Am Freitag, 27. Januar 2006 23:10 schrieb Gary V:
> Other than that, I can't figure out how your system would be doing
> virus checks with virus checks globally bypassed.
How can that be done, I mean " globally bypassed"
Here were these variables enabled by default:
/usr/share/amavis/conf.d/20-package
use strict;
@bypass_virus_checks_maps = (1); # DISABLE anti-virus code by default
@bypass_spam_checks_maps = (1); # DISABLE anti-spam code by default
1; # insure a defined return
I did _not_ edit /usr/share/amavis/conf.d/20-package
/etc/amavis/conf.d/15-content_filter_mode
use strict;
@bypass_virus_checks_maps = (
\%bypass_virus_checks, [EMAIL PROTECTED],
\$bypass_virus_checks_re);
@bypass_spam_checks_maps = (
\%bypass_spam_checks, [EMAIL PROTECTED], \$bypass_spam_checks_re);
1; # insure a defined return
So the variables are active in both cases.
I think this is fine:
Jan 28 11:59:35 client4 postfix/pickup[4731]: 8008314EB8: uid=1000 from=<ab>
Jan 28 11:59:35 client4 postfix/cleanup[6030]: 8008314EB8:
message-id=<[EMAIL PROTECTED]>
Jan 28 11:59:35 client4 postfix/qmgr[4732]: 8008314EB8:
from=<[EMAIL PROTECTED]>, size=19137, nrcpt=1 (queue active)
Jan 28 11:59:37 client4 postfix/smtpd[6045]: connect from
localhost.localdomain[127.0.0.1]
Jan 28 11:59:37 client4 postfix/smtpd[6045]: E221B14EC1:
client=localhost.localdomain[127.0.0.1]
Jan 28 11:59:37 client4 postfix/cleanup[6030]: E221B14EC1:
message-id=<[EMAIL PROTECTED]>
Jan 28 11:59:37 client4 postfix/qmgr[4732]: E221B14EC1: from=<>, size=1821,
nrcpt=1 (queue active)
Jan 28 11:59:37 client4 postfix/smtpd[6045]: disconnect from
localhost.localdomain[127.0.0.1]
Jan 28 11:59:38 client4 postfix/cleanup[6030]: F411414EC3:
message-id=<[EMAIL PROTECTED]>
Jan 28 11:59:38 client4 postfix/qmgr[4732]: F411414EC3: from=<>, size=1970,
nrcpt=1 (queue active)
Jan 28 11:59:38 client4 amavis[3670]: (03670-01) Blocked INFECTED
(VBS.LoveLetter.D), <> -> <[EMAIL PROTECTED]>,
quarantine: /var/lib/amavis/quarantine, Message-ID:
<[EMAIL PROTECTED]>, mail_id: IGnxckLOCcLk, Hits:
-, 2461 ms
Jan 28 11:59:38 client4 postfix/smtp[6032]: 8008314EB8:
to=<[EMAIL PROTECTED]>, orig_to=<ab>, relay=127.0.0.1[127.0.0.1],
delay=3, status=sent (250 2.7.1 Ok, discarded, id=03670-01 - VIRUS:
VBS.LoveLetter.D)
Jan 28 11:59:38 client4 postfix/qmgr[4732]: 8008314EB8: removed
Jan 28 11:59:38 client4 postfix/local[6046]: E221B14EC1:
to=<[EMAIL PROTECTED]>, relay=local, delay=1, status=sent
(forwarded as F411414EC3)
Jan 28 11:59:38 client4 postfix/qmgr[4732]: E221B14EC1: removed
Jan 28 11:59:38 client4 postfix/smtp[6047]: F411414EC3: to=<[EMAIL PROTECTED]>,
orig_to=<[EMAIL PROTECTED]>, relay=gw.local.FQDN[192.168.1.99],
delay=1, status=sent (250 Ok: queued as 39E5B57EEE4)
