Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-server

From: Jonathan Nichols <jnichols@×××.net>
To: gentoo-server@l.g.o
Subject: [gentoo-server] amavisd-new disaster
Date: Fri, 03 Aug 2007 19:06:23
Message-Id: 46B37BAF.2050908@pbp.net
1 Hey everyone. I just today updated to amavisd-new 2.4.1 and am having a
2 problem that I cannot solve.
3
4 Here's my forum post about it:
5
6 http://forums.gentoo.org/viewtopic-p-4171870.html#4171870
7
8 If anybody has any ideas, let me know. It's listening properly but not
9 scanning anything at all.
10
11 Here's my entire amavisd.conf file if anyone has any ideas.
12
13
14
15 use strict;
16
17 # Sample configuration file for amavisd-new (traditional style, chatty,
18 # you may prefer to start with the more concise supplied amavisd.conf)
19 #
20 # See amavisd.conf-default for a list of all variables with their defaults;
21 # for more details see documentation in INSTALL, README_FILES/*
22 # and at http://www.ijs.si/software/amavisd/amavisd-new-docs.html
23
24 # This software is licensed under the GNU General Public License (GPL).
25 # See comments at the start of amavisd-new for the whole license text.
26
27 #Sections:
28 # Section I - Essential daemon and MTA settings
29 # Section II - MTA specific
30 # Section III - Logging
31 # Section IV - Notifications/DSN, bounce/reject/discard/pass, quarantine
32 # Section V - Per-recipient and per-sender handling, whitelisting, etc.
33 # Section VI - Resource limits
34 # Section VII - External programs, virus scanners, SpamAssassin
35 # Section VIII - Debugging
36 # Section IX - Policy banks (dynamic policy switching)
37
38 #GENERAL NOTES:
39 # This file is a normal Perl code, interpreted by Perl itself.
40 # - make sure this file (or directory where it resides) is NOT WRITABLE
41 # by mere mortals (not even vscan/amavis; best to make it owned by root),
42 # otherwise it can represent a severe security risk!
43 # - for values which are interpreted as booleans, it is recommended
44 # to use 1 for true, and 0 or undef or '' for false;
45 # Note that this interpretation of boolean values does not apply directly
46 # to LDAP and SQL lookups, which follow their own rules - see
47 README.lookups
48 # and README.ldap (in short: use Y/N in SQL, and TRUE/FALSE in LDAP);
49 # - Perl syntax applies. Most notably: strings in "" may include variables
50 # (which start with $ or @); to include characters $ and @ and \ in
51 double
52 # quoted strings precede them by a backslash; in single-quoted strings
53 # the $ and @ lose their special meaning, so it is usually easier to use
54 # single quoted strings (or qw operator) for e-mail addresses.
55 # In both types of quoting a backslash should to be doubled.
56 # - variables with names starting with a '@' are lists, the values assigned
57 # to them should be lists too, e.g. ('one@foo', $mydomain, "three");
58 # note the comma-separation and parenthesis. If strings in the list
59 # do not contain spaces nor variables, a Perl operator qw() may be used
60 # as a shorthand to split its argument on whitespace and produce a list
61 # of strings, e.g. qw( one@foo example.com three ); Note that the
62 argument
63 # to qw is quoted implicitly and no variable interpretation is done
64 within
65 # (no '$' variable evaluations). The #-initiated comments can NOT be used
66 # within a string. In other words, $ and # lose their special meaning
67 # within a qw argument, just like within '...' strings.
68 # - all e-mail addresses in this file and as used internally by the daemon
69 # are in their raw (rfc2821-unquoted and non-bracketed) form, i.e.
70 # Bob "Funny" Dude@×××××××.com, not: "Bob \"Funny\" Dude"@example.com
71 # and not <"Bob \"Funny\" Dude"@example.com>; also: '' and not '<>'.
72 # - the term 'default value' in examples below refers to the value of a
73 # variable pre-assigned to it by the program; any explicit assignment
74 # to a variable in this configuration file overrides the default value;
75
76
77 #
78 # Section I - Essential daemon and MTA settings
79 #
80
81 # $MYHOME serves as a quick default for some other configuration settings.
82 # More refined control is available with each individual setting further
83 down.
84 # $MYHOME is not used directly by the program. No trailing slash!
85 $MYHOME = '/var/run/amavis'; # (default is '/var/amavis')
86
87 # $mydomain serves as a quick default for some other configuration settings.
88 # More refined control is available with each individual setting further
89 down.
90 # $mydomain is never used directly by the program.
91 $mydomain = 'pbp.net'; # (no useful default)
92
93 # $myhostname = 'host.example.com'; # fqdn of this host, default by
94 uname(3)
95 $myhostname = 'mailgate.pbp.net';
96
97 # Set the user and group to which the daemon will change if started as root
98 # (otherwise just keeps the UID unchanged, and these settings have no
99 effect):
100 $daemon_user = 'amavis'; # (no default; customary: vscan or amavis)
101 $daemon_group = 'amavis'; # (no default; customary: vscan or amavis
102 or sweep)
103
104 # Runtime working directory (cwd), and a place where
105 # temporary directories for unpacking mail are created.
106 # (no trailing slash, may be a scratch file system)
107 #$TEMPBASE = $MYHOME; # (must be set if other config vars use is)
108 $TEMPBASE = "$MYHOME/tmp"; # prefer to keep home dir /var/amavis clean?
109
110 #$db_home = "$MYHOME/db"; # DB databases directory, default "$MYHOME/db"
111
112 # $helpers_home sets environment variable HOME, and is passed as option
113 # 'home_dir_for_helpers' to Mail::SpamAssassin::new. It should be a
114 directory
115 # on a normal persistent file system, not a scratch or temporary file system
116 #$helpers_home = $MYHOME; # (defaults to $MYHOME)
117
118 # Run the daemon in the specified chroot jail if nonempty:
119 #$daemon_chroot_dir = $MYHOME; # (default is undef, meaning: do not chroot)
120
121 $pid_file = "$MYHOME/amavisd.pid"; # (default is "$MYHOME/amavisd.pid")
122 #$lock_file = "$MYHOME/amavisd.lock"; # (default is "$MYHOME/amavisd.lock")
123
124 # set environment variables if you want (no defaults):
125 $ENV{TMPDIR} = $TEMPBASE; # wise to set TMPDIR, but not obligatory
126 #...
127
128 $enable_db = 1; # enable use of BerkeleyDB/libdb (SNMP and
129 nanny)
130 $enable_global_cache = 1; # enable use of libdb-based cache if
131 $enable_db=1
132
133 # MTA SETTINGS, UNCOMMENT AS APPROPRIATE,
134 # both $forward_method and $notify_method default to
135 'smtp:[127.0.0.1]:10025'
136
137 # POSTFIX, or SENDMAIL in dual-MTA setup, or EXIM V4
138 # (set host and port number as required; host can be specified
139 # as an IP address or a DNS name (A or CNAME, but MX is ignored)
140 #$forward_method = 'smtp:[127.0.0.1]:10025'; # where to forward checked
141 mail
142 #$notify_method = $forward_method; # where to submit
143 notifications
144
145 #$os_fingerprint_method = 'p0f:127.0.0.1:2345'; # query p0f-analyzer.pl
146
147 # To make it possible for several hosts to share one content checking
148 daemon,
149 # the IP address and/or the port number in $forward_method and
150 $notify_method
151 # may be spacified as an asterisk. An asterisk in the colon-separated
152 # second field (host) will be replaced by the SMTP client peer address,
153 # An asterisk in the third field (tcp port) will be replaced by the incoming
154 # SMTP/LMTP session port number plus one. This obsoletes the previously used
155 # less flexible configuration parameter $relayhost_is_client. An example:
156 # $forward_method = 'smtp:*:*'; $notify_method = 'smtp:*:10587';
157
158
159 # NOTE: The defaults (above) are good for Postfix or dual-sendmail. You MUST
160 # uncomment the appropriate settings below if using other setups!
161
162 # SENDMAIL MILTER, using amavis-milter.c helper program:
163 #$forward_method = undef; # no explicit forwarding, sendmail does it by
164 itself
165 # milter; option -odd is needed to avoid deadlocks
166 #$notify_method = 'pipe:flags=q argv=/usr/sbin/sendmail -Ac -i -odd -f
167 ${sender} -- ${recipient}';
168 # just a thought: can we use use -Am instead of -odd ?
169
170 # SENDMAIL (old non-milter setup, as relay, deprecated):
171 #$forward_method = 'pipe:flags=q argv=/usr/sbin/sendmail
172 -C/etc/sendmail.orig.cf -i -f ${sender} -- ${recipient}';
173 #$notify_method = $forward_method;
174
175 # SENDMAIL (old non-milter setup, amavis.c calls local delivery agent,
176 deprecated):
177 #$forward_method = undef; # no explicit forwarding, amavis.c will call LDA
178 #$notify_method = 'pipe:flags=q argv=/usr/sbin/sendmail -Ac -i -f
179 ${sender} -- ${recipient}';
180
181 # EXIM v3 (not recommended with v4 or later, which can use SMTP setup
182 instead):
183 #$forward_method = 'pipe:flags=q argv=/usr/sbin/exim -oMr scanned-ok -i
184 -f ${sender} -- ${recipient}';
185 #$notify_method = $forward_method;
186
187 # prefer to collect mail for forwarding as BSMTP files?
188 #$forward_method = "bsmtp:$MYHOME/out-%i-%n.bsmtp";
189 #$notify_method = $forward_method;
190
191
192 # Net::Server pre-forking settings
193 # The $max_servers should match the width of your MTA pipe
194 # feeding amavisd, e.g. with Postfix the 'Max procs' field in the
195 # master.cf file, like the '2' in the: smtp-amavis unix - - n - 2 smtp
196 #
197 $max_servers = 4; # number of pre-forked children (default 2)
198 $max_requests = 20; # retire a child after that many accepts (default 10)
199
200 $child_timeout=5*60; # abort child if it does not complete its
201 processing in
202 # approximately n seconds (default: 8*60 seconds)
203
204 $smtpd_timeout = 120; # disconnect session if client is idle for too long
205 # (default: 8*60 seconds); should be higher than a
206 # Postfix setting max_idle (default 100s)
207
208 # Here is a QUICK WAY to completely DISABLE some sections of code
209 # that WE DO NOT WANT (it won't even be compiled-in).
210 # For more refined controls leave the following two lines commented out,
211 # and see further down what these two lookup lists really mean.
212 #
213 # @bypass_virus_checks_maps = (1); # uncomment to DISABLE anti-virus code
214 # @bypass_spam_checks_maps = (1); # uncomment to DISABLE anti-spam code
215 #
216 # Any setting can be changed with a new assignment, so make sure
217 # you do not unintentionally override these settings further down!
218
219 # Check also the settings of @av_scanners at the end if you want to use
220 # virus scanners. If not, you may want to delete the whole long assignment
221 # to the variable @av_scanners and @av_scanners_backup, which will also
222 # remove the virus checking code (e.g. if you only want to do spam
223 scanning).
224
225
226 # Lookup list of local domains (see README.lookups for syntax details)
227 #
228 # @local_domains_maps list of lookup tables are used in deciding whether a
229 # recipient is local or not, or in other words, if the message is outgoing
230 # or not. This affects inserting spam-related headers for local recipients,
231 # limiting recipient virus notifications (if enabled) to local recipients,
232 # in deciding if address extension may be appended, and in SQL lookups
233 # for non-fqdn addresses. Set it up correctly if you need features
234 # that rely on this setting (or just leave empty otherwise).
235 #
236 # With Postfix (2.0) a quick hint on what local domains normally are:
237 # a union of domains specified in: mydestination, virtual_alias_domains,
238 # virtual_mailbox_domains, and relay_domains.
239
240 #@local_domains_maps = ( [".$mydomain"] ); # $mydomain and its subdomains
241 #@local_domains_maps = ( ["."] ); # everything is local
242 # @local_domains_maps = (); # default is empty list, no recip.
243 considered local
244 # @local_domains_maps = # using ACL lookup table
245 # ( [ ".$mydomain", 'sub.example.net', '.example.com' ] );
246 # @local_domains_maps = # similar, split list elements on whitespace
247 # ( [qw( .example.com !host.sub.example.net .sub.example.net )] );
248 # @local_domains_maps = ( new_RE( qr'[@.]example\.com$'i ) ); # using
249 regexp
250 # @local_domains_maps = ( read_hash("$MYHOME/local_domains") ); # using hash
251 #@local_domains_maps = ( read_hash("/etc/postfix/relay") ); # using hash
252
253
254 #or try..
255 #@local_domains_maps = ( ["."] ); # everything is local
256
257 #didn't work
258 #@local_domains_maps = ( '.' ); # everything is local
259
260 #didn't work
261 #@local_domains_maps = ( 1 );
262
263 #@local_domains_acl = qw();
264
265 # perhaps combined with Postfix: mydestination = /var/amavis/local_domains
266 # for debugging purposes: dump_hash($local_domains_maps[0]);
267 #
268 # Section II - MTA specific (defaults should be ok)
269 #
270
271 #$insert_received_line = 1; # behave like MTA: insert 'Received:'
272 header
273 # (does not apply to sendmail/milter)
274 # (default is true)
275
276 # AMAVIS-CLIENT PROTOCOL INPUT SETTINGS (e.g. with sendmail milter)
277 # (used with amavis helper clients like amavis-milter.c and amavis.c,
278 # NOT needed for Postfix or Exim or dual-sendmail - keep it undefined.
279 $unix_socketname = "$MYHOME/amavisd.sock"; # amavis helper protocol socket
280 #$unix_socketname = undef; # disable listening on a unix socket
281 # (default is undef, i.e. disabled)
282 # (usual setting is $MYHOME/amavisd.sock)
283
284 # SMTP SERVER (INPUT) PROTOCOL SETTINGS (e.g. with Postfix, Exim v4, ...)
285 # (used when MTA is configured to pass mail to amavisd via SMTP or LMTP)
286 $inet_socket_port = 10024; # accept SMTP on this local TCP port
287 # (default is undef, i.e. disabled)
288 # multiple ports may be provided: $inet_socket_port = [10024, 10026, 10028];
289
290 # SMTP SERVER (INPUT) access control
291 # - do not allow free access to the amavisd SMTP port !!!
292 #
293 # when MTA is at the same host, use the following (one or the other or
294 both):
295 #$inet_socket_bind = '127.0.0.1'; # limit socket bind to loopback interface
296 # (default is '127.0.0.1')
297 @inet_acl = qw(127.0.0.1 [::1]); # allow SMTP access only from localhost IP
298 # (default is qw(127.0.0.1 [::1]) )
299
300 # when MTA (one or more) is on a different host, use the following:
301 #@inet_acl = qw(127.0.0.0/8 [::1] 10.1.0.1 10.1.0.2); # adjust list as
302 needed
303 #$inet_socket_bind = undef; # bind to all IP interfaces if undef
304
305 #
306 # Example1:
307 # @inet_acl = qw( 127/8 10/8 172.16/12 192.168/16 );
308 # permit only SMTP access from loopback and rfc1918 private address space
309 #
310 # Example2:
311 # @inet_acl = qw( !192.168.1.12 172.16.3.3 !172.16.3/255.255.255.0
312 # 127.0.0.1 10/8 172.16/12 192.168/16 );
313 # matches loopback and rfc1918 private address space except host
314 192.168.1.12
315 # and net 172.16.3/24 (but host 172.16.3.3 within 172.16.3/24 still matches)
316 #
317 # Example3:
318 # @inet_acl = qw( 127/8
319 # !172.16.3.0 !172.16.3.127 172.16.3.0/25
320 # !172.16.3.128 !172.16.3.255 172.16.3.128/25 );
321 # matches loopback and both halves of the 172.16.3/24 C-class,
322 # split into two subnets, except all four broadcast addresses
323 # for these subnets
324
325
326 # @mynetworks is an IP access list which determines if the original SMTP
327 client
328 # IP address belongs to our internal networks, i.e. mail is coming from
329 inside.
330 # It is much like the Postfix parameter 'mynetworks' in semantics and
331 similar
332 # in syntax, and its value should normally match the Postfix counterpart.
333 # It only affects the value of a macro %l (=sender-is-local),
334 # and the loading of policy 'MYNETS' if present (see below).
335 # Note that '-o smtp_send_xforward_command=yes' (or its lmtp counterpart)
336 # must be enabled in the Postfix service that feeds amavisd, otherwise
337 # client IP address is not available to amavisd-new.
