \[[%T|,]\]]#
468 > # , %y ms#
469 > # ]
470 > # EOD
471 >
472 > #
473 > # Section IV - Notifications/DSN, bounce/reject/discard/pass, quarantine
474 > #
475 >
476 > # Select notifications text encoding when Unicode-aware Perl is converting
477 > # text from internal character representation to external encoding (charset
478 > # in MIME terminology). Used as argument to Perl Encode::encode subroutine.
479 > #
480 > # to be used in RFC 2047-encoded header field bodies, e.g. in Subject:
481 > #$hdr_encoding = 'iso-8859-1'; # MIME charset (default: 'iso-8859-1')
482 > #$hdr_encoding_qb = 'Q'; # MIME encoding: quoted-printable (default)
483 > #$hdr_encoding_qb = 'B'; # MIME encoding: base64
484 > #
485 > # to be used in notification body text: its encoding and
486 > Content-type.charset
487 > #$bdy_encoding = 'iso-8859-1'; # (default: 'iso-8859-1')
488 >
489 > # Default template texts for notifications may be overruled by directly
490 > # assigning new text to template variables, or by reading template text
491 > # from files. A second argument may be specified in a call to read_text(),
492 > # specifying character encoding layer to be used when reading from the
493 > # external file, e.g. 'utf8', 'iso-8859-1', or often just $bdy_encoding.
494 > # Text will be converted to internal character representation by Perl 5.8.0
495 > # or later; second argument is ignored otherwise. See PerlIO::encoding,
496 > # Encode::PerlIO and perluniintro man pages.
497 > #
498 > # $notify_sender_templ = read_text("$MYHOME/notify_sender.txt");
499 > # $notify_virus_sender_templ= read_text("$MYHOME/notify_virus_sender.txt");
500 > # $notify_virus_admin_templ = read_text("$MYHOME/notify_virus_admin.txt");
501 > # $notify_virus_recips_templ= read_text("$MYHOME/notify_virus_recips.txt");
502 > # $notify_spam_sender_templ = read_text("$MYHOME/notify_spam_sender.txt");
503 > # $notify_spam_admin_templ = read_text("$MYHOME/notify_spam_admin.txt");
504 >
505 > # If notification template files are collectively available in some
506 > directory,
507 > # one may call read_l10n_templates which invokes read_text for each known
508 > # template. This is primarily a Debian-specific feature, but was
509 > incorporated
510 > # into base code to facilitate porting.
511 > #
512 > # read_l10n_templates('/etc/amavis/en_US');
513 > #
514 > # If read_l10n_templates is called, a localization template directory must
515 > # contain the following files:
516 > # charset this file should contain a one-line name
517 > # of the character set used in the template
518 > # files (e.g. utf8, iso-8859-2, ...) and is
519 > # passed as the second argument to
520 > read_text;
521 > # template-dsn.txt content fills the $notify_sender_templ
522 > # template-virus-sender.txt content fills the
523 > $notify_virus_sender_templ
524 > # template-virus-admin.txt content fills the
525 > $notify_virus_admin_templ
526 > # template-virus-recipient.txt content fills the
527 > $notify_virus_recips_templ
528 > # template-spam-sender.txt content fills the
529 > $notify_spam_sender_templ
530 > # template-spam-admin.txt content fills the
531 > $notify_spam_admin_templ
532 >
533 > # Here is an overall picture (sequence of events) of how pieces fit
534 > together
535 > #
536 > # bypass_virus_checks set for all recipients? ==> PASS
537 > # no viruses? ==> PASS
538 > # log virus if $log_templ is nonempty
539 > # quarantine if $virus_quarantine_to is nonempty
540 > # notify admin if $virus_admin (lookup) nonempty
541 > # notify recips if $warnvirusrecip and (recipient is local or
542 > $warn_offsite)
543 > # add address extensions for local recipients (when enabled)
544 > # send (non-)delivery notifications
545 > # to sender if DSN needed (BOUNCE or ($warnvirussender and D_PASS))
546 > # virus_lovers or final_destiny==D_PASS ==> PASS
547 > # DISCARD (2xx) or REJECT (5xx) (depending on final_*_destiny)
548 > #
549 > # Equivalent flow diagram applies for spam checks.
550 > # If a virus is detected, spam checking is skipped entirely.
551 >
552 > # The following symbolic constants can be used in *_destiny settings:
553 > #
554 > # D_PASS mail will pass to recipients, regardless of bad contents;
555 > #
556 > # D_DISCARD mail will not be delivered to its recipients, sender will
557 > NOT be
558 > # notified. Effectively we lose mail (but will be quarantined
559 > # unless disabled). Losing mail is not decent for a mailer,
560 > # but might be desired.
561 > #
562 > # D_BOUNCE mail will not be delivered to its recipients, a non-delivery
563 > # notification (bounce) will be sent to the sender by
564 > amavisd-new;
565 > # Exception: bounce (DSN) will not be sent if a virus name
566 > matches
567 > # @viruses_that_fake_sender_maps, or to messages from mailing
568 > lists
569 > # (Precedence: bulk|list|junk), or for spam level that exceeds
570 > # the $sa_dsn_cutoff_level.
571 > #
572 > # D_REJECT mail will not be delivered to its recipients, sender should
573 > # preferably get a reject, e.g. SMTP permanent reject response
574 > # (e.g. with milter), or non-delivery notification from MTA
575 > # (e.g. Postfix). If this is not possible (e.g. different
576 > recipients
577 > # have different tolerances to bad mail contents and not
578 > using LMTP)
579 > # amavisd-new sends a bounce by itself (same as D_BOUNCE).
580 > # Not to be used with Postfix or dual-MTA setups!
581 > #
582 > # Notes:
583 > # D_REJECT and D_BOUNCE are similar, the difference is in who is
584 > responsible
585 > # for informing the sender about non-delivery, and how
586 > informative
587 > # the notification can be (amavisd-new knows more than MTA);
588 > # With D_REJECT, MTA may reject original SMTP, or send DSN (delivery
589 > status
590 > # notification, colloquially called 'bounce') - depending on
591 > MTA;
592 > # Best suited for sendmail milter and Courier, especially for
593 > spam.
594 > # With D_BOUNCE, amavisd-new (not MTA) sends DSN (can better explain the
595 > # reason for mail non-delivery or even suppress DSN, but unable
596 > # to reject the original SMTP session). Best suited to reporting
597 > # viruses, and for Postfix and other dual-MTA setups, which
598 > can't
599 > # reject original client SMTP session, as the mail has already
600 > # been enqueued.
601 >
602 > # Alternatives to consider for spam:
603 > # - use D_PASS if clients will do filtering based on inserted
604 > # mail headers or added address extensions ('plus-addressing')2;
605 > # - use D_DISCARD, if kill_level is set comfortably high;
606 > #
607 > # D_BOUNCE is preferred for viruses, but consider:
608 > # - use D_PASS (or virus_lovers) to deliver viruses;
609 > # - use D_REJECT instead of D_BOUNCE if using Courier or milter and
610 > under heavy
611 > # virus storm;
612 >
613 >
614 > # The use of new *_by_ccat hashes is illustrated by the following examples
615 > # on configuring final_*_destiny.
616 >
617 >
618 > # using traditional settings of $final_*_destiny variables, relying on a
619 > # default setting of an associative array %final_destiny_by_ccat which is
620 > # backwards compatible and contains references to these traditional
621 > variables:
622 > #
623 > #$final_virus_destiny = D_DISCARD; # (defaults to D_DISCARD)
624 > #$final_banned_destiny = D_BOUNCE; # (defaults to D_BOUNCE)
625 > #$final_spam_destiny = D_BOUNCE; # (defaults to D_BOUNCE)
626 > #$final_bad_header_destiny = D_PASS; # (defaults to D_PASS)
627 >
628 > ########
629 > #
630 > # Please think about what you are doing when you set these options.
631 > # If necessary, question your origanization's e-mail policies:
632 > #
633 > # D_BOUNCE contributes to the overall spread of virii and spam on the
634 > # internet. Both the envelope and header from addresses can be forged
635 > # accurately with no effort, causing the bounces to go to innocent parties,
636 > # whose addresses have been forged.
637 > #
638 > # D_DISCARD breaks internet mail specifications. However, with a
639 > # properly implemented Quaratine system, the concern for breaking the
640 > # specification is addressed to some extent.
641 > #
642 > # D_PASS is the safest way to handle e-mails. You must implement
643 > # client-side filtering to handle this method.
644 > #
645 > # -Cory Visi <merlin@g.o> 07/28/04
646 > #
647 > #######
648 >
649 >
650 >
651 > # to explicitly list all (or most) possible contents category (ccat) keys:
652 > %final_destiny_by_ccat = (
653 > CC_VIRUS, D_DISCARD,
654 > CC_BANNED, D_BOUNCE,
655 > CC_UNCHECKED, D_PASS,
656 > CC_SPAM, D_DISCARD,
657 > CC_BADH, D_PASS,
658 > CC_OVERSIZED, D_BOUNCE,
659 > CC_CLEAN, D_PASS,
660 > CC_CATCHALL, D_PASS,
661 > );
662 >
663 > # to rely on a catchall ccat key and only list exceptions (alternative 1):
664 > #%final_destiny_by_ccat = (
665 > # CC_VIRUS, D_DISCARD,
666 > # CC_BANNED, D_BOUNCE,
667 > # CC_SPAM, D_BOUNCE,
668 > # CC_BADH.',4', D_BOUNCE, # BadHdrSpace
669 > # CC_BADH.',3', D_BOUNCE, # BadHdrChar
670 > # CC_OVERSIZED, D_BOUNCE,
671 > # CC_CATCHALL, D_PASS,
672 > #);
673 >
674 > # to rely on a catchall ccat key and list exceptions (alternative 2):
675 > #%final_destiny_by_ccat = (
676 > # CC_VIRUS, D_DISCARD,
677 > # CC_UNCHECKED, D_PASS,
678 > # CC_BADH.',6', D_PASS, # BadHdrSyntax
679 > # CC_BADH.',5', D_PASS, # BadHdrLong
680 > # CC_BADH.',2', D_PASS, # BadHdr8bit
681 > # CC_BADH.',1', D_PASS, # BadHdrMime
682 > # CC_CLEAN, D_PASS,
683 > # CC_CATCHALL, D_BOUNCE,
684 > #);
685 >
686 > # to rely on a catchall ccat key and list exceptions (alternative 3):
687 > #%final_destiny_by_ccat = (
688 > # CC_VIRUS, D_DISCARD,
689 > # CC_UNCHECKED, D_PASS,
690 > # CC_BADH.',4', D_BOUNCE, # BadHdrSpace
691 > # CC_BADH.',3', D_BOUNCE, # BadHdrChar
692 > # CC_BADH, D_PASS, # sub-catchall for CC_BADH
693 > # CC_CLEAN, D_PASS,
694 > # CC_CATCHALL, D_BOUNCE,
695 > #);
696 >
697 > # to rely on a default %final_destiny_by_ccat and only change few settings:
698 > #$final_destiny_by_ccat{CC_SPAM} = D_PASS;
699 > #$final_destiny_by_ccat{CC_BADH} = D_BOUNCE;
700 > #$final_destiny_by_ccat{CC_BADH.',2'} = D_PASS; # BadHdr8bit
701 >
702 >
703 >
704 > # For monitoring / testing purposes let the administrator receive a copy
705 > # of certain delivery status notifications that are mailed back to senders:
706 > #
707 > #%dsn_bcc_by_ccat = (
708 > # CC_BANNED, undef,
709 > # CC_SPAM, undef,
710 > # CC_BADH, undef,
711 > # CC_CATCHALL, 'admin+test@×××××××.com',
712 > #);
713 > #
714 > # or use a simpler form, taking advantage of defaults in %dsn_bcc_by_ccat:
715 > #$dsn_bcc = 'admin+test@×××××××.com';
716 >
717 >
718 > # The following $warn*sender settings are ONLY used when mail is
719 > # actually passed to recipients ($final_*_destiny=D_PASS, or *_lovers*).
720 > # Bounces or rejects produce non-delivery status notification regardless.
721 > #
722 > # Notify sender of banned files?
723 > #$warnbannedsender = 1; # (defaults to false (undef))
724 > #
725 > # Notify sender of syntactically invalid header containing non-ASCII chars?
726 > #$warnbadhsender = 1; # (defaults to false (undef))
727 >
728 > # Notify virus (or banned files or bad headers) RECIPIENT?
729 > # (not very useful, but some policies demand it)
730 > #$warnvirusrecip = 1; # (defaults to false (undef))
731 > #$warnbannedrecip = 1; # (defaults to false (undef))
732 > #$warnbadhrecip = 1; # (defaults to false (undef))
733 >
734 > # Notify also non-local virus/banned recipients if $warn*recip is true?
735 > # (including those not matching local_domains*)
736 > #$warn_offsite = 1; # (defaults to false (undef), i.e. only notify
737 > locals)
738 >
739 >
740 > # Treat envelope sender address as unreliable and don't send sender
741 > # notification / bounces if name(s) of detected virus(es) match the list.
742 > # Note that virus names are supplied by external virus scanner(s) and are
743 > # not standardized, so virus names may need to be adjusted.
744 > # See README.lookups for syntax, check also README.policy-on-notifications.
745 > # If the intention is to treat all viruses as faking the sender address, it
746 > # is equivalent but more efficient to just set
747 > $final_virus_destiny=D_DISCARD;
748 > #
749 > @viruses_that_fake_sender_maps = (new_RE(
750 > qr'nimda|hybris|klez|bugbear|yaha|braid|sobig|fizzer|palyh|peido|holar'i,
751 > qr'tanatos|lentin|bridex|mimail|trojan\.dropper|dumaru|parite|spaces'i,
752 > qr'dloader|galil|gibe|swen|netwatch|bics|sbrowse|sober|rox|val(hal)?la'i,
753 >
754 > qr'frethem|sircam|be?agle|tanx|mydoom|novarg|shimg|netsky|somefool|moodown'i,
755 >
756 > qr'@mm|@MM', # mass mailing viruses as labeled by f-prot and uvscan
757 > qr'Worm'i, # worms as labeled by ClamAV, Kaspersky, etc
758 > # [qr'^(EICAR|Joke\.|Junk\.)'i => 0],
759 > # [qr'^(WM97|OF97|W95/CIH-|JS/Fort)'i => 0],
760 > [qr/^/ => 1], # true by default (remove or comment-out if undesired)
761 > ));
762 >
763 > # where to send ADMIN VIRUS NOTIFICATIONS (should be a fully qualified
764 > address)
765 > # - the administrator envelope address may be a simple fixed e-mail address
766 > # (a scalar), or may depend on the RECIPIENT address (e.g. its domain).
767 > #
768 > # Empty or undef lookup disables virus admin notifications.
