Probleme mit Mailempfang

**enko** · 01.08.06, 18:35

Hi,

ich habe versucht, den Mailserver nachzubasteln, wie er im c't-Spezial-Linux vorgestellt wurde. Demzufolge nutze ich SuSE 10.1, mit postfix, amavis-new, cyrus, spamassissin, fetchmail. Ich habe soweit alles installiert und eingerichtet und versuche nun mit Thunderbird die Mails per imap zu empfangen. Jedoch kommen die Mails nicht bis in den imap-Ordner, sondern dümpeln bei postfix rum. Ich hofe, es kann mir jemand helfen. Ich poste daher mal alle erdenklich relevanten Daten.

/var/log/mail

Code:

Aug  1 18:57:37 brain postfix/smtpd[3736]: connect from localhost[127.0.0.1]
Aug  1 18:57:37 brain postfix/smtpd[3736]: 748EF1137: client=localhost[127.0.0.1]
Aug  1 18:57:37 brain postfix/cleanup[3739]: 748EF1137: message-id=<44CF8776.903@xxxxxxx.de>
Aug  1 18:57:37 brain postfix/qmgr[3046]: 748EF1137: from=<xxx@xxxxxxxx.de>, size=972, nrcpt=1 (queue active)
Aug  1 18:57:37 brain postfix/smtpd[3736]: disconnect from localhost[127.0.0.1]
Aug  1 18:57:39 brain amavis[3329]: (03329-01) ClamAV-clamd: Can't connect to INET socket 127.0.0.1:3310: Connection refused, retrying (2)
Aug  1 18:57:45 brain amavis[3329]: (03329-01) ClamAV-clamd av-scanner FAILED: Too many retries to talk to 127.0.0.1:3310 (Can't connect to INET socket 127.0.0.1:3310: Connection refused) at (eval 56) line 266.
Aug  1 18:57:45 brain amavis[3329]: (03329-01) WARN: all primary virus scanners failed, considering backups
Aug  1 18:57:50 brain postfix/smtpd[3743]: connect from unknown[127.0.0.1]
Aug  1 16:57:50 brain postfix/smtpd[3743]: 3AF541175: client=unknown[127.0.0.1]
Aug  1 18:57:50 brain postfix/cleanup[3739]: 3AF541175: message-id=<44CF8776.903@xxxxxxxx.de>
Aug  1 18:57:50 brain postfix/qmgr[3046]: 3AF541175: from=<xxx@xxxxxxxxxx.de>, size=1408, nrcpt=1 (queue active)
Aug  1 18:57:50 brain amavis[3329]: (03329-01) Passed CLEAN, [217.172.183.167] <eek@desa-projekt.de> -> <mail_e@localhost.brain.castle>, Message-ID: <44CF8776.903@xxxxxxxxxx.de>, mail_id: GBIEMGxnznva, Hits: 3.701, 12744 ms
Aug  1 16:57:50 brain postfix/smtpd[3743]: disconnect from unknown[127.0.0.1]
Aug  1 18:57:50 brain postfix/smtp[3740]: 748EF1137: to=<mail_e@localhost.brain.castle>, orig_to=<mail_e@localhost>, relay=127.0.0.1[127.0.0.1], delay=13, status=sent (250 2.6.0 Ok, id=03329-01, from MTA([127.0.0.1]:10025): 250 Ok: queued as 3AF541175)
Aug  1 18:57:50 brain postfix/qmgr[3046]: 3AF541175: to=<mail_e@localhost.brain.castle>, relay=none, delay=0, status=deferred (delivery temporarily suspended: transport is unavailable)
Aug  1 18:57:50 brain postfix/qmgr[3046]: 748EF1137: removed
Aug  1 18:58:33 brain postfix/qmgr[3046]: warning: connect to transport [127.0.0.1]: No such file or directory

/var/log/mail.info

Code:

Aug  1 18:57:37 brain postfix/smtpd[3736]: connect from localhost[127.0.0.1]
Aug  1 18:57:37 brain postfix/smtpd[3736]: 748EF1137: client=localhost[127.0.0.1]
Aug  1 18:57:37 brain postfix/cleanup[3739]: 748EF1137: message-id=<44CF8776.903@xxxxxxxxx.de>
Aug  1 18:57:37 brain postfix/qmgr[3046]: 748EF1137: from=<xxx@xxxxxxxxx.de>, size=972, nrcpt=1 (queue active)
Aug  1 18:57:37 brain postfix/smtpd[3736]: disconnect from localhost[127.0.0.1]
Aug  1 18:57:50 brain postfix/smtpd[3743]: connect from unknown[127.0.0.1]
Aug  1 16:57:50 brain postfix/smtpd[3743]: 3AF541175: client=unknown[127.0.0.1]
Aug  1 18:57:50 brain postfix/cleanup[3739]: 3AF541175: message-id=<44CF8776.903@xxxxxxxxx.de>
Aug  1 18:57:50 brain postfix/qmgr[3046]: 3AF541175: from=<xxx@xxxxxxxxx.de>, size=1408, nrcpt=1 (queue active)
Aug  1 16:57:50 brain postfix/smtpd[3743]: disconnect from unknown[127.0.0.1]
Aug  1 18:57:50 brain postfix/smtp[3740]: 748EF1137: to=<mail_e@localhost.brain.castle>, orig_to=<mail_e@localhost>, relay=127.0.0.1[127.0.0.1], delay=13, status=sent (250 2.6.0 Ok, id=03329-01, from MTA([127.0.0.1]:10025): 250 Ok: queued as 3AF541175)
Aug  1 18:57:50 brain postfix/qmgr[3046]: 3AF541175: to=<mail_e@localhost.brain.castle>, relay=none, delay=0, status=deferred (delivery temporarily suspended: transport is unavailable)
Aug  1 18:57:50 brain postfix/qmgr[3046]: 748EF1137: removed
Aug  1 19:05:25 brain postfix/smtpd[3826]: connect from localhost[127.0.0.1]
Aug  1 19:10:25 brain postfix/smtpd[3826]: timeout after CONNECT from localhost[127.0.0.1]
Aug  1 19:10:25 brain postfix/smtpd[3826]: disconnect from localhost[127.0.0.1]
Aug  1 19:20:53 brain postfix/qmgr[3046]: 3AF541175: from=<xxx@xxxxxxxxx.de>, size=1408, nrcpt=1 (queue active)
Aug  1 19:20:53 brain postfix/qmgr[3046]: 3AF541175: to=<mail_e@localhost.brain.castle>, relay=none, delay=1383, status=deferred (delivery temporarily suspended: transport is unavailable)

/var/log/mail.warn

Code:

Aug  1 18:57:39 brain amavis[3329]: (03329-01) ClamAV-clamd: Can't connect to INET socket 127.0.0.1:3310: Connection refused, retrying (2)
Aug  1 18:58:33 brain postfix/qmgr[3046]: warning: connect to transport [127.0.0.1]: No such file or directory
Aug  1 18:59:33 brain postfix/qmgr[3046]: warning: connect to transport [127.0.0.1]: No such file or directory

/etc/postfix/main.cf

Code:

readme_directory = /usr/share/doc/packages/postfix/README_FILES
inet_protocols = all
biff = no
mail_spool_directory = /var/mail
canonical_maps = hash:/etc/postfix/canonical
virtual_alias_maps = hash:/etc/postfix/virtual
virtual_alias_domains = hash:/etc/postfix/virtual
relocated_maps = hash:/etc/postfix/relocated
transport_maps = hash:/etc/postfix/transport
sender_canonical_maps = hash:/etc/postfix/sender_canonical
masquerade_exceptions = root
masquerade_classes = envelope_sender, header_sender, header_recipient
myhostname = brain.castle
program_directory = /usr/lib/postfix
inet_interfaces = all
masquerade_domains = 
mydestination = $myhostname,localhost.$mydomain,$mydomain
defer_transports = 
mynetworks_style = subnet
disable_dns_lookups = no
relayhost = mail.desa-projekt.de
mailbox_command = 
mailbox_transport = lmtp:unix:/var/lib/imap/socket/lmtp
strict_8bitmime = yes
disable_mime_output_conversion = no
smtpd_sender_restrictions = hash:/etc/postfix/access
smtpd_client_restrictions = 
smtpd_helo_required = no
smtpd_helo_restrictions = 
strict_rfc821_envelopes = no
smtpd_recipient_restrictions = permit_mynetworks,reject_unauth_destination
smtp_sasl_auth_enable = yes
smtpd_sasl_auth_enable = no
smtpd_use_tls = no
smtp_use_tls = no
alias_maps = hash:/etc/aliases
mailbox_size_limit = 0
message_size_limit = 10240000
smtp_sasl_security_options = 
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd

/etc/postfix/master.cf

Code:

#
# Postfix master process configuration file.  For details on the format
# of the file, see the Postfix master(5) manual page.
#
# ==========================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (100)
# ==========================================================================
smtp      inet  n       -       n       -       2       smtpd -o content_filter=smtp:[127.0.0.1]:10024
#submission inet n      -       n       -       -       smtpd
#	-o smtpd_etrn_restrictions=reject
#	-o smtpd_client_restrictions=permit_sasl_authenticated,reject
#smtps    inet  n       -       n       -       2       smtpd -o smtpd_tls_wrappermode=yes -o content_filter=smtp:[127.0.0.1]:10024
#  -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes
#submission   inet    n       -       n       -       -       smtpd
#  -o smtpd_etrn_restrictions=reject
#  -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes
#628      inet  n       -       n       -       -       qmqpd
pickup    fifo  n       -       n       60      1       pickup
cleanup   unix  n       -       n       -       0       cleanup
qmgr      fifo  n       -       n       300     1       qmgr
#qmgr     fifo  n       -       n       300     1       oqmgr
#tlsmgr    unix  -       -       n       1000?   1       tlsmgr
rewrite   unix  -       -       n       -       -       trivial-rewrite
bounce    unix  -       -       n       -       0       bounce
defer     unix  -       -       n       -       0       bounce
trace     unix  -       -       n       -       0       bounce
verify    unix  -       -       n       -       1       verify
flush     unix  n       -       n       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
smtp      unix  -       -       n       -       -       smtp
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay     unix  -       -       n       -       -       smtp
	-o fallback_relay=
#       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq     unix  n       -       n       -       -       showq
error     unix  -       -       n       -       -       error
discard   unix  -       -       n       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       n       -       -       lmtp
anvil     unix  -       -       n       -       1       anvil
localhost:10025 inet	n	-	y	-	-	smtpd -o content_filter=[127.0.0.1]:10026
scache	  unix	-	-	n	-	1	scache
localhost:10027 inet	n	-	n	-	-	smtpd -o content_filter=
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent.  See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
maildrop  unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
cyrus	  unix	-	n	n	-	-	pipe
  user=cyrus argv=/usr/lib/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
uucp	  unix	-	n	n	-	-	pipe
  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail    unix  -       n       n       -       -       pipe
  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp     unix  -       n       n       -       -       pipe
  flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
procmail  unix  -       n       n       -       -       pipe
  flags=R user=nobody argv=/usr/bin/procmail -t -m /etc/procmailrc ${sender} ${recipient}

Ich hoffe, ich habe soweit alle relavanten Daten erwischt und dass mit jemand helfen kann.

Ich bin bald am verzweifeln.

MfG
enko

**cane** · 01.08.06, 19:26

Aug 1 18:57:39 brain amavis[3329]: (03329-01) ClamAV-clamd: Can't connect to INET socket 127.0.0.1:3310: Connection refused, retrying (2)
Aug 1 18:57:45 brain amavis[3329]: (03329-01) ClamAV-clamd av-scanner FAILED: Too many retries to talk to 127.0.0.1:3310 (Can't connect to INET socket 127.0.0.1:3310: Connection refused) at (eval 56) line 266.

Warum rennt da nichts?

mfg
cane

**enko** · 02.08.06, 16:03

Das kann ich dir leider nicht sagen. Ich poste daher nochmal die amavis.conf mit.
Ich bin leider nicht so sehr mit Linux vertraut, dass ich mich zu den Freaks zählen kann, sondern nur zu den Fans.

/etc/amavisd.conf

Code:

use strict;

# a minimalistic configuration file for amavisd-new with all necessary settings
#
#   see amavisd.conf-default for a list of all variables with their defaults;
#   see amavisd.conf-sample for a traditional-style commented file;
#   for more details see documentation in INSTALL, README_FILES/*
#   and at http://www.ijs.si/software/amavisd/amavisd-new-docs.html


# COMMONLY ADJUSTED SETTINGS:

# @bypass_virus_checks_maps = (1);  # uncomment to DISABLE anti-virus code
# @bypass_spam_checks_maps  = (1);  # uncomment to DISABLE anti-spam code

$max_servers = 2;            # number of pre-forked children (2..15 is common)
$daemon_user = 'vscan';
$daemon_group = 'vscan';

$mydomain = 'example.com';   # a convenient default for other settings

$MYHOME = '/var/spool/amavis';
$TEMPBASE = "$MYHOME/tmp";   # working directory, needs to be created manually
$ENV{TMPDIR} = $TEMPBASE;    # environment variable TMPDIR
$QUARANTINEDIR = '/var/spool/amavis/virusmails';
# $quarantine_subdir_levels = 1;  # add level of subdirs to disperse quarantine

# $daemon_chroot_dir = $MYHOME;   # chroot directory or undef

# $db_home   = "$MYHOME/db";
# $helpers_home = "$MYHOME/var";  # prefer $MYHOME clean and owned by root?
# $pid_file  = "$MYHOME/var/amavisd.pid";
# $lock_file = "$MYHOME/var/amavisd.lock";
#NOTE: create directories $MYHOME/tmp, $MYHOME/var, $MYHOME/db manually

@local_domains_maps = ( [".$mydomain"] );
# @mynetworks = qw( 127.0.0.0/8 [::1] [FE80::]/10 [FEC0::]/10
#                   10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 );

$log_level = 0;              # verbosity 0..5
$log_recip_templ = undef;    # disable by-recipient level-0 log entries
$DO_SYSLOG = 1;              # log via syslogd (preferred)
$SYSLOG_LEVEL = 'mail.debug';

$enable_db = 1;              # enable use of BerkeleyDB/libdb (SNMP and nanny)
$enable_global_cache = 1;    # enable use of libdb-based cache if $enable_db=1

$inet_socket_port = 10024;   # listen on this local TCP port(s) (see $protocol)
$unix_socketname = "$MYHOME/amavisd.sock";  # when using sendmail milter

$sa_tag_level_deflt  = 2.0;  # add spam info headers if at, or above that level
$sa_tag2_level_deflt = 5.0;
$sa_kill_level_deflt = 6.31; # triggers spam evasive actions
$sa_dsn_cutoff_level = 9;    # spam level beyond which a DSN is not sent
# $sa_quarantine_cutoff_level = 20; # spam level beyond which quarantine is off

$sa_mail_body_size_limit = 200*1024; # don't waste time on SA if mail is larger
$sa_local_tests_only = 0;    # only tests which do not require internet access?
$sa_auto_whitelist = 1;      # turn on AWL in SA 2.63 or older (irrelevant
                             # for SA 3.0, cf option is 'use_auto_whitelist')

# @lookup_sql_dsn =
#   ( ['DBI:mysql:database=mail;host=127.0.0.1;port=3306', 'user1', 'passwd1'],
#     ['DBI:mysql:database=mail;host=host2', 'username2', 'password2'],
#     ["DBI:SQLite:dbname=$MYHOME/sql/mail_prefs.sqlite", '', ''] );
# @storage_sql_dsn = @lookup_sql_dsn;  # none, same, or separate database

$virus_admin               = "virusalert\@$mydomain";  # notifications recip.

