From: Frank Brehm Date: Thu, 8 Dec 2011 23:39:53 +0000 (+0100) Subject: cleaned X-Git-Url: https://git.uhu-banane.de/?a=commitdiff_plain;h=07a216f0b901b73ba69c82598833830b67dae76a;p=config%2Fhelga%2Fetc.git cleaned --- diff --git a/.gitignore b/.gitignore index e5ebcba..6034952 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,4 @@ .keep* *- +/.pwd.lock +/motd diff --git a/.rcs/amavisd.conf,v b/.rcs/amavisd.conf,v new file mode 100644 index 0000000..1be6eba --- /dev/null +++ b/.rcs/amavisd.conf,v @@ -0,0 +1,2725 @@ +head 1.4; +access; +symbols; +locks; strict; +comment @# @; + + +1.4 +date 2010.12.01.23.32.18; author root; state Exp; +branches; +next 1.3; + +1.3 +date 2010.12.01.15.48.50; author root; state Exp; +branches; +next 1.2; + +1.2 +date 2010.05.27.13.09.20; author root; state Exp; +branches; +next 1.1; + +1.1 +date 2010.05.26.13.08.21; author root; state Exp; +branches; +next ; + + +desc +@Initial +@ + + +1.4 +log +@Checked in. +@ +text +@use strict; + +# Sample configuration file for amavisd-new (traditional style, chatty, +# you may prefer to start with the more concise supplied amavisd.conf) +# +# See amavisd.conf-default for a list of all variables with their defaults; +# for more details see documentation in INSTALL, README_FILES/* +# and at http://www.ijs.si/software/amavisd/amavisd-new-docs.html + +# This software is licensed under the GNU General Public License (GPL). +# See comments at the start of amavisd-new for the whole license text. + +#Sections: +# Section I - Essential daemon and MTA settings +# Section II - MTA specific +# Section III - Logging +# Section IV - Notifications/DSN, bounce/reject/discard/pass, quarantine +# Section V - Per-recipient and per-sender handling, whitelisting, etc. +# Section VI - Resource limits +# Section VII - External programs, virus scanners, SpamAssassin +# Section VIII - Debugging +# Section IX - Policy banks (dynamic policy switching) + +#GENERAL NOTES: +# This file is a normal Perl code, interpreted by Perl itself. +# - make sure this file (or directory where it resides) is NOT WRITABLE +# by mere mortals (not even vscan/amavis; best to make it owned by root), +# otherwise it can represent a severe security risk! +# - for values which are interpreted as booleans, it is recommended +# to use 1 for true, and 0 or undef or '' for false; +# Note that this interpretation of boolean values does not apply directly +# to LDAP and SQL lookups, which follow their own rules - see README.lookups +# and README.ldap (in short: use Y/N in SQL, and TRUE/FALSE in LDAP); +# - Perl syntax applies. Most notably: strings in "" may include variables +# (which start with $ or @@); to include characters $ and @@ and \ in double +# quoted strings precede them by a backslash; in single-quoted strings +# the $ and @@ lose their special meaning, so it is usually easier to use +# single quoted strings (or qw operator) for e-mail addresses. +# In both types of quoting a backslash should to be doubled. +# - variables with names starting with a '@@' are lists, the values assigned +# to them should be lists too, e.g. ('one@@foo', $mydomain, "three"); +# note the comma-separation and parenthesis. If strings in the list +# do not contain spaces nor variables, a Perl operator qw() may be used +# as a shorthand to split its argument on whitespace and produce a list +# of strings, e.g. qw( one@@foo example.com three ); Note that the argument +# to qw is quoted implicitly and no variable interpretation is done within +# (no '$' variable evaluations). The #-initiated comments can NOT be used +# within a string. In other words, $ and # lose their special meaning +# within a qw argument, just like within '...' strings. +# - all e-mail addresses in this file and as used internally by the daemon +# are in their raw (rfc2821-unquoted and non-bracketed) form, i.e. +# Bob "Funny" Dude@@example.com, not: "Bob \"Funny\" Dude"@@example.com +# and not <"Bob \"Funny\" Dude"@@example.com>; also: '' and not '<>'. +# - the term 'default value' in examples below refers to the value of a +# variable pre-assigned to it by the program; any explicit assignment +# to a variable in this configuration file overrides the default value; + + +# +# Section I - Essential daemon and MTA settings +# + +# $MYHOME serves as a quick default for some other configuration settings. +# More refined control is available with each individual setting further down. +# $MYHOME is not used directly by the program. No trailing slash! +$MYHOME = '/var/amavis'; # (default is '/var/amavis'), -H + +# $mydomain serves as a quick default for some other configuration settings. +# More refined control is available with each individual setting further down. +# $mydomain is never used directly by the program. +$mydomain = 'brehm-online.com'; # (no useful default) + +# $myhostname = 'host.example.com'; # fqdn of this host, default by uname(3) +$myhostname = 'helga.brehm-online.com'; + +# Set the user and group to which the daemon will change if started as root +# (otherwise just keeps the UID unchanged, and these settings have no effect): +$daemon_user = 'amavis'; # (no default; customary: vscan or amavis), -u +$daemon_group = 'amavis'; # (no default; customary: vscan or amavis), -g + +# Runtime working directory (cwd), and a place where +# temporary directories for unpacking mail are created. +# (no trailing slash, may be a scratch file system) +#$TEMPBASE = $MYHOME; # (must be set if other config vars use is), -T +$TEMPBASE = "$MYHOME/tmp"; # prefer to keep home dir /var/amavis clean? + +#$db_home = "$MYHOME/db"; # DB databases directory, default "$MYHOME/db", -D + +# $helpers_home sets environment variable HOME, and is passed as option +# 'home_dir_for_helpers' to Mail::SpamAssassin::new. It should be a directory +# on a normal persistent file system, not a scratch or temporary file system +#$helpers_home = $MYHOME; # (defaults to $MYHOME), -S + +# Run the daemon in the specified chroot jail if nonempty: +#$daemon_chroot_dir = $MYHOME; # (default is undef, meaning: do not chroot), -R + +#$pid_file = "$MYHOME/amavisd.pid"; # (default is "$MYHOME/amavisd.pid"), -P +#$lock_file = "$MYHOME/amavisd.lock"; # (default is "$MYHOME/amavisd.lock"), -L + +# set environment variables if you want (no defaults): +$ENV{TMPDIR} = $TEMPBASE; # used for SA temporary files, by some decoders, etc. + +$enable_db = 1; # enable use of BerkeleyDB/libdb (SNMP and nanny) +$enable_global_cache = 1; # enable use of libdb-based cache if $enable_db=1 + +$enable_dkim_verification = 0; # enable DKIM signatures verification +$enable_dkim_signing = 0; # load DKIM signing code, keys defined by dkim_key + +# MTA SETTINGS, UNCOMMENT AS APPROPRIATE, +# both $forward_method and $notify_method default to 'smtp:[127.0.0.1]:10025' + +# POSTFIX, or SENDMAIL in dual-MTA setup, or EXIM V4 +# (set host and port number as required; host can be specified +# as an IP address or a DNS name (A or CNAME, but MX is ignored) +#$forward_method = 'smtp:[127.0.0.1]:10025'; # where to forward checked mail +#$notify_method = $forward_method; # where to submit notifications + +#$os_fingerprint_method = 'p0f:127.0.0.1:2345'; # query p0f-analyzer.pl + +# To make it possible for several hosts to share one content checking daemon, +# the IP address and/or the port number in $forward_method and $notify_method +# may be spacified as an asterisk. An asterisk in the colon-separated +# second field (host) will be replaced by the SMTP client peer address, +# An asterisk in the third field (tcp port) will be replaced by the incoming +# SMTP/LMTP session port number plus one. This obsoletes the previously used +# less flexible configuration parameter $relayhost_is_client. An example: +# $forward_method = 'smtp:*:*'; $notify_method = 'smtp:*:10587'; + + +# NOTE: The defaults (above) are good for Postfix or dual-sendmail. You MUST +# uncomment the appropriate settings below if using other setups! + +# SENDMAIL MILTER, using amavis-milter.c helper program: +#$forward_method = undef; # no explicit forwarding, sendmail does it by itself +# milter; option -odd is needed to avoid deadlocks +#$notify_method = 'pipe:flags=q argv=/usr/sbin/sendmail -Ac -i -odd -f ${sender} -- ${recipient}'; +# just a thought: can we use use -Am instead of -odd ? + +# SENDMAIL (old non-milter setup, as relay, deprecated): +#$forward_method = 'pipe:flags=q argv=/usr/sbin/sendmail -C/etc/sendmail.orig.cf -i -f ${sender} -- ${recipient}'; +#$notify_method = $forward_method; + +# SENDMAIL (old non-milter setup, amavis.c calls local delivery agent, deprecated): +#$forward_method = undef; # no explicit forwarding, amavis.c will call LDA +#$notify_method = 'pipe:flags=q argv=/usr/sbin/sendmail -Ac -i -f ${sender} -- ${recipient}'; + +# EXIM v3 (not recommended with v4 or later, which can use SMTP setup instead): +#$forward_method = 'pipe:flags=q argv=/usr/sbin/exim -oMr scanned-ok -i -f ${sender} -- ${recipient}'; +#$notify_method = $forward_method; + +# COURIER using courierfilter +#$forward_method = undef; # no explicit forwarding, Courier does it itself +#$notify_method = 'pipe:flags=q argv=perl -e $pid=fork();if($pid==-1){exit(75)}elsif($pid==0){exec(@@ARGV)}else{exit(0)} /usr/sbin/sendmail -f ${sender} -- ${recipient}'; +# Only set $courierfilter_shutdown to 1 if you are using courierfilter to +# control the startup and shutdown of amavis +#$courierfilter_shutdown = 1; # (default 0) + +# prefer to collect mail for forwarding as BSMTP files? +#$forward_method = "bsmtp:$MYHOME/out-%i-%n.bsmtp"; +#$notify_method = $forward_method; + +@@auth_mech_avail = qw(PLAIN LOGIN); +$auth_required_inp = 0; +$auth_required_out = 0; + +# Net::Server pre-forking settings +# The $max_servers should match the width of your MTA pipe +# feeding amavisd, e.g. with Postfix the 'Max procs' field in the +# master.cf file, like the '2' in the: smtp-amavis unix - - n - 2 smtp +# +$max_servers = 2; # num of pre-forked children (2..30 is common), -m +$max_requests = 20; # retire a child after that many accepts (default 20) + +$child_timeout=5*60; # abort child if it does not complete its processing in + # approximately n seconds (default: 8*60 seconds) + +$smtpd_timeout = 120; # disconnect session if client is idle for too long + # (default: 8*60 seconds); should be higher than a + # Postfix setting max_idle (default 100s) + +# Here is a QUICK WAY to completely DISABLE some sections of code +# that WE DO NOT WANT (it won't even be compiled-in). +# For more refined controls leave the following two lines commented out, +# and see further down what these two lookup lists really mean. +# +# @@bypass_virus_checks_maps = (1); # controls running of anti-virus code +# @@bypass_spam_checks_maps = (1); # controls running of anti-spam code +# $bypass_decode_parts = 1; # controls running of decoders&dearchivers +# +# Any setting can be changed with a new assignment, so make sure +# you do not unintentionally override these settings further down! + +# Check also the settings of @@av_scanners at the end if you want to use +# virus scanners. If not, you may want to delete the whole long assignment +# to the variable @@av_scanners and @@av_scanners_backup, which will also +# remove the virus checking code (e.g. if you only want to do spam scanning). + + +# Lookup list of local domains (see README.lookups for syntax details) +# +# @@local_domains_maps is a list of lookup tables which are used in deciding +# whether a recipient is local or not, or in other words, if the message is +# outgoing or not. This affects inserting spam-related and OS fingerprinting +# header fields for local recipients, editing Subject header field and allowing +# mail body defanging, limiting recipient notifications to local recipients, +# in deciding if address extension may be appended, in matching mail addresses +# to non-fqdn SQL record keys, for proper operation of pen pals feature, +# for selecting statistics counters (distinguishing outgoing from internal- +# to internal mail), and possibly more in future versions. +# Set it up correctly if you need features that rely on this setting. +# +# With Postfix (2.0) a quick hint on what local domains normally are: +# a union of domains specified in: mydestination, virtual_alias_domains, +# virtual_mailbox_domains, and relay_domains. + +@@local_domains_maps = ( [".$mydomain"] ); # $mydomain and its subdomains +# @@local_domains_maps = (); # default is empty list, no recip. considered local +# @@local_domains_maps = # using ACL lookup table +# ( [ ".$mydomain", 'sub.example.net', '.example.com' ] ); +# @@local_domains_maps = # similar, split list elements on whitespace +# ( [qw( .example.com !host.sub.example.net .sub.example.net )] ); +# @@local_domains_maps = ( new_RE( qr'[@@.]example\.com$'i ) ); # using regexp +# @@local_domains_maps = ( read_hash("$MYHOME/local_domains") ); # using hash +# perhaps combined with Postfix: mydestination = /var/amavis/local_domains +# for debugging purposes: dump_hash($local_domains_maps[0]); +# +# Section II - MTA specific (defaults should be ok) +# + +#$insert_received_line = 1; # behave like MTA: insert 'Received:' header + # (does not apply to sendmail/milter) + # (default is true) + +# AMAVIS-CLIENT AND COURIER PROTOCOL INPUT SETTINGS (e.g. amavisd-release, or +# sendmail milter through helper clients like amavis-milter.c and amavis.c) +# option(s) -p overrides $inet_socket_port and $unix_socketname +$unix_socketname = "$MYHOME/amavisd.sock"; # amavis helper protocol socket +#$unix_socketname = undef; # disable listening on a unix socket + # (default is undef, i.e. disabled) +#$unix_socketname = "/var/lib/courier/allfilters/amavisd"; # Courier socket + # (usual setting is $MYHOME/amavisd.sock) + +# SMTP SERVER (INPUT) PROTOCOL SETTINGS (e.g. with Postfix, Exim v4, ...) +# (used when MTA is configured to pass mail to amavisd via SMTP or LMTP) +$inet_socket_port = 10024; # accept SMTP on this local TCP port + # (default is undef, i.e. disabled) +# multiple ports may be provided: $inet_socket_port = [10024, 10026, 10028]; + +# SMTP SERVER (INPUT) access control +# - do not allow free access to the amavisd SMTP port !!! +# +# when MTA is at the same host, use the following (one or the other or both): +#$inet_socket_bind = '127.0.0.1'; # limit socket bind to loopback interface + # (default is '127.0.0.1') +@@inet_acl = qw(127.0.0.1 [::1]); # allow SMTP access only from localhost IP + # (default is qw(127.0.0.1 [::1]) ) + +# when MTA (one or more) is on a different host, use the following: +#@@inet_acl = qw(127.0.0.0/8 [::1] 10.1.0.1 10.1.0.2); # adjust list as needed +#$inet_socket_bind = undef; # bind to all IP interfaces if undef + +# +# Example1: +# @@inet_acl = qw( 127/8 10/8 172.16/12 192.168/16 ); +# permit only SMTP access from loopback and rfc1918 private address space +# +# Example2: +# @@inet_acl = qw( !192.168.1.12 172.16.3.3 !172.16.3/255.255.255.0 +# 127.0.0.1 10/8 172.16/12 192.168/16 ); +# matches loopback and rfc1918 private address space except host 192.168.1.12 +# and net 172.16.3/24 (but host 172.16.3.3 within 172.16.3/24 still matches) +# +# Example3: +# @@inet_acl = qw( 127/8 +# !172.16.3.0 !172.16.3.127 172.16.3.0/25 +# !172.16.3.128 !172.16.3.255 172.16.3.128/25 ); +# matches loopback and both halves of the 172.16.3/24 C-class, +# split into two subnets, except all four broadcast addresses +# for these subnets + + +# @@mynetworks is an IP access list which determines if the original SMTP client +# IP address belongs to our internal networks, i.e. mail is coming from inside. +# It is much like the Postfix parameter 'mynetworks' in semantics and similar +# in syntax, and its value should normally match the Postfix counterpart. +# It only affects the value of a macro %l (=sender-is-local), +# and the loading of policy 'MYNETS' if present (see below). +# Note that '-o smtp_send_xforward_command=yes' (or its lmtp counterpart) +# must be enabled in the Postfix service that feeds amavisd, otherwise +# client IP address is not available to amavisd-new. +# +# @@mynetworks = qw( 127.0.0.0/8 [::1] [FE80::]/10 [FEC0::]/10 +# 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 ); # default +# +# A list of networks can also be read from a file, either as an IP acl in +# CIDR notation, one address per line (comments and empty lines are allowed): +# @@mynetworks_maps = (read_array('/etc/amavisd-mynetworks'), \@@mynetworks); +# +# or less flexibly (but provides faster lookups for large lists) by reading +# into a hash lookup table, which only allows for full addresses or classful +# IPv4 subnets with truncated octets, such as 127, 10, 192.168, 10.11.12.13, +# one address per line (comments and empty lines are allowed): +# @@mynetworks_maps = (read_hash('/etc/amavisd-mynetworks'), \@@mynetworks); + +# See README.lookups for details on specifying access control lists. + + +# +# Section III - Logging +# + +# true (e.g. 1) => syslog; false (e.g. 0) => logging to file +$DO_SYSLOG = 1; # (defaults to 0) + +$syslog_ident = 'amavis'; # Syslog ident string (defaults to 'amavis') +$syslog_facility = 'mail'; # Syslog facility as a string + # e.g.: mail, daemon, user, local0, ... local7, ... +$syslog_priority = 'info'; # Syslog base (minimal) priority as a string, + # choose from: emerg, alert, crit, err, warning, notice, info, debug + +# Log file (if not using syslog) +$LOGFILE = "$MYHOME/amavis.log"; # (defaults to empty, no log) + +#NOTE: levels are not strictly observed and are somewhat arbitrary +# 0: startup/exit/failure messages, viruses detected +# 1: args passed from client, some more interesting messages +# 2: virus scanner output, timing +# 3: server, client +# 4: decompose parts +# 5: more debug details +$log_level = 3; # (defaults to 0), -d + +# Customizable template for the most interesting log file entry (e.g. with +# $log_level=0) (take care to properly quote Perl special characters like '\') +# For a list of available macros see README.customize . + +# $log_templ = undef; # undef disables by-message level-0 log entries +$log_recip_templ = undef; # undef disables by-recipient level-0 log entries + + +# log both infected and noninfected messages (as deflt, with size,subj,tests): +# (remove the leading '#' and a space in the following lines to activate) + +# $log_templ = <<'EOD'; +# [?%#D|#|Passed # +# [? [:ccat|major] |OTHER|CLEAN|MTA-BLOCKED|OVERSIZED|BAD-HEADER|SPAMMY|SPAM|\ +# UNCHECKED|BANNED (%F)|INFECTED (%V)]# +# , [? %p ||%p ][?%a||[?%l||LOCAL ]\[%a\] ][?%e||\[%e\] ]%s -> [%D|,]# +# [? %q ||, quarantine: %q]# +# [? %Q ||, Queue-ID: %Q]# +# [? %m ||, Message-ID: %m]# +# [? %r ||, Resent-Message-ID: %r]# +# , mail_id: %i# +# , Hits: [:SCORE]# +# , size: %z# +# [~[:remote_mta_smtp_response]|["^$"]||[", queued_as: "]]\ +# [remote_mta_smtp_response|[~%x|["queued as ([0-9A-Z]+)$"]|["%1"]|["%0"]]|/]# +# [? [:header_field|Subject] ||, Subject: [:dquote|[:header_field|Subject]]]# +# [? [:header_field|From] ||, From: [:uquote|[:header_field|From]]]# +# [? [:useragent|name] ||, [:useragent|name]: [:uquote|[:useragent|body]]]# +# [? %#T ||, Tests: \[[%T|,]\]]# +# [:supplementary_info|SCTYPE|, shortcircuit=%%s]# +# [:supplementary_info|AUTOLEARN|, autolearn=%%s]# +# , %y ms# +# ] +# [?%#O|#|Blocked # +# [? [:ccat|major|blocking] |# +# OTHER|CLEAN|MTA-BLOCKED|OVERSIZED|BAD-HEADER|SPAMMY|SPAM|\ +# UNCHECKED|BANNED (%F)|INFECTED (%V)]# +# , [? %p ||%p ][?%a||[?%l||LOCAL ]\[%a\] ][?%e||\[%e\] ]%s -> [%O|,]# +# [? %q ||, quarantine: %q]# +# [? %Q ||, Queue-ID: %Q]# +# [? %m ||, Message-ID: %m]# +# [? %r ||, Resent-Message-ID: %r]# +# , mail_id: %i# +# , Hits: [:SCORE]# +# , size: %z# +# #, smtp_resp: [:smtp_response]# +# [? [:header_field|Subject] ||, Subject: [:dquote|[:header_field|Subject]]]# +# [? [:header_field|From] ||, From: [:uquote|[:header_field|From]]]# +# [? [:useragent|name] ||, [:useragent|name]: [:uquote|[:useragent|body]]]# +# [? %#T ||, Tests: \[[%T|,]\]]# +# [:supplementary_info|SCTYPE|, shortcircuit=%%s]# +# [:supplementary_info|AUTOLEARN|, autolearn=%%s]# +# , %y ms# +# ] +# EOD + +# +# Section IV - Notifications/DSN, bounce/reject/discard/pass, quarantine +# + +# Select notifications text encoding when Unicode-aware Perl is converting +# text from internal character representation to external encoding (charset +# in MIME terminology). Used as argument to Perl Encode::encode subroutine. +# +# to be used in RFC 2047-encoded header field bodies, e.g. in Subject: +#$hdr_encoding = 'iso-8859-1'; # MIME charset (default: 'iso-8859-1') +#$hdr_encoding_qb = 'Q'; # MIME encoding: quoted-printable (default) +#$hdr_encoding_qb = 'B'; # MIME encoding: base64 +# +# to be used in notification body text: its encoding and Content-type.charset +#$bdy_encoding = 'iso-8859-1'; # (default: 'iso-8859-1') + +# Default template texts for notifications may be overruled by directly +# assigning new text to template variables, or by reading template text +# from files. A second argument may be specified in a call to read_text(), +# specifying character encoding layer to be used when reading from the +# external file, e.g. 'utf8', 'iso-8859-1', or often just $bdy_encoding. +# Text will be converted to internal character representation by Perl 5.8.0 +# or later; second argument is ignored otherwise. See PerlIO::encoding, +# Encode::PerlIO and perluniintro man pages. +# +# $notify_sender_templ = read_text("$MYHOME/notify_sender.txt"); +# $notify_virus_sender_templ= read_text("$MYHOME/notify_virus_sender.txt"); +# $notify_virus_admin_templ = read_text("$MYHOME/notify_virus_admin.txt"); +# $notify_virus_recips_templ= read_text("$MYHOME/notify_virus_recips.txt"); +# $notify_spam_sender_templ = read_text("$MYHOME/notify_spam_sender.txt"); +# $notify_spam_admin_templ = read_text("$MYHOME/notify_spam_admin.txt"); + +# If notification template files are collectively available in some directory, +# one may call read_l10n_templates which invokes read_text for each known +# template. This is primarily a Debian-specific feature, but was incorporated +# into base code to facilitate porting. +# +# read_l10n_templates('/etc/amavis/en_US'); +# +# If read_l10n_templates is called, a localization template directory must +# contain the following files: +# charset this file should contain a one-line name +# of the character set used in the template +# files (e.g. utf8, iso-8859-2, ...) and is +# passed as the second argument to read_text; +# template-dsn.txt content fills the $notify_sender_templ +# template-virus-sender.txt content fills the $notify_virus_sender_templ +# template-virus-admin.txt content fills the $notify_virus_admin_templ +# template-virus-recipient.txt content fills the $notify_virus_recips_templ +# template-spam-sender.txt content fills the $notify_spam_sender_templ +# template-spam-admin.txt content fills the $notify_spam_admin_templ + +# Here is an overall picture (sequence of events) of how pieces fit together +# +# bypass_virus_checks set for all recipients? ==> PASS +# no viruses? ==> PASS +# log virus if $log_templ is nonempty +# quarantine if $virus_quarantine_to is nonempty +# notify admin if $virus_admin (lookup) nonempty +# notify recips if $warnvirusrecip and (recipient is local or $warn_offsite) +# add address extensions for local recipients (when enabled) +# send (non-)delivery notifications +# to sender if DSN needed (BOUNCE or ($warnvirussender and D_PASS)) +# virus_lovers or final_destiny==D_PASS ==> PASS +# DISCARD (2xx) or REJECT (5xx) (depending on final_*_destiny) +# +# Equivalent flow diagram applies for spam checks. +# If a virus is detected, spam checking is skipped entirely. + +# The following symbolic constants can be used in *_destiny settings: +# +# D_PASS mail will pass to recipients, regardless of bad contents; +# +# D_DISCARD mail will not be delivered to its recipients, sender will NOT be +# notified. Effectively we lose mail (but will be quarantined +# unless disabled). Losing mail is not decent for a mailer, +# but might be desired. +# +# D_BOUNCE mail will not be delivered to its recipients, a non-delivery +# notification (bounce) will be sent to the sender by amavisd-new; +# Exception: bounce (DSN) will not be sent if a virus name matches +# @@viruses_that_fake_sender_maps, or to messages from mailing lists +# (Precedence: bulk|list|junk), or for spam level that exceeds +# the $sa_dsn_cutoff_level. +# +# D_REJECT mail will not be delivered to its recipients, sender should +# preferably get a reject, e.g. SMTP permanent reject response +# (e.g. with milter), or non-delivery notification from MTA +# (e.g. Postfix). If this is not possible (e.g. different recipients +# have different tolerances to bad mail contents and not using LMTP) +# amavisd-new sends a bounce by itself (same as D_BOUNCE). +# Not to be used with Postfix or dual-MTA setups! +# +# Notes: +# D_REJECT and D_BOUNCE are similar, the difference is in who is responsible +# for informing the sender about non-delivery, and how informative +# the notification can be (amavisd-new knows more than MTA); +# With D_REJECT, MTA may reject original SMTP, or send DSN (delivery status +# notification, colloquially called 'bounce') - depending on MTA; +# Best suited for sendmail milter and Courier, especially for spam. +# With D_BOUNCE, amavisd-new (not MTA) sends DSN (can better explain the +# reason for mail non-delivery or even suppress DSN, but unable +# to reject the original SMTP session). Best suited to reporting +# viruses, and for Postfix and other dual-MTA setups, which can't +# reject original client SMTP session, as the mail has already +# been enqueued. + +# Alternatives to consider for spam: +# - use D_PASS if clients will do filtering based on inserted +# mail headers or added address extensions ('plus-addressing'); +# - use D_DISCARD, if kill_level is set comfortably high; +# +# D_BOUNCE is preferred for viruses, but consider: +# - use D_PASS (or virus_lovers) to deliver viruses; +# - use D_REJECT instead of D_BOUNCE if using Courier or milter and under heavy +# virus storm; + + +# The use of new *_by_ccat hashes is illustrated by the following examples +# on configuring final_*_destiny. + + +# using traditional settings of $final_*_destiny variables, relying on a +# default setting of an associative array %final_destiny_by_ccat which is +# backwards compatible and contains references to these traditional variables: +# +$final_virus_destiny = D_REJECT; # (defaults to D_DISCARD) +$final_banned_destiny = D_REJECT; # (defaults to D_BOUNCE) +$final_spam_destiny = D_REJECT; # (defaults to D_BOUNCE) +$final_bad_header_destiny = D_PASS; # (defaults to D_PASS) + +######## +# +# Please think about what you are doing when you set these options. +# If necessary, question your origanization's e-mail policies: +# +# D_BOUNCE contributes to the overall spread of virii and spam on the +# internet. Both the envelope and header from addresses can be forged +# accurately with no effort, causing the bounces to go to innocent parties, +# whose addresses have been forged. +# +# D_DISCARD breaks internet mail specifications. However, with a +# properly implemented Quaratine system, the concern for breaking the +# specification is addressed to some extent. +# +# D_PASS is the safest way to handle e-mails. You must implement +# client-side filtering to handle this method. +# +# -Cory Visi 07/28/04 +# +####### + +# to explicitly list all (or most) possible contents category (ccat) keys: +%final_destiny_by_ccat = ( + CC_VIRUS, D_DISCARD, + CC_BANNED, D_BOUNCE, + CC_UNCHECKED, D_PASS, + CC_SPAM, D_DISCARD, + CC_BADH, D_PASS, + CC_OVERSIZED, D_BOUNCE, + CC_CLEAN, D_PASS, + CC_CATCHALL, D_PASS, +); + +# to rely on a catchall ccat key and only list exceptions (alternative 1): +#%final_destiny_by_ccat = ( +# CC_VIRUS, D_DISCARD, +# CC_BANNED, D_BOUNCE, +# CC_SPAM, D_BOUNCE, +# CC_BADH.',4', D_BOUNCE, # BadHdrSpace +# CC_BADH.',3', D_BOUNCE, # BadHdrChar +# CC_OVERSIZED, D_BOUNCE, +# CC_CATCHALL, D_PASS, +#); + +# to rely on a catchall ccat key and list exceptions (alternative 2): +#%final_destiny_by_ccat = ( +# CC_VIRUS, D_DISCARD, +# CC_UNCHECKED, D_PASS, +# CC_BADH.',6', D_PASS, # BadHdrSyntax +# CC_BADH.',5', D_PASS, # BadHdrLong +# CC_BADH.',2', D_PASS, # BadHdr8bit +# CC_BADH.',1', D_PASS, # BadHdrMime +# CC_CLEAN, D_PASS, +# CC_CATCHALL, D_BOUNCE, +#); + +# to rely on a catchall ccat key and list exceptions (alternative 3): +#%final_destiny_by_ccat = ( +# CC_VIRUS, D_DISCARD, +# CC_UNCHECKED, D_PASS, +# CC_BADH.',4', D_BOUNCE, # BadHdrSpace +# CC_BADH.',3', D_BOUNCE, # BadHdrChar +# CC_BADH, D_PASS, # sub-catchall for CC_BADH +# CC_CLEAN, D_PASS, +# CC_CATCHALL, D_BOUNCE, +#); + +# to rely on a default %final_destiny_by_ccat and only change few settings: +#$final_destiny_by_ccat{+CC_SPAM} = D_PASS; +#$final_destiny_by_ccat{+CC_BADH} = D_BOUNCE; +#$final_destiny_by_ccat{+CC_BADH.',2'} = D_PASS; # BadHdr8bit + + + +# For monitoring / testing purposes let the administrator receive a copy +# of certain delivery status notifications that are mailed back to senders: +# +#%dsn_bcc_by_ccat = ( +# CC_BANNED, undef, +# CC_SPAM, undef, +# CC_BADH, undef, +# CC_CATCHALL, 'admin+test@@example.com', +#); +# +# or use a simpler form, taking advantage of defaults in %dsn_bcc_by_ccat: +#$dsn_bcc = 'admin+test@@example.com'; + + +# The following $warn*sender settings are ONLY used when mail is +# actually passed to recipients ($final_*_destiny=D_PASS, or *_lovers*). +# Bounces or rejects produce non-delivery status notification regardless. +# +# Notify sender of syntactically invalid header containing non-ASCII chars? +#$warnbadhsender = 1; # (defaults to false (undef)) + +# Notify virus (or banned files or bad headers) RECIPIENT? +# (not very useful, but some policies demand it) +#$warnvirusrecip = 1; # (defaults to false (undef)) +#$warnbannedrecip = 1; # (defaults to false (undef)) +#$warnbadhrecip = 1; # (defaults to false (undef)) + +# Notify also non-local virus/banned recipients if $warn*recip is true? +# (including those not matching local_domains*) +#$warn_offsite = 1; # (defaults to false (undef), i.e. only notify locals) + + +# Treat envelope sender address as unreliable and don't send sender +# notification / bounces if name(s) of detected virus(es) match the list. +# Note that virus names are supplied by external virus scanner(s) and are +# not standardized, so virus names may need to be adjusted. +# See README.lookups for syntax, check also README.policy-on-notifications. +# If the intention is to treat all viruses as faking the sender address, it +# is equivalent but more efficient to just set $final_virus_destiny=D_DISCARD; +# +@@viruses_that_fake_sender_maps = (new_RE( + qr'nimda|hybris|klez|bugbear|yaha|braid|sobig|fizzer|palyh|peido|holar'i, + qr'tanatos|lentin|bridex|mimail|trojan\.dropper|dumaru|parite|spaces'i, + qr'dloader|galil|gibe|swen|netwatch|bics|sbrowse|sober|rox|val(hal)?la'i, + qr'frethem|sircam|be?agle|tanx|mydoom|novarg|shimg|netsky|somefool|moodown'i, + qr'@@mm|@@MM', # mass mailing viruses as labeled by f-prot and uvscan + qr'Worm'i, # worms as labeled by ClamAV, Kaspersky, etc +# [qr'^(EICAR|Joke\.