Since I had many problems to create this, I would like to share my 6 hours of agony-ectsasy in order to make amavis use clamd as antivirus.

Assuming you have installed clamd and amavis:
Open /etc/clamd.conf

Comment Out the lines

#TCPAddr 127.0.0.1
#TCPSocket 3310

Enable LocalSocket /var/run/clamav/clamd.sock

My configuration is

LogFile /var/log/clamav/clamd.log
LogFileMaxSize 0
LogTime
PidFile /var/run/clamav/clamd.pid
TemporaryDirectory /var/tmp
DatabaseDirectory /var/clamav
LocalSocket /var/run/clamav/clamd.sock
FixStaleSocket
MaxConnectionQueueLength 30
ReadTimeout 180
SelfCheck 3600
User amavis
AllowSupplementaryGroups
ScanPE
DetectBrokenExecutables
ScanOLE2
ScanMail
ScanHTML
ScanArchive
ArchiveMaxFileSize 10M
ArchiveMaxRecursion 5
ArchiveMaxFiles 1000
ArchiveMaxCompressionRatio 300
ArchiveBlockEncrypted
ArchiveBlockMax

Note:You have to change anyway the User from clamav to amavis

Open /etc/freshclam.conf

My configuration is

UpdateLogFile /var/log/clamav/freshclam.log
DatabaseDirectory /var/clamav
PidFile /var/run/clamav/freshclam.pid
DatabaseOwner amavis
DNSDatabaseInfo current.cvd.clamav.net
DatabaseMirror db.gr.clamav.net
MaxAttempts 5
NotifyClamd
DatabaseMirror db.local.clamav.net

Note:You have to change anyway the DatabaseOwner from clamav to amavis

Go to Users and Groups

Find Clamav user and add him to amavis Group. amavis sould be the primary group for clamav.
You can do that with command line as well

Open /etc/amavis.conf

Go to ClaMav section
replace /var/run/clamav/clamd with /var/run/clamav/clamd.sock
OR whatever value is on LocalSocket in clamd.conf

Now pay attention to this:
In our case we have 2 directories used for clamav one is
/var/clamav for the database and /var/log/clamav for logs
then you must do a
chown -R amavis:amavis /var/clamav
chown -R amavis:amavis /var/log/clamav
Amavis needs to be the owner in order to work properly

And the last thing
Open /etc/logrotate.d/clamav
you see something like


/var/log/clamav/clamav.log {
create 644 clamav clamav
}

change the first clamav to amavis

Open /etc/logrotate.d/freshclam.log
you see something like

/var/log/clamav/freshclam.log {
create 644 clamav clamav
}

change the first clamav to amavis

Now do a
/sbin/service clamd restart
/sbin/service amavisd restart

Test the setup
My Mail Server is postfix
Everything should be working

The only thing I am not sure of is whether clamd does antivirus update or not
because freshclam can't write to log file because of the permissions.

Any input is very welcomed!


Cheers

Thanks for that. Some additions/corrections:

> Assuming you have installed clamd and amavis:

That is to say:

# yum install amavisd-new
# yum install clamd
# yum install clamav

(add the DAG repository, otherwise it won't work ;-)

Here's my /etc/clamd.conf (for about 18 users with a mail-account here)

Some differences, mainly based on earlier clamav experiences;
LogFile /var/log/clamav/clamd.log
LogFileMaxSize 1M
LogTime
LogClean
PidFile /var/run/clamav/clamd.pid
TemporaryDirectory /var/tmp
DatabaseDirectory /var/clamav
LocalSocket /var/run/clamav/clamd.sock
FixStaleSocket
TCPAddr 192.168.1.77
MaxConnectionQueueLength 30
ReadTimeout 200
IdleTimeout 20
SelfCheck 6400
User amavis
AllowSupplementaryGroups
ScanPE
#DetectBrokenExecutables
ScanOLE2
ScanMail
ScanHTML
ScanArchive
ArchiveMaxFileSize 10M
ArchiveMaxRecursion 6
ArchiveMaxFiles 800
ArchiveMaxCompressionRatio 300
ArchiveLimitMemoryUsage
ArchiveBlockEncrypted
ArchiveBlockMax
StreamMaxLength 60M
# Use system logger (can work together with LogFile).
# Default: disabled
LogSyslog
# Specify the type of syslog messages - please refer to 'man syslog'
# for facility names.
# Default: LOG_LOCAL6
#LogFacility LOG_MAIL

MaxThreads 12

and this is my /etc/freshclam.conf
DatabaseDirectory /var/clamav
PidFile /var/run/clamav/freshclam.pid
#DatabaseOwner clamav
DatabaseOwner amavis
DNSDatabaseInfo current.cvd.clamav.net
DatabaseMirror db.nl.clamav.net
DatabaseMirror db.local.clamav.net
DatabaseMirror db.gr.clamav.net
Checks 6
MaxAttempts 5
NotifyClamd
NotifyClamd /etc/clamd.conf

You need to
chown -R amavis:clamav /var/run/clamav
as well.