338 #
339 # @mynetworks = qw( 127.0.0.0/8 [::1] [FE80::]/10 [FEC0::]/10
340 # 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 ); # default
341 #
342 # A list of networks can also be read from a file, either as an IP acl in
343 # CIDR notation, one address per line (comments and empty lines are
344 allowed):
345 # @mynetworks_maps = (read_array('/etc/amavisd-mynetworks'),
346 \@mynetworks);
347 #
348 # or less flexibly (but provides faster lookups for large lists) by reading
349 # into a hash lookup table, which only allows for full addresses or classful
350 # IPv4 subnets with truncated octets, such as 127, 10, 192.168, 10.11.12.13,
351 # one address per line (comments and empty lines are allowed):
352 # @mynetworks_maps = (read_hash('/etc/amavisd-mynetworks'), \@mynetworks);
353
354 # See README.lookups for details on specifying access control lists.
355
356
357 #
358 # Section III - Logging
359 #
360
361 # true (e.g. 1) => syslog; false (e.g. 0) => logging to file
362 $DO_SYSLOG = 1; # (defaults to 0)
363
364 $syslog_ident = 'amavis'; # Syslog ident string (defaults to 'amavis')
365 $syslog_facility = 'mail'; # Syslog facility as a string
366 # e.g.: mail, daemon, user, local0, ... local7, ...
367 $syslog_priority = 'debug'; # Syslog base (minimal) priority as a string,
368 # choose from: emerg, alert, crit, err, warning, notice,
369 info, debug
370
371 # Log file (if not using syslog)
372 $LOGFILE = "$MYHOME/amavis.log"; # (defaults to empty, no log)
373
374 #NOTE: levels are not strictly observed and are somewhat arbitrary
375 # 0: startup/exit/failure messages, viruses detected
376 # 1: args passed from client, some more interesting messages
377 # 2: virus scanner output, timing
378 # 3: server, client
379 # 4: decompose parts
380 # 5: more debug details
381 $log_level = 2; # (defaults to 0)
382
383 # Customizable template for the most interesting log file entry (e.g. with
384 # $log_level=0) (take care to properly quote Perl special characters
385 like '\')
386 # For a list of available macros see README.customize .
387
388 # $log_templ = undef; # undef disables by-message level-0 log entries
389 $log_recip_templ = undef; # undef disables by-recipient level-0 log entries
390
391
392 # log both infected and noninfected messages (as deflt, with
393 size,subj,tests):
394 # (remove the leading '#' and a space in the following lines to activate)
395
396 # $log_templ = <<'EOD';
397 # [?%#D|#|Passed #
398 # [? [:ccat_maj] |OTHER|CLEAN|TEMPFAIL|OVERSIZED|BAD-HEADER|SPAMMY|SPAM|\
399 # UNCHECKED|BANNED (%F)|INFECTED (%V)]#
400 # #([:ccat_maj],[:ccat_min])#
401 # , [? %p ||%p ][?%a||[?%l||LOCAL ]\[%a\] ][?%e||\[%e\] ]%s -> [%D|,]#
402 # [? %q ||, quarantine: %q]#
403 # [? %Q ||, Queue-ID: %Q]#
404 # [? %m ||, Message-ID: %m]#
405 # [? %r ||, Resent-Message-ID: %r]#
406 # , mail_id: %i#
407 # , Hits: %c#
408 # , size: %z#
409 # [~[:remote_mta_smtp_response]|["^$"]||[", queued_as: "]]\
410 # [remote_mta_smtp_response|[~%x|["queued as
411 ([0-9A-Z]+)$"]|["%1"]|["%0"]]|/]#
412 # [? %j ||, Subject: "%j\"]#
413 # [? %#T ||, Tests: \[[%T|,]\]]#
414 # , %y ms#
415 # ]
416 # [?%#O|#|Blocked #
417 # [? [:ccat_maj] |OTHER|CLEAN|TEMPFAIL|OVERSIZED|BAD-HEADER|SPAMMY|SPAM|\
418 # UNCHECKED|BANNED (%F)|INFECTED (%V)]#
419 # #([:ccat_maj],[:ccat_min])#
420 # , [? %p ||%p ][?%a||[?%l||LOCAL ]\[%a\] ][?%e||\[%e\] ]%s -> [%O|,]#
421 # [? %q ||, quarantine: %q]#
422 # [? %Q ||, Queue-ID: %Q]#
423 # [? %m ||, Message-ID: %m]#
424 # [? %r ||, Resent-Message-ID: %r]#
425 # , mail_id: %i#
426 # , Hits: %c#
427 # , size: %z#
428 # #, smtp_resp: [:smtp_response]#
429 # [? %j ||, Subject: "%j\"]#
430 # [? %#T ||, Tests: \[[%T|,]\]]#
431 # , %y ms#
432 # ]
433 # EOD
434
435 #
436 # Section IV - Notifications/DSN, bounce/reject/discard/pass, quarantine
437 #
438
439 # Select notifications text encoding when Unicode-aware Perl is converting
440 # text from internal character representation to external encoding (charset
441 # in MIME terminology). Used as argument to Perl Encode::encode subroutine.
442 #
443 # to be used in RFC 2047-encoded header field bodies, e.g. in Subject:
444 #$hdr_encoding = 'iso-8859-1'; # MIME charset (default: 'iso-8859-1')
445 #$hdr_encoding_qb = 'Q'; # MIME encoding: quoted-printable (default)
446 #$hdr_encoding_qb = 'B'; # MIME encoding: base64
447 #
448 # to be used in notification body text: its encoding and
449 Content-type.charset
450 #$bdy_encoding = 'iso-8859-1'; # (default: 'iso-8859-1')
451
452 # Default template texts for notifications may be overruled by directly
453 # assigning new text to template variables, or by reading template text
454 # from files. A second argument may be specified in a call to read_text(),
455 # specifying character encoding layer to be used when reading from the
456 # external file, e.g. 'utf8', 'iso-8859-1', or often just $bdy_encoding.
457 # Text will be converted to internal character representation by Perl 5.8.0
458 # or later; second argument is ignored otherwise. See PerlIO::encoding,
459 # Encode::PerlIO and perluniintro man pages.
460 #
461 # $notify_sender_templ = read_text("$MYHOME/notify_sender.txt");
462 # $notify_virus_sender_templ= read_text("$MYHOME/notify_virus_sender.txt");
463 # $notify_virus_admin_templ = read_text("$MYHOME/notify_virus_admin.txt");
464 # $notify_virus_recips_templ= read_text("$MYHOME/notify_virus_recips.txt");
465 # $notify_spam_sender_templ = read_text("$MYHOME/notify_spam_sender.txt");
466 # $notify_spam_admin_templ = read_text("$MYHOME/notify_spam_admin.txt");
467
468 # If notification template files are collectively available in some
469 directory,
470 # one may call read_l10n_templates which invokes read_text for each known
471 # template. This is primarily a Debian-specific feature, but was
472 incorporated
473 # into base code to facilitate porting.
474 #
475 # read_l10n_templates('/etc/amavis/en_US');
476 #
477 # If read_l10n_templates is called, a localization template directory must
478 # contain the following files:
479 # charset this file should contain a one-line name
480 # of the character set used in the template
481 # files (e.g. utf8, iso-8859-2, ...) and is
482 # passed as the second argument to
483 read_text;
484 # template-dsn.txt content fills the $notify_sender_templ
485 # template-virus-sender.txt content fills the
486 $notify_virus_sender_templ
487 # template-virus-admin.txt content fills the
488 $notify_virus_admin_templ
489 # template-virus-recipient.txt content fills the
490 $notify_virus_recips_templ
491 # template-spam-sender.txt content fills the
492 $notify_spam_sender_templ
493 # template-spam-admin.txt content fills the $notify_spam_admin_templ
494
495 # Here is an overall picture (sequence of events) of how pieces fit together
496 #
497 # bypass_virus_checks set for all recipients? ==> PASS
498 # no viruses? ==> PASS
499 # log virus if $log_templ is nonempty
500 # quarantine if $virus_quarantine_to is nonempty
501 # notify admin if $virus_admin (lookup) nonempty
502 # notify recips if $warnvirusrecip and (recipient is local or
503 $warn_offsite)
504 # add address extensions for local recipients (when enabled)
505 # send (non-)delivery notifications
506 # to sender if DSN needed (BOUNCE or ($warnvirussender and D_PASS))
507 # virus_lovers or final_destiny==D_PASS ==> PASS
508 # DISCARD (2xx) or REJECT (5xx) (depending on final_*_destiny)
509 #
510 # Equivalent flow diagram applies for spam checks.
511 # If a virus is detected, spam checking is skipped entirely.
512
513 # The following symbolic constants can be used in *_destiny settings:
514 #
515 # D_PASS mail will pass to recipients, regardless of bad contents;
516 #
517 # D_DISCARD mail will not be delivered to its recipients, sender will
518 NOT be
519 # notified. Effectively we lose mail (but will be quarantined
520 # unless disabled). Losing mail is not decent for a mailer,
521 # but might be desired.
522 #
523 # D_BOUNCE mail will not be delivered to its recipients, a non-delivery
524 # notification (bounce) will be sent to the sender by
525 amavisd-new;
526 # Exception: bounce (DSN) will not be sent if a virus name
527 matches
528 # @viruses_that_fake_sender_maps, or to messages from mailing
529 lists
530 # (Precedence: bulk|list|junk), or for spam level that exceeds
531 # the $sa_dsn_cutoff_level.
532 #
533 # D_REJECT mail will not be delivered to its recipients, sender should
534 # preferably get a reject, e.g. SMTP permanent reject response
535 # (e.g. with milter), or non-delivery notification from MTA
536 # (e.g. Postfix). If this is not possible (e.g. different
537 recipients
538 # have different tolerances to bad mail contents and not
539 using LMTP)
540 # amavisd-new sends a bounce by itself (same as D_BOUNCE).
541 # Not to be used with Postfix or dual-MTA setups!
542 #
543 # Notes:
544 # D_REJECT and D_BOUNCE are similar, the difference is in who is
545 responsible
546 # for informing the sender about non-delivery, and how
547 informative
548 # the notification can be (amavisd-new knows more than MTA);
549 # With D_REJECT, MTA may reject original SMTP, or send DSN (delivery
550 status
551 # notification, colloquially called 'bounce') - depending on MTA;
552 # Best suited for sendmail milter and Courier, especially for
553 spam.
554 # With D_BOUNCE, amavisd-new (not MTA) sends DSN (can better explain the
555 # reason for mail non-delivery or even suppress DSN, but unable
556 # to reject the original SMTP session). Best suited to reporting
557 # viruses, and for Postfix and other dual-MTA setups, which can't
558 # reject original client SMTP session, as the mail has already
559 # been enqueued.
560
561 # Alternatives to consider for spam:
562 # - use D_PASS if clients will do filtering based on inserted
563 # mail headers or added address extensions ('plus-addressing')2;
564 # - use D_DISCARD, if kill_level is set comfortably high;
565 #
566 # D_BOUNCE is preferred for viruses, but consider:
567 # - use D_PASS (or virus_lovers) to deliver viruses;
568 # - use D_REJECT instead of D_BOUNCE if using Courier or milter and
569 under heavy
570 # virus storm;
571
572
573 # The use of new *_by_ccat hashes is illustrated by the following examples
574 # on configuring final_*_destiny.
575
576
577 # using traditional settings of $final_*_destiny variables, relying on a
578 # default setting of an associative array %final_destiny_by_ccat which is
579 # backwards compatible and contains references to these traditional
580 variables:
581 #
582 #$final_virus_destiny = D_DISCARD; # (defaults to D_DISCARD)
583 #$final_banned_destiny = D_BOUNCE; # (defaults to D_BOUNCE)
584 #$final_spam_destiny = D_BOUNCE; # (defaults to D_BOUNCE)
585 #$final_bad_header_destiny = D_PASS; # (defaults to D_PASS)
586
587 ########
588 #
589 # Please think about what you are doing when you set these options.
590 # If necessary, question your origanization's e-mail policies:
591 #
592 # D_BOUNCE contributes to the overall spread of virii and spam on the
593 # internet. Both the envelope and header from addresses can be forged
594 # accurately with no effort, causing the bounces to go to innocent parties,
595 # whose addresses have been forged.
596 #
597 # D_DISCARD breaks internet mail specifications. However, with a
598 # properly implemented Quaratine system, the concern for breaking the
599 # specification is addressed to some extent.
600 #
601 # D_PASS is the safest way to handle e-mails. You must implement
602 # client-side filtering to handle this method.
603 #
604 # -Cory Visi <merlin@g.o> 07/28/04
605 #
606 #######
607
608
609
610 # to explicitly list all (or most) possible contents category (ccat) keys:
611 %final_destiny_by_ccat = (
612 CC_VIRUS, D_DISCARD,
613 CC_BANNED, D_BOUNCE,
614 CC_UNCHECKED, D_PASS,
615 CC_SPAM, D_DISCARD,
616 CC_BADH, D_PASS,
617 CC_OVERSIZED, D_BOUNCE,
618 CC_CLEAN, D_PASS,
619 CC_CATCHALL, D_PASS,
620 );
621
622 # to rely on a catchall ccat key and only list exceptions (alternative 1):
623 #%final_destiny_by_ccat = (
624 # CC_VIRUS, D_DISCARD,
625 # CC_BANNED, D_BOUNCE,
626 # CC_SPAM, D_BOUNCE,
627 # CC_BADH.',4', D_BOUNCE, # BadHdrSpace
628 # CC_BADH.',3', D_BOUNCE, # BadHdrChar
629 # CC_OVERSIZED, D_BOUNCE,
630 # CC_CATCHALL, D_PASS,
631 #);
632
633 # to rely on a catchall ccat key and list exceptions (alternative 2):
634 #%final_destiny_by_ccat = (
635 # CC_VIRUS, D_DISCARD,
636 # CC_UNCHECKED, D_PASS,
637 # CC_BADH.',6', D_PASS, # BadHdrSyntax
638 # CC_BADH.',5', D_PASS, # BadHdrLong
639 # CC_BADH.',2', D_PASS, # BadHdr8bit
640 # CC_BADH.',1', D_PASS, # BadHdrMime
641 # CC_CLEAN, D_PASS,
642 # CC_CATCHALL, D_BOUNCE,
643 #);
644
645 # to rely on a catchall ccat key and list exceptions (alternative 3):
646 #%final_destiny_by_ccat = (
647 # CC_VIRUS, D_DISCARD,
648 # CC_UNCHECKED, D_PASS,
649 # CC_BADH.',4', D_BOUNCE, # BadHdrSpace
650 # CC_BADH.',3', D_BOUNCE, # BadHdrChar
651 # CC_BADH, D_PASS, # sub-catchall for CC_BADH
652 # CC_CLEAN, D_PASS,
653 # CC_CATCHALL, D_BOUNCE,
654 #);
655
656 # to rely on a default %final_destiny_by_ccat and only change few settings:
657 #$final_destiny_by_ccat{CC_SPAM} = D_PASS;
658 #$final_destiny_by_ccat{CC_BADH} = D_BOUNCE;
659 #$final_destiny_by_ccat{CC_BADH.',2'} = D_PASS; # BadHdr8bit
660
661
662
663 # For monitoring / testing purposes let the administrator receive a copy
664 # of certain delivery status notifications that are mailed back to senders:
665 #
666 #%dsn_bcc_by_ccat = (
667 # CC_BANNED, undef,
668 # CC_SPAM, undef,
669 # CC_BADH, undef,
670 # CC_CATCHALL, 'admin+test@×××××××.com',
671 #);
672 #
673 # or use a simpler form, taking advantage of defaults in %dsn_bcc_by_ccat:
674 #$dsn_bcc = 'admin+test@×××××××.com';
675
676
677 # The following $warn*sender settings are ONLY used when mail is
678 # actually passed to recipients ($final_*_destiny=D_PASS, or *_lovers*).
679 # Bounces or rejects produce non-delivery status notification regardless.
680 #
681 # Notify sender of banned files?
682 #$warnbannedsender = 1; # (defaults to false (undef))
683 #
684 # Notify sender of syntactically invalid header containing non-ASCII chars?
685 #$warnbadhsender = 1; # (defaults to false (undef))
686
687 # Notify virus (or banned files or bad headers) RECIPIENT?
688 # (not very useful, but some policies demand it)
689 #$warnvirusrecip = 1; # (defaults to false (undef))
690 #$warnbannedrecip = 1; # (defaults to false (undef))
691 #$warnbadhrecip = 1; # (defaults to false (undef))
692
693 # Notify also non-local virus/banned recipients if $warn*recip is true?
694 # (including those not matching local_domains*)
695 #$warn_offsite = 1; # (defaults to false (undef), i.e. only notify locals)
696
697
698 # Treat envelope sender address as unreliable and don't send sender
699 # notification / bounces if name(s) of detected virus(es) match the list.