|Junk\.)'i => 0], +# [qr'^(WM97|OF97|W95/CIH-|JS/Fort)'i => 0], + [qr/^/ => 1], # true by default (remove or comment-out if undesired) +)); + +# where to send ADMIN VIRUS NOTIFICATIONS (should be a fully qualified address) +# - the administrator envelope address may be a simple fixed e-mail address +# (a scalar), or may depend on the RECIPIENT address (e.g. its domain). +# +# Empty or undef lookup disables virus admin notifications. + +# The full set of configurable administrator addresses is: +# @@virus_admin_maps ... notifications to admin about viruses +# @@newvirus_admin_maps ... newly encountered viruses since amavisd startup +# @@spam_admin_maps ... notifications to admin about spam +# @@banned_admin_maps ... notifications to admin about banned contents +# @@bad_header_admin_maps ... notifications to admin about bad headers + +$virus_admin = "virusalert\@@$mydomain"; +# $virus_admin = 'virus-admin@@example.com'; +# $virus_admin = undef; # do not send virus admin notifications (default) +# +#@@virus_admin_maps = ( # by-recipient maps +# {'not.example.com' => '', +# '.' => 'virusalert@@example.com'}, +# $virus_admin, # the usual default +#); + +# equivalent to $virus_admin, but for spam admin notifications: +# $spam_admin = "spamalert\@@$mydomain"; +# $spam_admin = undef; # do not send spam admin notifications (default) +#@@spam_admin_maps = ( # by-recipient maps +# {'not.example.com' => '', +# '.' => 'spamalert@@example.com'}, +# $spam_admin, # the usual default +#); + +# receive a copy of all delivery status notifications sent; +# useful for testing or monitoring +#$dsn_bcc = "mailadmin\@@$mydomain"; + +#advanced example, using a hash lookup table and a scalar default, +#lookup key is a recipient envelope address: +#@@virus_admin_maps = ( # by-recipient maps +# { 'baduser@@sub1.example.com' => 'HisBoss@@sub1.example.com', +# '.sub1.example.com' => 'virusalert@@sub1.example.com', +# '.sub2.example.com' => '', # don't send admin notifications +# 'a.sub3.example.com' => 'abuse@@sub3.example.com', +# '.sub3.example.com' => 'virusalert@@sub3.example.com', +# '.example.com' => 'noc@@example.com', # default for our virus senders +# }, +# 'virusalert@@hq.example.com', # catchall for the rest +#); + +# sender envelope address, from which notification reports are sent from; +# may be a null reverse path, or a fully qualified address: +# (admin and recip sender addresses default to a null return path). +# If using strings in double quotes, don't forget to quote @@, i.e. \@@ +# +$mailfrom_notify_admin = "virusalert\@@$mydomain"; +$mailfrom_notify_recip = "virusalert\@@$mydomain"; +$mailfrom_notify_spamadmin = "spam.police\@@$mydomain"; + +# 'From' HEADER FIELD for sender and admin notifications. +# This should be a replyable address, see rfc1894. Not to be confused +# with $mailfrom_notify_sender, which is the envelope return address +# and can be empty (null reverse path) according to rfc2821. +# +# The syntax of the 'From' header field is specified in rfc2822, section +# '3.4. Address Specification'. Note in particular that display-name must be +# a quoted-string if it contains any special characters like spaces and dots. +# +# $hdrfrom_notify_sender = "amavisd-new "; +# $hdrfrom_notify_sender = 'amavisd-new '; +# $hdrfrom_notify_sender = '"Content-Filter Master" '; +# $hdrfrom_notify_admin = $mailfrom_notify_admin; +# $hdrfrom_notify_spamadmin = $mailfrom_notify_spamadmin; +# (default: "\"Content-filter at $myhostname\" ") + +# whom quarantined messages appear to be sent from (envelope sender); +# keeps original sender if undef, or set it explicitly, default is undef +$mailfrom_to_quarantine = ''; # override sender address with null return path + + +# Location to put infected mail into: (applies to 'local:' quarantine method) +# empty for not quarantining, may be a file (Unix-style mailbox), +# or a directory (no trailing slash) +# (the default value is undef, meaning no quarantine) +# +$QUARANTINEDIR = "$MYHOME/quarantine"; + +#$quarantine_subdir_levels = 1; # add level of subdirs to disperse quarantine + +#$clean_quarantine_method = 'local:clean-%m'; # disabled by default +#$virus_quarantine_method = 'local:virus-%m'; # default +#$spam_quarantine_method = 'local:spam-%m.gz'; # default +#$banned_files_quarantine_method = 'local:banned-%m'; # default +#$bad_header_quarantine_method = 'local:badh-%m'; # default + +# Separate quarantine subdirectories virus, spam, banned and badh within +# the directory $QUARANTINEDIR may be specified by the following settings +# (the subdirectories need to exist - must be created manually): +#$clean_quarantine_method = 'local:clean/%m'; +#$virus_quarantine_method = 'local:virus/%m'; +#$spam_quarantine_method = 'local:spam/%m.gz'; +#$banned_files_quarantine_method = 'local:banned/%m'; +#$bad_header_quarantine_method = 'local:badh/%m'; +# +#use the 'bsmtp:' method as an alternative to the default 'local:' +#$virus_quarantine_method = "bsmtp:$QUARANTINEDIR/virus-%m.bsmtp"; +#$spam_quarantine_method = "bsmtp:$QUARANTINEDIR/spam-%m.bsmtp"; +# +#using the 'pipe:' method might be useful for some special purpose: +#$mailfrom_to_quarantine = undef; # pass on the original sender address +#$spam_quarantine_method = 'pipe:argv=/usr/bin/myscript.sh spam-%b ${sender}'; +# +#using the 'sql:' method to store quarantined message to a SQL database: +#$virus_quarantine_method = $spam_quarantine_method = +# $banned_files_quarantine_method = $bad_header_quarantine_method = 'sql:'; + +# Send copy of every mail to an archival mail address: +#$archive_quarantine_method = $notify_method; +#@@archive_quarantine_to_maps = ( 'collector@@example.com' ); + + +# When using the 'local:' quarantine method (default), the following applies: +# +# A finer control of quarantining is available through +# variables $virus_quarantine_method/$spam_quarantine_method/ +# $banned_files_quarantine_method/$bad_header_quarantine_method. +# +# The value of scalar $virus_quarantine_to/$spam_quarantine_to (or a +# per-recipient lookup result from lookup tables @@virus_quarantine_to_maps) +# is/are interpreted as follows: +# +# VARIANT 1: +# empty or undef disables quarantine; +# +# VARIANT 2: +# a string NOT containing an '@@'; +# amavisd will behave as a local delivery agent (LDA) and will quarantine +# viruses to local files according to hash %local_delivery_aliases (pseudo +# aliases map) - see subroutine mail_to_local_mailbox() for details. +# Some of the predefined aliases are 'virus-quarantine' and 'spam-quarantine'. +# Setting $virus_quarantine_to ($spam_quarantine_to) to this string will: +# +# * if $QUARANTINEDIR is a directory, each quarantined virus will go +# to a separate file in the $QUARANTINEDIR directory (traditional +# amavis style, similar to maildir mailbox format); +# +# * otherwise $QUARANTINEDIR is treated as a file name of a Unix-style +# mailbox. All quarantined messages will be appended to this file. +# Amavisd child process must obtain an exclusive lock on the file during +# delivery, so this may be less efficient than using individual files +# or forwarding to MTA, and it may not work across NFS or other non-local +# file systems (but may be handy for pickup of quarantined files via IMAP +# for example); +# +# VARIANT 3: +# any email address (must contain '@@'). +# The e-mail messages to be quarantined will be handed to MTA +# for delivery to the specified address. If a recipient address local to MTA +# is desired, you may leave the domain part empty, e.g. 'infected@@', but the +# '@@' character must nevertheless be included to distinguish it from variant 2. +# +# This variant enables more refined delivery control made available by MTA +# (e.g. its aliases file, other local delivery agents, dealing with +# privileges and file locking when delivering to user's mailbox, nonlocal +# delivery and forwarding, fan-out lists). Make sure the mail-to-be-quarantined +# will not be handed back to amavisd for checking, as this will cause a loop +# (hopefully broken at some stage)! If this can be assured, notifications +# will benefit too from not being unnecessarily virus-scanned. +# +# By default this is safe to do with Postfix and Exim v4 and dual-sendmail +# setup, but probably not safe with sendmail milter interface without tricks. + +# (default values are: virus-quarantine, banned-quarantine, spam-quarantine) + +$virus_quarantine_to = 'virus-quarantine'; # traditional local quarantine +#$virus_quarantine_to = 'infected@@'; # forward to MTA for delivery +#$virus_quarantine_to = "virus-quarantine\@@$mydomain"; # similar +#$virus_quarantine_to = 'virus-quarantine@@example.com'; # similar +#$virus_quarantine_to = undef; # no quarantine +# +# lookup key is envelope recipient address: +#@@virus_quarantine_to_maps = ( # per-recip multiple quarantines +# new_RE( [qr'^user@@example\.com$'i => 'infected@@'], +# [qr'^(.*)@@example\.com$'i => 'virus-${1}@@example.com'], +# [qr'^(.*)(@@[^@@])?$'i => 'virus-${1}${2}'] ), +# $virus_quarantine_to, # the usual default +#); + +# similar for banned names and bad headers and spam (set to undef to disable) +$banned_quarantine_to = 'banned-quarantine'; # local quarantine +$bad_header_quarantine_to = 'bad-header-quarantine'; # local quarantine +$spam_quarantine_to = 'spam-quarantine'; # local quarantine + +# or to a mailbox: +#$spam_quarantine_to = "spam-quarantine\@@$mydomain"; +# +#@@spam_quarantine_to_maps = ( # per-recip quarantines +# new_RE( [qr'^(.*)@@example\.com$'i => 'spam-${1}@@example.com'] ), +# $spam_quarantine_to, # the usual default +#); + + +# In addition to per-recip quarantine, a by-sender lookup is possible. +# It is similar to $spam_quarantine_to, but the lookup key is the +# envelope sender address: +#$spam_quarantine_bysender_to = undef; # dflt: no by-sender spam quarantine + + +# Spam level beyond which quarantining is disabled (global value): +#$sa_quarantine_cutoff_level = 20; # dflt: undef, which disables this feature + +#@@spam_quarantine_cutoff_level_maps = ( # per-recip. quarantine cutoff levels +# { 'user1@@example.com' => 20.5, +# 'postmaster@@example.com' => 9999, +# '.example.com' => 25 }, +# \$sa_quarantine_cutoff_level, # catchall default +#); + + +# Add X-Virus-Scanned header field to mail? +$X_HEADER_TAG = 'X-Virus-Scanned'; # (default: 'X-Virus-Scanned') + +# Set to empty to add no header field # (dflt "$myproduct_name at $mydomain") +# $X_HEADER_LINE = "$myproduct_name at $mydomain"; +# $X_HEADER_LINE = "by $myproduct_name using ClamAV at $mydomain"; +# $X_HEADER_LINE = "$myproduct_name $myversion_id ($myversion_date) at $mydomain"; + +# a string to prepend to Subject (for local recipients only) if mail could +# not be decoded or checked entirely, e.g. due to password-protected archives +$undecipherable_subject_tag = '***UNCHECKED*** '; # undef disables it + +# MIME defanging wraps the entire original mail in a MIME container of type +# 'Content-type: multipart/mixed', where the first part is a text/plain with +# a short explanation, and the second part is a complete original mail, +# enclosed in a 'Content-type: message/rfc822' MIME part. +# Defanging is only done when enabled (selectively by malware type), +# and mail is considered malware (virus/spam/...), and the malware is allowed +# to pass (*_lovers or *_destiny=D_PASS) +# +$defang_virus = 1; # default is false: don't modify mail body +$defang_banned = 1; # default is false: don't modify mail body +# $defang_bad_header = 1; # default is false: don't modify mail body +# $defang_undecipherable = 1; # default is false: don't modify mail body +# $defang_spam = 1; # default is false: don't modify mail body + +# NOTE: setting the following variables to true may break mail signatures +# (DKIM and DomainKeys) when verification is done after content filtering: +# $remove_existing_x_scanned_headers, $remove_existing_x_scanned_headers, +# and $allow_fixing_improper_header_folding (and defanging, described +# elsewhere). This is rarely an issue, as mail signing should be done +# after content filtering, and mail verification should preferably be done +# before filtering or by SpamAssassin called from within amavisd, which +# sees still-unmodified mail. +# +$remove_existing_x_scanned_headers = 0; # leave existing X-Virus-Scanned alone + # (defaults to false) +#$remove_existing_x_scanned_headers= 1; # remove existing X-Virus-Scanned +#$remove_existing_spam_headers = 0; # leave existing X-Spam* headers alone +$remove_existing_spam_headers = 1; # remove existing spam headers if + # spam scanning is enabled (default) +#$allow_fixing_improper_header_folding = 1; # (default is true) + +# set $bypass_decode_parts to true if you only do spam scanning, or if you +# have a good virus scanner that can deal with compression and recursively +# unpacking archives by itself, and save amavisd the trouble. +# Disabling decoding also causes banned_files checking NOT to see MIME types +# and content classification types as provided by the file(1) utility. +# It is a double-edged sword, make sure you know what you are doing! +# +#$bypass_decode_parts = 1; # (defaults to false) + +# don't trust this file type or corresponding unpacker for this file type, +# keep both the original and the unpacked file for a virus checker to see +# (lookup key is what file(1) utility returned): +# +@@keep_decoded_original_maps = (new_RE( +# qr'^MAIL$', # retain full original message for virus checking (can be slow) + qr'^MAIL-UNDECIPHERABLE$', # retain full mail if it contains undecipherables + qr'^(ASCII(?! cpio)|text|uuencoded|xxencoded|binhex)'i, +# qr'^Zip archive data', # don't trust Archive::Zip +)); + + +# Checking for banned MIME types and names. If any mail part matches, +# the whole mail is rejected. Object $banned_filename_re provides a list +# of Perl regular expressions to be matched against each part's: +# +# * Content-Type value (both declared and effective mime-type), +# such as the possible security-risk content types +# 'message/partial' and 'message/external-body', as specified in rfc2046 +# or 'application/x-msdownload' and 'application/x-msdos-program'; +# +# * declared (recommended) file names as specified by MIME subfields +# Content-Disposition.filename and Content-Type.name, both in their +# raw (encoded) form and in rfc2047-decoded form if applicable +# as well as (recommended) file names specified in archives; +# +# * file content type as guessed by 'file(1)' utility, mapped +# (by @@map_full_type_to_short_type_maps) into short type names such as +# .asc, .txt, .html, .doc, .jpg, .pdf, .zip, .exe-ms, ..., which always +# starts with a dot. These short types are available unless +# $bypass_decode_parts is true. +# +# All nodes (mail parts) of the fully recursively decoded mail and embedded +# archives are checked, each node independently from remaining nodes. +# +# For each node all its ancestor nodes including itself are checked against +# $banned_filename_re lookup list, top-down. The search for a node stops +# at the first match, the right-hand side of the matching key determines +# the result (true or false, absent right-hand side implies true, as explained +# in README.lookups). +# +# Although repeatedly re-checking ancestor nodes may seem excessive, it gives +# the opportunity to specify rules which make a particular node hide its +# descendents, e.g. allow any name or file type within a .zip, even though +# .exe files may otherwise not be allowed. +# +# Leave $banned_filename_re undefined to disable these checks +# (giving an empty list to new_RE() will also always return false) + +# for $banned_namepath_re (a new-style of banned table) see amavisd.conf-sample + +$banned_filename_re = new_RE( + +### BLOCKED ANYWHERE +# qr'^UNDECIPHERABLE$', # is or contains any undecipherable components + qr'^\.(exe-ms|dll)$', # banned file(1) types, rudimentary +# qr'^\.(exe|lha|tnef|cab|dll)$', # banned file(1) types + +### BLOCK THE FOLLOWING, EXCEPT WITHIN UNIX ARCHIVES: +# [ qr'^\.(gz|bz2)$' => 0 ], # allow any in gzip or bzip2 + [ qr'^\.(rpm|cpio|tar)$' => 0 ], # allow any in Unix-type archives + + qr'.\.(pif|scr)$'i, # banned extensions - rudimentary +# qr'^\.zip$', # block zip type + +### BLOCK THE FOLLOWING, EXCEPT WITHIN ARCHIVES: +# [ qr'^\.(zip|rar|arc|arj|zoo)$'=> 0 ], # allow any within these archives + + qr'^application/x-msdownload$'i, # block these MIME types + qr'^application/x-msdos-program$'i, + qr'^application/hta$'i, + +# qr'^message/partial$'i, # rfc2046 MIME type +# qr'^message/external-body$'i, # rfc2046 MIME type + +# qr'^(application/x-msmetafile|image/x-wmf)$'i, # Windows Metafile MIME type +# qr'^\.wmf$', # Windows Metafile file(1) type + + # block certain double extensions in filenames + qr'\.[^./]*[A-Za-z][^./]*\.\s*(exe|vbs|pif|scr|bat|cmd|com|cpl|dll)[.\s]*$'i, + +# qr'\{[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12}\}?'i, # Class ID CLSID, strict +# qr'\{[0-9a-z]{4,}(-[0-9a-z]{4,}){0,7}\}?'i, # Class ID extension CLSID, loose + + qr'.\.(exe|vbs|pif|scr|cpl)$'i, # banned extension - basic +# qr'.\.(exe|vbs|pif|scr|cpl|bat|cmd|com)$'i, # banned extension - basic+cmd +# qr'.\.(ade|adp|app|bas|bat|chm|cmd|com|cpl|crt|emf|exe|fxp|grp|hlp|hta| +# inf|ins|isp|js|jse|lnk|mda|mdb|mde|mdw|mdt|mdz|msc|msi|msp|mst| +# ops|pcd|pif|prg|reg|scr|sct|shb|shs|vb|vbe|vbs| +# wmf|wsc|wsf|wsh)$'ix, # banned ext - long +# qr'.\.(ani|cur|ico)$'i, # banned cursors and icons filename +# qr'^\.ani$', # banned animated cursor file(1) type + +# qr'.\.(mim|b64|bhx|hqx|xxe|uu|uue)$'i, # banned extension - WinZip vulnerab. +); +# See http://support.microsoft.com/default.aspx?scid=kb;EN-US;q262631 +# and http://www.cknow.com/vtutor/vtextensions.htm + +# A little trick: a pattern qr'\.exe$' matches both a short type name '.exe', +# as well as any file name which happens to end with .exe. If only matching +# a file name is desired, but not the short type, a pattern qr'.\.exe$'i +# or similar may be used, which requires that at least one character precedes +# the '.exe', and so it will never match short file types which always start +# with a dot. + + +# the syntax of these Perl regular expressions is a bit awkward if not +# familiar with them, so please do follow examples and stick to the idioms: +# \A ... at the beginning of the first component +# \z ... at the end of the the last (leaf) component +# ^ ... at the beginning of each component in the path +# $ ... at the end of each component in the path +# (.*\t)? ... at the beginning of a field +# (\t.*)? ... at the end of a field +# \t(.*\t)* ... separating fields +# [^\t\n] ... any single character, but don't escape from this field +# (.*\n)+ ... one or more levels down +# (?#...) ... a comment within a regexp + +# new-style of banned lookup table +$banned_namepath_re = new_RE( + +### BLOCKED ANYWHERE + + qr'(?# BLOCK Microsoft EXECUTABLES and DLL ) + ^ (.*\t)? T=(exe-ms|dll) (\t.*)? $'xm, # banned file(1) types, rudimentary + +# qr'(?# BLOCK ANY EXECUTABLE ) +# ^ (.*\t)? T=exe (\t.*)? $'xm, # banned file(1) type + +# qr'(?# BLOCK THESE TYPES ) +# ^ (.*\t)? T=(exe|lha|tnef|cab|dll) (\t.*)? $'xm, # banned file(1) types + + +### BLOCK THE FOLLOWING, EXCEPT WITHIN UNIX ARCHIVES: + +# # within traditional gzip and bzip2 allow any name and type +# [ qr'(?#rule-3) ^ (.*\t)? T=(gz|bz2) (\t.*)? $'xmi => 0 ], # allow + + # within traditional Unix archives allow any name and type + [ qr'(?#rule-4) ^ (.*\t)? T=(tar|rpm|cpio) (\t.*)? $'xmi => 0 ], # allow + + # banned filename extensions (in declared names) anywhere - rudimentary + qr'(?# BLOCK COMMON NAME EXENSIONS ) + ^ (.*\t)? N= [^\t\n]* \. (pif|scr) (\t.*)? $'xmi, + +# # block anything within a zip +# qr'(?#rule-5) ^ (.*\t)? T=zip (\t.*)? (.*\n)+ .* $'xmi, + + +### BLOCK THE FOLLOWING, EXCEPT WITHIN ARCHIVES OR CRYPTED: + +# # within PC archives allow any types or names at any depth +# [ qr'(?#rule-7) ^ (.*\t)? T=(zip|rar|arc|arj|zoo) (\t.*)? $'xmi => 0 ], # ok + +# # within certain archives allow leaf members at any depth if crypted +# [ qr'(?# ALLOW ENCRYPTED ) +# ^ (.*\t)? T=(zip|rar|arj) (.*\n)+ (.*\t)? A=C (\t.*)? \z'xmi => 0 ], + +# # allow crypted leaf members regardless of their name or type +# [ qr'(?# ALLOW IF ENCRYPTED ) ^ (.*\t)? A=C (\t.*)? \z'xmi => 0 ], + + # block these MIME types + qr'(?#NO X-MSDOWNLOAD) ^(.*\t)? M=application/x-msdownload (\t.*)? $'xmi, + qr'(?#NO X-MSDOS-PROGRAM)^(.*\t)? M=application/x-msdos-program(\t.*)? $'xmi, + qr'(?#NO HTA) ^(.*\t)? M=application/hta (\t.*)? $'xmi, + +# # block rfc2046 MIME types +# qr'(?# BLOCK RFC2046 ) ^ (.*\t)? M=message/partial (\t.*)? $'xmi, +# qr'(?# BLOCK RFC2046 ) ^ (.*\t)? M=message/external-body (\t.*)? $'xmi, + +# qr'(?#No Metafile MIME) ^(.*\t)? M=application/x-msmetafile (\t.*)? $'xmi, +# qr'(?#No Metafile MIME) ^(.*\t)? M=image/x-wmf (\t.*)? $'xmi, +# qr'(?#No Metafile file) ^(.*\t)? T=wmf (\t.*)? $'xm, +# qr'(?#No animated cursors) ^(.*\t)? T=ani (\t.*)? $'xm, + + # block certain double extensions in filenames + qr'(?# BLOCK DOUBLE-EXTENSIONS ) + ^ (.*\t)? N= [^\t\n]* \. [^./\t\n]* [A-Za-z] [^./\t\n]* \. \ * + (exe|vbs|pif|scr|bat|cmd|com|cpl|dll) [. ]* (\t.*)? $'xmi, + + [ qr'(?# BLOCK EMPTY MIME PART APPLICATION/OCTET-STREAM ) + ^ (.*\t)? M=application/(octet-stream|x-msdownload|x-msdos-program) + \t(.*\t)* T=empty (\t.*)? $'xmi + => 'DISCARD' ], + +# [ qr'(?# BLOCK EMPTY MIME PARTS ) +# ^ (.*\t)? M= [^\t\n]+ \t(.*\t)* T=empty (\t.*)? $'xmi => 'DISCARD' ], + +# # block Class ID (CLSID) extensions in filenames, strict +# qr'(?# BLOCK CLSID-EXTENSIONS ) +# ^ (.*\t)? N= [^\t\n]* \{[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12}\}? +# [^\t\n]* (\t.*)? $'xmi, + +# # banned suggested names with three or more consecutive spaces +# qr'(?# BLOCK NAMES WITH SPACES ) +# ^ (.*\t)? N= [^\t\n]* [ ]{3,} 'xmi, + +# # block if any component can not be decoded (is encrypted or bad archive) +# qr'(?# BLOCK IF UNDECIPHERABLE ) ^ (.*\t)? A=U (\t.*)? \z'xmi, + +# [ qr'(?# SPECIAL ALLOWANCES - MAGIC NAMES) +# \A (.*\t)? T=(rpm|cpio|tar|zip|rar|arc|arj|zoo|Z|gz|bz2) +# \t(.*\t)* N=example\d+[^\t\n]* +# (\t.*)? $'xmi => 0 ], + + # banned filename extensions (in suggested names) anywhere - basic + qr'(?# BLOCK COMMON NAME EXENSIONS ) + ^ (.*\t)? N= [^\t\n]* \. (exe|vbs|pif|scr|cpl) (\t.*)? $'xmi, + +# # banned filename extensions (in suggested names) anywhere - basic+cmd +# qr'(?# BLOCK COMMON NAME EXENSIONS ) +# ^ (.*\t)? N= [^\t\n]* \. (exe|vbs|pif|scr|cpl|bat|cmd|com) (\t.*)? $'xmi, + +# # banned filename extensions (in suggested names) anywhere - long +# qr'(?# BLOCK MORE NAME EXTENSIONS ) +# ^ (.*\t)? N= [^\t\n]* \. ( +# ade|adp|app|bas|bat|chm|cmd|com|cpl|crt|emf|exe|fxp|grp|hlp|hta| +# inf|ins|isp|js|jse|lnk|mda|mdb|mde|mdw|mdt|mdz|msc|msi|msp|mst| +# ops|pcd|pif|prg|reg|scr|sct|shb|shs|vb|vbe|vbs| +# wmf|wsc|wsf|wsh) (\t.*)? $'xmi, + +# qr'(?# BLOCK CURSOR AND ICON NAME EXENSIONS ) +# ^ (.*\t)? N= [^\t\n]* \. (ani|cur|ico) (\t.*)? $'xmi, + +# # banned filename extensions anywhere - WinZip vulnerability (pre-V9) +# qr'(?# BLOCK WinZip VULNERABILITY EXENSIONS ) +# ^ (.*\t)? N= [^\t\n]* \. (mim|b64|bhx|hqx|xxe|uu|uue) (\t.*)? $'xmi, + +); + +# use old or new style of banned lookup table; not both to avoid confusion +# +# @@banned_filename_maps = (); # to disable old-style + $banned_namepath_re = undef; # to disable new-style + + +%banned_rules = ( + 'MYNETS-DEFAULT' => new_RE( # permissive set of rules for internal hosts + [ qr'^\.(rpm|cpio|tar)$' => 0 ], # allow any name/type in Unix archives + qr'.\.