Jan 28 11:59:38 client4 postfix/qmgr[4732]: F411414EC3: removed
# Warnmail
Return-Path: <>
X-Original-To: [EMAIL PROTECTED]
Delivered-To: [EMAIL PROTECTED]
Received: from localhost (localhost [127.0.0.1])
by gw.local.FQDN (Postfix) with ESMTP id 1470057EEE6
for <[EMAIL PROTECTED]>; Sat, 28 Jan 2006 11:59:51 +0100 (CET)
Received: from gw.local.FQDN ([127.0.0.1])
by localhost (amavis.gw.local.FQDN [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id 13112-08 for <[EMAIL PROTECTED]>;
Sat, 28 Jan 2006 11:59:38 +0100 (CET)
Received: from client4.local.FQDN (client4.local.FQDN [192.168.1.104])
by gw.local.FQDN (Postfix) with ESMTP id 39E5B57EEE4
for <[EMAIL PROTECTED]>; Sat, 28 Jan 2006 11:59:38 +0100 (CET)
Received: by client4.local.FQDN (Postfix)
id F411414EC3; Sat, 28 Jan 2006 11:59:37 +0100 (CET)
Delivered-To: [EMAIL PROTECTED]
Received: from localhost (localhost.localdomain [127.0.0.1])
by client4.local.FQDN (Postfix) with ESMTP id E221B14EC1
for <[EMAIL PROTECTED]>; Sat, 28 Jan 2006 11:59:37 +0100 (CET)
Content-Type: text/plain;
charset="iso-8859-1"
Content-Disposition: inline
Content-Transfer-Encoding: 7bit
MIME-Version: 1.0
Date: Sat, 28 Jan 2006 11:59:35 +0100 (CET)
From: "Content-filter at client4.local.FQDN" <[EMAIL PROTECTED]>
Subject: VIRUS (VBS.LoveLetter.D) FROM (?)
To: <[EMAIL PROTECTED]>
Message-Id: <[EMAIL PROTECTED]>
X-Virus-Scanned: by amavisd-new at amavis.gw.local.FQDN
X-Spam-Status: No, hits=-5.899 tagged_above=-99 required=5 tests=ALL_TRUSTED,
BAYES_00
X-Spam-Level:
X-UIDL: (L\"!S7J"!V-b!!~h`!!
Status: R
X-Status: NC
X-KMail-EncryptionState:
X-KMail-SignatureState:
X-KMail-MDN-Sent:
A virus was found: VBS.LoveLetter.D
Scanners detecting a virus: ClamAV-clamd, H+BEDV AntiVir or CentralCommand
Vexira Antivirus, BitDefender
Our internal reference code for the message is 03670-01/IGnxckLOCcLk.
The mail originated from: <>
Notification to sender will not be mailed.
The message WAS NOT delivered to:
<[EMAIL PROTECTED]>:
250 2.7.1 Ok, discarded, id=03670-01 - VIRUS: VBS.LoveLetter.D
Virus scanner output:
p002: VBS.LoveLetter.D FOUND
The message has been quarantined as:
/var/lib/amavis/quarantine
------------------------- BEGIN HEADERS -----------------------------
Return-Path: <[EMAIL PROTECTED]>
Received: by client4.local.FQDN (Postfix, from userid 1000)
id 8008314EB8; Sat, 28 Jan 2006 11:59:35 +0100 (CET)
Date: Sat, 28 Jan 2006 11:59:35 +0100
To: [EMAIL PROTECTED]
Subject: Virustest
User-Agent: nail 11.25 7/29/05
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="=_43db4e97.Ne6z5a/mkq20uyL5a7sxR8BEf2/uBg0xVjFI7nONPsunIr5j"
Message-Id: <[EMAIL PROTECTED]>
From: [EMAIL PROTECTED] (a b)
-------------------------- END HEADERS ------------------------------
Then I used the configuration below and the virus passed.
