amavis (anti-virus, anti-spam)

配置反毒,反拉圾邮件过程

  1. main.cf

    debian:/etc/postfix# postconf -e 'content_filter = smtp-amavis:[127.0.0.1]:10024'
    			
  2. master.cf

    debian:/etc/postfix# vi master.cf
    smtp-amavis unix -   -   n    -    2  smtp
        -o smtp_data_done_timeout=1200s
        -o smtp_never_send_ehlo=yes
        -o disable_dns_lookups=yes
    
    127.0.0.1:10025 inet n  -  n    -   -  smtpd
        -o content_filter=
        -o local_recipient_maps=
        -o smtpd_helo_restrictions=
        -o smtpd_client_restrictions=
        -o smtpd_sender_restrictions=
        -o smtpd_recipient_restrictions=permit_mynetworks,reject
        -o mynetworks=127.0.0.0/8
    		

    Chroot 监狱模式 建议使用,这样安全性更高.

    smtp-amavis unix -   -   y    -    2  smtp
        -o smtp_data_done_timeout=1200s
        -o smtp_never_send_ehlo=yes
        -o disable_dns_lookups=yes
    
    127.0.0.1:10025 inet n  -  y    -   -  smtpd
        -o content_filter=
        -o local_recipient_maps=
        -o smtpd_helo_restrictions=
        -o smtpd_client_restrictions=
        -o smtpd_sender_restrictions=
        -o smtpd_recipient_restrictions=permit_mynetworks,reject
        -o mynetworks=127.0.0.0/8
    		
  3. amavisd.conf

    debian:~# cd /etc/amavis/
    debian:/etc/amavis#
    debian:/etc/amavis# vi /etc/amavis/amavisd.conf
    $mydomain = 'example.net';      # (no useful default)
    $myhostname = 'mail.example.net';  # fqdn of this host, default by uname(3)
    $log_level = 2;         # (defaults to 0)
    
    $final_virus_destiny      = D_DISCARD; # (defaults to D_BOUNCE)
    $final_banned_destiny     = D_BOUNCE;  # (defaults to D_BOUNCE)
    $final_spam_destiny       = D_PASS;  # (defaults to D_REJECT)
    $final_bad_header_destiny = D_PASS;  # (defaults to D_PASS), D_BOUNCE suggested
    
    # Debian 默认支持 Clam Antivirus-clamd
    ### http://www.clamav.net/
    ['Clam Antivirus-clamd',
      \_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd.ctl"],
      qr/\bOK$/, qr/\bFOUND$/,
      qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
    # NOTE: run clamd under the same user as amavisd;  match the socket
    # name (LocalSocket) in clamav.conf to the socket name in this entry
    # When running chrooted one may prefer: ["CONTSCAN {}\n","$MYHOME/clamd"],
    		

    Example 6. amavisd.conf

    			use strict;
    
    # Configuration file for amavisd-new
    # Defaults modified for the Debian amavisd-new package
    # $Id: amavisd.conf,v 1.27 2004/07/31 19:43:41 hmh Exp $
    #
    # This software is licensed under the GNU General Public License (GPL).
    # See comments at the start of amavisd-new for the whole license text.
    
    #Sections:
    # Section I    - Essential daemon and MTA settings
    # Section II   - MTA specific
    # Section III  - Logging
    # Section IV   - Notifications/DSN, BOUNCE/REJECT/DROP/PASS destiny, quarantine
    # Section V    - Per-recipient and per-sender handling, whitelisting, etc.
    # Section VI   - Resource limits
    # Section VII  - External programs, virus scanners, SpamAssassin
    # Section VIII - Debugging
    
    #GENERAL NOTES:
    #  This file is a normal Perl code, interpreted by Perl itself.
    #  - make sure this file (or directory where it resides) is NOT WRITABLE
    #    by mere mortals (not even vscan/amavis; best to make it owned by root),
    #    otherwise it represents a severe security risk!
    #  - for values which are interpreted as booleans, it is recommended
    #    to use 1 for true, and 0 or undef or '' for false.
    #    THIS IS DIFFERENT FROM OLD AMAVIS VERSIONS where "no" also meant false,
    #    now it means true, like any nonempty string does!
    #  - Perl syntax applies. Most notably: strings in "" may include variables
    #    (which start with $ or @); to include characters @ and $ in double
    #    quoted strings, precede them by a backslash; in single-quoted strings
    #    the $ and @ lose their special meaning, so it is usually easier to use
    #    single quoted strings (or qw operator) for e-mail addresses.
    #    Still, in both cases a backslash needs to be doubled.
    #  - variables with names starting with a '@' are lists, the values assigned
    #    to them should be lists as well, e.g. ('one@foo', $mydomain, "three");
    #    note the comma-separation and parenthesis. If strings in the list
    #    do not contain spaces nor variables, a Perl operator qw() may be used
    #    as a shorthand to split its argument on whitespace and produce a list
    #    of strings, e.g. qw( one@foo example.com three );  Note that the argument
    #    to qw is quoted implicitly and no variable interpretation is done within
    #    (no '$' variable evaluations). The #-initiated comments can NOT be used
    #    within a string. In other words, $ and # lose their special meaning
    #    within a qw argument, just like within '...' strings.
    #  - all e-mail addresses in this file and as used internally by the daemon
    #    are in their raw (rfc2821-unquoted and non-bracketed) form, i.e. 
    #    Bob "Funny" [email protected], not: "Bob \"Funny\" Dude"@example.com
    #    and not <"Bob \"Funny\" Dude"@example.com>; also: '' and not '
    '.
    #  - the term 'default value' in examples below refers to the value of a
    #    variable pre-assigned to it by the program; any explicit assignment
    #    to a variable in this configuration file overrides the default value;
    
    
    #
    # Section I - Essential daemon and MTA settings
    #
    
    # $MYHOME serves as a quick default for some other configuration settings.
    # More refined control is available with each individual setting further down.
    # $MYHOME is not used directly by the program. No trailing slash!
    $MYHOME = '/var/lib/amavis';   # (default is '/var/amavis')
    
    # $mydomain serves as a quick default for some other configuration settings.
    # More refined control is available with each individual setting further down.
    # $mydomain is never used directly by the program.
    $mydomain = 'example.net';      # (no useful default)
    
    $myhostname = 'mail.example.net';  # fqdn of this host, default by uname(3)
    
    # Set the user and group to which the daemon will change if started as root
    # (otherwise just keeps the UID unchanged, and these settings have no effect):
    $daemon_user  = 'amavis';	# (no default (undef))
    $daemon_group = 'amavis';	# (no default (undef))
    
    # Runtime working directory (cwd), and a place where
    # temporary directories for unpacking mail are created.
    # if you change this, you might want to modify the cleanup()
    # function in /etc/init.d/amavisd-new
    # (no trailing slash, may be a scratch file system)
    $TEMPBASE = $MYHOME;           # (must be set if other config vars use is)
    #$TEMPBASE = "$MYHOME/tmp";     # prefer to keep home dir /var/amavis clean?
    
    # $helpers_home sets environment variable HOME, and is passed as option
    # 'home_dir_for_helpers' to Mail::SpamAssassin::new. It should be a directory
    # on a normal persistent file system, not a scratch or temporary file system
    #$helpers_home = $MYHOME;      # (defaults to $MYHOME)
    
    # Run the daemon in the specified chroot jail if nonempty:
    #$daemon_chroot_dir = $MYHOME;  # (default is undef, meaning: do not chroot)
    
    $pid_file  = "/var/run/amavis/amavisd.pid";  # (default: "$MYHOME/amavisd.pid")
    $lock_file = "/var/run/amavis/amavisd.lock"; # (default: "$MYHOME/amavisd.lock")
    
    # set environment variables if you want (no defaults):
    $ENV{TMPDIR} = $TEMPBASE;       # wise to set TMPDIR, but not obligatory
    #...
    
    
    # MTA SETTINGS, UNCOMMENT AS APPROPRIATE,
    # both $forward_method and $notify_method default to 'smtp:127.0.0.1:10025'
    
    # POSTFIX, or SENDMAIL in dual-MTA setup, or EXIM V4
    # (set host and port number as required; host can be specified
    # as IP address or DNS name (A or CNAME, but MX is ignored)
    #$forward_method = 'smtp:127.0.0.1:10025';  # where to forward checked mail
    #$notify_method = $forward_method;          # where to submit notifications
    
    # NOTE: The defaults (above) are good for Postfix or dual-sendmail. You MUST
    #       uncomment the appropriate settings below if using other setups!
    
