ja
ich nutze SuSE9.0, fetch- und sendmail, antivir von der SuSE-CD, amavis-new und spammassessin.
mails holen und senden klappt nur mit der antivirengeschichte habe ich ein problem.
beim test mit telnet 127.0.0.1 10024 kommt folgendes:
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
220 [127.0.0.1] ESMTP amavisd-new service ready
das ist soweit OK denke ich,
beim test mit telnet 127.0.0.1 10025 kommt folgendes:
Trying 127.0.0.1...
telnet: connect to address 127.0.0.1: Connection refused
hier die /etc/amavisd.conf
$MYHOME = '/var/spool/amavis';
$mydomain = 'mydomain';
$daemon_user = 'vscan';
$daemon_group = 'vscan';
$TEMPBASE = $MYHOME; # (must be set if other config vars use is)
$ENV{TMPDIR} = $TEMPBASE; # wise, but usually not necessary
$forward_method = 'smtp:127.0.0.1:10025'; # where to forward checked mail
$notify_method = $forward_method; # where to submit notifications
$max_servers = 2; # number of pre-forked children (default 2)
$max_requests = 10; # retire a child after that many accepts (default 10)
$child_timeout=5*60; # abort child if it does not complete each task in n sec
@local_domains_acl = ( ".$mydomain" ); # $mydomain and its subdomains
$unix_socketname = "$MYHOME/amavisd.sock"; # amavis helper protocol socket
$inet_socket_port = 10024; # accept SMTP on this local TCP port
@inet_acl = qw( 127.0.0.1 ); # allow SMTP access only from localhost IP
$DO_SYSLOG = 1; # (defaults to false)
$LOGFILE = "$MYHOME/amavis.log"; # (defaults to empty, no log)
$log_level = 2; # (defaults to 0)
$log_templ = '[? %#V |[? %#F |[?%#D|Not-Delivered|Passed]|BANNED name/type (%F)]|INFECTED (%V)], $final_virus_destiny = D_BOUNCE; # (defaults to D_BOUNCE)
$final_banned_destiny = D_BOUNCE; # (defaults to D_BOUNCE)
$final_spam_destiny = D_PASS;
$final_bad_header_destiny = D_PASS; # (defaults to D_PASS), D_BOUNCE suggested
$viruses_that_fake_sender_re = new_RE(
qr'nimda|hybris|klez|bugbear|yaha|braid|sobig|fizz er|palyh|peido|holar'i,
qr'tanatos|lentin|bridex|mimail|trojan\.dropper'i,
);
$virus_admin = "virusalert\@$mydomain";
$mailfrom_notify_admin = "virusalert\@$mydomain";
$mailfrom_notify_recip = "virusalert\@$mydomain";
$mailfrom_notify_spamadmin = "spam.police\@$mydomain";
$mailfrom_to_quarantine = undef; # original sender if undef, or set explicitly
$QUARANTINEDIR = '/var/spool/amavis/virusmails';
$virus_quarantine_to = 'virus-quarantine'; # traditional local quarantine
$spam_quarantine_to = undef;
$X_HEADER_TAG = 'X-Virus-Scanned'; # (default: undef)
$X_HEADER_LINE = "by amavisd-new at $mydomain";
$remove_existing_x_scanned_headers = 0; # leave existing X-Virus-Scanned alone
$remove_existing_spam_headers = 1; # remove existing spam headers if
$keep_decoded_original_re = new_RE(
qr'^(ASCII|text|uuencoded|xxencoded|binhex)'i,
);
$banned_filename_re = new_RE(
qr'\.[a-zA-Z][a-zA-Z0-9]{0,3}\.(vbs|pif|scr|bat|com|exe|dll)$'i, # double extension
$sql_select_white_black_list = undef; # undef disables SQL white/blacklisting
$recipient_delimiter = '+'; # (default is '+')
$localpart_is_case_sensitive = 0; # (default is false)
