Forum Clubic

Amavis: Can't connect to TCP port 10025 on 127.0.0.1

Bonjour à tous,

J’ai un problème avec le logiciel amavis sur mandriva 2007. Pour ceux qui ne le savent pas, il sert d’intermédiaire entre un serveur de mail sortant (ici postfix) et des analyseurs de contenus (antispam, antivirus). Je l’ai donc installé, mais j’ai sans cesse des problèmes avec. Voici le dernier en date. Lorsque je tape amavisd debug, j’ai entre autre cette ligne:

Mon firewall est désactivé, dans le fichier /etc/hosts.allow, j’ai pour le moment mit ALL: ALL, et lorsque je fait un

nc 127.0.0.1 10025

J’ai bien la confirmation que Postfix écoute sur le port 10025:

Voila tout, si quelqu’un avait un début de solution à m’apporter, ce serait super!
Edité le 02/07/2007 à 09:06

faudrait voir ta conf:

amavidf.conf
master.cf
postconf -n

mais la je dirai que tu as deja une instance d’amavisd connecté sur le port 10025.
essaie couper amavisd, verifie que plus aucun process amavisd ne tournent, puis lance amavisd debug

Merci d’avoir répondu, je désespérais tellement que quelqu’un réponde que j’avais oublié ce post ^^ Voici donc ce que tu m’as demandé (aucun process amavisd ne tourne, j’ai d’ailleurs un probleme, quand je lance amavisd, ok, quand je veut l’éteindre, il me dit: Arrêt de amavisd : No PID file /var/lib/amavis/amavisd.pid, can’t stop the process et quand je fait un status, il me met: amavisd est mort, mais le sous-système reste verrouillé, d’où la raison pour laquelle je fais un debug):

master.cf:

smtp    inet    n       -        y       -       -       smtpd
pickup  fifo    n       -       y       60      1       pickup
  -o content_filter=
  -o receive_override_options=
cleanup unix    n       -       y       -       0       cleanup
qmgr    fifo    n       -       y       300     1       qmgr
#qmgr     fifo  n       -       n       300     1       oqmgr
tlsmgr  unix    -       -       y       1000?   1       tlsmgr
rewrite unix    -       -       y       -       -       trivial-rewrite
bounce  unix    -       -       y       -       0       bounce
defer   unix    -       -       y       -       0       bounce
trace   unix    -       -       y       -       0       bounce
verify  unix    -       -       y       -       1       verify
flush   unix    n       -       y       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
smtp    unix    -       -       y       -       -       smtp
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay   unix    -       -       y       -       -       smtp
        -o fallback_relay=
#       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq   unix    n       -       y       -       -       showq
error   unix    -       -       y       -       -       error
discard unix    -       -       y       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp    unix    -       -       y       -       -       lmtp
anvil   unix    -       -       y       -       1       anvil
scache  unix    -       -       y       -       1       scache
cyrus-deliver     unix  -       n       n       -       -       pipe
  user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m ${extension} ${user}
127.0.0.1:10026 inet    n       -       y       -       -       smtpd
  -o content_filter=
  -o smtpd_restriction_classes=
  -o smtpd_client_restrictions=permit_mynetworks,reject
  -o smtpd_helo_restrictions=
  -o smtpd_sender_restrictions=
  -o smtpd_delay_reject=no
  -o smtpd_recipient_restrictions=permit_mynetworks,reject
  -o mynetworks=127.0.0.0/8
  -o smtpd_authorized_xforward_hosts=127.0.0.0/8
  -o strict_rfc821_envelopes=yes
  -o smtpd_error_sleep_time=0
  -o smtpd_soft_error_limit=1001
  -o smtpd_hard_error_limit=1000
  -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
smtp-filter     unix    -       -       y       -       -       smtp
  -o smtp_data_done_timeout=1200
  -o smtp_send_xforward_command=yes
  -o max_use=20

smtp-amavis     unix    -       -       y       -       2       smtp
    -o smtp_data_done_timeout=1200
    -o smtp_send_xforward_command=yes
    -o disable_dns_lookups=yes
    -o max_use=20

127.0.0.1:10025 inet    n       -       y       -       -       smtpd
    -o content_filter=
    -o local_recipient_maps=
    -o relay_recipient_maps=
    -o smtpd_restriction_classes=
    -o smtpd_delay_reject=no
    -o smtpd_client_restrictions=permit_mynetworks,reject
    -o smtpd_helo_restrictions=
    -o smtpd_sender_restrictions=
    -o smtpd_recipient_restrictions=permit_mynetworks,reject
    -o smtpd_data_restrictions=reject_unauth_pipelining
    -o smtpd_end_of_data_restrictions=
    -o mynetworks=127.0.0.0/8
    -o smtpd_error_sleep_time=0
    -o smtpd_soft_error_limit=1001
    -o smtpd_hard_error_limit=1000
    -o smtpd_client_connection_count_limit=0
    -o smtpd_client_connection_rate_limit=0
    -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks

amavisd.conf:
Il fait plus de 600 lignes, donc dit moi plutot ce qu’il faudrait avoir comme renseignements.