(vbs|pif|scr)$'i, # banned extension - rudimentary + ), + 'DEFAULT' => $banned_filename_re, +); + + +# +# Section V - Per-recipient and per-sender handling, whitelisting, etc. +# + +# @@virus_lovers_maps list of lookup tables: +# (this should be considered a policy option, is does not disable checks, +# see bypass*checks for that!) +# +# Exclude certain RECIPIENTS from virus filtering by adding their (lower-cased) +# envelope e-mail address (or domain only) to one of the lookup tables in +# the @@virus_lovers_maps list - see README.lookups and examples. +# Make sure the appropriate form (e.g. external/internal) of address +# is used in case of virtual domains, or when mapping external to internal +# addresses, etc. - this is MTA-specific. +# +# Notifications would still be generated however (see the overall +# picture above), and infected mail (if passed) gets additional header: +# X-AMaViS-Alert: INFECTED, message contains virus: ... +# (header not inserted with Courier or milter interface!) +# +# Setting $final_*_destiny=D_PASS is functionally equivalent to having +# all recipients match the @@*_lovers_maps. +# +# NOTE (milter interface only): in case of multiple recipients, +# it is only possible to drop or accept the message in its entirety - for all +# recipients. If all of them are virus lovers, we'll accept mail, but if +# at least one recipient is not a virus lover, we'll discard the message. + + +# @@bypass_virus_checks_maps list of lookup tables: +# (this is mainly a time-saving option, unlike virus_lovers* !) +# +# Similar in concept to @@virus_lovers_maps, a @@bypass_virus_checks_maps +# is used to skip entirely the decoding, unpacking and virus checking, +# but only if ALL recipients match the lookup. +# +# @@bypass_virus_checks_maps does NOT GUARANTEE the message will NOT be checked +# for viruses - this may still happen when there is more than one recipient +# for a message and not all of them match these lookup tables, or when +# check result was cached (i.e. the same contents was recently sent to other +# recipients). To guarantee virus delivery, a recipient must also match +# @@virus_lovers_maps lookups (but see milter limitations above), +# +# The following table summarizes the possible combinations: +# bypass lover +# 0 0 useful, check for malware and block it +# 0 1 useful, check but deliver nevertheless, possibly tagged +# 1 0 not too useful, free riding on cached or other-people's checks +# 1 1 useful, no checks if possible, and no effects + +# NOTE: it would not be clever to base enabling of virus checks on SENDER +# address, since there are no guarantees that it is genuine. Many viruses +# and spam messages fake sender address. To achieve selective filtering +# based on the source of the mail (e.g. IP address, MTA port number, ...), +# use mechanisms provided by MTA if available, possibly combined with policy +# banks feature. + +# Similar to lists of lookup tables controlling virus checking, there are +# counterparts for spam scanning, banned names/types, and headers_checks +# control: +# @@spam_lovers_maps, +# @@banned_files_lovers_maps, +# @@bad_header_lovers_maps +# and: +# @@bypass_spam_checks_maps, +# @@bypass_banned_checks_maps, +# @@bypass_header_checks_maps + +# Example: +# @@bypass_header_checks_maps = ( [qw( user@@example.com )] ); +# @@bad_header_lovers_maps = ( [qw( user@@example.com )] ); + +# The following example disables spam checking altogether, +# since it matches any recipient e-mail address. +# @@bypass_spam_checks_maps = (1); + + +# See README.lookups for further detail, and examples below. + +# In the following example a list of lookup tables @@virus_lovers_maps +# contains three elements, the first is a reference to an ACL lookup table +# (brackets in Perl indicate a ref to a list), the second is a reference +# to a hash lookup table (curly braces in Perl indicate a ref to a hash), +# the third is a regexp lookup table, indicated by the type of object +# created by new_RE() : +# +#@@virus_lovers_maps = ( +# [ qw( me@@lab.xxx.com !lab.xxx.com .xxx.com yyy.org ) ], +# { "postmaster\@@$mydomain" => 1, # double quotes permit variable evaluation +# 'postmaster@@example.com'=> 1, # in single quotes the '@@' need not be quoted +# 'abuse@@example.com'=> 1, +# 'some.user@@' => 1, # this recipient, regardless of domain +# 'boss@@example.com' => 0, # never, even if domain matches +# 'example.com' => 1, # this domain, but not its subdomains +# '.example.com' => 1, # this domain, including its subdomains +# }, +# new_RE( qr'^(helpdesk|postmaster)@@example\.com$'i ), +#); + +#@@spam_lovers_maps = ( +# ["postmaster\@@$mydomain", 'postmaster@@example.com', 'abuse@@example.com'], +#); + +#@@bad_header_lovers_maps = ( +# ["postmaster\@@", "abuse\@@$mydomain"], +#); + + +# as an alternative to fiddling with @@_lovers_maps and similar _maps, here +# is an illustration of using a more general *_by_ccat associative array, +# introduced with 2.4.0, like %lovers_maps_by_ccat in this example: +# +#$lovers_maps_by_ccat{+CC_SPAM} = [ +# read_hash("$MYHOME/etc/spam_lovers.txt"), +# [qw(postmaster@@example.com abuse@@example.com)], +#]; +# +#$lovers_maps_by_ccat{+CC_BANNED} = [ +# { map {lc $_ => 1} # construct a hash lookup table from a list +# qw(user1@@example.com user2.example.com) +# }, +#]; + + +# to save some typing of quotes and commas, a Perl operator qw can be used +# to split its argument on whitespace and to quote resulting elements: +#@@bypass_spam_checks_maps = ( +# [ qw( some.ddd !butnot.example.com .example.com ) ], +#); + + +# don't run spam check for these RECIPIENT domains: +# @@bypass_spam_checks_maps = ( [qw( d1.com .d2.com a.d3.com )] ); +# or the other way around (bypass check for all BUT these): +# @@bypass_spam_checks_maps = ( [qw( !d1.com !.d2.com !a.d3.com . )] ); +# a practical application: don't check outgoing mail for spam: +# @@bypass_spam_checks_maps = ( [ "!.$mydomain", "." ] ); +# or calculated (negated) from the %local_domains: +# @@bypass_spam_checks_maps = +# ( {map {$_ => !$local_domains{$_}} keys %local_domains}, 1); +# (a downside of which is that such mail will not count as ham in SA bayes db) +# +# Note that 'outgoing' is not the same as 'originating from inside'. We refer +# to 'outgoing' here as 'mail addressed to recipients outside our domain(s)'. +# The internal-to-internal mail is not outgoing, but is still originating from +# inside. To base rules on 'originating from inside', the use of a policy bank +# with 'originating => 1' is needed (such as MYNETS), in conjunction with +# XFORWARD Postfix extension to SMTP. + +# Where to find SQL server(s) and database to support SQL lookups? +# A list of triples: (dsn,user,passw). (dsn = data source name) +# More than one entry may be specified for multiple (backup) SQL servers. +# See 'man DBI', 'man DBD::mysql', 'man DBD::Pg', ... for details. +# When chroot-ed, accessing SQL server over inet socket may be more convenient. +# +# @@lookup_sql_dsn = +# ( ['DBI:mysql:database=mail;host=127.0.0.1;port=3306', 'user1', 'passwd1'], +# ['DBI:mysql:database=mail;host=host2', 'username2', 'password2'], +# ["DBI:SQLite:dbname=$MYHOME/sql/mail_prefs.sqlite", '', ''] ); +# @@storage_sql_dsn = @@lookup_sql_dsn; # none, same, or separate database +# +# ('mail' in the example is the database name, choose what you like) +# With PostgreSQL the dsn (first element of the triple) may look like: +# 'DBI:Pg:dbname=mail;host=host1' + +# The SQL select clause to fetch per-recipient policy settings. +# The %k will be replaced by a comma-separated list of query addresses +# (e.g. full address, domain only (stripped level by level), and a catchall). +# Use ORDER if there is a chance that multiple records will match - the first +# match wins. If field names are not unique (e.g. 'id'), the later field +# overwrites the earlier in a hash returned by lookup, which is why we use +# '*,users.id' instead of just '*'. No need to uncomment the following +# assignment if the default is ok. +# $sql_select_policy = 'SELECT *,users.id FROM users,policy'. +# ' WHERE (users.policy_id=policy.id) AND (users.email IN (%k))'. +# ' ORDER BY users.priority DESC'; +# +# The SQL select clause to check sender in per-recipient whitelist/blacklist +# The first SELECT argument '?' will be users.id from recipient SQL lookup, +# the %k will be sender addresses (e.g. full address, domain only, catchall). +# The default value is: +# $sql_select_white_black_list = 'SELECT wb FROM wblist,mailaddr'. +# ' WHERE (wblist.rid=?) AND (wblist.sid=mailaddr.id)'. +# ' AND (mailaddr.email IN (%k))'. +# ' ORDER BY mailaddr.priority DESC'; +# +# To disable SQL white/black list, set to undef (otherwise comment-out +# the following statement, leaving it at the default value): +$sql_select_white_black_list = undef; # undef disables SQL white/blacklisting + +# Controls the format of timestamps in the field msgs.time_iso: +# $timestamp_fmt_mysql = 1; # if using MySQL *and* msgs.time_iso is TIMESTAMP; +# defaults to 0, which is good for non-MySQL or if msgs.time_iso is CHAR(16) + +# Does a database mail address field with no '@@' character represent a +# local username or a domain name? By default it implies a username in +# SQL and LDAP lookups (but represents a domain in hash and acl lookups), +# so domain names in SQL and LDAP should be specified as '@@domain'. +# Setting these to true will cause 'xxx' to be interpreted as a domain +# name, just like in hash or acl lookups. +# +# $sql_lookups_no_at_means_domain = 0; # default is 0 +# $ldap_lookups_no_at_means_domain = 0; # default is 0 + +# Here is an example of a SELECT clause that fabricates an artificial 'users' +# table from actual table 'postfix_domains' containing a field 'domain_name'. +# The effect is that domains listed in the 'postfix_domains' table will be +# treated as local by amavisd, and be given settings from a policy id 99 +# if such a policy id exists, or just fall back to static lookups. +# The user.id (with a value 1) is there only to provide a user id (same id +# for all listed domains) when global SQL-based white/blacklisting is used. +# +# $sql_lookups_no_at_means_domain = 1; +# $sql_select_policy = +# 'SELECT *, user.id'. +# ' FROM (SELECT 1 as id, 99 as policy_id, "Y" AS local'. +# ' FROM postfix_domains WHERE domain_name IN (%k)) AS user'. +# ' LEFT JOIN policy ON policy_id=policy.id'; + +# If passing malware to certain recipients ($final_*_destiny=D_PASS or +# *_lovers), the recipient-based lookup tables @@addr_extension_*_maps may +# return a string, which (if nonempty) will be added as an address extension +# to the local-part of the recipient's address. This extension may be used +# by the final local delivery agent (LDA) to place such mail into different +# subfolders (the extension is usually interpreted as a folder name). +# This is sometimes known as the 'plus addressing'. Appending address +# extensions is prevented when: +# - recipient does not match lookup tables @@local_domains_maps; +# - lookup into corresponding @@addr_extension_*_maps results +# in an empty string or undef; +# - $recipient_delimiter is empty (see below) +# LDAs usually default to stripping away address extension if no special +# handling is specified or if a named subfolder or alias does not exist, +# so adding address extensions normally does no harm. + +# @@addr_extension_virus_maps = ('virus'); # defaults to empty +# @@addr_extension_spam_maps = ('spam'); # defaults to empty +# @@addr_extension_banned_maps = ('banned'); # defaults to empty +# @@addr_extension_bad_header_maps = ('badh'); # defaults to empty +# +# A more complex example: +# @@addr_extension_virus_maps = ( +# {'sub.example.com'=>'infected', '.example.com'=>'filtered'}, 'virus' ); + +# Delimiter between local part of the envelope recipient address and address +# extension (which can optionally be added, see @@addr_extension_*_maps. E.g. +# recipient address is changed to . +# +# Delimiter must match the equivalent (final) MTA delimiter setting. +# (e.g. for Postfix add 'recipient_delimiter = +' to main.cf) +# Setting it to an empty string or to undef disables adding extensions +# regardless of $addr_extension_*_maps. + +# $recipient_delimiter = '+'; # (default is undef, i.e. disabled) + +# true: replace extension; false: append extension +# $replace_existing_extension = 1; # (default is true) + +# Affects matching of localpart of e-mail addresses (left of '@@') +# in lookups: true = case sensitive, false = case insensitive +$localpart_is_case_sensitive = 0; # (default is false) + + +# ENVELOPE SENDER SOFT-WHITELISTING / SOFT-BLACKLISTING + +# Instead of hard black- or whitelisting, a softer approach is to add +# score points (penalties) to the SA score for mail from certain senders. +# Positive points lean towards blacklisting, negative towards whitelisting. +# This is much like adding SA rules or using its white/blacklisting, except +# that here only envelope sender addresses are considered (not addresses +# in a mail header), and that score points can be assigned per-recipient +# (or globally), and the assigned penalties are customarily much lower +# than the default SA white/blacklisting score. +# +# The table structure is similar to $per_recip_blacklist_sender_lookup_tables +# i.e. the first level key is recipient, pointing to by-sender lookup tables. +# The essential difference is that scores from _all_ matching by-recipient +# lookups (not just the first that matches) are summed to give the final +# score boost. That means that both the site and domain administrators, +# as well as the recipient can have a say on the final score. +# +# NOTE: keep hash keys in lowercase, either manually or by using function lc + +@@score_sender_maps = ({ # a by-recipient hash lookup table + +# # per-recipient personal tables (NOTE: positive: black, negative: white) +# 'user1@@example.com' => [{'bla-mobile.press@@example.com' => 10.0}], +# 'user3@@example.com' => [{'.ebay.com' => -3.0}], +# 'user4@@example.com' => [{'cleargreen@@cleargreen.com' => -7.0, +# '.cleargreen.com' => -5.0}], + + # site-wide opinions about senders (the '.' matches any recipient) + '.' => [ # the _first_ matching sender determines the score boost + + new_RE( # regexp-type lookup table, just happens to be all soft-blacklist + [qr'^(bulkmail|offers|cheapbenefits|earnmoney|foryou)@@'i => 5.0], + [qr'^(greatcasino|investments|lose_weight_today|market\.alert)@@'i=> 5.0], + [qr'^(money2you|MyGreenCard|new\.tld\.registry|opt-out|opt-in)@@'i=> 5.0], + [qr'^(optin|saveonlsmoking2002k|specialoffer|specialoffers)@@'i => 5.0], + [qr'^(stockalert|stopsnoring|wantsome|workathome|yesitsfree)@@'i => 5.0], + [qr'^(your_friend|greatoffers)@@'i => 5.0], + [qr'^(inkjetplanet|marketopt|MakeMoney)\d*@@'i => 5.0], + [ qr'@@strato(?:-rz)\.de$'i => -5.0 ], + [ qr'^Doris\.Hennig@@BA-MH\.Verwalt-Berlin\.de$'i => -5.0 ], + [ qr'^doris@@hennig-berlin\.org$'i => -5.0 ], + ), + +# read_hash("/var/amavis/sender_scores_sitewide"), + + { # a hash-type lookup table (associative array) + 'nobody@@cert.org' => -3.0, + 'cert-advisory@@us-cert.gov' => -3.0, + 'owner-alert@@iss.net' => -3.0, + 'slashdot@@slashdot.org' => -3.0, + 'securityfocus.com' => -3.0, + 'ntbugtraq@@listserv.ntbugtraq.com' => -3.0, + 'security-alerts@@linuxsecurity.com' => -3.0, + 'mailman-announce-admin@@python.org' => -3.0, + 'amavis-user-admin@@lists.sourceforge.net'=> -3.0, + 'amavis-user-bounces@@lists.sourceforge.net' => -3.0, + 'spamassassin.apache.org' => -3.0, + 'notification-return@@lists.sophos.com' => -3.0, + 'owner-postfix-users@@postfix.org' => -3.0, + 'owner-postfix-announce@@postfix.org' => -3.0, + 'owner-sendmail-announce@@lists.sendmail.org' => -3.0, + 'sendmail-announce-request@@lists.sendmail.org' => -3.0, + 'donotreply@@sendmail.org' => -3.0, + 'ca+envelope@@sendmail.org' => -3.0, + 'noreply@@freshmeat.net' => -3.0, + 'owner-technews@@postel.acm.org' => -3.0, + 'ietf-123-owner@@loki.ietf.org' => -3.0, + 'cvs-commits-list-admin@@gnome.org' => -3.0, + 'rt-users-admin@@lists.fsck.com' => -3.0, + 'clp-request@@comp.nus.edu.sg' => -3.0, + 'surveys-errors@@lists.nua.ie' => -3.0, + 'emailnews@@genomeweb.com' => -5.0, + 'yahoo-dev-null@@yahoo-inc.com' => -3.0, + 'returns.groups.yahoo.com' => -3.0, + 'clusternews@@linuxnetworx.com' => -3.0, + lc('lvs-users-admin@@LinuxVirtualServer.org') => -3.0, + lc('owner-textbreakingnews@@CNNIMAIL12.CNN.COM') => -5.0, + 'niels@@google.com' => -3.0, + 'kameu@@gmx.de' => -3.0, + + # soft-blacklisting (positive score) + 'sender@@example.net' => 3.0, + '.example.net' => 1.0, + + }, + ], # end of site-wide tables +}); + + +# ENVELOPE SENDER WHITELISTING / BLACKLISTING - GLOBAL (RECIPIENT-INDEPENDENT) +# (affects spam checking only, has no effect on virus and other checks) + +# WHITELISTING: use ENVELOPE SENDER lookups to ENSURE DELIVERY from whitelisted +# senders even if the message would be recognized as spam. Effectively, for +# the specified senders, message recipients temporarily become 'spam_lovers'. +# To avoid surprises, whitelisted sender also suppresses inserting/editing +# the tag2-level header fields (X-Spam-*, Subject), appending spam address +# extension, and quarantining. +# +# BLACKLISTING: messages from specified SENDERS are DECLARED SPAM. +# Effectively, for messages from blacklisted envelope sender addresses, spam +# level is artificially pushed high, and the normal spam processing applies, +# resulting in 'X-Spam-Flag: YES', high 'X-Spam-Level' bar and other usual +# reactions to spam, including possible rejection. If the message nevertheless +# still passes (e.g. for spam loving recipients), it is tagged as BLACKLISTED +# in the 'X-Spam-Status' header field, but the reported spam value and +# set of tests in this report header field (if available from SpamAssassin, +# which may or may not have been called) is not adjusted. +# +# A sender may be both white- and blacklisted at the same time, settings +# are independent. For example, being both white- and blacklisted, message +# is delivered to recipients, but is not tagged as spam (X-Spam-Flag: No; +# X-Spam-Status: No, ...), but the reported spam level (if computed) may +# still indicate high spam score. +# +# If ALL recipients of the message either white- or blacklist the sender, +# spam scanning (calling the SpamAssassin) is bypassed, saving on time. +# +# The following variables (lists of lookup tables) are available, +# with the semantics and syntax as specified in README.lookups: +# @@whitelist_sender_maps, @@blacklist_sender_maps + +# SOME EXAMPLES: +# +#ACL: +# @@whitelist_sender_maps = ( ['.example.org', '.example.net'] ); +# @@whitelist_sender_maps = ( [qw(.example.org .example.net)] ); # same thing +# +# @@whitelist_sender_maps = ( [".$mydomain"] ); # $mydomain and its subdomains +# NOTE: This is not a reliable way of turning off spam checks for +# locally-originating mail, as sender address can easily be faked. +# To reliably avoid spam-scanning outgoing mail, use @@bypass_spam_checks_maps +# for nonlocal recipients. To reliably avoid spam scanning for locally +# originating mail (including internal-to-internal mail), recognized by +# the original SMTP client IP address matching @@mynetworks, use policy bank +# MYNETS, adjust @@mynetworks, and turn on XFORWARD in the Postfix smtp client +# service feeding amavisd. + +#with regexps: +# @@whitelist_sender_maps = ( new_RE( +# qr'^postmaster@@.*\bexample\.com$'i, +# qr'^owner-[^@@]*@@'i, qr'-request@@'i, +# qr'\.example\.com$'i +# )); + + +# illustrates the use of regexp lookup table: + +@@blacklist_sender_maps = ( new_RE( + qr'^(bulkmail|offers|cheapbenefits|earnmoney|foryou|greatcasino)@@'i, + qr'^(investments|lose_weight_today|market\.alert|money2you|MyGreenCard)@@'i, + qr'^(new\.tld\.registry|opt-out|opt-in|optin|saveonlsmoking2002k)@@'i, + qr'^(specialoffer|specialoffers|stockalert|stopsnoring|wantsome)@@'i, + qr'^(workathome|yesitsfree|your_friend|greatoffers)@@'i, + qr'^(inkjetplanet|marketopt|MakeMoney)\d*@@'i, +)); + + +# NOTE: whitelisting is becoming deprecated because sender address is +# all too often faked; use @@score_sender_maps for soft-whitelisting! +# +# Illustrates the use of several lookup tables: +# +# @@whitelist_sender_maps = ( +# +# # read_hash("$MYHOME/whitelist_sender"), # a hash table read from a file +# +# # and another hash lookup table constructed in-line, with keys lowercased: +# { map {lc $_ => 1} qw( +# nobody@@cert.org +# cert-advisory@@us-cert.gov +# owner-alert@@iss.net +# slashdot@@slashdot.org +# bugtraq@@securityfocus.com +# NTBUGTRAQ@@LISTSERV.NTBUGTRAQ.COM +# security-alerts@@linuxsecurity.com +# amavis-user-admin@@lists.sourceforge.net +# amavis-user-bounces@@lists.sourceforge.net +# notification-return@@lists.sophos.com +# mailman-announce-admin@@python.org +# owner-postfix-users@@postfix.org +# owner-postfix-announce@@postfix.org +# owner-sendmail-announce@@lists.sendmail.org +# sendmail-announce-request@@lists.sendmail.org +# owner-technews@@postel.ACM.ORG +# lvs-users-admin@@LinuxVirtualServer.org +# ietf-123-owner@@loki.ietf.org +# cvs-commits-list-admin@@gnome.org +# rt-users-admin@@lists.fsck.com +# clp-request@@comp.nus.edu.sg +# surveys-errors@@lists.nua.ie +# emailNews@@genomeweb.com +# owner-textbreakingnews@@CNNIMAIL12.CNN.COM +# yahoo-dev-null@@yahoo-inc.com +# returns.groups.yahoo.com +# )}, +# +# # { '' => 1 }, # and another one, containing just an empty reverse path (DSN) +# +# ); + + +# ENVELOPE SENDER WHITELISTING / BLACKLISTING - PER-RECIPIENT + +# The same semantics as for global white/blacklisting applies, but this +# time each recipient (or its domain, or subdomain, ...) can be given +# an individual lookup table for matching senders. The per-recipient lookups +# take precedence over the global lookups, which serve as a fallback default. + +# Specify a two-level lookup table: the key for the outer table is recipient, +# and the result should be an inner lookup table (hash or ACL or RE), +# where the key used will be the sender. (Note that this structure is flatter +# than @@score_sender_maps, where the first level result is a ref to a _list_ +# of inner lookup tables, not a ref to a single lookup table.) +# +#$per_recip_blacklist_sender_lookup_tables = { +# 'user1@@my.example.com'=>new_RE(qr'^(inkjetplanet|marketopt|MakeMoney)\d*@@'i), +# 'user2@@my.example.com'=>[qw( spammer@@d1.example,org .d2.example,org )], +#}; +#$per_recip_whitelist_sender_lookup_tables = { +# 'user@@my.example.com' => [qw( friend@@example.org .other.example.org )], +# '.my1.example.com' => [qw( !foe.other.example,org .other.example,org )], +# '.my2.example.com' => read_hash("$MYHOME/my2-wl.dat"), +# 'abuse@@' => { 'postmaster@@'=>1, +# 'cert-advisory-owner@@cert.org'=>1, 'owner-alert@@iss.net'=>1 }, +#}; + + +# +# Section VI - Resource limits +# + +# Sanity limit to the number of allowed recipients per SMTP transaction +# $smtpd_recipient_limit = 1100; # (default is 1100) + +# Resource limits to protect unpackers, decompressors and virus scanners +# against mail bombs (e.g. 42.zip) + + +# Maximum recursion level for extraction/decoding (0 or undef disables limit) +$MAXLEVELS = 14; # (default is undef, no limit) + +# Maximum number of extracted files (0 or undef disables the limit) +$MAXFILES = 1500; # (default is undef, no limit) + +# For the cumulative total of all decoded mail parts we set max storage size +# to defend against mail bombs. Even though parts may be deleted (replaced +# by decoded text) during decoding, the size they occupied is _not_ returned +# to the quota pool. +# +# Parameters to storage quota formula for unpacking/decoding/decompressing +# Formula: +# quota = max($MIN_EXPANSION_QUOTA, +# $mail_size*$MIN_EXPANSION_FACTOR, +# min($MAX_EXPANSION_QUOTA, $mail_size*$MAX_EXPANSION_FACTOR)) +# In plain words (later condition overrules previous ones): +# allow MAX_EXPANSION_FACTOR times initial mail size, +# but not more than MAX_EXPANSION_QUOTA, +# but not less than MIN_EXPANSION_FACTOR times initial mail size, +# but never less than MIN_EXPANSION_QUOTA +# +$MIN_EXPANSION_QUOTA = 100*1024; # bytes (default undef, not enforced) +$MAX_EXPANSION_QUOTA = 300*1024*1024; # bytes (default undef, not enforced) +$MIN_EXPANSION_FACTOR = 5; # times original mail size (default is 5) +$MAX_EXPANSION_FACTOR = 500; # times original mail size (default is 500) + +# expiration time of cached results: time to live in seconds +# (how long the result of a virus/spam test remains valid) +$virus_check_negative_ttl= 3*60; # time to remember that mail was not infected +$virus_check_positive_ttl= 30*60; # time to remember that mail was infected +$spam_check_negative_ttl = 10*60; # time to remember that mail was not spam +$spam_check_positive_ttl = 30*60; # time to remember that mail was spam +# +# NOTE: +# Cache size will be determined by the largest of the $*_ttl values. +# Depending on the mail rate, the cache database may grow quite large. +# Reasonable compromise for the max value is 15 minutes to 2 hours. + +# +# Section VII - External programs, virus scanners +# + +# Specify a path string, which is a colon-separated string of directories +# (no trailing slashes!) to be assigned to the environment variable PATH +# and to serve for locating external programs below. + +# NOTE: if $daemon_chroot_dir is nonempty, the directories will be +# relative to the chroot directory specified; + +$path = '/usr/local/sbin:/usr/local/bin:/usr/sbin:/sbin:/usr/bin:/bin:/opt/bin'; + +# For external programs specify one string or a search list of strings (first +# match wins). The string (or: each string in a list) may be an absolute path, +# or just a program name, to be located via $path; +# Empty string or undef (=default) disables the use of that external program. +# Optionally command arguments may be specified - only the first substring +# up to the whitespace is used for file searching. + +$file = 'file'; # file(1) utility; use 3.41 or later to avoid vulnerability +$dspam = 'dspam'; + +# A list of pairs or n-tuples: [short-type, code_ref, optional-args...]