Dear list,
I am running amavis at mail01.dxtribute.net and basically it runs /
scans fine. We decided that it would be "best" for our users to get any
spam and virus they want but to warn them by tagging and defang. I know
its not a good idea to let a virus pass but thats not the topic.
for [EMAIL PROTECTED] defanging and tagging works fine. To test
this I use heise.de eicar test and the mail looks like this
--------------------------------------------
X-Amavis-Modified: Mail body modified (defanged) by mail01.dxtribute.net
X-Virus-Scanned: Debian amavisd-new at mail01.dxtribute.net
X-Amavis-Alert: INFECTED, message contains virus: Eicar-Test-Signature
X-Amavis-Alert: BANNED, message contains part: multipart/mixed |
application/octet-stream,.asc,eicar.com
X-Spam-Flag: NO
X-Spam-Score: 0
X-Spam-Level: X-Spam-Status: No, score=x required=6.31 tests=[]
Received: from mail01.dxtribute.net ([127.0.0.1])
by localhost (mail01.dxtribute.net [127.0.0.1]) (amavisd-new, port
10024)
with ESMTP id WZqm4kgcDt2T for <[EMAIL PROTECTED]>;
Wed, 21 May 2008 15:33:05 +0200 (CEST)
Content-Type: multipart/mixed; boundary="----------=_1211376785-24991-1"
Content-Transfer-Encoding: binary
MIME-Version: 1.0
Subject: ### VIRUS ### c't-Emailcheck: EICAR (ozcdnia)
--------------------------------------------
If I use any other address nothing changes but the headers.
--------------------------------------------
X-Virus-Scanned: Debian amavisd-new at mail01.dxtribute.net
X-Amavis-Alert: INFECTED, message contains virus: Eicar-Test-Signature
X-Amavis-Alert: BANNED, message contains part: multipart/mixed |
application/octet-stream,.asc,eicar.com
Received: from mail01.dxtribute.net ([127.0.0.1])
by localhost (mail01.dxtribute.net [127.0.0.1]) (amavisd-new, port
10024)
with ESMTP id e4d7in9Gd6VK for <[EMAIL PROTECTED]>;
Wed, 21 May 2008 15:33:21 +0200 (CEST)
Received: from web.heise.de (web.heise.de [193.99.144.71])
by mail01.dxtribute.net (Postfix) with ESMTP id A0F7D10D010B
for <[EMAIL PROTECTED]>; Wed, 21 May 2008 15:33:21 +0200 (CEST)
Received: from runwww by web.heise.de with local (Exim 4.63)
(envelope-from <[EMAIL PROTECTED]>)
id 1JyoRV-0002O8-DX
for [EMAIL PROTECTED]; Wed, 21 May 2008 15:33:21 +0200
From: Heise emailcheck <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Mailer: Heise emailcheck 1.18
Subject: c't-Emailcheck: EICAR (attqqjt)
--------------------------------------------
I really do not understand why nothing happens.
I am running Version 2.6.0 on a debian etch / postfix
mail01:/etc/amavis/conf.d# amavisd-new debug
May 21 16:02:10.480 mail01.dxtribute.net /usr/sbin/amavisd-new[27524]:
Valid PID file (younger than sys uptime 2 3:27:00)
The amavisd daemon is already running, PID: [26147]
This is my user config. Everything else is debian default:
--------------------------------------------
use strict;
#
# Place your configuration directives here. They will override those in
# earlier files.
#
# See /usr/share/doc/amavisd-new/ for documentation and examples of
# the directives you can use in this file
#
# nice to have $log_level (1-5) available:
$log_level = 1;
# explicitly set $mydomain and $myhostname:
$mydomain = 'mail01.dxtribute.net';
$myhostname = 'mail01.dxtribute.net';
# Set number of processes. Rough guide for dual processor, 1GB = 6, 2GB
= 12, 4GB = 24
# you MUST also change maxproc for the smtp-amavis transport to match
this number, e.g:
# smtp-amavis unix - - n - 6 smtp
$max_servers = 6;
# We discard (and quarantine) viruses, discard (and quarantine) spam (>=
kill_level),
# bounce (and quarantine) banned files and pass bad headers:
$final_virus_destiny = D_PASS;
$final_banned_destiny = D_PASS;
$final_spam_destiny = D_PASS;
$final_bad_header_destiny = D_PASS;
# don't quarantine bad headers (no need since we pass them all):
$bad_header_quarantine_to = undef;
$QUARANTINEDIR = undef;
# Spam gets the Subject line prepended with:
$sa_spam_subject_tag = '### SPAM ### ';
$undecipherable_subject_tag = '### UNCHECKED ### ';
$subject_tag_maps_by_ccat{+CC_VIRUS} = [ '### VIRUS ### ' ];
$subject_tag_maps_by_ccat{+CC_BANNED} = [ '### VIRUS ### ' ];
# %subject_tag_maps_by_ccat = (
# CC_VIRUS, [ '***INFECTED*** ' ],
# CC_BANNED, undef,
# CC_UNCHECKED, sub { [ c('undecipherable_subject_tag') ] }, # not
by-recip
# CC_SPAM, undef,
# CC_SPAMMY.',1',sub { ca('spam_subject_tag3_maps') },
# CC_SPAMMY, sub { ca('spam_subject_tag2_maps') },
# CC_CLEAN.',1', sub { ca('spam_subject_tag_maps') },
# );
# We tag all headers (for 'local' domains) with X-Spam info:
$sa_tag_level_deflt = undef;
# This is the system default spam tag level
$sa_tag2_level_deflt = 6.31;
#$warnbannedrecip = 1;
$defang_banned = 1;
$defang_virus = 1;
$defang_undecipherable = 1;
# $defang_bad_header = undef;
#$defang_spam = 1;
@mynetworks = qw( 127.0.0.0/8 [::1] [FE80::]/10 [FEC0::]/10
10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 );
$inet_socket_port = [10024, 10026];
$inet_socket_bind = '127.0.0.1';
#virus / spam lovers
@bypass_header_checks_acl = qw( [EMAIL PROTECTED]
[EMAIL PROTECTED] .somedomain.de );
@bypass_virus_checks_acl = qw( [EMAIL PROTECTED]
[EMAIL PROTECTED] );
@bypass_spam_checks_acl = qw( [EMAIL PROTECTED]
[EMAIL PROTECTED] .somedomain.de );
#----------------------------------------------------------
#------------ Do not modify anything below this line -------------
1; # insure a defined return
Thanks a lot,
Karsten
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
AMaViS-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