Posconf -n:

alias_maps = hash:/etc/postfix/aliases
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
daemon_directory = /usr/lib/postfix
html_directory = /usr/share/doc/postfix-2.3.3/html
inet_interfaces = all
local_recipient_maps =
mail_owner = postfix
mailbox_transport = lmtp:unix:/var/lib/imap/socket/lmtp
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
mydestination = $myhostname localhost.$mydomain localhost $mydomain
mydomain = xxxxxx
myhostname = xxxxxx
mynetworks = 192.168.0.0/24, 192.168.3.2/32, 192.168.30.0/24
mynetworks_style = host
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases
notify_classes = resource, software, protocol, policy
proxy_interfaces = 192.168.0.9
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES
relay_domains = $mydestination
relayhost =
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtpd_banner = $myhostname ESMTP $mail_name ($mail_version) (Mandriva Linux)
smtpd_client_restrictions = permit_mynetworks  permit_sasl_authenticated  reject_unauth_destination  reject_invalid_hostname  reject_non_fqdn_hostname  reject_non_fqdn_sender
smtpd_recipient_restrictions = permit_mynetworks  reject_unlisted_recipient  reject_unauth_destination  reject_non_fqdn_recipient  reject_invalid_hostname  permit
smtpd_sender_restrictions = permit_mynetworks  permit_sasl_authenticated
unknown_local_recipient_reject_code = 450

Edité le 29/06/2007 à 12:59

pourquoi as tu daemon dans postfix ?
un sur 10025 et l’autre sur le 10026 ? une conf particuliere ?

bon de toute facon enleve le chroot sur ces demons:
a la place de :

127.0.0.1:10025 inet n - y - - smtpd

tu mets

127.0.0.1:10025 inet n - n - - smtpd

Ha très bonne question… En fait, c’était là par défaut et j’ai pas fait gaffe je vais le virer, mais c’est pas bien grave ca. Sinon j’ai “dechrooté” le 10025, mais ca ne change rien, il me répond toujours qu’il ne peut pas se connecter sur le port 10025.

ok c’etait pour tester on va les remettre.

que dit /var/log/mail.log au moment du blocage ?
essaie de poster le amavisd.conf pour voir la conf

enleve tout ce qui a un rapport avec amavis a partir de 127.0.0.1:10026 inet n - y - - smtpd

et remplace le par:

smtp-amavis unix -	-	y	-	2  smtp
    -o smtp_data_done_timeout=1200
    -o smtp_send_xforward_command=yes
    -o disable_dns_lookups=yes
    -o max_use=20

127.0.0.1:10025 inet n	-	y	-	-  smtpd
    -o content_filter=
    -o local_recipient_maps=
    -o relay_recipient_maps=
    -o smtpd_restriction_classes=
    -o smtpd_client_restrictions=
    -o smtpd_helo_restrictions=
    -o smtpd_sender_restrictions=
    -o smtpd_recipient_restrictions=permit_mynetworks,reject
    -o smtpd_data_restrictions=reject_unauth_pipelining
    -o smtpd_end_of_data_restrictions=
    -o mynetworks=127.0.0.0/8
    -o strict_rfc821_envelopes=yes
    -o smtpd_error_sleep_time=0
    -o smtpd_soft_error_limit=1001
    -o smtpd_hard_error_limit=1000
    -o smtpd_client_connection_count_limit=0
    -o smtpd_client_connection_rate_limit=0
    -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks

Edité le 29/06/2007 à 15:15

J’ai 3 fichiers log. warnings.log et errors.log sont vides, et voici ce qui est affiché dans info.log quand je redémarre amavisd:

Jun 29 15:53:10 LINUX2 amavis[9751]: starting.  /usr/sbin/amavisd at LINUX2.delta-technologies.fr amavisd-new-2.4.2 (20060627), Unicode aware, LC_CTYPE=fr_FR.UTF-8, LANG=fr_FR.UTF-8
Jun 29 15:53:10 LINUX2 amavis[9751]: Perl version               5.008008

Ta configuration de fonctionne pas, ca n’a rien changé pour moi. Je te copie le fichier amavisd.conf, je le met en spoil pour éviter qu’il fasse gros paté dans le sujet:

[spoiler]use strict;

a minimalistic configuration file for amavisd-new with all necessary settings

see amavisd.conf-default for a list of all variables with their defaults;

see amavisd.conf-sample for a traditional-style commented file;

for more details see documentation in INSTALL, README_FILES/*

and at www.ijs.si…

COMMONLY ADJUSTED SETTINGS:

@bypass_virus_checks_maps = (1); # uncomment to DISABLE anti-virus code

@bypass_spam_checks_maps = (1); # uncomment to DISABLE anti-spam code

$max_servers = 2; # num of pre-forked children (2…15 is common), -m
$daemon_user = ‘amavis’; # (no default; customary: vscan or amavis), -u
$daemon_group = ‘amavis’; # (no default; customary: vscan or amavis), -g

$mydomain = ‘xxxxxxxx’; # a convenient default for other settings

$MYHOME = ‘/var/lib/amavis’; # a convenient default for other settings, -H

$TEMPBASE = “$MYHOME/tmp”; # working directory, needs to exist, -T
$ENV{TMPDIR} = $TEMPBASE; # environment variable TMPDIR
$QUARANTINEDIR = ‘/var/spool/amavis/virusmails’; # -Q

$quarantine_subdir_levels = 1; # add level of subdirs to disperse quarantine

$daemon_chroot_dir = $MYHOME; # chroot directory or undef, -R

$db_home = “$MYHOME/db”; # dir for bdb nanny/cache/snmp databases, -D

$helpers_home = “$MYHOME/var”; # working directory for SpamAssassin, -S

#$pid_file = “$MYHOME/amavisd.pid”; # -L
#$lock_file = “$MYHOME/amavisd.lock”; # -P
#NOTE: create directories $MYHOME/tmp, $MYHOME/var, $MYHOME/db manually

@local_domains_maps = ( [".$mydomain"] );

@mynetworks = qw( 127.0.0.0/8 [::1] [FE80::]/10 [FEC0::]/10

10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 );