700 # Note that virus names are supplied by external virus scanner(s) and are
701 # not standardized, so virus names may need to be adjusted.
702 # See README.lookups for syntax, check also README.policy-on-notifications.
703 # If the intention is to treat all viruses as faking the sender address, it
704 # is equivalent but more efficient to just set
705 $final_virus_destiny=D_DISCARD;
706 #
707 @viruses_that_fake_sender_maps = (new_RE(
708 qr'nimda|hybris|klez|bugbear|yaha|braid|sobig|fizzer|palyh|peido|holar'i,
709 qr'tanatos|lentin|bridex|mimail|trojan\.dropper|dumaru|parite|spaces'i,
710 qr'dloader|galil|gibe|swen|netwatch|bics|sbrowse|sober|rox|val(hal)?la'i,
711
712 qr'frethem|sircam|be?agle|tanx|mydoom|novarg|shimg|netsky|somefool|moodown'i,
713 qr'@mm|@MM', # mass mailing viruses as labeled by f-prot and uvscan
714 qr'Worm'i, # worms as labeled by ClamAV, Kaspersky, etc
715 # [qr'^(EICAR|Joke\.|Junk\.)'i => 0],
716 # [qr'^(WM97|OF97|W95/CIH-|JS/Fort)'i => 0],
717 [qr/^/ => 1], # true by default (remove or comment-out if undesired)
718 ));
719
720 # where to send ADMIN VIRUS NOTIFICATIONS (should be a fully qualified
721 address)
722 # - the administrator envelope address may be a simple fixed e-mail address
723 # (a scalar), or may depend on the RECIPIENT address (e.g. its domain).
724 #
725 # Empty or undef lookup disables virus admin notifications.
726
727 # The full set of configurable administrator addresses is:
728 # @virus_admin_maps ... notifications to admin about viruses
729 # @newvirus_admin_maps ... newly encountered viruses since amavisd startup
730 # @spam_admin_maps ... notifications to admin about spam
731 # @banned_admin_maps ... notifications to admin about banned contents
732 # @bad_header_admin_maps ... notifications to admin about bad headers
733
734 $virus_admin = "virusalert\@$mydomain";
735 # $virus_admin = 'virus-admin@×××××××.com';
736 # $virus_admin = undef; # do not send virus admin notifications (default)
737 #
738 #@virus_admin_maps = ( # by-recipient maps
739 # {'not.example.com' => '',
740 # '.' => 'virusalert@×××××××.com'},
741 # $virus_admin, # the usual default
742 #);
743
744 # equivalent to $virus_admin, but for spam admin notifications:
745 # $spam_admin = "spamalert\@$mydomain";
746 # $spam_admin = undef; # do not send spam admin notifications (default)
747 #@spam_admin_maps = ( # by-recipient maps
748 # {'not.example.com' => '',
749 # '.' => 'spamalert@×××××××.com'},
750 # $spam_admin, # the usual default
751 #);
752
753 # receive a copy of all delivery status notifications sent;
754 # useful for testing or monitoring
755 #$dsn_bcc = "mailadmin\@$mydomain";
756
757 #advanced example, using a hash lookup table and a scalar default,
758 #lookup key is a recipient envelope address:
759 #@virus_admin_maps = ( # by-recipient maps
760 # { 'baduser@××××××××××××.com' => 'HisBoss@××××××××××××.com',
761 # '.sub1.example.com' => 'virusalert@××××××××××××.com',
762 # '.sub2.example.com' => '', # don't send admin
763 notifications
764 # 'a.sub3.example.com' => 'abuse@××××××××××××.com',
765 # '.sub3.example.com' => 'virusalert@××××××××××××.com',
766 # '.example.com' => 'noc@×××××××.com', # default for our virus
767 senders
768 # },
769 # 'virusalert@××××××××××.com', # catchall for the rest
770 #);
771
772 # sender envelope address, from which notification reports are sent from;
773 # may be a null reverse path, or a fully qualified address:
774 # (admin and recip sender addresses default to a null return path).
775 # If using strings in double quotes, don't forget to quote @, i.e. \@
776 #
777 $mailfrom_notify_admin = "virusalert\@$mydomain";
778 $mailfrom_notify_recip = "virusalert\@$mydomain";
779 $mailfrom_notify_spamadmin = "spam.police\@$mydomain";
780
781 # 'From' HEADER FIELD for sender and admin notifications.
782 # This should be a replyable address, see rfc1894. Not to be confused
783 # with $mailfrom_notify_sender, which is the envelope return address
784 # and can be empty (null reverse path) according to rfc2821.
785 #
786 # The syntax of the 'From' header field is specified in rfc2822, section
787 # '3.4. Address Specification'. Note in particular that display-name must be
788 # a quoted-string if it contains any special characters like spaces and
789 dots.
790 #
791 # $hdrfrom_notify_sender = "amavisd-new <postmaster\@$mydomain>";
792 # $hdrfrom_notify_sender = 'amavisd-new <postmaster@×××××××.com>';
793 # $hdrfrom_notify_sender = '"Content-Filter Master"
794 <postmaster@×××××××.com>';
795 # $hdrfrom_notify_admin = $mailfrom_notify_admin;
796 # $hdrfrom_notify_spamadmin = $mailfrom_notify_spamadmin;
797 # (default: "\"Content-filter at $myhostname\" <postmaster\@$myhostname>")
798
799 # whom quarantined messages appear to be sent from (envelope sender);
800 # keeps original sender if undef, or set it explicitly, default is undef
801 $mailfrom_to_quarantine = ''; # override sender address with null
802 return path
803
804
805 # Location to put infected mail into: (applies to 'local:' quarantine
806 method)
807 # empty for not quarantining, may be a file (Unix-style mailbox),
808 # or a directory (no trailing slash)
809 # (the default value is undef, meaning no quarantine)
810 #
811 $QUARANTINEDIR = "$MYHOME/quarantine";
812
813 #$quarantine_subdir_levels = 1; # add level of subdirs to disperse
814 quarantine
815
816 #$clean_quarantine_method = 'local:clean-%m'; # disabled by
817 default
818 #$virus_quarantine_method = 'local:virus-%m'; # default
819 #$spam_quarantine_method = 'local:spam-%m.gz'; # default
820 #$banned_files_quarantine_method = 'local:banned-%m'; # default
821 #$bad_header_quarantine_method = 'local:badh-%m'; # default
822
823 # Separate quarantine subdirectories virus, spam, banned and badh within
824 # the directory $QUARANTINEDIR may be specified by the following settings
825 # (the subdirectories need to exist - must be created manually):
826 #$clean_quarantine_method = 'local:clean/%m';
827 #$virus_quarantine_method = 'local:virus/%m';
828 #$spam_quarantine_method = 'local:spam/%m.gz';
829 #$banned_files_quarantine_method = 'local:banned/%m';
830 #$bad_header_quarantine_method = 'local:badh/%m';
831 #
832 #use the 'bsmtp:' method as an alternative to the default 'local:'
833 #$virus_quarantine_method = "bsmtp:$QUARANTINEDIR/virus-%m.bsmtp";
834 #$spam_quarantine_method = "bsmtp:$QUARANTINEDIR/spam-%m.bsmtp";
835 #
836 #using the 'pipe:' method might be useful for some special purpose:
837 #$mailfrom_to_quarantine = undef; # pass on the original sender address
838 #$spam_quarantine_method = 'pipe:argv=/usr/bin/myscript.sh spam-%b
839 ${sender}';
840 #
841 #using the 'sql:' method to store quarantined message to a SQL database:
842 #$virus_quarantine_method = $spam_quarantine_method =
843 # $banned_files_quarantine_method = $bad_header_quarantine_method = 'sql:';
844
845
846 # When using the 'local:' quarantine method (default), the following
847 applies:
848 #
849 # A finer control of quarantining is available through
850 # variables $virus_quarantine_method/$spam_quarantine_method/
851 # $banned_files_quarantine_method/$bad_header_quarantine_method.
852 #
853 # The value of scalar $virus_quarantine_to/$spam_quarantine_to (or a
854 # per-recipient lookup result from lookup tables @virus_quarantine_to_maps)
855 # is/are interpreted as follows:
856 #
857 # VARIANT 1:
858 # empty or undef disables quarantine;
859 #
860 # VARIANT 2:
861 # a string NOT containing an '@';
862 # amavisd will behave as a local delivery agent (LDA) and will quarantine
863 # viruses to local files according to hash %local_delivery_aliases (pseudo
864 # aliases map) - see subroutine mail_to_local_mailbox() for details.
865 # Some of the predefined aliases are 'virus-quarantine' and
866 'spam-quarantine'.
867 # Setting $virus_quarantine_to ($spam_quarantine_to) to this string will:
868 #
869 # * if $QUARANTINEDIR is a directory, each quarantined virus will go
870 # to a separate file in the $QUARANTINEDIR directory (traditional
871 # amavis style, similar to maildir mailbox format);
872 #
873 # * otherwise $QUARANTINEDIR is treated as a file name of a Unix-style
874 # mailbox. All quarantined messages will be appended to this file.
875 # Amavisd child process must obtain an exclusive lock on the file during
876 # delivery, so this may be less efficient than using individual files
877 # or forwarding to MTA, and it may not work across NFS or other non-local
878 # file systems (but may be handy for pickup of quarantined files via IMAP
879 # for example);
880 #
881 # VARIANT 3:
882 # any email address (must contain '@').
883 # The e-mail messages to be quarantined will be handed to MTA
884 # for delivery to the specified address. If a recipient address local to MTA
885 # is desired, you may leave the domain part empty, e.g. 'infected@', but the
886 # '@' character must nevertheless be included to distinguish it from
887 variant 2.
888 #
889 # This variant enables more refined delivery control made available by MTA
890 # (e.g. its aliases file, other local delivery agents, dealing with
891 # privileges and file locking when delivering to user's mailbox, nonlocal
892 # delivery and forwarding, fan-out lists). Make sure the
893 mail-to-be-quarantined
894 # will not be handed back to amavisd for checking, as this will cause a loop
895 # (hopefully broken at some stage)! If this can be assured, notifications
896 # will benefit too from not being unnecessarily virus-scanned.
897 #
898 # By default this is safe to do with Postfix and Exim v4 and dual-sendmail
899 # setup, but probably not safe with sendmail milter interface without
900 tricks.
901
902 # (default values are: virus-quarantine, banned-quarantine, spam-quarantine)
903
904 $virus_quarantine_to = 'virus-quarantine'; # traditional local
905 quarantine
906 #$virus_quarantine_to = 'infected@'; # forward to MTA for delivery
907 #$virus_quarantine_to = "virus-quarantine\@$mydomain"; # similar
908 #$virus_quarantine_to = 'virus-quarantine@×××××××.com'; # similar
909 #$virus_quarantine_to = undef; # no quarantine
910 #
911 # lookup key is envelope recipient address:
912 #@virus_quarantine_to_maps = ( # per-recip multiple quarantines
913 # new_RE( [qr'^user@example\.com$'i => 'infected@'],
914 # [qr'^(.*)@example\.com$'i => 'virus-${1}@example.com'],
915 # [qr'^(.*)(@[^@])?$'i => 'virus-${1}${2}'] ),
916 # $virus_quarantine_to, # the usual default
917 #);
918
919 # similar for banned names and bad headers and spam (set to undef to
920 disable)
921 $banned_quarantine_to = 'banned-quarantine'; # local quarantine
922 $bad_header_quarantine_to = 'bad-header-quarantine'; # local quarantine
923 $spam_quarantine_to = 'spam-quarantine'; # local quarantine
924
925 # or to a mailbox:
926 #$spam_quarantine_to = "spam-quarantine\@$mydomain";
927 #
928 #@spam_quarantine_to_maps = ( # per-recip multiple quarantines
929 # new_RE( [qr'^(.*)@example\.com$'i => 'spam-${1}@example.com'] ),
930 # $spam_quarantine_to, # the usual default
931 #);
932
933
934 # In addition to per-recip quarantine, a by-sender lookup is possible.
935 # It is similar to $spam_quarantine_to, but the lookup key is the
936 # envelope sender address:
937 #$spam_quarantine_bysender_to = undef; # dflt: no by-sender spam
938 quarantine
939
940
941 # Spam level beyond which quarantining is disabled (global value):
942 #$sa_quarantine_cutoff_level = 20; # dflt: undef, which disables this
943 feature
944
945 #@spam_quarantine_cutoff_level_maps = ( # per-recip. quarantine cutoff
946 levels
947 # { 'user1@×××××××.com' => 20.5,
948 # 'postmaster@×××××××.com' => 9999,
949 # '.example.com' => 25 },
950 # \$sa_quarantine_cutoff_level, # catchall default
951 #);
952
953
954 # Add X-Virus-Scanned header field to mail?
955 $X_HEADER_TAG = 'X-Virus-Scanned'; # (default: 'X-Virus-Scanned')
956
957 # Set to empty to add no header field # (dflt "$myproduct_name at
958 $mydomain")
959 # $X_HEADER_LINE = "$myproduct_name at $mydomain";
960 # $X_HEADER_LINE = "by $myproduct_name using ClamAV at $mydomain";
961 # $X_HEADER_LINE = "$myproduct_name $myversion_id ($myversion_date) at
962 $mydomain";
963
964 # a string to prepend to Subject (for local recipients only) if mail could
965 # not be decoded or checked entirely, e.g. due to password-protected
966 archives
967 $undecipherable_subject_tag = '***UNCHECKED*** '; # undef disables it
968
969 # MIME defanging wraps the entire original mail in a MIME container of type
970 # 'Content-type: multipart/mixed', where the first part is a text/plain with
971 # a short explanation, and the second part is a complete original mail,
972 # enclosed in a 'Content-type: message/rfc822' MIME part.
973 # Defanging is only done when enabled (selectively by malware type),
974 # and mail is considered malware (virus/spam/...), and the malware is
975 allowed
976 # to pass (*_lovers or *_destiny=D_PASS)
977 #
978 $defang_virus = 1; # default is false: don't modify mail body
979 $defang_banned = 1; # default is false: don't modify mail body
980 # $defang_bad_header = 1; # default is false: don't modify mail body
981 # $defang_undecipherable = 1; # default is false: don't modify mail body
982 # $defang_spam = 1; # default is false: don't modify mail body
983
984 $remove_existing_x_scanned_headers = 0; # leave existing X-Virus-Scanned
985 alone
986 #$remove_existing_x_scanned_headers= 1; # remove existing headers
987 # (defaults to false)
988 #$remove_existing_spam_headers = 0; # leave existing X-Spam* headers
989 alone
990 $remove_existing_spam_headers = 1; # remove existing spam headers if
991 # spam scanning is enabled (default)
992
993 # set $bypass_decode_parts to true if you only do spam scanning, or if you
994 # have a good virus scanner that can deal with compression and recursively
995 # unpacking archives by itself, and save amavisd the trouble.
996 # Disabling decoding also causes banned_files checking to only see
997 # MIME names and MIME content types, not the content classification types
998 # as provided by the file(1) utility.
999 # It is a double-edged sword, make sure you know what you are doing!
1000 #
1001 #$bypass_decode_parts = 1; # (defaults to false)
1002
1003 # don't trust this file type or corresponding unpacker for this file type,
1004 # keep both the original and the unpacked file for a virus checker to see
1005 # (lookup key is what file(1) utility returned):
1006 #
1007 @keep_decoded_original_maps = (new_RE(
1008 # qr'^MAIL$', # retain full original message for virus checking (can
1009 be slow)
1010 qr'^MAIL-UNDECIPHERABLE$', # retain full mail if it contains
1011 undecipherables
1012 qr'^(ASCII(?! cpio)|text|uuencoded|xxencoded|binhex)'i,
1013 # qr'^Zip archive data', # don't trust Archive::Zip
1014 ));
1015
1016
1017 # Checking for banned MIME types and names. If any mail part matches,
1018 # the whole mail is rejected. Object $banned_filename_re provides a list
1019 # of Perl regular expressions to be matched against each part's:
1020 #
1021 # * Content-Type value (both declared and effective mime-type),
1022 # such as the possible security-risk content types
1023 # 'message/partial' and 'message/external-body', as specified in rfc2046
1024 # or 'application/x-msdownload' and 'application/x-msdos-program';
1025 #
1026 # * declared (recommended) file names as specified by MIME subfields
1027 # Content-Disposition.filename and Content-Type.name, both in their
1028 # raw (encoded) form and in rfc2047-decoded form if applicable
1029 # as well as (recommended) file names specified in archives;
1030 #
1031 # * file content type as guessed by 'file(1)' utility, mapped
1032 # (by @map_full_type_to_short_type_maps) into short type names such as
1033 # .asc, .txt, .html, .doc, .jpg, .pdf, .zip, .exe-ms, ..., which always
1034 # starts with a dot. These short types are available unless
1035 # $bypass_decode_parts is true.
