Pillem
09.02.07, 16:48
Hi Zusammen,
mein Mailserver läuft eigentlich wunderbar.
Postfix, Courier und jetzt zusätzlich noch Amavis.
Die Viren fängt er wunderbar ab aber Spam geht nach wie vor alles durch.
Wenn ich in die Logfile schaue steht da immer hinter jeder Mail Hits: -
Also überhaupt keine Zahl. Hab hier im Forum und im Netz gesehen das da immer die Bewertungszahl stehen müsste.
WHY???
Feb 9 16:31:39 vs123123 amavis[9483]: (09483-01) Passed, <xxxxx@xxx.com> -> <xxxxx@xxx.com>, Message-ID: <002901c74c5f$37181e00$122123452a8c0@xxxx>, Hits: -
Meine amavis.conf sieht so aus:
use strict;
$MYHOME = '/var/lib/amavis'; # (default is '/var/amavis')
$mydomain = 'vs1656745.vserver.de'; # (no useful default)
$daemon_user = 'amavis'; # (no default (undef))
$daemon_group = 'amavis'; # (no default (undef))
$TEMPBASE = $MYHOME; # (must be set if other config vars use is)
$pid_file = "/var/run/amavis/amavisd.pid"; # (default: "$MYHOME/amavisd.pid")
$lock_file = "/var/run/amavis/amavisd.lock"; # (default: "$MYHOME/amavisd.lock")
$ENV{TMPDIR} = $TEMPBASE; # wise to set TMPDIR, but not obligatory
$max_servers = 2; # number of pre-forked children (default 2)
$max_requests = 10; # retire a child after that many accepts (default 10)
$child_timeout=5*60; # abort child if it does not complete each task in n sec
# (default: 8*60 seconds)
@bypass_spam_checks_acl = qw( . ); # No default dependency on spamassassin
@local_domains_acl = ( ".$mydomain" ); # $mydomain and its subdomains
$relayhost_is_client = 0; # (defaults to false)
$insert_received_line = 1; # behave like MTA: insert 'Received:' header
# (does not apply to sendmail/milter)
# (default is true (1) )
$unix_socketname = undef; # disable listening on a unix socket
# (default is undef, i.e. disabled)
$inet_socket_port = 10024; # accept SMTP on this local TCP port
# (default is undef, i.e. disabled)
$inet_socket_bind = '127.0.0.1'; # limit socket bind to loopback interface
# (default is '127.0.0.1')
@inet_acl = qw( 127.0.0.1 ); # allow SMTP access only from localhost IP
# (default is qw( 127.0.0.1 ) )
$DO_SYSLOG = 1; # (defaults to false)
$LOGFILE = "/var/log/amavis.log"; # (defaults to empty, no log)
$log_templ = '[? %#V |[? %#F |[?%#D|Not-Delivered|Passed]|BANNED name/type (%F)]|INFECTED (%V)], #
[?%o|(?)|<%o>] -> [<%R>|,][? %i ||, quarantine %i], Message-ID: %m, Hits: %c';
read_l10n_templates('en_US', '/etc/amavis');
$final_virus_destiny = D_BOUNCE; # (defaults to D_BOUNCE)
$final_banned_destiny = D_BOUNCE; # (defaults to D_BOUNCE)
$final_spam_destiny = D_PASS; # (defaults to D_REJECT)
$final_bad_header_destiny = D_PASS; # (defaults to D_PASS), D_BOUNCE suggested
$viruses_that_fake_sender_re = new_RE(
qr'nimda|hybris|klez|bugbear|yaha|braid|sobig|fizz er|palyh|peido|holar'i,
qr'tanatos|lentin|bridex|mimail|trojan\.dropper|du maru|parite|spaces'i,
qr'dloader|galil|gibe|swen|netwatch|bics|sbrowse|s ober|rox|val(hal)?la'i,
qr'frethem|sircam|be?agle|tanx|mydoom|novarg|shimg |netsky|somefool|moodown'i,
qr'@mm|@MM', # mass mailing viruses as labeled by f-prot and uvscan
qr'Worm'i, # worms as labeled by ClamAV, Kaspersky, etc
[qr'^(EICAR|Joke\.|Junk\.)'i => 0],
[qr'^(WM97|OF97|W95/CIH-|JS/Fort)'i => 0],
[qr/.*/ => 1], # true by default (remove or comment-out if undesired)
);
$virus_admin = "postmaster\@$mydomain"; # due to D_DISCARD default
$mailfrom_to_quarantine = ''; # override sender address with null return path
$QUARANTINEDIR = '/var/lib/amavis/virusmails';
$virus_quarantine_to = 'virus-quarantine'; # traditional local quarantine