$log_level = 0; # verbosity 0…5, -d
$log_recip_templ = undef; # disable by-recipient level-0 log entries
$DO_SYSLOG = 1; # log via syslogd (preferred)
$syslog_facility = ‘mail’; # Syslog facility as a string
# e.g.: mail, daemon, user, local0, … local7
$syslog_priority = ‘debug’; # Syslog base (minimal) priority as a string,
# choose from: emerg, alert, crit, err, warning, notice, info, debug

$enable_db = 1; # enable use of BerkeleyDB/libdb (SNMP and nanny)
$enable_global_cache = 1; # enable use of libdb-based cache if $enable_db=1

$inet_socket_port = 10025; # listen on this local TCP port(s) (see $protocol)
$unix_socketname = “$MYHOME/amavisd.sock”; # amavisd-release or amavis-milter
# option(s) -p overrides $inet_socket_port and $unix_socketname

$interface_policy{‘SOCK’}=‘AM.PDP-SOCK’; # only relevant with $unix_socketname

Use with amavis-release over a socket or with Petr Rehor’s amavis-milter.c

(with amavis-milter.c from this package or old amavis.c client use ‘AM.CL’):

$policy_bank{‘AM.PDP-SOCK’} = { protocol=>‘AM.PDP’ };

$sa_tag_level_deflt = 1.0; # add spam info headers if at, or above that level
$sa_tag2_level_deflt = 4.9; # add ‘spam detected’ headers at that level
$sa_kill_level_deflt = 4.9; # triggers spam evasive actions
$sa_dsn_cutoff_level = 10; # spam level beyond which a DSN is not sent

$sa_quarantine_cutoff_level = 20; # spam level beyond which quarantine is off

$penpals_bonus_score = 4; # (no effect without a @storage_sql_dsn database)

$penpals_threshold_high = $sa_kill_level_deflt; # don’t waste time on hi spam

$sa_mail_body_size_limit = 512*1024; # don’t waste time on SA if mail is larger
$sa_local_tests_only = 0; # only tests which do not require internet access?

@lookup_sql_dsn =

( [‘DBI:mysql:database=mail;host=127.0.0.1;port=3306’, ‘user1’, ‘passwd1’],

[‘DBI:mysql:database=mail;host=host2’, ‘username2’, ‘password2’],

[“DBI:SQLite:dbname=$MYHOME/sql/mail_prefs.sqlite”, ‘’, ‘’] );

@storage_sql_dsn = @lookup_sql_dsn; # none, same, or separate database

$timestamp_fmt_mysql = 1; # if using MySQL and msgs.time_iso is TIMESTAMP;

defaults to 0, which is good for non-MySQL or if msgs.time_iso is CHAR(16)

$virus_admin = “virusalert@$mydomain”; # notifications recip.

$mailfrom_notify_admin = “virusalert@$mydomain”; # notifications sender
$mailfrom_notify_recip = “virusalert@$mydomain”; # notifications sender
$mailfrom_notify_spamadmin = “spam.police@$mydomain”; # notifications sender
$mailfrom_to_quarantine = ‘’; # null return path; uses original sender if undef

@addr_extension_virus_maps = (‘virus’);
@addr_extension_spam_maps = (‘spam’);
@addr_extension_banned_maps = (‘banned’);
@addr_extension_bad_header_maps = (‘badh’);

$recipient_delimiter = ‘+’; # undef disables address extensions altogether

when enabling addr extensions do also Postfix/main.cf: recipient_delimiter=+

$path = ‘/usr/local/sbin:/usr/local/bin:/usr/sbin:/sbin:/usr/bin:/bin’;

$dspam = ‘dspam’;

$MAXLEVELS = 14;
$MAXFILES = 1500;
$MIN_EXPANSION_QUOTA = 1001024; # bytes (default undef, not enforced)
$MAX_EXPANSION_QUOTA = 300
1024*1024; # bytes (default undef, not enforced)

$sa_spam_subject_tag = 'SPAM ';
$defang_virus = 1; # MIME-wrap passed infected mail
$defang_banned = 1; # MIME-wrap passed mail containing banned name

OTHER MORE COMMON SETTINGS (defaults may suffice):

$myhostname = ‘xxxxxxxxxxxxxx’; # must be a fully-qualified domain name!

$notify_method = ‘smtp:[127.0.0.1]:10026’;

$forward_method = ‘smtp:[127.0.0.1]:10026’; # set to undef with milter!

$final_virus_destiny = D_DISCARD;

$final_banned_destiny = D_BOUNCE;

$final_spam_destiny = D_PASS;

$final_bad_header_destiny = D_PASS;

$os_fingerprint_method = ‘p0f:127.0.0.1:2345’; # to query p0f-analyzer.pl

hierarchy by which a final setting is chosen:

policy bank (based on port or IP address) -> *_by_ccat

*_by_ccat (based on mail contents) -> *_maps

*_maps (based on recipient address) -> final configuration value

SOME OTHER VARIABLES WORTH CONSIDERING (see amavisd.conf-default for all)

$warnbadhsender,

$warnvirusrecip, $warnbannedrecip, $warnbadhrecip, (or @warn*recip_maps)

