amavisd-new, clamav (clamd) und dazuko

[der-pima]

Hi Leute.

Ich hab ein paar Fragen, hoffe ihr koennt mir helfen.

1)Muss ich dazuko manuell installieren damit ClamAV überhaupt läuft, wenn ja wie?
2) Guckt euch mal meine Configs an, ich versteh nicht warum bei "amavisd-debug" folgendes kommt:

amavisd debug
Jan 24 00:41:17 web amavisd[19549]: starting. amavisd at web amavisd-new-20030616-p7, Unicode aware
Jan 24 00:41:17 web amavisd[19549]: Perl version 5.008
Jan 24 00:41:17 web amavisd[19549]: Module Amavis::Conf 1.15
Jan 24 00:41:17 web amavisd[19549]: Module Archive::Tar 1.03
Jan 24 00:41:17 web amavisd[19549]: Module Archive::Zip 1.06
Jan 24 00:41:17 web amavisd[19549]: Module Compress::Zlib 1.22
Jan 24 00:41:17 web amavisd[19549]: Module Convert::TNEF 0.17
Jan 24 00:41:17 web amavisd[19549]: Module Convert::UUlib 0.31
Jan 24 00:41:17 web amavisd[19549]: Module MIME::Entity 5.404
Jan 24 00:41:17 web amavisd[19549]: Module MIME::Parser 5.406
Jan 24 00:41:17 web amavisd[19549]: Module MIME::Tools 5.411
Jan 24 00:41:17 web amavisd[19549]: Module Mail::Header 1.58
Jan 24 00:41:17 web amavisd[19549]: Module Mail::Internet 1.58
Jan 24 00:41:17 web amavisd[19549]: Module Mail::SpamAssassin 2.60
Jan 24 00:41:17 web amavisd[19549]: Module Net::Cmd 2.24
Jan 24 00:41:17 web amavisd[19549]: Module Net::DNS 0.38
Jan 24 00:41:17 web amavisd[19549]: Module Net::SMTP 2.26
Jan 24 00:41:17 web amavisd[19549]: Module Net::Server 0.85
Jan 24 00:41:17 web amavisd[19549]: Module Time::HiRes 1.47
Jan 24 00:41:17 web amavisd[19549]: Module Unix::Syslog 0.100
Jan 24 00:41:17 web amavisd[19549]: Found myself: /usr/sbin/amavisd -c /etc/amavisd.conf
Jan 24 00:41:17 web amavisd[19549]: Lookup::SQL code loaded
Jan 24 00:41:17 web amavisd[19549]: Lookup::LDAP code NOT loaded
Jan 24 00:41:17 web amavisd[19549]: AMCL-in protocol code NOT loaded
Jan 24 00:41:17 web amavisd[19549]: SMTP-in protocol code loaded
Jan 24 00:41:17 web amavisd[19549]: ANTI-VIRUS code NOT loaded
Jan 24 00:41:17 web amavisd[19549]: ANTI-SPAM code loaded
Pid_file "/var/run/amavis/amavisd.pid" already exists. Overwriting!
Jan 24 00:41:17 web amavisd[19549]: Net::Server: 2004/01/24-00:41:17 Amavis (type Net::Server::PreForkSimple) starting! pid(19549)
Jan 24 00:41:17 web amavisd[19549]: Net::Server: Binding to TCP port 10024 on host 127.0.0.1
Jan 24 00:41:17 web amavisd[19549]: Net::Server: Chrooting to /var/run/amavis
Jan 24 00:41:17 web amavisd[19549]: Net::Server: Setting gid to "408 408"
Jan 24 00:41:17 web amavisd[19549]: Net::Server: Setting uid to "1004"
Jan 24 00:41:17 web amavisd[19549]: Net::Server: Couldn't POSIX::setuid to "1004" [Illegal seek]
Jan 24 00:41:17 web amavisd[19549]: Net::Server: Setting up serialization via flock
Jan 24 00:41:17 web amavisd[19549]: No $file, not using it
Jan 24 00:41:17 web amavisd[19549]: No $arc, not using it
Jan 24 00:41:17 web amavisd[19549]: No $gzip, not using it
Jan 24 00:41:17 web amavisd[19549]: No $bzip2, not using it
Jan 24 00:41:17 web amavisd[19549]: No $lzop, not using it
Jan 24 00:41:17 web amavisd[19549]: No $lha, not using it
Jan 24 00:41:17 web amavisd[19549]: No $unarj, not using it
Jan 24 00:41:17 web amavisd[19549]: No $uncompress, not using it
Jan 24 00:41:17 web amavisd[19549]: No $unfreeze, not using it
Jan 24 00:41:17 web amavisd[19549]: No $unrar, not using it
Jan 24 00:41:17 web amavisd[19549]: No $zoo, not using it
Jan 24 00:41:17 web amavisd[19549]: No $cpio, not using it
No TEMPBASE directory: /var/run/amavis /var/run/amavis/tmp at /usr/sbin/amavisd line 4870.