. +# Maps short types to a decoding routine, the first match wins. +# Arguments beyond the first two can be program path string (or a listref of +# paths to be searched) or a reference to a variable containing such a path, +# which allows for lazy evaluation, making possible to assign values to +# legacy configuration variables even after the assignment to @@decoders. +# +@@decoders = ( + ['mail', \&do_mime_decode], + ['asc', \&do_ascii], + ['uue', \&do_ascii], + ['hqx', \&do_ascii], + ['ync', \&do_ascii], + ['F', \&do_uncompress, ['unfreeze','freeze -d','melt','fcat'] ], + ['Z', \&do_uncompress, ['uncompress','gzip -d','zcat'] ], + ['gz', \&do_uncompress, 'gzip -d'], + ['gz', \&do_gunzip], + ['bz2', \&do_uncompress, 'bzip2 -d'], + ['lzo', \&do_uncompress, 'lzop -d'], + ['rpm', \&do_uncompress, ['rpm2cpio.pl','rpm2cpio'] ], + ['cpio', \&do_pax_cpio, ['pax','gcpio','cpio'] ], + ['tar', \&do_pax_cpio, ['pax','gcpio','cpio'] ], + ['deb', \&do_ar, 'ar'], +# ['a', \&do_ar, 'ar'], # unpacking .a seems an overkill + ['zip', \&do_unzip], + ['7z', \&do_7zip, ['7zr','7za','7z'] ], + ['rar', \&do_unrar, ['rar','unrar'] ], + ['arj', \&do_unarj, ['arj','unarj'] ], + ['arc', \&do_arc, ['nomarch','arc'] ], + ['zoo', \&do_zoo, ['zoo','unzoo'] ], + ['lha', \&do_lha, 'lha'], +# ['doc', \&do_ole, 'ripole'], + ['cab', \&do_cabextract, 'cabextract'], + ['tnef', \&do_tnef_ext, 'tnef'], + ['tnef', \&do_tnef], +# ['sit', \&do_unstuff, 'unstuff'], # broken/unsafe decoder + ['exe', \&do_executable, ['rar','unrar'], 'lha', ['arj','unarj'] ], +); + + +# SpamAssassin settings + +# $sa_local_tests_only is passed to Mail::SpamAssassin::new as a value +# of the option local_tests_only. See Mail::SpamAssassin man page. +# If set to 1, no SA tests that require internet access will be performed. +# +$sa_local_tests_only = 0; # only tests which do not require internet access? +#$sa_auto_whitelist = 1; # turn on AWL in SA 2.63 or older (irrelevant + # for SA 3.0, its cf option is use_auto_whitelist) + +$sa_mail_body_size_limit = 400*1024; # don't waste time on SA if mail is larger + # (less than 1% of spam is > 64k) + # default: undef, no limitations + +# default values, customarily used in the @@spam_*_level_maps as the last entry +$sa_tag_level_deflt = 2.0; # add spam info headers if at, or above that level; + # undef is interpreted as lower than any spam level +$sa_tag2_level_deflt = 6.31;# add 'spam detected' headers at that level to + # passed mail, adding address extensions; +$sa_kill_level_deflt = $sa_tag2_level_deflt; # triggers spam evasive actions + # at or above that level: bounce/reject/drop, + # quarantine +$sa_dsn_cutoff_level = 9; # spam level beyond which a DSN is not sent, + # effectively turning D_BOUNCE into D_DISCARD; + # undef disables this feature and is a default; +# see also $sa_quarantine_cutoff_level above, which only controls quarantining + +# $penpals_bonus_score = 5; # (positive) score by which spam score is lowered + # when sender is known to have previously received mail from our + # local user from this mail system; zero or undef disables penpals + # lookups in SQL; default: undef +# $penpals_halflife = 10*24*60*60; #exponential decay time constant in seconds; + # penpal bonus is halved for each halflife period from the last mail + # sent by a local user to a current mail's sender; default: 7 days +# $penpals_threshold_low = 1.0; # no need for pen pals lookup on low spam score +# $penpals_threshold_high = $sa_kill_level_deflt; # don't waste time on hi spam + +# $bounce_killer_score = 100; # spam score points to add for joe-jobbed bounces + # bounce killer needs operational SQL logging (pen pals) ! + +# advanced example specifying per-recipient values using a hash lookup: +#@@spam_tag_level_maps = (\$sa_tag_level_deflt); # this is a default +#@@spam_tag2_level_maps = ( +# { 'user1@@example.com' => 8.0, '.example.com' => 6.0 }, +# \$sa_tag2_level_deflt, # catchall default +#); +#@@spam_kill_level_maps = ( +# { 'user1@@example.com' => 8.0, '.example.com' => 6.0 }, +# \$sa_kill_level_deflt, # catchall default +#); +#@@spam_dsn_cutoff_level_maps = ( +# { 'user1@@example.com' => 10, '.example.com' => 15 }, +# \$sa_dsn_cutoff_level, # catchall default +#); + +# selectively trim down bounces to domains sending their own bounces with +# non-null return path, to frequently abused domains, or to those sending +# marginal spam +@@spam_dsn_cutoff_level_bysender_maps = ( + { # an associative array (hash) lookup table, use lowercase keys + 'virgilio.it' => 7, 'mail.ru' => 7, '0451.com' => 7, + 'yahoo.co.uk' => 7, 'yahoo.co.jp' => 7, 'nobody@@' => 7, + 'noreply@@' => 0, 'no-reply@@' => 0, 'donotreply@@' => 0, + 'opt-in@@' => 0, 'opt-out@@' => 0, 'yahoo-dev-null@@' => 0, + '.optin-out.com' => 0, 'daily@@astrocenter.com' => 0, + 'spamadmin@@fraunhofer.de'=> 7, # Sophos PureMessage spam bounces + }, + \$sa_dsn_cutoff_level, # catchall default value +); + +# a quick reference: +# tag_level contents category: CC_CLEAN, +# controls adding the X-Spam-Status and X-Spam-Level headers, +# tag2_level contents category: CC_SPAMMY, +# controls adding 'X-Spam-Flag: YES', editing (tagging) Subject, +# and adding address extensions, +# tag3_level contents category: CC_SPAMMY, minor category 1, +# like tag2, but may insert different Subject tag +# e.g. @@spam_subject_tag3_maps=('***BLATANT*SPAM*** '); +# kill_level contents category: CC_SPAM, +# controls 'evasive actions' (reject, quarantine); +# it only makes sense to maintain the relationship: +# tag_level <= tag2_level <= tag3_level <= kill_level < +# < dsn_cutoff_level <= quarantine_cutoff_level + +# string to prepend to Subject header field when message exceeds tag2 level +#$sa_spam_subject_tag = '***SPAM*** '; # (defaults to undef, disabled) + # (only seen when spam is passed and recipient is + # in local_domains*) +# more examples, using @@*_maps directly: +#@@spam_subject_tag_maps = ('[possible-spam:_SCORE_] '); +#@@spam_subject_tag2_maps = ('***SPAM*** _SCORE_ (_REQD_) '); +#@@spam_subject_tag3_maps = ('***BLATANT*SPAM**** _SCORE_ (_REQD_) '); +# another examples, using _maps_by_ccat: +#$subject_tag_maps_by_ccat{+CC_CLEAN} = [ +# { lc('TestUser@@example.net') => +# '**TEST:_U_,hits=_SCORE_,req=_REQD_,amid=_TASKID_,mid=_MAILID_**' } ]; + +#$sa_spam_modifies_subj = 1; # in @@spam_modifies_subj_maps, default is true + +# Example: modify Subject for all local recipients except user@@example.com +#@@spam_modifies_subj_maps = ( [qw( !user@@example.com . )] ); + +#$sa_spam_level_char = '*'; # char for X-Spam-Level bar, defaults to '*'; + # undef or empty disables inserting X-Spam-Level +#$sa_spam_report_header = 0; # insert X-Spam-Report header field? default false + +# stop anti-virus scanning when the first scanner detects a virus? +#$first_infected_stops_scan = 1; # default is false, all scanners in a section + # are called + +# @@av_scanners is a list of n-tuples, where fields semantics is: +# 1. av scanner plain name, to be used in log and reports; +# 2a.scanner program name; this string will be submitted to subroutine +# find_external_programs(), which will try to find the full program path +# name during startup; if program is not found, this scanner is disabled. +# Besides a simple string (full program path name or just the basename +# to be looked for in PATH), this may be an array ref of alternative +# program names or full paths - the first match in the list will be used; +# 2b.alternatively, this second field may be a subroutine reference, +# and the whole n-tuple entry is passed to it as args; it should return +# a triple: ($scan_status,$output,$virusnames_ref), where: +# - $scan_status is: true if a virus was found, 0 if no viruses, +# undef if scanner was unable to complete its job (failed); +# - $output is an optional result string to appear in logging and macro %v; +# - $virusnames_ref is a ref to a list of detected virus names (may be +# undef or a ref to an empty list); +# 3. command arguments to be given to the scanner program; +# a substring {} will be replaced by the directory name to be scanned, i.e. +# "$tempdir/parts", a "*" will be replaced by base file names of parts; +# 4. an array ref of av scanner exit status values, or a regexp (to be +# matched against scanner output), indicating NO VIRUSES found; +# a special case is a value undef, which does not claim file to be clean +# (i.e. it never matches, similar to []), but suppresses a failure warning; +# to be used when the result is inconclusive (useful for specialized and +# quick partial scanners such as jpeg checker); +# 5. an array ref of av scanner exit status values, or a regexp (to be +# matched against scanner output), indicating VIRUSES WERE FOUND; +# a value undef may be used and it never matches (for consistency with 4.); +# Note: the virus match prevails over a 'not found' match, so it is safe +# even if the no. 4. matches for viruses too; +# 6. a regexp (to be matched against scanner output), returning a list +# of virus names found, or a sub ref, returning such a list when given +# scanner output as argument; +# 7. and 8.: (optional) subroutines to be executed before and after scanner +# (e.g. to set environment or current directory); +# see examples for these at KasperskyLab AVP and NAI uvscan. + +# NOTES: +# +# - NOT DEFINING @@av_scanners (e.g. setting it to empty list, or deleting the +# whole assignment) TURNS OFF LOADING AND COMPILING OF THE ANTIVIRUS CODE +# (which can be handy if all you want to do is spam scanning); +# +# - the order matters: although _all_ available entries from the list +# are tried regardless of their verdict, scanners are run in the order +# specified: the report from the first one detecting a virus will be used +# (providing virus names and scanner output); REARRANGE THE ORDER TO WILL; +# see also $first_infected_stops_scan; +# +# - it doesn't hurt to keep an unused command line scanner entry in the list +# if the program can not be found; the path search is only performed once +# during the program startup; +# +# COROLLARY: to disable a scanner that _does_ exist on your system, +# comment out its entry or use undef or '' as its program name/path +# (second parameter). An example where this is almost a must: disable +# Sophos 'sweep' if you have its daemonized version Sophie or SAVI-Perl +# (same for Trophie/vscan, and clamd/clamscan), or if another unrelated +# program happens to have a name matching one of the entries ('sweep' +# again comes to mind); +# +# - it DOES HURT to keep unwanted entries which use INTERNAL SUBROUTINES +# for interfacing (where the second parameter starts with \&). +# Keeping such entry and not having a corresponding virus scanner daemon +# causes an unnecessary connection attempt (which eventually times out, +# but it wastes precious time). For this reason the daemonized entries +# are commented in the distribution - just remove the '#' where needed. +# +# CERT list of av resources: http://www.cert.org/other_sources/viruses.html + +@@av_scanners = ( + +# ### http://www.clanfield.info/sophie/ (http://www.vanja.com/tools/sophie/) +# ['Sophie', +# \&ask_daemon, ["{}/\n", '/var/run/sophie'], +# qr/(?x)^ 0+ ( : | [\000\r\n]* $)/m, qr/(?x)^ 1 ( : | [\000\r\n]* $)/m, +# qr/(?x)^ [-+]? \d+ : (.*?) [\000\r\n]* $/m ], + +# ### http://www.csupomona.edu/~henson/www/projects/SAVI-Perl/ +# ['Sophos SAVI', \&sophos_savi ], + +### http://www.clamav.net/ +['ClamAV-clamd', + \&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd.sock"], + qr/\bOK$/m, qr/\bFOUND$/m, + qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ], +# NOTE: run clamd under the same user as amavisd, or run it under its own +# uid such as clamav, add user clamav to the amavis group, and then add +# AllowSupplementaryGroups to clamd.conf; +# NOTE: match socket name (LocalSocket) in clamav.conf to the socket name in +# this entry; when running chrooted one may prefer socket "$MYHOME/clamd". + +# ### http://www.clamav.net/ and CPAN (memory-hungry! clamd is preferred) +# # note that Mail::ClamAV requires perl to be build with threading! +# ['Mail::ClamAV', \&ask_clamav, "*", [0], [1], qr/^INFECTED: (.+)/m ], + +# ### http://www.openantivirus.org/ +# ['OpenAntiVirus ScannerDaemon (OAV)', +# \&ask_daemon, ["SCAN {}\n", '127.0.0.1:8127'], +# qr/^OK/m, qr/^FOUND: /m, qr/^FOUND: (.+)/m ], + +# ### http://www.vanja.com/tools/trophie/ +# ['Trophie', +# \&ask_daemon, ["{}/\n", '/var/run/trophie'], +# qr/(?x)^ 0+ ( : | [\000\r\n]* $)/m, qr/(?x)^ 1 ( : | [\000\r\n]* $)/m, +# qr/(?x)^ [-+]? \d+ : (.*?) [\000\r\n]* $/m ], + +# ### http://www.grisoft.com/ +# ['AVG Anti-Virus', +# \&ask_daemon, ["SCAN {}\n", '127.0.0.1:55555'], +# qr/^200/m, qr/^403/m, qr/^403 .*?: ([^\r\n]+)/m ], + +# ### http://www.f-prot.com/ +# ['F-Prot fpscand', # F-PROT Antivirus for BSD/Linux/Solaris, version 6 +# \&ask_daemon, +# ["SCAN FILE {}/*\n", '127.0.0.1:10200'], +# qr/^(0|8|64) /m, +# qr/^([1235679]|1[01345]) |<[^>:]*(?i)(infected|suspicious|unwanted)/m, +# qr/(?i)<[^>:]*(?:infected|suspicious|unwanted)[^>:]*: ([^>]*)>/m ], + +# ### http://www.f-prot.com/ +# ['F-Prot f-protd', # old version +# \&ask_daemon, +# ["GET {}/*?-dumb%20-archive%20-packed HTTP/1.0\r\n\r\n", +# ['127.0.0.1:10200', '127.0.0.1:10201', '127.0.0.1:10202', +# '127.0.0.1:10203', '127.0.0.1:10204'] ], +# qr/(?i)]*>clean<\/summary>/m, +# qr/(?i)]*>infected<\/summary>/m, +# qr/(?i)(.+)<\/name>/m ], + +# ### http://www.sald.com/, http://www.dials.ru/english/, http://www.drweb.ru/ +# ['DrWebD', \&ask_daemon, # DrWebD 4.31 or later +# [pack('N',1). # DRWEBD_SCAN_CMD +# pack('N',0x00280001). # DONT_CHANGEMAIL, IS_MAIL, RETURN_VIRUSES +# pack('N', # path length +# length("$TEMPBASE/amavis-yyyymmddTHHMMSS-xxxxx/parts/pxxx")). +# '{}/*'. # path +# pack('N',0). # content size +# pack('N',0), +# '/var/drweb/run/drwebd.sock', +# # '/var/amavis/var/run/drwebd.sock', # suitable for chroot +# # '/usr/local/drweb/run/drwebd.sock', # FreeBSD drweb ports default +# # '127.0.0.1:3000', # or over an inet socket +# ], +# qr/\A\x00[\x10\x11][\x00\x10]\x00/sm, # IS_CLEAN,EVAL_KEY; SKIPPED +# qr/\A\x00[\x00\x01][\x00\x10][\x20\x40\x80]/sm,# KNOWN_V,UNKNOWN_V,V._MODIF +# qr/\A.{12}(?:infected with )?([^\x00]+)\x00/sm, +# ], +# # NOTE: If using amavis-milter, change length to: +# # length("$TEMPBASE/amavis-milter-xxxxxxxxxxxxxx/parts/pxxx"). + + ### http://www.kaspersky.com/ (kav4mailservers) + ['KasperskyLab AVP - aveclient', + ['/usr/local/kav/bin/aveclient','/usr/local/share/kav/bin/aveclient', + '/opt/kav/5.5/kav4mailservers/bin/aveclient','aveclient'], + '-p /var/run/aveserver -s {}/*', + [0,3,6,8], qr/\b(INFECTED|SUSPICION|SUSPICIOUS)\b/m, + qr/(?:INFECTED|WARNING|SUSPICION|SUSPICIOUS) (.+)/m, + ], + # NOTE: one may prefer [0],[2,3,4,5], depending on how suspicious, + # currupted or protected archives are to be handled + + ### http://www.kaspersky.com/ + ['KasperskyLab AntiViral Toolkit Pro (AVP)', ['avp'], + '-* -P -B -Y -O- {}', [0,3,6,8], [2,4], # any use for -A -K ? + qr/infected: (.+)/m, + sub {chdir('/opt/AVP') or die "Can't chdir to AVP: $!"}, + sub {chdir($TEMPBASE) or die "Can't chdir back to $TEMPBASE $!"}, + ], + + ### The kavdaemon and AVPDaemonClient have been removed from Kasperky + ### products and replaced by aveserver and aveclient + ['KasperskyLab AVPDaemonClient', + [ '/opt/AVP/kavdaemon', 'kavdaemon', + '/opt/AVP/AvpDaemonClient', 'AvpDaemonClient', + '/opt/AVP/AvpTeamDream', 'AvpTeamDream', + '/opt/AVP/avpdc', 'avpdc' ], + "-f=$TEMPBASE {}", [0,8], [3,4,5,6], qr/infected: ([^\r\n]+)/m ], + # change the startup-script in /etc/init.d/kavd to: + # DPARMS="-* -Y -dl -f=/var/amavis /var/amavis" + # (or perhaps: DPARMS="-I0 -Y -* /var/amavis" ) + # adjusting /var/amavis above to match your $TEMPBASE. + # The '-f=/var/amavis' is needed if not running it as root, so it + # can find, read, and write its pid file, etc., see 'man kavdaemon'. + # defUnix.prf: there must be an entry "*/var/amavis" (or whatever + # directory $TEMPBASE specifies) in the 'Names=' section. + # cd /opt/AVP/DaemonClients; configure; cd Sample; make + # cp AvpDaemonClient /opt/AVP/ + # su - vscan -c "${PREFIX}/kavdaemon ${DPARMS}" + + ### http://www.centralcommand.com/ + ['CentralCommand Vexira (new) vascan', + ['vascan','/usr/lib/Vexira/vascan'], + "-a s --timeout=60 --temp=$TEMPBASE -y $QUARANTINEDIR ". + "--log=/var/log/vascan.log {}", + [0,3], [1,2,5], + qr/(?x)^\s* (?:virus|iworm|macro|mutant|sequence|trojan)\ found:\ ( [^\]\s']+ )\ \.\.\.\ /m ], + # Adjust the path of the binary and the virus database as needed. + # 'vascan' does not allow to have the temp directory to be the same as + # the quarantine directory, and the quarantine option can not be disabled. + # If $QUARANTINEDIR is not used, then another directory must be specified + # to appease 'vascan'. Move status 3 to the second list if password + # protected files are to be considered infected. + + ### http://www.avira.com/ + ### Avira AntiVir (formerly H+BEDV) or (old) CentralCommand Vexira Antivirus + ['Avira AntiVir', ['antivir','vexira'], + '--allfiles -noboot -nombr -rs -s -z {}', [0], qr/ALERT:|VIRUS:/m, + qr/(?x)^\s* (?: ALERT: \s* (?: \[ | [^']* ' ) | + (?i) VIRUS:\ .*?\ virus\ '?) ( [^\]\s']+ )/m ], + # NOTE: if you only have a demo version, remove -z and add 214, as in: + # '--allfiles -noboot -nombr -rs -s {}', [0,214], qr/ALERT:|VIRUS:/, + + ### http://www.commandsoftware.com/ + ['Command AntiVirus for Linux', 'csav', + '-all -archive -packed {}', [50], [51,52,53], + qr/Infection: (.+)/m ], + + ### http://www.symantec.com/ + ['Symantec CarrierScan via Symantec CommandLineScanner', + 'cscmdline', '-a scan -i 1 -v -s 127.0.0.1:7777 {}', + qr/^Files Infected:\s+0$/m, qr/^Infected\b/m, + qr/^(?:Info|Virus Name):\s+(.+)/m ], + + ### http://www.symantec.com/ + ['Symantec AntiVirus Scan Engine', + 'savsecls', '-server 127.0.0.1:7777 -mode scanrepair -details -verbose {}', + [0], qr/^Infected\b/m, + qr/^(?:Info|Virus Name):\s+(.+)/m ], + # NOTE: check options and patterns to see which entry better applies + +# ### http://www.f-secure.com/products/anti-virus/ version 4.65 +# ['F-Secure Antivirus for Linux servers', +# ['/opt/f-secure/fsav/bin/fsav', 'fsav'], +# '--delete=no --disinf=no --rename=no --archive=yes --auto=yes '. +# '--dumb=yes --list=no --mime=yes {}', [0], [3,6,8], +# qr/(?:infection|Infected|Suspected): (.+)/m ], + + ### http://www.f-secure.com/products/anti-virus/ version 5.52 + ['F-Secure Antivirus for Linux servers', + ['/opt/f-secure/fsav/bin/fsav', 'fsav'], + '--virus-action1=report --archive=yes --auto=yes '. + '--dumb=yes --list=no --mime=yes {}', [0], [3,4,6,8], + qr/(?:infection|Infected|Suspected|Riskware): (.+)/m ], + # NOTE: internal archive handling may be switched off by '--archive=no' + # to prevent fsav from exiting with status 9 on broken archives + +# ### http://www.avast.com/ +# ['avast! Antivirus daemon', +# \&ask_daemon, # greets with 220, terminate with QUIT +# ["SCAN {}\015\012QUIT\015\012", '/var/run/avast4/mailscanner.sock'], +# qr/\t\[\+\]/m, qr/\t\[L\]\t/m, qr/\t\[L\]\t([^[ \t\015\012]+)/m ], + +# ### http://www.avast.com/ +# ['avast! Antivirus - Client/Server Version', 'avastlite', +# '-a /var/run/avast4/mailscanner.sock -n {}', [0], [1], +# qr/\t\[L\]\t([^[ \t\015\012]+)/m ], + + ['CAI InoculateIT', 'inocucmd', # retired product + '-sec -nex {}', [0], [100], + qr/was infected by virus (.+)/m ], + # see: http://www.flatmtn.com/computer/Linux-Antivirus_CAI.html + + ### http://www3.ca.com/Solutions/Product.asp?ID=156 (ex InoculateIT) + ['CAI eTrust Antivirus', 'etrust-wrapper', + '-arc -nex -spm h {}', [0], [101], + qr/is infected by virus: (.+)/m ], + # NOTE: requires suid wrapper around inocmd32; consider flag: -mod reviewer + # see http://marc.theaimsgroup.com/?l=amavis-user&m=109229779912783 + + ### http://mks.com.pl/english.html + ['MkS_Vir for Linux (beta)', ['mks32','mks'], + '-s {}/*', [0], [1,2], + qr/--[ \t]*(.+)/m ], + + ### http://mks.com.pl/english.html + ['MkS_Vir daemon', 'mksscan', + '-s -q {}', [0], [1..7], + qr/^... (\S+)/m ], + +# ### http://www.nod32.com/, version v2.52 (old) +# ['ESET NOD32 for Linux Mail servers', +# ['/opt/eset/nod32/bin/nod32cli', 'nod32cli'], +# '--subdir --files -z --sfx --rtp --adware --unsafe --pattern --heur '. +# '-w -a --action-on-infected=accept --action-on-uncleanable=accept '. +# '--action-on-notscanned=accept {}', +# [0,3], [1,2], qr/virus="([^"]+)"/m ], + +# ### http://www.eset.com/, version v2.7 (old) +# ['ESET NOD32 Linux Mail Server - command line interface', +# ['/usr/bin/nod32cli', '/opt/eset/nod32/bin/nod32cli', 'nod32cli'], +# '--subdir {}', [0,3], [1,2], qr/virus="([^"]+)"/m ], + +# ### http://www.eset.com/, version 2.71.12 +# ['ESET Software ESETS Command Line Interface', +# ['/usr/bin/esets_cli', 'esets_cli'], +# '--subdir {}', [0], [1,2,3], qr/virus="([^"]+)"/m ], + + ### http://www.eset.com/, version 3.0 + ['ESET Software ESETS Command Line Interface', + ['/usr/bin/esets_cli', 'esets_cli'], + '--subdir {}', [0], [1,2,3], + qr/:\s*action="(?!accepted)[^"]*"\n.*:\s*virus="([^"]*)"/m ], + + ## http://www.nod32.com/, NOD32LFS version 2.5 and above + ['ESET NOD32 for Linux File servers', + ['/opt/eset/nod32/sbin/nod32','nod32'], + '--files -z --mail --sfx --rtp --adware --unsafe --pattern --heur '. + '-w -a --action=1 -b {}', + [0], [1,10], qr/^object=.*, virus="(.*?)",/m ], + +# Experimental, based on posting from Rado Dibarbora (Dibo) on 2002-05-31 +# ['ESET Software NOD32 Client/Server (NOD32SS)', +# \&ask_daemon2, # greets with 200, persistent, terminate with QUIT +# ["SCAN {}/*\r\n", '127.0.0.1:8448' ], +# qr/^200 File OK/m, qr/^201 /m, qr/^201 (.+)/m ], + + ### http://www.norman.com/products_nvc.shtml + ['Norman Virus Control v5 / Linux', 'nvcc', + '-c -l:0 -s -u -temp:$TEMPBASE {}', [0,10,11], [1,2,14], + qr/(?i).* virus in .* -> \'(.+)\'/m ], + + ### http://www.pandasoftware.com/ + ['Panda CommandLineSecure 9 for Linux', + ['/opt/pavcl/usr/bin/pavcl','pavcl'], + '-auto -aex -heu -cmp -nbr -nor -nos -eng -nob {}', + qr/Number of files infected[ .]*: 0+(?!\d)/m, + qr/Number of files infected[ .]*: 0*[1-9]/m, + qr/Found virus :\s*(\S+)/m ], + # NOTE: for efficiency, start the Panda in resident mode with 'pavcl -tsr' + # before starting amavisd - the bases are then loaded only once at startup. + # To reload bases in a signature update script: + # /opt/pavcl/usr/bin/pavcl -tsr -ulr; /opt/pavcl/usr/bin/pavcl -tsr + # Please review other options of pavcl, for example: + # -nomalw, -nojoke, -nodial, -nohackt, -nospyw, -nocookies + +# ### http://www.pandasoftware.com/ +# ['Panda Antivirus for Linux', ['pavcl'], +# '-TSR -aut -aex -heu -cmp -nbr -nor -nso -eng {}', +# [0], [0x10, 0x30, 0x50, 0x70, 0x90, 0xB0, 0xD0, 0xF0], +# qr/Found virus :\s*(\S+)/m ], + +# GeCAD AV technology is acquired by Microsoft; RAV has been discontinued. +# Check your RAV license terms before fiddling with the following two lines! +# ['GeCAD RAV AntiVirus 8', 'ravav', +# '--all --archive --mail {}', [1], [2,3,4,5], qr/Infected: (.+)/m ], +# # NOTE: the command line switches changed with scan engine 8.5 ! +# # (btw, assigning stdin to /dev/null causes RAV to fail) + + ### http://www.nai.com/ + ['NAI McAfee AntiVirus (uvscan)', 'uvscan', + '--secure -rv --mime --summary --noboot --mailbox --program --timeout 180 - {}', [0], [13], + qr/(?x) Found (?: + \ the\ (.+)\ (?:virus|trojan) | + \ (?:virus|trojan)\ or\ variant\ ([^ ]+) | + :\ (.+)\ NOT\ a\ virus)/m, + # sub {$ENV{LD_PRELOAD}='/lib/libc.so.6'}, + # sub {delete $ENV{LD_PRELOAD}}, + ], + # NOTE1: with RH9: force the dynamic linker to look at /lib/libc.so.6 before + # anything else by setting environment variable LD_PRELOAD=/lib/libc.so.6 + # and then clear it when finished to avoid confusing anything else. + # NOTE2: to treat encrypted files as viruses replace the [13] with: + # qr/^\s{5,}(Found|is password-protected|.*(virus|trojan))/ + + ### http://www.virusbuster.hu/en/ + ['VirusBuster', ['vbuster', 'vbengcl'], + "{} -ss -i '*' -log=$MYHOME/vbuster.log", [0], [1], + qr/: '(.*)' - Virus/m ], + # VirusBuster Ltd. does not support the daemon version for the workstation + # engine (vbuster-eng-1.12-linux-i386-libc6.tgz) any longer. The names of + # binaries, some parameters AND return codes have changed (from 3 to 1). + # See also the new Vexira entry 'vascan' which is possibly related. + +# ### http://www.virusbuster.hu/en/ +# ['VirusBuster (Client + Daemon)', 'vbengd', +# '-f -log scandir {}', [0], [3], +# qr/Virus found = (.*);/m ], +# # HINT: for an infected file it always returns 3, +# # although the man-page tells a different story + + ### http://www.cyber.com/ + ['CyberSoft VFind', 'vfind', + '--vexit {}/*', [0], [23], qr/##==>>>> VIRUS ID: CVDL (.+)/m, + # sub {$ENV{VSTK_HOME}='/usr/lib/vstk'}, + ], + + ### http://www.avast.com/ + ['avast! Antivirus', ['/usr/bin/avastcmd','avastcmd'], + '-a -i -n -t=A {}', [0], [1], qr/\binfected by:\s+([^ \t\n\[\]]+)/m ], + + ### http://www.ikarus-software.com/ + ['Ikarus AntiVirus for Linux', 'ikarus', + '{}', [0], [40], qr/Signature (.+) found/m ], + + ### http://www.bitdefender.com/ + ['BitDefender', 'bdscan', # new version + '--action=ignore --no-list {}', qr/^Infected files *:0+(?!\d)/m, + qr/^(?:Infected files|Identified viruses|Suspect files) *:0*[1-9]/m, + qr/(?:suspected|infected): (.*)(?:\033|$)/m ], + + ### http://www.bitdefender.com/ + ['BitDefender', 'bdc', # old version + '--arc --mail {}', qr/^Infected files *:0+(?!\d)/m, + qr/^(?:Infected files|Identified viruses|Suspect files) *:0*[1-9]/m, + qr/(?:suspected|infected): (.*)(?:\033|$)/m ], + # consider also: --all --nowarn --alev=15 --flev=15. The --all argument may + # not apply to your version of bdc, check documentation and see 'bdc --help' + + ### ArcaVir for Linux and Unix http://www.arcabit.pl/ + ['ArcaVir for Linux', ['arcacmd','arcacmd.static'], + '-v 1 -summary 0 -s {}', [0], [1,2], + qr/(?:VIR|WIR):[ \t]*(.+)/m ], + +# ['File::Scan', sub {Amavis::AV::ask_av(sub{ +# use File::Scan; my($fn)=@@_; +# my($f)=File::Scan->new(max_txt_size=>0, max_bin_size=>0); +# my($vname) = $f->scan($fn); +# $f->error ? (2,"Error: ".$f->error) +# : ($vname ne '') ? (1,"$vname FOUND") : (0,"Clean")}, @@_) }, +# ["{}/*"], [0], [1], qr/^(.*) FOUND$/m ], + +# ### fully-fledged checker for JPEG marker segments of invalid length +# ['check-jpeg', +# sub { use JpegTester (); Amavis::AV::ask_av(\&JpegTester::test_jpeg, @@_) }, +# ["{}/*"], undef, [1], qr/^(bad jpeg: .*)$/m ], +# # NOTE: place file JpegTester.pm somewhere where Perl can find it, +# # for example in /usr/local/lib/perl5/site_perl + +# ### example: simpleminded checker for JPEG marker segments with +# ### invalid length (only checks first 32k, which is not thorough enough) +# ['check-jpeg-simple', +# sub { Amavis::AV::ask_av(sub { +# my($f)=@@_; local(*FF,$_,$1,$2); my(@@r)=(0,'not jpeg'); +# open(FF,$f) or die "jpeg: open err $f: $!"; +# binmode(FF) or die "jpeg: binmode err $f: $!"; +# defined read(FF,$_,32000) or die "jpeg: read err $f: $!"; +# close(FF) or die "jpeg: close err $f: $!"; +# if (/^\xff\xd8\xff/) { +# @@r=(0,'jpeg ok'); +# while (!/\G(?:\xff\xd9|\z)/gc) { # EOI or eof +# if (/\G\xff+(?=\xff|\z)/gc) {} # fill-bytes before marker +# elsif (/\G\xff([\x01\xd0-\xd8])/gc) {} # TEM, RSTi, SOI +# elsif (/\G\xff([^\x00\xff])(..)/gcs) { # marker segment start +# my($n)=unpack("n",$2)-2; +# $n=32766 if $n>32766; # Perl regexp limit +# if ($n<0) {@@r=(1,"bad jpeg: len=$n, pos=".pos); last} +# elsif (/\G.{$n}/gcs) {} # ok +# elsif (/\G.{0,$n}\z/gcs) {last} # truncated +# else {@@r=(1,"bad jpeg: unexpected, pos=".pos); last} +# } +# elsif (/\G[^\xff]+/gc) {} # ECS +# elsif (/\G(?:\xff\x00)+/gc) {} # ECS +# else {@@r=(2,"bad jpeg: unexpected char, pos=".pos); last} +# } +# }; @@r}, @@_) }, +# ["{}/*"], undef, [1], qr/^(bad jpeg: .*)$/m ], + +# ### an example/testing/template virus scanner (external), wastes 3 seconds +# ['wasteful sleeper example', +# '/bin/sleep', '3', # calls external program +# undef, undef, qr/no such/m ], + +# ### an example/testing/template virus scanner (internal), does nothing +# ['null', +# sub {}, ["{}"], # supplies its own subroutine, no external program +# undef, undef, qr/no such/m ], + +); + + +# If no virus scanners from the @@av_scanners list produce 'clean' nor +# 'infected' status (i.e. they all fail to run or the list is empty), +# then _all_ scanners from the @@av_scanners_backup list are tried +# (again, subject to $first_infected_stops_scan). When there are both +# daemonized and equivalent or similar command-line scanners available, +# it is customary to place slower command-line scanners in the +# @@av_scanners_backup list. The default choice is somewhat arbitrary, +# move entries from one list to another as desired, keeping main scanners +# in the primary list to avoid warnings. + +@@av_scanners_backup = ( + + ### http://www.clamav.net/ - backs up clamd or Mail::ClamAV + ['ClamAV-clamscan', 'clamscan', + "--stdout --no-summary -r --tempdir=$TEMPBASE {}", + [0], qr/:.*\sFOUND$/m, qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ], + + ### http://www.f-prot.com/ - backs up F-Prot Daemon, V6 + ['F-PROT Antivirus for UNIX', ['fpscan'], + '--report --mount --adware {}', # consider: --applications -s 4 -u 3 -z 10 + [0,8,64], [1,2,3, 4+1,4+2,4+3, 8+1,8+2,8+3, 12+1,12+2,12+3], + qr/^\[Found\s+[^\]]*\]\s+<([^ \t(>]*)/m ], + + ### http://www.f-prot.com/ - backs up F-Prot Daemon (old) + ['FRISK F-Prot Antivirus', ['f-prot','f-prot.sh'], + '-dumb -ai -archive -packed -server {}', [0,8], [3,6], # or: [0], [3,6,8], + qr/(?:Infection:|security risk named) (.+)|\s+contains\s+(.+)$/m ], + + ### http://www.trendmicro.com/ - backs up Trophie + ['Trend Micro FileScanner', ['/etc/iscan/vscan','vscan'], + '-za -a {}', [0], qr/Found virus/m, qr/Found virus (.+) in/m ], + + ### http://www.sald.com/, http://drweb.imshop.de/ - backs up DrWebD + ['drweb - DrWeb Antivirus', # security LHA hole in Dr.Web 4.33 and earlier + ['/usr/local/drweb/drweb', '/opt/drweb/drweb', 'drweb'], + '-path={} -al -go -ot -cn -upn -ok-', + [0,32], [1,9,33], qr' infected (?:with|by)(?: virus)? (.*)$'m ], + + ### http://www.kaspersky.com/ + ['Kaspersky Antivirus v5.5', + ['/opt/kaspersky/kav4fs/bin/kav4fs-kavscanner', + '/opt/kav/5.5/kav4unix/bin/kavscanner', + '/opt/kav/5.5/kav4mailservers/bin/kavscanner', 'kavscanner'], + '-i0 -xn -xp -mn -R -ePASBME {}/*', [0,10,15], [5,20,21,25], + qr/(?:INFECTED|WARNING|SUSPICION|SUSPICIOUS) (.*)/m, +# sub {chdir('/opt/kav/bin') or die "Can't chdir to kav: $!"}, +# sub {chdir($TEMPBASE) or die "Can't chdir back to $TEMPBASE $!"}, + ], + +# Commented out because the name 'sweep' clashes with Debian and FreeBSD +# package/port of an audio editor. Make sure the correct 'sweep' is found +# in the path when enabling. +# +# ### http://www.sophos.com/ - backs up Sophie or SAVI-Perl +# ['Sophos Anti Virus (sweep)', 'sweep', +# '-nb -f -all -rec -ss -sc -archive -cab -mime -oe -tnef '. +# '--no-reset-atime {}', +# [0,2], qr/Virus .*? found/m, +# qr/^>>> Virus(?: fragment)? '?(.*?)'