@bypass_virus_checks_maps, @bypass_spam_checks_maps,

@bypass_banned_checks_maps, @bypass_header_checks_maps,

@virus_lovers_maps, @spam_lovers_maps,

@banned_files_lovers_maps, @bad_header_lovers_maps,

@blacklist_sender_maps, @score_sender_maps,

$clean_quarantine_method, $virus_quarantine_to, $banned_quarantine_to,

$bad_header_quarantine_to, $spam_quarantine_to,

$defang_bad_header, $defang_undecipherable, $defang_spam

REMAINING IMPORTANT VARIABLES ARE LISTED HERE BECAUSE OF LONGER ASSIGNMENTS

@keep_decoded_original_maps = (new_RE(

qr’^MAIL$’, # retain full original message for virus checking (can be slow)

qr’^MAIL-UNDECIPHERABLE$’, # recheck full mail if it contains undecipherables
qr’^(ASCII(?! cpio)|text|uuencoded|xxencoded|binhex)'i,

qr’^Zip archive data’, # don’t trust Archive::Zip

));

for $banned_namepath_re, a new-style of banned table, see amavisd.conf-sample

$banned_filename_re = new_RE(

qr’^UNDECIPHERABLE$’, # is or contains any undecipherable components

block certain double extensions anywhere in the base name

qr’.[^./][A-Za-z][^./].(exe|vbs|pif|scr|bat|cmd|com|cpl|dll).?$'i,

qr’{[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12}}?'i, # Class ID CLSID, strict

qr’{[0-9a-z]{4,}(-[0-9a-z]{4,}){0,7}}?'i, # Class ID extension CLSID, loose

qr’^application/x-msdownload$‘i, # block these MIME types
qr’^application/x-msdos-program$‘i,
qr’^application/hta$'i,

qr’^(application/x-msmetafile|image/x-wmf)$'i, # Windows Metafile MIME

qr’^.wmf$’, # Windows Metafile file(1) type

qr’^message/partial$'i, # rfc2046 MIME type

qr’^message/external-body$'i, # rfc2046 MIME type

[ qr’^.(Z|gz|bz2)$’ => 0 ], # allow any in Unix-compressed

[ qr’^.(rpm|cpio|tar)$’ => 0 ], # allow any in Unix-type archives

[ qr’^.(zip|rar|arc|arj|zoo)$’=> 0 ], # allow any within such archives

qr’..(exe|vbs|pif|scr|bat|cmd|com|cpl)$'i, # banned extension - basic

qr’..(ade|adp|app|bas|bat|chm|cmd|com|cpl|crt|emf|exe|fxp|grp|hlp|hta|

inf|ins|isp|js|jse|lnk|mda|mdb|mde|mdw|mdt|mdz|msc|msi|msp|mst|

ops|pcd|pif|prg|reg|scr|sct|shb|shs|vb|vbe|vbs|

wmf|wsc|wsf|wsh)$'ix, # banned ext - long

qr’..(mim|b64|bhx|hqx|xxe|uu|uue)$'i, # banned extension - WinZip vulnerab.

qr’^.(exe-ms)$’, # banned file(1) types

qr’^.(exe|lha|tnef|cab|dll)$’, # banned file(1) types

);

See support.microsoft.com…

and www.cknow.com…

ENVELOPE SENDER SOFT-WHITELISTING / SOFT-BLACKLISTING

@score_sender_maps = ({ # a by-recipient hash lookup table,
# results from all matching recipient tables are summed

## per-recipient personal tables (NOTE: positive: black, negative: white)

‘user1@example.com’ => [{‘bla-mobile.press@example.com’ => 10.0}],

‘user3@example.com’ => [{’.ebay.com’ => -3.0}],

‘user4@example.com’ => [{‘cleargreen@cleargreen.com’ => -7.0,

‘.cleargreen.com’ => -5.0}],

site-wide opinions about senders (the ‘.’ matches any recipient)

‘.’ => [ # the first matching sender determines the score boost

new_RE( # regexp-type lookup table, just happens to be all soft-blacklist
[qr’^(bulkmail|offers|cheapbenefits|earnmoney|foryou)@‘i => 5.0],
[qr’^(greatcasino|investments|lose_weight_today|market.alert)@‘i=> 5.0],
[qr’^(money2you|MyGreenCard|new.tld.registry|opt-out|opt-in)@‘i=> 5.0],
[qr’^(optin|saveonlsmoking2002k|specialoffer|specialoffers)@‘i => 5.0],
[qr’^(stockalert|stopsnoring|wantsome|workathome|yesitsfree)@‘i => 5.0],
[qr’^(your_friend|greatoffers)@‘i => 5.0],
[qr’^(inkjetplanet|marketopt|MakeMoney)\d*@'i => 5.0],
),

read_hash("/var/lib/amavis/sender_scores_sitewide"),

{ # a hash-type lookup table (associative array)
‘nobody@cert.org’ => -3.0,
‘cert-advisory@us-cert.gov’ => -3.0,
‘owner-alert@iss.net’ => -3.0,
‘slashdot@slashdot.org’ => -3.0,
securityfocus.com’ => -3.0,
‘ntbugtraq@listserv.ntbugtraq.com’ => -3.0,
‘security-alerts@linuxsecurity.com’ => -3.0,
‘mailman-announce-admin@python.org’ => -3.0,
‘amavis-user-admin@lists.sourceforge.net’=> -3.0,
‘amavis-user-bounces@lists.sourceforge.net’ => -3.0,
spamassassin.apache.org’ => -3.0,
‘notification-return@lists.sophos.com’ => -3.0,
‘owner-postfix-users@postfix.org’ => -3.0,
‘owner-postfix-announce@postfix.org’ => -3.0,
‘owner-sendmail-announce@lists.sendmail.org’ => -3.0,
‘sendmail-announce-request@lists.sendmail.org’ => -3.0,
‘donotreply@sendmail.org’ => -3.0,
‘ca+envelope@sendmail.org’ => -3.0,
‘noreply@freshmeat.net’ => -3.0,
‘owner-technews@postel.acm.org’ => -3.0,
‘ietf-123-owner@loki.ietf.org’ => -3.0,
‘cvs-commits-list-admin@gnome.org’ => -3.0,
‘rt-users-admin@lists.fsck.com’ => -3.0,
‘clp-request@comp.nus.edu.sg’ => -3.0,
‘surveys-errors@lists.nua.ie’ => -3.0,
‘emailnews@genomeweb.com’ => -5.0,
‘yahoo-dev-null@yahoo-inc.com’ => -3.0,
returns.groups.yahoo.com’ => -3.0,
‘clusternews@linuxnetworx.com’ => -3.0,
lc(‘lvs-users-admin@LinuxVirtualServer.org’) => -3.0,
lc(‘owner-textbreakingnews@CNNIMAIL12.CNN.COM’) => -5.0,

