[gelöst] Postfix mit amavis, keine Clamav möglich

[debian80]

Hallo,

nachdem ich nun mehere Tage ca. 100 Anleitungen gelesen habe, verstehe ich nicht, warum amavis bei mir CLAMAV nicht nutzen möchte.... SPAMASSASSIN läuft super.

Bin hauptsächlich dieser Anleitung gefolgt: https://www.df.eu/de/service/df-faq/clo ... ix-debian/


Hier mal kurz die wie ich denke relavanten Informationen
log beim start von amavis

Code: Alles auswählen

Jan  7 09:23:05 cloud amavis[24778]: Net::Server: 2016/01/07-09:23:05 Server closing!
Jan  7 09:23:05 cloud amavis[24783]: SA rundown_child (0)
Jan  7 09:23:05 cloud amavis[24782]: SA rundown_child (0)
Jan  7 09:23:07 cloud amavis[25004]: logging initialized, log level 3, syslog: amavis.mail
Jan  7 09:23:07 cloud amavis[25004]: starting. /usr/sbin/amavisd-new at amavisd-new-2.10.1 (20141025), Unicode aware, LANG="de_DE.UTF-8"
Jan  7 09:23:07 cloud amavis[25004]: perl=5.020002, user=, EUID: 115 (115);  group=, EGID: 123 123 (123 123)
Jan  7 09:23:07 cloud amavis[25004]: INFO: no optional modules: unicore::lib::Perl::SpacePer.pl unicore::lib::Nt::De.pl Unix::Getrusage
Jan  7 09:23:07 cloud amavis[25004]: SpamControl: scanner SpamAssassin, module Amavis::SpamControl::SpamAssassin
Jan  7 09:23:08 cloud amavis[25004]: INFO: SA version: 3.4.0, 3.004000, no optional modules: Net::CIDR::Lite Encode::Detect Image::Info Image::Info::GIF Image::Info::JPEG Image::Info::PNG Image::Info::BMP Image::Info::TIFF
Jan  7 09:23:08 cloud amavis[25004]: SpamControl: init_pre_chroot on SpamAssassin done
Jan  7 09:23:08 cloud amavis[25004]: socket module IO::Socket::IP, protocol families available: INET, INET6
Jan  7 09:23:08 cloud amavis[25004]: bind to 127.0.0.1:10024/tcp, [::1]:10024/tcp
Jan  7 09:23:08 cloud amavis[25009]: Net::Server: Process Backgrounded
Jan  7 09:23:08 cloud amavis[25009]: Net::Server: 2016/01/07-09:23:08 Amavis (type Net::Server::PreForkSimple) starting! pid(25009)
Jan  7 09:23:08 cloud amavis[25009]: Net::Server: Binding to TCP port 10024 on host 127.0.0.1 with IPv4
Jan  7 09:23:08 cloud amavis[25009]: Net::Server: Binding to TCP port 10024 on host ::1 with IPv6
Jan  7 09:23:08 cloud amavis[25009]: Net::Server: Group Not Defined.  Defaulting to EGID '123 123'
Jan  7 09:23:08 cloud amavis[25009]: Net::Server: User Not Defined.  Defaulting to EUID '115'
Jan  7 09:23:08 cloud amavis[25009]: config files read: /usr/share/amavis/conf.d/10-debian_scripts, /usr/share/amavis/conf.d/20-package, /etc/amavis/conf.d/05-node_id, /etc/amavis/conf.d/15-av_scanners, /etc/amavis/conf.d/15-content_filter_mode, /etc/amavis/conf.d/20-debian_defaults
Jan  7 09:23:08 cloud amavis[25009]: Module Amavis::Conf        2.404
Jan  7 09:23:08 cloud amavis[25009]: Module Archive::Zip        1.39
Jan  7 09:23:08 cloud amavis[25009]: Module BerkeleyDB          0.54
Jan  7 09:23:08 cloud amavis[25009]: Module Compress::Raw::Zlib 2.065
Jan  7 09:23:08 cloud amavis[25009]: Module Compress::Zlib      2.064
Jan  7 09:23:08 cloud amavis[25009]: Module Crypt::OpenSSL::RSA 0.28
Jan  7 09:23:08 cloud amavis[25009]: Module DB_File             1.831
Jan  7 09:23:08 cloud amavis[25009]: Module Digest::MD5         2.53
Jan  7 09:23:08 cloud amavis[25009]: Module Digest::SHA         5.88
Jan  7 09:23:08 cloud amavis[25009]: Module Encode              2.60
Jan  7 09:23:08 cloud amavis[25009]: Module File::Temp          0.2304
Jan  7 09:23:08 cloud amavis[25009]: Module IO::Socket::INET6   2.72
Jan  7 09:23:08 cloud amavis[25009]: Module IO::Socket::IP      0.32