? found/m, +# ], +# # other options to consider: -idedir=/usr/local/sav + +# Always succeeds and considers mail clean. +# Potentially useful when all other scanners fail and it is desirable +# to let mail continue to flow with no virus checking (when uncommented). +# ['always-clean', sub {0}], + +); + + +# +# Section VIII - Debugging +# + +# The most useful debugging tool is to run amavisd-new non-detached +# from a terminal window using command: # amavisd debug + +# Some more refined approaches: + +# If sender matches ACL, turn debugging fully up, just for this one message +#@@debug_sender_maps = ( ["test-sender\@@$mydomain"] ); +#@@debug_sender_maps = ( [qw( debug@@example.com debug@@example.net )] ); + +# May be useful along with @@debug_sender_maps: +# Prevent all decoded originals being deleted (replaced by decoded part) +#@@keep_decoded_original_maps = (1); + +# Turn on SpamAssassin debugging (output to STDERR, use with 'amavisd debug') +#$sa_debug = '1,all'; # defaults to false + + +# +# Section IX - Policy banks (dynamic policy switching) +# + +## Define some policy banks (sets of settings) and give them +## arbitrary names (the names '', 'MYNETS' and 'MYUSERS' have special meaning): +# +# $policy_bank{'ALT'} = { +# log_level => 3, +# syslog_ident => 'alt-amavis', +# syslog_facility => 'LOCAL3', +# inet_acl => [qw( 10.0.1.14 )], +# final_spam_destiny => D_PASS, final_bad_header_destiny => D_PASS, +# forward_method => 'smtp:*:*', +# notify_method => 'smtp:[127.0.0.1]:10025', +# virus_admin_maps => "abuse\@@$mydomain", +# spam_lovers_maps => [@@spam_lovers_maps, [qw( abuse@@example.com )]], +# spam_tag_level_maps => 2.1, +# spam_tag2_level_maps => 6.32, +# spam_kill_level_maps => 6.72, +# spam_dsn_cutoff_level_maps => 8, +# defang_spam => 1, +# local_client_bind_address => '10.11.12.13', +# localhost_name => 'amavis.example.com', +# smtpd_greeting_banner => +# '${helo-name} ${protocol} ${product} ${version-id} (${version-date}) TEST service ready'; +# auth_mech_avail => [qw(PLAIN LOGIN)], +# auth_required_inp => 1, +# auth_required_out => 1, +# amavis_auth_user => 'amavisd', amavis_auth_pass = 'tOpsecretX', +# av_scanners => [ # provide only 'free' scanners +# ['ClamAV-clamd', +# \&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd"], +# qr/\bOK$/, qr/\bFOUND$/, +# qr/^.*?: (?!Infected Archive)(.*) FOUND$/, +# ], +# ], +# av_scanners_backup => [ +# ['ClamAV-clamscan', 'clamscan', +# "--stdout --disable-summary -r --tempdir=$TEMPBASE {}", [0], [1], +# qr/^.*?: (?!Infected Archive)(.*) FOUND$/, +# ], +# ], +# }; + +# NOTE: the use of policy banks for changing protocol on the input socket is +# only needed when different protocols need to be spoken on different sockets +# at the same time. For normal use just set globally e.g.: $protocol='AM.PDP'; +# +#$policy_bank{'AM.PDP-SOCK'} = { +# protocol => 'AM.PDP', # Amavis policy delegation protocol +# auth_required_release => 0, # do not require secret_id for amavisd-release +#}; +# +#$policy_bank{'AM.PDP-INET'} = { +# protocol => 'AM.PDP', # Amavis policy delegation protocol +# inet_acl => [qw( 127.0.0.1 [::1] )], # restrict to these IP addresses +#}; +# +## the name 'MYNETS' has special semantics: this policy bank gets loaded +## whenever MTA supplies the original SMTP client IP address (Postfix XFORWARD +## extension or a new AM.PDP protocol) and that address matches @@mynetworks. +# +# $terminate_dsn_on_notify_success = 1; +# $policy_bank{'MYNETS'} = { # mail originating from @@mynetworks +# originating => 1, # is true in MYNETS by deflt, but let's make it explicit +# terminate_dsn_on_notify_success => 0, +# spam_kill_level_maps => 6.9, +# syslog_facility => 'LOCAL4', # tell syslog to log to a separate file +# virus_admin_maps => ["virusalert\@@$mydomain"], # alert of internal viruses +# spam_admin_maps => ["spamalert\@@$mydomain"], # alert of internal spam +# bypass_spam_checks_maps => [1], # or: don't spam-check internal mail +# bypass_banned_checks_maps => [1], # don't banned-check internal mail +# warnbadhsender => 1, # warn local senders about their broken MUA +# banned_filename_maps => ['MYNETS-DEFAULT'], # more permissive banning rules +# spam_quarantine_cutoff_level_maps => undef, # quarantine all local spam +# spam_dsn_cutoff_level_maps => undef, # ensure NDN regardless of spam level +# spam_dsn_cutoff_level_bysender_maps => # but only from local domain senders +# [ { lc(".$mydomain") => undef, '.' => 15 } ], +# }; + +## the name 'MYUSERS' has special semantics: this policy bank gets loaded +## whenever the sender matches @@local_domains_maps. This only makes sense +## if local sender addresses can be trusted -- for example by requiring +## authentication before letting users send with their local address. +# +# $policy_bank{'MYUSERS'} = { +# final_virus_destiny => D_BOUNCE, # bounce only to authenticated local users +# final_banned_destiny=> D_BOUNCE, +# }; + +# Needed for Courier: speak courier protocol on the socket +#$interface_policy{'SOCK'} = 'AM-SOCK'; +#$policy_bank{'AM-SOCK'} = {protocol => 'COURIER'}; + +## Now we can assign policy banks to amavisd tcp port numbers listed in +## $inet_socket_port. Whenever the connection from MTA is received, first +## a built-in policy bank $policy_bank{''} gets loaded, which bringings-in +## all the global/legacy settings, then it gets overlaid by the bank +## named in the $interface_policy{$port} if any, and finally the bank +## 'MYNETS' is overlaid if it exists and the SMTP client IP address +## is known (by XFORWARD command from MTA) and it matches @@mynetworks. + +# $interface_policy{'10026'} = 'ALT'; + +# used by amavisd-release utility of a new AM.PDP-based amavis-milter client +#$interface_policy{'9998'} = 'AM.PDP-INET'; +#$interface_policy{'SOCK'} = 'AM.PDP-SOCK'; + +# invoke custom hooks or additional configuration files: +# include_config_files('/etc/amavisd-custom.conf'); + +# Want to execute additional configuration files from some directory? +#{ my($d) = '/etc/amavis/conf.d'; # do *.cf or *.conf files in this directory +# local(*D); opendir(D,$d) or die "Can't open dir $d: $!"; +# my(@@d) = sort grep {/\.(cf|conf)$/ && -f} map {/^(.*)$/,"$d/$1"} readdir(D); +# closedir(D) or die "Can't close $d: $!"; +# include_config_files($_) for (@@d); +#} + +1; # insure a defined return value +@ + + +1.3 +log +@Checked in. +@ +text +@d74 1 +d162 3 +d318 1 +a318 1 +$syslog_priority = 'debug'; # Syslog base (minimal) priority as a string, +d331 1 +a331 1 +$log_level = 2; # (defaults to 0), -d +d515 4 +a518 4 +#$final_virus_destiny = D_DISCARD; # (defaults to D_DISCARD) +#$final_banned_destiny = D_BOUNCE; # (defaults to D_BOUNCE) +#$final_spam_destiny = D_BOUNCE; # (defaults to D_BOUNCE) +#$final_bad_header_destiny = D_PASS; # (defaults to D_PASS) +d921 1 +a921 1 + qr'^MAIL$', # retain full original message for virus checking (can be slow) +d1464 3 +d1503 2 +d1959 10 +a1968 10 +# ### http://www.clamav.net/ +# ['ClamAV-clamd', +# \&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd"], +# qr/\bOK$/m, qr/\bFOUND$/m, +# qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ], +# # NOTE: run clamd under the same user as amavisd, or run it under its own +# # uid such as clamav, add user clamav to the amavis group, and then add +# # AllowSupplementaryGroups to clamd.conf; +# # NOTE: match socket name (LocalSocket) in clamav.conf to the socket name in +# # this entry; when running chrooted one may prefer socket "$MYHOME/clamd". +@ + + +1.2 +log +@Checked in. +@ +text +@a73 1 +$myhostname = 'helga.brehm-online.com'; +a160 3 +@@auth_mech_avail = qw(PLAIN LOGIN); +$auth_required_inp = 0; +$auth_required_out = 0; +d314 1 +a314 1 +$syslog_priority = 'info'; # Syslog base (minimal) priority as a string, +d327 1 +a327 1 +$log_level = 3; # (defaults to 0), -d +d511 4 +a514 4 +$final_virus_destiny = D_REJECT; # (defaults to D_DISCARD) +$final_banned_destiny = D_REJECT; # (defaults to D_BOUNCE) +$final_spam_destiny = D_REJECT; # (defaults to D_BOUNCE) +$final_bad_header_destiny = D_PASS; # (defaults to D_PASS) +d917 1 +a917 1 +# qr'^MAIL$', # retain full original message for virus checking (can be slow) +a1459 3 + [ qr'@@strato(?:-rz)\.de$'i => -5.0 ], + [ qr'^Doris\.Hennig@@BA-MH\.Verwalt-Berlin\.de$'i => -5.0 ], + [ qr'^doris@@hennig-berlin\.org$'i => -5.0 ], +a1495 2 + 'niels@@google.com' => -3.0, + 'kameu@@gmx.de' => -3.0, +d1950 10 +a1959 10 +### http://www.clamav.net/ +['ClamAV-clamd', + \&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd.sock"], + qr/\bOK$/m, qr/\bFOUND$/m, + qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ], +# NOTE: run clamd under the same user as amavisd, or run it under its own +# uid such as clamav, add user clamav to the amavis group, and then add +# AllowSupplementaryGroups to clamd.conf; +# NOTE: match socket name (LocalSocket) in clamav.conf to the socket name in +# this entry; when running chrooted one may prefer socket "$MYHOME/clamd". +@ + + +1.1 +log +@Initial revision +@ +text +@d74 1 +d162 3 +d318 1 +a318 1 +$syslog_priority = 'debug'; # Syslog base (minimal) priority as a string, +d331 1 +a331 1 +$log_level = 2; # (defaults to 0), -d +d515 4 +a518 4 +#$final_virus_destiny = D_DISCARD; # (defaults to D_DISCARD) +#$final_banned_destiny = D_BOUNCE; # (defaults to D_BOUNCE) +#$final_spam_destiny = D_BOUNCE; # (defaults to D_BOUNCE) +#$final_bad_header_destiny = D_PASS; # (defaults to D_PASS) +d921 1 +a921 1 + qr'^MAIL$', # retain full original message for virus checking (can be slow) +d1464 3 +d1503 2 +d1959 10 +a1968 10 +# ### http://www.clamav.net/ +# ['ClamAV-clamd', +# \&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd"], +# qr/\bOK$/m, qr/\bFOUND$/m, +# qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ], +# # NOTE: run clamd under the same user as amavisd, or run it under its own +# # uid such as clamav, add user clamav to the amavis group, and then add +# # AllowSupplementaryGroups to clamd.conf; +# # NOTE: match socket name (LocalSocket) in clamav.conf to the socket name in +# # this entry; when running chrooted one may prefer socket "$MYHOME/clamd". +@ diff --git a/.rcs/amavisd.conf.orig,v b/.rcs/amavisd.conf.orig,v new file mode 100644 index 0000000..2af364f --- /dev/null +++ b/.rcs/amavisd.conf.orig,v @@ -0,0 +1,830 @@ +head 1.1; +access; +symbols; +locks; strict; +comment @# @; + + +1.1 +date 2011.09.08.21.17.36; author root; state Exp; +branches; +next ; + + +desc +@Initialising repository +@ + + +1.1 +log +@Initial revision +@ +text +@use strict; + +# a minimalistic configuration file for amavisd-new with all necessary settings +# +# see amavisd.conf-default for a list of all variables with their defaults; +# for more details see documentation in INSTALL, README_FILES/* +# and at http://www.ijs.si/software/amavisd/amavisd-new-docs.html + + +# COMMONLY ADJUSTED SETTINGS: + +# @@bypass_virus_checks_maps = (1); # controls running of anti-virus code +# @@bypass_spam_checks_maps = (1); # controls running of anti-spam code +# $bypass_decode_parts = 1; # controls running of decoders&dearchivers + +$max_servers = 2; # num of pre-forked children (2..30 is common), -m +$daemon_user = 'amavis'; # (no default; customary: vscan or amavis), -u +$daemon_group = 'amavis'; # (no default; customary: vscan or amavis), -g + +$mydomain = 'example.com'; # a convenient default for other settings + +# $MYHOME = '/var/amavis'; # a convenient default for other settings, -H +$TEMPBASE = "$MYHOME/tmp"; # working directory, needs to exist, -T +$ENV{TMPDIR} = $TEMPBASE; # environment variable TMPDIR, used by SA, etc. +$QUARANTINEDIR = "$MYHOME/quarantine"; # -Q +# $quarantine_subdir_levels = 1; # add level of subdirs to disperse quarantine +# $release_format = 'resend'; # 'attach', 'plain', 'resend' +# $report_format = 'arf'; # 'attach', 'plain', 'resend', 'arf' + +# $daemon_chroot_dir = $MYHOME; # chroot directory or undef, -R + +# $db_home = "$MYHOME/db"; # dir for bdb nanny/cache/snmp databases, -D +# $helpers_home = "$MYHOME/var"; # working directory for SpamAssassin, -S +# $lock_file = "$MYHOME/var/amavisd.lock"; # -L +# $pid_file = "$MYHOME/var/amavisd.pid"; # -P +#NOTE: create directories $MYHOME/tmp, $MYHOME/var, $MYHOME/db manually + +$log_level = 0; # verbosity 0..5, -d +$log_recip_templ = undef; # disable by-recipient level-0 log entries +$do_syslog = 1; # log via syslogd (preferred) +$syslog_facility = 'mail'; # Syslog facility as a string + # e.g.: mail, daemon, user, local0, ... local7 + +$enable_db = 1; # enable use of BerkeleyDB/libdb (SNMP and nanny) +$nanny_details_level = 2; # nanny verbosity: 1: traditional, 2: detailed +$enable_dkim_verification = 0; # enable DKIM signatures verification +$enable_dkim_signing = 0; # load DKIM signing code, keys defined by dkim_key + +@@local_domains_maps = ( [".$mydomain"] ); # list of all local domains + +@@mynetworks = qw( 127.0.0.0/8 [::1] [FE80::]/10 [FEC0::]/10 + 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 ); + +$unix_socketname = "$MYHOME/amavisd.sock"; # amavisd-release or amavis-milter + # option(s) -p overrides $inet_socket_port and $unix_socketname + +$inet_socket_port = 10024; # listen on this local TCP port(s) +# $inet_socket_port = [10024,10026]; # listen on multiple TCP ports + +$policy_bank{'MYNETS'} = { # mail originating from @@mynetworks + originating => 1, # is true in MYNETS by default, but let's make it explicit + os_fingerprint_method => undef, # don't query p0f for internal clients +}; + +# it is up to MTA to re-route mail from authenticated roaming users or +# from internal hosts to a dedicated TCP port (such as 10026) for filtering +$interface_policy{'10026'} = 'ORIGINATING'; + +$policy_bank{'ORIGINATING'} = { # mail supposedly originating from our users + originating => 1, # declare that mail was submitted by our smtp client + allow_disclaimers => 1, # enables disclaimer insertion if available + # notify administrator of locally originating malware + virus_admin_maps => ["virusalert\@@$mydomain"], + spam_admin_maps => ["virusalert\@@$mydomain"], + warnbadhsender => 1, + # forward to a smtpd service providing DKIM signing service + forward_method => 'smtp:[127.0.0.1]:10027', + # force MTA conversion to 7-bit (e.g. before DKIM signing) + smtpd_discard_ehlo_keywords => ['8BITMIME'], + bypass_banned_checks_maps => [1], # allow sending any file names and types + terminate_dsn_on_notify_success => 0, # don't remove NOTIFY=SUCCESS option +}; + +$interface_policy{'SOCK'} = 'AM.PDP-SOCK'; # only applies with $unix_socketname + +# Use with amavis-release over a socket or with Petr Rehor's amavis-milter.c +# (with amavis-milter.c from this package or old amavis.c client use 'AM.CL'): +$policy_bank{'AM.PDP-SOCK'} = { + protocol => 'AM.PDP', + auth_required_release => 0, # do not require secret_id for amavisd-release +}; + +$sa_tag_level_deflt = 2.0; # add spam info headers if at, or above that level +$sa_tag2_level_deflt = 6.2; # add 'spam detected' headers at that level +$sa_kill_level_deflt = 6.9; # triggers spam evasive actions (e.g. blocks mail) +$sa_dsn_cutoff_level = 10; # spam level beyond which a DSN is not sent +$sa_crediblefrom_dsn_cutoff_level = 18; # likewise, but for a likely valid From +# $sa_quarantine_cutoff_level = 25; # spam level beyond which quarantine is off +$penpals_bonus_score = 8; # (no effect without a @@storage_sql_dsn database) +$penpals_threshold_high = $sa_kill_level_deflt; # don't waste time on hi spam +$bounce_killer_score = 100; # spam score points to add for joe-jobbed bounces + +$sa_mail_body_size_limit = 400*1024; # don't waste time on SA if mail is larger +$sa_local_tests_only = 0; # only tests which do not require internet access? + +# @@lookup_sql_dsn = +# ( ['DBI:mysql:database=mail;host=127.0.0.1;port=3306', 'user1', 'passwd1'], +# ['DBI:mysql:database=mail;host=host2', 'username2', 'password2'], +# ["DBI:SQLite:dbname=$MYHOME/sql/mail_prefs.sqlite", '', ''] ); +# @@storage_sql_dsn = @@lookup_sql_dsn; # none, same, or separate database + +# $timestamp_fmt_mysql = 1; # if using MySQL *and* msgs.time_iso is TIMESTAMP; +# defaults to 0, which is good for non-MySQL or if msgs.time_iso is CHAR(16) + +$virus_admin = "virusalert\@@$mydomain"; # notifications recip. + +$mailfrom_notify_admin = "virusalert\@@$mydomain"; # notifications sender +$mailfrom_notify_recip = "virusalert\@@$mydomain"; # notifications sender +$mailfrom_notify_spamadmin = "spam.police\@@$mydomain"; # notifications sender +$mailfrom_to_quarantine = ''; # null return path; uses original sender if undef + +@@addr_extension_virus_maps = ('virus'); +@@addr_extension_banned_maps = ('banned'); +@@addr_extension_spam_maps = ('spam'); +@@addr_extension_bad_header_maps = ('badh'); +# $recipient_delimiter = '+'; # undef disables address extensions altogether +# when enabling addr extensions do also Postfix/main.cf: recipient_delimiter=+ + +$path = '/usr/local/sbin:/usr/local/bin:/usr/sbin:/sbin:/usr/bin:/bin'; +# $dspam = 'dspam'; + +$MAXLEVELS = 14; +$MAXFILES = 1500; +$MIN_EXPANSION_QUOTA = 100*1024; # bytes (default undef, not enforced) +$MAX_EXPANSION_QUOTA = 300*1024*1024; # bytes (default undef, not enforced) + +$sa_spam_subject_tag = '***Spam*** '; +$defang_virus = 1; # MIME-wrap passed infected mail +$defang_banned = 1; # MIME-wrap passed mail containing banned name +# for defanging bad headers only turn on certain minor contents categories: +$defang_by_ccat{CC_BADH.",3"} = 1; # NUL or CR character in header +$defang_by_ccat{CC_BADH.",5"} = 1; # header line longer than 998 characters +$defang_by_ccat{CC_BADH.",6"} = 1; # header field syntax error + + +# OTHER MORE COMMON SETTINGS (defaults may suffice): + +# $myhostname = 'host.example.com'; # must be a fully-qualified domain name! + +# $notify_method = 'smtp:[127.0.0.1]:10025'; +# $forward_method = 'smtp:[127.0.0.1]:10025'; # set to undef with milter! + +# $final_virus_destiny = D_DISCARD; +# $final_banned_destiny = D_DISCARD; +# $final_spam_destiny = D_PASS; #!!! D_DISCARD / D_REJECT +# $final_bad_header_destiny = D_PASS; +# $bad_header_quarantine_method = undef; + +# $os_fingerprint_method = 'p0f:*:2345'; # to query p0f-analyzer.pl + +## hierarchy by which a final setting is chosen: +## policy bank (based on port or IP address) -> *_by_ccat +## *_by_ccat (based on mail contents) -> *_maps +## *_maps (based on recipient address) -> final configuration value + + +# SOME OTHER VARIABLES WORTH CONSIDERING (see amavisd.conf-default for all) + +# $warnbadhsender, +# $warnvirusrecip, $warnbannedrecip, $warnbadhrecip, (or @@warn*recip_maps) +# +# @@bypass_virus_checks_maps, @@bypass_spam_checks_maps, +# @@bypass_banned_checks_maps, @@bypass_header_checks_maps, +# +# @@virus_lovers_maps, @@spam_lovers_maps, +# @@banned_files_lovers_maps, @@bad_header_lovers_maps, +# +# @@blacklist_sender_maps, @@score_sender_maps, +# +# $clean_quarantine_method, $virus_quarantine_to, $banned_quarantine_to, +# $bad_header_quarantine_to, $spam_quarantine_to, +# +# $defang_bad_header, $defang_undecipherable, $defang_spam + + +# REMAINING IMPORTANT VARIABLES ARE LISTED HERE BECAUSE OF LONGER ASSIGNMENTS + +@@keep_decoded_original_maps = (new_RE( + qr'^MAIL$', # retain full original message for virus checking + qr'^MAIL-UNDECIPHERABLE$', # recheck full mail if it contains undecipherables + qr'^(ASCII(?! cpio)|text|uuencoded|xxencoded|binhex)'i, +# qr'^Zip archive data', # don't trust Archive::Zip +)); + + +$banned_filename_re = new_RE( + +### BLOCKED ANYWHERE +# qr'^UNDECIPHERABLE$', # is or contains any undecipherable components + qr'^\.(exe-ms|dll)$', # banned file(1) types, rudimentary +# qr'^\.(exe|lha|cab|dll)$', # banned file(1) types + +### BLOCK THE FOLLOWING, EXCEPT WITHIN UNIX ARCHIVES: +# [ qr'^\.(gz|bz2)$' => 0 ], # allow any in gzip or bzip2 + [ qr'^\.(rpm|cpio|tar)$' => 0 ], # allow any in Unix-type archives + + qr'.\.(pif|scr)$'i, # banned extensions - rudimentary +# qr'^\.zip$', # block zip type + +### BLOCK THE FOLLOWING, EXCEPT WITHIN ARCHIVES: +# [ qr'^\.(zip|rar|arc|arj|zoo)$'=> 0 ], # allow any within these archives + + qr'^application/x-msdownload$'i, # block these MIME types + qr'^application/x-msdos-program$'i, + qr'^application/hta$'i, + +# qr'^message/partial$'i, # rfc2046 MIME type +# qr'^message/external-body$'i, # rfc2046 MIME type + +# qr'^(application/x-msmetafile|image/x-wmf)$'i, # Windows Metafile MIME type +# qr'^\.wmf$', # Windows Metafile file(1) type + + # block certain double extensions in filenames + qr'^(?!cid:).*\.[^./]*[A-Za-z][^./]*\.\s*(exe|vbs|pif|scr|bat|cmd|com|cpl|dll)[.\s]*$'i, + +# qr'\{[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12}\}?'i, # Class ID CLSID, strict +# qr'\{[0-9a-z]{4,}(-[0-9a-z]{4,}){0,7}\}?'i, # Class ID extension CLSID, loose + + qr'.\.(exe|vbs|pif|scr|cpl)$'i, # banned extension - basic +# qr'.\.(exe|vbs|pif|scr|cpl|bat|cmd|com)$'i, # banned extension - basic+cmd +# qr'.\.(ade|adp|app|bas|bat|chm|cmd|com|cpl|crt|emf|exe|fxp|grp|hlp|hta| +# inf|ini|ins|isp|js|jse|lib|lnk|mda|mdb|mde|mdt|mdw|mdz|msc|msi| +# msp|mst|ocx|ops|pcd|pif|prg|reg|scr|sct|shb|shs|sys|vb|vbe|vbs|vxd| +# wmf|wsc|wsf|wsh)$'ix, # banned extensions - long +# qr'.\.(asd|asf|asx|url|vcs|wmd|wmz)$'i, # consider also +# qr'.\.(ani|cur|ico)$'i, # banned cursors and icons filename +# qr'^\.ani$', # banned animated cursor file(1) type +# qr'.\.(mim|b64|bhx|hqx|xxe|uu|uue)$'i, # banned extension - WinZip vulnerab. +); +# See http://support.microsoft.com/default.aspx?scid=kb;EN-US;q262631 +# and http://www.cknow.com/vtutor/vtextensions.htm + + +# ENVELOPE SENDER SOFT-WHITELISTING / SOFT-BLACKLISTING + +@@score_sender_maps = ({ # a by-recipient hash lookup table, + # results from all matching recipient tables are summed + +# ## per-recipient personal tables (NOTE: positive: black, negative: white) +# 'user1@@example.com' => [{'bla-mobile.press@@example.com' => 10.0}], +# 'user3@@example.com' => [{'.ebay.com' => -3.0}], +# 'user4@@example.com' => [{'cleargreen@@cleargreen.com' => -7.0, +# '.cleargreen.com' => -5.0}], + + ## site-wide opinions about senders (the '.' matches any recipient) + '.' => [ # the _first_ matching sender determines the score boost + + new_RE( # regexp-type lookup table, just happens to be all soft-blacklist + [qr'^(bulkmail|offers|cheapbenefits|earnmoney|foryou)@@'i => 5.0], + [qr'^(greatcasino|investments|lose_weight_today|market\.alert)@@'i=> 5.0], + [qr'^(money2you|MyGreenCard|new\.tld\.registry|opt-out|opt-in)@@'i=> 5.0], + [qr'^(optin|saveonlsmoking2002k|specialoffer|specialoffers)@@'i => 5.0], + [qr'^(stockalert|stopsnoring|wantsome|workathome|yesitsfree)@@'i => 5.0], + [qr'^(your_friend|greatoffers)@@'i => 5.0], + [qr'^(inkjetplanet|marketopt|MakeMoney)\d*@@'i => 5.0], + ), + +# read_hash("/var/amavis/sender_scores_sitewide"), + + { # a hash-type lookup table (associative array) + 'nobody@@cert.org' => -3.0, + 'cert-advisory@@us-cert.gov' => -3.0, + 'owner-alert@@iss.net' => -3.0, + 'slashdot@@slashdot.org' => -3.0, + 'securityfocus.com' => -3.0, + 'ntbugtraq@@listserv.ntbugtraq.com' => -3.0, + 'security-alerts@@linuxsecurity.com' => -3.0, + 'mailman-announce-admin@@python.org' => -3.0, + 'amavis-user-admin@@lists.sourceforge.net'=> -3.0, + 'amavis-user-bounces@@lists.sourceforge.net' => -3.0, + 'spamassassin.apache.org' => -3.0, + 'notification-return@@lists.sophos.com' => -3.0, + 'owner-postfix-users@@postfix.org' => -3.0, + 'owner-postfix-announce@@postfix.org' => -3.0, + 'owner-sendmail-announce@@lists.sendmail.org' => -3.0, + 'sendmail-announce-request@@lists.sendmail.org' => -3.0, + 'donotreply@@sendmail.org' => -3.0, + 'ca+envelope@@sendmail.org' => -3.0, + 'noreply@@freshmeat.net' => -3.0, + 'owner-technews@@postel.acm.org' => -3.0, + 'ietf-123-owner@@loki.ietf.org' => -3.0, + 'cvs-commits-list-admin@@gnome.org' => -3.0, + 'rt-users-admin@@lists.fsck.com' => -3.0, + 'clp-request@@comp.nus.edu.sg' => -3.0, + 'surveys-errors@@lists.nua.ie' => -3.0, + 'emailnews@@genomeweb.com' => -5.0, + 'yahoo-dev-null@@yahoo-inc.com' => -3.0, + 'returns.groups.yahoo.com' => -3.0, + 'clusternews@@linuxnetworx.com' => -3.0, + lc('lvs-users-admin@@LinuxVirtualServer.org') => -3.0, + lc('owner-textbreakingnews@@CNNIMAIL12.CNN.COM') => -5.0, + + # soft-blacklisting (positive score) + 'sender@@example.net' => 3.0, + '.example.net' => 1.0, + + }, + ], # end of site-wide tables +}); + + +@@decoders = ( + ['mail', \&do_mime_decode], +# ['asc', \&do_ascii], +# ['uue', \&do_ascii], +# ['hqx', \&do_ascii], +# ['ync', \&do_ascii], + ['F', \&do_uncompress, ['unfreeze','freeze -d','melt','fcat'] ], + ['Z', \&do_uncompress, ['uncompress','gzip -d','zcat'] ], + ['gz', \&do_uncompress, 'gzip -d'], + ['gz', \&do_gunzip], + ['bz2', \&do_uncompress, 'bzip2 -d'], + ['xz', \&Amavis::Unpackers::do_uncompress, + ['xzdec'. 'xz -dc', 'unxz -c', 'xzcat'] ], + ['lzma', \&Amavis::Unpackers::do_uncompress, + ['lzmadec', 'xz -dc --format=lzma', + 'lzma -dc', 'unlzma -c', 'lzcat', 'lzmadec'] ], + ['lzo', \&do_uncompress, 'lzop -d'], + ['rpm', \&do_uncompress, ['rpm2cpio.pl','rpm2cpio'] ], + ['cpio', \&do_pax_cpio, ['pax','gcpio','cpio'] ], + ['tar', \&do_pax_cpio, ['pax','gcpio','cpio'] ], + ['deb', \&do_ar, 'ar'], +# ['a', \&do_ar, 'ar'], # unpacking .a seems an overkill + ['zip', \&do_unzip], + ['7z', \&do_7zip, ['7zr','7za','7z'] ], + ['rar', \&do_unrar, ['rar','unrar'] ], + ['arj', \&do_unarj, ['arj','unarj'] ], + ['arc', \&do_arc, ['nomarch','arc'] ], + ['zoo', \&do_zoo, ['zoo','unzoo'] ], + ['lha', \&do_lha, 'lha'], +# ['doc', \&do_ole, 'ripole'], + ['cab', \&do_cabextract, 'cabextract'], + ['tnef', \&do_tnef_ext, 'tnef'], + ['tnef', \&do_tnef], +# ['sit', \&do_unstuff, 'unstuff'], # broken/unsafe decoder + ['exe', \&do_executable, ['rar','unrar'], 'lha', ['arj','unarj'] ], +); + + +@@av_scanners = ( + +# ### http://www.sophos.com/ +# ['Sophos-SSSP', +# \&ask_daemon, ["{}", 'sssp:/var/run/savdi/sssp.sock'], +# # or: ["{}", 'sssp:[127.0.0.1]:4010'], +# qr/^DONE OK\b/m, qr/^VIRUS\b/m, qr/^VIRUS\s*(\S*)/m ], + +# ### http://www.clanfield.info/sophie/ (http://www.vanja.com/tools/sophie/) +# ['Sophie', +# \&ask_daemon, ["{}/\n", 'sophie:/var/run/sophie'], +# qr/(?x)^ 0+ ( : | [\000\r\n]* $)/, qr/(?x)^ 1 ( : | [\000\r\n]* $)/, +# qr/(?x)^ [-+]? \d+ : (.*?) [\000\r\n]* $/m ], + +# ### http://www.csupomona.edu/~henson/www/projects/SAVI-Perl/ +# ['Sophos SAVI', \&ask_daemon, ['{}','savi-perl:'] ], + +# ['Avira SAVAPI', +# \&ask_daemon, ["*", 'savapi:/var/tmp/.savapi3', 'product-id'], +# qr/^(200|210)/m, qr/^(310|420|319)/m, +# qr/^(?:310|420)[,\s]*(?:.* <<< )?(.+?)(?: ; |$)/m +# settings for the SAVAPI3.conf: ArchiveScan=1, HeurLevel=2, MailboxScan=1 + +# ### http://www.clamav.net/ +# ['ClamAV-clamd', +# \&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd"], +# qr/\bOK$/m, qr/\bFOUND$/m, +# qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ], +# # NOTE: run clamd under the same user as amavisd, or run it under its own +# # uid such as clamav, add user clamav to the amavis group, and then add +# # AllowSupplementaryGroups to clamd.conf; +# # NOTE: match socket name (LocalSocket) in clamav.conf to the socket name in +# # this entry; when running chrooted one may prefer socket "$MYHOME/clamd". + +# ### http://www.clamav.net/ and CPAN (memory-hungry! clamd is preferred) +# # note that Mail::ClamAV requires perl to be build with threading! +# ['Mail::ClamAV', \&ask_daemon, ['{}','clamav-perl:'], +# [0], [1], qr/^INFECTED: (.+)/m], + +# ### http://www.openantivirus.org/ +# ['OpenAntiVirus ScannerDaemon (OAV)', +# \&ask_daemon, ["SCAN {}\n", '127.0.0.1:8127'], +# qr/^OK/m, qr/^FOUND: /m, qr/^FOUND: (.+)/m ], + +# ### http://www.vanja.com/tools/trophie/ +# ['Trophie', +# \&ask_daemon, ["{}/\n", 'trophie:/var/run/trophie'], +# qr/(?x)^ 0+ ( : | [\000\r\n]* $)/m, qr/(?x)^ 1 ( : | [\000\r\n]* $)/m, +# qr/(?x)^ [-+]? \d+ : (.*?) [\000\r\n]* $/m ], + +# ### http://www.grisoft.com/ +# ['AVG Anti-Virus', +# \&ask_daemon, ["SCAN {}\n", '127.0.0.1:55555'], +# qr/^200/m, qr/^403/m, qr/^403 .