---- amavisd-new-2.4.5/amavisd.conf-sample.orig 2007-01-30 23:12:24.000000000 +0000
-+++ amavisd-new-2.4.5/amavisd.conf-sample 2007-03-04 00:19:16.457106000 +0000
-@@ -63,7 +63,7 @@
- # $MYHOME serves as a quick default for some other configuration settings.
- # More refined control is available with each individual setting further down.
- # $MYHOME is not used directly by the program. No trailing slash!
--#$MYHOME = '/var/lib/amavis'; # (default is '/var/amavis'), -H
-+$MYHOME = '/var/spool/amavis'; # (default is '/var/amavis'), -H
-
- # $mydomain serves as a quick default for some other configuration settings.
- # More refined control is available with each individual setting further down.
-@@ -74,16 +74,16 @@
-
- # Set the user and group to which the daemon will change if started as root
- # (otherwise just keeps the UID unchanged, and these settings have no effect):
--$daemon_user = 'vscan'; # (no default; customary: vscan or amavis), -u
--$daemon_group = 'vscan'; # (no default; customary: vscan or amavis), -g
-+$daemon_user = 'amavis'; # (no default; customary: vscan or amavis), -u
-+$daemon_group = 'amavis'; # (no default; customary: vscan or amavis), -g
-
- # Runtime working directory (cwd), and a place where
- # temporary directories for unpacking mail are created.
- # (no trailing slash, may be a scratch file system)
--$TEMPBASE = $MYHOME; # (must be set if other config vars use is), -T
-+$TEMPBASE = $MYHOME/runtime; # (must be set if other config vars use is), -T
- #$TEMPBASE = "$MYHOME/tmp"; # prefer to keep home dir /var/amavis clean?
-
--#$db_home = "$MYHOME/db"; # DB databases directory, default "$MYHOME/db", -D
-+$db_home = "$MYHOME/db"; # DB databases directory, default "$MYHOME/db", -D
-
- # $helpers_home sets environment variable HOME, and is passed as option
- # 'home_dir_for_helpers' to Mail::SpamAssassin::new. It should be a directory
-@@ -93,8 +93,8 @@
- # Run the daemon in the specified chroot jail if nonempty:
- #$daemon_chroot_dir = $MYHOME; # (default is undef, meaning: do not chroot), -R
-
--#$pid_file = "$MYHOME/amavisd.pid"; # (default is "$MYHOME/amavisd.pid"), -P
--#$lock_file = "$MYHOME/amavisd.lock"; # (default is "$MYHOME/amavisd.lock"), -L
-+$pid_file = "/var/run/amavisd/amavisd.pid"; # (default is "$MYHOME/amavisd.pid"), -P
-+$lock_file = "/var/run/amavisd/amavisd.lock"; # (default is "$MYHOME/amavisd.lock"), -L
-
- # set environment variables if you want (no defaults):
- $ENV{TMPDIR} = $TEMPBASE; # wise to set TMPDIR, but not obligatory
-@@ -112,6 +112,8 @@
- #$forward_method = 'smtp:[127.0.0.1]:10025'; # where to forward checked mail
- #$notify_method = $forward_method; # where to submit notifications
-
-+#@auth_mech_avail = ('PLAIN','LOGIN'); # empty list disables incoming AUTH
-+
- #$os_fingerprint_method = 'p0f:127.0.0.1:2345'; # query p0f-analyzer.pl
-
- # To make it possible for several hosts to share one content checking daemon,
-@@ -171,7 +173,7 @@
- # and see further down what these two lookup lists really mean.
- #
- # @bypass_virus_checks_maps = (1); # uncomment to DISABLE anti-virus code
--# @bypass_spam_checks_maps = (1); # uncomment to DISABLE anti-spam code
-+@bypass_spam_checks_maps = (1); # uncomment to DISABLE anti-spam code
- #
- # Any setting can be changed with a new assignment, so make sure
- # you do not unintentionally override these settings further down!