Jan  7 09:23:08 cloud amavis[25009]: Module MIME::Entity        5.505
Jan  7 09:23:08 cloud amavis[25009]: Module MIME::Parser        5.505
Jan  7 09:23:08 cloud amavis[25009]: Module MIME::Tools         5.505
Jan  7 09:23:08 cloud amavis[25009]: Module Mail::DKIM::Verifier 0.4
Jan  7 09:23:08 cloud amavis[25009]: Module Mail::Header        2.13
Jan  7 09:23:08 cloud amavis[25009]: Module Mail::Internet      2.13
Jan  7 09:23:08 cloud amavis[25009]: Module Mail::SPF           v2.009
Jan  7 09:23:08 cloud amavis[25009]: Module Mail::SpamAssassin  3.004000
Jan  7 09:23:08 cloud amavis[25009]: Module Net::DNS            0.81
Jan  7 09:23:08 cloud amavis[25009]: Module Net::LibIDN         0.12
Jan  7 09:23:08 cloud amavis[25009]: Module Net::Server         2.008
Jan  7 09:23:08 cloud amavis[25009]: Module NetAddr::IP         4.075
Jan  7 09:23:08 cloud amavis[25009]: Module Razor2::Client::Version 2.84
Jan  7 09:23:08 cloud amavis[25009]: Module Scalar::Util        1.38
Jan  7 09:23:08 cloud amavis[25009]: Module Socket              2.013
Jan  7 09:23:08 cloud amavis[25009]: Module Socket6             0.25
Jan  7 09:23:08 cloud amavis[25009]: Module Time::HiRes         1.9726
Jan  7 09:23:08 cloud amavis[25009]: Module URI                 1.64
Jan  7 09:23:08 cloud amavis[25009]: Module Unix::Syslog        1.1
Jan  7 09:23:08 cloud amavis[25009]: Amavis::ZMQ code     NOT loaded
Jan  7 09:23:08 cloud amavis[25009]: Amavis::DB code      loaded
Jan  7 09:23:08 cloud amavis[25009]: SQL base code        NOT loaded
Jan  7 09:23:08 cloud amavis[25009]: SQL::Log code        NOT loaded
Jan  7 09:23:08 cloud amavis[25009]: SQL::Quarantine      NOT loaded
Jan  7 09:23:08 cloud amavis[25009]: Lookup::SQL code     NOT loaded
Jan  7 09:23:08 cloud amavis[25009]: Lookup::LDAP code    NOT loaded
Jan  7 09:23:08 cloud amavis[25009]: AM.PDP-in proto code NOT loaded
Jan  7 09:23:08 cloud amavis[25009]: SMTP-in proto code   loaded
Jan  7 09:23:08 cloud amavis[25009]: Courier proto code   NOT loaded
Jan  7 09:23:08 cloud amavis[25009]: SMTP-out proto code  loaded
Jan  7 09:23:08 cloud amavis[25009]: Pipe-out proto code  NOT loaded
Jan  7 09:23:08 cloud amavis[25009]: BSMTP-out proto code NOT loaded
Jan  7 09:23:08 cloud amavis[25009]: Local-out proto code loaded
Jan  7 09:23:08 cloud amavis[25009]: OS_Fingerprint code  NOT loaded
Jan  7 09:23:08 cloud amavis[25009]: ANTI-VIRUS code      NOT loaded
Jan  7 09:23:08 cloud amavis[25009]: ANTI-SPAM code       loaded
Jan  7 09:23:08 cloud amavis[25009]: ANTI-SPAM-EXT code   NOT loaded
Jan  7 09:23:08 cloud amavis[25009]: ANTI-SPAM-C code     NOT loaded
Jan  7 09:23:08 cloud amavis[25009]: ANTI-SPAM-SA code    loaded
Jan  7 09:23:08 cloud amavis[25009]: Unpackers code       loaded
Jan  7 09:23:08 cloud amavis[25009]: DKIM code            NOT loaded
Jan  7 09:23:08 cloud amavis[25009]: Tools code           NOT loaded
Jan  7 09:23:08 cloud amavis[25009]: No $file,              not using it
Jan  7 09:23:08 cloud amavis[25009]: No $altermime,         not using it
Jan  7 09:23:08 cloud amavis[25009]: Internal decoder for .mail
Jan  7 09:23:08 cloud amavis[25009]: Internal decoder for .gz
Jan  7 09:23:08 cloud amavis[25009]: No ext program for   .xz, tried: xzdec, xz -dc, unxz -c, xzcat
Jan  7 09:23:08 cloud amavis[25009]: No ext program for   .lzma, tried: lzmadec, xz -dc --format=lzma, lzma -dc, unlzma -c, lzcat, lzmadec
Jan  7 09:23:08 cloud amavis[25009]: No ext program for   .lrz, tried: lrzip -q -k -d -o -, lrzcat -q -k