*?: ([^\r\n]+)/m ], + +# ### http://www.f-prot.com/ +# ['F-Prot fpscand', # F-PROT Antivirus for BSD/Linux/Solaris, version 6 +# \&ask_daemon, +# ["SCAN FILE {}/*\n", '127.0.0.1:10200'], +# qr/^(0|8|64) /m, +# qr/^([1235679]|1[01345]) |<[^>:]*(?i)(infected|suspicious|unwanted)/m, +# qr/(?i)<[^>:]*(?:infected|suspicious|unwanted)[^>:]*: ([^>]*)>/m ], + +# ### http://www.f-prot.com/ +# ['F-Prot f-protd', # old version +# \&ask_daemon, +# ["GET {}/*?-dumb%20-archive%20-packed HTTP/1.0\r\n\r\n", +# ['127.0.0.1:10200', '127.0.0.1:10201', '127.0.0.1:10202', +# '127.0.0.1:10203', '127.0.0.1:10204'] ], +# qr/(?i)]*>clean<\/summary>/m, +# qr/(?i)]*>infected<\/summary>/m, +# qr/(?i)(.+)<\/name>/m ], + +# ### http://www.sald.com/, http://www.dials.ru/english/, http://www.drweb.ru/ +# ['DrWebD', \&ask_daemon, # DrWebD 4.31 or later +# [pack('N',1). # DRWEBD_SCAN_CMD +# pack('N',0x00280001). # DONT_CHANGEMAIL, IS_MAIL, RETURN_VIRUSES +# pack('N', # path length +# length("$TEMPBASE/amavis-yyyymmddTHHMMSS-xxxxx/parts/pxxx")). +# '{}/*'. # path +# pack('N',0). # content size +# pack('N',0), +# '/var/drweb/run/drwebd.sock', +# # '/var/amavis/var/run/drwebd.sock', # suitable for chroot +# # '/usr/local/drweb/run/drwebd.sock', # FreeBSD drweb ports default +# # '127.0.0.1:3000', # or over an inet socket +# ], +# qr/\A\x00[\x10\x11][\x00\x10]\x00/sm, # IS_CLEAN,EVAL_KEY; SKIPPED +# qr/\A\x00[\x00\x01][\x00\x10][\x20\x40\x80]/sm,# KNOWN_V,UNKNOWN_V,V._MODIF +# qr/\A.{12}(?:infected with )?([^\x00]+)\x00/sm, +# ], +# # NOTE: If using amavis-milter, change length to: +# # length("$TEMPBASE/amavis-milter-xxxxxxxxxxxxxx/parts/pxxx"). + + ### http://www.kaspersky.com/ (kav4mailservers) + ['KasperskyLab AVP - aveclient', + ['/usr/local/kav/bin/aveclient','/usr/local/share/kav/bin/aveclient', + '/opt/kav/5.5/kav4mailservers/bin/aveclient','aveclient'], + '-p /var/run/aveserver -s {}/*', + [0,3,6,8], qr/\b(INFECTED|SUSPICION|SUSPICIOUS)\b/m, + qr/(?:INFECTED|WARNING|SUSPICION|SUSPICIOUS) (.+)/m, + ], + # NOTE: one may prefer [0],[2,3,4,5], depending on how suspicious, + # currupted or protected archives are to be handled + + ### http://www.kaspersky.com/ + ['KasperskyLab AntiViral Toolkit Pro (AVP)', ['avp'], + '-* -P -B -Y -O- {}', [0,3,6,8], [2,4], # any use for -A -K ? + qr/infected: (.+)/m, + sub {chdir('/opt/AVP') or die "Can't chdir to AVP: $!"}, + sub {chdir($TEMPBASE) or die "Can't chdir back to $TEMPBASE $!"}, + ], + + ### The kavdaemon and AVPDaemonClient have been removed from Kasperky + ### products and replaced by aveserver and aveclient + ['KasperskyLab AVPDaemonClient', + [ '/opt/AVP/kavdaemon', 'kavdaemon', + '/opt/AVP/AvpDaemonClient', 'AvpDaemonClient', + '/opt/AVP/AvpTeamDream', 'AvpTeamDream', + '/opt/AVP/avpdc', 'avpdc' ], + "-f=$TEMPBASE {}", [0,8], [3,4,5,6], qr/infected: ([^\r\n]+)/m ], + # change the startup-script in /etc/init.d/kavd to: + # DPARMS="-* -Y -dl -f=/var/amavis /var/amavis" + # (or perhaps: DPARMS="-I0 -Y -* /var/amavis" ) + # adjusting /var/amavis above to match your $TEMPBASE. + # The '-f=/var/amavis' is needed if not running it as root, so it + # can find, read, and write its pid file, etc., see 'man kavdaemon'. + # defUnix.prf: there must be an entry "*/var/amavis" (or whatever + # directory $TEMPBASE specifies) in the 'Names=' section. + # cd /opt/AVP/DaemonClients; configure; cd Sample; make + # cp AvpDaemonClient /opt/AVP/ + # su - amavis -c "${PREFIX}/kavdaemon ${DPARMS}" + + ### http://www.centralcommand.com/ + ['CentralCommand Vexira (new) vascan', + ['vascan','/usr/lib/Vexira/vascan'], + "-a s --timeout=60 --temp=$TEMPBASE -y $QUARANTINEDIR ". + "--log=/var/log/vascan.log {}", + [0,3], [1,2,5], + qr/(?x)^\s* (?:virus|iworm|macro|mutant|sequence|trojan)\ found:\ ( [^\]\s']+ )\ \.\.\.\ /m ], + # Adjust the path of the binary and the virus database as needed. + # 'vascan' does not allow to have the temp directory to be the same as + # the quarantine directory, and the quarantine option can not be disabled. + # If $QUARANTINEDIR is not used, then another directory must be specified + # to appease 'vascan'. Move status 3 to the second list if password + # protected files are to be considered infected. + + ### http://www.avira.com/ + ### old Avira AntiVir 2.x (ex H+BEDV) or old CentralCommand Vexira Antivirus + ['Avira AntiVir', ['antivir','vexira'], + '--allfiles -noboot -nombr -rs -s -z {}', [0], qr/ALERT:|VIRUS:/m, + qr/(?x)^\s* (?: ALERT: \s* (?: \[ | [^']* ' ) | + (?i) VIRUS:\ .*?\ virus\ '?) ( [^\]\s']+ )/m ], + # NOTE: if you only have a demo version, remove -z and add 214, as in: + # '--allfiles -noboot -nombr -rs -s {}', [0,214], qr/ALERT:|VIRUS:/, + + ### http://www.avira.com/ + ### Avira for UNIX 3.x + ['Avira AntiVir', ['avscan'], + '-s --batch --alert-action=none {}', [0,4], qr/(?:ALERT|FUND):/m, + qr/(?:ALERT|FUND): (?:.* <<< )?(.+?)(?: ; |$)/m ], + + ### http://www.commandsoftware.com/ + ['Command AntiVirus for Linux', 'csav', + '-all -archive -packed {}', [50], [51,52,53], + qr/Infection: (.+)/m ], + + ### http://www.symantec.com/ + ['Symantec CarrierScan via Symantec CommandLineScanner', + 'cscmdline', '-a scan -i 1 -v -s 127.0.0.1:7777 {}', + qr/^Files Infected:\s+0$/m, qr/^Infected\b/m, + qr/^(?:Info|Virus Name):\s+(.+)/m ], + + ### http://www.symantec.com/ + ['Symantec AntiVirus Scan Engine', + 'savsecls', '-server 127.0.0.1:7777 -mode scanrepair -details -verbose {}', + [0], qr/^Infected\b/m, + qr/^(?:Info|Virus Name):\s+(.+)/m ], + # NOTE: check options and patterns to see which entry better applies + +# ### http://www.f-secure.com/products/anti-virus/ version 4.65 +# ['F-Secure Antivirus for Linux servers', +# ['/opt/f-secure/fsav/bin/fsav', 'fsav'], +# '--delete=no --disinf=no --rename=no --archive=yes --auto=yes '. +# '--dumb=yes --list=no --mime=yes {}', [0], [3,6,8], +# qr/(?:infection|Infected|Suspected): (.+)/m ], + + ### http://www.f-secure.com/products/anti-virus/ version 5.52 + ['F-Secure Antivirus for Linux servers', + ['/opt/f-secure/fsav/bin/fsav', 'fsav'], + '--virus-action1=report --archive=yes --auto=yes '. + '--dumb=yes --list=no --mime=yes {}', [0], [3,4,6,8], + qr/(?:infection|Infected|Suspected|Riskware): (.+)/m ], + # NOTE: internal archive handling may be switched off by '--archive=no' + # to prevent fsav from exiting with status 9 on broken archives + +# ### http://www.avast.com/ +# ['avast! Antivirus daemon', +# \&ask_daemon, # greets with 220, terminate with QUIT +# ["SCAN {}\015\012QUIT\015\012", '/var/run/avast4/mailscanner.sock'], +# qr/\t\[\+\]/m, qr/\t\[L\]\t/m, qr/\t\[L\]\t([^[ \t\015\012]+)/m ], + +# ### http://www.avast.com/ +# ['avast! Antivirus - Client/Server Version', 'avastlite', +# '-a /var/run/avast4/mailscanner.sock -n {}', [0], [1], +# qr/\t\[L\]\t([^[ \t\015\012]+)/m ], + + ['CAI InoculateIT', 'inocucmd', # retired product + '-sec -nex {}', [0], [100], + qr/was infected by virus (.+)/m ], + # see: http://www.flatmtn.com/computer/Linux-Antivirus_CAI.html + + ### http://www3.ca.com/Solutions/Product.asp?ID=156 (ex InoculateIT) + ['CAI eTrust Antivirus', 'etrust-wrapper', + '-arc -nex -spm h {}', [0], [101], + qr/is infected by virus: (.+)/m ], + # NOTE: requires suid wrapper around inocmd32; consider flag: -mod reviewer + # see http://marc.theaimsgroup.com/?l=amavis-user&m=109229779912783 + + ### http://mks.com.pl/english.html + ['MkS_Vir for Linux (beta)', ['mks32','mks'], + '-s {}/*', [0], [1,2], + qr/--[ \t]*(.+)/m ], + + ### http://mks.com.pl/english.html + ['MkS_Vir daemon', 'mksscan', + '-s -q {}', [0], [1..7], + qr/^... (\S+)/m ], + +# ### http://www.nod32.com/, version v2.52 (old) +# ['ESET NOD32 for Linux Mail servers', +# ['/opt/eset/nod32/bin/nod32cli', 'nod32cli'], +# '--subdir --files -z --sfx --rtp --adware --unsafe --pattern --heur '. +# '-w -a --action-on-infected=accept --action-on-uncleanable=accept '. +# '--action-on-notscanned=accept {}', +# [0,3], [1,2], qr/virus="([^"]+)"/m ], + +# ### http://www.eset.com/, version v2.7 (old) +# ['ESET NOD32 Linux Mail Server - command line interface', +# ['/usr/bin/nod32cli', '/opt/eset/nod32/bin/nod32cli', 'nod32cli'], +# '--subdir {}', [0,3], [1,2], qr/virus="([^"]+)"/m ], + +# ### http://www.eset.com/, version 2.71.12 +# ['ESET Software ESETS Command Line Interface', +# ['/usr/bin/esets_cli', 'esets_cli'], +# '--subdir {}', [0], [1,2,3], qr/virus="([^"]+)"/m ], + + ### http://www.eset.com/, version 3.0 + ['ESET Software ESETS Command Line Interface', + ['/usr/bin/esets_cli', 'esets_cli'], + '--subdir {}', [0], [1,2,3], + qr/:\s*action="(?!accepted)[^"]*"\n.*:\s*virus="([^"]*)"/m ], + + ## http://www.nod32.com/, NOD32LFS version 2.5 and above + ['ESET NOD32 for Linux File servers', + ['/opt/eset/nod32/sbin/nod32','nod32'], + '--files -z --mail --sfx --rtp --adware --unsafe --pattern --heur '. + '-w -a --action=1 -b {}', + [0], [1,10], qr/^object=.*, virus="(.*?)",/m ], + +# Experimental, based on posting from Rado Dibarbora (Dibo) on 2002-05-31 +# ['ESET Software NOD32 Client/Server (NOD32SS)', +# \&ask_daemon2, # greets with 200, persistent, terminate with QUIT +# ["SCAN {}/*\r\n", '127.0.0.1:8448' ], +# qr/^200 File OK/m, qr/^201 /m, qr/^201 (.+)/m ], + + ### http://www.norman.com/products_nvc.shtml + ['Norman Virus Control v5 / Linux', 'nvcc', + '-c -l:0 -s -u -temp:$TEMPBASE {}', [0,10,11], [1,2,14], + qr/(?i).* virus in .* -> \'(.+)\'/m ], + + ### http://www.pandasoftware.com/ + ['Panda CommandLineSecure 9 for Linux', + ['/opt/pavcl/usr/bin/pavcl','pavcl'], + '-auto -aex -heu -cmp -nbr -nor -nos -eng -nob {}', + qr/Number of files infected[ .]*: 0+(?!\d)/m, + qr/Number of files infected[ .]*: 0*[1-9]/m, + qr/Found virus :\s*(\S+)/m ], + # NOTE: for efficiency, start the Panda in resident mode with 'pavcl -tsr' + # before starting amavisd - the bases are then loaded only once at startup. + # To reload bases in a signature update script: + # /opt/pavcl/usr/bin/pavcl -tsr -ulr; /opt/pavcl/usr/bin/pavcl -tsr + # Please review other options of pavcl, for example: + # -nomalw, -nojoke, -nodial, -nohackt, -nospyw, -nocookies + +# ### http://www.pandasoftware.com/ +# ['Panda Antivirus for Linux', ['pavcl'], +# '-TSR -aut -aex -heu -cmp -nbr -nor -nso -eng {}', +# [0], [0x10, 0x30, 0x50, 0x70, 0x90, 0xB0, 0xD0, 0xF0], +# qr/Found virus :\s*(\S+)/m ], + +# GeCAD AV technology is acquired by Microsoft; RAV has been discontinued. +# Check your RAV license terms before fiddling with the following two lines! +# ['GeCAD RAV AntiVirus 8', 'ravav', +# '--all --archive --mail {}', [1], [2,3,4,5], qr/Infected: (.+)/m ], +# # NOTE: the command line switches changed with scan engine 8.5 ! +# # (btw, assigning stdin to /dev/null causes RAV to fail) + + ### http://www.nai.com/ + ['NAI McAfee AntiVirus (uvscan)', 'uvscan', + '--secure -rv --mime --summary --noboot - {}', [0], [13], + qr/(?x) Found (?: + \ the\ (.+)\ (?:virus|trojan) | + \ (?:virus|trojan)\ or\ variant\ ([^ ]+) | + :\ (.+)\ NOT\ a\ virus)/m, + # sub {$ENV{LD_PRELOAD}='/lib/libc.so.6'}, + # sub {delete $ENV{LD_PRELOAD}}, + ], + # NOTE1: with RH9: force the dynamic linker to look at /lib/libc.so.6 before + # anything else by setting environment variable LD_PRELOAD=/lib/libc.so.6 + # and then clear it when finished to avoid confusing anything else. + # NOTE2: to treat encrypted files as viruses replace the [13] with: + # qr/^\s{5,}(Found|is password-protected|.*(virus|trojan))/ + + ### http://www.virusbuster.hu/en/ + ['VirusBuster', ['vbuster', 'vbengcl'], + "{} -ss -i '*' -log=$MYHOME/vbuster.log", [0], [1], + qr/: '(.*)' - Virus/m ], + # VirusBuster Ltd. does not support the daemon version for the workstation + # engine (vbuster-eng-1.12-linux-i386-libc6.tgz) any longer. The names of + # binaries, some parameters AND return codes have changed (from 3 to 1). + # See also the new Vexira entry 'vascan' which is possibly related. + +# ### http://www.virusbuster.hu/en/ +# ['VirusBuster (Client + Daemon)', 'vbengd', +# '-f -log scandir {}', [0], [3], +# qr/Virus found = (.*);/m ], +# # HINT: for an infected file it always returns 3, +# # although the man-page tells a different story + + ### http://www.cyber.com/ + ['CyberSoft VFind', 'vfind', + '--vexit {}/*', [0], [23], qr/##==>>>> VIRUS ID: CVDL (.+)/m, + # sub {$ENV{VSTK_HOME}='/usr/lib/vstk'}, + ], + + ### http://www.avast.com/ + ['avast! Antivirus', ['/usr/bin/avastcmd','avastcmd'], + '-a -i -n -t=A {}', [0], [1], qr/\binfected by:\s+([^ \t\n\[\]]+)/m ], + + ### http://www.ikarus-software.com/ + ['Ikarus AntiVirus for Linux', 'ikarus', + '{}', [0], [40], qr/Signature (.+) found/m ], + + ### http://www.bitdefender.com/ + ['BitDefender', 'bdscan', # new version + '--action=ignore --no-list {}', qr/^Infected files\s*:\s*0+(?!\d)/m, + qr/^(?:Infected files|Identified viruses|Suspect files)\s*:\s*0*[1-9]/m, + qr/(?:suspected|infected)\s*:\s*(.*)(?:\033|$)/m ], + + ### http://www.bitdefender.com/ + ['BitDefender', 'bdc', # old version + '--arc --mail {}', qr/^Infected files *:0+(?!\d)/m, + qr/^(?:Infected files|Identified viruses|Suspect files) *:0*[1-9]/m, + qr/(?:suspected|infected): (.*)(?:\033|$)/m ], + # consider also: --all --nowarn --alev=15 --flev=15. The --all argument may + # not apply to your version of bdc, check documentation and see 'bdc --help' + + ### ArcaVir for Linux and Unix http://www.arcabit.pl/ + ['ArcaVir for Linux', ['arcacmd','arcacmd.static'], + '-v 1 -summary 0 -s {}', [0], [1,2], + qr/(?:VIR|WIR):[ \t]*(.+)/m ], + +# ### a generic SMTP-client interface to a SMTP-based virus scanner +# ['av_smtp', \&ask_av_smtp, +# ['{}', 'smtp:[127.0.0.1]:5525', 'dummy@@localhost'], +# qr/^2/, qr/^5/, qr/^\s*(.*?)\s*$/m ], + +# ['File::Scan', sub {Amavis::AV::ask_av(sub{ +# use File::Scan; my($fn)=@@_; +# my($f)=File::Scan->new(max_txt_size=>0, max_bin_size=>0); +# my($vname) = $f->scan($fn); +# $f->error ? (2,"Error: ".$f->error) +# : ($vname ne '') ? (1,"$vname FOUND") : (0,"Clean")}, @@_) }, +# ["{}/*"], [0], [1], qr/^(.*) FOUND$/m ], + +# ### fully-fledged checker for JPEG marker segments of invalid length +# ['check-jpeg', +# sub { use JpegTester (); Amavis::AV::ask_av(\&JpegTester::test_jpeg, @@_) }, +# ["{}/*"], undef, [1], qr/^(bad jpeg: .*)$/m ], +# # NOTE: place file JpegTester.pm somewhere where Perl can find it, +# # for example in /usr/local/lib/perl5/site_perl + +); + + +@@av_scanners_backup = ( + + ### http://www.clamav.net/ - backs up clamd or Mail::ClamAV + ['ClamAV-clamscan', 'clamscan', + "--stdout --no-summary -r --tempdir=$TEMPBASE {}", + [0], qr/:.*\sFOUND$/m, qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ], + +# ### http://www.clamav.net/ - using remote clamd scanner as a backup +# ['ClamAV-clamdscan', 'clamdscan', +# "--stdout --no-summary --config-file=/etc/clamd-client.conf {}", +# [0], qr/:.*\sFOUND$/m, qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ], + +# ['ClamAV-clamd-stream', +# \&ask_daemon, ["*", 'clamd:/var/run/clamav/clamd'], +# qr/\bOK$/m, qr/\bFOUND$/m, +# qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ], + + ### http://www.f-prot.com/ - backs up F-Prot Daemon, V6 + ['F-PROT Antivirus for UNIX', ['fpscan'], + '--report --mount --adware {}', # consider: --applications -s 4 -u 3 -z 10 + [0,8,64], [1,2,3, 4+1,4+2,4+3, 8+1,8+2,8+3, 12+1,12+2,12+3], + qr/^\[Found\s+[^\]]*\]\s+<([^ \t(>]*)/m ], + + ### http://www.f-prot.com/ - backs up F-Prot Daemon (old) + ['FRISK F-Prot Antivirus', ['f-prot','f-prot.sh'], + '-dumb -archive -packed {}', [0,8], [3,6], # or: [0], [3,6,8], + qr/(?:Infection:|security risk named) (.+)|\s+contains\s+(.+)$/m ], + + ### http://www.trendmicro.com/ - backs up Trophie + ['Trend Micro FileScanner', ['/etc/iscan/vscan','vscan'], + '-za -a {}', [0], qr/Found virus/m, qr/Found virus (.+) in/m ], + + ### http://www.sald.com/, http://drweb.imshop.de/ - backs up DrWebD + ['drweb - DrWeb Antivirus', # security LHA hole in Dr.Web 4.33 and earlier + ['/usr/local/drweb/drweb', '/opt/drweb/drweb', 'drweb'], + '-path={} -al -go -ot -cn -upn -ok-', + [0,32], [1,9,33], qr' infected (?:with|by)(?: virus)? (.*)$'m ], + + ### http://www.kaspersky.com/ + ['Kaspersky Antivirus v5.5', + ['/opt/kaspersky/kav4fs/bin/kav4fs-kavscanner', + '/opt/kav/5.5/kav4unix/bin/kavscanner', + '/opt/kav/5.5/kav4mailservers/bin/kavscanner', 'kavscanner'], + '-i0 -xn -xp -mn -R -ePASBME {}/*', [0,10,15], [5,20,21,25], + qr/(?:INFECTED|WARNING|SUSPICION|SUSPICIOUS) (.*)/m, +# sub {chdir('/opt/kav/bin') or die "Can't chdir to kav: $!"}, +# sub {chdir($TEMPBASE) or die "Can't chdir back to $TEMPBASE $!"}, + ], + +# Commented out because the name 'sweep' clashes with Debian and FreeBSD +# package/port of an audio editor. Make sure the correct 'sweep' is found +# in the path when enabling. +# +# ### http://www.sophos.com/ - backs up Sophie or SAVI-Perl +# ['Sophos Anti Virus (sweep)', 'sweep', +# '-nb -f -all -rec -ss -sc -archive -cab -mime -oe -tnef '. +# '--no-reset-atime {}', +# [0,2], qr/Virus .*? found/m, +# qr/^>>> Virus(?: fragment)? '?(.*?)'? found/m, +# ], +# # other options to consider: -idedir=/usr/local/sav + +# Always succeeds and considers mail clean. +# Potentially useful when all other scanners fail and it is desirable +# to let mail continue to flow with no virus checking (when uncommented). +# ['always-clean', sub {0}], + +); + + +1; # insure a defined return value +@ diff --git a/.rcs/group,v b/.rcs/group,v new file mode 100644 index 0000000..12a3d4e --- /dev/null +++ b/.rcs/group,v @@ -0,0 +1,141 @@ +head 1.3; +access; +symbols; +locks; strict; +comment @# @; + + +1.3 +date 2010.12.01.22.28.49; author root; state Exp; +branches; +next 1.2; + +1.2 +date 2010.12.01.22.03.57; author root; state Exp; +branches; +next 1.1; + +1.1 +date 2010.12.01.21.14.09; author root; state Exp; +branches; +next ; + + +desc +@Initialising repository +@ + + +1.3 +log +@Checked in. +@ +text +@root::0:root,frank +bin::1:root,bin,daemon +daemon::2:root,bin,daemon +sys::3:root,bin,adm +adm::4:root,adm,daemon +tty::5:frank,taurec +disk::6:root,adm +lp::7:lp,frank,taurec +mem::8: +kmem::9: +wheel::10:root,frank,taurec,morph +floppy::11:root +mail::12:mail,postfix +news::13:news +uucp::14:uucp +man::15:man +cron:x:16:frank,taurec,morph,patrick,vivi +console::17:frank,taurec +audio::18:frank,taurec +cdrom::19: +dialout::20:root +ftp:x:21: +sshd:x:22: +at:x:25: +tape::26:root +video::27:root,frank,taurec +games:x:35: +named:x:40: +mysql:x:60: +cdrw::80: +apache:x:81: +usb::85: +users::100:games,taurec +postgrey:x:101: +polw:x:102: +teamspeak3:x:103: +nagios:x:104:frank +wireshark:x:105: +lpadmin:x:106: +messagebus:x:110: +rpc:x:111: +locate:x:122:frank,taurec,morph,patrick,vivi +ntp:x:123: +tcpdump:x:196: +ulogd:x:197: +crontab:x:198: +ssmtp:x:199: +nofiles:x:200: +postfix:x:207: +postdrop:x:208: +smmsp:x:209:smmsp +portage::250:portage,frank,taurec +utmp:x:406: +ldap:x:439: +clamav:x:998: +amavis:x:999: +proftpd:x:1008: +vmail:x:1023: +nogroup::65533: +nobody::65534: +@ + + +1.2 +log +@Checked in. +@ +text +@d6 1 +a6 1 +tty::5:frank +d8 1 +a8 1 +lp::7:lp,frank +d11 1 +a11 1 +wheel::10:root,frank +d17 3 +a19 3 +cron:x:16:frank +console::17:frank +audio::18:frank +d26 2 +a27 1 +video::27:root,frank +d33 1 +a33 1 +users::100:games +d37 1 +a37 1 +nagios:x:104: +d42 1 +a42 1 +locate:x:122:frank +d52 1 +a52 1 +portage::250:portage,frank +d58 1 +@ + + +1.1 +log +@Initial revision +@ +text +@d56 1 +@ diff --git a/.rcs/make.conf,v b/.rcs/make.conf,v new file mode 100644 index 0000000..29d13bb --- /dev/null +++ b/.rcs/make.conf,v @@ -0,0 +1,320 @@ +head 1.12; +access; +symbols; +locks; strict; +comment @# @; + + +1.12 +date 2011.12.08.21.02.30; author root; state Exp; +branches; +next 1.11; + +1.11 +date 2011.07.10.23.54.02; author root; state Exp; +branches; +next 1.10; + +1.10 +date 2011.04.05.12.56.57; author root; state Exp; +branches; +next 1.9; + +1.9 +date 2010.12.02.13.04.30; author root; state Exp; +branches; +next 1.8; + +1.8 +date 2010.11.30.16.23.24; author root; state Exp; +branches; +next 1.7; + +1.7 +date 2010.11.29.23.28.22; author root; state Exp; +branches; +next 1.6; + +1.6 +date 2010.11.18.09.24.05; author root; state Exp; +branches; +next 1.5; + +1.5 +date 2010.07.13.20.45.29; author root; state Exp; +branches; +next 1.4; + +1.4 +date 2010.06.29.09.00.42; author root; state Exp; +branches; +next 1.3; + +1.3 +date 2010.06.23.11.39.20; author root; state Exp; +branches; +next 1.2; + +1.2 +date 2010.06.08.12.01.00; author root; state Exp; +branches; +next 1.1; + +1.1 +date 2010.05.29.20.34.38; author root; state Exp; +branches; +next ; + + +desc +@Initial +@ + + +1.12 +log +@Checked in. +@ +text +@# These settings were set by the catalyst build script that automatically +# built this stage. +# Please consult /usr/share/portage/config/make.conf.example for a more +# detailed example. + +CFLAGS="-O2 -pipe -march=opteron" +CXXFLAGS="${CFLAGS}" + +# WARNING: Changing your CHOST is not something that should be done lightly. +# Please consult http://www.gentoo.org/doc/en/change-chost.xml before changing. +CHOST="x86_64-pc-linux-gnu" + +# These are the USE flags that were used in addition to what is provided by the +# profile used for building. +USE="3dnow X acl apache2 audit bash-completion bazaar bzip2 caps cgi cvs curl \ + darcs djvu doc examples expat fam fastcgi fontconfig ftp gd gif git gmp \ + gnutls gpg graphviz gs gsl gtk guile hscolour html icu idn imagemagick imap ipv6 ithreads \ + jadetex java javascript jbig jpeg jpeg2k kerberos lasi ldap libwww lua \ + lzma lzo maildir mailwrapper mercurial mmx mmxext modperl motif mp3 mysql \ + nis odbc ogg openldap pam pch pcre pdf perl pic png php python rar samba sasl \ + session smtp snmp soap spamassassin spell sqlite sqlite3 sse sse2 ssh \ + subversion svg syslog theora tiff tk truetype unicode vhosts vim-syntax \ + vorbis wmf x264 xattr xml xmlrpc xpm xsl xvid zlib" + +I_KNOW_WHAT_I_AM_DOING=yes + +ACCEPT_LICENSE="DOOM3 PUEL RTCW RTCW-ETEULA" + +APACHE2_MODULES="actions alias asis auth_basic auth_digest authn_alias + authn_anon authn_dbd authn_dbm authn_default authn_file + authz_dbm authz_default authz_groupfile authz_host + authz_owner authz_user autoindex cache cern_meta cgi cgid + charset_lite dav dav_fs dav_lock dbd deflate dir disk_cache + dumpio env expires ext_filter file_cache filter headers icu + ident imagemap include info log_config log_forensic logio + mem_cache mime mime_magic negotiation proxy proxy_ajp + proxy_balancer proxy_connect proxy_ftp proxy_http proxy_scgi + reqtimeout rewrite setenvif speling status substitute + unique_id userdir usertrack version vhost_alias " + +#APACHE2_MPMS="-event% -itk% -peruser% -prefork% -worker%" +APACHE2_MPMS="prefork" + +VIDEO_CARDS="intel mach64 r128 radeon savage via svga" + +CONFIG_PROTECT="/var/www/ldap/htdocs/config \ + /var/www/ldap/htdocs/templates \ + /var/www/bautagebuch/htdocs/wp-config.php \ + /var/www/myadmin/htdocs/config.inc.php \ + /var/www/webmail/htdocs/horde/config \ + " +CONFIG_PROTECT_MASK="/etc/init.d" + +PORTAGE_NICENESS=3 + +AUTOCLEAN="yes" + +PORTDIR_OVERLAY="/usr/local/portage" + +#FETCHCOMMAND="/usr/bin/wget -t 5 --passive-ftp -P \${DISTDIR} \${URI}" +#FETCHCOMMAND="mv -v \${DISTDIR}/.old/\${FILE} \${DISTDIR}/" + +FEATURES="parallel-fetch" +#MAKEOPTS="-j3" +EMERGE_DEFAULT_OPTS="--with-bdeps y " + +LINGUAS="de de_AT de_BE de_CH de_DE de_LU en en_AG en_AU en_BW en_CA en_DK en_GB en_HK en_IE en_IN en_NG en_NZ en_PH en_SG en_ZA en_ZW en_US ru_RU ru_UA" + +#GENTOO_MIRRORS="ftp://mirror.netcologne.de/gentoo/ ftp://mirror.muntinternet.net/pub/gentoo/ http://mirror.muntinternet.net/pub/gentoo/ http://gentoo.supp.name/" +GENTOO_MIRRORS="http://mirror.opteamax.de/gentoo/ http://gentoo.mneisen.org/ http://gentoo.mirror.dkm.cz/pub/gentoo/ http://de-mirror.org/gentoo/ http://gentoo.wheel.sk/" + +#PORT_LOGDIR="/var/log/portage" +source /var/lib/layman/make.conf + +@ + + +1.11 +log +@Checked in. +@ +text +@d17 1 +a17 1 + gnutls gpg graphviz gs gsl gtk guile html icu idn imagemagick imap ipv6 ithreads \ +d21 1 +a21 1 + session smtp snmp soap spamassassin spell sqlite sqlite3 sse sse2 \ +d69 2 +a70 1 +GENTOO_MIRRORS="ftp://mirror.netcologne.de/gentoo/ ftp://mirror.muntinternet.net/pub/gentoo/ http://mirror.muntinternet.net/pub/gentoo/ http://gentoo.supp.name/" +@ + + +1.10 +log +@Checked in. +@ +text +@d17 1 +a17 1 + gnutls gpg gs gsl gtk guile html icu idn imagemagick imap ipv6 ithreads \ +d20 1 +a20 1 + nis odbc ogg pam pch pcre pdf perl pic png php python rar samba sasl \ +@ + + +1.9 +log +@Checked in. +@ +text +@d17 7 +a23 6 + gnutls gpg gs gsl gtk guile html icu idn imagemagick imap ipv6 ithreads jadetex java \ + javascript jbig jpeg jpeg2k kerberos lasi ldap libwww lua lzma lzo maildir \ + mailwrapper mercurial mmx mmxext modperl motif mp3 mysql nis odbc ogg pam \ + pch pcre pdf perl pic png php python rar samba sasl session smtp snmp soap spamassassin \ + spell sqlite sqlite3 sse sse2 subversion svg syslog theora tiff tk truetype \ + unicode vhosts vim-syntax vorbis wmf x264 xattr xml xmlrpc xpm xsl xvid zlib" +d29 11 +a39 9 +APACHE2_MODULES="actions alias asis auth_basic auth_digest authn_alias authn_anon authn_dbd + authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile + authz_host authz_owner authz_user autoindex cache cgi cgid charset_lite dav + dav_fs dav_lock dbd deflate dir disk_cache env expires ext_filter file_cache + filter headers icu ident imagemap include info log_config log_forensic logio + mem_cache mime mime_magic negotiation proxy proxy_ajp proxy_balancer + proxy_connect proxy_ftp proxy_http rewrite setenvif speling status + substitute unique_id userdir usertrack vhost_alias " +# -cern_meta -dumpio -version +@ + + +1.8 +log +@Checked in. +@ +text +@d20 1 +a20 1 + pch pcre pdf perl php pic png python rar samba sasl session smtp snmp soap spamassassin \ +a23 3 +USE="3dnow X acl audit bash-completion bazaar bzip2 caps \ + idn mmx mysql perl python sqlite sqlite3 sse sse2 vim-syntax xattr zlib" + +@ + + +1.7 +log +@Checked in. +@ +text +@d15 11 +a25 1 +USE="idn mmx perl python sse sse2" +@ + + +1.6 +log +@Checked in. +@ +text +@d15 1 +a15 8 +USE="3dnow X acl apache2 audit bash-completion bazaar bzip2 caps cgi cvs curl \ + darcs djvu doc examples expat fam fastcgi fontconfig ftp gd gif git gmp \ + gnutls gpg gs gsl gtk guile html icu idn imagemagick imap ipv6 ithreads jadetex java \ + javascript jbig jpeg jpeg2k kerberos lasi ldap libwww lua lzma lzo maildir \ + mailwrapper mercurial mmx mmxext modperl motif mp3 mysql nis odbc ogg pam \ + pch pcre pdf perl php pic png python rar samba sasl session smtp snmp soap spamassassin \ + spell sqlite sqlite3 sse sse2 subversion svg syslog theora tiff tk truetype \ + unicode vhosts vim-syntax vorbis wmf x264 xattr xml xmlrpc xpm xsl xvid zlib" +d61 1 +a61 1 +PORT_LOGDIR="/var/log/portage" +d63 1 +@ + + +1.5 +log +@Checked in. +@ +text +@d20 1 +a20 1 + pch pcre pdf php pic png python rar samba sasl session smtp snmp soap spamassassin \ +@ + + +1.4 +log +@Checked in. +@ +text +@d30 2 +a31 2 + authz_host authz_owner authz_user autoindex cache charset_lite dav dav_fs + dav_lock dbd deflate dir disk_cache env expires ext_filter file_cache +d57 2 +@ + + +1.3 +log +@Checked in. +@ +text +@d17 1 +a17 1 + gnutls gpg gs gsl gtk guile html icu idn imap ipv6 ithreads jadetex java \ +@ + + +1.2 +log +@Checked in. +@ +text +@d15 6 +a20 5 +USE="3dnow X acl apache2 audit bash-completion bzip2 caps cgi curl djvu doc examples expat fam \ + fastcgi fontconfig ftp gd gif git gmp gnutls gpg gs gsl gtk guile html icu idn \ + imap ipv6 ithreads jadetex java javascript jbig jpeg jpeg2k kerberos lasi ldap libwww lua \ + lzma lzo maildir mailwrapper mmx mmxext modperl motif mp3 mysql nis odbc ogg pam \ + pch pcre pdf php pic png python samba sasl session smtp snmp soap spamassassin \ +@ + + +1.1 +log +@Initial revision +@ +text +@d18 1 +a18 1 + lzo maildir mailwrapper mmx mmxext modperl motif mp3 mysql nis odbc ogg pam \ +@ diff --git a/.rcs/make.conf.sarah,v b/.rcs/make.conf.sarah,v new file mode 100644 