| View previous topic :: View next topic |
| Author |
Message |
mkiler
n00b
Joined: 22 May 2008
Posts: 12
|
 Posted: Thu May 22, 2008 1:26 pm Post subject: ClamAV-clamd av-scanner FAILED |
 |
|
Hi
I have problem with my postfix. Server worked fine but two days ago something happened. Emails can not be delivered to recipients, but only when in /etc/amavisd.conf option bypass is comment:
| Code: | #@bypass_virus_checks_maps = (1); # uncomment to DISABLE anti-virus code
#@bypass_spam_checks_maps = (1); # uncomment to DISABLE anti-spam code |
When is uncomment mails are delivered.
When bypass is comment and I do /etc/init.d/clamd start log from /var/log/messages is:
| Code: |
May 22 13:29:21 papa freshclam[2772]: Current working dir is /var/lib/clamav
May 22 13:29:21 papa freshclam[2773]: freshclam daemon 0.90.3 (OS: linux-gnu, ARCH: i386, CPU: i686)
May 22 13:29:21 papa freshclam[2773]: Max retries == 3
May 22 13:29:21 papa freshclam[2773]: ClamAV update process started at Thu May 22 13:29:21 2008
May 22 13:29:21 papa freshclam[2773]: Querying current.cvd.clamav.net
May 22 13:29:22 papa freshclam[2773]: TTL: 30
May 22 13:29:22 papa freshclam[2773]: Software version from DNS: 0.93
May 22 13:29:22 papa freshclam[2773]: Your ClamAV installation is OUTDATED!
May 22 13:29:22 papa freshclam[2773]: Local version: 0.90.3 Recommended version: 0.93
May 22 13:29:22 papa freshclam[2773]: DON'T PANIC! Read http://www.clamav.net/support/faq
May 22 13:29:22 papa freshclam[2773]: Waiting to lock database directory: /var/lib/clamav
May 22 13:29:27 papa freshclam[2773]: Waiting to lock database directory: /var/lib/clamav
May 22 13:29:32 papa freshclam[2773]: Waiting to lock database directory: /var/lib/clamav
May 22 13:29:37 papa freshclam[2773]: Waiting to lock database directory: /var/lib/clamav
May 22 13:29:42 papa freshclam[2773]: Waiting to lock database directory: /var/lib/clamav
May 22 13:29:46 papa pop3d: Connection, ip=[83.6.115.9]
May 22 13:29:46 papa pop3d: LOGIN, user=poltarzewski, ip=[83.6.115.9]
May 22 13:29:47 papa pop3d: LOGOUT, user=poltarzewski, ip=[83.6.115.9], top=0, retr=0, time=1
May 22 13:29:47 papa freshclam[2773]: Waiting to lock database directory: /var/lib/clamav
May 22 13:29:52 papa freshclam[2773]: main.cvd version from DNS: 46
May 22 13:29:52 papa freshclam[2773]: main.cvd is up to date (version: 46, sigs: 231834, f-level: 26, builder: sven)
May 22 13:29:52 papa freshclam[2773]: daily.cvd version from DNS: 7213
May 22 13:29:52 papa freshclam[2773]: daily.inc is up to date (version: 7213, sigs: 65401, f-level: 26, builder: ccordes)
May 22 13:29:52 papa freshclam[2773]: --------------------------------------
|
next step /etc/init.d/amavisd start log is:
| Code: | May 22 13:32:08 papa amavis[2849]: (02849-01) (!!) ClamAV-clamd av-scanner FAILED: Too many retries to talk to /var/amavis/clamd (Can't connect to UNIX socket /var/amavis/clamd: Connection refused) at (eval 66) line 268.
May 22 13:32:08 papa amavis[2849]: (02849-01) (!!) WARN: all primary virus scanners failed, considering backups
|
What is wrong??
And when scanning in amavis is on and I try to send message log is:
| Code: | May 22 14:00:52 papa postfix/smtpd[6395]: 8D1D3508326: client=aatd227.neoplus.adsl.tpnet.pl[83.5.241.227], sasl_method=PLAIN, sasl_username=mkiljanski
May 22 14:00:52 papa postfix/cleanup[6396]: 8D1D3508326: message-id=<48357380.6020001@example.pl>
May 22 14:00:52 papa postfix/qmgr[6382]: 8D1D3508326: from=<m.kiljanski@example.pl>, size=527, nrcpt=1 (queue active)
May 22 14:00:52 papa postfix/smtpd[6395]: disconnect from aatd227.neoplus.adsl.tpnet.pl[83.5.241.227]
May 22 14:00:52 papa postfix/pickup[6381]: C42F450833B: uid=1150 from=<m.kiljanski@example.pl>
May 22 14:00:52 papa postfix/cleanup[6472]: C42F450833B: message-id=<48357380.6020001@example.pl>
May 22 14:00:52 papa postfix/pipe[6397]: 8D1D3508326: to=<m.kiljanski@example.pl>, relay=dfilt, delay=0.4, delays=0.33/0/0/0.07, dsn=2.0.0, status=sent (delivered via dfilt service)
May 22 14:00:52 papa postfix/qmgr[6382]: 8D1D3508326: removed
May 22 14:00:52 papa postfix/qmgr[6382]: C42F450833B: from=<m.kiljanski@example.pl>, size=711, nrcpt=1 (queue active) |
Apreciate your advice  |
|
| Back to top |
|
 |
magic919
Advocate
Joined: 17 Jun 2005
Posts: 2182
Location: Berkshire, UK
|
| Posted: Thu May 22, 2008 3:49 pm Post subject: |
|
|
| Sounds a lot like your aged clamav is stuffed. Update it and fix it. |
|
| Back to top |
|
|
mkiler
n00b
Joined: 22 May 2008
Posts: 12
|
| Posted: Thu May 22, 2008 5:44 pm Post subject: |
|
|
ok updated
| Code: | papa ~ # emerge -s clamav
Searching...
[ Results for search key : clamav ]
[ Applications found : 5 ]
* app-antivirus/clamav
Latest version available: 0.93
Latest version installed: 0.93
Size of files: 15,756 kB
Homepage: http://www.clamav.net/
Description: Clam Anti-Virus Scanner
License: GPL-2 |
but when amavis starts
| Code: | May 22 18:13:34 papa amavis[19319]: ANTI-VIRUS code loaded
May 22 18:13:34 papa amavis[19319]: ANTI-SPAM code loaded
May 22 18:13:34 papa amavis[19319]: ANTI-SPAM-SA code loaded
|
log:
| Code: | May 22 18:15:02 papa amavis[19333]: (19333-01) (!!) ClamAV-clamd av-scanner FAILED: Too many retries to talk to /var/amavis/clamd (Can't connect to UNIX socket /var/amavis/clamd: Connection refused) at (eval 66) line 268.
May 22 18:15:02 papa amavis[19333]: (19333-01) (!!) WARN: all primary virus scanners failed, considering backups |
emails are delivered!
but this error, whats wrong? |
|
| Back to top |
|
|
bunder
Bodhisattva
Joined: 10 Apr 2004
Posts: 5947
|
| Posted: Thu May 22, 2008 6:33 pm Post subject: |
|
|
i need to see your amavis and clam configs please... usually when i see this:
| Quote: | | May 22 18:15:02 papa amavis[19333]: (19333-01) (!!) ClamAV-clamd av-scanner FAILED: Too many retries to talk to /var/amavis/clamd (Can't connect to UNIX socket /var/amavis/clamd: Connection refused) at (eval 66) line 268. |
either clamd isn't running, or there is a configuation issue between clam/amavis.
cheers
_________________
| Neddyseagoon wrote: | | The problem with leaving is that you can only do it once and it reduces your influence. |
banned from #gentoo since sept 2017 |
|
| Back to top |
|
|
mkiler
n00b
Joined: 22 May 2008
Posts: 12
|
| Posted: Thu May 22, 2008 6:52 pm Post subject: |
|
|
clamd
| Code: | ##
## Example config file for the Clam AV daemon
## Please read the clamd.conf(5) manual before editing this file.
##
# Comment or remove the line below.
# Example
# Uncomment this option to enable logging.
# LogFile must be writable for the user running daemon.
# A full path is required.
# Default: disabled
LogVerbose yes
LogFile /var/log/clamav/clamd.log
# By default the log file is locked for writing - the lock protects against
# running clamd multiple times (if want to run another clamd, please
# copy the configuration file, change the LogFile variable, and run
# the daemon with --config-file option).
# This option disables log file locking.
# Default: no
#LogFileUnlock yes
# Maximum size of the log file.
# Value of 0 disables the limit.
# You may use 'M' or 'm' for megabytes (1M = 1m = 1048576 bytes)
# and 'K' or 'k' for kilobytes (1K = 1k = 1024 bytes). To specify the size
# in bytes just don't use modifiers.
# Default: 1M
#LogFileMaxSize 2M
# Log time with each message.
# Default: no
LogTime yes
# Also log clean files. Useful in debugging but drastically increases the
# log size.
# Default: no
#LogClean yes
# Use system logger (can work together with LogFile).
# Default: no
#LogSyslog yes
# Specify the type of syslog messages - please refer to 'man syslog'
# for facility names.
# Default: LOG_LOCAL6
#LogFacility LOG_MAIL
# Enable verbose logging.
# Default: no
#LogVerbose yes
# This option allows you to save a process identifier of the listening
# daemon (main thread).
# Default: disabled
#PidFile /var/run/amavis/clamd.pid
PidFile /var/amavis/clamd.pid
# Optional path to the global temporary directory.
# Default: system specific (usually /tmp or /var/tmp).
#TemporaryDirectory /var/tmp
# Path to the database directory.
# Default: hardcoded (depends on installation options)
#DatabaseDirectory /var/lib/clamav
# The daemon works in a local OR a network mode. Due to security reasons we
# recommend the local mode.
# Path to a local socket file the daemon will listen on.
# Default: disabled (must be specified by a user)
LocalSocket /var/amavis/clamd
# Remove stale socket after unclean shutdown.
# Default: no
FixStaleSocket yes
# TCP port address.
# Default: no
#TCPSocket 3310
# TCP address.
# By default we bind to INADDR_ANY, probably not wise.
# Enable the following to provide some degree of protection
# from the outside world.
# Default: no
#TCPAddr 127.0.0.1
# Maximum length the queue of pending connections may grow to.
# Default: 15
#MaxConnectionQueueLength 30
# Clamd uses FTP-like protocol to receive data from remote clients.
# If you are using clamav-milter to balance load between remote clamd daemons
# on firewall servers you may need to tune the options below.
# Close the connection when the data size limit is exceeded.
# The value should match your MTA's limit for a maximum attachment size.
# Default: 10M
StreamMaxLength 10M
# Limit port range.
# Default: 1024
#StreamMinPort 30000
# Default: 2048
#StreamMaxPort 32000
# Maximum number of threads running at the same time.
# Default: 10
#MaxThreads 20
# Waiting for data from a client socket will timeout after this time (seconds).
# Value of 0 disables the timeout.
# Default: 120
#ReadTimeout 300
# Waiting for a new job will timeout after this time (seconds).
# Default: 30
#IdleTimeout 60
# Maximum depth directories are scanned at.
# Default: 15
#MaxDirectoryRecursion 20
# Follow directory symlinks.
# Default: no
#FollowDirectorySymlinks yes
# Follow regular file symlinks.
# Default: no
#FollowFileSymlinks yes
# Perform a database check.
# Default: 1800 (30 min)
#SelfCheck 600
# Execute a command when virus is found. In the command string %v will
# be replaced with the virus name.
# Default: no
#VirusEvent /usr/local/bin/send_sms 123456789 "VIRUS ALERT: %v"
