Uff schnell wie immer. Danke. Sandy Drobic wrote:
Thomas Fankhauser wrote:
Ich hab jetzt amavisd-new installiert, er horcht auf Port 10024. Die Mail wird auch an ihn weitergereicht. SA ist jetzt auch drauf. Hab
Okay, und ist Postfix auch konfiguriert, die Mail an Amavisd-new weiterzugeben und wieder zurückzunehmen?
Kommt denn eine Mail durch und sind die Amavis-header in der Mail?
Die Mails kommen durch! Amavis header sind keine drinn, jedenfalls nicht in meiner Testmail vom Hotmail account
in YAST Software installieren SA ausgewählt. Laut einer Seite bei Google, muss beim SA erst mal gar nichts gemacht werden. Die Konfiguration von SA ist im Amavisd-new drinnen. Im amavisd.conf habe ich die Zeile:
@bypass_virus_checks_maps = (1); # uncomment to DISABLE anti-virus code
# @bypass_spam_checks_maps = (1); # uncomment to DISABLE anti-spam code
weil ich eigentlich nur auf SPAM checken will.
$sa_tag_level_deflt = 0.0;
Mit dieser Konfig sollte meiner meinung nach, jedes mail im Header einen Tag erhalten (X-Spam status = 0) oder so.
Denkste. (^-°)
Amavisd-New kann auch negative Werte vergeben. Setze den Wert mal auf -20, dann sollten wirklich IMMER die Header eingetragen werden.
Hab ich jetzt drinn, hab danach einen rcamavis restart gemacht. Neue Testmail hat keine Tags drinn. Geht aber definitiv durch Amavis localhost 10024. -- Thomas
Tu ich aber nicht. Da ich nicht weiss wo ich weitersuchen soll,
bin ich wieder mal verloren.
Poste mal folgendes: egrep -v '^#|^$|^[[:space:]]+#' /etc/amavisd.conf
Das wird aber lange: use strict; @bypass_virus_checks_maps = (1); # uncomment to DISABLE anti-virus code $max_servers = 2; # num of pre-forked children (2..15 is common), -m $daemon_user = 'vscan'; # (no default; customary: vscan or amavis), -u $daemon_group = 'vscan'; # (no default; customary: vscan or amavis), -g $mydomain = 'slogi.ch'; # a convenient default for other settings $MYHOME = '/var/spool/amavis'; # a convenient default for other settings, -H $TEMPBASE = "$MYHOME/tmp"; # working directory, needs to exist, -T $ENV{TMPDIR} = $TEMPBASE; # environment variable TMPDIR $QUARANTINEDIR = '/var/spool/amavis/virusmails'; # -Q @local_domains_maps = ( [".$mydomain"] ); $log_level = -d; # verbosity 0..5, -d $log_recip_templ = undef; # disable by-recipient level-0 log entries $DO_SYSLOG = 1; # log via syslogd (preferred) $syslog_facility = 'mail'; # Syslog facility as a string $syslog_priority = 'debug'; # Syslog base (minimal) priority as a string, $enable_db = 1; # enable use of BerkeleyDB/libdb (SNMP and nanny) $enable_global_cache = 1; # enable use of libdb-based cache if $enable_db=1 $inet_socket_port = 10024; # listen on this local TCP port(s) (see $protocol) $unix_socketname = "$MYHOME/amavisd.sock"; # amavisd-release or amavis-milter $interface_policy{'SOCK'}='AM.PDP-SOCK'; # only relevant with $unix_socketname $policy_bank{'AM.PDP-SOCK'} = { protocol=>'AM.PDP' }; $sa_tag_level_deflt = 0.0; # add spam info headers if at, or above that level $sa_tag2_level_deflt = 6.31; # add 'spam detected' headers at that level $sa_kill_level_deflt = 6.31; # triggers spam evasive actions $sa_dsn_cutoff_level = 10; # spam level beyond which a DSN is not sent $sa_mail_body_size_limit = 400*1024; # don't waste time on SA if mail is larger $sa_local_tests_only = 0; # only tests which do not require internet access? $virus_admin = "virusalert@$mydomain"; # notifications