$mailfrom_notify_admin     = "virusalert\@$mydomain";  # notifications sender
$mailfrom_notify_recip     = "virusalert\@$mydomain";  # notifications sender
$mailfrom_notify_spamadmin = "spam.police\@$mydomain"; # notifications sender
$mailfrom_to_quarantine = ''; # null return path; uses original sender if undef

@addr_extension_virus_maps      = ('virus');
@addr_extension_spam_maps       = ('spam');
@addr_extension_banned_maps     = ('banned');
@addr_extension_bad_header_maps = ('badh');
# $recipient_delimiter = '+';  # undef disables address extensions altogether
# when enabling addr extensions do also Postfix/main.cf: recipient_delimiter=+

$path = '/usr/local/sbin:/usr/local/bin:/usr/sbin:/sbin:/usr/bin:/bin';
# $dspam = 'dspam';

$MAXLEVELS = 14;
$MAXFILES = 1500;
$MIN_EXPANSION_QUOTA =      100*1024;  # bytes  (default undef, not enforced)
$MAX_EXPANSION_QUOTA = 300*1024*1024;  # bytes  (default undef, not enforced)

$sa_spam_subject_tag = '***SPAM*** ';
$defang_virus  = 1;  # MIME-wrap passed infected mail
$defang_banned = 1;  # MIME-wrap passed mail containing banned name


# OTHER MORE COMMON SETTINGS (defaults may suffice):

$myhostname = 'brain.castle';

# $notify_method  = 'smtp:[127.0.0.1]:10025';
# $forward_method = 'smtp:[127.0.0.1]:10025';  # set to undef with milter!

# $final_virus_destiny      = D_DISCARD;
# $final_banned_destiny     = D_BOUNCE;
$final_spam_destiny = D_PASS;
# $final_bad_header_destiny = D_PASS;


# SOME OTHER VARIABLES WORTH CONSIDERING (see amavisd.conf-default for all)

# $warnbadhsender,
# $warnvirusrecip, $warnbannedrecip, $warnbadhrecip, (or @warn*recip_maps)
#
# @bypass_virus_checks_maps, @bypass_spam_checks_maps,
# @bypass_banned_checks_maps, @bypass_header_checks_maps,
#
# @virus_lovers_maps, @spam_lovers_maps,
# @banned_files_lovers_maps, @bad_header_lovers_maps,
#
# @blacklist_sender_maps, @score_sender_maps,
#
# $virus_quarantine_to, $banned_quarantine_to,
# $bad_header_quarantine_to, $spam_quarantine_to,
#
# $defang_bad_header, $defang_undecipherable, $defang_spam


# REMAINING IMPORTANT VARIABLES ARE LISTED HERE BECAUSE OF LONGER ASSIGNMENTS

@viruses_that_fake_sender_maps = (new_RE(
# [qr'\bEICAR\b'i => 0],            # av test pattern name
# [qr'^(WM97|OF97|Joke\.)'i => 0],  # adjust names to match your AV scanner
  [qr/^/ => 1],  # true for everything else
));

@keep_decoded_original_maps = (new_RE(
# qr'^MAIL$',   # retain full original message for virus checking (can be slow)
  qr'^MAIL-UNDECIPHERABLE$', # recheck full mail if it contains undecipherables
  qr'^(ASCII(?! cpio)|text|uuencoded|xxencoded|binhex)'i,
# qr'^Zip archive data',     # don't trust Archive::Zip
));


# for $banned_namepath_re, a new-style of banned table, see amavisd.conf-sample

$banned_filename_re = new_RE(
# qr'^UNDECIPHERABLE$',  # is or contains any undecipherable components

  # block certain double extensions anywhere in the base name
  qr'\.[^./]*[A-Za-z][^./]*\.(exe|vbs|pif|scr|bat|cmd|com|cpl|dll)\.?$'i,

# qr'\{[0-9a-z]{4,}(-[0-9a-z]{4,}){0,7}\}?'i,  # Class ID extensions - CLSID

  qr'^application/x-msdownload$'i,                  # block these MIME types
  qr'^application/x-msdos-program$'i,
  qr'^application/hta$'i,

# qr'^message/partial$'i,         # rfc2046 MIME type
# qr'^message/external-body$'i,   # rfc2046 MIME type

# [ qr'^\.(Z|gz|bz2)$'           => 0 ],  # allow any in Unix-compressed
  [ qr'^\.(rpm|cpio|tar)$'       => 0 ],  # allow any in Unix-type archives
# [ qr'^\.(zip|rar|arc|arj|zoo)$'=> 0 ],  # allow any within such archives

  qr'.\.(exe|vbs|pif|scr|bat|cmd|com|cpl)$'i, # banned extension - basic
# qr'.\.(ade|adp|app|bas|bat|chm|cmd|com|cpl|crt|emf|exe|fxp|grp|hlp|hta|
#        inf|ins|isp|js|jse|lnk|mda|mdb|mde|mdw|mdt|mdz|msc|msi|msp|mst|
#        ops|pcd|pif|prg|reg|scr|sct|shb|shs|vb|vbe|vbs|
#        wmf|wsc|wsf|wsh)$'ix,  # banned ext - long

# qr'.\.(mim|b64|bhx|hqx|xxe|uu|uue)$'i,  # banned extension - WinZip vulnerab.

  qr'^\.(exe-ms)$',                       # banned file(1) types
# qr'^\.(exe|lha|tnef|cab|dll)$',         # banned file(1) types
);
# See http://support.microsoft.com/default.aspx?scid=kb;EN-US;q262631
# and http://www.cknow.com/vtutor/vtextensions.htm


# ENVELOPE SENDER SOFT-WHITELISTING / SOFT-BLACKLISTING

@score_sender_maps = ({ # a by-recipient hash lookup table,
                        # results from all matching recipient tables are summed

# ## per-recipient personal tables  (NOTE: positive: black, negative: white)
# 'user1@example.com'  => [{'bla-mobile.press@example.com' => 10.0}],
# 'user3@example.com'  => [{'.ebay.com'                 => -3.0}],
# 'user4@example.com'  => [{'cleargreen@cleargreen.com' => -7.0,
#                           '.cleargreen.com'           => -5.0}],

  ## site-wide opinions about senders (the '.' matches any recipient)
  '.' => [  # the _first_ matching sender determines the score boost

   new_RE(  # regexp-type lookup table, just happens to be all soft-blacklist
    [qr'^(bulkmail|offers|cheapbenefits|earnmoney|foryou)@'i         => 5.0],
    [qr'^(greatcasino|investments|lose_weight_today|market\.alert)@'i=> 5.0],
    [qr'^(money2you|MyGreenCard|new\.tld\.registry|opt-out|opt-in)@'i=> 5.0],
    [qr'^(optin|saveonlsmoking2002k|specialoffer|specialoffers)@'i   => 5.0],
    [qr'^(stockalert|stopsnoring|wantsome|workathome|yesitsfree)@'i  => 5.0],
    [qr'^(your_friend|greatoffers)@'i                                => 5.0],
    [qr'^(inkjetplanet|marketopt|MakeMoney)\d*@'i                    => 5.0],
   ),

#  read_hash("/var/amavis/sender_scores_sitewide"),

   { # a hash-type lookup table (associative array)
     'nobody@cert.org'                        => -3.0,
     'cert-advisory@us-cert.gov'              => -3.0,
     'owner-alert@iss.net'                    => -3.0,
     'slashdot@slashdot.org'                  => -3.0,
     'bugtraq@securityfocus.com'              => -3.0,
     'ntbugtraq@listserv.ntbugtraq.com'       => -3.0,
     'security-alerts@linuxsecurity.com'      => -3.0,
     'mailman-announce-admin@python.org'      => -3.0,
     'amavis-user-admin@lists.sourceforge.net'=> -3.0,
     'notification-return@lists.sophos.com'   => -3.0,
     'owner-postfix-users@postfix.org'        => -3.0,
     'owner-postfix-announce@postfix.org'     => -3.0,
     'owner-sendmail-announce@lists.sendmail.org'   => -3.0,
     'sendmail-announce-request@lists.sendmail.org' => -3.0,
     'donotreply@sendmail.org'                => -3.0,
     'ca+envelope@sendmail.org'               => -3.0,
     'noreply@freshmeat.net'                  => -3.0,
     'owner-technews@postel.acm.org'          => -3.0,
     'ietf-123-owner@loki.ietf.org'           => -3.0,
     'cvs-commits-list-admin@gnome.org'       => -3.0,
     'rt-users-admin@lists.fsck.com'          => -3.0,
     'clp-request@comp.nus.edu.sg'            => -3.0,
     'surveys-errors@lists.nua.ie'            => -3.0,
     'emailnews@genomeweb.com'                => -5.0,
     'yahoo-dev-null@yahoo-inc.com'           => -3.0,
     'returns.groups.yahoo.com'               => -3.0,
     'clusternews@linuxnetworx.com'           => -3.0,
     lc('lvs-users-admin@LinuxVirtualServer.org')    => -3.0,
     lc('owner-textbreakingnews@CNNIMAIL12.CNN.COM') => -5.0,

     # soft-blacklisting (positive score)
     'sender@example.net'                     =>  3.0,
     '.example.net'                           =>  1.0,

   },
  ],  # end of site-wide tables
});