    # SENDMAIL MILTER, using amavis-milter.c helper program:
    # SEE amavisd-new-milter package docs FOR DEBIAN INSTRUCTIONS
    #$forward_method = undef;  # no explicit forwarding, sendmail does it by itself
    # milter; option -odd is needed to avoid deadlocks
    #$notify_method = 'pipe:flags=q argv=/usr/sbin/sendmail -Ac -i -odd -f ${sender} -- ${recipient}';
    # just a thought: can we use use -Am instead of -odd ?
    
    # SENDMAIL (old non-milter setup, as relay):
    #$forward_method = 'pipe:flags=q argv=/usr/sbin/sendmail -C/etc/sendmail.orig.cf -i -f ${sender} -- ${recipient}';
    #$notify_method = $forward_method;
    
    # SENDMAIL (old non-milter setup, amavis.c calls local delivery agent):
    #$forward_method = undef;  # no explicit forwarding, amavis.c will call LDA
    #$notify_method = 'pipe:flags=q argv=/usr/sbin/sendmail -Ac -i -f ${sender} -- ${recipient}';
    
    # EXIM v3 (not recommended with v4 or later, which can use SMTP setup instead):
    #$forward_method = 'pipe:flags=q argv=/usr/sbin/exim -oMr scanned-ok -i -f ${sender} -- ${recipient}';
    #$notify_method = $forward_method;
    
    # prefer to collect mail for forwarding as BSMTP files?
    #$forward_method = "bsmtp:$MYHOME/out-%i-%n.bsmtp";
    #$notify_method = $forward_method;
    
    
    # Net::Server pre-forking settings
    # You may want $max_servers to match the width of your MTA pipe
    # feeding amavisd, e.g. with Postfix the 'Max procs' field in the
    # master.cf file, like the '2' in the:  smtp-amavis unix - - n - 2 smtp
    #
    $max_servers  =  2;   # number of pre-forked children          (default 2)
    $max_requests = 10;   # retire a child after that many accepts (default 10)
    
    $child_timeout=5*60;  # abort child if it does not complete each task in n sec
                          # (default: 8*60 seconds)
    
    # Check also the settings of @av_scanners at the end if you want to use
    # virus scanners. If not, you may want to delete the whole long assignment
    # to the variable @av_scanners, which will also remove the virus checking
    # code (e.g. if you only want to do spam scanning).
    
    # Here is a QUICK WAY to completely DISABLE some sections of code
    # that WE DO NOT WANT (it won't even be compiled-in).
    # For more refined controls leave the following two lines commented out,
    # and see further down what these two lookup lists really mean.
    #
    # @bypass_virus_checks_acl = qw( . );  # uncomment to DISABLE anti-virus code
    # @bypass_spam_checks_acl  = qw( . );  # uncomment to DISABLE anti-spam code
    #
    # Any setting can be changed with a new assignment, so make sure
    # you do not unintentionally override these settings further down!
    @bypass_spam_checks_acl  = qw( . );    # No default dependency on spamassassin
    
    # Lookup list of local domains (see README.lookups for syntax details)
    #
    # NOTE:
    #   For backwards compatibility the variable names @local_domains (old) and
    #   @local_domains_acl (new) are synonyms. For consistency with other lookups
    #   the name @local_domains_acl is now preferred. It also makes it more
    #   obviously distinct from the new %local_domains hash lookup table.
    #
    # local_domains* lookup tables are used in deciding whether a recipient
    # is local or not, or in other words, if the message is outgoing or not.
    # This affects inserting spam-related headers for local recipients,
    # limiting recipient virus notifications (if enabled) to local recipients,
    # in deciding if address extension may be appended, and in SQL lookups
    # for non-fqdn addresses. Set it up correctly if you need features
    # that rely on this setting (or just leave empty otherwise).
    #
    # With Postfix (2.0) a quick reminder on what local domains normally are:
    # a union of domains specified in: $mydestination, $virtual_alias_domains,
    # $virtual_mailbox_domains, and $relay_domains.
    #
    @local_domains_acl = ( ".$mydomain" );  # $mydomain and its subdomains
    # @local_domains_acl = ( ".$mydomain", "my.other.domain" );
    # @local_domains_acl = qw();  # default is empty, no recipient treated as local
    # @local_domains_acl = qw( .example.com );
    # @local_domains_acl = qw( .example.com !host.sub.example.net .sub.example.net );
    
    # or alternatively(A), using a Perl hash lookup table, which may be assigned
    # directly, or read from a file, one domain per line; comments and empty lines
    # are ignored, a dot before a domain name implies its subdomains:
    #
    #read_hash(\%local_domains, '/etc/amavis/local_domains');
    
    #or alternatively(B), using a list of regular expressions:
    # $local_domains_re = new_RE( qr'[@.]example\.com$'i );
    #
    # see README.lookups for syntax and semantics
    
    
    #
    # Section II - MTA specific (defaults should be ok)
    #
    
    # if $relayhost_is_client is true, the IP address in $notify_method and
    # $forward_method is dynamically overridden with SMTP client peer address
    # (if available), which makes it possible for several hosts to share one 
    # daemon.  The static port number is also overridden, and is dynamically 
    # calculated  as being one above the incoming SMTP/LMTP session port number.
    #
    # These are logged at level 3, so enable logging until you know you got it
    # right.
    $relayhost_is_client = 0;         # (defaults to false)
    
    $insert_received_line = 1;        # behave like MTA: insert 'Received:' header
    			          # (does not apply to sendmail/milter)
    			          # (default is true (1) )
    
    # AMAVIS-CLIENT PROTOCOL INPUT SETTINGS (e.g. with sendmail milter)
    #   (used with amavis helper clients like amavis-milter.c and amavis.c,
    #   NOT needed for Postfix and Exim  or dual-sendmail - keep it undefined.)
    #$unix_socketname = "/var/lib/amavis/amavisd.sock"; # amavis helper protocol socket
    $unix_socketname = undef;         # disable listening on a unix socket
                                      # (default is undef, i.e. disabled)
    
    # Do we receive quoted or raw addresses from the helper program?
    # (does not apply to SMTP;  defaults to true)
    #$gets_addr_in_quoted_form = 1;   # "Bob \"Funny\" Dude"@example.com
    #$gets_addr_in_quoted_form = 0;   # Bob "Funny" [email protected]
    
    
    
    # SMTP SERVER (INPUT) PROTOCOL SETTINGS (e.g. with Postfix, Exim v4, ...)
    #   (used when MTA is configured to pass mail to amavisd via SMTP or LMTP)
    $inet_socket_port = 10024;        # accept SMTP on this local TCP port
                                      # (default is undef, i.e. disabled)
    # multiple ports may be provided: $inet_socket_port = [10024, 10026, 10028];
    
    # SMTP SERVER (INPUT) access control
    # - do not allow free access to the amavisd SMTP port !!!
    #
    # when MTA is at the same host, use the following (one or the other or both):
    $inet_socket_bind = '127.0.0.1';  # limit socket bind to loopback interface
                                      # (default is '127.0.0.1')
    @inet_acl = qw( 127.0.0.1 );      # allow SMTP access only from localhost IP
                                      # (default is qw( 127.0.0.1 ) )
    
    # when MTA (one or more) is on a different host, use the following:
    # @inet_acl = qw(127/8 10.1.0.1 10.1.0.2);  # adjust the list as appropriate
    # $inet_socket_bind = undef;      # bind to all IP interfaces if undef
    #
    # Example1:
    # @inet_acl = qw( 127/8 10/8 172.16/12 192.168/16 );
    # permit only SMTP access from loopback and rfc1918 private address space
    #
    # Example2:
    # @inet_acl = qw( !192.168.1.12 172.16.3.3 !172.16.3/255.255.255.0
    #		  127.0.0.1 10/8 172.16/12 192.168/16 );
    # matches loopback and rfc1918 private address space except host 192.168.1.12
    # and net 172.16.3/24 (but host 172.16.3.3 within 172.16.3/24 still matches)
    #
    # Example3:
    # @inet_acl = qw( 127/8
    #		  !172.16.3.0   !172.16.3.127 172.16.3.0/25
    #		  !172.16.3.128 !172.16.3.255 172.16.3.128/25 );
    # matches loopback and both halves of the 172.16.3/24 C-class,
    # split into two subnets, except all four broadcast addresses
    # for these subnets
    #
    # See README.lookups for details on specifying access control lists.
    