# Run as another user (clamd must be started by root to make this option
# working).
# Default: don't drop privileges
User amavis
# Initialize supplementary group access (clamd must be started by root).
# Default: no
#AllowSupplementaryGroups no
# Stop daemon when libclamav reports out of memory condition.
#ExitOnOOM yes
# Don't fork into background.
# Default: no
#Foreground yes
# Enable debug messages in libclamav.
# Default: no
#Debug yes
# Do not remove temporary files (for debug purposes).
# Default: no
#LeaveTemporaryFiles yes
# In some cases (eg. complex malware, exploits in graphic files, and others),
# ClamAV uses special algorithms to provide accurate detection. This option
# controls the algorithmic detection.
# Default: yes
#AlgorithmicDetection yes
##
## Executable files
##
# PE stands for Portable Executable - it's an executable file format used
# in all 32 and 64-bit versions of Windows operating systems. This option allows
# ClamAV to perform a deeper analysis of executable files and it's also
# required for decompression of popular executable packers such as UPX, FSG,
# and Petite.
# Default: yes
#ScanPE yes
# Executable and Linking Format is a standard format for UN*X executables.
# This option allows you to control the scanning of ELF files.
# Default: yes
#ScanELF yes
# With this option clamav will try to detect broken executables (both PE and
# ELF) and mark them as Broken.Executable.
# Default: no
#DetectBrokenExecutables yes
##
## Documents
##
# This option enables scanning of OLE2 files, such as Microsoft Office
# documents and .msi files.
# Default: yes
#ScanOLE2 yes
# This option enables scanning within PDF files.
# Default: no
#ScanPDF yes
##
## Mail files
##
# Enable internal e-mail scanner.
# Default: yes
ScanMail yes
# If an email contains URLs ClamAV can download and scan them.
# WARNING: This option may open your system to a DoS attack.
# Never use it on loaded servers.
# Default: no
#MailFollowURLs no
# Recursion level limit for the mail scanner.
# Default: 64
#MailMaxRecursion 128
# With this option enabled ClamAV will try to detect phishing attempts by using
# signatures.
# Default: yes
#PhishingSignatures yes
# Scan urls found in mails for phishing attempts.
# (available in experimental builds only)
# Default: yes
#PhishingScanURLs yes
# Use phishing detection only for domains listed in the .pdb database. It is
# not recommended to have this option turned off, because scanning of all
# domains may lead to many false positives!
# (available in experimental builds only)
# Default: yes
#PhishingRestrictedScan yes
# Always block SSL mismatches in URLs, even if the URL isn't in the database.
# This can lead to false positives.
# (available in experimental builds only)
#
# Default: no
#PhishingAlwaysBlockSSLMismatch no
# Always block cloaked URLs, even if URL isn't in database.
# This can lead to false positives.
# (available in experimental builds only)
#
# Default: no
#PhishingAlwaysBlockCloak no
##
## HTML
##
# Perform HTML normalisation and decryption of MS Script Encoder code.
# Default: yes
#ScanHTML yes
##
## Archives
##
# ClamAV can scan within archives and compressed files.
# Default: yes
ScanArchive yes
# The options below protect your system against Denial of Service attacks
# using archive bombs.
# Files in archives larger than this limit won't be scanned.
# Value of 0 disables the limit.
# Default: 10M
#ArchiveMaxFileSize 15M
# Nested archives are scanned recursively, e.g. if a Zip archive contains a RAR
# file, all files within it will also be scanned. This options specifies how
# deeply the process should be continued.
# Value of 0 disables the limit.
# Default: 8
#ArchiveMaxRecursion 10
# Number of files to be scanned within an archive.
# Value of 0 disables the limit.
# Default: 1000
#ArchiveMaxFiles 1500
# If a file in an archive is compressed more than ArchiveMaxCompressionRatio
# times it will be marked as a virus (Oversized.ArchiveType, e.g. Oversized.Zip)
# Value of 0 disables the limit.
# Default: 250
#ArchiveMaxCompressionRatio 300
# Use slower but memory efficient decompression algorithm.
# only affects the bzip2 decompressor.
# Default: no
#ArchiveLimitMemoryUsage yes
# Mark encrypted archives as viruses (Encrypted.Zip, Encrypted.RAR).
# Default: no
#ArchiveBlockEncrypted no
# Mark archives as viruses (e.g. RAR.ExceededFileSize, Zip.ExceededFilesLimit)
# if ArchiveMaxFiles, ArchiveMaxFileSize, or ArchiveMaxRecursion limit is
# reached.
# Default: no
#ArchiveBlockMax no
# Enable support for Sensory Networks' NodalCore hardware accelerator.
# Default: no
#NodalCoreAcceleration yes
##
## Clamuko settings
## WARNING: This is experimental software. It is very likely it will hang
## up your system!!!
##
# Enable Clamuko. Dazuko (/dev/dazuko) must be configured and running.
# Default: no
#ClamukoScanOnAccess yes
# Set access mask for Clamuko.
# Default: no
#ClamukoScanOnOpen yes
#ClamukoScanOnClose yes
#ClamukoScanOnExec yes
# Set the include paths (all files inside them will be scanned). You can have
# multiple ClamukoIncludePath directives but each directory must be added
# in a seperate line.
# Default: disabled
#ClamukoIncludePath /home
#ClamukoIncludePath /students
# Set the exclude paths. All subdirectories are also excluded.
# Default: disabled
#ClamukoExcludePath /home/bofh
# Don't scan files larger than ClamukoMaxFileSize
# Value of 0 disables the limit.
# Default: 5M
#ClamukoMaxFileSize 10M
|
amavis
| Code: |
use strict;
# Sample configuration file for amavisd-new (traditional style, chatty,
# you may prefer to start with the more concise supplied amavisd.conf)
#
# See amavisd.conf-default for a list of all variables with their defaults;
# for more details see documentation in INSTALL, README_FILES/*
# and at http://www.ijs.si/software/amavisd/amavisd-new-docs.html
# This software is licensed under the GNU General Public License (GPL).
# See comments at the start of amavisd-new for the whole license text.
#Sections:
# Section I - Essential daemon and MTA settings
# Section II - MTA specific
# Section III - Logging
# Section IV - Notifications/DSN, bounce/reject/discard/pass, quarantine
# Section V - Per-recipient and per-sender handling, whitelisting, etc.
# Section VI - Resource limits
# Section VII - External programs, virus scanners, SpamAssassin
# Section VIII - Debugging
# Section IX - Policy banks (dynamic policy switching)
#GENERAL NOTES:
# This file is a normal Perl code, interpreted by Perl itself.
# - make sure this file (or directory where it resides) is NOT WRITABLE
# by mere mortals (not even vscan/amavis; best to make it owned by root),
# otherwise it can represent a severe security risk!
# - for values which are interpreted as booleans, it is recommended
# to use 1 for true, and 0 or undef or '' for false;
# Note that this interpretation of boolean values does not apply directly
# to LDAP and SQL lookups, which follow their own rules - see README.lookups
# and README.ldap (in short: use Y/N in SQL, and TRUE/FALSE in LDAP);
# - Perl syntax applies. Most notably: strings in "" may include variables
# (which start with $ or @); to include characters $ and @ and \ in double
# quoted strings precede them by a backslash; in single-quoted strings
# the $ and @ lose their special meaning, so it is usually easier to use
# single quoted strings (or qw operator) for e-mail addresses.
# In both types of quoting a backslash should to be doubled.
# - variables with names starting with a '@' are lists, the values assigned
# to them should be lists too, e.g. ('one@foo', $mydomain, "three");
# note the comma-separation and parenthesis. If strings in the list
# do not contain spaces nor variables, a Perl operator qw() may be used
# as a shorthand to split its argument on whitespace and produce a list
# of strings, e.g. qw( one@foo example.com three ); Note that the argument
# to qw is quoted implicitly and no variable interpretation is done within
# (no '$' variable evaluations). The #-initiated comments can NOT be used
# within a string. In other words, $ and # lose their special meaning
# within a qw argument, just like within '...' strings.
# - all e-mail addresses in this file and as used internally by the daemon
# are in their raw (rfc2821-unquoted and non-bracketed) form, i.e.
# Bob "Funny" Dude@example.com, not: "Bob \"Funny\" Dude"@example.com
# and not <"Bob \"Funny\" Dude"@example.com>; also: '' and not '<>'.
# - the term 'default value' in examples below refers to the value of a
# variable pre-assigned to it by the program; any explicit assignment
# to a variable in this configuration file overrides the default value;
#
# Section I - Essential daemon and MTA settings
#
# $MYHOME serves as a quick default for some other configuration settings.
# More refined control is available with each individual setting further down.
# $MYHOME is not used directly by the program. No trailing slash!
$MYHOME = '/var/amavis'; # (default is '/var/amavis')
# $mydomain serves as a quick default for some other configuration settings.
# More refined control is available with each individual setting further down.
# $mydomain is never used directly by the program.
$mydomain = 'gsz.pl'; # (no useful default)
$myhostname = 'papa.gsz.pl';
# $myhostname = 'host.example.com'; # fqdn of this host, default by uname(3)
# Set the user and group to which the daemon will change if started as root
# (otherwise just keeps the UID unchanged, and these settings have no effect):
$daemon_user = 'amavis'; # (no default; customary: vscan or amavis)
$daemon_group = 'amavis'; # (no default; customary: vscan or amavis or sweep)
# Runtime working directory (cwd), and a place where
# temporary directories for unpacking mail are created.
# (no trailing slash, may be a scratch file system)
#$TEMPBASE = $MYHOME; # (must be set if other config vars use is)
$TEMPBASE = "$MYHOME/tmp"; # prefer to keep home dir /var/amavis clean?
#$db_home = "$MYHOME/db"; # DB databases directory, default "$MYHOME/db"
# $helpers_home sets environment variable HOME, and is passed as option
# 'home_dir_for_helpers' to Mail::SpamAssassin::new. It should be a directory
# on a normal persistent file system, not a scratch or temporary file system
#$helpers_home = $MYHOME; # (defaults to $MYHOME)
# Run the daemon in the specified chroot jail if nonempty:
#$daemon_chroot_dir = $MYHOME; # (default is undef, meaning: do not chroot)
#$pid_file = "$MYHOME/amavisd.pid"; # (default is "$MYHOME/amavisd.pid")
#$lock_file = "$MYHOME/amavisd.lock"; # (default is "$MYHOME/amavisd.lock")
# set environment variables if you want (no defaults):
$ENV{TMPDIR} = $TEMPBASE; # wise to set TMPDIR, but not obligatory
#...
####################################################################################################
$enable_db = 1; # enable use of BerkeleyDB/libdb (SNMP and nanny)
$enable_global_cache = 1; # enable use of libdb-based cache if $enable_db=1
####################################################################################################
# MTA SETTINGS, UNCOMMENT AS APPROPRIATE,
# both $forward_method and $notify_method default to 'smtp:[127.0.0.1]:10025'
# POSTFIX, or SENDMAIL in dual-MTA setup, or EXIM V4
# (set host and port number as required; host can be specified
# as an IP address or a DNS name (A or CNAME, but MX is ignored)
#$forward_method = 'smtp:[127.0.0.1]:10025'; # where to forward checked mail
#$notify_method = $forward_method; # where to submit notifications
#$os_fingerprint_method = 'p0f:127.0.0.1:2345'; # query p0f-analyzer.pl
# To make it possible for several hosts to share one content checking daemon,
# the IP address and/or the port number in $forward_method and $notify_method
# may be spacified as an asterisk. An asterisk in the colon-separated
# second field (host) will be replaced by the SMTP client peer address,
# An asterisk in the third field (tcp port) will be replaced by the incoming
# SMTP/LMTP session port number plus one. This obsoletes the previously used
# less flexible configuration parameter $relayhost_is_client. An example:
# $forward_method = 'smtp:*:*'; $notify_method = 'smtp:*:10587';
# NOTE: The defaults (above) are good for Postfix or dual-sendmail. You MUST
# uncomment the appropriate settings below if using other setups!
# SENDMAIL MILTER, using amavis-milter.c helper program:
#$forward_method = undef; # no explicit forwarding, sendmail does it by itself
# milter; option -odd is needed to avoid deadlocks
#$notify_method = 'pipe:flags=q argv=/usr/sbin/sendmail -Ac -i -odd -f ${sender} -- ${recipient}';
# just a thought: can we use use -Am instead of -odd ?
# SENDMAIL (old non-milter setup, as relay, deprecated):
#$forward_method = 'pipe:flags=q argv=/usr/sbin/sendmail -C/etc/sendmail.orig.cf -i -f ${sender} -- ${recipient}';
#$notify_method = $forward_method;
# SENDMAIL (old non-milter setup, amavis.c calls local delivery agent, deprecated):
#$forward_method = undef; # no explicit forwarding, amavis.c will call LDA
#$notify_method = 'pipe:flags=q argv=/usr/sbin/sendmail -Ac -i -f ${sender} -- ${recipient}';
# EXIM v3 (not recommended with v4 or later, which can use SMTP setup instead):
#$forward_method = 'pipe:flags=q argv=/usr/sbin/exim -oMr scanned-ok -i -f ${sender} -- ${recipient}';
#$notify_method = $forward_method;
# prefer to collect mail for forwarding as BSMTP files?
#$forward_method = "bsmtp:$MYHOME/out-%i-%n.bsmtp";
#$notify_method = $forward_method;
# Net::Server pre-forking settings
# The $max_servers should match the width of your MTA pipe
# feeding amavisd, e.g. with Postfix the 'Max procs' field in the
# master.cf file, like the '2' in the: smtp-amavis unix - - n - 2 smtp
#
$max_servers = 4; # number of pre-forked children (default 2)
$max_requests = 20; # retire a child after that many accepts (default 10)
