From 65930f3a70f92e07db42c9283065d2a7fe96e161 Mon Sep 17 00:00:00 2001 From: Frank Brehm Date: Fri, 9 Dec 2011 00:20:19 +0100 Subject: [PATCH] Erste Dateien dazu --- DIR_COLORS | 223 ++++ GeoIP.conf | 19 + adjtime | 3 + aliases | 1 + amavisd.conf | 2560 ++++++++++++++++++++++++++++++++++++++++ amavisd.conf.orig | 806 +++++++++++++ ca-certificates.conf | 159 +++ clamd.conf | 502 ++++++++ colordiffrc | 26 + colordiffrc-lightbg | 26 + cron.deny | 5 + crontab | 15 + csh.env | 23 + dhcpcd.conf | 23 + dispatch-conf.conf | 57 + dmtab | 12 + e2fsck.conf | 6 + eixrc | 29 + environment | 5 + etc-update.conf | 82 ++ filesystems | 14 + freshclam.conf | 215 ++++ fstab | 48 + fstab.orig | 27 + ftpusers | 37 + gai.conf | 75 ++ gentoo-release | 1 + gitconfig | 2 + group | 62 + gshadow | 62 + host.conf | 24 + hosts | 45 + idn.conf | 61 + idn.conf.sample | 61 + idnalias.conf | 12 + idnalias.conf.sample | 12 + inittab | 60 + inputrc | 72 ++ issue | 3 + issue.logo | 13 + krb5.conf.example | 26 + ld.so.cache | Bin 0 -> 107069 bytes ld.so.conf | 14 + ldap.conf.sudo | 5 + libaudit.conf | 7 + locale.gen | 31 + localtime | Bin 0 -> 2309 bytes login.defs | 386 ++++++ logrotate.conf | 41 + machine-id | 1 + mailcap | 25 + make.conf | 74 ++ make.conf.catalyst | 12 + make.globals | 1 + make.profile | 1 + man.conf | 144 +++ mdev.conf | 110 ++ mime.types | 1391 ++++++++++++++++++++++ mke2fs.conf | 44 + mlocate-cron.conf | 9 + motd | 15 + motd.1 | 16 + motd.tail | 8 + mtab | 21 + nail.rc | 70 ++ nanorc | 312 +++++ networks | 9 + nscd.conf | 45 + nsswitch.conf | 24 + ntp.conf | 59 + ntp.conf.orig | 52 + papersize | 1 + passwd | 52 + passwd.old | 51 + policyd-weight.conf | 260 ++++ procmailrc | 2 + profile | 63 + profile.env | 23 + protocols | 156 +++ quotagrpadmins | 8 + quotatab | 9 + rc.conf | 146 +++ request-key.conf | 37 + resolv.conf | 6 + rkhunter.conf | 979 +++++++++++++++ rmt | 8 + rpc | 69 ++ rsnapshot.conf.default | 218 ++++ rsyncd.conf | 15 + sandbox.conf | 78 ++ screenrc | 357 ++++++ screenrc.orig | 356 ++++++ securetty | 33 + sensors3.conf | 434 +++++++ services | 1184 +++++++++++++++++++ shadow | 52 + shells | 10 + smartd.conf | 146 +++ spamassassin | 1 + sudoers | 91 ++ sudoers.orig | 90 ++ sysctl.conf | 54 + sysstat | 14 + sysstat.ioconf | 268 +++++ timezone | 1 + ulogd.conf | 220 ++++ ulogd.conf.orig | 219 ++++ updatedb.conf | 17 + warnquota.conf | 69 ++ webalizer.conf | 571 +++++++++ wgetrc | 128 ++ whois.conf | 10 + 112 files changed, 14947 insertions(+) create mode 100644 DIR_COLORS create mode 100644 GeoIP.conf create mode 100644 adjtime create mode 120000 aliases create mode 100644 amavisd.conf create mode 100644 amavisd.conf.orig create mode 100644 ca-certificates.conf create mode 100644 clamd.conf create mode 100644 colordiffrc create mode 100644 colordiffrc-lightbg create mode 100644 cron.deny create mode 100644 crontab create mode 100644 csh.env create mode 100644 dhcpcd.conf create mode 100644 dispatch-conf.conf create mode 100644 dmtab create mode 100644 e2fsck.conf create mode 100644 eixrc create mode 100644 environment create mode 100644 etc-update.conf create mode 100644 filesystems create mode 100644 freshclam.conf create mode 100644 fstab create mode 100644 fstab.orig create mode 100644 ftpusers create mode 100644 gai.conf create mode 100644 gentoo-release create mode 100644 gitconfig create mode 100644 group create mode 100644 gshadow create mode 100644 host.conf create mode 100644 hosts create mode 100644 idn.conf create mode 100644 idn.conf.sample create mode 100644 idnalias.conf create mode 100644 idnalias.conf.sample create mode 100644 inittab create mode 100644 inputrc create mode 100644 issue create mode 100644 issue.logo create mode 100644 krb5.conf.example create mode 100644 ld.so.cache create mode 100644 ld.so.conf create mode 100644 ldap.conf.sudo create mode 100644 libaudit.conf create mode 100644 locale.gen create mode 100644 localtime create mode 100644 login.defs create mode 100644 logrotate.conf create mode 100644 machine-id create mode 100644 mailcap create mode 100644 make.conf create mode 100644 make.conf.catalyst create mode 120000 make.globals create mode 120000 make.profile create mode 100644 man.conf create mode 100644 mdev.conf create mode 100644 mime.types create mode 100644 mke2fs.conf create mode 100644 mlocate-cron.conf create mode 100644 motd create mode 100644 motd.1 create mode 100644 motd.tail create mode 100644 mtab create mode 100644 nail.rc create mode 100644 nanorc create mode 100644 networks create mode 100644 nscd.conf create mode 100644 nsswitch.conf create mode 100644 ntp.conf create mode 100644 ntp.conf.orig create mode 100644 papersize create mode 100644 passwd create mode 100644 passwd.old create mode 100644 policyd-weight.conf create mode 100644 procmailrc create mode 100644 profile create mode 100644 profile.env create mode 100644 protocols create mode 100644 quotagrpadmins create mode 100644 quotatab create mode 100644 rc.conf create mode 100644 request-key.conf create mode 100644 resolv.conf create mode 100644 rkhunter.conf create mode 100755 rmt create mode 100644 rpc create mode 100644 rsnapshot.conf.default create mode 100644 rsyncd.conf create mode 100644 sandbox.conf create mode 100644 screenrc create mode 100644 screenrc.orig create mode 100644 securetty create mode 100644 sensors3.conf create mode 100644 services create mode 100644 shadow create mode 100644 shells create mode 100644 smartd.conf create mode 120000 spamassassin create mode 100644 sudoers create mode 100644 sudoers.orig create mode 100644 sysctl.conf create mode 100644 sysstat create mode 100644 sysstat.ioconf create mode 100644 timezone create mode 100644 ulogd.conf create mode 100644 ulogd.conf.orig create mode 100644 updatedb.conf create mode 100644 warnquota.conf create mode 100644 webalizer.conf create mode 100644 wgetrc create mode 100644 whois.conf diff --git a/DIR_COLORS b/DIR_COLORS new file mode 100644 index 0000000..985fcae --- /dev/null +++ b/DIR_COLORS @@ -0,0 +1,223 @@ +# Configuration file for dircolors, a utility to help you set the +# LS_COLORS environment variable used by GNU ls with the --color option. + +# Copyright (C) 1996, 1999-2010 Free Software Foundation, Inc. +# Copying and distribution of this file, with or without modification, +# are permitted provided the copyright notice and this notice are preserved. + +# The keywords COLOR, OPTIONS, and EIGHTBIT (honored by the +# slackware version of dircolors) are recognized but ignored. + +# You can copy this file to .dir_colors in your $HOME directory to override +# the system defaults. + +# Below, there should be one TERM entry for each termtype that is colorizable +TERM Eterm +TERM ansi +TERM color-xterm +TERM con132x25 +TERM con132x30 +TERM con132x43 +TERM con132x60 +TERM con80x25 +TERM con80x28 +TERM con80x30 +TERM con80x43 +TERM con80x50 +TERM con80x60 +TERM cons25 +TERM console +TERM cygwin +TERM dtterm +TERM eterm-color +TERM gnome +TERM gnome-256color +TERM jfbterm +TERM konsole +TERM kterm +TERM linux +TERM linux-c +TERM mach-color +TERM mlterm +TERM putty +TERM rxvt +TERM rxvt-256color +TERM rxvt-cygwin +TERM rxvt-cygwin-native +TERM rxvt-unicode +TERM rxvt-unicode-256color +TERM rxvt-unicode256 +TERM screen +TERM screen-256color +TERM screen-256color-bce +TERM screen-bce +TERM screen-w +TERM screen.rxvt +TERM screen.linux +TERM terminator +TERM vt100 +TERM xterm +TERM xterm-16color +TERM xterm-256color +TERM xterm-88color +TERM xterm-color +TERM xterm-debian + +# Below are the color init strings for the basic file types. A color init +# string consists of one or more of the following numeric codes: +# Attribute codes: +# 00=none 01=bold 04=underscore 05=blink 07=reverse 08=concealed +# Text color codes: +# 30=black 31=red 32=green 33=yellow 34=blue 35=magenta 36=cyan 37=white +# Background color codes: +# 40=black 41=red 42=green 43=yellow 44=blue 45=magenta 46=cyan 47=white +#NORMAL 00 # no color code at all +#FILE 00 # regular file: use no color at all +RESET 0 # reset to "normal" color +DIR 01;34 # directory +LINK 01;36 # symbolic link. (If you set this to 'target' instead of a + # numerical value, the color is as for the file pointed to.) +MULTIHARDLINK 00 # regular file with more than one link +FIFO 40;33 # pipe +SOCK 01;35 # socket +DOOR 01;35 # door +BLK 40;33;01 # block device driver +CHR 40;33;01 # character device driver +ORPHAN 01;05;37;41 # orphaned syminks +MISSING 01;05;37;41 # ... and the files they point to +SETUID 37;41 # file that is setuid (u+s) +SETGID 30;43 # file that is setgid (g+s) +CAPABILITY 30;41 # file with capability +STICKY_OTHER_WRITABLE 30;42 # dir that is sticky and other-writable (+t,o+w) +OTHER_WRITABLE 34;42 # dir that is other-writable (o+w) and not sticky +STICKY 37;44 # dir with the sticky bit set (+t) and not other-writable + +# This is for files with execute permission: +EXEC 01;32 + +# List any file extensions like '.gz' or '.tar' that you would like ls +# to colorize below. Put the extension, a space, and the color init string. +# (and any comments you want to add after a '#') + +# If you use DOS-style suffixes, you may want to uncomment the following: +#.cmd 01;32 # executables (bright green) +#.exe 01;32 +#.com 01;32 +#.btm 01;32 +#.bat 01;32 +# Or if you want to colorize scripts even if they do not have the +# executable bit actually set. +#.sh 01;32 +#.csh 01;32 + + # archives or compressed (bright red) +.tar 01;31 +.tgz 01;31 +.arj 01;31 +.taz 01;31 +.lzh 01;31 +.lzma 01;31 +.tlz 01;31 +.txz 01;31 +.zip 01;31 +.z 01;31 +.Z 01;31 +.dz 01;31 +.gz 01;31 +.lz 01;31 +.xz 01;31 +.bz2 01;31 +.bz 01;31 +.tbz 01;31 +.tbz2 01;31 +.tz 01;31 +.deb 01;31 +.rpm 01;31 +.jar 01;31 +.rar 01;31 +.ace 01;31 +.zoo 01;31 +.cpio 01;31 +.7z 01;31 +.rz 01;31 + +# image formats +.jpg 01;35 +.jpeg 01;35 +.gif 01;35 +.bmp 01;35 +.pbm 01;35 +.pgm 01;35 +.ppm 01;35 +.tga 01;35 +.xbm 01;35 +.xpm 01;35 +.tif 01;35 +.tiff 01;35 +.png 01;35 +.svg 01;35 +.svgz 01;35 +.mng 01;35 +.pcx 01;35 +.mov 01;35 +.mpg 01;35 +.mpeg 01;35 +.m2v 01;35 +.mkv 01;35 +.ogm 01;35 +.mp4 01;35 +.m4v 01;35 +.mp4v 01;35 +.vob 01;35 +.qt 01;35 +.nuv 01;35 +.wmv 01;35 +.asf 01;35 +.rm 01;35 +.rmvb 01;35 +.flc 01;35 +.avi 01;35 +.fli 01;35 +.flv 01;35 +.gl 01;35 +.dl 01;35 +.xcf 01;35 +.xwd 01;35 +.yuv 01;35 +.cgm 01;35 +.emf 01;35 + +# http://wiki.xiph.org/index.php/MIME_Types_and_File_Extensions +.axv 01;35 +.anx 01;35 +.ogv 01;35 +.ogx 01;35 + +# Document files +.pdf 00;32 +.ps 00;32 +.txt 00;32 +.patch 00;32 +.diff 00;32 +.log 00;32 +.tex 00;32 +.doc 00;32 + +# audio formats +.aac 00;36 +.au 00;36 +.flac 00;36 +.mid 00;36 +.midi 00;36 +.mka 00;36 +.mp3 00;36 +.mpc 00;36 +.ogg 00;36 +.ra 00;36 +.wav 00;36 + +# http://wiki.xiph.org/index.php/MIME_Types_and_File_Extensions +.axa 00;36 +.oga 00;36 +.spx 00;36 +.xspf 00;36 diff --git a/GeoIP.conf b/GeoIP.conf new file mode 100644 index 0000000..33f5526 --- /dev/null +++ b/GeoIP.conf @@ -0,0 +1,19 @@ +# If you purchase a subscription to the GeoIP database, +# then you will obtain a license key which you can +# use to automatically obtain updates. +# for more details, please go to +# http://www.maxmind.com/app/products + +# see https://www.maxmind.com/app/license_key_login to obtain License Key, +# UserId, and available ProductIds + +# Enter your license key here +LicenseKey YOUR_LICENSE_KEY_HERE + +# Enter your User ID here +UserId YOUR_USER_ID_HERE + +# Enter the Product ID(s) of the database(s) you would like to update +# By default 106 (MaxMind GeoIP Country) is listed below +ProductIds 106 + diff --git a/adjtime b/adjtime new file mode 100644 index 0000000..3537aac --- /dev/null +++ b/adjtime @@ -0,0 +1,3 @@ +0.000000 1294695034 0.000000 +1294695034 +UTC diff --git a/aliases b/aliases new file mode 120000 index 0000000..2dc1ac7 --- /dev/null +++ b/aliases @@ -0,0 +1 @@ +postfix/maps/aliases \ No newline at end of file diff --git a/amavisd.conf b/amavisd.conf new file mode 100644 index 0000000..0834395 --- /dev/null +++ b/amavisd.conf @@ -0,0 +1,2560 @@ +use strict; + +# Sample configuration file for amavisd-new (traditional style, chatty, +# you may prefer to start with the more concise supplied amavisd.conf) +# +# See amavisd.conf-default for a list of all variables with their defaults; +# for more details see documentation in INSTALL, README_FILES/* +# and at http://www.ijs.si/software/amavisd/amavisd-new-docs.html + +# This software is licensed under the GNU General Public License (GPL). +# See comments at the start of amavisd-new for the whole license text. + +#Sections: +# Section I - Essential daemon and MTA settings +# Section II - MTA specific +# Section III - Logging +# Section IV - Notifications/DSN, bounce/reject/discard/pass, quarantine +# Section V - Per-recipient and per-sender handling, whitelisting, etc. +# Section VI - Resource limits +# Section VII - External programs, virus scanners, SpamAssassin +# Section VIII - Debugging +# Section IX - Policy banks (dynamic policy switching) + +#GENERAL NOTES: +# This file is a normal Perl code, interpreted by Perl itself. +# - make sure this file (or directory where it resides) is NOT WRITABLE +# by mere mortals (not even vscan/amavis; best to make it owned by root), +# otherwise it can represent a severe security risk! +# - for values which are interpreted as booleans, it is recommended +# to use 1 for true, and 0 or undef or '' for false; +# Note that this interpretation of boolean values does not apply directly +# to LDAP and SQL lookups, which follow their own rules - see README.lookups +# and README.ldap (in short: use Y/N in SQL, and TRUE/FALSE in LDAP); +# - Perl syntax applies. Most notably: strings in "" may include variables +# (which start with $ or @); to include characters $ and @ and \ in double +# quoted strings precede them by a backslash; in single-quoted strings +# the $ and @ lose their special meaning, so it is usually easier to use +# single quoted strings (or qw operator) for e-mail addresses. +# In both types of quoting a backslash should to be doubled. +# - variables with names starting with a '@' are lists, the values assigned +# to them should be lists too, e.g. ('one@foo', $mydomain, "three"); +# note the comma-separation and parenthesis. If strings in the list +# do not contain spaces nor variables, a Perl operator qw() may be used +# as a shorthand to split its argument on whitespace and produce a list +# of strings, e.g. qw( one@foo example.com three ); Note that the argument +# to qw is quoted implicitly and no variable interpretation is done within +# (no '$' variable evaluations). The #-initiated comments can NOT be used +# within a string. In other words, $ and # lose their special meaning +# within a qw argument, just like within '...' strings. +# - all e-mail addresses in this file and as used internally by the daemon +# are in their raw (rfc2821-unquoted and non-bracketed) form, i.e. +# Bob "Funny" Dude@example.com, not: "Bob \"Funny\" Dude"@example.com +# and not <"Bob \"Funny\" Dude"@example.com>; also: '' and not '<>'. +# - the term 'default value' in examples below refers to the value of a +# variable pre-assigned to it by the program; any explicit assignment +# to a variable in this configuration file overrides the default value; + + +# +# Section I - Essential daemon and MTA settings +# + +# $MYHOME serves as a quick default for some other configuration settings. +# More refined control is available with each individual setting further down. +# $MYHOME is not used directly by the program. No trailing slash! +$MYHOME = '/var/amavis'; # (default is '/var/amavis'), -H + +# $mydomain serves as a quick default for some other configuration settings. +# More refined control is available with each individual setting further down. +# $mydomain is never used directly by the program. +$mydomain = 'brehm-online.com'; # (no useful default) + +# $myhostname = 'host.example.com'; # fqdn of this host, default by uname(3) +$myhostname = 'helga.brehm-online.com'; + +# Set the user and group to which the daemon will change if started as root +# (otherwise just keeps the UID unchanged, and these settings have no effect): +$daemon_user = 'amavis'; # (no default; customary: vscan or amavis), -u +$daemon_group = 'amavis'; # (no default; customary: vscan or amavis), -g + +# Runtime working directory (cwd), and a place where +# temporary directories for unpacking mail are created. +# (no trailing slash, may be a scratch file system) +#$TEMPBASE = $MYHOME; # (must be set if other config vars use is), -T +$TEMPBASE = "$MYHOME/tmp"; # prefer to keep home dir /var/amavis clean? + +#$db_home = "$MYHOME/db"; # DB databases directory, default "$MYHOME/db", -D + +# $helpers_home sets environment variable HOME, and is passed as option +# 'home_dir_for_helpers' to Mail::SpamAssassin::new. It should be a directory +# on a normal persistent file system, not a scratch or temporary file system +#$helpers_home = $MYHOME; # (defaults to $MYHOME), -S + +# Run the daemon in the specified chroot jail if nonempty: +#$daemon_chroot_dir = $MYHOME; # (default is undef, meaning: do not chroot), -R + +#$pid_file = "$MYHOME/amavisd.pid"; # (default is "$MYHOME/amavisd.pid"), -P +#$lock_file = "$MYHOME/amavisd.lock"; # (default is "$MYHOME/amavisd.lock"), -L + +# set environment variables if you want (no defaults): +$ENV{TMPDIR} = $TEMPBASE; # used for SA temporary files, by some decoders, etc. + +$enable_db = 1; # enable use of BerkeleyDB/libdb (SNMP and nanny) +$enable_global_cache = 1; # enable use of libdb-based cache if $enable_db=1 + +$enable_dkim_verification = 0; # enable DKIM signatures verification +$enable_dkim_signing = 0; # load DKIM signing code, keys defined by dkim_key + +# MTA SETTINGS, UNCOMMENT AS APPROPRIATE, +# both $forward_method and $notify_method default to 'smtp:[127.0.0.1]:10025' + +# POSTFIX, or SENDMAIL in dual-MTA setup, or EXIM V4 +# (set host and port number as required; host can be specified +# as an IP address or a DNS name (A or CNAME, but MX is ignored) +#$forward_method = 'smtp:[127.0.0.1]:10025'; # where to forward checked mail +#$notify_method = $forward_method; # where to submit notifications + +#$os_fingerprint_method = 'p0f:127.0.0.1:2345'; # query p0f-analyzer.pl + +# To make it possible for several hosts to share one content checking daemon, +# the IP address and/or the port number in $forward_method and $notify_method +# may be spacified as an asterisk. An asterisk in the colon-separated +# second field (host) will be replaced by the SMTP client peer address, +# An asterisk in the third field (tcp port) will be replaced by the incoming +# SMTP/LMTP session port number plus one. This obsoletes the previously used +# less flexible configuration parameter $relayhost_is_client. An example: +# $forward_method = 'smtp:*:*'; $notify_method = 'smtp:*:10587'; + + +# NOTE: The defaults (above) are good for Postfix or dual-sendmail. You MUST +# uncomment the appropriate settings below if using other setups! + +# SENDMAIL MILTER, using amavis-milter.c helper program: +#$forward_method = undef; # no explicit forwarding, sendmail does it by itself +# milter; option -odd is needed to avoid deadlocks +#$notify_method = 'pipe:flags=q argv=/usr/sbin/sendmail -Ac -i -odd -f ${sender} -- ${recipient}'; +# just a thought: can we use use -Am instead of -odd ? + +# SENDMAIL (old non-milter setup, as relay, deprecated): +#$forward_method = 'pipe:flags=q argv=/usr/sbin/sendmail -C/etc/sendmail.orig.cf -i -f ${sender} -- ${recipient}'; +#$notify_method = $forward_method; + +# SENDMAIL (old non-milter setup, amavis.c calls local delivery agent, deprecated): +#$forward_method = undef; # no explicit forwarding, amavis.c will call LDA +#$notify_method = 'pipe:flags=q argv=/usr/sbin/sendmail -Ac -i -f ${sender} -- ${recipient}'; + +# EXIM v3 (not recommended with v4 or later, which can use SMTP setup instead): +#$forward_method = 'pipe:flags=q argv=/usr/sbin/exim -oMr scanned-ok -i -f ${sender} -- ${recipient}'; +#$notify_method = $forward_method; + +# COURIER using courierfilter +#$forward_method = undef; # no explicit forwarding, Courier does it itself +#$notify_method = 'pipe:flags=q argv=perl -e $pid=fork();if($pid==-1){exit(75)}elsif($pid==0){exec(@ARGV)}else{exit(0)} /usr/sbin/sendmail -f ${sender} -- ${recipient}'; +# Only set $courierfilter_shutdown to 1 if you are using courierfilter to +# control the startup and shutdown of amavis +#$courierfilter_shutdown = 1; # (default 0) + +# prefer to collect mail for forwarding as BSMTP files? +#$forward_method = "bsmtp:$MYHOME/out-%i-%n.bsmtp"; +#$notify_method = $forward_method; + +@auth_mech_avail = qw(PLAIN LOGIN); +$auth_required_inp = 0; +$auth_required_out = 0; + +# Net::Server pre-forking settings +# The $max_servers should match the width of your MTA pipe +# feeding amavisd, e.g. with Postfix the 'Max procs' field in the +# master.cf file, like the '2' in the: smtp-amavis unix - - n - 2 smtp +# +$max_servers = 2; # num of pre-forked children (2..30 is common), -m +$max_requests = 20; # retire a child after that many accepts (default 20) + +$child_timeout=5*60; # abort child if it does not complete its processing in + # approximately n seconds (default: 8*60 seconds) + +$smtpd_timeout = 120; # disconnect session if client is idle for too long + # (default: 8*60 seconds); should be higher than a + # Postfix setting max_idle (default 100s) + +# Here is a QUICK WAY to completely DISABLE some sections of code +# that WE DO NOT WANT (it won't even be compiled-in). +# For more refined controls leave the following two lines commented out, +# and see further down what these two lookup lists really mean. +# +# @bypass_virus_checks_maps = (1); # controls running of anti-virus code +# @bypass_spam_checks_maps = (1); # controls running of anti-spam code +# $bypass_decode_parts = 1; # controls running of decoders&dearchivers +# +# Any setting can be changed with a new assignment, so make sure +# you do not unintentionally override these settings further down! + +# Check also the settings of @av_scanners at the end if you want to use +# virus scanners. If not, you may want to delete the whole long assignment +# to the variable @av_scanners and @av_scanners_backup, which will also +# remove the virus checking code (e.g. if you only want to do spam scanning). + + +# Lookup list of local domains (see README.lookups for syntax details) +# +# @local_domains_maps is a list of lookup tables which are used in deciding +# whether a recipient is local or not, or in other words, if the message is +# outgoing or not. This affects inserting spam-related and OS fingerprinting +# header fields for local recipients, editing Subject header field and allowing +# mail body defanging, limiting recipient notifications to local recipients, +# in deciding if address extension may be appended, in matching mail addresses +# to non-fqdn SQL record keys, for proper operation of pen pals feature, +# for selecting statistics counters (distinguishing outgoing from internal- +# to internal mail), and possibly more in future versions. +# Set it up correctly if you need features that rely on this setting. +# +# With Postfix (2.0) a quick hint on what local domains normally are: +# a union of domains specified in: mydestination, virtual_alias_domains, +# virtual_mailbox_domains, and relay_domains. + +@local_domains_maps = ( [".$mydomain"] ); # $mydomain and its subdomains +# @local_domains_maps = (); # default is empty list, no recip. considered local +# @local_domains_maps = # using ACL lookup table +# ( [ ".$mydomain", 'sub.example.net', '.example.com' ] ); +# @local_domains_maps = # similar, split list elements on whitespace +# ( [qw( .example.com !host.sub.example.net .sub.example.net )] ); +# @local_domains_maps = ( new_RE( qr'[@.]example\.com$'i ) ); # using regexp +# @local_domains_maps = ( read_hash("$MYHOME/local_domains") ); # using hash +# perhaps combined with Postfix: mydestination = /var/amavis/local_domains +# for debugging purposes: dump_hash($local_domains_maps[0]); +# +# Section II - MTA specific (defaults should be ok) +# + +#$insert_received_line = 1; # behave like MTA: insert 'Received:' header + # (does not apply to sendmail/milter) + # (default is true) + +# AMAVIS-CLIENT AND COURIER PROTOCOL INPUT SETTINGS (e.g. amavisd-release, or +# sendmail milter through helper clients like amavis-milter.c and amavis.c) +# option(s) -p overrides $inet_socket_port and $unix_socketname +$unix_socketname = "$MYHOME/amavisd.sock"; # amavis helper protocol socket +#$unix_socketname = undef; # disable listening on a unix socket + # (default is undef, i.e. disabled) +#$unix_socketname = "/var/lib/courier/allfilters/amavisd"; # Courier socket + # (usual setting is $MYHOME/amavisd.sock) + +# SMTP SERVER (INPUT) PROTOCOL SETTINGS (e.g. with Postfix, Exim v4, ...) +# (used when MTA is configured to pass mail to amavisd via SMTP or LMTP) +$inet_socket_port = 10024; # accept SMTP on this local TCP port + # (default is undef, i.e. disabled) +# multiple ports may be provided: $inet_socket_port = [10024, 10026, 10028]; + +# SMTP SERVER (INPUT) access control +# - do not allow free access to the amavisd SMTP port !!! +# +# when MTA is at the same host, use the following (one or the other or both): +#$inet_socket_bind = '127.0.0.1'; # limit socket bind to loopback interface + # (default is '127.0.0.1') +@inet_acl = qw(127.0.0.1 [::1]); # allow SMTP access only from localhost IP + # (default is qw(127.0.0.1 [::1]) ) + +# when MTA (one or more) is on a different host, use the following: +#@inet_acl = qw(127.0.0.0/8 [::1] 10.1.0.1 10.1.0.2); # adjust list as needed +#$inet_socket_bind = undef; # bind to all IP interfaces if undef + +# +# Example1: +# @inet_acl = qw( 127/8 10/8 172.16/12 192.168/16 ); +# permit only SMTP access from loopback and rfc1918 private address space +# +# Example2: +# @inet_acl = qw( !192.168.1.12 172.16.3.3 !172.16.3/255.255.255.0 +# 127.0.0.1 10/8 172.16/12 192.168/16 ); +# matches loopback and rfc1918 private address space except host 192.168.1.12 +# and net 172.16.3/24 (but host 172.16.3.3 within 172.16.3/24 still matches) +# +# Example3: +# @inet_acl = qw( 127/8 +# !172.16.3.0 !172.16.3.127 172.16.3.0/25 +# !172.16.3.128 !172.16.3.255 172.16.3.128/25 ); +# matches loopback and both halves of the 172.16.3/24 C-class, +# split into two subnets, except all four broadcast addresses +# for these subnets + + +# @mynetworks is an IP access list which determines if the original SMTP client +# IP address belongs to our internal networks, i.e. mail is coming from inside. +# It is much like the Postfix parameter 'mynetworks' in semantics and similar +# in syntax, and its value should normally match the Postfix counterpart. +# It only affects the value of a macro %l (=sender-is-local), +# and the loading of policy 'MYNETS' if present (see below). +# Note that '-o smtp_send_xforward_command=yes' (or its lmtp counterpart) +# must be enabled in the Postfix service that feeds amavisd, otherwise +# client IP address is not available to amavisd-new. +# +# @mynetworks = qw( 127.0.0.0/8 [::1] [FE80::]/10 [FEC0::]/10 +# 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 ); # default +# +# A list of networks can also be read from a file, either as an IP acl in +# CIDR notation, one address per line (comments and empty lines are allowed): +# @mynetworks_maps = (read_array('/etc/amavisd-mynetworks'), \@mynetworks); +# +# or less flexibly (but provides faster lookups for large lists) by reading +# into a hash lookup table, which only allows for full addresses or classful +# IPv4 subnets with truncated octets, such as 127, 10, 192.168, 10.11.12.13, +# one address per line (comments and empty lines are allowed): +# @mynetworks_maps = (read_hash('/etc/amavisd-mynetworks'), \@mynetworks); + +# See README.lookups for details on specifying access control lists. + + +# +# Section III - Logging +# + +# true (e.g. 1) => syslog; false (e.g. 0) => logging to file +$DO_SYSLOG = 1; # (defaults to 0) + +$syslog_ident = 'amavis'; # Syslog ident string (defaults to 'amavis') +$syslog_facility = 'mail'; # Syslog facility as a string + # e.g.: mail, daemon, user, local0, ... local7, ... +$syslog_priority = 'info'; # Syslog base (minimal) priority as a string, + # choose from: emerg, alert, crit, err, warning, notice, info, debug + +# Log file (if not using syslog) +$LOGFILE = "$MYHOME/amavis.log"; # (defaults to empty, no log) + +#NOTE: levels are not strictly observed and are somewhat arbitrary +# 0: startup/exit/failure messages, viruses detected +# 1: args passed from client, some more interesting messages +# 2: virus scanner output, timing +# 3: server, client +# 4: decompose parts +# 5: more debug details +$log_level = 3; # (defaults to 0), -d + +# Customizable template for the most interesting log file entry (e.g. with +# $log_level=0) (take care to properly quote Perl special characters like '\') +# For a list of available macros see README.customize . + +# $log_templ = undef; # undef disables by-message level-0 log entries +$log_recip_templ = undef; # undef disables by-recipient level-0 log entries + + +# log both infected and noninfected messages (as deflt, with size,subj,tests): +# (remove the leading '#' and a space in the following lines to activate) + +# $log_templ = <<'EOD'; +# [?%#D|#|Passed # +# [? [:ccat|major] |OTHER|CLEAN|MTA-BLOCKED|OVERSIZED|BAD-HEADER|SPAMMY|SPAM|\ +# UNCHECKED|BANNED (%F)|INFECTED (%V)]# +# , [? %p ||%p ][?%a||[?%l||LOCAL ]\[%a\] ][?%e||\[%e\] ]%s -> [%D|,]# +# [? %q ||, quarantine: %q]# +# [? %Q ||, Queue-ID: %Q]# +# [? %m ||, Message-ID: %m]# +# [? %r ||, Resent-Message-ID: %r]# +# , mail_id: %i# +# , Hits: [:SCORE]# +# , size: %z# +# [~[:remote_mta_smtp_response]|["^$"]||[", queued_as: "]]\ +# [remote_mta_smtp_response|[~%x|["queued as ([0-9A-Z]+)$"]|["%1"]|["%0"]]|/]# +# [? [:header_field|Subject] ||, Subject: [:dquote|[:header_field|Subject]]]# +# [? [:header_field|From] ||, From: [:uquote|[:header_field|From]]]# +# [? [:useragent|name] ||, [:useragent|name]: [:uquote|[:useragent|body]]]# +# [? %#T ||, Tests: \[[%T|,]\]]# +# [:supplementary_info|SCTYPE|, shortcircuit=%%s]# +# [:supplementary_info|AUTOLEARN|, autolearn=%%s]# +# , %y ms# +# ] +# [?%#O|#|Blocked # +# [? [:ccat|major|blocking] |# +# OTHER|CLEAN|MTA-BLOCKED|OVERSIZED|BAD-HEADER|SPAMMY|SPAM|\ +# UNCHECKED|BANNED (%F)|INFECTED (%V)]# +# , [? %p ||%p ][?%a||[?%l||LOCAL ]\[%a\] ][?%e||\[%e\] ]%s -> [%O|,]# +# [? %q ||, quarantine: %q]# +# [? %Q ||, Queue-ID: %Q]# +# [? %m ||, Message-ID: %m]# +# [? %r ||, Resent-Message-ID: %r]# +# , mail_id: %i# +# , Hits: [:SCORE]# +# , size: %z# +# #, smtp_resp: [:smtp_response]# +# [? [:header_field|Subject] ||, Subject: [:dquote|[:header_field|Subject]]]# +# [? [:header_field|From] ||, From: [:uquote|[:header_field|From]]]# +# [? [:useragent|name] ||, [:useragent|name]: [:uquote|[:useragent|body]]]# +# [? %#T ||, Tests: \[[%T|,]\]]# +# [:supplementary_info|SCTYPE|, shortcircuit=%%s]# +# [:supplementary_info|AUTOLEARN|, autolearn=%%s]# +# , %y ms# +# ] +# EOD + +# +# Section IV - Notifications/DSN, bounce/reject/discard/pass, quarantine +# + +# Select notifications text encoding when Unicode-aware Perl is converting +# text from internal character representation to external encoding (charset +# in MIME terminology). Used as argument to Perl Encode::encode subroutine. +# +# to be used in RFC 2047-encoded header field bodies, e.g. in Subject: +#$hdr_encoding = 'iso-8859-1'; # MIME charset (default: 'iso-8859-1') +#$hdr_encoding_qb = 'Q'; # MIME encoding: quoted-printable (default) +#$hdr_encoding_qb = 'B'; # MIME encoding: base64 +# +# to be used in notification body text: its encoding and Content-type.charset +#$bdy_encoding = 'iso-8859-1'; # (default: 'iso-8859-1') + +# Default template texts for notifications may be overruled by directly +# assigning new text to template variables, or by reading template text +# from files. A second argument may be specified in a call to read_text(), +# specifying character encoding layer to be used when reading from the +# external file, e.g. 'utf8', 'iso-8859-1', or often just $bdy_encoding. +# Text will be converted to internal character representation by Perl 5.8.0 +# or later; second argument is ignored otherwise. See PerlIO::encoding, +# Encode::PerlIO and perluniintro man pages. +# +# $notify_sender_templ = read_text("$MYHOME/notify_sender.txt"); +# $notify_virus_sender_templ= read_text("$MYHOME/notify_virus_sender.txt"); +# $notify_virus_admin_templ = read_text("$MYHOME/notify_virus_admin.txt"); +# $notify_virus_recips_templ= read_text("$MYHOME/notify_virus_recips.txt"); +# $notify_spam_sender_templ = read_text("$MYHOME/notify_spam_sender.txt"); +# $notify_spam_admin_templ = read_text("$MYHOME/notify_spam_admin.txt"); + +# If notification template files are collectively available in some directory, +# one may call read_l10n_templates which invokes read_text for each known +# template. This is primarily a Debian-specific feature, but was incorporated +# into base code to facilitate porting. +# +# read_l10n_templates('/etc/amavis/en_US'); +# +# If read_l10n_templates is called, a localization template directory must +# contain the following files: +# charset this file should contain a one-line name +# of the character set used in the template +# files (e.g. utf8, iso-8859-2, ...) and is +# passed as the second argument to read_text; +# template-dsn.txt content fills the $notify_sender_templ +# template-virus-sender.txt content fills the $notify_virus_sender_templ +# template-virus-admin.txt content fills the $notify_virus_admin_templ +# template-virus-recipient.txt content fills the $notify_virus_recips_templ +# template-spam-sender.txt content fills the $notify_spam_sender_templ +# template-spam-admin.txt content fills the $notify_spam_admin_templ + +# Here is an overall picture (sequence of events) of how pieces fit together +# +# bypass_virus_checks set for all recipients? ==> PASS +# no viruses? ==> PASS +# log virus if $log_templ is nonempty +# quarantine if $virus_quarantine_to is nonempty +# notify admin if $virus_admin (lookup) nonempty +# notify recips if $warnvirusrecip and (recipient is local or $warn_offsite) +# add address extensions for local recipients (when enabled) +# send (non-)delivery notifications +# to sender if DSN needed (BOUNCE or ($warnvirussender and D_PASS)) +# virus_lovers or final_destiny==D_PASS ==> PASS +# DISCARD (2xx) or REJECT (5xx) (depending on final_*_destiny) +# +# Equivalent flow diagram applies for spam checks. +# If a virus is detected, spam checking is skipped entirely. + +# The following symbolic constants can be used in *_destiny settings: +# +# D_PASS mail will pass to recipients, regardless of bad contents; +# +# D_DISCARD mail will not be delivered to its recipients, sender will NOT be +# notified. Effectively we lose mail (but will be quarantined +# unless disabled). Losing mail is not decent for a mailer, +# but might be desired. +# +# D_BOUNCE mail will not be delivered to its recipients, a non-delivery +# notification (bounce) will be sent to the sender by amavisd-new; +# Exception: bounce (DSN) will not be sent if a virus name matches +# @viruses_that_fake_sender_maps, or to messages from mailing lists +# (Precedence: bulk|list|junk), or for spam level that exceeds +# the $sa_dsn_cutoff_level. +# +# D_REJECT mail will not be delivered to its recipients, sender should +# preferably get a reject, e.g. SMTP permanent reject response +# (e.g. with milter), or non-delivery notification from MTA +# (e.g. Postfix). If this is not possible (e.g. different recipients +# have different tolerances to bad mail contents and not using LMTP) +# amavisd-new sends a bounce by itself (same as D_BOUNCE). +# Not to be used with Postfix or dual-MTA setups! +# +# Notes: +# D_REJECT and D_BOUNCE are similar, the difference is in who is responsible +# for informing the sender about non-delivery, and how informative +# the notification can be (amavisd-new knows more than MTA); +# With D_REJECT, MTA may reject original SMTP, or send DSN (delivery status +# notification, colloquially called 'bounce') - depending on MTA; +# Best suited for sendmail milter and Courier, especially for spam. +# With D_BOUNCE, amavisd-new (not MTA) sends DSN (can better explain the +# reason for mail non-delivery or even suppress DSN, but unable +# to reject the original SMTP session). Best suited to reporting +# viruses, and for Postfix and other dual-MTA setups, which can't +# reject original client SMTP session, as the mail has already +# been enqueued. + +# Alternatives to consider for spam: +# - use D_PASS if clients will do filtering based on inserted +# mail headers or added address extensions ('plus-addressing'); +# - use D_DISCARD, if kill_level is set comfortably high; +# +# D_BOUNCE is preferred for viruses, but consider: +# - use D_PASS (or virus_lovers) to deliver viruses; +# - use D_REJECT instead of D_BOUNCE if using Courier or milter and under heavy +# virus storm; + + +# The use of new *_by_ccat hashes is illustrated by the following examples +# on configuring final_*_destiny. + + +# using traditional settings of $final_*_destiny variables, relying on a +# default setting of an associative array %final_destiny_by_ccat which is +# backwards compatible and contains references to these traditional variables: +# +$final_virus_destiny = D_REJECT; # (defaults to D_DISCARD) +$final_banned_destiny = D_REJECT; # (defaults to D_BOUNCE) +$final_spam_destiny = D_REJECT; # (defaults to D_BOUNCE) +$final_bad_header_destiny = D_PASS; # (defaults to D_PASS) + +######## +# +# Please think about what you are doing when you set these options. +# If necessary, question your origanization's e-mail policies: +# +# D_BOUNCE contributes to the overall spread of virii and spam on the +# internet. Both the envelope and header from addresses can be forged +# accurately with no effort, causing the bounces to go to innocent parties, +# whose addresses have been forged. +# +# D_DISCARD breaks internet mail specifications. However, with a +# properly implemented Quaratine system, the concern for breaking the +# specification is addressed to some extent. +# +# D_PASS is the safest way to handle e-mails. You must implement +# client-side filtering to handle this method. +# +# -Cory Visi 07/28/04 +# +####### + +# to explicitly list all (or most) possible contents category (ccat) keys: +%final_destiny_by_ccat = ( + CC_VIRUS, D_DISCARD, + CC_BANNED, D_BOUNCE, + CC_UNCHECKED, D_PASS, + CC_SPAM, D_DISCARD, + CC_BADH, D_PASS, + CC_OVERSIZED, D_BOUNCE, + CC_CLEAN, D_PASS, + CC_CATCHALL, D_PASS, +); + +# to rely on a catchall ccat key and only list exceptions (alternative 1): +#%final_destiny_by_ccat = ( +# CC_VIRUS, D_DISCARD, +# CC_BANNED, D_BOUNCE, +# CC_SPAM, D_BOUNCE, +# CC_BADH.',4', D_BOUNCE, # BadHdrSpace +# CC_BADH.',3', D_BOUNCE, # BadHdrChar +# CC_OVERSIZED, D_BOUNCE, +# CC_CATCHALL, D_PASS, +#); + +# to rely on a catchall ccat key and list exceptions (alternative 2): +#%final_destiny_by_ccat = ( +# CC_VIRUS, D_DISCARD, +# CC_UNCHECKED, D_PASS, +# CC_BADH.',6', D_PASS, # BadHdrSyntax +# CC_BADH.',5', D_PASS, # BadHdrLong +# CC_BADH.',2', D_PASS, # BadHdr8bit +# CC_BADH.',1', D_PASS, # BadHdrMime +# CC_CLEAN, D_PASS, +# CC_CATCHALL, D_BOUNCE, +#); + +# to rely on a catchall ccat key and list exceptions (alternative 3): +#%final_destiny_by_ccat = ( +# CC_VIRUS, D_DISCARD, +# CC_UNCHECKED, D_PASS, +# CC_BADH.',4', D_BOUNCE, # BadHdrSpace +# CC_BADH.',3', D_BOUNCE, # BadHdrChar +# CC_BADH, D_PASS, # sub-catchall for CC_BADH +# CC_CLEAN, D_PASS, +# CC_CATCHALL, D_BOUNCE, +#); + +# to rely on a default %final_destiny_by_ccat and only change few settings: +#$final_destiny_by_ccat{+CC_SPAM} = D_PASS; +#$final_destiny_by_ccat{+CC_BADH} = D_BOUNCE; +#$final_destiny_by_ccat{+CC_BADH.',2'} = D_PASS; # BadHdr8bit + + + +# For monitoring / testing purposes let the administrator receive a copy +# of certain delivery status notifications that are mailed back to senders: +# +#%dsn_bcc_by_ccat = ( +# CC_BANNED, undef, +# CC_SPAM, undef, +# CC_BADH, undef, +# CC_CATCHALL, 'admin+test@example.com', +#); +# +# or use a simpler form, taking advantage of defaults in %dsn_bcc_by_ccat: +#$dsn_bcc = 'admin+test@example.com'; + + +# The following $warn*sender settings are ONLY used when mail is +# actually passed to recipients ($final_*_destiny=D_PASS, or *_lovers*). +# Bounces or rejects produce non-delivery status notification regardless. +# +# Notify sender of syntactically invalid header containing non-ASCII chars? +#$warnbadhsender = 1; # (defaults to false (undef)) + +# Notify virus (or banned files or bad headers) RECIPIENT? +# (not very useful, but some policies demand it) +#$warnvirusrecip = 1; # (defaults to false (undef)) +#$warnbannedrecip = 1; # (defaults to false (undef)) +#$warnbadhrecip = 1; # (defaults to false (undef)) + +# Notify also non-local virus/banned recipients if $warn*recip is true? +# (including those not matching local_domains*) +#$warn_offsite = 1; # (defaults to false (undef), i.e. only notify locals) + + +# Treat envelope sender address as unreliable and don't send sender +# notification / bounces if name(s) of detected virus(es) match the list. +# Note that virus names are supplied by external virus scanner(s) and are +# not standardized, so virus names may need to be adjusted. +# See README.lookups for syntax, check also README.policy-on-notifications. +# If the intention is to treat all viruses as faking the sender address, it +# is equivalent but more efficient to just set $final_virus_destiny=D_DISCARD; +# +@viruses_that_fake_sender_maps = (new_RE( + qr'nimda|hybris|klez|bugbear|yaha|braid|sobig|fizzer|palyh|peido|holar'i, + qr'tanatos|lentin|bridex|mimail|trojan\.dropper|dumaru|parite|spaces'i, + qr'dloader|galil|gibe|swen|netwatch|bics|sbrowse|sober|rox|val(hal)?la'i, + qr'frethem|sircam|be?agle|tanx|mydoom|novarg|shimg|netsky|somefool|moodown'i, + qr'@mm|@MM', # mass mailing viruses as labeled by f-prot and uvscan + qr'Worm'i, # worms as labeled by ClamAV, Kaspersky, etc +# [qr'^(EICAR|Joke\.