Jan  7 09:23:08 cloud amavis[25009]: No ext program for   .lz4, tried: lz4c -d
Jan  7 09:23:08 cloud amavis[25009]: Internal decoder for .tnef
Jan  7 09:23:08 cloud amavis[25009]: No ext program for   .zip, tried: 7za, 7z
Jan  7 09:23:08 cloud amavis[25009]: No ext program for   .kmz, tried: 7za, 7z
Jan  7 09:23:08 cloud amavis[25009]: Internal decoder for .zip
Jan  7 09:23:08 cloud amavis[25009]: Internal decoder for .kmz
Jan  7 09:23:08 cloud amavis[25009]: No ext program for   .7z, tried: 7zr, 7za, 7z
Jan  7 09:23:08 cloud amavis[25009]: No ext program for   .bz2, tried: 7za, 7z
Jan  7 09:23:08 cloud amavis[25009]: No ext program for   .Z, tried: 7za, 7z
Jan  7 09:23:08 cloud amavis[25009]: No ext program for   .tar, tried: 7za, 7z
Jan  7 09:23:08 cloud amavis[25009]: No ext program for   .xz, tried: 7z
Jan  7 09:23:08 cloud amavis[25009]: No ext program for   .lzma, tried: 7z
Jan  7 09:23:08 cloud amavis[25009]: No ext program for   .jar, tried: 7z
Jan  7 09:23:08 cloud amavis[25009]: No ext program for   .cpio, tried: 7z
Jan  7 09:23:08 cloud amavis[25009]: No ext program for   .arj, tried: 7z
Jan  7 09:23:08 cloud amavis[25009]: No ext program for   .rar, tried: 7z
Jan  7 09:23:08 cloud amavis[25009]: No ext program for   .swf, tried: 7z
Jan  7 09:23:08 cloud amavis[25009]: No ext program for   .lha, tried: 7z
Jan  7 09:23:08 cloud amavis[25009]: No ext program for   .iso, tried: 7z
Jan  7 09:23:08 cloud amavis[25009]: No ext program for   .cab, tried: 7z
Jan  7 09:23:08 cloud amavis[25009]: No ext program for   .deb, tried: 7z
Jan  7 09:23:08 cloud amavis[25009]: No ext program for   .rpm, tried: 7z
Jan  7 09:23:08 cloud amavis[25009]: No decoder for       .7z
Jan  7 09:23:08 cloud amavis[25009]: No decoder for       .F
Jan  7 09:23:08 cloud amavis[25009]: No decoder for       .Z
Jan  7 09:23:08 cloud amavis[25009]: No decoder for       .arc
Jan  7 09:23:08 cloud amavis[25009]: No decoder for       .arj
Jan  7 09:23:08 cloud amavis[25009]: No decoder for       .bz2
Jan  7 09:23:08 cloud amavis[25009]: No decoder for       .cab
Jan  7 09:23:08 cloud amavis[25009]: No decoder for       .cpio
Jan  7 09:23:08 cloud amavis[25009]: No decoder for       .deb
Jan  7 09:23:08 cloud amavis[25009]: No decoder for       .doc
Jan  7 09:23:08 cloud amavis[25009]: No decoder for       .exe
Jan  7 09:23:08 cloud amavis[25009]: No decoder for       .iso
Jan  7 09:23:08 cloud amavis[25009]: No decoder for       .jar
Jan  7 09:23:08 cloud amavis[25009]: No decoder for       .lha
Jan  7 09:23:08 cloud amavis[25009]: No decoder for       .lrz
Jan  7 09:23:08 cloud amavis[25009]: No decoder for       .lz4
Jan  7 09:23:08 cloud amavis[25009]: No decoder for       .lzma
Jan  7 09:23:08 cloud amavis[25009]: No decoder for       .lzo
Jan  7 09:23:08 cloud amavis[25009]: No decoder for       .rar
Jan  7 09:23:08 cloud amavis[25009]: No decoder for       .rpm
Jan  7 09:23:08 cloud amavis[25009]: No decoder for       .swf
Jan  7 09:23:08 cloud amavis[25009]: No decoder for       .tar
Jan  7 09:23:08 cloud amavis[25009]: No decoder for       .xz
Jan  7 09:23:08 cloud amavis[25009]: No decoder for       .zoo
Jan  7 09:23:08 cloud amavis[25009]: Deleting db files __db.001,snmp.db,__db.002,nanny.db,__db.003 in /var/lib/amavis/db
Jan  7 09:23:08 cloud amavis[25009]: Creating db in /var/lib/amavis/db/; BerkeleyDB 0.54, libdb 5.3
Jan  7 09:23:08 cloud amavis[25009]: initializing Mail::SpamAssassin (0)
Jan  7 09:23:08 cloud amavis[25009]: SpamAssassin debug facilities: info

