1 diff -urp amavis-v2.12.1.orig/amavisd.conf amavis-v2.12.1/amavisd.conf
2 --- amavis-v2.12.1.orig/amavisd.conf 2020-11-13 13:55:37.000000000 +0100
3 +++ amavis-v2.12.1/amavisd.conf 2021-01-24 21:25:54.841592502 +0100
4 @@ -10,32 +10,32 @@ use strict;
5 # COMMONLY ADJUSTED SETTINGS:
7 # @bypass_virus_checks_maps = (1); # controls running of anti-virus code
8 -# @bypass_spam_checks_maps = (1); # controls running of anti-spam code
9 +@bypass_spam_checks_maps = (1); # controls running of anti-spam code
10 # $bypass_decode_parts = 1; # controls running of decoders&dearchivers
12 # $myprogram_name = $0; # set to 'amavisd' or similar to avoid process name
13 # truncation in /proc/<pid>/stat and ps -e output
15 $max_servers = 2; # num of pre-forked children (2..30 is common), -m
16 -$daemon_user = 'vscan'; # (no default; customary: vscan or amavis), -u
17 -$daemon_group = 'vscan'; # (no default; customary: vscan or amavis), -g
18 +$daemon_user = 'amavis'; # (no default; customary: vscan or amavis), -u
19 +$daemon_group = 'amavis'; # (no default; customary: vscan or amavis), -g
21 $mydomain = 'example.com'; # a convenient default for other settings
23 -# $MYHOME = '/var/amavis'; # a convenient default for other settings, -H
24 -$TEMPBASE = "$MYHOME/tmp"; # working directory, needs to exist, -T
25 +$MYHOME = '/var/spool/amavis'; # a convenient default for other settings, -H
26 +$TEMPBASE = "$MYHOME/runtime"; # working directory, needs to exist, -T
27 $ENV{TMPDIR} = $TEMPBASE; # environment variable TMPDIR, used by SA, etc.
28 -$QUARANTINEDIR = '/var/virusmails'; # -Q
29 +$QUARANTINEDIR = '/var/spool/amavis/virusmails'; # -Q
30 # $quarantine_subdir_levels = 1; # add level of subdirs to disperse quarantine
31 # $release_format = 'resend'; # 'attach', 'plain', 'resend'
32 # $report_format = 'arf'; # 'attach', 'plain', 'resend', 'arf'
34 # $daemon_chroot_dir = $MYHOME; # chroot directory or undef, -R
36 -# $db_home = "$MYHOME/db"; # dir for bdb nanny/cache/snmp databases, -D
37 +$db_home = "$MYHOME/db"; # dir for bdb nanny/cache/snmp databases, -D
38 # $helpers_home = "$MYHOME/var"; # working directory for SpamAssassin, -S
39 -# $lock_file = "$MYHOME/var/amavisd.lock"; # -L
40 -# $pid_file = "$MYHOME/var/amavisd.pid"; # -P
41 +$lock_file = "/var/run/amavisd/amavisd.lock"; # -L
42 +$pid_file = "/var/run/amavisd/amavisd.pid"; # -P
43 #NOTE: create directories $MYHOME/tmp, $MYHOME/var, $MYHOME/db manually
45 $log_level = 0; # verbosity 0..5, -d
46 @@ -55,7 +55,8 @@ $enable_dkim_signing = 1; # load DKIM
47 @mynetworks = qw( 127.0.0.0/8 [::1] [FE80::]/10 [FEC0::]/10
48 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 );
50 -$unix_socketname = "$MYHOME/amavisd.sock"; # amavisd-release or amavis-milter
51 +#$unix_socketname = "/var/run/amavisd/amavisd.sock"; # amavisd-release or amavis-milter
52 +$unix_socketname = undef; # disable listening on a unix socket
53 # option(s) -p overrides $inet_socket_port and $unix_socketname
55 $inet_socket_port = 10024; # listen on this local TCP port(s)
56 @@ -382,16 +383,15 @@ $banned_filename_re = new_RE(
57 # qr/^(?:310|420)[,\s]*(?:.* <<< )?(.+?)(?: ; |$)/m ],
58 # settings for the SAVAPI3.conf: ArchiveScan=1, HeurLevel=2, MailboxScan=1
60 -# ### http://www.clamav.net/
62 -# \&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd.sock"],
63 -# qr/\bOK$/m, qr/\bFOUND$/m,
64 -# qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ],
65 -# # NOTE: run clamd under the same user as amavisd - or run it under its own
66 -# # uid such as clamav, add user clamav to the amavis group, and then add
67 -# # AllowSupplementaryGroups to clamd.conf;
68 -# # NOTE: match socket name (LocalSocket) in clamav.conf to the socket name in
69 -# # this entry; when running chrooted one may prefer a socket under $MYHOME.
71 + \&ask_daemon, ["CONTSCAN {}\n", "/var/lib/clamav/clamd.socket"],
72 + qr/\bOK$/, qr/\bFOUND$/,
73 + qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
74 +# NOTE: run clamd under the same user as amavisd - or run it under its own
75 +# uid such as clamav, add user clamav to the amavis group, and then add
76 +# AllowSupplementaryGroups to clamd.conf;
77 +# NOTE: match socket name (LocalSocket) in clamav.conf to the socket name in
78 +# this entry; when running chrooted one may prefer a socket under $MYHOME.
80 # ### http://www.clamav.net/ and CPAN (memory-hungry! clamd is preferred)
81 # # note that Mail::ClamAV requires perl to be build with threading!
82 @@ -580,16 +580,21 @@ $banned_filename_re = new_RE(
83 # NOTE: requires suid wrapper around inocmd32; consider flag: -mod reviewer
84 # see http://marc.theaimsgroup.com/?l=amavis-user&m=109229779912783
86 - ### http://mks.com.pl/english.html
87 - ['MkS_Vir for Linux (beta)', ['mks32','mks'],
88 - '-s {}/*', [0], [1,2],
89 - qr/--[ \t]*(.+)/m ],
90 +# Moved to secondary scanner
91 +# ### http://mks.com.pl/english.html
92 +# ['MkS_Vir for Linux (beta)', ['mks32','mks'],
93 +# '-s {}/*', [0], [1,2],
94 +# qr/--[ \t]*(.+)/m ],
96 ### http://mks.com.pl/english.html
97 ['MkS_Vir daemon', 'mksscan',
98 '-s -q {}', [0], [1..7],
101 + ['MkS_Vir for Linux (beta)', ['mks32','mks'],
102 + '-s {}/*', [0], [1,2],
103 + qr/--[ \t]*(.+)/m ],
105 # ### http://www.nod32.com/, version v2.52 (old)
106 # ['ESET NOD32 for Linux Mail servers',
107 # ['/opt/eset/nod32/bin/nod32cli', 'nod32cli'],