    
    #
    # Section III - Logging
    #
    
    # true (e.g. 1) => syslog;  false (e.g. 0) => logging to file
    $DO_SYSLOG = 1;                 # (defaults to false)
    #$SYSLOG_LEVEL = 'user.info';     # (facility.priority, default 'mail.info')
    
    # Log file (if not using syslog)
    $LOGFILE = "/var/log/amavis.log";  # (defaults to empty, no log)
    
    #NOTE: levels are not strictly observed and are somewhat arbitrary
    # 0: startup/exit/failure messages, viruses detected
    # 1: args passed from client, some more interesting messages
    # 2: virus scanner output, timing
    # 3: server, client
    # 4: decompose parts
    # 5: more debug details
    $log_level = 2;		# (defaults to 0)
    
    # Customizable template for the most interesting log file entry (e.g. with
    # $log_level=0) (take care to properly quote Perl special characters like '\')
    # For a list of available macros see README.customize .
    
    # only log infected messages (useful with log level 0):
    # $log_templ = '[? %#V |[? %#F ||banned filename ([%F|,])]|infected ([%V|,])]#
    # [? %#V |[? %#F ||, from=[?%o|(?)|<%o>], to=[<%R>|,][? %i ||, quarantine %i]]#
    # |, from=[?%o|(?)|<%o>], to=[<%R>|,][? %i ||, quarantine %i]]';
    
    # log both infected and noninfected messages (default):
    $log_templ = '[? %#V |[? %#F |[?%#D|Not-Delivered|Passed]|BANNED name/type (%F)]|INFECTED (%V)], #
    [?%o|(?)|<%o>] -> [<%R>|,][? %i ||, quarantine %i], Message-ID: %m, Hits: %c';
    
    
    #
    # Section IV - Notifications/DSN, BOUNCE/REJECT/DROP/PASS destiny, quarantine
    #
    
    # Select notifications text encoding when Unicode-aware Perl is converting
    # text from internal character representation to external encoding (charset
    # in MIME terminology). Used as argument to Perl Encode::encode subroutine.
    #
    #   to be used in RFC 2047-encoded header field bodies, e.g. in Subject:
    #$hdr_encoding = 'iso-8859-1';  # (default: 'iso-8859-1')
    #
    #   to be used in notification body text: its encoding and Content-type.charset
    #$bdy_encoding = 'iso-8859-1';  # (default: 'iso-8859-1')
    
    # Default template texts for notifications may be overruled by directly
    # assigning new text to template variables, or by reading template text
    # from files. A second argument may be specified in a call to read_text(),
    # specifying character encoding layer to be used when reading from the
    # external file, e.g. 'utf8', 'iso-8859-1', or often just $bdy_encoding.
    # Text will be converted to internal character representation by Perl 5.8.0
    # or later; second argument is ignored otherwise. See PerlIO::encoding,
    # Encode::PerlIO and perluniintro man pages.
    #
    # $notify_sender_templ      = read_text('/var/amavis/notify_sender.txt');
    # $notify_virus_sender_templ= read_text('/var/amavis/notify_virus_sender.txt');
    # $notify_virus_admin_templ = read_text('/var/amavis/notify_virus_admin.txt');
    # $notify_virus_recips_templ= read_text('/var/amavis/notify_virus_recips.txt');
    # $notify_spam_sender_templ = read_text('/var/amavis/notify_spam_sender.txt');
    # $notify_spam_admin_templ  = read_text('/var/amavis/notify_spam_admin.txt');
    
    # If notification template files are collectively available in some directory,
    # use read_l10n_templates which calls read_text for each known template.
    #
    #   read_l10n_templates('/etc/amavis/en_US');
    #
    # Debian available locales: en_US, pt_BR, de_DE, it_IT
    read_l10n_templates('en_US', '/etc/amavis');
    
    
    # Here is an overall picture (sequence of events) of how pieces fit together
    # (only virus controls are shown, spam controls work the same way):
    #
    #   bypass_virus_checks? ==> PASS
    #   no viruses?   ==> PASS
    #   log virus     if $log_templ is nonempty
    #   quarantine    if $virus_quarantine_to is nonempty
    #   notify admin  if $virus_admin (lookup) nonempty
    #   notify recips if $warnvirusrecip and (recipient is local or $warn_offsite)
    #   add address extensions if adding extensions is enabled and virus will pass
    #   send (non-)delivery notifications
    #      to sender if DSN needed (BOUNCE or ($warn_virus_sender and D_PASS))
    #   virus_lovers or final_destiny==D_PASS  ==> PASS
    #   DISCARD (2xx) or REJECT (5xx) (depending on final_*_destiny)
    #
    # Equivalent flow diagram applies for spam checks.
    # If a virus is detected, spam checking is skipped entirely.
    
    # The following symbolic constants can be used in *destiny settings:
    #
    # D_PASS     mail will pass to recipients, regardless of bad contents;
    #
    # D_DISCARD  mail will not be delivered to its recipients, sender will NOT be
    #            notified. Effectively we lose mail (but will be quarantined
    #            unless disabled). Losing mail is not decent for a mailer,
    #            but might be desired.
    #
    # D_BOUNCE   mail will not be delivered to its recipients, a non-delivery
    #            notification (bounce) will be sent to the sender by amavisd-new;
    #            Exception: bounce (DSN) will not be sent if a virus name matches
    #            $viruses_that_fake_sender_re, or to messages from mailing lists
    #            (Precedence: bulk|list|junk);
    #
    # D_REJECT   mail will not be delivered to its recipients, sender should
    #            preferably get a reject, e.g. SMTP permanent reject response
    #            (e.g. with milter), or non-delivery notification from MTA
    #            (e.g. Postfix). If this is not possible (e.g. different recipients
    #            have different tolerances to bad mail contents and not using LMTP)
    #            amavisd-new sends a bounce by itself (same as D_BOUNCE).
    #
    # Notes:
    #   D_REJECT and D_BOUNCE are similar, the difference is in who is responsible
    #            for informing the sender about non-delivery, and how informative
    #            the notification can be (amavisd-new knows more than MTA);
    #   With D_REJECT, MTA may reject original SMTP, or send DSN (delivery status
    #            notification, colloquially called 'bounce') - depending on MTA;
    #            Best suited for sendmail milter, especially for spam.
    #   With D_BOUNCE, amavisd-new (not MTA) sends DSN (can better explain the
    #            reason for mail non-delivery, but unable to reject the original
    #            SMTP session). Best suited to reporting viruses, and for Postfix
    #            and other dual-MTA setups, which can't reject original client SMTP
    #            session, as the mail has already been enqueued.
    
    $final_virus_destiny      = D_DISCARD; # (defaults to D_BOUNCE)
    $final_banned_destiny     = D_BOUNCE;  # (defaults to D_BOUNCE)
    $final_spam_destiny       = D_PASS;  # (defaults to D_REJECT)
    $final_bad_header_destiny = D_PASS;  # (defaults to D_PASS), D_BOUNCE suggested
    
    # Alternatives to consider for spam:
    # - use D_PASS if clients will do filtering based on inserted mail headers;
    # - use D_DISCARD, if kill_level is set safely high;
    # - use D_BOUNCE instead of D_REJECT if not using milter;
    #
    # D_BOUNCE is preferred for viruses, but consider:
    # - use D_DISCARD to avoid bothering the rest of the network, it is hopeless
    #   to try to keep up with the viruses that faker the envelope sender anyway,
    #   and bouncing only increases the network cost of viruses for everyone
    # - use D_PASS (or virus_lovers) and $warnvirussender=1 to deliver viruses;
    # - use D_REJECT instead of D_BOUNCE if using milter and under heavy
    #   virus storm;
    #
    # Don't bother to set both D_DISCARD and $warn*sender=1, it will get mapped
    # to D_BOUNCE.
    #
    # The separation of *_destiny values into D_BOUNCE, D_REJECT, D_DISCARD
    # and D_PASS made settings $warnvirussender and $warnspamsender only still
    # useful with D_PASS.
    