$child_timeout=5*60; # abort child if it does not complete its processing in
# approximately n seconds (default: 8*60 seconds)
$smtpd_timeout = 120; # disconnect session if client is idle for too long
# (default: 8*60 seconds); should be higher than a
# Postfix setting max_idle (default 100s)
# Here is a QUICK WAY to completely DISABLE some sections of code
# that WE DO NOT WANT (it won't even be compiled-in).
# For more refined controls leave the following two lines commented out,
# and see further down what these two lookup lists really mean.
#
#@bypass_virus_checks_maps = (1); # uncomment to DISABLE anti-virus code
#@bypass_spam_checks_maps = (1); # uncomment to DISABLE anti-spam code
#
# Any setting can be changed with a new assignment, so make sure
# you do not unintentionally override these settings further down!
# Check also the settings of @av_scanners at the end if you want to use
# virus scanners. If not, you may want to delete the whole long assignment
# to the variable @av_scanners and @av_scanners_backup, which will also
# remove the virus checking code (e.g. if you only want to do spam scanning).
# Lookup list of local domains (see README.lookups for syntax details)
#
# @local_domains_maps list of lookup tables are used in deciding whether a
# recipient is local or not, or in other words, if the message is outgoing
# or not. This affects inserting spam-related headers for local recipients,
# limiting recipient virus notifications (if enabled) to local recipients,
# in deciding if address extension may be appended, and in SQL lookups
# for non-fqdn addresses. Set it up correctly if you need features
# that rely on this setting (or just leave empty otherwise).
#
# With Postfix (2.0) a quick hint on what local domains normally are:
# a union of domains specified in: mydestination, virtual_alias_domains,
# virtual_mailbox_domains, and relay_domains.
@local_domains_maps = ( [".$mydomain"] ); # $mydomain and its subdomains
# @local_domains_maps = (); # default is empty list, no recip. considered local
# @local_domains_maps = # using ACL lookup table
# ( [ ".$mydomain", 'sub.example.net', '.example.com' ] );
# @local_domains_maps = # similar, split list elements on whitespace
# ( [qw( .example.com !host.sub.example.net .sub.example.net )] );
# @local_domains_maps = ( new_RE( qr'[@.]example\.com$'i ) ); # using regexp
# @local_domains_maps = ( read_hash("$MYHOME/local_domains") ); # using hash
# perhaps combined with Postfix: mydestination = /var/amavis/local_domains
# for debugging purposes: dump_hash($local_domains_maps[0]);
#
# Section II - MTA specific (defaults should be ok)
#
#$insert_received_line = 1; # behave like MTA: insert 'Received:' header
# (does not apply to sendmail/milter)
# (default is true)
# AMAVIS-CLIENT PROTOCOL INPUT SETTINGS (e.g. with sendmail milter)
# (used with amavis helper clients like amavis-milter.c and amavis.c,
# NOT needed for Postfix or Exim or dual-sendmail - keep it undefined.
$unix_socketname = "$MYHOME/amavisd.sock"; # amavis helper protocol socket
#$unix_socketname = undef; # disable listening on a unix socket
# (default is undef, i.e. disabled)
# (usual setting is $MYHOME/amavisd.sock)
# SMTP SERVER (INPUT) PROTOCOL SETTINGS (e.g. with Postfix, Exim v4, ...)
# (used when MTA is configured to pass mail to amavisd via SMTP or LMTP)
$inet_socket_port = 10024; # accept SMTP on this local TCP port
# (default is undef, i.e. disabled)
# multiple ports may be provided: $inet_socket_port = [10024, 10026, 10028];
# SMTP SERVER (INPUT) access control
# - do not allow free access to the amavisd SMTP port !!!
#
# when MTA is at the same host, use the following (one or the other or both):
$inet_socket_bind = '127.0.0.1'; # limit socket bind to loopback interface
# (default is '127.0.0.1')
@inet_acl = qw(127.0.0.1 [::1]); # allow SMTP access only from localhost IP
# (default is qw(127.0.0.1 [::1]) )
# when MTA (one or more) is on a different host, use the following:
#@inet_acl = qw(127.0.0.0/8 [::1] 10.1.0.1 10.1.0.2); # adjust list as needed
#$inet_socket_bind = undef; # bind to all IP interfaces if undef
#
# Example1:
# @inet_acl = qw( 127/8 10/8 172.16/12 192.168/16 );
# permit only SMTP access from loopback and rfc1918 private address space
#
# Example2:
# @inet_acl = qw( !192.168.1.12 172.16.3.3 !172.16.3/255.255.255.0
# 127.0.0.1 10/8 172.16/12 192.168/16 );
# matches loopback and rfc1918 private address space except host 192.168.1.12
# and net 172.16.3/24 (but host 172.16.3.3 within 172.16.3/24 still matches)
#
# Example3:
# @inet_acl = qw( 127/8
# !172.16.3.0 !172.16.3.127 172.16.3.0/25
# !172.16.3.128 !172.16.3.255 172.16.3.128/25 );
# matches loopback and both halves of the 172.16.3/24 C-class,
# split into two subnets, except all four broadcast addresses
# for these subnets
# @mynetworks is an IP access list which determines if the original SMTP client
# IP address belongs to our internal networks, i.e. mail is coming from inside.
# It is much like the Postfix parameter 'mynetworks' in semantics and similar
# in syntax, and its value should normally match the Postfix counterpart.
# It only affects the value of a macro %l (=sender-is-local),
# and the loading of policy 'MYNETS' if present (see below).
# Note that '-o smtp_send_xforward_command=yes' (or its lmtp counterpart)
# must be enabled in the Postfix service that feeds amavisd, otherwise
# client IP address is not available to amavisd-new.
#
# @mynetworks = qw( 127.0.0.0/8 [::1] [FE80::]/10 [FEC0::]/10
# 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 ); # default
#
# A list of networks can also be read from a file, either as an IP acl in
# CIDR notation, one address per line (comments and empty lines are allowed):
# @mynetworks_maps = (read_array('/etc/amavisd-mynetworks'), \@mynetworks);
#
# or less flexibly (but provides faster lookups for large lists) by reading
# into a hash lookup table, which only allows for full addresses or classful
# IPv4 subnets with truncated octets, such as 127, 10, 192.168, 10.11.12.13,
# one address per line (comments and empty lines are allowed):
# @mynetworks_maps = (read_hash('/etc/amavisd-mynetworks'), \@mynetworks);
# See README.lookups for details on specifying access control lists.
#
# Section III - Logging
#
# true (e.g. 1) => syslog; false (e.g. 0) => logging to file
$DO_SYSLOG = 1; # (defaults to 0)
$syslog_ident = 'amavis'; # Syslog ident string (defaults to 'amavis')
$syslog_facility = 'mail'; # Syslog facility as a string
# e.g.: mail, daemon, user, local0, ... local7, ...
$syslog_priority = 'debug'; # Syslog base (minimal) priority as a string,
# choose from: emerg, alert, crit, err, warning, notice, info, debug
# Log file (if not using syslog)
$LOGFILE = "$MYHOME/amavis.log"; # (defaults to empty, no log)
#NOTE: levels are not strictly observed and are somewhat arbitrary
# 0: startup/exit/failure messages, viruses detected
# 1: args passed from client, some more interesting messages
# 2: virus scanner output, timing
# 3: server, client
# 4: decompose parts
# 5: more debug details
$log_level = 2; # (defaults to 0)
# Customizable template for the most interesting log file entry (e.g. with
# $log_level=0) (take care to properly quote Perl special characters like '\')
# For a list of available macros see README.customize .
# $log_templ = undef; # undef disables by-message level-0 log entries
$log_recip_templ = undef; # undef disables by-recipient level-0 log entries
# log both infected and noninfected messages (as deflt, with size,subj,tests):
# (remove the leading '#' and a space in the following lines to activate)
# $log_templ = <<'EOD';
# [?%#D|#|Passed #
# [? [:ccat_maj] |OTHER|CLEAN|TEMPFAIL|OVERSIZED|BAD-HEADER|SPAMMY|SPAM|\
# UNCHECKED|BANNED (%F)|INFECTED (%V)]#
# #([:ccat_maj],[:ccat_min])#
# , [? %p ||%p ][?%a||[?%l||LOCAL ]\[%a\] ][?%e||\[%e\] ]%s -> [%D|,]#
# [? %q ||, quarantine: %q]#
# [? %Q ||, Queue-ID: %Q]#
# [? %m ||, Message-ID: %m]#
# [? %r ||, Resent-Message-ID: %r]#
# , mail_id: %i#
# , Hits: %c#
# , size: %z#
# [~[:remote_mta_smtp_response]|["^$"]||[", queued_as: "]]\
# [remote_mta_smtp_response|[~%x|["queued as ([0-9A-Z]+)$"]|["%1"]|["%0"]]|/]#
# [? %j ||, Subject: "%j\"]#
# [? %#T ||, Tests: \[[%T|,]\]]#
# , %y ms#
# ]
# [?%#O|#|Blocked #
# [? [:ccat_maj] |OTHER|CLEAN|TEMPFAIL|OVERSIZED|BAD-HEADER|SPAMMY|SPAM|\
# UNCHECKED|BANNED (%F)|INFECTED (%V)]#
# #([:ccat_maj],[:ccat_min])#
# , [? %p ||%p ][?%a||[?%l||LOCAL ]\[%a\] ][?%e||\[%e\] ]%s -> [%O|,]#
# [? %q ||, quarantine: %q]#
# [? %Q ||, Queue-ID: %Q]#
# [? %m ||, Message-ID: %m]#
# [? %r ||, Resent-Message-ID: %r]#
# , mail_id: %i#
# , Hits: %c#
# , size: %z#
# #, smtp_resp: [:smtp_response]#
# [? %j ||, Subject: "%j\"]#
# [? %#T ||, Tests: \[[%T|,]\]]#
# , %y ms#
# ]
# EOD
#
# Section IV - Notifications/DSN, bounce/reject/discard/pass, quarantine
#
# Select notifications text encoding when Unicode-aware Perl is converting
# text from internal character representation to external encoding (charset
# in MIME terminology). Used as argument to Perl Encode::encode subroutine.
#
# to be used in RFC 2047-encoded header field bodies, e.g. in Subject:
#$hdr_encoding = 'iso-8859-1'; # MIME charset (default: 'iso-8859-1')
#$hdr_encoding_qb = 'Q'; # MIME encoding: quoted-printable (default)
#$hdr_encoding_qb = 'B'; # MIME encoding: base64
#
# to be used in notification body text: its encoding and Content-type.charset
#$bdy_encoding = 'iso-8859-1'; # (default: 'iso-8859-1')