/usr/share/amavis/conf.d/10-debian_scripts

Code: Alles auswählen

use strict;

$daemon_user  = 'amavis';
$daemon_group = 'amavis';

$MYHOME   = '/var/lib/amavis'; # a convenient default for other settings
$TEMPBASE = "$MYHOME/tmp";     # working directory, needs to be created manually
$ENV{TMPDIR} = $TEMPBASE;      # environment variable TMPDIR
$db_home   = "$MYHOME/db";

$pid_file  = "/var/run/amavis/amavisd.pid";
$lock_file = "/var/run/amavis/amavisd.lock";

1;  # insure a defined return

/usr/share/amavis/conf.d/20-package

Code: Alles auswählen

use strict;
#@bypass_virus_checks_maps  = (1);  # DISABLE anti-virus code by default
#@bypass_spam_checks_maps  = (1);  # DISABLE anti-spam code by default
1;  # insure a defined return

/etc/amavis/conf.d/05-node_id

Code: Alles auswählen

$myhostname = "'mail.##########";

/etc/amavis/conf.d/15-av_scanners

Code: Alles auswählen

### http://www.clamav.net/
['ClamAV-clamd',
   \&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd.ctl"],
   qr/\bOK$/, qr/\bFOUND$/,
   qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
 # NOTE: remember to add the clamav user to the amavis group, and
 # to properly set clamd to init supplementary groups
 # When running chrooted one may prefer: ["CONTSCAN {}\n","$MYHOME/clamd"],

/etc/amavis/conf.d/15-content_filter_mode

Code: Alles auswählen

use strict;


@bypass_virus_checks_maps = (
        \%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re);

@bypass_spam_checks_maps = (
%bypass_spam_checks, @bypass_spam_checks_acl, $bypass_spam_checks_re);

1;  # insure a defined return

/etc/amavis/conf.d/20-debian_defaults

Code: Alles auswählen

$QUARANTINEDIR = "$MYHOME/virusmails";

$log_level = 3;

$mydomain = '#########';

@local_domains_maps = ( ".$########" );
@local_domains_acl = ( ".$#########" );

$log_recip_templ = undef;    # disable by-recipient level-0 log entries
$DO_SYSLOG = 1;              # log via syslogd (preferred)
$syslog_ident = 'amavis';    # syslog ident tag, prepended to all messages
$syslog_facility = 'mail';
$syslog_priority = 'debug';  # switch to info to drop debug output, etc