___________

meine amavisd.conf

use strict;

$MYHOME = '/var/run/amavis';
$mydomain = 'lalelu.com';
$daemon_user = 'amavis';
$daemon_group = 'amavis';
$daemon_chroot_dir = $MYHOME;

$QUARANTINEDIR = "$MYHOME/quarantine";
$TEMPBASE = "$MYHOME/tmp";
$ENV{TMPDIR} = $TEMPBASE;
$helpers_home = $MYHOME;

$forward_method = 'smtp:127.0.0.1:10025';
$notify_method = $forward_method;
$inet_socket_port = 10024;
$inet_socket_bind = '127.0.0.1';
@inet_acl = qw( 127.0.0.1 );


$final_virus_destiny = D_DISCARD; # (defaults to D_BOUNCE)
$final_banned_destiny = D_DISCARD; # (defaults to D_BOUNCE)
$final_spam_destiny = D_DISCARD; # (defaults to D_REJECT)
$final_bad_header_destiny = D_PASS; # (defaults to D_PASS), D_BOUNCE suggested


@av_scanners = (
['Clam Antivirus-clamd',
\&ask_daemon, ["CONTSCAN {}\n", '/var/run/clamd.ctl'],
qr/\bOK$/, qr/\bFOUND$/,
qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
);


@av_scanners_backup = (

### http://clamav.elektrapro.com/
['Clam Antivirus - clamscan', 'clamscan',
'--stdout --disable-summary -r {}', [0], [1],
qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
);


$virus_admin = 'virus@lalelu.com;

$X_HEADER_TAG = 'Virus- and Spamscanned';


@bypass_virus_checks_acl = qw( . );
@local_domains_acl = ( ".$mydomain" );

$DO_SYSLOG = 1; # (1 = syslog, 0 = logfile)
$LOGFILE = "$MYHOME/amavis.log";
$log_level = 5; # (0-5)

$hdrfrom_notify_sender = 'SpamAssassin <info@lalelu.com>';
#$notify_spam_sender_templ = read_text("$MYHOME/notify_spam_sender.txt");

$final_spam_destiny = D_PASS; # Set to D_BOUNCE to block/notify, D_PASS to pass through

read_hash(\%whitelist_sender, '/var/run/amavis/whitelist');
read_hash(\%blacklist_sender, '/var/run/amavis/blacklist');
read_hash(\%spam_lovers, '/var/run/amavis/spam_lovers');

#defending against mail bombs
$MAXLEVELS = 14; # Maximum recursion level for extraction/decoding
$MAXFILES = 1500; # Maximum number of extracted files
$MIN_EXPANSION_QUOTA = 100*1024; # bytes (default undef, not enforced)
$MAX_EXPANSION_QUOTA = 300*1024*1024; # bytes (default undef, not enforced)
$MIN_EXPANSION_FACTOR = 5; # times original mail size (must be specified)
$MAX_EXPANSION_FACTOR = 500; # times original mail size (must be specified)