$blacklist_sender_re = new_RE(
qr'^(bulkmail|offers|cheapbenefits|earnmoney|foryo u|greatcasino)@'i,
qr'^(investments|lose_weight_today|market.alert|mo ney2you|MyGreenCard)@'i,
qr'^(new\.tld\.registry|opt-out|opt-in|optin|saveonlsmoking2002k)@'i,
qr'^(specialoffer|specialoffers|stockalert|stopsno ring|wantsome)@'i,
qr'^(workathome|yesitsfree|your_friend|greatoffers )@'i,
qr'^(inkjetplanet|marketopt|MakeMoney)\d*@'i,
);
map { $whitelist_sender{lc($_)}=1 } (qw(
cert-advisory-owner@cert.org
owner-alert@iss.net
slashdot@slashdot.org
bugtraq@securityfocus.com
NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
security-alerts@linuxsecurity.com
amavis-user-admin@lists.sourceforge.net
notification-return@lists.sophos.com
mailman-announce-admin@python.org
owner-postfix-users@postfix.org
owner-postfix-announce@postfix.org
owner-sendmail-announce@Lists.Sendmail.ORG
owner-technews@postel.ACM.ORG
lvs-users-admin@LinuxVirtualServer.org
ietf-123-owner@loki.ietf.org
cvs-commits-list-admin@gnome.org
rt-users-admin@lists.fsck.com
clp-request@comp.nus.edu.sg
surveys-errors@lists.nua.ie
emailNews@genomeweb.com
owner-textbreakingnews@CNNIMAIL12.CNN.COM
spamassassin-talk-admin@lists.sourceforge.net
yahoo-dev-null@yahoo-inc.com
returns.groups.yahoo.com
));
$MAXLEVELS = 14; # (default is undef, no limit)
$MAXFILES = 1500; # (default is undef, no limit)
$MIN_EXPANSION_QUOTA = 100*1024; # bytes (default undef, not enforced)
$MAX_EXPANSION_QUOTA = 300*1024*1024; # bytes (default undef, not enforced)
$MIN_EXPANSION_FACTOR = 5; # times original mail size (must be specified)
$MAX_EXPANSION_FACTOR = 500; # times original mail size (must be specified)
$path = '/usr/local/sbin:/usr/local/bin:/usr/sbin:/sbin:/usr/bin:/bin';
$file = 'file'; # file(1) utility; use 3.41 or later to avoid vulnerability
$gzip = 'gzip';
$bzip2 = 'bzip2';
$lzop = 'lzop';
$uncompress = ['uncompress', 'gzip -d', 'zcat'];
$unfreeze = ['unfreeze', 'freeze -d', 'melt', 'fcat'];
$arc = ['nomarch', 'arc'];
$unarj = ['arj', 'unarj']; # both can extract, same options
$unrar = ['rar', 'unrar']; # both can extract, same options
$zoo = 'zoo';
$lha = 'lha';
$cpio = 'cpio'; # comment out if cpio does not support GNU options
$sa_local_tests_only = 1; # (default: false)
$sa_mail_body_size_limit = 64*1024; # don't waste time on SA if mail is larger
$sa_tag_level_deflt = 3.0; # add spam info headers if at, or above that level
$sa_tag2_level_deflt = 5.0;
$sa_kill_level_deflt = $sa_tag2_level_deflt; # triggers spam evasive actions
$sa_spam_subject_tag = '***SPAM*** '; # (defaults to undef, disables)
@av_scanners = (
['KasperskyLab AntiViral Toolkit Pro (AVP)', ['avp','kavscanner'],
'-* -P -B -Y -O- {}', [0,3,8], [2,4], # any use for -A -K ?
qr/infected: (.+)/,
sub {chdir('/opt/AVP') or die "Can't chdir to AVP: $!"},
sub {chdir($TEMPBASE) or die "Can't chdir back to $TEMPBASE $!"},
],
['KasperskyLab AVPDaemonClient',
[ '/opt/AVP/kavdaemon', 'kavdaemon',
'/opt/AVP/AvpDaemonClient', 'AvpDaemonClient',
'/opt/AVP/AvpTeamDream', 'AvpTeamDream',
'/opt/AVP/avpdc', 'avpdc' ],
'{}', [0,8], [3,4,5,6], qr/infected: ([^\r\n]+)/ ],
