On Fri, Dec 12, 2003 at 11:46:36AM +0700, Anwar Purnomo wrote:Untuk setting amavisd.conf $MYHOME masih dalam keadaan di comment
Ini adalah settingan clamav.confbagaimana dengan setting amavisd anda? terutama $MYHOME
LogFile /tmp/clamd.log LogFileMaxSize 2M LogTime LogSyslog LogVerbose PidFile /var/run/clamd.pid LocalSocket /tmp/clamd MaxDirectoryRecursion 15 User amavis ScanMail ScanArchive ArchiveMaxFileSize 10M ArchiveMaxRecursion 5 ArchiveMaxFiles 1000 ClamukoScanOnOpen ClamukoScanOnClose ClamukoScanOnExec ClamukoIncludePath /home ClamukoMaxFileSize 1M ClamukoScanArchive
Clam Av yg saya gunakan versi yg 0.65, saya install ini karena di situs katanya database virunya sudah berubah ...
#$MYHOME = '/var/lib/amavis'; # (default is '/var/amavis') lengkapnya ada di bawah, maaf jika kebanyakan :
use strict;
#$MYHOME = '/var/lib/amavis'; # (default is '/var/amavis') $mydomain = 'mydomain.com'; # (no useful default) $daemon_user = 'amavis'; # (no default; customary: vscan or amavis) $daemon_group = 'amavis'; # (no default; customary: vscan or amavis) $TEMPBASE = $MYHOME; # (must be set if other config vars use is) $ENV{TMPDIR} = $TEMPBASE; # wise, but usually not necessary $max_servers = 2; # number of pre-forked children (default 2) $max_requests = 10; # retire a child after that many accepts (default 10)
$child_timeout=5*60; # abort child if it does not complete each task in n sec # (default: 8*60 seconds) $unix_socketname = "$MYHOME/amavisd.sock"; # amavis helper protocol socket $inet_socket_port = 10024; # accept SMTP on this local TCP port # (default is undef, i.e. disabled) @inet_acl = qw( 127.0.0.1 ); # allow SMTP access only from localhost IP # (default is qw( 127.0.0.1 ) ) $DO_SYSLOG = 1; # (defaults to false) $LOGFILE = "$MYHOME/amavis.log"; # (defaults to empty, no log) $log_level = 2; # (defaults to 0) $log_templ = '[? %#V |[? %#F |[?%#D|Not-Delivered|Passed]|BANNED name/type (%F)]|INFECTED (%V)], # <%o> -> [<%R>|,][? %i ||, quarantine %i], Message-ID: %m, Hits: %c'; $final_virus_destiny = D_BOUNCE; # (defaults to D_BOUNCE) $final_banned_destiny = D_BOUNCE; # (defaults to D_BOUNCE) $final_spam_destiny = D_REJECT; # (defaults to D_REJECT) $final_bad_header_destiny = D_PASS; # (defaults to D_PASS), D_BOUNCE suggested $viruses_that_fake_sender_re = new_RE( qr'nimda|hybris|klez|bugbear|yaha|braid|sobig|fizzer|palyh|peido|holar'i, qr'tanatos|lentin|bridex|mimail|trojan\.dropper|dumaru|parite|gibe|swen'i, [qr'^(EICAR\.COM|Joke\.|Junk\.)'i => 0], [qr'^(WM97|OF97|W95/CIH-|JS/Fortnight)'i => 0], # [qr/.*/ => 1], # true by default? ); $virus_admin = "[EMAIL PROTECTED]"; $spam_admin = "[EMAIL PROTECTED]"; $mailfrom_notify_admin = "[EMAIL PROTECTED]"; $mailfrom_notify_recip = "[EMAIL PROTECTED]"; $mailfrom_notify_spamadmin = "[EMAIL PROTECTED]"; $mailfrom_to_quarantine = undef; # original sender if undef, or set explicitly # (default is undef) $QUARANTINEDIR = '/var/virusmails'; $spam_quarantine_to = 'spam-quarantine'; $X_HEADER_TAG = 'X-Virus-Scanned'; # (default: undef) $X_HEADER_LINE = "by amavisd-new at $mydomain";