recip. $mailfrom_notify_admin = "virusalert@$mydomain"; # notifications sender $mailfrom_notify_recip = "virusalert@$mydomain"; # notifications sender $mailfrom_notify_spamadmin = "spam.police@$mydomain"; # notifications sender $mailfrom_to_quarantine = ''; # null return path; uses original sender if undef @addr_extension_virus_maps = ('virus'); @addr_extension_banned_maps = ('banned'); @addr_extension_spam_maps = ('spam'); @addr_extension_bad_header_maps = ('badh'); $path = '/usr/local/sbin:/usr/local/bin:/usr/sbin:/sbin:/usr/bin:/bin'; $MAXLEVELS = 14; $MAXFILES = 1500; $MIN_EXPANSION_QUOTA = 100*1024; # bytes (default undef, not enforced) $MAX_EXPANSION_QUOTA = 300*1024*1024; # bytes (default undef, not enforced) $sa_spam_subject_tag = '***SPAM*** '; $defang_virus = 1; # MIME-wrap passed infected mail $defang_banned = 1; # MIME-wrap passed mail containing banned name $defang_by_ccat{+CC_BADH.",3"} = 1; # NUL or CR character in header $defang_by_ccat{+CC_BADH.",5"} = 1; # header line longer than 998 characters $defang_by_ccat{+CC_BADH.",6"} = 1; # header field syntax error $myhostname = 'melinda.slogi.ch'; $forward_method = 'smtp:80.238.212.230:25'; # hob i reingmacht $final_spam_destiny = D_PASS; @keep_decoded_original_maps = (new_RE( qr'^MAIL-UNDECIPHERABLE$', # recheck full mail if it contains undecipherables qr'^(ASCII(?! cpio)|text|uuencoded|xxencoded|binhex)'i, )); $banned_filename_re = new_RE( qr'^.(exe-ms|dll)$', # banned file(1) types, rudimentary [ qr'^.(rpm|cpio|tar)$' => 0 ], # allow any in Unix-type archives qr'..(pif|scr)$'i, # banned extensions - rudimentary qr'^application/x-msdownload$'i, # block these MIME types qr'^application/x-msdos-program$'i, qr'^application/hta$'i, qr'.[^./]*[A-Za-z][^./]*.(exe|vbs|pif|scr|bat|cmd|com|cpl|dll).?$'i, qr'..(exe|vbs|pif|scr|cpl)$'i, # banned extension - basic ); @score_sender_maps = ({ # a by-recipient hash lookup table, '.' => [ # the _first_ matching sender determines the score boost new_RE( # regexp-type lookup table, just happens to be all soft-blacklist [qr'^(bulkmail|offers|cheapbenefits|earnmoney|foryou)@'i => 5.0], [qr'^(greatcasino|investments|lose_weight_today|market.alert)@'i=> 5.0], [qr'^(money2you|MyGreenCard|new.tld.registry|opt-out|opt-in)@'i=> 5.0], [qr'^(optin|saveonlsmoking2002k|specialoffer|specialoffers)@'i => 5.0], [qr'^(stockalert|stopsnoring|wantsome|workathome|yesitsfree)@'i => 5.0], [qr'^(your_friend|greatoffers)@'i => 5.0], [qr'^(inkjetplanet|marketopt|MakeMoney)\d*@'i => 5.0], ), { # a hash-type lookup table (associative array) 'nobody@cert.org' => -3.0, 'cert-advisory@us-cert.gov' => -3.0, 'owner-alert@iss.net' => -3.0, 'slashdot@slashdot.org' => -3.0, 'securityfocus.com' => -3.0, 'ntbugtraq@listserv.ntbugtraq.com' => -3.0, 'security-alerts@linuxsecurity.com' => -3.0, 'mailman-announce-admin@python.org' => -3.0, 'amavis-user-admin@lists.sourceforge.net'=> -3.0, 'amavis-user-bounces@lists.sourceforge.net' => -3.0, 'spamassassin.apache.org' => -3.0, 'notification-return@lists.sophos.com' => -3.0, 'owner-postfix-users@postfix.org' => -3.0, 'owner-postfix-announce@postfix.org' => -3.0, 'owner-sendmail-announce@lists.sendmail.org' => -3.0, 'sendmail-announce-request@lists.sendmail.org' => -3.0, 'donotreply@sendmail.org' => -3.0, 'ca+envelope@sendmail.org' => -3.0, 'noreply@freshmeat.net' => -3.0, 'owner-technews@postel.acm.org' => -3.0, 'ietf-123-owner@loki.ietf.org' => -3.0, 