    # The following $warn*sender settings are ONLY used when mail is
    # actually passed to recipients ($final_*_destiny=D_PASS, or *_lovers*).
    # Bounces or rejects produce non-delivery status notification anyway.
    
    # Notify virus sender?
    #$warnvirussender = 1;	# (defaults to false (undef))
    
    # Notify spam sender?
    #$warnspamsender = 1;	# (defaults to false (undef))
    
    # Notify sender of banned files?
    #$warnbannedsender = 1;	# (defaults to false (undef))
    
    # Notify sender of syntactically invalid header containing non-ASCII characters?
    #$warnbadhsender = 1;	# (defaults to false (undef))
    
    # Notify virus (or banned files) RECIPIENT?
    #  (not very useful, but some policies demand it)
    #$warnvirusrecip = 1;	# (defaults to false (undef))
    #$warnbannedrecip = 1;	# (defaults to false (undef))
    
    # Notify also non-local virus/banned recipients if $warn*recip is true?
    #  (including those not matching local_domains*)
    #$warn_offsite = 1;    # (defaults to false (undef), i.e. only notify locals)
    
    
    # Treat envelope sender address as unreliable and don't send sender
    # notification / bounces if name(s) of detected virus(es) match the list.
    # Note that virus names are supplied by external virus scanner(s) and are
    # not standardized, so virus names may need to be adjusted.
    # See README.lookups for syntax, check also README.policy-on-notifications
    #
    $viruses_that_fake_sender_re = new_RE(
      qr'nimda|hybris|klez|bugbear|yaha|braid|sobig|fizzer|palyh|peido|holar'i,
      qr'tanatos|lentin|bridex|mimail|trojan\.dropper|dumaru|parite|spaces'i,
      qr'dloader|galil|gibe|swen|netwatch|bics|sbrowse|sober|rox|val(hal)?la'i,
      qr'frethem|sircam|be?agle|tanx|mydoom|novarg|shimg|netsky|somefool|moodown'i,
      qr'@mm|@MM',    # mass mailing viruses as labeled by f-prot and uvscan
      qr'Worm'i,      # worms as labeled by ClamAV, Kaspersky, etc
      [qr'^(EICAR|Joke\.|Junk\.)'i         => 0],
      [qr'^(WM97|OF97|W95/CIH-|JS/Fort)'i  => 0],
      [qr/.*/ => 1],  # true by default  (remove or comment-out if undesired)
    );
    
    # where to send ADMIN VIRUS NOTIFICATIONS (should be a fully qualified address)
    # - the administrator address may be a simple fixed e-mail address (a scalar),
    #   or may depend on the SENDER address (e.g. its domain), in which case
    #   a ref to a hash table can be specified (specify lower-cased keys,
    #   dot is a catchall, see README.lookups).
    #
    #   Empty or undef lookup disables virus admin notifications.
    
    # $virus_admin = undef;   # do not send virus admin notifications (default)
    # $virus_admin = {'not.example.com' => '', '.' => '[email protected]'};
    # $virus_admin = '[email protected]';
    $virus_admin = "postmaster\@$mydomain";		# due to D_DISCARD default
    
    # equivalent to $virus_admin, but for spam admin notifications:
    # $spam_admin = "spamalert\@$mydomain";
    # $spam_admin = undef;    # do not send spam admin notifications (default)
    # $spam_admin = {'not.example.com' => '', '.' => '[email protected]'};
    
    #advanced example, using a hash lookup table:
    #$virus_admin = {
    # '[email protected]' => '[email protected]',
    # '.sub1.example.com'  => '[email protected]',
    # '.sub2.example.com'  => '',                  # don't send admin notifications
    # 'a.sub3.example.com' => '[email protected]',
    # '.sub3.example.com'  => '[email protected]',
    # '.example.com'       => '[email protected]',   # catchall for our virus senders
    # '.'                  => '[email protected]',  # catchall for the rest
    #};
    
    
    # whom notification reports are sent from (ENVELOPE SENDER);
    # may be a null reverse path, or a fully qualified address:
    #   (admin and recip sender addresses default to $mailfrom
    #   for compatibility, which in turn defaults to undef (empty) )
    #   If using strings in double quotes, don't forget to quote @, i.e. \@
    #
    #$mailfrom_notify_admin     = "virusalert\@$mydomain";
    #$mailfrom_notify_recip     = "virusalert\@$mydomain";
    #$mailfrom_notify_spamadmin = "spam.police\@$mydomain";
    
    # 'From' HEADER FIELD for sender and admin notifications.
    # This should be a replyable address, see rfc1894. Not to be confused
    # with $mailfrom_notify_sender, which is the envelope return address
    # and should be empty (null reverse path) according to rfc2821.
    #
    # The syntax of the 'From' header field is specified in rfc2822, section
    # '3.4. Address Specification'. Note in particular that display-name must be
    # a quoted-string if it contains any special characters like spaces and dots.
    #
    # $hdrfrom_notify_sender = "amavisd-new @$mydomain>";
    # $hdrfrom_notify_sender = 'amavisd-new example.com>';
    # $hdrfrom_notify_sender = '"Content-Filter Master" example.com>';
    #   (defaults to: "amavisd-new @$myhostname>")
    # $hdrfrom_notify_admin = $mailfrom_notify_admin;
    #   (defaults to: $mailfrom_notify_admin)
    # $hdrfrom_notify_spamadmin = $mailfrom_notify_spamadmin;
    #   (defaults to: $mailfrom_notify_spamadmin)
    
    # whom quarantined messages appear to be sent from (envelope sender);
    # keeps original sender if undef, or set it explicitly, default is undef
    $mailfrom_to_quarantine = '';   # override sender address with null return path
    
    
    # Location to put infected mail into: (applies to 'local:' quarantine method)
    #   empty for not quarantining, may be a file (mailbox),
    #   or a directory (no trailing slash)
    #   (the default value is undef, meaning no quarantine)
    #
    $QUARANTINEDIR = '/var/lib/amavis/virusmails';
    
    #$virus_quarantine_method = "local:virus-%i-%n";    # default
    #$spam_quarantine_method  = "local:spam-%b-%i-%n";  # default
    #
    #use the new 'bsmtp:' method as an alternative to the default 'local:'
    #$virus_quarantine_method = "bsmtp:$QUARANTINEDIR/virus-%i-%n.bsmtp";
    #$spam_quarantine_method  = "bsmtp:$QUARANTINEDIR/spam-%b-%i-%n.bsmtp";
    
    # When using the 'local:' quarantine method (default), the following applies:
    #
    # A finer control of quarantining is available through variable
    # $virus_quarantine_to/$spam_quarantine_to. It may be a simple scalar string,
    # or a ref to a hash lookup table, or a regexp lookup table object,
    # which makes possible to set up per-recipient quarantine addresses.
    #
    # The value of scalar $virus_quarantine_to/$spam_quarantine_to (or a
    # per-recipient lookup result from the hash table %$virus_quarantine_to)
    # is/are interpreted as follows:
    #
    # VARIANT 1:
    #   empty or undef disables quarantine;
    #
    # VARIANT 2:
    #   a string NOT containing an '@';
    # amavisd will behave as a local delivery agent (LDA) and will quarantine
    # viruses to local files according to hash %local_delivery_aliases (pseudo
    # aliases map) - see subroutine mail_to_local_mailbox() for details.
    # Some of the predefined aliases are 'virus-quarantine' and 'spam-quarantine'.
    # Setting $virus_quarantine_to ($spam_quarantine_to) to this string will:
    #
    # * if $QUARANTINEDIR is a directory, each quarantined virus will go
    #   to a separate file in the $QUARANTINEDIR directory (traditional
    #   amavis style, similar to maildir mailbox format);
    #
    # * otherwise $QUARANTINEDIR is treated as a file name of a Unix-style
    #   mailbox. All quarantined messages will be appended to this file.
    #   Amavisd child process must obtain an exclusive lock on the file during
    #   delivery, so this may be less efficient than using individual files
    #   or forwarding to MTA, and it may not work across NFS or other non-local
    #   file systems (but may be handy for pickup of quarantined files via IMAP
    #   for example);
    #
    # VARIANT 3:
    #   any email address (must contain '@').
    # The e-mail messages to be quarantined will be handed to MTA
    # for delivery to the specified address. If a recipient address local to MTA
    # is desired, you may leave the domain part empty, e.g. 'infected@', but the
    # '@' character must nevertheless be included to distinguish it from variant 2.
    #
    # This method enables more refined delivery control made available by MTA
    # (e.g. its aliases file, other local delivery agents, dealing with
    # privileges and file locking when delivering to user's mailbox, nonlocal
    # delivery and forwarding, fan-out lists). Make sure the mail-to-be-quarantined
    # will not be handed back to amavisd for checking, as this will cause a loop
    # (hopefully broken at some stage)! If this can be assured, notifications
    # will benefit too from not being unnecessarily virus-scanned.
    #
    # By default this is safe to do with Postfix and Exim v4 and dual-sendmail
    # setup, but probably not safe with sendmail milter interface without
    # precaution.
    