$enable_db = 1;              # enable use of BerkeleyDB/libdb (SNMP and nanny)
$enable_global_cache = 1;    # enable use of libdb-based cache if $enable_db=1

$inet_socket_port = 10024;   # default listenting socket

$sa_tag_level_deflt  = -999;# add spam info headers if at, or above that level
$sa_tag2_level_deflt = 2;   # add 'spam detected' headers at that level
$sa_kill_level_deflt = 10;  # triggers spam evasive actions
$sa_dsn_cutoff_level = 10;  # spam level beyond which a DSN is not sent
$sa_spam_subject_tag = '***SPAM*** ';

$sa_mail_body_size_limit = 200*1024; # don't waste time on SA if mail is larger
$sa_local_tests_only = 0;    # only tests which do not require internet access?


$final_virus_destiny      = D_REJECT;  # (data not lost, see virus quarantine)
$final_banned_destiny     = D_BOUNCE;   # D_REJECT when front-end MTA
$final_spam_destiny       = D_DISCARD;
$final_bad_header_destiny = D_PASS;    # False-positive prone (for spam)
$spam_quarantine_to ='spam######';
$hdrfrom_notify_sender = "sebastian######";

clamd.conf

Code: Alles auswählen

#Automatically Generated by clamav-daemon postinst
#To reconfigure clamd run #dpkg-reconfigure clamav-daemon
#Please read /usr/share/doc/clamav-daemon/README.Debian.gz for details
LocalSocket /var/run/clamav/clamd.ctl
FixStaleSocket true
LocalSocketGroup clamav
LocalSocketMode 666
# TemporaryDirectory is not set to its default /tmp here to make overriding
# the default with environment variables TMPDIR/TMP/TEMP possible
User clamav
AllowSupplementaryGroups true
ScanMail true
ScanArchive true
#TCPSocket 3310
ArchiveBlockEncrypted false
MaxDirectoryRecursion 15
FollowDirectorySymlinks false
FollowFileSymlinks false
ReadTimeout 180
MaxThreads 12
MaxConnectionQueueLength 15
LogSyslog false
LogRotate true
LogFacility LOG_LOCAL6
LogClean false
LogVerbose false
DatabaseDirectory /var/lib/clamav
OfficialDatabaseOnly false
SelfCheck 3600
Foreground false
Debug false
ScanPE true
MaxEmbeddedPE 10M
ScanOLE2 true
ScanPDF true
ScanHTML true
MaxHTMLNormalize 10M
MaxHTMLNoTags 2M
MaxScriptNormalize 5M
MaxZipTypeRcg 1M
ScanSWF true
DetectBrokenExecutables false
ExitOnOOM false
LeaveTemporaryFiles false
AlgorithmicDetection true
ScanELF true
IdleTimeout 30

ps aux | grep clam

Code: Alles auswählen

clamav   22906  0.6 30.7 518844 311940 ?       Ssl  08:43   0:16 /usr/sbin/clamd --foreground=true
root     25155  0.0  0.2  12740  2228 pts/0    S+   09:24   0:00 grep clam
clamav   27304  0.1  0.1 100348  1072 ?        Ss    2015 254:25 /usr/bin/freshclam -d --foreground=true
clamsmtp 28134  0.0  0.0  14824     8 ?        Ss    2015   0:00 /usr/sbin/clamsmtpd

[Dimejo]

Hallo,

nachdem ich nun mehere Tage ca. 100 Anleitungen gelesen habe, verstehe ich nicht, warum amavis bei mir CLAMAV nicht nutzen möchte.... SPAMASSASSIN läuft super.

ps aux | grep clam

Code: Alles auswählen

clamav   22906  0.6 30.7 518844 311940 ?       Ssl  08:43   0:16 /usr/sbin/clamd --foreground=true
root     25155  0.0  0.2  12740  2228 pts/0    S+   09:24   0:00 grep clam
clamav   27304  0.1  0.1 100348  1072 ?        Ss    2015 254:25 /usr/bin/freshclam -d --foreground=true
clamsmtp 28134  0.0  0.0  14824     8 ?        Ss    2015   0:00 /usr/sbin/clamsmtpd

Bevor ich mir jetzt die ganze Konfiguration genau durchsehe eine Frage:
Wieso nimmst Du an, dass amavisd den ClamAV nicht benutzen möchte?