I'm also using postfix as MTA.

There's a good clamav FAQ/wiki here:
http://wiki.clamav.net/index.php/FrequentlyAskedQuestions

I hope it could be helpfull for somebody..
I insert info to explain how to add the DAG repository on yum:



First
open /etc/yum.conf

# joe open /etc/yum.conf

insert these rows

[dag] name=Dag RPM Repository for Fedora Core baseurl=http://apt.sw.be/fedora/$releasever/en/$basearch/dag [dag] name=Dag RPM

Repository for Red Hat Enterprise Linux baseurl=http://apt.sw.be/redhat/el$releasever/en/$basearch/dag [dag] name=Dag RPM

Repository for older Red Hat Linux baseurl=http://apt.sw.be/redhat/$releasever/en/$basearch/dag

then


> Assuming you have installed clamd and amavis:

That is to say:

# yum install amavisd-new
# yum install clamd
# yum install clamav

Here's my /etc/clamd.conf (for about 12 users with a mail-account here)

Some differences, mainly based on earlier clamav experiences;
LogFile /var/log/clamav/clamd.log
LogFileMaxSize 4M
LogTime
LogClean
PidFile /var/run/clamav/clamd.pid
TemporaryDirectory /var/tmp
DatabaseDirectory /var/clamav
LocalSocket /var/run/clamav/clamd.sock
FixStaleSocket
MaxConnectionQueueLength 40
ReadTimeout 200
IdleTimeout 20
SelfCheck 6400
User amavis
AllowSupplementaryGroups
StreamMaxLength 80M
ScanPE
DetectBrokenExecutables
ScanOLE2
ScanMail
ScanHTML
ScanArchive
ArchiveMaxFileSize 12M
ArchiveMaxRecursion 6
ArchiveMaxFiles 800
ArchiveMaxCompressionRatio 300
ArchiveLimitMemoryUsage
ArchiveBlockEncrypted
ArchiveBlockMax

# TCP port address.
# Default: disabled
# TCPSocket 3310

# TCP address.
# By default we bind to INADDR_ANY, probably not wise.
# Enable the following to provide some degree of protection
# from the outside world.
# Default: disabled
# TCPAddr 127.0.0.1

and this is my /etc/freshclam.conf
# UpdateLogFile /var/log/clamav/freshclam.log
# LogSyslog
DatabaseDirectory /var/clamav
PidFile /var/run/clamav/freshclam.pid
DatabaseOwner amavis
DNSDatabaseInfo current.cvd.clamav.net
DatabaseMirror db.nl.clamav.net
DatabaseMirror db.local.clamav.net
DatabaseMirror db.gr.clamav.net
NotifyClamd
Checks 6
as you can see I just disabled logging of updates entirely,
and checks are a little less paranoid.

You need to
chown -R amavis:clamav /var/run/clamav
as well.

I'm also using postfix as MTA.

There's a good clamav FAQ/wiki here:
http://wiki.clamav.net/index.php/FrequentlyAskedQuestions[/QUOTE]

How can we introduce spamassassin to all this?

Good Question dmode
As far as I know Amavis takes care for this.
i use to have spamassassin deamon running but no more.
Amavis writes the hits anyway plus I have some anti UCE controls for postfix.
But to be onest I never understood really how amavis works with spamassassin.

Hi

I cannot get past this section: Open /etc/amavis.conf

There is no open command ....and when i try gedit it opens as a blank page

I did a search and the only amavis.config file i have is is located at /etc/log.d/conf/services and it doesnt have anything remotely like what you have.

what is happening?

amavis.conf is located at /etc.
If you don't have it maybe you have to reinstall.
Be sure to open the file as root hance /etc directory can be written only by root
I use vi to edit files.
Something like vi /etc/amavis.conf

I cannot get past this section: Open /etc/amavis.conf

There is no open command ....and when i try gedit it opens as a blank page
For linux-beginners I can recommend Midnight Commander's internal editor, i.e. mc:

# yum install mc
(?) it is included with fedora, and I think it installs with default install of FC3.

After installing, just type
mc

Then search for the file you want to edit/change and
simply press the F4 key when you're on it.