$spam_quarantine_to = 'spam-quarantine';
$X_HEADER_TAG = 'X-Virus-Scanned'; # (default: undef)
$X_HEADER_LINE = "by $myversion (Debian) at $mydomain";
$undecipherable_subject_tag = '***UNCHECKED*** '; # undef disables it
$remove_existing_x_scanned_headers = 0; # leave existing X-Virus-Scanned alone
# (defaults to false)
$remove_existing_spam_headers = 1; # remove existing spam headers if
# spam scanning is enabled (default)
$keep_decoded_original_re = new_RE(
qr'^MAIL-UNDECIPHERABLE$', # retain full mail if it contains undecipherables
qr'^(ASCII(?! cpio)|text|uuencoded|xxencoded|binhex)'i,
);
$banned_filename_re = new_RE(
qr'\.[^.]*\.(exe|vbs|pif|scr|bat|cmd|com|dll)$'i, # some double extensions
qr'[{}]', # curly braces in names (serve as Class ID extensions - CLSID)
qr'^message/partial$'i, # rfc2046. this one is deadly for Outcrook
);
@lookup_sql_dsn = (['DBI:mysql:provider', 'provideradmin', '324235291342134']);
$sql_select_policy = 'SELECT "Y" as local FROM domains WHERE CONCAT("@",domain) IN (%k)';
$sql_select_white_black_list = undef; # undef disables SQL white/blacklisting
$recipient_delimiter = '+'; # (default is '+')
$replace_existing_extension = 1; # (default is false)
$localpart_is_case_sensitive = 0; # (default is false)
$blacklist_sender_re = new_RE(
qr'^(bulkmail|offers|cheapbenefits|earnmoney|foryo u|greatcasino)@'i,
qr'^(investments|lose_weight_today|market\.alert|m oney2you|MyGreenCard)@'i,
qr'^(new\.tld\.registry|opt-out|opt-in|optin|saveonl|smoking2002k)@'i,
qr'^(specialoffer|specialoffers|stockalert|stopsno ring|wantsome)@'i,
qr'^(workathome|yesitsfree|your_friend|greatoffers )@'i,
qr'^(inkjetplanet|marketopt|MakeMoney)\d*@'i,
);
map { $whitelist_sender{lc($_)}=1 } (qw(
nobody@cert.org
owner-alert@iss.net
slashdot@slashdot.org
bugtraq@securityfocus.com
NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
security-alerts@linuxsecurity.com
amavis-user-admin@lists.sourceforge.net
razor-users-admin@lists.sourceforge.net
notification-return@lists.sophos.com
mailman-announce-admin@python.org
zope-announce-admin@zope.org
owner-postfix-users@postfix.org
owner-postfix-announce@postfix.org
owner-sendmail-announce@lists.sendmail.org
sendmail-announce-request@lists.sendmail.org
ca+envelope@sendmail.org
owner-technews@postel.ACM.ORG
lvs-users-admin@LinuxVirtualServer.org
ietf-123-owner@loki.ietf.org
cvs-commits-list-admin@gnome.org
rt-users-admin@lists.fsck.com
owner-announce@mnogosearch.org
owner-hackers@ntp.org
owner-bugs@ntp.org
clp-request@comp.nus.edu.sg
surveys-errors@lists.nua.ie
emailNews@genomeweb.com
owner-textbreakingnews@CNNIMAIL12.CNN.COM
yahoo-dev-null@yahoo-inc.com
));
$MAXLEVELS = 14; # (default is undef, no limit)
$MAXFILES = 1500; # (default is undef, no limit)
$MIN_EXPANSION_QUOTA = 100*1024; # bytes (default undef, not enforced)
$MAX_EXPANSION_QUOTA = 300*1024*1024; # bytes (default undef, not enforced)
$MIN_EXPANSION_FACTOR = 5; # times original mail size (must be specified)
$MAX_EXPANSION_FACTOR = 500; # times original mail size (must be specified)
$path = '/usr/local/sbin:/usr/local/bin:/usr/sbin:/sbin:/usr/bin:/bin';
$file = 'file'; # file(1) utility; use 3.41 or later to avoid vulnerability
$gzip = 'gzip';
$bzip2 = 'bzip2';
$lzop = 'lzop';
$uncompress = ['uncompress', 'gzip -d', 'zcat'];
$unfreeze = ['unfreeze', 'freeze -d', 'melt', 'fcat'];
$arc = ['nomarch', 'arc'];
$unarj = ['arj', 'unarj']; # both can extract, arj is recommended
$unrar = ['rar', 'unrar']; # both can extract, same options
$zoo = 'zoo';
$lha = 'lha';
$cpio = 'cpio'; # comment out if cpio does not support GNU options