'cvs-commits-list-admin@gnome.org' => -3.0, 'rt-users-admin@lists.fsck.com' => -3.0, 'clp-request@comp.nus.edu.sg' => -3.0, 'surveys-errors@lists.nua.ie' => -3.0, 'emailnews@genomeweb.com' => -5.0, 'yahoo-dev-null@yahoo-inc.com' => -3.0, 'returns.groups.yahoo.com' => -3.0, 'clusternews@linuxnetworx.com' => -3.0, lc('lvs-users-admin@LinuxVirtualServer.org') => -3.0, lc('owner-textbreakingnews@CNNIMAIL12.CNN.COM') => -5.0, 'sender@example.net' => 3.0, '.example.net' => 1.0, }, ], # end of site-wide tables }); @decoders = ( ['mail', &do_mime_decode], ['asc', &do_ascii], ['uue', &do_ascii], ['hqx', &do_ascii], ['ync', &do_ascii], ['F', &do_uncompress, ['unfreeze','freeze -d','melt','fcat'] ], ['Z', &do_uncompress, ['uncompress','gzip -d','zcat'] ], ['gz', &do_uncompress, 'gzip -d'], ['gz', &do_gunzip], ['bz2', &do_uncompress, 'bzip2 -d'], ['lzo', &do_uncompress, 'lzop -d'], ['rpm', &do_uncompress, ['rpm2cpio.pl','rpm2cpio'] ], ['cpio', &do_pax_cpio, ['pax','gcpio','cpio'] ], ['tar', &do_pax_cpio, ['pax','gcpio','cpio'] ], ['tar', &do_tar], ['deb', &do_ar, 'ar'], ['zip', &do_unzip], ['rar', &do_unrar, ['rar','unrar'] ], ['arj', &do_unarj, ['arj','unarj'] ], ['arc', &do_arc, ['nomarch','arc'] ], ['zoo', &do_zoo, ['zoo','unzoo'] ], ['lha', &do_lha, 'lha'], ['cab', &do_cabextract, 'cabextract'], ['tnef', &do_tnef_ext, 'tnef'], ['tnef', &do_tnef], ['exe', &do_executable, ['rar','unrar'], 'lha', ['arj','unarj'] ], ); @av_scanners = ( ['KasperskyLab AVP - aveclient', ['/usr/local/kav/bin/aveclient','/usr/local/share/kav/bin/aveclient', '/opt/kav/5.5/kav4mailservers/bin/aveclient','aveclient'], '-p /var/run/aveserver -s {}/*', [0,3,6,8], qr/\b(INFECTED|SUSPICION|SUSPICIOUS)\b/, qr/(?:INFECTED|WARNING|SUSPICION|SUSPICIOUS) (.+)/, ], ['KasperskyLab AntiViral Toolkit Pro (AVP)', ['avp'], '-* -P -B -Y -O- {}', [0,3,6,8], [2,4], # any use for -A -K ? qr/infected: (.+)/, sub {chdir('/opt/AVP') or die "Can't chdir to AVP: $!"}, sub {chdir($TEMPBASE) or die "Can't chdir back to $TEMPBASE $!"}, ], ['KasperskyLab AVPDaemonClient', [ '/opt/AVP/kavdaemon', 'kavdaemon', '/opt/AVP/AvpDaemonClient', 'AvpDaemonClient', '/opt/AVP/AvpTeamDream', 'AvpTeamDream', '/opt/AVP/avpdc', 'avpdc' ], "-f=$TEMPBASE {}", [0,8], [3,4,5,6], qr/infected: ([^\r\n]+)/ ], ['CentralCommand Vexira (new) vascan', ['vascan','/usr/lib/Vexira/vascan'], "-a s --timeout=60 --temp=$TEMPBASE -y $QUARANTINEDIR ". "--vdb=/usr/lib/Vexira/vexira8.vdb --log=/var/log/vascan.log {}", [0,3], [1,2,5], qr/(?x)^\s* (?:virus|iworm|macro|mutant|sequence|trojan)\ found:\ ( [^]\s']+ )\ ...\ / ], ['Avira AntiVir', ['antivir','vexira'], '--allfiles -noboot -nombr -rs -s -z {}', [0], qr/ALERT:|VIRUS:/, qr/(?x)^\s* (?: ALERT: \s* (?: [ | [^']* ' ) | (?i) VIRUS:\ .*?\ virus\ '?) ( [^]\s']+ )/ ], ['Command AntiVirus for Linux', 'csav', '-all -archive -packed {}', [50], [51,52,53], qr/Infection: (.+)/ ], ['Symantec CarrierScan via Symantec CommandLineScanner', 'cscmdline', '-a scan -i 1 -v -s 127.0.0.1:7777 {}', qr/^Files Infected:\s+0$/, qr/^Infected\b/, qr/^(?:Info|Virus Name):\s+(.+)/ ], ['Symantec AntiVirus Scan Engine', 'savsecls', '-server 127.0.0.1:7777 -mode scanrepair -details -verbose {}', [0], qr/^Infected\b/, qr/^(?:Info|Virus Name):\s+(.+)/ ], ['F-Secure Antivirus for Linux servers', ['/opt/f-secure/fsav/bin/fsav', 'fsav'], '--delete=no --disinf=no --rename=no --archive=yes --auto=yes '. '--dumb=yes --list=no --mime=yes {}', [0], [3,6,8], qr/(?:infection|Infected|Suspected): (.