    # (the default value is undef, meaning no quarantine)
    
    $virus_quarantine_to  = 'virus-quarantine';    # traditional local quarantine
    #$virus_quarantine_to = 'infected@';           # forward to MTA for delivery
    #$virus_quarantine_to = "virus-quarantine\@$mydomain";   # similar
    #$virus_quarantine_to = '[email protected]';  # similar
    #$virus_quarantine_to = undef;                 # no quarantine
    #
    #$virus_quarantine_to = new_RE(                # per-recip multiple quarantines
    #  [qr'^user@example\.com$'i => 'infected@'],
    #  [qr'^(.*)@example\.com$'i => 'virus-${1}@example.com'],
    #  [qr'^(.*)(@[^@])?$'i      => 'virus-${1}${2}'],
    #  [qr/.*/                   => 'virus-quarantine'] );
    
    # similar for spam
    # (the default value is undef, meaning no quarantine)
    #
    $spam_quarantine_to = 'spam-quarantine';
    #$spam_quarantine_to = "spam-quarantine\@$mydomain";
    #$spam_quarantine_to = new_RE(                 # per-recip multiple quarantines
    #  [qr'^(.*)@example\.com$'i => 'spam-${1}@example.com'],
    #  [qr/.*/                   => 'spam-quarantine'] );
    
    # In addition to per-recip quarantine, a by-sender lookup is possible. It is
    # similar to $spam_quarantine_to, but the lookup key is the sender address:
    #$spam_quarantine_bysender_to = undef;   # dflt: no by-sender spam quarantine
    
    
    # Add X-Virus-Scanned header field to mail?
    $X_HEADER_TAG = 'X-Virus-Scanned';	# (default: undef)
    # Leave empty to add no header		# (default: undef)
    $X_HEADER_LINE = "by $myversion (Debian) at $mydomain";
    
    # a string to prepend to Subject (for local recipients only) if mail could
    # not be decoded or checked entirely, e.g. due to password-protected archives
    $undecipherable_subject_tag = '***UNCHECKED*** ';  # undef disables it
    
    $remove_existing_x_scanned_headers = 0; # leave existing X-Virus-Scanned alone
    #$remove_existing_x_scanned_headers= 1; # remove existing headers
    					# (defaults to false)
    #$remove_existing_spam_headers = 0;     # leave existing X-Spam* headers alone
    $remove_existing_spam_headers  = 1;     # remove existing spam headers if
    					# spam scanning is enabled (default)
    
    # set $bypass_decode_parts to true if you only do spam scanning, or if you
    # have a good virus scanner that can deal with compression and recursively
    # unpacking archives by itself, and save amavisd the trouble.
    # Disabling decoding also causes banned_files checking to only see
    # MIME names and MIME content types, not the content classification types
    # as provided by the file(1) utility.
    # It is a double-edged sword, make sure you know what you are doing!
    #
    #$bypass_decode_parts = 1;		# (defaults to false)
    
    # don't trust this file type or corresponding unpacker for this file type,
    # keep both the original and the unpacked file for a virus checker to see
    # (lookup key is what file(1) utility returned):
    #
    $keep_decoded_original_re = new_RE(
    # qr'^MAIL$',   # retain full original message for virus checking (can be slow)
      qr'^MAIL-UNDECIPHERABLE$',  # retain full mail if it contains undecipherables
      qr'^(ASCII(?! cpio)|text|uuencoded|xxencoded|binhex)'i,
    # qr'^Zip archive data',
    );
    
    # Checking for banned MIME types and names. If any mail part matches,
    # the whole mail is rejected, much like the way viruses are handled.
    # A list in object $banned_filename_re can be defined to provide a list
    # of Perl regular expressions to be matched against each part's:
    #
    #  * Content-Type value (both declared and effective mime-type),
    #    including the possible security risk content types
    #    message/partial and message/external-body, as specified by rfc2046;
    #
    #  * declared (i.e. recommended) file names as specified by MIME subfields
    #    Content-Disposition.filename and Content-Type.name, both in their
    #    raw (encoded) form and in rfc2047-decoded form if applicable;
    #
    #  * file content type as guessed by 'file' utility, both the raw
    #    result from 'file', as well as short type name, classified
    #    into names such as .asc, .txt, .html, .doc, .jpg, .pdf,
    #    .zip, .exe, ... - see subroutine determine_file_types().
    #    This step is done only if $bypass_decode_parts is not true.
    #
    #  * leave $banned_filename_re undefined to disable these checks
    #    (giving an empty list to new_RE() will also always return false)
    
    $banned_filename_re = new_RE(
    #  qr'^UNDECIPHERABLE$',  # is or contains any undecipherable components
       qr'\.[^.]*\.(exe|vbs|pif|scr|bat|cmd|com|dll)$'i, # some double extensions
       qr'[{}]',     # curly braces in names (serve as Class ID extensions - CLSID)
    #  qr'.\.(exe|vbs|pif|scr|bat|cmd|com)$'i,           # banned extension - basic
    #  qr'.\.(ade|adp|bas|bat|chm|cmd|com|cpl|crt|exe|hlp|hta|inf|ins|isp|js|
    #         jse|lnk|mdb|mde|msc|msi|msp|mst|pcd|pif|reg|scr|sct|shs|shb|vb|
    #         vbe|vbs|wsc|wsf|wsh)$'ix,                  # banned extension - long
    #  qr'.\.(mim|b64|bhx|hqx|xxe|uu|uue)$'i, # banned extension - WinZip vulnerab.
    #  qr'^\.(zip|lha|tnef|cab)$'i,                      # banned file(1) types
    #  qr'^\.exe$'i,                                     # banned file(1) types
    #  qr'^application/x-msdownload$'i,                  # banned MIME types
    #  qr'^application/x-msdos-program$'i,
       qr'^message/partial$'i, qr'^message/external-body$'i, # block rfc2046
    );
    # See http://support.microsoft.com/default.aspx?scid=kb;EN-US;q262631
    # and http://www.cknow.com/vtutor/vtextensions.htm
    
    # A little trick: a pattern qr'\.exe$' matches both a short type name '.exe',
    # as well as any file name which happens to end with .exe. If only matching
    # a file name is desired, but not the short name, a pattern qr'.\.exe$'i
    # or similar may be used, which requires that at least one character precedes
    # the '.exe', and so it will never match short file types, which always start
    # with a dot.
    
    
    #
    # Section V - Per-recipient and per-sender handling, whitelisting, etc.
    #
    
    # %virus_lovers, @virus_lovers_acl and $virus_lovers_re lookup tables:
    #   (these should be considered policy options, they do not disable checks,
    #   see bypass*checks for that!)
    #
    # Exclude certain RECIPIENTS from virus filtering by adding their lower-cased
    # envelope e-mail address (or domain only) to the hash %virus_lovers, or to
    # the access list @virus_lovers_acl - see README.lookups and examples.
    # Make sure the appropriate form (e.g. external/internal) of address
    # is used in case of virtual domains, or when mapping external to internal
    # addresses, etc. - this is MTA-specific.
    #
    # Notifications would still be generated however (see the overall
    # picture above), and infected mail (if passed) gets additional header:
    #   X-AMaViS-Alert: INFECTED, message contains virus: ...
    # (header not inserted with milter interface!)
    #
    # NOTE (milter interface only): in case of multiple recipients,
    # it is only possible to drop or accept the message in its entirety - for all
    # recipients. If all of them are virus lovers, we'll accept mail, but if
    # at least one recipient is not a virus lover, we'll discard the message.
    