|Junk\.)'i => 0], +# [qr'^(WM97|OF97|W95/CIH-|JS/Fort)'i => 0], + [qr/^/ => 1], # true by default (remove or comment-out if undesired) +)); + +# where to send ADMIN VIRUS NOTIFICATIONS (should be a fully qualified address) +# - the administrator envelope address may be a simple fixed e-mail address +# (a scalar), or may depend on the RECIPIENT address (e.g. its domain). +# +# Empty or undef lookup disables virus admin notifications. + +# The full set of configurable administrator addresses is: +# @virus_admin_maps ... notifications to admin about viruses +# @newvirus_admin_maps ... newly encountered viruses since amavisd startup +# @spam_admin_maps ... notifications to admin about spam +# @banned_admin_maps ... notifications to admin about banned contents +# @bad_header_admin_maps ... notifications to admin about bad headers + +$virus_admin = "virusalert\@$mydomain"; +# $virus_admin = 'virus-admin@example.com'; +# $virus_admin = undef; # do not send virus admin notifications (default) +# +#@virus_admin_maps = ( # by-recipient maps +# {'not.example.com' => '', +# '.' => 'virusalert@example.com'}, +# $virus_admin, # the usual default +#); + +# equivalent to $virus_admin, but for spam admin notifications: +# $spam_admin = "spamalert\@$mydomain"; +# $spam_admin = undef; # do not send spam admin notifications (default) +#@spam_admin_maps = ( # by-recipient maps +# {'not.example.com' => '', +# '.' => 'spamalert@example.com'}, +# $spam_admin, # the usual default +#); + +# receive a copy of all delivery status notifications sent; +# useful for testing or monitoring +#$dsn_bcc = "mailadmin\@$mydomain"; + +#advanced example, using a hash lookup table and a scalar default, +#lookup key is a recipient envelope address: +#@virus_admin_maps = ( # by-recipient maps +# { 'baduser@sub1.example.com' => 'HisBoss@sub1.example.com', +# '.sub1.example.com' => 'virusalert@sub1.example.com', +# '.sub2.example.com' => '', # don't send admin notifications +# 'a.sub3.example.com' => 'abuse@sub3.example.com', +# '.sub3.example.com' => 'virusalert@sub3.example.com', +# '.example.com' => 'noc@example.com', # default for our virus senders +# }, +# 'virusalert@hq.example.com', # catchall for the rest +#); + +# sender envelope address, from which notification reports are sent from; +# may be a null reverse path, or a fully qualified address: +# (admin and recip sender addresses default to a null return path). +# If using strings in double quotes, don't forget to quote @, i.e. \@ +# +$mailfrom_notify_admin = "virusalert\@$mydomain"; +$mailfrom_notify_recip = "virusalert\@$mydomain"; +$mailfrom_notify_spamadmin = "spam.police\@$mydomain"; + +# 'From' HEADER FIELD for sender and admin notifications. +# This should be a replyable address, see rfc1894. Not to be confused +# with $mailfrom_notify_sender, which is the envelope return address +# and can be empty (null reverse path) according to rfc2821. +# +# The syntax of the 'From' header field is specified in rfc2822, section +# '3.4. Address Specification'. Note in particular that display-name must be +# a quoted-string if it contains any special characters like spaces and dots. +# +# $hdrfrom_notify_sender = "amavisd-new "; +# $hdrfrom_notify_sender = 'amavisd-new '; +# $hdrfrom_notify_sender = '"Content-Filter Master" '; +# $hdrfrom_notify_admin = $mailfrom_notify_admin; +# $hdrfrom_notify_spamadmin = $mailfrom_notify_spamadmin; +# (default: "\"Content-filter at $myhostname\" ") + +# whom quarantined messages appear to be sent from (envelope sender); +# keeps original sender if undef, or set it explicitly, default is undef +$mailfrom_to_quarantine = ''; # override sender address with null return path + + +# Location to put infected mail into: (applies to 'local:' quarantine method) +# empty for not quarantining, may be a file (Unix-style mailbox), +# or a directory (no trailing slash) +# (the default value is undef, meaning no quarantine) +# +$QUARANTINEDIR = "$MYHOME/quarantine"; + +#$quarantine_subdir_levels = 1; # add level of subdirs to disperse quarantine + +#$clean_quarantine_method = 'local:clean-%m'; # disabled by default +#$virus_quarantine_method = 'local:virus-%m'; # default +#$spam_quarantine_method = 'local:spam-%m.gz'; # default +#$banned_files_quarantine_method = 'local:banned-%m'; # default +#$bad_header_quarantine_method = 'local:badh-%m'; # default + +# Separate quarantine subdirectories virus, spam, banned and badh within +# the directory $QUARANTINEDIR may be specified by the following settings +# (the subdirectories need to exist - must be created manually): +#$clean_quarantine_method = 'local:clean/%m'; +#$virus_quarantine_method = 'local:virus/%m'; +#$spam_quarantine_method = 'local:spam/%m.gz'; +#$banned_files_quarantine_method = 'local:banned/%m'; +#$bad_header_quarantine_method = 'local:badh/%m'; +# +#use the 'bsmtp:' method as an alternative to the default 'local:' +#$virus_quarantine_method = "bsmtp:$QUARANTINEDIR/virus-%m.bsmtp"; +#$spam_quarantine_method = "bsmtp:$QUARANTINEDIR/spam-%m.bsmtp"; +# +#using the 'pipe:' method might be useful for some special purpose: +#$mailfrom_to_quarantine = undef; # pass on the original sender address +#$spam_quarantine_method = 'pipe:argv=/usr/bin/myscript.sh spam-%b ${sender}'; +# +#using the 'sql:' method to store quarantined message to a SQL database: +#$virus_quarantine_method = $spam_quarantine_method = +# $banned_files_quarantine_method = $bad_header_quarantine_method = 'sql:'; + +# Send copy of every mail to an archival mail address: +#$archive_quarantine_method = $notify_method; +#@archive_quarantine_to_maps = ( 'collector@example.com' ); + + +# When using the 'local:' quarantine method (default), the following applies: +# +# A finer control of quarantining is available through +# variables $virus_quarantine_method/$spam_quarantine_method/ +# $banned_files_quarantine_method/$bad_header_quarantine_method. +# +# The value of scalar $virus_quarantine_to/$spam_quarantine_to (or a +# per-recipient lookup result from lookup tables @virus_quarantine_to_maps) +# is/are interpreted as follows: +# +# VARIANT 1: +# empty or undef disables quarantine; +# +# VARIANT 2: +# a string NOT containing an '@'; +# amavisd will behave as a local delivery agent (LDA) and will quarantine +# viruses to local files according to hash %local_delivery_aliases (pseudo +# aliases map) - see subroutine mail_to_local_mailbox() for details. +# Some of the predefined aliases are 'virus-quarantine' and 'spam-quarantine'. +# Setting $virus_quarantine_to ($spam_quarantine_to) to this string will: +# +# * if $QUARANTINEDIR is a directory, each quarantined virus will go +# to a separate file in the $QUARANTINEDIR directory (traditional +# amavis style, similar to maildir mailbox format); +# +# * otherwise $QUARANTINEDIR is treated as a file name of a Unix-style +# mailbox. All quarantined messages will be appended to this file. +# Amavisd child process must obtain an exclusive lock on the file during +# delivery, so this may be less efficient than using individual files +# or forwarding to MTA, and it may not work across NFS or other non-local +# file systems (but may be handy for pickup of quarantined files via IMAP +# for example); +# +# VARIANT 3: +# any email address (must contain '@'). +# The e-mail messages to be quarantined will be handed to MTA +# for delivery to the specified address. If a recipient address local to MTA +# is desired, you may leave the domain part empty, e.g. 'infected@', but the +# '@' character must nevertheless be included to distinguish it from variant 2. +# +# This variant enables more refined delivery control made available by MTA +# (e.g. its aliases file, other local delivery agents, dealing with +# privileges and file locking when delivering to user's mailbox, nonlocal +# delivery and forwarding, fan-out lists). Make sure the mail-to-be-quarantined +# will not be handed back to amavisd for checking, as this will cause a loop +# (hopefully broken at some stage)! If this can be assured, notifications +# will benefit too from not being unnecessarily virus-scanned. +# +# By default this is safe to do with Postfix and Exim v4 and dual-sendmail +# setup, but probably not safe with sendmail milter interface without tricks. + +# (default values are: virus-quarantine, banned-quarantine, spam-quarantine) + +$virus_quarantine_to = 'virus-quarantine'; # traditional local quarantine +#$virus_quarantine_to = 'infected@'; # forward to MTA for delivery +#$virus_quarantine_to = "virus-quarantine\@$mydomain"; # similar +#$virus_quarantine_to = 'virus-quarantine@example.com'; # similar +#$virus_quarantine_to = undef; # no quarantine +# +# lookup key is envelope recipient address: +#@virus_quarantine_to_maps = ( # per-recip multiple quarantines +# new_RE( [qr'^user@example\.com$'i => 'infected@'], +# [qr'^(.*)@example\.com$'i => 'virus-${1}@example.com'], +# [qr'^(.*)(@[^@])?$'i => 'virus-${1}${2}'] ), +# $virus_quarantine_to, # the usual default +#); + +# similar for banned names and bad headers and spam (set to undef to disable) +$banned_quarantine_to = 'banned-quarantine'; # local quarantine +$bad_header_quarantine_to = 'bad-header-quarantine'; # local quarantine +$spam_quarantine_to = 'spam-quarantine'; # local quarantine + +# or to a mailbox: +#$spam_quarantine_to = "spam-quarantine\@$mydomain"; +# +#@spam_quarantine_to_maps = ( # per-recip quarantines +# new_RE( [qr'^(.*)@example\.com$'i => 'spam-${1}@example.com'] ), +# $spam_quarantine_to, # the usual default +#); + + +# In addition to per-recip quarantine, a by-sender lookup is possible. +# It is similar to $spam_quarantine_to, but the lookup key is the +# envelope sender address: +#$spam_quarantine_bysender_to = undef; # dflt: no by-sender spam quarantine + + +# Spam level beyond which quarantining is disabled (global value): +#$sa_quarantine_cutoff_level = 20; # dflt: undef, which disables this feature + +#@spam_quarantine_cutoff_level_maps = ( # per-recip. quarantine cutoff levels +# { 'user1@example.com' => 20.5, +# 'postmaster@example.com' => 9999, +# '.example.com' => 25 }, +# \$sa_quarantine_cutoff_level, # catchall default +#); + + +# Add X-Virus-Scanned header field to mail? +$X_HEADER_TAG = 'X-Virus-Scanned'; # (default: 'X-Virus-Scanned') + +# Set to empty to add no header field # (dflt "$myproduct_name at $mydomain") +# $X_HEADER_LINE = "$myproduct_name at $mydomain"; +# $X_HEADER_LINE = "by $myproduct_name using ClamAV at $mydomain"; +# $X_HEADER_LINE = "$myproduct_name $myversion_id ($myversion_date) at $mydomain"; + +# a string to prepend to Subject (for local recipients only) if mail could +# not be decoded or checked entirely, e.g. due to password-protected archives +$undecipherable_subject_tag = '***UNCHECKED*** '; # undef disables it + +# MIME defanging wraps the entire original mail in a MIME container of type +# 'Content-type: multipart/mixed', where the first part is a text/plain with +# a short explanation, and the second part is a complete original mail, +# enclosed in a 'Content-type: message/rfc822' MIME part. +# Defanging is only done when enabled (selectively by malware type), +# and mail is considered malware (virus/spam/...), and the malware is allowed +# to pass (*_lovers or *_destiny=D_PASS) +# +$defang_virus = 1; # default is false: don't modify mail body +$defang_banned = 1; # default is false: don't modify mail body +# $defang_bad_header = 1; # default is false: don't modify mail body +# $defang_undecipherable = 1; # default is false: don't modify mail body +# $defang_spam = 1; # default is false: don't modify mail body + +# NOTE: setting the following variables to true may break mail signatures +# (DKIM and DomainKeys) when verification is done after content filtering: +# $remove_existing_x_scanned_headers, $remove_existing_x_scanned_headers, +# and $allow_fixing_improper_header_folding (and defanging, described +# elsewhere). This is rarely an issue, as mail signing should be done +# after content filtering, and mail verification should preferably be done +# before filtering or by SpamAssassin called from within amavisd, which +# sees still-unmodified mail. +# +$remove_existing_x_scanned_headers = 0; # leave existing X-Virus-Scanned alone + # (defaults to false) +#$remove_existing_x_scanned_headers= 1; # remove existing X-Virus-Scanned +#$remove_existing_spam_headers = 0; # leave existing X-Spam* headers alone +$remove_existing_spam_headers = 1; # remove existing spam headers if + # spam scanning is enabled (default) +#$allow_fixing_improper_header_folding = 1; # (default is true) + +# set $bypass_decode_parts to true if you only do spam scanning, or if you +# have a good virus scanner that can deal with compression and recursively +# unpacking archives by itself, and save amavisd the trouble. +# Disabling decoding also causes banned_files checking NOT to see MIME types +# and content classification types as provided by the file(1) utility. +# It is a double-edged sword, make sure you know what you are doing! +# +#$bypass_decode_parts = 1; # (defaults to false) + +# don't trust this file type or corresponding unpacker for this file type, +# keep both the original and the unpacked file for a virus checker to see +# (lookup key is what file(1) utility returned): +# +@keep_decoded_original_maps = (new_RE( +# qr'^MAIL$', # retain full original message for virus checking (can be slow) + qr'^MAIL-UNDECIPHERABLE$', # retain full mail if it contains undecipherables + qr'^(ASCII(?! cpio)|text|uuencoded|xxencoded|binhex)'i, +# qr'^Zip archive data', # don't trust Archive::Zip +)); + + +# Checking for banned MIME types and names. If any mail part matches, +# the whole mail is rejected. Object $banned_filename_re provides a list +# of Perl regular expressions to be matched against each part's: +# +# * Content-Type value (both declared and effective mime-type), +# such as the possible security-risk content types +# 'message/partial' and 'message/external-body', as specified in rfc2046 +# or 'application/x-msdownload' and 'application/x-msdos-program'; +# +# * declared (recommended) file names as specified by MIME subfields +# Content-Disposition.filename and Content-Type.name, both in their +# raw (encoded) form and in rfc2047-decoded form if applicable +# as well as (recommended) file names specified in archives; +# +# * file content type as guessed by 'file(1)' utility, mapped +# (by @map_full_type_to_short_type_maps) into short type names such as +# .asc, .txt, .html, .doc, .jpg, .pdf, .zip, .exe-ms, ..., which always +# starts with a dot. These short types are available unless +# $bypass_decode_parts is true. +# +# All nodes (mail parts) of the fully recursively decoded mail and embedded +# archives are checked, each node independently from remaining nodes. +# +# For each node all its ancestor nodes including itself are checked against +# $banned_filename_re lookup list, top-down. The search for a node stops +# at the first match, the right-hand side of the matching key determines +# the result (true or false, absent right-hand side implies true, as explained +# in README.lookups). +# +# Although repeatedly re-checking ancestor nodes may seem excessive, it gives +# the opportunity to specify rules which make a particular node hide its +# descendents, e.g. allow any name or file type within a .zip, even though +# .exe files may otherwise not be allowed. +# +# Leave $banned_filename_re undefined to disable these checks +# (giving an empty list to new_RE() will also always return false) + +# for $banned_namepath_re (a new-style of banned table) see amavisd.conf-sample + +$banned_filename_re = new_RE( + +### BLOCKED ANYWHERE +# qr'^UNDECIPHERABLE$', # is or contains any undecipherable components + qr'^\.(exe-ms|dll)$', # banned file(1) types, rudimentary +# qr'^\.(exe|lha|tnef|cab|dll)$', # banned file(1) types + +### BLOCK THE FOLLOWING, EXCEPT WITHIN UNIX ARCHIVES: +# [ qr'^\.(gz|bz2)$' => 0 ], # allow any in gzip or bzip2 + [ qr'^\.(rpm|cpio|tar)$' => 0 ], # allow any in Unix-type archives + + qr'.\.(pif|scr)$'i, # banned extensions - rudimentary +# qr'^\.zip$', # block zip type + +### BLOCK THE FOLLOWING, EXCEPT WITHIN ARCHIVES: +# [ qr'^\.(zip|rar|arc|arj|zoo)$'=> 0 ], # allow any within these archives + + qr'^application/x-msdownload$'i, # block these MIME types + qr'^application/x-msdos-program$'i, + qr'^application/hta$'i, + +# qr'^message/partial$'i, # rfc2046 MIME type +# qr'^message/external-body$'i, # rfc2046 MIME type + +# qr'^(application/x-msmetafile|image/x-wmf)$'i, # Windows Metafile MIME type +# qr'^\.wmf$', # Windows Metafile file(1) type + + # block certain double extensions in filenames + qr'\.[^./]*[A-Za-z][^./]*\.\s*(exe|vbs|pif|scr|bat|cmd|com|cpl|dll)[.\s]*$'i, + +# qr'\{[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12}\}?'i, # Class ID CLSID, strict +# qr'\{[0-9a-z]{4,}(-[0-9a-z]{4,}){0,7}\}?'i, # Class ID extension CLSID, loose + + qr'.\.(exe|vbs|pif|scr|cpl)$'i, # banned extension - basic +# qr'.\.(exe|vbs|pif|scr|cpl|bat|cmd|com)$'i, # banned extension - basic+cmd +# qr'.\.(ade|adp|app|bas|bat|chm|cmd|com|cpl|crt|emf|exe|fxp|grp|hlp|hta| +# inf|ins|isp|js|jse|lnk|mda|mdb|mde|mdw|mdt|mdz|msc|msi|msp|mst| +# ops|pcd|pif|prg|reg|scr|sct|shb|shs|vb|vbe|vbs| +# wmf|wsc|wsf|wsh)$'ix, # banned ext - long +# qr'.\.(ani|cur|ico)$'i, # banned cursors and icons filename +# qr'^\.ani$', # banned animated cursor file(1) type + +# qr'.\.(mim|b64|bhx|hqx|xxe|uu|uue)$'i, # banned extension - WinZip vulnerab. +); +# See http://support.microsoft.com/default.aspx?scid=kb;EN-US;q262631 +# and http://www.cknow.com/vtutor/vtextensions.htm + +# A little trick: a pattern qr'\.exe$' matches both a short type name '.exe', +# as well as any file name which happens to end with .exe. If only matching +# a file name is desired, but not the short type, a pattern qr'.\.exe$'i +# or similar may be used, which requires that at least one character precedes +# the '.exe', and so it will never match short file types which always start +# with a dot. + + +# the syntax of these Perl regular expressions is a bit awkward if not +# familiar with them, so please do follow examples and stick to the idioms: +# \A ... at the beginning of the first component +# \z ... at the end of the the last (leaf) component +# ^ ... at the beginning of each component in the path +# $ ... at the end of each component in the path +# (.*\t)? ... at the beginning of a field +# (\t.*)? ... at the end of a field +# \t(.*\t)* ... separating fields +# [^\t\n] ... any single character, but don't escape from this field +# (.*\n)+ ... one or more levels down +# (?#...) ... a comment within a regexp + +# new-style of banned lookup table +$banned_namepath_re = new_RE( + +### BLOCKED ANYWHERE + + qr'(?# BLOCK Microsoft EXECUTABLES and DLL ) + ^ (.*\t)? T=(exe-ms|dll) (\t.*)? $'xm, # banned file(1) types, rudimentary + +# qr'(?# BLOCK ANY EXECUTABLE ) +# ^ (.*\t)? T=exe (\t.*)? $'xm, # banned file(1) type + +# qr'(?# BLOCK THESE TYPES ) +# ^ (.*\t)? T=(exe|lha|tnef|cab|dll) (\t.*)? $'xm, # banned file(1) types + + +### BLOCK THE FOLLOWING, EXCEPT WITHIN UNIX ARCHIVES: + +# # within traditional gzip and bzip2 allow any name and type +# [ qr'(?#rule-3) ^ (.*\t)? T=(gz|bz2) (\t.*)? $'xmi => 0 ], # allow + + # within traditional Unix archives allow any name and type + [ qr'(?#rule-4) ^ (.*\t)? T=(tar|rpm|cpio) (\t.*)? $'xmi => 0 ], # allow + + # banned filename extensions (in declared names) anywhere - rudimentary + qr'(?# BLOCK COMMON NAME EXENSIONS ) + ^ (.*\t)? N= [^\t\n]* \. (pif|scr) (\t.*)? $'xmi, + +# # block anything within a zip +# qr'(?#rule-5) ^ (.*\t)? T=zip (\t.*)? (.*\n)+ .* $'xmi, + + +### BLOCK THE FOLLOWING, EXCEPT WITHIN ARCHIVES OR CRYPTED: + +# # within PC archives allow any types or names at any depth +# [ qr'(?#rule-7) ^ (.*\t)? T=(zip|rar|arc|arj|zoo) (\t.*)? $'xmi => 0 ], # ok + +# # within certain archives allow leaf members at any depth if crypted +# [ qr'(?# ALLOW ENCRYPTED ) +# ^ (.*\t)? T=(zip|rar|arj) (.*\n)+ (.*\t)? A=C (\t.*)? \z'xmi => 0 ], + +# # allow crypted leaf members regardless of their name or type +# [ qr'(?# ALLOW IF ENCRYPTED ) ^ (.*\t)? A=C (\t.*)? \z'xmi => 0 ], + + # block these MIME types + qr'(?#NO X-MSDOWNLOAD) ^(.*\t)? M=application/x-msdownload (\t.*)? $'xmi, + qr'(?#NO X-MSDOS-PROGRAM)^(.*\t)? M=application/x-msdos-program(\t.*)? $'xmi, + qr'(?#NO HTA) ^(.*\t)? M=application/hta (\t.*)? $'xmi, + +# # block rfc2046 MIME types +# qr'(?# BLOCK RFC2046 ) ^ (.*\t)? M=message/partial (\t.*)? $'xmi, +# qr'(?# BLOCK RFC2046 ) ^ (.*\t)? M=message/external-body (\t.*)? $'xmi, + +# qr'(?#No Metafile MIME) ^(.*\t)? M=application/x-msmetafile (\t.*)? $'xmi, +# qr'(?#No Metafile MIME) ^(.*\t)? M=image/x-wmf (\t.*)? $'xmi, +# qr'(?#No Metafile file) ^(.*\t)? T=wmf (\t.*)? $'xm, +# qr'(?#No animated cursors) ^(.*\t)? T=ani (\t.*)? $'xm, + + # block certain double extensions in filenames + qr'(?# BLOCK DOUBLE-EXTENSIONS ) + ^ (.*\t)? N= [^\t\n]* \. [^./\t\n]* [A-Za-z] [^./\t\n]* \. \ * + (exe|vbs|pif|scr|bat|cmd|com|cpl|dll) [. ]* (\t.*)? $'xmi, + + [ qr'(?# BLOCK EMPTY MIME PART APPLICATION/OCTET-STREAM ) + ^ (.*\t)? M=application/(octet-stream|x-msdownload|x-msdos-program) + \t(.*\t)* T=empty (\t.*)? $'xmi + => 'DISCARD' ], + +# [ qr'(?# BLOCK EMPTY MIME PARTS ) +# ^ (.*\t)? M= [^\t\n]+ \t(.*\t)* T=empty (\t.*)? $'xmi => 'DISCARD' ], + +# # block Class ID (CLSID) extensions in filenames, strict +# qr'(?# BLOCK CLSID-EXTENSIONS ) +# ^ (.*\t)? N= [^\t\n]* \{[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12}\}? +# [^\t\n]* (\t.*)? $'xmi, + +# # banned suggested names with three or more consecutive spaces +# qr'(?# BLOCK NAMES WITH SPACES ) +# ^ (.*\t)? N= [^\t\n]* [ ]{3,} 'xmi, + +# # block if any component can not be decoded (is encrypted or bad archive) +# qr'(?# BLOCK IF UNDECIPHERABLE ) ^ (.*\t)? A=U (\t.*)? \z'xmi, + +# [ qr'(?# SPECIAL ALLOWANCES - MAGIC NAMES) +# \A (.*\t)? T=(rpm|cpio|tar|zip|rar|arc|arj|zoo|Z|gz|bz2) +# \t(.*\t)* N=example\d+[^\t\n]* +# (\t.*)? $'xmi => 0 ], + + # banned filename extensions (in suggested names) anywhere - basic + qr'(?# BLOCK COMMON NAME EXENSIONS ) + ^ (.*\t)? N= [^\t\n]* \. (exe|vbs|pif|scr|cpl) (\t.*)? $'xmi, + +# # banned filename extensions (in suggested names) anywhere - basic+cmd +# qr'(?# BLOCK COMMON NAME EXENSIONS ) +# ^ (.*\t)? N= [^\t\n]* \. (exe|vbs|pif|scr|cpl|bat|cmd|com) (\t.*)? $'xmi, + +# # banned filename extensions (in suggested names) anywhere - long +# qr'(?# BLOCK MORE NAME EXTENSIONS ) +# ^ (.*\t)? N= [^\t\n]* \. ( +# ade|adp|app|bas|bat|chm|cmd|com|cpl|crt|emf|exe|fxp|grp|hlp|hta| +# inf|ins|isp|js|jse|lnk|mda|mdb|mde|mdw|mdt|mdz|msc|msi|msp|mst| +# ops|pcd|pif|prg|reg|scr|sct|shb|shs|vb|vbe|vbs| +# wmf|wsc|wsf|wsh) (\t.*)? $'xmi, + +# qr'(?# BLOCK CURSOR AND ICON NAME EXENSIONS ) +# ^ (.*\t)? N= [^\t\n]* \. (ani|cur|ico) (\t.*)? $'xmi, + +# # banned filename extensions anywhere - WinZip vulnerability (pre-V9) +# qr'(?# BLOCK WinZip VULNERABILITY EXENSIONS ) +# ^ (.*\t)? N= [^\t\n]* \. (mim|b64|bhx|hqx|xxe|uu|uue) (\t.*)? $'xmi, + +); + +# use old or new style of banned lookup table; not both to avoid confusion +# +# @banned_filename_maps = (); # to disable old-style + $banned_namepath_re = undef; # to disable new-style + + +%banned_rules = ( + 'MYNETS-DEFAULT' => new_RE( # permissive set of rules for internal hosts + [ qr'^\.(rpm|cpio|tar)$' => 0 ], # allow any name/type in Unix archives + qr'.\.(vbs|pif|scr)$'i, # banned extension - rudimentary + ), + 'DEFAULT' => $banned_filename_re, +); + + +# +# Section V - Per-recipient and per-sender handling, whitelisting, etc. +# + +# @virus_lovers_maps list of lookup tables: +# (this should be considered a policy option, is does not disable checks, +# see bypass*checks for that!) +# +# Exclude certain RECIPIENTS from virus filtering by adding their (lower-cased) +# envelope e-mail address (or domain only) to one of the lookup tables in +# the @virus_lovers_maps list - see README.lookups and examples. +# Make sure the appropriate form (e.g. external/internal) of address +# is used in case of virtual domains, or when mapping external to internal +# addresses, etc. - this is MTA-specific. +# +# Notifications would still be generated however (see the overall +# picture above), and infected mail (if passed) gets additional header: +# X-AMaViS-Alert: INFECTED, message contains virus: ... +# (header not inserted with Courier or milter interface!) +# +# Setting $final_*_destiny=D_PASS is functionally equivalent to having +# all recipients match the @*_lovers_maps. +# +# NOTE (milter interface only): in case of multiple recipients, +# it is only possible to drop or accept the message in its entirety - for all +# recipients. If all of them are virus lovers, we'll accept mail, but if +# at least one recipient is not a virus lover, we'll discard the message. + + +# @bypass_virus_checks_maps list of lookup tables: +# (this is mainly a time-saving option, unlike virus_lovers* !) +# +# Similar in concept to @virus_lovers_maps, a @bypass_virus_checks_maps +# is used to skip entirely the decoding, unpacking and virus checking, +# but only if ALL recipients match the lookup. +# +# @bypass_virus_checks_maps does NOT GUARANTEE the message will NOT be checked +# for viruses - this may still happen when there is more than one recipient +# for a message and not all of them match these lookup tables, or when +# check result was cached (i.e. the same contents was recently sent to other +# recipients). To guarantee virus delivery, a recipient must also match +# @virus_lovers_maps lookups (but see milter limitations above), +# +# The following table summarizes the possible combinations: +# bypass lover +# 0 0 useful, check for malware and block it +# 0 1 useful, check but deliver nevertheless, possibly tagged +# 1 0 not too useful, free riding on cached or other-people's checks +# 1 1 useful, no checks if possible, and no effects + +# NOTE: it would not be clever to base enabling of virus checks on SENDER +# address, since there are no guarantees that it is genuine. Many viruses +# and spam messages fake sender address. To achieve selective filtering +# based on the source of the mail (e.g. IP address, MTA port number, ...), +# use mechanisms provided by MTA if available, possibly combined with policy +# banks feature. + +# Similar to lists of lookup tables controlling virus checking, there are +# counterparts for spam scanning, banned names/types, and headers_checks +# control: +# @spam_lovers_maps, +# @banned_files_lovers_maps, +# @bad_header_lovers_maps +# and: +# @bypass_spam_checks_maps, +# @bypass_banned_checks_maps, +# @bypass_header_checks_maps + +# Example: +# @bypass_header_checks_maps = ( [qw( user@example.com )] ); +# @bad_header_lovers_maps = ( [qw( user@example.com )] ); + +# The following example disables spam checking altogether, +# since it matches any recipient e-mail address. +# @bypass_spam_checks_maps = (1); + + +# See README.lookups for further detail, and examples below. + +# In the following example a list of lookup tables @virus_lovers_maps +# contains three elements, the first is a reference to an ACL lookup table +# (brackets in Perl indicate a ref to a list), the second is a reference +# to a hash lookup table (curly braces in Perl indicate a ref to a hash), +# the third is a regexp lookup table, indicated by the type of object +# created by new_RE() : +# +#@virus_lovers_maps = ( +# [ qw( me@lab.xxx.com !lab.xxx.com .xxx.com yyy.org ) ], +# { "postmaster\@$mydomain" => 1, # double quotes permit variable evaluation +# 'postmaster@example.com'=> 1, # in single quotes the '@' need not be quoted +# 'abuse@example.com'=> 1, +# 'some.user@' => 1, # this recipient, regardless of domain +# 'boss@example.com' => 0, # never, even if domain matches +# 'example.com' => 1, # this domain, but not its subdomains +# '.example.com' => 1, # this domain, including its subdomains +# }, +# new_RE( qr'^(helpdesk|postmaster)@example\.com$'i ), +#); + +#@spam_lovers_maps = ( +# ["postmaster\@$mydomain", 'postmaster@example.com', 'abuse@example.com'], +#); + +#@bad_header_lovers_maps = ( +# ["postmaster\@", "abuse\@$mydomain"], +#); + + +# as an alternative to fiddling with @_lovers_maps and similar _maps, here +# is an illustration of using a more general *_by_ccat associative array, +# introduced with 2.4.0, like %lovers_maps_by_ccat in this example: +# +#$lovers_maps_by_ccat{+CC_SPAM} = [ +# read_hash("$MYHOME/etc/spam_lovers.txt"), +# [qw(postmaster@example.com abuse@example.com)], +#]; +# +#$lovers_maps_by_ccat{+CC_BANNED} = [ +# { map {lc $_ => 1} # construct a hash lookup table from a list +# qw(user1@example.com user2.example.com) +# }, +#]; + + +# to save some typing of quotes and commas, a Perl operator qw can be used +# to split its argument on whitespace and to quote resulting elements: +#@bypass_spam_checks_maps = ( +# [ qw( some.ddd !butnot.example.com .example.com ) ], +#); + + +# don't run spam check for these RECIPIENT domains: +# @bypass_spam_checks_maps = ( [qw( d1.com .d2.com a.d3.com )] ); +# or the other way around (bypass check for all BUT these): +# @bypass_spam_checks_maps = ( [qw( !d1.com !.d2.com !a.d3.com . )] ); +# a practical application: don't check outgoing mail for spam: +# @bypass_spam_checks_maps = ( [ "!.$mydomain", "." ] ); +# or calculated (negated) from the %local_domains: +# @bypass_spam_checks_maps = +# ( {map {$_ => !$local_domains{$_}} keys %local_domains}, 1); +# (a downside of which is that such mail will not count as ham in SA bayes db) +# +# Note that 'outgoing' is not the same as 'originating from inside'. We refer +# to 'outgoing' here as 'mail addressed to recipients outside our domain(s)'. +# The internal-to-internal mail is not outgoing, but is still originating from +# inside. To base rules on 'originating from inside', the use of a policy bank +# with 'originating => 1' is needed (such as MYNETS), in conjunction with +# XFORWARD Postfix extension to SMTP. + +# Where to find SQL server(s) and database to support SQL lookups? +# A list of triples: (dsn,user,passw). (dsn = data source name) +# More than one entry may be specified for multiple (backup) SQL servers. +# See 'man DBI', 'man DBD::mysql', 'man DBD::Pg', ... for details. +# When chroot-ed, accessing SQL server over inet socket may be more convenient. +# +# @lookup_sql_dsn = +# ( ['DBI:mysql:database=mail;host=127.0.0.1;port=3306', 'user1', 'passwd1'], +# ['DBI:mysql:database=mail;host=host2', 'username2', 'password2'], +# ["DBI:SQLite:dbname=$MYHOME/sql/mail_prefs.sqlite", '', ''] ); +# @storage_sql_dsn = @lookup_sql_dsn; # none, same, or separate database +# +# ('mail' in the example is the database name, choose what you like) +# With PostgreSQL the dsn (first element of the triple) may look like: +# 'DBI:Pg:dbname=mail;host=host1' + +# The SQL select clause to fetch per-recipient policy settings. +# The %k will be replaced by a comma-separated list of query addresses +# (e.g. full address, domain only (stripped level by level), and a catchall). +# Use ORDER if there is a chance that multiple records will match - the first +# match wins. If field names are not unique (e.g. 'id'), the later field +# overwrites the earlier in a hash returned by lookup, which is why we use +# '*,users.id' instead of just '*'. No need to uncomment the following +# assignment if the default is ok. +# $sql_select_policy = 'SELECT *,users.id FROM users,policy'. +# ' WHERE (users.policy_id=policy.id) AND (users.email IN (%k))'. +# ' ORDER BY users.priority DESC'; +# +# The SQL select clause to check sender in per-recipient whitelist/blacklist +# The first SELECT argument '?' will be users.id from recipient SQL lookup, +# the %k will be sender addresses (e.g. full address, domain only, catchall). +# The default value is: +# $sql_select_white_black_list = 'SELECT wb FROM wblist,mailaddr'. +# ' WHERE (wblist.rid=?) AND (wblist.sid=mailaddr.id)'. +# ' AND (mailaddr.email IN (%k))'. +# ' ORDER BY mailaddr.priority DESC'; +# +# To disable SQL white/black list, set to undef (otherwise comment-out +# the following statement, leaving it at the default value): +$sql_select_white_black_list = undef; # undef disables SQL white/blacklisting + +# Controls the format of timestamps in the field msgs.time_iso: +# $timestamp_fmt_mysql = 1; # if using MySQL *and* msgs.time_iso is TIMESTAMP; +# defaults to 0, which is good for non-MySQL or if msgs.time_iso is CHAR(16) + +# Does a database mail address field with no '@' character represent a +# local username or a domain name? By default it implies a username in +# SQL and LDAP lookups (but represents a domain in hash and acl lookups), +# so domain names in SQL and LDAP should be specified as '@domain'. +# Setting these to true will cause 'xxx' to be interpreted as a domain +# name, just like in hash or acl lookups. +# +# $sql_lookups_no_at_means_domain = 0; # default is 0 +# $ldap_lookups_no_at_means_domain = 0; # default is 0 + +# Here is an example of a SELECT clause that fabricates an artificial 'users' +# table from actual table 'postfix_domains' containing a field 'domain_name'. +# The effect is that domains listed in the 'postfix_domains' table will be +# treated as local by amavisd, and be given settings from a policy id 99 +# if such a policy id exists, or just fall back to static lookups. +# The user.id (with a value 1) is there only to provide a user id (same id +# for all listed domains) when global SQL-based white/blacklisting is used. +# +# $sql_lookups_no_at_means_domain = 1; +# $sql_select_policy = +# 'SELECT *, user.id'. +# ' FROM (SELECT 1 as id, 99 as policy_id, "Y" AS local'. +# ' FROM postfix_domains WHERE domain_name IN (%k)) AS user'. +# ' LEFT JOIN policy ON policy_id=policy.id'; + +# If passing malware to certain recipients ($final_*_destiny=D_PASS or +# *_lovers), the recipient-based lookup tables @addr_extension_*_maps may +# return a string, which (if nonempty) will be added as an address extension +# to the local-part of the recipient's address. This extension may be used +# by the final local delivery agent (LDA) to place such mail into different +# subfolders (the extension is usually interpreted as a folder name). +# This is sometimes known as the 'plus addressing'. Appending address +# extensions is prevented when: +# - recipient does not match lookup tables @local_domains_maps; +# - lookup into corresponding @addr_extension_*_maps results +# in an empty string or undef; +# - $recipient_delimiter is empty (see below) +# LDAs usually default to stripping away address extension if no special +# handling is specified or if a named subfolder or alias does not exist, +# so adding address extensions normally does no harm. + +# @addr_extension_virus_maps = ('virus'); # defaults to empty +# @addr_extension_spam_maps = ('spam'); # defaults to empty +# @addr_extension_banned_maps = ('banned'); # defaults to empty +# @addr_extension_bad_header_maps = ('badh'); # defaults to empty +# +# A more complex example: +# @addr_extension_virus_maps = ( +# {'sub.example.com'=>'infected', '.example.com'=>'filtered'}, 'virus' ); + +# Delimiter between local part of the envelope recipient address and address +# extension (which can optionally be added, see @addr_extension_*_maps. E.g. +# recipient address is changed to . +# +# Delimiter must match the equivalent (final) MTA delimiter setting. +# (e.g. for Postfix add 'recipient_delimiter = +' to main.cf) +# Setting it to an empty string or to undef disables adding extensions +# regardless of $addr_extension_*_maps. + +# $recipient_delimiter = '+'; # (default is undef, i.e. disabled) + +# true: replace extension; false: append extension +# $replace_existing_extension = 1; # (default is true) + +# Affects matching of localpart of e-mail addresses (left of '@') +# in lookups: true = case sensitive, false = case insensitive +$localpart_is_case_sensitive = 0; # (default is false) + + +# ENVELOPE SENDER SOFT-WHITELISTING / SOFT-BLACKLISTING + +# Instead of hard black- or whitelisting, a softer approach is to add +# score points (penalties) to the SA score for mail from certain senders. +# Positive points lean towards blacklisting, negative towards whitelisting. +# This is much like adding SA rules or using its white/blacklisting, except +# that here only envelope sender addresses are considered (not addresses +# in a mail header), and that score points can be assigned per-recipient +# (or globally), and the assigned penalties are customarily much lower +# than the default SA white/blacklisting score. +# +# The table structure is similar to $per_recip_blacklist_sender_lookup_tables +# i.e. the first level key is recipient, pointing to by-sender lookup tables. +# The essential difference is that scores from _all_ matching by-recipient +# lookups (not just the first that matches) are summed to give the final +# score boost. That means that both the site and domain administrators, +# as well as the recipient can have a say on the final score. +# +# NOTE: keep hash keys in lowercase, either manually or by using function lc + +@score_sender_maps = ({ # a by-recipient hash lookup table + +# # per-recipient personal tables (NOTE: positive: black, negative: white) +# 'user1@example.com' => [{'bla-mobile.press@example.com' => 10.0}], +# 'user3@example.com' => [{'.ebay.com' => -3.0}], +# 'user4@example.com' => [{'cleargreen@cleargreen.com' => -7.0, +# '.cleargreen.com' => -5.0}], + + # site-wide opinions about senders (the '.' matches any recipient) + '.' => [ # the _first_ matching sender determines the score boost + + new_RE( # regexp-type lookup table, just happens to be all soft-blacklist + [qr'^(bulkmail|offers|cheapbenefits|earnmoney|foryou)@'i => 5.0], + [qr'^(greatcasino|investments|lose_weight_today|market\.alert)@'i=> 5.0], + [qr'^(money2you|MyGreenCard|new\.tld\.registry|opt-out|opt-in)@'i=> 5.0], + [qr'^(optin|saveonlsmoking2002k|specialoffer|specialoffers)@'i => 5.0], + [qr'^(stockalert|stopsnoring|wantsome|workathome|yesitsfree)@'i => 5.0], + [qr'^(your_friend|greatoffers)@'i => 5.0], + [qr'^(inkjetplanet|marketopt|MakeMoney)\d*@'i => 5.0], + [ qr'@strato(?:-rz)\.de$'i => -5.0 ], + [ qr'^Doris\.Hennig@BA-MH\.Verwalt-Berlin\.de$'i => -5.0 ], + [ qr'^doris@hennig-berlin\.org$'i => -5.0 ], + ), + +# read_hash("/var/amavis/sender_scores_sitewide"), + + { # a hash-type lookup table (associative array) + 'nobody@cert.org' => -3.0, + 'cert-advisory@us-cert.gov' => -3.0, + 'owner-alert@iss.net' => -3.0, + 'slashdot@slashdot.org' => -3.0, + 'securityfocus.com' => -3.0, + 'ntbugtraq@listserv.ntbugtraq.com' => -3.0, + 'security-alerts@linuxsecurity.com' => -3.0, + 'mailman-announce-admin@python.org' => -3.0, + 'amavis-user-admin@lists.sourceforge.net'=> -3.0, + 'amavis-user-bounces@lists.sourceforge.net' => -3.0, + 'spamassassin.apache.org' => -3.0, + 'notification-return@lists.sophos.com' => -3.0, + 'owner-postfix-users@postfix.org' => -3.0, + 'owner-postfix-announce@postfix.org' => -3.0, + 'owner-sendmail-announce@lists.sendmail.org' => -3.0, + 'sendmail-announce-request@lists.sendmail.org' => -3.0, + 'donotreply@sendmail.org' => -3.0, + 'ca+envelope@sendmail.org' => -3.0, + 'noreply@freshmeat.net' => -3.0, + 'owner-technews@postel.acm.org' => -3.0, + 'ietf-123-owner@loki.ietf.org' => -3.0, + 'cvs-commits-list-admin@gnome.org' => -3.0, + 'rt-users-admin@lists.fsck.com' => -3.0, + 'clp-request@comp.nus.edu.sg' => -3.0, + 'surveys-errors@lists.nua.ie' => -3.0, + 'emailnews@genomeweb.com' => -5.0, + 'yahoo-dev-null@yahoo-inc.com' => -3.0, + 'returns.groups.yahoo.com' => -3.0, + 'clusternews@linuxnetworx.com' => -3.0, + lc('lvs-users-admin@LinuxVirtualServer.org') => -3.0, + lc('owner-textbreakingnews@CNNIMAIL12.CNN.COM') => -5.0, + 'niels@google.com' => -3.0, + 'kameu@gmx.de' => -3.0, + + # soft-blacklisting (positive score) + 'sender@example.net' => 3.0, + '.example.net' => 1.0, + + }, + ], # end of site-wide tables +}); + + +# ENVELOPE SENDER WHITELISTING / BLACKLISTING - GLOBAL (RECIPIENT-INDEPENDENT) +# (affects spam checking only, has no effect on virus and other checks) + +# WHITELISTING: use ENVELOPE SENDER lookups to ENSURE DELIVERY from whitelisted +# senders even if the message would be recognized as spam. Effectively, for +# the specified senders, message recipients temporarily become 'spam_lovers'. +# To avoid surprises, whitelisted sender also suppresses inserting/editing +# the tag2-level header fields (X-Spam-*, Subject), appending spam address +# extension, and quarantining. +# +# BLACKLISTING: messages from specified SENDERS are DECLARED SPAM. +# Effectively, for messages from blacklisted envelope sender addresses, spam +# level is artificially pushed high, and the normal spam processing applies, +# resulting in 'X-Spam-Flag: YES', high 'X-Spam-Level' bar and other usual +# reactions to spam, including possible rejection. If the message nevertheless +# still passes (e.g. for spam loving recipients), it is tagged as BLACKLISTED +# in the 'X-Spam-Status' header field, but the reported spam value and +# set of tests in this report header field (if available from SpamAssassin, +# which may or may not have been called) is not adjusted. +# +# A sender may be both white- and blacklisted at the same time, settings +# are independent. For example, being both white- and blacklisted, message +# is delivered to recipients, but is not tagged as spam (X-Spam-Flag: No; +# X-Spam-Status: No, ...), but the reported spam level (if computed) may +# still indicate high spam score. +# +# If ALL recipients of the message either white- or blacklist the sender, +# spam scanning (calling the SpamAssassin) is bypassed, saving on time. +# +# The following variables (lists of lookup tables) are available, +# with the semantics and syntax as specified in README.lookups: +# @whitelist_sender_maps, @blacklist_sender_maps + +# SOME EXAMPLES: +# +#ACL: +# @whitelist_sender_maps = ( ['.example.org', '.example.net'] ); +# @whitelist_sender_maps = ( [qw(.example.org .example.net)] ); # same thing +# +# @whitelist_sender_maps = ( [".