index 0000000..a375e5b --- /dev/null +++ b/.rcs/make.conf.sarah,v @@ -0,0 +1,608 @@ +head 1.29; +access; +symbols; +locks; strict; +comment @# @; + + +1.29 +date 2010.04.12.08.42.16; author root; state Exp; +branches; +next 1.28; + +1.28 +date 2010.03.03.09.40.27; author root; state Exp; +branches; +next 1.27; + +1.27 +date 2010.02.04.18.02.12; author root; state Exp; +branches; +next 1.26; + +1.26 +date 2009.11.06.15.40.51; author root; state Exp; +branches; +next 1.25; + +1.25 +date 2009.10.27.10.36.10; author root; state Exp; +branches; +next 1.24; + +1.24 +date 2009.09.15.09.50.26; author root; state Exp; +branches; +next 1.23; + +1.23 +date 2009.07.13.08.48.31; author root; state Exp; +branches; +next 1.22; + +1.22 +date 2009.07.13.08.21.47; author root; state Exp; +branches; +next 1.21; + +1.21 +date 2009.06.15.09.46.43; author root; state Exp; +branches; +next 1.20; + +1.20 +date 2009.05.20.14.56.48; author root; state Exp; +branches; +next 1.19; + +1.19 +date 2009.03.30.21.09.00; author root; state Exp; +branches; +next 1.18; + +1.18 +date 2009.03.16.15.52.36; author root; state Exp; +branches; +next 1.17; + +1.17 +date 2009.02.09.09.54.34; author root; state Exp; +branches; +next 1.16; + +1.16 +date 2008.12.15.09.47.19; author root; state Exp; +branches; +next 1.15; + +1.15 +date 2008.12.08.09.26.17; author root; state Exp; +branches; +next 1.14; + +1.14 +date 2008.10.06.10.16.34; author root; state Exp; +branches; +next 1.13; + +1.13 +date 2008.08.14.19.55.22; author root; state Exp; +branches; +next 1.12; + +1.12 +date 2008.08.04.07.27.22; author root; state Exp; +branches; +next 1.11; + +1.11 +date 2008.07.10.09.16.43; author root; state Exp; +branches; +next 1.10; + +1.10 +date 2008.06.10.14.50.28; author root; state Exp; +branches; +next 1.9; + +1.9 +date 2008.06.10.13.42.07; author root; state Exp; +branches; +next 1.8; + +1.8 +date 2008.03.12.17.05.09; author root; state Exp; +branches; +next 1.7; + +1.7 +date 2008.02.11.08.51.40; author root; state Exp; +branches; +next 1.6; + +1.6 +date 2008.02.04.09.59.35; author root; state Exp; +branches; +next 1.5; + +1.5 +date 2008.01.09.10.00.27; author root; state Exp; +branches; +next 1.4; + +1.4 +date 2007.12.17.08.57.22; author root; state Exp; +branches; +next 1.3; + +1.3 +date 2007.11.19.10.32.09; author root; state Exp; +branches; +next 1.2; + +1.2 +date 2007.10.18.09.26.58; author root; state Exp; +branches; +next 1.1; + +1.1 +date 2007.08.07.10.41.04; author root; state Exp; +branches; +next ; + + +desc +@Initial +@ + + +1.29 +log +@Checked in. +@ +text +@# These settings were set by the catalyst build script that automatically built this stage +# Please consult /etc/make.conf.example for a more detailed example + +# +# $Header: /etc/make.conf,v 1.28 2010/03/03 09:40:27 root Exp $ +# + +CFLAGS="-O2 -march=i686 -pipe -march=athlon" +CHOST="i686-pc-linux-gnu" +CXXFLAGS="${CFLAGS}" + +I_KNOW_WHAT_I_AM_DOING=yes + +ACCEPT_LICENSE="DOOM3 PUEL RTCW RTCW-ETEULA" + +SYNC="rsync://rsync.europe.gentoo.org/gentoo-portage" + +USE="3dnow X acl apache2 audit bash-completion bzip2 caps cgi curl djvu doc examples expat fam + fastcgi fontconfig ftp gd gif git gmp gnome-keyring gnutls gpg gs gsl gtk guile hal html icu idn + imap ipv6 ithreads jadetex java javascript jbig jpeg jpeg2k kerberos lasi ldap libwww lua + lzo maildir mailwrapper mbox mmx mmxext modperl motif mp3 mysql nis nptl odbc ogg pam + pch pcre pdf php pic png pop python ruby samba sasl session slp smtp snmp soap spamassassin + spell sqlite sqlite3 sse subversion svg syslog tcl theora threads tiff tk truetype + unicode usb vhosts vim-syntax vorbis wmf x264 xattr xml xmlrpc xpm xsl xvid zlib" +# ithreads + +APACHE2_MODULES="actions alias asis auth_basic auth_digest authn_alias authn_anon authn_dbd + authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile + authz_host authz_owner authz_user autoindex cache charset_lite dav dav_fs + dav_lock dbd deflate dir disk_cache env expires ext_filter file_cache + filter headers icu ident imagemap include info log_config log_forensic logio + mem_cache mime mime_magic negotiation proxy proxy_ajp proxy_balancer + proxy_connect proxy_ftp proxy_http rewrite setenvif speling status + substitute unique_id userdir usertrack vhost_alias " +# -cern_meta -dumpio -version + +#APACHE2_MPMS="-event% -itk% -peruser% -prefork% -worker%" +APACHE2_MPMS="prefork" + +VIDEO_CARDS="intel mach64 r128 radeon savage via svga" + +CONFIG_PROTECT="/var/www/ldap/htdocs/config /var/www/ldap/htdocs/templates" +CONFIG_PROTECT_MASK="/etc/init.d" + +PORTAGE_NICENESS=3 + +PORT_LOGDIR="/var/log/portage" + +AUTOCLEAN="yes" +PORTAGE_ELOG_CLASSES="info warn error log" +PORTAGE_ELOG_SYSTEM="save mail" +PORTAGE_ELOG_MAILURI="frank@@brehm-online.com localhost" +PORTAGE_ELOG_MAILFROM="portage@@brehm-online.com" + +PORTDIR_OVERLAY="/usr/local/portage" +FEATURES="parallel-fetch" +#MAKEOPTS="-j3" +EMERGE_DEFAULT_OPTS="--with-bdeps y " + +LINGUAS="de en en_GB en_US" + +#FETCHCOMMAND="mv -v \${DISTDIR}/.old/\${FILE} \${DISTDIR}/" + +# GENTOO_MIRRORS="ftp://ftp-stud.fht-esslingen.de/pub/Mirrors/gentoo/ http://ftp-stud.fht-esslingen.de/pub/Mirrors/gentoo/ http://ftp.lug.ro/gentoo/ http://ftp.du.se/pub/os/gentoo" +#GENTOO_MIRRORS="http://linux.rz.ruhr-uni-bochum.de/download/gentoo-mirror/ http://ftp.snt.utwente.nl/pub/os/linux/gentoo http://mirrors.sec.informatik.tu-darmstadt.de/gentoo/ http://pandemonium.tiscali.de/pub/gentoo/" +GENTOO_MIRRORS="ftp://mirror.netcologne.de/gentoo/ ftp://mirror.muntinternet.net/pub/gentoo/ http://mirror.muntinternet.net/pub/gentoo/ http://gentoo.supp.name/" + +source /var/lib/layman/make.conf + +@ + + +1.28 +log +@Checked in. +@ +text +@d5 1 +a5 1 +# $Header: /etc/make.conf,v 1.27 2010/02/04 18:02:12 root Exp $ +d40 2 +@ + + +1.27 +log +@Checked in. +@ +text +@d5 1 +a5 1 +# $Header: /etc/make.conf,v 1.26 2009/11/06 15:40:51 root Exp $ +d66 1 +a66 1 +source /usr/portage/local/layman/make.conf +@ + + +1.26 +log +@Checked in. +@ +text +@d5 1 +a5 1 +# $Header: /etc/make.conf,v 1.25 2009/10/27 10:36:10 root Exp $ +d8 1 +a8 1 +CFLAGS="-O3 -march=i686 -pipe -march=athlon" +d25 1 +@ + + +1.25 +log +@Checked in. +@ +text +@d5 1 +a5 1 +# $Header: /etc/make.conf,v 1.24 2009/09/15 09:50:26 root Exp $ +d19 1 +a19 1 + fastcgi fontconfig ftp gd gif git gmp gnome-keyring gnutls gpg gs gsl gtk guile hal html idn +d23 1 +a23 1 + spell sqlite sqlite3 sse subversion svg tcl theora threads tiff tk truetype +@ + + +1.24 +log +@Checked in. +@ +text +@d5 1 +a5 1 +# $Header: /etc/make.conf,v 1.23 2009/07/13 08:48:31 root Exp $ +d14 2 +@ + + +1.23 +log +@Checked in. +@ +text +@d5 1 +a5 1 +# $Header: $ +d18 1 +a18 1 + imap ipv6 ithreads jadetex java javascript jbig jpeg jpeg2k kerberos ldap libwww lua +@ + + +1.22 +log +@Checked in. +@ +text +@d4 4 +@ + + +1.21 +log +@Checked in. +@ +text +@d13 2 +a14 2 + fastcgi fontconfig ftp gd gif git gmp gnome-keyring gnutls gpg gs gsl gtk guile hal html idn imap + ipv6 ithreads jadetex java javascript jbig jpeg jpeg2k kerberos ldap libwww lua +@ + + +1.20 +log +@Checked in. +@ +text +@d13 1 +a13 1 + fastcgi fontconfig ftp gd gif git gmp gnutls gpg gs gsl gtk guile hal html idn imap +@ + + +1.19 +log +@Checked in. +@ +text +@d13 1 +a13 1 + fastcgi fontconfig ftp gd gif git gmp gnutls gpg gs gsl gtk guile hal html idn +d16 1 +a16 1 + pch pcre pdf php pic png python ruby samba sasl session slp snmp soap spamassassin +@ + + +1.18 +log +@Checked in. +@ +text +@d56 2 +a57 1 +GENTOO_MIRRORS="http://linux.rz.ruhr-uni-bochum.de/download/gentoo-mirror/ http://ftp.snt.utwente.nl/pub/os/linux/gentoo http://mirrors.sec.informatik.tu-darmstadt.de/gentoo/ http://pandemonium.tiscali.de/pub/gentoo/" +@ + + +1.17 +log +@Checked in. +@ +text +@d17 1 +a17 1 + spell sqlite sqlite3 sse sse2 subversion svg tcl theora threads tiff tk truetype +@ + + +1.16 +log +@Checked in. +@ +text +@d12 1 +a12 1 +USE="X acl apache2 bash-completion bzip2 caps cgi curl djvu doc examples expat fam +d15 1 +a15 1 + lzo maildir mailwrapper mbox mmx mmxext modperl motif mp3 mysql nis nptl odbc pam +@ + + +1.15 +log +@Checked in. +@ +text +@d15 1 +a15 1 + lzo maildir mailwrapper mbox mmx modperl motif mysql nis nptl odbc pam +d17 2 +a18 2 + spell sqlite sqlite3 sse sse2 subversion svg tcl threads tiff tk truetype + unicode usb vhosts vim-syntax wmf xattr xml xmlrpc xpm xsl zlib" +d28 1 +a28 1 +# -cern_meta -dumpio -version +@ + + +1.14 +log +@Checked in. +@ +text +@d16 1 +a16 1 + pch pcre pdf php pic png python ruby samba sasl session slp snmp soap +@ + + +1.13 +log +@Checked in. +@ +text +@d14 1 +a14 1 + ipv6 ithreads java javascript jbig jpeg jpeg2k kerberos ldap libwww lua +@ + + +1.12 +log +@Checked in. +@ +text +@d12 2 +a13 2 +USE="X acl apache2 bash-completion bzip2 caps curl djvu doc examples expat fam + fastcgi fontconfig ftp gd gif gmp gnutls gs gsl gtk guile hal html idn +d17 2 +a18 2 + spell sqlite sqlite3 sse sse2 svg tcl threads tiff tk truetype unicode + usb vhosts vim-syntax wmf xattr xml xmlrpc xpm xsl zlib" +@ + + +1.11 +log +@Checked in. +@ +text +@d12 7 +a18 7 +USE="X acl apache2 bash-completion bzip2 caps curl djvu doc examples expat fam fastcgi fontconfig ftp + gd gif gmp gnutls gs gsl gtk guile hal html idn ipv6 ithreads java javascript jbig jpeg jpeg2k + kerberos ldap libwww lzo lua maildir mailwrapper mbox mmx modperl motif mysql nis + nptl odbc pam pch pcre pdf php pic + png python ruby samba sasl session slp snmp soap sqlite sqlite3 spell sse sse2 svg tcl + threads tk tiff truetype unicode usb vim-syntax vhosts wmf xattr xml xmlrpc xpm + xsl zlib" +@ + + +1.10 +log +@Checked in. +@ +text +@d8 2 +@ + + +1.9 +log +@Checked in. +@ +text +@d11 1 +a11 1 + gd gif gmp gnutls gs gsl gtk guile hal html idn ipv6 ithreads java javascript jbig jpeg +d25 1 +a25 1 + unique_id userdir usertrack vhost_alias " +@ + + +1.8 +log +@Checked in. +@ +text +@d8 2 +@ + + +1.7 +log +@Checked in. +@ +text +@d9 1 +a9 1 + gd gif gmp gnutls gs gtk guile hal html idn ipv6 ithreads java javascript jbig jpeg +@ + + +1.6 +log +@Checked in. +@ +text +@d8 1 +a8 1 +USE="X acl apache2 bash-completion bzip2 caps curl doc examples expat fam fastcgi ftp +d12 1 +a12 1 + png python ruby samba sasl session slp snmp soap sqlite sqlite3 spell sse sse2 tcl +@ + + +1.5 +log +@Checked in. +@ +text +@d20 1 +a20 1 + filter headers ident imagemap include info log_config log_forensic logio +@ + + +1.4 +log +@Checked in. +@ +text +@d9 2 +a10 2 + gd gif gmp gnutls gs gtk hal html idn ipv6 ithreads java javascript jbig jpeg + kerberos ldap libwww lua maildir mailwrapper mbox mmx modperl motif mysql nis +d12 1 +a12 1 + png python samba sasl session slp snmp soap sqlite sqlite3 spell sse sse2 tcl +d16 13 +@ + + +1.3 +log +@Checked in. +@ +text +@d9 3 +a11 2 + gd gif gmp gnutls gs gtk html idn ipv6 ithreads java javascript jbig jpeg + kerberos ldap lua mailwrapper mbox mmx modperl motif mysql nis nptl odbc pam pcre pdf php pic +d16 1 +@ + + +1.2 +log +@Checked in. +@ +text +@d10 1 +a10 1 + kerberos ldap lua mbox mmx modperl motif mysql nis nptl odbc pam pcre pdf php pic +d12 1 +a12 1 + threads tk tiff truetype unicode usb vhosts wmf xattr xml xmlrpc xpm +@ + + +1.1 +log +@Initial revision +@ +text +@d8 6 +a13 14 +USE="X acl acpi aio apache2 authdaemond bash-completion bcmath bind-mysql + bzip2 bzlib calendar caps cddb cgi cli cpdflib cscope ctype curl + curlwrappers dba dbase dbus dga dio diskio dlz doc elf epydoc examples exif + expat extraengine fam ffmpeg flatfile fontconfig ftp gcj gd gd-external gif gmp + gnutls gs gtk hash iconv idea idn imap inifile innodb ipv6 ithreads java + javascript jbig jpeg kerberos ldap ldap-sasl lm_sensors lua lzw mbox mdb + memlimit mfd-rewrites mhash mime ming mmx mpeg mpg modperl motif mudflap + multiuser mysql mysqli net nis nptl oav objc objc++ objc-gc odbc openssl + pad pam pcntl pcre pdf pdo-external pear perlsuid php pic png posix python + qt3support quotas rle rpc samba sasl search sendmail session shaper sharedext + sharedmem simplexml slp smux snmp soap sqlite sockets spell spl sse sse2 + suhosin syslog sysvipc tcl threads tk tidy tiff tokenizer truetype + unicode usb vda vim-with-x vhosts wddx wmf xattr xml xmlreader xmlrpc xmlwriter + xpm xsl yaz zip zlib" +d34 2 +@ diff --git a/.rcs/mdadm.conf,v b/.rcs/mdadm.conf,v new file mode 100644 index 0000000..66d436b --- /dev/null +++ b/.rcs/mdadm.conf,v @@ -0,0 +1,96 @@ +head 1.2; +access; +symbols; +locks; strict; +comment @# @; + + +1.2 +date 2010.05.26.21.14.42; author root; state Exp; +branches; +next 1.1; + +1.1 +date 2010.05.25.14.58.11; author root; state Exp; +branches; +next ; + + +desc +@Initial +@ + + +1.2 +log +@Checked in. +@ +text +@# mdadm configuration file +# +# mdadm will function properly without the use of a configuration file, +# but this file is useful for keeping track of arrays and member disks. +# In general, a mdadm.conf file is created, and updated, after arrays +# are created. This is the opposite behavior of /etc/raidtab which is +# created prior to array construction. +# +# +# the config file takes two types of lines: +# +# DEVICE lines specify a list of devices of where to look for +# potential member disks +# +# ARRAY lines specify information about how to identify arrays so +# so that they can be activated +# +# You can have more than one device line and use wild cards. The first +# example includes SCSI the first partition of SCSI disks /dev/sdb, +# /dev/sdc, /dev/sdd, /dev/sdj, /dev/sdk, and /dev/sdl. The second +# line looks for array slices on IDE disks. +# +#DEVICE /dev/sd[bcdjkl]1 +#DEVICE /dev/hda1 /dev/hdb1 +# +# If you mount devfs on /dev, then a suitable way to list all devices is: +#DEVICE /dev/discs/*/* +# +# +# +# ARRAY lines specify an array to assemble and a method of identification. +# Arrays can currently be identified by using a UUID, superblock minor number, +# or a listing of devices. +# +# super-minor is usually the minor number of the metadevice +# UUID is the Universally Unique Identifier for the array +# Each can be obtained using +# +# mdadm -D +# +#ARRAY /dev/md0 UUID=3aaa0122:29827cfa:5331ad66:ca767371 +#ARRAY /dev/md1 super-minor=1 +#ARRAY /dev/md2 devices=/dev/hda1,/dev/hdb1 +# +# ARRAY lines can also specify a "spare-group" for each array. mdadm --monitor +# will then move a spare between arrays in a spare-group if one array has a failed +# drive but no spare +#ARRAY /dev/md4 uuid=b23f3c6d:aec43a9f:fd65db85:369432df spare-group=group1 +#ARRAY /dev/md5 uuid=19464854:03f71b1b:e0df2edd:246cc977 spare-group=group1 +# +# When used in --follow (aka --monitor) mode, mdadm needs a +# mail address and/or a program. This can be given with "mailaddr" +# and "program" lines to that monitoring can be started using +# mdadm --follow --scan & echo $! > /var/run/mdadm +# If the lines are not found, mdadm will exit quietly +#MAILADDR root@@mydomain.tld +MAILADDR frank@@brehm-online.com +#PROGRAM /usr/sbin/handle-mdadm-events +@ + + +1.1 +log +@Initial revision +@ +text +@d57 1 +@ diff --git a/.rcs/ntp.conf,v b/.rcs/ntp.conf,v new file mode 100644 index 0000000..98c9aef --- /dev/null +++ b/.rcs/ntp.conf,v @@ -0,0 +1,97 @@ +head 1.2; +access; +symbols; +locks; strict; +comment @# @; + + +1.2 +date 2010.05.26.21.08.58; author root; state Exp; +branches; +next 1.1; + +1.1 +date 2010.05.26.14.45.15; author root; state Exp; +branches; +next ; + + +desc +@Initial +@ + + +1.2 +log +@Checked in. +@ +text +@# NOTES: +# DHCP clients can append or replace NTP configuration files. +# You should consult your DHCP client documentation about its +# default behaviour and how to change it. + +# Name of the servers ntpd should sync with +# Please respect the access policy as stated by the responsible person. +#server ntp.example.tld iburst + +# Common pool for random people +#server pool.ntp.org + +# Pools for Gentoo users +server 0.gentoo.pool.ntp.org +server 1.gentoo.pool.ntp.org +server 2.gentoo.pool.ntp.org +server 3.gentoo.pool.ntp.org + +## +# A list of available servers can be found here: +# http://www.pool.ntp.org/ +# http://www.pool.ntp.org/#use +# A good way to get servers for your machine is: +# netselect -s 3 pool.ntp.org +## + +# you should not need to modify the following paths +driftfile /var/lib/ntp/ntp.drift + +logfile /var/log/ntp + +statsdir /var/log/ntpstats/ +filegen loopstats file loopstats type day enable +filegen peerstats file peerstats type day enable +filegen clockstats file clockstats type day enable + +#server ntplocal.example.com prefer +#server timeserver.example.org + +# Warning: Using default NTP settings will leave your NTP +# server accessible to all hosts on the Internet. + +# If you want to deny all machines (including your own) +# from accessing the NTP server, uncomment: +#restrict default ignore + + +# To deny other machines from changing the +# configuration but allow localhost: +restrict default nomodify nopeer +restrict 127.0.0.1 + + +# To allow machines within your network to synchronize +# their clocks with your server, but ensure they are +# not allowed to configure the server or used as peers +# to synchronize against, uncomment this line. +# +#restrict 192.168.0.0 mask 255.255.255.0 nomodify nopeer notrap +@ + + +1.1 +log +@Initial revision +@ +text +@d30 7 +@ diff --git a/.rcs/passwd,v b/.rcs/passwd,v new file mode 100644 index 0000000..c678c10 --- /dev/null +++ b/.rcs/passwd,v @@ -0,0 +1,131 @@ +head 1.3; +access; +symbols; +locks; strict; +comment @# @; + + +1.3 +date 2010.12.01.22.06.55; author root; state Exp; +branches; +next 1.2; + +1.2 +date 2010.12.01.21.18.58; author root; state Exp; +branches; +next 1.1; + +1.1 +date 2010.12.01.18.53.27; author root; state Exp; +branches; +next ; + + +desc +@Initialising repository +@ + + +1.3 +log +@Checked in. +@ +text +@root:x:0:0:root Helga:/root:/bin/bash +bin:x:1:1:bin:/bin:/bin/false +daemon:x:2:2:daemon:/sbin:/bin/false +adm:x:3:4:adm:/var/adm:/bin/false +lp:x:4:7:lp:/var/spool/lpd:/bin/false +sync:x:5:0:sync:/sbin:/bin/sync +shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown +halt:x:7:0:halt:/sbin:/sbin/halt +mail:x:8:12:mail:/var/spool/mail:/bin/false +news:x:9:13:news:/usr/lib/news:/bin/false +uucp:x:10:14:uucp:/var/spool/uucppublic:/bin/false +operator:x:11:0:operator:/root:/bin/bash +man:x:13:15:man:/usr/share/man:/bin/false +postmaster:x:14:12:postmaster:/var/spool/mail:/bin/false +cron:x:16:16:added by portage for cronbase:/var/spool/cron:/sbin/nologin +ftp:x:21:21:added by portage for ftpbase:/home/ftp:/sbin/nologin +sshd:x:22:22:added by portage for openssh:/var/empty:/sbin/nologin +at:x:25:25:added by portage for at:/var/spool/at/atjobs:/sbin/nologin +games:x:36:35:added by portage for enemy-territory:/usr/games:/bin/bash +named:x:40:40:added by portage for bind:/etc/bind:/sbin/nologin +mysql:x:60:60:added by portage for mysql:/dev/null:/sbin/nologin +apache:x:81:81:added by portage for apache:/var/www:/sbin/nologin +ulogd:x:101:197:added by portage for ulogd:/var/log/ulogd:/sbin/nologin +tcpdump:x:102:196:added by portage for tcpdump:/dev/null:/sbin/nologin +messagebus:x:103:110:added by portage for dbus:/dev/null:/sbin/nologin +nagios:x:104:104:added by portage for nagios-plugins-snmp:/var/nagios/home:/bin/bash +teamspeak3:x:105:103:added by portage for teamspeak-server-bin:/dev/null:/sbin/nologin +polw:x:106:102:added by portage for policyd-weight:/dev/null:/sbin/nologin +postgrey:x:107:101:added by portage for postgrey:/dev/null:/sbin/nologin +amavis:x:108:999:added by portage for amavisd-new:/var/amavis:/sbin/nologin +clamav:x:109:998:added by portage for clamav:/dev/null:/sbin/nologin +proftpd:x:110:1008:added by portage for proftpd:/dev/null:/sbin/nologin +rpc:x:111:111:added by portage for portmap:/dev/null:/sbin/nologin +ntp:x:123:123:added by portage for ntp:/dev/null:/sbin/nologin +postfix:x:207:207:added by portage for postfix:/var/spool/postfix:/sbin/nologin +smmsp:x:209:209:smmsp:/var/spool/mqueue:/bin/false +portage:x:250:250:portage:/var/tmp/portage:/bin/false +ldap:x:439:439:added by portage for openldap:/usr/lib64/openldap:/sbin/nologin +nobody:x:65534:65534:nobody:/:/bin/false +taurec:x:1000:100:Jörn Valentin:/home/taurec:/bin/bash +morph:x:1001:100:Daniel Wendler:/home/morph:/bin/bash +patrick:x:1004:100:Patrick Hennig:/home/patrick:/bin/bash +vivi:x:1006:100:Vivien Winkler:/home/vivi:/bin/bash +frank:x:1017:100:Frank Brehm:/home/frank:/bin/bash +doris:x:1019:100:Doris Hennig:/home/doris:/bin/bash +davis:x:1020:100:Davis Winkler:/home/davis:/bin/bash +thomas:x:1021:100:Thomas Schmidt:/home/thomas:/bin/bash +vmail:x:1023:1023:Virtual Mailuser:/home/vmail:/bin/false +alfred:x:1024:100:Alfred Haberkorn:/home/alfred:/bin/bash +steffen:x:1025:100:Steffen Brehm:/home/steffen:/bin/bash +heiko:x:1029:100:Heiko Hennig:/home/heiko:/bin/bash +@ + + +1.2 +log +@Checked in. +@ +text +@d19 1 +d32 1 +d36 1 +d40 4 +d45 7 +@ + + +1.1 +log +@Initial revision +@ +text +@d1 1 +a1 1 +root:x:0:0:root:/root:/bin/bash +d15 2 +a16 2 +portage:x:250:250:portage:/var/tmp/portage:/bin/false +nobody:x:65534:65534:nobody:/:/bin/false +d18 1 +a18 1 +cron:x:16:16:added by portage for cronbase:/var/spool/cron:/sbin/nologin +d20 2 +a21 1 +at:x:25:25:added by portage for at:/var/spool/at/atjobs:/sbin/nologin +a23 5 +ntp:x:123:123:added by portage for ntp:/dev/null:/sbin/nologin +frank:x:1017:100:Frank Brehm:/home/frank:/bin/bash +ldap:x:439:439:added by portage for openldap:/usr/lib64/openldap:/sbin/nologin +mysql:x:60:60:added by portage for mysql:/dev/null:/sbin/nologin +rpc:x:111:111:added by portage for portmap:/dev/null:/sbin/nologin +a24 2 +apache:x:81:81:added by portage for apache:/var/www:/sbin/nologin +ftp:x:21:21:added by portage for ftpbase:/home/ftp:/sbin/nologin +a26 1 +postfix:x:207:207:added by portage for postfix:/var/spool/postfix:/sbin/nologin +d31 7 +@ diff --git a/.rcs/policyd-weight.conf,v b/.rcs/policyd-weight.conf,v new file mode 100644 index 0000000..e13d82c --- /dev/null +++ b/.rcs/policyd-weight.conf,v @@ -0,0 +1,284 @@ +head 1.1; +access; +symbols; +locks; strict; +comment @# @; + + +1.1 +date 2010.05.26.13.07.36; author root; state Exp; +branches; +next ; + + +desc +@Initial +@ + + +1.1 +log +@Initial revision +@ +text +@# ---------------------------------------------------------------- +# policyd-weight configuration (defaults) Version 0.1.14 beta-17 +# ---------------------------------------------------------------- + + + $DEBUG = 0; # 1 or 0 - don't comment + + $REJECTMSG = "550 Mail appeared to be SPAM or forged. Ask your Mail/DNS-Administrator to correct HELO and DNS MX settings or to get removed from DNSBLs"; + + $REJECTLEVEL = 1; # Mails with scores which exceed this + # REJECTLEVEL will be rejected + + $DEFER_STRING = 'IN_SPAMCOP= BOGUS_MX='; + # A space separated case-sensitive list of + # strings on which if found in the $RET + # logging-string policyd-weight changes + # its action to $DEFER_ACTION in case + # of rejects. + # USE WITH CAUTION! + # DEFAULT: "IN_SPAMCOP= BOGUS_MX=" + + + $DEFER_ACTION = '450'; # Possible values: DEFER_IF_PERMIT, + # DEFER_IF_REJECT, + # 4xx response codes. See also access(5) + # DEFAULT: 450 + + $DEFER_LEVEL = 5; # DEFER mail only up to this level + # scores greater than DEFER_LEVEL will be + # rejected + # DEFAULT: 5 + + $DNSERRMSG = '450 No DNS entries for your MTA, HELO and Domain. Contact YOUR administrator'; + + $dnsbl_checks_only = 0; # 1: ON, 0: OFF (default) + # If ON request that ALL clients are only + # checked against RBLs + + @@dnsbl_checks_only_regexps = ( + # qr/[^.]*(exch|smtp|mx|mail).*\..*\../, + # qr/yahoo.com$/ +); # specify a comma-separated list of regexps + # for client hostnames which shall only + # be RBL checked. This does not work for + # postfix' "unknown" clients. + # The usage of this should not be the norm + # and is a tool for people which like to + # shoot in their own foot. + # DEFAULT: empty + + + $LOG_BAD_RBL_ONLY = 1; # 1: ON (default), 0: OFF + # When set to ON it logs only RBLs which + # affect scoring (positive or negative) + +## DNSBL settings + @@dnsbl_score = ( +# HOST, HIT SCORE, MISS SCORE, LOG NAME + 'pbl.spamhaus.org', 3.25, 0, 'DYN_PBL_SPAMHAUS', + 'sbl-xbl.spamhaus.org', 4.35, -1.5, 'SBL_XBL_SPAMHAUS', + 'bl.spamcop.net', 3.75, -1.5, 'SPAMCOP', + 'dnsbl.njabl.org', 4.25, -1.5, 'BL_NJABL', + 'list.dsbl.org', 4.35, 0, 'DSBL_ORG', + 'ix.dnsbl.manitu.net', 4.35, 0, 'IX_MANITU' +); + + $MAXDNSBLHITS = 2; # If Client IP is listed in MORE + # DNSBLS than this var, it gets + # REJECTed immediately + + $MAXDNSBLSCORE = 8; # alternatively, if the score of + # DNSBLs is ABOVE this + # level, reject immediately + + $MAXDNSBLMSG = '550 Your MTA is listed in too many DNSBLs'; + +## RHSBL settings + @@rhsbl_score = ( + 'multi.surbl.org', 4, 0, 'SURBL', + 'rhsbl.ahbl.org', 4, 0, 'AHBL', + 'dsn.rfc-ignorant.org', 3.5, 0, 'DSN_RFCI', + 'postmaster.rfc-ignorant.org', 0.1, 0, 'PM_RFCI', + 'abuse.rfc-ignorant.org', 0.1, 0, 'ABUSE_RFCI' +); + + $BL_ERROR_SKIP = 2; # skip a RBL if this RBL had this many continuous + # errors + + $BL_SKIP_RELEASE = 10; # skip a RBL for that many times + +## cache stuff + $LOCKPATH = '/var/run/policyd-weight/'; # must be a directory (add + # trailing slash) + + $SPATH = $LOCKPATH.'