/etc/amavis/conf.d/15-content_filter_mode
use strict;
1; # insure a defined return
/usr/share/amavis/conf.d/20-package
use strict;
@bypass_virus_checks_maps = (1); # DISABLE anti-virus code by default
@bypass_spam_checks_maps = (1); # DISABLE anti-spam code by default
1; # insure a defined return
nail -a virus-20050212-165116-21282-10 ab
Jan 28 12:16:51 client4 postfix/pickup[4740]: 7C2F414EC8: uid=1000 from=<ab>
Jan 28 12:16:51 client4 postfix/cleanup[6023]: 7C2F414EC8:
message-id=<[EMAIL PROTECTED]>
Jan 28 12:16:51 client4 postfix/qmgr[4741]: 7C2F414EC8:
from=<[EMAIL PROTECTED]>, size=19245, nrcpt=1 (queue active)
Jan 28 12:16:51 client4 postfix/smtpd[6026]: connect from
localhost.localdomain[127.0.0.1]
Jan 28 12:16:51 client4 postfix/smtpd[6026]: A4D5C14ECB:
client=localhost.localdomain[127.0.0.1]
Jan 28 12:16:51 client4 postfix/cleanup[6023]: A4D5C14ECB:
message-id=<[EMAIL PROTECTED]>
Jan 28 12:16:51 client4 postfix/qmgr[4741]: A4D5C14ECB:
from=<[EMAIL PROTECTED]>, size=19682, nrcpt=1 (queue active)
Jan 28 12:16:51 client4 postfix/smtpd[6026]: disconnect from
localhost.localdomain[127.0.0.1]
Jan 28 12:16:51 client4 amavis[3604]: (03604-01) Passed CLEAN,
<[EMAIL PROTECTED]> -> <[EMAIL PROTECTED]>, Message-ID:
<[EMAIL PROTECTED]>, mail_id: EmWG3kuGh1MW, Hits:
-, 223 ms
Jan 28 12:16:51 client4 postfix/smtp[6024]: 7C2F414EC8:
to=<[EMAIL PROTECTED]>, orig_to=<ab>, relay=127.0.0.1[127.0.0.1],
delay=0, status=sent (250 2.6.0 Ok, id=03604-01, from MTA([127.0.0.1]:10025):
250 Ok: queued as A4D5C14ECB)
Jan 28 12:16:51 client4 postfix/qmgr[4741]: 7C2F414EC8: removed
Jan 28 12:16:51 client4 postfix/local[6027]: A4D5C14ECB:
to=<[EMAIL PROTECTED]>, relay=local, delay=0, status=sent (delivered to
command: procmail -a "$EXTENSION")
Jan 28 12:16:51 client4 postfix/qmgr[4741]: A4D5C14ECB: removed
From [EMAIL PROTECTED] Sat Jan 28 12:16:51 2006
Return-Path: [EMAIL PROTECTED]
X-Original-To: [EMAIL PROTECTED]
Delivered-To: [EMAIL PROTECTED]
Received: from localhost (localhost.localdomain [127.0.0.1])
by client4.local.FQDN (Postfix) with ESMTP id A4D5C14ECB
for <[EMAIL PROTECTED]>; Sat, 28 Jan 2006 12:16:51 +0100 (CET)
Received: from client4.local.FQDN ([127.0.0.1])
by localhost (client4.local.FQDN [127.0.0.1]) (amavisd-new, port
10024)
with ESMTP id 03604-01 for <[EMAIL PROTECTED]>;
Sat, 28 Jan 2006 12:16:51 +0100 (CET)
Received: by client4.local.FQDN (Postfix, from userid 1000)
id 7C2F414EC8; Sat, 28 Jan 2006 12:16:51 +0100 (CET)
Date: Sat, 28 Jan 2006 12:16:51 +0100
To: [EMAIL PROTECTED]
Subject: Virustest withouth 15-content_filter_mode
User-Agent: nail 11.25 7/29/05
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="=_43db52a3.EMEtMmwct0sQbeyH+uaxYoGh+rCapsyYKJUELnFMm+AP3S06"
Message-Id: <[EMAIL PROTECTED]>
From: a b <[EMAIL PROTECTED]>
[-- Anhang #1 --]
[-- Typ: text/plain, Kodierung: 7bit, Größe: 0,1K --]
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
/etc/amavis/conf.d/15-content_filter_mode
use strict;
1; # insure a defined return
[-- Anhang #2: virus-20050212-165116-21282-10 --]
[-- Typ: text/plain, Kodierung: 7bit, Größe: 17K --]
Content-Type: text/plain;
charset=us-ascii
Content-Transfer-Encoding: 7bit
...
> I have filed 3 bug reports with the maintainers today.
Thanks for it.
Al
-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems? Stop! Download the new AJAX search engine that makes
searching your log files as easy as surfing the web. DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid�3432&bid#0486&dat�1642
_______________________________________________
AMaViS-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