The internal editor of mc has a nice menu on F9, you'll like it.
F2 stores the changes.

How can we introduce spamassassin to all this?When you use Postfix as your MTA (recommended over the use of sendmail)
you might want to consider doing a simple thing such as this:

from the bottom of my /etc/postfix/main.cf :
# smtp_skip_4xx_greeting = yes
smtp_destination_recipient_limit = 27
smtp_connect_timeout = 45s
smtp_destination_concurrency_limit = 8
smtpd_recipient_limit = 100
empty_address_recipient = admin
maximal_backoff_time= 2000s
body_checks_size_limit = 102400
header_size_limit = 102400
mailbox_size_limit = 351200000
message_size_limit = 80240000

strict_rfc821_envelope = yes
content_filter = smtp-amavis:[localhost]:10024

smtpd_recipient_restrictions = permit_mynetworks,
reject_invalid_hostname,
reject_non_fqdn_recipient,
reject_unknown_recipient_domain,
reject_unauth_destination,
reject_unauth_pipelining,
reject_non_fqdn_sender,
reject_unknown_sender_domain,
reject_rhsbl_client blackhole.securitysage.com,
reject_rhsbl_sender blackhole.securitysage.com,
reject_rbl_client hosts.rbl.zonnet.net,
reject_rbl_client dul.dnsbl.sorbs.net,
reject_rbl_client sbl-xbl.spamhaus.org,
reject_rbl_client bl.spamcop.net,
permit

# permit_sasl_authenticated,
# reject_rbl_client pl.countries.nerd.dk,

smtpd_data_restrictions = reject_multi_recipient_bounce, reject_unauth_pipelining, permit
smtpd_sender_restrictions = reject_non_fqdn_sender, reject_unknown_sender_domain, permit

# smtpd_sasl_auth_enable = yes
# smtpd_sasl_local_domain = $myhostname
# smtpd_sasl_security_options = noanonymousYou can add/change block-lists to that reject_rbl_client list. In many cases this makes the use of spamassassin close to overkill. Especially considering the effort and time you'll have to put into using and maintaining the cpu-monster that is spamassassin.

If you use postfix like this, make sure your dns-resolver is a really fast one, preferably some ISP's DNS, and your firewall (if you use one) is not set too triggerhappy for DoS-attacks, 'cause it could consider this type of DNS traffic unusual when you recieve a lot of mail ;-)

Hello again

sorry i had to give up puttering with this for a bit.....

I found out why i couldnt fine /etc/amavis.conf It was actually /etc/amavisd.conf amavis with a "d"

so i made my way down to the restart portion and got this result

[john@localhost ~]$ su
Password:
[root@localhost john]# /sbin/service clamd restart
Stopping Clam AntiVirus Daemon: [FAILED]
Starting Clam AntiVirus Daemon: [ OK ]
[root@localhost john]# /sbin/service amavisd restart
Shutting down Mail Virus Scanner (amavisd): [ OK ]
Starting Mail Virus Scanner (amavisd): [ OK ]
[root@localhost john]#

I also get an argument on start up as well ....it states the following:
Clamav Milter Daemon: clamav-milter: socket-addr (local: /var/clamav/clmilter.socket) does not agree with sendmail.cf

I am going to asume for now that i didnt need clam-milter. (it wasnt listed in the above requirements)I assume amavis is handling this send check unless anyone thinks this is a false asumption

the next question is How do i know if i got every thing installed corectly? I see no indication of icon or interface of anysort? Does this clam and amavis just work silently in the background?

the next question is How do i know if i got every thing installed corectly? I see no indication of icon or interface of anysort? Does this clam and amavis just work silently in the background?Just check out all the log-files under /var/log
They are a world of information. ;-)

I think i may have misunderstood how to " Enable LocalSocket /var/run/clamav/clamd.sock "

I am getting an error in my clamav and fresh clam log that states
ERROR: Socket file /var/run/clamav/clamd.sock could not be bound: Permission Denied

When i am going to /var/run/clamav i do not see a clamd.sock file ....as a matter of fact the folder is empty.

Did i miss something? What do i need to do to fix this?