    
    # %bypass_virus_checks, @bypass_virus_checks_acl and $bypass_virus_checks_re
    # lookup tables:
    #   (this is mainly a time-saving option, unlike virus_lovers* !)
    #
    # Similar in concept to %virus_lovers, a hash %bypass_virus_checks,
    # access list @bypass_virus_checks_acl and regexp list $bypass_virus_checks_re
    # are used to skip entirely the decoding, unpacking and virus checking,
    # but only if ALL recipients match the lookup.
    #
    # %bypass_virus_checks/@bypass_virus_checks_acl/$bypass_virus_checks_re
    # do NOT GUARANTEE the message will NOT be checked for viruses - this may
    # still happen when there is more than one recipient for a message, and
    # not all of them match these lookup tables. To guarantee virus delivery,
    # a recipient must also match %virus_lovers/@virus_lovers_acl lookups
    # (but see milter limitations above),
    
    # NOTE: it would not be clever to base virus checks on SENDER address,
    # since there are no guarantees that it is genuine. Many viruses
    # and spam messages fake sender address. To achieve selective filtering
    # based on the source of the mail (e.g. IP address, MTA port number, ...),
    # use mechanisms provided by MTA if available.
    
    
    # Similar to lookup tables controlling virus checking, there exist
    # spam scanning, banned names/types, and headers_checks control counterparts:
    #   %spam_lovers, @spam_lovers_acl, $spam_lovers_re
    #   %banned_files_lovers, @banned_files_lovers_acl, $banned_files_lovers_re
    #   %bad_header_lovers, @bad_header_lovers_acl, $bad_header_lovers_re
    # and:
    #   %bypass_spam_checks/@bypass_spam_checks_acl/$bypass_spam_checks_re
    #   %bypass_banned_checks/@bypass_banned_checks_acl/$bypass_banned_checks_re
    #   %bypass_header_checks/@bypass_header_checks_acl/$bypass_header_checks_re
    # See README.lookups for details about the syntax.
    
    # The following example disables spam checking altogether,
    # since it matches any recipient e-mail address (any address
    # is a subdomain of the top-level root DNS domain):
    #   @bypass_spam_checks_acl = qw( . );
    
    #   @bypass_header_checks_acl = qw( [email protected] );
    #   @bad_header_lovers_acl    = qw( [email protected] );
    
    
    # See README.lookups for further detail, and examples below.
    
    # $virus_lovers{lc("postmaster\@$mydomain")} = 1;
    # $virus_lovers{lc('[email protected]')} = 1;
    # $virus_lovers{lc('[email protected]')} = 1;
    # $virus_lovers{lc('some.user@')} = 1;  # this recipient, regardless of domain
    # $virus_lovers{lc('[email protected]')} = 0; # never, even if domain matches
    # $virus_lovers{lc('example.com')} = 1; # this domain, but not its subdomains
    # $virus_lovers{lc('.example.com')}= 1; # this domain, including its subdomains
    #or:
    # @virus_lovers_acl = qw( [email protected] !lab.xxx.com .xxx.com yyy.org );
    #
    # $bypass_virus_checks{lc('[email protected]')} = 1;
    # @bypass_virus_checks_acl = qw( some.ddd !butnot.example.com .example.com );
    
    # @virus_lovers_acl = qw( [email protected] );
    # $virus_lovers_re = new_RE( qr'^(helpdesk|postmaster)@example\.com$'i );
    
    # $spam_lovers{lc("postmaster\@$mydomain")} = 1;
    # $spam_lovers{lc('[email protected]')} = 1;
    # $spam_lovers{lc('[email protected]')} = 1;
    # @spam_lovers_acl = qw( !.example.com );
    # $spam_lovers_re = new_RE( qr'^user@example\.com$'i );
    
    
    # don't run spam check for these RECIPIENT domains:
    #   @bypass_spam_checks_acl = qw( d1.com .d2.com a.d3.com );
    # or the other way around (bypass check for all BUT these):
    #   @bypass_spam_checks_acl = qw( !d1.com !.d2.com !a.d3.com . );
    # a practical application: don't check outgoing mail for spam:
    #   @bypass_spam_checks_acl = ( "!.$mydomain", "." );
    # (a downside of which is that such mail will not count as ham in SA bayes db)
    
    
    # Where to find SQL server(s) and database to support SQL lookups?
    # A list of triples: (dsn,user,passw).   (dsn = data source name)
    # More than one entry may be specified for multiple (backup) SQL servers.
    # See 'man DBI', 'man DBD::mysql', 'man DBD::Pg', ... for details.
    # When chroot-ed, accessing SQL server over inet socket may be more convenient.
    #
    # @lookup_sql_dsn =
    #   ( ['DBI:mysql:database=mail;host=127.0.0.1;port=3306', 'user1', 'passwd1'],
    #     ['DBI:mysql:database=mail;host=host2', 'username2', 'password2'] );
    #
    # ('mail' in the example is the database name, choose what you like)
    # With PostgreSQL the dsn (first element of the triple) may look like:
    #      'DBI:Pg:host=host1;dbname=mail'
    
    # The SQL select clause to fetch per-recipient policy settings.
    # The %k will be replaced by a comma-separated list of query addresses
    # (e.g. full address, domain only, catchall).  Use ORDER, if there
    # is a chance that multiple records will match - the first match wins.
    # If field names are not unique (e.g. 'id'), the later field overwrites the
    # earlier in a hash returned by lookup, which is why we use '*,users.id'.
    # $sql_select_policy = 'SELECT *,users.id FROM users,policy'.
    #   ' WHERE (users.policy_id=policy.id) AND (users.email IN (%k))'.
    #   ' ORDER BY users.priority DESC';
    #
    # The SQL select clause to check sender in per-recipient whitelist/blacklist
    # The first SELECT argument '?' will be users.id from recipient SQL lookup,
    # the %k will be sender addresses (e.g. full address, domain only, catchall).
    # $sql_select_white_black_list = 'SELECT wb FROM wblist,mailaddr'.
    #     ' WHERE (wblist.rid=?) AND (wblist.sid=mailaddr.id)'.
    #     '   AND (mailaddr.email IN (%k))'.
    #   ' ORDER BY mailaddr.priority DESC';
    
    $sql_select_white_black_list = undef;  # undef disables SQL white/blacklisting
    
    
    # If you decide to pass viruses (or spam) to certain recipients using the
    # above lookup tables or using $final_virus_destiny=D_PASS, you can set
    # the variable $addr_extension_virus ($addr_extension_spam) to some
    # string, and the recipient address will have this string appended
    # as an address extension to the local-part of the address. This extension
    # can be used by final local delivery agent to place such mail in different
    # folders. Leave these two variables undefined or empty strings to prevent
    # appending address extensions. Setting has no effect on recipient which will
    # not be receiving viruses/spam. Recipients who do not match lookup tables
    # local_domains* are not affected.
    #
    # LDAs usually default to stripping away address extension if no special
    # handling is specified, so having this option enabled normally does no harm,
    # provided the $recipients_delimiter matches the setting on the final
    # MTA's LDA.
    
    # $addr_extension_virus  = 'virus';	# (default is undef, same as empty)
    # $addr_extension_spam   = 'spam';	# (default is undef, same as empty)
    # $addr_extension_banned = 'banned';	# (default is undef, same as empty)
    
    
    # Delimiter between local part of the recipient address and address extension
    # (which can optionally be added, see variables $addr_extension_virus and
    # $addr_extension_spam). E.g. recipient address example.com> gets changed
    # to [email protected]>.
    #
    # Delimiter should match equivalent (final) MTA delimiter setting.
    # (e.g. for Postfix add 'recipient_delimiter = +' to main.cf)
    # Setting it to an empty string or to undef disables this feature
    # regardless of $addr_extension_virus and $addr_extension_spam settings.
    