 # soft-blacklisting (positive score)
 'sender@example.net'                     =>  3.0,
 '.example.net'                           =>  1.0,

},
], # end of site-wide tables
});

@decoders = (
[‘mail’, &do_mime_decode],
[‘asc’, &do_ascii],
[‘uue’, &do_ascii],
[‘hqx’, &do_ascii],
[‘ync’, &do_ascii],
[‘F’, &do_uncompress, [‘unfreeze’,‘freeze -d’,‘melt’,‘fcat’] ],
[‘Z’, &do_uncompress, [‘uncompress’,‘gzip -d’,‘zcat’] ],
[‘gz’, &do_uncompress, ‘gzip -d’],
[‘gz’, &do_gunzip],
[‘bz2’, &do_uncompress, ‘bzip2 -d’],
[‘lzo’, &do_uncompress, ‘lzop -d’],
[‘rpm’, &do_uncompress, [‘rpm2cpio.pl’,‘rpm2cpio’] ],
[‘cpio’, &do_pax_cpio, [‘pax’,‘gcpio’,‘cpio’] ],
[‘tar’, &do_pax_cpio, [‘pax’,‘gcpio’,‘cpio’] ],
[‘tar’, &do_tar],
[‘deb’, &do_ar, ‘ar’],

[‘a’, &do_ar, ‘ar’], # unpacking .a seems an overkill

[‘zip’, &do_unzip],
[‘rar’, &do_unrar, [‘rar’,‘unrar’] ],
[‘arj’, &do_unarj, [‘arj’,‘unarj’] ],
[‘arc’, &do_arc, [‘nomarch’,‘arc’] ],
[‘zoo’, &do_zoo, [‘zoo’,‘unzoo’] ],
[‘lha’, &do_lha, ‘lha’],

[‘doc’, &do_ole, ‘ripole’],

[‘cab’, &do_cabextract, ‘cabextract’],
[‘tnef’, &do_tnef_ext, ‘tnef’],
[‘tnef’, &do_tnef],

[‘sit’, &do_unstuff, ‘unstuff’], # broken/unsafe decoder

[‘exe’, &do_executable, [‘rar’,‘unrar’], ‘lha’, [‘arj’,‘unarj’] ],
);

@av_scanners = (

### www.vanja.com…

[‘Sophie’,

&ask_daemon, ["{}/\n", ‘/var/run/sophie’],

qr/(?x)^ 0+ ( : | [\000\r\n]* $)/, qr/(?x)^ 1 ( : | [\000\r\n]* $)/,

qr/(?x)^ [-+]? \d+ : (.?) [\000\r\n] $/ ],

### www.csupomona.edu…

[‘Sophos SAVI’, &sophos_savi ],

### www.clamav.net…

[‘ClamAV-clamd’,
&ask_daemon, [“CONTSCAN {}\n”, “/var/lib/clamav/clamd.socket”],
qr/\bOK$/, qr/\bFOUND$/,
qr/^.?: (?!Infected Archive)(.) FOUND$/ ],

NOTE: the easiest is to run clamd under the same user as amavisd; match the

socket name (LocalSocket) in clamav.conf to the socket name in this entry

When running chrooted one may prefer: [“CONTSCAN {}\n”,"$MYHOME/clamd"],

### www.clamav.net… and CPAN (memory-hungry! clamd is preferred)

[‘Mail::ClamAV’, &ask_clamav, “*”, [0], [1], qr/^INFECTED: (.+)/],

### www.openantivirus.org…

[‘OpenAntiVirus ScannerDaemon (OAV)’,

&ask_daemon, [“SCAN {}\n”, ‘127.0.0.1:8127’],

qr/^OK/, qr/^FOUND: /, qr/^FOUND: (.+)/ ],

### www.vanja.com…

[‘Trophie’,

&ask_daemon, ["{}/\n", ‘/var/run/trophie’],

qr/(?x)^ 0+ ( : | [\000\r\n]* $)/, qr/(?x)^ 1 ( : | [\000\r\n]* $)/,

qr/(?x)^ [-+]? \d+ : (.?) [\000\r\n] $/ ],

### www.grisoft.com…

[‘AVG Anti-Virus’,

&ask_daemon, [“SCAN {}\n”, ‘127.0.0.1:55555’],

qr/^200/, qr/^403/, qr/^403 .*?: ([^\r\n]+)/ ],

### www.f-prot.com…

[‘FRISK F-Prot Daemon’,

&ask_daemon,

[“GET {}/*?-dumb%20-archive%20-packed HTTP/1.0\r\n\r\n”,

[‘127.0.0.1:10200’,‘127.0.0.1:10201’,‘127.0.0.1:10202’,

‘127.0.0.1:10203’,‘127.0.0.1:10204’] ],

qr/(?i)<summary[^>]*>clean</summary>/,

qr/(?i)<summary[^>]*>infected</summary>/,

qr/(?i)(.+)</name>/ ],

### [www.sald.com…[/url] www.dials.ru… [url=http://www.drweb.ru/]www.drweb.ru…](http://www.sald.com/,)

[‘DrWebD’, &ask_daemon, # DrWebD 4.31 or later

[pack(‘N’,1). # DRWEBD_SCAN_CMD

pack(‘N’,0x00280001). # DONT_CHANGEMAIL, IS_MAIL, RETURN_VIRUSES

pack(‘N’, # path length

length("$TEMPBASE/amavis-yyyymmddTHHMMSS-xxxxx/parts/pxxx")).