# Default template texts for notifications may be overruled by directly
# assigning new text to template variables, or by reading template text
# from files. A second argument may be specified in a call to read_text(),
# specifying character encoding layer to be used when reading from the
# external file, e.g. 'utf8', 'iso-8859-1', or often just $bdy_encoding.
# Text will be converted to internal character representation by Perl 5.8.0
# or later; second argument is ignored otherwise. See PerlIO::encoding,
# Encode::PerlIO and perluniintro man pages.
#
# $notify_sender_templ = read_text("$MYHOME/notify_sender.txt");
# $notify_virus_sender_templ= read_text("$MYHOME/notify_virus_sender.txt");
# $notify_virus_admin_templ = read_text("$MYHOME/notify_virus_admin.txt");
# $notify_virus_recips_templ= read_text("$MYHOME/notify_virus_recips.txt");
# $notify_spam_sender_templ = read_text("$MYHOME/notify_spam_sender.txt");
# $notify_spam_admin_templ = read_text("$MYHOME/notify_spam_admin.txt");
# If notification template files are collectively available in some directory,
# one may call read_l10n_templates which invokes read_text for each known
# template. This is primarily a Debian-specific feature, but was incorporated
# into base code to facilitate porting.
#
# read_l10n_templates('/etc/amavis/en_US');
#
# If read_l10n_templates is called, a localization template directory must
# contain the following files:
# charset this file should contain a one-line name
# of the character set used in the template
# files (e.g. utf8, iso-8859-2, ...) and is
# passed as the second argument to read_text;
# template-dsn.txt content fills the $notify_sender_templ
# template-virus-sender.txt content fills the $notify_virus_sender_templ
# template-virus-admin.txt content fills the $notify_virus_admin_templ
# template-virus-recipient.txt content fills the $notify_virus_recips_templ
# template-spam-sender.txt content fills the $notify_spam_sender_templ
# template-spam-admin.txt content fills the $notify_spam_admin_templ
# Here is an overall picture (sequence of events) of how pieces fit together
#
# bypass_virus_checks set for all recipients? ==> PASS
# no viruses? ==> PASS
# log virus if $log_templ is nonempty
# quarantine if $virus_quarantine_to is nonempty
# notify admin if $virus_admin (lookup) nonempty
# notify recips if $warnvirusrecip and (recipient is local or $warn_offsite)
# add address extensions for local recipients (when enabled)
# send (non-)delivery notifications
# to sender if DSN needed (BOUNCE or ($warnvirussender and D_PASS))
# virus_lovers or final_destiny==D_PASS ==> PASS
# DISCARD (2xx) or REJECT (5xx) (depending on final_*_destiny)
#
# Equivalent flow diagram applies for spam checks.
# If a virus is detected, spam checking is skipped entirely.
# The following symbolic constants can be used in *_destiny settings:
#
# D_PASS mail will pass to recipients, regardless of bad contents;
#
# D_DISCARD mail will not be delivered to its recipients, sender will NOT be
# notified. Effectively we lose mail (but will be quarantined
# unless disabled). Losing mail is not decent for a mailer,
# but might be desired.
#
# D_BOUNCE mail will not be delivered to its recipients, a non-delivery
# notification (bounce) will be sent to the sender by amavisd-new;
# Exception: bounce (DSN) will not be sent if a virus name matches
# @viruses_that_fake_sender_maps, or to messages from mailing lists
# (Precedence: bulk|list|junk), or for spam level that exceeds
# the $sa_dsn_cutoff_level.
#
# D_REJECT mail will not be delivered to its recipients, sender should
# preferably get a reject, e.g. SMTP permanent reject response
# (e.g. with milter), or non-delivery notification from MTA
# (e.g. Postfix). If this is not possible (e.g. different recipients
# have different tolerances to bad mail contents and not using LMTP)
# amavisd-new sends a bounce by itself (same as D_BOUNCE).
# Not to be used with Postfix or dual-MTA setups!
#
# Notes:
# D_REJECT and D_BOUNCE are similar, the difference is in who is responsible
# for informing the sender about non-delivery, and how informative
# the notification can be (amavisd-new knows more than MTA);
# With D_REJECT, MTA may reject original SMTP, or send DSN (delivery status
# notification, colloquially called 'bounce') - depending on MTA;
# Best suited for sendmail milter and Courier, especially for spam.
# With D_BOUNCE, amavisd-new (not MTA) sends DSN (can better explain the
# reason for mail non-delivery or even suppress DSN, but unable
# to reject the original SMTP session). Best suited to reporting
# viruses, and for Postfix and other dual-MTA setups, which can't
# reject original client SMTP session, as the mail has already
# been enqueued.
# Alternatives to consider for spam:
# - use D_PASS if clients will do filtering based on inserted
# mail headers or added address extensions ('plus-addressing')2;
# - use D_DISCARD, if kill_level is set comfortably high;
#
# D_BOUNCE is preferred for viruses, but consider:
# - use D_PASS (or virus_lovers) to deliver viruses;
# - use D_REJECT instead of D_BOUNCE if using Courier or milter and under heavy
# virus storm;
# The use of new *_by_ccat hashes is illustrated by the following examples
# on configuring final_*_destiny.
# using traditional settings of $final_*_destiny variables, relying on a
# default setting of an associative array %final_destiny_by_ccat which is
# backwards compatible and contains references to these traditional variables:
#
#$final_virus_destiny = D_DISCARD; # (defaults to D_DISCARD)
#$final_banned_destiny = D_BOUNCE; # (defaults to D_BOUNCE)
#$final_spam_destiny = D_BOUNCE; # (defaults to D_BOUNCE)
#$final_bad_header_destiny = D_PASS; # (defaults to D_PASS)
########
#
# Please think about what you are doing when you set these options.
# If necessary, question your origanization's e-mail policies:
#
# D_BOUNCE contributes to the overall spread of virii and spam on the
# internet. Both the envelope and header from addresses can be forged
# accurately with no effort, causing the bounces to go to innocent parties,
# whose addresses have been forged.
#
# D_DISCARD breaks internet mail specifications. However, with a
# properly implemented Quaratine system, the concern for breaking the
# specification is addressed to some extent.
#
# D_PASS is the safest way to handle e-mails. You must implement
# client-side filtering to handle this method.
#
# -Cory Visi <merlin@gentoo.org> 07/28/04
#
#######
# to explicitly list all (or most) possible contents category (ccat) keys:
%final_destiny_by_ccat = (
CC_VIRUS, D_DISCARD,
CC_BANNED, D_BOUNCE,
CC_UNCHECKED, D_PASS,
CC_SPAM, D_DISCARD,
CC_BADH, D_PASS,
CC_OVERSIZED, D_BOUNCE,
CC_CLEAN, D_PASS,
CC_CATCHALL, D_PASS,
);
# to rely on a catchall ccat key and only list exceptions (alternative 1):
#%final_destiny_by_ccat = (
# CC_VIRUS, D_DISCARD,
# CC_BANNED, D_BOUNCE,
# CC_SPAM, D_BOUNCE,
# CC_BADH.',4', D_BOUNCE, # BadHdrSpace
# CC_BADH.',3', D_BOUNCE, # BadHdrChar
# CC_OVERSIZED, D_BOUNCE,
# CC_CATCHALL, D_PASS,
#);
# to rely on a catchall ccat key and list exceptions (alternative 2):
#%final_destiny_by_ccat = (
# CC_VIRUS, D_DISCARD,
# CC_UNCHECKED, D_PASS,
# CC_BADH.',6', D_PASS, # BadHdrSyntax
# CC_BADH.',5', D_PASS, # BadHdrLong
# CC_BADH.',2', D_PASS, # BadHdr8bit
# CC_BADH.',1', D_PASS, # BadHdrMime
# CC_CLEAN, D_PASS,
# CC_CATCHALL, D_BOUNCE,
#);
# to rely on a catchall ccat key and list exceptions (alternative 3):
#%final_destiny_by_ccat = (
# CC_VIRUS, D_DISCARD,
# CC_UNCHECKED, D_PASS,
# CC_BADH.',4', D_BOUNCE, # BadHdrSpace
# CC_BADH.',3', D_BOUNCE, # BadHdrChar
# CC_BADH, D_PASS, # sub-catchall for CC_BADH
# CC_CLEAN, D_PASS,
# CC_CATCHALL, D_BOUNCE,
#);
# to rely on a default %final_destiny_by_ccat and only change few settings:
#$final_destiny_by_ccat{CC_SPAM} = D_PASS;
#$final_destiny_by_ccat{CC_BADH} = D_BOUNCE;
#$final_destiny_by_ccat{CC_BADH.',2'} = D_PASS; # BadHdr8bit
# For monitoring / testing purposes let the administrator receive a copy
# of certain delivery status notifications that are mailed back to senders:
#
#%dsn_bcc_by_ccat = (
# CC_BANNED, undef,
# CC_SPAM, undef,
# CC_BADH, undef,
# CC_CATCHALL, 'admin+test@example.com',
#);
#
# or use a simpler form, taking advantage of defaults in %dsn_bcc_by_ccat:
#$dsn_bcc = 'admin+test@example.com';
# The following $warn*sender settings are ONLY used when mail is
# actually passed to recipients ($final_*_destiny=D_PASS, or *_lovers*).
# Bounces or rejects produce non-delivery status notification regardless.
#
# Notify sender of banned files?
#$warnbannedsender = 1; # (defaults to false (undef))
#
# Notify sender of syntactically invalid header containing non-ASCII chars?
#$warnbadhsender = 1; # (defaults to false (undef))
# Notify virus (or banned files or bad headers) RECIPIENT?
# (not very useful, but some policies demand it)
#$warnvirusrecip = 1; # (defaults to false (undef))
#$warnbannedrecip = 1; # (defaults to false (undef))
#$warnbadhrecip = 1; # (defaults to false (undef))
# Notify also non-local virus/banned recipients if $warn*recip is true?
# (including those not matching local_domains*)
#$warn_offsite = 1; # (defaults to false (undef), i.e. only notify locals)
# Treat envelope sender address as unreliable and don't send sender
# notification / bounces if name(s) of detected virus(es) match the list.
# Note that virus names are supplied by external virus scanner(s) and are
# not standardized, so virus names may need to be adjusted.
# See README.lookups for syntax, check also README.policy-on-notifications.
# If the intention is to treat all viruses as faking the sender address, it
# is equivalent but more efficient to just set $final_virus_destiny=D_DISCARD;
#
@viruses_that_fake_sender_maps = (new_RE(
qr'nimda|hybris|klez|bugbear|yaha|braid|sobig|fizzer|palyh|peido|holar'i,
qr'tanatos|lentin|bridex|mimail|trojan\.dropper|dumaru|parite|spaces'i,
qr'dloader|galil|gibe|swen|netwatch|bics|sbrowse|sober|rox|val(hal)?la'i,
qr'frethem|sircam|be?agle|tanx|mydoom|novarg|shimg|netsky|somefool|moodown'i,
qr'@mm|@MM', # mass mailing viruses as labeled by f-prot and uvscan
qr'Worm'i, # worms as labeled by ClamAV, Kaspersky, etc
# [qr'^(EICAR|Joke\.|Junk\.)'i => 0],
# [qr'^(WM97|OF97|W95/CIH-|JS/Fort)'i => 0],
[qr/^/ => 1], # true by default (remove or comment-out if undesired)
));
# where to send ADMIN VIRUS NOTIFICATIONS (should be a fully qualified address)
# - the administrator envelope address may be a simple fixed e-mail address
# (a scalar), or may depend on the RECIPIENT address (e.g. its domain).
#
# Empty or undef lookup disables virus admin notifications.
# The full set of configurable administrator addresses is:
# @virus_admin_maps ... notifications to admin about viruses
# @newvirus_admin_maps ... newly encountered viruses since amavisd startup
# @spam_admin_maps ... notifications to admin about spam
# @banned_admin_maps ... notifications to admin about banned contents
# @bad_header_admin_maps ... notifications to admin about bad headers
$virus_admin = "virusalert\@$mydomain";
# $virus_admin = 'virus-admin@example.com';
# $virus_admin = undef; # do not send virus admin notifications (default)
#
#@virus_admin_maps = ( # by-recipient maps
# {'not.example.com' => '',
# '.' => 'virusalert@example.com'},
# $virus_admin, # the usual default
#);
# equivalent to $virus_admin, but for spam admin notifications:
# $spam_admin = "spamalert\@$mydomain";
# $spam_admin = undef; # do not send spam admin notifications (default)
#@spam_admin_maps = ( # by-recipient maps
# {'not.example.com' => '',
# '.' => 'spamalert@example.com'},
# $spam_admin, # the usual default
#);
# receive a copy of all delivery status notifications sent;
# useful for testing or monitoring
#$dsn_bcc = "mailadmin\@$mydomain";
#advanced example, using a hash lookup table and a scalar default,
#lookup key is a recipient envelope address:
#@virus_admin_maps = ( # by-recipient maps
# { 'baduser@sub1.example.com' => 'HisBoss@sub1.example.com',
# '.sub1.example.com' => 'virusalert@sub1.example.com',
# '.sub2.example.com' => '', # don't send admin notifications
# 'a.sub3.example.com' => 'abuse@sub3.example.com',
# '.sub3.example.com' => 'virusalert@sub3.example.com',
# '.example.com' => 'noc@example.com', # default for our virus senders
# },
# 'virusalert@hq.example.com', # catchall for the rest
#);
# sender envelope address, from which notification reports are sent from;
# may be a null reverse path, or a fully qualified address:
# (admin and recip sender addresses default to a null return path).
# If using strings in double quotes, don't forget to quote @, i.e. \@
#
$mailfrom_notify_admin = "virusalert\@$mydomain";
$mailfrom_notify_recip = "virusalert\@$mydomain";
$mailfrom_notify_spamadmin = "spam.police\@$mydomain";
# 'From' HEADER FIELD for sender and admin notifications.
# This should be a replyable address, see rfc1894. Not to be confused
# with $mailfrom_notify_sender, which is the envelope return address
# and can be empty (null reverse path) according to rfc2821.
#
# The syntax of the 'From' header field is specified in rfc2822, section
# '3.4. Address Specification'. Note in particular that display-name must be
# a quoted-string if it contains any special characters like spaces and dots.
#
# $hdrfrom_notify_sender = "amavisd-new <postmaster\@$mydomain>";
# $hdrfrom_notify_sender = 'amavisd-new <postmaster@example.com>';
# $hdrfrom_notify_sender = '"Content-Filter Master" <postmaster@example.com>';
# $hdrfrom_notify_admin = $mailfrom_notify_admin;
# $hdrfrom_notify_spamadmin = $mailfrom_notify_spamadmin;
# (default: "\"Content-filter at $myhostname\" <postmaster\@$myhostname>")
# whom quarantined messages appear to be sent from (envelope sender);
# keeps original sender if undef, or set it explicitly, default is undef
$mailfrom_to_quarantine = ''; # override sender address with null return path
# Location to put infected mail into: (applies to 'local:' quarantine method)
# empty for not quarantining, may be a file (Unix-style mailbox),
# or a directory (no trailing slash)
# (the default value is undef, meaning no quarantine)
#
$QUARANTINEDIR = "$MYHOME/quarantine";
#$quarantine_subdir_levels = 1; # add level of subdirs to disperse quarantine
#$clean_quarantine_method = 'local:clean-%m'; # disabled by default
#$virus_quarantine_method = 'local:virus-%m'; # default
#$spam_quarantine_method = 'local:spam-%m.gz'; # default
#$banned_files_quarantine_method = 'local:banned-%m'; # default
#$bad_header_quarantine_method = 'local:badh-%m'; # default
# Separate quarantine subdirectories virus, spam, banned and badh within
# the directory $QUARANTINEDIR may be specified by the following settings
# (the subdirectories need to exist - must be created manually):
#$clean_quarantine_method = 'local:clean/%m';
#$virus_quarantine_method = 'local:virus/%m';
#$spam_quarantine_method = 'local:spam/%m.gz';
#$banned_files_quarantine_method = 'local:banned/%m';
#$bad_header_quarantine_method = 'local:badh/%m';
#
#use the 'bsmtp:' method as an alternative to the default 'local:'
#$virus_quarantine_method = "bsmtp:$QUARANTINEDIR/virus-%m.bsmtp";
#$spam_quarantine_method = "bsmtp:$QUARANTINEDIR/spam-%m.bsmtp";
#
#using the 'pipe:' method might be useful for some special purpose:
#$mailfrom_to_quarantine = undef; # pass on the original sender address
#$spam_quarantine_method = 'pipe:argv=/usr/bin/myscript.sh spam-%b ${sender}';
#
#using the 'sql:' method to store quarantined message to a SQL database:
#$virus_quarantine_method = $spam_quarantine_method =
# $banned_files_quarantine_method = $bad_header_quarantine_method = 'sql:';
# When using the 'local:' quarantine method (default), the following applies:
#
# A finer control of quarantining is available through
# variables $virus_quarantine_method/$spam_quarantine_method/
# $banned_files_quarantine_method/$bad_header_quarantine_method.
#
# The value of scalar $virus_quarantine_to/$spam_quarantine_to (or a
# per-recipient lookup result from lookup tables @virus_quarantine_to_maps)
# is/are interpreted as follows:
#
# VARIANT 1:
# empty or undef disables quarantine;
#
# VARIANT 2:
# a string NOT containing an '@';
# amavisd will behave as a local delivery agent (LDA) and will quarantine
# viruses to local files according to hash %local_delivery_aliases (pseudo
# aliases map) - see subroutine mail_to_local_mailbox() for details.
# Some of the predefined aliases are 'virus-quarantine' and 'spam-quarantine'.
# Setting $virus_quarantine_to ($spam_quarantine_to) to this string will:
#
# * if $QUARANTINEDIR is a directory, each quarantined virus will go
# to a separate file in the $QUARANTINEDIR directory (traditional
# amavis style, similar to maildir mailbox format);
#
# * otherwise $QUARANTINEDIR is treated as a file name of a Unix-style
# mailbox. All quarantined messages will be appended to this file.
# Amavisd child process must obtain an exclusive lock on the file during
# delivery, so this may be less efficient than using individual files
# or forwarding to MTA, and it may not work across NFS or other non-local
# file systems (but may be handy for pickup of quarantined files via IMAP
# for example);
#
# VARIANT 3:
# any email address (must contain '@').
# The e-mail messages to be quarantined will be handed to MTA
# for delivery to the specified address. If a recipient address local to MTA
# is desired, you may leave the domain part empty, e.g. 'infected@', but the
# '@' character must nevertheless be included to distinguish it from variant 2.
#
# This variant enables more refined delivery control made available by MTA
# (e.g. its aliases file, other local delivery agents, dealing with
# privileges and file locking when delivering to user's mailbox, nonlocal
# delivery and forwarding, fan-out lists). Make sure the mail-to-be-quarantined
# will not be handed back to amavisd for checking, as this will cause a loop
# (hopefully broken at some stage)! If this can be assured, notifications
# will benefit too from not being unnecessarily virus-scanned.
#
# By default this is safe to do with Postfix and Exim v4 and dual-sendmail
# setup, but probably not safe with sendmail milter interface without tricks.
# (default values are: virus-quarantine, banned-quarantine, spam-quarantine)
####$virus_quarantine_to = 'virus-quarantine'; # traditional local quarantine
#$virus_quarantine_to = 'infected@'; # forward to MTA for delivery
#$virus_quarantine_to = "virus-quarantine\@$mydomain"; # similar
$virus_quarantine_to = "wirusy\@$mydomain"; # similar
#$virus_quarantine_to = 'virus-quarantine@example.com'; # similar
#$virus_quarantine_to = undef; # no quarantine
#
# lookup key is envelope recipient address:
#@virus_quarantine_to_maps = ( # per-recip multiple quarantines
# new_RE( [qr'^user@example\.com$'i => 'infected@'],
# [qr'^(.*)@example\.com$'i => 'virus-${1}@example.com'],
# [qr'^(.*)(@[^@])?$'i => 'virus-${1}${2}'] ),
# $virus_quarantine_to, # the usual default
#);
# similar for banned names and bad headers and spam (set to undef to disable)
#####$banned_quarantine_to = 'banned-quarantine'; # local quarantine
$banned_quarantine_to = "blokowane\@$mydomain"; # local quarantine
#####$bad_header_quarantine_to = 'bad-header-quarantine'; # local quarantine
$bad_header_quarantine_to = "badh\@$mydomain"; # local quarantine
#$spam_quarantine_to = 'spam-quarantine'; # local quarantine
####$spam_quarantine_to = "spamtrap\@$myhostname"; # local quarantine
$spam_quarantine_to = "spamtrap\@$mydomain"; # local quarantine
# or to a mailbox:
#$spam_quarantine_to = "spam-quarantine\@$mydomain";
#
#@spam_quarantine_to_maps = ( # per-recip multiple quarantines
# new_RE( [qr'^(.*)@example\.com$'i => 'spam-${1}@example.com'] ),
# $spam_quarantine_to, # the usual default
#);
# In addition to per-recip quarantine, a by-sender lookup is possible.
# It is similar to $spam_quarantine_to, but the lookup key is the
# envelope sender address:
#$spam_quarantine_bysender_to = undef; # dflt: no by-sender spam quarantine
# Spam level beyond which quarantining is disabled (global value):
#$sa_quarantine_cutoff_level = 20; # dflt: undef, which disables this feature
#@spam_quarantine_cutoff_level_maps = ( # per-recip. quarantine cutoff levels
# { 'user1@example.com' => 20.5,
# 'postmaster@example.com' => 9999,
# '.example.com' => 25 },
# \$sa_quarantine_cutoff_level, # catchall default
#);
# Add X-Virus-Scanned header field to mail?
$X_HEADER_TAG = 'X-Virus-Scanned'; # (default: 'X-Virus-Scanned')
# Set to empty to add no header field # (dflt "$myproduct_name at $mydomain")
# $X_HEADER_LINE = "$myproduct_name at $mydomain";
# $X_HEADER_LINE = "by $myproduct_name using ClamAV at $mydomain";
# $X_HEADER_LINE = "$myproduct_name $myversion_id ($myversion_date) at $mydomain";
# a string to prepend to Subject (for local recipients only) if mail could
# not be decoded or checked entirely, e.g. due to password-protected archives
$undecipherable_subject_tag = '***UNCHECKED*** '; # undef disables it
# MIME defanging wraps the entire original mail in a MIME container of type
# 'Content-type: multipart/mixed', where the first part is a text/plain with
# a short explanation, and the second part is a complete original mail,
# enclosed in a 'Content-type: message/rfc822' MIME part.
# Defanging is only done when enabled (selectively by malware type),
# and mail is considered malware (virus/spam/...), and the malware is allowed
# to pass (*_lovers or *_destiny=D_PASS)
#
$defang_virus = 1; # default is false: don't modify mail body
$defang_banned = 1; # default is false: don't modify mail body
# $defang_bad_header = 1; # default is false: don't modify mail body
# $defang_undecipherable = 1; # default is false: don't modify mail body
# $defang_spam = 1; # default is false: don't modify mail body
$remove_existing_x_scanned_headers = 0; # leave existing X-Virus-Scanned alone
#$remove_existing_x_scanned_headers= 1; # remove existing headers
# (defaults to false)
#$remove_existing_spam_headers = 0; # leave existing X-Spam* headers alone
$remove_existing_spam_headers = 1; # remove existing spam headers if
# spam scanning is enabled (default)
# set $bypass_decode_parts to true if you only do spam scanning, or if you
# have a good virus scanner that can deal with compression and recursively
# unpacking archives by itself, and save amavisd the trouble.
# Disabling decoding also causes banned_files checking to only see
# MIME names and MIME content types, not the content classification types
# as provided by the file(1) utility.
# It is a double-edged sword, make sure you know what you are doing!
#
#$bypass_decode_parts = 1; # (defaults to false)
# don't trust this file type or corresponding unpacker for this file type,
# keep both the original and the unpacked file for a virus checker to see
# (lookup key is what file(1) utility returned):
#
@keep_decoded_original_maps = (new_RE(
# qr'^MAIL$', # retain full original message for virus checking (can be slow)
qr'^MAIL-UNDECIPHERABLE$', # retain full mail if it contains undecipherables
qr'^(ASCII(?! cpio)|text|uuencoded|xxencoded|binhex)'i,
# qr'^Zip archive data', # don't trust Archive::Zip
));
# Checking for banned MIME types and names. If any mail part matches,
# the whole mail is rejected. Object $banned_filename_re provides a list
# of Perl regular expressions to be matched against each part's:
#
# * Content-Type value (both declared and effective mime-type),
# such as the possible security-risk content types
# 'message/partial' and 'message/external-body', as specified in rfc2046
# or 'application/x-msdownload' and 'application/x-msdos-program';
#
# * declared (recommended) file names as specified by MIME subfields
# Content-Disposition.filename and Content-Type.name, both in their
# raw (encoded) form and in rfc2047-decoded form if applicable
# as well as (recommended) file names specified in archives;
#
# * file content type as guessed by 'file(1)' utility, mapped
# (by @map_full_type_to_short_type_maps) into short type names such as
# .asc, .txt, .html, .doc, .jpg, .pdf, .zip, .exe-ms, ..., which always
# starts with a dot. These short types are available unless
# $bypass_decode_parts is true.
#
# All nodes (mail parts) of the fully recursively decoded mail and embedded
# archives are checked, each node independently from remaining nodes.
#
# For each node all its ancestor nodes including itself are checked against
# $banned_filename_re lookup list, top-down. The search for a node stops
# at the first match, the right-hand side of the matching key determines
# the result (true or false, absent right-hand side implies true, as explained
# in README.lookups).
#
# Although repeatedly re-checking ancestor nodes may seem excessive, it gives
# the opportunity to specify rules which make a particular node hide its
# descendents, e.g. allow any name or file type within a .zip, even though
# .exe files may otherwise not be allowed.
#
# Leave $banned_filename_re undefined to disable these checks
# (giving an empty list to new_RE() will also always return false)
$banned_filename_re = new_RE(
# qr'^UNDECIPHERABLE$', # is or contains any undecipherable components
# block certain double extensions anywhere in the base name
qr'\.[^./]*[A-Za-z][^./]*\.(exe|vbs|pif|scr|bat|cmd|com|cpl|dll)\.?$'i,
# qr'\{[0-9a-z]{4,}(-[0-9a-z]{4,}){0,7}\}?'i, # Class ID extensions - CLSID
qr'^application/x-msdownload$'i, # block these MIME types
qr'^application/x-msdos-program$'i,
qr'^application/hta$'i,
# qr'^(application/x-msmetafile|image/x-wmf)$'i, # Windows Metafile MIME
# qr'^\.wmf$', # Windows Metafile file(1) type
# qr'^message/partial$'i, # rfc2046 MIME type
# qr'^message/external-body$'i, # rfc2046 MIME type
# (btw, note that allowing 'message/external-body' is probably no worse
# than allowing mail with HTML and/or allowing a user to browse the web)
# [ qr'^\.(Z|gz|bz2)$' => 0 ], # allow any in Unix-compressed
[ qr'^\.(rpm|cpio|tar)$' => 0 ], # allow any in Unix-type archives
# [ qr'^\.(zip|rar|arc|arj|zoo)$'=> 0 ], # allow any within such archives
qr'.\.(exe|vbs|pif|scr|bat|cmd|com|cpl)$'i, # banned extension - basic
# qr'.\.(ade|adp|app|bas|bat|chm|cmd|com|cpl|crt|emf|exe|fxp|grp|hlp|hta|
# inf|ins|isp|js|jse|lnk|mda|mdb|mde|mdw|mdt|mdz|msc|msi|msp|mst|
# ops|pcd|pif|prg|reg|scr|sct|shb|shs|vb|vbe|vbs|
# wmf|wsc|wsf|wsh)$'ix, # banned ext - long
# qr'.\.(mim|b64|bhx|hqx|xxe|uu|uue)$'i, # banned extension - WinZip vulnerab.
qr'^\.(exe-ms)$', # banned file(1) types
# qr'^\.(exe|lha|tnef|cab|dll)$', # banned file(1) types
);
# See http://support.microsoft.com/default.aspx?scid=kb;EN-US;q262631
# and http://www.cknow.com/vtutor/vtextensions.htm
# A little trick: a pattern qr'\.exe$' matches both a short type name '.exe',
# as well as any file name which happens to end with .exe. If only matching
# a file name is desired, but not the short type, a pattern qr'.\.exe$'i
# or similar may be used, which requires that at least one character precedes
# the '.exe', and so it will never match short file types which always start
# with a dot.
# the syntax of these Perl regular expressions is a bit awkward if not
# familiar with them, so please do follow examples and stick to the idioms:
# \A ... at the beginning of the first component
# \z ... at the end of the the last (leaf) component
# ^ ... at the beginning of each component in the path
# $ ... at the end of each component in the path
# (.*\t)? ... at the beginning of a field
# (\t.*)? ... at the end of a field
# \t(.*\t)* ... separating fields
# [^\t\n] ... any single character, but don't escape from this field
# (.*\n)+ ... one or more levels down
# (?#...) ... a comment within a regexp
# new-style of banned lookup table
$banned_namepath_re = new_RE(
# block these MIME types
qr'(?#NO X-MSDOWNLOAD) ^(.*\t)? M=application/x-msdownload (\t.*)? $'xmi,
qr'(?#NO X-MSDOS-PROGRAM)^(.*\t)? M=application/x-msdos-program(\t.*)? $'xmi,
qr'(?#NO HTA) ^(.*\t)? M=application/hta (\t.*)? $'xmi,
# # block rfc2046 MIME types
# qr'(?# BLOCK RFC2046 ) ^ (.*\t)? M=message/partial (\t.*)? $'xmi,
# qr'(?# BLOCK RFC2046 ) ^ (.*\t)? M=message/external-body (\t.*)? $'xmi,
# qr'(?#No Metafile MIME) ^(.*\t)? M=application/x-msmetafile (\t.*)? $'xmi,
# qr'(?#No Metafile MIME) ^(.*\t)? M=image/x-wmf (\t.*)? $'xmi,
# qr'(?#No Metafile file) ^(.*\t)? T=wmf (\t.*)? $'xm,
# # within traditional Unix compressions allow any name and type
# [ qr'(?#rule-3) ^ (.*\t)? T=(Z|gz|bz2) (\t.*)? $'xmi => 0 ], # allow
# within traditional Unix archives allow any name and type
[ qr'(?#rule-4) ^ (.*\t)? T=(tar|rpm|cpio) (\t.*)? $'xmi => 0 ], # allow
# # block anything within a zip
# qr'(?#rule-5) ^ (.*\t)? T=zip (\t.*)? (.*\n)+ .* $'xmi,
# block certain double extensions in filenames
qr'(?# BLOCK DOUBLE-EXTENSIONS )
^ (.*\t)? N= [^\t\n]* \. [^./\t\n]* [A-Za-z] [^./\t\n]* \.