-@@ -217,8 +219,8 @@
- # AMAVIS-CLIENT PROTOCOL INPUT SETTINGS (e.g. with amavisd-release, or
- # sendmail milter through helper clients like amavis-milter.c and amavis.c)
- # option(s) -p overrides $inet_socket_port and $unix_socketname
--$unix_socketname = "$MYHOME/amavisd.sock"; # amavis helper protocol socket
--#$unix_socketname = undef; # disable listening on a unix socket
-+#$unix_socketname = "/var/run/amavisd/amavisd.sock"; # amavis helper protocol socket
-+$unix_socketname = undef; # disable listening on a unix socket
- # (default is undef, i.e. disabled)
- # (usual setting is $MYHOME/amavisd.sock)
-
-@@ -301,7 +303,7 @@
- # choose from: emerg, alert, crit, err, warning, notice, info, debug
-
- # Log file (if not using syslog)
--$LOGFILE = "$MYHOME/amavis.log"; # (defaults to empty, no log)
-+#$LOGFILE = "$MYHOME/amavis.log"; # (defaults to empty, no log)
-
- #NOTE: levels are not strictly observed and are somewhat arbitrary
- # 0: startup/exit/failure messages, viruses detected
-@@ -310,7 +312,7 @@
- # 3: server, client
- # 4: decompose parts
- # 5: more debug details
--$log_level = 2; # (defaults to 0), -d
-+#$log_level = 2; # (defaults to 0), -d
-
- # Customizable template for the most interesting log file entry (e.g. with
- # $log_level=0) (take care to properly quote Perl special characters like '\')
-@@ -689,7 +691,8 @@
- # or a directory (no trailing slash)
- # (the default value is undef, meaning no quarantine)
- #
+diff -urp amavis-v2.12.1.orig/amavisd.conf amavis-v2.12.1/amavisd.conf
+--- amavis-v2.12.1.orig/amavisd.conf 2020-11-13 13:55:37.000000000 +0100
++++ amavis-v2.12.1/amavisd.conf 2021-01-24 21:25:54.841592502 +0100
+@@ -10,32 +10,32 @@ use strict;
+ # COMMONLY ADJUSTED SETTINGS:
+
+ # @bypass_virus_checks_maps = (1); # controls running of anti-virus code
+-# @bypass_spam_checks_maps = (1); # controls running of anti-spam code
++@bypass_spam_checks_maps = (1); # controls running of anti-spam code
+ # $bypass_decode_parts = 1; # controls running of decoders&dearchivers
+
+ # $myprogram_name = $0; # set to 'amavisd' or similar to avoid process name
+ # truncation in /proc/<pid>/stat and ps -e output
+
+ $max_servers = 2; # num of pre-forked children (2..30 is common), -m
+-$daemon_user = 'vscan'; # (no default; customary: vscan or amavis), -u
+-$daemon_group = 'vscan'; # (no default; customary: vscan or amavis), -g
++$daemon_user = 'amavis'; # (no default; customary: vscan or amavis), -u
++$daemon_group = 'amavis'; # (no default; customary: vscan or amavis), -g
+
+ $mydomain = 'example.com'; # a convenient default for other settings
+
+-# $MYHOME = '/var/amavis'; # a convenient default for other settings, -H
+-$TEMPBASE = "$MYHOME/tmp"; # working directory, needs to exist, -T
++$MYHOME = '/var/spool/amavis'; # a convenient default for other settings, -H
++$TEMPBASE = "$MYHOME/runtime"; # working directory, needs to exist, -T
+ $ENV{TMPDIR} = $TEMPBASE; # environment variable TMPDIR, used by SA, etc.
-$QUARANTINEDIR = '/var/virusmails'; # -Q
-+#$QUARANTINEDIR = '/var/virusmails'; # -Q
+$QUARANTINEDIR = '/var/spool/amavis/virusmails'; # -Q
+ # $quarantine_subdir_levels = 1; # add level of subdirs to disperse quarantine
+ # $release_format = 'resend'; # 'attach', 'plain', 'resend'
+ # $report_format = 'arf'; # 'attach', 'plain', 'resend', 'arf'
+
+ # $daemon_chroot_dir = $MYHOME; # chroot directory or undef, -R
+
+-# $db_home = "$MYHOME/db"; # dir for bdb nanny/cache/snmp databases, -D
++$db_home = "$MYHOME/db"; # dir for bdb nanny/cache/snmp databases, -D
+ # $helpers_home = "$MYHOME/var"; # working directory for SpamAssassin, -S
+-# $lock_file = "$MYHOME/var/amavisd.lock"; # -L
+-# $pid_file = "$MYHOME/var/amavisd.pid"; # -P
++$lock_file = "/var/run/amavisd/amavisd.lock"; # -L
++$pid_file = "/var/run/amavisd/amavisd.pid"; # -P
+ #NOTE: create directories $MYHOME/tmp, $MYHOME/var, $MYHOME/db manually