$path = '/usr/local/sbin:/usr/local/bin:/usr/sbin:/sbin:/usr/bin:/bin';

$banned_filename_re = new_RE(
qr'.\.(ade|adp|bas|bat|chm|cmd|com|cpl|crt|exe|hlp|hta|inf|ins|isp|js|
jse|lnk|mdb|mde|msc|msi|msp|mst|pcd|pif|reg|scr|sct|shs|shb|vb|
vbe|vbs|wsc|wsf|wsh)$'ix,
);




$file = 'file';
$arc = ['nomarch', 'arc'];
$gzip = 'gzip';
$bzip2 = 'bzip2';
$uncompress = ['uncompress', 'gzip -d', 'zcat'];
$lha = 'lha';
$unarj = 'unarj';
$unrar = 'unrar';
$zoo = 'zoo';

# SpamAssassin settings
$sa_local_tests_only = 1;
$sa_auto_whitelist = 1; # comment this line out to turn off auto whitelist
$sa_mail_body_size_limit = 64*1024; # 64KB

$sa_tag_level_deflt = 3.0; # controls adding the X-Spam-Status and X-Spam-Level headers,
$sa_tag2_level_deflt = 6.3; # controls adding 'X-Spam-Flag: YES', and editing Subject,
$sa_kill_level_deflt = $sa_tag2_level_deflt; # triggers spam evasive actions:


$sa_spam_subject_tag = '***SPAM*** ';
$sa_debug = 1; # comment this line out to turn off debugging


@lookup_sql_dsn = ( ['DBI:mysql:webspace:localhost', 'root', 'PASSWORT'] );



$sql_select_policy =
'SELECT CONCAT_WS(\'@\',users.username,users.domainname) AS email,policy.*'.
' FROM users, policy'.
' WHERE (users.policy_id=policy.id)'.
' AND (CONCAT_WS(\'@\',users.username,users.domainname)'.
' IN (%k)) ORDER BY users.priority DESC';


$sql_select_white_black_list = 1;

1; # insure a defined return


_______________

meine clamav.conf


##
## Example config file for the Clam AV daemon
## Please read the clamav.conf(5) manual before editing this file.
##


# Comment or remove the line below.
#Example

# Uncomment this option to enable logging.
# LogFile must be writable for the user running the daemon.
# Full path is required.
LogFile /var/log/clamd.log

# By default the log file is locked for writing - the lock protects against
# running clamd multiple times (if want to run another clamd, please
# copy the configuration file, change the LogFile variable, and run
# the daemon with --config-file option). That's why you shouldn't uncomment
# this option.
#LogFileUnlock

# Maximal size of the log file. Default is 1 Mb.
# Value of 0 disables the limit.
# You may use 'M' or 'm' for megabytes (1M = 1m = 1048576 bytes)
# and 'K' or 'k' for kilobytes (1K = 1k = 1024 bytes). To specify the size
# in bytes just don't use modifiers.
#LogFileMaxSize 2M

# Log time with an each message.
LogTime

# Use system logger (can work together with LogFile).
#LogSyslog

# Enable verbose logging.
LogVerbose

# This option allows you to save the process identifier of the listening
# daemon (main thread).
PidFile /var/run/clamd.pid

# Path to a directory containing .db files.
# Default is the hardcoded directory (mostly /usr/local/share/clamav,
# it depends on installation options).
#DataDirectory /var/lib/clamav

# The daemon works in local or network mode. Currently the local mode is
# recommended for security reasons.

# Path to the local socket. The daemon doesn't change the mode of the
# created file (portability reasons). You may want to create it in a directory
# which is only accessible for a user running daemon.
LocalSocket /tmp/clamd