:D I figured it out...... after a bit of carefull reading i spoted this in one of your previous posts jult ...

chown -R amavis:clamav /var/run/clamav

All the checks on the eicar site work fine and freshclam is works as well as the logs etc

In addition to you instructions i added /var/log/clamav/freshclam.log and /var/log/clamav/clamd.log to the Applications > System Tools > System Log program for easy access

THANKS jult and be 1993 For all your help and a great set of instructions

Have any of you tried to use AVSCAN? This is a gui from wolfpack.

Clamav can only do one file scan at a time. AVScan allows you to program several different ones insuccession. I thought it might be interesting to try. However, doing the make it couldnt find the clamd config etc (long list). I am wondering if i have to move the file somewhere like urs. My experience with programs is somewhat limited and there are no real instructions with the avscan.

Question:

I have Postfix and Spamassassin already working.

Now I want to add ClamAV and Amavis.

What I'm missing in the instructions above (Thank you very much for it anyway!) is how it connects to Postfix.

My current entry in master.cf for Spamassassin:

smtp inet n - n - - smtpd -o content_filter=spamassassin

[...]

spamassassin unix - n n - - pipe
user=spam argv=/usr/bin/spamc -x -f -e /usr/sbin/sendmail -oi -f ${sender} ${recipient}


I read a little bit through the manuals and I think now I have to do the following - add this to the end of /etc/postfix/master.cf:

smtp-amavis unix - - n - 2 smtp
-o smtp_data_done_timeout=1200
-o disable_dns_lookups=yes
127.0.0.1:10025 inet n - n - - smtpd
-o content_filter=
-o receive_override_options=no_unknown_recipient_chec ks,no_header_body_checks
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,rej ect
-o mynetworks=127.0.0.0/8
-o smtpd_authorized_xforward_hosts=127.0.0.0/8
-o strict_rfc821_envelopes=yes

Then add this line to /etc/postfix/main.cf:

content_filter = smtp-amavis:[127.0.0.1]:10024

I'm a little bit confused because you don't mention these steps.

And does this affect the work of SpamAssassin in any way or is it better to connect SpamAssassin with Amavis and not with Postfix - I'm really confused :confused:

Can someone explain this to me?

hi guys!

ive been looking for this set of walkthrough for a long time.. I was just in time i got this thread...thanks for all the inputs you have posted here..

specially thanks for be1993, the howto is very straight forward..and to jult too..

thanks guys!!

Ryanclaw :)

I have Postfix and Spamassassin already working.

Now I want to add ClamAV and Amavis.

What I'm missing in the instructions above (Thank you very much for it anyway!) is how it connects to Postfix.

My current entry in master.cf for Spamassassin:
[..]

I read a little bit through the manuals and I think now I have to do the following - add this to the end of /etc/postfix/master.cf:
[..]

I'm a little bit confused because you don't mention these steps.

I didn't mention it because

1) I don't use Spamassassin (anymore). I thought it was too much admin-time and too little result, compared to just using a few really good block-lists and config options in postfix, and using amavisd.

2) These steps change over time, depending on amavisd and clamav development, and this step is mentioned in their install manuals, basically.

But since you ask, this is what my complete
/etc/postfix/master.cf
looks like:

# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ================================================== ========================
smtp inet n - n - - smtpd
#smtps inet n - n - - smtpd
# -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes
#submission inet n - n - - smtpd
# -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes -o smtpd_etrn_restrictions=reject
#628 inet n - n - - qmqpd
pickup fifo n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 qmgr
#qmgr fifo n - n 300 1 oqmgr
#tlsmgr fifo - - n 300 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
smtp unix - - n - - smtp
relay unix - - n - - smtp
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - n - - showq
error unix - - n - - error
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil

maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
old-cyrus unix - n n - - pipe
flags=R user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -m ${extension} ${user}
cyrus unix - n n - - pipe
user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m ${extension} ${user}
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient

smtp-amavis unix - - n - 3 smtp
-o smtp_data_done_timeout=1000
-o smtp_send_xforward_command=yes
-o disable_dns_lookups=yes
-o smtp_bind_address=127.0.0.1
-o max_use=20