1036 #
1037 # All nodes (mail parts) of the fully recursively decoded mail and embedded
1038 # archives are checked, each node independently from remaining nodes.
1039 #
1040 # For each node all its ancestor nodes including itself are checked against
1041 # $banned_filename_re lookup list, top-down. The search for a node stops
1042 # at the first match, the right-hand side of the matching key determines
1043 # the result (true or false, absent right-hand side implies true, as
1044 explained
1045 # in README.lookups).
1046 #
1047 # Although repeatedly re-checking ancestor nodes may seem excessive, it
1048 gives
1049 # the opportunity to specify rules which make a particular node hide its
1050 # descendents, e.g. allow any name or file type within a .zip, even though
1051 # .exe files may otherwise not be allowed.
1052 #
1053 # Leave $banned_filename_re undefined to disable these checks
1054 # (giving an empty list to new_RE() will also always return false)
1055
1056 $banned_filename_re = new_RE(
1057 # qr'^UNDECIPHERABLE$', # is or contains any undecipherable components
1058
1059 # block certain double extensions anywhere in the base name
1060 qr'\.[^./]*[A-Za-z][^./]*\.(exe|vbs|pif|scr|bat|cmd|com|cpl|dll)\.?$'i,
1061
1062 # qr'\{[0-9a-z]{4,}(-[0-9a-z]{4,}){0,7}\}?'i, # Class ID extensions - CLSID
1063
1064 qr'^application/x-msdownload$'i, # block these MIME
1065 types
1066 qr'^application/x-msdos-program$'i,
1067 qr'^application/hta$'i,
1068
1069 # qr'^(application/x-msmetafile|image/x-wmf)$'i, # Windows Metafile MIME
1070 # qr'^\.wmf$', # Windows Metafile file(1) type
1071
1072 # qr'^message/partial$'i, # rfc2046 MIME type
1073
1074 # qr'^message/external-body$'i, # rfc2046 MIME type
1075 # (btw, note that allowing 'message/external-body' is probably no worse
1076 # than allowing mail with HTML and/or allowing a user to browse the web)
1077
1078 # [ qr'^\.(Z|gz|bz2)$' => 0 ], # allow any in Unix-compressed
1079 [ qr'^\.(rpm|cpio|tar)$' => 0 ], # allow any in Unix-type archives
1080 # [ qr'^\.(zip|rar|arc|arj|zoo)$'=> 0 ], # allow any within such archives
1081
1082 qr'.\.(exe|vbs|pif|scr|bat|cmd|com|cpl)$'i, # banned extension - basic
1083 # qr'.\.(ade|adp|app|bas|bat|chm|cmd|com|cpl|crt|emf|exe|fxp|grp|hlp|hta|
1084 # inf|ins|isp|js|jse|lnk|mda|mdb|mde|mdw|mdt|mdz|msc|msi|msp|mst|
1085 # ops|pcd|pif|prg|reg|scr|sct|shb|shs|vb|vbe|vbs|
1086 # wmf|wsc|wsf|wsh)$'ix, # banned ext - long
1087
1088 # qr'.\.(mim|b64|bhx|hqx|xxe|uu|uue)$'i, # banned extension - WinZip
1089 vulnerab.
1090
1091 qr'^\.(exe-ms)$', # banned file(1) types
1092 # qr'^\.(exe|lha|tnef|cab|dll)$', # banned file(1) types
1093 );
1094 # See http://support.microsoft.com/default.aspx?scid=kb;EN-US;q262631
1095 # and http://www.cknow.com/vtutor/vtextensions.htm
1096
1097 # A little trick: a pattern qr'\.exe$' matches both a short type name
1098 '.exe',
1099 # as well as any file name which happens to end with .exe. If only matching
1100 # a file name is desired, but not the short type, a pattern qr'.\.exe$'i
1101 # or similar may be used, which requires that at least one character
1102 precedes
1103 # the '.exe', and so it will never match short file types which always start
1104 # with a dot.
1105
1106
1107 # the syntax of these Perl regular expressions is a bit awkward if not
1108 # familiar with them, so please do follow examples and stick to the idioms:
1109 # \A ... at the beginning of the first component
1110 # \z ... at the end of the the last (leaf) component
1111 # ^ ... at the beginning of each component in the path
1112 # $ ... at the end of each component in the path
1113 # (.*\t)? ... at the beginning of a field
1114 # (\t.*)? ... at the end of a field
1115 # \t(.*\t)* ... separating fields
1116 # [^\t\n] ... any single character, but don't escape from this field
1117 # (.*\n)+ ... one or more levels down
1118 # (?#...) ... a comment within a regexp
1119
1120 # new-style of banned lookup table
1121 $banned_namepath_re = new_RE(
1122
1123 # block these MIME types
1124 qr'(?#NO X-MSDOWNLOAD) ^(.*\t)? M=application/x-msdownload
1125 (\t.*)? $'xmi,
1126 qr'(?#NO X-MSDOS-PROGRAM)^(.*\t)?
1127 M=application/x-msdos-program(\t.*)? $'xmi,
1128 qr'(?#NO HTA) ^(.*\t)? M=application/hta
1129 (\t.*)? $'xmi,
1130
1131 # # block rfc2046 MIME types
1132 # qr'(?# BLOCK RFC2046 ) ^ (.*\t)? M=message/partial (\t.*)? $'xmi,
1133 # qr'(?# BLOCK RFC2046 ) ^ (.*\t)? M=message/external-body (\t.*)? $'xmi,
1134
1135 # qr'(?#No Metafile MIME) ^(.*\t)? M=application/x-msmetafile (\t.*)? $'xmi,
1136 # qr'(?#No Metafile MIME) ^(.*\t)? M=image/x-wmf (\t.*)? $'xmi,
1137 # qr'(?#No Metafile file) ^(.*\t)? T=wmf (\t.*)? $'xm,
1138
1139 # # within traditional Unix compressions allow any name and type
1140 # [ qr'(?#rule-3) ^ (.*\t)? T=(Z|gz|bz2) (\t.*)? $'xmi => 0 ], # allow
1141
1142 # within traditional Unix archives allow any name and type
1143 [ qr'(?#rule-4) ^ (.*\t)? T=(tar|rpm|cpio) (\t.*)? $'xmi => 0 ], # allow
1144
1145 # # block anything within a zip
1146 # qr'(?#rule-5) ^ (.*\t)? T=zip (\t.*)? (.*\n)+ .* $'xmi,
1147
1148 # block certain double extensions in filenames
1149 qr'(?# BLOCK DOUBLE-EXTENSIONS )
1150 ^ (.*\t)? N= [^\t\n]* \. [^./\t\n]* [A-Za-z] [^./\t\n]* \.
1151 (exe|vbs|pif|scr|bat|cmd|com|cpl|dll) \.? (\t.*)? $'xmi,
1152
1153 # # block Class ID (CLSID) extensions in filenames
1154 # qr'(?# BLOCK CLSID-EXTENSIONS )
1155 # ^ (.*\t)? N= [^\t\n]* \{[0-9a-z]{4,}(-[0-9a-z]{4,}){0,7}\}?
1156 [^\t\n]* (\t.*)? $'xmi,
1157
1158 # # banned declared names with three or more consecutive spaces
1159 # qr'(?# BLOCK NAMES WITH SPACES )
1160 # ^ (.*\t)? N= [^\t\n]* [ ]{3,} 'xmi,
1161
1162 # # within PC archives allow any types or names at any depth
1163 # [ qr'(?#rule-7) ^ (.*\t)? T=(zip|rar|arc|arj|zoo) (\t.*)? $'xmi => 0
1164 ], # ok
1165
1166 # # within certain archives allow leaf members at any depth if crypted
1167 # [ qr'(?# ALLOW ENCRYPTED )
1168 # ^ (.*\t)? T=(zip|rar|arj) (.*\n)+ (.*\t)? A=C (\t.*)? \z'xmi => 0 ],
1169
1170 # # allow crypted leaf members regardless of their name or type
1171 # [ qr'(?# ALLOW IF ENCRYPTED ) ^ (.*\t)? A=C (\t.*)? \z'xmi => 0 ],
1172
1173 # # block if any component can not be decoded (is encrypted or bad archive)
1174 # qr'(?# BLOCK IF UNDECIPHERABLE ) ^ (.*\t)? A=U (\t.*)? \z'xmi,
1175
1176 # [ qr'(?# SPECIAL ALLOWANCES - MAGIC NAMES)
1177 # \A (.*\t)? T=(rpm|cpio|tar|zip|rar|arc|arj|zoo|Z|gz|bz2)
1178 # \t(.*\t)* N=example\d+[^\t\n]*
1179 # (\t.*)? $'xmi => 0 ],
1180
1181 # banned filename extensions (in declared names) anywhere - basic
1182 qr'(?# BLOCK COMMON NAME EXENSIONS )
1183 ^ (.*\t)? N= [^\t\n]* \. (exe|vbs|pif|scr|bat|com|cpl) (\t.*)? $'xmi,
1184
1185 # # banned filename extensions (in declared names) anywhere - long
1186 # qr'(?# BLOCK MORE NAME EXTENSIONS )
1187 # ^ (.*\t)? N= [^\t\n]* \. (
1188 # ade|adp|app|bas|bat|chm|cmd|com|cpl|crt|emf|exe|fxp|grp|hlp|hta|
1189 # inf|ins|isp|js|jse|lnk|mda|mdb|mde|mdw|mdt|mdz|msc|msi|msp|mst|
1190 # ops|pcd|pif|prg|reg|scr|sct|shb|shs|vb|vbe|vbs|
1191 # wmf|wsc|wsf|wsh) (\t.*)? $'xmi,
1192
1193 # # banned filename extensions anywhere - WinZip vulnerability (pre-V9)
1194 # qr'(?# BLOCK WinZip VULNERABILITY EXENSIONS )
1195 # ^ (.*\t)? N= [^\t\n]* \. (mim|b64|bhx|hqx|xxe|uu|uue) (\t.*)? $'xmi,
1196
1197 [ qr'(?# BLOCK EMPTY MIME PART APPLICATION/OCTET-STREAM )
1198 ^ (.*\t)? M=application/octet-stream \t(.*\t)* T=empty (\t.*)? $'xmi
1199 => 'DISCARD' ],
1200
1201 # [ qr'(?# BLOCK EMPTY MIME PARTS )
1202 # ^ (.*\t)? M= [^\t\n]+ \t(.*\t)* T=empty (\t.*)? $'xmi => 'DISCARD' ],
1203
1204 qr'(?# BLOCK Microsoft EXECUTABLES )
1205 ^ (.*\t)? T=exe-ms (\t.*)? $'xm, # banned file(1) type
1206
1207 # qr'(?# BLOCK ANY EXECUTABLE )
1208 # ^ (.*\t)? T=exe (\t.*)? $'xm, # banned file(1) type
1209
1210 # qr'(?# BLOCK THESE TYPES )
1211 # ^ (.*\t)? T=(exe|lha|tnef|cab|dll) (\t.*)? $'xm, # banned file(1)
1212 types
1213
1214 );
1215
1216 # use old or new style of banned lookup table; not both to avoid confusion
1217 #
1218 # @banned_filename_maps = (); # to disable old-style
1219 $banned_namepath_re = undef; # to disable new-style
1220
1221
1222 %banned_rules = (
1223 'MYNETS-DEFAULT' => new_RE( # permissive set of rules for internal
1224 hosts
1225 [ qr'^\.(rpm|cpio|tar)$' => 0 ], # allow any name/type in Unix
1226 archives
1227 qr'.\.(vbs|pif|scr)$'i, # banned extension - rudimentary
1228 ),
1229 'DEFAULT' => $banned_filename_re,
1230 );
1231
1232
1233 #
1234 # Section V - Per-recipient and per-sender handling, whitelisting, etc.
1235 #
1236
1237 # @virus_lovers_maps list of lookup tables:
1238 # (this should be considered a policy option, is does not disable checks,
1239 # see bypass*checks for that!)
1240 #
1241 # Exclude certain RECIPIENTS from virus filtering by adding their
1242 (lower-cased)
1243 # envelope e-mail address (or domain only) to one of the lookup tables in
1244 # the @virus_lovers_maps list - see README.lookups and examples.
1245 # Make sure the appropriate form (e.g. external/internal) of address
1246 # is used in case of virtual domains, or when mapping external to internal
1247 # addresses, etc. - this is MTA-specific.
1248 #
1249 # Notifications would still be generated however (see the overall
1250 # picture above), and infected mail (if passed) gets additional header:
1251 # X-AMaViS-Alert: INFECTED, message contains virus: ...
1252 # (header not inserted with Courier or milter interface!)
1253 #
1254 # Setting $final_*_destiny=D_PASS is functionally equivalent to having
1255 # all recipients match the @*_lovers_maps.
1256 #
1257 # NOTE (milter interface only): in case of multiple recipients,
1258 # it is only possible to drop or accept the message in its entirety -
1259 for all
1260 # recipients. If all of them are virus lovers, we'll accept mail, but if
1261 # at least one recipient is not a virus lover, we'll discard the message.
1262
1263
1264 # @bypass_virus_checks_maps list of lookup tables:
1265 # (this is mainly a time-saving option, unlike virus_lovers* !)
1266 #
1267 # Similar in concept to @virus_lovers_maps, a @bypass_virus_checks_maps
1268 # is used to skip entirely the decoding, unpacking and virus checking,
1269 # but only if ALL recipients match the lookup.
1270 #
1271 # @bypass_virus_checks_maps does NOT GUARANTEE the message will NOT be
1272 checked
1273 # for viruses - this may still happen when there is more than one recipient
1274 # for a message and not all of them match these lookup tables, or when
1275 # check result was cached (i.e. the same contents was recently sent to other
1276 # recipients). To guarantee virus delivery, a recipient must also match
1277 # @virus_lovers_maps lookups (but see milter limitations above),
1278 #
1279 # The following table summarizes the possible combinations:
1280 # bypass lover
1281 # 0 0 useful, check for malware and block it
1282 # 0 1 useful, check but deliver nevertheless, possibly tagged
1283 # 1 0 not too useful, free riding on cached or other-people's
1284 checks
1285 # 1 1 useful, no checks if possible, and no effects
1286
1287 # NOTE: it would not be clever to base enabling of virus checks on SENDER
1288 # address, since there are no guarantees that it is genuine. Many viruses
1289 # and spam messages fake sender address. To achieve selective filtering
1290 # based on the source of the mail (e.g. IP address, MTA port number, ...),
1291 # use mechanisms provided by MTA if available, possibly combined with policy
1292 # banks feature.
1293
1294 # Similar to lists of lookup tables controlling virus checking, there are
1295 # counterparts for spam scanning, banned names/types, and headers_checks
1296 # control:
1297 # @spam_lovers_maps,
1298 # @banned_files_lovers_maps,
1299 # @bad_header_lovers_maps
1300 # and:
1301 # @bypass_spam_checks_maps,
1302 # @bypass_banned_checks_maps,
1303 # @bypass_header_checks_maps
1304
1305 # Example:
1306 # @bypass_header_checks_maps = ( [qw( user@×××××××.com )] );
1307 # @bad_header_lovers_maps = ( [qw( user@×××××××.com )] );
1308
1309 # The following example disables spam checking altogether,
1310 # since it matches any recipient e-mail address.
1311 # @bypass_spam_checks_maps = (1);
1312
1313
1314 # See README.lookups for further detail, and examples below.