$sa_local_tests_only = 0; # (default: false)
$sa_timeout = 30; # timeout in seconds for a call to SpamAssassin
# (default is 30 seconds, undef disables it)
$sa_mail_body_size_limit = 150*1024; # don't waste time on SA is mail is larger
# (less than 1% of spam is > 64k)
# default: undef, no limitations
$sa_tag_level_deflt = -1000; # add spam info headers if at, or above that level
$sa_tag2_level_deflt = 5.0; # add 'spam detected' headers at that level
$sa_kill_level_deflt = 10; # triggers spam evasive actions
# at or above that level: bounce/reject/drop,
# quarantine, and adding mail address extension
$sa_dsn_cutoff_level = 10; # spam level beyond which a DSN is not sent,
# effectively turning D_BOUNCE into D_DISCARD;
# undef disables this feature and is a default;
$sa_spam_subject_tag = '***SPAM Detection*** '; # (defaults to undef, disabled)
# (only seen when spam is not to be rejected
# and recipient is in local_domains*)
$first_infected_stops_scan = 1; # default is false, all scanners are called
@av_scanners = (
['Clam Antivirus-clamd',
\&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd.ctl"],
qr/\bOK$/, qr/\bFOUND$/,
qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
### The kavdaemon and AVPDaemonClient have been removed from Kasperky
### products and replaced by aveserver and aveclient
# change the startup-script in /etc/init.d/kavd to:
# DPARMS="-* -Y -dl -f=/var/amavis /var/amavis"
# (or perhaps: DPARMS="-I0 -Y -* /var/amavis" )
# adjusting /var/amavis above to match your $TEMPBASE.
# The '-f=/var/amavis' is needed if not running it as root, so it
# can find, read, and write its pid file, etc., see 'man kavdaemon'.
# defUnix.prf: there must be an entry "*/var/amavis" (or whatever
# directory $TEMPBASE specifies) in the 'Names=' section.
# cd /opt/AVP/DaemonClients; configure; cd Sample; make
# cp AvpDaemonClient /opt/AVP/
# su - vscan -c "${PREFIX}/kavdaemon ${DPARMS}"
### http://www.hbedv.com/ or http://www.centralcommand.com/
# NOTE: if you only have a demo version, remove -z and add 214, as in:
# '--allfiles -noboot -nombr -rs -s {}', [0,214], qr/ALERT:|VIRUS:/,
### http://www.commandsoftware.com/
### http://www.symantec.com/
### http://www.symantec.com/
# NOTE: check options and patterns to see which entry better applies
### http://www.sald.com/, http://drweb.imshop.de/
### http://www.f-secure.com/products/anti-virus/
### http://www.nod32.com/
### http://www.nod32.com/
### http://www.norman.com/products_nvc.shtml
### http://www.pandasoftware.com/
### http://www.nai.com/
# sub {$ENV{LD_PRELOAD}='/lib/libc.so.6'},
# sub {delete $ENV{LD_PRELOAD}},
# NOTE1: with RH9: force the dynamic linker to look at /lib/libc.so.6 before
# anything else by setting environment variable LD_PRELOAD=/lib/libc.so.6
# and then clear it when finished to avoid confusing anything else.
# NOTE2: to treat encrypted files as viruses replace the [13] with:
# qr/^\s{5,}(Found|is password-protected|.*(virus|trojan))/
### http://www.virusbuster.hu/en/
### http://www.cyber.com/
### http://www.ikarus-software.com/
### http://www.bitdefender.com/
);
@av_scanners_backup = (
### http://www.clamav.net/
['Clam Antivirus - clamscan', 'clamscan',
"--stdout --no-summary -r --tempdir=$TEMPBASE {}", [0], [1],
qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
### http://www.f-prot.com/
### http://www.trendmicro.com/
### http://www.sophos.com/
# other options to consider: -mime -oe -idedir=/usr/local/sav
);
1; # insure a defined return
mein Mailserver läuft eigentlich wunderbar.