+)/ ], ['CAI InoculateIT', 'inocucmd', # retired product '-sec -nex {}', [0], [100], qr/was infected by virus (.+)/ ], ['CAI eTrust Antivirus', 'etrust-wrapper', '-arc -nex -spm h {}', [0], [101], qr/is infected by virus: (.+)/ ], ['MkS_Vir for Linux (beta)', ['mks32','mks'], '-s {}/*', [0], [1,2], qr/--[ \t]*(.+)/ ], ['MkS_Vir daemon', 'mksscan', '-s -q {}', [0], [1..7], qr/^... (\S+)/ ], ['ESET NOD32 for Linux Mail servers', ['/opt/eset/nod32/bin/nod32cli', 'nod32cli'], '--subdir --files -z --sfx --rtp --adware --unsafe --pattern --heur '. '-w -a --action-on-infected=accept --action-on-uncleanable=accept '. '--action-on-notscanned=accept {}', [0,3], [1,2], qr/virus="([^"]+)"/ ], ['ESET NOD32 for Linux File servers', ['/opt/eset/nod32/sbin/nod32','nod32'], '--files -z --mail --sfx --rtp --adware --unsafe --pattern --heur '. '-w -a --action=1 -b {}', [0], [1,10], qr/^object=.*, virus="(.*?)",/ ], ['Norman Virus Control v5 / Linux', 'nvcc', '-c -l:0 -s -u -temp:$TEMPBASE {}', [0,10,11], [1,2,14], qr/(?i).* virus in .* -> '(.+)'/ ], ['Panda CommandLineSecure 9 for Linux', ['/opt/pavcl/usr/bin/pavcl','pavcl'], '-auto -aex -heu -cmp -nbr -nor -nos -eng -nob {}', qr/Number of files infected[ .]*: 0+(?!\d)/, qr/Number of files infected[ .]*: 0*[1-9]/, qr/Found virus :\s*(\S+)/ ], ['NAI McAfee AntiVirus (uvscan)', 'uvscan', '--secure -rv --mime --summary --noboot - {}', [0], [13], qr/(?x) Found (?: \ the\ (.+)\ (?:virus|trojan) | \ (?:virus|trojan)\ or\ variant\ ([^ ]+) | :\ (.+)\ NOT\ a\ virus)/, ], ['VirusBuster', ['vbuster', 'vbengcl'], "{} -ss -i '*' -log=$MYHOME/vbuster.log", [0], [1], qr/: '(.*)' - Virus/ ], ['CyberSoft VFind', 'vfind', '--vexit {}/*', [0], [23], qr/##==>>>> VIRUS ID: CVDL (.+)/, ], ['avast! Antivirus', ['/usr/bin/avastcmd','avastcmd'], '-a -i -n -t=A {}', [0], [1], qr/\binfected by:\s+([^ \t\n[]]+)/ ], ['Ikarus AntiVirus for Linux', 'ikarus', '{}', [0], [40], qr/Signature (.+) found/ ], ['BitDefender', 'bdc', '--arc --mail {}', qr/^Infected files *:0+(?!\d)/, qr/^(?:Infected files|Identified viruses|Suspect files) *:0*[1-9]/, qr/(?:suspected|infected): (.*)(?:\033|$)/ ], ); @av_scanners_backup = ( ['ClamAV-clamscan', 'clamscan', "--stdout --no-summary -r --tempdir=$TEMPBASE {}", [0], qr/:.*\sFOUND$/, qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ], ['FRISK F-Prot Antivirus', ['f-prot','f-prot.sh'], '-dumb -archive -packed {}', [0,8], [3,6], qr/Infection: (.+)|\s+contains\s+(.+)$/ ], ['Trend Micro FileScanner', ['/etc/iscan/vscan','vscan'], '-za -a {}', [0], qr/Found virus/, qr/Found virus (.+) in/ ], ['drweb - DrWeb Antivirus', ['/usr/local/drweb/drweb', '/opt/drweb/drweb', 'drweb'], '-path={} -al -go -ot -cn -upn -ok-', [0,32], [1,9,33], qr' infected (?:with|by)(?: virus)? (.*)$'], ['Kaspersky Antivirus v5.5', ['/opt/kav/5.5/kav4unix/bin/kavscanner', '/opt/kav/5.5/kav4mailservers/bin/kavscanner','kavscanner'], '-i0 -xn -xp -mn -R -ePASBME {}/*', [0,10,15], [5,20,21,25], qr/(?:INFECTED|WARNING|SUSPICION|SUSPICIOUS) (.*)/ , ], ); 1; # insure a defined return
-- Sandy
Antworten bitte nur in die Mailingliste! PMs bitte an: news-reply2 (@) japantest (.) homelinux (.) com
-- Um die Liste abzubestellen, schicken Sie eine Mail an: opensuse-de+unsubscribe@opensuse.org Um eine Liste aller verfuegbaren Kommandos zu bekommen, schicken Sie eine Mail an: opensuse-de+help@opensuse.org