[TRex]

Code: Alles auswählen

X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

Das ist der EICAR Teststring. Jag den durch dein Mailsystem, wenns nen alert gibt, funktionierts.

[debian80]

Naja,

ich gehe deshalb davon aus, weil zu seinem laut Amavislog steht

ANTI-VIRUS code NOT loaded

nirgends mal CLAMAV oder Virus in den Logdateien auftaucht, und zu guter letzt eben auch der EICAR Teststring durchrutscht.....

[TRex]

Die postfix master.cf will auch angepasst werden, wie es in dem Tutorial steht. Das kontrolliert und die EICAR-Signatur durchgelaufen hätte ich gerne bestätigt von dir.

[debian80]

Hallo,

die master.cf habe ich soweit auch angepasst. Siehe letze Einträge. Die EICAR habe ich eben auch noch mal von meinem GMX Account an meinen Mail-Server versendet. Die Mail kam normal an.

Code: Alles auswählen

smtp      inet  n       -       -       -       -       smtpd
submission inet n       -       -       -       -       smtpd
  -o smtpd_tls_security_level=encrypt
  -o smtpd_sasl_auth_enable=yes
smtps     inet  n       -       -       -       -       smtpd
  -o syslog_name=postfix/smtps
  -o smtpd_tls_wrappermode=yes
  -o smtpd_sasl_auth_enable=yes
  -o milter_macro_daemon_name=ORIGINATING

pickup    unix  n       -       -       60      1       pickup
    -o content_filter=
    -o receive_override_options=no_header_body_checks
cleanup   unix  n       -       -       -       0       cleanup
qmgr      unix  n       -       n       300     1       qmgr
tlsmgr    unix  -       -       -       1000?   1       tlsmgr
rewrite   unix  -       -       -       -       -       trivial-rewrite
bounce    unix  -       -       -       -       0       bounce
defer     unix  -       -       -       -       0       bounce
trace     unix  -       -       -       -       0       bounce
verify    unix  -       -       -       -       1       verify
flush     unix  n       -       -       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
proxywrite unix -       -       n       -       1       proxymap
smtp      unix  -       -       -       -       -       smtp
relay     unix  -       -       -       -       -       smtp

showq     unix  n       -       -       -       -       showq
error     unix  -       -       -       -       -       error
retry     unix  -       -       -       -       -       error
discard   unix  -       -       -       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       -       -       -       lmtp
anvil     unix  -       -       -       -       1       anvil
scache    unix  -       -       -       -       1       scache

maildrop  unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}

uucp      unix  -       n       n       -       -       pipe
  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)

ifmail    unix  -       n       n       -       -       pipe
  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp     unix  -       n       n       -       -       pipe
  flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix  -       n       n       -       2       pipe
  flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman   unix  -       n       n       -       -       pipe
  flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
  ${nexthop} ${user}
dovecot   unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -d ${recipient}


smtp-amavis     unix    -       -       -       -       2       smtp
        -o smtp_data_done_timeout=1200
        -o smtp_send_xforward_command=yes
        -o disable_dns_lookups=yes
        -o max_use=20
        -o smtp_tls_security_level=none
        -o smtp_enforce_tls=no
127.0.0.1:10025 inet    n       -       -       -       -       smtpd
        -o content_filter=
        -o local_recipient_maps=
        -o relay_recipient_maps=
        -o smtpd_restriction_classes=
        -o smtpd_delay_reject=no
        -o smtpd_client_restrictions=permit_mynetworks,reject
        -o smtpd_tls_security_level=none
        -o smtpd_tls_auth_only=no
        -o smtpd_enforce_tls=no
        -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks,no_milters

und dazu gleich noch die main.cf

Code: Alles auswählen

smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

append_at_myorigin = no
# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = no