$mydomain"] ); # $mydomain and its subdomains +# NOTE: This is not a reliable way of turning off spam checks for +# locally-originating mail, as sender address can easily be faked. +# To reliably avoid spam-scanning outgoing mail, use @bypass_spam_checks_maps +# for nonlocal recipients. To reliably avoid spam scanning for locally +# originating mail (including internal-to-internal mail), recognized by +# the original SMTP client IP address matching @mynetworks, use policy bank +# MYNETS, adjust @mynetworks, and turn on XFORWARD in the Postfix smtp client +# service feeding amavisd. + +#with regexps: +# @whitelist_sender_maps = ( new_RE( +# qr'^postmaster@.*\bexample\.com$'i, +# qr'^owner-[^@]*@'i, qr'-request@'i, +# qr'\.example\.com$'i +# )); + + +# illustrates the use of regexp lookup table: + +@blacklist_sender_maps = ( new_RE( + qr'^(bulkmail|offers|cheapbenefits|earnmoney|foryou|greatcasino)@'i, + qr'^(investments|lose_weight_today|market\.alert|money2you|MyGreenCard)@'i, + qr'^(new\.tld\.registry|opt-out|opt-in|optin|saveonlsmoking2002k)@'i, + qr'^(specialoffer|specialoffers|stockalert|stopsnoring|wantsome)@'i, + qr'^(workathome|yesitsfree|your_friend|greatoffers)@'i, + qr'^(inkjetplanet|marketopt|MakeMoney)\d*@'i, +)); + + +# NOTE: whitelisting is becoming deprecated because sender address is +# all too often faked; use @score_sender_maps for soft-whitelisting! +# +# Illustrates the use of several lookup tables: +# +# @whitelist_sender_maps = ( +# +# # read_hash("$MYHOME/whitelist_sender"), # a hash table read from a file +# +# # and another hash lookup table constructed in-line, with keys lowercased: +# { map {lc $_ => 1} qw( +# nobody@cert.org +# cert-advisory@us-cert.gov +# owner-alert@iss.net +# slashdot@slashdot.org +# bugtraq@securityfocus.com +# NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM +# security-alerts@linuxsecurity.com +# amavis-user-admin@lists.sourceforge.net +# amavis-user-bounces@lists.sourceforge.net +# notification-return@lists.sophos.com +# mailman-announce-admin@python.org +# owner-postfix-users@postfix.org +# owner-postfix-announce@postfix.org +# owner-sendmail-announce@lists.sendmail.org +# sendmail-announce-request@lists.sendmail.org +# owner-technews@postel.ACM.ORG +# lvs-users-admin@LinuxVirtualServer.org +# ietf-123-owner@loki.ietf.org +# cvs-commits-list-admin@gnome.org +# rt-users-admin@lists.fsck.com +# clp-request@comp.nus.edu.sg +# surveys-errors@lists.nua.ie +# emailNews@genomeweb.com +# owner-textbreakingnews@CNNIMAIL12.CNN.COM +# yahoo-dev-null@yahoo-inc.com +# returns.groups.yahoo.com +# )}, +# +# # { '' => 1 }, # and another one, containing just an empty reverse path (DSN) +# +# ); + + +# ENVELOPE SENDER WHITELISTING / BLACKLISTING - PER-RECIPIENT + +# The same semantics as for global white/blacklisting applies, but this +# time each recipient (or its domain, or subdomain, ...) can be given +# an individual lookup table for matching senders. The per-recipient lookups +# take precedence over the global lookups, which serve as a fallback default. + +# Specify a two-level lookup table: the key for the outer table is recipient, +# and the result should be an inner lookup table (hash or ACL or RE), +# where the key used will be the sender. (Note that this structure is flatter +# than @score_sender_maps, where the first level result is a ref to a _list_ +# of inner lookup tables, not a ref to a single lookup table.) +# +#$per_recip_blacklist_sender_lookup_tables = { +# 'user1@my.example.com'=>new_RE(qr'^(inkjetplanet|marketopt|MakeMoney)\d*@'i), +# 'user2@my.example.com'=>[qw( spammer@d1.example,org .d2.example,org )], +#}; +#$per_recip_whitelist_sender_lookup_tables = { +# 'user@my.example.com' => [qw( friend@example.org .other.example.org )], +# '.my1.example.com' => [qw( !foe.other.example,org .other.example,org )], +# '.my2.example.com' => read_hash("$MYHOME/my2-wl.dat"), +# 'abuse@' => { 'postmaster@'=>1, +# 'cert-advisory-owner@cert.org'=>1, 'owner-alert@iss.net'=>1 }, +#}; + + +# +# Section VI - Resource limits +# + +# Sanity limit to the number of allowed recipients per SMTP transaction +# $smtpd_recipient_limit = 1100; # (default is 1100) + +# Resource limits to protect unpackers, decompressors and virus scanners +# against mail bombs (e.g. 42.zip) + + +# Maximum recursion level for extraction/decoding (0 or undef disables limit) +$MAXLEVELS = 14; # (default is undef, no limit) + +# Maximum number of extracted files (0 or undef disables the limit) +$MAXFILES = 1500; # (default is undef, no limit) + +# For the cumulative total of all decoded mail parts we set max storage size +# to defend against mail bombs. Even though parts may be deleted (replaced +# by decoded text) during decoding, the size they occupied is _not_ returned +# to the quota pool. +# +# Parameters to storage quota formula for unpacking/decoding/decompressing +# Formula: +# quota = max($MIN_EXPANSION_QUOTA, +# $mail_size*$MIN_EXPANSION_FACTOR, +# min($MAX_EXPANSION_QUOTA, $mail_size*$MAX_EXPANSION_FACTOR)) +# In plain words (later condition overrules previous ones): +# allow MAX_EXPANSION_FACTOR times initial mail size, +# but not more than MAX_EXPANSION_QUOTA, +# but not less than MIN_EXPANSION_FACTOR times initial mail size, +# but never less than MIN_EXPANSION_QUOTA +# +$MIN_EXPANSION_QUOTA = 100*1024; # bytes (default undef, not enforced) +$MAX_EXPANSION_QUOTA = 300*1024*1024; # bytes (default undef, not enforced) +$MIN_EXPANSION_FACTOR = 5; # times original mail size (default is 5) +$MAX_EXPANSION_FACTOR = 500; # times original mail size (default is 500) + +# expiration time of cached results: time to live in seconds +# (how long the result of a virus/spam test remains valid) +$virus_check_negative_ttl= 3*60; # time to remember that mail was not infected +$virus_check_positive_ttl= 30*60; # time to remember that mail was infected +$spam_check_negative_ttl = 10*60; # time to remember that mail was not spam +$spam_check_positive_ttl = 30*60; # time to remember that mail was spam +# +# NOTE: +# Cache size will be determined by the largest of the $*_ttl values. +# Depending on the mail rate, the cache database may grow quite large. +# Reasonable compromise for the max value is 15 minutes to 2 hours. + +# +# Section VII - External programs, virus scanners +# + +# Specify a path string, which is a colon-separated string of directories +# (no trailing slashes!) to be assigned to the environment variable PATH +# and to serve for locating external programs below. + +# NOTE: if $daemon_chroot_dir is nonempty, the directories will be +# relative to the chroot directory specified; + +$path = '/usr/local/sbin:/usr/local/bin:/usr/sbin:/sbin:/usr/bin:/bin:/opt/bin'; + +# For external programs specify one string or a search list of strings (first +# match wins). The string (or: each string in a list) may be an absolute path, +# or just a program name, to be located via $path; +# Empty string or undef (=default) disables the use of that external program. +# Optionally command arguments may be specified - only the first substring +# up to the whitespace is used for file searching. + +$file = 'file'; # file(1) utility; use 3.41 or later to avoid vulnerability +$dspam = 'dspam'; + +# A list of pairs or n-tuples: [short-type, code_ref, optional-args...]. +# Maps short types to a decoding routine, the first match wins. +# Arguments beyond the first two can be program path string (or a listref of +# paths to be searched) or a reference to a variable containing such a path, +# which allows for lazy evaluation, making possible to assign values to +# legacy configuration variables even after the assignment to @decoders. +# +@decoders = ( + ['mail', \&do_mime_decode], + ['asc', \&do_ascii], + ['uue', \&do_ascii], + ['hqx', \&do_ascii], + ['ync', \&do_ascii], + ['F', \&do_uncompress, ['unfreeze','freeze -d','melt','fcat'] ], + ['Z', \&do_uncompress, ['uncompress','gzip -d','zcat'] ], + ['gz', \&do_uncompress, 'gzip -d'], + ['gz', \&do_gunzip], + ['bz2', \&do_uncompress, 'bzip2 -d'], + ['lzo', \&do_uncompress, 'lzop -d'], + ['rpm', \&do_uncompress, ['rpm2cpio.pl','rpm2cpio'] ], + ['cpio', \&do_pax_cpio, ['pax','gcpio','cpio'] ], + ['tar', \&do_pax_cpio, ['pax','gcpio','cpio'] ], + ['deb', \&do_ar, 'ar'], +# ['a', \&do_ar, 'ar'], # unpacking .a seems an overkill + ['zip', \&do_unzip], + ['7z', \&do_7zip, ['7zr','7za','7z'] ], + ['rar', \&do_unrar, ['rar','unrar'] ], + ['arj', \&do_unarj, ['arj','unarj'] ], + ['arc', \&do_arc, ['nomarch','arc'] ], + ['zoo', \&do_zoo, ['zoo','unzoo'] ], + ['lha', \&do_lha, 'lha'], +# ['doc', \&do_ole, 'ripole'], + ['cab', \&do_cabextract, 'cabextract'], + ['tnef', \&do_tnef_ext, 'tnef'], + ['tnef', \&do_tnef], +# ['sit', \&do_unstuff, 'unstuff'], # broken/unsafe decoder + ['exe', \&do_executable, ['rar','unrar'], 'lha', ['arj','unarj'] ], +); + + +# SpamAssassin settings + +# $sa_local_tests_only is passed to Mail::SpamAssassin::new as a value +# of the option local_tests_only. See Mail::SpamAssassin man page. +# If set to 1, no SA tests that require internet access will be performed. +# +$sa_local_tests_only = 0; # only tests which do not require internet access? +#$sa_auto_whitelist = 1; # turn on AWL in SA 2.63 or older (irrelevant + # for SA 3.0, its cf option is use_auto_whitelist) + +$sa_mail_body_size_limit = 400*1024; # don't waste time on SA if mail is larger + # (less than 1% of spam is > 64k) + # default: undef, no limitations + +# default values, customarily used in the @spam_*_level_maps as the last entry +$sa_tag_level_deflt = 2.0; # add spam info headers if at, or above that level; + # undef is interpreted as lower than any spam level +$sa_tag2_level_deflt = 6.31;# add 'spam detected' headers at that level to + # passed mail, adding address extensions; +$sa_kill_level_deflt = $sa_tag2_level_deflt; # triggers spam evasive actions + # at or above that level: bounce/reject/drop, + # quarantine +$sa_dsn_cutoff_level = 9; # spam level beyond which a DSN is not sent, + # effectively turning D_BOUNCE into D_DISCARD; + # undef disables this feature and is a default; +# see also $sa_quarantine_cutoff_level above, which only controls quarantining + +# $penpals_bonus_score = 5; # (positive) score by which spam score is lowered + # when sender is known to have previously received mail from our + # local user from this mail system; zero or undef disables penpals + # lookups in SQL; default: undef +# $penpals_halflife = 10*24*60*60; #exponential decay time constant in seconds; + # penpal bonus is halved for each halflife period from the last mail + # sent by a local user to a current mail's sender; default: 7 days +# $penpals_threshold_low = 1.0; # no need for pen pals lookup on low spam score +# $penpals_threshold_high = $sa_kill_level_deflt; # don't waste time on hi spam + +# $bounce_killer_score = 100; # spam score points to add for joe-jobbed bounces + # bounce killer needs operational SQL logging (pen pals) ! + +# advanced example specifying per-recipient values using a hash lookup: +#@spam_tag_level_maps = (\$sa_tag_level_deflt); # this is a default +#@spam_tag2_level_maps = ( +# { 'user1@example.com' => 8.0, '.example.com' => 6.0 }, +# \$sa_tag2_level_deflt, # catchall default +#); +#@spam_kill_level_maps = ( +# { 'user1@example.com' => 8.0, '.example.com' => 6.0 }, +# \$sa_kill_level_deflt, # catchall default +#); +#@spam_dsn_cutoff_level_maps = ( +# { 'user1@example.com' => 10, '.example.com' => 15 }, +# \$sa_dsn_cutoff_level, # catchall default +#); + +# selectively trim down bounces to domains sending their own bounces with +# non-null return path, to frequently abused domains, or to those sending +# marginal spam +@spam_dsn_cutoff_level_bysender_maps = ( + { # an associative array (hash) lookup table, use lowercase keys + 'virgilio.it' => 7, 'mail.ru' => 7, '0451.com' => 7, + 'yahoo.co.uk' => 7, 'yahoo.co.jp' => 7, 'nobody@' => 7, + 'noreply@' => 0, 'no-reply@' => 0, 'donotreply@' => 0, + 'opt-in@' => 0, 'opt-out@' => 0, 'yahoo-dev-null@' => 0, + '.optin-out.com' => 0, 'daily@astrocenter.com' => 0, + 'spamadmin@fraunhofer.de'=> 7, # Sophos PureMessage spam bounces + }, + \$sa_dsn_cutoff_level, # catchall default value +); + +# a quick reference: +# tag_level contents category: CC_CLEAN, +# controls adding the X-Spam-Status and X-Spam-Level headers, +# tag2_level contents category: CC_SPAMMY, +# controls adding 'X-Spam-Flag: YES', editing (tagging) Subject, +# and adding address extensions, +# tag3_level contents category: CC_SPAMMY, minor category 1, +# like tag2, but may insert different Subject tag +# e.g. @spam_subject_tag3_maps=('***BLATANT*SPAM*** '); +# kill_level contents category: CC_SPAM, +# controls 'evasive actions' (reject, quarantine); +# it only makes sense to maintain the relationship: +# tag_level <= tag2_level <= tag3_level <= kill_level < +# < dsn_cutoff_level <= quarantine_cutoff_level + +# string to prepend to Subject header field when message exceeds tag2 level +#$sa_spam_subject_tag = '***SPAM*** '; # (defaults to undef, disabled) + # (only seen when spam is passed and recipient is + # in local_domains*) +# more examples, using @*_maps directly: +#@spam_subject_tag_maps = ('[possible-spam:_SCORE_] '); +#@spam_subject_tag2_maps = ('***SPAM*** _SCORE_ (_REQD_) '); +#@spam_subject_tag3_maps = ('***BLATANT*SPAM**** _SCORE_ (_REQD_) '); +# another examples, using _maps_by_ccat: +#$subject_tag_maps_by_ccat{+CC_CLEAN} = [ +# { lc('TestUser@example.net') => +# '**TEST:_U_,hits=_SCORE_,req=_REQD_,amid=_TASKID_,mid=_MAILID_**' } ]; + +#$sa_spam_modifies_subj = 1; # in @spam_modifies_subj_maps, default is true + +# Example: modify Subject for all local recipients except user@example.com +#@spam_modifies_subj_maps = ( [qw( !user@example.com . )] ); + +#$sa_spam_level_char = '*'; # char for X-Spam-Level bar, defaults to '*'; + # undef or empty disables inserting X-Spam-Level +#$sa_spam_report_header = 0; # insert X-Spam-Report header field? default false + +# stop anti-virus scanning when the first scanner detects a virus? +#$first_infected_stops_scan = 1; # default is false, all scanners in a section + # are called + +# @av_scanners is a list of n-tuples, where fields semantics is: +# 1. av scanner plain name, to be used in log and reports; +# 2a.scanner program name; this string will be submitted to subroutine +# find_external_programs(), which will try to find the full program path +# name during startup; if program is not found, this scanner is disabled. +# Besides a simple string (full program path name or just the basename +# to be looked for in PATH), this may be an array ref of alternative +# program names or full paths - the first match in the list will be used; +# 2b.alternatively, this second field may be a subroutine reference, +# and the whole n-tuple entry is passed to it as args; it should return +# a triple: ($scan_status,$output,$virusnames_ref), where: +# - $scan_status is: true if a virus was found, 0 if no viruses, +# undef if scanner was unable to complete its job (failed); +# - $output is an optional result string to appear in logging and macro %v; +# - $virusnames_ref is a ref to a list of detected virus names (may be +# undef or a ref to an empty list); +# 3. command arguments to be given to the scanner program; +# a substring {} will be replaced by the directory name to be scanned, i.e. +# "$tempdir/parts", a "*" will be replaced by base file names of parts; +# 4. an array ref of av scanner exit status values, or a regexp (to be +# matched against scanner output), indicating NO VIRUSES found; +# a special case is a value undef, which does not claim file to be clean +# (i.e. it never matches, similar to []), but suppresses a failure warning; +# to be used when the result is inconclusive (useful for specialized and +# quick partial scanners such as jpeg checker); +# 5. an array ref of av scanner exit status values, or a regexp (to be +# matched against scanner output), indicating VIRUSES WERE FOUND; +# a value undef may be used and it never matches (for consistency with 4.); +# Note: the virus match prevails over a 'not found' match, so it is safe +# even if the no. 4. matches for viruses too; +# 6. a regexp (to be matched against scanner output), returning a list +# of virus names found, or a sub ref, returning such a list when given +# scanner output as argument; +# 7. and 8.: (optional) subroutines to be executed before and after scanner +# (e.g. to set environment or current directory); +# see examples for these at KasperskyLab AVP and NAI uvscan. + +# NOTES: +# +# - NOT DEFINING @av_scanners (e.g. setting it to empty list, or deleting the +# whole assignment) TURNS OFF LOADING AND COMPILING OF THE ANTIVIRUS CODE +# (which can be handy if all you want to do is spam scanning); +# +# - the order matters: although _all_ available entries from the list +# are tried regardless of their verdict, scanners are run in the order +# specified: the report from the first one detecting a virus will be used +# (providing virus names and scanner output); REARRANGE THE ORDER TO WILL; +# see also $first_infected_stops_scan; +# +# - it doesn't hurt to keep an unused command line scanner entry in the list +# if the program can not be found; the path search is only performed once +# during the program startup; +# +# COROLLARY: to disable a scanner that _does_ exist on your system, +# comment out its entry or use undef or '' as its program name/path +# (second parameter). An example where this is almost a must: disable +# Sophos 'sweep' if you have its daemonized version Sophie or SAVI-Perl +# (same for Trophie/vscan, and clamd/clamscan), or if another unrelated +# program happens to have a name matching one of the entries ('sweep' +# again comes to mind); +# +# - it DOES HURT to keep unwanted entries which use INTERNAL SUBROUTINES +# for interfacing (where the second parameter starts with \&). +# Keeping such entry and not having a corresponding virus scanner daemon +# causes an unnecessary connection attempt (which eventually times out, +# but it wastes precious time). For this reason the daemonized entries +# are commented in the distribution - just remove the '#' where needed. +# +# CERT list of av resources: http://www.cert.org/other_sources/viruses.html + +@av_scanners = ( + +# ### http://www.clanfield.info/sophie/ (http://www.vanja.com/tools/sophie/) +# ['Sophie', +# \&ask_daemon, ["{}/\n", '/var/run/sophie'], +# qr/(?x)^ 0+ ( : | [\000\r\n]* $)/m, qr/(?x)^ 1 ( : | [\000\r\n]* $)/m, +# qr/(?x)^ [-+]? \d+ : (.*?) [\000\r\n]* $/m ], + +# ### http://www.csupomona.edu/~henson/www/projects/SAVI-Perl/ +# ['Sophos SAVI', \&sophos_savi ], + +### http://www.clamav.net/ +['ClamAV-clamd', + \&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd.sock"], + qr/\bOK$/m, qr/\bFOUND$/m, + qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ], +# NOTE: run clamd under the same user as amavisd, or run it under its own +# uid such as clamav, add user clamav to the amavis group, and then add +# AllowSupplementaryGroups to clamd.conf; +# NOTE: match socket name (LocalSocket) in clamav.conf to the socket name in +# this entry; when running chrooted one may prefer socket "$MYHOME/clamd". + +# ### http://www.clamav.net/ and CPAN (memory-hungry! clamd is preferred) +# # note that Mail::ClamAV requires perl to be build with threading! +# ['Mail::ClamAV', \&ask_clamav, "*", [0], [1], qr/^INFECTED: (.+)/m ], + +# ### http://www.openantivirus.org/ +# ['OpenAntiVirus ScannerDaemon (OAV)', +# \&ask_daemon, ["SCAN {}\n", '127.0.0.1:8127'], +# qr/^OK/m, qr/^FOUND: /m, qr/^FOUND: (.+)/m ], + +# ### http://www.vanja.com/tools/trophie/ +# ['Trophie', +# \&ask_daemon, ["{}/\n", '/var/run/trophie'], +# qr/(?x)^ 0+ ( : | [\000\r\n]* $)/m, qr/(?x)^ 1 ( : | [\000\r\n]* $)/m, +# qr/(?x)^ [-+]? \d+ : (.*?) [\000\r\n]* $/m ], + +# ### http://www.grisoft.com/ +# ['AVG Anti-Virus', +# \&ask_daemon, ["SCAN {}\n", '127.0.0.1:55555'], +# qr/^200/m, qr/^403/m, qr/^403 .*?: ([^\r\n]+)/m ], + +# ### http://www.f-prot.com/ +# ['F-Prot fpscand', # F-PROT Antivirus for BSD/Linux/Solaris, version 6 +# \&ask_daemon, +# ["SCAN FILE {}/*\n", '127.0.0.1:10200'], +# qr/^(0|8|64) /m, +# qr/^([1235679]|1[01345]) |<[^>:]*(?i)(infected|suspicious|unwanted)/m, +# qr/(?i)<[^>:]*(?:infected|suspicious|unwanted)[^>:]*: ([^>]*)>/m ], + +# ### http://www.f-prot.com/ +# ['F-Prot f-protd', # old version +# \&ask_daemon, +# ["GET {}/*?-dumb%20-archive%20-packed HTTP/1.0\r\n\r\n", +# ['127.0.0.1:10200', '127.0.0.1:10201', '127.0.0.1:10202', +# '127.0.0.1:10203', '127.0.0.1:10204'] ], +# qr/(?i)]*>clean<\/summary>/m, +# qr/(?i)]*>infected<\/summary>/m, +# qr/(?i)(.+)<\/name>/m ], + +# ### http://www.sald.com/, http://www.dials.ru/english/, http://www.drweb.ru/ +# ['DrWebD', \&ask_daemon, # DrWebD 4.31 or later +# [pack('N',1). # DRWEBD_SCAN_CMD +# pack('N',0x00280001). # DONT_CHANGEMAIL, IS_MAIL, RETURN_VIRUSES +# pack('N', # path length +# length("$TEMPBASE/amavis-yyyymmddTHHMMSS-xxxxx/parts/pxxx")). +# '{}/*'. # path +# pack('N',0). # content size +# pack('N',0), +# '/var/drweb/run/drwebd.sock', +# # '/var/amavis/var/run/drwebd.sock', # suitable for chroot +# # '/usr/local/drweb/run/drwebd.sock', # FreeBSD drweb ports default +# # '127.0.0.1:3000', # or over an inet socket +# ], +# qr/\A\x00[\x10\x11][\x00\x10]\x00/sm, # IS_CLEAN,EVAL_KEY; SKIPPED +# qr/\A\x00[\x00\x01][\x00\x10][\x20\x40\x80]/sm,# KNOWN_V,UNKNOWN_V,V._MODIF +# qr/\A.{12}(?:infected with )?([^\x00]+)\x00/sm, +# ], +# # NOTE: If using amavis-milter, change length to: +# # length("$TEMPBASE/amavis-milter-xxxxxxxxxxxxxx/parts/pxxx"). + + ### http://www.kaspersky.com/ (kav4mailservers) + ['KasperskyLab AVP - aveclient', + ['/usr/local/kav/bin/aveclient','/usr/local/share/kav/bin/aveclient', + '/opt/kav/5.5/kav4mailservers/bin/aveclient','aveclient'], + '-p /var/run/aveserver -s {}/*', + [0,3,6,8], qr/\b(INFECTED|SUSPICION|SUSPICIOUS)\b/m, + qr/(?:INFECTED|WARNING|SUSPICION|SUSPICIOUS) (.+)/m, + ], + # NOTE: one may prefer [0],[2,3,4,5], depending on how suspicious, + # currupted or protected archives are to be handled + + ### http://www.kaspersky.com/ + ['KasperskyLab AntiViral Toolkit Pro (AVP)', ['avp'], + '-* -P -B -Y -O- {}', [0,3,6,8], [2,4], # any use for -A -K ? + qr/infected: (.+)/m, + sub {chdir('/opt/AVP') or die "Can't chdir to AVP: $!"}, + sub {chdir($TEMPBASE) or die "Can't chdir back to $TEMPBASE $!"}, + ], + + ### The kavdaemon and AVPDaemonClient have been removed from Kasperky + ### products and replaced by aveserver and aveclient + ['KasperskyLab AVPDaemonClient', + [ '/opt/AVP/kavdaemon', 'kavdaemon', + '/opt/AVP/AvpDaemonClient', 'AvpDaemonClient', + '/opt/AVP/AvpTeamDream', 'AvpTeamDream', + '/opt/AVP/avpdc', 'avpdc' ], + "-f=$TEMPBASE {}", [0,8], [3,4,5,6], qr/infected: ([^\r\n]+)/m ], + # change the startup-script in /etc/init.d/kavd to: + # DPARMS="-* -Y -dl -f=/var/amavis /var/amavis" + # (or perhaps: DPARMS="-I0 -Y -* /var/amavis" ) + # adjusting /var/amavis above to match your $TEMPBASE. + # The '-f=/var/amavis' is needed if not running it as root, so it + # can find, read, and write its pid file, etc., see 'man kavdaemon'. + # defUnix.prf: there must be an entry "*/var/amavis" (or whatever + # directory $TEMPBASE specifies) in the 'Names=' section. + # cd /opt/AVP/DaemonClients; configure; cd Sample; make + # cp AvpDaemonClient /opt/AVP/ + # su - vscan -c "${PREFIX}/kavdaemon ${DPARMS}" + + ### http://www.centralcommand.com/ + ['CentralCommand Vexira (new) vascan', + ['vascan','/usr/lib/Vexira/vascan'], + "-a s --timeout=60 --temp=$TEMPBASE -y $QUARANTINEDIR ". + "--log=/var/log/vascan.log {}", + [0,3], [1,2,5], + qr/(?x)^\s* (?:virus|iworm|macro|mutant|sequence|trojan)\ found:\ ( [^\]\s']+ )\ \.\.\.\ /m ], + # Adjust the path of the binary and the virus database as needed. + # 'vascan' does not allow to have the temp directory to be the same as + # the quarantine directory, and the quarantine option can not be disabled. + # If $QUARANTINEDIR is not used, then another directory must be specified + # to appease 'vascan'. Move status 3 to the second list if password + # protected files are to be considered infected. + + ### http://www.avira.com/ + ### Avira AntiVir (formerly H+BEDV) or (old) CentralCommand Vexira Antivirus + ['Avira AntiVir', ['antivir','vexira'], + '--allfiles -noboot -nombr -rs -s -z {}', [0], qr/ALERT:|VIRUS:/m, + qr/(?x)^\s* (?: ALERT: \s* (?: \[ | [^']* ' ) | + (?i) VIRUS:\ .*?\ virus\ '?) ( [^\]\s']+ )/m ], + # NOTE: if you only have a demo version, remove -z and add 214, as in: + # '--allfiles -noboot -nombr -rs -s {}', [0,214], qr/ALERT:|VIRUS:/, + + ### http://www.commandsoftware.com/ + ['Command AntiVirus for Linux', 'csav', + '-all -archive -packed {}', [50], [51,52,53], + qr/Infection: (.+)/m ], + + ### http://www.symantec.com/ + ['Symantec CarrierScan via Symantec CommandLineScanner', + 'cscmdline', '-a scan -i 1 -v -s 127.0.0.1:7777 {}', + qr/^Files Infected:\s+0$/m, qr/^Infected\b/m, + qr/^(?:Info|Virus Name):\s+(.+)/m ], + + ### http://www.symantec.com/ + ['Symantec AntiVirus Scan Engine', + 'savsecls', '-server 127.0.0.1:7777 -mode scanrepair -details -verbose {}', + [0], qr/^Infected\b/m, + qr/^(?:Info|Virus Name):\s+(.+)/m ], + # NOTE: check options and patterns to see which entry better applies + +# ### http://www.f-secure.com/products/anti-virus/ version 4.65 +# ['F-Secure Antivirus for Linux servers', +# ['/opt/f-secure/fsav/bin/fsav', 'fsav'], +# '--delete=no --disinf=no --rename=no --archive=yes --auto=yes '. +# '--dumb=yes --list=no --mime=yes {}', [0], [3,6,8], +# qr/(?:infection|Infected|Suspected): (.+)/m ], + + ### http://www.f-secure.com/products/anti-virus/ version 5.52 + ['F-Secure Antivirus for Linux servers', + ['/opt/f-secure/fsav/bin/fsav', 'fsav'], + '--virus-action1=report --archive=yes --auto=yes '. + '--dumb=yes --list=no --mime=yes {}', [0], [3,4,6,8], + qr/(?:infection|Infected|Suspected|Riskware): (.+)/m ], + # NOTE: internal archive handling may be switched off by '--archive=no' + # to prevent fsav from exiting with status 9 on broken archives + +# ### http://www.avast.com/ +# ['avast! Antivirus daemon', +# \&ask_daemon, # greets with 220, terminate with QUIT +# ["SCAN {}\015\012QUIT\015\012", '/var/run/avast4/mailscanner.sock'], +# qr/\t\[\+\]/m, qr/\t\[L\]\t/m, qr/\t\[L\]\t([^[ \t\015\012]+)/m ], + +# ### http://www.avast.com/ +# ['avast! Antivirus - Client/Server Version', 'avastlite', +# '-a /var/run/avast4/mailscanner.sock -n {}', [0], [1], +# qr/\t\[L\]\t([^[ \t\015\012]+)/m ], + + ['CAI InoculateIT', 'inocucmd', # retired product + '-sec -nex {}', [0], [100], + qr/was infected by virus (.+)/m ], + # see: http://www.flatmtn.com/computer/Linux-Antivirus_CAI.html + + ### http://www3.ca.com/Solutions/Product.asp?ID=156 (ex InoculateIT) + ['CAI eTrust Antivirus', 'etrust-wrapper', + '-arc -nex -spm h {}', [0], [101], + qr/is infected by virus: (.+)/m ], + # NOTE: requires suid wrapper around inocmd32; consider flag: -mod reviewer + # see http://marc.theaimsgroup.com/?l=amavis-user&m=109229779912783 + + ### http://mks.com.pl/english.html + ['MkS_Vir for Linux (beta)', ['mks32','mks'], + '-s {}/*', [0], [1,2], + qr/--[ \t]*(.+)/m ], + + ### http://mks.com.pl/english.html + ['MkS_Vir daemon', 'mksscan', + '-s -q {}', [0], [1..7], + qr/^... (\S+)/m ], + +# ### http://www.nod32.com/, version v2.52 (old) +# ['ESET NOD32 for Linux Mail servers', +# ['/opt/eset/nod32/bin/nod32cli', 'nod32cli'], +# '--subdir --files -z --sfx --rtp --adware --unsafe --pattern --heur '. +# '-w -a --action-on-infected=accept --action-on-uncleanable=accept '. +# '--action-on-notscanned=accept {}', +# [0,3], [1,2], qr/virus="([^"]+)"/m ], + +# ### http://www.eset.com/, version v2.7 (old) +# ['ESET NOD32 Linux Mail Server - command line interface', +# ['/usr/bin/nod32cli', '/opt/eset/nod32/bin/nod32cli', 'nod32cli'], +# '--subdir {}', [0,3], [1,2], qr/virus="([^"]+)"/m ], + +# ### http://www.eset.com/, version 2.71.12 +# ['ESET Software ESETS Command Line Interface', +# ['/usr/bin/esets_cli', 'esets_cli'], +# '--subdir {}', [0], [1,2,3], qr/virus="([^"]+)"/m ], + + ### http://www.eset.com/, version 3.0 + ['ESET Software ESETS Command Line Interface', + ['/usr/bin/esets_cli', 'esets_cli'], + '--subdir {}', [0], [1,2,3], + qr/:\s*action="(?!accepted)[^"]*"\n.*:\s*virus="([^"]*)"/m ], + + ## http://www.nod32.com/, NOD32LFS version 2.5 and above + ['ESET NOD32 for Linux File servers', + ['/opt/eset/nod32/sbin/nod32','nod32'], + '--files -z --mail --sfx --rtp --adware --unsafe --pattern --heur '. + '-w -a --action=1 -b {}', + [0], [1,10], qr/^object=.*, virus="(.*?)",/m ], + +# Experimental, based on posting from Rado Dibarbora (Dibo) on 2002-05-31 +# ['ESET Software NOD32 Client/Server (NOD32SS)', +# \&ask_daemon2, # greets with 200, persistent, terminate with QUIT +# ["SCAN {}/*\r\n", '127.0.0.1:8448' ], +# qr/^200 File OK/m, qr/^201 /m, qr/^201 (.+)/m ], + + ### http://www.norman.com/products_nvc.shtml + ['Norman Virus Control v5 / Linux', 'nvcc', + '-c -l:0 -s -u -temp:$TEMPBASE {}', [0,10,11], [1,2,14], + qr/(?i).* virus in .* -> \'(.+)\'/m ], + + ### http://www.pandasoftware.com/ + ['Panda CommandLineSecure 9 for Linux', + ['/opt/pavcl/usr/bin/pavcl','pavcl'], + '-auto -aex -heu -cmp -nbr -nor -nos -eng -nob {}', + qr/Number of files infected[ .]*: 0+(?!\d)/m, + qr/Number of files infected[ .]*: 0*[1-9]/m, + qr/Found virus :\s*(\S+)/m ], + # NOTE: for efficiency, start the Panda in resident mode with 'pavcl -tsr' + # before starting amavisd - the bases are then loaded only once at startup. + # To reload bases in a signature update script: + # /opt/pavcl/usr/bin/pavcl -tsr -ulr; /opt/pavcl/usr/bin/pavcl -tsr + # Please review other options of pavcl, for example: + # -nomalw, -nojoke, -nodial, -nohackt, -nospyw, -nocookies + +# ### http://www.pandasoftware.com/ +# ['Panda Antivirus for Linux', ['pavcl'], +# '-TSR -aut -aex -heu -cmp -nbr -nor -nso -eng {}', +# [0], [0x10, 0x30, 0x50, 0x70, 0x90, 0xB0, 0xD0, 0xF0], +# qr/Found virus :\s*(\S+)/m ], + +# GeCAD AV technology is acquired by Microsoft; RAV has been discontinued. +# Check your RAV license terms before fiddling with the following two lines! +# ['GeCAD RAV AntiVirus 8', 'ravav', +# '--all --archive --mail {}', [1], [2,3,4,5], qr/Infected: (.+)/m ], +# # NOTE: the command line switches changed with scan engine 8.5 ! +# # (btw, assigning stdin to /dev/null causes RAV to fail) + + ### http://www.nai.com/ + ['NAI McAfee AntiVirus (uvscan)', 'uvscan', + '--secure -rv --mime --summary --noboot --mailbox --program --timeout 180 - {}', [0], [13], + qr/(?x) Found (?: + \ the\ (.+)\ (?:virus|trojan) | + \ (?:virus|trojan)\ or\ variant\ ([^ ]+) | + :\ (.+)\ NOT\ a\ virus)/m, + # sub {$ENV{LD_PRELOAD}='/lib/libc.so.6'}, + # sub {delete $ENV{LD_PRELOAD}}, + ], + # NOTE1: with RH9: force the dynamic linker to look at /lib/libc.so.6 before + # anything else by setting environment variable LD_PRELOAD=/lib/libc.so.6 + # and then clear it when finished to avoid confusing anything else. + # NOTE2: to treat encrypted files as viruses replace the [13] with: + # qr/^\s{5,}(Found|is password-protected|.*(virus|trojan))/ + + ### http://www.virusbuster.hu/en/ + ['VirusBuster', ['vbuster', 'vbengcl'], + "{} -ss -i '*' -log=$MYHOME/vbuster.log", [0], [1], + qr/: '(.*)' - Virus/m ], + # VirusBuster Ltd. does not support the daemon version for the workstation + # engine (vbuster-eng-1.12-linux-i386-libc6.tgz) any longer. The names of + # binaries, some parameters AND return codes have changed (from 3 to 1). + # See also the new Vexira entry 'vascan' which is possibly related. + +# ### http://www.virusbuster.hu/en/ +# ['VirusBuster (Client + Daemon)', 'vbengd', +# '-f -log scandir {}', [0], [3], +# qr/Virus found = (.*);/m ], +# # HINT: for an infected file it always returns 3, +# # although the man-page tells a different story + + ### http://www.cyber.com/ + ['CyberSoft VFind', 'vfind', + '--vexit {}/*', [0], [23], qr/##==>>>> VIRUS ID: CVDL (.+)/m, + # sub {$ENV{VSTK_HOME}='/usr/lib/vstk'}, + ], + + ### http://www.avast.com/ + ['avast! Antivirus', ['/usr/bin/avastcmd','avastcmd'], + '-a -i -n -t=A {}', [0], [1], qr/\binfected by:\s+([^ \t\n\[\]]+)/m ], + + ### http://www.ikarus-software.com/ + ['Ikarus AntiVirus for Linux', 'ikarus', + '{}', [0], [40], qr/Signature (.+) found/m ], + + ### http://www.bitdefender.com/ + ['BitDefender', 'bdscan', # new version + '--action=ignore --no-list {}', qr/^Infected files *:0+(?!\d)/m, + qr/^(?:Infected files|Identified viruses|Suspect files) *:0*[1-9]/m, + qr/(?:suspected|infected): (.*)(?:\033|$)/m ], + + ### http://www.bitdefender.com/ + ['BitDefender', 'bdc', # old version + '--arc --mail {}', qr/^Infected files *:0+(?!\d)/m, + qr/^(?:Infected files|Identified viruses|Suspect files) *:0*[1-9]/m, + qr/(?:suspected|infected): (.*)(?:\033|$)/m ], + # consider also: --all --nowarn --alev=15 --flev=15. The --all argument may + # not apply to your version of bdc, check documentation and see 'bdc --help' + + ### ArcaVir for Linux and Unix http://www.arcabit.pl/ + ['ArcaVir for Linux', ['arcacmd','arcacmd.static'], + '-v 1 -summary 0 -s {}', [0], [1,2], + qr/(?:VIR|WIR):[ \t]*(.+)/m ], + +# ['File::Scan', sub {Amavis::AV::ask_av(sub{ +# use File::Scan; my($fn)=@_; +# my($f)=File::Scan->new(max_txt_size=>0, max_bin_size=>0); +# my($vname) = $f->scan($fn); +# $f->error ? (2,"Error: ".$f->error) +# : ($vname ne '') ? (1,"$vname FOUND") : (0,"Clean")}, @_) }, +# ["{}/*"], [0], [1], qr/^(.*) FOUND$/m ], + +# ### fully-fledged checker for JPEG marker segments of invalid length +# ['check-jpeg', +# sub { use JpegTester (); Amavis::AV::ask_av(\&JpegTester::test_jpeg, @_) }, +# ["{}/*"], undef, [1], qr/^(bad jpeg: .*)$/m ], +# # NOTE: place file JpegTester.pm somewhere where Perl can find it, +# # for example in /usr/local/lib/perl5/site_perl + +# ### example: simpleminded checker for JPEG marker segments with +# ### invalid length (only checks first 32k, which is not thorough enough) +# ['check-jpeg-simple', +# sub { Amavis::AV::ask_av(sub { +# my($f)=@_; local(*FF,$_,$1,$2); my(@r)=(0,'not jpeg'); +# open(FF,$f) or die "jpeg: open err $f: $!"; +# binmode(FF) or die "jpeg: binmode err $f: $!"; +# defined read(FF,$_,32000) or die "jpeg: read err $f: $!"; +# close(FF) or die "jpeg: close err $f: $!"; +# if (/^\xff\xd8\xff/) { +# @r=(0,'jpeg ok'); +# while (!/\G(?:\xff\xd9|\z)/gc) { # EOI or eof +# if (/\G\xff+(?=\xff|\z)/gc) {} # fill-bytes before marker +# elsif (/\G\xff([\x01\xd0-\xd8])/gc) {} # TEM, RSTi, SOI +# elsif (/\G\xff([^\x00\xff])(..)