# TCP port address.
#TCPSocket 3310
#TCPSocket 784

# Maximum length the queue of pending connections may grow to.
# Default is 15.
#MaxConnectionQueueLength 30

# When activated, input stream (see STREAM command) will be saved to disk before
# scanning - this allows scanning within archives.
StreamSaveToDisk

# Close the connection if this limit is exceeded.
#StreamMaxLength 10M

# Maximal number of a threads running at the same time.
# Default is 5, and it should be sufficient for a typical workstation.
# You may need to increase threads number for a server machine.
#MaxThreads 10

# Thread (scanner - single task) will be stopped after this time (seconds).
# Default is 180. Value of 0 disables the timeout. SECURITY HINT: Increase the
# timeout instead of disabling it.
#ThreadTimeout 500

# Maximal depth the directories are scanned at.
MaxDirectoryRecursion 15

# Follow a directory symlinks.
# SECURITY HINT: You should have enabled directory recursion limit to
# avoid potential problems.
#FollowDirectorySymlinks

# Follow regular file symlinks.
#FollowFileSymlinks

# Do internal checks (eg. check the integrity of the database structures)
# By default clamd checks itself every 3600 seconds (1 hour).
#SelfCheck 600

# Run as selected user (clamd must be started by root).
# By default it doesn't drop privileges.

User clamav
#war #

# Initialize the supplementary group access (for all groups in /etc/group
# user is added in. clamd must be started by root).
#AllowSupplementaryGroups

# Don't fork into background. Useful in debugging.
#Foreground

##
## Mail support
##

# Uncomment this option if you are planning to scan mail files.
ScanMail

##
## Archive support
##


# Comment this line to disable scanning of the archives.
ScanArchive

# Options below protect your system against Denial of Service attacks
# with archive bombs.

# Files in archives larger than this limit won't be scanned.
# Value of 0 disables the limit.
# WARNING: Due to the unrarlib implementation, whole files (one by one) in RAR
# archives are decompressed to the memory. That's why never disable
# this limit (but you may increase it of course!)
ArchiveMaxFileSize 10M

# Archives are scanned recursively - e.g. if Zip archive contains RAR file,
# the RAR file will be decompressed, too (but only if recursion limit is set
# at least to 1). With this option you may set the recursion level.
# Value of 0 disables the limit.

ArchiveMaxRecursion 5

# Number of files to be scanned within archive.
# Value of 0 disables the limit.
ArchiveMaxFiles 1000

# Use slower decompression algorithm which uses less memory. This option
# affects bzip2 decompressor only.
#ArchiveLimitMemoryUsage

##
## Clamuko settings
## WARNING: This is experimental software. It is very likely it will hang
## up your system !!!
##

# Enable Clamuko. Dazuko (/dev/dazuko) must be configured and running.
ClamukoScanOnLine

# Set access mask for Clamuko.
ClamukoScanOnOpen
ClamukoScanOnClose
ClamukoScanOnExec

# Set the include paths (all files in them will be scanned). You can have
# multiple ClamukoIncludePath options, but each directory must be added
# in a seperate option. All subdirectories are scanned, too.
ClamukoIncludePath /home


# Set the exclude paths. All subdirectories are also excluded.
ClamukoExcludePath /home/var/spool/mail/

# Limit the file size to be scanned (probably you don't want to scan your movie
# files )
# Value of 0 disables the limit. 1 Mb should be fine.
ClamukoMaxFileSize 1M

# Enable archive support. It uses the limits from clamd section.
# (This option doesn't depend on ScanArchive, you can have archive support
# in clamd disabled).
ClamukoScanArchive


Für Antworten wäre ich sehr dankbar!!!