(exe|vbs|pif|scr|bat|cmd|com|cpl|dll) \.? (\t.*)? $'xmi,
|
|
|
| Back to top |
|
|
bunder
Bodhisattva
Joined: 10 Apr 2004
Posts: 5947
|
| Posted: Thu May 22, 2008 9:05 pm Post subject: |
|
|
ok, those look good. can you restart amavisd, then clamd, and give us the last 100 or so lines from /var/log/mail.info and the last 25 or so from /var/log/clamav/clamd.log ? also, what are the permissions on /var/log/clamav/ /var/amavis /var/lib/clamav ?
thanks
_________________
| Neddyseagoon wrote: | | The problem with leaving is that you can only do it once and it reduces your influence. |
banned from #gentoo since sept 2017 |
|
| Back to top |
|
|
mkiler
n00b
Joined: 22 May 2008
Posts: 12
|
| Posted: Thu May 22, 2008 9:30 pm Post subject: |
|
|
restart amavisd, nest clamd.
log from /var/log/messages - I don't have /var/log/mail.info
| Code: | papa ~ # tail -200 /var/log/messages
May 22 21:52:24 papa postfix/qmgr[7086]: 5FD53508326: removed
May 22 21:52:24 papa postfix/qmgr[7086]: 0AB15508329: from=<Christy@knology.net>, size=808, nrcpt=1 (queue active)
May 22 21:52:24 papa amavis[21782]: (21782-14) ESMTP::10024 /var/amavis/tmp/amavis-20080522T203830-21782: <Christy@knology.net> -> <mailer-daemon@example.pl> SIZE=808 Received: from papa.example.pl ([127.0.0.1]) by localhost (papa.example.pl [127.0.0.1]) (amavisd-new, port 10024) with ESMTP for <mailer-daemon@example.pl>; Thu, 22 May 2008 21:52:24 +0200 (CEST)
May 22 21:52:24 papa amavis[21782]: (21782-14) Checking: 9U3GzMqc2wcH <Christy@knology.net> -> <mailer-daemon@example.pl>
May 22 21:52:24 papa amavis[21782]: (21782-14) p001 1 Content-Type: text/plain, size: 167 B, name:
May 22 21:52:24 papa amavis[21782]: (21782-14) ClamAV-clamd: Can't send to socket /var/amavis/clamd: Transport endpoint is not connected, retrying (1)
May 22 21:52:24 papa postfix/smtpd[23568]: disconnect from unknown[190.40.109.64]
May 22 21:52:25 papa amavis[21782]: (21782-14) (!) ClamAV-clamd: Can't connect to UNIX socket /var/amavis/clamd: Connection refused, retrying (2)
May 22 21:52:31 papa amavis[21782]: (21782-14) (!!) ClamAV-clamd av-scanner FAILED: Too many retries to talk to /var/amavis/clamd (Can't connect to UNIX socket /var/amavis/clamd: Connection refused) at (eval 66) line 268.
May 22 21:52:31 papa amavis[21782]: (21782-14) (!!) WARN: all primary virus scanners failed, considering backups
May 22 21:52:36 papa postfix/smtpd[23584]: connect from localhost[127.0.0.1]
May 22 21:52:36 papa postfix/smtpd[23584]: 43DBA508326: client=localhost[127.0.0.1]
May 22 21:52:36 papa postfix/cleanup[23571]: 43DBA508326: message-id=<5913F61E.B1D6289F@knology.net>
May 22 21:52:36 papa postfix/qmgr[7086]: 43DBA508326: from=<>, size=1682, nrcpt=1 (queue active)
May 22 21:52:36 papa amavis[21782]: (21782-14) SEND via SMTP: <> -> <spamtrap@example.pl>, ENVID=AM.9U3GzMqc2wcH.20080522T195236Z@papa.example.pl 250 2.6.0 Ok, id=21782-14, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 43DBA508326
May 22 21:52:36 papa amavis[21782]: (21782-14) SPAM, <Christy@knology.net> -> <mailer-daemon@example.pl>, Yes, score=13.722 tag=-100 tag2=6.3 kill=6.3 tests=[BAYES_99=3.5, DATE_IN_PAST_03_06=0.044, FB_GET_MEDS=0.803, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_DUL=0.877, RCVD_IN_XBL=3.033, RDNS_NONE=0.1], autolearn=spam, quarantine 9U3GzMqc2wcH (spamtrap@example.pl)
May 22 21:52:36 papa amavis[21782]: (21782-14) Blocked SPAM, [190.40.109.64] <Christy@knology.net> -> <mailer-daemon@example.pl>, quarantine: spamtrap@example.pl, Message-ID: <5913F61E.B1D6289F@knology.net>, mail_id: 9U3GzMqc2wcH, Hits: 13.722, 12269 ms
May 22 21:52:36 papa amavis[21782]: (21782-14) TIMING [total 12272 ms] - SMTP EHLO: 2 (0%)0, SMTP pre-MAIL: 0 (0%)0, SMTP pre-DATA-flush: 2 (0%)0, SMTP DATA: 40 (0%)0, body_digest: 1 (0%)0, gen_mail_id: 0 (0%)0, mime_decode: 6 (0%)0, get-file-type1: 12 (0%)1, decompose_part: 1 (0%)1, parts_decode: 0 (0%)1, AV-scan-1: 7011 (57%)58, AV-scan-2: 3227 (26%)84, spam-wb-list: 2 (0%)84, SA msg read: 0 (0%)84, SA parse: 2 (0%)84, SA check: 1887 (15%)99, SA finish: 3 (0%)99, update_cache: 2 (0%)99, decide_mail_destiny: 1 (0%)99, fwd-connect: 14 (0%)100, fwd-mail-from: 1 (0%)100, fwd-rcpt-to: 1 (0%)100, fwd-data-cmd: 0 (0%)100, write-header: 1 (0%)100, fwd-data-contents: 0 (0%)100, fwd-data-end: 44 (0%)100, fwd-rundown: 1 (0%)100, prepare-dsn: 1 (0%)100, main_log_entry: 6 (0%)100, update_snmp: 2 (0%)100, unlink-1-files: 1 (0%)100, rundown: 0 (0%)100
May 22 21:52:36 papa postfix/smtp[23580]: 0AB15508329: to=<mailer-daemon@example.pl>, relay=127.0.0.1[127.0.0.1]:10024, delay=12, delays=0.02/0.01/0/12, dsn=2.7.1, status=sent (250 2.7.1 Ok, discarded, id=21782-14 - SPAM)
May 22 21:52:36 papa postfix/qmgr[7086]: 0AB15508329: removed
May 22 21:52:36 papa amavis[21782]: (21782-14) extra modules loaded: Mail/SpamAssassin/Locales.pm, Mail/SpamAssassin/Plugin/Bayes.pm, Mail/SpamAssassin/Plugin/BodyEval.pm, Mail/SpamAssassin/Plugin/Check.pm, Mail/SpamAssassin/Plugin/DNSEval.pm, Mail/SpamAssassin/Plugin/HTMLEval.pm, Mail/SpamAssassin/Plugin/HTTPSMismatch.pm, Mail/SpamAssassin/Plugin/HeaderEval.pm, Mail/SpamAssassin/Plugin/ImageInfo.pm, Mail/SpamAssassin/Plugin/MIMEEval.pm, Mail/SpamAssassin/Plugin/RelayEval.pm, Mail/SpamAssassin/Plugin/URIDetail.pm, Mail/SpamAssassin/Plugin/URIEval.pm, Mail/SpamAssassin/Plugin/VBounce.pm, Mail/SpamAssassin/Plugin/WLBLEval.pm, unicore/lib/gc_sc/Digit.pl, unicore/lib/gc_sc/SpacePer.pl, unicore/lib/gc_sc/Word.pl
May 22 21:52:36 papa postfix/smtpd[23584]: disconnect from localhost[127.0.0.1]
May 22 21:52:36 papa postfix/local[23585]: 43DBA508326: to=<spamtrap@example.pl>, relay=local, delay=0.07, delays=0.05/0.02/0/0.01, dsn=2.0.0, status=sent (delivered to command: /usr/bin/procmail)
May 22 21:52:36 papa postfix/qmgr[7086]: 43DBA508326: removed
May 22 21:52:41 papa postfix/smtpd[23568]: connect from pc-208-92-104-200.cm.vtr.net[200.104.92.208]
May 22 21:52:42 papa postfix/smtpd[23568]: 29CF3508326: client=pc-208-92-104-200.cm.vtr.net[200.104.92.208]
May 22 21:52:42 papa postfix/cleanup[23571]: 29CF3508326: message-id=<000701c8bc50$05d2df55$1075cc9e@gigorac>
May 22 21:52:42 papa postfix/qmgr[7086]: 29CF3508326: from=<rastus5@my-deja.com>, size=1595, nrcpt=1 (queue active)
May 22 21:52:42 papa postfix/pickup[23515]: BB305508329: uid=1150 from=<rastus5@my-deja.com>
May 22 21:52:42 papa postfix/cleanup[23571]: BB305508329: message-id=<000701c8bc50$05d2df55$1075cc9e@gigorac>
May 22 21:52:42 papa postfix/pipe[23572]: 29CF3508326: to=<d.blaszczak@example.pl>, relay=dfilt, delay=0.6, delays=0.58/0/0/0.02, dsn=2.0.0, status=sent (delivered via dfilt service)
May 22 21:52:42 papa postfix/qmgr[7086]: 29CF3508326: removed
May 22 21:52:42 papa postfix/qmgr[7086]: BB305508329: from=<rastus5@my-deja.com>, size=1706, nrcpt=1 (queue active)
May 22 21:52:42 papa amavis[23197]: (23197-10) ESMTP::10024 /var/amavis/tmp/amavis-20080522T212502-23197: <rastus5@my-deja.com> -> <d.blaszczak@example.pl> SIZE=1706 Received: from papa.example.pl ([127.0.0.1]) by localhost (papa.example.pl [127.0.0.1]) (amavisd-new, port 10024) with ESMTP for <d.blaszczak@example.pl>; Thu, 22 May 2008 21:52:42 +0200 (CEST)
May 22 21:52:42 papa amavis[23197]: (23197-10) Checking: ELRA5YKchk2X <rastus5@my-deja.com> -> <d.blaszczak@example.pl>
May 22 21:52:42 papa amavis[23197]: (23197-10) p003 1 Content-Type: multipart/alternative
May 22 21:52:42 papa amavis[23197]: (23197-10) p001 1/1 Content-Type: text/plain, size: 91 B, name:
May 22 21:52:42 papa amavis[23197]: (23197-10) p002 1/2 Content-Type: text/html, size: 404 B, name:
May 22 21:52:42 papa amavis[23197]: (23197-10) ClamAV-clamd: Can't send to socket /var/amavis/clamd: Transport endpoint is not connected, retrying (1)
May 22 21:52:43 papa postfix/smtpd[23568]: disconnect from pc-208-92-104-200.cm.vtr.net[200.104.92.208]
May 22 21:52:43 papa amavis[23197]: (23197-10) (!) ClamAV-clamd: Can't connect to UNIX socket /var/amavis/clamd: Connection refused, retrying (2)
May 22 21:52:49 papa amavis[23197]: (23197-10) (!!) ClamAV-clamd av-scanner FAILED: Too many retries to talk to /var/amavis/clamd (Can't connect to UNIX socket /var/amavis/clamd: Connection refused) at (eval 66) line 268.
May 22 21:52:49 papa amavis[23197]: (23197-10) (!!) WARN: all primary virus scanners failed, considering backups
May 22 21:52:55 papa postfix/smtpd[23584]: connect from localhost[127.0.0.1]
May 22 21:52:55 papa postfix/smtpd[23584]: DB924508326: client=localhost[127.0.0.1]
May 22 21:52:55 papa postfix/cleanup[23571]: DB924508326: message-id=<000701c8bc50$05d2df55$1075cc9e@gigorac>
May 22 21:52:55 papa postfix/qmgr[7086]: DB924508326: from=<>, size=2579, nrcpt=1 (queue active)
May 22 21:52:55 papa amavis[23197]: (23197-10) SEND via SMTP: <> -> <spamtrap@example.pl>, ENVID=AM.ELRA5YKchk2X.20080522T195255Z@papa.example.pl 250 2.6.0 Ok, id=23197-10, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as DB924508326
May 22 21:52:55 papa amavis[23197]: (23197-10) SPAM, <rastus5@my-deja.com> -> <d.blaszczak@example.pl>, Yes, score=14.785 tag=-100 tag2=6.3 kill=6.3 tests=[BAYES_99=3.5, DNS_FROM_RFC_BOGUSMX=1.482, FH_HELO_EQ_D_D_D_D=0.001, HELO_DYNAMIC_IPADDR=2.426, HTML_MESSAGE=0.001, RAZOR2_CHECK=0.5, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_DUL=0.877, RCVD_IN_XBL=3.033, RDNS_DYNAMIC=0.1], autolearn=spam, quarantine ELRA5YKchk2X (spamtrap@example.pl)
May 22 21:52:55 papa amavis[23197]: (23197-10) Blocked SPAM, [200.104.92.208] <rastus5@my-deja.com> -> <d.blaszczak@example.pl>, quarantine: spamtrap@example.pl, Message-ID: <000701c8bc50$05d2df55$1075cc9e@gigorac>, mail_id: ELRA5YKchk2X, Hits: 14.785, 13173 ms
May 22 21:52:55 papa postfix/smtpd[23584]: disconnect from localhost[127.0.0.1]
May 22 21:52:55 papa amavis[23197]: (23197-10) TIMING [total 13177 ms] - SMTP EHLO: 2 (0%)0, SMTP pre-MAIL: 0 (0%)0, SMTP pre-DATA-flush: 2 (0%)0, SMTP DATA: 38 (0%)0, body_digest: 1 (0%)0, gen_mail_id: 0 (0%)0, mime_decode: 12 (0%)0, get-file-type2: 13 (0%)1, decompose_part: 0 (0%)1, parts_decode: 0 (0%)1, AV-scan-1: 7017 (53%)54, AV-scan-2: 3223 (24%)78, spam-wb-list: 2 (0%)78, SA msg read: 1 (0%)78, SA parse: 3 (0%)78, SA check: 2794 (21%)99, SA finish: 3 (0%)99, update_cache: 1 (0%)100, decide_mail_destiny: 1 (0%)100, fwd-connect: 6 (0%)100, fwd-mail-from: 1 (0%)100, fwd-rcpt-to: 1 (0%)100, fwd-data-cmd: 0 (0%)100, write-header: 1 (0%)100, fwd-data-contents: 1 (0%)100, fwd-data-end: 44 (0%)100, fwd-rundown: 1 (0%)100, prepare-dsn: 1 (0%)100, main_log_entry: 6 (0%)100, update_snmp: 2 (0%)100, unlink-2-files: 1 (0%)100, rundown: 0 (0%)100
May 22 21:52:55 papa postfix/smtp[23580]: BB305508329: to=<d.blaszczak@example.pl>, relay=127.0.0.1[127.0.0.1]:10024, delay=13, delays=0.02/0/0/13, dsn=2.7.1, status=sent (250 2.7.1 Ok, discarded, id=23197-10 - SPAM)
May 22 21:52:55 papa postfix/qmgr[7086]: BB305508329: removed
May 22 21:52:55 papa amavis[23197]: (23197-10) extra modules loaded: Mail/SpamAssassin/Locales.pm, Mail/SpamAssassin/Plugin/Bayes.pm, Mail/SpamAssassin/Plugin/BodyEval.pm, Mail/SpamAssassin/Plugin/Check.pm, Mail/SpamAssassin/Plugin/DNSEval.pm, Mail/SpamAssassin/Plugin/HTMLEval.pm, Mail/SpamAssassin/Plugin/HTTPSMismatch.pm, Mail/SpamAssassin/Plugin/HeaderEval.pm, Mail/SpamAssassin/Plugin/ImageInfo.pm, Mail/SpamAssassin/Plugin/MIMEEval.pm, Mail/SpamAssassin/Plugin/RelayEval.pm, Mail/SpamAssassin/Plugin/URIDetail.pm, Mail/SpamAssassin/Plugin/URIEval.pm, Mail/SpamAssassin/Plugin/VBounce.pm, Mail/SpamAssassin/Plugin/WLBLEval.pm
May 22 21:52:55 papa postfix/local[23585]: DB924508326: to=<spamtrap@example.pl>, relay=local, delay=0.08, delays=0.05/0.01/0/0.03, dsn=2.0.0, status=sent (delivered to command: /usr/bin/procmail)
May 22 21:52:55 papa postfix/qmgr[7086]: DB924508326: removed
May 22 21:53:18 papa postfix/anvil[23307]: statistics: max connection rate 1/60s for (smtp:190.42.98.44) at May 22 21:44:01
May 22 21:53:18 papa postfix/anvil[23307]: statistics: max connection count 1 for (smtp:190.42.98.44) at May 22 21:44:01
May 22 21:53:18 papa postfix/anvil[23307]: statistics: max cache size 3 at May 22 21:47:19
May 22 21:53:30 papa amavis[19319]: Net::Server: 2008/05/22-21:53:30 Server closing!