@decoders = (
  ['mail', \&do_mime_decode],
  ['asc',  \&do_ascii],
  ['uue',  \&do_ascii],
  ['hqx',  \&do_ascii],
  ['ync',  \&do_ascii],
  ['F',    \&do_uncompress, ['unfreeze','freeze -d','melt','fcat'] ],
  ['Z',    \&do_uncompress, ['uncompress','gzip -d','zcat'] ],
  ['gz',   \&do_gunzip],
  ['gz',   \&do_uncompress,  'gzip -d'],
  ['bz2',  \&do_uncompress,  'bzip2 -d'],
  ['lzo',  \&do_uncompress,  'lzop -d'],
  ['rpm',  \&do_uncompress, ['rpm2cpio.pl','rpm2cpio'] ],
  ['cpio', \&do_pax_cpio,   ['pax','gcpio','cpio'] ],
  ['tar',  \&do_pax_cpio,   ['pax','gcpio','cpio'] ],
  ['tar',  \&do_tar],
  ['deb',  \&do_ar,          'ar'],
# ['a',    \&do_ar,          'ar'],  # unpacking .a seems an overkill
  ['zip',  \&do_unzip],
  ['rar',  \&do_unrar,      ['rar','unrar'] ],
  ['arj',  \&do_unarj,      ['arj','unarj'] ],
  ['arc',  \&do_arc,        ['nomarch','arc'] ],
  ['zoo',  \&do_zoo,         'zoo'],
  ['lha',  \&do_lha,         'lha'],
# ['doc',  \&do_ole,         'ripole'],
  ['cab',  \&do_cabextract,  'cabextract'],
  ['tnef', \&do_tnef_ext,    'tnef'],
  ['tnef', \&do_tnef],
  ['exe',  \&do_executable, ['rar','unrar'], 'lha', ['arj','unarj'] ],
);


@av_scanners = (

# ### http://www.vanja.com/tools/sophie/
# ['Sophie',
#   \&ask_daemon, ["{}/\n", '/var/run/sophie'],
#   qr/(?x)^ 0+ ( : | [\000\r\n]* $)/,  qr/(?x)^ 1 ( : | [\000\r\n]* $)/,
#   qr/(?x)^ [-+]? \d+ : (.*?) [\000\r\n]* $/ ],

# ### http://www.csupomona.edu/~henson/www/projects/SAVI-Perl/
# ['Sophos SAVI', \&sophos_savi ],

# ### http://www.clamav.net/
 ['ClamAV-clamd',
   \&ask_daemon, ["CONTSCAN {}\n", "127.0.0.1:3310"],
   qr/\bOK$/, qr/\bFOUND$/,
   qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
# # NOTE: the easiest is to run clamd under the same user as amavisd; match the
# # socket name (LocalSocket) in clamav.conf to the socket name in this entry
# # When running chrooted one may prefer: ["CONTSCAN {}\n","$MYHOME/clamd"],

# ### http://www.clamav.net/ and CPAN  (memory-hungry! clamd is preferred)
 ['Mail::ClamAV', \&ask_clamav, "*", [0], [1], qr/^INFECTED: (.+)/],

# ### http://www.openantivirus.org/
# ['OpenAntiVirus ScannerDaemon (OAV)',
#   \&ask_daemon, ["SCAN {}\n", '127.0.0.1:8127'],
#   qr/^OK/, qr/^FOUND: /, qr/^FOUND: (.+)/ ],

# ### http://www.vanja.com/tools/trophie/
# ['Trophie',
#   \&ask_daemon, ["{}/\n", '/var/run/trophie'],
#   qr/(?x)^ 0+ ( : | [\000\r\n]* $)/,  qr/(?x)^ 1 ( : | [\000\r\n]* $)/,
#   qr/(?x)^ [-+]? \d+ : (.*?) [\000\r\n]* $/ ],

# ### http://www.grisoft.com/
# ['AVG Anti-Virus',
#   \&ask_daemon, ["SCAN {}\n", '127.0.0.1:55555'],
#   qr/^200/, qr/^403/, qr/^403 .*?: ([^\r\n]+)/ ],

# ### http://www.f-prot.com/
# ['FRISK F-Prot Daemon',
#   \&ask_daemon,
#   ["GET {}/*?-dumb%20-archive%20-packed HTTP/1.0\r\n\r\n",
#     ['127.0.0.1:10200','127.0.0.1:10201','127.0.0.1:10202',
#      '127.0.0.1:10203','127.0.0.1:10204'] ],
#   qr/(?i)<summary[^>]*>clean<\/summary>/,
#   qr/(?i)<summary[^>]*>infected<\/summary>/,
#   qr/(?i)<name>(.+)<\/name>/ ],

# ### http://www.sald.com/, http://www.dials.ru/english/, http://www.drweb.ru/
# ['DrWebD', \&ask_daemon,   # DrWebD 4.31 or later
#   [pack('N',1).  # DRWEBD_SCAN_CMD
#    pack('N',0x00280001).   # DONT_CHANGEMAIL, IS_MAIL, RETURN_VIRUSES
#    pack('N',     # path length
#      length("$TEMPBASE/amavis-yyyymmddTHHMMSS-xxxxx/parts/pxxx")).
#    '{}/*'.       # path
#    pack('N',0).  # content size
#    pack('N',0),
#    '/var/drweb/run/drwebd.sock',
#  # '/var/amavis/var/run/drwebd.sock',   # suitable for chroot
#  # '/usr/local/drweb/run/drwebd.sock',  # FreeBSD drweb ports default
#  # '127.0.0.1:3000',                    # or over an inet socket
#   ],
#   qr/\A\x00[\x10\x11][\x00\x10]\x00/s,         # IS_CLEAN,EVAL_KEY; SKIPPED
#   qr/\A\x00[\x00\x01][\x00\x10][\x20\x40\x80]/s, # KNOWN_V,UNKNOWN_V,V._MODIF
#   qr/\A.{12}(?:infected with )?([^\x00]+)\x00/s,
# ],
# # NOTE: If using amavis-milter, change length to:
# # length("$TEMPBASE/amavis-milter-xxxxxxxxxxxxxx/parts/pxxx").

  ### http://www.kaspersky.com/  (in the 'file server version')
  ['KasperskyLab AVP - aveclient',
    ['/usr/local/kav/bin/aveclient','/usr/local/share/kav/bin/aveclient',
     '/opt/kav/bin/aveclient','aveclient'],
    '-p /var/run/aveserver -s {}/*', [0,3,6,8], qr/\b(INFECTED|SUSPICION)\b/,
    qr/(?:INFECTED|SUSPICION) (.+)/,
  ],

  ### http://www.kaspersky.com/
  ['KasperskyLab AntiViral Toolkit Pro (AVP)', ['avp'],
    '-* -P -B -Y -O- {}', [0,3,6,8], [2,4],    # any use for -A -K   ?
    qr/infected: (.+)/,
    sub {chdir('/opt/AVP') or die "Can't chdir to AVP: $!"},
    sub {chdir($TEMPBASE) or die "Can't chdir back to $TEMPBASE $!"},
  ],

  ### The kavdaemon and AVPDaemonClient have been removed from Kasperky
  ### products and replaced by aveserver and aveclient
  ['KasperskyLab AVPDaemonClient',
    [ '/opt/AVP/kavdaemon',       'kavdaemon',
      '/opt/AVP/AvpDaemonClient', 'AvpDaemonClient',
      '/opt/AVP/AvpTeamDream',    'AvpTeamDream',
      '/opt/AVP/avpdc', 'avpdc' ],
    "-f=$TEMPBASE {}", [0,8], [3,4,5,6], qr/infected: ([^\r\n]+)/ ],
    # change the startup-script in /etc/init.d/kavd to:
    #   DPARMS="-* -Y -dl -f=/var/amavis /var/amavis"
    #   (or perhaps:   DPARMS="-I0 -Y -* /var/amavis" )
    # adjusting /var/amavis above to match your $TEMPBASE.
    # The '-f=/var/amavis' is needed if not running it as root, so it
    # can find, read, and write its pid file, etc., see 'man kavdaemon'.
    # defUnix.prf: there must be an entry "*/var/amavis" (or whatever
    #   directory $TEMPBASE specifies) in the 'Names=' section.
    # cd /opt/AVP/DaemonClients; configure; cd Sample; make
    # cp AvpDaemonClient /opt/AVP/
    # su - vscan -c "${PREFIX}/kavdaemon ${DPARMS}"

  ### http://www.centralcommand.com/
  ['CentralCommand Vexira (new) vascan',
    ['vascan','/usr/lib/Vexira/vascan'],
    "-a s --timeout=60 --temp=$TEMPBASE -y $QUARANTINEDIR ".
    "--vdb=/usr/lib/Vexira/vexira8.vdb --log=/var/log/vascan.log {}",
    [0,3], [1,2,5],
    qr/(?x)^\s* (?:virus|iworm|macro|mutant|sequence|trojan)\ found:\ ( [^\]\s']+ )\ \.\.\.\ / ],
    # Adjust the path of the binary and the virus database as needed.
    # 'vascan' does not allow to have the temp directory to be the same as
    # the quarantine directory, and the quarantine option can not be disabled.
    # If $QUARANTINEDIR is not used, then another directory must be specified
    # to appease 'vascan'. Move status 3 to the second list if password
    # protected files are to be considered infected.