+
+ $log_level = 0; # verbosity 0..5, -d
+@@ -55,7 +55,8 @@ $enable_dkim_signing = 1; # load DKIM
+ @mynetworks = qw( 127.0.0.0/8 [::1] [FE80::]/10 [FEC0::]/10
+ 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 );
+
+-$unix_socketname = "$MYHOME/amavisd.sock"; # amavisd-release or amavis-milter
++#$unix_socketname = "/var/run/amavisd/amavisd.sock"; # amavisd-release or amavis-milter
++$unix_socketname = undef; # disable listening on a unix socket
+ # option(s) -p overrides $inet_socket_port and $unix_socketname
- #$quarantine_subdir_levels = 1; # add level of subdirs to disperse quarantine
-
-@@ -1900,15 +1903,15 @@
- # ['Sophos SAVI', \&sophos_savi ],
+ $inet_socket_port = 10024; # listen on this local TCP port(s)
+@@ -382,16 +383,15 @@ $banned_filename_re = new_RE(
+ # qr/^(?:310|420)[,\s]*(?:.* <<< )?(.+?)(?: ; |$)/m ],
+ # settings for the SAVAPI3.conf: ArchiveScan=1, HeurLevel=2, MailboxScan=1
- # ### http://www.clamav.net/
+-# ### http://www.clamav.net/
-# ['ClamAV-clamd',
--# \&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd"],
--# qr/\bOK$/, qr/\bFOUND$/,
--# qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
--# # NOTE: run clamd under the same user as amavisd, or run it under its own
+-# \&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd.sock"],
+-# qr/\bOK$/m, qr/\bFOUND$/m,
+-# qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ],
+-# # NOTE: run clamd under the same user as amavisd - or run it under its own
-# # uid such as clamav, add user clamav to the amavis group, and then add
-# # AllowSupplementaryGroups to clamd.conf;
-# # NOTE: match socket name (LocalSocket) in clamav.conf to the socket name in
--# # this entry; when running chrooted one may prefer socket "$MYHOME/clamd".
+-# # this entry; when running chrooted one may prefer a socket under $MYHOME.
+['ClamAV-clamd',
+ \&ask_daemon, ["CONTSCAN {}\n", "/var/lib/clamav/clamd.socket"],
+ qr/\bOK$/, qr/\bFOUND$/,
+ qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
-+# NOTE: run clamd under the same user as amavisd, or run it under its own
++# NOTE: run clamd under the same user as amavisd - or run it under its own
+# uid such as clamav, add user clamav to the amavis group, and then add
+# AllowSupplementaryGroups to clamd.conf;
+# NOTE: match socket name (LocalSocket) in clamav.conf to the socket name in
-+# this entry; when running chrooted one may prefer socket "$MYHOME/clamd".
++# this entry; when running chrooted one may prefer a socket under $MYHOME.
# ### http://www.clamav.net/ and CPAN (memory-hungry! clamd is preferred)
- # ['Mail::ClamAV', \&ask_clamav, "*", [0], [1], qr/^INFECTED: (.+)/],
-@@ -2070,10 +2073,11 @@
+ # # note that Mail::ClamAV requires perl to be build with threading!
+@@ -580,16 +580,21 @@ $banned_filename_re = new_RE(
# NOTE: requires suid wrapper around inocmd32; consider flag: -mod reviewer
# see http://marc.theaimsgroup.com/?l=amavis-user&m=109229779912783
- ### http://mks.com.pl/english.html
- ['MkS_Vir for Linux (beta)', ['mks32','mks'],
- '-s {}/*', [0], [1,2],
-- qr/--[ \t]*(.+)/ ],
+- qr/--[ \t]*(.+)/m ],
+# Moved to secondary scanner
+# ### http://mks.com.pl/english.html
+# ['MkS_Vir for Linux (beta)', ['mks32','mks'],
+# '-s {}/*', [0], [1,2],
-+# qr/--[ \t]*(.+)/ ],
++# qr/--[ \t]*(.+)/m ],
### http://mks.com.pl/english.html
['MkS_Vir daemon', 'mksscan',
-@@ -2298,6 +2302,10 @@
- # ],
- # # other options to consider: -mime -oe -idedir=/usr/local/sav
+ '-s -q {}', [0], [1..7],
+ qr/^... (\S+)/m ],
+ ['MkS_Vir for Linux (beta)', ['mks32','mks'],
+ '-s {}/*', [0], [1,2],
-+ qr/--[ \t]*(.+)/ ],
++ qr/--[ \t]*(.+)/m ],
+
- # always succeeds (uncomment to consider mail clean if all other scanners fail)
- # ['always-clean', sub {0}],
-
+ # ### http://www.nod32.com/, version v2.52 (old)
+ # ['ESET NOD32 for Linux Mail servers',
+ # ['/opt/eset/nod32/bin/nod32cli', 'nod32cli'],