/gcs) { # marker segment start +# my($n)=unpack("n",$2)-2; +# $n=32766 if $n>32766; # Perl regexp limit +# if ($n<0) {@r=(1,"bad jpeg: len=$n, pos=".pos); last} +# elsif (/\G.{$n}/gcs) {} # ok +# elsif (/\G.{0,$n}\z/gcs) {last} # truncated +# else {@r=(1,"bad jpeg: unexpected, pos=".pos); last} +# } +# elsif (/\G[^\xff]+/gc) {} # ECS +# elsif (/\G(?:\xff\x00)+/gc) {} # ECS +# else {@r=(2,"bad jpeg: unexpected char, pos=".pos); last} +# } +# }; @r}, @_) }, +# ["{}/*"], undef, [1], qr/^(bad jpeg: .*)$/m ], + +# ### an example/testing/template virus scanner (external), wastes 3 seconds +# ['wasteful sleeper example', +# '/bin/sleep', '3', # calls external program +# undef, undef, qr/no such/m ], + +# ### an example/testing/template virus scanner (internal), does nothing +# ['null', +# sub {}, ["{}"], # supplies its own subroutine, no external program +# undef, undef, qr/no such/m ], + +); + + +# If no virus scanners from the @av_scanners list produce 'clean' nor +# 'infected' status (i.e. they all fail to run or the list is empty), +# then _all_ scanners from the @av_scanners_backup list are tried +# (again, subject to $first_infected_stops_scan). When there are both +# daemonized and equivalent or similar command-line scanners available, +# it is customary to place slower command-line scanners in the +# @av_scanners_backup list. The default choice is somewhat arbitrary, +# move entries from one list to another as desired, keeping main scanners +# in the primary list to avoid warnings. + +@av_scanners_backup = ( + + ### http://www.clamav.net/ - backs up clamd or Mail::ClamAV + ['ClamAV-clamscan', 'clamscan', + "--stdout --no-summary -r --tempdir=$TEMPBASE {}", + [0], qr/:.*\sFOUND$/m, qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ], + + ### http://www.f-prot.com/ - backs up F-Prot Daemon, V6 + ['F-PROT Antivirus for UNIX', ['fpscan'], + '--report --mount --adware {}', # consider: --applications -s 4 -u 3 -z 10 + [0,8,64], [1,2,3, 4+1,4+2,4+3, 8+1,8+2,8+3, 12+1,12+2,12+3], + qr/^\[Found\s+[^\]]*\]\s+<([^ \t(>]*)/m ], + + ### http://www.f-prot.com/ - backs up F-Prot Daemon (old) + ['FRISK F-Prot Antivirus', ['f-prot','f-prot.sh'], + '-dumb -ai -archive -packed -server {}', [0,8], [3,6], # or: [0], [3,6,8], + qr/(?:Infection:|security risk named) (.+)|\s+contains\s+(.+)$/m ], + + ### http://www.trendmicro.com/ - backs up Trophie + ['Trend Micro FileScanner', ['/etc/iscan/vscan','vscan'], + '-za -a {}', [0], qr/Found virus/m, qr/Found virus (.+) in/m ], + + ### http://www.sald.com/, http://drweb.imshop.de/ - backs up DrWebD + ['drweb - DrWeb Antivirus', # security LHA hole in Dr.Web 4.33 and earlier + ['/usr/local/drweb/drweb', '/opt/drweb/drweb', 'drweb'], + '-path={} -al -go -ot -cn -upn -ok-', + [0,32], [1,9,33], qr' infected (?:with|by)(?: virus)? (.*)$'m ], + + ### http://www.kaspersky.com/ + ['Kaspersky Antivirus v5.5', + ['/opt/kaspersky/kav4fs/bin/kav4fs-kavscanner', + '/opt/kav/5.5/kav4unix/bin/kavscanner', + '/opt/kav/5.5/kav4mailservers/bin/kavscanner', 'kavscanner'], + '-i0 -xn -xp -mn -R -ePASBME {}/*', [0,10,15], [5,20,21,25], + qr/(?:INFECTED|WARNING|SUSPICION|SUSPICIOUS) (.*)/m, +# sub {chdir('/opt/kav/bin') or die "Can't chdir to kav: $!"}, +# sub {chdir($TEMPBASE) or die "Can't chdir back to $TEMPBASE $!"}, + ], + +# Commented out because the name 'sweep' clashes with Debian and FreeBSD +# package/port of an audio editor. Make sure the correct 'sweep' is found +# in the path when enabling. +# +# ### http://www.sophos.com/ - backs up Sophie or SAVI-Perl +# ['Sophos Anti Virus (sweep)', 'sweep', +# '-nb -f -all -rec -ss -sc -archive -cab -mime -oe -tnef '. +# '--no-reset-atime {}', +# [0,2], qr/Virus .*? found/m, +# qr/^>>> Virus(?: fragment)? '?(.*?)'? found/m, +# ], +# # other options to consider: -idedir=/usr/local/sav + +# Always succeeds and considers mail clean. +# Potentially useful when all other scanners fail and it is desirable +# to let mail continue to flow with no virus checking (when uncommented). +# ['always-clean', sub {0}], + +); + + +# +# Section VIII - Debugging +# + +# The most useful debugging tool is to run amavisd-new non-detached +# from a terminal window using command: # amavisd debug + +# Some more refined approaches: + +# If sender matches ACL, turn debugging fully up, just for this one message +#@debug_sender_maps = ( ["test-sender\@$mydomain"] ); +#@debug_sender_maps = ( [qw( debug@example.com debug@example.net )] ); + +# May be useful along with @debug_sender_maps: +# Prevent all decoded originals being deleted (replaced by decoded part) +#@keep_decoded_original_maps = (1); + +# Turn on SpamAssassin debugging (output to STDERR, use with 'amavisd debug') +#$sa_debug = '1,all'; # defaults to false + + +# +# Section IX - Policy banks (dynamic policy switching) +# + +## Define some policy banks (sets of settings) and give them +## arbitrary names (the names '', 'MYNETS' and 'MYUSERS' have special meaning): +# +# $policy_bank{'ALT'} = { +# log_level => 3, +# syslog_ident => 'alt-amavis', +# syslog_facility => 'LOCAL3', +# inet_acl => [qw( 10.0.1.14 )], +# final_spam_destiny => D_PASS, final_bad_header_destiny => D_PASS, +# forward_method => 'smtp:*:*', +# notify_method => 'smtp:[127.0.0.1]:10025', +# virus_admin_maps => "abuse\@$mydomain", +# spam_lovers_maps => [@spam_lovers_maps, [qw( abuse@example.com )]], +# spam_tag_level_maps => 2.1, +# spam_tag2_level_maps => 6.32, +# spam_kill_level_maps => 6.72, +# spam_dsn_cutoff_level_maps => 8, +# defang_spam => 1, +# local_client_bind_address => '10.11.12.13', +# localhost_name => 'amavis.example.com', +# smtpd_greeting_banner => +# '${helo-name} ${protocol} ${product} ${version-id} (${version-date}) TEST service ready'; +# auth_mech_avail => [qw(PLAIN LOGIN)], +# auth_required_inp => 1, +# auth_required_out => 1, +# amavis_auth_user => 'amavisd', amavis_auth_pass = 'tOpsecretX', +# av_scanners => [ # provide only 'free' scanners +# ['ClamAV-clamd', +# \&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd"], +# qr/\bOK$/, qr/\bFOUND$/, +# qr/^.*?: (?!Infected Archive)(.*) FOUND$/, +# ], +# ], +# av_scanners_backup => [ +# ['ClamAV-clamscan', 'clamscan', +# "--stdout --disable-summary -r --tempdir=$TEMPBASE {}", [0], [1], +# qr/^.*?: (?!Infected Archive)(.*) FOUND$/, +# ], +# ], +# }; + +# NOTE: the use of policy banks for changing protocol on the input socket is +# only needed when different protocols need to be spoken on different sockets +# at the same time. For normal use just set globally e.g.: $protocol='AM.PDP'; +# +#$policy_bank{'AM.PDP-SOCK'} = { +# protocol => 'AM.PDP', # Amavis policy delegation protocol +# auth_required_release => 0, # do not require secret_id for amavisd-release +#}; +# +#$policy_bank{'AM.PDP-INET'} = { +# protocol => 'AM.PDP', # Amavis policy delegation protocol +# inet_acl => [qw( 127.0.0.1 [::1] )], # restrict to these IP addresses +#}; +# +## the name 'MYNETS' has special semantics: this policy bank gets loaded +## whenever MTA supplies the original SMTP client IP address (Postfix XFORWARD +## extension or a new AM.PDP protocol) and that address matches @mynetworks. +# +# $terminate_dsn_on_notify_success = 1; +# $policy_bank{'MYNETS'} = { # mail originating from @mynetworks +# originating => 1, # is true in MYNETS by deflt, but let's make it explicit +# terminate_dsn_on_notify_success => 0, +# spam_kill_level_maps => 6.9, +# syslog_facility => 'LOCAL4', # tell syslog to log to a separate file +# virus_admin_maps => ["virusalert\@$mydomain"], # alert of internal viruses +# spam_admin_maps => ["spamalert\@$mydomain"], # alert of internal spam +# bypass_spam_checks_maps => [1], # or: don't spam-check internal mail +# bypass_banned_checks_maps => [1], # don't banned-check internal mail +# warnbadhsender => 1, # warn local senders about their broken MUA +# banned_filename_maps => ['MYNETS-DEFAULT'], # more permissive banning rules +# spam_quarantine_cutoff_level_maps => undef, # quarantine all local spam +# spam_dsn_cutoff_level_maps => undef, # ensure NDN regardless of spam level +# spam_dsn_cutoff_level_bysender_maps => # but only from local domain senders +# [ { lc(".$mydomain") => undef, '.' => 15 } ], +# }; + +## the name 'MYUSERS' has special semantics: this policy bank gets loaded +## whenever the sender matches @local_domains_maps. This only makes sense +## if local sender addresses can be trusted -- for example by requiring +## authentication before letting users send with their local address. +# +# $policy_bank{'MYUSERS'} = { +# final_virus_destiny => D_BOUNCE, # bounce only to authenticated local users +# final_banned_destiny=> D_BOUNCE, +# }; + +# Needed for Courier: speak courier protocol on the socket +#$interface_policy{'SOCK'} = 'AM-SOCK'; +#$policy_bank{'AM-SOCK'} = {protocol => 'COURIER'}; + +## Now we can assign policy banks to amavisd tcp port numbers listed in +## $inet_socket_port. Whenever the connection from MTA is received, first +## a built-in policy bank $policy_bank{''} gets loaded, which bringings-in +## all the global/legacy settings, then it gets overlaid by the bank +## named in the $interface_policy{$port} if any, and finally the bank +## 'MYNETS' is overlaid if it exists and the SMTP client IP address +## is known (by XFORWARD command from MTA) and it matches @mynetworks. + +# $interface_policy{'10026'} = 'ALT'; + +# used by amavisd-release utility of a new AM.PDP-based amavis-milter client +#$interface_policy{'9998'} = 'AM.PDP-INET'; +#$interface_policy{'SOCK'} = 'AM.PDP-SOCK'; + +# invoke custom hooks or additional configuration files: +# include_config_files('/etc/amavisd-custom.conf'); + +# Want to execute additional configuration files from some directory? +#{ my($d) = '/etc/amavis/conf.d'; # do *.cf or *.conf files in this directory +# local(*D); opendir(D,$d) or die "Can't open dir $d: $!"; +# my(@d) = sort grep {/\.(cf|conf)$/ && -f} map {/^(.*)$/,"$d/$1"} readdir(D); +# closedir(D) or die "Can't close $d: $!"; +# include_config_files($_) for (@d); +#} + +1; # insure a defined return value diff --git a/amavisd.conf.orig b/amavisd.conf.orig new file mode 100644 index 0000000..7e6eb35 --- /dev/null +++ b/amavisd.conf.orig @@ -0,0 +1,806 @@ +use strict; + +# a minimalistic configuration file for amavisd-new with all necessary settings +# +# see amavisd.conf-default for a list of all variables with their defaults; +# for more details see documentation in INSTALL, README_FILES/* +# and at http://www.ijs.si/software/amavisd/amavisd-new-docs.html + + +# COMMONLY ADJUSTED SETTINGS: + +# @bypass_virus_checks_maps = (1); # controls running of anti-virus code +# @bypass_spam_checks_maps = (1); # controls running of anti-spam code +# $bypass_decode_parts = 1; # controls running of decoders&dearchivers + +$max_servers = 2; # num of pre-forked children (2..30 is common), -m +$daemon_user = 'amavis'; # (no default; customary: vscan or amavis), -u +$daemon_group = 'amavis'; # (no default; customary: vscan or amavis), -g + +$mydomain = 'example.com'; # a convenient default for other settings + +# $MYHOME = '/var/amavis'; # a convenient default for other settings, -H +$TEMPBASE = "$MYHOME/tmp"; # working directory, needs to exist, -T +$ENV{TMPDIR} = $TEMPBASE; # environment variable TMPDIR, used by SA, etc. +$QUARANTINEDIR = "$MYHOME/quarantine"; # -Q +# $quarantine_subdir_levels = 1; # add level of subdirs to disperse quarantine +# $release_format = 'resend'; # 'attach', 'plain', 'resend' +# $report_format = 'arf'; # 'attach', 'plain', 'resend', 'arf' + +# $daemon_chroot_dir = $MYHOME; # chroot directory or undef, -R + +# $db_home = "$MYHOME/db"; # dir for bdb nanny/cache/snmp databases, -D +# $helpers_home = "$MYHOME/var"; # working directory for SpamAssassin, -S +# $lock_file = "$MYHOME/var/amavisd.lock"; # -L +# $pid_file = "$MYHOME/var/amavisd.pid"; # -P +#NOTE: create directories $MYHOME/tmp, $MYHOME/var, $MYHOME/db manually + +$log_level = 0; # verbosity 0..5, -d +$log_recip_templ = undef; # disable by-recipient level-0 log entries +$do_syslog = 1; # log via syslogd (preferred) +$syslog_facility = 'mail'; # Syslog facility as a string + # e.g.: mail, daemon, user, local0, ... local7 + +$enable_db = 1; # enable use of BerkeleyDB/libdb (SNMP and nanny) +$nanny_details_level = 2; # nanny verbosity: 1: traditional, 2: detailed +$enable_dkim_verification = 0; # enable DKIM signatures verification +$enable_dkim_signing = 0; # load DKIM signing code, keys defined by dkim_key + +@local_domains_maps = ( [".$mydomain"] ); # list of all local domains + +@mynetworks = qw( 127.0.0.0/8 [::1] [FE80::]/10 [FEC0::]/10 + 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 ); + +$unix_socketname = "$MYHOME/amavisd.sock"; # amavisd-release or amavis-milter + # option(s) -p overrides $inet_socket_port and $unix_socketname + +$inet_socket_port = 10024; # listen on this local TCP port(s) +# $inet_socket_port = [10024,10026]; # listen on multiple TCP ports + +$policy_bank{'MYNETS'} = { # mail originating from @mynetworks + originating => 1, # is true in MYNETS by default, but let's make it explicit + os_fingerprint_method => undef, # don't query p0f for internal clients +}; + +# it is up to MTA to re-route mail from authenticated roaming users or +# from internal hosts to a dedicated TCP port (such as 10026) for filtering +$interface_policy{'10026'} = 'ORIGINATING'; + +$policy_bank{'ORIGINATING'} = { # mail supposedly originating from our users + originating => 1, # declare that mail was submitted by our smtp client + allow_disclaimers => 1, # enables disclaimer insertion if available + # notify administrator of locally originating malware + virus_admin_maps => ["virusalert\@$mydomain"], + spam_admin_maps => ["virusalert\@$mydomain"], + warnbadhsender => 1, + # forward to a smtpd service providing DKIM signing service + forward_method => 'smtp:[127.0.0.1]:10027', + # force MTA conversion to 7-bit (e.g. before DKIM signing) + smtpd_discard_ehlo_keywords => ['8BITMIME'], + bypass_banned_checks_maps => [1], # allow sending any file names and types + terminate_dsn_on_notify_success => 0, # don't remove NOTIFY=SUCCESS option +}; + +$interface_policy{'SOCK'} = 'AM.PDP-SOCK'; # only applies with $unix_socketname + +# Use with amavis-release over a socket or with Petr Rehor's amavis-milter.c +# (with amavis-milter.c from this package or old amavis.c client use 'AM.CL'): +$policy_bank{'AM.PDP-SOCK'} = { + protocol => 'AM.PDP', + auth_required_release => 0, # do not require secret_id for amavisd-release +}; + +$sa_tag_level_deflt = 2.0; # add spam info headers if at, or above that level +$sa_tag2_level_deflt = 6.2; # add 'spam detected' headers at that level +$sa_kill_level_deflt = 6.9; # triggers spam evasive actions (e.g. blocks mail) +$sa_dsn_cutoff_level = 10; # spam level beyond which a DSN is not sent +$sa_crediblefrom_dsn_cutoff_level = 18; # likewise, but for a likely valid From +# $sa_quarantine_cutoff_level = 25; # spam level beyond which quarantine is off +$penpals_bonus_score = 8; # (no effect without a @storage_sql_dsn database) +$penpals_threshold_high = $sa_kill_level_deflt; # don't waste time on hi spam +$bounce_killer_score = 100; # spam score points to add for joe-jobbed bounces + +$sa_mail_body_size_limit = 400*1024; # don't waste time on SA if mail is larger +$sa_local_tests_only = 0; # only tests which do not require internet access? + +# @lookup_sql_dsn = +# ( ['DBI:mysql:database=mail;host=127.0.0.1;port=3306', 'user1', 'passwd1'], +# ['DBI:mysql:database=mail;host=host2', 'username2', 'password2'], +# ["DBI:SQLite:dbname=$MYHOME/sql/mail_prefs.sqlite", '', ''] ); +# @storage_sql_dsn = @lookup_sql_dsn; # none, same, or separate database + +# $timestamp_fmt_mysql = 1; # if using MySQL *and* msgs.time_iso is TIMESTAMP; +# defaults to 0, which is good for non-MySQL or if msgs.time_iso is CHAR(16) + +$virus_admin = "virusalert\@$mydomain"; # notifications recip. + +$mailfrom_notify_admin = "virusalert\@$mydomain"; # notifications sender +$mailfrom_notify_recip = "virusalert\@$mydomain"; # notifications sender +$mailfrom_notify_spamadmin = "spam.police\@$mydomain"; # notifications sender +$mailfrom_to_quarantine = ''; # null return path; uses original sender if undef + +@addr_extension_virus_maps = ('virus'); +@addr_extension_banned_maps = ('banned'); +@addr_extension_spam_maps = ('spam'); +@addr_extension_bad_header_maps = ('badh'); +# $recipient_delimiter = '+'; # undef disables address extensions altogether +# when enabling addr extensions do also Postfix/main.cf: recipient_delimiter=+ + +$path = '/usr/local/sbin:/usr/local/bin:/usr/sbin:/sbin:/usr/bin:/bin'; +# $dspam = 'dspam'; + +$MAXLEVELS = 14; +$MAXFILES = 1500; +$MIN_EXPANSION_QUOTA = 100*1024; # bytes (default undef, not enforced) +$MAX_EXPANSION_QUOTA = 300*1024*1024; # bytes (default undef, not enforced) + +$sa_spam_subject_tag = '***Spam*** '; +$defang_virus = 1; # MIME-wrap passed infected mail +$defang_banned = 1; # MIME-wrap passed mail containing banned name +# for defanging bad headers only turn on certain minor contents categories: +$defang_by_ccat{CC_BADH.",3"} = 1; # NUL or CR character in header +$defang_by_ccat{CC_BADH.",5"} = 1; # header line longer than 998 characters +$defang_by_ccat{CC_BADH.",6"} = 1; # header field syntax error + + +# OTHER MORE COMMON SETTINGS (defaults may suffice): + +# $myhostname = 'host.example.com'; # must be a fully-qualified domain name! + +# $notify_method = 'smtp:[127.0.0.1]:10025'; +# $forward_method = 'smtp:[127.0.0.1]:10025'; # set to undef with milter! + +# $final_virus_destiny = D_DISCARD; +# $final_banned_destiny = D_DISCARD; +# $final_spam_destiny = D_PASS; #!!! D_DISCARD / D_REJECT +# $final_bad_header_destiny = D_PASS; +# $bad_header_quarantine_method = undef; + +# $os_fingerprint_method = 'p0f:*:2345'; # to query p0f-analyzer.pl + +## hierarchy by which a final setting is chosen: +## policy bank (based on port or IP address) -> *_by_ccat +## *_by_ccat (based on mail contents) -> *_maps +## *_maps (based on recipient address) -> final configuration value + + +# SOME OTHER VARIABLES WORTH CONSIDERING (see amavisd.conf-default for all) + +# $warnbadhsender, +# $warnvirusrecip, $warnbannedrecip, $warnbadhrecip, (or @warn*recip_maps) +# +# @bypass_virus_checks_maps, @bypass_spam_checks_maps, +# @bypass_banned_checks_maps, @bypass_header_checks_maps, +# +# @virus_lovers_maps, @spam_lovers_maps, +# @banned_files_lovers_maps, @bad_header_lovers_maps, +# +# @blacklist_sender_maps, @score_sender_maps, +# +# $clean_quarantine_method, $virus_quarantine_to, $banned_quarantine_to, +# $bad_header_quarantine_to, $spam_quarantine_to, +# +# $defang_bad_header, $defang_undecipherable, $defang_spam + + +# REMAINING IMPORTANT VARIABLES ARE LISTED HERE BECAUSE OF LONGER ASSIGNMENTS + +@keep_decoded_original_maps = (new_RE( + qr'^MAIL$', # retain full original message for virus checking + qr'^MAIL-UNDECIPHERABLE$', # recheck full mail if it contains undecipherables + qr'^(ASCII(?! cpio)|text|uuencoded|xxencoded|binhex)'i, +# qr'^Zip archive data', # don't trust Archive::Zip +)); + + +$banned_filename_re = new_RE( + +### BLOCKED ANYWHERE +# qr'^UNDECIPHERABLE$', # is or contains any undecipherable components + qr'^\.(exe-ms|dll)$', # banned file(1) types, rudimentary +# qr'^\.(exe|lha|cab|dll)$', # banned file(1) types + +### BLOCK THE FOLLOWING, EXCEPT WITHIN UNIX ARCHIVES: +# [ qr'^\.(gz|bz2)$' => 0 ], # allow any in gzip or bzip2 + [ qr'^\.(rpm|cpio|tar)$' => 0 ], # allow any in Unix-type archives + + qr'.\.(pif|scr)$'i, # banned extensions - rudimentary +# qr'^\.zip$', # block zip type + +### BLOCK THE FOLLOWING, EXCEPT WITHIN ARCHIVES: +# [ qr'^\.(zip|rar|arc|arj|zoo)$'=> 0 ], # allow any within these archives + + qr'^application/x-msdownload$'i, # block these MIME types + qr'^application/x-msdos-program$'i, + qr'^application/hta$'i, + +# qr'^message/partial$'i, # rfc2046 MIME type +# qr'^message/external-body$'i, # rfc2046 MIME type + +# qr'^(application/x-msmetafile|image/x-wmf)$'i, # Windows Metafile MIME type +# qr'^\.wmf$', # Windows Metafile file(1) type + + # block certain double extensions in filenames + qr'^(?!cid:).*\.[^./]*[A-Za-z][^./]*\.\s*(exe|vbs|pif|scr|bat|cmd|com|cpl|dll)[.\s]*$'i, + +# qr'\{[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12}\}?'i, # Class ID CLSID, strict +# qr'\{[0-9a-z]{4,}(-[0-9a-z]{4,}){0,7}\}?'i, # Class ID extension CLSID, loose + + qr'.\.(exe|vbs|pif|scr|cpl)$'i, # banned extension - basic +# qr'.\.(exe|vbs|pif|scr|cpl|bat|cmd|com)$'i, # banned extension - basic+cmd +# qr'.\.(ade|adp|app|bas|bat|chm|cmd|com|cpl|crt|emf|exe|fxp|grp|hlp|hta| +# inf|ini|ins|isp|js|jse|lib|lnk|mda|mdb|mde|mdt|mdw|mdz|msc|msi| +# msp|mst|ocx|ops|pcd|pif|prg|reg|scr|sct|shb|shs|sys|vb|vbe|vbs|vxd| +# wmf|wsc|wsf|wsh)$'ix, # banned extensions - long +# qr'.\.(asd|asf|asx|url|vcs|wmd|wmz)$'i, # consider also +# qr'.\.(ani|cur|ico)$'i, # banned cursors and icons filename +# qr'^\.ani$', # banned animated cursor file(1) type +# qr'.\.(mim|b64|bhx|hqx|xxe|uu|uue)$'i, # banned extension - WinZip vulnerab. +); +# See http://support.microsoft.com/default.aspx?scid=kb;EN-US;q262631 +# and http://www.cknow.com/vtutor/vtextensions.htm + + +# ENVELOPE SENDER SOFT-WHITELISTING / SOFT-BLACKLISTING + +@score_sender_maps = ({ # a by-recipient hash lookup table, + # results from all matching recipient tables are summed + +# ## per-recipient personal tables (NOTE: positive: black, negative: white) +# 'user1@example.com' => [{'bla-mobile.press@example.com' => 10.0}], +# 'user3@example.com' => [{'.ebay.com' => -3.0}], +# 'user4@example.com' => [{'cleargreen@cleargreen.com' => -7.0, +# '.cleargreen.com' => -5.0}], + + ## site-wide opinions about senders (the '.' matches any recipient) + '.' => [ # the _first_ matching sender determines the score boost + + new_RE( # regexp-type lookup table, just happens to be all soft-blacklist + [qr'^(bulkmail|offers|cheapbenefits|earnmoney|foryou)@'i => 5.0], + [qr'^(greatcasino|investments|lose_weight_today|market\.alert)@'i=> 5.0], + [qr'^(money2you|MyGreenCard|new\.tld\.registry|opt-out|opt-in)@'i=> 5.0], + [qr'^(optin|saveonlsmoking2002k|specialoffer|specialoffers)@'i => 5.0], + [qr'^(stockalert|stopsnoring|wantsome|workathome|yesitsfree)@'i => 5.0], + [qr'^(your_friend|greatoffers)@'i => 5.0], + [qr'^(inkjetplanet|marketopt|MakeMoney)\d*@'i => 5.0], + ), + +# read_hash("/var/amavis/sender_scores_sitewide"), + + { # a hash-type lookup table (associative array) + 'nobody@cert.org' => -3.0, + 'cert-advisory@us-cert.gov' => -3.0, + 'owner-alert@iss.net' => -3.0, + 'slashdot@slashdot.org' => -3.0, + 'securityfocus.com' => -3.0, + 'ntbugtraq@listserv.ntbugtraq.com' => -3.0, + 'security-alerts@linuxsecurity.com' => -3.0, + 'mailman-announce-admin@python.org' => -3.0, + 'amavis-user-admin@lists.sourceforge.net'=> -3.0, + 'amavis-user-bounces@lists.sourceforge.net' => -3.0, + 'spamassassin.apache.org' => -3.0, + 'notification-return@lists.sophos.com' => -3.0, + 'owner-postfix-users@postfix.org' => -3.0, + 'owner-postfix-announce@postfix.org' => -3.0, + 'owner-sendmail-announce@lists.sendmail.org' => -3.0, + 'sendmail-announce-request@lists.sendmail.org' => -3.0, + 'donotreply@sendmail.org' => -3.0, + 'ca+envelope@sendmail.org' => -3.0, + 'noreply@freshmeat.net' => -3.0, + 'owner-technews@postel.acm.org' => -3.0, + 'ietf-123-owner@loki.ietf.org' => -3.0, + 'cvs-commits-list-admin@gnome.org' => -3.0, + 'rt-users-admin@lists.fsck.com' => -3.0, + 'clp-request@comp.nus.edu.sg' => -3.0, + 'surveys-errors@lists.nua.ie' => -3.0, + 'emailnews@genomeweb.com' => -5.0, + 'yahoo-dev-null@yahoo-inc.com' => -3.0, + 'returns.groups.yahoo.com' => -3.0, + 'clusternews@linuxnetworx.com' => -3.0, + lc('lvs-users-admin@LinuxVirtualServer.org') => -3.0, + lc('owner-textbreakingnews@CNNIMAIL12.CNN.COM') => -5.0, + + # soft-blacklisting (positive score) + 'sender@example.net' => 3.0, + '.example.net' => 1.0, + + }, + ], # end of site-wide tables +}); + + +@decoders = ( + ['mail', \&do_mime_decode], +# ['asc', \&do_ascii], +# ['uue', \&do_ascii], +# ['hqx', \&do_ascii], +# ['ync', \&do_ascii], + ['F', \&do_uncompress, ['unfreeze','freeze -d','melt','fcat'] ], + ['Z', \&do_uncompress, ['uncompress','gzip -d','zcat'] ], + ['gz', \&do_uncompress, 'gzip -d'], + ['gz', \&do_gunzip], + ['bz2', \&do_uncompress, 'bzip2 -d'], + ['xz', \&Amavis::Unpackers::do_uncompress, + ['xzdec'. 'xz -dc', 'unxz -c', 'xzcat'] ], + ['lzma', \&Amavis::Unpackers::do_uncompress, + ['lzmadec', 'xz -dc --format=lzma', + 'lzma -dc', 'unlzma -c', 'lzcat', 'lzmadec'] ], + ['lzo', \&do_uncompress, 'lzop -d'], + ['rpm', \&do_uncompress, ['rpm2cpio.pl','rpm2cpio'] ], + ['cpio', \&do_pax_cpio, ['pax','gcpio','cpio'] ], + ['tar', \&do_pax_cpio, ['pax','gcpio','cpio'] ], + ['deb', \&do_ar, 'ar'], +# ['a', \&do_ar, 'ar'], # unpacking .a seems an overkill + ['zip', \&do_unzip], + ['7z', \&do_7zip, ['7zr','7za','7z'] ], + ['rar', \&do_unrar, ['rar','unrar'] ], + ['arj', \&do_unarj, ['arj','unarj'] ], + ['arc', \&do_arc, ['nomarch','arc'] ], + ['zoo', \&do_zoo, ['zoo','unzoo'] ], + ['lha', \&do_lha, 'lha'], +# ['doc', \&do_ole, 'ripole'], + ['cab', \&do_cabextract, 'cabextract'], + ['tnef', \&do_tnef_ext, 'tnef'], + ['tnef', \&do_tnef], +# ['sit', \&do_unstuff, 'unstuff'], # broken/unsafe decoder + ['exe', \&do_executable, ['rar','unrar'], 'lha', ['arj','unarj'] ], +); + + +@av_scanners = ( + +# ### http://www.sophos.com/ +# ['Sophos-SSSP', +# \&ask_daemon, ["{}", 'sssp:/var/run/savdi/sssp.sock'], +# # or: ["{}", 'sssp:[127.0.0.1]:4010'], +# qr/^DONE OK\b/m, qr/^VIRUS\b/m, qr/^VIRUS\s*(\S*)/m ], + +# ### http://www.clanfield.info/sophie/ (http://www.vanja.com/tools/sophie/) +# ['Sophie', +# \&ask_daemon, ["{}/\n", 'sophie:/var/run/sophie'], +# qr/(?x)^ 0+ ( : | [\000\r\n]* $)/, qr/(?x)^ 1 ( : | [\000\r\n]* $)/, +# qr/(?x)^ [-+]? \d+ : (.*?) [\000\r\n]* $/m ], + +# ### http://www.csupomona.edu/~henson/www/projects/SAVI-Perl/ +# ['Sophos SAVI', \&ask_daemon, ['{}','savi-perl:'] ], + +# ['Avira SAVAPI', +# \&ask_daemon, ["*", 'savapi:/var/tmp/.savapi3', 'product-id'], +# qr/^(200|210)/m, qr/^(310|420|319)/m, +# qr/^(?:310|420)[,\s]*(?:.* <<< )?(.+?)(?: ; |$)/m +# settings for the SAVAPI3.conf: ArchiveScan=1, HeurLevel=2, MailboxScan=1 + +# ### http://www.clamav.net/ +# ['ClamAV-clamd', +# \&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd"], +# qr/\bOK$/m, qr/\bFOUND$/m, +# qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ], +# # NOTE: run clamd under the same user as amavisd, or run it under its own +# # uid such as clamav, add user clamav to the amavis group, and then add +# # AllowSupplementaryGroups to clamd.conf; +# # NOTE: match socket name (LocalSocket) in clamav.conf to the socket name in +# # this entry; when running chrooted one may prefer socket "$MYHOME/clamd". + +# ### http://www.clamav.net/ and CPAN (memory-hungry! clamd is preferred) +# # note that Mail::ClamAV requires perl to be build with threading! +# ['Mail::ClamAV', \&ask_daemon, ['{}','clamav-perl:'], +# [0], [1], qr/^INFECTED: (.+)/m], + +# ### http://www.openantivirus.org/ +# ['OpenAntiVirus ScannerDaemon (OAV)', +# \&ask_daemon, ["SCAN {}\n", '127.0.0.1:8127'], +# qr/^OK/m, qr/^FOUND: /m, qr/^FOUND: (.+)/m ], + +# ### http://www.vanja.com/tools/trophie/ +# ['Trophie', +# \&ask_daemon, ["{}/\n", 'trophie:/var/run/trophie'], +# qr/(?x)^ 0+ ( : | [\000\r\n]* $)/m, qr/(?x)^ 1 ( : | [\000\r\n]* $)/m, +# qr/(?x)^ [-+]? \d+ : (.*?) [\000\r\n]* $/m ], + +# ### http://www.grisoft.com/ +# ['AVG Anti-Virus', +# \&ask_daemon, ["SCAN {}\n", '127.0.0.1:55555'], +# qr/^200/m, qr/^403/m, qr/^403 .*?: ([^\r\n]+)/m ], + +# ### http://www.f-prot.com/ +# ['F-Prot fpscand', # F-PROT Antivirus for BSD/Linux/Solaris, version 6 +# \&ask_daemon, +# ["SCAN FILE {}/*\n", '127.0.0.1:10200'], +# qr/^(0|8|64) /m, +# qr/^([1235679]|1[01345]) |<[^>:]*(?i)(infected|suspicious|unwanted)/m, +# qr/(?i)<[^>:]*(?:infected|suspicious|unwanted)[^>:]*: ([^>]*)>/m ], + +# ### http://www.f-prot.com/ +# ['F-Prot f-protd', # old version +# \&ask_daemon, +# ["GET {}/*?-dumb%20-archive%20-packed HTTP/1.0\r\n\r\n", +# ['127.0.0.1:10200', '127.0.0.1:10201', '127.0.0.1:10202', +# '127.0.0.1:10203', '127.0.0.1:10204'] ], +# qr/(?i)]*>clean<\/summary>/m, +# qr/(?i)]*>infected<\/summary>/m, +# qr/(?i)(.+)<\/name>/m ], + +# ### http://www.sald.com/, http://www.dials.ru/english/, http://www.drweb.ru/ +# ['DrWebD', \&ask_daemon, # DrWebD 4.31 or later +# [pack('N',1). # DRWEBD_SCAN_CMD +# pack('N',0x00280001). # DONT_CHANGEMAIL, IS_MAIL, RETURN_VIRUSES +# pack('N', # path length +# length("$TEMPBASE/amavis-yyyymmddTHHMMSS-xxxxx/parts/pxxx")). +# '{}/*'. # path +# pack('N',0). # content size +# pack('N',0), +# '/var/drweb/run/drwebd.sock', +# # '/var/amavis/var/run/drwebd.sock', # suitable for chroot +# # '/usr/local/drweb/run/drwebd.sock', # FreeBSD drweb ports default +# # '127.0.0.1:3000', # or over an inet socket +# ], +# qr/\A\x00[\x10\x11][\x00\x10]\x00/sm, # IS_CLEAN,EVAL_KEY; SKIPPED +# qr/\A\x00[\x00\x01][\x00\x10][\x20\x40\x80]/sm,# KNOWN_V,UNKNOWN_V,V._MODIF +# qr/\A.{12}(?:infected with )?([^\x00]+)\x00/sm, +# ], +# # NOTE: If using amavis-milter, change length to: +# # length("$TEMPBASE/amavis-milter-xxxxxxxxxxxxxx/parts/pxxx"). + + ### http://www.kaspersky.com/ (kav4mailservers) + ['KasperskyLab AVP - aveclient', + ['/usr/local/kav/bin/aveclient','/usr/local/share/kav/bin/aveclient', + '/opt/kav/5.5/kav4mailservers/bin/aveclient','aveclient'], + '-p /var/run/aveserver -s {}/*', + [0,3,6,8], qr/\b(INFECTED|SUSPICION|SUSPICIOUS)\b/m, + qr/(?:INFECTED|WARNING|SUSPICION|SUSPICIOUS) (.+)/m, + ], + # NOTE: one may prefer [0],[2,3,4,5], depending on how suspicious, + # currupted or protected archives are to be handled + + ### http://www.kaspersky.com/ + ['KasperskyLab AntiViral Toolkit Pro (AVP)', ['avp'], + '-* -P -B -Y -O- {}', [0,3,6,8], [2,4], # any use for -A -K ? + qr/infected: (.+)/m, + sub {chdir('/opt/AVP') or die "Can't chdir to AVP: $!"}, + sub {chdir($TEMPBASE) or die "Can't chdir back to $TEMPBASE $!"}, + ], + + ### The kavdaemon and AVPDaemonClient have been removed from Kasperky + ### products and replaced by aveserver and aveclient + ['KasperskyLab AVPDaemonClient', + [ '/opt/AVP/kavdaemon', 'kavdaemon', + '/opt/AVP/AvpDaemonClient', 'AvpDaemonClient', + '/opt/AVP/AvpTeamDream', 'AvpTeamDream', + '/opt/AVP/avpdc', 'avpdc' ], + "-f=$TEMPBASE {}", [0,8], [3,4,5,6], qr/infected: ([^\r\n]+)/m ], + # change the startup-script in /etc/init.d/kavd to: + # DPARMS="-* -Y -dl -f=/var/amavis /var/amavis" + # (or perhaps: DPARMS="-I0 -Y -* /var/amavis" ) + # adjusting /var/amavis above to match your $TEMPBASE. + # The '-f=/var/amavis' is needed if not running it as root, so it + # can find, read, and write its pid file, etc., see 'man kavdaemon'. + # defUnix.prf: there must be an entry "*/var/amavis" (or whatever + # directory $TEMPBASE specifies) in the 'Names=' section. + # cd /opt/AVP/DaemonClients; configure; cd Sample; make + # cp AvpDaemonClient /opt/AVP/ + # su - amavis -c "${PREFIX}/kavdaemon ${DPARMS}" + + ### http://www.centralcommand.com/ + ['CentralCommand Vexira (new) vascan', + ['vascan','/usr/lib/Vexira/vascan'], + "-a s --timeout=60 --temp=$TEMPBASE -y $QUARANTINEDIR ". + "--log=/var/log/vascan.log {}", + [0,3], [1,2,5], + qr/(?x)^\s* (?:virus|iworm|macro|mutant|sequence|trojan)\ found:\ ( [^\]\s']+ )\ \.\.\.\ /m ], + # Adjust the path of the binary and the virus database as needed. + # 'vascan' does not allow to have the temp directory to be the same as + # the quarantine directory, and the quarantine option can not be disabled. + # If $QUARANTINEDIR is not used, then another directory must be specified + # to appease 'vascan'. Move status 3 to the second list if password + # protected files are to be considered infected. + + ### http://www.avira.com/ + ### old Avira AntiVir 2.x (ex H+BEDV) or old CentralCommand Vexira Antivirus + ['Avira AntiVir', ['antivir','vexira'], + '--allfiles -noboot -nombr -rs -s -z {}', [0], qr/ALERT:|VIRUS:/m, + qr/(?x)^\s* (?: ALERT: \s* (?: \[ | [^']* ' ) | + (?i) VIRUS:\ .*?\ virus\ '?) ( [^\]\s']+ )/m ], + # NOTE: if you only have a demo version, remove -z and add 214, as in: + # '--allfiles -noboot -nombr -rs -s {}', [0,214], qr/ALERT:|VIRUS:/, + + ### http://www.avira.com/ + ### Avira for UNIX 3.x + ['Avira AntiVir', ['avscan'], + '-s --batch --alert-action=none {}', [0,4], qr/(?:ALERT|FUND):/m, + qr/(?:ALERT|FUND): (?:.* <<< )?(.+?)(?: ; |$)/m ], + + ### http://www.commandsoftware.com/ + ['Command AntiVirus for Linux', 'csav', + '-all -archive -packed {}', [50], [51,52,53], + qr/Infection: (.+)/m ], + + ### http://www.symantec.com/ + ['Symantec CarrierScan via Symantec CommandLineScanner', + 'cscmdline', '-a scan -i 1 -v -s 127.0.0.1:7777 {}', + qr/^Files Infected:\s+0$/m, qr/^Infected\b/m, + qr/^(?:Info|Virus Name):\s+(.+)/m ], + + ### http://www.symantec.com/ + ['Symantec AntiVirus Scan Engine', + 'savsecls', '-server 127.0.0.1:7777 -mode scanrepair -details -verbose {}', + [0], qr/^Infected\b/m, + qr/^(?:Info|Virus Name):\s+(.+)/m ], + # NOTE: check options and patterns to see which entry better applies + +# ### http://www.f-secure.com/products/anti-virus/ version 4.65 +# ['F-Secure Antivirus for Linux servers', +# ['/opt/f-secure/fsav/bin/fsav', 'fsav'], +# '--delete=no --disinf=no --rename=no --archive=yes --auto=yes '. +# '--dumb=yes --list=no --mime=yes {}', [0], [3,6,8], +# qr/(?:infection|Infected|Suspected): (.+)/m ], + + ### http://www.f-secure.com/products/anti-virus/ version 5.52 + ['F-Secure Antivirus for Linux servers', + ['/opt/f-secure/fsav/bin/fsav', 'fsav'], + '--virus-action1=report --archive=yes --auto=yes '. + '--dumb=yes --list=no --mime=yes {}', [0], [3,4,6,8], + qr/(?:infection|Infected|Suspected|Riskware): (.+)/m ], + # NOTE: internal archive handling may be switched off by '--archive=no' + # to prevent fsav from exiting with status 9 on broken archives + +# ### http://www.avast.com/ +# ['avast! Antivirus daemon', +# \&ask_daemon, # greets with 220, terminate with QUIT +# ["SCAN {}\015\012QUIT\015\012", '/var/run/avast4/mailscanner.sock'], +# qr/\t\[\+\]/m, qr/\t\[L\]\t/m, qr/\t\[L\]\t([^[ \t\015\012]+)/m ], + +# ### http://www.avast.com/ +# ['avast! Antivirus - Client/Server Version', 'avastlite', +# '-a /var/run/avast4/mailscanner.sock -n {}', [0], [1], +# qr/\t\[L\]\t([^[ \t\015\012]+)/m ], + + ['CAI InoculateIT', 'inocucmd', # retired product + '-sec -nex {}', [0], [100], + qr/was infected by virus (.+)/m ], + # see: http://www.flatmtn.com/computer/Linux-Antivirus_CAI.html + + ### http://www3.ca.com/Solutions/Product.asp?ID=156 (ex InoculateIT) + ['CAI eTrust Antivirus', 'etrust-wrapper', + '-arc -nex -spm h {}', [0], [101], + qr/is infected by virus: (.+)/m ], + # NOTE: requires suid wrapper around inocmd32; consider flag: -mod reviewer + # see http://marc.theaimsgroup.com/?l=amavis-user&m=109229779912783 + + ### http://mks.com.pl/english.html + ['MkS_Vir for Linux (beta)', ['mks32','mks'], + '-s {}/*', [0], [1,2], + qr/--[ \t]*(.+)/m ], + + ### http://mks.com.pl/english.html + ['MkS_Vir daemon', 'mksscan', + '-s -q {}', [0], [1..7], + qr/^... (\S+)/m ], + +# ### http://www.nod32.com/, version v2.52 (old) +# ['ESET NOD32 for Linux Mail servers', +# ['/opt/eset/nod32/bin/nod32cli', 'nod32cli'], +# '--subdir --files -z --sfx --rtp --adware --unsafe --pattern --heur '. +# '-w -a --action-on-infected=accept --action-on-uncleanable=accept '. +# '--action-on-notscanned=accept {}', +# [0,3], [1,2], qr/virus="([^"]+)"/m ], + +# ### http://www.eset.com/, version v2.7 (old) +# ['ESET NOD32 Linux Mail Server - command line interface', +# ['/usr/bin/nod32cli', '/opt/eset/nod32/bin/nod32cli', 'nod32cli'], +# '--subdir {}', [0,3], [1,2], qr/virus="([^"]+)"/m ], + +# ### http://www.eset.com/, version 2.71.12 +# ['ESET Software ESETS Command Line Interface', +# ['/usr/bin/esets_cli', 'esets_cli'], +# '--subdir {}', [0], [1,2,3], qr/virus="([^"]+)"/m ], + + ### http://www.eset.com/, version 3.0 + ['ESET Software ESETS Command Line Interface', + ['/usr/bin/esets_cli', 'esets_cli'], + '--subdir {}', [0], [1,2,3], + qr/:\s*action="(?!accepted)[^"]*"\n.*:\s*virus="([^"]*)"/m ], + + ## http://www.nod32.com/, NOD32LFS version 2.5 and above + ['ESET NOD32 for Linux File servers', + ['/opt/eset/nod32/sbin/nod32','nod32'], + '--files -z --mail --sfx --rtp --adware --unsafe --pattern --heur '. + '-w -a --action=1 -b {}', + [0], [1,10], qr/^object=.*, virus="(.*?)",/m ], + +# Experimental, based on posting from Rado Dibarbora (Dibo) on 2002-05-31 +# ['ESET Software NOD32 Client/Server (NOD32SS)', +# \&ask_daemon2, # greets with 200, persistent, terminate with QUIT +# ["SCAN {}/*\r\n", '127.0.0.1:8448' ], +# qr/^200 File OK/m, qr/^201 /m, qr/^201 (.+)/m ], + + ### http://www.norman.com/products_nvc.shtml + ['Norman Virus Control v5 / Linux', 'nvcc', + '-c -l:0 -s -u -temp:$TEMPBASE {}', [0,10,11], [1,2,14], + qr/(?i).* virus in .* -> \'(.+)\'/m ], + + ### http://www.pandasoftware.com/ + ['Panda CommandLineSecure 9 for Linux', + ['/opt/pavcl/usr/bin/pavcl','pavcl'], + '-auto -aex -heu -cmp -nbr -nor -nos -eng -nob {}', + qr/Number of files infected[ .]*: 0+(?!\d)/m, + qr/Number of files infected[ .]*: 0*[1-9]/m, + qr/Found virus :\s*(\S+)/m ], + # NOTE: for efficiency, start the Panda in resident mode with 'pavcl -tsr' + # before starting amavisd - the bases are then loaded only once at startup. + # To reload bases in a signature update script: + # /opt/pavcl/usr/bin/pavcl -tsr -ulr; /opt/pavcl/usr/bin/pavcl -tsr + # Please review other options of pavcl, for example: + # -nomalw, -nojoke, -nodial, -nohackt, -nospyw, -nocookies + +# ### http://www.pandasoftware.com/ +# ['Panda Antivirus for Linux', ['pavcl'], +# '-TSR -aut -aex -heu -cmp -nbr -nor -nso -eng {}', +# [0], [0x10, 0x30, 0x50, 0x70, 0x90, 0xB0, 0xD0, 0xF0], +# qr/Found virus :\s*(\S+)/m ], + +# GeCAD AV technology is acquired by Microsoft; RAV has been discontinued. +# Check your RAV license terms before fiddling with the following two lines! +# ['GeCAD RAV AntiVirus 8', 'ravav', +# '--all --archive --mail {}', [1], [2,3,4,5], qr/Infected: (.+)/m ], +# # NOTE: the command line switches changed with scan engine 8.5 ! +# # (btw, assigning stdin to /dev/null causes RAV to fail) + + ### http://www.nai.com/ + ['NAI McAfee AntiVirus (uvscan)', 'uvscan', + '--secure -rv --mime --summary --noboot - {}', [0], [13], + qr/(?x) Found (?: + \ the\ (.+)\ (?:virus|trojan) | + \ (?:virus|trojan)\ or\ variant\ ([^ ]+) | + :\ (.+)\ NOT\ a\ virus)/m, + # sub {$ENV{LD_PRELOAD}='/lib/libc.so.6'}, + # sub {delete $ENV{LD_PRELOAD}}, + ], + # NOTE1: with RH9: force the dynamic linker to look at /lib/libc.so.6 before + # anything else by setting environment variable LD_PRELOAD=/lib/libc.so.6 + # and then clear it when finished to avoid confusing anything else. + # NOTE2: to treat encrypted files as viruses replace the [13] with: + # qr/^\s{5,}(Found|is password-protected|.*(virus|trojan))/ + + ### http://www.virusbuster.hu/en/ + ['VirusBuster', ['vbuster', 'vbengcl'], + "{} -ss -i '*' -log=$MYHOME/vbuster.log", [0], [1], + qr/: '(.*)' - Virus/m ], + # VirusBuster Ltd. does not support the daemon version for the workstation + # engine (vbuster-eng-1.12-linux-i386-libc6.tgz) any longer. The names of + # binaries, some parameters AND return codes have changed (from 3 to 1). + # See also the new Vexira entry 'vascan' which is possibly related. + +# ### http://www.virusbuster.hu/en/ +# ['VirusBuster (Client + Daemon)', 'vbengd', +# '-f -log scandir {}', [0], [3], +# qr/Virus found = (.*);/m ], +# # HINT: for an infected file it always returns 3, +# # although the man-page tells a different story + + ### http://www.cyber.com/ + ['CyberSoft VFind', 'vfind', + '--vexit {}/*', [0], [23], qr/##==>>>> VIRUS ID: CVDL (.+)/m, + # sub {$ENV{VSTK_HOME}='/usr/lib/vstk'}, + ], + + ### http://www.avast.com/ + ['avast! Antivirus', ['/usr/bin/avastcmd','avastcmd'], + '-a -i -n -t=A {}', [0], [1], qr/\binfected by:\s+([^ \t\n\[\]]+)/m ], + + ### http://www.ikarus-software.com/ + ['Ikarus AntiVirus for Linux', 'ikarus', + '{}', [0], [40], qr/Signature (.+) found/m ], + + ### http://www.bitdefender.com/ + ['BitDefender', 'bdscan', # new version + '--action=ignore --no-list {}', qr/^Infected files\s*:\s*0+(?!\d)/m, + qr/^(?:Infected files|Identified viruses|Suspect files)\s*:\s*0*[1-9]/m, + qr/(?:suspected|infected)\s*:\s*(.*)(?:\033|$)/m ], + + ### http://www.bitdefender.com/ + ['BitDefender', 'bdc', # old version + '--arc --mail {}', qr/^Infected files *:0+(?!\d)/m, + qr/^(?:Infected files|Identified viruses|Suspect files) *:0*[1-9]/m, + qr/(?:suspected|infected): (.*)(?:\033|$)/m ], + # consider also: --all --nowarn --alev=15 --flev=15. The --all argument may + # not apply to your version of bdc, check documentation and see 'bdc --help' + + ### ArcaVir for Linux and Unix http://www.arcabit.pl/ + ['ArcaVir for Linux', ['arcacmd','arcacmd.static'], + '-v 1 -summary 0 -s {}', [0], [1,2], + qr/(?:VIR|WIR):[ \t]*(.+)/m ], + +# ### a generic SMTP-client interface to a SMTP-based virus scanner +# ['av_smtp', \&ask_av_smtp, +# ['{}', 'smtp:[127.0.0.1]:5525', 'dummy@localhost'], +# qr/^2/, qr/^5/, qr/^\s*(.*?)\s*$/m ], + +# ['File::Scan', sub {Amavis::AV::ask_av(sub{ +# use File::Scan; my($fn)=@_; +# my($f)=File::Scan->new(max_txt_size=>0, max_bin_size=>0); +# my($vname) = $f->scan($fn); +# $f->error ? (2,"Error: ".$f->error) +# : ($vname ne '') ? (1,"$vname FOUND") : (0,"Clean")}, @_) }, +# ["{}/*"], [0], [1], qr/^(.*) FOUND$/m ], + +# ### fully-fledged checker for JPEG marker segments of invalid length +# ['check-jpeg', +# sub { use JpegTester (); Amavis::AV::ask_av(\&JpegTester::test_jpeg, @_) }, +# ["{}/*"], undef, [1], qr/^(bad jpeg: .*)$/m ], +# # NOTE: place file JpegTester.pm somewhere where Perl can find it, +# # for example in /usr/local/lib/perl5/site_perl + +); + + +@av_scanners_backup = ( + + ### http://www.clamav.net/ - backs up clamd or Mail::ClamAV + ['ClamAV-clamscan', 'clamscan', + "--stdout --no-summary -r --tempdir=$TEMPBASE {}", + [0], qr/:.*\sFOUND$/m, qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ], + +# ### http://www.clamav.net/ - using remote clamd scanner as a backup +# ['ClamAV-clamdscan', 'clamdscan', +# "--stdout --no-summary --config-file=/etc/clamd-client.conf {}", +# [0], qr/:.*\sFOUND$/m, qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ], + +# ['ClamAV-clamd-stream', +# \&ask_daemon, ["*", 'clamd:/var/run/clamav/clamd'], +# qr/\bOK$/m, qr/\bFOUND$/m, +# qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ], + + ### http://www.f-prot.com/ - backs up F-Prot Daemon, V6 + ['F-PROT Antivirus for UNIX', ['fpscan'], + '--report --mount --adware {}', # consider: --applications -s 4 -u 3 -z 10 + [0,8,64], [1,2,3, 4+1,4+2,4+3, 8+1,8+2,8+3, 12+1,12+2,12+3], + qr/^\[Found\s+[^\]]*\]\s+<([^ \t(>]*)/m ], + + ### http://www.f-prot.com/ - backs up F-Prot Daemon (old) + ['FRISK F-Prot Antivirus', ['f-prot','f-prot.sh'], + '-dumb -archive -packed {}', [0,8], [3,6], # or: [0], [3,6,8], + qr/(?:Infection:|security risk named) (.+)|\s+contains\s+(.+)$/m ], + + ### http://www.trendmicro.com/ - backs up Trophie + ['Trend Micro FileScanner', ['/etc/iscan/vscan','vscan'], + '-za -a {}', [0], qr/Found virus/m, qr/Found virus (.+) in/m ], + + ### http://www.sald.com/, http://drweb.imshop.de/ - backs up DrWebD + ['drweb - DrWeb Antivirus', # security LHA hole in Dr.Web 4.33 and earlier + ['/usr/local/drweb/drweb', '/opt/drweb/drweb', 'drweb'], + '-path={} -al -go -ot -cn -upn -ok-', + [0,32], [1,9,33], qr' infected (?:with|by)(?: virus)? (.*)$'m ], + + ### http://www.kaspersky.com/ + ['Kaspersky Antivirus v5.5', + ['/opt/kaspersky/kav4fs/bin/kav4fs-kavscanner', + '/opt/kav/5.5/kav4unix/bin/kavscanner', + '/opt/kav/5.5/kav4mailservers/bin/kavscanner', 'kavscanner'], + '-i0 -xn -xp -mn -R -ePASBME {}/*', [0,10,15], [5,20,21,25], + qr/(?:INFECTED|WARNING|SUSPICION|SUSPICIOUS) (.*)/m, +# sub {chdir('/opt/kav/bin') or die "Can't chdir to kav: $!"}, +# sub {chdir($TEMPBASE) or die "Can't chdir back to $TEMPBASE $!"}, + ], + +# Commented out because the name 'sweep' clashes with Debian and FreeBSD +# package/port of an audio editor. Make sure the correct 'sweep' is found +# in the path when enabling. +# +# ### http://www.sophos.com/ - backs up Sophie or SAVI-Perl +# ['Sophos Anti Virus (sweep)', 'sweep', +# '-nb -f -all -rec -ss -sc -archive -cab -mime -oe -tnef '. +# '--no-reset-atime {}', +# [0,2], qr/Virus .*? found/m, +# qr/^>>> Virus(?: fragment)? '?(.*?)'? found/m, +# ], +# # other options to consider: -idedir=/usr/local/sav + +# Always succeeds and considers mail clean. +# Potentially useful when all other scanners fail and it is desirable +# to let mail continue to flow with no virus checking (when uncommented). +# ['always-clean', sub {0}], + +); + + +1; # insure a defined return value diff --git a/ca-certificates.conf b/ca-certificates.conf new file mode 100644 index 0000000..8164d2e --- /dev/null +++ b/ca-certificates.conf @@ -0,0 +1,159 @@ +# Automatically generated by app-misc/ca-certificates-20110502-r1 +# Do 8. Sep 21:08:01 UTC 2011 +# Do not edit. +brasil.gov.br/brasil.gov.br.crt +cacert.org/cacert.org.crt +debconf.org/ca.crt +gouv.fr/cert_igca_dsa.crt +gouv.fr/cert_igca_rsa.crt +mozilla/ACEDICOM_Root.crt +mozilla/AC_Raíz_Certicámara_S.A..crt +mozilla/AddTrust_External_Root.crt +mozilla/AddTrust_Low-Value_Services_Root.crt +mozilla/AddTrust_Public_Services_Root.crt +mozilla/AddTrust_Qualified_Certificates_Root.crt +mozilla/America_Online_Root_Certification_Authority_1.crt +mozilla/America_Online_Root_Certification_Authority_2.crt +mozilla/AOL_Time_Warner_Root_Certification_Authority_1.crt +mozilla/AOL_Time_Warner_Root_Certification_Authority_2.crt +mozilla/ApplicationCA_-_Japanese_Government.crt +mozilla/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.crt +mozilla/Baltimore_CyberTrust_Root.crt +mozilla/Buypass_Class_2_CA_1.crt +mozilla/Buypass_Class_3_CA_1.crt +mozilla/CA_Disig.crt +mozilla/Camerfirma_Chambers_of_Commerce_Root.crt +mozilla/Camerfirma_Global_Chambersign_Root.crt +mozilla/Certigna.crt +mozilla/Certplus_Class_2_Primary_CA.crt +mozilla/certSIGN_ROOT_CA.crt +mozilla/Certum_Root_CA.crt +mozilla/Chambers_of_Commerce_Root_-_2008.crt +mozilla/CNNIC_ROOT.crt +mozilla/Comodo_AAA_Services_root.crt +mozilla/COMODO_Certification_Authority.crt +mozilla/COMODO_ECC_Certification_Authority.crt +mozilla/Comodo_Secure_Services_root.crt +mozilla/Comodo_Trusted_Services_root.crt +mozilla/ComSign_CA.crt +mozilla/ComSign_Secured_CA.crt +mozilla/Cybertrust_Global_Root.crt +mozilla/Deutsche_Telekom_Root_CA_2.crt +mozilla/DigiCert_Assured_ID_Root_CA.crt +mozilla/DigiCert_Global_Root_CA.crt +mozilla/DigiCert_High_Assurance_EV_Root_CA.crt +mozilla/Digital_Signature_Trust_Co._Global_CA_1.crt +mozilla/Digital_Signature_Trust_Co._Global_CA_3.crt +mozilla/DST_ACES_CA_X6.crt +mozilla/DST_Root_CA_X3.crt +mozilla/EBG_Elektronik_Sertifika_Hizmet_Sağlayıcısı.crt +mozilla/E-Guven_Kok_Elektronik_Sertifika_Hizmet_Saglayicisi.crt +mozilla/Entrust.net_Premium_2048_Secure_Server_CA.crt +mozilla/Entrust.net_Secure_Server_CA.crt +mozilla/Entrust_Root_Certification_Authority.crt +mozilla/ePKI_Root_Certification_Authority.crt +mozilla/Equifax_Secure_CA.crt +mozilla/Equifax_Secure_eBusiness_CA_1.crt +mozilla/Equifax_Secure_eBusiness_CA_2.crt +mozilla/Equifax_Secure_Global_eBusiness_CA.crt +mozilla/Firmaprofesional_Root_CA.crt +mozilla/GeoTrust_Global_CA_2.crt +mozilla/GeoTrust_Global_CA.crt +mozilla/GeoTrust_Primary_Certification_Authority.crt +mozilla/GeoTrust_Primary_Certification_Authority_-_G2.crt +mozilla/GeoTrust_Primary_Certification_Authority_-_G3.crt +mozilla/GeoTrust_Universal_CA_2.crt +mozilla/GeoTrust_Universal_CA.crt +mozilla/Global_Chambersign_Root_-_2008.crt +mozilla/GlobalSign_Root_CA.crt +mozilla/GlobalSign_Root_CA_-_R2.crt +mozilla/GlobalSign_Root_CA_-_R3.crt +mozilla/Go_Daddy_Class_2_CA.crt +mozilla/GTE_CyberTrust_Global_Root.crt +mozilla/Hongkong_Post_Root_CA_1.crt +mozilla/IGC_A.crt +mozilla/Izenpe.com.crt +mozilla/Juur-SK.crt +mozilla/Microsec_e-Szigno_Root_CA_2009.crt +mozilla/Microsec_e-Szigno_Root_CA.crt +mozilla/NetLock_Arany_=Class_Gold=_Főtanúsítvány.crt +mozilla/NetLock_Business_=Class_B=_Root.crt +mozilla/NetLock_Express_=Class_C=_Root.crt +mozilla/NetLock_Notary_=Class_A=_Root.crt +mozilla/NetLock_Qualified_=Class_QA=_Root.crt +mozilla/Network_Solutions_Certificate_Authority.crt +mozilla/OISTE_WISeKey_Global_Root_GA_CA.crt +mozilla/QuoVadis_Root_CA_2.crt +mozilla/QuoVadis_Root_CA_3.crt +mozilla/QuoVadis_Root_CA.crt +mozilla/RSA_Root_Certificate_1.crt +mozilla/RSA_Security_2048_v3.crt +mozilla/Secure_Global_CA.crt +mozilla/SecureSign_RootCA11.crt +mozilla/SecureTrust_CA.crt +mozilla/Security_Communication_EV_RootCA1.crt +mozilla/Security_Communication_Root_CA.crt +mozilla/Sonera_Class_1_Root_CA.crt +mozilla/Sonera_Class_2_Root_CA.crt +mozilla/Staat_der_Nederlanden_Root_CA.crt +mozilla/Staat_der_Nederlanden_Root_CA_-_G2.crt +mozilla/Starfield_Class_2_CA.crt +mozilla/StartCom_Certification_Authority.crt +mozilla/S-TRUST_Authentication_and_Encryption_Root_CA_2005_PN.crt +mozilla/Swisscom_Root_CA_1.crt +mozilla/SwissSign_Gold_CA_-_G2.crt +mozilla/SwissSign_Platinum_CA_-_G2.crt +mozilla/SwissSign_Silver_CA_-_G2.crt +mozilla/Taiwan_GRCA.crt +mozilla/TC_TrustCenter_Class_2_CA_II.crt +mozilla/TC_TrustCenter_Class_3_CA_II.crt +mozilla/TC_TrustCenter__Germany__Class_2_CA.crt +mozilla/TC_TrustCenter__Germany__Class_3_CA.crt +mozilla/TC_TrustCenter_Universal_CA_I.crt +mozilla/TC_TrustCenter_Universal_CA_III.crt +mozilla/TDC_Internet_Root_CA.crt +mozilla/TDC_OCES_Root_CA.crt +mozilla/Thawte_Personal_Freemail_CA.crt +mozilla/Thawte_Premium_Server_CA.crt +mozilla/thawte_Primary_Root_CA.crt +mozilla/thawte_Primary_Root_CA_-_G2.crt +mozilla/thawte_Primary_Root_CA_-_G3.crt +mozilla/Thawte_Server_CA.crt +mozilla/Thawte_Time_Stamping_CA.crt +mozilla/TÜBİTAK_UEKAE_Kök_Sertifika_Hizmet_Sağlayıcısı_-_Sürüm_3.crt +mozilla/TURKTRUST_Certificate_Services_Provider_Root_1.crt +mozilla/TURKTRUST_Certificate_Services_Provider_Root_2.crt +mozilla/UTN_DATACorp_SGC_Root_CA.crt +mozilla/UTN_USERFirst_Email_Root_CA.crt +mozilla/UTN_USERFirst_Hardware_Root_CA.crt +mozilla/ValiCert_Class_1_VA.crt +mozilla/ValiCert_Class_2_VA.crt +mozilla/Verisign_Class_1_Public_Primary_Certification_Authority.crt +mozilla/Verisign_Class_1_Public_Primary_Certification_Authority_-_G2.crt +mozilla/Verisign_Class_1_Public_Primary_Certification_Authority_-_G3.crt +mozilla/Verisign_Class_2_Public_Primary_Certification_Authority.crt +mozilla/Verisign_Class_2_Public_Primary_Certification_Authority_-_G2.crt +mozilla/Verisign_Class_2_Public_Primary_Certification_Authority_-_G3.crt +mozilla/Verisign_Class_3_Public_Primary_Certification_Authority.crt +mozilla/Verisign_Class_3_Public_Primary_Certification_Authority_-_G2.crt +mozilla/Verisign_Class_3_Public_Primary_Certification_Authority_-_G3.crt +mozilla/VeriSign_Class_3_Public_Primary_Certification_Authority_-_G4.crt +mozilla/VeriSign_Class_3_Public_Primary_Certification_Authority_-_G5.crt +mozilla/Verisign_Class_4_Public_Primary_Certification_Authority_-_G2.crt +mozilla/Verisign_Class_4_Public_Primary_Certification_Authority_-_G3.crt +mozilla/VeriSign_Universal_Root_Certification_Authority.crt +mozilla/Visa_eCommerce_Root.crt +mozilla/Wells_Fargo_Root_CA.crt +mozilla/WellsSecure_Public_Root_Certificate_Authority.crt +mozilla/XRamp_Global_CA_Root.crt +signet.pl/signet_ca1_pem.crt +signet.pl/signet_ca2_pem.crt +signet.pl/signet_ca3_pem.crt +signet.pl/signet_ocspklasa2_pem.crt +signet.pl/signet_ocspklasa3_pem.crt +signet.pl/signet_pca2_pem.crt +signet.pl/signet_pca3_pem.crt +signet.pl/signet_rootca_pem.crt +signet.pl/signet_tsa1_pem.crt +spi-inc.org/spi-ca-2003.crt +spi-inc.org/spi-cacert-2008.crt diff --git a/clamd.conf b/clamd.conf new file mode 100644 index 0000000..bf35e17 --- /dev/null +++ b/clamd.conf @@ -0,0 +1,502 @@ +## +## Example config file for the Clam AV daemon +## Please read the clamd.conf(5) manual before editing this file. +## + + +# Comment or remove the line below. +# Example + +# Uncomment this option to enable logging. +# LogFile must be writable for the user running daemon. +# A full path is required. +# Default: disabled +LogFile /var/log/clamav/clamd.log + +# By default the log file is locked for writing - the lock protects against +# running clamd multiple times (if want to run another clamd, please +# copy the configuration file, change the LogFile variable, and run +# the daemon with --config-file option). +# This option disables log file locking. +# Default: no +#LogFileUnlock yes + +# Maximum size of the log file. +# Value of 0 disables the limit. +# You may use 'M' or 'm' for megabytes (1M = 1m = 1048576 bytes) +# and 'K' or 'k' for kilobytes (1K = 1k = 1024 bytes). To specify the size +# in bytes just don't use modifiers. +# Default: 1M +#LogFileMaxSize 2M + +# Log time with each message. +# Default: no +LogTime yes + +# Also log clean files. Useful in debugging but drastically increases the +# log size. +# Default: no +#LogClean yes + +# Use system logger (can work together with LogFile). +# Default: no +#LogSyslog yes + +# Specify the type of syslog messages - please refer to 'man syslog' +# for facility names. +# Default: LOG_LOCAL6 +#LogFacility LOG_MAIL + +# Enable verbose logging. +# Default: no +#LogVerbose yes + +# Log additional information about the infected file, such as its +# size and hash, together with the virus name. +#ExtendedDetectionInfo yes + +# This option allows you to save a process identifier of the listening +# daemon (main thread). +# Default: disabled +PidFile /var/run/clamav/clamd.pid + +# Optional path to the global temporary directory. +# Default: system specific (usually /tmp or /var/tmp). +#TemporaryDirectory /var/tmp + +# Path to the database directory. +# Default: hardcoded (depends on installation options) +#DatabaseDirectory /var/lib/clamav + +# Only load the official signatures published by the ClamAV project. +# Default: no +#OfficialDatabaseOnly no + +# The daemon can work in local mode, network mode or both. +# Due to security reasons we recommend the local mode. + +# Path to a local socket file the daemon will listen on. +# Default: disabled (must be specified by a user) +LocalSocket /var/run/clamav/clamd.sock + +# Sets the group ownership on the unix socket. +# Default: disabled (the primary group of the user running clamd) +#LocalSocketGroup virusgroup + +# Sets the permissions on the unix socket to the specified mode. +# Default: disabled (socket is world accessible) +#LocalSocketMode 660 + +# Remove stale socket after unclean shutdown. +# Default: yes +#FixStaleSocket yes + +# TCP port address. +# Default: no +#TCPSocket 3310 + +# TCP address. +# By default we bind to INADDR_ANY, probably not wise. +# Enable the following to provide some degree of protection +# from the outside world. +# Default: no +#TCPAddr 127.0.0.1 + +# Maximum length the queue of pending connections may grow to. +# Default: 200 +#MaxConnectionQueueLength 30 + +# Clamd uses FTP-like protocol to receive data from remote clients. +# If you are using clamav-milter to balance load between remote clamd daemons +# on firewall servers you may need to tune the options below. + +# Close the connection when the data size limit is exceeded. +# The value should match your MTA's limit for a maximum attachment size. +# Default: 25M +#StreamMaxLength 10M + +# Limit port range. +# Default: 1024 +#StreamMinPort 30000 +# Default: 2048 +#StreamMaxPort 32000 + +# Maximum number of threads running at the same time. +# Default: 10 +#MaxThreads 20 + +# Waiting for data from a client socket will timeout after this time (seconds). +# Default: 120 +#ReadTimeout 300 + +# This option specifies the time (in seconds) after which clamd should +# timeout if a client doesn't provide any initial command after connecting. +# Default: 5 +#CommandReadTimeout 5 + +# This option specifies how long to wait (in miliseconds) if the send buffer is full. +# Keep this value low to prevent clamd hanging +# +# Default: 500 +#SendBufTimeout 200 + +# Maximum number of queued items (including those being processed by MaxThreads threads) +# It is recommended to have this value at least twice MaxThreads if possible. +# WARNING: you shouldn't increase this too much to avoid running out of file descriptors, +# the following condition should hold: +# MaxThreads*MaxRecursion + (MaxQueue - MaxThreads) + 6< RLIMIT_NOFILE (usual max is 1024) +# +# Default: 100 +#MaxQueue 200 + +# Waiting for a new job will timeout after this time (seconds). +# Default: 30 +#IdleTimeout 60 + +# Don't scan files and directories matching regex +# This directive can be used multiple times +# Default: scan all +#ExcludePath ^/proc/ +#ExcludePath ^/sys/ + +# Maximum depth directories are scanned at. +# Default: 15 +#MaxDirectoryRecursion 20 + +# Follow directory symlinks. +# Default: no +#FollowDirectorySymlinks yes + +# Follow regular file symlinks. +# Default: no +#FollowFileSymlinks yes + +# Scan files and directories on other filesystems. +# Default: yes +#CrossFilesystems yes + +# Perform a database check. +# Default: 600 (10 min) +#SelfCheck 600 + +# Execute a command when virus is found. In the command string %v will +# be replaced with the virus name. +# Default: no +#VirusEvent /usr/local/bin/send_sms 123456789 "VIRUS ALERT: %v" + +# Run as another user (clamd must be started by root for this option to work) +# Default: don't drop privileges +User clamav + +# Initialize supplementary group access (clamd must be started by root). +# Default: no +AllowSupplementaryGroups yes + +# Stop daemon when libclamav reports out of memory condition. +#ExitOnOOM yes + +# Don't fork into background. +# Default: no +#Foreground yes + +# Enable debug messages in libclamav. +# Default: no +#Debug yes + +# Do not remove temporary files (for debug purposes). +# Default: no +#LeaveTemporaryFiles yes + +# Detect Possibly Unwanted Applications. +# Default: no +#DetectPUA yes + +# Exclude a specific PUA category. This directive can be used multiple times. +# See http://www.clamav.net/support/pua for the complete list of PUA +# categories. +# Default: Load all categories (if DetectPUA is activated) +#ExcludePUA NetTool +#ExcludePUA PWTool + +# Only include a specific PUA category. This directive can be used multiple +# times. +# Default: Load all categories (if DetectPUA is activated) +#IncludePUA Spy +#IncludePUA Scanner +#IncludePUA RAT + +# In some cases (eg. complex malware, exploits in graphic files, and others), +# ClamAV uses special algorithms to provide accurate detection. This option +# controls the algorithmic detection. +# Default: yes +#AlgorithmicDetection yes + + +## +## Executable files +## + +# PE stands for Portable Executable - it's an executable file format used +# in all 32 and 64-bit versions of Windows operating systems. This option allows +# ClamAV to perform a deeper analysis of executable files and it's also +# required for decompression of popular executable packers such as UPX, FSG, +# and Petite. If you turn off this option, the original files will still be +# scanned, but without additional processing. +# Default: yes +#ScanPE yes + +# Executable and Linking Format is a standard format for UN*X executables. +# This option allows you to control the scanning of ELF files. +# If you turn off this option, the original files will still be scanned, but +# without additional processing. +# Default: yes +#ScanELF yes + +# With this option clamav will try to detect broken executables (both PE and +# ELF) and mark them as Broken.Executable. +# Default: no +#DetectBrokenExecutables yes + + +## +## Documents +## + +# This option enables scanning of OLE2 files, such as Microsoft Office +# documents and .msi files. +# If you turn off this option, the original files will still be scanned, but +# without additional processing. +# Default: yes +#ScanOLE2 yes + + +# With this option enabled OLE2 files with VBA macros, which were not +# detected by signatures will be marked as "Heuristics.OLE2.ContainsMacros". +# Default: no +#OLE2BlockMacros no + +# This option enables scanning within PDF files. +# If you turn off this option, the original files will still be scanned, but +# without decoding and additional processing. +# Default: yes +#ScanPDF yes + + +## +## Mail files +## + +# Enable internal e-mail scanner. +# If you turn off this option, the original files will still be scanned, but +# without parsing individual messages/attachments. +# Default: yes +#ScanMail yes + +# Scan RFC1341 messages split over many emails. +# You will need to periodically clean up $TemporaryDirectory/clamav-partial directory. +# WARNING: This option may open your system to a DoS attack. +# Never use it on loaded servers. +# Default: no +#ScanPartialMessages yes + + +# With this option enabled ClamAV will try to detect phishing attempts by using +# signatures. +# Default: yes +#PhishingSignatures yes + +# Scan URLs found in mails for phishing attempts using heuristics. +# Default: yes +#PhishingScanURLs yes + +# Always block SSL mismatches in URLs, even if the URL isn't in the database. +# This can lead to false positives. +# +# Default: no +#PhishingAlwaysBlockSSLMismatch no + +# Always block cloaked URLs, even if URL isn't in database. +# This can lead to false positives. +# +# Default: no +#PhishingAlwaysBlockCloak no + +# Allow heuristic match to take precedence. +# When enabled, if a heuristic scan (such as phishingScan) detects +# a possible virus/phish it will stop scan immediately. Recommended, saves CPU +# scan-time. +# When disabled, virus/phish detected by heuristic scans will be reported only at +# the end of a scan. If an archive contains both a heuristically detected +# virus/phish, and a real malware, the real malware will be reported +# +# Keep this disabled if you intend to handle "*.Heuristics.*" viruses +# differently from "real" malware. +# If a non-heuristically-detected virus (signature-based) is found first, +# the scan is interrupted immediately, regardless of this config option. +# +# Default: no +#HeuristicScanPrecedence yes + +## +## Data Loss Prevention (DLP) +## + +# Enable the DLP module +# Default: No +#StructuredDataDetection yes + +# This option sets the lowest number of Credit Card numbers found in a file +# to generate a detect. +# Default: 3 +#StructuredMinCreditCardCount 5 + +# This option sets the lowest number of Social Security Numbers found +# in a file to generate a detect. +# Default: 3 +#StructuredMinSSNCount 5 + +# With this option enabled the DLP module will search for valid +# SSNs formatted as xxx-yy-zzzz +# Default: yes +#StructuredSSNFormatNormal yes + +# With this option enabled the DLP module will search for valid +# SSNs formatted as xxxyyzzzz +# Default: no +#StructuredSSNFormatStripped yes + + +## +## HTML +## + +# Perform HTML normalisation and decryption of MS Script Encoder code. +# Default: yes +# If you turn off this option, the original files will still be scanned, but +# without additional processing. +#ScanHTML yes + + +## +## Archives +## + +# ClamAV can scan within archives and compressed files. +# If you turn off this option, the original files will still be scanned, but +# without unpacking and additional processing. +# Default: yes +#ScanArchive yes + +# Mark encrypted archives as viruses (Encrypted.Zip, Encrypted.RAR). +# Default: no +#ArchiveBlockEncrypted no + + +## +## Limits +## + +# The options below protect your system against Denial of Service attacks +# using archive bombs. + +# This option sets the maximum amount of data to be scanned for each input file. +# Archives and other containers are recursively extracted and scanned up to this +# value. +# Value of 0 disables the limit +# Note: disabling this limit or setting it too high may result in severe damage +# to the system. +# Default: 100M +#MaxScanSize 150M + +# Files larger than this limit won't be scanned. Affects the input file itself +# as well as files contained inside it (when the input file is an archive, a +# document or some other kind of container). +# Value of 0 disables the limit. +# Note: disabling this limit or setting it too high may result in severe damage +# to the system. +# Default: 25M +#MaxFileSize 30M + +# Nested archives are scanned recursively, e.g. if a Zip archive contains a RAR +# file, all files within it will also be scanned. This options specifies how +# deeply the process should be continued. +# Note: setting this limit too high may result in severe damage to the system. +# Default: 16 +#MaxRecursion 10 + +# Number of files to be scanned within an archive, a document, or any other +# container file. +# Value of 0 disables the limit. +# Note: disabling this limit or setting it too high may result in severe damage +# to the system. +# Default: 10000 +#MaxFiles 15000 + + +## +## Clamuko settings +## + +# Enable Clamuko. Dazuko must be configured and running. Clamuko supports +# both Dazuko (/dev/dazuko) and DazukoFS (/dev/dazukofs.ctrl). DazukoFS +# is the preferred option. For more information please visit www.dazuko.org +# Default: no +#ClamukoScanOnAccess yes + +# The number of scanner threads that will be started (DazukoFS only). +# Having multiple scanner threads allows Clamuko to serve multiple +# processes simultaneously. This is particularly beneficial on SMP machines. +# Default: 3 +#ClamukoScannerCount 3 + +# Don't scan files larger than ClamukoMaxFileSize +# Value of 0 disables the limit. +# Default: 5M +#ClamukoMaxFileSize 10M + +# Set access mask for Clamuko (Dazuko only). +# Default: no +#ClamukoScanOnOpen yes +#ClamukoScanOnClose yes +#ClamukoScanOnExec yes + +# Set the include paths (all files inside them will be scanned). You can have +# multiple ClamukoIncludePath directives but each directory must be added +# in a seperate line. (Dazuko only) +# Default: disabled +#ClamukoIncludePath /home +#ClamukoIncludePath /students + +# Set the exclude paths. All subdirectories are also excluded. (Dazuko only) +# Default: disabled +#ClamukoExcludePath /home/bofh + +# With this option you can whitelist specific UIDs. Processes with these UIDs +# will be able to access all files. +# This option can be used multiple times (one per line). +# Default: disabled +#ClamukoExcludeUID 0 + +# With this option enabled ClamAV will load bytecode from the database. +# It is highly recommended you keep this option on, otherwise you'll miss detections for many new viruses. +# Default: yes +#Bytecode yes + +# Set bytecode security level. +# Possible values: +# None - no security at all, meant for debugging. DO NOT USE THIS ON PRODUCTION SYSTEMS +# This value is only available if clamav was built with --enable-debug! +# TrustSigned - trust bytecode loaded from signed .c[lv]d files, +# insert runtime safety checks for bytecode loaded from other sources +# Paranoid - don't trust any bytecode, insert runtime checks for all +# Recommended: TrustSigned, because bytecode in .cvd files already has these checks +# Note that by default only signed bytecode is loaded, currently you can only +# load unsigned bytecode in --enable-debug mode. +# +# Default: TrustSigned +#BytecodeSecurity TrustSigned + +# Set bytecode timeout in miliseconds. +# +# Default: 5000 +# BytecodeTimeout 1000 diff --git a/colordiffrc b/colordiffrc new file mode 100644 index 0000000..6e75b2b --- /dev/null +++ b/colordiffrc @@ -0,0 +1,26 @@ +# Example colordiffrc file for dark backgrounds +# +# Set banner=no to suppress authorship info at top of +# colordiff output +banner=no +# By default, when colordiff output is being redirected +# to a file, it detects this and does not colour-highlight +# To make the patch file *include* colours, change the option +# below to 'yes' +color_patches=no +# +# available colours are: white, yellow, green, blue, +# cyan, red, magenta, black, +# darkwhite, darkyellow, darkgreen, +# darkblue, darkcyan, darkred, +# darkmagenta, darkblack +# +# Can also specify 'none', 'normal' or 'off' which are all +# aliases for the same thing, namely "don't colour highlight +# this, use the default output colour" +# +plain=off +newtext=blue +oldtext=red +diffstuff=magenta +cvsstuff=green diff --git a/colordiffrc-lightbg b/colordiffrc-lightbg new file mode 100644 index 0000000..fe5333f --- /dev/null +++ b/colordiffrc-lightbg @@ -0,0 +1,26 @@ +# Example colordiffrc file for light backgrounds +# +# Set banner=no to suppress authorship info at top of +# colordiff output +banner=no +# By default, when colordiff output is being redirected +# to a file, it detects this and does not colour-highlight +# To make the patch file *include* colours, change the option +# below to 'yes' +color_patches=no +# +# available colours are: white, yellow, green, blue, +# cyan, red, magenta, black, +# darkwhite, darkyellow, darkgreen, +# darkblue, darkcyan, darkred, +# darkmagenta, darkblack +# +# Can also specify 'none', 'normal' or 'off' which are all +# aliases for the same thing, namely "don't colour highlight +# this, use the default output colour" +# +plain=off +newtext=blue +oldtext=red +diffstuff=darkgreen +cvsstuff=darkmagenta diff --git a/cron.deny b/cron.deny new file mode 100644 index 0000000..3fae422 --- /dev/null +++ b/cron.deny @@ -0,0 +1,5 @@ +# $Id: vixie-cron-4.1-cron.deny,v 1.1 2005/03/04 23:59:48 ciaranm Exp $ +# If for any reason you have users in the 'cron' group who should not +# be allowed to run crontab, add them to this file (one username per +# line) + diff --git a/crontab b/crontab new file mode 100644 index 0000000..a38b89e --- /dev/null +++ b/crontab @@ -0,0 +1,15 @@ +# for vixie cron +# $Header: /var/cvsroot/gentoo-x86/sys-process/vixie-cron/files/crontab-3.0.1-r4,v 1.2 2009/05/12 09:13:46 bangert Exp $ + +# Global variables +SHELL=/bin/bash +PATH=/sbin:/bin:/usr/sbin:/usr/bin +MAILTO=root +HOME=/ + +# check scripts in cron.hourly, cron.daily, cron.weekly and cron.monthly +59 * * * * root rm -f /var/spool/cron/lastrun/cron.hourly +9 3 * * * root rm -f /var/spool/cron/lastrun/cron.daily +19 4 * * 6 root rm -f /var/spool/cron/lastrun/cron.weekly +29 5 1 * * root rm -f /var/spool/cron/lastrun/cron.monthly +*/10 * * * * root test -x /usr/sbin/run-crons && /usr/sbin/run-crons diff --git a/csh.env b/csh.env new file mode 100644 index 0000000..2fadeaf --- /dev/null +++ b/csh.env @@ -0,0 +1,23 @@ +# THIS FILE IS AUTOMATICALLY GENERATED BY env-update. +# DO NOT EDIT THIS FILE. CHANGES TO STARTUP PROFILES +# GO INTO /etc/csh.cshrc NOT /etc/csh.env + +setenv CONFIG_PROTECT '/var/bind /usr/share/gnupg/qualified.txt' +setenv CONFIG_PROTECT_MASK '/etc/gentoo-release /etc/sandbox.d /etc/env.d/java/ /etc/php/cli-php5.3/ext-active/ /etc/php/cgi-php5.3/ext-active/ /etc/php/apache2-php5.3/ext-active/ /etc/fonts/fonts.conf /etc/terminfo /etc/ca-certificates.conf /etc/texmf/web2c /etc/texmf/language.dat.d /etc/texmf/language.def.d /etc/texmf/updmap.d /etc/revdep-rebuild' +setenv EDITOR '/usr/bin/vim' +setenv GCC_SPECS '' +setenv GDK_USE_XFT '1' +setenv GUILE_LOAD_PATH '/usr/share/guile/1.8' +setenv HG '/usr/bin/hg' +setenv INFOPATH '/usr/share/info:/usr/share/binutils-data/x86_64-pc-linux-gnu/2.21.1/info:/usr/share/gcc-data/x86_64-pc-linux-gnu/4.5.3/info' +setenv LESS '-R -M --shift 5' +setenv LESSOPEN '|lesspipe %s' +setenv MANPATH '/usr/local/share/man:/usr/share/man:/usr/share/binutils-data/x86_64-pc-linux-gnu/2.21.1/man:/usr/share/gcc-data/x86_64-pc-linux-gnu/4.5.3/man:/etc/java-config/system-vm/man/:/usr/lib64/php5.3/man/' +setenv PAGER '/usr/bin/less' +setenv PATH '/opt/bin:/usr/x86_64-pc-linux-gnu/gcc-bin/4.5.3:/usr/lib64/subversion/bin' +setenv PYTHONDOCS '/usr/share/doc/python-docs-2.7.1/html/library' +setenv PYTHONDOCS_2_7 '/usr/share/doc/python-docs-2.7.1/html/library' +setenv PYTHONDOCS_3_1 '/usr/share/doc/python-docs-3.1.3/html/library' +setenv ROOTPATH '/opt/bin:/usr/x86_64-pc-linux-gnu/gcc-bin/4.5.3:/usr/lib64/subversion/bin' +setenv XDG_CONFIG_DIRS '/etc/xdg' +setenv XDG_DATA_DIRS '/usr/local/share:/usr/share' diff --git a/dhcpcd.conf b/dhcpcd.conf new file mode 100644 index 0000000..eb625a7 --- /dev/null +++ b/dhcpcd.conf @@ -0,0 +1,23 @@ +# A sample configuration for dhcpcd. +# See dhcpcd.conf(5) for details. + +# Inform the DHCP server of our hostname for DDNS. +hostname +# To share the DHCP lease across OSX and Windows a ClientID is needed. +# Enabling this may get a different lease than the kernel DHCP client. +# Some upstream DHCP servers may also require a ClientID, such as FRITZ!Box. +#clientid + +# A list of options to request from the DHCP server. +option domain_name_servers, domain_name, domain_search, host_name +option classless_static_routes +# Most distributions have NTP support. +option ntp_servers +# Respect the network MTU. +option interface_mtu +# A ServerID is required by RFC2131. +require dhcp_server_identifier + +# A hook script is provided to lookup the hostname if not set by the DHCP +# server, but it should not be run by default. +nohook lookup-hostname diff --git a/dispatch-conf.conf b/dispatch-conf.conf new file mode 100644 index 0000000..3d956a1 --- /dev/null +++ b/dispatch-conf.conf @@ -0,0 +1,57 @@ +# +# dispatch-conf.conf +# + +# Directory to archive replaced configs +archive-dir=/etc/config-archive + +# Use rcs for storing files in the archive directory? +# WARNING: When configured to use rcs, read and execute permissions of +# archived files may be inherited from the first check in of a working +# file, as documented in the ci(1) man page. This means that even if +# the permissions of the working file have since changed, the older +# permissions of the first check in may be inherited. As mentioned in +# the ci(1) man page, users can control access to RCS files by setting +# the permissions of the directory containing the files (see +# archive-dir above). +# (yes or no) +use-rcs=yes + +# Diff for display +# %s old file +# %s new file +# If using colordiff instead of diff, the less -R option may be required +# for correct display. +#diff="diff -Nu '%s' '%s' | less --no-init --QUIT-AT-EOF" +diff="diff -Nu '%s' '%s' | colordiff | less -r --no-init --QUIT-AT-EOF" + +# Diff for interactive merges. +# %s output file +# %s old file +# %s new file +merge="sdiff --suppress-common-lines --output='%s' '%s' '%s'" + +# Automerge files comprising only CVS interpolations (e.g. Header or Id) +# (yes or no) +replace-cvs=yes + +# Automerge files comprising only whitespace and/or comments +# (yes or no) +replace-wscomments=yes + +# Automerge files that the user hasn't modified +# (yes or no) +replace-unmodified=yes + +# Ignore a version that is identical to the previously merged version, +# even though it is different from the current user modified version +# Note that emerge already has a similar feature enabled by default, +# which can be disabled by the emerge --noconfmem option. +# (yes or no) +ignore-previously-merged=no + +# Per-session log file of changes made to configuration files +log-file=/var/log/dispatch-conf.log + +# List of frozen files for which dispatch-conf will automatically zap updates +#frozen-files="" diff --git a/dmtab b/dmtab new file mode 100644 index 0000000..5fc1d79 --- /dev/null +++ b/dmtab @@ -0,0 +1,12 @@ +#/etc/dmraid: config file for adding device-mapper volumes at boot +# $Header: /var/cvsroot/gentoo-x86/sys-fs/lvm2/files/dmtab,v 1.1 2009/04/09 23:00:10 caleb Exp $ + +# Format: : +# Example: isw0: 0 312602976 striped 2 128 /dev/sda 0 /dev/sdb 0 +# +# Alternatively you can create all your volumes the first time, and just run: +# +# dmsetup table >> /etc/dmtab +# +# and verify that they are correct. + diff --git a/e2fsck.conf b/e2fsck.conf new file mode 100644 index 0000000..401cec4 --- /dev/null +++ b/e2fsck.conf @@ -0,0 +1,6 @@ +# See the e2fsck.conf man page for more info + +[options] + +# allow fsck to run sanely at any point in time #142850 +buggy_init_scripts = yes diff --git a/eixrc b/eixrc new file mode 100644 index 0000000..deda6e9 --- /dev/null +++ b/eixrc @@ -0,0 +1,29 @@ +# /etc/eixrc +# +# In this file system-wide defaults for variables related to eix binaries +# are stored, i.e. the variables set in this file override the built-in +# defaults. Both can be overridden by ~/.eixrc and by environment variables. +# +# It is strongly recommended to set here only those variables which you +# want to *differ* from the built-in defaults (or for which you have a +# particular reason why the default should never change with an eix update). +# +# *Otherwise you might miss changes in the defaults in newer eix versions* +# which may result in confusing behavior of the eix binaries. +# +# ebuilds of <=eix-0.10.3 (and >=eix-0.7.4) used to set *all* variables in +# /etc/eixrc which is not recommended anymore. If you want to get such a file +# (i.e. a file where all variables are described and set to the current +# values resp. to the built-in default values) you can redirect the output +# of the options --dump or --dump-defaults, respectively. +# +# However once more: To avoid unexpected problems +# +# *IT IS NOT RECOMMENDED TO SET _ALL_ VARIABLES* in /etc/eixrc +# +# Only set those for which you have a reason to do so! +# +# For the available variables and their defaults, see the output of the +# options --dump or --dump-defaults. +# For more detailed explanations see the manpage of eix. + diff --git a/environment b/environment new file mode 100644 index 0000000..3e704a6 --- /dev/null +++ b/environment @@ -0,0 +1,5 @@ +# +# This file is parsed by pam_env module +# +# Syntax: simple "KEY=VAL" pairs on separate lines +# diff --git a/etc-update.conf b/etc-update.conf new file mode 100644 index 0000000..cea2173 --- /dev/null +++ b/etc-update.conf @@ -0,0 +1,82 @@ +# /etc/etc-update.conf: config file for `etc-update` utility +# edit the lines below to your liking + +# mode - 0 for text, 1 for menu (support incomplete) +# note that you need dev-util/dialog installed +mode="0" + +# Whether to clear the term prior to each display +#clear_term="yes" +clear_term="no" + +# Whether trivial/comment changes should be automerged +eu_automerge="yes" + +# arguments used whenever rm is called +rm_opts="-i" + +# arguments used whenever mv is called +mv_opts="-i" + +# arguments used whenever cp is called +cp_opts="-i" + +# pager for use with diff commands +pager="less" +#pager="" + +# For emacs-users (see NOTE_2) +# diff_command="eval emacs -nw --eval=\'\(ediff\ \"%file1\"\ \"%file2\"\)\'" +#using_editor=1 + +# vim-users: you CAN use vimdiff for diff_command. (see NOTE_1 and NOTE_2) +#diff_command="vim -d %file1 %file2" +#using_editor=1 + +# If using colordiff instead of diff, the less -R option may be required +# for correct display (see 'pager' setting above). +diff_command="diff -uN %file1 %file2" +using_editor=0 + + +# vim-users: don't use vimdiff for merging (see NOTE_1) +merge_command="sdiff -s -o %merged %orig %new" + +# EXPLANATION +# +# pager: +# +# Examples of pager usage: +# pager="" # don't use a pager +# pager="less -E" # less +# pager="more" # more +# +# +# diff_command: +# +# Arguments: +# %file1 [REQUIRED] +# %file2 [REQUIRED] +# +# Examples of diff_command: +# diff_command="diff -uN %file1 %file2" # diff +# diff_command="vim -d %file1 %file2" # vimdiff +# +# +# merge_command: +# +# Arguments: +# %orig [REQUIRED] +# %new [REQUIRED] +# %merged [REQUIRED] +# +# Examples of merge_command: +# merge_command="sdiff -s -o %merged %old %new" # sdiff +# + +# NOTE_1: Editors such as vim/vimdiff are not usable for the merge_command +# because it is not known what filenames the produced files have (the user can +# choose while using those programs) + +# NOTE_2: Make sure using_editor is set to "1" when using an editor as +# diff_command! diff --git a/filesystems b/filesystems new file mode 100644 index 0000000..0bb9c3c --- /dev/null +++ b/filesystems @@ -0,0 +1,14 @@ +# /etc/filesystems +# +# This file defines the filesystems search order used by a +# 'mount -t auto' command. +# + +# Uncomment the following line if your modular kernel has vfat +# support and you want mount to try vfat. +#vfat + +# Keep the last '*' intact as it directs mount to use the +# filesystems list available at /proc/filesystems also. +# Don't remove it unless you REALLY know what you are doing! +* diff --git a/freshclam.conf b/freshclam.conf new file mode 100644 index 0000000..a218449 --- /dev/null +++ b/freshclam.conf @@ -0,0 +1,215 @@ +## +## Example config file for freshclam +## Please read the freshclam.conf(5) manual before editing this file. +## + + +# Comment or remove the line below. +# Example + +# Path to the database directory. +# WARNING: It must match clamd.conf's directive! +# Default: hardcoded (depends on installation options) +#DatabaseDirectory /var/lib/clamav + +# Path to the log file (make sure it has proper permissions) +# Default: disabled +UpdateLogFile /var/log/clamav/freshclam.log + +# Maximum size of the log file. +# Value of 0 disables the limit. +# You may use 'M' or 'm' for megabytes (1M = 1m = 1048576 bytes) +# and 'K' or 'k' for kilobytes (1K = 1k = 1024 bytes). +# in bytes just don't use modifiers. +# Default: 1M +#LogFileMaxSize 2M + +# Log time with each message. +# Default: no +#LogTime yes + +# Enable verbose logging. +# Default: no +#LogVerbose yes + +# Use system logger (can work together with UpdateLogFile). +# Default: no +#LogSyslog yes + +# Specify the type of syslog messages - please refer to 'man syslog' +# for facility names. +# Default: LOG_LOCAL6 +#LogFacility LOG_MAIL + +# This option allows you to save the process identifier of the daemon +# Default: disabled +PidFile /var/run/clamav/freshclam.pid + +# By default when started freshclam drops privileges and switches to the +# "clamav" user. This directive allows you to change the database owner. +# Default: clamav (may depend on installation options) +DatabaseOwner clamav + +# Initialize supplementary group access (freshclam must be started by root). +# Default: no +AllowSupplementaryGroups yes + +# Use DNS to verify virus database version. Freshclam uses DNS TXT records +# to verify database and software versions. With this directive you can change +# the database verification domain. +# WARNING: Do not touch it unless you're configuring freshclam to use your +# own database verification domain. +# Default: current.cvd.clamav.net +#DNSDatabaseInfo current.cvd.clamav.net + +# Uncomment the following line and replace XY with your country +# code. See http://www.iana.org/cctld/cctld-whois.htm for the full list. +# You can use db.XY.ipv6.clamav.net for IPv6 connections. +#DatabaseMirror db.XY.clamav.net + +# database.clamav.net is a round-robin record which points to our most +# reliable mirrors. It's used as a fall back in case db.XY.clamav.net is +# not working. DO NOT TOUCH the following line unless you know what you +# are doing. +DatabaseMirror database.clamav.net + +# How many attempts to make before giving up. +# Default: 3 (per mirror) +#MaxAttempts 5 + +# With this option you can control scripted updates. It's highly recommended +# to keep it enabled. +# Default: yes +ScriptedUpdates yes + +# By default freshclam will keep the local databases (.cld) uncompressed to +# make their handling faster. With this option you can enable the compression; +# the change will take effect with the next database update. +# Default: no +#CompressLocalDatabase no + +# With this option you can provide custom sources (http:// or file://) for +# database files. This option can be used multiple times. +# Default: no custom URLs +#DatabaseCustomURL http://myserver.com/mysigs.ndb +#DatabaseCustomURL file:///mnt/nfs/local.hdb + +# Number of database checks per day. +# Default: 12 (every two hours) +#Checks 24 + +# Proxy settings +# Default: disabled +#HTTPProxyServer myproxy.com +#HTTPProxyPort 1234 +#HTTPProxyUsername myusername +#HTTPProxyPassword mypass + +# If your servers are behind a firewall/proxy which applies User-Agent +# filtering you can use this option to force the use of a different +# User-Agent header. +# Default: clamav/version_number +#HTTPUserAgent SomeUserAgentIdString + +# Use aaa.bbb.ccc.ddd as client address for downloading databases. Useful for +# multi-homed systems. +# Default: Use OS'es default outgoing IP address. +#LocalIPAddress aaa.bbb.ccc.ddd + +# Send the RELOAD command to clamd. +# Default: no +NotifyClamd /etc/clamd.conf + +# Run command after successful database update. +# Default: disabled +#OnUpdateExecute command + +# Run command when database update process fails. +# Default: disabled +#OnErrorExecute command + +# Run command when freshclam reports outdated version. +# In the command string %v will be replaced by the new version number. +# Default: disabled +#OnOutdatedExecute command + +# Don't fork into background. +# Default: no +#Foreground yes + +# Enable debug messages in libclamav. +# Default: no +#Debug yes + +# Timeout in seconds when connecting to database server. +# Default: 30 +#ConnectTimeout 60 + +# Timeout in seconds when reading from database server. +# Default: 30 +#ReceiveTimeout 60 + +# With this option enabled, freshclam will attempt to load new +# databases into memory to make sure they are properly handled +# by libclamav before replacing the old ones. +# Default: yes +#TestDatabases yes + +# When enabled freshclam will submit statistics to the ClamAV Project about +# the latest virus detections in your environment. The ClamAV maintainers +# will then use this data to determine what types of malware are the most +# detected in the field and in what geographic area they are. +# Freshclam will connect to clamd in order to get recent statistics. +# Default: no +#SubmitDetectionStats /path/to/clamd.conf + +# Country of origin of malware/detection statistics (for statistical +# purposes only). The statistics collector at ClamAV.net will look up +# your IP address to determine the geographical origin of the malware +# reported by your installation. If this installation is mainly used to +# scan data which comes from a different location, please enable this +# option and enter a two-letter code (see http://www.iana.org/domains/root/db/) +# of the country of origin. +# Default: disabled +#DetectionStatsCountry country-code + +# This option enables support for our "Personal Statistics" service. +# When this option is enabled, the information on malware detected by +# your clamd installation is made available to you through our website. +# To get your HostID, log on http://www.stats.clamav.net and add a new +# host to your host list. Once you have the HostID, uncomment this option +# and paste the HostID here. As soon as your freshclam starts submitting +# information to our stats collecting service, you will be able to view +# the statistics of this clamd installation by logging into +# http://www.stats.clamav.net with the same credentials you used to +# generate the HostID. For more information refer to: +# http://www.clamav.net/support/faq/faq-cctts/ +# This feature requires SubmitDetectionStats to be enabled. +# Default: disabled +#DetectionStatsHostID unique-id + +# This option enables support for Google Safe Browsing. When activated for +# the first time, freshclam will download a new database file (safebrowsing.cvd) +# which will be automatically loaded by clamd and clamscan during the next +# reload, provided that the heuristic phishing detection is turned on. This +# database includes information about websites that may be phishing sites or +# possible sources of malware. When using this option, it's mandatory to run +# freshclam at least every 30 minutes. +# Freshclam uses the ClamAV's mirror infrastructure to distribute the +# database and its updates but all the contents are provided under Google's +# terms of use. See http://code.google.com/support/bin/answer.py?answer=70015 +# and http://safebrowsing.clamav.net for more information. +# Default: disabled +#SafeBrowsing yes + +# This option enables downloading of bytecode.cvd, which includes additional +# detection mechanisms and improvements to the ClamAV engine. +# Default: enabled +#Bytecode yes + +# Download an additional 3rd party signature database distributed through +# the ClamAV mirrors. Here you can find a list of available databases: +# http://www.clamav.net/download/cvd/3rdparty +# This option can be used multiple times. +#ExtraDatabase dbname1 +#ExtraDatabase dbname2 diff --git a/fstab b/fstab new file mode 100644 index 0000000..ee8d4e0 --- /dev/null +++ b/fstab @@ -0,0 +1,48 @@ +# /etc/fstab: static file system information. +# +# noatime turns off atimes for increased performance (atimes normally aren't +# needed; notail increases performance of ReiserFS (at the expense of storage +# efficiency). It's safe to drop the noatime options if you want and to +# switch between notail / tail freely. +# +# The root filesystem should have a pass number of either 0 or 1. +# All other filesystems should have a pass number of 0 or greater than 1. +# +# See the manpage fstab(5) for more information. +# + +# + +# NOTE: If your BOOT partition is ReiserFS, add the notail option to opts. +/dev/md2 /boot ext3 noauto,noatime 0 0 +/dev/md3 / ext3 noatime,acl,user_xattr 0 1 + +/dev/md4 none swap sw 0 0 + +/dev/vg0/tmp /tmp ext4 noatime 0 0 +/dev/vg0/usr /usr ext4 acl,user_xattr 0 0 +/dev/vg0/var /var ext4 acl,user_xattr 0 0 +/dev/vg0/opt /opt ext4 acl,user_xattr 0 0 + +#/dev/vg0/home /home ext4 quota,grpquota,acl,user_xattr 0 0 +#/dev/vg0/home /home ext4 acl,user_xattr 0 0 +/dev/vg0/home /home ext4 acl,user_xattr,usrjquota=aquota.user,grpjquota=aquota.group,jqfmt=vfsv0 0 0 + +/dev/vg0/var_tmp /var/tmp ext4 noatime 0 0 +/dev/vg0/www /var/www ext4 acl,user_xattr 0 0 +/dev/vg0/var_lib /var/lib ext4 noatime,acl,user_xattr 0 0 +/dev/vg0/backup /var/backup ext4 noatime,acl,user_xattr 0 0 +/dev/vg0/portage /usr/portage ext4 noatime 0 0 +/dev/vg0/distfiles /usr/portage/distfiles ext4 noatime 0 0 + +#/dev/vg0/sarah /var/sarah reiserfs ro,acl,user_xattr 0 0 + + +/dev/cdrom /mnt/cdrom auto noauto,ro 0 0 +#/dev/fd0 /mnt/floppy auto noauto 0 0 + +# glibc 2.2 and above expects tmpfs to be mounted at /dev/shm for +# POSIX shared memory (shm_open, shm_unlink). +# (tmpfs is a dynamically expandable/shrinkable ramdisk, and will +# use almost no memory if not populated with files) +shm /dev/shm tmpfs nodev,nosuid,noexec 0 0 diff --git a/fstab.orig b/fstab.orig new file mode 100644 index 0000000..0832486 --- /dev/null +++ b/fstab.orig @@ -0,0 +1,27 @@ +# /etc/fstab: static file system information. +# +# noatime turns off atimes for increased performance (atimes normally aren't +# needed; notail increases performance of ReiserFS (at the expense of storage +# efficiency). It's safe to drop the noatime options if you want and to +# switch between notail / tail freely. +# +# The root filesystem should have a pass number of either 0 or 1. +# All other filesystems should have a pass number of 0 or greater than 1. +# +# See the manpage fstab(5) for more information. +# + +# + +# NOTE: If your BOOT partition is ReiserFS, add the notail option to opts. +/dev/BOOT /boot ext2 noauto,noatime 1 2 +/dev/ROOT / ext3 noatime 0 1 +/dev/SWAP none swap sw 0 0 +/dev/cdrom /mnt/cdrom auto noauto,ro 0 0 +#/dev/fd0 /mnt/floppy auto noauto 0 0 + +# glibc 2.2 and above expects tmpfs to be mounted at /dev/shm for +# POSIX shared memory (shm_open, shm_unlink). +# (tmpfs is a dynamically expandable/shrinkable ramdisk, and will +# use almost no memory if not populated with files) +shm /dev/shm tmpfs nodev,nosuid,noexec 0 0 diff --git a/ftpusers b/ftpusers new file mode 100644 index 0000000..4bc8872 --- /dev/null +++ b/ftpusers @@ -0,0 +1,37 @@ +# Provided by ftpbase (dont remove this line!) +# /etc/ftpusers: list of users disallowed FTP access +# $Header: /var/cvsroot/gentoo-x86/net-ftp/ftpbase/files/ftpusers,v 1.1 2005/06/28 14:52:26 uberlord Exp $ + +halt +operator +root +shutdown +sync +bin +daemon +adm +lp +mail +postmaster +news +uucp +man +games +at +cron +www +named +squid +gdm +mysql +postgres +guest +nobody +alias +qmaild +qmaill +qmailp +qmailq +qmailr +qmails +postfix diff --git a/gai.conf b/gai.conf new file mode 100644 index 0000000..ac31e38 --- /dev/null +++ b/gai.conf @@ -0,0 +1,75 @@ +# Configuration for getaddrinfo(3). +# +# So far only configuration for the destination address sorting is needed. +# RFC 3484 governs the sorting. But the RFC also says that system +# administrators should be able to overwrite the defaults. This can be +# achieved here. +# +# All lines have an initial identifier specifying the option followed by +# up to two values. Information specified in this file replaces the +# default information. Complete absence of data of one kind causes the +# appropriate default information to be used. The supported commands include: +# +# reload +# If set to yes, each getaddrinfo(3) call will check whether this file +# changed and if necessary reload. This option should not really be +# used. There are possible runtime problems. The default is no. +# +# label +# Add another rule to the RFC 3484 label table. See section 2.1 in +# RFC 3484. The default is: +# +#label ::1/128 0 +#label ::/0 1 +#label 2002::/16 2 +#label ::/96 3 +#label ::ffff:0:0/96 4 +#label fec0::/10 5 +#label fc00::/7 6 +#label 2001:0::/32 7 +# +# This default differs from the tables given in RFC 3484 by handling +# (now obsolete) site-local IPv6 addresses and Unique Local Addresses. +# The reason for this difference is that these addresses are never +# NATed while IPv4 site-local addresses most probably are. Given +# the precedence of IPv6 over IPv4 (see below) on machines having only +# site-local IPv4 and IPv6 addresses a lookup for a global address would +# see the IPv6 be preferred. The result is a long delay because the +# site-local IPv6 addresses cannot be used while the IPv4 address is +# (at least for the foreseeable future) NATed. We also treat Teredo +# tunnels special. +# +# precedence +# Add another rule to the RFC 3484 precedence table. See section 2.1 +# and 10.3 in RFC 3484. The default is: +# +#precedence ::1/128 50 +#precedence ::/0 40 +#precedence 2002::/16 30 +#precedence ::/96 20 +#precedence ::ffff:0:0/96 10 +# +# For sites which prefer IPv4 connections change the last line to +# +#precedence ::ffff:0:0/96 100 + +# +# scopev4 +# Add another rule to the RFC 3484 scope table for IPv4 addresses. +# The definitions in RFC 3484 are equivalent to: +# +#scopev4 ::ffff:169.254.0.0/112 2 +#scopev4 ::ffff:127.0.0.0/104 2 +#scopev4 ::ffff:10.0.0.0/104 5 +#scopev4 ::ffff:172.16.0.0/108 5 +#scopev4 ::ffff:192.168.0.0/112 5 +#scopev4 ::ffff:0.0.0.0/96 14 +# +# For sites which use site-local IPv4 addresses behind NAT there is +# the problem that even if IPv4 addresses are preferred they do not +# have the same scope and are therefore not sorted first. To change +# this use only these rules: +# +scopev4 ::ffff:169.254.0.0/112 2 +scopev4 ::ffff:127.0.0.0/104 2 +scopev4 ::ffff:0.0.0.0/96 14 diff --git a/gentoo-release b/gentoo-release new file mode 100644 index 0000000..12f72c1 --- /dev/null +++ b/gentoo-release @@ -0,0 +1 @@ +Gentoo Base System release 2.0.3 diff --git a/gitconfig b/gitconfig new file mode 100644 index 0000000..5a94055 --- /dev/null +++ b/gitconfig @@ -0,0 +1,2 @@ +[color] + ui = true diff --git a/group b/group new file mode 100644 index 0000000..8993b7d --- /dev/null +++ b/group @@ -0,0 +1,62 @@ +root:x:0:root,frank +bin:x:1:root,bin,daemon +daemon:x:2:root,bin,daemon +sys:x:3:root,bin,adm +adm:x:4:root,adm,daemon +tty:x:5:frank,taurec +disk:x:6:root,adm +lp:x:7:lp,frank,taurec +mem:x:8: +kmem:x:9: +wheel:x:10:root,frank,taurec,morph +floppy:x:11:root +mail:x:12:mail,postfix +news:x:13:news +uucp:x:14:uucp +man:x:15:man +cron:x:16:frank,taurec,morph,patrick,vivi,minecraft +console:x:17:frank,taurec +audio:x:18:frank,taurec +cdrom:x:19: +dialout:x:20:root +ftp:x:21: +sshd:x:22: +at:x:25: +tape:x:26:root +video:x:27:root,frank,taurec +games:x:35: +named:x:40: +mysql:x:60: +cdrw:x:80: +apache:x:81: +usb:x:85: +users:x:100:games,taurec +postgrey:x:101: +polw:x:102: +teamspeak3:x:103: +nagios:x:104:frank +wireshark:x:105: +lpadmin:x:106: +messagebus:x:110: +rpc:x:111: +locate:x:122:frank,taurec,morph,patrick,vivi +ntp:x:123: +tcpdump:x:196: +ulogd:x:197: +crontab:x:198: +ssmtp:x:199: +nofiles:x:200: +postfix:x:207: +postdrop:x:208: +smmsp:x:209:smmsp +portage:x:250:portage,frank,taurec +utmp:x:406: +ldap:x:439: +clamav:x:998: +amavis:x:999: +proftpd:x:1008: +vmail:x:1023: +nogroup:x:65533: +nobody:x:65534: +minecraft:x:1002: +git-commiters:x:222:frank,taurec,morph,portage diff --git a/gshadow b/gshadow new file mode 100644 index 0000000..37778a3 --- /dev/null +++ b/gshadow @@ -0,0 +1,62 @@ +root:::root,frank +bin:::root,bin,daemon +daemon:::root,bin,daemon +sys:::root,bin,adm +adm:::root,adm,daemon +tty:::frank,taurec +disk:::root,adm +lp:::lp,frank,taurec +mem::: +kmem::: +wheel:::root,frank,taurec,morph +floppy:::root +mail:::mail,postfix +news:::news +uucp:::uucp +man:::man +cron:x::frank,taurec,morph,patrick,vivi,minecraft +console:::frank,taurec +audio:::frank,taurec +cdrom::: +dialout:::root +ftp:x:: +sshd:x:: +at:x:: +tape:::root +video:::root,frank,taurec +games:x:: +named:x:: +mysql:x:: +cdrw::: +apache:x:: +usb::: +users:::games,taurec +postgrey:x:: +polw:x:: +teamspeak3:x:: +nagios:x::frank +wireshark:x:: +lpadmin:x:: +messagebus:x:: +rpc:x:: +locate:x::frank,taurec,morph,patrick,vivi +ntp:x:: +tcpdump:x:: +ulogd:x:: +crontab:x:: +ssmtp:x:: +nofiles:x:: +postfix:x:: +postdrop:x:: +smmsp:x::smmsp +portage:::portage,frank,taurec +utmp:x:: +ldap:x:: +clamav:x:: +amavis:x:: +proftpd:x:: +vmail:x:: +nogroup::: +nobody::: +minecraft:!:: +git-commiters:!:: diff --git a/host.conf b/host.conf new file mode 100644 index 0000000..4c58e52 --- /dev/null +++ b/host.conf @@ -0,0 +1,24 @@ +# /etc/host.conf: +# $Header: /var/cvsroot/gentoo/src/patchsets/glibc/extra/etc/host.conf,v 1.1 2006/09/29 23:52:23 vapier Exp $ + +# The file /etc/host.conf contains configuration information specific to +# the resolver library. It should contain one configuration keyword per +# line, followed by appropriate configuration information. The keywords +# recognized are order, trim, mdns, multi, nospoof, spoof, and reorder. + + + +# This keyword specifies how host lookups are to be performed. It +# should be followed by one or more lookup methods, separated by +# commas. Valid methods are bind, hosts, and nis. +# +order hosts, bind + + +# Valid values are on and off. If set to on, the resolv+ library +# will return all valid addresses for a host that appears in the +# /etc/hosts file, instead of only the first. This is off by +# default, as it may cause a substantial performance loss at sites +# with large hosts files. +# +multi off diff --git a/hosts b/hosts new file mode 100644 index 0000000..fbf80c2 --- /dev/null +++ b/hosts @@ -0,0 +1,45 @@ +# /etc/hosts: Local Host Database +# +# This file describes a number of aliases-to-address mappings for the for +# local hosts that share this file. +# +# In the presence of the domain name service or NIS, this file may not be +# consulted at all; see /etc/host.conf for the resolution order. +# + +# IPv4 and IPv6 localhost aliases +127.0.0.1 localhost + +::1 localhost ip6-localhost ip6-loopback + +85.214.134.152 helga.brehm-online.com helga h1763652.stratoserver.net h1763652 +fe00::0 ip6-localnet +ff00::0 ip6-mcastprefix +ff02::1 ip6-allnodes +ff02::2 ip6-allrouters +ff02::3 ip6-allhosts + +192.166.201.59 gw.berlin.strato.de +192.166.192.168 gw-rz.berlin.strato.de +192.166.201.222 sarkomand-201-222-strato-full.cronon.net + +2001:6f8:1c00:365::2 home.brehm-online.com + +# +# Imaginary network. +#10.0.0.2 myname +#10.0.0.3 myfriend +# +# According to RFC 1918, you can use the following IP networks for private +# nets which will never be connected to the Internet: +# +# 10.0.0.0 - 10.255.255.255 +# 172.16.0.0 - 172.31.255.255 +# 192.168.0.0 - 192.168.255.255 +# +# In case you want to be able to connect directly to the Internet (i.e. not +# behind a NAT, ADSL router, etc...), you need real official assigned +# numbers. Do not try to invent your own network numbers but instead get one +# from your network provider (if any) or from your regional registry (ARIN, +# APNIC, LACNIC, RIPE NCC, or AfriNIC.) +# diff --git a/idn.conf b/idn.conf new file mode 100644 index 0000000..9943cf5 --- /dev/null +++ b/idn.conf @@ -0,0 +1,61 @@ +# $Id: idn.conf.sample.in,v 1.24 2003/03/05 23:25:02 miyayama Exp $ +# +# Sample file for idnkit configuration file (idn.conf). +# + +# +# `idn-encoding' entry specifies the encoding name used as the encoding +# of multilingualized names by resolvers and DNS servers. Currently, the +# following encodings are available: +# +# Punycode +# UTF-8 +# +# +# If you enabled extra ace feature, following IDN encoding can be used. +# +# AMC-ACE-Z (old name of Punycode) +# RACE +# +# syntax) +# idn-encoding +# +idn-encoding Punycode + +# +# `nameprep' entry specifies the version of NAMEPREP. +# idnkit currently supports the following version: +# +# RFC3491 -- name preparation scheme described in the +# RFC3491 +# +# syntax) +# nameprep +# +nameprep RFC3491 + +# +# `local-map' entry specifies TLD (top level domain) based local mapping +# schemes, which is performed before NAMEPREP. Available schemes are: +# +# -- nameprep version +# filemap: -- read mapping rules from a file +# +# syntax) +# local-map ... +# +# If the TLD of the domain name matches , local mapping specified +# by is performed on the name. Otherwise no mapping are +# performed. Multiple schemes can be specified; they are applied in +# turn. +# +# There are two special s for specifying a default mapping rule +# and a mapping rule for local names (domain names containing no +# dots). If is `.', its schemes are applied to domain names +# whose TLD does not match any TLDs specified in local-map entries. +# If is `-', its schemes are applied to domain names which +# contain no dots. +# +#local-map - filemap:/some/where/local.map +#local-map . filemap:/some/where/default.map +local-map .jp filemap:/usr/share/idnkit/jp.map diff --git a/idn.conf.sample b/idn.conf.sample new file mode 100644 index 0000000..9943cf5 --- /dev/null +++ b/idn.conf.sample @@ -0,0 +1,61 @@ +# $Id: idn.conf.sample.in,v 1.24 2003/03/05 23:25:02 miyayama Exp $ +# +# Sample file for idnkit configuration file (idn.conf). +# + +# +# `idn-encoding' entry specifies the encoding name used as the encoding +# of multilingualized names by resolvers and DNS servers. Currently, the +# following encodings are available: +# +# Punycode +# UTF-8 +# +# +# If you enabled extra ace feature, following IDN encoding can be used. +# +# AMC-ACE-Z (old name of Punycode) +# RACE +# +# syntax) +# idn-encoding +# +idn-encoding Punycode + +# +# `nameprep' entry specifies the version of NAMEPREP. +# idnkit currently supports the following version: +# +# RFC3491 -- name preparation scheme described in the +# RFC3491 +# +# syntax) +# nameprep +# +nameprep RFC3491 + +# +# `local-map' entry specifies TLD (top level domain) based local mapping +# schemes, which is performed before NAMEPREP. Available schemes are: +# +# -- nameprep version +# filemap: -- read mapping rules from a file +# +# syntax) +# local-map ... +# +# If the TLD of the domain name matches , local mapping specified +# by is performed on the name. Otherwise no mapping are +# performed. Multiple schemes can be specified; they are applied in +# turn. +# +# There are two special s for specifying a default mapping rule +# and a mapping rule for local names (domain names containing no +# dots). If is `.', its schemes are applied to domain names +# whose TLD does not match any TLDs specified in local-map entries. +# If is `-', its schemes are applied to domain names which +# contain no dots. +# +#local-map - filemap:/some/where/local.map +#local-map . filemap:/some/where/default.map +local-map .jp filemap:/usr/share/idnkit/jp.map diff --git a/idnalias.conf b/idnalias.conf new file mode 100644 index 0000000..3495dbc --- /dev/null +++ b/idnalias.conf @@ -0,0 +1,12 @@ +*.ISO_8859-1 ISO-8859-1 +*.ISO_8859-2 ISO-8859-1 +*.SJIS Shift_JIS +*.Shift_JIS Shift_JIS +ja_JP.EUC EUC-JP +ko_KR.EUC EUC-KR +*.big5 Big5 +*.Big5 Big5 +*.KOI8-R KOI8-R +*.GB2312 GB2312 +ja EUC-JP +japanese EUC-JP diff --git a/idnalias.conf.sample b/idnalias.conf.sample new file mode 100644 index 0000000..3495dbc --- /dev/null +++ b/idnalias.conf.sample @@ -0,0 +1,12 @@ +*.ISO_8859-1 ISO-8859-1 +*.ISO_8859-2 ISO-8859-1 +*.SJIS Shift_JIS +*.Shift_JIS Shift_JIS +ja_JP.EUC EUC-JP +ko_KR.EUC EUC-KR +*.big5 Big5 +*.Big5 Big5 +*.KOI8-R KOI8-R +*.GB2312 GB2312 +ja EUC-JP +japanese EUC-JP diff --git a/inittab b/inittab new file mode 100644 index 0000000..c5c8398 --- /dev/null +++ b/inittab @@ -0,0 +1,60 @@ +# +# /etc/inittab: This file describes how the INIT process should set up +# the system in a certain run-level. +# +# Author: Miquel van Smoorenburg, +# Modified by: Patrick J. Volkerding, +# Modified by: Daniel Robbins, +# Modified by: Martin Schlemmer, +# Modified by: Mike Frysinger, +# Modified by: Robin H. Johnson, +# +# $Header: /var/cvsroot/gentoo-x86/sys-apps/sysvinit/files/inittab-2.87,v 1.1 2010/01/08 16:55:07 williamh Exp $ + +# Default runlevel. +id:3:initdefault: + +# System initialization, mount local filesystems, etc. +si::sysinit:/sbin/rc sysinit + +# Further system initialization, brings up the boot runlevel. +rc::bootwait:/sbin/rc boot + +l0:0:wait:/sbin/rc shutdown +l0s:0:wait:/sbin/halt -dhp +l1:1:wait:/sbin/rc single +l2:2:wait:/sbin/rc nonetwork +l3:3:wait:/sbin/rc default +l4:4:wait:/sbin/rc default +l5:5:wait:/sbin/rc default +l6:6:wait:/sbin/rc reboot +l6r:6:wait:/sbin/reboot -dk +#z6:6:respawn:/sbin/sulogin + +# new-style single-user +su0:S:wait:/sbin/rc single +su1:S:wait:/sbin/sulogin + +# TERMINALS +c1:12345:respawn:/sbin/agetty 38400 tty1 linux +c2:2345:respawn:/sbin/agetty 38400 tty2 linux +c3:2345:respawn:/sbin/agetty 38400 tty3 linux +c4:2345:respawn:/sbin/agetty 38400 tty4 linux +c5:2345:respawn:/sbin/agetty 38400 tty5 linux +c6:2345:respawn:/sbin/agetty 38400 tty6 linux + +# SERIAL CONSOLES +#s0:12345:respawn:/sbin/agetty 9600 ttyS0 vt100 +#s1:12345:respawn:/sbin/agetty 9600 ttyS1 vt100 +s0:12345:respawn:/sbin/agetty -L ttyS0 57600 vt100 + +# What to do at the "Three Finger Salute". +ca:12345:ctrlaltdel:/sbin/shutdown -r now + +# Used by /etc/init.d/xdm to control DM startup. +# Read the comments in /etc/init.d/xdm for more +# info. Do NOT remove, as this will start nothing +# extra at boot if /etc/init.d/xdm is not added +# to the "default" runlevel. +x:a:once:/etc/X11/startDM.sh + diff --git a/inputrc b/inputrc new file mode 100644 index 0000000..2afc0b8 --- /dev/null +++ b/inputrc @@ -0,0 +1,72 @@ +# /etc/inputrc: initialization file for readline +# +# For more information on how this file works, please see the +# INITIALIZATION FILE section of the readline(3) man page +# +# Quick dirty little note: +# To get the key sequence for binding, you can abuse bash. +# While running bash, hit CTRL+V, and then type the key sequence. +# So, typing 'ALT + left arrow' in Konsole gets you back: +# ^[[1;3D +# The readline entry to make this skip back a word will then be: +# "\e[1;3D" backward-word +# + +# do not bell on tab-completion +#set bell-style none + +set meta-flag on +set input-meta on +set convert-meta off +set output-meta on + +# Completed names which are symbolic links to +# directories have a slash appended. +set mark-symlinked-directories on + +$if mode=emacs + +# for linux console and RH/Debian xterm +# allow the use of the Home/End keys +"\e[1~": beginning-of-line +"\e[4~": end-of-line +# map "page up" and "page down" to search history based on current cmdline +"\e[5~": history-search-backward +"\e[6~": history-search-forward +# allow the use of the Delete/Insert keys +"\e[3~": delete-char +"\e[2~": quoted-insert + +# gnome / others (escape + arrow key) +"\e[5C": forward-word +"\e[5D": backward-word +# konsole / xterm / rxvt (escape + arrow key) +"\e\e[C": forward-word +"\e\e[D": backward-word +# gnome / konsole / others (control + arrow key) +"\e[1;5C": forward-word +"\e[1;5D": backward-word +# aterm / eterm (control + arrow key) +"\eOc": forward-word +"\eOd": backward-word + +# konsole (alt + arrow key) +"\e[1;3C": forward-word +"\e[1;3D": backward-word + +$if term=rxvt +"\e[8~": end-of-line +$endif + +# for non RH/Debian xterm, can't hurt for RH/Debian xterm +"\eOH": beginning-of-line +"\eOF": end-of-line + +# for freebsd console +"\e[H": beginning-of-line +"\e[F": end-of-line +$endif + +# fix Home and End for German users +"\e[7~": beginning-of-line +"\e[8~": end-of-line diff --git a/issue b/issue new file mode 100644 index 0000000..015e46d --- /dev/null +++ b/issue @@ -0,0 +1,3 @@ + +This is \n.\O (\s \m \r) \t + diff --git a/issue.logo b/issue.logo new file mode 100644 index 0000000..d8e20ef --- /dev/null +++ b/issue.logo @@ -0,0 +1,13 @@ + . + .vir. d$b + .d$$$$$$b. .cd$$b. .d$$b. d$$$$$$$$$$$b .d$$b. .d$$b. + $$$$( )$$$b d$$$()$$$. d$$$$$$$b Q$$$$$$$P$$$P.$$$$$$$b. .$$$$$$$b. + Q$$$$$$$$$$B$$$$$$$$P" d$$$PQ$$$$b. $$$$. .$$$P' `$$$ .$$$P' `$$$ + "$$$$$$$P Q$$$$$$$b d$$$P Q$$$$b $$$$b $$$$b..d$$$ $$$$b..d$$$ + d$$$$$$P" "$$$$$$$$ Q$$$ Q$$$$ $$$$$ `Q$$$$$$$P `Q$$$$$$$P + $$$$$$$P `""""" "" "" Q$$$P "Q$$$P" "Q$$$P" + `Q$$P" """ + + +This is \n.\O (\s \m \r) \t + diff --git a/krb5.conf.example b/krb5.conf.example new file mode 100644 index 0000000..210348f --- /dev/null +++ b/krb5.conf.example @@ -0,0 +1,26 @@ +[libdefaults] + default_realm = ATHENA.MIT.EDU + +[realms] +# use "kdc = ..." if realm admins haven't put SRV records into DNS + ATHENA.MIT.EDU = { + admin_server = KERBEROS.MIT.EDU + default_domain = MIT.EDU + v4_instance_convert = { + mit = mit.edu + lithium = lithium.lcs.mit.edu + } + } + ANDREW.CMU.EDU = { + admin_server = vice28.fs.andrew.cmu.edu + } + +[domain_realm] + .mit.edu = ATHENA.MIT.EDU + mit.edu = ATHENA.MIT.EDU + .media.mit.edu = MEDIA-LAB.MIT.EDU + media.mit.edu = MEDIA-LAB.MIT.EDU + .ucsc.edu = CATS.UCSC.EDU + +[logging] +# kdc = CONSOLE diff --git a/ld.so.cache b/ld.so.cache new file mode 100644 index 0000000000000000000000000000000000000000..b6d68e6149a3d295dd81dcd1cad4a712c46f240f GIT binary patch literal 107069 zcmbV#2biTr(e+&wlpqGwU;X?{hzd9h8v#L3R#B8FQ3S@>NjvN$CTzd}2nq&7qKJVd zDJq}>5=D@x0xF0BL_k3h!GMa2ApEDg>vVV3+xPD9?en~Qs!yG+uD9=d!`x6c+&6o2 ztZUBf&1Y}cn!84;^~`6sT0i(ut92(1u^$J%@Waub4}7=UOMxF$`y}8hv0JUyw}F={ ze-rT6YCj5WeI&+t3GfYSF9N<-?P1`D)IJ`#N^DHK1bChDzXAS1`6q#E9TH={3iu|m zp?^DYH|2+bQ_6o5c%t&(0A8Z@O~7BN{SffqYCr$bR_lLo$Ue*gZlm^Iz#g@i0}mIw z)oPsr{EFBZTmig6>=yPCc)!>fJPus4}rf@{%^opM@9Yr05=gEakdBUrTjs_LzF)m_!Z@^ z1m2?jpMkAU#5n&8>=GN)yMX&BKMDMl^5+4sSN=iZQ_8>kldaZ59FqUuz(KJQ=cB;m zls^}Ex$?IGf2aK8!1X>A^=|@hD>f$Y4;)qglfW-1e=+b!%KriQxbiRibgQ*74q115 z;ND_mFbVva@}~nYRQ?v=ZsZ__I7I(i;HF|@un4%b z@*e;$RsO@kW7Yl^@G7-`4SY!LHIHkxUW7y9bOEU9;o)mfG4PZ9`JIte+GO&?KMwmwO)!t@>u|Ur`mnMDY0?x#{kbz z`)c5AYCi&eO6`}P*lN8Fhs4WfzMh@o!uTcJ1z(1({%#&NK7vPYX8v_@ry%TUhu`zcU@MFrK3Oq;oYk{{Y z{~++6%CGl%JP+cKnDcbXV0K1i+1|F&QnZS$0hUO>0-zxtf;M%7|ena2_u_4+O zxLEB&fXAr)b>Mf^z8(0W+Ryp|ZVMb?-+*sc`@O&e)Sd<&qV@^E)6~8cc!Su;?H=Ht zm4EgZ5fg{-8v_@LjloX9{ght@{Fw5m0?$$YTHr0pKL~tW?U#P3)p{ciiL(f}o7w}w zWojP_JXP&WfH$fA5b(chzx>O1PQf8@-U-}G?Q!5I)&3^%2DSePe8#C!zaeldwf6&# zseLr?%W7W+{IS}90zReoD^}rk4-Q#(H(;OI9|fMQ_NBm^)qYs;G+h_?X0`VPE>-(T z;7MwK3wXWS4*(xm`{k#%TC;J4{Reid{UP9SYF_}nLGAm2|5AJXGw}F`L*{M`+(qpX z;78Ox1$ds?Hv{ih`w8F+&Wv;C0N<|mV&Fkyw_2^Q0xwejFTf|1-|Q?r?%@#46z~wS zF*p%;mhx8tf2#IFz{kag<|SWgwO)-w<}LtkD>epu0DIJ42|PmWQ-EiQ4gJNytChbE zc%Sl50iXBP7-wVP7Gguc8?amX6~H6aJ`H%D+SdbrsrKK2&p12Ac?ED|wHE<*QF{P* zh}vfWFB2PU-3fe1`8B?V`xg#5uQvfV7aN+Lfcq*x0sM&CCjw7Z`$FLLYTpa|yV~o0 z9s7nu;=Bd8i`WH`%bI%N*to!68Ltp!S4&~SN?;*qm}fbUiNK;X36p8|eS?Mr|+sQp{uU)5gwQrwSlg!2WyRqg$N2a1iH z4+kEr{MUgODStEYcIE#HT;sABXG7o?YVQRcQu|2Y$!cE+{Gr+p0-sR(<(K3Bj6?F- z9k@j8qkyNVeKGI`wSNbEL~P`_&Uag_m*bGR^MP*@8~po#1Im8{_-Wm`H<-ZI(SM3{sx2gRw@V{!m>`J_5!y)mv1MaMLKX6R#BY-EU z{Y~H%YX1WGklO29h5Hl^iL*6u7qv%#A5!}y;JIr51bCm?&-y-IZ{v`;Zvnnn?FrzK zYF`SxUhTVp532nXaJ{SJ+&2OjsJ#>LeQJ*b4_5ma;3~Dh3%pV7-vj@l_IlSK9~_d; zJm6c^-UryL_DbL<#BSklP2f+(#$fGh@i!d~;dcVQUu+DH2d+~7HsEiSf9Z9t)&@94 zzbEhmYM%&PrS?U@>(ss*_*b>py&l&v4w*X-_%^XI*cUje{3n24QvMR)kCcA^_?Yr9 zxdG3$I3&(nfIEqeK_75J`A-2qulD)Co78?p@CR}3tATG;yBm0r+MfY_RqY#rcdGqw z;95V7b6*3TD>l~M8Q7!z2Z5ha{%qi-%KsdAzw*!c5$+>6B>yhpwqj$j4{(X{hXapS z{ygCKl>a&K_sTy3T>HitX9M6Iu@UFp!2Ok94*aC@X9B;Y{4K!Wsr@8y?VIA<*8sc3 zMs9Bf?x=h>a7g)&0FP4pOTe?${vPlKu`&7Az(1+I_RYB6aR|Qv_#U-~frqI5CE)pL z-wM1>?O8u=wO)op=57t#P3?n#N2+}`@N%_p2mVp*HGhJA#vyaNfNxQIA7H=Q9|nF& z?H>T|SNnNC#q$~tnY%r3U$s{PPgMK6z+b5SIB@M-qW*QjIco0!+*9pg;4-y81^m3) z=L4@$`)9!W#K!(V0etSQG3JKA1!9BW5xAf7lfX}^eGc#{weJT0L+uy+4EGltaxRO2 zdy0)Xp8>8?{!ZY-%5QKR?w>eBKLY%)*w9}HyjJ-qf$RP}@^1s~A~r-v0zaqr`M|5x zz8!eK+D`)4`bE^g3b={d+W~h}y9YQXHr71~c#`tp1YWNEt-!m~eiS(Cmr?&x;A_Rk z;cA}(JX`JW1Anac{lG`me)g~M9y$)mXEtzau`$>a*rWUk;1SAy z0eH6ZR{?KU{`bJYD!=CK_@5z7vnlW`YVQSHqV{3HW7Iwyc%j-i z0)MXdAA$c88@WC2H?7tya7fJgz-`3_zbEhm$}a;RsrDJb^VPlyc&FO`056aKF8#&>SeBKD0FE--52e`NLqreX;e>`xN@|OUw zQT}$|eaim_xXwK>&KrPRh>f6o0Q<#mwOWS(j}se%^MF@~-NO3^!289P!Ef<6gG1~M zft#tlJ#b&KAz2ALTKRK;-&6kAz&|O!_V4g|8;9sO1#T@i273Uzm7fM4s{Bd7ud00w z@K&`S2L4xU#Ch?(c07z+Kfo5O|2#(4PvtQ2E<{4=BIJ@9}yGhs<3F+)-@kM}UVbebo1KLGr@+H3y-w<8Y8ZByWuYVQo(Pwj(%hp2r5@HDl*1N^?) zw*l{0`FHSpbP_W~!>{xtApwZ93xO6@y=e^mRKf5P>KL*i@!e2>~gz?EWS zA3h6QrToRf>(#yo_$Rg3_%q(8!Xa@s1};$hJ;1%y9tEyY`)J_T)cz^(LA9Uz7d)=w zkT?s0+o}CN;0m=*2VSZ61HiTZs(RpFY99tXRqY=D?^Ao7NASK74vGI>;HcUs0?$+X zR^Wqbuk$yY4-V1q0X#@-?8)bW-%$Hn;B8{V@fYA)e~vT13W`)IIafXqWnX^|0w^WM_aAe;E=gn0=E|%g9CsQ z${!0nOZjVozfk_~z%~9E^{)laR{I^mUDWOaj;Z}I;Ahl69e9D-KLOsQ_P>Ga{wv1Z z1o#%U_XRFd`!L|qYM%-Gme|Pu8sJZq{~hpQwf_rT_unz*>w$CC-U0XlwLc0xN$u|d zZx9bK8-pR>GUdMxyjb}^10Pd4 z7dWW=A;8Zme;M#rNf>$E4Hi) zJW%x$WR_m=eWZjj(W5q_C3xPK&{}v%AW!}OZm%z*Q-MIArd=z!9~-3cOhDKLejo z`vvRFYP||a$RD^^?d8Cai4DgUz#l6A1n@cQMt&RM&T0<kIbK5tg*MK~l*7x1lOBmM!vgOoo8xJvo&0&iCS zL163oaqeq@o2$Jya6s)tfk&%-7Vx`j-v#`;+Uvgn_kA3a!`8qZ)b0T;SNmk(Icnbs zyj|_T0iRU+#V?%IdJPWAe+%H-#m3#s@fL;uTuNxz~73Eb^ifuy(sF}2fkKp$p`pO<@X0JRsIOzams%Kc(L+72Hv6k zBf!>+W1N=*Hxe5`7Xf!wehF||`J;hfRQ@91b;{ojd|3Hsy<}GF1vn(mM!?O*MxMI@ z4^VzN@Nnf%0e(gKD}XnteLwJTYOnSG@HmV^Vr~Z9O6}c%A5i;X;E`&d3cO71dw~B@ z`&BPRJ~$-KzQBXjJ|1|M+E)W_Rr^oC$JKt(%VxD+jYH05bKoMeB@VDp`IW%Kl|LEy z6}2x1-k|m!z~76FIFAF@e0hxX3gCufgWnRko$`ADd)59R@MCJ90z6A>=r0Cdt^94k z-zfhG@IT70_dmFXaY)YF0(VjSK;WTjp9cJn+P4A!sP;Oqz~dVZnY#^eC$$HGQ)+)2 zc$(T*0B=_N4}$+2=WYnxO6~oChp7EE;E&Y)8}Nm%jQTBsd#HUd@DpO=e9r)$ul!BG z+m(L=_@vq|dDX1e#yCX31MvM~W3U2vgxX&Ko~8C>z#GMe{sG{>m4DHz@feFk<}L#6 zAvQGQz{8aP67cKFUk&_;@(%$2q5Qh9nbmq34v8}dxV6}b^IqWo%1;81P<|Eg+sfYz zyi@sq0@rwLjPoksW@01Gj==quUkN-)`O|^lR{lodZpx9XVzreLOig8{E+(>Nj+XCOM{0D$zYJUQFlG^71 zFH`##;IGBT+`j^!Qu}2aX-99H||z~j~a2Jlj~Zw20^_M^a;Y!c&a z2kcS%Q^3>Iz8d%owI2mO<4sZja^Qw)Zv}j}+I_%-)cyqUcpP{ZYn=%^Px&i>KUMo- z;Nxn)xC@VgIOKfi1K%n(2D<|fR{I>_O=|xO_?p>Kvlnos+Fu1;tMk;klHVqH>%Xm$rqt9?4~3bpSAKIbh_vjuQ3wGRQV zQu`+0{c5kX4Q@Le67vAy2h~0Uc%9mR13q`#sF?@cNA074Us3xfz(>@69<2hLS{2jISH9|b&F?F)ccsr@V9 zAJu;LyYP63L)P64_%^lo2M(+Kap1{ne+PK2+IIo}qV_sF;I#w}i8B}YcC~we2dVvO z;1|`t0Qh~ie*wHt?Z<#?ygSBuDR5)8-wE7X?Frx^Vq;H^2d+~7Lg2M(-wphe+H1ZC ze@o(!+%^Snt@a+kez6hfFyL{@p9j1``CkI>SH895tk&~!NSsZ8Td2J&a6hpTXA*db z@+SdTDgPbdmCD}+d_eg%cEV#O4vD!C_)f7Arx!S-{AYoy)V>&ao!WN*A69#;H6???oGg7DgO}gU&^nyD;|e&NX$9Ft;B|YSKz+Nj{y%+{uJQXmA?-7 zGvyx!{zvWgcf{WgR@T1Cq4tToqmjJI({&wK+l>aC2DdpGS3;TdW;%@+8g_TLt<_KoUit-z;3bOSP48r`BQ*rDStWe zTIGKQ{H^kj0%z?LW4;vlIAUZ za}W;U-wb@G*cfyJhm}79c&zeY174{7kAOc{{vqIF%D-@5>@5z7vnB8yVk7>3z$MBb z0z5|fuLCbr{^!7Zm45=b_WNU;4S@5+Mx3322PnT1c%<^HfafWH1Mm*z{|#JczZhpD z;G4xpoV|d9${!9qM)|J*&sYA3z@IDsF!0~XKW~3L?%|L)vw>TPjloX9_bERP{E+g; z1HYvF`M~cge+%$IwbwlWw*?M~vk3TJwTFQ#)jk%uN^Goq5%4UQQzb$YF7M8B(>>4Ms(YTl zTQ@ug-~KS(2ggzVlXdxfcF*&-?VjiF+&$0VynCL%fA>6p3vYM~_`7(+BTxQD-tZXk z_wt5^p1++pJO=z7z2TwfZ|V(?0e@d_ca1u)(tQ`9IPQ=cnnxi z!0^zswt(R=V4VTOL(iH6hR5KIhvWGhNBK|oleGv8j{)lv7#@1oC@?$*_aU~_D=7a- zeAX^7JO->|V0h?R)4=c;oOwj7Z(w-nS?j>?7_jbv;h|>@1jA#%dI*Mxp0yDSj{)l> z7#@1oOfWnKte;?b=vhm_@EEYJg5jZOjRnJFzL|e){8Ja^sF6Wcnnxa!tl_uri9@!V0{V0L(f_hhR1+)CkzigYfu;- z1J%K(6c6n;W1!+48uduS{a7NfORtr4?SyW7#;)G(=a^rtgT^q3|MEw@X)j7hT$<_ z{SCuI&srRY$AEP?3=chPbQm53*6T1l^sL=scnny_!|>4GeN3$BVR#H!-^1|Gv(|^< zF<{*f!$Z#+Af9JE5YMwVh~Y6{oe;w#K5K>;9s|}7F+B9FCE|J374bZ4jCh{)Mm*2j zBc5j+63??HiRW3L#Ph6G;(69B@jPpoc%Jo4JkQ!Do@bpC&$H%<=UM;6^Q?v9dDcZS zJO-?h;(69f@%$qv#M&vIXB`#8<9c9C6~kk|`YMK(>*qu~7UNiJ&1WPR=oag)7#OcM^M(fF+B9F zd*jz-4IIz29**Z(8^`mkljHfWFW@~d9OXZ`-dI1!^Q@)gdDhkOJZtP29s}0fF+A2~ z?H$8oz&bpJhkmCo;;{xt`44o9^?3{r2W#~h9s}0xF+B9F;p2JM^YJ`u`*@ypemu{b zKb~j(AJ4NEkmp$!$n&fbcS(16rwJRsMrK)w41@9IS2S zdDgiyJO-?JWq8D4{VUJ27MAB(7t8akk>z>T%Q8F$tes_euVVv z1J>FyJoK!)<$2cN@;vKtd7iboJkL5^o@dQ2&$E7);W1z>FT*2$*7fo{YkYa0^}fvO zK!{lT%kYTLI$(x}o;AS?4?XLH`E^+<%=4@pX5v7^8e)b=eAW{)JoKzBW_ajXXUwn5 znq!`4{V~I1z*=O6M|{>L^E_*md7kykJkQ!?o@X61&$FhP=ULy(^Q?8|dDcDiJZqpC z9s|}x^E_*#86Nw?I%(#1frvHJ3=ci)r};RnrRI6oRr5S+ta+aG);!PJYo2EvHqWyr zo99`d&GW3)=6Tj_^E_*~d7ky$JkQ#0o@bpm&$H&6;W1$SH^bw0VJ$erW5Bv_o@b3X z&$C{f=UF?>^QInT4!oZ&HG-8sV}K5Nh!9s|~+Gd%RHO=oxvSf|eL z(6eTp;W1$SI>STHT6TuVfOYK*4?Sz#86JakF2Zvpj`E+p4q@#(!(+fYc!r0bHSx^- z7b4cj^E_+inK&4*Zl2*0pEdM6f6vAE3=c>7Px5DNJk}Ft z1J)`uJoKzvXm|`*!_e^1v!0>hF<@;&!$Z$Hhla<1H4hCBJ?kGD9s|}wG(7aIi)eTZ zSR>K!(6e5m;W1$CM8iYRI*NwJfHf5j4?XKEdY-iwJ z1L^s(cNTu3P=DG(7TTT}}UbgEck{4?XK`8XiGed(-gHvks@> zp=V7_!$Z&doQ8*wkKl zwLlGzg;^KWpBHO{8XkJq3pG4~vUaH9p=TXY!$Z%SqK1c_^+gR2J!_2`9(vXtHN52W zqgaE~@X)g!so|k#ZBoNS&pM@shn_V{4G%r*ml_^=)-v@x>zYE6{>kGcYn*yL>zx`N zde%NQJR-6Vs^?h~H7yDQVOp$@YIrzUE7kL?o9cPiQ1v|Psd}EZRXxu-tDa}gRnN2j zs^?jY)$^>&>Uq{^^*rmfdY-jgJo@Y&0&$GU(=UMC3^Q`;odDejSJnO-Fp0!~; z&pNT5XU$m8vwp1SSxeUQtSjqz)|fRs2CO%0cwC>XJ!^OjSclf|(6c73=UJcD^Q=|t zdDgAv`7B^*rn7dY(0PJv`7o^*n3*dY<)uJ;W1!cV#6aoYZMzE1J)}xJoKzxZ1RMN zb&L%UJ!={p9(vX{HazsKb!^tffOU@z4?Sxj8y*AJLpD70tc~n>)=Bm}YbJZ1^^-l% zTFRbhU1iU+#hR1+4oDB~>>p6R# zwVgfBI?tYG&1cWE{Y#SZ}*4#Ec;Zo@;* zy4;4xfHk@e4?XL38y*AJ?lwI1tmEx@*7Wu~>w6m>1J?RBJmRzNx8X5h4RFIl&wAj7 z$AGoL4G%r*gc}|M)(kg1^sFClcnscv8sJh(y!w+uZZ4bMAT8Joh~7pL?FQ&^^z( z=$>bdbkDP1y60It-Se!Y?s?W!_dM&Xd!Dt{J7&$EWS z=UGqQ^Q+>5P1J>&IJnQxw9_Py%{+?$&f6ueFzvo%!-}9{bZ+Hw? z|KIS)hrIv{j{*Avc%D51439YM7hre{*gL@R(6f(#;W1!O0mDPj{sM-_fV~C`4?X)1 z7#;)mATT`i>_^~v_9pN=`xJPdJqtX~{so?AF9XlBuYu>;XbO zkq>)e7#;)m#qd0PWEdWC*e}EI7_fJS;h|?A4Z~x=o*JHKe+|PU4ts5Qo_#kw&mJ6} zXFm?lvp0v~F<_q#!y_N|>@YkA?B8K{=-JD|^X%*4dG`1)JO=FdVR*!6?+?Rcz&;>` zmwcWXdx97qgH_W59kQhKHWLMGTJt`-~VKdiESK zJO=DPVtDA;i^T94urG<>p=Xa0&$C~N=h?f&^Xy~ddG<8%Jo}q?p1n>Cj{*Ch7#{hv z2a4fk@SNBW#qiLxH;UmgV4oDjL(iTmhR1;YQw$G1d#QMyeN{Zq9xH~&fc;hskNE7p zVt5SLhsE&FvnPw^*`LMp?A79V_HFU}SJ#d`Ts+TyE}my^7sF$)$2zgki|5(%#qc;U z_J1)v2J8i6c<9*|#`EkE<9YUr@jQFSc%FS^437bO$`~H`u)mDqF<`G5&$I80;Sq;D zXbg`5`_UL4diJI`{{U|y>&d#K0BUg&mGUR|BmO`i^ucq z%j0?W=p8bFfkNE5j zCOBvzL(JF<@UI!$Z#=Lx#tI{e}z=J$nxs9s~9vGCcI`No05o z*q_Mo(6d*O;W1#}BEv(^9!7@8fc=aN4?TMu86E@nIWj!-?0IB(4A}q3@X)gtlHoC6 zUnIjr&mKvhXTK!Rvv-o`*+@)j186E@ncrrZn?Dyn(_I~m_`#>2U1NMY6JmRxIl;JU8uPDPq z&%RNfXAddQv!9gtehWnGEoFGbXP+s-G zv9FflF<_4^&$Hi_=h=J9@QBYoT%Ko7F3+<+m*FvBuP(zQKKpigo;|z_j{*C686I)i z+sp76u+Nv_p=Zx8!(+hyUxtUCy}%5Q0sDd(9(wi&Gdu?D7iM_q**nbe7_g6+;h|?w zF~eiP{$hrQp1sBlj{*CR86JA}ATvA$>_=vJ=-Hdh@EEX9nc<;l&oaYf!2V^1hyJ%4 z#9n5G$AEp!3=chfoEaVi_B%5?^z40RcnsJF&G68(Cz|0gV1G2jL(g7mhR1+?(+m$i zd#D*61NKw%JbSAd9&y-b&F~no=bGW6Xa6^JAvW$!u9vk#r;*^|!j7_dK`=h>^y@W_XK>pagMcAjTH zJI}MXo#)x-&hzYf=Xv(O^E`Xud7gdoJkK6^o@c*2&$D-)=h;Wk^X#ct-oEm#GyCh6 zyuAO+UVA@(dGS^gMew zdY=6pJ|$JbOfXp8X;{&)$)qXCFz=v!|rz*^13m_MP-Rdr*3w{U|-p-jtqapGwcOXQk)aztZ#UW$AhLwe&oDTza1UE3R0e^gMfLdY=6>JJbQE+ z9s~C4G(28Euy?2D*~ioK?CI%w_V@HWdwqJIeLp?V9-y9QKTyxJH>l^?C)D%o8R~iV z5A{5IiF%%WMLo|Rqn>BKQO~pYsOQ;-)bs2~>Us7j^*no(dY*kt4UYkPm>M3}3HzCP zp1n;y&pxM~XU|j5v;V2#F<>uL!y_N|MKwGI?2&4C=-DsT^X#4KdG=8?JO=EkYIwwF ze^tX{z+S6{hn{^`4UYkPuo@nE_G2|X2JFphc<9-u)${Dx>Us8W^*npIdY*k?iAa_Lem~2JACy zc&y8wvxdij{bvmiJ$um_9s~BJH9Yj}QEPY%*ss>`(6e`~;W1zzThFtnt>@X_*7NLj z>v{IQ^*npvdY=7oJ{)Dh4A{Te@X)iD zvEeabUt`a+$Fb+x@7VB&&)&y|$AEp14G%qgA{!n9_D426^z4;vcnsJ#+3?V_hqB=@ zU_WKUOaADYEWMS>e{x;1&$8#)bJ_41u>Z2*5r@5)4UYl)G8-Ox_GmUd2JF{tc<9-? z+3*;!kF(*SXHRFtW5E8-hKHWLo(+!y`#u{UdiH=eJO=CsZFuO}8`|&~uurt%p=Zx% z!(+hy(T0bfy`&9~0sBfD9(wkeHarIGH*I+6*?ZdX7_bku;h|?wYQtl|{?vwtp1rCK zj{*Bu8y}PFw=-J!a@EEYqwc(*>&uhbD!2Z{Uhn~H#JGb5prf@8rFaI~(%8iWljF0#Cb(rN9I&omK zzklgihj~t*(>hE@E|G?lXchTK!n)?o4X2h|E9Neo9|m(4xYI8^h@r!}s3n4BLw&tt z6a5lxzLy!F6}Oj$s8cz6wPM*wZ~bf*7rvNHK{P@ZJ}Yh}N2yC83Dapdh3zwqp0ujM| z<@{t&JL6I`)jt_7E?j)>vOu`(WQLicyht)ToxDTrl&wxq(q`Nw9iJE)ZJ%`EWf}!l zNxSg+2`QUmk121Ylf*^p4e`+E_;mZ+3olbCs7mgI*H1|46uDELa!*8u*oC-%qGzNh zUW%Mxq8I+0PC;@~u|q?ng}*teeiockNi9vNu8}4TY_YI!VyNw@lx`+fa+MP)-Hj$yDtGve!>Y`IPCaJZDd$L+m8(Up5q8rBqYT zP9~C>O7QG-@><#|_K75EvExoUxpK7ab58bY3YlmooPAcDa>%=^QfA9x+n7nXWTf4- zJxLcA=eQD-E+eg_8H9H6B+EM*m(H@D@wV5%vMwN~73RjqMXj(lX;1 zH%WUZ`uj&GdzST2wB27XVM3m-oQ0QEr=~QEGcptF$);(=*;S`aw0}@ZE=??ro9B{T zMw*hyxkn*$)=|57SvK0&{wA2{&)&3rrfR{n*H5UXtnx-WNt`!1C6mSY6Rpi_@x@&e z{n?vR$y6=(?DZ2;I^}k&ypc{4m$`d!&uCxUD}N$8nMh_TiD##ir%Z~pRh+WsxP4qo z2ZvX*yRRmfCXmL>sL5rdl}w}1E}mq0Ypo2gMZ({!wWq`E)1@=fOf&neIAxHxRHe+6 z!?rP#aD0S+uQvW<=u18>pNLA_3E#4F}cZB8MEsKo|bdYD4NQWl+r+6YRa_KTspF$Fbd@;fcs)?o5&9_dCN_i!2 za*4EmF>eLC1&PlhA1X>Dzhz?+i-#r$hK9qX?%xCUUO&ObHS!$2KfZYPZwN+pa;Dgk zsfJcplGZjghE3OE8dd{B7W3@t8JSqVSd;Nj1?niF0D`cGF9jYXpE)=)CI;5Z>;>h*Dk3eBh6V;!ge~%qy``s(P|u?XQ3`!(l!eUF zz}|9cQHo?YYMDh|m$Rarl^0bqf}~g~2~3PA=v#?ve#7)_`^P4F^r;~~d^4_bhI})VA~(f3a$kRV@2nm< zIaB1wR3ob^NvpTT5=k$5N?|o1Z~b&TnO8DXq$N(UeUM0syLY&LS4+HzdL~E1V|L?$ z&W^fFZ@8+==cJ;r|FqqmjC5FRcz7(_KK|v=R8RJ_5i+g1u#uR`VrCrp)W~DW$(57% zth8&CAEBBX$2pzctzC*`d5q(ytT<^5Om@o)cuwboo<8s_8|`)ijbE~rMT|R78R&3*VM=y4rqtKa3B|cA z?wRcGcrK+NuaemMI@z73bXtTyE3SqPQs&=>*Pfi)ydg@jMov^EcJ@)+KRngbA$;j> zOsOr9CNTfr;i3M~srE})zphb`l|@RgOqlBH-DDGal3JL=n-2E&Zn|QNh20D1ca8UU z4G)b@ujm>ao!)dl{=}Fk&!XilH{>?2CP;ie(Js#aC6%yeJe!#YaA|}Xlf(1m#Uf8c zCCbX#PKLKPWNDH@5F?vd2bydj1qT~JjEBYqGTd0j)H$I7&2_LiYP$-F1Lq%rXxn>$lZg6d*~=+{*+V{Hi~vVPLSYR7-JLRfhE8B zsT*FpWWhA{OJ;}2dY4R$_4f^p4))6{fA?0YhOTPrll@}Nso^|&ChOl+p3Dx3uOlCn zbdZepEgqA1@fxD!sLS+r$0zDKAF_$*#VhA*A(zvf;#nu|g7uYRw{jB7nNIN01GdId z#yMj;l+)=$%iI(;Ig7c$Ik{{QcZpWRBfBGQbC zsinv-M_EWd4eZ?@Ef__;V|~?6h~$i6UmXOc;x!XJV*lRBku_Fj;y^p+74IkUbh-IkjXAPbc9W7u>U*w&8YD zI>>W$yeA^*wu@f4Q}oDHqpK@O2k}3y;mx{Yo*Jon676*DgEW?|h6v}lJiZHxRS_=U z)Z>Yh72=@j4zuGM;d*mI9WSc!l9m|dxLBv8qf8>rZR|k&)C7DI`4bF^;GUe4hx+jN z(}-hy5-SrvVBrbE@&4iX7l403GL9E-$yG`l5mgtmoEYovnuqTg$m4KvHyJm)L>rr& z5>obMfq#AGoL26a&w)Y$W8?KLN_>bGM2$$1je_yv_+`Du@4Lpw#tWYjHv_6tGm}wQ z?|66t*tiX2*zC@cm8(amQ{ku1M!uc7u5mhf<2mhiIg9c zG-KnFXqoU43r`SEO!f17IySqW>?wtfcq)rIP7HMo#&-)E4<>l6n0+B49#7Y-C`)X+q~Uve!?j z##ebdhk>cNIRej@7Yh6|()l$~5dnObg7n41s$6zvePcDNX3P+JDr$w+Z5o`)x|O=p)ULxv9kWPiPD4B(=gqz@rKKM5RDH` zj4i9a%P}@t`mDGSGf5?V%#^eAcdkSyNiz)3a-tXC1`98_^UDLxzjR5YH1^T5LuK+q z=uTm+zd5P0Krtnp`FQ`Rej5>QSoo*xG3S*PGUcNe9u?vjL;dlK$FjYRjll%3s7zft3b$IIJFFJ{VUoO2Hi@@l=FSOkCB;d#PeY-Wd&StepCRPv(4cIL ze-)DXEb?i^so~Vy-ysT*MB>oLN_-H7lp4D?sC1Gvf`}mG)3>;HXf&1*@UNQ2j89@^ z!UrroD(tPk5|a@0l)_59AY+cQ^R@gUuaV@O_~fT|XDr7vU3_3~_h5LW&o|*}KGK%B zZ0U{LVOc(Xf(V=G&w#z9scmetqC&T4Y0CxwUei~tC6QOtHswHEkY!DEq)=_i^%7lE)qSD zEHm*cvb3x^@ZMIwujDBek?wQwXx92Cv72Uc7y0~| ztmZ_;YT?CAyCl_F$Y-*c)fAIEotQbV;lB7LN4zxi4rE@VW}bna6f@g2ZYG;tngA|F zy@f&K4M=oNmb0wODj7y0^V3l?J1di4vi5|x!u)MtdNjk5%76UGV@m1q;!3JX&TKQ$ zOgQ^O_taXh}W=>Pbu2%6LUA~tB)o=A=0dmD1eH$Fkq zWeR^@MalXibY}UI{$ad#*l`&vsZFgfmgg1cgkRIg+FR{Tsubk4$kta%-aMhxzNycM z>w$T>_D_v34h3=M_`h**Q)E|+7{|?k%103%-KP2{@Qw4qZV*G`(^}Ba|8ar%?WG+< zH4|tPNN=6&4g1q+dKCE8WwUsX)jNEdeBMi4sdsF2RDSUr?x+5zhIZPzxU zI33@1lXIxtn8{NLo1vpjcP?&6LEkD1mK zi0^5)1r4{IBJ0oTu#);4liII>8FGV+O!p1oyN>?HwyXc+*-iXEhl<Y;?@W)BE?GW} z(}H@h$&Mf!2zM_3w(Q6_`7CM#3X+(YdxwfkDIH>jx3uh|+Q@hy#XUByPxOA3?5N9h zpQ^Gpu|mo^AxUhUAcTvbH<=bPsDJBYgtW{b zS`mLXlkX}TBs+qPS-V>RUqF`Yd`?`>o(==$^XVU*<`ahbkbERNWU)NrYPxmVQONw+ zt0-hdyB>!UIRpRVT9SyoE@eeIAup<=14*$|5||iKFfu)fmzSc?PkM}jWs?4vbqOcLP-R(wN7L$E1 zzxAtxb?N$1t1iDTZ=JB~=8Y=ekA@E(n=2vmTTAiuGmp@DV3W>#7P%BuB4g{438Zk;M5!E5G=}?BDvA3j?#77B&kkeFOc;mpo zx*krv#7F~oGbcWa{7O+$ER_WDTG!Y?FxI;ifBl5#dwX@9JB2tPA3-c3WZcot{mEIOOFUA7l#Ly{EJwP zm-sC5OGZgpZesC*$?5U&vG{8v|De3oyCtUQT$-CeI3@Myw#}i@WTf;Fcy{mP-S7u_Qi={8mIsu~ZUhK1Pr}*7A>3 zNTKk>PDPe>Z~xQ1V%H%NEp4S#czPs>iJq?RV=&a|1( zJ3Kno@no!kiCMOCI#y7bmh#hmmi&rI>5NLQ^Exu+K)GMI(2)~oEIK!PVSb?YqE zGJo4rwMAG+V`Y&IRf>E*TKg_9l>{b6SZ49i;1-pFbq6M1qF_)tZDmE!gI`?5cPZ0S zaobBzDQqW`obc7o-huFEd9jf(oN<*>7cc1;FZ}tp&_Csfj2?{^-jU&TkQWVfl*l7^ zEivVjsF{-Np}5BvPK8yG4u-l&CWB;tO_InUsVT?>!9kLeT|_Byj}DFZ;4ScQvo$ux zI-T5~Ss@PRci<$xQaP`3RSgv$iP<;0bO;|l#-hvqLDYNw1fNA2ETj<#*@AlH=t)uK z#&Neh18B4`p%P2^7|Ds^9S*1BMa{LK$O|QR86dcOr>DckGe18v=oM6WBo`f~NLHn> zrox*R``s#8Bvvbu0!E(foep0G@cAA(E=SMeLYj*bzv=9;WOf9L{&tDeRE>k+h5W5i~km8=kdm>WnRB8ltE$f=I zxop=Q|Bg*tS-TK^!P+w648+lXN%e4*%9-f=6sv1;Vqhr#w{SC@Q1$(Ya5`<2T&w1; zomEv=2{LD1*PQuCC|vOVZ*-rK6R#%RYSJo$)%Iz|Srx)cM)a;GnkBWg*ivaC?^c7zy7H>X!HVS)zwUCCS6R>%uA+`e(4Meh0pK&Uk8JeN+(HUVSY$A7~XN)vf-C4*)nESc`gla zM@Vpd%W{eSA=P-MGCnKz%VlX;Qiojw;mxRgq3JE--9_v;rA>HsQZA?HKj#f66di@E z7Eg9XB;&jVFwp!+dAD9A4R`VPcnlW<5617D%xT=Z zLD$wO-Em4+|HQ;t^$+~P@xjvBUe2xRByT2@V(UrgvAZJ`X#^?08ZI|_-s#nU@o6y4 zk+VnxF0`5edVXnIj*-r4H4%y#h53J3KJLKc1N(cY^0Ns8=_QRHq#1Wu(s7)^b93&- zlys)GHJV8!c`bgBhu37W$HiR#$wYibm7J1HU9Qos)5=pOnt0Z_G?K6pGz;arYm=?I z(&A292CYcb;$@c5nWdA+1St)2vO9@t&D$a>v(gbrx$s1Qd&+PC$3jZb@uJ!C{CryE^ zbYwi8s|02!L?|OAsHL_0A;g_o@!o;z*x6@GJYA4lO zsjak;1!KljP9wMNDPEKv819F8H)ilsV~BG?<}ygB%yf2KdqCE1JeCY89ilr4_ryz5 z0=zLrkQYhra(-|R;Hx0$V=IZ|KU!vR7G|DgY6x!mY659CW~z;q5?@UuH_HwGujzyx z>YtjzGs|SCTY?I~@+McxN_V>^krZk?bJ26JN%GY3@To)NkG?pG&h~P%MjLtkT!Oeb z{Wz}X?xjcvpFMWmDJ#kOTfVxQmB`e-rQN8xxOjS?dxbdLy;s&w);5ISm}-EqMai@J z#k0b!t908X>5r3&_tP350%1F>yD_D?NHHOv&*G8dr@i@ML9cd{STOFeg5%t6x7sO< zq{?{Bq>@~(a1)<$`z_VyPrBF`__%HQrOxpWcT&AV~AMfN4{E?WCGcJE>omI^=*_c2=6p)!g)@W4`(DmT0aBhb zovkO(H8nP-U$=W&F9doIG&5r!iF$h3|_U3*UB zPs|?UwDLySq?JquCi?rQR*r{Hcm4Y|*4I`XPrsAcrBFy+3Q5?AN#WvJaUTh&4#{$C zVx;<;t-?{4>8g2tAxo*nTZgeiUOFL3Y#d7Drt@C{kT8+grK~6i@}jg>P6v`=sU$El zqF{8YO(W8QvBDKH;y8ulddZDPbsWMJfL)l z;v{<6H6{7)@YO$$4#es6_P()~)r-aQ5B==0St4uAIuDDkdxiPyZJXHF> zP6tTK?gu-iu9saT;qIRse|lHE$VrrU$JLE{#njwpLtFf+-d4D;92N;ZflhpQj2 z_OD2ex=gdG%G_x)mTY{od55%dq69w*2~V5;@wiOSy$X3|dP<>>#QOHRvve7$-}594n?4+Ga4#Y)k!ZV%lXQ|)W8_7WTkj-cesB+s4um%; zaZU)P*J~za0UcEY5}~j9AV;<$h$(nM$}px7+$nr=7IT9$*63U4zw^_Vcv(LTQV5M7 zNpXk20m~nclW|U6Tjg~6xZ)0}1;gHKA#iXWxNI5$Cc>YIbN%Ji=e)91LHQL+mq>?D zkEC`s$Y?bD;YsrDYMm;3U`>&qYrleJKB9i*;5J| zK~)y=?q4>7U;OLOt!ym3&G|&O zOX?|1j`oaCE*X=DtKxo}PNa>pnL`LRGNfOET1}{|YZFMe0}s+2wj->UWbMOr-WWy+ zyR&#&TZ{WY5&H^{tW*r${kHIwLZ1X>X4xdt$B%|cKV+7zscB0$7f)Qr2{DcE*NuOT z&==||%Q`X1FSa>dYj}xzeK%Q4c#5X)5lrIoZP5UYu5gq;WIlK2#iJ}d zYgK|pUYE3@e8yf>k5ep_1SUohNa3&enjU|~`A7cn0b${lyxL6A$j)mfY&Lt#qTRBe z5WVGul(p_PW1GB_$i+({*{t&K6@KUml8a?Y5hRj@B&}4W15p_zNo<@b8S5RxcO@1| zT>s*t7yV5OXIL~dDJmB(TtTX3YRgwjy{uh3H!f}@%r21X8%DEb+94-NG6RzKkCtx05s2Jg?mDJZAO8Tb#=Qq1Ud@^PNvZsS224k#28(%3T5Nb4#m3YDTQe< zz5h`b7eg;TUCzAP4ZZZDBgBfbMku8z>6+}F7#g4I!Z(roC&nlG@qgRkZMB_))l#U3 zO6S)#7=H%QJ{2QK>u0vQXyFc1dc#lXo3{%2ENX-cl9+FAPrX8EZ%_7Uq#&%sioA&A zjB&4rskeP3tV^%K?COezq=jg_2r)j1lL?cc2o(v6+_MmLS3?9iQ>(ZQy z_180Tn#SauW2cLSsWjCc0(ML&M=JK_={_ZOd=AT*)xy@3t18B@ROK| zGUs93^(?H!PtECd+>jWgDQ+LGQ!+VD-jnf_Q%h#{y05NGnOJu<4JYwab9$ZjM1wTN z?Zb6SCdVoEWCCqu(aL&kTwW8;=rMY{^OT%hU02VrjkayDd@da~(1mTzn!y4yN;pR@ z_ja(me?@<9_Xs)w;|GZ|d1xA+=sc&$w=QgxZ5wg>aQTEfZ?Fs8oHmmsW|nl0o%eVI zRf)T&Cgu#!WOLh!Q;rQqHM6Fw5+G;WX#;bproLm))g+dqHTP=Z>FiZQ+{h{^I;NCW zl>j;0ne5d-r@!R5p`~awiRIOsd-Zg-%4-`ZNm?|U_|JXZLkiB6eI?bRutrlgutMOF)uQ=Va3%?X{ut}eM8FYg%&6Zdyd z;VU;YxrW+`Q(g^4HK(Sk5+G;WX}fZ$roLm))g+dqg}oYHIuu(km!HvOQdY{N`~#JO z6v@zN-zcR=_!OhN1Y!s8tB8<(&x^>-pE%wR^d2b!S#cwQB#kGOhxWTE zMNAd;4~MVDHX5-@=ab}$i^p+uY2|~6wMy+3Q&fxXq3sjXnJG$R9TCK&gH@X!+!IsX z!-M0)-QiRG#)F^p%5si!ft}Y+@M)IvMmkBXw{TP3y98ecm3v+J-LRgCf({9AT;6|^ zC@ecZAx|mw>I^;BDG>`MC8-ZUr7KGN4+?wRc=*HjXy_@0&45v+dA7}wju*0yLI~;ZXZ4fLYmQXmqvES78mA0jg+jdzkKrFQOSH3`4sebQX=SWo**gj z))Oq;`^*W2A6_zepIE{V8?4Yb~Fns4KpLP*4`K-7WG)hCB%XV6{ zx7|q%nH>^OM?M&7m9z^K`7El0fh6Wrk5NPrrMoHR+n!W8?BnyyTDuE=uCF zC@mBp#B^%0R1)Z}#TZc_IX5$jY*@ky7{LnC0?YvJ6h1kNxxqQf0!8`+s(#Y4da!+f zNQ!%+e^h^Bm@hU>p>(yA>Vj>hX<;8Tq@SiGnU5D`_yjh*4D?UW`^ZPc>IoU?!(cmf>wQzS1-qAr4*OTMG(?UeYcNVBSld`3|c z@=?=eQwaJ-dflUjCX*eKO&+;W*-^-RLMjRw(XPjd65O%kFZLSOL0{nt3l?J^v2Yn_ zBRdN1;z_0(pOy|X{GxMmEIcJOax7i4a5;84mM$Yri|ehCgm&>H(;S@)Z62f&b@Zj*o=~a6R}k2Tv@A~Bg(96LjXPSD#79)x)hLC; zpI(@kQ%!EYB?`AbEpY+eo}S{_iZ&&T;U#I2GDgfnq{&^*7xy0TScJ}_-HUJoNHaZo z@bT|KRVCG_X_c5nb7Eex{X)@`;+M&nVTFfi_x{1{d!|F#sN(PVlC6m1CV0_Kva-J* zc2`!SIDtlS0=EZYQb<&E$yv+|&bRM~w*FI~uDr=G!~-lcov1*oX~t4{Cr z6H)?kD~((diNvC@Skj~(J$wCxYIK$7={=+PHG>)7{|7}tln4L- literal 0 HcmV?d00001 diff --git a/ld.so.conf b/ld.so.conf new file mode 100644 index 0000000..6ad4829 --- /dev/null +++ b/ld.so.conf @@ -0,0 +1,14 @@ +# ld.so.conf autogenerated by env-update; make all changes to +# contents of /etc/env.d directory +/usr/local/lib +include ld.so.conf.d/*.conf +/lib64 +/usr/lib64 +/usr/local/lib64 +/lib32 +/usr/lib32 +/usr/local/lib32 +/lib +/usr/lib +/usr/lib/gcc/x86_64-pc-linux-gnu/4.5.3 +/usr/lib/gcc/x86_64-pc-linux-gnu/4.5.3/32 diff --git a/ldap.conf.sudo b/ldap.conf.sudo new file mode 100644 index 0000000..934f1b9 --- /dev/null +++ b/ldap.conf.sudo @@ -0,0 +1,5 @@ +# See ldap.conf(5) and README.LDAP for details\n" +# This file should only be readable by root\n\n" +# supported directives: host, port, ssl, ldap_version\n" +# uri, binddn, bindpw, sudoers_base, sudoers_debug\n" +# tls_{checkpeer,cacertfile,cacertdir,randfile,ciphers,cert,key diff --git a/libaudit.conf b/libaudit.conf new file mode 100644 index 0000000..90855d7 --- /dev/null +++ b/libaudit.conf @@ -0,0 +1,7 @@ +# This is the configuration file for libaudit tunables. +# It is currently only used for the failure_action tunable. + +# failure_action can be: log, ignore, terminate +failure_action = ignore + + diff --git a/locale.gen b/locale.gen new file mode 100644 index 0000000..09ee60e --- /dev/null +++ b/locale.gen @@ -0,0 +1,31 @@ +# /etc/locale.gen: list all of the locales you want to have on your system +# +# The format of each line: +# +# +# Where is a locale located in /usr/share/i18n/locales/ and +# where is a charmap located in /usr/share/i18n/charmaps/. +# +# All blank lines and lines starting with # are ignored. +# +# For the default list of supported combinations, see the file: +# /usr/share/i18n/SUPPORTED +# +# Whenever glibc is emerged, the locales listed here will be automatically +# rebuilt for you. After updating this file, you can simply run `locale-gen` +# yourself instead of re-emerging glibc. + +#en_US ISO-8859-1 +#en_US.UTF-8 UTF-8 +#ja_JP.EUC-JP EUC-JP +#ja_JP.UTF-8 UTF-8 +#ja_JP EUC-JP +#en_HK ISO-8859-1 +#en_PH ISO-8859-1 +#de_DE ISO-8859-1 +#de_DE@euro ISO-8859-15 +#es_MX ISO-8859-1 +#fa_IR UTF-8 +#fr_FR ISO-8859-1 +#fr_FR@euro ISO-8859-15 +#it_IT ISO-8859-1 diff --git a/localtime b/localtime new file mode 100644 index 0000000000000000000000000000000000000000..96059c7854e1f571ddf97fd285a28df361c4c99d GIT binary patch literal 2309 zcmciCeN0t#9LMo(lO@L;B{2s(V^HbuhSIhsF!##M>?%-tUpG z-pG)Xuf@wqLxhYR?yyEnkG(RwZ>fx)&6qe<8L3|v#;GrRB-U3muD$~st#1h;$V}8eV>_U@-4R=mVFJ2^frvI+tahEh=`giK`KcTKG$8^T|_w=q)dv)d~J2mpi zQHeU(C(*n2$gDP%n9Z+BY;A+wy}DBFDe_8OPM+NB&XV}31i3GCh9o#Wns7BkXa5+l ziM|M(^I4$Y-+x`*Jr{It`x#AY{Zf-R9nqAkcQv(aOwt@(#DY*QTEcQPxi-!m0(erOfVc$DaH1v@c?`V@H2lwgHx;lBRZL2PO z;&okKyH-mcs8w%Kfj;h9qAT2qy5d@jmWJm`>FF?i^6G3^dH7ddX+q6L$ymbrp}U0dB4dE(=2IB4%fzsAEasOHElZi zsWe|6(-+_Gm6wJGbn~u{bxU8jzTDiSEjwD&a`^e*I0Gzy-a0M&kz-2W?LRFmD%Qb2 zwph+v@8_gAf-URs*PEa5)`ct#SsAi4WNpaekkui}L)M2Z5LuzESt7DVTeC=8vr1%{$U2dQ+M1Qx znx!IZMHY*!7Fn*XSucMq3r1FqEE!odvS?)0wr1JLx{-w=D@T@&tQ}cAvU+6s$oi22 zAQeDLfYbmf0#XH}47R2YNFk6)Af-TRffNI&22u{B9!NouiXbIHYJwC6sR~jSTT>UL zFt(;LNNJGTAjLtdgOmrU4^kkcLP&{_8X-kOs)UpYsS{EtTT>~dRJNv8NU@M=A>~5q zg%k{_7*aB%W=PSHsv%`V>V_1~)>IBDovo=IQaq%3NcoWZAq7M#h?EeiAyP!7ibxre zIwFNcDv6ZR*3=RyCQ?nLoJc*9f+7_~N{ZAJDJoJ`q^w9?k-{RCMM`UHYKs)t)>IcM zFH&Emz(|FW5+gN6itJ|+9B|`wIs$k*#bH143k pFq_w#&x=fs{~hOB>TKSGm~hWc MAX, the highest value will be used. +# +# SHA_CRYPT_MIN_ROUNDS 5000 +# SHA_CRYPT_MAX_ROUNDS 5000 + +# +# List of groups to add to the user's supplementary group set +# when logging in on the console (as determined by the CONSOLE +# setting). Default is none. +# +# Use with caution - it is possible for users to gain permanent +# access to these groups, even when not logged in on the console. +# How to do it is left as an exercise for the reader... +# +#CONSOLE_GROUPS floppy:audio:cdrom + +# +# Should login be allowed if we can't cd to the home directory? +# Default in no. +# +DEFAULT_HOME yes + +# +# If this file exists and is readable, login environment will be +# read from it. Every line should be in the form name=value. +# +#ENVIRON_FILE + +# +# If defined, this command is run when removing a user. +# It should remove any at/cron/print jobs etc. owned by +# the user to be removed (passed as the first argument). +# +#USERDEL_CMD /usr/sbin/userdel_local + +# +# Enable setting of the umask group bits to be the same as owner bits +# (examples: 022 -> 002, 077 -> 007) for non-root users, if the uid is +# the same as gid, and username is the same as the primary group name. +# +# This also enables userdel to remove user groups if no members exist. +# +USERGROUPS_ENAB yes + +# +# If set to a non-nul number, the shadow utilities will make sure that +# groups never have more than this number of users on one line. +# This permit to support split groups (groups split into multiple lines, +# with the same group ID, to avoid limitation of the line length in the +# group file). +# +# 0 is the default value and disables this feature. +# +#MAX_MEMBERS_PER_GROUP 0 + +# +# If useradd should create home directories for users by default (non +# system users only) +# This option is overridden with the -M or -m flags on the useradd command +# line. +# +#CREATE_HOME yes + diff --git a/logrotate.conf b/logrotate.conf new file mode 100644 index 0000000..44a0760 --- /dev/null +++ b/logrotate.conf @@ -0,0 +1,41 @@ +# $Header: /opt/cvsroot/logrotate/logrotate.conf,v 1.6 2003/08/25 19:22:22 jvalent Exp $ + +# see "man logrotate" for details +# rotate log files weekly +weekly + +# keep 999 weeks worth of backlogs +rotate 999 +maxage 2y + +# create new (empty) log files after rotating old ones +create + +tabooprefix \. + +dateext + +# do not rotate, if the file is empty +notifempty + +# uncomment this if you want your log files compressed +compress + +# is it okay, if a logfile doesn't exists ? +missingok + +# no packages own lastlog or wtmp -- we'll rotate them here +/var/log/wtmp { + weekly + create 0664 root utmp + rotate 12 + olddir /var/log/wtmp.d + size=4096K +} + +# RPM packages drop log rotation information into this directory +include /etc/logrotate.d + +# system-specific logs may be configured here + +# vim: ts=4 filetype=conf diff --git a/machine-id b/machine-id new file mode 100644 index 0000000..775709a --- /dev/null +++ b/machine-id @@ -0,0 +1 @@ +a80ef8537b9f69ff3c2d935f0034bdcf diff --git a/mailcap b/mailcap new file mode 100644 index 0000000..7c42a55 --- /dev/null +++ b/mailcap @@ -0,0 +1,25 @@ + +text/plain; less '%s'; needsterminal +application/x-troff-man; /usr/bin/nroff -mandoc -Tlatin1; copiousoutput; print=/usr/bin/nroff -mandoc -Tlatin1 | print text/plain:- +text/plain; shownonascii iso-8859-1 '%s'; description="Plain ASCII Text"; test=test "$(echo %{charset} | tr "[A-Z]" "[a-z]")" = iso-8859-1 -a "$DISPLAY" != "" +text/richtext; shownonascii iso-8859-1 -e richtext -p '%s'; description="Richtext"; copiousoutput; test=test "$(echo %{charset} | tr "[A-Z]" "[a-z]")" = iso-8859-1 -a "$DISPLAY" != "" +text/enriched; shownonascii iso-8859-1 -e richtext -e -p '%s'; description="Enriched Text"; copiousoutput; test=test "$(echo %{charset} | tr "[A-Z]" "[a-z]")" = iso-8859-1 -a "$DISPLAY" != "" +message/partial; showpartial '%s' %{id} %{number} %{total}; description="An incomplete message" +message/external-body; showexternal '%s' %{access-type} %{name} %{site} %{directory} %{mode} %{server}; needsterminal; description="A reference to data stored in an external location"; composetyped="extcompose '%s"' +audio/basic; /usr/lib/mime/playaudio '%s'; description=Basic uLaw Audio; nametemplate=%s.au +application/x-tar; /bin/tar tvf -; print=/bin/tar tvf - | print text/plain:-; copiousoutput +application/x-gtar; /bin/tar tvzf -; print=/bin/tar tvzf - | print text/plain:-; copiousoutput +text/plain; more '%s'; needsterminal +application/xrx; view=xrx '%s'; description="remote X application"; test=test "$DISPLAY"; nametemplate=%s.rx +text/richtext; richtext '%s'; description="Richtext"; copiousoutput +text/enriched; richtext -e '%s'; description="Enriched Text"; copiousoutput +text/plain; gview '%s'; edit=gvim -f '%s'; compose=gvim -f '%s'; test=test "$DISPLAY" != "" +text/plain; view '%s'; edit=vim '%s'; compose=vim '%s'; needsterminal +text/html; /usr/bin/lynx -force_html '%s'; needsterminal; description=HTML Text; nametemplate=%s.html +text/*; less '%s'; needsterminal +text/html; /usr/bin/lynx -dump -force_html '%s'; copiousoutput; description=HTML Text; nametemplate=%s.html +text/*; gview '%s'; edit=gvim -f '%s'; compose=gvim -f '%s'; test=test "$DISPLAY" != "" +text/*; view '%s'; edit=vim '%s'; compose=vim '%s'; needsterminal +text/*; more '%s'; needsterminal +*/*; less '%s'; needsterminal +*/*; false; print=lpr '%s' diff --git a/make.conf b/make.conf new file mode 100644 index 0000000..3399f5c --- /dev/null +++ b/make.conf @@ -0,0 +1,74 @@ +# These settings were set by the catalyst build script that automatically +# built this stage. +# Please consult /usr/share/portage/config/make.conf.example for a more +# detailed example. + +CFLAGS="-O2 -pipe -march=opteron" +CXXFLAGS="${CFLAGS}" + +# WARNING: Changing your CHOST is not something that should be done lightly. +# Please consult http://www.gentoo.org/doc/en/change-chost.xml before changing. +CHOST="x86_64-pc-linux-gnu" + +# These are the USE flags that were used in addition to what is provided by the +# profile used for building. +USE="3dnow X acl apache2 audit bash-completion bazaar bzip2 caps cgi cvs curl \ + darcs djvu doc examples expat fam fastcgi fontconfig ftp gd gif git gmp \ + gnutls gpg graphviz gs gsl gtk guile hscolour html icu idn imagemagick imap ipv6 ithreads \ + jadetex java javascript jbig jpeg jpeg2k kerberos lasi ldap libwww lua \ + lzma lzo maildir mailwrapper mercurial mmx mmxext modperl motif mp3 mysql \ + nis odbc ogg openldap pam pch pcre pdf perl pic png php python rar samba sasl \ + session smtp snmp soap spamassassin spell sqlite sqlite3 sse sse2 ssh \ + subversion svg syslog theora tiff tk truetype unicode vhosts vim-syntax \ + vorbis wmf x264 xattr xml xmlrpc xpm xsl xvid zlib" + +I_KNOW_WHAT_I_AM_DOING=yes + +ACCEPT_LICENSE="DOOM3 PUEL RTCW RTCW-ETEULA" + +APACHE2_MODULES="actions alias asis auth_basic auth_digest authn_alias + authn_anon authn_dbd authn_dbm authn_default authn_file + authz_dbm authz_default authz_groupfile authz_host + authz_owner authz_user autoindex cache cern_meta cgi cgid + charset_lite dav dav_fs dav_lock dbd deflate dir disk_cache + dumpio env expires ext_filter file_cache filter headers icu + ident imagemap include info log_config log_forensic logio + mem_cache mime mime_magic negotiation proxy proxy_ajp + proxy_balancer proxy_connect proxy_ftp proxy_http proxy_scgi + reqtimeout rewrite setenvif speling status substitute + unique_id userdir usertrack version vhost_alias " + +#APACHE2_MPMS="-event% -itk% -peruser% -prefork% -worker%" +APACHE2_MPMS="prefork" + +VIDEO_CARDS="intel mach64 r128 radeon savage via svga" + +CONFIG_PROTECT="/var/www/ldap/htdocs/config \ + /var/www/ldap/htdocs/templates \ + /var/www/bautagebuch/htdocs/wp-config.php \ + /var/www/myadmin/htdocs/config.inc.php \ + /var/www/webmail/htdocs/horde/config \ + " +CONFIG_PROTECT_MASK="/etc/init.d" + +PORTAGE_NICENESS=3 + +AUTOCLEAN="yes" + +PORTDIR_OVERLAY="/usr/local/portage" + +#FETCHCOMMAND="/usr/bin/wget -t 5 --passive-ftp -P \${DISTDIR} \${URI}" +#FETCHCOMMAND="mv -v \${DISTDIR}/.old/\${FILE} \${DISTDIR}/" + +FEATURES="parallel-fetch" +#MAKEOPTS="-j3" +EMERGE_DEFAULT_OPTS="--with-bdeps y " + +LINGUAS="de de_AT de_BE de_CH de_DE de_LU en en_AG en_AU en_BW en_CA en_DK en_GB en_HK en_IE en_IN en_NG en_NZ en_PH en_SG en_ZA en_ZW en_US ru_RU ru_UA" + +#GENTOO_MIRRORS="ftp://mirror.netcologne.de/gentoo/ ftp://mirror.muntinternet.net/pub/gentoo/ http://mirror.muntinternet.net/pub/gentoo/ http://gentoo.supp.name/" +GENTOO_MIRRORS="http://mirror.opteamax.de/gentoo/ http://gentoo.mneisen.org/ http://gentoo.mirror.dkm.cz/pub/gentoo/ http://de-mirror.org/gentoo/ http://gentoo.wheel.sk/" + +#PORT_LOGDIR="/var/log/portage" +source /var/lib/layman/make.conf + diff --git a/make.conf.catalyst b/make.conf.catalyst new file mode 100644 index 0000000..9806b00 --- /dev/null +++ b/make.conf.catalyst @@ -0,0 +1,12 @@ +# These settings were set by the catalyst build script that automatically +# built this stage. +# Please consult /usr/share/portage/config/make.conf.example for a more +# detailed example. +CFLAGS="-O2 -pipe" +CXXFLAGS="${CFLAGS}" +# WARNING: Changing your CHOST is not something that should be done lightly. +# Please consult http://www.gentoo.org/doc/en/change-chost.xml before changing. +CHOST="x86_64-pc-linux-gnu" +# These are the USE flags that were used in addition to what is provided by the +# profile used for building. +USE="mmx sse sse2" diff --git a/make.globals b/make.globals new file mode 120000 index 0000000..420193b --- /dev/null +++ b/make.globals @@ -0,0 +1 @@ +../usr/share/portage/config/make.globals \ No newline at end of file diff --git a/make.profile b/make.profile new file mode 120000 index 0000000..8811b51 --- /dev/null +++ b/make.profile @@ -0,0 +1 @@ +../usr/portage/profiles/default/linux/amd64/10.0/server \ No newline at end of file diff --git a/man.conf b/man.conf new file mode 100644 index 0000000..eb8ddd3 --- /dev/null +++ b/man.conf @@ -0,0 +1,144 @@ +# +# Generated automatically from man.conf.in by the +# configure script. +# +# man.conf from man-1.6f +# +# For more information about this file, see the man pages man(1) +# and man.conf(5). +# +# This file is read by man to configure the default manpath (also used +# when MANPATH contains an empty substring), to find out where the cat +# pages corresponding to given man pages should be stored, +# and to map each PATH element to a manpath element. +# It may also record the pathname of the man binary. [This is unused.] +# The format is: +# +# MANBIN pathname +# MANPATH manpath_element [corresponding_catdir] +# MANPATH_MAP path_element manpath_element +# +# If no catdir is given, it is assumed to be equal to the mandir +# (so that this dir has both man1 etc. and cat1 etc. subdirs). +# This is the traditional Unix setup. +# Certain versions of the FSSTND recommend putting formatted versions +# of /usr/.../man/manx/page.x into /var/catman/.../catx/page.x. +# The keyword FSSTND will cause this behaviour. +# Certain versions of the FHS recommend putting formatted versions of +# /usr/.../share/man/[locale/]manx/page.x into +# /var/cache/man/.../[locale/]catx/page.x. +# The keyword FHS will cause this behaviour (and overrides FSSTND). +# Explicitly given catdirs override. +# +# FSSTND +FHS +# +# This file is also read by man in order to find how to call nroff, less, etc., +# and to determine the correspondence between extensions and decompressors. +# +# MANBIN /usr/local/bin/man +# +# Every automatically generated MANPATH includes these fields +# +MANPATH /usr/share/man +MANPATH /usr/local/share/man +MANPATH /usr/X11R6/man +MANPATH /usr/local/man +MANPATH /usr/man +# +# Uncomment if you want to include one of these by default +# +# MANPATH /opt/*/man +# MANPATH /usr/lib/*/man +# MANPATH /usr/share/*/man +# MANPATH /usr/kerberos/man +# +# Set up PATH to MANPATH mapping +# +# If people ask for "man foo" and have "/dir/bin/foo" in their PATH +# and the docs are found in "/dir/man", then no mapping is required. +# +# The below mappings are superfluous when the right hand side is +# in the mandatory manpath already, but will keep man from statting +# lots of other nearby files and directories. +# +MANPATH_MAP /bin /usr/share/man +MANPATH_MAP /sbin /usr/share/man +MANPATH_MAP /usr/bin /usr/share/man +MANPATH_MAP /usr/sbin /usr/share/man +MANPATH_MAP /usr/local/bin /usr/local/share/man +MANPATH_MAP /usr/local/sbin /usr/local/share/man +MANPATH_MAP /usr/X11R6/bin /usr/X11R6/man +MANPATH_MAP /usr/bin/X11 /usr/X11R6/man +MANPATH_MAP /usr/bin/mh /usr/share/man +# +# NOAUTOPATH keeps man from automatically adding directories that look like +# manual page directories to the path. +# +#NOAUTOPATH +# +# NOCACHE keeps man from creating cache pages ("cat pages") +# (generally one enables/disable cat page creation by creating/deleting +# the directory they would live in - man never does mkdir) +# +#NOCACHE +# +# Useful paths - note that COL should not be defined when +# NROFF is defined as "groff -Tascii" or "groff -Tlatin1"; +# not only is it superfluous, but it actually damages the output. +# For use with utf-8, NROFF should be "nroff -mandoc" without -T option. +# (Maybe - but today I need -Tlatin1 to prevent double conversion to utf8.) +# +# If you have a new troff (version 1.18.1?) and its colored output +# causes problems, add the -c option to TROFF, NROFF, JNROFF. +# +TROFF /usr/bin/groff -Tps -mandoc +NROFF /usr/bin/nroff -mandoc +JNROFF /usr/bin/groff -Tnippon -mandocj +EQN /usr/bin/geqn -Tps +NEQN /usr/bin/geqn -Tlatin1 +JNEQN /usr/bin/geqn -Tnippon +TBL /usr/bin/gtbl +# COL /usr/bin/col +REFER /usr/bin/refer +PIC /usr/bin/pic +VGRIND +GRAP +PAGER /usr/bin/less -isR +BROWSER /usr/bin/less -isR +HTMLPAGER /bin/cat +CAT /bin/cat +# +# The command "man -a xyzzy" will show all man pages for xyzzy. +# When CMP is defined man will try to avoid showing the same +# text twice. (But compressed pages compare unequal.) +# +CMP /usr/bin/cmp -s +# +# Compress cat pages +# +COMPRESS /bin/bzip2 +COMPRESS_EXT .bz2 +# +# Default manual sections (and order) to search if -S is not specified +# and the MANSECT environment variable is not set. +# +MANSECT 1:1p:8:2:3:3p:4:5:6:7:9:0p:tcl:n:l:p:o:1x:2x:3x:4x:5x:6x:7x:8x +# +# Default options to use when man is invoked without options +# This is mainly for the benefit of those that think -a should be the default +# Note that some systems have /usr/man/allman, causing pages to be shown twice. +# +#MANDEFOPTIONS -a +# +# Decompress with given decompressor when input file has given extension +# The command given must act as a filter. +# +.gz /bin/gunzip -c +.bz2 /bin/bzip2 -c -d +.lzma /usr/bin/unlzma -c -d +.xz /usr/bin/unxz -c -d +.z +.Z /bin/zcat +.F +.Y diff --git a/mdev.conf b/mdev.conf new file mode 100644 index 0000000..df329b4 --- /dev/null +++ b/mdev.conf @@ -0,0 +1,110 @@ +# +# This is a sample mdev.conf +# + +# Provide user, group, and mode information for devices. If a regex matches +# the device name provided by sysfs, use the appropriate user:group and mode +# instead of the default 0:0 660. +# +# Syntax: +# [-]devicename_regex user:group mode [>|=path] [@|$|*cmd args...] +# +# =: move, >: move and create a symlink +# @|$|*: run $cmd on delete, @cmd on create, *cmd on both + +# support module loading on hotplug +$MODALIAS=.* root:root 660 @modprobe "$MODALIAS" + +# null may already exist; therefore ownership has to be changed with command +null root:root 666 @chmod 666 $MDEV +zero root:root 666 +full root:root 666 +random root:root 444 +urandom root:root 444 +hwrandom root:root 444 +grsec root:root 660 + +kmem root:root 640 +mem root:root 640 +port root:root 640 +# console may already exist; therefore ownership has to be changed with command +console root:tty 600 @chmod 600 $MDEV +ptmx root:tty 666 +pty.* root:tty 660 + +# Typical devices + +tty root:tty 666 +tty[0-9]* root:tty 660 +vcsa*[0-9]* root:tty 660 +ttyS[0-9]* root:uucp 660 + +# block devices +ram([0-9]*) root:disk 660 >rd/%1 +loop([0-9]+) root:disk 660 >loop/%1 +sd[a-z].* root:disk 660 */lib/mdev/usbdisk_link +hd[a-z][0-9]* root:disk 660 */lib/mdev/ide_links +md[0-9]* root:disk 660 +sr[0-9]* root:cdrom 660 @ln -sf $MDEV cdrom +fd[0-9]* root:floppy 660 + +# net devices +-net/.* root:root 600 @nameif +tun[0-9]* root:root 600 =net/ +tap[0-9]* root:root 600 =net/ + +# alsa sound devices and audio stuff +pcm.* root:audio 660 =snd/ +control.* root:audio 660 =snd/ +midi.* root:audio 660 =snd/ +seq root:audio 660 =snd/ +timer root:audio 660 =snd/ + +adsp root:audio 660 >sound/ +audio root:audio 660 >sound/ +dsp root:audio 660 >sound/ +mixer root:audio 660 >sound/ +sequencer.* root:audio 660 >sound/ + +# Less typical devices + +# raid controllers +cciss!(.*) root:disk 660 =cciss/%1 +ida!(.*) root:disk 660 =ida/%1 +rd!(.*) root:disk 660 =rd/%1 + +ttyLTM[0-9] root:dialout 660 @ln -sf $MDEV modem +ttySHSF[0-9] root:dialout 660 @ln -sf $MDEV modem +slamr root:dialout 660 @ln -sf $MDEV slamr0 +slusb root:dialout 660 @ln -sf $MDEV slusb0 + +fuse root:root 666 + +# dri device +card[0-9] root:video 660 =dri/ + +# misc stuff +agpgart root:root 660 >misc/ +psaux root:root 660 >misc/ +rtc root:root 664 >misc/ + +# input stuff +event[0-9]+ root:root 640 =input/ +mice root:root 640 =input/ +mouse[0-9] root:root 640 =input/ +ts[0-9] root:root 600 =input/ + +# v4l stuff +vbi[0-9] root:video 660 >v4l/ +video[0-9] root:video 660 >v4l/ + +# dvb stuff +dvb.* root:video 660 */lib/mdev/dvbdev + +# load drivers for usb devices +usbdev[0-9].[0-9] root:root 660 */lib/mdev/usbdev +usbdev[0-9].[0-9]_.* root:root 660 + +# zaptel devices +zap(.*) root:dialout 660 =zap/%1 +dahdi!(.*) root:dialout 660 =dahdi/%1 diff --git a/mime.types b/mime.types new file mode 100644 index 0000000..cea6685 --- /dev/null +++ b/mime.types @@ -0,0 +1,1391 @@ +# This file maps Internet media types to unique file extension(s). It is +# distributed as the app-misc/mime-types package. +# +# The table below contains both registered and (common) unregistered types. +# A type that has no unique extension can be ignored -- they are listed +# here to guide configurations toward known types and to make it easier to +# identify "new" types. File extensions are also commonly used to indicate +# content languages and encodings, so choose them carefully. +# +# Internet media types should be registered as described in RFC 4288. +# The registry is at . +# +# The reason that all types are managed by the mime-support package instead +# allowing individual packages to install types in much the same way as they +# add entries in to the mailcap file is so these types can be referenced by +# other programs (such as a web server) even if the specific support package +# for that type is not installed. +# +# Users can add their own types if they wish by creating a ".mime.types" +# file in their home directory. Definitions included there will take +# precedence over those listed here. (Note: compression schemes like "gzip" +# are note actually "mime-types". They are encodings and hence must _not_ +# have entries in this file to map their extensions. +# +# Sources used: +# +# http://packages.debian.org/etch/mime-support +# http://svn.apache.org/repos/asf/httpd/httpd/trunk/docs/conf/mime.types + +application/activemessage +application/andrew-inset ez +application/applefile +application/applixware aw +application/atom+xml atom +application/atomcat+xml atomcat +application/atomicmail +application/atomsvc+xml atomsvc +application/auth-policy+xml +application/batch-smtp +application/beep+xml +application/cals-1840 +application/ccxml+xml ccxml +application/cea-2018+xml +application/cellml+xml +application/cnrp+xml +application/commonground +application/conference-info+xml +application/cpl+xml +application/csta+xml +application/cstadata+xml +application/cu-seeme cu +application/cybercash +application/davmount+xml davmount +application/dca-rft +application/dec-dx +application/dialog-info+xml +application/dicom +application/dns +application/dsptype tsp +application/dvcs +application/ecmascript ecma +application/edi-consent +application/edi-x12 +application/edifact +application/emma+xml emma +application/epp+xml +application/epub+zip epub +application/eshop +application/example +application/fastinfoset +application/fastsoap +application/fits +application/font-tdpfr pfr +application/futuresplash spl +application/h224 +application/hta hta +application/http +application/hyperstudio stk +application/ibe-key-request+xml +application/ibe-pkg-reply+xml +application/ibe-pp-data +application/iges +application/im-iscomposing+xml +application/index +application/index.cmd +application/index.obj +application/index.response +application/index.vnd +application/iotp +application/ipp +application/isup +application/java-archive jar +application/java-serialized-object ser +application/java-vm class +application/javascript js +application/json json +application/kpml-request+xml +application/kpml-response+xml +application/lost+xml lostxml +application/mac-binhex40 hqx +application/mac-compactpro cpt +application/macwriteii +application/marc mrc +application/mathematica ma mb nb +application/mathml+xml mathml +application/mbms-associated-procedure-description+xml +application/mbms-deregister+xml +application/mbms-envelope+xml +application/mbms-msk+xml +application/mbms-msk-response+xml +application/mbms-protection-description+xml +application/mbms-reception-report+xml +application/mbms-register+xml +application/mbms-register-response+xml +application/mbms-user-service-description+xml +application/mbox mbox +application/media_control+xml +application/mediaservercontrol+xml mscml +application/mikey +application/moss-keys +application/moss-signature +application/mosskey-data +application/mosskey-request +application/mp4 mp4s +application/mpeg4-generic +application/mpeg4-iod +application/mpeg4-iod-xmt +application/msaccess mdb +application/msword doc dot +application/mxf mxf +application/nasdata +application/news-checkgroups +application/news-groupinfo +application/news-transmission +application/nss +application/ocsp-request +application/ocsp-response +application/octet-stream bin bpk deploy dist distz dmg dms dump elc iso lha lrf lzh pkg so +application/oda oda +application/oebps-package+xml opf +application/ogg ogg ogx +application/onenote onepkg onetmp onetoc onetoc2 +application/parityfec +application/patch-ops-error+xml xer +application/pdf pdf +application/pgp-encrypted pgp +application/pgp-keys key +application/pgp-signature asc pgp sig +application/pics-rules prf +application/pidf+xml +application/pidf-diff+xml +application/pkcs10 p10 +application/pkcs7-mime p7c p7m +application/pkcs7-signature p7s +application/pkix-cert cer +application/pkix-crl crl +application/pkix-pkipath pkipath +application/pkixcmp pki +application/pls+xml pls +application/poc-settings+xml +application/postscript ai eps ps +application/prs.alvestrand.titrax-sheet +application/prs.cww cww +application/prs.nprend +application/prs.plucker +application/qsig +application/rar rar +application/rdf+xml rdf +application/reginfo+xml rif +application/relax-ng-compact-syntax rnc +application/remote-printing +application/resource-lists+xml rl +application/resource-lists-diff+xml rld +application/riscos +application/rlmi+xml +application/rls-services+xml rs +application/rsd+xml rsd +application/rss+xml rss +application/rtf rtf +application/rtx +application/samlassertion+xml +application/samlmetadata+xml +application/sbml+xml sbml +application/scvp-cv-request scq +application/scvp-cv-response scs +application/scvp-vp-request spq +application/scvp-vp-response spp +application/sdp sdp +application/set-payment +application/set-payment-initiation setpay +application/set-registration +application/set-registration-initiation setreg +application/sgml +application/sgml-open-catalog +application/shf+xml shf +application/sieve +application/simple-filter+xml +application/simple-message-summary +application/simplesymbolcontainer +application/slate +application/smil smi smil +application/smil+xml smi smil +application/soap+fastinfoset +application/soap+xml +application/sparql-query rq +application/sparql-results+xml srx +application/spirits-event+xml +application/srgs gram +application/srgs+xml grxml +application/ssml+xml ssml +application/timestamp-query +application/timestamp-reply +application/tve-trigger +application/ulpfec +application/vemmi +application/vividence.scriptfile +application/vnd.3gpp.bsf+xml +application/vnd.3gpp.pic-bw-large plb +application/vnd.3gpp.pic-bw-small psb +application/vnd.3gpp.pic-bw-var pvb +application/vnd.3gpp.sms +application/vnd.3gpp2.bcmcsinfo+xml +application/vnd.3gpp2.sms +application/vnd.3gpp2.tcap tcap +application/vnd.3m.post-it-notes pwn +application/vnd.accpac.simply.aso aso +application/vnd.accpac.simply.imp imp +application/vnd.acucobol acu +application/vnd.acucorp acutc atc +application/vnd.adobe.air-application-installer-package+zip air +application/vnd.adobe.xdp+xml xdp +application/vnd.adobe.xfdf xfdf +application/vnd.aether.imp +application/vnd.airzip.filesecure.azf azf +application/vnd.airzip.filesecure.azs azs +application/vnd.amazon.ebook azw +application/vnd.americandynamics.acc acc +application/vnd.amiga.ami ami +application/vnd.android.package-archive apk +application/vnd.anser-web-certificate-issue-initiation cii +application/vnd.anser-web-funds-transfer-initiation fti +application/vnd.antix.game-component atx +application/vnd.apple.installer+xml mpkg +application/vnd.arastra.swi swi +application/vnd.audiograph aep +application/vnd.autopackage +application/vnd.avistar+xml +application/vnd.blueice.multipass mpm +application/vnd.bluetooth.ep.oob +application/vnd.bmi bmi +application/vnd.businessobjects rep +application/vnd.cab-jscript +application/vnd.canon-cpdl +application/vnd.canon-lips +application/vnd.cendio.thinlinc.clientconf +application/vnd.chemdraw+xml cdxml +application/vnd.chipnuts.karaoke-mmd mmd +application/vnd.cinderella cdy +application/vnd.cirpack.isdn-ext +application/vnd.claymore cla +application/vnd.clonk.c4group c4d c4f c4g c4p c4u +application/vnd.commerce-battelle +application/vnd.commonspace csp +application/vnd.contact.cmsg cdbcmsg +application/vnd.cosmocaller cmc +application/vnd.crick.clicker clkx +application/vnd.crick.clicker.keyboard clkk +application/vnd.crick.clicker.palette clkp +application/vnd.crick.clicker.template clkt +application/vnd.crick.clicker.wordbank clkw +application/vnd.criticaltools.wbs+xml wbs +application/vnd.ctc-posml pml +application/vnd.ctct.ws+xml +application/vnd.cups-pdf +application/vnd.cups-postscript +application/vnd.cups-ppd ppd +application/vnd.cups-raster +application/vnd.cups-raw +application/vnd.curl.car car +application/vnd.curl.pcurl pcurl +application/vnd.cybank +application/vnd.data-vision.rdz rdz +application/vnd.denovo.fcselayout-link fe_launch +application/vnd.dir-bi.plate-dl-nosuffix +application/vnd.dna dna +application/vnd.dolby.mlp mlp +application/vnd.dolby.mobile.1 +application/vnd.dolby.mobile.2 +application/vnd.dpgraph dpg +application/vnd.dreamfactory dfac +application/vnd.dvb.esgcontainer +application/vnd.dvb.ipdcdftnotifaccess +application/vnd.dvb.ipdcesgaccess +application/vnd.dvb.ipdcroaming +application/vnd.dvb.iptv.alfec-base +application/vnd.dvb.iptv.alfec-enhancement +application/vnd.dvb.notif-aggregate-root+xml +application/vnd.dvb.notif-container+xml +application/vnd.dvb.notif-generic+xml +application/vnd.dvb.notif-ia-msglist+xml +application/vnd.dvb.notif-ia-registration-request+xml +application/vnd.dvb.notif-ia-registration-response+xml +application/vnd.dvb.notif-init+xml +application/vnd.dxr +application/vnd.dynageo geo +application/vnd.ecdis-update +application/vnd.ecowin.chart mag +application/vnd.ecowin.filerequest +application/vnd.ecowin.fileupdate +application/vnd.ecowin.series +application/vnd.ecowin.seriesrequest +application/vnd.ecowin.seriesupdate +application/vnd.emclient.accessrequest+xml +application/vnd.enliven nml +application/vnd.epson.esf esf +application/vnd.epson.msf msf +application/vnd.epson.quickanime qam +application/vnd.epson.salt slt +application/vnd.epson.ssf ssf +application/vnd.ericsson.quickcall +application/vnd.eszigno3+xml es3 et3 +application/vnd.etsi.aoc+xml +application/vnd.etsi.cug+xml +application/vnd.etsi.iptvcommand+xml +application/vnd.etsi.iptvdiscovery+xml +application/vnd.etsi.iptvprofile+xml +application/vnd.etsi.iptvsad-bc+xml +application/vnd.etsi.iptvsad-cod+xml +application/vnd.etsi.iptvsad-npvr+xml +application/vnd.etsi.iptvueprofile+xml +application/vnd.etsi.mcid+xml +application/vnd.etsi.sci+xml +application/vnd.etsi.simservs+xml +application/vnd.eudora.data +application/vnd.ezpix-album ez2 +application/vnd.ezpix-package ez3 +application/vnd.f-secure.mobile +application/vnd.fdf fdf +application/vnd.fdsn.mseed mseed +application/vnd.fdsn.seed dataless seed +application/vnd.ffsns +application/vnd.fints +application/vnd.flographit gph +application/vnd.fluxtime.clip ftc +application/vnd.font-fontforge-sfd +application/vnd.framemaker book fm frame maker +application/vnd.frogans.fnc fnc +application/vnd.frogans.ltf ltf +application/vnd.fsc.weblaunch fsc +application/vnd.fujitsu.oasys oas +application/vnd.fujitsu.oasys2 oa2 +application/vnd.fujitsu.oasys3 oa3 +application/vnd.fujitsu.oasysgp fg5 +application/vnd.fujitsu.oasysprs bh2 +application/vnd.fujixerox.art-ex +application/vnd.fujixerox.art4 +application/vnd.fujixerox.ddd ddd +application/vnd.fujixerox.docuworks xdw +application/vnd.fujixerox.docuworks.binder xbd +application/vnd.fujixerox.hbpl +application/vnd.fut-misnet +application/vnd.fuzzysheet fzs +application/vnd.genomatix.tuxedo txd +application/vnd.geogebra.file ggb +application/vnd.geogebra.tool ggt +application/vnd.geometry-explorer gex gre +application/vnd.gmx gmx +application/vnd.google-earth.kml+xml kml +application/vnd.google-earth.kmz kmz +application/vnd.grafeq gqf gqs +application/vnd.gridmp +application/vnd.groove-account gac +application/vnd.groove-help ghf +application/vnd.groove-identity-message gim +application/vnd.groove-injector grv +application/vnd.groove-tool-message gtm +application/vnd.groove-tool-template tpl +application/vnd.groove-vcard vcg +application/vnd.handheld-entertainment+xml zmm +application/vnd.hbci hbci +application/vnd.hcl-bireports +application/vnd.hhe.lesson-player les +application/vnd.hp-hpgl hpgl +application/vnd.hp-hpid hpid +application/vnd.hp-hps hps +application/vnd.hp-jlyt jlt +application/vnd.hp-pcl pcl +application/vnd.hp-pclxl pclxl +application/vnd.httphone +application/vnd.hydrostatix.sof-data sfd-hdstx +application/vnd.hzn-3d-crossword x3d +application/vnd.ibm.afplinedata +application/vnd.ibm.electronic-media +application/vnd.ibm.minipay mpy +application/vnd.ibm.modcap afp list3820 listafp +application/vnd.ibm.rights-management irm +application/vnd.ibm.secure-container sc +application/vnd.iccprofile icc icm +application/vnd.igloader igl +application/vnd.immervision-ivp ivp +application/vnd.immervision-ivu ivu +application/vnd.informedcontrol.rms+xml +application/vnd.informix-visionary +application/vnd.intercon.formnet xpw xpx +application/vnd.intertrust.digibox +application/vnd.intertrust.nncp +application/vnd.intu.qbo qbo +application/vnd.intu.qfx qfx +application/vnd.iptc.g2.conceptitem+xml +application/vnd.iptc.g2.knowledgeitem+xml +application/vnd.iptc.g2.newsitem+xml +application/vnd.iptc.g2.packageitem+xml +application/vnd.ipunplugged.rcprofile rcprofile +application/vnd.irepository.package+xml irp +application/vnd.is-xpr xpr +application/vnd.jam jam +application/vnd.japannet-directory-service +application/vnd.japannet-jpnstore-wakeup +application/vnd.japannet-payment-wakeup +application/vnd.japannet-registration +application/vnd.japannet-registration-wakeup +application/vnd.japannet-setstore-wakeup +application/vnd.japannet-verification +application/vnd.japannet-verification-wakeup +application/vnd.jcp.javame.midlet-rms rms +application/vnd.jisp jisp +application/vnd.joost.joda-archive joda +application/vnd.kahootz ktr ktz +application/vnd.kde.karbon karbon +application/vnd.kde.kchart chrt +application/vnd.kde.kformula kfo +application/vnd.kde.kivio flw +application/vnd.kde.kontour kon +application/vnd.kde.kpresenter kpr kpt +application/vnd.kde.kspread ksp +application/vnd.kde.kword kwd kwt +application/vnd.kenameaapp htke +application/vnd.kidspiration kia +application/vnd.kinar kne knp +application/vnd.koan skd skm skp skt +application/vnd.kodak-descriptor sse +application/vnd.liberty-request+xml +application/vnd.llamagraphics.life-balance.desktop lbd +application/vnd.llamagraphics.life-balance.exchange+xml lbe +application/vnd.lotus-1-2-3 123 +application/vnd.lotus-approach apr +application/vnd.lotus-freelance pre +application/vnd.lotus-notes nsf +application/vnd.lotus-organizer org +application/vnd.lotus-screencam scm +application/vnd.lotus-wordpro lwp +application/vnd.macports.portpkg portpkg +application/vnd.marlin.drm.actiontoken+xml +application/vnd.marlin.drm.conftoken+xml +application/vnd.marlin.drm.license+xml +application/vnd.marlin.drm.mdcf +application/vnd.mcd mcd +application/vnd.medcalcdata mc1 +application/vnd.mediastation.cdkey cdkey +application/vnd.meridian-slingshot +application/vnd.mfer mwf +application/vnd.mfmp mfm +application/vnd.micrografx.flo flo +application/vnd.micrografx.igx igx +application/vnd.mif mif +application/vnd.minisoft-hp3000-save +application/vnd.mitsubishi.misty-guard.trustweb +application/vnd.mobius.daf daf +application/vnd.mobius.dis dis +application/vnd.mobius.mbk mbk +application/vnd.mobius.mqy mqy +application/vnd.mobius.msl msl +application/vnd.mobius.plc plc +application/vnd.mobius.txf txf +application/vnd.mophun.application mpn +application/vnd.mophun.certificate mpc +application/vnd.motorola.flexsuite +application/vnd.motorola.flexsuite.adsi +application/vnd.motorola.flexsuite.fis +application/vnd.motorola.flexsuite.gotap +application/vnd.motorola.flexsuite.kmr +application/vnd.motorola.flexsuite.ttc +application/vnd.motorola.flexsuite.wem +application/vnd.motorola.iprm +application/vnd.mozilla.xul+xml xul +application/vnd.ms-artgalry cil +application/vnd.ms-asf +application/vnd.ms-cab-compressed cab +application/vnd.ms-excel xla xlb xlc xlm xls xlt xlw +application/vnd.ms-excel.addin.macroenabled.12 xlam +application/vnd.ms-excel.sheet.binary.macroenabled.12 xlsb +application/vnd.ms-excel.sheet.macroenabled.12 xlsm +application/vnd.ms-excel.template.macroenabled.12 xltm +application/vnd.ms-fontobject eot +application/vnd.ms-htmlhelp chm +application/vnd.ms-ims ims +application/vnd.ms-lrm lrm +application/vnd.ms-pki.seccat cat +application/vnd.ms-pki.stl stl +application/vnd.ms-playready.initiator+xml +application/vnd.ms-powerpoint pot pps ppt +application/vnd.ms-powerpoint.addin.macroenabled.12 ppam +application/vnd.ms-powerpoint.presentation.macroenabled.12 pptm +application/vnd.ms-powerpoint.slide.macroenabled.12 sldm +application/vnd.ms-powerpoint.slideshow.macroenabled.12 ppsm +application/vnd.ms-powerpoint.template.macroenabled.12 potm +application/vnd.ms-project mpp mpt +application/vnd.ms-tnef +application/vnd.ms-wmdrm.lic-chlg-req +application/vnd.ms-wmdrm.lic-resp +application/vnd.ms-wmdrm.meter-chlg-req +application/vnd.ms-wmdrm.meter-resp +application/vnd.ms-word.document.macroenabled.12 docm +application/vnd.ms-word.template.macroenabled.12 dotm +application/vnd.ms-works wcm wdb wks wps +application/vnd.ms-wpl wpl +application/vnd.ms-xpsdocument xps +application/vnd.mseq mseq +application/vnd.msign +application/vnd.multiad.creator +application/vnd.multiad.creator.cif +application/vnd.music-niff +application/vnd.musician mus +application/vnd.muvee.style msty +application/vnd.ncd.control +application/vnd.ncd.reference +application/vnd.nervana +application/vnd.netfpx +application/vnd.neurolanguage.nlu nlu +application/vnd.noblenet-directory nnd +application/vnd.noblenet-sealer nns +application/vnd.noblenet-web nnw +application/vnd.nokia.catalogs +application/vnd.nokia.conml+wbxml +application/vnd.nokia.conml+xml +application/vnd.nokia.iptv.config+xml +application/vnd.nokia.isds-radio-presets +application/vnd.nokia.landmark+wbxml +application/vnd.nokia.landmark+xml +application/vnd.nokia.landmarkcollection+xml +application/vnd.nokia.n-gage.ac+xml +application/vnd.nokia.n-gage.data ngdat +application/vnd.nokia.n-gage.symbian.install n-gage +application/vnd.nokia.ncd +application/vnd.nokia.pcd+wbxml +application/vnd.nokia.pcd+xml +application/vnd.nokia.radio-preset rpst +application/vnd.nokia.radio-presets rpss +application/vnd.novadigm.edm edm +application/vnd.novadigm.edx edx +application/vnd.novadigm.ext ext +application/vnd.oasis.opendocument.chart odc +application/vnd.oasis.opendocument.chart-template otc +application/vnd.oasis.opendocument.database odb +application/vnd.oasis.opendocument.formula odf +application/vnd.oasis.opendocument.formula-template odft +application/vnd.oasis.opendocument.graphics odg +application/vnd.oasis.opendocument.graphics-template otg +application/vnd.oasis.opendocument.image odi +application/vnd.oasis.opendocument.image-template oti +application/vnd.oasis.opendocument.presentation odp +application/vnd.oasis.opendocument.presentation-template otp +application/vnd.oasis.opendocument.spreadsheet ods +application/vnd.oasis.opendocument.spreadsheet-template ots +application/vnd.oasis.opendocument.text odt +application/vnd.oasis.opendocument.text-master odm otm +application/vnd.oasis.opendocument.text-template ott +application/vnd.oasis.opendocument.text-web oth +application/vnd.obn +application/vnd.olpc-sugar xo +application/vnd.oma-scws-config +application/vnd.oma-scws-http-request +application/vnd.oma-scws-http-response +application/vnd.oma.bcast.associated-procedure-parameter+xml +application/vnd.oma.bcast.drm-trigger+xml +application/vnd.oma.bcast.imd+xml +application/vnd.oma.bcast.ltkm +application/vnd.oma.bcast.notification+xml +application/vnd.oma.bcast.provisioningtrigger +application/vnd.oma.bcast.sgboot +application/vnd.oma.bcast.sgdd+xml +application/vnd.oma.bcast.sgdu +application/vnd.oma.bcast.simple-symbol-container +application/vnd.oma.bcast.smartcard-trigger+xml +application/vnd.oma.bcast.sprov+xml +application/vnd.oma.bcast.stkm +application/vnd.oma.dcd +application/vnd.oma.dcdc +application/vnd.oma.dd2+xml dd2 +application/vnd.oma.drm.risd+xml +application/vnd.oma.group-usage-list+xml +application/vnd.oma.poc.detailed-progress-report+xml +application/vnd.oma.poc.final-report+xml +application/vnd.oma.poc.groups+xml +application/vnd.oma.poc.invocation-descriptor+xml +application/vnd.oma.poc.optimized-progress-report+xml +application/vnd.oma.xcap-directory+xml +application/vnd.omads-email+xml +application/vnd.omads-file+xml +application/vnd.omads-folder+xml +application/vnd.omaloc-supl-init +application/vnd.openofficeorg.extension oxt +application/vnd.openxmlformats-officedocument.presentationml.presentation pptx +application/vnd.openxmlformats-officedocument.presentationml.slide sldx +application/vnd.openxmlformats-officedocument.presentationml.slideshow ppsx +application/vnd.openxmlformats-officedocument.presentationml.template potx +application/vnd.openxmlformats-officedocument.spreadsheetml.sheet xlsx +application/vnd.openxmlformats-officedocument.spreadsheetml.template xltx +application/vnd.openxmlformats-officedocument.wordprocessingml.document docx +application/vnd.openxmlformats-officedocument.wordprocessingml.template dotx +application/vnd.osa.netdeploy +application/vnd.osgi.bundle +application/vnd.osgi.dp dp +application/vnd.otps.ct-kip+xml +application/vnd.palm oprc pdb pqa +application/vnd.paos.xml +application/vnd.pg.format str +application/vnd.pg.osasli ei6 +application/vnd.piaccess.application-licence +application/vnd.picsel efif +application/vnd.poc.group-advertisement+xml +application/vnd.pocketlearn plf +application/vnd.powerbuilder6 pbd +application/vnd.powerbuilder6-s +application/vnd.powerbuilder7 +application/vnd.powerbuilder7-s +application/vnd.powerbuilder75 +application/vnd.powerbuilder75-s +application/vnd.preminet +application/vnd.previewsystems.box box +application/vnd.proteus.magazine mgz +application/vnd.publishare-delta-tree qps +application/vnd.pvi.ptid1 ptid +application/vnd.pwg-multiplexed +application/vnd.pwg-xhtml-print+xml +application/vnd.qualcomm.brew-app-res +application/vnd.quark.quarkxpress qwd qwt qxb qxd qxl qxt +application/vnd.rapid +application/vnd.recordare.musicxml mxl +application/vnd.recordare.musicxml+xml musicxml +application/vnd.renlearn.rlprint +application/vnd.rim.cod cod +application/vnd.rn-realmedia rm +application/vnd.route66.link66+xml link66 +application/vnd.ruckus.download +application/vnd.s3sms +application/vnd.sbm.cid +application/vnd.sbm.mid2 +application/vnd.scribus +application/vnd.sealed.3df +application/vnd.sealed.csf +application/vnd.sealed.doc +application/vnd.sealed.eml +application/vnd.sealed.mht +application/vnd.sealed.net +application/vnd.sealed.ppt +application/vnd.sealed.tiff +application/vnd.sealed.xls +application/vnd.sealedmedia.softseal.html +application/vnd.sealedmedia.softseal.pdf +application/vnd.seemail see +application/vnd.sema sema +application/vnd.semd semd +application/vnd.semf semf +application/vnd.shana.informed.formdata ifm +application/vnd.shana.informed.formtemplate itp +application/vnd.shana.informed.interchange iif +application/vnd.shana.informed.package ipk +application/vnd.simtech-mindmapper twd twds +application/vnd.smaf mmf +application/vnd.smart.teacher teacher +application/vnd.software602.filler.form+xml +application/vnd.software602.filler.form-xml-zip +application/vnd.solent.sdkm+xml sdkd sdkm +application/vnd.spotfire.dxp dxp +application/vnd.spotfire.sfs sfs +application/vnd.sss-cod +application/vnd.sss-dtf +application/vnd.sss-ntf +application/vnd.stardivision.calc sdc +application/vnd.stardivision.draw sda +application/vnd.stardivision.impress sdd sdp +application/vnd.stardivision.math sdf smf +application/vnd.stardivision.writer sdw vor +application/vnd.stardivision.writer-global sgl +application/vnd.street-stream +application/vnd.sun.wadl+xml +application/vnd.sun.xml.calc sxc +application/vnd.sun.xml.calc.template stc +application/vnd.sun.xml.draw sxd +application/vnd.sun.xml.draw.template std +application/vnd.sun.xml.impress sxi +application/vnd.sun.xml.impress.template sti +application/vnd.sun.xml.math sxm +application/vnd.sun.xml.writer sxw +application/vnd.sun.xml.writer.global sxg +application/vnd.sun.xml.writer.template stw +application/vnd.sus-calendar sus susp +application/vnd.svd svd +application/vnd.swiftview-ics +application/vnd.symbian.install sis sisx +application/vnd.syncml+xml xsm +application/vnd.syncml.dm+wbxml bdm +application/vnd.syncml.dm+xml xdm +application/vnd.syncml.dm.notification +application/vnd.syncml.ds.notification +application/vnd.tao.intent-module-archive tao +application/vnd.tmobile-livetv tmo +application/vnd.trid.tpt tpt +application/vnd.triscape.mxs mxs +application/vnd.trueapp tra +application/vnd.truedoc +application/vnd.ufdl ufd ufdl +application/vnd.uiq.theme utz +application/vnd.umajin umj +application/vnd.unity unityweb +application/vnd.uoml+xml uoml +application/vnd.uplanet.alert +application/vnd.uplanet.alert-wbxml +application/vnd.uplanet.bearer-choice +application/vnd.uplanet.bearer-choice-wbxml +application/vnd.uplanet.cacheop +application/vnd.uplanet.cacheop-wbxml +application/vnd.uplanet.channel +application/vnd.uplanet.channel-wbxml +application/vnd.uplanet.list +application/vnd.uplanet.list-wbxml +application/vnd.uplanet.listcmd +application/vnd.uplanet.listcmd-wbxml +application/vnd.uplanet.signal +application/vnd.vcx vcx +application/vnd.vd-study +application/vnd.vectorworks +application/vnd.vidsoft.vidconference +application/vnd.visio vsd vss vst vsw +application/vnd.visionary vis +application/vnd.vividence.scriptfile +application/vnd.vsf vsf +application/vnd.wap.sic +application/vnd.wap.slc +application/vnd.wap.wbxml wbxml +application/vnd.wap.wmlc wmlc +application/vnd.wap.wmlscriptc wmlsc +application/vnd.webturbo wtb +application/vnd.wfa.wsc +application/vnd.wmc +application/vnd.wmf.bootstrap +application/vnd.wordperfect wpd +application/vnd.wqd wqd +application/vnd.wrq-hp3000-labelled +application/vnd.wt.stf stf +application/vnd.wv.csp+wbxml +application/vnd.wv.csp+xml +application/vnd.wv.ssp+xml +application/vnd.xara xar +application/vnd.xfdl xfdl +application/vnd.xfdl.webform +application/vnd.xmi+xml +application/vnd.xmpie.cpkg +application/vnd.xmpie.dpkg +application/vnd.xmpie.plan +application/vnd.xmpie.ppkg +application/vnd.xmpie.xlim +application/vnd.yamaha.hv-dic hvd +application/vnd.yamaha.hv-script hvs +application/vnd.yamaha.hv-voice hvp +application/vnd.yamaha.openscoreformat osf +application/vnd.yamaha.openscoreformat.osfpvg+xml osfpvg +application/vnd.yamaha.smaf-audio saf +application/vnd.yamaha.smaf-phrase spf +application/vnd.yellowriver-custom-menu cmp +application/vnd.zul zir zirz +application/vnd.zzazz.deck+xml zaz +application/voicexml+xml vxml +application/watcherinfo+xml +application/whoispp-query +application/whoispp-response +application/winhlp hlp +application/wita +application/wordperfect wpd +application/wordperfect5.1 wp5 +application/wsdl+xml wsdl +application/wspolicy+xml wspolicy +application/x-123 wk +application/x-abiword abw +application/x-ace-compressed ace +application/x-apple-diskimage dmg +application/x-authorware-bin aab u32 vox x32 +application/x-authorware-map aam +application/x-authorware-seg aas +application/x-bcpio bcpio +application/x-bittorrent torrent +application/x-bzip bz +application/x-bzip2 boz bz2 +application/x-cdf cdf +application/x-cdlink vcd +application/x-chat chat +application/x-chess-pgn pgn +application/x-compress +application/x-cpio cpio +application/x-csh csh +application/x-debian-package deb udeb +application/x-director cct cst cxt dcr dir dxr fgd swa w3d +application/x-dms dms +application/x-doom wad +application/x-dtbncx+xml ncx +application/x-dtbook+xml dtb +application/x-dtbresource+xml res +application/x-dvi dvi +application/x-flac flac +application/x-font gsf pcf pcf.Z pfa pfb +application/x-font-bdf bdf +application/x-font-dos +application/x-font-framemaker +application/x-font-ghostscript gsf +application/x-font-libgrx +application/x-font-linux-psf psf +application/x-font-otf otf +application/x-font-pcf pcf +application/x-font-snf snf +application/x-font-speedo +application/x-font-sunos-news +application/x-font-ttf ttc ttf +application/x-font-type1 afm pfa pfb pfm +application/x-font-vfont +application/x-freemind mm +application/x-futuresplash spl +application/x-gnumeric gnumeric +application/x-go-sgf sgf +application/x-graphing-calculator gcf +application/x-gtar gtar taz tgz +application/x-gzip +application/x-hdf hdf +application/x-ica ica +application/x-internet-signup ins isp +application/x-iphone iii +application/x-iso9660-image iso +application/x-java-jnlp-file jnlp +application/x-javascript js +application/x-jmol jmz +application/x-kchart chrt +application/x-killustrator kil +application/x-koan skd skm skp skt +application/x-kpresenter kpr kpt +application/x-kspread ksp +application/x-kword kwd kwt +application/x-latex latex +application/x-lha lha +application/x-lzh lzh +application/x-lzx lzx +application/x-maker book fb fbdoc fm frame frm maker +application/x-mif mif +application/x-mobipocket-ebook mobi prc +application/x-ms-application application +application/x-ms-wmd wmd +application/x-ms-wmz wmz +application/x-ms-xbap xbap +application/x-msaccess mdb +application/x-msbinder obd +application/x-mscardfile crd +application/x-msclip clp +application/x-msdos-program bat com dll exe +application/x-msdownload bat com dll exe msi +application/x-msi msi +application/x-msmediaview m13 m14 mvb +application/x-msmetafile wmf +application/x-msmoney mny +application/x-mspublisher pub +application/x-msschedule scd +application/x-msterminal trm +application/x-mswrite wri +application/x-netcdf cdf nc +application/x-ns-proxy-autoconfig pac +application/x-nwc nwc +application/x-object o +application/x-oz-application oza +application/x-pkcs12 p12 pfx +application/x-pkcs7-certificates p7b spc +application/x-pkcs7-certreqresp p7r +application/x-pkcs7-crl crl +application/x-python-code pyc pyo +application/x-quicktimeplayer qtl +application/x-rar-compressed rar +application/x-redhat-package-manager rpm +application/x-sh sh +application/x-shar shar +application/x-shockwave-flash swf swfl +application/x-silverlight-app xap +application/x-stuffit sit sitx +application/x-stuffitx sitx +application/x-sv4cpio sv4cpio +application/x-sv4crc sv4crc +application/x-tar tar +application/x-tcl tcl +application/x-tex tex +application/x-tex-gf gf +application/x-tex-pk pk +application/x-tex-tfm tfm +application/x-texinfo texi texinfo +application/x-trash % bak old sik ~ +application/x-troff roff t tr +application/x-troff-man man +application/x-troff-me me +application/x-troff-ms ms +application/x-ustar ustar +application/x-wais-source src +application/x-wingz wz +application/x-x509-ca-cert crt der +application/x-xcf xcf +application/x-xfig fig +application/x-xpinstall xpi +application/x400-bp +application/xcap-att+xml +application/xcap-caps+xml +application/xcap-el+xml +application/xcap-error+xml +application/xcap-ns+xml +application/xcon-conference-info+xml +application/xcon-conference-info-diff+xml +application/xenc+xml xenc +application/xhtml+xml xht xhtml +application/xhtml-voice+xml +application/xml xml xsl +application/xml-dtd dtd +application/xml-external-parsed-entity +application/xmpp+xml +application/xop+xml xop +application/xslt+xml xslt +application/xspf+xml xspf +application/xv+xml mxml xhvml xvm xvml +application/zip zip +audio/32kadpcm +audio/3gpp +audio/3gpp2 +audio/ac3 +audio/adpcm adp +audio/amr +audio/amr-wb +audio/amr-wb+ +audio/asc +audio/basic au snd +audio/bv16 +audio/bv32 +audio/clearmode +audio/cn +audio/dat12 +audio/dls +audio/dsr-es201108 +audio/dsr-es202050 +audio/dsr-es202211 +audio/dsr-es202212 +audio/dvi4 +audio/eac3 +audio/evrc +audio/evrc-qcp +audio/evrc0 +audio/evrc1 +audio/evrcb +audio/evrcb0 +audio/evrcb1 +audio/evrcwb +audio/evrcwb0 +audio/evrcwb1 +audio/example +audio/g719 +audio/g722 +audio/g7221 +audio/g723 +audio/g726-16 +audio/g726-24 +audio/g726-32 +audio/g726-40 +audio/g728 +audio/g729 +audio/g7291 +audio/g729d +audio/g729e +audio/gsm +audio/gsm-efr +audio/ilbc +audio/l16 +audio/l20 +audio/l24 +audio/l8 +audio/lpc +audio/midi kar mid midi rmi +audio/mobile-xmf +audio/mp4 mp4a +audio/mp4a-latm +audio/mpa +audio/mpa-robust +audio/mpeg m2a m3a m4a mp2 mp2a mp3 mpega mpga +audio/mpeg4-generic +audio/mpegurl m3u +audio/ogg oga ogg spx +audio/parityfec +audio/pcma +audio/pcma-wb +audio/pcmu +audio/pcmu-wb +audio/prs.sid sid +audio/qcelp +audio/red +audio/rtp-enc-aescm128 +audio/rtp-midi +audio/rtx +audio/smv +audio/smv-qcp +audio/smv0 +audio/sp-midi +audio/t140c +audio/t38 +audio/telephone-event +audio/tone +audio/ulpfec +audio/vdvi +audio/vmr-wb +audio/vnd.3gpp.iufp +audio/vnd.4sb +audio/vnd.audiokoz +audio/vnd.celp +audio/vnd.cisco.nse +audio/vnd.cmles.radio-events +audio/vnd.cns.anp1 +audio/vnd.cns.inf1 +audio/vnd.digital-winds eol +audio/vnd.dlna.adts +audio/vnd.dolby.heaac.1 +audio/vnd.dolby.heaac.2 +audio/vnd.dolby.mlp +audio/vnd.dolby.mps +audio/vnd.dolby.pl2 +audio/vnd.dolby.pl2x +audio/vnd.dolby.pl2z +audio/vnd.dts dts +audio/vnd.dts.hd dtshd +audio/vnd.everad.plj +audio/vnd.hns.audio +audio/vnd.lucent.voice lvp +audio/vnd.ms-playready.media.pya pya +audio/vnd.nokia.mobile-xmf +audio/vnd.nortel.vbk +audio/vnd.nuera.ecelp4800 ecelp4800 +audio/vnd.nuera.ecelp7470 ecelp7470 +audio/vnd.nuera.ecelp9600 ecelp9600 +audio/vnd.octel.sbc +audio/vnd.qcelp +audio/vnd.rhetorex.32kadpcm +audio/vnd.sealedmedia.softseal.mpeg +audio/vnd.vmx.cvsd +audio/vorbis +audio/vorbis-config +audio/x-aac aac +audio/x-aiff aif aifc aiff +audio/x-gsm gsm +audio/x-mpegurl m3u +audio/x-ms-wax wax +audio/x-ms-wma wma +audio/x-pn-realaudio ra ram rm +audio/x-pn-realaudio-plugin rmp +audio/x-realaudio ra +audio/x-scpls pls +audio/x-sd2 sd2 +audio/x-wav wav +chemical/x-alchemy alc +chemical/x-cache cac cache +chemical/x-cache-csf csf +chemical/x-cactvs-binary cascii cbin ctab +chemical/x-cdx cdx +chemical/x-cerius cer +chemical/x-chem3d c3d +chemical/x-chemdraw chm +chemical/x-cif cif +chemical/x-cmdf cmdf +chemical/x-cml cml +chemical/x-compass cpa +chemical/x-crossfire bsd +chemical/x-csml csm csml +chemical/x-ctx ctx +chemical/x-cxf cef cxf +chemical/x-embl-dl-nucleotide emb embl +chemical/x-galactic-spc spc +chemical/x-gamess-input gam gamin inp +chemical/x-gaussian-checkpoint fch fchk +chemical/x-gaussian-cube cub +chemical/x-gaussian-input gau gjc gjf +chemical/x-gaussian-log gal +chemical/x-gcg8-sequence gcg +chemical/x-genbank gen +chemical/x-hin hin +chemical/x-isostar ist istr +chemical/x-jcamp-dx dx jdx +chemical/x-kinemage kin +chemical/x-macmolecule mcm +chemical/x-macromodel-input mmd mmod +chemical/x-mdl-molfile mol +chemical/x-mdl-rdfile rd +chemical/x-mdl-rxnfile rxn +chemical/x-mdl-sdfile sd sdf +chemical/x-mdl-tgf tgf +chemical/x-mmcif mcif +chemical/x-mol2 mol2 +chemical/x-molconn-Z b +chemical/x-mopac-graph gpt +chemical/x-mopac-input dat mop mopcrt mpc zmt +chemical/x-mopac-out moo +chemical/x-mopac-vib mvb +chemical/x-ncbi-asn1 asn +chemical/x-ncbi-asn1-ascii ent prt +chemical/x-ncbi-asn1-binary aso val +chemical/x-ncbi-asn1-spec asn +chemical/x-pdb ent pdb +chemical/x-rosdal ros +chemical/x-swissprot sw +chemical/x-vamas-iso14976 vms +chemical/x-vmd vmd +chemical/x-xtel xtel +chemical/x-xyz xyz +image/bmp bmp +image/cgm cgm +image/example +image/fits +image/g3fax g3 +image/gif gif +image/ief ief +image/jp2 +image/jpeg jpe jpeg jpg +image/jpm +image/jpx +image/naplps +image/pcx pcx +image/png png +image/prs.btif btif +image/prs.pti +image/svg+xml svg svgz +image/t38 +image/tiff tif tiff +image/tiff-fx +image/vnd.adobe.photoshop psd +image/vnd.cns.inf2 +image/vnd.djvu djv djvu +image/vnd.dwg dwg +image/vnd.dxf dxf +image/vnd.fastbidsheet fbs +image/vnd.fpx fpx +image/vnd.fst fst +image/vnd.fujixerox.edmics-mmr mmr +image/vnd.fujixerox.edmics-rlc rlc +image/vnd.globalgraphics.pgb +image/vnd.microsoft.icon +image/vnd.mix +image/vnd.ms-modi mdi +image/vnd.net-fpx npx +image/vnd.radiance +image/vnd.sealed.png +image/vnd.sealedmedia.softseal.gif +image/vnd.sealedmedia.softseal.jpg +image/vnd.svf +image/vnd.wap.wbmp wbmp +image/vnd.xiff xif +image/x-cmu-raster ras +image/x-cmx cmx +image/x-coreldraw cdr +image/x-coreldrawpattern pat +image/x-coreldrawtemplate cdt +image/x-corelphotopaint cpt +image/x-freehand fh fh4 fh5 fh7 fhc +image/x-icon ico +image/x-jg art +image/x-jng jng +image/x-ms-bmp bmp +image/x-pcx pcx +image/x-photoshop psd +image/x-pict pct pic +image/x-portable-anymap pnm +image/x-portable-bitmap pbm +image/x-portable-graymap pgm +image/x-portable-pixmap ppm +image/x-rgb rgb +image/x-xbitmap xbm +image/x-xpixmap xpm +image/x-xwindowdump xwd +message/cpim +message/delivery-status +message/disposition-notification +message/example +message/external-body +message/global +message/global-delivery-status +message/global-disposition-notification +message/global-headers +message/http +message/imdn+xml +message/news +message/partial +message/rfc822 eml mime +message/s-http +message/sip +message/sipfrag +message/tracking-status +message/vnd.si.simp +model/example +model/iges iges igs +model/mesh mesh msh silo +model/vnd.dwf dwf +model/vnd.flatland.3dml +model/vnd.gdl gdl +model/vnd.gs-gdl +model/vnd.gs.gdl +model/vnd.gtw gtw +model/vnd.moml+xml +model/vnd.mts mts +model/vnd.parasolid.transmit.binary +model/vnd.parasolid.transmit.text +model/vnd.vtu vtu +model/vrml vrml wrl +multipart/alternative +multipart/appledouble +multipart/byteranges +multipart/digest +multipart/encrypted +multipart/example +multipart/form-data +multipart/header-set +multipart/mixed +multipart/parallel +multipart/related +multipart/report +multipart/signed +multipart/voice-message +text/calendar ics icz ifb +text/comma-separated-values csv +text/css css +text/csv csv +text/directory +text/dns +text/ecmascript +text/enriched +text/example +text/h323 323 +text/html htm html shtml +text/iuls uls +text/javascript +text/mathml mml +text/parityfec +text/plain asc conf def diff in list log pot text txt +text/prs.fallenstein.rst +text/prs.lines.tag dsc +text/red +text/rfc822-headers +text/richtext rtx +text/rtf rtf +text/rtp-enc-aescm128 +text/rtx +text/scriptlet sct wsc +text/sgml sgm sgml +text/t140 +text/tab-separated-values tsv +text/texmacs tm ts +text/troff man me ms roff t tr +text/ulpfec +text/uri-list uri uris urls +text/vnd.abc +text/vnd.curl curl +text/vnd.curl.dcurl dcurl +text/vnd.curl.mcurl mcurl +text/vnd.curl.scurl scurl +text/vnd.dmclientscript +text/vnd.esmertec.theme-descriptor +text/vnd.fly fly +text/vnd.fmi.flexstor flx +text/vnd.graphviz gv +text/vnd.in3d.3dml 3dml +text/vnd.in3d.spot spot +text/vnd.iptc.newsml +text/vnd.iptc.nitf +text/vnd.latex-z +text/vnd.motorola.reflex +text/vnd.ms-mediapackage +text/vnd.net2phone.commcenter.command +text/vnd.si.uricatalogue +text/vnd.sun.j2me.app-descriptor jad +text/vnd.trolltech.linguist +text/vnd.wap.si +text/vnd.wap.sl +text/vnd.wap.wml wml +text/vnd.wap.wmlscript wmls +text/x-asm asm s +text/x-bibtex bib +text/x-c c cc cpp cxx dic h hh +text/x-c++hdr h++ hh hpp hxx +text/x-c++src c++ cc cpp cxx +text/x-chdr h +text/x-csh csh +text/x-csrc c +text/x-fortran f f77 f90 for +text/x-haskell hs +text/x-java java +text/x-java-source java +text/x-literate-haskell lhs +text/x-moc moc +text/x-pascal p pas +text/x-pcs-gcd gcd +text/x-perl pl pm +text/x-psp psp +text/x-python py +text/x-setext etx +text/x-sh sh +text/x-tcl tcl tk +text/x-tex cls ltx sty tex +text/x-uuencode uu +text/x-vcalendar vcs +text/x-vcard vcf +text/xml +text/xml-external-parsed-entity +video/3gpp 3gp +video/3gpp-tt +video/3gpp2 3g2 +video/bmpeg +video/bt656 +video/celb +video/dl dl +video/dv dif dv +video/example +video/fli fli +video/gl gl +video/h261 h261 +video/h263 h263 +video/h263-1998 +video/h263-2000 +video/h264 h264 +video/jpeg jpgv +video/jpeg2000 +video/jpm jpgm jpm +video/mj2 mj2 mjp2 +video/mp1s +video/mp2p +video/mp2t +video/mp4 mp4 mp4v mpg4 +video/mp4v-es +video/mpeg m1v m2v mpe mpeg mpg +video/mpeg4-generic +video/mpv +video/nv +video/ogg ogv +video/parityfec +video/pointer +video/quicktime mov qt +video/raw +video/rtp-enc-aescm128 +video/rtx +video/smpte292m +video/ulpfec +video/vc1 +video/vnd.cctv +video/vnd.dlna.mpeg-tts +video/vnd.fvt fvt +video/vnd.hns.video +video/vnd.iptvforum.1dparityfec-1010 +video/vnd.iptvforum.1dparityfec-2005 +video/vnd.iptvforum.2dparityfec-1010 +video/vnd.iptvforum.2dparityfec-2005 +video/vnd.iptvforum.ttsavc +video/vnd.iptvforum.ttsmpeg2 +video/vnd.motorola.video +video/vnd.motorola.videop +video/vnd.mpegurl m4u mxu +video/vnd.ms-playready.media.pyv pyv +video/vnd.nokia.interleaved-multimedia +video/vnd.nokia.videovoip +video/vnd.objectvideo +video/vnd.sealed.mpeg1 +video/vnd.sealed.mpeg4 +video/vnd.sealed.swf +video/vnd.sealedmedia.softseal.mov +video/vnd.vivo viv +video/x-f4v f4v +video/x-fli fli +video/x-flv flv +video/x-la-asf lsf lsx +video/x-m4v m4v +video/x-mng mng +video/x-ms-asf asf asx +video/x-ms-wm wm +video/x-ms-wmv wmv +video/x-ms-wmx wmx +video/x-ms-wvx wvx +video/x-msvideo avi +video/x-sgi-movie movie +x-conference/x-cooltalk ice +x-world/x-vrml vrm vrml wrl diff --git a/mke2fs.conf b/mke2fs.conf new file mode 100644 index 0000000..52fe58e --- /dev/null +++ b/mke2fs.conf @@ -0,0 +1,44 @@ +[defaults] + base_features = sparse_super,filetype,resize_inode,dir_index,ext_attr + blocksize = 4096 + inode_size = 256 + inode_ratio = 16384 + +[fs_types] + ext3 = { + features = has_journal + } + ext4 = { + features = has_journal,extent,huge_file,flex_bg,uninit_bg,dir_nlink,extra_isize + inode_size = 256 + } + ext4dev = { + features = has_journal,extent,huge_file,flex_bg,uninit_bg,dir_nlink,extra_isize + inode_size = 256 + options = test_fs=1 + } + small = { + blocksize = 1024 + inode_size = 128 + inode_ratio = 4096 + } + floppy = { + blocksize = 1024 + inode_size = 128 + inode_ratio = 8192 + } + news = { + inode_ratio = 4096 + } + largefile = { + inode_ratio = 1048576 + blocksize = -1 + } + largefile4 = { + inode_ratio = 4194304 + blocksize = -1 + } + hurd = { + blocksize = 4096 + inode_size = 128 + } diff --git a/mlocate-cron.conf b/mlocate-cron.conf new file mode 100644 index 0000000..f207344 --- /dev/null +++ b/mlocate-cron.conf @@ -0,0 +1,9 @@ +# nice value to run at: see -n in nice(1) +NICE="19" + +# ionice class to run at: see -c in ionice(1) +# you have to install sys-apps/util-linux manually +IONICE_CLASS="2" + +# ionice priority to run at: see -n in ionice(1) +IONICE_PRIORITY="7" diff --git a/motd b/motd new file mode 100644 index 0000000..2cc520e --- /dev/null +++ b/motd @@ -0,0 +1,15 @@ +Linux helga 3.0.6-gentoo #1 SMP Wed Oct 26 22:31:04 CEST 2011 x86_64 Quad-Core AMD Opteron(tm) Processor 1381 AuthenticAMD GNU/Linux +Gentoo Base System release 2.0.3 + ## ## ### + ## ## ## + ## ## #### ## ##### ##### + ###### ## ## ## ## ## ## ## + ## ## ######## ## ## ## ## ## +## ## ## ## ###### ## ### +## ## #### #### ## ### ## + ##### + +Nimm die Schaufel nicht so voll, wenn die Arbeit reichen soll. + +Today is Pungenday, the 51st day of The Aftermath in the YOLD 3177 + diff --git a/motd.1 b/motd.1 new file mode 100644 index 0000000..451ded3 --- /dev/null +++ b/motd.1 @@ -0,0 +1,16 @@ +Linux helga 3.0.6-gentoo #1 SMP Wed Oct 26 22:31:04 CEST 2011 x86_64 Quad-Core AMD Opteron(tm) Processor 1381 AuthenticAMD GNU/Linux +Gentoo Base System release 2.0.3 + ## ## ### + ## ## ## + ## ## #### ## ##### ##### + ###### ## ## ## ## ## ## ## + ## ## ######## ## ## ## ## ## +## ## ## ## ###### ## ### +## ## #### #### ## ### ## + ##### + +Die meisten Memoiren sind ein Make-up aus Worten. + -- Norman Mailer + +Today is Sweetmorn, the 9th day of The Aftermath in the YOLD 3177 + diff --git a/motd.tail b/motd.tail new file mode 100644 index 0000000..e3f0790 --- /dev/null +++ b/motd.tail @@ -0,0 +1,8 @@ + ## ## ### + ## ## ## + ## ## #### ## ##### ##### + ###### ## ## ## ## ## ## ## + ## ## ######## ## ## ## ## ## +## ## ## ## ###### ## ### +## ## #### #### ## ### ## + ##### diff --git a/mtab b/mtab new file mode 100644 index 0000000..b40eecf --- /dev/null +++ b/mtab @@ -0,0 +1,21 @@ +rootfs / rootfs rw 0 0 +/dev/root / ext3 rw,noatime,errors=continue,user_xattr,acl,barrier=0,data=writeback 0 0 +proc /proc proc rw,nosuid,nodev,noexec,relatime 0 0 +rc-svcdir /lib64/rc/init.d tmpfs rw,nosuid,nodev,noexec,relatime,size=1024k,mode=755 0 0 +sysfs /sys sysfs rw,nosuid,nodev,noexec,relatime 0 0 +debugfs /sys/kernel/debug debugfs rw,nosuid,nodev,noexec,relatime 0 0 +udev /dev tmpfs rw,nosuid,relatime,size=10240k,mode=755 0 0 +devpts /dev/pts devpts rw,nosuid,noexec,relatime,gid=5,mode=620 0 0 +shm /dev/shm tmpfs rw,nosuid,nodev,noexec,relatime 0 0 +/dev/mapper/vg0-tmp /tmp ext4 rw,noatime 0 0 +/dev/mapper/vg0-usr /usr ext4 rw,acl,user_xattr 0 0 +/dev/mapper/vg0-var /var ext4 rw,acl,user_xattr 0 0 +/dev/mapper/vg0-opt /opt ext4 rw,acl,user_xattr 0 0 +/dev/mapper/vg0-home /home ext4 rw,acl,user_xattr,usrjquota=aquota.user,grpjquota=aquota.group,jqfmt=vfsv0 0 0 +/dev/mapper/vg0-var_tmp /var/tmp ext4 rw,noatime 0 0 +/dev/mapper/vg0-www /var/www ext4 rw,acl,user_xattr 0 0 +/dev/mapper/vg0-var_lib /var/lib ext4 rw,noatime,acl,user_xattr 0 0 +/dev/mapper/vg0-backup /var/backup ext4 rw,noatime,acl,user_xattr 0 0 +/dev/mapper/vg0-portage /usr/portage ext4 rw,noatime 0 0 +/dev/mapper/vg0-distfiles /usr/portage/distfiles ext4 rw,noatime 0 0 +binfmt_misc /proc/sys/fs/binfmt_misc binfmt_misc rw,noexec,nosuid,nodev 0 0 diff --git a/nail.rc b/nail.rc new file mode 100644 index 0000000..2250967 --- /dev/null +++ b/nail.rc @@ -0,0 +1,70 @@ +# This is the configuration file for Heirloom mailx (formerly +# known under the name "nail". +# See mailx(1) for further options. +# This file is not overwritten when 'make install' is run in +# the mailx build process again. + +# Sccsid @(#)nail.rc 2.10 (gritter) 3/4/06 + +# Do not forward to mbox by default since this is likely to be +# irritating for most users today. +set hold + +# Append rather than prepend when writing to mbox automatically. +# This has no effect unless 'hold' is unset again. +set append + +# Ask for a message subject. +set ask + +# Assume a CRT-like terminal and invoke a pager. +set crt + +# Messages may be terminated by a dot. +set dot + +# Do not remove empty mail folders in the spool directory. +# This may be relevant for privacy since other users could +# otherwise create them with different permissions. +set keep + +# Do not remove empty private mail folders. +set emptybox + +# Quote the original message in replies by "> " as usual on the Internet. +set indentprefix="> " + +# Automatically quote the text of the message that is responded to. +set quote + +# Outgoing messages are sent in ISO-8859-1 if all their characters are +# representable in it, otherwise in UTF-8. +set sendcharsets=iso-8859-1,utf-8 + +# Display sender's real names in header summaries. +set showname + +# Display the recipients of messages sent by the user himself in +# header summaries. +set showto + +# Automatically check for new messages at each prompt, but avoid polling +# of IMAP servers or maildir folders. +set newmail=nopoll + +# If threaded mode is activated, automatically collapse thread. +set autocollapse + +# Hide some header fields which are uninteresting for most human readers. +ignore received in-reply-to message-id references +ignore mime-version content-transfer-encoding + +# Only include selected header fields when forwarding messages. +fwdretain subject date from to + +# Use the local sendmail (/usr/sbin/sendmail) binary by default. +# (Uncomment the following line to use a SMTP server) +#set smtp=localhost + +# Ask for CC: list too. +set askcc diff --git a/nanorc b/nanorc new file mode 100644 index 0000000..746ccf2 --- /dev/null +++ b/nanorc @@ -0,0 +1,312 @@ +## Sample initialization file for GNU nano. +## +## Please note that you must have configured nano with --enable-nanorc +## for this file to be read! Also note that this file should not be in +## DOS or Mac format, and that characters specially interpreted by the +## shell should not be escaped here. +## +## To make sure a value is disabled, use "unset