  ### http://www.hbedv.com/
  ['H+BEDV AntiVir or the (old) CentralCommand Vexira Antivirus',
    ['antivir','vexira'],
    '--allfiles -noboot -nombr -rs -s -z {}', [0], qr/ALERT:|VIRUS:/,
    qr/(?x)^\s* (?: ALERT: \s* (?: \[ | [^']* ' ) |
         (?i) VIRUS:\ .*?\ virus\ '?) ( [^\]\s']+ )/ ],
    # NOTE: if you only have a demo version, remove -z and add 214, as in:
    #  '--allfiles -noboot -nombr -rs -s {}', [0,214], qr/ALERT:|VIRUS:/,

  ### http://www.commandsoftware.com/
  ['Command AntiVirus for Linux', 'csav',
    '-all -archive -packed {}', [50], [51,52,53],
    qr/Infection: (.+)/ ],

  ### http://www.symantec.com/
  ['Symantec CarrierScan via Symantec CommandLineScanner',
    'cscmdline', '-a scan -i 1 -v -s 127.0.0.1:7777 {}',
    qr/^Files Infected:\s+0$/, qr/^Infected\b/,
    qr/^(?:Info|Virus Name):\s+(.+)/ ],

  ### http://www.symantec.com/
  ['Symantec AntiVirus Scan Engine',
    'savsecls', '-server 127.0.0.1:7777 -mode scanrepair -details -verbose {}',
    [0], qr/^Infected\b/,
    qr/^(?:Info|Virus Name):\s+(.+)/ ],
    # NOTE: check options and patterns to see which entry better applies

  ### http://www.f-secure.com/products/anti-virus/
  ['F-Secure Antivirus', 'fsav',
    '--dumb --mime --archive {}', [0], [3,8],
    qr/(?:infection|Infected|Suspected): (.+)/ ],

  ['CAI InoculateIT', 'inocucmd',  # retired product
    '-sec -nex {}', [0], [100],
    qr/was infected by virus (.+)/ ],
  # see: http://www.flatmtn.com/computer/Linux-Antivirus_CAI.html

  ### http://www3.ca.com/Solutions/Product.asp?ID=156  (ex InoculateIT)
  ['CAI eTrust Antivirus', 'etrust-wrapper',
    '-arc -nex -spm h {}', [0], [101],
    qr/is infected by virus: (.+)/ ],
    # NOTE: requires suid wrapper around inocmd32; consider flag: -mod reviewer
    # see http://marc.theaimsgroup.com/?l=amavis-user&m=109229779912783

  ### http://mks.com.pl/english.html
  ['MkS_Vir for Linux (beta)', ['mks32','mks'],
    '-s {}/*', [0], [1,2],
    qr/--[ \t]*(.+)/ ],

  ### http://mks.com.pl/english.html
  ['MkS_Vir daemon', 'mksscan',
    '-s -q {}', [0], [1..7],
    qr/^... (\S+)/ ],

  ### http://www.nod32.com/
  ['ESET Software NOD32', 'nod32',
    '--arch --mail {}', [0], [1,10], qr/^object=.*, virus="(.*?)",/ ],
  # with old versions use:
  #   '-all -subdir+ {}', [0], [1,2],
  #   qr/^.+? - (.+?)\s*(?:backdoor|joke|trojan|virus|worm)/ ],

  ### http://www.nod32.com/
  ['ESET Software NOD32 - Client/Server Version', 'nod32cli',
    '-a -r -d recurse --heur standard {}', [0], [10,11],
    qr/^\S+\s+infected:\s+(.+)/ ],

# Experimental, based on posting from Rado Dibarbora (Dibo) on 2002-05-31
# ['ESET Software NOD32 Client/Server (NOD32SS)',
#   \&ask_daemon2,    # greets with 200, persistent, terminate with QUIT
#   ["SCAN {}/*\r\n", '127.0.0.1:8448' ],
#   qr/^200 File OK/, qr/^201 /, qr/^201 (.+)/ ],

  ### http://www.norman.com/products_nvc.shtml
  ['Norman Virus Control v5 / Linux', 'nvcc',
    '-c -l:0 -s -u -temp:$TEMPBASE {}', [0,10,11], [1,2,14],
    qr/(?i).* virus in .* -> \'(.+)\'/ ],

  ### http://www.pandasoftware.com/
  ['Panda Antivirus for Linux', ['pavcl'],
    '-aut -aex -heu -cmp -nbr -nor -nso -eng {}',
    qr/Number of files infected[ .]*: 0+(?!\d)/,
    qr/Number of files infected[ .]*: 0*[1-9]/,
    qr/Found virus :\s*(\S+)/ ],

# ### http://www.pandasoftware.com/
# ['Panda Antivirus for Linux', ['pavcl'],
#   '-TSR -aut -aex -heu -cmp -nbr -nor -nso -eng {}',
#   [0], [0x10, 0x30, 0x50, 0x70, 0x90, 0xB0, 0xD0, 0xF0],
#   qr/Found virus :\s*(\S+)/ ],

# GeCAD AV technology is acquired by Microsoft; RAV has been discontinued.
# Check your RAV license terms before fiddling with the following two lines!
# ['GeCAD RAV AntiVirus 8', 'ravav',
#   '--all --archive --mail {}', [1], [2,3,4,5], qr/Infected: (.+)/ ],
# # NOTE: the command line switches changed with scan engine 8.5 !
# # (btw, assigning stdin to /dev/null causes RAV to fail)

  ### http://www.nai.com/
  ['NAI McAfee AntiVirus (uvscan)', 'uvscan',
    '--secure -rv --mime --summary --noboot - {}', [0], [13],
    qr/(?x) Found (?:
        \ the\ (.+)\ (?:virus|trojan)  |
        \ (?:virus|trojan)\ or\ variant\ ([^ ]+)  |
        :\ (.+)\ NOT\ a\ virus)/,
  # sub {$ENV{LD_PRELOAD}='/lib/libc.so.6'},
  # sub {delete $ENV{LD_PRELOAD}},
  ],
  # NOTE1: with RH9: force the dynamic linker to look at /lib/libc.so.6 before
  # anything else by setting environment variable LD_PRELOAD=/lib/libc.so.6
  # and then clear it when finished to avoid confusing anything else.
  # NOTE2: to treat encrypted files as viruses replace the [13] with:
  #  qr/^\s{5,}(Found|is password-protected|.*(virus|trojan))/

  ### http://www.virusbuster.hu/en/
  ['VirusBuster', ['vbuster', 'vbengcl'],
    "{} -ss -i '*' -log=$MYHOME/vbuster.log", [0], [1],
    qr/: '(.*)' - Virus/ ],
  # VirusBuster Ltd. does not support the daemon version for the workstation
  # engine (vbuster-eng-1.12-linux-i386-libc6.tgz) any longer. The names of
  # binaries, some parameters AND return codes have changed (from 3 to 1).
  # See also the new Vexira entry 'vascan' which is possibly related.