1315
1316 # In the following example a list of lookup tables @virus_lovers_maps
1317 # contains three elements, the first is a reference to an ACL lookup table
1318 # (brackets in Perl indicate a ref to a list), the second is a reference
1319 # to a hash lookup table (curly braces in Perl indicate a ref to a hash),
1320 # the third is a regexp lookup table, indicated by the type of object
1321 # created by new_RE() :
1322 #
1323 #@virus_lovers_maps = (
1324 # [ qw( me@×××××××.com !lab.xxx.com .xxx.com yyy.org ) ],
1325 # { "postmaster\@$mydomain" => 1, # double quotes permit variable evaluation
1326 # 'postmaster@×××××××.com'=> 1, # in single quotes the '@' need not be
1327 quoted
1328 # 'abuse@×××××××.com'=> 1,
1329 # 'some.user@' => 1, # this recipient, regardless of domain
1330 # 'boss@×××××××.com' => 0, # never, even if domain matches
1331 # 'example.com' => 1, # this domain, but not its subdomains
1332 # '.example.com' => 1, # this domain, including its subdomains
1333 # },
1334 # new_RE( qr'^(helpdesk|postmaster)@example\.com$'i ),
1335 #);
1336
1337 #@spam_lovers_maps = (
1338 # ["postmaster\@$mydomain", 'postmaster@×××××××.com', 'abuse@×××××××.com'],
1339 #);
1340
1341 #@bad_header_lovers_maps = (
1342 # ["postmaster\@", "abuse\@$mydomain"],
1343 #);
1344
1345
1346 # as an alternative to fiddling with @_lovers_maps and similar _maps, here
1347 # is an illustration of using a more general *_by_ccat associative array,
1348 # introduced with 2.4.0, like %lovers_maps_by_ccat in this example:
1349 #
1350 #$lovers_maps_by_ccat{CC_SPAM} = [
1351 # read_hash("$MYHOME/etc/spam_lovers.txt"),
1352 # [qw(postmaster@×××××××.com abuse@×××××××.com)],
1353 #];
1354 #
1355 #$lovers_maps_by_ccat{CC_BANNED} = [
1356 # { map {lc $_ => 1} # construct a hash lookup table from a list
1357 # qw(user1@×××××××.com user2.example.com)
1358 # },
1359 #];
1360
1361
1362 # to save some typing of quotes and commas, a Perl operator qw can be used
1363 # to split its argument on whitespace and to quote resulting elements:
1364 #@bypass_spam_checks_maps = (
1365 # [ qw( some.ddd !butnot.example.com .example.com ) ],
1366 #);
1367
1368
1369 # don't run spam check for these RECIPIENT domains:
1370 # @bypass_spam_checks_maps = ( [qw( d1.com .d2.com a.d3.com )] );
1371 # or the other way around (bypass check for all BUT these):
1372 # @bypass_spam_checks_maps = ( [qw( !d1.com !.d2.com !a.d3.com . )] );
1373 # a practical application: don't check outgoing mail for spam:
1374 # @bypass_spam_checks_maps = ( [ "!.$mydomain", "." ] );
1375 # or calculated (negated) from the %local_domains:
1376 # @bypass_spam_checks_maps =
1377 # ( {map {$_ => !$local_domains{$_}} keys %local_domains}, 1);
1378 # (a downside of which is that such mail will not count as ham in SA
1379 bayes db)
1380 #
1381 # Note that 'outgoing' is not the same as 'originating from inside'.
1382 # The internal-to-internal mail is not outgoing, but is originating from
1383 # inside. To base rules on 'originating from inside', the use of policy bank
1384 # MYNETS is needed, in conjunction with XFORWARD Postfix extension to SMTP.
1385
1386 # Where to find SQL server(s) and database to support SQL lookups?
1387 # A list of triples: (dsn,user,passw). (dsn = data source name)
1388 # More than one entry may be specified for multiple (backup) SQL servers.
1389 # See 'man DBI', 'man DBD::mysql', 'man DBD::Pg', ... for details.
1390 # When chroot-ed, accessing SQL server over inet socket may be more
1391 convenient.
1392 #
1393 # @lookup_sql_dsn =
1394 # ( ['DBI:mysql:database=mail;host=127.0.0.1;port=3306', 'user1',
1395 'passwd1'],
1396 # ['DBI:mysql:database=mail;host=host2', 'username2', 'password2'],
1397 # ["DBI:SQLite:dbname=$MYHOME/sql/mail_prefs.sqlite", '', ''] );
1398 # @storage_sql_dsn = @lookup_sql_dsn; # none, same, or separate database
1399 #
1400 @lookup_sql_dsn =
1401 (
1402 ['DBI:mysql:database=amavis;host=192.168.10.35;port=3306','amavis','db4me!']
1403 );
1404 # ('mail' in the example is the database name, choose what you like)
1405 # With PostgreSQL the dsn (first element of the triple) may look like:
1406 # 'DBI:Pg:dbname=mail;host=host1'
1407
1408 # The SQL select clause to fetch per-recipient policy settings.
1409 # The %k will be replaced by a comma-separated list of query addresses
1410 # (e.g. full address, domain only (stripped level by level), and a
1411 catchall).
1412 # Use ORDER if there is a chance that multiple records will match - the
1413 first
1414 # match wins. If field names are not unique (e.g. 'id'), the later field
1415 # overwrites the earlier in a hash returned by lookup, which is why we use
1416 # '*,users.id' instead of just '*'. No need to uncomment the following
1417 # assignment if the default is ok.
1418 # $sql_select_policy = 'SELECT *,users.id FROM users,policy'.
1419 # ' WHERE (users.policy_id=policy.id) AND (users.email IN (%k))'.
1420 # ' ORDER BY users.priority DESC';
1421 #
1422 # The SQL select clause to check sender in per-recipient whitelist/blacklist
1423 # The first SELECT argument '?' will be users.id from recipient SQL lookup,
1424 # the %k will be sender addresses (e.g. full address, domain only,
1425 catchall).
1426 # The default value is:
1427 # $sql_select_white_black_list = 'SELECT wb FROM wblist,mailaddr'.
1428 # ' WHERE (wblist.rid=?) AND (wblist.sid=mailaddr.id)'.
1429 # ' AND (mailaddr.email IN (%k))'.
1430 # ' ORDER BY mailaddr.priority DESC';
1431 #
1432 # To disable SQL white/black list, set to undef (otherwise comment-out
1433 # the following statement, leaving it at the default value):
1434 #$sql_select_white_black_list = undef; # undef disables SQL
1435 white/blacklisting
1436
1437 $sql_select_white_black_list = 'SELECT wb FROM wblist'.
1438 ' WHERE (rid=?) AND (wblist.email IN (%k))'.
1439 ' ORDER BY wblist.priority DESC';
1440
1441 # If passing malware to certain recipients ($final_*_destiny=D_PASS or
1442 # *_lovers), the recipient-based lookup tables @addr_extension_*_maps may
1443 # return a string, which (if nonempty) will be added as an address extension
1444 # to the local-part of the recipient's address. This extension may be used
1445 # by the final local delivery agent (LDA) to place such mail into different
1446 # subfolders (the extension is usually interpreted as a folder name).
1447 # This is sometimes known as the 'plus addressing'. Appending address
1448 # extensions is prevented when:
1449 # - recipient does not match lookup tables @local_domains_maps;
1450 # - lookup into corresponding @addr_extension_*_maps results
1451 # in an empty string or undef;
1452 # - $recipient_delimiter is empty (see below)
1453 # LDAs usually default to stripping away address extension if no special
1454 # handling is specified or if a named subfolder or alias does not exist,
1455 # so adding address extensions normally does no harm.
1456
1457 # @addr_extension_virus_maps = ('virus'); # defaults to empty
1458 # @addr_extension_spam_maps = ('spam'); # defaults to empty
1459 # @addr_extension_banned_maps = ('banned'); # defaults to empty
1460 # @addr_extension_bad_header_maps = ('badh'); # defaults to empty
1461 #
1462 # A more complex example:
1463 # @addr_extension_virus_maps = (
1464 # {'sub.example.com'=>'infected', '.example.com'=>'filtered'}, 'virus' );
1465
1466 # Delimiter between local part of the envelope recipient address and address
1467 # extension (which can optionally be added, see @addr_extension_*_maps. E.g.
1468 # recipient address <user@×××××××.com> is changed to
1469 <user+virus@×××××××.com>.
1470 #
1471 # Delimiter must match the equivalent (final) MTA delimiter setting.
1472 # (e.g. for Postfix add 'recipient_delimiter = +' to main.cf)
1473 # Setting it to an empty string or to undef disables adding extensions
1474 # regardless of $addr_extension_*_maps.
1475
1476 # $recipient_delimiter = '+'; # (default is undef, i.e. disabled)
1477
1478 # true: replace extension; false: append extension
1479 # $replace_existing_extension = 1; # (default is true)
1480
1481 # Affects matching of localpart of e-mail addresses (left of '@')
1482 # in lookups: true = case sensitive, false = case insensitive
1483 $localpart_is_case_sensitive = 0; # (default is false)
1484
1485
1486 # ENVELOPE SENDER SOFT-WHITELISTING / SOFT-BLACKLISTING
1487
1488 # Instead of hard black- or whitelisting, a softer approach is to add
1489 # score points (penalties) to the SA score for mail from certain senders.
1490 # Positive points lean towards blacklisting, negative towards whitelisting.
1491 # This is much like adding SA rules or using its white/blacklisting, except
1492 # that here only envelope sender addresses are considered (not addresses
1493 # in a mail header), and that score points can be assigned per-recipient
1494 # (or globally), and the assigned penalties are customarily much lower
1495 # than the default SA white/blacklisting score.
1496 #
1497 # The table structure is similar to
1498 $per_recip_blacklist_sender_lookup_tables
1499 # i.e. the first level key is recipient, pointing to by-sender lookup
1500 tables.
1501 # The essential difference is that scores from _all_ matching by-recipient
1502 # lookups (not just the first that matches) are summed to give the final
1503 # score boost. That means that both the site and domain administrators,
1504 # as well as the recipient can have a say on the final score.
1505 #
1506 # NOTE: keep hash keys in lowercase, either manually or by using function lc
1507
1508 @score_sender_maps = ({ # a by-recipient hash lookup table
1509
1510 # # per-recipient personal tables (NOTE: positive: black, negative: white)
1511 # 'user1@×××××××.com' => [{'bla-mobile.press@×××××××.com' => 10.0}],
1512 # 'user3@×××××××.com' => [{'.ebay.com' => -3.0}],
1513 # 'user4@×××××××.com' => [{'cleargreen@××××××××××.com' => -7.0,
1514 # '.cleargreen.com' => -5.0}],
1515
1516 # site-wide opinions about senders (the '.' matches any recipient)
1517 '.' => [ # the _first_ matching sender determines the score boost
1518
1519 new_RE( # regexp-type lookup table, just happens to be all
1520 soft-blacklist
1521 [qr'^(bulkmail|offers|cheapbenefits|earnmoney|foryou)@'i =>
1522 5.0],
1523 [qr'^(greatcasino|investments|lose_weight_today|market\.alert)@'i=>
1524 5.0],
1525 [qr'^(money2you|MyGreenCard|new\.tld\.registry|opt-out|opt-in)@'i=>
1526 5.0],
1527 [qr'^(optin|saveonlsmoking2002k|specialoffer|specialoffers)@'i =>
1528 5.0],
1529 [qr'^(stockalert|stopsnoring|wantsome|workathome|yesitsfree)@'i =>
1530 5.0],
1531 [qr'^(your_friend|greatoffers)@'i =>
1532 5.0],
1533 [qr'^(inkjetplanet|marketopt|MakeMoney)\d*@'i =>
1534 5.0],
1535 ),
1536
1537 # read_hash("/var/amavis/sender_scores_sitewide"),
1538
1539 { # a hash-type lookup table (associative array)
1540 'nobody@××××.org' => -3.0,
1541 'cert-advisory@×××××××.gov' => -3.0,
1542 'owner-alert@×××.net' => -3.0,
1543 'slashdot@××××××××.org' => -3.0,
1544 'bugtraq@×××××××××××××.com' => -3.0,
1545 'ntbugtraq@××××××××××××××××××.com' => -3.0,
1546 'security-alerts@×××××××××××××.com' => -3.0,
1547 'mailman-announce-admin@××××××.org' => -3.0,
1548 'amavis-user-admin@×××××××××××××××××.net'=> -3.0,
1549 'spamassassin.apache.org' => -3.0,
1550 'notification-return@××××××××××××.com' => -3.0,
1551 'owner-postfix-users@×××××××.org' => -3.0,
1552 'owner-postfix-announce@×××××××.org' => -3.0,
1553 'owner-sendmail-announce@××××××××××××××.org' => -3.0,
1554 'sendmail-announce-request@××××××××××××××.org' => -3.0,
1555 'donotreply@××××××××.org' => -3.0,
1556 'ca+envelope@××××××××.org' => -3.0,
1557 'noreply@×××××××××.net' => -3.0,
1558 'owner-technews@××××××××××.org' => -3.0,
1559 'ietf-123-owner@×××××××××.org' => -3.0,
1560 'cvs-commits-list-admin@×××××.org' => -3.0,
1561 'rt-users-admin@××××××××××.com' => -3.0,
1562 'clp-request@××××××××××××.sg' => -3.0,
1563 'surveys-errors@×××××××××.ie' => -3.0,
1564 'emailnews@×××××××××.com' => -5.0,
1565 'yahoo-dev-null@×××××××××.com' => -3.0,
1566 'returns.groups.yahoo.com' => -3.0,
1567 'clusternews@××××××××××××.com' => -3.0,
1568 lc('lvs-users-admin@××××××××××××××××××.org') => -3.0,
1569 lc('owner-textbreakingnews@××××××××××××××.COM') => -5.0,
1570
1571 # soft-blacklisting (positive score)
1572 'sender@×××××××.net' => 3.0,
1573 '.example.net' => 1.0,
1574
1575 },
1576 ], # end of site-wide tables
1577 });
1578
1579
1580 # ENVELOPE SENDER WHITELISTING / BLACKLISTING - GLOBAL
1581 (RECIPIENT-INDEPENDENT)
1582 # (affects spam checking only, has no effect on virus and other checks)
1583
1584 # WHITELISTING: use ENVELOPE SENDER lookups to ENSURE DELIVERY from
1585 whitelisted
1586 # senders even if the message would be recognized as spam. Effectively, for
1587 # the specified senders, message recipients temporarily become
1588 'spam_lovers'.
1589 # To avoid surprises, whitelisted sender also suppresses inserting/editing
1590 # the tag2-level header fields (X-Spam-*, Subject), appending spam address
1591 # extension, and quarantining.
1592 #
1593 # BLACKLISTING: messages from specified SENDERS are DECLARED SPAM.
1594 # Effectively, for messages from blacklisted envelope sender addresses, spam
1595 # level is artificially pushed high, and the normal spam processing applies,
1596 # resulting in 'X-Spam-Flag: YES', high 'X-Spam-Level' bar and other usual
1597 # reactions to spam, including possible rejection. If the message
1598 nevertheless
1599 # still passes (e.g. for spam loving recipients), it is tagged as
1600 BLACKLISTED
1601 # in the 'X-Spam-Status' header field, but the reported spam value and
1602 # set of tests in this report header field (if available from SpamAssassin,
1603 # which may or may not have been called) is not adjusted.
1604 #
1605 # A sender may be both white- and blacklisted at the same time, settings
1606 # are independent. For example, being both white- and blacklisted, message
1607 # is delivered to recipients, but is not tagged as spam (X-Spam-Flag: No;
1608 # X-Spam-Status: No, ...), but the reported spam level (if computed) may
1609 # still indicate high spam score.
1610 #
1611 # If ALL recipients of the message either white- or blacklist the sender,
1612 # spam scanning (calling the SpamAssassin) is bypassed, saving on time.
1613 #
1614 # The following variables (lists of lookup tables) are available,
1615 # with the semantics and syntax as specified in README.lookups:
1616 # @whitelist_sender_maps, @blacklist_sender_maps
1617
1618 # SOME EXAMPLES:
1619 #
1620 #ACL:
1621 # @whitelist_sender_maps = ( ['.example.org', '.example.net'] );
1622 # @whitelist_sender_maps = ( [qw(.example.org .example.net)] ); # same
1623 thing
1624 #
1625 # @whitelist_sender_maps = ( [".$mydomain"] ); # $mydomain and its
1626 subdomains
1627 # NOTE: This is not a reliable way of turning off spam checks for
1628 # locally-originating mail, as sender address can easily be faked.
1629 # To reliably avoid spam-scanning outgoing mail, use
1630 @bypass_spam_checks_maps
1631 # for nonlocal recipients. To reliably avoid spam scanning for locally
1632 # originating mail (including internal-to-internal mail), recognized by
1633 # the original SMTP client IP address matching @mynetworks, use policy
1634 bank
1635 # MYNETS, adjust @mynetworks, and turn on XFORWARD in the Postfix smtp
1636 client
1637 # service feeding amavisd.