/polw.sock'; # socket path for the cache + # daemon. + + $MAXIDLECACHE = 60; # how many seconds the cache may be idle + # before starting maintenance routines + # NOTE: standard maintenance jobs happen + # regardless of this setting. + + $MAINTENANCE_LEVEL = 5; # after this number of requests do following + # maintenance jobs: + # checking for config changes + +# negative (i.e. SPAM) result cache settings ################################## + + $CACHESIZE = 2000; # set to 0 to disable caching for spam results. + # To this level the cache will be cleaned. + + $CACHEMAXSIZE = 4000; # at this number of entries cleanup takes place + + $CACHEREJECTMSG = '550 temporarily blocked because of previous errors'; + + $NTTL = 1; # after NTTL retries the cache entry is deleted + + $NTIME = 30; # client MUST NOT retry within this seconds in order + # to decrease TTL counter + + +# positve (i.,e. HAM) result cache settings ################################### + + $POSCACHESIZE = 1000; # set to 0 to disable caching of HAM. To this number + # of entries the cache will be cleaned + + $POSCACHEMAXSIZE = 2000; # at this number of entries cleanup takes place + + $POSCACHEMSG = 'using cached result'; + + $PTTL = 60; # after PTTL requests the HAM entry must + # succeed one time the RBL checks again + + $PTIME = '3h'; # after $PTIME in HAM Cache the client + # must pass one time the RBL checks again. + # Values must be nonfractal. Accepted + # time-units: s, m, h, d + + $TEMP_PTIME = '1d'; # The client must pass this time the RBL + # checks in order to be listed as hard-HAM + # After this time the client will pass + # immediately for PTTL within PTIME + + +## DNS settings + $DNS_RETRIES = 2; # Retries for ONE DNS-Lookup + + $DNS_RETRY_IVAL = 2; # Retry-interval for ONE DNS-Lookup + + $MAXDNSERR = 3; # max error count for unresponded queries + # in a complete policy query + + $MAXDNSERRMSG = 'passed - too many local DNS-errors'; + + $PUDP = 0; # persistent udp connection for DNS queries. + # broken in Net::DNS version 0.51. Works with + # Net::DNS 0.53; DEFAULT: off + + $USE_NET_DNS = 0; # Force the usage of Net::DNS for RBL lookups. + # Normally policyd-weight tries to use a faster + # RBL lookup routine instead of Net::DNS + + + $NS = ''; # A list of space separated NS IPs + # This overrides resolv.conf settings + # Example: $NS = '1.2.3.4 1.2.3.5'; + # DEFAULT: empty + + + $IPC_TIMEOUT = 2; # timeout for receiving from cache instance + + $TRY_BALANCE = 0; # If set to 1 policyd-weight closes connections + # to smtpd clients in order to avoid too many + # established connections to one policyd-weight + # child + +# scores for checks, WARNING: they may manipulate eachother +# or be factors for other scores. +# HIT score, MISS Score + @@client_ip_eq_helo_score = (1.5, -1.25 ); + @@helo_score = (1.5, -2 ); + @@helo_from_mx_eq_ip_score = (1.5, -3.1 ); + @@helo_numeric_score = (2.5, 0 ); + @@from_match_regex_verified_helo = (1, -2 ); + @@from_match_regex_unverified_helo = (1.6, -1.5 ); + @@from_match_regex_failed_helo = (2.5, 0 ); + @@helo_seems_dialup = (1.5, 0 ); + @@failed_helo_seems_dialup = (2, 0 ); + @@helo_ip_in_client_subnet = (0, -1.2 ); + @@helo_ip_in_cl16_subnet = (0, -0.41 ); + @@client_seems_dialup_score = (3.75, 0 ); + @@from_multiparted = (1.09, 0 ); + @@from_anon = (1.17, 0 ); + @@bogus_mx_score = (2.1, 0 ); + @@random_sender_score = (0.25, 0 ); + @@rhsbl_penalty_score = (3.1, 0 ); + @@enforce_dyndns_score = (3, 0 ); + + + $VERBOSE = 0; + + $ADD_X_HEADER = 1; # Switch on or off an additional + # X-policyd-weight: header + # DEFAULT: on + + + $DEFAULT_RESPONSE = 'DUNNO default'; # Fallback response in case + # the weighted check didn't + # return any response (should never + # appear). + + + +# +# Syslogging options for verbose mode and for fatal errors. +# NOTE: comment out the $syslog_socktype line if syslogging does not +# work on your system. +# + + $syslog_socktype = 'unix'; # inet, unix, stream, console + + $syslog_facility = "mail"; + $syslog_options = "pid"; + $syslog_priority = "info"; + $syslog_ident = "postfix/policyd-weight"; + + +# +# Process Options +# + $USER = "polw"; # User must be a username, no UID + + $GROUP = ""; # specify GROUP if necessary + # DEFAULT: empty, will be initialized as + # $USER + + $MAX_PROC = 50; # Upper limit if child processes + $MIN_PROC = 3; # keep that minimum processes alive + + $TCP_PORT = 12525; # The TCP port on which policyd-weight + # listens for policy requests from postfix + + $BIND_ADDRESS = '127.0.0.1'; # IP-Address on which policyd-weight will + # listen for requests. + # You may only list ONE IP here, if you want + # to listen on all IPs you need to say 'all' + # here. Default is '127.0.0.1'. + # You need to restart policyd-weight if you + # change this. + + $SOMAXCONN = 1024; # Maximum of client connections + # policyd-weight accepts + # Default: 1024 + + + $CHILDIDLE = 240; # how many seconds a child may be idle before + # it dies. + + $PIDFILE = "/var/run/policyd-weight.pid"; + +@ diff --git a/.rcs/shadow,v b/.rcs/shadow,v new file mode 100644 index 0000000..7218b89 --- /dev/null +++ b/.rcs/shadow,v @@ -0,0 +1,135 @@ +head 1.3; +access; +symbols; +locks; strict; +comment @# @; + + +1.3 +date 2010.12.01.22.18.09; author root; state Exp; +branches; +next 1.2; + +1.2 +date 2010.12.01.21.24.20; author root; state Exp; +branches; +next 1.1; + +1.1 +date 2010.12.01.18.53.27; author root; state Exp; +branches; +next ; + + +desc +@Initialising repository +@ + + +1.3 +log +@Checked in. +@ +text +@root:$6$0briKxmJ$IhtNDwr2yTK6nImlWue6P.NqFEURw9rOYmTXImRGR6EyBsls.yh.CIay2UU01fJ18NGmnNw7NkccUoVNlSgvL1:14942:0::::: +bin:*:9797:0::::: +daemon:*:9797:0::::: +adm:*:9797:0::::: +lp:*:9797:0::::: +sync:*:9797:0::::: +shutdown:*:9797:0::::: +halt:*:9797:0::::: +mail:*:9797:0::::: +news:*:9797:0::::: +uucp:*:9797:0::::: +operator:*:9797:0::::: +man:*:9797:0::::: +postmaster:*:9797:0::::: +cron:!:14942:::::: +ftp:!:14944:::::: +sshd:!:14931:::::: +at:!:14942:::::: +games:!:14755:0:99999:7::: +named:!:14942:::::: +mysql:!:14943:::::: +apache:!:14944:::::: +ulogd:!:14942:::::: +tcpdump:!:14942:::::: +messagebus:!:14943:::::: +nagios:!:14944:::::: +teamspeak3:!:14944:::::: +polw:!:14944:::::: +postgrey:!:14944:::::: +amavis:!:14944:::::: +clamav:!:14944:::::: +proftpd:!:14755:0:99999:7::: +rpc:!:14943:::::: +ntp:!:14942:::::: +postfix:!:14944:::::: +smmsp:!:14944:::::: +portage:!:14944:::::: +ldap:!:14943:::::: +nobody:*:9797:0::::: +taurec:$1$aIByn.zw$HuqtNPuXReU4CqFQ21D0m1:14754:0:99999:7::: +morph:$1$VXZ6JKs.$5BFb1vxIPcpV8qvfGU9721:14756:0:99999:7::: +patrick:$6$cayHKFTo$y3plIUQem6gONYo/D.VqfmcUJRgJ08lxWKzr.Q2NYw9P6BWOGLFgNi6HyWQ8sCjR9Ky7cWvBULtyxJG4xq2Bq1:14756:0:99999:7::: +vivi:$6$XgM4lbim$X2/XVS1Ymb1g0jDaoEFXaBvBRGpTFEk/PwZabvj1f2fRClMCJi4wDW1yOE2ScY6DBwmk9rHfykwI2u5WFgMe..:14756:0:99999:7::: +frank:$6$DFnYHGpc$8YQInxXqQjHzWX/1m3xCeK8Myr1t4NoehN.HYeSrdVQU6IAr7BTjgn4yex.eTTSWysqnfGQxXe5yE.P4aIn8p.:14758:0:99999:7::: +doris:$6$ytvH/1Wr$TBx1U/JLr62XC5slXfmU3fm1qz8wDqS5Awa23RYk7yxNTYEuRukEOOyq6wGhoB32NJqBtLR/8lPW0Ed6jGnFa0:14756:0:99999:7::: +davis:$1$3T8Trt8I$msRWT6I6Th7I4Oh/ZPJ5L0:14756:0:99999:7::: +thomas:$1$0XWKbUsf$U73Y/KdvYm6RVQMwMUowF0:14756:0:99999:7::: +vmail:$1$PlXil62T$WTZDda6da9pKsgvD3S4vu.:14756:0:99999:7::: +alfred:$6$7QGTopxZ$8cZaNAdFh9HPzgmo2J1klt1pXKacybRWfp3BnTY3q8ufnp8lNYFEdstvxgHD9iqSL8FpvrsGeC3V3BXhgzZO/.:14756:0:99999:7::: +steffen:$6$hjuxkJql$9/ANdpksdci1A40kjix8xMXEnrhCeGlfGxHxsWHADY44Xe.NY0sahgAzIAhTtX5/gIaCoTU37z2QbHCoBPy5k0:14756:0:99999:7::: +heiko:$1$OcX7G9Sq$YjjhAKtIp7UyxeZuHysq7/:14756:0:99999:7::: +@ + + +1.2 +log +@Checked in. +@ +text +@d19 1 +d32 1 +d36 1 +d40 4 +d45 7 +@ + + +1.1 +log +@Initial revision +@ +text +@a1 4 +halt:*:9797:0::::: +operator:*:9797:0::::: +shutdown:*:9797:0::::: +sync:*:9797:0::::: +d6 3 +a9 1 +postmaster:*:9797:0::::: +d12 5 +a16 1 +nobody:*:9797:0::::: +d18 1 +a18 1 +cron:!:14942:::::: +d20 2 +a21 1 +at:!:14942:::::: +a23 5 +ntp:!:14942:::::: +frank:$6$DFnYHGpc$8YQInxXqQjHzWX/1m3xCeK8Myr1t4NoehN.HYeSrdVQU6IAr7BTjgn4yex.eTTSWysqnfGQxXe5yE.P4aIn8p.:14758:0:99999:7::: +ldap:!:14943:::::: +mysql:!:14943:::::: +rpc:!:14943:::::: +a24 2 +apache:!:14944:::::: +ftp:!:14944:::::: +a26 1 +postfix:!:14944:::::: +d31 7 +@ diff --git a/.rcs/smartd.conf,v b/.rcs/smartd.conf,v new file mode 100644 index 0000000..9b7254f --- /dev/null +++ b/.rcs/smartd.conf,v @@ -0,0 +1,162 @@ +head 1.1; +access; +symbols; +locks; strict; +comment @# @; + + +1.1 +date 2010.11.29.22.15.07; author root; state Exp; +branches; +next ; + + +desc +@Initialising repository +@ + + +1.1 +log +@Initial revision +@ +text +@# Sample configuration file for smartd. See man smartd.conf. + +# Home page is: http://smartmontools.sourceforge.net + +# $Id: smartd.conf,v 1.45 2006/11/12 23:39:04 dpgilbert Exp $ + +# smartd will re-read the configuration file if it receives a HUP +# signal + +# The file gives a list of devices to monitor using smartd, with one +# device per line. Text after a hash (#) is ignored, and you may use +# spaces and tabs for white space. You may use '\' to continue lines. + +# You can usually identify which hard disks are on your system by +# looking in /proc/ide and in /proc/scsi. + +# The word DEVICESCAN will cause any remaining lines in this +# configuration file to be ignored: it tells smartd to scan for all +# ATA and SCSI devices. DEVICESCAN may be followed by any of the +# Directives listed below, which will be applied to all devices that +# are found. Most users should comment out DEVICESCAN and explicitly +# list the devices that they wish to monitor. +DEVICESCAN + +# Alternative setting to ignore temperature and power-on hours reports +# in syslog. +#DEVICESCAN -I 194 -I 231 -I 9 + +# Alternative setting to report more useful raw temperature in syslog. +#DEVICESCAN -R 194 -R 231 -I 9 + +# Alternative setting to report raw temperature changes >= 5 Celsius +# and min/max temperatures. +#DEVICESCAN -I 194 -I 231 -I 9 -W 5 + +# First (primary) ATA/IDE hard disk. Monitor all attributes, enable +# automatic online data collection, automatic Attribute autosave, and +# start a short self-test every day between 2-3am, and a long self test +# Saturdays between 3-4am. +#/dev/hda -a -o on -S on -s (S/../.././02|L/../../6/03) + +# Monitor SMART status, ATA Error Log, Self-test log, and track +# changes in all attributes except for attribute 194 +#/dev/hdb -H -l error -l selftest -t -I 194 + +# Monitor all attributes except normalized Temperature (usually 194), +# but track Temperature changes >= 4 Celsius, report Temperatures +# >= 45 Celsius and changes in Raw value of Reallocated_Sector_Ct (5). +# Send mail on SMART failures or when Temperature is >= 55 Celsius. +#/dev/hdc -a -I 194 -W 4,45,55 -R 5 -m admin@@example.com + +# An ATA disk may appear as a SCSI device to the OS. If a SCSI to +# ATA Translation (SAT) layer is between the OS and the device then +# this can be flagged with the '-d sat' option. This situation may +# become common with SATA disks in SAS and FC environments. +# /dev/sda -a -d sat + +# A very silent check. Only report SMART health status if it fails +# But send an email in this case +#/dev/hdc -H -C 0 -U 0 -m admin@@example.com + +# First two SCSI disks. This will monitor everything that smartd can +# monitor. Start extended self-tests Wednesdays between 6-7pm and +# Sundays between 1-2 am +#/dev/sda -d scsi -s L/../../3/18 +#/dev/sdb -d scsi -s L/../../7/01 + +# Monitor 4 ATA disks connected to a 3ware 6/7/8000 controller which uses +# the 3w-xxxx driver. Start long self-tests Sundays between 1-2, 2-3, 3-4, +# and 4-5 am. +# NOTE: starting with the Linux 2.6 kernel series, the /dev/sdX interface +# is DEPRECATED. Use the /dev/tweN character device interface instead. +# For example /dev/twe0, /dev/twe1, and so on. +#/dev/sdc -d 3ware,0 -a -s L/../../7/01 +#/dev/sdc -d 3ware,1 -a -s L/../../7/02 +#/dev/sdc -d 3ware,2 -a -s L/../../7/03 +#/dev/sdc -d 3ware,3 -a -s L/../../7/04 + +# Monitor 2 ATA disks connected to a 3ware 9000 controller which uses +# the 3w-9xxx driver (Linux, FreeBSD). Start long self-tests Tuesdays +# between 1-2 and 3-4 am. +#/dev/twa0 -d 3ware,0 -a -s L/../../2/01 +#/dev/twa0 -d 3ware,1 -a -s L/../../2/03 + +# Same as above for Windows. Option '-d 3ware,N' is not necessary, +# disk (port) number is specified in device name. +# NOTE: On Windows, DEVICESCAN works also for 3ware controllers. +#/dev/hdc,0 -a -s L/../../2/01 +#/dev/hdc,1 -a -s L/../../2/03 + +# Monitor 3 ATA disks directly connected to a HighPoint RocketRAID. Start long +# self-tests Sundays between 1-2, 2-3, and 3-4 am. +#/dev/sdd -d hpt,1/1 -a -s L/../../7/01 +#/dev/sdd -d hpt,1/2 -a -s L/../../7/02 +#/dev/sdd -d hpt,1/3 -a -s L/../../7/03 + +# Monitor 2 ATA disks connected to the same PMPort which connected to the +# HighPoint RocketRAID. Start long self-tests Tuesdays between 1-2 and 3-4 am +#/dev/sdd -d hpt,1/4/1 -a -s L/../../2/01 +#/dev/sdd -d hpt,1/4/2 -a -s L/../../2/03 + +# HERE IS A LIST OF DIRECTIVES FOR THIS CONFIGURATION FILE. +# PLEASE SEE THE smartd.conf MAN PAGE FOR DETAILS +# +# -d TYPE Set the device type: ata, scsi, marvell, removable, 3ware,N, hpt,L/M/N +# -T TYPE set the tolerance to one of: normal, permissive +# -o VAL Enable/disable automatic offline tests (on/off) +# -S VAL Enable/disable attribute autosave (on/off) +# -n MODE No check. MODE is one of: never, sleep, standby, idle +# -H Monitor SMART Health Status, report if failed +# -l TYPE Monitor SMART log. Type is one of: error, selftest +# -f Monitor for failure of any 'Usage' Attributes +# -m ADD Send warning email to ADD for -H, -l error, -l selftest, and -f +# -M TYPE Modify email warning behavior (see man page) +# -s REGE Start self-test when type/date matches regular expression (see man page) +# -p Report changes in 'Prefailure' Normalized Attributes +# -u Report changes in 'Usage' Normalized Attributes +# -t Equivalent to -p and -u Directives +# -r ID Also report Raw values of Attribute ID with -p, -u or -t +# -R ID Track changes in Attribute ID Raw value with -p, -u or -t +# -i ID Ignore Attribute ID for -f Directive +# -I ID Ignore Attribute ID for -p, -u or -t Directive +# -C ID Report if Current Pending Sector count non-zero +# -U ID Report if Offline Uncorrectable count non-zero +# -W D,I,C Monitor Temperature D)ifference, I)nformal limit, C)ritical limit +# -v N,ST Modifies labeling of Attribute N (see man page) +# -a Default: equivalent to -H -f -t -l error -l selftest -C 197 -U 198 +# -F TYPE Use firmware bug workaround. Type is one of: none, samsung +# -P TYPE Drive-specific presets: use, ignore, show, showall +# # Comment: text after a hash sign is ignored +# \ Line continuation character +# Attribute ID is a decimal integer 1 <= ID <= 255 +# except for -C and -U, where ID = 0 turns them off. +# All but -d, -m and -M Directives are only implemented for ATA devices +# +# If the test string DEVICESCAN is the first uncommented text +# then smartd will scan for devices /dev/hd[a-l] and /dev/sd[a-z] +# DEVICESCAN may be followed by any desired Directives. +@ diff --git a/.rcs/ulogd.conf,v b/.rcs/ulogd.conf,v new file mode 100644 index 0000000..4574ebe --- /dev/null +++ b/.rcs/ulogd.conf,v @@ -0,0 +1,311 @@ +head 1.3; +access; +symbols; +locks; strict; +comment @# @; + + +1.3 +date 2010.10.12.07.51.44; author root; state Exp; +branches; +next 1.2; + +1.2 +date 2010.05.27.09.10.01; author root; state Exp; +branches; +next 1.1; + +1.1 +date 2010.05.26.09.20.32; author root; state Exp; +branches; +next ; + + +desc +@Initial +@ + + +1.3 +log +@Checked in. +@ +text +@# Example configuration for ulogd +# $Id$ +# Adapted to Debian by Achilleas Kotsis + +[global] +###################################################################### +# GLOBAL OPTIONS +###################################################################### + + +# logfile for status messages +logfile="/var/log/ulogd/daemon.log" + +# loglevel: debug(1), info(3), notice(5), error(7) or fatal(8) +loglevel=3 + +###################################################################### +# PLUGIN OPTIONS +###################################################################### + +# We have to configure and load all the plugins we want to use + +# general rules: +# 1. load the plugins _first_ from the global section +# 2. options for each plugin in seperate section below + + +plugin="/usr/lib64/ulogd/ulogd_inppkt_NFLOG.so" +plugin="/usr/lib64/ulogd/ulogd_inppkt_ULOG.so" +plugin="/usr/lib64/ulogd/ulogd_inpflow_NFCT.so" +plugin="/usr/lib64/ulogd/ulogd_filter_IFINDEX.so" +plugin="/usr/lib64/ulogd/ulogd_filter_IP2STR.so" +plugin="/usr/lib64/ulogd/ulogd_filter_IP2BIN.so" +plugin="/usr/lib64/ulogd/ulogd_filter_PRINTPKT.so" +plugin="/usr/lib64/ulogd/ulogd_filter_HWHDR.so" +plugin="/usr/lib64/ulogd/ulogd_filter_PRINTFLOW.so" +#plugin="/usr/lib64/ulogd/ulogd_filter_MARK.so" +plugin="/usr/lib64/ulogd/ulogd_output_LOGEMU.so" +#plugin="/usr/lib64/ulogd/ulogd_output_SYSLOG.so" +#plugin="/usr/lib64/ulogd/ulogd_output_XML.so" +#plugin="/usr/lib64/ulogd/ulogd_output_OPRINT.so" +#plugin="/usr/lib64/ulogd/ulogd_output_NACCT.so" +#plugin="/usr/lib64/ulogd/ulogd_output_PCAP.so" +#plugin="/usr/lib64/ulogd/ulogd_output_PGSQL.so" +#plugin="/usr/lib64/ulogd/ulogd_output_MYSQL.so" +#plugin="/usr/lib64/ulogd/ulogd_output_DBI.so" +plugin="/usr/lib64/ulogd/ulogd_raw2packet_BASE.so" + +# this is a stack for logging packet send by system via LOGEMU +stack=log1:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU + +# this is a stack for packet-based logging via LOGEMU +stack=log2:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU + +# this is a stack for ULOG packet-based logging via LOGEMU +stack=ulog1:ULOG,base1:BASE,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU + +# this is a stack for packet-based logging via LOGEMU with filtering on MARK +#stack=log2:NFLOG,mark1:MARK,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU + +# this is a stack for flow-based logging via LOGEMU +#stack=ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,emu1:LOGEMU + +# this is a stack for flow-based logging via OPRINT +#stack=ct1:NFCT,op1:OPRINT + +# this is a stack for flow-based logging via XML +#stack=ct1:NFCT,xml1:XML + +# this is a stack for logging in XML +#stack=log1:NFLOG,xml1:XML + +# this is a stack for NFLOG packet-based logging to PCAP +#stack=log2:NFLOG,base1:BASE,pcap1:PCAP + +# this is a stack for logging packet to MySQL +#stack=log2:NFLOG,base1:BASE,ifi1:IFINDEX,ip2bin1:IP2BIN,mac2str1:HWHDR,mysql1:MYSQL + +# this is a stack for logging packet to PGsql after a collect via NFLOG +#stack=log2:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,mac2str1:HWHDR,pgsql1:PGSQL + +# this is a stack for logging packets to syslog after a collect via NFLOG +#stack=log3:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,sys1:SYSLOG + +# this is a stack for flow-based logging to MySQL +#stack=ct1:NFCT,ip2bin1:IP2BIN,mysql2:MYSQL + +# this is a stack for flow-based logging to PGSQL +#stack=ct1:NFCT,ip2str1:IP2STR,pgsql2:PGSQL + +# this is a stack for flow-based logging to PGSQL without local hash +#stack=ct1:NFCT,ip2str1:IP2STR,pgsql3:PGSQL + + +# this is a stack for flow-based logging in NACCT compatible format +#stack=ct1:NFCT,ip2str1:IP2STR,nacct1:NACCT + +[ct1] +#netlink_socket_buffer_size=217088 +#netlink_socket_buffer_maxsize=1085440 +#netlink_resync_timeout=60 # seconds to wait to perform resynchronization +#pollinterval=10 # use poll-based logging instead of event-driven + +[ct2] +#netlink_socket_buffer_size=217088 +#netlink_socket_buffer_maxsize=1085440 +hash_enable=0 + +# Logging of system packet through NFLOG +[log1] +# netlink multicast group (the same as the iptables --nflog-group param) +# Group O is used by the kernel to log connection tracking invalid message +group=0 +#netlink_socket_buffer_size=217088 +#netlink_socket_buffer_maxsize=1085440 +# set number of packet to queue inside kernel +#netlink_qthreshold=1 +# set the delay before flushing packet in the queue inside kernel (in 10ms) +#netlink_qtimeout=100 + +# packet logging through NFLOG for group 1 +[log2] +# netlink multicast group (the same as the iptables --nflog-group param) +group=1 # Group has to be different from the one use in log1 +#netlink_socket_buffer_size=217088 +#netlink_socket_buffer_maxsize=1085440 +# If your kernel is older than 2.6.29 and if a NFLOG input plugin with +# group 0 is not used by any stack, you need to have at least one NFLOG +# input plugin with bind set to 1. If you don't do that you may not +# receive any message from the kernel. +#bind=1 + +# packet logging through NFLOG for group 2, numeric_label is +# set to 1 +[log3] +# netlink multicast group (the same as the iptables --nflog-group param) +group=2 # Group has to be different from the one use in log1/log2 +numeric_label=1 # you can label the log info based on the packet verdict +#netlink_socket_buffer_size=217088 +#netlink_socket_buffer_maxsize=1085440 +#bind=1 + +[ulog1] +# netlink multicast group (the same as the iptables --ulog-nlgroup param) +nlgroup=1 +#numeric_label=0 # optional argument + +[emu1] +file="/var/log/ulogd/syslogemu.log" +sync=1 + +[op1] +file="/var/log/ulogd/oprint.log" +#file="/var/log/ulogd_oprint.log" +sync=1 + +[xml1] +directory="/var/log/ulogd/" +sync=1 + +[pcap1] +sync=1 + +[mysql1] +db="nulog" +host="localhost" +user="nupik" +table="ulog" +pass="changeme" +procedure="INSERT_PACKET_FULL" + +[mysql2] +db="nulog" +host="localhost" +user="nupik" +table="ulog" +pass="changeme" +procedure="INSERT_CT" + +[pgsql1] +db="nulog" +host="localhost" +user="nupik" +table="ulog" +pass="changeme" +procedure="INSERT_PACKET_FULL" + +[pgsql2] +db="nulog" +host="localhost" +user="nupik" +table="ulog2_ct" +pass="changeme" +procedure="INSERT_CT" + +[pgsql3] +db="nulog" +host="localhost" +user="nupik" +table="ulog2_ct" +pass="changeme" +procedure="INSERT_OR_REPLACE_CT" + +[dbi1] +db="ulog2" +dbtype="pgsql" +host="localhost" +user="ulog2" +table="ulog" +pass="ulog2" +procedure="INSERT_PACKET_FULL" + +[sys2] +facility=LOG_LOCAL2 + +[nacct1] +sync = 1 + +[mark1] +mark = 1 +@ + + +1.2 +log +@Checked in. +@ +text +@d2 1 +a2 1 +# $Id: ulogd.conf,v 1.1 2010/05/26 09:20:32 root Exp $ +d40 1 +d67 6 +d101 2 +d118 2 +a119 2 +# set the delay before flushing packet in the queue inside kernel (in ms) +#netlink_qtimeout=1000 +d154 5 +@ + + +1.1 +log +@Initial revision +@ +text +@d2 1 +a2 1 +# $Id$ +d12 1 +a12 1 +logfile="/var/log/ulogd.log" +d15 1 +a15 1 +loglevel=1 +d29 1 +a29 1 +#plugin="/usr/lib64/ulogd/ulogd_inppkt_ULOG.so" +d39 1 +a39 1 +plugin="/usr/lib64/ulogd/ulogd_output_SYSLOG.so" +d49 1 +a49 1 +#stack=log1:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU +d52 1 +a52 1 +#stack=log2:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU +d55 1 +a55 1 +#stack=ulog1:ULOG,base1:BASE,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU +d140 1 +a140 1 +file="/var/log/ulogd_syslogemu.log" +d144 1 +a144 1 +file="/var/log/ulogd_oprint.log" +@ diff --git a/motd b/motd deleted file mode 100644 index 2cc520e..0000000 --- a/motd +++ /dev/null @@ -1,15 +0,0 @@ -Linux helga 3.0.6-gentoo #1 SMP Wed Oct 26 22:31:04 CEST 2011 x86_64 Quad-Core AMD Opteron(tm) Processor 1381 AuthenticAMD GNU/Linux -Gentoo Base System release 2.0.3 - ## ## ### - ## ## ## - ## ## #### ## ##### ##### - ###### ## ## ## ## ## ## ## - ## ## ######## ## ## ## ## ## -## ## ## ## ###### ## ### -## ## #### #### ## ### ## - ##### - -Nimm die Schaufel nicht so voll, wenn die Arbeit reichen soll. - -Today is Pungenday, the 51st day of The Aftermath in the YOLD 3177 - diff --git a/pear.conf b/pear.conf new file mode 100644 index 0000000..d255cc5 --- /dev/null +++ b/pear.conf @@ -0,0 +1,2 @@ +#PEAR_Config 0.9 +a:9:{s:7:"doc_dir";s:19:"/usr/share/php/docs";s:8:"data_dir";s:19:"/usr/share/php/data";s:8:"test_dir";s:20:"/usr/share/php/tests";s:7:"php_dir";s:14:"/usr/share/php";s:7:"bin_dir";s:8:"/usr/bin";s:7:"php_bin";s:12:"/usr/bin/php";s:9:"cache_dir";s:15:"/var/cache/pear";s:12:"download_dir";s:13:"/var/tmp/pear";s:8:"temp_dir";s:4:"/tmp";} diff --git a/postfix/maps/work/.gitignore b/postfix/maps/work/.gitignore new file mode 100644 index 0000000..72e8ffc --- /dev/null +++ b/postfix/maps/work/.gitignore @@ -0,0 +1 @@ +* diff --git a/postfix/maps/work/aliases b/postfix/maps/work/aliases deleted file mode 100644 index 301a60d..0000000 --- a/postfix/maps/work/aliases +++ /dev/null @@ -1,52 +0,0 @@ -# -# Lokale Alias-Definitionen -# -# Erstellt am: 2011-12-09 00:10:02 -# -# ACHTUNG !!!!! -# -# Bitte keine manuellen Änderungen an dieser Datei! -# Zum Ändern bitte MySQL-Tabelle 'alias' in der Datenbank 'vmail' auf localhost editieren. -# - -abuse: postmaster -adm: root -apache: webmaster -bin: root -brehm: frank -daemon: root -decode: noreply -emerge: root -exim: root -f-brehm: frank -f.brehm: frank -fbr: frank -fbrehm: frank -frak: frank -frank-brehm: frank -frank.brehm: frank -ftp: root -hostmaster: root -lp: root -mail: root -mailer-daemon: postmaster -nagios: root -named: root -news: usenet -nobody: noreply -noc: root -noreply: /dev/null -operator: noreply -paludis: root -portage: root -postfix: root -postmaster: root -root: frank -security: root -sms-frank: 01716439844@t-d1-sms.de -usenet: root -uucp: root -virusalert: postmaster -webmaster: root -www: webmaster - diff --git a/postfix/maps/work/canonical b/postfix/maps/work/canonical deleted file mode 100644 index 4f86bf5..0000000 --- a/postfix/maps/work/canonical +++ /dev/null @@ -1,11 +0,0 @@ -# -# Canonical Mappings -# -# Erstellt am: 2011-12-09 00:10:02 -# -# ACHTUNG !!!!! -# -# Bitte keine manuellen Änderungen an dieser Datei! -# Zum Ändern bitte MySQL-Tabelle 'canonical' in der Datenbank 'vmail' auf localhost editieren. -# - diff --git a/postfix/maps/work/mydomains b/postfix/maps/work/mydomains deleted file mode 100644 index 136e5c1..0000000 --- a/postfix/maps/work/mydomains +++ /dev/null @@ -1,28 +0,0 @@ -# -# Alle lokalen (echten) Domänen -# -# Erstellt am: 2011-12-09 00:10:02 -# -# ACHTUNG !!!!! -# -# Bitte keine manuellen Änderungen an dieser Datei! -# Zum Ändern bitte MySQL-Tabelle 'domains' in der Datenbank 'vmail' auf localhost editieren. -# - -brehm-berlin.de brehm-berlin.de -brehm-online.eu brehm-online.eu -ftp.brehm-online.com ftp.brehm-online.com -hennig-berlin.org hennig-berlin.org -localhost localhost -localhost.brehm-online.com localhost.brehm-online.com -mail.brehm-berlin.de mail.brehm-berlin.de -mail.brehm-online.com mail.brehm-online.com -mail.brehm-online.eu mail.brehm-online.eu -mail.hennig-berlin.org mail.hennig-berlin.org -mail.uhu-banane.com mail.uhu-banane.com -mail.uhu-banane.de mail.uhu-banane.de -mail.uhu-banane.net mail.uhu-banane.net -uhu-banane.de uhu-banane.de -uhu-banane.net uhu-banane.net -www.brehm-online.com www.brehm-online.com - diff --git a/postfix/maps/work/recipient_bcc b/postfix/maps/work/recipient_bcc deleted file mode 100644 index 6fe7a8e..0000000 --- a/postfix/maps/work/recipient_bcc +++ /dev/null @@ -1,11 +0,0 @@ -# -# BCC-Zuordnungen zu lokalen Empfängern -# -# Erstellt am: 2011-12-09 00:10:02 -# -# ACHTUNG !!!!! -# -# Bitte keine manuellen Änderungen an dieser Datei! -# Zum Ändern bitte MySQL-Tabelle 'recipient_bcc' in der Datenbank 'vmail' auf localhost editieren. -# - diff --git a/postfix/maps/work/relay_domains b/postfix/maps/work/relay_domains deleted file mode 100644 index 34e6ee0..0000000 --- a/postfix/maps/work/relay_domains +++ /dev/null @@ -1,11 +0,0 @@ -# -# Alle Relay-Domänen -# -# Erstellt am: 2011-12-09 00:10:02 -# -# ACHTUNG !!!!! -# -# Bitte keine manuellen Änderungen an dieser Datei! -# Zum Ändern bitte MySQL-Tabelle 'domains' in der Datenbank 'vmail' auf localhost editieren. -# - diff --git a/postfix/maps/work/relocated b/postfix/maps/work/relocated deleted file mode 100644 index 3c872bc..0000000 --- a/postfix/maps/work/relocated +++ /dev/null @@ -1,11 +0,0 @@ -# -# Alle relocatet Mailadressen -# -# Erstellt am: 2011-12-09 00:10:02 -# -# ACHTUNG !!!!! -# -# Bitte keine manuellen Änderungen an dieser Datei! -# Zum Ändern bitte MySQL-Tabelle 'relocated' in der Datenbank 'vmail' auf localhost editieren. -# - diff --git a/postfix/maps/work/sender_bcc b/postfix/maps/work/sender_bcc deleted file mode 100644 index 305d70c..0000000 --- a/postfix/maps/work/sender_bcc +++ /dev/null @@ -1,11 +0,0 @@ -# -# BCC-Zuordnungen zu lokalen Sendern -# -# Erstellt am: 2011-12-09 00:10:02 -# -# ACHTUNG !!!!! -# -# Bitte keine manuellen Änderungen an dieser Datei! -# Zum Ändern bitte MySQL-Tabelle 'sender_bcc' in der Datenbank 'vmail' auf localhost editieren. -# - diff --git a/postfix/maps/work/virtual_alias_domains b/postfix/maps/work/virtual_alias_domains deleted file mode 100644 index d52cfca..0000000 --- a/postfix/maps/work/virtual_alias_domains +++ /dev/null @@ -1,11 +0,0 @@ -# -# Virtuelle Alias-Domänen -# -# Erstellt am: 2011-12-09 00:10:02 -# -# ACHTUNG !!!!! -# -# Bitte keine manuellen Änderungen an dieser Datei! -# Zum Ändern bitte MySQL-Tabelle 'domains' in der Datenbank 'vmail' auf localhost editieren. -# - diff --git a/postfix/maps/work/virtual_alias_maps b/postfix/maps/work/virtual_alias_maps deleted file mode 100644 index 9f60f83..0000000 --- a/postfix/maps/work/virtual_alias_maps +++ /dev/null @@ -1,17 +0,0 @@ -# -# Virtuelle Alias-Mappings -# -# Erstellt am: 2011-12-09 00:10:02 -# -# ACHTUNG !!!!! -# -# Bitte keine manuellen Änderungen an dieser Datei! -# Zum Ändern bitte MySQL-Tabelle 'virtual' in der Datenbank 'vmail' auf localhost editieren. -# - -alfred-1980@uhu-banane.net frank -alfred@uhu-banane.net frank, frank.brehm.61@googlemail.com -frak@brehm-online.com frank@brehm-online.com -nacho.libre@uhu-banane.de noreply -tabaluga@uhu-banane.net frank - diff --git a/postfix/maps/work/virtual_mailbox_domains b/postfix/maps/work/virtual_mailbox_domains deleted file mode 100644 index 77c44b7..0000000 --- a/postfix/maps/work/virtual_mailbox_domains +++ /dev/null @@ -1,13 +0,0 @@ -# -# Virtuelle Mailbox-Domänen -# -# Erstellt am: 2011-12-09 00:10:02 -# -# ACHTUNG !!!!! -# -# Bitte keine manuellen Änderungen an dieser Datei! -# Zum Ändern bitte MySQL-Tabelle 'domains' in der Datenbank 'vmail' auf localhost editieren. -# - -uhu-banane.com uhu-banane.com - diff --git a/postfix/maps/work/virtual_mailbox_maps b/postfix/maps/work/virtual_mailbox_maps deleted file mode 100644 index ee08c79..0000000 --- a/postfix/maps/work/virtual_mailbox_maps +++ /dev/null @@ -1,13 +0,0 @@ -# -# Virtuelle Mailbox-Mappings -# -# Erstellt am: 2011-12-09 00:10:02 -# -# ACHTUNG !!!!! -# -# Bitte keine manuellen Änderungen an dieser Datei! -# Zum Ändern bitte MySQL-Tabelle 'users' in der Datenbank 'vmail' auf localhost editieren. -# - -ich@uhu-banane.com /home/vmail/uhu-banane.com/ich/.maildir/ -