# ### http://www.virusbuster.hu/en/
# ['VirusBuster (Client + Daemon)', 'vbengd',
#   '-f -log scandir {}', [0], [3],
#   qr/Virus found = (.*);/ ],
# # HINT: for an infected file it always returns 3,
# # although the man-page tells a different story

  ### http://www.cyber.com/
  ['CyberSoft VFind', 'vfind',
    '--vexit {}/*', [0], [23], qr/##==>>>> VIRUS ID: CVDL (.+)/,
  # sub {$ENV{VSTK_HOME}='/usr/lib/vstk'},
  ],

  ### http://www.ikarus-software.com/
  ['Ikarus AntiVirus for Linux', 'ikarus',
    '{}', [0], [40], qr/Signature (.+) found/ ],

  ### http://www.bitdefender.com/
  ['BitDefender', 'bdc',
    '--all --arc --mail {}', qr/^Infected files *:0+(?!\d)/,
    qr/^(?:Infected files|Identified viruses|Suspect files) *:0*[1-9]/,
    qr/(?:suspected|infected): (.*)(?:\033|$)/ ],

# ['File::Scan', sub {Amavis::AV::ask_av(sub{
#   use File::Scan; my($fn)=@_;
#   my($f)=File::Scan->new(max_txt_size=>0, max_bin_size=>0);
#   my($vname) = $f->scan($fn);
#   $f->error ? (2,"Error: ".$f->error)
#   : ($vname ne '') ? (1,"$vname FOUND") : (0,"Clean")}, @_) },
#   ["{}/*"], [0], [1], qr/^(.*) FOUND$/ ],

# ### example: fully-fledged checker for JPEG marker segments of invalid length
# ['check-jpeg',
#   sub { use JpegTester (); Amavis::AV::ask_av(\&JpegTester::test_jpeg, @_) },
#   ["{}/*"], undef, [1], qr/^(bad jpeg: .*)$/ ],
# # NOTE: place file JpegTester.pm somewhere where Perl can find it,
# #       for example in /usr/local/lib/perl5/site_perl

);


@av_scanners_backup = (

  ### http://www.clamav.net/   - backs up clamd or Mail::ClamAV
  ['ClamAV-clamscan', 'clamscan',
    "--stdout --disable-summary -r --tempdir=$TEMPBASE {}", [0], [1],
    qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],

  ### http://www.f-prot.com/   - backs up F-Prot Daemon
  ['FRISK F-Prot Antivirus', ['f-prot','f-prot.sh'],
    '-dumb -archive -packed {}', [0,8], [3,6],
    qr/Infection: (.+)|\s+contains\s+(.+)$/ ],

  ### http://www.trendmicro.com/   - backs up Trophie
  ['Trend Micro FileScanner', ['/etc/iscan/vscan','vscan'],
    '-za -a {}', [0], qr/Found virus/, qr/Found virus (.+) in/ ],

  ### http://www.sald.com/, http://drweb.imshop.de/   - backs up DrWebD
  ['drweb - DrWeb Antivirus',
    ['/usr/local/drweb/drweb', '/opt/drweb/drweb', 'drweb'],
    '-path={} -al -go -ot -cn -upn -ok-',
    [0,32], [1,9,33], qr' infected (?:with|by)(?: virus)? (.*)$'],

  ['KasperskyLab kavscanner', ['/opt/kav/bin/kavscanner','kavscanner'],
    '-i1 -xp {}', [0,10,15], [5,20,21,25],
    qr/(?:CURED|INFECTED|CUREFAILED|WARNING|SUSPICION) (.*)/ ,
    sub {chdir('/opt/kav/bin') or die "Can't chdir to kav: $!"},
    sub {chdir($TEMPBASE) or die "Can't chdir back to $TEMPBASE $!"},
  ],

# Commented out because the name 'sweep' clashes with Debian and FreeBSD
# package/port of an audio editor. Make sure the correct 'sweep' is found
# in the path when enabling.
#
# ### http://www.sophos.com/   - backs up Sophie or SAVI-Perl
# ['Sophos Anti Virus (sweep)', 'sweep',
#   '-nb -f -all -rec -ss -sc -archive -cab -tnef --no-reset-atime {}',
#   [0,2], qr/Virus .*? found/,
#   qr/^>>> Virus(?: fragment)? '?(.*?)'? found/,
# ],
# # other options to consider: -mime -oe -idedir=/usr/local/sav

# always succeeds (uncomment to consider mail clean if all other scanners fail)
# ['always-clean', sub {0}],

);


1;  # insure a defined return

MfG
enko

**Sargnagel** · 02.08.06, 17:48

Hallöchen...

Da fehlt noch die Konfigurationsdatei für dem clamAV. Der läuft möglicherweise nicht.

Grüzi!
Marc

**enko** · 02.08.06, 18:05

Wie gewünscht:

/etc/clamd.conf

Code:

##
## Example config file for the Clam AV daemon
## Please read the clamd.conf(5) manual before editing this file.
##

# Uncomment this option to enable logging.
# LogFile must be writable for the user running daemon.
# A full path is required.
# Default: disabled
#LogFile /var/log/clamd

# By default the log file is locked for writing - the lock protects against
# running clamd multiple times (if you want to run another clamd instance,
# please # copy the configuration file, change the LogFile variable, and run
# the daemon with the --config-file option).
# This option disables log file locking.
# Default: disabled
#LogFileUnlock

# Maximal size of the log file.
# Value of 0 disables the limit.
# You may use 'M' or 'm' for megabytes (1M = 1m = 1048576 bytes)
# and 'K' or 'k' for kilobytes (1K = 1k = 1024 bytes). To specify the size
# in bytes just don't use modifiers.
# Default: 1M
#LogFileMaxSize 2M

# Log time with each message.
# Default: disabled
#LogTime

# Also log clean files. Useful in debugging but drastically increases the
# log size.
# Default: disabled
#LogClean

# Use system logger (can work together with LogFile).
# Default: disabled
LogSyslog

# Specify the type of syslog messages - please refer to 'man syslog'
# for facility names.
# Default: LOG_LOCAL6
LogFacility LOG_MAIL

# Enable verbose logging.
# Default: disabled
#LogVerbose

# This option allows you to save a process identifier of the listening
# daemon (main thread).
# Default: disabled
PidFile /var/lib/clamav/clamd.pid

# Optional path to the global temporary directory.
# Default: system specific (usually /tmp or /var/tmp).
#TemporaryDirectory /var/tmp

# Path to the database directory.
# Default: hardcoded (depends on installation options)
#DatabaseDirectory /var/lib/clamav

# The daemon works in a local OR a network mode. Due to security reasons we
# recommend the local mode.

# Path to a local socket file the daemon will listen on.
# Default: disabled
#LocalSocket /var/lib/clamav/clamd-socket

# Remove stale socket after unclean shutdown.
# Default: disabled
FixStaleSocket

# TCP port address.
# Default: disabled
TCPSocket 3310

# TCP address.
# By default we bind to INADDR_ANY, probably not wise.
# Enable the following to provide some degree of protection
# from the outside world.
# Default: disabled
TCPAddr 127.0.0.1

# Maximum length the queue of pending connections may grow to.
# Default: 15
#MaxConnectionQueueLength 30

# Clamd uses FTP-like protocol to receive data from remote clients.
# If you are using clamav-milter to balance load between remote clamd daemons
# on firewall servers you may need to tune the options below.

# Close the connection when the data size limit is exceeded.
# The value should match your MTA's limit for a maximal attachment size.
# Default: 10M
#StreamMaxLength 20M

# Limit port range.
# Default: 1024
#StreamMinPort 30000
# Default: 2048
#StreamMaxPort 32000

# Maximal number of threads running at the same time.
# Default: 10
#MaxThreads 20

# Waiting for data from a client socket will timeout after this time (seconds).
# Value of 0 disables the timeout.
# Default: 120
#ReadTimeout 300

# Waiting for a new job will timeout after this time (seconds).
# Default: 30
#IdleTimeout 60

# Maximal depth directories are scanned at.
# Default: 15
#MaxDirectoryRecursion 20

# Follow directory symlinks.
# Default: disabled
#FollowDirectorySymlinks

# Follow regular file symlinks.
# Default: disabled
#FollowFileSymlinks

# Perform internal sanity check (database integrity and freshness).
# Default: 1800 (30 min)
#SelfCheck 600

# Execute a command when virus is found. In the command string %v will
# be replaced by a virus name.
# Default: disabled
#VirusEvent /usr/local/bin/send_sms 123456789 "VIRUS ALERT: %v"

# Run as a selected user (clamd must be started by root).
# Default: disabled
User vscan

# Initialize supplementary group access (clamd must be started by root).
# Default: disabled
#AllowSupplementaryGroups

# Stop daemon when libclamav reports out of memory condition.
#ExitOnOOM

# Don't fork into background.
# Default: disabled
Foreground

# Enable debug messages in libclamav.
# Default: disabled
#Debug

# Do not remove temporary files (for debug purposes).
# Default: disabled
#LeaveTemporaryFiles


# By default clamd uses scan options recommended by libclamav. This option
# disables recommended options and allows you to enable selected ones below.
# DO NOT TOUCH IT unless you know what you are doing.
# Default: disabled
#DisableDefaultScanOptions

##
## Executable files
##

# PE stands for Portable Executable - it's an executable file format used
# in all 32-bit versions of Windows operating systems. This option allows
# ClamAV to perform a deeper analysis of executable files and it's also
# required for decompression of popular executable packers such as UPX, FSG,
# and Petite.
# Default: enabled
#ScanPE