‘{}/*’. # path

pack(‘N’,0). # content size

pack(‘N’,0),

‘/var/drweb/run/drwebd.sock’,

# ‘/var/lib/amavis/var/run/drwebd.sock’, # suitable for chroot

# ‘/usr/local/drweb/run/drwebd.sock’, # FreeBSD drweb ports default

# ‘127.0.0.1:3000’, # or over an inet socket

],

qr/\A\x00[\x10\x11][\x00\x10]\x00/s, # IS_CLEAN,EVAL_KEY; SKIPPED

qr/\A\x00[\x00\x01][\x00\x10][\x20\x40\x80]/s, # KNOWN_V,UNKNOWN_V,V._MODIF

qr/\A.{12}(?:infected with )?([^\x00]+)\x00/s,

],

# NOTE: If using amavis-milter, change length to:

# length("$TEMPBASE/amavis-milter-xxxxxxxxxxxxxx/parts/pxxx").

www.kaspersky.com… (kav4mailservers)

[‘KasperskyLab AVP - aveclient’,
[’/usr/local/kav/bin/aveclient’,’/usr/local/share/kav/bin/aveclient’,
‘/opt/kav/bin/aveclient’,‘aveclient’],
‘-p /var/run/aveserver -s {}/*’, [0,3,6,8], qr/\b(INFECTED|SUSPICION)\b/,
qr/(?:INFECTED|SUSPICION) (.+)/,
],

www.kaspersky.com…

[‘KasperskyLab AntiViral Toolkit Pro (AVP)’, [‘avp’],
‘-* -P -B -Y -O- {}’, [0,3,6,8], [2,4], # any use for -A -K ?
qr/infected: (.+)/,
sub {chdir(’/opt/AVP’) or die “Can’t chdir to AVP: $!”},
sub {chdir($TEMPBASE) or die “Can’t chdir back to $TEMPBASE $!”},
],

The kavdaemon and AVPDaemonClient have been removed from Kasperky

products and replaced by aveserver and aveclient

[‘KasperskyLab AVPDaemonClient’,
[ ‘/opt/AVP/kavdaemon’, ‘kavdaemon’,
‘/opt/AVP/AvpDaemonClient’, ‘AvpDaemonClient’,
‘/opt/AVP/AvpTeamDream’, ‘AvpTeamDream’,
‘/opt/AVP/avpdc’, ‘avpdc’ ],
“-f=$TEMPBASE {}”, [0,8], [3,4,5,6], qr/infected: ([^\r\n]+)/ ],
# change the startup-script in /etc/init.d/kavd to:
# DPARMS="-* -Y -dl -f=/var/lib/amavis /var/lib/amavis"
# (or perhaps: DPARMS="-I0 -Y -* /var/lib/amavis" )
# adjusting /var/lib/amavis above to match your $TEMPBASE.
# The ‘-f=/var/lib/amavis’ is needed if not running it as root, so it
# can find, read, and write its pid file, etc., see ‘man kavdaemon’.
# defUnix.prf: there must be an entry “*/var/lib/amavis” (or whatever
# directory $TEMPBASE specifies) in the ‘Names=’ section.
# cd /opt/AVP/DaemonClients; configure; cd Sample; make
# cp AvpDaemonClient /opt/AVP/
# su - vscan -c “${PREFIX}/kavdaemon ${DPARMS}”

www.centralcommand.com…

[‘CentralCommand Vexira (new) vascan’,
[‘vascan’,’/usr/lib/Vexira/vascan’],
"-a s --timeout=60 --temp=$TEMPBASE -y $QUARANTINEDIR ".
“–vdb=/usr/lib/Vexira/vexira8.vdb --log=/var/log/vascan.log {}”,
[0,3], [1,2,5],
qr/(?x)^\s* (?:virus|iworm|macro|mutant|sequence|trojan)\ found:\ ( [^]\s’]+ )\ …\ / ],
# Adjust the path of the binary and the virus database as needed.
# ‘vascan’ does not allow to have the temp directory to be the same as
# the quarantine directory, and the quarantine option can not be disabled.
# If $QUARANTINEDIR is not used, then another directory must be specified
# to appease ‘vascan’. Move status 3 to the second list if password
# protected files are to be considered infected.

www.hbedv.com…

[‘H+BEDV AntiVir or the (old) CentralCommand Vexira Antivirus’,
[‘antivir’,‘vexira’],
‘–allfiles -noboot -nombr -rs -s -z {}’, [0], qr/ALERT:|VIRUS:/,
qr/(?x)^\s* (?: ALERT: \s* (?: [ | [^’]* ’ ) |
(?i) VIRUS:\ .*?\ virus\ ‘?) ( [^]\s’]+ )/ ],
# NOTE: if you only have a demo version, remove -z and add 214, as in:
# ‘–allfiles -noboot -nombr -rs -s {}’, [0,214], qr/ALERT:|VIRUS:/,

www.commandsoftware.com…

[‘Command AntiVirus for Linux’, ‘csav’,
‘-all -archive -packed {}’, [50], [51,52,53],
qr/Infection: (.+)/ ],

www.symantec.com…

[‘Symantec CarrierScan via Symantec CommandLineScanner’,
‘cscmdline’, ‘-a scan -i 1 -v -s 127.0.0.1:7777 {}’,
qr/^Files Infected:\s+0$/, qr/^Infected\b/,
qr/^(?:Info|Virus Name):\s+(.+)/ ],

www.symantec.com…

[‘Symantec AntiVirus Scan Engine’,
‘savsecls’, ‘-server 127.0.0.1:7777 -mode scanrepair -details -verbose {}’,
[0], qr/^Infected\b/,
qr/^(?:Info|Virus Name):\s+(.+)/ ],
# NOTE: check options and patterns to see which entry better applies

www.f-secure.com…

[‘F-Secure Antivirus’, ‘fsav’,
‘–dumb --mime --archive {}’, [0], [3,8],
qr/(?:infection|Infected|Suspected): (.+)/ ],