127.0.0.1:10025 inet n - n - - smtpd
-o content_filter=
-o smtpd_restriction_classes=
-o smtpd_delay_reject=no
-o smtpd_client_restrictions=permit_mynetworks,reject
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,rej ect
-o smtpd_data_restrictions=reject_unauth_pipelining
-o smtpd_end_of_data_restrictions=
-o mynetworks=127.0.0.0/8
-o mynetworks_style=host
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
-o smtpd_client_connection_count_limit=0
-o smtpd_client_connection_rate_limit=0
-o smtpd_milters=
-o local_header_rewrite_clients=
-o local_recipient_maps=
-o relay_recipient_maps=
-o receive_override_options=no_header_body_checks,no_ unknown_recipient_checks


pre-cleanup unix n - n - 0 cleanup
# -o virtual_alias_maps=
-o canonical_maps=
-o sender_canonical_maps=
-o recipient_canonical_maps=
-o masquerade_domains=

cleanup unix n - n - 0 cleanup
-o mime_header_checks=
-o nested_header_checks=
-o body_checks=
-o header_checks=

smtp inet n - n - - smtpd
-o cleanup_service_name=pre-cleanup
pickup fifo n - n 60 1 pickup
-o cleanup_service_name=pre-cleanup


You can start from there, and maybe add virtual aliases and spamassassin if you want,
but I agree, the order can be confusing, since you can do it many different ways...

Another thing.
I noticed that some clamav or freshclam or amavisd directories got new permissions again (after using yum update on them). Quite annoying that is. :-/

So I change permissions in the freshclam cronjob /etc/cron.daily/freshclam

#!/bin/sh

### Changing permissions 'back' after updates:

chown -R amavis:clamav /var/run/clamav
chown -R amavis:clamav /var/clamav

### fix log file if needed
LOG_FILE="/var/log/clamav/freshclam.log"
if [ ! -f "$LOG_FILE" ]; then
touch "$LOG_FILE"
chmod 664 "$LOG_FILE"
chown amavis.clamav "$LOG_FILE"
fi

/usr/bin/freshclam \
--quiet \
--datadir="/var/clamav" \
--log="$LOG_FILE" \
--log-verbose \
--daemon-notify="/etc/clamd.conf"

Hi,

I have been fighting this since 4/25. Glad to see "finally" a post in here.

I found a step br step and used it but had a problem.
http://www.linux.com/article.pl?sid=06/02/28/1515201

I do not have "clamd" installed as amavisd-new should cover virus scanning in postfix, or so I think.

steps did not say to install clamd, just to move the clamd.conf to /etc/clamd.conf

error is: ERROR: ClamAV-clamd: Can't connect to UNIX socket /var/spool/amavisd/clamd.sock: No such file or directory,

RPMs installed:
amavisd-new-2.3.3-5.fc5.noarch.rpm
clamav-0.88.1-1.fc5.i386.rpm
clamav-data-0.88.1-1.fc5.i386.rpm
clamav-lib-0.88.1-1.fc5.i386.rpm
clamav-server-0.88.1-1.fc5.i386.rpm
clamav-update-0.88.1-1.fc5.i386.rpm


When I did try an install of clamd as mentioned here, I got:
Error: Missing Dependency: clamav = 0.88-1.fc5.rf is needed by package clamd
NOTE the ".fc5.rf"

If I should be able to scan for viruses without the actual clamd package then I need to trace my socket error.

My question for right now is:
Do I need clamd installed or can I use the amavisd-new to accomplish the mail scanner. Everything seems to work except for the socket error. From what I have read clamd is only a deamon and amavis should do what I need.

Thanks,

mesu

last but not least, a relevant part of /etc/amavisd.conf
I recently started banning mails with .GIF as an attachment extension. Yes, that's very harsh and temporary, because there are so many spamruns using gifs attached now. You might want to reconsider that, depending on how you use your mail-server.
(all my users agree with blocking .gif).

### BLOCKED ANYWHERE
# qr'^UNDECIPHERABLE$', # is or contains any undecipherable components
qr'^\.(exe-ms|dll)$', # banned file(1) types, rudimentary

## BLOCK THE FOLLOWING, EXCEPT WITHIN UNIX ARHIVES:
[ qr'^\.(rpm|cpio|tar)$' => 0 ], # allow any in Unix-type archives
qr'.\.(pif|scr)$'i, # banned extensions - rudimentary
## BLOCK THE FOLLOWING, EXCEPT WITHIN ARHIVES:
# [ qr'^\.(zip|rar|arc|arj|zoo)$'=> 0 ], # allow any within these archives

qr'^application/x-msdownload$'i, # block these MIME types
qr'^application/x-msdos-program$'i,
qr'^application/hta$'i,
qr'^(application/x-msmetafile|image/x-wmf)$'i, # Windows Metafile MIME type
qr'^\.wmf$', # Windows Metafile file(1) type