['H+BEDV AntiVir or CentralCommand Vexira Antivirus',
['antivir','vexira'],
'--allfiles -noboot -nombr -rs -s -z {}', [0], qr/ALERT:|VIRUS:/,
qr/(?x)^\s* (?: ALERT: \s* (?: \[ | [^']* ' ) |
(?i) VIRUS:\ .*?\ virus\ '?) ( [^\]\s']+ )/ ],
['Command AntiVirus for Linux', 'csav',
'-all -archive -packed {}', [50], [51,52,53],
qr/Infection: (.+)/ ],
['Symantec CarrierScan via Symantec CommandLineScanner',
['cscmdline','savsecls'],
'-a scan -i 1 -v -s 127.0.0.1:7777 {}',
qr/Files Infected: 0/, qr/^Infected: /,
qr/Info:\s+(.+)/ ],
['DrWeb Antivirus for Linux/FreeBSD/Solaris', 'drweb',
'-al -ar -fm -go -ha -ml -ot -sd -up {}',
[0], [1], sub {('no-name')} ],
['F-Secure Antivirus', 'fsav',
'--dumb --archive {}', [0], [3,8],
qr/(?:infection|Infected): (.+)/ ],
['CAI InoculateIT', 'inocucmd',
'-sec -nex {}', [0], [100],
qr/was infected by virus (.+)/ ],
['MkS_Vir for Linux (beta)', ['mks32','mks'],
'-s {}/*', [0], [1,2],
qr/--[ \t]*(.+)/ ],
['MkS_Vir daemon',
'mksscan', '-s -q {}', [0], [1..7],
qr/^... (\S+)/ ],
['ESET Software NOD32', 'nod32',
'-all -subdir+ {}', [0], [1,2],
qr/^.+? - (.+?)\s*(?:backdoor|joke|trojan|virus|worm)/ ],
['ESET Software NOD32 - Client/Server Version', 'nod32cli',
'-a -r -d recurse --heur standard {}', [0], [10,11],
qr/^\S+\s+infected:\s+(.+)/ ],
['Norman Virus Control v5 / Linux', 'nvccmd',
'-c -l:0 -s -u {}', [0], [1],
qr/(?i).* virus in .* -> \'(.+)\'/ ],
['Panda Antivirus for Linux', ['pavcl'],
'-aut -aex -heu -cmp -nbr -nor -nso -eng {}',
qr/Number of files infected[ \.]*: 0(?!\d)/,
qr/Number of files infected[ \.]*: 0*[1-9]/,
qr/Found virus :\s*(\S+)/ ],
['NAI McAfee AntiVirus (uvscan)', 'uvscan',
'--secure -rv --summary --noboot {}', [0], [13],
qr/(?x) Found (?:
\ the\ (.+)\ (?:virus|trojan) |
\ (?:virus|trojan)\ or\ variant\ ([^ ]+) |
:\ (.+)\ NOT\ a\ virus)/,
],
['VirusBuster', ['vbuster', 'vbengcl'],
"{} -ss -i '*' -log=$MYHOME/vbuster.log", [0], [1],
qr/: '(.*)' - Virus/ ],
['CyberSoft VFind', 'vfind',
'--vexit {}', [0], [23], qr/##==>>>> VIRUS ID: CVDL (.+)/,
],
['Ikarus AntiVirus for Linux', 'ikarus',
'{}', [0], [40], qr/Signature (.+) found/ ],
['BitDefender', 'bdc',
'--all --arc {}', qr/^Infected files *:0(?!\d)/,
qr/^(?:Infected files|Identified viruses|Suspect files) *:0*[1-9]/,
qr/(?:suspected|infected): (.*)\033/ ],
);
@av_scanners_backup = (
['Clam Antivirus - clamscan', 'clamscan',
'--stdout --disable-summary -r {}', [0], [1],
qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
['FRISK F-Prot Antivirus', ['f-prot','f-prot.sh'],
'-dumb -archive -packed {}', [0,8], [3,6],
qr/Infection: (.+)/ ],
['Trend Micro FileScanner', ['/etc/iscan/vscan','vscan'],
'-a {}', [0], qr/Found virus/, qr/Found virus (.+) in/ ],
);
1; # insure a defined return
Kommentare sind entfernt.
hier die antivir.conf ohne Komentare (o.K.)
EmailTo root@localhost
LogTo /var/log/antivir.log
hier die /etc/sysconfig/amavis o.K.
USE_AMAVIS="yes"
AMAVIS_SENDMAIL_MILTER="yes"
hier die /etc/sysconfig/antivir o.K.
AVGUARD_TYPE="workstation"
DAZUKO_MODULE="dazuko"
hier die /etc/sysconfig/sendmail o.K.