# With this option clamav will try to detect broken executables and mark
# them as Broken.Executable
# Default: disabled
#DetectBrokenExecutables


##
## Documents
##

# This option enables scanning of Microsoft Office document macros.
# Default: enabled
#ScanOLE2

##
## Mail files
##

# Enable internal e-mail scanner.
# Default: enabled
#ScanMail

# If an email contains URLs ClamAV can download and scan them.
# WARNING: This option may open your system to a DoS attack.
#	   Never use it on loaded servers.
# Default: disabled
#MailFollowURLs


##
## HTML
##

# Perform HTML normalisation and decryption of MS Script Encoder code.
# Default: enabled
#ScanHTML


##
## Archives
##

# ClamAV can scan within archives and compressed files.
# Default: enabled
#ScanArchive

# Due to license issues libclamav does not support RAR 3.0 archives (only the
# old 2.0 format is supported). Because some users report stability problems
# with unrarlib it's disabled by default and you must uncomment the directive
# below to enable RAR 2.0 support.
# Default: disabled
#ScanRAR

# The options below protect your system against Denial of Service attacks
# using archive bombs.

# Files in archives larger than this limit won't be scanned.
# Value of 0 disables the limit.
# Default: 10M
#ArchiveMaxFileSize 15M

# Nested archives are scanned recursively, e.g. if a Zip archive contains a RAR
# file, all files within it will also be scanned. This options specifies how
# deep the process should be continued.
# Value of 0 disables the limit.
# Default: 8
#ArchiveMaxRecursion 9

# Number of files to be scanned within an archive.
# Value of 0 disables the limit.
# Default: 1000
#ArchiveMaxFiles 1500

# If a file in an archive is compressed more than ArchiveMaxCompressionRatio
# times it will be marked as a virus (Oversized.ArchiveType, e.g. Oversized.Zip)
# Value of 0 disables the limit.
# Default: 250
#ArchiveMaxCompressionRatio 300

# Use slower but memory efficient decompression algorithm.
# only affects the bzip2 decompressor.
# Default: disabled
#ArchiveLimitMemoryUsage

# Mark encrypted archives as viruses (Encrypted.Zip, Encrypted.RAR).
# Default: disabled
#ArchiveBlockEncrypted

# Mark archives as viruses (e.g. RAR.ExceededFileSize, Zip.ExceededFilesLimit)
# if ArchiveMaxFiles, ArchiveMaxFileSize, or ArchiveMaxRecursion limit is
# reached.
# Default: disabled
#ArchiveBlockMax

MfG
enko

**enko** · 04.08.06, 18:31

Hat keiner eine Idee?

**Jinto** · 04.08.06, 18:42

Was sagt /etc/init.d/clamav status (viellecht auch clamavd oder clamd, ich hab grad kein clamav installiert).

**enko** · 04.08.06, 19:18

Hm, der war unused, warum auch immer. Habe ihn jetzt wieder im runlevel-Editor aktiviert und nochmal neu gestartet.

in /var/log/mail steht nun folgendes:

Code:

Aug  4 20:02:14 brain clamd[2822]: Daemon started.
Aug  4 20:02:14 brain clamd[2822]: clamd daemon 0.88.2 (OS: linux-gnu, ARCH: i386, CPU: i686)
Aug  4 20:02:14 brain clamd[2822]: Log file size limited to 1048576 bytes.
Aug  4 20:02:14 brain clamd[2822]: Running as user vscan (UID 65, GID 111)
Aug  4 20:02:14 brain clamd[2822]: Reading databases from /var/lib/clamav
Aug  4 20:02:26 brain clamd[2822]: Protecting against 64181 viruses.
Aug  4 20:02:26 brain clamd[2822]: Bound to address 127.0.0.1 on port 3310
Aug  4 20:02:26 brain clamd[2822]: Setting connection queue length to 15
Aug  4 20:02:26 brain clamd[2822]: Archive: Archived file size limit set to 10485760 bytes.
Aug  4 20:02:26 brain clamd[2822]: Archive: Recursion level limit set to 8.
Aug  4 20:02:26 brain clamd[2822]: Archive: Files limit set to 1000.
Aug  4 20:02:26 brain clamd[2822]: Archive: Compression ratio limit set to 250.
Aug  4 20:02:26 brain clamd[2822]: Archive support enabled.
Aug  4 20:02:26 brain clamd[2822]: Archive: RAR support disabled.
Aug  4 20:02:26 brain clamd[2822]: Portable Executable support enabled.
Aug  4 20:02:26 brain clamd[2822]: Mail files support enabled.
Aug  4 20:02:26 brain clamd[2822]: OLE2 support enabled.
Aug  4 20:02:26 brain clamd[2822]: HTML support enabled.
Aug  4 20:02:26 brain clamd[2822]: Self checking every 1800 seconds.
Aug  4 20:02:29 brain postfix/postfix-script: starting the Postfix mail system
Aug  4 20:02:29 brain postfix/master[3123]: daemon started -- version 2.2.9, configuration /etc/postfix
Aug  4 20:02:31 brain freshclam[3161]: Daemon started.
Aug  4 20:02:31 brain freshclam[3163]: freshclam daemon 0.88.2 (OS: linux-gnu, ARCH: i386, CPU: i686)
Aug  4 20:02:31 brain freshclam[3163]: ClamAV update process started at Fri Aug  4 20:02:31 2006
Aug  4 20:02:31 brain freshclam[3163]: WARNING: Your ClamAV installation is OUTDATED!
Aug  4 20:02:31 brain freshclam[3163]: WARNING: Local version: 0.88.2 Recommended version: 0.88.3
Aug  4 20:02:31 brain freshclam[3163]: DON'T PANIC! Read http://www.clamav.net/faq.html
Aug  4 20:02:31 brain freshclam[3163]: main.cvd is up to date (version: 39, sigs: 58116, f-level: 8, builder: tkojm)
Aug  4 20:02:31 brain freshclam[3163]: daily.cvd is up to date (version: 1635, sigs: 6065, f-level: 8, builder: sven)
Aug  4 20:02:31 brain freshclam[3163]: --------------------------------------
Aug  4 20:02:37 brain amavis[2828]: starting.  /usr/sbin/amavisd at brain.castle amavisd-new-2.3.3 (20050822), Unicode aware, LC_ALL=POSIX
Aug  4 20:02:37 brain amavis[2828]: Perl version               5.008008
Aug  4 20:02:44 brain amavis[3255]: Module Amavis::Conf        2.043
Aug  4 20:02:44 brain amavis[3255]: Module Archive::Tar        1.24
Aug  4 20:02:44 brain amavis[3255]: Module Archive::Zip        1.16
Aug  4 20:02:44 brain amavis[3255]: Module BerkeleyDB          0.26
Aug  4 20:02:44 brain amavis[3255]: Module Compress::Zlib      1.35
Aug  4 20:02:44 brain amavis[3255]: Module Convert::TNEF       0.17
Aug  4 20:02:44 brain amavis[3255]: Module Convert::UUlib      1.051
Aug  4 20:02:44 brain amavis[3255]: Module DBD::mysql          3.0002
Aug  4 20:02:44 brain amavis[3255]: Module DBI                 1.50
Aug  4 20:02:44 brain amavis[3255]: Module DB_File             1.814
Aug  4 20:02:44 brain amavis[3255]: Module MIME::Entity        5.419
Aug  4 20:02:44 brain amavis[3255]: Module MIME::Parser        5.419
Aug  4 20:02:44 brain amavis[3255]: Module MIME::Tools         5.419
Aug  4 20:02:44 brain amavis[3255]: Module Mail::Header        1.67
Aug  4 20:02:44 brain amavis[3255]: Module Mail::Internet      1.67
Aug  4 20:02:44 brain amavis[3255]: Module Mail::SpamAssassin  3.001001
Aug  4 20:02:44 brain amavis[3255]: Module Net::Cmd            2.26
Aug  4 20:02:44 brain amavis[3255]: Module Net::DNS            0.55
Aug  4 20:02:44 brain amavis[3255]: Module Net::SMTP           2.29
Aug  4 20:02:44 brain amavis[3255]: Module Net::Server         0.90
Aug  4 20:02:44 brain amavis[3255]: Module Razor2::Client::Version 2.77
Aug  4 20:02:44 brain amavis[3255]: Module Time::HiRes         1.86
Aug  4 20:02:44 brain amavis[3255]: Module Unix::Syslog        0.100
Aug  4 20:02:44 brain amavis[3255]: Amavis::DB code    loaded
Aug  4 20:02:44 brain amavis[3255]: Amavis::Cache code loaded
Aug  4 20:02:44 brain amavis[3255]: SQL base code      NOT loaded
Aug  4 20:02:44 brain amavis[3255]: SQL::Log code      NOT loaded
Aug  4 20:02:44 brain amavis[3255]: SQL::Quarantine    NOT loaded
Aug  4 20:02:44 brain amavis[3255]: Lookup::SQL  code  NOT loaded
Aug  4 20:02:44 brain amavis[3255]: Lookup::LDAP code  NOT loaded
Aug  4 20:02:44 brain amavis[3255]: AM.PDP prot  code  loaded
Aug  4 20:02:44 brain amavis[3255]: SMTP-in prot code  loaded
Aug  4 20:02:44 brain amavis[3255]: ANTI-VIRUS code    loaded
Aug  4 20:02:44 brain amavis[3255]: ANTI-SPAM  code    loaded
Aug  4 20:02:44 brain amavis[3255]: Unpackers  code    loaded
Aug  4 20:02:44 brain amavis[3255]: Found $file            at /usr/bin/file
Aug  4 20:02:44 brain amavis[3255]: No $dspam,             not using it
Aug  4 20:02:44 brain amavis[3255]: Internal decoder for .mail
Aug  4 20:02:44 brain amavis[3255]: Internal decoder for .asc 
Aug  4 20:02:44 brain amavis[3255]: Internal decoder for .uue 
Aug  4 20:02:44 brain amavis[3255]: Internal decoder for .hqx 
Aug  4 20:02:44 brain amavis[3255]: Internal decoder for .ync 
Aug  4 20:02:44 brain amavis[3255]: No decoder for       .F    tried: unfreeze, freeze -d, melt, fcat
Aug  4 20:02:44 brain amavis[3255]: Found decoder for    .Z    at /usr/bin/gzip -d
Aug  4 20:02:44 brain amavis[3255]: Internal decoder for .gz  
Aug  4 20:02:44 brain amavis[3255]: Found decoder for    .bz2  at /usr/bin/bzip2 -d
Aug  4 20:02:44 brain amavis[3255]: No decoder for       .lzo  tried: lzop -d
Aug  4 20:02:44 brain amavis[3255]: Found decoder for    .rpm  at /usr/bin/rpm2cpio
Aug  4 20:02:44 brain amavis[3255]: Found decoder for    .cpio at /usr/bin/pax
Aug  4 20:02:44 brain amavis[3255]: Found decoder for    .tar  at /usr/bin/pax
Aug  4 20:02:44 brain amavis[3255]: Found decoder for    .deb  at /usr/bin/ar
Aug  4 20:02:44 brain amavis[3255]: Internal decoder for .zip 
Aug  4 20:02:44 brain amavis[3255]: Found decoder for    .rar  at /usr/bin/unrar
Aug  4 20:02:44 brain amavis[3255]: Found decoder for    .arj  at /usr/bin/unarj
Aug  4 20:02:44 brain amavis[3255]: No decoder for       .arc  tried: nomarch, arc
Aug  4 20:02:44 brain amavis[3255]: Found decoder for    .zoo  at /usr/bin/zoo
Aug  4 20:02:44 brain amavis[3255]: Found decoder for    .lha  at /usr/bin/lha
Aug  4 20:02:44 brain amavis[3255]: Found decoder for    .cab  at /usr/bin/cabextract
Aug  4 20:02:44 brain amavis[3255]: No decoder for       .tnef tried: tnef
Aug  4 20:02:44 brain amavis[3255]: Internal decoder for .tnef
Aug  4 20:02:44 brain amavis[3255]: Found decoder for    .exe  at /usr/bin/unrar; /usr/bin/lha; /usr/bin/unarj
Aug  4 20:02:44 brain amavis[3255]: Using internal av scanner code for (primary) ClamAV-clamd
Aug  4 20:02:44 brain amavis[3255]: Found secondary av scanner ClamAV-clamscan at /usr/bin/clamscan
Aug  4 20:02:45 brain amavis[3255]: Creating db in /var/spool/amavis/db/; BerkeleyDB 0.26, libdb 4.3
Aug  4 20:02:50 brain spamd[3214]: logger: removing stderr method 
Aug  4 20:02:55 brain spampd[3291]: Process Backgrounded 
Aug  4 20:02:55 brain spampd[3291]: 2006/08/04-20:02:55 SpamPD (type Net::Server::PreForkSimple) starting! pid(3291) 
Aug  4 20:02:55 brain spampd[3291]: Binding to TCP port 10025 on host 127.0.0.1  
Aug  4 20:02:55 brain spampd[3291]: 2006/08/04-20:02:55 Can't connect to TCP port 10025 on 127.0.0.1 [Address already in use]   at line 88 in file /usr/lib/perl5/vendor_perl/5.8.8/Net/Server/Proto/TCP.pm 
Aug  4 20:02:55 brain spampd[3291]: 2006/08/04-20:02:55 Server closing! 
Aug  4 20:03:02 brain spamd[3281]: spamd: server started on port 783/tcp (running version 3.1.1) 
Aug  4 20:03:02 brain spamd[3281]: spamd: server pid: 3281 
Aug  4 20:03:02 brain spamd[3281]: spamd: server successfully spawned child process, pid 3348 
Aug  4 20:03:02 brain spamd[3281]: spamd: server successfully spawned child process, pid 3349 
Aug  4 20:03:02 brain spamd[3281]: prefork: child states: II 
Aug  4 20:12:33 brain postfix/smtpd[3804]: connect from localhost[127.0.0.1]
Aug  4 20:12:33 brain postfix/smtpd[3804]: D3DD711F1: client=localhost[127.0.0.1]
Aug  4 20:12:33 brain postfix/cleanup[3807]: D3DD711F1: message-id=<44D38D5A.60408@xxxxxxxx.de>
Aug  4 20:12:34 brain postfix/qmgr[3132]: D3DD711F1: from=<xxx@xxxxxxx.de>, size=974, nrcpt=1 (queue active)
Aug  4 20:12:34 brain postfix/smtpd[3804]: disconnect from localhost[127.0.0.1]
Aug  4 20:12:35 brain postfix/smtpd[3811]: connect from unknown[127.0.0.1]
Aug  4 18:12:35 brain postfix/smtpd[3811]: 348AB11F8: client=unknown[127.0.0.1]
Aug  4 20:12:35 brain postfix/cleanup[3807]: 348AB11F8: message-id=<44D38D5A.60408@xxxxxxxx.de>
Aug  4 18:12:35 brain postfix/smtpd[3811]: disconnect from unknown[127.0.0.1]
Aug  4 20:12:35 brain amavis[3282]: (03282-01) Passed CLEAN, [217.172.183.167] <eek@desa-projekt.de> -> <mail_e@localhost.brain.castle>, Message-ID: <44D38D5A.60408@xxxxxxx.de>, mail_id: NrCKWUr3J2uc, Hits: 3.701, 1279 ms
Aug  4 20:12:35 brain postfix/qmgr[3132]: 348AB11F8: from=<xxx@xxxxxxx.de>, size=1410, nrcpt=1 (queue active)
Aug  4 20:12:35 brain postfix/qmgr[3132]: warning: connect to transport [127.0.0.1]: No such file or directory
Aug  4 20:12:35 brain postfix/smtp[3808]: D3DD711F1: to=<mail_e@localhost.brain.castle>, orig_to=<mail_e@localhost>, relay=127.0.0.1[127.0.0.1], delay=2, status=sent (250 2.6.0 Ok, id=03282-01, from MTA([127.0.0.1]:10025): 250 Ok: queued as 348AB11F8)
Aug  4 20:12:35 brain postfix/qmgr[3132]: D3DD711F1: removed
Aug  4 20:13:35 brain postfix/qmgr[3132]: warning: connect to transport [127.0.0.1]: No such file or directory
Aug  4 20:14:35 brain postfix/qmgr[3132]: warning: connect to transport [127.0.0.1]: No such file or directory
Aug  4 20:15:35 brain postfix/qmgr[3132]: warning: connect to transport [127.0.0.1]: No such file or directory

**Jinto** · 04.08.06, 19:34

Zeile (in amavisd.conf):
# $forward_method = 'smtp:[127.0.0.1]:10025'; # set to undef with milter!

auf:
$forward_method = 'smtp:[127.0.0.1]:10027'; # set to undef with milter!
ändern (man beachte auch, das fehlende # am anfang der Zeile)