MfG Jan

[razorbuzz]

hallo nein dazuko brauchts nicht, wichtig ist aber das calmav und amavis-new unbedingt die gelichen verzeichnisse benutzen /var/run/amavis -sonst gehts nicht.
was sagt /etc/init.d/clamd start ? geht das ohne fehlermeldung ?
soweit ich noch in erinnerung habe musste auch dei /etc/conf.d/clamav angepasst werden..

bei mir hatte es seinerzeit an den unterschiedlichen verzeichnissen gelegen
_________________
with regards
razor

[der-pima]

ich lass die beiden unter dem gleichen user (amavis) laufen.
pid und verzeichnis sind var run amavis.
trotzdem findet amavisd-new clamav net.
ich bin z.z. net @ home, passt aber mal was ich gemacht hab.
bis denne,

pima

[der-pima]

ps aux | grep clamd
amavis 15866 0.0 1.3 15272 12008 ? S 14:13 0:00 [clamd]
amavis 6691 0.0 1.3 15272 12008 ? S 14:13 0:00 [clamd]
amavis 6119 0.0 1.3 15272 12008 ? S 14:13 0:00 [clamd]


/etc/init.d/amavisd start
* Starting amavisd-new...
Pid_file "/var/run/amavis/amavisd.pid" already exists. Overwriting! [ ok ]


cd /var/run/amavis/
amavisd.pid blacklist clamd clamd.pid spam_lovers tmp whitelist

Muss amavisd-new auch mit user amavis gestartet werden?


hab immer noch seltsame fehlermeldung:

Jan 25 14:17:43 web amavisd[8589]: Lookup::SQL code loaded
Jan 25 14:17:43 web amavisd[8589]: Lookup::LDAP code NOT loaded
Jan 25 14:17:43 web amavisd[8589]: AMCL-in protocol code NOT loaded
Jan 25 14:17:43 web amavisd[8589]: SMTP-in protocol code loaded
Jan 25 14:17:43 web amavisd[8589]: ANTI-VIRUS code NOT loaded
Jan 25 14:17:43 web amavisd[8589]: ANTI-SPAM code loaded
Pid_file "/var/run/amavis/amavisd.pid" already exists. Overwriting!
Jan 25 14:17:43 web amavisd[8589]: Net::Server: 2004/01/25-14:17:43 Amavis (type
Net::Server::PreForkSimple) starting! pid(8589)
Jan 25 14:17:43 web amavisd[8589]: Net::Server: Binding to TCP port 10024 on hos
t 127.0.0.1
Jan 25 14:17:43 web amavisd[8589]: Net::Server: Chrooting to /var/run/amavis
Jan 25 14:17:43 web amavisd[8589]: Net::Server: Setting gid to "408 408"
Jan 25 14:17:43 web amavisd[8589]: Net::Server: Setting uid to "1004"
Jan 25 14:17:43 web amavisd[8589]: Net::Server: Couldn't POSIX::setuid to "1004"
[Illegal seek]
Jan 25 14:17:43 web amavisd[8589]: Net::Server: Setting up serialization via flo
ck
Jan 25 14:17:43 web amavisd[8589]: No $file, not using it
Jan 25 14:17:43 web amavisd[8589]: No $arc, not using it
Jan 25 14:17:43 web amavisd[8589]: No $gzip, not using it
Jan 25 14:17:43 web amavisd[8589]: No $bzip2, not using it
Jan 25 14:17:43 web amavisd[8589]: No $lzop, not using it
Jan 25 14:17:43 web amavisd[8589]: No $lha, not using it
Jan 25 14:17:43 web amavisd[8589]: No $unarj, not using it
Jan 25 14:17:43 web amavisd[8589]: No $uncompress, not using it
Jan 25 14:17:43 web amavisd[8589]: No $unfreeze, not using it
Jan 25 14:17:43 web amavisd[8589]: No $unrar, not using it
Jan 25 14:17:43 web amavisd[8589]: No $zoo, not using it
Jan 25 14:17:43 web amavisd[8589]: No $cpio, not using it
No TEMPBASE directory: /var/run/amavis /var/run/amavis/tmp at /usr/sbin/amavisd
line 4870.


Hm,

MfG Pima

[der-pima]

Problem gelöst