SENDMAIL_SMARTHOST="post.strato.de"
SENDMAIL_LOCALHOST="mydomain"
SENDMAIL_ALLMASQUERADE="no"
SENDMAIL_RELAY=""
SENDMAIL_LUSER=""
SENDMAIL_ARGS="-L sendmail -Am -bd -om"
SENDMAIL_CLIENT_ARGS="-L sendmail-client -Ac -q30m"
SENDMAIL_EXPENSIVE="yes"
SENDMAIL_NOCANONIFY="yes"
NULLCLIENT=""
NODNS="no"
DIALUP="no"
SENDMAIL_GENERICS_DOMAIN=""
MASQUERADE_DOMAINS=""
SMTP_AUTH_MECHANISMS="plain gssapi digest-md5 cram-md5"
SMTP_AUTH_SERVER=""
STARTTLS=""
SENDMAIL_DB_FOLD="yes"
SENDMAIL_DNSRBL=""
hier die /etc/mail/spamassessin/local.cf o.K.
rewrite_subject 1
subject_tag ***** -SPAM- *****
report_safe 1
report_header 1
use_terse_report 1
defang_mime 0
hier die /var/log/antivir.log
2005-06-06 14:52:13 IBM023 antivir[1872]: AVUP: AntiVir is up-to-date
2005-06-07 15:05:16 IBM023 antivir[2601]: AVUP: reloaded AntiVir Guard Workstation successfully
2005-06-07 15:05:16 IBM023 antivir[2601]: AVUP: AntiVir successfully updated itself
2005-06-07 15:05:22 IBM023 antivir[2704]: AVUP: The "incremental VDF update" method which reduces traffic and time on updates
2005-06-07 15:05:22 IBM023 antivir[2704]: AVUP: has gone beta. See http://www.free-av.de/unix_inkrementell.html for details.
2005-06-07 15:06:03 IBM023 antivir[2704]: AVUP: AntiVir is up-to-date
2005-06-08 16:25:41 IBM023 antivir[1143]: AVGU: AntiVir ALERT: [Eicar-Test-Signature virus] /tmp/kde-root/kmailB2lYla.3/EICAR.com <<< Contains code of the Eicar-Test-Signature virus
2005-06-08 16:25:41 IBM023 antivir[1143]: AVGU: The concerning file has been moved from /tmp/kde-root/kmailB2lYla.3/EICAR.com to /home/unwanted/05D87C74.FEE
hier die /var/log/mail
Jun 9 07:32:59 IBM023 sendmail-client[1508]: starting daemon (8.12.10): queueing@00:30:00
Jun 9 07:33:00 IBM023 sendmail[1511]: starting daemon (8.12.10): SMTP
Jun 9 07:33:10 IBM023 amavis[1421]: SpamControl: done
Jun 9 10:25:35 IBM023 amavis[1574]: SMTP: 500 5.5.2 Error: bad syntax; PENALIZE: \377\364\377\375\006quit\r\n
Jun 9 10:26:00 IBM023 amavis[1574]: SMTP: 500 5.5.2 Error: bad syntax; PENALIZE: \377\364\377\375\006\377\364\377\375\006\r\n
Jun 9 10:26:06 IBM023 amavis[1574]: (01574-02) SMTP: 501 5.5.2 Syntax: MAIL FROM: <address>; PENALIZE: mail to\r\n
Jun 9 10:26:50 IBM023 amavis[1574]: (01574-02) SMTP: 502 5.5.1 Error: command (EXIT) not implemented; PENALIZE: exit\r\n
hier die /var/log/mail.err
Jun 8 11:52:14 IBM023 sendmail[2087]: NOQUEUE: SYSERR(root): /etc/sendmail.cf: line 561: unknown configuration line "InputMailFilters=milter-amavis, S=local:/var/spool/amavis/amavis-milter.sock, F=R"
Jun 8 16:21:54 IBM023 sendmail[2781]: j58ELVEU002758: SYSERR(root): rewrite: map authinfo not found
Jun 8 16:21:54 IBM023 last message repeated 2 times
Jun 8 16:28:01 IBM023 sendmail[2886]: j58EQAEU002841: SYSERR(root): rewrite: map authinfo not found
Jun 8 16:28:01 IBM023 last message repeated 2 times
hier die /var/log/mail.info
Jun 9 07:32:57 IBM023 amavis[1089]: Found myself: /usr/sbin/amavisd -c /etc/amavisd.conf
Jun 9 07:32:57 IBM023 amavis[1089]: Lookup::SQL code NOT loaded
Jun 9 07:32:57 IBM023 amavis[1089]: Lookup::LDAP code NOT loaded
Jun 9 07:32:57 IBM023 amavis[1089]: AMCL-in protocol code loaded
Jun 9 07:32:57 IBM023 amavis[1089]: SMTP-in protocol code loaded