1638
1639 #with regexps:
1640 # @whitelist_sender_maps = ( new_RE(
1641 # qr'^postmaster@.*\bexample\.com$'i,
1642 # qr'^owner-[^@]*@'i, qr'-request@'i,
1643 # qr'\.example\.com$'i
1644 # ));
1645
1646
1647 # illustrates the use of regexp lookup table:
1648
1649 @blacklist_sender_maps = ( new_RE(
1650 qr'^(bulkmail|offers|cheapbenefits|earnmoney|foryou|greatcasino)@'i,
1651
1652 qr'^(investments|lose_weight_today|market\.alert|money2you|MyGreenCard)@'i,
1653 qr'^(new\.tld\.registry|opt-out|opt-in|optin|saveonlsmoking2002k)@'i,
1654 qr'^(specialoffer|specialoffers|stockalert|stopsnoring|wantsome)@'i,
1655 qr'^(workathome|yesitsfree|your_friend|greatoffers)@'i,
1656 qr'^(inkjetplanet|marketopt|MakeMoney)\d*@'i,
1657 ));
1658
1659
1660 # NOTE: whitelisting is becoming deprecated because sender address is
1661 # all too often faked; use @score_sender_maps for soft-whitelisting!
1662 #
1663 # Illustrates the use of several lookup tables:
1664 #
1665 # @whitelist_sender_maps = (
1666 #
1667 # # read_hash("$MYHOME/whitelist_sender"), # a hash table read from a file
1668 #
1669 # # and another hash lookup table constructed in-line, with keys
1670 lowercased:
1671 # { map {lc $_ => 1} qw(
1672 # nobody@××××.org
1673 # cert-advisory@×××××××.gov
1674 # owner-alert@×××.net
1675 # slashdot@××××××××.org
1676 # bugtraq@×××××××××××××.com
1677 # NTBUGTRAQ@××××××××××××××××××.COM
1678 # security-alerts@×××××××××××××.com
1679 # amavis-user-admin@×××××××××××××××××.net
1680 # notification-return@××××××××××××.com
1681 # mailman-announce-admin@××××××.org
1682 # owner-postfix-users@×××××××.org
1683 # owner-postfix-announce@×××××××.org
1684 # owner-sendmail-announce@××××××××××××××.org
1685 # sendmail-announce-request@××××××××××××××.org
1686 # owner-technews@××××××××××.ORG
1687 # lvs-users-admin@××××××××××××××××××.org
1688 # ietf-123-owner@×××××××××.org
1689 # cvs-commits-list-admin@×××××.org
1690 # rt-users-admin@××××××××××.com
1691 # clp-request@××××××××××××.sg
1692 # surveys-errors@×××××××××.ie
1693 # emailNews@×××××××××.com
1694 # owner-textbreakingnews@××××××××××××××.COM
1695 # yahoo-dev-null@×××××××××.com
1696 # returns.groups.yahoo.com
1697 # )},
1698 #
1699 # # { '' => 1 }, # and another one, containing just an empty reverse
1700 path (DSN)
1701 #
1702 # );
1703
1704
1705 # ENVELOPE SENDER WHITELISTING / BLACKLISTING - PER-RECIPIENT
1706
1707 # The same semantics as for global white/blacklisting applies, but this
1708 # time each recipient (or its domain, or subdomain, ...) can be given
1709 # an individual lookup table for matching senders. The per-recipient lookups
1710 # take precedence over the global lookups, which serve as a fallback
1711 default.
1712
1713 # Specify a two-level lookup table: the key for the outer table is
1714 recipient,
1715 # and the result should be an inner lookup table (hash or ACL or RE),
1716 # where the key used will be the sender. (Note that this structure is
1717 flatter
1718 # than @score_sender_maps, where the first level result is a ref to a _list_
1719 # of inner lookup tables, not a ref to a single lookup table.)
1720 #
1721 #$per_recip_blacklist_sender_lookup_tables = {
1722 #
1723 'user1@××××××××××.com'=>new_RE(qr'^(inkjetplanet|marketopt|MakeMoney)\d*@'i),
1724 # 'user2@××××××××××.com'=>[qw( spammer@××.example,org .d2.example,org )],
1725 #};
1726 #$per_recip_whitelist_sender_lookup_tables = {
1727 # 'user@××××××××××.com' => [qw( friend@×××××××.org .other.example.org )],
1728 # '.my1.example.com' => [qw( !foe.other.example,org
1729 .other.example,org )],
1730 # '.my2.example.com' => read_hash("$MYHOME/my2-wl.dat"),
1731 # 'abuse@' => { 'postmaster@'=>1,
1732 # 'cert-advisory-owner@××××.org'=>1,
1733 'owner-alert@×××.net'=>1 },
1734 #};
1735
1736
1737 #
1738 # Section VI - Resource limits
1739 #
1740
1741 # Sanity limit to the number of allowed recipients per SMTP transaction
1742 # $smtpd_recipient_limit = 1100; # (default is 1100)
1743
1744 # Resource limits to protect unpackers, decompressors and virus scanners
1745 # against mail bombs (e.g. 42.zip)
1746
1747
1748 # Maximum recursion level for extraction/decoding (0 or undef disables
1749 limit)
1750 $MAXLEVELS = 14; # (default is undef, no limit)
1751
1752 # Maximum number of extracted files (0 or undef disables the limit)
1753 $MAXFILES = 1500; # (default is undef, no limit)
1754
1755 # For the cumulative total of all decoded mail parts we set max storage size
1756 # to defend against mail bombs. Even though parts may be deleted (replaced
1757 # by decoded text) during decoding, the size they occupied is _not_ returned
1758 # to the quota pool.
1759 #
1760 # Parameters to storage quota formula for unpacking/decoding/decompressing
1761 # Formula:
1762 # quota = max($MIN_EXPANSION_QUOTA,
1763 # $mail_size*$MIN_EXPANSION_FACTOR,
1764 # min($MAX_EXPANSION_QUOTA,
1765 $mail_size*$MAX_EXPANSION_FACTOR))
1766 # In plain words (later condition overrules previous ones):
1767 # allow MAX_EXPANSION_FACTOR times initial mail size,
1768 # but not more than MAX_EXPANSION_QUOTA,
1769 # but not less than MIN_EXPANSION_FACTOR times initial mail size,
1770 # but never less than MIN_EXPANSION_QUOTA
1771 #
1772 $MIN_EXPANSION_QUOTA = 100*1024; # bytes (default undef, not
1773 enforced)
1774 $MAX_EXPANSION_QUOTA = 300*1024*1024; # bytes (default undef, not
1775 enforced)
1776 $MIN_EXPANSION_FACTOR = 5; # times original mail size (default is 5)
1777 $MAX_EXPANSION_FACTOR = 500; # times original mail size (default is 500)
1778
1779 # expiration time of cached results: time to live in seconds
1780 # (how long the result of a virus/spam test remains valid)
1781 $virus_check_negative_ttl= 3*60; # time to remember that mail was not
1782 infected
1783 $virus_check_positive_ttl= 30*60; # time to remember that mail was infected
1784 $spam_check_negative_ttl = 30*60; # time to remember that mail was not spam
1785 $spam_check_positive_ttl = 30*60; # time to remember that mail was spam
1786 #
1787 # NOTE:
1788 # Cache size will be determined by the largest of the $*_ttl values.
1789 # Depending on the mail rate, the cache database may grow quite large.
1790 # Reasonable compromise for the max value is 15 minutes to 2 hours.
1791
1792 #
1793 # Section VII - External programs, virus scanners
1794 #
1795
1796 # Specify a path string, which is a colon-separated string of directories
1797 # (no trailing slashes!) to be assigned to the environment variable PATH
1798 # and to serve for locating external programs below.
1799
1800 # NOTE: if $daemon_chroot_dir is nonempty, the directories will be
1801 # relative to the chroot directory specified;
1802
1803 $path =
1804 '/usr/local/sbin:/usr/local/bin:/usr/sbin:/sbin:/usr/bin:/bin:/opt/bin';
1805
1806 # For external programs specify one string or a search list of strings
1807 (first
1808 # match wins). The string (or: each string in a list) may be an absolute
1809 path,
1810 # or just a program name, to be located via $path;
1811 # Empty string or undef (=default) disables the use of that external
1812 program.
1813 # Optionally command arguments may be specified - only the first substring
1814 # up to the whitespace is used for file searching.
1815
1816 $file = 'file'; # file(1) utility; use 3.41 or later to avoid
1817 vulnerability
1818 $dspam = 'dspam';
1819
1820 # A list of pairs or n-tuples: [short-type, code_ref, optional-args...].
1821 # Maps short types to a decoding routine, the first match wins.
1822 # Arguments beyond the first two can be program path string (or a listref of
1823 # paths to be searched) or a reference to a variable containing such a path,
1824 # which allows for lazy evaluation, making possible to assign values to
1825 # legacy configuration variables even after the assignment to @decoders.
1826 #
1827 @decoders = (
1828 ['mail', \&do_mime_decode],
1829 ['asc', \&do_ascii],
1830 ['uue', \&do_ascii],
1831 ['hqx', \&do_ascii],
1832 ['ync', \&do_ascii],
1833 ['F', \&do_uncompress, ['unfreeze','freeze -d','melt','fcat'] ],
1834 ['Z', \&do_uncompress, ['uncompress','gzip -d','zcat'] ],
1835 ['gz', \&do_gunzip],
1836 ['gz', \&do_uncompress, 'gzip -d'],
1837 ['bz2', \&do_uncompress, 'bzip2 -d'],
1838 ['lzo', \&do_uncompress, 'lzop -d'],
1839 ['rpm', \&do_uncompress, ['rpm2cpio.pl','rpm2cpio'] ],
1840 ['cpio', \&do_pax_cpio, ['pax','gcpio','cpio'] ],
1841 ['tar', \&do_pax_cpio, ['pax','gcpio','cpio'] ],
1842 ['tar', \&do_tar],
1843 ['deb', \&do_ar, 'ar'],
1844 # ['a', \&do_ar, 'ar'], # unpacking .a seems an overkill
1845 ['zip', \&do_unzip],
1846 ['rar', \&do_unrar, ['rar','unrar'] ],
1847 ['arj', \&do_unarj, ['arj','unarj'] ],
1848 ['arc', \&do_arc, ['nomarch','arc'] ],
1849 ['zoo', \&do_zoo, 'zoo'],
1850 ['lha', \&do_lha, 'lha'],
1851 # ['doc', \&do_ole, 'ripole'],
1852 ['cab', \&do_cabextract, 'cabextract'],
1853 ['tnef', \&do_tnef_ext, 'tnef'],
1854 ['tnef', \&do_tnef],
1855 ['exe', \&do_executable, ['rar','unrar'], 'lha', ['arj','unarj'] ],
1856 );
1857
1858
1859 # SpamAssassin settings
1860
1861 # $sa_local_tests_only is passed to Mail::SpamAssassin::new as a value
1862 # of the option local_tests_only. See Mail::SpamAssassin man page.
1863 # If set to 1, no SA tests that require internet access will be performed.
1864 #
1865 $sa_local_tests_only = 0; # only tests which do not require internet
1866 access?
1867 #$sa_auto_whitelist = 1; # turn on AWL in SA 2.63 or older (irrelevant
1868 # for SA 3.0, its cf option is
1869 use_auto_whitelist)
1870
1871 $sa_mail_body_size_limit = 200*1024; # don't waste time on SA if mail is
1872 larger
1873 # (less than 1% of spam is > 64k)
1874 # default: undef, no limitations
1875
1876 # default values, customarily used in the @spam_*_level_maps as the last
1877 entry
1878 $sa_tag_level_deflt = -9999; # add spam info headers if at, or above
1879 that level;
1880 # undef is interpreted as lower than any spam level
1881 $sa_tag2_level_deflt = 5;# add 'spam detected' headers at that level to
1882 # passed mail, adding address extensions;
1883 $sa_kill_level_deflt = 20; # triggers spam evasive actions
1884 # at or above that level: bounce/reject/drop,
1885 # quarantine
1886 $sa_dsn_cutoff_level = 9; # spam level beyond which a DSN is not sent,
1887 # effectively turning D_BOUNCE into D_DISCARD;
1888 # undef disables this feature and is a default;
1889 # see also $sa_quarantine_cutoff_level above, which only controls
1890 quarantining
1891
1892 # advanced example specifying per-recipient values using a hash lookup:
1893 #@spam_tag_level_maps = (\$sa_tag_level_deflt); # this is a default
1894 #@spam_tag2_level_maps = (
1895 # { 'user1@×××××××.com' => 8.0, '.example.com' => 6.0 },
1896 # \$sa_tag2_level_deflt, # catchall default
1897 #);
1898 #@spam_kill_level_maps = (
1899 # { 'user1@×××××××.com' => 8.0, '.example.com' => 6.0 },
1900 # \$sa_kill_level_deflt, # catchall default
1901 #);
1902 #@spam_dsn_cutoff_level_maps = (
1903 # { 'user1@×××××××.com' => 10, '.example.com' => 15 },
1904 # \$sa_dsn_cutoff_level, # catchall default
1905 #);
1906
1907 # a quick reference:
1908 # tag_level contents category: CC_CLEAN,
1909 # controls adding the X-Spam-Status and X-Spam-Level headers,
1910 # tag2_level contents category: CC_SPAMMY,
1911 # controls adding 'X-Spam-Flag: YES', editing (tagging)
1912 Subject,
1913 # and adding address extensions,
1914 # tag3_level contents category: CC_SPAMMY, minor category 1,
1915 # like tag2, but may insert different Subject tag
1916 # e.g. @spam_subject_tag3_maps=('***BLATANT*SPAM*** ');
1917 # kill_level contents category: CC_SPAM,
1918 # controls 'evasive actions' (reject, quarantine);
1919 # it only makes sense to maintain the relationship:
1920 # tag_level <= tag2_level <= tag3_level <= kill_level <
1921 # < dsn_cutoff_level <= quarantine_cutoff_level
1922
1923 # string to prepend to Subject header field when message exceeds tag2 level
1924 $sa_spam_subject_tag = '*SPAM* '; # (defaults to undef, disabled)
1925 # (only seen when spam is passed and recipient is
1926 # in local_domains*)
1927
1928 #$sa_spam_modifies_subj = 1; # in @spam_modifies_subj_maps, default is true
1929
1930 # Example: modify Subject for all local recipients except user@×××××××.com
1931 #@spam_modifies_subj_maps = ( [qw( !user@×××××××.com . )] );
1932
1933 #$sa_spam_level_char = '*'; # char for X-Spam-Level bar, defaults to '*';
1934 # undef or empty disables inserting X-Spam-Level
1935 #$sa_spam_report_header = 0; # insert X-Spam-Report header field?
1936 default false
1937
1938 # stop anti-virus scanning when the first scanner detects a virus?
1939 #$first_infected_stops_scan = 1; # default is false, all scanners in a
1940 section
1941 # are called
1942
1943 # @av_scanners is a list of n-tuples, where fields semantics is:
1944 # 1. av scanner plain name, to be used in log and reports;
1945 # 2. scanner program name; this string will be submitted to subroutine
1946 # find_external_programs(), which will try to find the full program path
1947 # name during startup; if program is not found, this scanner is
1948 disabled.
1949 # Besides a simple string (full program path name or just the basename
1950 # to be looked for in PATH), this may be an array ref of alternative
1951 # program names or full paths - the first match in the list will be
1952 used;
1953 # As a special case for more complex scanners, this field may be
1954 # a subroutine reference, and the whole n-tuple is passed to it as args.
1955 # 3. command arguments to be given to the scanner program;
1956 # a substring {} will be replaced by the directory name to be
1957 scanned, i.e.
1958 # "$tempdir/parts", a "*" will be replaced by base file names of parts;
1959 # 4. an array ref of av scanner exit status values, or a regexp (to be
1960 # matched against scanner output), indicating NO VIRUSES found;
1961 # a special case is a value undef, which does not claim file to be clean
1962 # (i.e. it never matches, similar to []), but suppresses a failure
1963 warning;
1964 # to be used when the result is inconclusive (useful for specialized and
1965 # quick partial scanners such as jpeg checker);
1966 # 5. an array ref of av scanner exit status values, or a regexp (to be
1967 # matched against scanner output), indicating VIRUSES WERE FOUND;
1968 # Note: the virus match prevails over a 'not found' match, so it is safe
1969 # even if the no. 4. matches for viruses too;
1970 # 6. a regexp (to be matched against scanner output), returning a list
1971 # of virus names found, or a sub ref, returning such a list when given
1972 # scanner output as argument;
1973 # 7. and 8.: (optional) subroutines to be executed before and after scanner
1974 # (e.g. to set environment or current directory);
1975 # see examples for these at KasperskyLab AVP and NAI uvscan.