769 >
770 > # The full set of configurable administrator addresses is:
771 > # @virus_admin_maps ... notifications to admin about viruses
772 > # @newvirus_admin_maps ... newly encountered viruses since amavisd
773 > startup
774 > # @spam_admin_maps ... notifications to admin about spam
775 > # @banned_admin_maps ... notifications to admin about banned contents
776 > # @bad_header_admin_maps ... notifications to admin about bad headers
777 >
778 > $virus_admin = "virusalert\@$mydomain";
779 > # $virus_admin = 'virus-admin@×××××××.com';
780 > # $virus_admin = undef; # do not send virus admin notifications (default)
781 > #
782 > #@virus_admin_maps = ( # by-recipient maps
783 > # {'not.example.com' => '',
784 > # '.' => 'virusalert@×××××××.com'},
785 > # $virus_admin, # the usual default
786 > #);
787 >
788 > # equivalent to $virus_admin, but for spam admin notifications:
789 > # $spam_admin = "spamalert\@$mydomain";
790 > # $spam_admin = undef; # do not send spam admin notifications (default)
791 > #@spam_admin_maps = ( # by-recipient maps
792 > # {'not.example.com' => '',
793 > # '.' => 'spamalert@×××××××.com'},
794 > # $spam_admin, # the usual default
795 > #);
796 >
797 > # receive a copy of all delivery status notifications sent;
798 > # useful for testing or monitoring
799 > #$dsn_bcc = "mailadmin\@$mydomain";
800 >
801 > #advanced example, using a hash lookup table and a scalar default,
802 > #lookup key is a recipient envelope address:
803 > #@virus_admin_maps = ( # by-recipient maps
804 > # { 'baduser@××××××××××××.com' => 'HisBoss@××××××××××××.com',
805 > # '.sub1.example.com' => 'virusalert@××××××××××××.com',
806 > # '.sub2.example.com' => '', # don't send admin
807 > notifications
808 > # 'a.sub3.example.com' => 'abuse@××××××××××××.com',
809 > # '.sub3.example.com' => 'virusalert@××××××××××××.com',
810 > # '.example.com' => 'noc@×××××××.com', # default for our virus
811 > senders
812 > # },
813 > # 'virusalert@××××××××××.com', # catchall for the rest
814 > #);
815 >
816 > # sender envelope address, from which notification reports are sent from;
817 > # may be a null reverse path, or a fully qualified address:
818 > # (admin and recip sender addresses default to a null return path).
819 > # If using strings in double quotes, don't forget to quote @, i.e. \@
820 > #
821 > $mailfrom_notify_admin = "virusalert\@$mydomain";
822 > $mailfrom_notify_recip = "virusalert\@$mydomain";
823 > $mailfrom_notify_spamadmin = "spam.police\@$mydomain";
824 >
825 > # 'From' HEADER FIELD for sender and admin notifications.
826 > # This should be a replyable address, see rfc1894. Not to be confused
827 > # with $mailfrom_notify_sender, which is the envelope return address
828 > # and can be empty (null reverse path) according to rfc2821.
829 > #
830 > # The syntax of the 'From' header field is specified in rfc2822, section
831 > # '3.4. Address Specification'. Note in particular that display-name
832 > must be
833 > # a quoted-string if it contains any special characters like spaces and
834 > dots.
835 > #
836 > # $hdrfrom_notify_sender = "amavisd-new <postmaster\@$mydomain>";
837 > # $hdrfrom_notify_sender = 'amavisd-new <postmaster@×××××××.com>';
838 > # $hdrfrom_notify_sender = '"Content-Filter Master"
839 > <postmaster@×××××××.com>';
840 > # $hdrfrom_notify_admin = $mailfrom_notify_admin;
841 > # $hdrfrom_notify_spamadmin = $mailfrom_notify_spamadmin;
842 > # (default: "\"Content-filter at $myhostname\"
843 > <postmaster\@$myhostname>")
844 >
845 > # whom quarantined messages appear to be sent from (envelope sender);
846 > # keeps original sender if undef, or set it explicitly, default is undef
847 > $mailfrom_to_quarantine = ''; # override sender address with null
848 > return path
849 >
850 >
851 > # Location to put infected mail into: (applies to 'local:' quarantine
852 > method)
853 > # empty for not quarantining, may be a file (Unix-style mailbox),
854 > # or a directory (no trailing slash)
855 > # (the default value is undef, meaning no quarantine)
856 > #
857 > $QUARANTINEDIR = "$MYHOME/quarantine";
858 >
859 > #$quarantine_subdir_levels = 1; # add level of subdirs to disperse
860 > quarantine
861 >
862 > #$clean_quarantine_method = 'local:clean-%m'; # disabled by
863 > default
864 > #$virus_quarantine_method = 'local:virus-%m'; # default
865 > #$spam_quarantine_method = 'local:spam-%m.gz'; # default
866 > #$banned_files_quarantine_method = 'local:banned-%m'; # default
867 > #$bad_header_quarantine_method = 'local:badh-%m'; # default
868 >
869 > # Separate quarantine subdirectories virus, spam, banned and badh within
870 > # the directory $QUARANTINEDIR may be specified by the following settings
871 > # (the subdirectories need to exist - must be created manually):
872 > #$clean_quarantine_method = 'local:clean/%m';
873 > #$virus_quarantine_method = 'local:virus/%m';
874 > #$spam_quarantine_method = 'local:spam/%m.gz';
875 > #$banned_files_quarantine_method = 'local:banned/%m';
876 > #$bad_header_quarantine_method = 'local:badh/%m';
877 > #
878 > #use the 'bsmtp:' method as an alternative to the default 'local:'
879 > #$virus_quarantine_method = "bsmtp:$QUARANTINEDIR/virus-%m.bsmtp";
880 > #$spam_quarantine_method = "bsmtp:$QUARANTINEDIR/spam-%m.bsmtp";
881 > #
882 > #using the 'pipe:' method might be useful for some special purpose:
883 > #$mailfrom_to_quarantine = undef; # pass on the original sender address
884 > #$spam_quarantine_method = 'pipe:argv=/usr/bin/myscript.sh spam-%b
885 > ${sender}';
886 > #
887 > #using the 'sql:' method to store quarantined message to a SQL database:
888 > #$virus_quarantine_method = $spam_quarantine_method =
889 > # $banned_files_quarantine_method = $bad_header_quarantine_method =
890 > 'sql:';
891 >
892 >
893 > # When using the 'local:' quarantine method (default), the following
894 > applies:
895 > #
896 > # A finer control of quarantining is available through
897 > # variables $virus_quarantine_method/$spam_quarantine_method/
898 > # $banned_files_quarantine_method/$bad_header_quarantine_method.
899 > #
900 > # The value of scalar $virus_quarantine_to/$spam_quarantine_to (or a
901 > # per-recipient lookup result from lookup tables @virus_quarantine_to_maps)
902 > # is/are interpreted as follows:
903 > #
904 > # VARIANT 1:
905 > # empty or undef disables quarantine;
906 > #
907 > # VARIANT 2:
908 > # a string NOT containing an '@';
909 > # amavisd will behave as a local delivery agent (LDA) and will quarantine
910 > # viruses to local files according to hash %local_delivery_aliases (pseudo
911 > # aliases map) - see subroutine mail_to_local_mailbox() for details.
912 > # Some of the predefined aliases are 'virus-quarantine' and
913 > 'spam-quarantine'.
914 > # Setting $virus_quarantine_to ($spam_quarantine_to) to this string will:
915 > #
916 > # * if $QUARANTINEDIR is a directory, each quarantined virus will go
917 > # to a separate file in the $QUARANTINEDIR directory (traditional
918 > # amavis style, similar to maildir mailbox format);
919 > #
920 > # * otherwise $QUARANTINEDIR is treated as a file name of a Unix-style
921 > # mailbox. All quarantined messages will be appended to this file.
922 > # Amavisd child process must obtain an exclusive lock on the file during
923 > # delivery, so this may be less efficient than using individual files
924 > # or forwarding to MTA, and it may not work across NFS or other non-local
925 > # file systems (but may be handy for pickup of quarantined files via IMAP
926 > # for example);
927 > #
928 > # VARIANT 3:
929 > # any email address (must contain '@').
930 > # The e-mail messages to be quarantined will be handed to MTA
931 > # for delivery to the specified address. If a recipient address local to
932 > MTA
933 > # is desired, you may leave the domain part empty, e.g. 'infected@', but
934 > the
935 > # '@' character must nevertheless be included to distinguish it from
936 > variant 2.
937 > #
938 > # This variant enables more refined delivery control made available by MTA
939 > # (e.g. its aliases file, other local delivery agents, dealing with
940 > # privileges and file locking when delivering to user's mailbox, nonlocal
941 > # delivery and forwarding, fan-out lists). Make sure the
942 > mail-to-be-quarantined
943 > # will not be handed back to amavisd for checking, as this will cause a
944 > loop
945 > # (hopefully broken at some stage)! If this can be assured, notifications
946 > # will benefit too from not being unnecessarily virus-scanned.
947 > #
948 > # By default this is safe to do with Postfix and Exim v4 and dual-sendmail
949 > # setup, but probably not safe with sendmail milter interface without
950 > tricks.
951 >
952 > # (default values are: virus-quarantine, banned-quarantine,
953 > spam-quarantine)
954 >
955 > $virus_quarantine_to = 'virus-quarantine'; # traditional local
956 > quarantine
957 > #$virus_quarantine_to = 'infected@'; # forward to MTA for
958 > delivery
959 > #$virus_quarantine_to = "virus-quarantine\@$mydomain"; # similar
960 > #$virus_quarantine_to = 'virus-quarantine@×××××××.com'; # similar
961 > #$virus_quarantine_to = undef; # no quarantine
962 > #
963 > # lookup key is envelope recipient address:
964 > #@virus_quarantine_to_maps = ( # per-recip multiple quarantines
965 > # new_RE( [qr'^user@example\.com$'i => 'infected@'],
966 > # [qr'^(.*)@example\.com$'i => 'virus-${1}@example.com'],
967 > # [qr'^(.*)(@[^@])?$'i => 'virus-${1}${2}'] ),
968 > # $virus_quarantine_to, # the usual default
969 > #);
970 >
971 > # similar for banned names and bad headers and spam (set to undef to
972 > disable)
973 > $banned_quarantine_to = 'banned-quarantine'; # local quarantine
974 > $bad_header_quarantine_to = 'bad-header-quarantine'; # local quarantine
975 > $spam_quarantine_to = 'spam-quarantine'; # local quarantine
976 >
977 > # or to a mailbox:
978 > #$spam_quarantine_to = "spam-quarantine\@$mydomain";
979 > #
980 > #@spam_quarantine_to_maps = ( # per-recip multiple quarantines
981 > # new_RE( [qr'^(.*)@example\.com$'i => 'spam-${1}@example.com'] ),
982 > # $spam_quarantine_to, # the usual default
983 > #);
984 >
985 >
986 > # In addition to per-recip quarantine, a by-sender lookup is possible.
987 > # It is similar to $spam_quarantine_to, but the lookup key is the
988 > # envelope sender address:
989 > #$spam_quarantine_bysender_to = undef; # dflt: no by-sender spam
990 > quarantine
991 >
992 >
993 > # Spam level beyond which quarantining is disabled (global value):
994 > #$sa_quarantine_cutoff_level = 20; # dflt: undef, which disables this
995 > feature
996 >
997 > #@spam_quarantine_cutoff_level_maps = ( # per-recip. quarantine cutoff
998 > levels
999 > # { 'user1@×××××××.com' => 20.5,
1000 > # 'postmaster@×××××××.com' => 9999,
1001 > # '.example.com' => 25 },
1002 > # \$sa_quarantine_cutoff_level, # catchall default
1003 > #);
1004 >
1005 >
1006 > # Add X-Virus-Scanned header field to mail?
1007 > $X_HEADER_TAG = 'X-Virus-Scanned'; # (default: 'X-Virus-Scanned')
1008 >
1009 > # Set to empty to add no header field # (dflt "$myproduct_name at
1010 > $mydomain")
1011 > # $X_HEADER_LINE = "$myproduct_name at $mydomain";
1012 > # $X_HEADER_LINE = "by $myproduct_name using ClamAV at $mydomain";
1013 > # $X_HEADER_LINE = "$myproduct_name $myversion_id ($myversion_date) at
1014 > $mydomain";
1015 >
1016 > # a string to prepend to Subject (for local recipients only) if mail could
1017 > # not be decoded or checked entirely, e.g. due to password-protected
1018 > archives
1019 > $undecipherable_subject_tag = '***UNCHECKED*** '; # undef disables it
1020 >
1021 > # MIME defanging wraps the entire original mail in a MIME container of type
1022 > # 'Content-type: multipart/mixed', where the first part is a text/plain
1023 > with
1024 > # a short explanation, and the second part is a complete original mail,
1025 > # enclosed in a 'Content-type: message/rfc822' MIME part.
1026 > # Defanging is only done when enabled (selectively by malware type),
1027 > # and mail is considered malware (virus/spam/...), and the malware is
1028 > allowed
1029 > # to pass (*_lovers or *_destiny=D_PASS)
1030 > #
1031 > $defang_virus = 1; # default is false: don't modify mail body
1032 > $defang_banned = 1; # default is false: don't modify mail body
1033 > # $defang_bad_header = 1; # default is false: don't modify mail body
1034 > # $defang_undecipherable = 1; # default is false: don't modify mail body
1035 > # $defang_spam = 1; # default is false: don't modify mail body
1036 >
1037 > $remove_existing_x_scanned_headers = 0; # leave existing X-Virus-Scanned
1038 > alone
1039 > #$remove_existing_x_scanned_headers= 1; # remove existing headers
1040 > # (defaults to false)
1041 > #$remove_existing_spam_headers = 0; # leave existing X-Spam* headers
1042 > alone
1043 > $remove_existing_spam_headers = 1; # remove existing spam headers if
1044 > # spam scanning is enabled (default)
1045 >
1046 > # set $bypass_decode_parts to true if you only do spam scanning, or if you
1047 > # have a good virus scanner that can deal with compression and recursively
1048 > # unpacking archives by itself, and save amavisd the trouble.
1049 > # Disabling decoding also causes banned_files checking to only see
1050 > # MIME names and MIME content types, not the content classification types
1051 > # as provided by the file(1) utility.
1052 > # It is a double-edged sword, make sure you know what you are doing!
1053 > #
1054 > #$bypass_decode_parts = 1; # (defaults to false)
1055 >
1056 > # don't trust this file type or corresponding unpacker for this file type,
1057 > # keep both the original and the unpacked file for a virus checker to see
1058 > # (lookup key is what file(1) utility returned):
1059 > #
1060 > @keep_decoded_original_maps = (new_RE(
1061 > # qr'^MAIL$', # retain full original message for virus checking (can
1062 > be slow)
1063 > qr'^MAIL-UNDECIPHERABLE$', # retain full mail if it contains
1064 > undecipherables
1065 > qr'^(ASCII(?! cpio)|text|uuencoded|xxencoded|binhex)'i,
1066 > # qr'^Zip archive data', # don't trust Archive::Zip
1067 > ));
1068 >
1069 >
1070 > # Checking for banned MIME types and names. If any mail part matches,
1071 > # the whole mail is rejected. Object $banned_filename_re provides a list
1072 > # of Perl regular expressions to be matched against each part's:
1073 > #
1074 > # * Content-Type value (both declared and effective mime-type),
1075 > # such as the possible security-risk content types
1076 > # 'message/partial' and 'message/external-body', as specified in rfc2046
1077 > # or 'application/x-msdownload' and 'application/x-msdos-program';
1078 > #
1079 > # * declared (recommended) file names as specified by MIME subfields
1080 > # Content-Disposition.filename and Content-Type.name, both in their
1081 > # raw (encoded) form and in rfc2047-decoded form if applicable
1082 > # as well as (recommended) file names specified in archives;
1083 > #
1084 > # * file content type as guessed by 'file(1)' utility, mapped
1085 > # (by @map_full_type_to_short_type_maps) into short type names such as
1086 > # .asc, .txt, .html, .doc, .jpg, .pdf, .zip, .exe-ms, ..., which always
1087 > # starts with a dot. These short types are available unless
1088 > # $bypass_decode_parts is true.
1089 > #
1090 > # All nodes (mail parts) of the fully recursively decoded mail and embedded
1091 > # archives are checked, each node independently from remaining nodes.
1092 > #
1093 > # For each node all its ancestor nodes including itself are checked against
1094 > # $banned_filename_re lookup list, top-down. The search for a node stops
1095 > # at the first match, the right-hand side of the matching key determines
1096 > # the result (true or false, absent right-hand side implies true, as
1097 > explained
1098 > # in README.lookups).
1099 > #
1100 > # Although repeatedly re-checking ancestor nodes may seem excessive, it
1101 > gives
1102 > # the opportunity to specify rules which make a particular node hide its
1103 > # descendents, e.g. allow any name or file type within a .zip, even though
1104 > # .exe files may otherwise not be allowed.
1105 > #
1106 > # Leave $banned_filename_re undefined to disable these checks
1107 > # (giving an empty list to new_RE() will also always return false)
1108 >
1109 > $banned_filename_re = new_RE(
1110 > # qr'^UNDECIPHERABLE$', # is or contains any undecipherable components
1111 >
1112 > # block certain double extensions anywhere in the base name
1113 > qr'\.[^./]*[A-Za-z][^./]*\.(exe|vbs|pif|scr|bat|cmd|com|cpl|dll)\.?$'i,
1114 >
1115 > # qr'\{[0-9a-z]{4,}(-[0-9a-z]{4,}){0,7}\}?'i, # Class ID extensions -
1116 > CLSID
1117 >
1118 > qr'^application/x-msdownload$'i, # block these MIME
1119 > types
1120 > qr'^application/x-msdos-program$'i,
1121 > qr'^application/hta$'i,
1122 >
1123 > # qr'^(application/x-msmetafile|image/x-wmf)$'i, # Windows Metafile MIME
1124 > # qr'^\.wmf$', # Windows Metafile file(1) type
1125 >
1126 > # qr'^message/partial$'i, # rfc2046 MIME type
1127 >
1128 > # qr'^message/external-body$'i, # rfc2046 MIME type
1129 > # (btw, note that allowing 'message/external-body' is probably no worse
1130 > # than allowing mail with HTML and/or allowing a user to browse the web)
1131 >
1132 > # [ qr'^\.(Z|gz|bz2)$' => 0 ], # allow any in Unix-compressed
1133 > [ qr'^\.(rpm|cpio|tar)$' => 0 ], # allow any in Unix-type archives
1134 > # [ qr'^\.(zip|rar|arc|arj|zoo)$'=> 0 ], # allow any within such archives
1135 >
1136 > qr'.\.(exe|vbs|pif|scr|bat|cmd|com|cpl)$'i, # banned extension - basic
1137 > # qr'.\.(ade|adp|app|bas|bat|chm|cmd|com|cpl|crt|emf|exe|fxp|grp|hlp|hta|
1138 > # inf|ins|isp|js|jse|lnk|mda|mdb|mde|mdw|mdt|mdz|msc|msi|msp|mst|
1139 > # ops|pcd|pif|prg|reg|scr|sct|shb|shs|vb|vbe|vbs|
1140 > # wmf|wsc|wsf|wsh)$'ix, # banned ext - long
1141 >
1142 > # qr'.\.(mim|b64|bhx|hqx|xxe|uu|uue)$'i, # banned extension - WinZip
1143 > vulnerab.
1144 >
1145 > qr'^\.(exe-ms)$', # banned file(1) types
1146 > # qr'^\.(exe|lha|tnef|cab|dll)$', # banned file(1) types
1147 > );
1148 > # See http://support.microsoft.com/default.aspx?scid=kb;EN-US;q262631
1149 > # and http://www.cknow.com/vtutor/vtextensions.htm
1150 >
1151 > # A little trick: a pattern qr'\.exe$' matches both a short type name
1152 > '.exe',
1153 > # as well as any file name which happens to end with .exe. If only matching
1154 > # a file name is desired, but not the short type, a pattern qr'.\.exe$'i
1155 > # or similar may be used, which requires that at least one character
1156 > precedes
1157 > # the '.exe', and so it will never match short file types which always
1158 > start
1159 > # with a dot.
1160 >
1161 >
1162 > # the syntax of these Perl regular expressions is a bit awkward if not
1163 > # familiar with them, so please do follow examples and stick to the idioms:
1164 > # \A ... at the beginning of the first component
1165 > # \z ... at the end of the the last (leaf) component
1166 > # ^ ... at the beginning of each component in the path
1167 > # $ ... at the end of each component in the path
1168 > # (.*\t)? ... at the beginning of a field
1169 > # (\t.*)? ... at the end of a field
1170 > # \t(.*\t)* ... separating fields
1171 > # [^\t\n] ... any single character, but don't escape from this field
1172 > # (.*\n)+ ... one or more levels down
1173 > # (?#...) ... a comment within a regexp
1174 >
1175 > # new-style of banned lookup table
1176 > $banned_namepath_re = new_RE(
1177 >
1178 > # block these MIME types
1179 > qr'(?#NO X-MSDOWNLOAD) ^(.*\t)? M=application/x-msdownload (\t.*)?
1180 > $'xmi,
1181 > qr'(?#NO X-MSDOS-PROGRAM)^(.*\t)? M=application/x-msdos-program(\t.*)?
1182 > $'xmi,
1183 > qr'(?#NO HTA) ^(.*\t)? M=application/hta (\t.*)? $'xmi,
1184 >
1185 > # # block rfc2046 MIME types
1186 > # qr'(?# BLOCK RFC2046 ) ^ (.*\t)? M=message/partial (\t.*)? $'xmi,
1187 > # qr'(?# BLOCK RFC2046 ) ^ (.*\t)? M=message/external-body (\t.*)? $'xmi,
1188 >
1189 > # qr'(?#No Metafile MIME) ^(.*\t)? M=application/x-msmetafile (\t.*)?
1190 > $'xmi,
1191 > # qr'(?#No Metafile MIME) ^(.*\t)? M=image/x-wmf (\t.*)?
1192 > $'xmi,
1193 > # qr'(?#No Metafile file) ^(.*\t)? T=wmf (\t.*)? $'xm,
1194 >
1195 > # # within traditional Unix compressions allow any name and type
1196 > # [ qr'(?#rule-3) ^ (.*\t)? T=(Z|gz|bz2) (\t.*)? $'xmi => 0 ], # allow
1197 >
1198 > # within traditional Unix archives allow any name and type
1199 > [ qr'(?#rule-4) ^ (.*\t)? T=(tar|rpm|cpio) (\t.*)? $'xmi => 0 ], # allow
1200 >
1201 > # # block anything within a zip
1202 > # qr'(?#rule-5) ^ (.*\t)? T=zip (\t.*)? (.*\n)+ .* $'xmi,
1203 >
1204 > # block certain double extensions in filenames
1205 > qr'(?# BLOCK DOUBLE-EXTENSIONS )
1206 > ^ (.*\t)? N= [^\t\n]* \. [^./\t\n]* [A-Za-z] [^./\t\n]* \.
1207 > (exe|vbs|pif|scr|bat|cmd|com|cpl|dll) \.? (\t.*)? $'xmi,
1208 >
1209 > # # block Class ID (CLSID) extensions in filenames
1210 > # qr'(?# BLOCK CLSID-EXTENSIONS )
1211 > # ^ (.*\t)? N= [^\t\n]* \{[0-9a-z]{4,}(-[0-9a-z]{4,}){0,7}\}?
1212 > [^\t\n]* (\t.*)? $'xmi,
1213 >
1214 > # # banned declared names with three or more consecutive spaces
1215 > # qr'(?# BLOCK NAMES WITH SPACES )
1216 > # ^ (.*\t)? N= [^\t\n]* [ ]{3,} 'xmi,
1217 >
1218 > # # within PC archives allow any types or names at any depth
1219 > # [ qr'(?#rule-7) ^ (.*\t)? T=(zip|rar|arc|arj|zoo) (\t.*)? $'xmi => 0
1220 > ], # ok
1221 >
1222 > # # within certain archives allow leaf members at any depth if crypted
1223 > # [ qr'(?# ALLOW ENCRYPTED )
1224 > # ^ (.*\t)? T=(zip|rar|arj) (.*\n)+ (.*\t)? A=C (\t.*)? \z'xmi => 0 ],
1225 >
1226 > # # allow crypted leaf members regardless of their name or type
1227 > # [ qr'(?# ALLOW IF ENCRYPTED ) ^ (.*\t)? A=C (\t.*)? \z'xmi => 0 ],
1228 >
1229 > # # block if any component can not be decoded (is encrypted or bad archive)
1230 > # qr'(?# BLOCK IF UNDECIPHERABLE ) ^ (.*\t)? A=U (\t.*)? \z'xmi,
1231 >
1232 > # [ qr'(?# SPECIAL ALLOWANCES - MAGIC NAMES)
1233 > # \A (.*\t)? T=(rpm|cpio|tar|zip|rar|arc|arj|zoo|Z|gz|bz2)
1234 > # \t(.*\t)* N=example\d+[^\t\n]*
1235 > # (\t.*)? $'xmi => 0 ],
1236 >
1237 > # banned filename extensions (in declared names) anywhere - basic
1238 > qr'(?# BLOCK COMMON NAME EXENSIONS )
1239 > ^ (.*\t)? N= [^\t\n]* \. (exe|vbs|pif|scr|bat|com|cpl) (\t.*)? $'xmi,
1240 >
1241 > # # banned filename extensions (in declared names) anywhere - long
1242 > # qr'(?# BLOCK MORE NAME EXTENSIONS )
1243 > # ^ (.*\t)? N= [^\t\n]* \. (
1244 > # ade|adp|app|bas|bat|chm|cmd|com|cpl|crt|emf|exe|fxp|grp|hlp|hta|
1245 > # inf|ins|isp|js|jse|lnk|mda|mdb|mde|mdw|mdt|mdz|msc|msi|msp|mst|
1246 > # ops|pcd|pif|prg|reg|scr|sct|shb|shs|vb|vbe|vbs|
1247 > # wmf|wsc|wsf|wsh) (\t.*)? $'xmi,
1248 >
1249 > # # banned filename extensions anywhere - WinZip vulnerability (pre-V9)
1250 > # qr'(?# BLOCK WinZip VULNERABILITY EXENSIONS )
1251 > # ^ (.*\t)? N= [^\t\n]* \. (mim|b64|bhx|hqx|xxe|uu|uue) (\t.*)? $'xmi,
1252 >
1253 > [ qr'(?# BLOCK EMPTY MIME PART APPLICATION/OCTET-STREAM )
1254 > ^ (.*\t)? M=application/octet-stream \t(.*\t)* T=empty (\t.*)? $'xmi
1255 > => 'DISCARD' ],
1256 >
1257 > # [ qr'(?# BLOCK EMPTY MIME PARTS )
1258 > # ^ (.*\t)? M= [^\t\n]+ \t(.*\t)* T=empty (\t.*)? $'xmi =>
1259 > 'DISCARD' ],
1260 >
1261 > qr'(?# BLOCK Microsoft EXECUTABLES )
1262 > ^ (.*\t)? T=exe-ms (\t.*)? $'xm, # banned file(1) type
1263 >
1264 > # qr'(?# BLOCK ANY EXECUTABLE )
1265 > # ^ (.*\t)? T=exe (\t.*)? $'xm, # banned file(1) type
1266 >
1267 > # qr'(?# BLOCK THESE TYPES )
1268 > # ^ (.*\t)? T=(exe|lha|tnef|cab|dll) (\t.*)? $'xm, # banned file(1)
1269 > types
1270 >
1271 > );
1272 >
1273 > # use old or new style of banned lookup table; not both to avoid confusion
1274 > #
1275 > # @banned_filename_maps = (); # to disable old-style
1276 > $banned_namepath_re = undef; # to disable new-style
1277 >
1278 >
1279 > %banned_rules = (
1280 > 'MYNETS-DEFAULT' => new_RE( # permissive set of rules for internal
1281 > hosts
1282 > [ qr'^\.(rpm|cpio|tar)$' => 0 ], # allow any name/type in Unix
1283 > archives
1284 > qr'.\.(vbs|pif|scr)$'i, # banned extension - rudimentary
1285 > ),
1286 > 'DEFAULT' => $banned_filename_re,
1287 > );
1288 >
1289 >
1290 > #
1291 > # Section V - Per-recipient and per-sender handling, whitelisting, etc.
1292 > #
1293 >
1294 > # @virus_lovers_maps list of lookup tables:
1295 > # (this should be considered a policy option, is does not disable checks,
1296 > # see bypass*checks for that!)
1297 > #
1298 > # Exclude certain RECIPIENTS from virus filtering by adding their
1299 > (lower-cased)
1300 > # envelope e-mail address (or domain only) to one of the lookup tables in
1301 > # the @virus_lovers_maps list - see README.lookups and examples.
1302 > # Make sure the appropriate form (e.g. external/internal) of address
1303 > # is used in case of virtual domains, or when mapping external to internal
1304 > # addresses, etc. - this is MTA-specific.
1305 > #
1306 > # Notifications would still be generated however (see the overall
1307 > # picture above), and infected mail (if passed) gets additional header:
1308 > # X-AMaViS-Alert: INFECTED, message contains virus: ...
1309 > # (header not inserted with Courier or milter interface!)
1310 > #
1311 > # Setting $final_*_destiny=D_PASS is functionally equivalent to having
1312 > # all recipients match the @*_lovers_maps.
1313 > #
1314 > # NOTE (milter interface only): in case of multiple recipients,
1315 > # it is only possible to drop or accept the message in its entirety -
1316 > for all
1317 > # recipients. If all of them are virus lovers, we'll accept mail, but if
1318 > # at least one recipient is not a virus lover, we'll discard the message.
1319 >
1320 >
1321 > # @bypass_virus_checks_maps list of lookup tables:
1322 > # (this is mainly a time-saving option, unlike virus_lovers* !)
1323 > #
1324 > # Similar in concept to @virus_lovers_maps, a @bypass_virus_checks_maps
1325 > # is used to skip entirely the decoding, unpacking and virus checking,
1326 > # but only if ALL recipients match the lookup.
1327 > #
1328 > # @bypass_virus_checks_maps does NOT GUARANTEE the message will NOT be
1329 > checked
1330 > # for viruses - this may still happen when there is more than one recipient
1331 > # for a message and not all of them match these lookup tables, or when
1332 > # check result was cached (i.e. the same contents was recently sent to
1333 > other
1334 > # recipients). To guarantee virus delivery, a recipient must also match
1335 > # @virus_lovers_maps lookups (but see milter limitations above),
1336 > #
1337 > # The following table summarizes the possible combinations:
1338 > # bypass lover
1339 > # 0 0 useful, check for malware and block it
1340 > # 0 1 useful, check but deliver nevertheless, possibly tagged
1341 > # 1 0 not too useful, free riding on cached or other-people's
1342 > checks
1343 > # 1 1 useful, no checks if possible, and no effects
1344 >
1345 > # NOTE: it would not be clever to base enabling of virus checks on SENDER
1346 > # address, since there are no guarantees that it is genuine. Many viruses
1347 > # and spam messages fake sender address. To achieve selective filtering
1348 > # based on the source of the mail (e.g. IP address, MTA port number, ...),
1349 > # use mechanisms provided by MTA if available, possibly combined with
1350 > policy
1351 > # banks feature.
1352 >
1353 > # Similar to lists of lookup tables controlling virus checking, there are
1354 > # counterparts for spam scanning, banned names/types, and headers_checks
1355 > # control:
1356 > # @spam_lovers_maps,
1357 > # @banned_files_lovers_maps,
1358 > # @bad_header_lovers_maps
1359 > # and:
1360 > # @bypass_spam_checks_maps,
1361 > # @bypass_banned_checks_maps,
1362 > # @bypass_header_checks_maps
1363 >
1364 > # Example:
1365 > # @bypass_header_checks_maps = ( [qw( user@×××××××.com )] );
1366 > # @bad_header_lovers_maps = ( [qw( user@×××××××.com )] );
1367 >
1368 > # The following example disables spam checking altogether,
1369 > # since it matches any recipient e-mail address.
1370 > # @bypass_spam_checks_maps = (1);
1371 >
1372 >
1373 > # See README.lookups for further detail, and examples below.
1374 >
1375 > # In the following example a list of lookup tables @virus_lovers_maps
1376 > # contains three elements, the first is a reference to an ACL lookup table
1377 > # (brackets in Perl indicate a ref to a list), the second is a reference
1378 > # to a hash lookup table (curly braces in Perl indicate a ref to a hash),
1379 > # the third is a regexp lookup table, indicated by the type of object
1380 > # created by new_RE() :
1381 > #
1382 > #@virus_lovers_maps = (
1383 > # [ qw( me@×××××××.com !lab.xxx.com .xxx.com yyy.org ) ],
1384 > # { "postmaster\@$mydomain" => 1, # double quotes permit variable
1385 > evaluation
1386 > # 'postmaster@×××××××.com'=> 1, # in single quotes the '@' need not be
1387 > quoted
1388 > # 'abuse@×××××××.com'=> 1,
1389 > # 'some.user@' => 1, # this recipient, regardless of domain
1390 > # 'boss@×××××××.com' => 0, # never, even if domain matches
1391 > # 'example.com' => 1, # this domain, but not its subdomains
1392 > # '.example.com' => 1, # this domain, including its subdomains
1393 > # },
1394 > # new_RE( qr'^(helpdesk|postmaster)@example\.com$'i ),
1395 > #);
1396 >
1397 > #@spam_lovers_maps = (
1398 > # ["postmaster\@$mydomain", 'postmaster@×××××××.com', 'abuse@×××××××.com'],
1399 > #);
1400 >
1401 > #@bad_header_lovers_maps = (
1402 > # ["postmaster\@", "abuse\@$mydomain"],
1403 > #);
1404 >
1405 >
1406 > # as an alternative to fiddling with @_lovers_maps and similar _maps, here
1407 > # is an illustration of using a more general *_by_ccat associative array,
1408 > # introduced with 2.4.0, like %lovers_maps_by_ccat in this example:
1409 > #
1410 > #$lovers_maps_by_ccat{CC_SPAM} = [
1411 > # read_hash("$MYHOME/etc/spam_lovers.txt"),
1412 > # [qw(postmaster@×××××××.com abuse@×××××××.com)],
1413 > #];
1414 > #
1415 > #$lovers_maps_by_ccat{CC_BANNED} = [
1416 > # { map {lc $_ => 1} # construct a hash lookup table from a list
1417 > # qw(user1@×××××××.com user2.example.com)
1418 > # },
1419 > #];
1420 >
1421 >
1422 > # to save some typing of quotes and commas, a Perl operator qw can be used
1423 > # to split its argument on whitespace and to quote resulting elements:
1424 > #@bypass_spam_checks_maps = (
1425 > # [ qw( some.ddd !butnot.example.com .example.com ) ],
1426 > #);
1427 >
1428 >
1429 > # don't run spam check for these RECIPIENT domains:
1430 > # @bypass_spam_checks_maps = ( [qw( d1.com .d2.com a.d3.com )] );
1431 > # or the other way around (bypass check for all BUT these):
1432 > # @bypass_spam_checks_maps = ( [qw( !d1.com !.d2.com !a.d3.com . )] );
1433 > # a practical application: don't check outgoing mail for spam:
1434 > # @bypass_spam_checks_maps = ( [ "!.$mydomain", "." ] );
1435 > # or calculated (negated) from the %local_domains:
1436 > # @bypass_spam_checks_maps =
1437 > # ( {map {$_ => !$local_domains{$_}} keys %local_domains}, 1);
1438 > # (a downside of which is that such mail will not count as ham in SA
1439 > bayes db)
1440 > #
1441 > # Note that 'outgoing' is not the same as 'originating from inside'.
1442 > # The internal-to-internal mail is not outgoing, but is originating from
1443 > # inside. To base rules on 'originating from inside', the use of policy
1444 > bank
1445 > # MYNETS is needed, in conjunction with XFORWARD Postfix extension to SMTP.
1446 >
1447 > # Where to find SQL server(s) and database to support SQL lookups?
1448 > # A list of triples: (dsn,user,passw). (dsn = data source name)
1449 > # More than one entry may be specified for multiple (backup) SQL servers.
1450 > # See 'man DBI', 'man DBD::mysql', 'man DBD::Pg', ... for details.
1451 > # When chroot-ed, accessing SQL server over inet socket may be more
1452 > convenient.
1453 > #
1454 > # @lookup_sql_dsn =
1455 > # ( ['DBI:mysql:database=mail;host=127.0.0.1;port=3306', 'user1',
1456 > 'passwd1'],
1457 > # ['DBI:mysql:database=mail;host=host2', 'username2', 'password2'],
1458 > # ["DBI:SQLite:dbname=$MYHOME/sql/mail_prefs.sqlite", '', ''] );
1459 > # @storage_sql_dsn = @lookup_sql_dsn; # none, same, or separate database
1460 > #
1461 > @lookup_sql_dsn =
1462 > (
1463 > ['DBI:mysql:database=amavis;host=192.168.10.35;port=3306','amavis','db4me!']
1464 > );
1465 > # ('mail' in the example is the database name, choose what you like)
1466 > # With PostgreSQL the dsn (first element of the triple) may look like:
1467 > # 'DBI:Pg:dbname=mail;host=host1'
1468 >
1469 > # The SQL select clause to fetch per-recipient policy settings.
1470 > # The %k will be replaced by a comma-separated list of query addresses
1471 > # (e.g. full address, domain only (stripped level by level), and a
1472 > catchall).
1473 > # Use ORDER if there is a chance that multiple records will match - the
1474 > first
1475 > # match wins. If field names are not unique (e.g. 'id'), the later field
1476 > # overwrites the earlier in a hash returned by lookup, which is why we use
1477 > # '*,users.id' instead of just '*'. No need to uncomment the following
1478 > # assignment if the default is ok.
1479 > # $sql_select_policy = 'SELECT *,users.id FROM users,policy'.
1480 > # ' WHERE (users.policy_id=policy.id) AND (users.email IN (%k))'.
1481 > # ' ORDER BY users.priority DESC';
1482 > #
1483 > # The SQL select clause to check sender in per-recipient
1484 > whitelist/blacklist
1485 > # The first SELECT argument '?' will be users.id from recipient SQL lookup,
1486 > # the %k will be sender addresses (e.g. full address, domain only,
1487 > catchall).
1488 > # The default value is:
1489 > # $sql_select_white_black_list = 'SELECT wb FROM wblist,mailaddr'.
1490 > # ' WHERE (wblist.rid=?) AND (wblist.sid=mailaddr.id)'.
1491 > # ' AND (mailaddr.email IN (%k))'.
1492 > # ' ORDER BY mailaddr.priority DESC';
1493 > #
1494 > # To disable SQL white/black list, set to undef (otherwise comment-out
1495 > # the following statement, leaving it at the default value):
1496 > #$sql_select_white_black_list = undef; # undef disables SQL
1497 > white/blacklisting
1498 >
1499 > $sql_select_white_black_list = 'SELECT wb FROM wblist'.
1500 > ' WHERE (rid=?) AND (wblist.email IN (%k))'.
1501 > ' ORDER BY wblist.priority DESC';
1502 >
1503 > # If passing malware to certain recipients ($final_*_destiny=D_PASS or
1504 > # *_lovers), the recipient-based lookup tables @addr_extension_*_maps may
1505 > # return a string, which (if nonempty) will be added as an address
1506 > extension
1507 > # to the local-part of the recipient's address. This extension may be used
1508 > # by the final local delivery agent (LDA) to place such mail into different
1509 > # subfolders (the extension is usually interpreted as a folder name).
1510 > # This is sometimes known as the 'plus addressing'. Appending address
1511 > # extensions is prevented when:
1512 > # - recipient does not match lookup tables @local_domains_maps;
1513 > # - lookup into corresponding @addr_extension_*_maps results
1514 > # in an empty string or undef;
1515 > # - $recipient_delimiter is empty (see below)
1516 > # LDAs usually default to stripping away address extension if no special
1517 > # handling is specified or if a named subfolder or alias does not exist,
1518 > # so adding address extensions normally does no harm.
1519 >
1520 > # @addr_extension_virus_maps = ('virus'); # defaults to empty
1521 > # @addr_extension_spam_maps = ('spam'); # defaults to empty
1522 > # @addr_extension_banned_maps = ('banned'); # defaults to empty
1523 > # @addr_extension_bad_header_maps = ('badh'); # defaults to empty
1524 > #
1525 > # A more complex example:
1526 > # @addr_extension_virus_maps = (
1527 > # {'sub.example.com'=>'infected', '.example.com'=>'filtered'}, 'virus' );
1528 >
1529 > # Delimiter between local part of the envelope recipient address and
1530 > address
1531 > # extension (which can optionally be added, see @addr_extension_*_maps.
1532 > E.g.
1533 > # recipient address <user@×××××××.com> is changed to
1534 > <user+virus@×××××××.com>.
1535 > #
1536 > # Delimiter must match the equivalent (final) MTA delimiter setting.
1537 > # (e.g. for Postfix add 'recipient_delimiter = +' to main.cf)
1538 > # Setting it to an empty string or to undef disables adding extensions
1539 > # regardless of $addr_extension_*_maps.
1540 >
1541 > # $recipient_delimiter = '+'; # (default is undef, i.e. disabled)
1542 >
1543 > # true: replace extension; false: append extension
1544 > # $replace_existing_extension = 1; # (default is true)
1545 >
1546 > # Affects matching of localpart of e-mail addresses (left of '@')
1547 > # in lookups: true = case sensitive, false = case insensitive
1548 > $localpart_is_case_sensitive = 0; # (default is false)
1549 >
1550 >
1551 > # ENVELOPE SENDER SOFT-WHITELISTING / SOFT-BLACKLISTING
1552 >
1553 > # Instead of hard black- or whitelisting, a softer approach is to add
1554 > # score points (penalties) to the SA score for mail from certain senders.
1555 > # Positive points lean towards blacklisting, negative towards whitelisting.
1556 > # This is much like adding SA rules or using its white/blacklisting, except
1557 > # that here only envelope sender addresses are considered (not addresses
1558 > # in a mail header), and that score points can be assigned per-recipient
1559 > # (or globally), and the assigned penalties are customarily much lower
1560 > # than the default SA white/blacklisting score.
1561 > #
1562 > # The table structure is similar to
1563 > $per_recip_blacklist_sender_lookup_tables
1564 > # i.e. the first level key is recipient, pointing to by-sender lookup
1565 > tables.
1566 > # The essential difference is that scores from _all_ matching by-recipient
1567 > # lookups (not just the first that matches) are summed to give the final
1568 > # score boost. That means that both the site and domain administrators,
1569 > # as well as the recipient can have a say on the final score.
1570 > #
1571 > # NOTE: keep hash keys in lowercase, either manually or by using
1572 > function lc
1573 >
1574 > @score_sender_maps = ({ # a by-recipient hash lookup table
1575 >
1576 > # # per-recipient personal tables (NOTE: positive: black, negative: white)
1577 > # 'user1@×××××××.com' => [{'bla-mobile.press@×××××××.com' => 10.0}],
1578 > # 'user3@×××××××.com' => [{'.ebay.com' => -3.0}],
1579 > # 'user4@×××××××.com' => [{'cleargreen@××××××××××.com' => -7.0,
1580 > # '.cleargreen.com' => -5.0}],
1581 >
1582 > # site-wide opinions about senders (the '.' matches any recipient)
1583 > '.' => [ # the _first_ matching sender determines the score boost
1584 >
1585 > new_RE( # regexp-type lookup table, just happens to be all
1586 > soft-blacklist
1587 > [qr'^(bulkmail|offers|cheapbenefits|earnmoney|foryou)@'i =>
1588 > 5.0],
1589 > [qr'^(greatcasino|investments|lose_weight_today|market\.alert)@'i=>
1590 > 5.0],
1591 > [qr'^(money2you|MyGreenCard|new\.tld\.registry|opt-out|opt-in)@'i=>
1592 > 5.0],
1593 > [qr'^(optin|saveonlsmoking2002k|specialoffer|specialoffers)@'i =>
1594 > 5.0],
1595 > [qr'^(stockalert|stopsnoring|wantsome|workathome|yesitsfree)@'i =>
1596 > 5.0],
1597 > [qr'^(your_friend|greatoffers)@'i =>
1598 > 5.0],
1599 > [qr'^(inkjetplanet|marketopt|MakeMoney)\d*@'i =>
1600 > 5.0],
1601 > ),
1602 >
1603 > # read_hash("/var/amavis/sender_scores_sitewide"),
1604 >
1605 > { # a hash-type lookup table (associative array)
1606 > 'nobody@××××.org' => -3.0,
1607 > 'cert-advisory@×××××××.gov' => -3.0,
1608 > 'owner-alert@×××.net' => -3.0,
1609 > 'slashdot@××××××××.org' => -3.0,
1610 > 'bugtraq@×××××××××××××.com' => -3.0,
1611 > 'ntbugtraq@××××××××××××××××××.com' => -3.0,
1612 > 'security-alerts@×××××××××××××.com' => -3.0,
1613 > 'mailman-announce-admin@××××××.org' => -3.0,
1614 > 'amavis-user-admin@×××××××××××××××××.net'=> -3.0,
1615 > 'spamassassin.apache.org' => -3.0,
1616 > 'notification-return@××××××××××××.com' => -3.0,
1617 > 'owner-postfix-users@×××××××.org' => -3.0,
1618 > 'owner-postfix-announce@×××××××.org' => -3.0,
1619 > 'owner-sendmail-announce@××××××××××××××.org' => -3.0,
1620 > 'sendmail-announce-request@××××××××××××××.org' => -3.0,
1621 > 'donotreply@××××××××.org' => -3.0,
1622 > 'ca+envelope@××××××××.org' => -3.0,
1623 > 'noreply@×××××××××.net' => -3.0,
1624 > 'owner-technews@××××××××××.org' => -3.0,
1625 > 'ietf-123-owner@×××××××××.org' => -3.0,
1626 > 'cvs-commits-list-admin@×××××.org' => -3.0,
1627 > 'rt-users-admin@××××××××××.com' => -3.0,
1628 > 'clp-request@××××××××××××.sg' => -3.0,
1629 > 'surveys-errors@×××××××××.ie' => -3.0,
1630 > 'emailnews@×××××××××.com' => -5.0,
1631 > 'yahoo-dev-null@×××××××××.com' => -3.0,
1632 > 'returns.groups.yahoo.com' => -3.0,
1633 > 'clusternews@××××××××××××.com' => -3.0,
1634 > lc('lvs-users-admin@××××××××××××××××××.org') => -3.0,
1635 > lc('owner-textbreakingnews@××××××××××××××.COM') => -5.0,
1636 >
1637 > # soft-blacklisting (positive score)
1638 > 'sender@×××××××.net' => 3.0,
1639 > '.example.net' => 1.0,
1640 >
1641 > },
1642 > ], # end of site-wide tables
1643 > });
1644 >
1645 >
1646 > # ENVELOPE SENDER WHITELISTING / BLACKLISTING - GLOBAL
1647 > (RECIPIENT-INDEPENDENT)
1648 > # (affects spam checking only, has no effect on virus and other checks)
1649 >
1650 > # WHITELISTING: use ENVELOPE SENDER lookups to ENSURE DELIVERY from
1651 > whitelisted
1652 > # senders even if the message would be recognized as spam. Effectively, for
1653 > # the specified senders, message recipients temporarily become
1654 > 'spam_lovers'.
1655 > # To avoid surprises, whitelisted sender also suppresses inserting/editing
1656 > # the tag2-level header fields (X-Spam-*, Subject), appending spam address
1657 > # extension, and quarantining.
1658 > #
1659 > # BLACKLISTING: messages from specified SENDERS are DECLARED SPAM.
1660 > # Effectively, for messages from blacklisted envelope sender addresses,
1661 > spam
1662 > # level is artificially pushed high, and the normal spam processing
1663 > applies,
1664 > # resulting in 'X-Spam-Flag: YES', high 'X-Spam-Level' bar and other usual
1665 > # reactions to spam, including possible rejection. If the message
1666 > nevertheless
1667 > # still passes (e.g. for spam loving recipients), it is tagged as
1668 > BLACKLISTED
1669 > # in the 'X-Spam-Status' header field, but the reported spam value and
1670 > # set of tests in this report header field (if available from SpamAssassin,
1671 > # which may or may not have been called) is not adjusted.
1672 > #
1673 > # A sender may be both white- and blacklisted at the same time, settings
1674 > # are independent. For example, being both white- and blacklisted, message
1675 > # is delivered to recipients, but is not tagged as spam (X-Spam-Flag: No;
1676 > # X-Spam-Status: No, ...), but the reported spam level (if computed) may
1677 > # still indicate high spam score.
1678 > #
1679 > # If ALL recipients of the message either white- or blacklist the sender,
1680 > # spam scanning (calling the SpamAssassin) is bypassed, saving on time.
1681 > #
1682 > # The following variables (lists of lookup tables) are available,
1683 > # with the semantics and syntax as specified in README.lookups:
1684 > # @whitelist_sender_maps, @blacklist_sender_maps
1685 >
1686 > # SOME EXAMPLES:
1687 > #
1688 > #ACL:
1689 > # @whitelist_sender_maps = ( ['.example.org', '.example.net'] );
1690 > # @whitelist_sender_maps = ( [qw(.example.org .example.net)] ); # same
1691 > thing
1692 > #
1693 > # @whitelist_sender_maps = ( [".$mydomain"] ); # $mydomain and its
1694 > subdomains
1695 > # NOTE: This is not a reliable way of turning off spam checks for
1696 > # locally-originating mail, as sender address can easily be faked.
1697 > # To reliably avoid spam-scanning outgoing mail, use
1698 > @bypass_spam_checks_maps
1699 > # for nonlocal recipients. To reliably avoid spam scanning for locally
1700 > # originating mail (including internal-to-internal mail), recognized by
1701 > # the original SMTP client IP address matching @mynetworks, use policy
1702 > bank
1703 > # MYNETS, adjust @mynetworks, and turn on XFORWARD in the Postfix smtp
1704 > client
1705 > # service feeding amavisd.
1706 >
1707 > #with regexps:
1708 > # @whitelist_sender_maps = ( new_RE(
1709 > # qr'^postmaster@.*\bexample\.com$'i,
1710 > # qr'^owner-[^@]*@'i, qr'-request@'i,
1711 > # qr'\.example\.com$'i
1712 > # ));
1713 >
1714 >
1715 > # illustrates the use of regexp lookup table:
1716 >
1717 > @blacklist_sender_maps = ( new_RE(
1718 > qr'^(bulkmail|offers|cheapbenefits|earnmoney|foryou|greatcasino)@'i,
1719 >
1720 > qr'^(investments|lose_weight_today|market\.alert|money2you|MyGreenCard)@'i,
1721 > qr'^(new\.tld\.registry|opt-out|opt-in|optin|saveonlsmoking2002k)@'i,
1722 > qr'^(specialoffer|specialoffers|stockalert|stopsnoring|wantsome)@'i,
1723 > qr'^(workathome|yesitsfree|your_friend|greatoffers)@'i,
1724 > qr'^(inkjetplanet|marketopt|MakeMoney)\d*@'i,
1725 > ));
1726 >
1727 >
1728 > # NOTE: whitelisting is becoming deprecated because sender address is
1729 > # all too often faked; use @score_sender_maps for soft-whitelisting!
1730 > #
1731 > # Illustrates the use of several lookup tables:
1732 > #
1733 > # @whitelist_sender_maps = (
1734 > #
1735 > # # read_hash("$MYHOME/whitelist_sender"), # a hash table read from a file
1736 > #
1737 > # # and another hash lookup table constructed in-line, with keys
1738 > lowercased:
1739 > # { map {lc $_ => 1} qw(
1740 > # nobody@××××.org
1741 > # cert-advisory@×××××××.gov
1742 > # owner-alert@×××.net
1743 > # slashdot@××××××××.org
1744 > # bugtraq@×××××××××××××.com
1745 > # NTBUGTRAQ@××××××××××××××××××.COM
1746 > # security-alerts@×××××××××××××.com
1747 > # amavis-user-admin@×××××××××××××××××.net
1748 > # notification-return@××××××××××××.com
1749 > # mailman-announce-admin@××××××.org
1750 > # owner-postfix-users@×××××××.org
1751 > # owner-postfix-announce@×××××××.org
1752 > # owner-sendmail-announce@××××××××××××××.org
1753 > # sendmail-announce-request@××××××××××××××.org
1754 > # owner-technews@××××××××××.ORG
1755 > # lvs-users-admin@××××××××××××××××××.org
1756 > # ietf-123-owner@×××××××××.org
1757 > # cvs-commits-list-admin@×××××.org
1758 > # rt-users-admin@××××××××××.com
1759 > # clp-request@××××××××××××.sg
1760 > # surveys-errors@×××××××××.ie
1761 > # emailNews@×××××××××.com
1762 > # owner-textbreakingnews@××××××××××××××.COM
1763 > # yahoo-dev-null@×××××××××.com
1764 > # returns.groups.yahoo.com
1765 > # )},
1766 > #
1767 > # # { '' => 1 }, # and another one, containing just an empty reverse
1768 > path (DSN)
1769 > #
1770 > # );
1771 >
1772 >
1773 > # ENVELOPE SENDER WHITELISTING / BLACKLISTING - PER-RECIPIENT
1774 >
1775 > # The same semantics as for global white/blacklisting applies, but this
1776 > # time each recipient (or its domain, or subdomain, ...) can be given
1777 > # an individual lookup table for matching senders. The per-recipient
1778 > lookups
1779 > # take precedence over the global lookups, which serve as a fallback
1780 > default.
1781 >
1782 > # Specify a two-level lookup table: the key for the outer table is
1783 > recipient,
1784 > # and the result should be an inner lookup table (hash or ACL or RE),
1785 > # where the key used will be the sender. (Note that this structure is
1786 > flatter
1787 > # than @score_sender_maps, where the first level result is a ref to a
1788 > _list_
1789 > # of inner lookup tables, not a ref to a single lookup table.)
1790 > #
1791 > #$per_recip_blacklist_sender_lookup_tables = {
1792 > #
1793 > 'user1@××××××××××.com'=>new_RE(qr'^(inkjetplanet|marketopt|MakeMoney)\d*@'i),
1794 >
1795 > # 'user2@××××××××××.com'=>[qw( spammer@××.example,org .d2.example,org )],
1796 > #};
1797 > #$per_recip_whitelist_sender_lookup_tables = {
1798 > # 'user@××××××××××.com' => [qw( friend@×××××××.org .other.example.org )],
1799 > # '.my1.example.com' => [qw( !foe.other.example,org
1800 > .other.example,org )],
1801 > # '.my2.example.com' => read_hash("$MYHOME/my2-wl.dat"),
1802 > # 'abuse@' => { 'postmaster@'=>1,
1803 > # 'cert-advisory-owner@××××.org'=>1,
1804 > 'owner-alert@×××.net'=>1 },
1805 > #};
1806 >
1807 >
1808 > #
1809 > # Section VI - Resource limits
1810 > #
1811 >
1812 > # Sanity limit to the number of allowed recipients per SMTP transaction
1813 > # $smtpd_recipient_limit = 1100; # (default is 1100)
1814 >
1815 > # Resource limits to protect unpackers, decompressors and virus scanners
1816 > # against mail bombs (e.g. 42.zip)
1817 >
1818 >
1819 > # Maximum recursion level for extraction/decoding (0 or undef disables
1820 > limit)
1821 > $MAXLEVELS = 14; # (default is undef, no limit)
1822 >
1823 > # Maximum number of extracted files (0 or undef disables the limit)
1824 > $MAXFILES = 1500; # (default is undef, no limit)
1825 >
1826 > # For the cumulative total of all decoded mail parts we set max storage
1827 > size
1828 > # to defend against mail bombs. Even though parts may be deleted (replaced
1829 > # by decoded text) during decoding, the size they occupied is _not_
1830 > returned
1831 > # to the quota pool.
1832 > #
1833 > # Parameters to storage quota formula for unpacking/decoding/decompressing
1834 > # Formula:
1835 > # quota = max($MIN_EXPANSION_QUOTA,
1836 > # $mail_size*$MIN_EXPANSION_FACTOR,
1837 > # min($MAX_EXPANSION_QUOTA,
1838 > $mail_size*$MAX_EXPANSION_FACTOR))
1839 > # In plain words (later condition overrules previous ones):
1840 > # allow MAX_EXPANSION_FACTOR times initial mail size,
1841 > # but not more than MAX_EXPANSION_QUOTA,
1842 > # but not less than MIN_EXPANSION_FACTOR times initial mail size,
1843 > # but never less than MIN_EXPANSION_QUOTA
1844 > #
1845 > $MIN_EXPANSION_QUOTA = 100*1024; # bytes (default undef, not
1846 > enforced)
1847 > $MAX_EXPANSION_QUOTA = 300*1024*1024; # bytes (default undef, not
1848 > enforced)
1849 > $MIN_EXPANSION_FACTOR = 5; # times original mail size (default is 5)
1850 > $MAX_EXPANSION_FACTOR = 500; # times original mail size (default is 500)
1851 >
1852 > # expiration time of cached results: time to live in seconds
1853 > # (how long the result of a virus/spam test remains valid)
1854 > $virus_check_negative_ttl= 3*60; # time to remember that mail was not
1855 > infected
1856 > $virus_check_positive_ttl= 30*60; # time to remember that mail was infected
1857 > $spam_check_negative_ttl = 30*60; # time to remember that mail was not spam
1858 > $spam_check_positive_ttl = 30*60; # time to remember that mail was spam
1859 > #
1860 > # NOTE:
1861 > # Cache size will be determined by the largest of the $*_ttl values.
1862 > # Depending on the mail rate, the cache database may grow quite large.
1863 > # Reasonable compromise for the max value is 15 minutes to 2 hours.
1864 >
1865 > #
1866 > # Section VII - External programs, virus scanners
1867 > #
1868 >
1869 > # Specify a path string, which is a colon-separated string of directories
1870 > # (no trailing slashes!) to be assigned to the environment variable PATH
1871 > # and to serve for locating external programs below.
1872 >
1873 > # NOTE: if $daemon_chroot_dir is nonempty, the directories will be
1874 > # relative to the chroot directory specified;
1875 >
1876 > $path =
1877 > '/usr/local/sbin:/usr/local/bin:/usr/sbin:/sbin:/usr/bin:/bin:/opt/bin';
1878 >
1879 > # For external programs specify one string or a search list of strings
1880 > (first
1881 > # match wins). The string (or: each string in a list) may be an absolute
1882 > path,
1883 > # or just a program name, to be located via $path;
1884 > # Empty string or undef (=default) disables the use of that external
1885 > program.
1886 > # Optionally command arguments may be specified - only the first substring
1887 > # up to the whitespace is used for file searching.
1888 >
1889 > $file = 'file'; # file(1) utility; use 3.41 or later to avoid
1890 > vulnerability
1891 > $dspam = 'dspam';
1892 >
1893 > # A list of pairs or n-tuples: [short-type, code_ref, optional-args...].
1894 > # Maps short types to a decoding routine, the first match wins.
1895 > # Arguments beyond the first two can be program path string (or a
1896 > listref of
1897 > # paths to be searched) or a reference to a variable containing such a
1898 > path,
1899 > # which allows for lazy evaluation, making possible to assign values to
1900 > # legacy configuration variables even after the assignment to @decoders.
1901 > #
1902 > @decoders = (
1903 > ['mail', \&do_mime_decode],
1904 > ['asc', \&do_ascii],
1905 > ['uue', \&do_ascii],
1906 > ['hqx', \&do_ascii],
1907 > ['ync', \&do_ascii],
1908 > ['F', \&do_uncompress, ['unfreeze','freeze -d','melt','fcat'] ],
1909 > ['Z', \&do_uncompress, ['uncompress','gzip -d','zcat'] ],
1910 > ['gz', \&do_gunzip],
1911 > ['gz', \&do_uncompress, 'gzip -d'],
1912 > ['bz2', \&do_uncompress, 'bzip2 -d'],
1913 > ['lzo', \&do_uncompress, 'lzop -d'],
1914 > ['rpm', \&do_uncompress, ['rpm2cpio.pl','rpm2cpio'] ],
1915 > ['cpio', \&do_pax_cpio, ['pax','gcpio','cpio'] ],
1916 > ['tar', \&do_pax_cpio, ['pax','gcpio','cpio'] ],
1917 > ['tar', \&do_tar],
1918 > ['deb', \&do_ar, 'ar'],
1919 > # ['a', \&do_ar, 'ar'], # unpacking .a seems an overkill
1920 > ['zip', \&do_unzip],
1921 > ['rar', \&do_unrar, ['rar','unrar'] ],
1922 > ['arj', \&do_unarj, ['arj','unarj'] ],
1923 > ['arc', \&do_arc, ['nomarch','arc'] ],
1924 > ['zoo', \&do_zoo, 'zoo'],
1925 > ['lha', \&do_lha, 'lha'],
1926 > # ['doc', \&do_ole, 'ripole'],
1927 > ['cab', \&do_cabextract, 'cabextract'],
1928 > ['tnef', \&do_tnef_ext, 'tnef'],
1929 > ['tnef', \&do_tnef],
1930 > ['exe', \&do_executable, ['rar','unrar'], 'lha', ['arj','unarj'] ],
1931 > );
1932 >
1933 >
1934 > # SpamAssassin settings
1935 >
1936 > # $sa_local_tests_only is passed to Mail::SpamAssassin::new as a value
1937 > # of the option local_tests_only. See Mail::SpamAssassin man page.
1938 > # If set to 1, no SA tests that require internet access will be performed.
1939 > #
1940 > $sa_local_tests_only = 0; # only tests which do not require internet
1941 > access?
1942 > #$sa_auto_whitelist = 1; # turn on AWL in SA 2.63 or older (irrelevant
1943 > # for SA 3.0, its cf option is
1944 > use_auto_whitelist)
1945 >
1946 > $sa_mail_body_size_limit = 200*1024; # don't waste time on SA if mail is
1947 > larger
1948 > # (less than 1% of spam is > 64k)
1949 > # default: undef, no limitations
1950 >
1951 > # default values, customarily used in the @spam_*_level_maps as the last
1952 > entry
1953 > $sa_tag_level_deflt = -9999; # add spam info headers if at, or above
1954 > that level;
1955 > # undef is interpreted as lower than any spam level
1956 > $sa_tag2_level_deflt = 5;# add 'spam detected' headers at that level to
1957 > # passed mail, adding address extensions;
1958 > $sa_kill_level_deflt = 20; # triggers spam evasive actions
1959 > # at or above that level: bounce/reject/drop,
1960 > # quarantine
1961 > $sa_dsn_cutoff_level = 9; # spam level beyond which a DSN is not sent,
1962 > # effectively turning D_BOUNCE into D_DISCARD;
1963 > # undef disables this feature and is a default;
1964 > # see also $sa_quarantine_cutoff_level above, which only controls
1965 > quarantining
1966 >
1967 > # advanced example specifying per-recipient values using a hash lookup:
1968 > #@spam_tag_level_maps = (\$sa_tag_level_deflt); # this is a default
1969 > #@spam_tag2_level_maps = (
1970 > # { 'user1@×××××××.com' => 8.0, '.example.com' => 6.0 },
1971 > # \$sa_tag2_level_deflt, # catchall default
1972 > #);
1973 > #@spam_kill_level_maps = (
1974 > # { 'user1@×××××××.com' => 8.0, '.example.com' => 6.0 },
1975 > # \$sa_kill_level_deflt, # catchall default
1976 > #);
1977 > #@spam_dsn_cutoff_level_maps = (
1978 > # { 'user1@×××××××.com' => 10, '.example.com' => 15 },
1979 > # \$sa_dsn_cutoff_level, # catchall default
1980 > #);
1981 >
1982 > # a quick reference:
1983 > # tag_level contents category: CC_CLEAN,
1984 > # controls adding the X-Spam-Status and X-Spam-Level headers,
1985 > # tag2_level contents category: CC_SPAMMY,
1986 > # controls adding 'X-Spam-Flag: YES', editing (tagging)
1987 > Subject,
1988 > # and adding address extensions,
1989 > # tag3_level contents category: CC_SPAMMY, minor category 1,
1990 > # like tag2, but may insert different Subject tag
1991 > # e.g. @spam_subject_tag3_maps=('***BLATANT*SPAM*** ');
1992 > # kill_level contents category: CC_SPAM,
1993 > # controls 'evasive actions' (reject, quarantine);
1994 > # it only makes sense to maintain the relationship:
1995 > # tag_level <= tag2_level <= tag3_level <= kill_level <
1996 > # < dsn_cutoff_level <= quarantine_cutoff_level
1997 >
1998 > # string to prepend to Subject header field when message exceeds tag2 level
1999 > $sa_spam_subject_tag = '*SPAM* '; # (defaults to undef, disabled)
2000 > # (only seen when spam is passed and recipient is
2001 > # in local_domains*)
2002 >
2003 > #$sa_spam_modifies_subj = 1; # in @spam_modifies_subj_maps, default is true
2004 >
2005 > # Example: modify Subject for all local recipients except user@×××××××.com
2006 > #@spam_modifies_subj_maps = ( [qw( !user@×××××××.com . )] );
2007 >
2008 > #$sa_spam_level_char = '*'; # char for X-Spam-Level bar, defaults to '*';
2009 > # undef or empty disables inserting X-Spam-Level
2010 > #$sa_spam_report_header = 0; # insert X-Spam-Report header field?
2011 > default false
2012 >
2013 > # stop anti-virus scanning when the first scanner detects a virus?
2014 > #$first_infected_stops_scan = 1; # default is false, all scanners in a
2015 > section
2016 > # are called
2017 >
2018 > # @av_scanners is a list of n-tuples, where fields semantics is:
2019 > # 1. av scanner plain name, to be used in log and reports;
2020 > # 2. scanner program name; this string will be submitted to subroutine
2021 > # find_external_programs(), which will try to find the full program
2022 > path
2023 > # name during startup; if program is not found, this scanner is
2024 > disabled.
2025 > # Besides a simple string (full program path name or just the basename
2026 > # to be looked for in PATH), this may be an array ref of alternative
2027 > # program names or full paths - the first match in the list will be
2028 > used;
2029 > # As a special case for more complex scanners, this field may be
2030 > # a subroutine reference, and the whole n-tuple is passed to it as
2031 > args.
2032 > # 3. command arguments to be given to the scanner program;
2033 > # a substring {} will be replaced by the directory name to be
2034 > scanned, i.e.
2035 > # "$tempdir/parts", a "*" will be replaced by base file names of parts;
2036 > # 4. an array ref of av scanner exit status values, or a regexp (to be
2037 > # matched against scanner output), indicating NO VIRUSES found;
2038 > # a special case is a value undef, which does not claim file to be
2039 > clean
2040 > # (i.e. it never matches, similar to []), but suppresses a failure
2041 > warning;
2042 > # to be used when the result is inconclusive (useful for specialized
2043 > and
2044 > # quick partial scanners such as jpeg checker);
2045 > # 5. an array ref of av scanner exit status values, or a regexp (to be
2046 > # matched against scanner output), indicating VIRUSES WERE FOUND;
2047 > # Note: the virus match prevails over a 'not found' match, so it is
2048 > safe
2049 > # even if the no. 4. matches for viruses too;
2050 > # 6. a regexp (to be matched against scanner output), returning a list
2051 > # of virus names found, or a sub ref, returning such a list when given
2052 > # scanner output as argument;
2053 > # 7. and 8.: (optional) subroutines to be executed before and after
2054 > scanner
2055 > # (e.g. to set environment or current directory);
2056 > # see examples for these at KasperskyLab AVP and NAI uvscan.
2057 >
2058 > # NOTES:
2059 > #
2060 > # - NOT DEFINING @av_scanners (e.g. setting it to empty list, or
2061 > deleting the
2062 > # whole assignment) TURNS OFF LOADING AND COMPILING OF THE ANTIVIRUS CODE
2063 > # (which can be handy if all you want to do is spam scanning);
2064 > #
2065 > # - the order matters: although _all_ available entries from the list
2066 > # are tried regardless of their verdict, scanners are run in the order
2067 > # specified: the report from the first one detecting a virus will be used
2068 > # (providing virus names and scanner output); REARRANGE THE ORDER TO
2069 > WILL;
2070 > # see also $first_infected_stops_scan;
2071 > #
2072 > # - it doesn't hurt to keep an unused command line scanner entry in the
2073 > list
2074 > # if the program can not be found; the path search is only performed once
2075 > # during the program startup;
2076 > #
2077 > # COROLLARY: to disable a scanner that _does_ exist on your system,
2078 > # comment out its entry or use undef or '' as its program name/path
2079 > # (second parameter). An example where this is almost a must: disable
2080 > # Sophos 'sweep' if you have its daemonized version Sophie or SAVI-Perl
2081 > # (same for Trophie/vscan, and clamd/clamscan), or if another unrelated
2082 > # program happens to have a name matching one of the entries ('sweep'
2083 > # again comes to mind);
2084 > #
2085 > # - it DOES HURT to keep unwanted entries which use INTERNAL SUBROUTINES
2086 > # for interfacing (where the second parameter starts with \&).
2087 > # Keeping such entry and not having a corresponding virus scanner daemon
2088 > # causes an unnecessary connection attempt (which eventually times out,
2089 > # but it wastes precious time). For this reason the daemonized entries
2090 > # are commented in the distribution - just remove the '#' where needed.
2091 > #
2092 > # CERT list of av resources: http://www.cert.org/other_sources/viruses.html
2093 >
2094 > @av_scanners = (
2095 >
2096 > # ### http://www.vanja.com/tools/sophie/
2097 > # ['Sophie',
2098 > # \&ask_daemon, ["{}/\n", '/var/run/sophie'],
2099 > # qr/(?x)^ 0+ ( : | [\000\r\n]* $)/, qr/(?x)^ 1 ( : | [\000\r\n]* $)/,
2100 > # qr/(?x)^ [-+]? \d+ : (.*?) [\000\r\n]* $/ ],
2101 >
2102 > # ### http://www.csupomona.edu/~henson/www/projects/SAVI-Perl/
2103 > # ['Sophos SAVI', \&sophos_savi ],
2104 >
2105 > # ### http://www.clamav.net/
2106 > # ['ClamAV-clamd',
2107 > # \&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd"],
2108 > # qr/\bOK$/, qr/\bFOUND$/,
2109 > # qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
2110 > # # NOTE: the easiest is to run clamd under the same user as amavisd;
2111 > match the
2112 > # # socket name (LocalSocket) in clamav.conf to the socket name in this
2113 > entry
2114 > # # When running chrooted one may prefer: ["CONTSCAN
2115 > {}\n","$MYHOME/clamd"],
2116 >
2117 > # ### http://www.clamav.net/ and CPAN (memory-hungry! clamd is preferred)
2118 > # ['Mail::ClamAV', \&ask_clamav, "*", [0], [1], qr/^INFECTED: (.+)/],
2119 >
2120 > # ### http://www.openantivirus.org/
2121 > # ['OpenAntiVirus ScannerDaemon (OAV)',
2122 > # \&ask_daemon, ["SCAN {}\n", '127.0.0.1:8127'],
2123 > # qr/^OK/, qr/^FOUND: /, qr/^FOUND: (.+)/ ],
2124 >
2125 > # ### http://www.vanja.com/tools/trophie/
2126 > # ['Trophie',
2127 > # \&ask_daemon, ["{}/\n", '/var/run/trophie'],
2128 > # qr/(?x)^ 0+ ( : | [\000\r\n]* $)/, qr/(?x)^ 1 ( : | [\000\r\n]* $)/,
2129 > # qr/(?x)^ [-+]? \d+ : (.*?) [\000\r\n]* $/ ],
2130 >
2131 > # ### http://www.grisoft.com/
2132 > # ['AVG Anti-Virus',
2133 > # \&ask_daemon, ["SCAN {}\n", '127.0.0.1:55555'],
2134 > # qr/^200/, qr/^403/, qr/^403 .*?: ([^\r\n]+)/ ],
2135 >
2136 > # ### http://www.f-prot.com/
2137 > # ['FRISK F-Prot Daemon',
2138 > # \&ask_daemon,
2139 > # ["GET {}/*?-dumb%20-archive%20-packed HTTP/1.0\r\n\r\n",
2140 > # ['127.0.0.1:10200','127.0.0.1:10201','127.0.0.1:10202',
2141 > # '127.0.0.1:10203','127.0.0.1:10204'] ],
2142 > # qr/(?i)<summary[^>]*>clean<\/summary>/,
2143 > # qr/(?i)<summary[^>]*>infected<\/summary>/,
2144 > # qr/(?i)<name>(.+)<\/name>/ ],
2145 >
2146 > # ### http://www.sald.com/, http://www.dials.ru/english/,
2147 > http://www.drweb.ru/
2148 > # ['DrWebD', \&ask_daemon, # DrWebD 4.31 or later
2149 > # [pack('N',1). # DRWEBD_SCAN_CMD
2150 > # pack('N',0x00280001). # DONT_CHANGEMAIL, IS_MAIL, RETURN_VIRUSES
2151 > # pack('N', # path length
2152 > # length("$TEMPBASE/amavis-yyyymmddTHHMMSS-xxxxx/parts/pxxx")).
2153 > # '{}/*'. # path
2154 > # pack('N',0). # content size
2155 > # pack('N',0),
2156 > # '/var/drweb/run/drwebd.sock',
2157 > # # '/var/amavis/var/run/drwebd.sock', # suitable for chroot
2158 > # # '/usr/local/drweb/run/drwebd.sock', # FreeBSD drweb ports default
2159 > # # '127.0.0.1:3000', # or over an inet socket
2160 > # ],
2161 > # qr/\A\x00[\x10\x11][\x00\x10]\x00/s, # IS_CLEAN,EVAL_KEY;
2162 > SKIPPED
2163 > # qr/\A\x00[\x00\x01][\x00\x10][\x20\x40\x80]/s, #
2164 > KNOWN_V,UNKNOWN_V,V._MODIF
2165 > # qr/\A.{12}(?:infected with )?([^\x00]+)\x00/s,
2166 > # ],
2167 > # # NOTE: If using amavis-milter, change length to:
2168 > # # length("$TEMPBASE/amavis-milter-xxxxxxxxxxxxxx/parts/pxxx").
2169 >
2170 > ### http://www.kaspersky.com/ (kav4mailservers)
2171 > ['KasperskyLab AVP - aveclient',
2172 > ['/usr/local/kav/bin/aveclient','/usr/local/share/kav/bin/aveclient',
2173 > '/opt/kav/bin/aveclient','aveclient'],
2174 > '-p /var/run/aveserver -s {}/*', [0,3,6,8],
2175 > qr/\b(INFECTED|SUSPICION)\b/,
2176 > qr/(?:INFECTED|SUSPICION) (.+)/,
2177 > ],
2178 >
2179 > ### http://www.kaspersky.com/
2180 > ['KasperskyLab AntiViral Toolkit Pro (AVP)', ['avp'],
2181 > '-* -P -B -Y -O- {}', [0,3,6,8], [2,4], # any use for -A -K ?
2182 > qr/infected: (.+)/,
2183 > sub {chdir('/opt/AVP') or die "Can't chdir to AVP: $!"},
2184 > sub {chdir($TEMPBASE) or die "Can't chdir back to $TEMPBASE $!"},
2185 > ],
2186 >
2187 > ### The kavdaemon and AVPDaemonClient have been removed from Kasperky
2188 > ### products and replaced by aveserver and aveclient
2189 > ['KasperskyLab AVPDaemonClient',
2190 > [ '/opt/AVP/kavdaemon', 'kavdaemon',
2191 > '/opt/AVP/AvpDaemonClient', 'AvpDaemonClient',
2192 > '/opt/AVP/AvpTeamDream', 'AvpTeamDream',
2193 > '/opt/AVP/avpdc', 'avpdc' ],
2194 > "-f=$TEMPBASE {}", [0,8], [3,4,5,6], qr/infected: ([^\r\n]+)/ ],
2195 > # change the startup-script in /etc/init.d/kavd to:
2196 > # DPARMS="-* -Y -dl -f=/var/amavis /var/amavis"
2197 > # (or perhaps: DPARMS="-I0 -Y -* /var/amavis" )
2198 > # adjusting /var/amavis above to match your $TEMPBASE.
2199 > # The '-f=/var/amavis' is needed if not running it as root, so it
2200 > # can find, read, and write its pid file, etc., see 'man kavdaemon'.
2201 > # defUnix.prf: there must be an entry "*/var/amavis" (or whatever
2202 > # directory $TEMPBASE specifies) in the 'Names=' section.
2203 > # cd /opt/AVP/DaemonClients; configure; cd Sample; make
2204 > # cp AvpDaemonClient /opt/AVP/
2205 > # su - vscan -c "${PREFIX}/kavdaemon ${DPARMS}"
2206 >
2207 > ### http://www.centralcommand.com/
2208 > ['CentralCommand Vexira (new) vascan',
2209 > ['vascan','/usr/lib/Vexira/vascan'],
2210 > "-a s --timeout=60 --temp=$TEMPBASE -y $QUARANTINEDIR ".
2211 > "--vdb=/usr/lib/Vexira/vexira8.vdb --log=/var/log/vascan.log {}",
2212 > [0,3], [1,2,5],
2213 > qr/(?x)^\s* (?:virus|iworm|macro|mutant|sequence|trojan)\ found:\ (
2214 > [^\]\s']+ )\ \.\.\.\ / ],
2215 > # Adjust the path of the binary and the virus database as needed.
2216 > # 'vascan' does not allow to have the temp directory to be the same as
2217 > # the quarantine directory, and the quarantine option can not be
2218 > disabled.
2219 > # If $QUARANTINEDIR is not used, then another directory must be
2220 > specified
2221 > # to appease 'vascan'. Move status 3 to the second list if password
2222 > # protected files are to be considered infected.
2223 >
2224 > ### http://www.hbedv.com/
2225 > ['H+BEDV AntiVir or the (old) CentralCommand Vexira Antivirus',
2226 > ['antivir','vexira'],
2227 > '--allfiles -noboot -nombr -rs -s -z {}', [0], qr/ALERT:|VIRUS:/,
2228 > qr/(?x)^\s* (?: ALERT: \s* (?: \[ | [^']* ' ) |
2229 > (?i) VIRUS:\ .*?\ virus\ '?) ( [^\]\s']+ )/ ],
2230 > # NOTE: if you only have a demo version, remove -z and add 214, as in:
2231 > # '--allfiles -noboot -nombr -rs -s {}', [0,214], qr/ALERT:|VIRUS:/,
2232 >
2233 > ### http://www.commandsoftware.com/
2234 > ['Command AntiVirus for Linux', 'csav',
2235 > '-all -archive -packed {}', [50], [51,52,53],
2236 > qr/Infection: (.+)/ ],
2237 >
2238 > ### http://www.symantec.com/
2239 > ['Symantec CarrierScan via Symantec CommandLineScanner',
2240 > 'cscmdline', '-a scan -i 1 -v -s 127.0.0.1:7777 {}',
2241 > qr/^Files Infected:\s+0$/, qr/^Infected\b/,
2242 > qr/^(?:Info|Virus Name):\s+(.+)/ ],
2243 >
2244 > ### http://www.symantec.com/
2245 > ['Symantec AntiVirus Scan Engine',
2246 > 'savsecls', '-server 127.0.0.1:7777 -mode scanrepair -details
2247 > -verbose {}',
2248 > [0], qr/^Infected\b/,
2249 > qr/^(?:Info|Virus Name):\s+(.+)/ ],
2250 > # NOTE: check options and patterns to see which entry better applies
2251 >
2252 > ### http://www.f-secure.com/products/anti-virus/
2253 > ['F-Secure Antivirus', 'fsav',
2254 > '--dumb --mime --archive {}', [0], [3,8],
2255 > qr/(?:infection|Infected|Suspected): (.+)/ ],
2256 >
2257 > # ### http://www.avast.com/
2258 > # ['avast! Antivirus daemon',
2259 > # \&ask_daemon, # greets with 220, terminate with QUIT
2260 > # ["SCAN {}\015\012QUIT\015\012", '/var/run/avast4/mailscanner.sock'],
2261 > # qr/\t\[\+\]/, qr/\t\[L\]\t/, qr/\t\[L\]\t([^[ \t\015\012]+)/ ],
2262 >
2263 > # ### http://www.avast.com/
2264 > # ['avast! Antivirus - Client/Server Version', 'avastlite',
2265 > # '-a /var/run/avast4/mailscanner.sock -n {}', [0], [1],
2266 > # qr/\t\[L\]\t([^[ \t\015\012]+)/ ],
2267 >
2268 > ['CAI InoculateIT', 'inocucmd', # retired product
2269 > '-sec -nex {}', [0], [100],
2270 > qr/was infected by virus (.+)/ ],
2271 > # see: http://www.flatmtn.com/computer/Linux-Antivirus_CAI.html
2272 >
2273 > ### http://www3.ca.com/Solutions/Product.asp?ID=156 (ex InoculateIT)
2274 > ['CAI eTrust Antivirus', 'etrust-wrapper',
2275 > '-arc -nex -spm h {}', [0], [101],
2276 > qr/is infected by virus: (.+)/ ],
2277 > # NOTE: requires suid wrapper around inocmd32; consider flag: -mod
2278 > reviewer
2279 > # see http://marc.theaimsgroup.com/?l=amavis-user&m=109229779912783
2280 >
2281 > ### http://mks.com.pl/english.html
2282 > ['MkS_Vir for Linux (beta)', ['mks32','mks'],
2283 > '-s {}/*', [0], [1,2],
2284 > qr/--[ \t]*(.+)/ ],
2285 >
2286 > ### http://mks.com.pl/english.html
2287 > ['MkS_Vir daemon', 'mksscan',
2288 > '-s -q {}', [0], [1..7],
2289 > qr/^... (\S+)/ ],
2290 >
2291 > ### http://www.nod32.com/
2292 > ['ESET Software NOD32 Command Line Interface v 2.51', 'nod32cli',
2293 > '--subdir {}', [0,3], [1,2], qr/virus="([^"]+)"/ ],
2294 >
2295 > # ### http://www.nod32.com/ old
2296 > # ['ESET Software NOD32 - Client/Server Version', 'nod32cli',
2297 > # '-a -r -d recurse --heur standard {}', [0], [10,11],
2298 > # qr/^\S+\s+infected:\s+(.+)/ ],
2299 >
2300 > # ### http://www.nod32.com/ old
2301 > # ['ESET Software NOD32', 'nod32',
2302 > # '--arch --mail {}', [0], [1,10], qr/^object=.*, virus="(.*?)",/ ],
2303 >
2304 > # Experimental, based on posting from Rado Dibarbora (Dibo) on 2002-05-31
2305 > # ['ESET Software NOD32 Client/Server (NOD32SS)',
2306 > # \&ask_daemon2, # greets with 200, persistent, terminate with QUIT
2307 > # ["SCAN {}/*\r\n", '127.0.0.1:8448' ],
2308 > # qr/^200 File OK/, qr/^201 /, qr/^201 (.+)/ ],
2309 >
2310 > ### http://www.norman.com/products_nvc.shtml
2311 > ['Norman Virus Control v5 / Linux', 'nvcc',
2312 > '-c -l:0 -s -u -temp:$TEMPBASE {}', [0,10,11], [1,2,14],
2313 > qr/(?i).* virus in .* -> \'(.+)\'/ ],
2314 >
2315 > ### http://www.pandasoftware.com/
2316 > ['Panda Antivirus for Linux', ['pavcl'],
2317 > '-aut -aex -heu -cmp -nbr -nor -nso -eng {}',
2318 > qr/Number of files infected[ .]*: 0+(?!\d)/,
2319 > qr/Number of files infected[ .]*: 0*[1-9]/,
2320 > qr/Found virus :\s*(\S+)/ ],
2321 >
2322 > # ### http://www.pandasoftware.com/
2323 > # ['Panda Antivirus for Linux', ['pavcl'],
2324 > # '-TSR -aut -aex -heu -cmp -nbr -nor -nso -eng {}',
2325 > # [0], [0x10, 0x30, 0x50, 0x70, 0x90, 0xB0, 0xD0, 0xF0],
2326 > # qr/Found virus :\s*(\S+)/ ],
2327 >
2328 > # GeCAD AV technology is acquired by Microsoft; RAV has been discontinued.
2329 > # Check your RAV license terms before fiddling with the following two
2330 > lines!
2331 > # ['GeCAD RAV AntiVirus 8', 'ravav',
2332 > # '--all --archive --mail {}', [1], [2,3,4,5], qr/Infected: (.+)/ ],
2333 > # # NOTE: the command line switches changed with scan engine 8.5 !
2334 > # # (btw, assigning stdin to /dev/null causes RAV to fail)
2335 >
2336 > ### http://www.nai.com/
2337 > ['NAI McAfee AntiVirus (uvscan)', 'uvscan',
2338 > '--secure -rv --mime --summary --noboot --mailbox --program
2339 > --timeout 180 - {}', [0], [13],
2340 > qr/(?x) Found (?:
2341 > \ the\ (.+)\ (?:virus|trojan) |
2342 > \ (?:virus|trojan)\ or\ variant\ ([^ ]+) |
2343 > :\ (.+)\ NOT\ a\ virus)/,
2344 > # sub {$ENV{LD_PRELOAD}='/lib/libc.so.6'},
2345 > # sub {delete $ENV{LD_PRELOAD}},
2346 > ],
2347 > # NOTE1: with RH9: force the dynamic linker to look at /lib/libc.so.6
2348 > before
2349 > # anything else by setting environment variable LD_PRELOAD=/lib/libc.so.6
2350 > # and then clear it when finished to avoid confusing anything else.
2351 > # NOTE2: to treat encrypted files as viruses replace the [13] with:
2352 > # qr/^\s{5,}(Found|is password-protected|.*(virus|trojan))/
2353 >
2354 > ### http://www.virusbuster.hu/en/
2355 > ['VirusBuster', ['vbuster', 'vbengcl'],
2356 > "{} -ss -i '*' -log=$MYHOME/vbuster.log", [0], [1],
2357 > qr/: '(.*)' - Virus/ ],
2358 > # VirusBuster Ltd. does not support the daemon version for the
2359 > workstation
2360 > # engine (vbuster-eng-1.12-linux-i386-libc6.tgz) any longer. The names of
2361 > # binaries, some parameters AND return codes have changed (from 3 to 1).
2362 > # See also the new Vexira entry 'vascan' which is possibly related.
2363 >
2364 > # ### http://www.virusbuster.hu/en/
2365 > # ['VirusBuster (Client + Daemon)', 'vbengd',
2366 > # '-f -log scandir {}', [0], [3],
2367 > # qr/Virus found = (.*);/ ],
2368 > # # HINT: for an infected file it always returns 3,
2369 > # # although the man-page tells a different story
2370 >
2371 > ### http://www.cyber.com/
2372 > ['CyberSoft VFind', 'vfind',
2373 > '--vexit {}/*', [0], [23], qr/##==>>>> VIRUS ID: CVDL (.+)/,
2374 > # sub {$ENV{VSTK_HOME}='/usr/lib/vstk'},
2375 > ],
2376 >
2377 > ### http://www.avast.com/
2378 > ['avast! Antivirus', ['/usr/bin/avastcmd','avastcmd'],
2379 > '-a -i -n -t=A {}', [0], [1], qr/\binfected by:\s+([^ \t\n\[\]]+)/ ],
2380 >
2381 > ### http://www.ikarus-software.com/
2382 > ['Ikarus AntiVirus for Linux', 'ikarus',
2383 > '{}', [0], [40], qr/Signature (.+) found/ ],
2384 >
2385 > ### http://www.bitdefender.com/
2386 > ['BitDefender', 'bdc',
2387 > '--arc --mail {}', qr/^Infected files *:0+(?!\d)/,
2388 > qr/^(?:Infected files|Identified viruses|Suspect files) *:0*[1-9]/,
2389 > qr/(?:suspected|infected): (.*)(?:\033|$)/ ],
2390 > # consider also: --all --nowarn --alev=15 --flev=15. The --all
2391 > argument may
2392 > # not apply to your version of bdc, check documentation and see 'bdc
2393 > --help'
2394 >
2395 > # ['File::Scan', sub {Amavis::AV::ask_av(sub{
2396 > # use File::Scan; my($fn)=@_;
2397 > # my($f)=File::Scan->new(max_txt_size=>0, max_bin_size=>0);
2398 > # my($vname) = $f->scan($fn);
2399 > # $f->error ? (2,"Error: ".$f->error)
2400 > # : ($vname ne '') ? (1,"$vname FOUND") : (0,"Clean")}, @_) },
2401 > # ["{}/*"], [0], [1], qr/^(.*) FOUND$/ ],
2402 >
2403 > # ### example: fully-fledged checker for JPEG marker segments of invalid
2404 > length
2405 > # ['check-jpeg',
2406 > # sub { use JpegTester (); Amavis::AV::ask_av(\&JpegTester::test_jpeg,
2407 > @_) },
2408 > # ["{}/*"], undef, [1], qr/^(bad jpeg: .*)$/ ],
2409 > # # NOTE: place file JpegTester.pm somewhere where Perl can find it,
2410 > # # for example in /usr/local/lib/perl5/site_perl
2411 >
2412 > # ### example: simpleminded checker for JPEG marker segments of invalid
2413 > length
2414 > # ### (only checks first 32k, which is not thorough enough)
2415 > # ['check-jpeg-simple',
2416 > # sub { Amavis::AV::ask_av(sub {
2417 > # my($f)=@_; local(*FF,$_,$1,$2); my(@r)=(0,'not jpeg');
2418 > # open(FF,$f) or die "jpeg: open err $f: $!";
2419 > # binmode(FF) or die "jpeg: binmode err $f: $!";
2420 > # defined read(FF,$_,32000) or die "jpeg: read err $f: $!";
2421 > # close(FF) or die "jpeg: close err $f: $!";
2422 > # if (/^\xff\xd8\xff/) {
2423 > # @r=(0,'jpeg ok');
2424 > # while (!/\G(?:\xff\xd9|\z)/gc) { # EOI or eof
2425 > # if (/\G\xff+(?=\xff|\z)/gc) {} # fill-bytes before
2426 > marker
2427 > # elsif (/\G\xff([\x01\xd0-\xd8])/gc) {} # TEM, RSTi, SOI
2428 > # elsif (/\G\xff([^\x00\xff])(..)/gcs) { # marker segment start
2429 > # my($n)=unpack("n",$2)-2;
2430 > # $n=32766 if $n>32766; # Perl regexp limit
2431 > # if ($n<0) {@r=(1,"bad jpeg: len=$n, pos=".pos); last}
2432 > # elsif (/\G.{$n}/gcs) {} # ok
2433 > # elsif (/\G.{0,$n}\z/gcs) {last} # truncated
2434 > # else {@r=(1,"bad jpeg: unexpected, pos=".pos); last}
2435 > # }
2436 > # elsif (/\G[^\xff]+/gc) {} # ECS
2437 > # elsif (/\G(?:\xff\x00)+/gc) {} # ECS
2438 > # else {@r=(2,"bad jpeg: unexpected char, pos=".pos); last}
2439 > # }
2440 > # }; @r}, @_) },
2441 > # ["{}/*"], undef, [1], qr/^(bad jpeg: .*)$/ ],
2442 >
2443 > );
2444 >
2445 >
2446 > # If no virus scanners from the @av_scanners list produce 'clean' nor
2447 > # 'infected' status (i.e. they all fail to run or the list is empty),
2448 > # then _all_ scanners from the @av_scanners_backup list are tried
2449 > # (again, subject to $first_infected_stops_scan). When there are both
2450 > # daemonized and equivalent or similar command-line scanners available,
2451 > # it is customary to place slower command-line scanners in the
2452 > # @av_scanners_backup list. The default choice is somewhat arbitrary,
2453 > # move entries from one list to another as desired, keeping main scanners
2454 > # in the primary list to avoid warnings.
2455 >
2456 > @av_scanners_backup = (
2457 >
2458 > ### http://www.clamav.net/ - backs up clamd or Mail::ClamAV
2459 > ['ClamAV-clamscan', 'clamscan',
2460 > "--stdout --disable-summary -r --tempdir=$TEMPBASE {}",
2461 > [0], qr/:.*\sFOUND$/, qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
2462 >
2463 > ### http://www.f-prot.com/ - backs up F-Prot Daemon
2464 > ['FRISK F-Prot Antivirus', ['f-prot','f-prot.sh'],
2465 > '-dumb -ai -archive -packed -server {}', [0,8], [3,6],
2466 > qr/Infection: (.+)|\s+contains\s+(.+)$/ ],
2467 >
2468 > ### http://www.trendmicro.com/ - backs up Trophie
2469 > ['Trend Micro FileScanner', ['/etc/iscan/vscan','vscan'],
2470 > '-za -a {}', [0], qr/Found virus/, qr/Found virus (.+) in/ ],
2471 >
2472 > ### http://www.sald.com/, http://drweb.imshop.de/ - backs up DrWebD
2473 > ['drweb - DrWeb Antivirus',
2474 > ['/usr/local/drweb/drweb', '/opt/drweb/drweb', 'drweb'],
2475 > '-path={} -al -go -ot -cn -upn -ok-',
2476 > [0,32], [1,9,33], qr' infected (?:with|by)(?: virus)? (.*)$'],
2477 >
2478 > ['KasperskyLab kavscanner', ['/opt/kav/bin/kavscanner','kavscanner'],
2479 > '-i1 -xp {}', [0,10,15], [5,20,21,25],
2480 > qr/(?:CURED|INFECTED|CUREFAILED|WARNING|SUSPICION) (.*)/ ,
2481 > sub {chdir('/opt/kav/bin') or die "Can't chdir to kav: $!"},
2482 > sub {chdir($TEMPBASE) or die "Can't chdir back to $TEMPBASE $!"},
2483 > ],
2484 >
2485 > # Commented out because the name 'sweep' clashes with Debian and FreeBSD
2486 > # package/port of an audio editor. Make sure the correct 'sweep' is found
2487 > # in the path when enabling.
2488 > #
2489 > # ### http://www.sophos.com/ - backs up Sophie or SAVI-Perl
2490 > # ['Sophos Anti Virus (sweep)', 'sweep',
2491 > # '-nb -f -all -rec -ss -sc -archive -cab -tnef --no-reset-atime {}',
2492 > # [0,2], qr/Virus .*? found/,
2493 > # qr/^>>> Virus(?: fragment)? '?(.*?)'? found/,
2494 > # ],
2495 > # # other options to consider: -mime -oe -idedir=/usr/local/sav
2496 >
2497 > # always succeeds (uncomment to consider mail clean if all other
2498 > scanners fail)
2499 > # ['always-clean', sub {0}],
2500 >
2501 > );
2502 >
2503 >
2504 > #
2505 > # Section VIII - Debugging
2506 > #
2507 >
2508 > # The most useful debugging tool is to run amavisd-new non-detached
2509 > # from a terminal window using command: # amavisd debug
2510 >
2511 > # Some more refined approaches:
2512 >
2513 > # If sender matches ACL, turn debugging fully up, just for this one message
2514 > #@debug_sender_maps = ( ["test-sender\@$mydomain"] );
2515 > #@debug_sender_maps = ( [qw( debug@×××××××.com debug@×××××××.net )] );
2516 >
2517 > # May be useful along with @debug_sender_maps:
2518 > # Prevent all decoded originals being deleted (replaced by decoded part)
2519 > #@keep_decoded_original_maps = (1);
2520 >
2521 > # Turn on SpamAssassin debugging (output to STDERR, use with 'amavisd
2522 > debug')
2523 > #$sa_debug = '1,all'; # defaults to false
2524 >
2525 >
2526 > #
2527 > # Section IX - Policy banks (dynamic policy switching)
2528 > #
2529 >
2530 > ## Define some policy banks (sets of settings) and give them
2531 > ## arbitrary names (the names '', 'MYNETS' and 'MYUSERS' have special
2532 > meaning):
2533 > #
2534 > # $policy_bank{'ALT'} = {
2535 > # log_level => 3,
2536 > # syslog_ident => 'alt-amavis',
2537 > # syslog_facility => 'LOCAL3',
2538 > # inet_acl => [qw( 10.0.1.14 )],
2539 > # final_spam_destiny => D_PASS, final_bad_header_destiny => D_PASS,
2540 > # forward_method => 'smtp:*:*',
2541 > # notify_method => 'smtp:[127.0.0.1]:10025',
2542 > # virus_admin_maps => "abuse\@$mydomain",
2543 > # spam_lovers_maps => [@spam_lovers_maps, [qw( abuse@×××××××.com )]],
2544 > # spam_tag_level_maps => 2.1,
2545 > # spam_tag2_level_maps => 6.32,
2546 > # spam_kill_level_maps => 6.72,
2547 > # spam_dsn_cutoff_level_maps => 8,
2548 > # defang_spam => 1,
2549 > # local_client_bind_address => '10.11.12.13',
2550 > # localhost_name => 'amavis.example.com',
2551 > # smtpd_greeting_banner =>
2552 > # '${helo-name} ${protocol} ${product} ${version-id}
2553 > (${version-date}) TEST service ready';
2554 > # auth_mech_avail => [qw(PLAIN LOGIN)],
2555 > # auth_required_inp => 1,
2556 > # auth_required_out => 1,
2557 > # amavis_auth_user => 'amavisd', amavis_auth_pass = 'tOpsecretX',
2558 > # av_scanners => [ # provide only 'free' scanners
2559 > # ['ClamAV-clamd',
2560 > # \&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd"],
2561 > # qr/\bOK$/, qr/\bFOUND$/,
2562 > # qr/^.*?: (?!Infected Archive)(.*) FOUND$/,
2563 > # ],
2564 > # ],
2565 > # av_scanners_backup => [
2566 > # ['ClamAV-clamscan', 'clamscan',
2567 > # "--stdout --disable-summary -r --tempdir=$TEMPBASE {}", [0], [1],
2568 > # qr/^.*?: (?!Infected Archive)(.*) FOUND$/,
2569 > # ],
2570 > # ],
2571 > # };
2572 >
2573 > # NOTE: the use of policy banks for changing protocol on the input
2574 > socket is
2575 > # only needed when different protocols need to be spoken on different
2576 > sockets
2577 > # at the same time. For normal use just set globally e.g.:
2578 > $protocol='AM.PDP';
2579 > #
2580 > #$policy_bank{'AM.PDP-SOCK'} = {
2581 > # protocol => 'AM.PDP', # Amavis policy delegation protocol
2582 > # auth_required_release => 0, # don't require secret_id for
2583 > amavisd-release
2584 > #};
2585 > #
2586 > #$policy_bank{'AM.PDP-INET'} = {
2587 > # protocol => 'AM.PDP', # Amavis policy delegation protocol
2588 > # inet_acl => [qw( 127.0.0.1 [::1] )], # restrict to these IP addresses
2589 > #};
2590 > #
2591 > ## the name 'MYNETS' has special semantics: this policy bank gets loaded
2592 > ## whenever MTA supplies the original SMTP client IP address (Postfix
2593 > XFORWARD
2594 > ## extension or a new AM.PDP protocol) and that address matches
2595 > @mynetworks.
2596 > #
2597 > # $terminate_dsn_on_notify_success = 1;
2598 > # $policy_bank{'MYNETS'} = { # mail originating from @mynetworks
2599 > # terminate_dsn_on_notify_success => 0,
2600 > # spam_kill_level_maps => 6.9,
2601 > # syslog_facility => 'LOCAL4', # tell syslog to log to a separate file
2602 > # spam_admin_maps => ["spamalert\@$mydomain"], # alert of internal spam
2603 > # bypass_spam_checks_maps => [1], # or: don't spam-check internal mail
2604 > # bypass_banned_checks_maps => [1], # don't banned-check internal mail
2605 > # warnbadhsender => 1, # warn local senders about their broken MUA
2606 > # banned_filename_maps => ['MYNETS-DEFAULT'], # more permissive
2607 > banning rules
2608 > # };
2609 >
2610 > ## the name 'MYUSERS' has special semantics: this policy bank gets loaded
2611 > ## whenever the sender matches @local_domains_maps. This only makes sense
2612 > ## if local sender addresses can be trusted -- for example by requiring
2613 > ## authentication before letting users send with their local address.
2614 > #
2615 > # $policy_bank{'MYUSERS'} = {
2616 > # final_virus_destiny => D_BOUNCE, # bounce only to authenticated
2617 > local users
2618 > # final_banned_destiny=> D_BOUNCE,
2619 > # };
2620 >
2621 >
2622 > ## Now we can assign policy banks to amavisd tcp port numbers listed in
2623 > ## $inet_socket_port. Whenever the connection from MTA is received, first
2624 > ## a built-in policy bank $policy_bank{''} gets loaded, which bringings-in
2625 > ## all the global/legacy settings, then it gets overlaid by the bank
2626 > ## named in the $interface_policy{$port} if any, and finally the bank
2627 > ## 'MYNETS' is overlaid if it exists and the SMTP client IP address
2628 > ## is known (by XFORWARD command from MTA) and it matches @mynetworks.
2629 >
2630 > # $interface_policy{'10026'} = 'ALT';
2631 >
2632 > # used by amavisd-release utility of a new AM.PDP-based amavis-milter
2633 > client
2634 > #$interface_policy{'9998'} = 'AM.PDP-INET';
2635 > #$interface_policy{'SOCK'} = 'AM.PDP-SOCK';
2636 >
2637 >
2638 > # Want to execute additional configuration files from some directory?
2639 > #
2640 > #{ my($d) = '/etc/amavis/conf.d'; # do *.cf or *.conf files in this
2641 > directory
2642 > # local(*D); opendir(D,$d) or die "Can't open dir $d: $!";
2643 > # my(@d) = sort grep {/\.(cf|conf)$/ && -f} map {/^(.*)$/,"$d/$1"}
2644 > readdir(D);
2645 > # closedir(D) or die "Can't close $d: $!";
2646 > # for my $f (@d) {
2647 > # printf("Reading config file %s\n", $f); $!=0;
2648 > # if (defined(do $f)) {}
2649 > # elsif ($@ ne '') { die "Error in $f: $@" }
2650 > # elsif ($! != 0) { die "Error reading $f: $!" }
2651 > # }
2652 > #}
2653 >
2654 > #-------------
2655 > 1; # insure a defined return
2656 --
2657 gentoo-server@g.o mailing list

Replies

Subject Author
Re: [gentoo-server] amavisd-new disaster Jonathan Nichols <jnichols@×××.net>
Report Message
Find on MARC Find on Google Groups