May 22 21:53:33 papa amavis[23657]: starting. /usr/sbin/amavisd at papa.example.pl amavisd-new-2.4.1 (20060508), Unicode aware
May 22 21:53:33 papa amavis[23657]: user=, EUID: 0 (0); group=, EGID: 0 27 26 20 11 10 6 4 3 2 1 0 (0 27 26 20 11 10 6 4 3 2 1 0); log_level=2
May 22 21:53:33 papa amavis[23657]: Perl version 5.008008
May 22 21:53:34 papa amavis[23657]: INFO: no optional modules: Sys::Hostname::Long Mail::SPF::Query Net::CIDR::Lite Mail::SpamAssassin::Plugin::DomainKeys Mail::DomainKeys::Header Mail::DomainKeys::Message Mail::DomainKeys::Policy Mail::DomainKeys::Signature Mail::DomainKeys::Key Mail::DomainKeys::Key::Public Crypt::OpenSSL::RSA auto::Crypt::OpenSSL::RSA::new_public_key auto::Crypt::OpenSSL::RSA::load_public_key auto::Crypt::OpenSSL::RSA::_new auto::Crypt::OpenSSL::RSA::DESTROY IP::Country::Fast
May 22 21:53:34 papa amavis[23657]: SpamControl: init_pre_chroot done
May 22 21:53:34 papa amavis[23658]: Net::Server: Process Backgrounded
May 22 21:53:34 papa amavis[23658]: Net::Server: 2008/05/22-21:53:34 Amavis (type Net::Server::PreForkSimple) starting! pid(23658)
May 22 21:53:34 papa amavis[23658]: Net::Server: Binding to UNIX socket file /var/amavis/amavisd.sock using SOCK_STREAM
May 22 21:53:34 papa amavis[23658]: Net::Server: Binding to TCP port 10024 on host 127.0.0.1
May 22 21:53:34 papa amavis[23658]: Net::Server: Setting gid to "1002 1002"
May 22 21:53:34 papa amavis[23658]: Net::Server: Setting uid to "101"
May 22 21:53:34 papa amavis[23658]: Module Amavis::Conf 2.065
May 22 21:53:34 papa amavis[23658]: Module Archive::Tar 1.30
May 22 21:53:34 papa amavis[23658]: Module Archive::Zip 1.16
May 22 21:53:34 papa amavis[23658]: Module BerkeleyDB 0.31
May 22 21:53:34 papa amavis[23658]: Module Compress::Zlib 2.001
May 22 21:53:34 papa amavis[23658]: Module Convert::TNEF 0.17
May 22 21:53:34 papa amavis[23658]: Module Convert::UUlib 1.06
May 22 21:53:34 papa amavis[23658]: Module DBD::mysql 3.0008
May 22 21:53:34 papa amavis[23658]: Module DBI 1.54
May 22 21:53:34 papa amavis[23658]: Module DB_File 1.814
May 22 21:53:34 papa amavis[23658]: Module Digest::MD5 2.36
May 22 21:53:34 papa amavis[23658]: Module MIME::Entity 5.420
May 22 21:53:34 papa amavis[23658]: Module MIME::Parser 5.420
May 22 21:53:34 papa amavis[23658]: Module MIME::Tools 5.420
May 22 21:53:34 papa amavis[23658]: Module Mail::Header 1.74
May 22 21:53:34 papa amavis[23658]: Module Mail::Internet 1.74
May 22 21:53:34 papa amavis[23658]: Module Mail::SpamAssassin 3.002001
May 22 21:53:34 papa amavis[23658]: Module Net::Cmd 2.26
May 22 21:53:34 papa amavis[23658]: Module Net::DNS 0.59
May 22 21:53:34 papa amavis[23658]: Module Net::SMTP 2.29
May 22 21:53:34 papa amavis[23658]: Module Net::Server 0.94
May 22 21:53:34 papa amavis[23658]: Module Razor2::Client::Version 2.82
May 22 21:53:34 papa amavis[23658]: Module Time::HiRes 1.9
May 22 21:53:34 papa amavis[23658]: Module Unix::Syslog 0.100
May 22 21:53:34 papa amavis[23658]: Amavis::DB code loaded
May 22 21:53:34 papa amavis[23658]: Amavis::Cache code loaded
May 22 21:53:34 papa amavis[23658]: SQL base code NOT loaded
May 22 21:53:34 papa amavis[23658]: SQL::Log code NOT loaded
May 22 21:53:34 papa amavis[23658]: SQL::Quarantine NOT loaded
May 22 21:53:34 papa amavis[23658]: Lookup::SQL code NOT loaded
May 22 21:53:34 papa amavis[23658]: Lookup::LDAP code NOT loaded
May 22 21:53:34 papa amavis[23658]: AM.PDP-in proto code loaded
May 22 21:53:34 papa amavis[23658]: SMTP-in proto code loaded
May 22 21:53:34 papa amavis[23658]: Courier proto code NOT loaded
May 22 21:53:34 papa amavis[23658]: SMTP-out proto code loaded
May 22 21:53:34 papa amavis[23658]: Pipe-out proto code NOT loaded
May 22 21:53:34 papa amavis[23658]: BSMTP-out proto code NOT loaded
May 22 21:53:34 papa amavis[23658]: Local-out proto code loaded
May 22 21:53:34 papa amavis[23658]: OS_Fingerprint code NOT loaded
May 22 21:53:34 papa amavis[23658]: ANTI-VIRUS code loaded
May 22 21:53:34 papa amavis[23658]: ANTI-SPAM code loaded
May 22 21:53:34 papa amavis[23658]: ANTI-SPAM-SA code loaded
May 22 21:53:34 papa amavis[23658]: Unpackers code loaded
May 22 21:53:34 papa amavis[23658]: Found $file at /usr/bin/file
May 22 21:53:34 papa amavis[23658]: No $dspam, not using it
May 22 21:53:34 papa amavis[23658]: Internal decoder for .mail
May 22 21:53:34 papa amavis[23658]: Internal decoder for .asc
May 22 21:53:34 papa amavis[23658]: Internal decoder for .uue
May 22 21:53:34 papa amavis[23658]: Internal decoder for .hqx
May 22 21:53:34 papa amavis[23658]: Internal decoder for .ync
May 22 21:53:34 papa amavis[23658]: Found decoder for .F at /usr/bin/unfreeze
May 22 21:53:34 papa amavis[23658]: Found decoder for .Z at /bin/gzip -d
May 22 21:53:34 papa amavis[23658]: Internal decoder for .gz
May 22 21:53:34 papa amavis[23658]: Found decoder for .gz at /bin/gzip -d (backup, not used)
May 22 21:53:34 papa amavis[23658]: Found decoder for .bz2 at /bin/bzip2 -d
May 22 21:53:34 papa amavis[23658]: No decoder for .lzo tried: lzop -d
May 22 21:53:34 papa amavis[23658]: No decoder for .rpm tried: rpm2cpio.pl, rpm2cpio
May 22 21:53:34 papa amavis[23658]: Found decoder for .cpio at /bin/cpio
May 22 21:53:34 papa amavis[23658]: Found decoder for .tar at /bin/cpio
May 22 21:53:34 papa amavis[23658]: Internal decoder for .tar (backup, not used)
May 22 21:53:34 papa amavis[23658]: Found decoder for .deb at /usr/bin/ar
May 22 21:53:34 papa amavis[23658]: Internal decoder for .zip
May 22 21:53:34 papa amavis[23658]: Found decoder for .rar at /usr/bin/unrar
May 22 21:53:34 papa amavis[23658]: Found decoder for .arj at /usr/bin/unarj
May 22 21:53:34 papa amavis[23658]: Found decoder for .arc at /usr/bin/arc
May 22 21:53:34 papa amavis[23658]: Found decoder for .zoo at /usr/bin/zoo
May 22 21:53:34 papa amavis[23658]: Found decoder for .lha at /usr/bin/lha
May 22 21:53:34 papa amavis[23658]: Found decoder for .cab at /usr/bin/cabextract
May 22 21:53:34 papa amavis[23658]: No decoder for .tnef tried: tnef
May 22 21:53:34 papa amavis[23658]: Internal decoder for .tnef
May 22 21:53:34 papa amavis[23658]: Found decoder for .exe at /usr/bin/unrar; /usr/bin/lha; /usr/bin/unarj
May 22 21:53:34 papa amavis[23658]: Using internal av scanner code for (primary) ClamAV-clamd
May 22 21:53:34 papa amavis[23658]: Found secondary av scanner ClamAV-clamscan at /usr/bin/clamscan
May 22 21:53:34 papa amavis[23658]: Creating db in /var/amavis/db/; BerkeleyDB 0.31, libdb 4.3
May 22 21:53:34 papa amavis[23658]: SpamControl: initializing Mail::SpamAssassin
May 22 21:53:38 papa amavis[23658]: SpamControl: init_pre_fork done
May 22 21:53:38 papa amavis[23670]: TIMING [total 9 ms] - bdb-open: 9 (100%)100, rundown: 0 (0%)100
May 22 21:53:38 papa amavis[23671]: TIMING [total 11 ms] - bdb-open: 11 (100%)100, rundown: 0 (0%)100
May 22 21:53:38 papa amavis[23672]: TIMING [total 9 ms] - bdb-open: 9 (100%)100, rundown: 0 (0%)100
May 22 21:53:38 papa amavis[23673]: TIMING [total 8 ms] - bdb-open: 8 (100%)100, rundown: 0 (0%)100
May 22 21:53:45 papa freshclam[23755]: Current working dir is /var/lib/clamav
May 22 21:53:45 papa freshclam[23756]: freshclam daemon 0.93 (OS: linux-gnu, ARCH: i386, CPU: i686)
May 22 21:53:45 papa freshclam[23756]: Max retries == 3
May 22 21:53:45 papa freshclam[23756]: ClamAV update process started at Thu May 22 21:53:45 2008
May 22 21:53:45 papa freshclam[23756]: Querying current.cvd.clamav.net
May 22 21:53:45 papa freshclam[23756]: TTL: 92
May 22 21:53:45 papa freshclam[23756]: Software version from DNS: 0.93
May 22 21:53:45 papa freshclam[23756]: main.cvd version from DNS: 46
May 22 21:53:45 papa freshclam[23756]: main.cvd is up to date (version: 46, sigs: 231834, f-level: 26, builder: sven)
May 22 21:53:45 papa freshclam[23756]: daily.cvd version from DNS: 7218
May 22 21:53:45 papa freshclam[23756]: daily.cld is up to date (version: 7218, sigs: 65298, f-level: 26, builder: neo)
May 22 21:53:45 papa freshclam[23756]: --------------------------------------
|
log /var/log/clamav/clamd.log
| Code: |
papa ~ # tail -50 /var/log/clamav/clamd.log
Thu May 22 02:27:07 2008 -> Log file size limited to 1048576 bytes.