Jun 9 07:32:57 IBM023 amavis[1089]: ANTI-VIRUS code loaded
Jun 9 07:32:57 IBM023 amavis[1089]: ANTI-SPAM code loaded
Jun 9 07:32:57 IBM023 amavis[1421]: Net::Server: Process Backgrounded
Jun 9 07:32:57 IBM023 amavis[1421]: Net::Server: 2005/06/09-07:32:57 Amavis (type Net::Server::PreForkSimple) starting! pid(1421)
Jun 9 07:32:57 IBM023 amavis[1421]: Net::Server: Binding to UNIX socket file /var/spool/amavis/amavisd.sock using SOCK_STREAM
Jun 9 07:32:57 IBM023 amavis[1421]: Net::Server: Binding to TCP port 10024 on host 127.0.0.1
Jun 9 07:32:57 IBM023 amavis[1421]: Net::Server: Setting gid to "101 101"
Jun 9 07:32:57 IBM023 amavis[1421]: Net::Server: Setting uid to "65"
Jun 9 07:32:57 IBM023 amavis[1421]: Net::Server: Couldn't POSIX::setuid to "65" [Illegal seek]
Jun 9 07:32:57 IBM023 amavis[1421]: Found $file at /usr/bin/file
Jun 9 07:32:57 IBM023 amavis[1421]: Found $arc at /usr/bin/arc
Jun 9 07:32:57 IBM023 amavis[1421]: Found $gzip at /usr/bin/gzip
Jun 9 07:32:57 IBM023 amavis[1421]: Found $bzip2 at /usr/bin/bzip2
Jun 9 07:32:57 IBM023 amavis[1421]: No $lzop, not using it
Jun 9 07:32:57 IBM023 amavis[1421]: Found $lha at /usr/bin/lha
Jun 9 07:32:57 IBM023 amavis[1421]: Found $unarj at /usr/bin/unarj
Jun 9 07:32:57 IBM023 amavis[1421]: Found $uncompress at /usr/bin/uncompress
Jun 9 07:32:57 IBM023 amavis[1421]: No $unfreeze, not using it
Jun 9 07:32:57 IBM023 amavis[1421]: Found $unrar at /usr/bin/unrar
Jun 9 07:32:58 IBM023 amavis[1421]: Found $zoo at /usr/bin/zoo
Jun 9 07:32:58 IBM023 amavis[1421]: Found $cpio at /usr/bin/cpio
Jun 9 07:32:58 IBM023 amavis[1421]: Found primary av scanner H+BEDV AntiVir or CentralCommand Vexira Antivirus at /usr/bin/antivir
Jun 9 07:32:58 IBM023 amavis[1421]: SpamControl: initializing Mail::SpamAssassin
Jun 9 07:32:59 IBM023 sendmail-client[1508]: starting daemon (8.12.10): queueing@00:30:00
Jun 9 07:33:00 IBM023 sendmail[1511]: starting daemon (8.12.10): SMTP
Jun 9 07:33:10 IBM023 amavis[1421]: SpamControl: done
hier die /var/log/warn
Jun 9 07:32:36 IBM023 apcupsd[1104]: apcupsd 3.10.6 (05 August 2003) suse startup succeeded
Jun 9 07:32:40 IBM023 kernel: dazuko: loaded, version=1.2.1, dev_major=254
Jun 9 07:32:44 IBM023 kernel: dazuko: daemon 1143 had no slot (possible bug)
Jun 9 07:32:44 IBM023 kernel: dazuko: daemon 1143 had no slot (possible bug)
Jun 9 07:32:45 IBM023 kernel: dazuko: daemon 1145 had no slot (possible bug)
Jun 9 07:32:45 IBM023 kernel: dazuko: daemon 1145 had no slot (possible bug)
Jun 9 07:32:45 IBM023 kernel: dazuko: daemon 1148 had no slot (possible bug)
Jun 9 07:32:45 IBM023 kernel: dazuko: daemon 1148 had no slot (possible bug)
Jun 9 07:32:51 IBM023 modprobe: modprobe: Can't locate module char-major-180
Jun 9 07:33:01 IBM023 last message repeated 31 times
Jun 9 07:37:51 IBM023 kernel: hdc: attached ide-cdrom driver.
Weitere log`s kann ich nicht anbieten,
ich hoffe das euch das in meinem Sinne weiterhilft (ich weis nicht mehr weiter :confused: )
Sollten noch Dateien für die Betrachtung fehlen - nur schreiben - ich poste.
Danke für jeden Tipp
MfG AMu
Powered by vBulletin® Version 4.2.5 Copyright ©2024 Adduco Digital e.K. und vBulletin Solutions, Inc. Alle Rechte vorbehalten.