### www.avast.com…

[‘avast! Antivirus daemon’,

&ask_daemon, # greets with 220, terminate with QUIT

[“SCAN {}\015\012QUIT\015\012”, ‘/var/run/avast4/mailscanner.sock’],

qr/\t[+]/, qr/\t[L]\t/, qr/\t[L]\t([^[ \t\015\012]+)/ ],

### www.avast.com…

[‘avast! Antivirus - Client/Server Version’, ‘avastlite’,

‘-a /var/run/avast4/mailscanner.sock -n {}’, [0], [1],

qr/\t[L]\t([^[ \t\015\012]+)/ ],

[‘CAI InoculateIT’, ‘inocucmd’, # retired product
‘-sec -nex {}’, [0], [100],
qr/was infected by virus (.+)/ ],

see: www.flatmtn.com…

www3.ca.com… (ex InoculateIT)

[‘CAI eTrust Antivirus’, ‘etrust-wrapper’,
‘-arc -nex -spm h {}’, [0], [101],
qr/is infected by virus: (.+)/ ],
# NOTE: requires suid wrapper around inocmd32; consider flag: -mod reviewer
# see marc.theaimsgroup.com…

mks.com.pl…

[‘MkS_Vir for Linux (beta)’, [‘mks32’,‘mks’],
'-s {}/’, [0], [1,2],
qr/–[ \t]
(.+)/ ],

mks.com.pl…

[‘MkS_Vir daemon’, ‘mksscan’,
‘-s -q {}’, [0], [1…7],
qr/^… (\S+)/ ],

www.nod32.com…

[‘ESET Software NOD32 Command Line Interface v 2.51’, ‘nod32cli’,
‘–subdir {}’, [0,3], [1,2], qr/virus="([^"]+)"/ ],

### www.nod32.com… old

[‘ESET Software NOD32 - Client/Server Version’, ‘nod32cli’,

‘-a -r -d recurse --heur standard {}’, [0], [10,11],

qr/^\S+\s+infected:\s+(.+)/ ],

### www.nod32.com… old

[‘ESET Software NOD32’, ‘nod32’,

‘–arch --mail {}’, [0], [1,10], qr/^object=., virus="(.?)",/ ],

Experimental, based on posting from Rado Dibarbora (Dibo) on 2002-05-31

[‘ESET Software NOD32 Client/Server (NOD32SS)’,

&ask_daemon2, # greets with 200, persistent, terminate with QUIT

[“SCAN {}/*\r\n”, ‘127.0.0.1:8448’ ],

qr/^200 File OK/, qr/^201 /, qr/^201 (.+)/ ],

www.norman.com…

[‘Norman Virus Control v5 / Linux’, ‘nvcc’,
‘-c -l:0 -s -u -temp:$TEMPBASE {}’, [0,10,11], [1,2,14],
qr/(?i).* virus in .* -> ‘(.+)’/ ],

www.pandasoftware.com…

[‘Panda Antivirus for Linux’, [‘pavcl’],
‘-aut -aex -heu -cmp -nbr -nor -nso -eng {}’,
qr/Number of files infected[ .]: 0+(?!\d)/,
qr/Number of files infected[ .]
: 0*[1-9]/,
qr/Found virus :\s*(\S+)/ ],

### www.pandasoftware.com…

[‘Panda Antivirus for Linux’, [‘pavcl’],

‘-TSR -aut -aex -heu -cmp -nbr -nor -nso -eng {}’,

[0], [0x10, 0x30, 0x50, 0x70, 0x90, 0xB0, 0xD0, 0xF0],

qr/Found virus :\s*(\S+)/ ],

GeCAD AV technology is acquired by Microsoft; RAV has been discontinued.

Check your RAV license terms before fiddling with the following two lines!

[‘GeCAD RAV AntiVirus 8’, ‘ravav’,

‘–all --archive --mail {}’, [1], [2,3,4,5], qr/Infected: (.+)/ ],

# NOTE: the command line switches changed with scan engine 8.5 !

# (btw, assigning stdin to /dev/null causes RAV to fail)

www.nai.com…

[‘NAI McAfee AntiVirus (uvscan)’, ‘uvscan’,
‘–secure -rv --mime --summary --noboot - {}’, [0], [13],
qr/(?x) Found (?:
\ the\ (.+)\ (?:virus|trojan) |
\ (?:virus|trojan)\ or\ variant\ (.+?)\s*! |
:\ (.+)\ NOT\ a\ virus)/,

sub {$ENV{LD_PRELOAD}=’/lib/libc.so.6’},

sub {delete $ENV{LD_PRELOAD}},

],

NOTE1: with RH9: force the dynamic linker to look at /lib/libc.so.6 before

anything else by setting environment variable LD_PRELOAD=/lib/libc.so.6

and then clear it when finished to avoid confusing anything else.

NOTE2: to treat encrypted files as viruses replace the [13] with:

qr/^\s{5,}(Found|is password-protected|.*(virus|trojan))/

www.virusbuster.hu…

[‘VirusBuster’, [‘vbuster’, ‘vbengcl’],
"{} -ss -i ‘’ -log=$MYHOME/vbuster.log", [0], [1],
qr/: '(.
)’ - Virus/ ],

VirusBuster Ltd. does not support the daemon version for the workstation

engine (vbuster-eng-1.12-linux-i386-libc6.tgz) any longer. The names of

binaries, some parameters AND return codes have changed (from 3 to 1).