# block certain double extensions in filenames
qr'\.[^./]*[A-Za-z][^./]*\.(exe|vbs|pif|scr|bat|cmd|com|cpl|dll)\.?$'i,

# basic blocking extensions stuff, I temporarily added .gif
qr'.\.(ade|adp|app|bas|bat|cmd|com|cpl|crt|exe|fxp |gif|grp|hta|inf|ins|isp|js|jse|lnk|mda|mdb|mde|md w|mdt|mdz|msc|msi|msp|mst|ops|pcd|pif|prg|reg|scr| sct|shb|shs|vb|vbe|vbs|wmf|wsc|wsf|wsh)$'ix,

# banned extension - WinZip vulnerab.
qr'.\.(mim|b64|bhx|hqx|xxe|uu|uue)$'i,

);

# ENVELOPE SENDER SOFT-WHITELISTING / SOFT-BLACKLISTING

@score_sender_maps = ({ # a by-recipient hash lookup table,
## site-wide opinions about senders (the '.' matches any recipient)
'.' => [ # the _first_ matching sender determines the score boost
new_RE( # regexp-type lookup table, just happens to be all soft-blacklist
[qr'^(bulkmail|offers|cheapbenefits|earnmoney|foryo u)@'i => 5.0],
[qr'^(greatcasino|investments|lose_weight_today|mar ket\.alert)@'i=> 5.0],
[qr'^(money2you|MyGreenCard|new\.tld\.registry|opt-out|opt-in)@'i=> 5.0],
[qr'^(optin|saveonlsmoking2002k|specialoffer|specia loffers)@'i => 5.0],
[qr'^(stockalert|stopsnoring|wantsome|workathome|ye sitsfree)@'i => 5.0],
[qr'^(your_friend|greatoffers)@'i => 5.0],
[qr'^(inkjetplanet|marketopt|MakeMoney)\d*@'i => 5.0],
),
# read_hash("/var/amavis/sender_scores_sitewide"),
{ # a hash-type lookup table (associative array)
'nobody@cert.org' => -3.0,
'cert-advisory@us-cert.gov' => -3.0,
'owner-alert@iss.net' => -3.0,
'slashdot@slashdot.org' => -3.0,
'securityfocus.com' => -3.0,
'ntbugtraq@listserv.ntbugtraq.com' => -3.0,
'security-alerts@linuxsecurity.com' => -3.0,
'mailman-announce-admin@python.org' => -3.0,
'amavis-user-admin@lists.sourceforge.net'=> -3.0,
'amavis-user-bounces@lists.sourceforge.net' => -3.0,
'spamassassin.apache.org' => -3.0,
'notification-return@lists.sophos.com' => -3.0,
'owner-postfix-users@postfix.org' => -3.0,
'owner-postfix-announce@postfix.org' => -3.0,
'owner-sendmail-announce@lists.sendmail.org' => -3.0,
'sendmail-announce-request@lists.sendmail.org' => -3.0,
'donotreply@sendmail.org' => -3.0,
'ca+envelope@sendmail.org' => -3.0,
'noreply@freshmeat.net' => -3.0,
'owner-technews@postel.acm.org' => -3.0,
'ietf-123-owner@loki.ietf.org' => -3.0,
'cvs-commits-list-admin@gnome.org' => -3.0,
'rt-users-admin@lists.fsck.com' => -3.0,
'clp-request@comp.nus.edu.sg' => -3.0,
'surveys-errors@lists.nua.ie' => -3.0,
'emailnews@genomeweb.com' => -5.0,
'yahoo-dev-null@yahoo-inc.com' => -3.0,
'returns.groups.yahoo.com' => -3.0,
'clusternews@linuxnetworx.com' => -3.0,
lc('lvs-users-admin@LinuxVirtualServer.org') => -3.0,
lc('owner-textbreakingnews@CNNIMAIL12.CNN.COM') => -5.0,

# soft-blacklisting (positive score)
'sender@example.net' => 3.0,
'.example.net' => 1.0,
},
], # end of site-wide tables
});

@av_scanners = (

### http://www.clamav.net/
['ClamAV-clamd',
\&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd.sock"],
qr/\bOK$/, qr/\bFOUND$/,
qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
# NOTE: run clamd under the same user as amavisd; match the socket
# name (LocalSocket) in clamav.conf to the socket name in this entry
# When running chrooted one may prefer: ["CONTSCAN {}\n","$MYHOME/clamd"],

# ### http://www.clamav.net/ and CPAN (memory-hungry! clamd is preferred)
# ['Mail::ClamAV', \&ask_clamav, "*", [0], [1], qr/^INFECTED: (.+)/],