$remove_existing_x_scanned_headers = 0; # leave existing X-Virus-Scanned alone $remove_existing_spam_headers = 1; # remove existing spam headers if $keep_decoded_original_re = new_RE( qr'^(ASCII(?! cpio)|text|uuencoded|xxencoded|binhex)'i, ); $banned_filename_re = new_RE( qr'\.[a-zA-Z][a-zA-Z0-9]{0,3}\.(vbs|pif|scr|bat|com|exe|dll)$'i, # double extension ); $recipient_delimiter = '+'; # (default is '+') $localpart_is_case_sensitive = 0; # (default is false) $blacklist_sender_re = new_RE( qr'^(bulkmail|offers|cheapbenefits|earnmoney|foryou|greatcasino)@'i, qr'^(investments|lose_weight_today|market.alert|money2you|MyGreenCard)@'i, qr'^(new\.tld\.registry|opt-out|opt-in|optin|saveonlsmoking2002k)@'i, qr'^(specialoffer|specialoffers|stockalert|stopsnoring|wantsome)@'i, qr'^(workathome|yesitsfree|your_friend|greatoffers)@'i, qr'^(inkjetplanet|marketopt|MakeMoney)\d*@'i, ); map { $whitelist_sender{lc($_)}=1 } (qw( [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] returns.groups.yahoo.com ));
$MAXLEVELS = 14; # (default is undef, no limit) $MAXFILES = 1500; # (default is undef, no limit) $MIN_EXPANSION_QUOTA = 100*1024; # bytes (default undef, not enforced) $MAX_EXPANSION_QUOTA = 300*1024*1024; # bytes (default undef, not enforced) $MIN_EXPANSION_FACTOR = 5; # times original mail size (must be specified) $MAX_EXPANSION_FACTOR = 500; # times original mail size (must be specified) $path = '/usr/local/sbin:/usr/local/bin:/usr/sbin:/sbin:/usr/bin:/bin'; $file = 'file'; # file(1) utility; use 3.41 or later to avoid vulnerability
$gzip = 'gzip'; $bzip2 = 'bzip2'; $lzop = 'lzop'; $uncompress = ['uncompress', 'gzip -d', 'zcat']; $unfreeze = ['unfreeze', 'freeze -d', 'melt', 'fcat']; $arc = ['nomarch', 'arc']; $unarj = ['arj', 'unarj']; # both can extract, same options $unrar = ['rar', 'unrar']; # both can extract, same options $zoo = 'zoo'; $lha = 'lha'; $cpio = 'cpio'; # comment out if cpio does not support GNU options $sa_local_tests_only = 1; # (default: false) $sa_mail_body_size_limit = 150*1024; # don't waste time on SA if mail is larger $sa_tag_level_deflt = 3.0; # add spam info headers if at, or above that level $sa_tag2_level_deflt = 6.3; # add 'spam detected' headers at that level $sa_kill_level_deflt = $sa_tag2_level_deflt; # triggers spam evasive actions
@av_scanners = ( # ### http://clamav.elektrapro.com/ ['Clam Antivirus-clamd', \&ask_daemon, ["CONTSCAN {}\n", '/tmp/clamd'], qr/\bOK$/, qr/\bFOUND$/, qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ], # # NOTE: run clamd under the same user as amavisd, # # match the socket name in clamav.conf to the socket name in this entry
['KasperskyLab AntiViral Toolkit Pro (AVP)', ['avp','kavscanner'], '-* -P -B -Y -O- {}', [0,3,8], [2,4], # any use for -A -K ? qr/infected: (.+)/, sub {chdir('/opt/AVP') or die "Can't chdir to AVP: $!"}, sub {chdir($TEMPBASE) or die "Can't chdir back to $TEMPBASE $!"}, ],
['KasperskyLab AVPDaemonClient', [ '/opt/AVP/kavdaemon', 'kavdaemon', '/opt/AVP/AvpDaemonClient', 'AvpDaemonClient', '/opt/AVP/AvpTeamDream', 'AvpTeamDream',
'/opt/AVP/avpdc', 'avpdc' ], "-f=$TEMPBASE {}", [0,8], [3,4,5,6], qr/infected: ([^\r\n]+)/ ], ### http://www.hbedv.com/ or http://www.centralcommand.com/ ['H+BEDV AntiVir or CentralCommand Vexira Antivirus', ['antivir','vexira'], '--allfiles -noboot -nombr -rs -s -z {}', [0], qr/ALERT:|VIRUS:/, qr/(?x)^\s* (?: ALERT: \s* (?: \[ | [^']* ' ) | (?i) VIRUS:\ .*?\ virus\ '?) ( [^\]\s']+ )/ ], # NOTE: remove the -z if you only have a demo version
### http://www.commandsoftware.com/ ['Command AntiVirus for Linux', 'csav', '-all -archive -packed {}', [50], [51,52,53], qr/Infection: (.+)/ ],
### http://www.symantec.com/ ['Symantec CarrierScan via Symantec CommandLineScanner', 'cscmdline', '-a scan -i 1 -v -s 127.0.0.1:7777 {}', qr/^Files Infected:\s+0$/, qr/^Infected\b/, qr/^(?:Info|Virus Name):\s+(.+)/ ],
### http://www.symantec.com/ ['Symantec AntiVirus Scan Engine', 'savsecls', '-server 127.0.0.1:7777 -mode scanrepair -details -verbose {}', [0], qr/^Infected\b/, qr/^(?:Info|Virus Name):\s+(.+)/ ], # NOTE: check options and patterns to see which entry better applies
### http://drweb.imshop.de/ ['Dr.Web Antivirus for Linux/FreeBSD/Solaris', 'drweb', '-al -ar -fm -go -ha -ml -ot -sd -up {}', [0], [1], sub {('no-name')} ],
### http://www.f-secure.com/products/anti-virus/ ['F-Secure Antivirus', 'fsav', '--dumb --archive {}', [0], [3,8], qr/(?:infection|Infected): (.+)/ ],
['CAI InoculateIT', 'inocucmd', '-sec -nex {}', [0], [100], qr/was infected by virus (.+)/ ],
['MkS_Vir for Linux (beta)', ['mks32','mks'],
'-s {}/*', [0], [1,2],
qr/--[ \t]*(.+)/ ],
['MkS_Vir daemon', 'mksscan', '-s -q {}', [0], [1..7], qr/^... (\S+)/ ],
### http://www.nod32.com/ ['ESET Software NOD32', 'nod32', '-all -subdir+ {}', [0], [1,2], qr/^.+? - (.+?)\s*(?:backdoor|joke|trojan|virus|worm)/ ],
### http://www.nod32.com/ ['ESET Software NOD32 - Client/Server Version', 'nod32cli', '-a -r -d recurse --heur standard {}', [0], [10,11], qr/^\S+\s+infected:\s+(.+)/ ],
### http://www.norman.com/products_nvc.shtml ['Norman Virus Control v5 / Linux', 'nvccmd', '-c -l:0 -s -u {}', [0], [1], qr/(?i).* virus in .* -> \'(.+)\'/ ],
### http://www.pandasoftware.com/ ['Panda Antivirus for Linux', ['pavcl'], '-aut -aex -heu -cmp -nbr -nor -nso -eng {}', qr/Number of files infected[ \.]*: 0(?!\d)/, qr/Number of files infected[ \.]*: 0*[1-9]/, qr/Found virus :\s*(\S+)/ ],
### http://www.nai.com/
['NAI McAfee AntiVirus (uvscan)', 'uvscan',
'--secure -rv --summary --noboot {}', [0], [13],
qr/(?x) Found (?:
\ the\ (.+)\ (?:virus|trojan) |
\ (?:virus|trojan)\ or\ variant\ ([^ ]+) |
:\ (.+)\ NOT\ a\ virus)/,
],
### http://www.virusbuster.hu/en/
['VirusBuster', ['vbuster', 'vbengcl'],
# VirusBuster Ltd. does not support the daemon version for the workstation # engine (vbuster-eng-1.12-linux-i386-libc6.tgz) any longer. The names of
# binaries, some parameters AND return codes (from 3 to 1) changed.
"{} -ss -i '*' -log=$MYHOME/vbuster.log", [0], [1],
qr/: '(.*)' - Virus/ ],
### http://www.cyber.com/ ['CyberSoft VFind', 'vfind', '--vexit {}/*', [0], [23], qr/##==>>>> VIRUS ID: CVDL (.+)/, # sub {$ENV{VSTK_HOME}='/usr/lib/vstk'}, ],
### http://www.ikarus-software.com/ ['Ikarus AntiVirus for Linux', 'ikarus', '{}', [0], [40], qr/Signature (.+) found/ ],
### http://www.bitdefender.com/ ['BitDefender', 'bdc', '--all --arc {}', qr/^Infected files *:0(?!\d)/, qr/^(?:Infected files|Identified viruses|Suspect files) *:0*[1-9]/, qr/(?:suspected|infected): (.*)\033/ ],
);
@av_scanners_backup = (
### http://clamav.elektrapro.com/ ['Clam Antivirus - clamscan', 'clamscan', '--stdout --disable-summary -r {}', [0], [1], qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
### http://www.f-prot.com/ ['FRISK F-Prot Antivirus', ['f-prot','f-prot.sh'], '-dumb -archive -packed {}', [0,8], [3,6], qr/Infection: (.+)/ ],
### http://www.trendmicro.com/ ['Trend Micro FileScanner', ['/etc/iscan/vscan','vscan'], '-a {}', [0], qr/Found virus/, qr/Found virus (.+) in/ ],
);
[EMAIL PROTECTED] = ( "[EMAIL PROTECTED]" ); [EMAIL PROTECTED] = qw( [EMAIL PROTECTED] ); #$keep_decoded_original_re = new_RE( qr/.*/ ); # Turn on SpamAssassin debugging (output to STDERR, use with 'amavisd debug') #$sa_debug = 1; # defaults to false
#------------- 1; # insure a defined return
-------------------- This message has been scanned for viruses by MailScanner.
-- Unsubscribe: kirim email kosong ke [EMAIL PROTECTED] Arsip dan info di http://linux.or.id/milis.php FAQ milis http://linux.or.id/faq.php