See also the new Vexira entry ‘vascan’ which is possibly related.

### www.virusbuster.hu…

[‘VirusBuster (Client + Daemon)’, ‘vbengd’,

‘-f -log scandir {}’, [0], [3],

qr/Virus found = (.*);/ ],

# HINT: for an infected file it always returns 3,

# although the man-page tells a different story

www.cyber.com…

[‘CyberSoft VFind’, ‘vfind’,
‘–vexit {}/*’, [0], [23], qr/##==>>>> VIRUS ID: CVDL (.+)/,

sub {$ENV{VSTK_HOME}=’/usr/lib/vstk’},

],

www.avast.com…

[‘avast! Antivirus’, [’/usr/bin/avastcmd’,‘avastcmd’],
‘-a -i -n -t=A {}’, [0], [1], qr/\binfected by:\s+([^ \t\n[]]+)/ ],

www.ikarus-software.com…

[‘Ikarus AntiVirus for Linux’, ‘ikarus’,
‘{}’, [0], [40], qr/Signature (.+) found/ ],

www.bitdefender.com…

[‘BitDefender’, ‘bdc’,
‘–arc --mail {}’, qr/^Infected files :0+(?!\d)/,
qr/^(?:Infected files|Identified viruses|Suspect files) :0[1-9]/,
qr/(?:suspected|infected): (.
)(?:\033|$)/ ],

consider also: --all --nowarn --alev=15 --flev=15. The --all argument may

not apply to your version of bdc, check documentation and see ‘bdc --help’

[‘File::Scan’, sub {Amavis::AV::ask_av(sub{

use File::Scan; my($fn)=@_;

my($f)=File::Scan->new(max_txt_size=>0, max_bin_size=>0);

my($vname) = $f->scan($fn);

$f->error ? (2,"Error: ".$f->error)

: ($vname ne ‘’) ? (1,"$vname FOUND") : (0,“Clean”)}, @_) },

["{}/"], [0], [1], qr/^(.) FOUND$/ ],

### example: fully-fledged checker for JPEG marker segments of invalid length

[‘check-jpeg’,

sub { use JpegTester (); Amavis::AV::ask_av(&JpegTester::test_jpeg, @_) },

["{}/"], undef, [1], qr/^(bad jpeg: .)$/ ],

# NOTE: place file JpegTester.pm somewhere where Perl can find it,

# for example in /usr/local/lib/perl5/site_perl

);

@av_scanners_backup = (

www.clamav.net… - backs up clamd or Mail::ClamAV

[‘ClamAV-clamscan’, ‘clamscan’,
“–stdout --disable-summary -r --tempdir=$TEMPBASE {}”,
[0], qr/:.\sFOUND$/, qr/^.?: (?!Infected Archive)(.*) FOUND$/ ],

www.f-prot.com… - backs up F-Prot Daemon

[‘FRISK F-Prot Antivirus’, [‘f-prot’,‘f-prot.sh’],
‘-dumb -archive -packed {}’, [0,8], [3,6],
qr/Infection: (.+)|\s+contains\s+(.+)$/ ],

www.trendmicro.com… - backs up Trophie

[‘Trend Micro FileScanner’, [’/etc/iscan/vscan’,‘vscan’],
‘-za -a {}’, [0], qr/Found virus/, qr/Found virus (.+) in/ ],

www.sald.com…[/url] [url=http://drweb.imshop.de/]drweb.imshop.de… - backs up DrWebD

[‘drweb - DrWeb Antivirus’,
[’/usr/local/drweb/drweb’, ‘/opt/drweb/drweb’, ‘drweb’],
‘-path={} -al -go -ot -cn -upn -ok-’,
[0,32], [1,9,33], qr’ infected (?:with|by)(?: virus)? (.*)$’],

[‘KasperskyLab kavscanner’, [’/opt/kav/bin/kavscanner’,‘kavscanner’],
‘-i1 -xp {}’, [0,10,15], [5,20,21,25],
qr/(?:CURED|INFECTED|CUREFAILED|WARNING|SUSPICION) (.*)/ ,
sub {chdir(’/opt/kav/bin’) or die “Can’t chdir to kav: $!”},
sub {chdir($TEMPBASE) or die “Can’t chdir back to $TEMPBASE $!”},
],

Commented out because the name ‘sweep’ clashes with Debian and FreeBSD

package/port of an audio editor. Make sure the correct ‘sweep’ is found

in the path when enabling.

### www.sophos.com… - backs up Sophie or SAVI-Perl

[‘Sophos Anti Virus (sweep)’, ‘sweep’,

‘-nb -f -all -rec -ss -sc -archive -cab -tnef --no-reset-atime {}’,

[0,2], qr/Virus .*? found/,

qr/^>>> Virus(?: fragment)? ‘?(.*?)’? found/,

],

# other options to consider: -mime -oe -idedir=/usr/local/sav

always succeeds (uncomment to consider mail clean if all other scanners fail)

[‘always-clean’, sub {0}],

);

1; # insure a defined return[/spoiler]

Merci pour ton aide :slight_smile:
Edité le 29/06/2007 à 16:01

oui alors evidemment ta conf fais ecouter amavisd sur le 10025 et postfix egalement.
forcement ca bloque !

change le port d’amavisd en 10024 en modifiant ce parametre:

$inet_socket_port = 10024

erf en effet j’ai presque honte… La dernière fois que j’avais installé amavis, par défaut, c’était le port 10024, je ne pensais pas que ca avait changer. J’ai pas encore les bons réflexes en cas de problème, merci beaucoup pour ton aide :slight_smile: