Attachment #48138 for bug #77425





# Set the user and group to which the daemon will change if started as root
# (otherwise just keeps the UID unchanged, and these settings have no effect):
$daemon_user  = 'amavis';   # (no default;  customary: vscan or amavis)
$daemon_group = 'amavis';   # (no default;  customary: vscan or amavis or sweep)

# Runtime working directory (cwd), and a place where
# temporary directories for unpacking mail are created.
# (no trailing slash, may be a scratch file system)
#$TEMPBASE = $MYHOME;	        # (must be set if other config vars use is)
$TEMPBASE = "$MYHOME/tmp";     # prefer to keep home dir /var/amavis clean?

$db_home = "$MYHOME/db";	# DB databases directory, default "$MYHOME/db"

# $helpers_home sets environment variable HOME, and is passed as option
# 'home_dir_for_helpers' to Mail::SpamAssassin::new. It should be a directory
# on a normal persistent file system, not a scratch or temporary file system
$helpers_home = $MYHOME;	# (defaults to $MYHOME)

# Run the daemon in the specified chroot jail if nonempty:
#$daemon_chroot_dir = $MYHOME;  # (default is undef, meaning: do not chroot)

# feeding amavisd, e.g. with Postfix the 'Max procs' field in the
# master.cf file, like the '2' in the:  smtp-amavis unix - - n - 2 smtp
#
$max_servers  =  4;   # number of pre-forked children          (default 2)
$max_requests = 20;   # retire a child after that many accepts (default 10)

$child_timeout=5*60;  # abort child if it does not complete each task in

# 3: server, client
# 4: decompose parts
# 5: more debug details
$log_level = 0;		  # (defaults to 0)

# Customizable template for the most interesting log file entry (e.g. with
# $log_level=0) (take care to properly quote Perl special characters like '\')

#            reject original client SMTP session, as the mail has already
#            been enqueued.

########
#
# Please think about what you are doing when you set these options.
# If necessary, question your origanization's e-mail policies:
#
# D_BOUNCE contributes to the overall spread of virii and spam on the
# internet. Both the envelope and header from addresses can be forged
# accurately with no effort.
#
# D_DISCARD breaks internet mail specifications. However, with a
# properly implemented Quaratine system, the concern for breaking the
# specification is addressed to some extent.
#
# D_PASS is the safest way to handle e-mails. You must implement
# client-side filtering to handle this method.
#
# -Cory Visi <merlin@gentoo.org> 07/28/04
#
#######
$final_virus_destiny      = D_DISCARD;  # (defaults to D_DISCARD)
$final_banned_destiny     = D_DISCARD;  # (defaults to D_BOUNCE)
$final_spam_destiny       = D_DISCARD;  # (defaults to D_BOUNCE)
$final_bad_header_destiny = D_PASS;     # (defaults to D_PASS)

# Alternatives to consider for spam:
# - use D_PASS if clients will do filtering based on inserted

#   or a directory (no trailing slash)
#   (the default value is undef, meaning no quarantine)
#
$QUARANTINEDIR = "$MYHOME/quarantine";

#$virus_quarantine_method        = 'local:virus-%i-%n';    # default
#$spam_quarantine_method         = 'local:spam-%b-%i-%n';  # default

$defang_virus  = 1;  # default is false: don't modify mail body
$defang_banned = 1;  # default is false: don't modify mail body
# $defang_bad_header     = 1;  # default is false: don't modify mail body
$defang_undecipherable = 1;  # default is false: don't modify mail body
# $defang_spam = 1;  # default is false: don't modify mail body

$remove_existing_x_scanned_headers = 0; # leave existing X-Virus-Scanned alone

# NOTE: if $daemon_chroot_dir is nonempty, the directories will be
#       relative to the chroot directory specified;

$path = '/usr/local/sbin:/usr/local/bin:/usr/sbin:/sbin:/usr/bin:/bin:/opt/bin';

# Specify one string or a search list of strings (first match wins).
# The string (or: each string in a list) may be an absolute path,

# of the option local_tests_only. See Mail::SpamAssassin man page.
# If set to 1, no SA tests that require internet access will be performed.
#
$sa_local_tests_only = 0;   # (default: false)
#$sa_auto_whitelist = 1;    # turn on AWL in SA 2.63 or older (irrelevant
                            # for SA 3.0, its cf option is use_auto_whitelist)


#$sa_spam_report_header = 0; # insert X-Spam-Report header field? default false

# stop anti-virus scanning when the first scanner detects a virus?
$first_infected_stops_scan = 1;  # default is false, all scanners in a section
                                  # are called

# @av_scanners is a list of n-tuples, where fields semantics is:


  ### http://www.nai.com/
  ['NAI McAfee AntiVirus (uvscan)', 'uvscan',
    '--secure --mime --program --mailbox -rv --summary --noboot --timeout 180 - {}', [0], [13],
    qr/(?x) Found (?:
        \ the\ (.+)\ (?:virus|trojan)  |
        \ (?:virus|trojan)\ or\ variant\ ([^ ]+)  |


  ### http://www.f-prot.com/   - backs up F-Prot Daemon
  ['FRISK F-Prot Antivirus', ['f-prot','f-prot.sh'],
    '-dumb -ai -packed -server {}', [0,8], [3,6],
    qr/Infection: (.+)/ ],

  ### http://www.trendmicro.com/   - backs up Trophie

Return to bug 77425

Lines 73-93 Link Here

(-)amavisd-new-2.2.1/amavisd.conf-sample.chris (-19 / +38 lines)
73		73
74	# Set the user and group to which the daemon will change if started as root	74	# Set the user and group to which the daemon will change if started as root
75	# (otherwise just keeps the UID unchanged, and these settings have no effect):	75	# (otherwise just keeps the UID unchanged, and these settings have no effect):
76	$daemon_user = 'vscan'; # (no default; customary: vscan or amavis)	76	$daemon_user = 'amavis'; # (no default; customary: vscan or amavis)
77	$daemon_group = 'vscan'; # (no default; customary: vscan or amavis or sweep)	77	$daemon_group = 'amavis'; # (no default; customary: vscan or amavis or sweep)
78		78
79	# Runtime working directory (cwd), and a place where	79	# Runtime working directory (cwd), and a place where
80	# temporary directories for unpacking mail are created.	80	# temporary directories for unpacking mail are created.
81	# (no trailing slash, may be a scratch file system)	81	# (no trailing slash, may be a scratch file system)
82	$TEMPBASE = $MYHOME; # (must be set if other config vars use is)	82	#$TEMPBASE = $MYHOME; # (must be set if other config vars use is)
83	#$TEMPBASE = "$MYHOME/tmp"; # prefer to keep home dir /var/amavis clean?	83	$TEMPBASE = "$MYHOME/tmp"; # prefer to keep home dir /var/amavis clean?
84		84
85	#$db_home = "$MYHOME/db"; # DB databases directory, default "$MYHOME/db"	85	$db_home = "$MYHOME/db"; # DB databases directory, default "$MYHOME/db"
86		86
87	# $helpers_home sets environment variable HOME, and is passed as option	87	# $helpers_home sets environment variable HOME, and is passed as option
88	# 'home_dir_for_helpers' to Mail::SpamAssassin::new. It should be a directory	88	# 'home_dir_for_helpers' to Mail::SpamAssassin::new. It should be a directory
89	# on a normal persistent file system, not a scratch or temporary file system	89	# on a normal persistent file system, not a scratch or temporary file system
90	#$helpers_home = $MYHOME; # (defaults to $MYHOME)	90	$helpers_home = $MYHOME; # (defaults to $MYHOME)
91		91
92	# Run the daemon in the specified chroot jail if nonempty:	92	# Run the daemon in the specified chroot jail if nonempty:
93	#$daemon_chroot_dir = $MYHOME; # (default is undef, meaning: do not chroot)	93	#$daemon_chroot_dir = $MYHOME; # (default is undef, meaning: do not chroot)
Lines 152-158 Link Here
152	# feeding amavisd, e.g. with Postfix the 'Max procs' field in the	152	# feeding amavisd, e.g. with Postfix the 'Max procs' field in the
153	# master.cf file, like the '2' in the: smtp-amavis unix - - n - 2 smtp	153	# master.cf file, like the '2' in the: smtp-amavis unix - - n - 2 smtp
154	#	154	#
155	$max_servers = 2; # number of pre-forked children (default 2)	155	$max_servers = 4; # number of pre-forked children (default 2)
156	$max_requests = 20; # retire a child after that many accepts (default 10)	156	$max_requests = 20; # retire a child after that many accepts (default 10)
157		157
158	$child_timeout=5*60; # abort child if it does not complete each task in	158	$child_timeout=5*60; # abort child if it does not complete each task in
Lines 291-297 Link Here
291	# 3: server, client	291	# 3: server, client
292	# 4: decompose parts	292	# 4: decompose parts
293	# 5: more debug details	293	# 5: more debug details
294	$log_level = 2; # (defaults to 0)	294	$log_level = 0; # (defaults to 0)
295		295
296	# Customizable template for the most interesting log file entry (e.g. with	296	# Customizable template for the most interesting log file entry (e.g. with
297	# $log_level=0) (take care to properly quote Perl special characters like '\')	297	# $log_level=0) (take care to properly quote Perl special characters like '\')
Lines 447-456 Link Here
447	# reject original client SMTP session, as the mail has already	447	# reject original client SMTP session, as the mail has already
448	# been enqueued.	448	# been enqueued.
449		449
450	$final_virus_destiny = D_BOUNCE; # (defaults to D_DISCARD)	450	########
451	$final_banned_destiny = D_BOUNCE; # (defaults to D_BOUNCE)	451	#
452	$final_spam_destiny = D_BOUNCE; # (defaults to D_BOUNCE)	452	# Please think about what you are doing when you set these options.
453	$final_bad_header_destiny = D_PASS; # (defaults to D_PASS), D_BOUNCE suggested	453	# If necessary, question your origanization's e-mail policies:
		454	#
		455	# D_BOUNCE contributes to the overall spread of virii and spam on the
		456	# internet. Both the envelope and header from addresses can be forged
		457	# accurately with no effort.
		458	#
		459	# D_DISCARD breaks internet mail specifications. However, with a
		460	# properly implemented Quaratine system, the concern for breaking the
		461	# specification is addressed to some extent.
		462	#
		463	# D_PASS is the safest way to handle e-mails. You must implement
		464	# client-side filtering to handle this method.
		465	#
		466	# -Cory Visi <merlin@gentoo.org> 07/28/04
		467	#
		468	#######
		469	$final_virus_destiny = D_DISCARD; # (defaults to D_DISCARD)
		470	$final_banned_destiny = D_DISCARD; # (defaults to D_BOUNCE)
		471	$final_spam_destiny = D_DISCARD; # (defaults to D_BOUNCE)
		472	$final_bad_header_destiny = D_PASS; # (defaults to D_PASS)
454		473
455	# Alternatives to consider for spam:	474	# Alternatives to consider for spam:
456	# - use D_PASS if clients will do filtering based on inserted	475	# - use D_PASS if clients will do filtering based on inserted
Lines 590-596 Link Here
590	# or a directory (no trailing slash)	609	# or a directory (no trailing slash)
591	# (the default value is undef, meaning no quarantine)	610	# (the default value is undef, meaning no quarantine)
592	#	611	#
593	$QUARANTINEDIR = '/var/virusmails';	612	$QUARANTINEDIR = "$MYHOME/quarantine";
594		613
595	#$virus_quarantine_method = 'local:virus-%i-%n'; # default	614	#$virus_quarantine_method = 'local:virus-%i-%n'; # default
596	#$spam_quarantine_method = 'local:spam-%b-%i-%n'; # default	615	#$spam_quarantine_method = 'local:spam-%b-%i-%n'; # default
Lines 725-731 Link Here
725	$defang_virus = 1; # default is false: don't modify mail body	744	$defang_virus = 1; # default is false: don't modify mail body
726	$defang_banned = 1; # default is false: don't modify mail body	745	$defang_banned = 1; # default is false: don't modify mail body
727	# $defang_bad_header = 1; # default is false: don't modify mail body	746	# $defang_bad_header = 1; # default is false: don't modify mail body
728	# $defang_undecipherable = 1; # default is false: don't modify mail body	747	$defang_undecipherable = 1; # default is false: don't modify mail body
729	# $defang_spam = 1; # default is false: don't modify mail body	748	# $defang_spam = 1; # default is false: don't modify mail body
730		749
731	$remove_existing_x_scanned_headers = 0; # leave existing X-Virus-Scanned alone	750	$remove_existing_x_scanned_headers = 0; # leave existing X-Virus-Scanned alone
Lines 1428-1434 Link Here
1428	# NOTE: if $daemon_chroot_dir is nonempty, the directories will be	1447	# NOTE: if $daemon_chroot_dir is nonempty, the directories will be
1429	# relative to the chroot directory specified;	1448	# relative to the chroot directory specified;
1430		1449
1431	$path = '/usr/local/sbin:/usr/local/bin:/usr/sbin:/sbin:/usr/bin:/bin';	1450	$path = '/usr/local/sbin:/usr/local/bin:/usr/sbin:/sbin:/usr/bin:/bin:/opt/bin';
1432		1451
1433	# Specify one string or a search list of strings (first match wins).	1452	# Specify one string or a search list of strings (first match wins).
1434	# The string (or: each string in a list) may be an absolute path,	1453	# The string (or: each string in a list) may be an absolute path,
Lines 1466-1472 Link Here
1466	# of the option local_tests_only. See Mail::SpamAssassin man page.	1485	# of the option local_tests_only. See Mail::SpamAssassin man page.
1467	# If set to 1, no SA tests that require internet access will be performed.	1486	# If set to 1, no SA tests that require internet access will be performed.
1468	#	1487	#
1469	$sa_local_tests_only = 1; # (default: false)	1488	$sa_local_tests_only = 0; # (default: false)
1470	#$sa_auto_whitelist = 1; # turn on AWL in SA 2.63 or older (irrelevant	1489	#$sa_auto_whitelist = 1; # turn on AWL in SA 2.63 or older (irrelevant
1471	# for SA 3.0, its cf option is use_auto_whitelist)	1490	# for SA 3.0, its cf option is use_auto_whitelist)
1472		1491
Lines 1525-1531 Link Here
1525	#$sa_spam_report_header = 0; # insert X-Spam-Report header field? default false	1544	#$sa_spam_report_header = 0; # insert X-Spam-Report header field? default false
1526		1545
1527	# stop anti-virus scanning when the first scanner detects a virus?	1546	# stop anti-virus scanning when the first scanner detects a virus?
1528	#$first_infected_stops_scan = 1; # default is false, all scanners in a section	1547	$first_infected_stops_scan = 1; # default is false, all scanners in a section
1529	# are called	1548	# are called
1530		1549
1531	# @av_scanners is a list of n-tuples, where fields semantics is:	1550	# @av_scanners is a list of n-tuples, where fields semantics is:
Lines 1798-1804 Link Here
1798		1817
1799	### http://www.nai.com/	1818	### http://www.nai.com/
1800	['NAI McAfee AntiVirus (uvscan)', 'uvscan',	1819	['NAI McAfee AntiVirus (uvscan)', 'uvscan',
1801	'--secure -rv --mime --summary --noboot - {}', [0], [13],	1820	'--secure --mime --program --mailbox -rv --summary --noboot --timeout 180 - {}', [0], [13],
1802	qr/(?x) Found (?:	1821	qr/(?x) Found (?:
1803	\ the\ (.+)\ (?:virus\|trojan) \|	1822	\ the\ (.+)\ (?:virus\|trojan) \|
1804	\ (?:virus\|trojan)\ or\ variant\ ([^ ]+) \|	1823	\ (?:virus\|trojan)\ or\ variant\ ([^ ]+) \|
Lines 1909-1915 Link Here
1909		1928
1910	### http://www.f-prot.com/ - backs up F-Prot Daemon	1929	### http://www.f-prot.com/ - backs up F-Prot Daemon
1911	['FRISK F-Prot Antivirus', ['f-prot','f-prot.sh'],	1930	['FRISK F-Prot Antivirus', ['f-prot','f-prot.sh'],
1912	'-dumb -archive -packed {}', [0,8], [3,6],	1931	'-dumb -ai -packed -server {}', [0,8], [3,6],
1913	qr/Infection: (.+)/ ],	1932	qr/Infection: (.+)/ ],
1914		1933
1915	### http://www.trendmicro.com/ - backs up Trophie	1934	### http://www.trendmicro.com/ - backs up Trophie