Thu May 22 02:27:07 2008 -> Reading databases from /var/lib/clamav
Thu May 22 02:44:04 2008 -> +++ Started at Thu May 22 02:44:04 2008
Thu May 22 02:44:04 2008 -> clamd daemon 0.90.3 (OS: linux-gnu, ARCH: i386, CPU: i686)
Thu May 22 02:44:04 2008 -> Log file size limited to 1048576 bytes.
Thu May 22 02:44:04 2008 -> Reading databases from /var/lib/clamav
Thu May 22 01:38:27 2008 -> +++ Started at Thu May 22 01:38:27 2008
Thu May 22 01:38:27 2008 -> clamd daemon 0.90.3 (OS: linux-gnu, ARCH: i386, CPU: i686)
Thu May 22 01:38:27 2008 -> Log file size limited to 1048576 bytes.
Thu May 22 01:38:27 2008 -> Reading databases from /var/lib/clamav
Thu May 22 02:05:24 2008 -> +++ Started at Thu May 22 02:05:24 2008
Thu May 22 02:05:24 2008 -> clamd daemon 0.90.3 (OS: linux-gnu, ARCH: i386, CPU: i686)
Thu May 22 02:05:24 2008 -> Log file size limited to 1048576 bytes.
Thu May 22 02:05:24 2008 -> Reading databases from /var/lib/clamav
Thu May 22 02:05:24 2008 -> ERROR: Not supported data format
Thu May 22 02:07:22 2008 -> +++ Started at Thu May 22 02:07:22 2008
Thu May 22 02:07:22 2008 -> clamd daemon 0.90.3 (OS: linux-gnu, ARCH: i386, CPU: i686)
Thu May 22 02:07:22 2008 -> Log file size limited to 1048576 bytes.
Thu May 22 02:07:22 2008 -> Reading databases from /var/lib/clamav
Thu May 22 02:24:39 2008 -> +++ Started at Thu May 22 02:24:39 2008
Thu May 22 02:24:39 2008 -> clamd daemon 0.90.3 (OS: linux-gnu, ARCH: i386, CPU: i686)
Thu May 22 02:24:39 2008 -> Log file size limited to 1048576 bytes.
Thu May 22 02:24:39 2008 -> Reading databases from /var/lib/clamav
Thu May 22 02:24:39 2008 -> ERROR: Not supported data format
Thu May 22 02:35:16 2008 -> +++ Started at Thu May 22 02:35:16 2008
Thu May 22 02:35:16 2008 -> clamd daemon 0.90.3 (OS: linux-gnu, ARCH: i386, CPU: i686)
Thu May 22 02:35:16 2008 -> Log file size limited to 1048576 bytes.
Thu May 22 02:35:16 2008 -> Reading databases from /var/lib/clamav
Thu May 22 02:35:24 2008 -> Loaded 120423 signatures.
Thu May 22 02:35:24 2008 -> ERROR: Socket file /var/amavis/clamd exists. Either remove it, or configure a different one.
Thu May 22 10:24:59 2008 -> +++ Started at Thu May 22 10:24:59 2008
Thu May 22 10:24:59 2008 -> clamd daemon 0.90.3 (OS: linux-gnu, ARCH: i386, CPU: i686)
Thu May 22 10:24:59 2008 -> Log file size limited to 1048576 bytes.
Thu May 22 10:24:59 2008 -> Reading databases from /var/lib/clamav
Thu May 22 10:31:06 2008 -> +++ Started at Thu May 22 10:31:06 2008
Thu May 22 10:31:06 2008 -> clamd daemon 0.90.3 (OS: linux-gnu, ARCH: i386, CPU: i686)
Thu May 22 10:31:06 2008 -> Log file size limited to 1048576 bytes.
Thu May 22 10:31:06 2008 -> Reading databases from /var/lib/clamav
Thu May 22 10:37:11 2008 -> +++ Started at Thu May 22 10:37:11 2008
Thu May 22 10:37:11 2008 -> clamd daemon 0.90.3 (OS: linux-gnu, ARCH: i386, CPU: i686)
Thu May 22 10:37:11 2008 -> Log file size limited to 1048576 bytes.
Thu May 22 10:37:11 2008 -> Reading databases from /var/lib/clamav
Thu May 22 10:41:25 2008 -> +++ Started at Thu May 22 10:41:25 2008
Thu May 22 10:41:25 2008 -> clamd daemon 0.90.3 (OS: linux-gnu, ARCH: i386, CPU: i686)
Thu May 22 10:41:25 2008 -> Log file size limited to 1048576 bytes.
Thu May 22 10:41:25 2008 -> Reading databases from /var/lib/clamav
Thu May 22 11:10:59 2008 -> +++ Started at Thu May 22 11:10:59 2008
Thu May 22 11:10:59 2008 -> clamd daemon 0.90.3 (OS: linux-gnu, ARCH: i386, CPU: i686)
Thu May 22 11:10:59 2008 -> Log file size limited to 1048576 bytes.
Thu May 22 11:10:59 2008 -> Reading databases from /var/lib/clamav
|
/var/log/clamav/ owner clamav group clamav 40755
/var/amavis owner amavis group mailuser 40777 | i don't knowy why is mailuser but I check many configurations maybe my mistake
/var/lib/clamav owner amavis group amavis 40777
/etc/group
| Code: |
amavis:x:1002:clamav |
example.pl I change from my real domain name. |
|
| Back to top |
|
|
mkiler
n00b
Joined: 22 May 2008
Posts: 12
|
| Posted: Thu May 22, 2008 9:34 pm Post subject: |
|
|
| file /var/amavis/clamd exist - I touched this file today |
|
| Back to top |
|
|
mkiler
n00b
Joined: 22 May 2008
Posts: 12
|
| Posted: Fri May 23, 2008 9:51 am Post subject: |
|
|
now permissions to /var/amavis are correct
| Code: |
netstat -anpl|grep clamd
|
returns nothing, but into log when I restart clamd
| Code: |
May 23 10:03:13 papa freshclam[3061]: Current working dir is /var/lib/clamav
May 23 10:03:13 papa freshclam[3062]: freshclam daemon 0.93 (OS: linux-gnu, ARCH: i386, CPU: i686)
May 23 10:03:13 papa freshclam[3062]: Max retries == 3
May 23 10:03:13 papa freshclam[3062]: ClamAV update process started at Fri May 23 10:03:13 2008
May 23 10:03:13 papa freshclam[3062]: Querying current.cvd.clamav.net
May 23 10:03:13 papa freshclam[3062]: TTL: 4
May 23 10:03:13 papa freshclam[3062]: Software version from DNS: 0.93
May 23 10:03:13 papa freshclam[3062]: main.cvd version from DNS: 46
May 23 10:03:13 papa freshclam[3062]: main.cvd is up to date (version: 46, sigs: 231834, f-level: 26, builder: sven)
May 23 10:03:13 papa freshclam[3062]: daily.cvd version from DNS: 7220
May 23 10:03:13 papa freshclam[3062]: daily.cld is up to date (version: 7220, sigs: 65308, f-level: 26, builder: ccordes)
May 23 10:03:13 papa freshclam[3062]: --------------------------------------
|
now I change /etc/init.d/clamd now file is:
| Code: |
#!/sbin/runscript
# Copyright 1999-2005 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/app-antivirus/clamav/files/clamd.rc,v 1.15 20 07/04/13 20:56:34 ticho Exp $
opts="logfix"
depend() {
use net
provide antivirus
}
start() {
local clamd_socket=`awk '$1 == "LocalSocket" { print $2 }' /etc/clamd.co nf`
logfix
if [ "${START_CLAMD}" = "yes" ]; then
if [ -S "${clamd_socket:-/tmp/clamd}" ]; then
rm -f ${clamd_socket:-/tmp/clamd}
fi
ebegin "Starting clamd"
#start-stop-daemon --stop --quiet --pidfile /var/amavis/clamd.pid
start-stop-daemon --start --quiet \
--exec /usr/sbin/clamd
eend $? "Failed to start clamd"
fi
if [ "${START_FRESHCLAM}" = "yes" ]; then
ebegin "Starting freshclam"
start-stop-daemon --start --quiet \
--exec /usr/bin/freshclam -- -d
retcode=$?
if [ ${retcode} = 1 ]; then
eend 0
einfo "Virus databases are already up to date."
else
eend ${retcode} "Failed to start freshclam"
fi
fi
if [ "${START_MILTER}" = "yes" ]; then
if [ -S "${MILTER_SOCKET}" ]; then
rm -f ${MILTER_SOCKET}
fi
local milter_ext=no
local milter_svr=no
args=`getopt -q --options "es" --longoptions "external,server" - - $MILTER_OPTS`
for arg in $args; do
case "$arg" in
-e | --external)
milter_ext=yes;
shift;;
-s | --server)
milter_svr=yes;
shift;;
--)
shift;
break;;
esac
done
if [[ $milter_ext == yes && $milter_svr == no ]]; then
local clamd_socket_wait_count=0
local clamd_socket_wait_max=10
local clamd_socket_wait_result=-1
ebegin "Waiting for clamd to create ${clamd_socket}"
while (( clamd_socket_wait < clamd_socket_wait_max )); d o
if [ -S "${clamd_socket:-/tmp/clamd}" ]; then
clamd_socket_wait_result=0
break
else
echo -n " ."
let clamd_socket_wait++
sleep 1
fi
done
echo
eend $clamd_socket_wait_result "Timeout waiting for ${cl amd_socket}"
fi
ebegin "Starting clamav-milter"
start-stop-daemon --start --quiet \
--exec /usr/sbin/clamav-milter -- ${MILTER_OPTS} ${MILTE R_SOCKET}
eend $? "Failed to start clamav-milter"
fi
}
stop() {
if [ "${START_CLAMD}" = "yes" ]; then
ebegin "Stopping clamd"
start-stop-daemon --stop --quiet --name clamd
eend $? "Failed to stop clamd"
fi
if [ "${START_FRESHCLAM}" = "yes" ]; then
ebegin "Stopping freshclam"
start-stop-daemon --stop --quiet --name freshclam
eend $? "Failed to stop freshclam"
fi
if [ "${START_MILTER}" = "yes" ]; then
ebegin "Stopping clamav-milter"
start-stop-daemon --stop --quiet --name clamav-milter
eend $? "Failed to stop clamav-milter"
fi
}
logfix() {
if [ "${START_CLAMD}" = "yes" ]; then
# fix clamd log permissions
# (might be clobbered by logrotate or something)
local logfile=`awk '$1 == "LogFile" { print $2 }' /etc/clamd.con f`
local clamav_user=`awk '$1 == "User" { print $2 }' /etc/clamd.co nf`
if [ -n "${logfile}" ] && [ -n "${clamav_user}" ]; then
if [ ! -f "${logfile}" ]; then
touch ${logfile}
fi
chown ${clamav_user} ${logfile}
chmod 640 ${logfile}
fi
fi
if [ "${START_FRESHCLAM}" = "yes" ]; then
# fix freshclam log permissions
# (might be clobbered by logrotate or something)
logfile=`awk '$1 == "UpdateLogFile" { print $2 }' /etc/freshclam .conf`
local freshclam_user=`awk '$1 == "DatabaseOwner" { print $2 }' / etc/freshclam.conf`
if [ -n "${logfile}" -a -n "${clamav_user}" ]; then
if [ ! -f "${logfile}" ]; then
touch ${logfile}
fi
chown ${freshclam_user} ${logfile}
chmod 640 ${logfile}
fi
fi
}
|
little change in /etc/clamd.conf
| Code: |
AllowSupplementaryGroups yes
|
restart and now when I do
| Code: |
netstat -anpl|grep clamd
|
log is
| Code: |
unix 2 [ ACC ] STREAM LISTENING 601505 3402/clamd /var/amavis/clamd
|
Previous error has disappear, but now sometimes in log I have
| Code: |
papa amavis[2913]: (02913-05) ClamAV-clamd: Can't send to socket /var/amavis/clamd: Transport endpoint is not connected, retrying (1)
|
Bunder thanks for your help |
|
| Back to top |
|
|
bunder
Bodhisattva
Joined: 10 Apr 2004
Posts: 5947
|
| Posted: Fri May 23, 2008 12:11 pm Post subject: |
|
|
check the clamav part of your /etc/amavisd.conf
| Quote: | ['ClamAV-clamd',
\&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd.sock"],
qr/\bOK$/, qr/\bFOUND$/,
qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
|
it's probably set to /var/amavis/clamd 
edit: you must be using a different logger than i am, that might be why you don't have a /var/log/mail.info... not sure where your logger stores mail logs. 
double edit: here are the perms on my side-
drwxrwxr-x 7 amavis amavis 4096 May 22 17:01 /var/amavis
drwxrwxr-x 4 clamav amavis 4096 May 22 23:01 /var/lib/clamav
drwxr-xr-x 2 clamav amavis 1024 May 9 03:05 /var/log/clamav
seems to work fine for me... give it all a go and let me know how things turn out. cheers
_________________
| Neddyseagoon wrote: | | The problem with leaving is that you can only do it once and it reduces your influence. |
banned from #gentoo since sept 2017 |
|
| Back to top |
|
|
mkiler
n00b
Joined: 22 May 2008
Posts: 12
|
| Posted: Fri May 23, 2008 1:59 pm Post subject: |
|
|
yes I have
| Code: |
['ClamAV-clamd',
\&ask_daemon, ["CONTSCAN {}\n", "/var/amavis/clamd"],
qr/\bOK$/, qr/\bFOUND$/,
qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ] |
but when I change to your version email are not delivered. I think it's ok now because I check my log file and error this error
| Code: |
papa amavis[2913]: (02913-05) ClamAV-clamd: Can't send to socket /var/amavis/clamd: Transport endpoint is not connected, retrying (1)
|
doesn't exist.
Thanks once again. I think we can close this subject |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