Postfix, Courier und jetzt zusätzlich noch Amavis.
Die Viren fängt er wunderbar ab aber Spam geht nach wie vor alles durch.
Wenn ich in die Logfile schaue steht da immer hinter jeder Mail Hits: -
Also überhaupt keine Zahl. Hab hier im Forum und im Netz gesehen das da immer die Bewertungszahl stehen müsste.
WHY???
Feb 9 16:31:39 vs123123 amavis[9483]: (09483-01) Passed, <xxxxx@xxx.com> -> <xxxxx@xxx.com>, Message-ID: <002901c74c5f$37181e00$122123452a8c0@xxxx>, Hits: -
Meine amavis.conf sieht so aus:
use strict;
$MYHOME = '/var/lib/amavis'; # (default is '/var/amavis')
$mydomain = 'vs1656745.vserver.de'; # (no useful default)
$daemon_user = 'amavis'; # (no default (undef))
$daemon_group = 'amavis'; # (no default (undef))
$TEMPBASE = $MYHOME; # (must be set if other config vars use is)
$pid_file = "/var/run/amavis/amavisd.pid"; # (default: "$MYHOME/amavisd.pid")
$lock_file = "/var/run/amavis/amavisd.lock"; # (default: "$MYHOME/amavisd.lock")
$ENV{TMPDIR} = $TEMPBASE; # wise to set TMPDIR, but not obligatory
$max_servers = 2; # number of pre-forked children (default 2)
$max_requests = 10; # retire a child after that many accepts (default 10)
$child_timeout=5*60; # abort child if it does not complete each task in n sec
# (default: 8*60 seconds)
@bypass_spam_checks_acl = qw( . ); # No default dependency on spamassassin
@local_domains_acl = ( ".$mydomain" ); # $mydomain and its subdomains
$relayhost_is_client = 0; # (defaults to false)
$insert_received_line = 1; # behave like MTA: insert 'Received:' header
# (does not apply to sendmail/milter)
# (default is true (1) )
$unix_socketname = undef; # disable listening on a unix socket
# (default is undef, i.e. disabled)
$inet_socket_port = 10024; # accept SMTP on this local TCP port
# (default is undef, i.e. disabled)
$inet_socket_bind = '127.0.0.1'; # limit socket bind to loopback interface
# (default is '127.0.0.1')
@inet_acl = qw( 127.0.0.1 ); # allow SMTP access only from localhost IP
# (default is qw( 127.0.0.1 ) )
$DO_SYSLOG = 1; # (defaults to false)
$LOGFILE = "/var/log/amavis.log"; # (defaults to empty, no log)
$log_templ = '[? %#V |[? %#F |[?%#D|Not-Delivered|Passed]|BANNED name/type (%F)]|INFECTED (%V)], #
[?%o|(?)|<%o>] -> [<%R>|,][? %i ||, quarantine %i], Message-ID: %m, Hits: %c';
read_l10n_templates('en_US', '/etc/amavis');
$final_virus_destiny = D_BOUNCE; # (defaults to D_BOUNCE)
$final_banned_destiny = D_BOUNCE; # (defaults to D_BOUNCE)
$final_spam_destiny = D_PASS; # (defaults to D_REJECT)
$final_bad_header_destiny = D_PASS; # (defaults to D_PASS), D_BOUNCE suggested
$viruses_that_fake_sender_re = new_RE(
qr'nimda|hybris|klez|bugbear|yaha|braid|sobig|fizz er|palyh|peido|holar'i,
qr'tanatos|lentin|bridex|mimail|trojan\.dropper|du maru|parite|spaces'i,
qr'dloader|galil|gibe|swen|netwatch|bics|sbrowse|s ober|rox|val(hal)?la'i,
qr'frethem|sircam|be?agle|tanx|mydoom|novarg|shimg |netsky|somefool|moodown'i,
qr'@mm|@MM', # mass mailing viruses as labeled by f-prot and uvscan
qr'Worm'i, # worms as labeled by ClamAV, Kaspersky, etc
[qr'^(EICAR|Joke\.|Junk\.)'i => 0],
[qr'^(WM97|OF97|W95/CIH-|JS/Fort)'i => 0],
[qr/.*/ => 1], # true by default (remove or comment-out if undesired)
);
$virus_admin = "postmaster\@$mydomain"; # due to D_DISCARD default
$mailfrom_to_quarantine = ''; # override sender address with null return path
$QUARANTINEDIR = '/var/lib/amavis/virusmails';
$virus_quarantine_to = 'virus-quarantine'; # traditional local quarantine
$spam_quarantine_to = 'spam-quarantine';
$X_HEADER_TAG = 'X-Virus-Scanned'; # (default: undef)
$X_HEADER_LINE = "by $myversion (Debian) at $mydomain";
$undecipherable_subject_tag = '***UNCHECKED*** '; # undef disables it
$remove_existing_x_scanned_headers = 0; # leave existing X-Virus-Scanned alone
# (defaults to false)
$remove_existing_spam_headers = 1; # remove existing spam headers if
# spam scanning is enabled (default)
$keep_decoded_original_re = new_RE(
qr'^MAIL-UNDECIPHERABLE$', # retain full mail if it contains undecipherables
qr'^(ASCII(?! cpio)|text|uuencoded|xxencoded|binhex)'i,
);
$banned_filename_re = new_RE(
qr'\.[^.]*\.(exe|vbs|pif|scr|bat|cmd|com|dll)$'i, # some double extensions
qr'[{}]', # curly braces in names (serve as Class ID extensions - CLSID)
qr'^message/partial$'i, # rfc2046. this one is deadly for Outcrook
);
@lookup_sql_dsn = (['DBI:mysql:provider', 'provideradmin', '324235291342134']);
$sql_select_policy = 'SELECT "Y" as local FROM domains WHERE CONCAT("@",domain) IN (%k)';
$sql_select_white_black_list = undef; # undef disables SQL white/blacklisting
$recipient_delimiter = '+'; # (default is '+')
$replace_existing_extension = 1; # (default is false)
$localpart_is_case_sensitive = 0; # (default is false)
$blacklist_sender_re = new_RE(
qr'^(bulkmail|offers|cheapbenefits|earnmoney|foryo u|greatcasino)@'i,
qr'^(investments|lose_weight_today|market\.alert|m oney2you|MyGreenCard)@'i,
qr'^(new\.tld\.registry|opt-out|opt-in|optin|saveonl|smoking2002k)@'i,
qr'^(specialoffer|specialoffers|stockalert|stopsno ring|wantsome)@'i,
qr'^(workathome|yesitsfree|your_friend|greatoffers )@'i,
qr'^(inkjetplanet|marketopt|MakeMoney)\d*@'i,
);
map { $whitelist_sender{lc($_)}=1 } (qw(
nobody@cert.org
owner-alert@iss.net
slashdot@slashdot.org
bugtraq@securityfocus.com
NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
security-alerts@linuxsecurity.com
amavis-user-admin@lists.sourceforge.net
razor-users-admin@lists.sourceforge.net
notification-return@lists.sophos.com
mailman-announce-admin@python.org
zope-announce-admin@zope.org
owner-postfix-users@postfix.org
owner-postfix-announce@postfix.org
owner-sendmail-announce@lists.sendmail.org
sendmail-announce-request@lists.sendmail.org
ca+envelope@sendmail.org
owner-technews@postel.ACM.ORG
lvs-users-admin@LinuxVirtualServer.org
ietf-123-owner@loki.ietf.org
cvs-commits-list-admin@gnome.org
rt-users-admin@lists.fsck.com
owner-announce@mnogosearch.org
owner-hackers@ntp.org
owner-bugs@ntp.org
clp-request@comp.nus.edu.sg
surveys-errors@lists.nua.ie
emailNews@genomeweb.com
owner-textbreakingnews@CNNIMAIL12.CNN.COM
yahoo-dev-null@yahoo-inc.com
));
$MAXLEVELS = 14; # (default is undef, no limit)
$MAXFILES = 1500; # (default is undef, no limit)
$MIN_EXPANSION_QUOTA = 100*1024; # bytes (default undef, not enforced)
$MAX_EXPANSION_QUOTA = 300*1024*1024; # bytes (default undef, not enforced)
$MIN_EXPANSION_FACTOR = 5; # times original mail size (must be specified)
$MAX_EXPANSION_FACTOR = 500; # times original mail size (must be specified)
$path = '/usr/local/sbin:/usr/local/bin:/usr/sbin:/sbin:/usr/bin:/bin';
$file = 'file'; # file(1) utility; use 3.41 or later to avoid vulnerability
$gzip = 'gzip';
$bzip2 = 'bzip2';
$lzop = 'lzop';
$uncompress = ['uncompress', 'gzip -d', 'zcat'];
$unfreeze = ['unfreeze', 'freeze -d', 'melt', 'fcat'];
$arc = ['nomarch', 'arc'];
$unarj = ['arj', 'unarj']; # both can extract, arj is recommended
$unrar = ['rar', 'unrar']; # both can extract, same options
$zoo = 'zoo';
$lha = 'lha';
$cpio = 'cpio'; # comment out if cpio does not support GNU options
$sa_local_tests_only = 0; # (default: false)
$sa_timeout = 30; # timeout in seconds for a call to SpamAssassin
# (default is 30 seconds, undef disables it)
$sa_mail_body_size_limit = 150*1024; # don't waste time on SA is mail is larger
# (less than 1% of spam is > 64k)
# default: undef, no limitations
$sa_tag_level_deflt = -1000; # add spam info headers if at, or above that level
$sa_tag2_level_deflt = 5.0; # add 'spam detected' headers at that level
$sa_kill_level_deflt = 10; # triggers spam evasive actions
# at or above that level: bounce/reject/drop,
# quarantine, and adding mail address extension
$sa_dsn_cutoff_level = 10; # spam level beyond which a DSN is not sent,
# effectively turning D_BOUNCE into D_DISCARD;
# undef disables this feature and is a default;
$sa_spam_subject_tag = '***SPAM Detection*** '; # (defaults to undef, disabled)
# (only seen when spam is not to be rejected
# and recipient is in local_domains*)
$first_infected_stops_scan = 1; # default is false, all scanners are called
@av_scanners = (
['Clam Antivirus-clamd',
\&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd.ctl"],
qr/\bOK$/, qr/\bFOUND$/,
qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
### The kavdaemon and AVPDaemonClient have been removed from Kasperky
### products and replaced by aveserver and aveclient
# change the startup-script in /etc/init.d/kavd to:
# DPARMS="-* -Y -dl -f=/var/amavis /var/amavis"
# (or perhaps: DPARMS="-I0 -Y -* /var/amavis" )
# adjusting /var/amavis above to match your $TEMPBASE.
# The '-f=/var/amavis' is needed if not running it as root, so it
# can find, read, and write its pid file, etc., see 'man kavdaemon'.
# defUnix.prf: there must be an entry "*/var/amavis" (or whatever
# directory $TEMPBASE specifies) in the 'Names=' section.
# cd /opt/AVP/DaemonClients; configure; cd Sample; make
# cp AvpDaemonClient /opt/AVP/
# su - vscan -c "${PREFIX}/kavdaemon ${DPARMS}"
### http://www.hbedv.com/ or http://www.centralcommand.com/
# NOTE: if you only have a demo version, remove -z and add 214, as in:
# '--allfiles -noboot -nombr -rs -s {}', [0,214], qr/ALERT:|VIRUS:/,
### http://www.commandsoftware.com/
### http://www.symantec.com/
### http://www.symantec.com/
# NOTE: check options and patterns to see which entry better applies
### http://www.sald.com/, http://drweb.imshop.de/
### http://www.f-secure.com/products/anti-virus/
### http://www.nod32.com/
### http://www.nod32.com/
### http://www.norman.com/products_nvc.shtml
### http://www.pandasoftware.com/
### http://www.nai.com/
# sub {$ENV{LD_PRELOAD}='/lib/libc.so.6'},
# sub {delete $ENV{LD_PRELOAD}},
# NOTE1: with RH9: force the dynamic linker to look at /lib/libc.so.6 before
# anything else by setting environment variable LD_PRELOAD=/lib/libc.so.6
# and then clear it when finished to avoid confusing anything else.
# NOTE2: to treat encrypted files as viruses replace the [13] with:
# qr/^\s{5,}(Found|is password-protected|.*(virus|trojan))/
### http://www.virusbuster.hu/en/
### http://www.cyber.com/
### http://www.ikarus-software.com/
### http://www.bitdefender.com/
);
@av_scanners_backup = (
### http://www.clamav.net/
['Clam Antivirus - clamscan', 'clamscan',
"--stdout --no-summary -r --tempdir=$TEMPBASE {}", [0], [1],
qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
### http://www.f-prot.com/
### http://www.trendmicro.com/
### http://www.sophos.com/
# other options to consider: -mime -oe -idedir=/usr/local/sav
);
1; # insure a defined return