    $recipient_delimiter = '+';		# (default is '+')
    
    # true: replace extension;  false: append extension
    $replace_existing_extension = 1;	# (default is false)
    
    # Affects matching of localpart of e-mail addresses (left of '@')
    # in lookups: true = case sensitive, false = case insensitive
    $localpart_is_case_sensitive = 0;	# (default is false)
    
    
    # ENVELOPE SENDER WHITELISTING / BLACKLISTING  - GLOBAL (RECIPIENT-INDEPENDENT)
    # (affects spam checking only, has no effect on virus and other checks)
    
    # WHITELISTING: use ENVELOPE SENDER lookups to ENSURE DELIVERY from whitelisted
    # senders even if the message would be recognized as spam. Effectively, for
    # the specified senders, message recipients temporarily become 'spam_lovers'.
    # To avoid surprises, whitelisted sender also suppresses inserting/editing
    # the tag2-level header fields (X-Spam-*, Subject), appending spam address
    # extension, and quarantining.
    
    # BLACKLISTING: messages from specified SENDERS are DECLARED SPAM.
    # Effectively, for messages from blacklisted senders, spam level
    # is artificially pushed high, and the normal spam processing applies,
    # resulting in 'X-Spam-Flag: YES', high 'X-Spam-Level' bar and other usual
    # reactions to spam, including possible rejection. If the message nevertheless
    # still passes (e.g. for spam loving recipients), it is tagged as BLACKLISTED
    # in the 'X-Spam-Status' header field, but the reported spam value and
    # set of tests in this report header field (if available from SpamAssassin,
    # which may have not been called) is not adjusted.
    #
    # A sender may be both white- and blacklisted at the same time, settings
    # are independent. For example, being both white- and blacklisted, message
    # is delivered to recipients, but is not tagged as spam (X-Spam-Flag: No;
    # X-Spam-Status: No, ...), but the reported spam level (if computed) may
    # still indicate high spam score.
    #
    # If ALL recipients of the message either white- or blacklist the sender,
    # spam scanning (calling the SpamAssassin) is bypassed, saving on time.
    #
    # The following variables (lookup tables) are available, with the semantics
    # and syntax as specified in README.lookups:
    #
    # %whitelist_sender, @whitelist_sender_acl, $whitelist_sender_re
    # %blacklist_sender, @blacklist_sender_acl, $blacklist_sender_re
    
    # SOME EXAMPLES:
    #
    #ACL:
    # @whitelist_sender_acl = qw( .example.com );
    #
    # @whitelist_sender_acl = ( ".$mydomain" );  # $mydomain and its subdomains
    # NOTE: This is not a reliable way of turning off spam checks for
    #       locally-originating mail, as sender address can easily be faked.
    #       To reliably avoid spam-scanning outgoing mail,
    #       use @bypass_spam_checks_acl .
    
    #RE:
    # $whitelist_sender_re = new_RE(
    #   qr'^postmaster@.*\bexample\.com$'i,
    #   qr'owner-[^@]*@'i,  qr'-request@'i,
    #   qr'\.example\.com$'i );
    #
    $blacklist_sender_re = new_RE(
        qr'^(bulkmail|offers|cheapbenefits|earnmoney|foryou|greatcasino)@'i,
        qr'^(investments|lose_weight_today|market\.alert|money2you|MyGreenCard)@'i,
        qr'^(new\.tld\.registry|opt-out|opt-in|optin|saveonl|smoking2002k)@'i,
        qr'^(specialoffer|specialoffers|stockalert|stopsnoring|wantsome)@'i,
        qr'^(workathome|yesitsfree|your_friend|greatoffers)@'i,
        qr'^(inkjetplanet|marketopt|MakeMoney)\d*@'i,
    );
    
    #HASH lookup variant:
    # NOTE: Perl operator qw splits its argument string by whitespace
    # and produces a list. This means that addresses can not contain
    # whitespace, and there is no provision for comments within the string.
    # You can use the normal Perl list syntax if you have special requirements,
    # e.g. map {...} ('one user@bla', '.second.com'), or use read_hash to read
    # addresses from a file.
    #
    
    # a hash lookup table can be read from a file,
    # one address per line, comments and empty lines are permitted:
    #
    # read_hash(\%whitelist_sender, '/var/amavis/whitelist_sender');
    
    # ... or set directly:
    map { $whitelist_sender{lc($_)}=1 } (qw(
      [email protected]
      [email protected]
      [email protected]
      [email protected]
      [email protected]
      [email protected]
      [email protected]
      [email protected]
      [email protected]
      [email protected]
      [email protected]
      [email protected]
      [email protected]
      [email protected]
      [email protected]
      [email protected]
      [email protected]
      [email protected]
      [email protected]
      [email protected]
      [email protected]
      [email protected]
      [email protected]
      [email protected]
      [email protected]
      [email protected]
      [email protected]
      [email protected]
      [email protected]
    ));
    
    
    # ENVELOPE SENDER WHITELISTING / BLACKLISTING - PER-RECIPIENT
    
    # The same semantics as for global white/blacklisting applies, but this
    # time each recipient (or its domain, or subdomain, ...) can be given
    # an individual lookup table for matching senders. The per-recipient lookups
    # override the global lookups, which serve as a fallback default.
    
    # Specify a two-level lookup table: the key for the outer table is recipient,
    # and the result should be an inner lookup table (hash or ACL or RE),
    # where the key used will be the sender.
    #
    #$per_recip_blacklist_sender_lookup_tables = {
    # '[email protected]'=>new_RE(qr'^(inkjetplanet|marketopt|MakeMoney)\d*@'i),
    # '[email protected]'=>[qw( [email protected],org .d2.example,org )],
    #};
    #$per_recip_whitelist_sender_lookup_tables = {
    # '[email protected]' => [qw( [email protected] .other.example.org )],
    # '.my1.example.com'    => [qw( !foe.other.example,org .other.example,org )],
    # '.my2.example.com'    => read_hash('/var/amavis/my2-wl.dat'),
    # 'abuse@' => { 'postmaster@'=>1,
    #               '[email protected]'=>1, '[email protected]'=>1 },
    #};
    
    
    #
    # Section VI - Resource limits
    #
    
    # Sanity limit to the number of allowed recipients per SMTP transaction
    # $smtpd_recipient_limit = 1000;  # (default is 1000)
    
    
    # Resource limits to protect unpackers, decompressors and virus scanners
    # against mail bombs (e.g. 42.zip)
    
    # Maximum recursion level for extraction/decoding (0 or undef disables limit)
    $MAXLEVELS = 14;		# (default is undef, no limit)
    
    # Maximum number of extracted files (0 or undef disables the limit)
    $MAXFILES = 1500;		# (default is undef, no limit)
    
    # For the cumulative total of all decoded mail parts we set max storage size
    # to defend against mail bombs. Even though parts may be deleted (replaced
    # by decoded text) during decoding, the size they occupied is _not_ returned
    # to the quota pool.
    #
    # Parameters to storage quota formula for unpacking/decoding/decompressing
    #   Formula:
    #     quota = max($MIN_EXPANSION_QUOTA,
    #                 $mail_size*$MIN_EXPANSION_FACTOR,
    #                 min($MAX_EXPANSION_QUOTA, $mail_size*$MAX_EXPANSION_FACTOR))
    #   In plain words (later condition overrules previous ones):
    #     allow MAX_EXPANSION_FACTOR times initial mail size,
    #     but not more than MAX_EXPANSION_QUOTA,
    #     but not less than MIN_EXPANSION_FACTOR times initial mail size,
    #     but never less than MIN_EXPANSION_QUOTA
    #
    $MIN_EXPANSION_QUOTA =      100*1024;  # bytes  (default undef, not enforced)
    $MAX_EXPANSION_QUOTA = 300*1024*1024;  # bytes  (default undef, not enforced)
    $MIN_EXPANSION_FACTOR =   5;  # times original mail size  (must be specified)
    $MAX_EXPANSION_FACTOR = 500;  # times original mail size  (must be specified)
    
    
    #
    # Section VII - External programs, virus scanners
    #
    
    # Specify a path string, which is a colon-separated string of directories
    # (no trailing slashes!) to be assigned to the environment variable PATH
    # and to serve for locating external programs below.
    
    # NOTE: if $daemon_chroot_dir is nonempty, the directories will be
    #       relative to the chroot directory specified;
    
    $path = '/usr/local/sbin:/usr/local/bin:/usr/sbin:/sbin:/usr/bin:/bin';
    
    # Specify one string or a search list of strings (first match wins).
    # The string (or: each string in a list) may be an absolute path,
    # or just a program name, to be located via $path;
    # Empty string or undef (=default) disables the use of that external program.
    # Optionally command arguments may be specified - only the first substring
    # up to the whitespace is used for file searching.
    