# TLS parameters
smtpd_use_tls = yes
smtpd_tls_auth_only = yes
smtpd_tls_key_file = /etc/ssl/certs/cert.key
smtpd_tls_cert_file = /etc/ssl/certs/cert.crt
smtpd_tls_CAfile = /etc/ssl/certs/bundle.crt
#smtpd_tls_loglevel = 3
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
#smtpd_tls_security_level = may
smtpd_tls_security_level = encrypt


smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes

#spamassassin_destination_recipient_limit = 1

smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname = ###########
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination =

relayhost = [smtp.strato.de]:587
smtp_use_tls=yes
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_password
smtp_sasl_security_options =

mynetworks = 127.0.0.0/8 192.168.7.0/24 192.168.9.0/24
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
message_size_limit = 10240000
recipient_delimiter =
inet_interfaces = all
inet_protocols = ipv4

virtual_alias_maps = proxy:mysql:/etc/postfix/mysql_virtual_alias_maps.cf
virtual_mailbox_base = /var/vmail/
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql_virtual_domains_maps.cf
virtual_mailbox_limit = 124000000
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
virtual_minimum_uid = 100
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
virtual_transport = lmtp:unix:private/dovecot-lmtp
dovecot_destination_recipient_limit = 1
smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination
smtp_tls_CApath = /etc/ssl/certs/
smtpd_tls_CApath = /etc/ssl/certs/

#ContentFilter:
content_filter = smtp-amavis:[127.0.0.1]:10024
receive_override_options = no_address_mappings

[debian80]

Hallo,

hier noch mal eine Mail mit dem EICAR Teststring....

Im Header steht zwar "X-Virus-Scanned: amavisd-new at"
aber Mail wird dennoch zugestellt..

Code: Alles auswählen

Return-Path: xxxxxxxxxxxxxxx
Delivered-To: xxxxxxxxxxxxxxxxxxxx
Received: from xxxxxxxxxxxxxx
	by xxxxxxxxxxxxxx (Dovecot) with LMTP id PQglK4ZTj1aGOwAAzi5boA
	for <xxxxxxxxxxxxxxx>; Fri, 08 Jan 2016 07:13:26 +0100
Received: from localhost (localhost [127.0.0.1])
	by xxxxxxxxxxxxxxxx (Postfix) with ESMTP id 779985C0080
	for <xxxxxxxxxxxxxxxx>; Fri,  8 Jan 2016 07:13:26 +0100 (CET)
X-Virus-Scanned: amavisd-new at xxxxxxxxxxxxx
X-Spam-Flag: NO
X-Spam-Score: -0.999
X-Spam-Level:
X-Spam-Status: No, score=-0.999 tagged_above=-999 required=2
	tests=[ALL_TRUSTED=-1, TVD_SPACE_RATIO=0.001]
	autolearn=ham autolearn_force=no
Received: from xxxxxxxxxxx ([127.0.0.1])
	by localhost (xxxxxxxxxxxxxx [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id Ee077BKTuUFl for <xxxxxxxxxxxxxxxx>;
	Fri,  8 Jan 2016 07:13:25 +0100 (CET)
Received: from xxxxxxxxxxxxx (localhost [127.0.0.1])
	(using TLSv1 with cipher ECDHE-RSA-AES128-SHA (128/128 bits))
	(No client certificate requested)
	(Authenticated sender: xxxxxxxxxxxxxxxxxxx)
	by xxxxxxxxxxxxxxx (Postfix) with ESMTPSA id 544015C007B
	for <xxxxxxxxxxxxxxxxx>; Fri,  8 Jan 2016 07:13:25 +0100 (CET)
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII;
 format=flowed
Content-Transfer-Encoding: 7bit
Date: Fri, 08 Jan 2016 07:13:25 +0100
From: xxxxxxxxxxxxxxxxx
To: xxxxxxxxxxxxxxxxxxxxxxx
Subject: Test Mail  
 X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
Message-ID: <de2a1e41870d0efcf1dd035bb1c816b0@xxxxxxxxxxxxxx>
X-Sender: xxxxxxxxxxxxxxxxxxxxxxx
User-Agent: Roundcube Webmail/1.1.4

X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

[debian80]

Hallo,

Lösung war, das in der 15-av_scanners der Eintrag ein wenig anders ist, als in all den Dokus die ich gefunden hatte.

statt

Code: Alles auswählen

['ClamAV-clamd',
\&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd.ctl"],
qr/\bOK$/m, qr/\bFOUND$/m,
qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ], 

muss es sein

Code: Alles auswählen

@av_scanners = (
['ClamAV-clamd',
   \&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd.ctl"],
   qr/\bOK$/m, qr/\bFOUND$/m,
   qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ],
);