1976
1977 # NOTES:
1978 #
1979 # - NOT DEFINING @av_scanners (e.g. setting it to empty list, or
1980 deleting the
1981 # whole assignment) TURNS OFF LOADING AND COMPILING OF THE ANTIVIRUS CODE
1982 # (which can be handy if all you want to do is spam scanning);
1983 #
1984 # - the order matters: although _all_ available entries from the list
1985 # are tried regardless of their verdict, scanners are run in the order
1986 # specified: the report from the first one detecting a virus will be used
1987 # (providing virus names and scanner output); REARRANGE THE ORDER TO WILL;
1988 # see also $first_infected_stops_scan;
1989 #
1990 # - it doesn't hurt to keep an unused command line scanner entry in the list
1991 # if the program can not be found; the path search is only performed once
1992 # during the program startup;
1993 #
1994 # COROLLARY: to disable a scanner that _does_ exist on your system,
1995 # comment out its entry or use undef or '' as its program name/path
1996 # (second parameter). An example where this is almost a must: disable
1997 # Sophos 'sweep' if you have its daemonized version Sophie or SAVI-Perl
1998 # (same for Trophie/vscan, and clamd/clamscan), or if another unrelated
1999 # program happens to have a name matching one of the entries ('sweep'
2000 # again comes to mind);
2001 #
2002 # - it DOES HURT to keep unwanted entries which use INTERNAL SUBROUTINES
2003 # for interfacing (where the second parameter starts with \&).
2004 # Keeping such entry and not having a corresponding virus scanner daemon
2005 # causes an unnecessary connection attempt (which eventually times out,
2006 # but it wastes precious time). For this reason the daemonized entries
2007 # are commented in the distribution - just remove the '#' where needed.
2008 #
2009 # CERT list of av resources: http://www.cert.org/other_sources/viruses.html
2010
2011 @av_scanners = (
2012
2013 # ### http://www.vanja.com/tools/sophie/
2014 # ['Sophie',
2015 # \&ask_daemon, ["{}/\n", '/var/run/sophie'],
2016 # qr/(?x)^ 0+ ( : | [\000\r\n]* $)/, qr/(?x)^ 1 ( : | [\000\r\n]* $)/,
2017 # qr/(?x)^ [-+]? \d+ : (.*?) [\000\r\n]* $/ ],
2018
2019 # ### http://www.csupomona.edu/~henson/www/projects/SAVI-Perl/
2020 # ['Sophos SAVI', \&sophos_savi ],
2021
2022 # ### http://www.clamav.net/
2023 # ['ClamAV-clamd',
2024 # \&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd"],
2025 # qr/\bOK$/, qr/\bFOUND$/,
2026 # qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
2027 # # NOTE: the easiest is to run clamd under the same user as amavisd;
2028 match the
2029 # # socket name (LocalSocket) in clamav.conf to the socket name in this
2030 entry
2031 # # When running chrooted one may prefer: ["CONTSCAN {}\n","$MYHOME/clamd"],
2032
2033 # ### http://www.clamav.net/ and CPAN (memory-hungry! clamd is preferred)
2034 # ['Mail::ClamAV', \&ask_clamav, "*", [0], [1], qr/^INFECTED: (.+)/],
2035
2036 # ### http://www.openantivirus.org/
2037 # ['OpenAntiVirus ScannerDaemon (OAV)',
2038 # \&ask_daemon, ["SCAN {}\n", '127.0.0.1:8127'],
2039 # qr/^OK/, qr/^FOUND: /, qr/^FOUND: (.+)/ ],
2040
2041 # ### http://www.vanja.com/tools/trophie/
2042 # ['Trophie',
2043 # \&ask_daemon, ["{}/\n", '/var/run/trophie'],
2044 # qr/(?x)^ 0+ ( : | [\000\r\n]* $)/, qr/(?x)^ 1 ( : | [\000\r\n]* $)/,
2045 # qr/(?x)^ [-+]? \d+ : (.*?) [\000\r\n]* $/ ],
2046
2047 # ### http://www.grisoft.com/
2048 # ['AVG Anti-Virus',
2049 # \&ask_daemon, ["SCAN {}\n", '127.0.0.1:55555'],
2050 # qr/^200/, qr/^403/, qr/^403 .*?: ([^\r\n]+)/ ],
2051
2052 # ### http://www.f-prot.com/
2053 # ['FRISK F-Prot Daemon',
2054 # \&ask_daemon,
2055 # ["GET {}/*?-dumb%20-archive%20-packed HTTP/1.0\r\n\r\n",
2056 # ['127.0.0.1:10200','127.0.0.1:10201','127.0.0.1:10202',
2057 # '127.0.0.1:10203','127.0.0.1:10204'] ],
2058 # qr/(?i)<summary[^>]*>clean<\/summary>/,
2059 # qr/(?i)<summary[^>]*>infected<\/summary>/,
2060 # qr/(?i)<name>(.+)<\/name>/ ],
2061
2062 # ### http://www.sald.com/, http://www.dials.ru/english/,
2063 http://www.drweb.ru/
2064 # ['DrWebD', \&ask_daemon, # DrWebD 4.31 or later
2065 # [pack('N',1). # DRWEBD_SCAN_CMD
2066 # pack('N',0x00280001). # DONT_CHANGEMAIL, IS_MAIL, RETURN_VIRUSES
2067 # pack('N', # path length
2068 # length("$TEMPBASE/amavis-yyyymmddTHHMMSS-xxxxx/parts/pxxx")).
2069 # '{}/*'. # path
2070 # pack('N',0). # content size
2071 # pack('N',0),
2072 # '/var/drweb/run/drwebd.sock',
2073 # # '/var/amavis/var/run/drwebd.sock', # suitable for chroot
2074 # # '/usr/local/drweb/run/drwebd.sock', # FreeBSD drweb ports default
2075 # # '127.0.0.1:3000', # or over an inet socket
2076 # ],
2077 # qr/\A\x00[\x10\x11][\x00\x10]\x00/s, # IS_CLEAN,EVAL_KEY;
2078 SKIPPED
2079 # qr/\A\x00[\x00\x01][\x00\x10][\x20\x40\x80]/s, #
2080 KNOWN_V,UNKNOWN_V,V._MODIF
2081 # qr/\A.{12}(?:infected with )?([^\x00]+)\x00/s,
2082 # ],
2083 # # NOTE: If using amavis-milter, change length to:
2084 # # length("$TEMPBASE/amavis-milter-xxxxxxxxxxxxxx/parts/pxxx").
2085
2086 ### http://www.kaspersky.com/ (kav4mailservers)
2087 ['KasperskyLab AVP - aveclient',
2088 ['/usr/local/kav/bin/aveclient','/usr/local/share/kav/bin/aveclient',
2089 '/opt/kav/bin/aveclient','aveclient'],
2090 '-p /var/run/aveserver -s {}/*', [0,3,6,8],
2091 qr/\b(INFECTED|SUSPICION)\b/,
2092 qr/(?:INFECTED|SUSPICION) (.+)/,
2093 ],
2094
2095 ### http://www.kaspersky.com/
2096 ['KasperskyLab AntiViral Toolkit Pro (AVP)', ['avp'],
2097 '-* -P -B -Y -O- {}', [0,3,6,8], [2,4], # any use for -A -K ?
2098 qr/infected: (.+)/,
2099 sub {chdir('/opt/AVP') or die "Can't chdir to AVP: $!"},
2100 sub {chdir($TEMPBASE) or die "Can't chdir back to $TEMPBASE $!"},
2101 ],
2102
2103 ### The kavdaemon and AVPDaemonClient have been removed from Kasperky
2104 ### products and replaced by aveserver and aveclient
2105 ['KasperskyLab AVPDaemonClient',
2106 [ '/opt/AVP/kavdaemon', 'kavdaemon',
2107 '/opt/AVP/AvpDaemonClient', 'AvpDaemonClient',
2108 '/opt/AVP/AvpTeamDream', 'AvpTeamDream',
2109 '/opt/AVP/avpdc', 'avpdc' ],
2110 "-f=$TEMPBASE {}", [0,8], [3,4,5,6], qr/infected: ([^\r\n]+)/ ],
2111 # change the startup-script in /etc/init.d/kavd to:
2112 # DPARMS="-* -Y -dl -f=/var/amavis /var/amavis"
2113 # (or perhaps: DPARMS="-I0 -Y -* /var/amavis" )
2114 # adjusting /var/amavis above to match your $TEMPBASE.
2115 # The '-f=/var/amavis' is needed if not running it as root, so it
2116 # can find, read, and write its pid file, etc., see 'man kavdaemon'.
2117 # defUnix.prf: there must be an entry "*/var/amavis" (or whatever
2118 # directory $TEMPBASE specifies) in the 'Names=' section.
2119 # cd /opt/AVP/DaemonClients; configure; cd Sample; make
2120 # cp AvpDaemonClient /opt/AVP/
2121 # su - vscan -c "${PREFIX}/kavdaemon ${DPARMS}"
2122
2123 ### http://www.centralcommand.com/
2124 ['CentralCommand Vexira (new) vascan',
2125 ['vascan','/usr/lib/Vexira/vascan'],
2126 "-a s --timeout=60 --temp=$TEMPBASE -y $QUARANTINEDIR ".
2127 "--vdb=/usr/lib/Vexira/vexira8.vdb --log=/var/log/vascan.log {}",
2128 [0,3], [1,2,5],
2129 qr/(?x)^\s* (?:virus|iworm|macro|mutant|sequence|trojan)\ found:\ (
2130 [^\]\s']+ )\ \.\.\.\ / ],
2131 # Adjust the path of the binary and the virus database as needed.
2132 # 'vascan' does not allow to have the temp directory to be the same as
2133 # the quarantine directory, and the quarantine option can not be
2134 disabled.
2135 # If $QUARANTINEDIR is not used, then another directory must be
2136 specified
2137 # to appease 'vascan'. Move status 3 to the second list if password
2138 # protected files are to be considered infected.
2139
2140 ### http://www.hbedv.com/
2141 ['H+BEDV AntiVir or the (old) CentralCommand Vexira Antivirus',
2142 ['antivir','vexira'],
2143 '--allfiles -noboot -nombr -rs -s -z {}', [0], qr/ALERT:|VIRUS:/,
2144 qr/(?x)^\s* (?: ALERT: \s* (?: \[ | [^']* ' ) |
2145 (?i) VIRUS:\ .*?\ virus\ '?) ( [^\]\s']+ )/ ],
2146 # NOTE: if you only have a demo version, remove -z and add 214, as in:
2147 # '--allfiles -noboot -nombr -rs -s {}', [0,214], qr/ALERT:|VIRUS:/,
2148
2149 ### http://www.commandsoftware.com/
2150 ['Command AntiVirus for Linux', 'csav',
2151 '-all -archive -packed {}', [50], [51,52,53],
2152 qr/Infection: (.+)/ ],
2153
2154 ### http://www.symantec.com/
2155 ['Symantec CarrierScan via Symantec CommandLineScanner',
2156 'cscmdline', '-a scan -i 1 -v -s 127.0.0.1:7777 {}',
2157 qr/^Files Infected:\s+0$/, qr/^Infected\b/,
2158 qr/^(?:Info|Virus Name):\s+(.+)/ ],
2159
2160 ### http://www.symantec.com/
2161 ['Symantec AntiVirus Scan Engine',
2162 'savsecls', '-server 127.0.0.1:7777 -mode scanrepair -details
2163 -verbose {}',
2164 [0], qr/^Infected\b/,
2165 qr/^(?:Info|Virus Name):\s+(.+)/ ],
2166 # NOTE: check options and patterns to see which entry better applies
2167
2168 ### http://www.f-secure.com/products/anti-virus/
2169 ['F-Secure Antivirus', 'fsav',
2170 '--dumb --mime --archive {}', [0], [3,8],
2171 qr/(?:infection|Infected|Suspected): (.+)/ ],
2172
2173 # ### http://www.avast.com/
2174 # ['avast! Antivirus daemon',
2175 # \&ask_daemon, # greets with 220, terminate with QUIT
2176 # ["SCAN {}\015\012QUIT\015\012", '/var/run/avast4/mailscanner.sock'],
2177 # qr/\t\[\+\]/, qr/\t\[L\]\t/, qr/\t\[L\]\t([^[ \t\015\012]+)/ ],
2178
2179 # ### http://www.avast.com/
2180 # ['avast! Antivirus - Client/Server Version', 'avastlite',
2181 # '-a /var/run/avast4/mailscanner.sock -n {}', [0], [1],
2182 # qr/\t\[L\]\t([^[ \t\015\012]+)/ ],
2183
2184 ['CAI InoculateIT', 'inocucmd', # retired product
2185 '-sec -nex {}', [0], [100],
2186 qr/was infected by virus (.+)/ ],
2187 # see: http://www.flatmtn.com/computer/Linux-Antivirus_CAI.html
2188
2189 ### http://www3.ca.com/Solutions/Product.asp?ID=156 (ex InoculateIT)
2190 ['CAI eTrust Antivirus', 'etrust-wrapper',
2191 '-arc -nex -spm h {}', [0], [101],
2192 qr/is infected by virus: (.+)/ ],
2193 # NOTE: requires suid wrapper around inocmd32; consider flag: -mod
2194 reviewer
2195 # see http://marc.theaimsgroup.com/?l=amavis-user&m=109229779912783
2196
2197 ### http://mks.com.pl/english.html
2198 ['MkS_Vir for Linux (beta)', ['mks32','mks'],
2199 '-s {}/*', [0], [1,2],
2200 qr/--[ \t]*(.+)/ ],
2201
2202 ### http://mks.com.pl/english.html
2203 ['MkS_Vir daemon', 'mksscan',
2204 '-s -q {}', [0], [1..7],
2205 qr/^... (\S+)/ ],
2206
2207 ### http://www.nod32.com/
2208 ['ESET Software NOD32 Command Line Interface v 2.51', 'nod32cli',
2209 '--subdir {}', [0,3], [1,2], qr/virus="([^"]+)"/ ],
2210
2211 # ### http://www.nod32.com/ old
2212 # ['ESET Software NOD32 - Client/Server Version', 'nod32cli',
2213 # '-a -r -d recurse --heur standard {}', [0], [10,11],
2214 # qr/^\S+\s+infected:\s+(.+)/ ],
2215
2216 # ### http://www.nod32.com/ old
2217 # ['ESET Software NOD32', 'nod32',
2218 # '--arch --mail {}', [0], [1,10], qr/^object=.*, virus="(.*?)",/ ],
2219
2220 # Experimental, based on posting from Rado Dibarbora (Dibo) on 2002-05-31
2221 # ['ESET Software NOD32 Client/Server (NOD32SS)',
2222 # \&ask_daemon2, # greets with 200, persistent, terminate with QUIT
2223 # ["SCAN {}/*\r\n", '127.0.0.1:8448' ],
2224 # qr/^200 File OK/, qr/^201 /, qr/^201 (.+)/ ],
2225
2226 ### http://www.norman.com/products_nvc.shtml
2227 ['Norman Virus Control v5 / Linux', 'nvcc',
2228 '-c -l:0 -s -u -temp:$TEMPBASE {}', [0,10,11], [1,2,14],
2229 qr/(?i).* virus in .* -> \'(.+)\'/ ],
2230
2231 ### http://www.pandasoftware.com/
2232 ['Panda Antivirus for Linux', ['pavcl'],
2233 '-aut -aex -heu -cmp -nbr -nor -nso -eng {}',
2234 qr/Number of files infected[ .]*: 0+(?!\d)/,
2235 qr/Number of files infected[ .]*: 0*[1-9]/,
2236 qr/Found virus :\s*(\S+)/ ],
2237
2238 # ### http://www.pandasoftware.com/
2239 # ['Panda Antivirus for Linux', ['pavcl'],
2240 # '-TSR -aut -aex -heu -cmp -nbr -nor -nso -eng {}',
2241 # [0], [0x10, 0x30, 0x50, 0x70, 0x90, 0xB0, 0xD0, 0xF0],
2242 # qr/Found virus :\s*(\S+)/ ],
2243
2244 # GeCAD AV technology is acquired by Microsoft; RAV has been discontinued.
2245 # Check your RAV license terms before fiddling with the following two lines!
2246 # ['GeCAD RAV AntiVirus 8', 'ravav',
2247 # '--all --archive --mail {}', [1], [2,3,4,5], qr/Infected: (.+)/ ],
2248 # # NOTE: the command line switches changed with scan engine 8.5 !
2249 # # (btw, assigning stdin to /dev/null causes RAV to fail)
2250
2251 ### http://www.nai.com/
2252 ['NAI McAfee AntiVirus (uvscan)', 'uvscan',
2253 '--secure -rv --mime --summary --noboot --mailbox --program
2254 --timeout 180 - {}', [0], [13],
2255 qr/(?x) Found (?:
2256 \ the\ (.+)\ (?:virus|trojan) |
2257 \ (?:virus|trojan)\ or\ variant\ ([^ ]+) |
2258 :\ (.+)\ NOT\ a\ virus)/,
2259 # sub {$ENV{LD_PRELOAD}='/lib/libc.so.6'},
2260 # sub {delete $ENV{LD_PRELOAD}},
2261 ],
2262 # NOTE1: with RH9: force the dynamic linker to look at /lib/libc.so.6
2263 before
2264 # anything else by setting environment variable LD_PRELOAD=/lib/libc.so.6
2265 # and then clear it when finished to avoid confusing anything else.
2266 # NOTE2: to treat encrypted files as viruses replace the [13] with:
2267 # qr/^\s{5,}(Found|is password-protected|.*(virus|trojan))/
2268
2269 ### http://www.virusbuster.hu/en/
2270 ['VirusBuster', ['vbuster', 'vbengcl'],
2271 "{} -ss -i '*' -log=$MYHOME/vbuster.log", [0], [1],
2272 qr/: '(.*)' - Virus/ ],
2273 # VirusBuster Ltd. does not support the daemon version for the
2274 workstation
2275 # engine (vbuster-eng-1.12-linux-i386-libc6.tgz) any longer. The names of
2276 # binaries, some parameters AND return codes have changed (from 3 to 1).
2277 # See also the new Vexira entry 'vascan' which is possibly related.
2278
2279 # ### http://www.virusbuster.hu/en/
2280 # ['VirusBuster (Client + Daemon)', 'vbengd',
2281 # '-f -log scandir {}', [0], [3],
2282 # qr/Virus found = (.*);/ ],
2283 # # HINT: for an infected file it always returns 3,
2284 # # although the man-page tells a different story
2285
2286 ### http://www.cyber.com/
2287 ['CyberSoft VFind', 'vfind',
2288 '--vexit {}/*', [0], [23], qr/##==>>>> VIRUS ID: CVDL (.+)/,
2289 # sub {$ENV{VSTK_HOME}='/usr/lib/vstk'},
2290 ],
2291
2292 ### http://www.avast.com/
2293 ['avast! Antivirus', ['/usr/bin/avastcmd','avastcmd'],
2294 '-a -i -n -t=A {}', [0], [1], qr/\binfected by:\s+([^ \t\n\[\]]+)/ ],
2295
2296 ### http://www.ikarus-software.com/
2297 ['Ikarus AntiVirus for Linux', 'ikarus',
2298 '{}', [0], [40], qr/Signature (.+) found/ ],
2299
2300 ### http://www.bitdefender.com/
2301 ['BitDefender', 'bdc',
2302 '--arc --mail {}', qr/^Infected files *:0+(?!\d)/,
2303 qr/^(?:Infected files|Identified viruses|Suspect files) *:0*[1-9]/,
2304 qr/(?:suspected|infected): (.*)(?:\033|$)/ ],
2305 # consider also: --all --nowarn --alev=15 --flev=15. The --all
2306 argument may
2307 # not apply to your version of bdc, check documentation and see 'bdc
2308 --help'
2309
2310 # ['File::Scan', sub {Amavis::AV::ask_av(sub{
2311 # use File::Scan; my($fn)=@_;
2312 # my($f)=File::Scan->new(max_txt_size=>0, max_bin_size=>0);
2313 # my($vname) = $f->scan($fn);
2314 # $f->error ? (2,"Error: ".$f->error)
2315 # : ($vname ne '') ? (1,"$vname FOUND") : (0,"Clean")}, @_) },
2316 # ["{}/*"], [0], [1], qr/^(.*) FOUND$/ ],
2317
2318 # ### example: fully-fledged checker for JPEG marker segments of invalid
2319 length
2320 # ['check-jpeg',
2321 # sub { use JpegTester (); Amavis::AV::ask_av(\&JpegTester::test_jpeg,
2322 @_) },
2323 # ["{}/*"], undef, [1], qr/^(bad jpeg: .*)$/ ],
2324 # # NOTE: place file JpegTester.pm somewhere where Perl can find it,
2325 # # for example in /usr/local/lib/perl5/site_perl
2326
2327 # ### example: simpleminded checker for JPEG marker segments of invalid
2328 length
2329 # ### (only checks first 32k, which is not thorough enough)
2330 # ['check-jpeg-simple',
2331 # sub { Amavis::AV::ask_av(sub {
2332 # my($f)=@_; local(*FF,$_,$1,$2); my(@r)=(0,'not jpeg');
2333 # open(FF,$f) or die "jpeg: open err $f: $!";
2334 # binmode(FF) or die "jpeg: binmode err $f: $!";
2335 # defined read(FF,$_,32000) or die "jpeg: read err $f: $!";
2336 # close(FF) or die "jpeg: close err $f: $!";
2337 # if (/^\xff\xd8\xff/) {
2338 # @r=(0,'jpeg ok');
2339 # while (!/\G(?:\xff\xd9|\z)/gc) { # EOI or eof
2340 # if (/\G\xff+(?=\xff|\z)/gc) {} # fill-bytes before marker
2341 # elsif (/\G\xff([\x01\xd0-\xd8])/gc) {} # TEM, RSTi, SOI
2342 # elsif (/\G\xff([^\x00\xff])(..)/gcs) { # marker segment start
2343 # my($n)=unpack("n",$2)-2;
2344 # $n=32766 if $n>32766; # Perl regexp limit
2345 # if ($n<0) {@r=(1,"bad jpeg: len=$n, pos=".pos); last}
2346 # elsif (/\G.{$n}/gcs) {} # ok
2347 # elsif (/\G.{0,$n}\z/gcs) {last} # truncated
2348 # else {@r=(1,"bad jpeg: unexpected, pos=".pos); last}
2349 # }
2350 # elsif (/\G[^\xff]+/gc) {} # ECS
2351 # elsif (/\G(?:\xff\x00)+/gc) {} # ECS
2352 # else {@r=(2,"bad jpeg: unexpected char, pos=".pos); last}
2353 # }
2354 # }; @r}, @_) },
2355 # ["{}/*"], undef, [1], qr/^(bad jpeg: .*)$/ ],
2356
2357 );
2358
2359
2360 # If no virus scanners from the @av_scanners list produce 'clean' nor
2361 # 'infected' status (i.e. they all fail to run or the list is empty),
2362 # then _all_ scanners from the @av_scanners_backup list are tried
2363 # (again, subject to $first_infected_stops_scan). When there are both
2364 # daemonized and equivalent or similar command-line scanners available,
2365 # it is customary to place slower command-line scanners in the
2366 # @av_scanners_backup list. The default choice is somewhat arbitrary,
2367 # move entries from one list to another as desired, keeping main scanners
2368 # in the primary list to avoid warnings.
2369
2370 @av_scanners_backup = (
2371
2372 ### http://www.clamav.net/ - backs up clamd or Mail::ClamAV
2373 ['ClamAV-clamscan', 'clamscan',
2374 "--stdout --disable-summary -r --tempdir=$TEMPBASE {}",
2375 [0], qr/:.*\sFOUND$/, qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
2376
2377 ### http://www.f-prot.com/ - backs up F-Prot Daemon
2378 ['FRISK F-Prot Antivirus', ['f-prot','f-prot.sh'],
2379 '-dumb -ai -archive -packed -server {}', [0,8], [3,6],
2380 qr/Infection: (.+)|\s+contains\s+(.+)$/ ],
2381
2382 ### http://www.trendmicro.com/ - backs up Trophie
2383 ['Trend Micro FileScanner', ['/etc/iscan/vscan','vscan'],
2384 '-za -a {}', [0], qr/Found virus/, qr/Found virus (.+) in/ ],
2385
2386 ### http://www.sald.com/, http://drweb.imshop.de/ - backs up DrWebD
2387 ['drweb - DrWeb Antivirus',
2388 ['/usr/local/drweb/drweb', '/opt/drweb/drweb', 'drweb'],
2389 '-path={} -al -go -ot -cn -upn -ok-',
2390 [0,32], [1,9,33], qr' infected (?:with|by)(?: virus)? (.*)$'],
2391
2392 ['KasperskyLab kavscanner', ['/opt/kav/bin/kavscanner','kavscanner'],
2393 '-i1 -xp {}', [0,10,15], [5,20,21,25],
2394 qr/(?:CURED|INFECTED|CUREFAILED|WARNING|SUSPICION) (.*)/ ,
2395 sub {chdir('/opt/kav/bin') or die "Can't chdir to kav: $!"},
2396 sub {chdir($TEMPBASE) or die "Can't chdir back to $TEMPBASE $!"},
2397 ],
2398
2399 # Commented out because the name 'sweep' clashes with Debian and FreeBSD
2400 # package/port of an audio editor. Make sure the correct 'sweep' is found
2401 # in the path when enabling.
2402 #
2403 # ### http://www.sophos.com/ - backs up Sophie or SAVI-Perl
2404 # ['Sophos Anti Virus (sweep)', 'sweep',
2405 # '-nb -f -all -rec -ss -sc -archive -cab -tnef --no-reset-atime {}',
2406 # [0,2], qr/Virus .*? found/,
2407 # qr/^>>> Virus(?: fragment)? '?(.*?)'? found/,
2408 # ],
2409 # # other options to consider: -mime -oe -idedir=/usr/local/sav
2410
2411 # always succeeds (uncomment to consider mail clean if all other
2412 scanners fail)
2413 # ['always-clean', sub {0}],
2414
2415 );
2416
2417
2418 #
2419 # Section VIII - Debugging
2420 #
2421
2422 # The most useful debugging tool is to run amavisd-new non-detached
2423 # from a terminal window using command: # amavisd debug
2424
2425 # Some more refined approaches:
2426
2427 # If sender matches ACL, turn debugging fully up, just for this one message
2428 #@debug_sender_maps = ( ["test-sender\@$mydomain"] );
2429 #@debug_sender_maps = ( [qw( debug@×××××××.com debug@×××××××.net )] );
2430
2431 # May be useful along with @debug_sender_maps:
2432 # Prevent all decoded originals being deleted (replaced by decoded part)
2433 #@keep_decoded_original_maps = (1);
2434
2435 # Turn on SpamAssassin debugging (output to STDERR, use with 'amavisd
2436 debug')
2437 #$sa_debug = '1,all'; # defaults to false
2438
2439
2440 #
2441 # Section IX - Policy banks (dynamic policy switching)
2442 #
2443
2444 ## Define some policy banks (sets of settings) and give them
2445 ## arbitrary names (the names '', 'MYNETS' and 'MYUSERS' have special
2446 meaning):
2447 #
2448 # $policy_bank{'ALT'} = {
2449 # log_level => 3,
2450 # syslog_ident => 'alt-amavis',
2451 # syslog_facility => 'LOCAL3',
2452 # inet_acl => [qw( 10.0.1.14 )],
2453 # final_spam_destiny => D_PASS, final_bad_header_destiny => D_PASS,
2454 # forward_method => 'smtp:*:*',
2455 # notify_method => 'smtp:[127.0.0.1]:10025',
2456 # virus_admin_maps => "abuse\@$mydomain",
2457 # spam_lovers_maps => [@spam_lovers_maps, [qw( abuse@×××××××.com )]],
2458 # spam_tag_level_maps => 2.1,
2459 # spam_tag2_level_maps => 6.32,
2460 # spam_kill_level_maps => 6.72,
2461 # spam_dsn_cutoff_level_maps => 8,
2462 # defang_spam => 1,
2463 # local_client_bind_address => '10.11.12.13',
2464 # localhost_name => 'amavis.example.com',
2465 # smtpd_greeting_banner =>
2466 # '${helo-name} ${protocol} ${product} ${version-id}
2467 (${version-date}) TEST service ready';
2468 # auth_mech_avail => [qw(PLAIN LOGIN)],
2469 # auth_required_inp => 1,
2470 # auth_required_out => 1,
2471 # amavis_auth_user => 'amavisd', amavis_auth_pass = 'tOpsecretX',
2472 # av_scanners => [ # provide only 'free' scanners
2473 # ['ClamAV-clamd',
2474 # \&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd"],
2475 # qr/\bOK$/, qr/\bFOUND$/,
2476 # qr/^.*?: (?!Infected Archive)(.*) FOUND$/,
2477 # ],
2478 # ],
2479 # av_scanners_backup => [
2480 # ['ClamAV-clamscan', 'clamscan',
2481 # "--stdout --disable-summary -r --tempdir=$TEMPBASE {}", [0], [1],
2482 # qr/^.*?: (?!Infected Archive)(.*) FOUND$/,
2483 # ],
2484 # ],
2485 # };
2486
2487 # NOTE: the use of policy banks for changing protocol on the input socket is
2488 # only needed when different protocols need to be spoken on different
2489 sockets
2490 # at the same time. For normal use just set globally e.g.:
2491 $protocol='AM.PDP';
2492 #
2493 #$policy_bank{'AM.PDP-SOCK'} = {
2494 # protocol => 'AM.PDP', # Amavis policy delegation protocol
2495 # auth_required_release => 0, # don't require secret_id for
2496 amavisd-release
2497 #};
2498 #
2499 #$policy_bank{'AM.PDP-INET'} = {
2500 # protocol => 'AM.PDP', # Amavis policy delegation protocol
2501 # inet_acl => [qw( 127.0.0.1 [::1] )], # restrict to these IP addresses
2502 #};
2503 #
2504 ## the name 'MYNETS' has special semantics: this policy bank gets loaded
2505 ## whenever MTA supplies the original SMTP client IP address (Postfix
2506 XFORWARD
2507 ## extension or a new AM.PDP protocol) and that address matches @mynetworks.
2508 #
2509 # $terminate_dsn_on_notify_success = 1;
2510 # $policy_bank{'MYNETS'} = { # mail originating from @mynetworks
2511 # terminate_dsn_on_notify_success => 0,
2512 # spam_kill_level_maps => 6.9,
2513 # syslog_facility => 'LOCAL4', # tell syslog to log to a separate file
2514 # spam_admin_maps => ["spamalert\@$mydomain"], # alert of internal spam
2515 # bypass_spam_checks_maps => [1], # or: don't spam-check internal mail
2516 # bypass_banned_checks_maps => [1], # don't banned-check internal mail
2517 # warnbadhsender => 1, # warn local senders about their broken MUA
2518 # banned_filename_maps => ['MYNETS-DEFAULT'], # more permissive
2519 banning rules
2520 # };
2521
2522 ## the name 'MYUSERS' has special semantics: this policy bank gets loaded
2523 ## whenever the sender matches @local_domains_maps. This only makes sense
2524 ## if local sender addresses can be trusted -- for example by requiring
2525 ## authentication before letting users send with their local address.
2526 #
2527 # $policy_bank{'MYUSERS'} = {
2528 # final_virus_destiny => D_BOUNCE, # bounce only to authenticated
2529 local users
2530 # final_banned_destiny=> D_BOUNCE,
2531 # };
2532
2533
2534 ## Now we can assign policy banks to amavisd tcp port numbers listed in
2535 ## $inet_socket_port. Whenever the connection from MTA is received, first
2536 ## a built-in policy bank $policy_bank{''} gets loaded, which bringings-in
2537 ## all the global/legacy settings, then it gets overlaid by the bank
2538 ## named in the $interface_policy{$port} if any, and finally the bank
2539 ## 'MYNETS' is overlaid if it exists and the SMTP client IP address
2540 ## is known (by XFORWARD command from MTA) and it matches @mynetworks.
2541
2542 # $interface_policy{'10026'} = 'ALT';
2543
2544 # used by amavisd-release utility of a new AM.PDP-based amavis-milter client
2545 #$interface_policy{'9998'} = 'AM.PDP-INET';
2546 #$interface_policy{'SOCK'} = 'AM.PDP-SOCK';
2547
2548
2549 # Want to execute additional configuration files from some directory?
2550 #
2551 #{ my($d) = '/etc/amavis/conf.d'; # do *.cf or *.conf files in this
2552 directory
2553 # local(*D); opendir(D,$d) or die "Can't open dir $d: $!";
2554 # my(@d) = sort grep {/\.(cf|conf)$/ && -f} map {/^(.*)$/,"$d/$1"}
2555 readdir(D);
2556 # closedir(D) or die "Can't close $d: $!";
2557 # for my $f (@d) {
2558 # printf("Reading config file %s\n", $f); $!=0;
2559 # if (defined(do $f)) {}
2560 # elsif ($@ ne '') { die "Error in $f: $@" }
2561 # elsif ($! != 0) { die "Error reading $f: $!" }
2562 # }
2563 #}
2564
2565 #-------------
2566 1; # insure a defined return
2567 --
2568 gentoo-server@g.o mailing list

Replies

Subject Author
Re: [gentoo-server] amavisd-new disaster Ben Munat <bent@×××××.com>
Report Message
Find on MARC Find on Google Groups