    $file   = 'file';   # file(1) utility; use 3.41 or later to avoid vulnerability
    
    $gzip   = 'gzip';
    $bzip2  = 'bzip2';
    $lzop   = 'lzop';
    $uncompress = ['uncompress', 'gzip -d', 'zcat'];
    $unfreeze   = ['unfreeze', 'freeze -d', 'melt', 'fcat'];
    $arc        = ['nomarch', 'arc'];
    $unarj      = ['arj', 'unarj'];  # both can extract, arj is recommended
    $unrar      = ['rar', 'unrar'];  # both can extract, same options
    $zoo    = 'zoo';
    $lha    = 'lha';
    $cpio   = 'cpio';   # comment out if cpio does not support GNU options
    
    
    # SpamAssassin settings
    
    # $sa_local_tests_only is passed to Mail::SpamAssassin::new as a value
    # of the option local_tests_only. See Mail::SpamAssassin man page.
    # If set to 1, SA tests are restricted to local tests only, i.e. no tests
    # that require internet access will be performed.
    #
    $sa_local_tests_only = 1;   # (default: false)
    #$sa_auto_whitelist = 1;    # turn on AWL (default: false)
    
    # Timout for SpamAssassin. This is only used if spamassassin does NOT
    # override it (which it often does if sa_local_tests_only is not true)
    $sa_timeout = 30;           # timeout in seconds for a call to SpamAssassin
                                # (default is 30 seconds, undef disables it)
    
    # AWL (auto whitelisting), requires spamassassin 2.44 or better
    # $sa_auto_whitelist = 1;   # defaults to undef
    
    $sa_mail_body_size_limit = 150*1024;  # don't waste time on SA is mail is larger
    			    # (less than 1% of spam is > 64k)
    			    # default: undef, no limitations
    
    # default values, can be overridden by more specific lookups, e.g. SQL
    $sa_tag_level_deflt  = 4.0; # add spam info headers if at, or above that level
    $sa_tag2_level_deflt = 6.3; # add 'spam detected' headers at that level
    $sa_kill_level_deflt = $sa_tag2_level_deflt; # triggers spam evasive actions
                               # at or above that level: bounce/reject/drop,
                               # quarantine, and adding mail address extension
    
    $sa_dsn_cutoff_level = 10;  # spam level beyond which a DSN is not sent,
                                # effectively turning D_BOUNCE into D_DISCARD;
                                # undef disables this feature and is a default;
    
    #
    # The $sa_tag_level_deflt, $sa_tag2_level_deflt and $sa_kill_level_deflt
    # may also be hashrefs to hash lookup tables, to make static per-recipient
    # settings possible without having to resort to SQL or LDAP lookups.
    
    # a quick reference:
    #   tag_level  controls adding the X-Spam-Status and X-Spam-Level headers,
    #   tag2_level controls adding 'X-Spam-Flag: YES', and editing Subject,
    #   kill_level controls 'evasive actions' (reject, quarantine, extensions);
    # it only makes sense to maintain the relationship:
    # tag_level <= tag2_level <= kill_level < $sa_dsn_cutoff_level
    
    # string to prepend to Subject header field when message exceeds tag2 level
    $sa_spam_subject_tag = '***SPAM*** ';	# (defaults to undef, disabled)
    			     # (only seen when spam is not to be rejected
    			     # and recipient is in local_domains*)
    
    #$sa_spam_modifies_subj = 1; # may be a ref to a lookup table, default is true
    # Example: modify Subject for all local recipients except [email protected]
    #$sa_spam_modifies_subj = [qw( [email protected] . )];
    
    # stop anti-virus scanning when the first scanner detects a virus?
    $first_infected_stops_scan = 1;  # default is false, all scanners are called
    
    # @av_scanners is a list of n-tuples, where fields semantics is:
    #  1. av scanner plain name, to be used in log and reports;
    #  2. scanner program name; this string will be submitted to subroutine
    #     find_external_programs(), which will try to find the full program
    #     path name; if program is not found, this scanner is disabled.
    #     Besides a simple string (full program path name or just the basename
    #     to be looked for in PATH), this may be an array ref of alternative
    #     program names or full paths - the first match in the list will be used;
    #     As a special case for more complex scanners, this field may be
    #     a subroutine reference, and the whole n-tuple is passed to it as args.
    #  3. command arguments to be given to the scanner program;
    #     a substring {} will be replaced by the directory name to be scanned,
    #     i.e. "$tempdir/parts", a "*" will be replaced by file names of parts;
    #  4. an array ref of av scanner exit status values, or a regexp (to be
    #     matched against scanner output), indicating NO VIRUSES found;
    #  5. an array ref of av scanner exit status values, or a regexp (to be
    #     matched against scanner output), indicating VIRUSES WERE FOUND;
    #     Note: the virus match prevails over a 'not found' match, so it is safe
    #     even if the no. 4. matches for viruses too;
    #  6. a regexp (to be matched against scanner output), returning a list
    #     of virus names found.
    #  7. and 8.: (optional) subroutines to be executed before and after scanner
    #     (e.g. to set environment or current directory);
    #     see examples for these at KasperskyLab AVP and Sophos sweep.
    
    # NOTES:
    #
    # - NOT DEFINING @av_scanners (e.g. setting it to empty list, or deleting the
    #   whole assignment) TURNS OFF LOADING AND COMPILING OF THE ANTIVIRUS CODE
    #   (which can be handy if all you want to do is spam scanning);
    #
    # - the order matters: although _all_ available entries from the list are
    #   always tried regardless of their verdict, scanners are run in the order
    #   specified: the report from the first one detecting a virus will be used
    #   (providing virus names and scanner output); REARRANGE THE ORDER TO WILL;
    #
    # - it doesn't hurt to keep an unused command line scanner entry in the list
    #   if the program can not be found; the path search is only performed once
    #   during the program startup;
    #
    #   COROLLARY: to disable a scanner that _does_ exist on your system,
    #   comment out its entry or use undef or '' as its program name/path
    #   (second parameter). An example where this is almost a must: disable
    #   Sophos 'sweep' if you have its daemonized version Sophie or SAVI-Perl
    #   (same for Trophie/vscan, and clamd/clamscan), or if another unrelated
    #   program happens to have a name matching one of the entries ('sweep'
    #   again comes to mind);
    #
    # - it DOES HURT to keep unwanted entries which use INTERNAL SUBROUTINES
    #   for interfacing (where the second parameter starts with \&).
    #   Keeping such entry and not having a corresponding virus scanner daemon
    #   causes an unnecessary connection attempt (which eventually times out,
    #   but it wastes precious time). For this reason the daemonized entries
    #   are commented in the distribution - just remove the '#' where needed.
    #
    # CERT list of av resources: http://www.cert.org/other_sources/viruses.html
    
    @av_scanners = (
    
    # ### http://www.vanja.com/tools/sophie/
    # ['Sophie',
    #   \_daemon, ["{}/\n", '/var/run/sophie'],
    #   qr/(?x)^ 0+ ( : | [\000\r\n]* $)/,  qr/(?x)^ 1 ( : | [\000\r\n]* $)/,
    #   qr/(?x)^ [-+]? \d+ : (.*?) [\000\r\n]* $/ ],
    
    # ### http://www.csupomona.edu/~henson/www/projects/SAVI-Perl/
    # ['Sophos SAVI', \_savi ],
    
    ### http://www.clamav.net/
    ['Clam Antivirus-clamd',
      \_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd.ctl"],
      qr/\bOK$/, qr/\bFOUND$/,
      qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
    # NOTE: run clamd under the same user as amavisd;  match the socket
    # name (LocalSocket) in clamav.conf to the socket name in this entry
    # When running chrooted one may prefer: ["CONTSCAN {}\n","$MYHOME/clamd"],
    
    # ### http://www.openantivirus.org/
    # ['OpenAntiVirus ScannerDaemon (OAV)',
    #   \_daemon, ["SCAN {}\n", '127.0.0.1:8127'],
    #   qr/^OK/, qr/^FOUND: /, qr/^FOUND: (.+)/ ],
    
    # ### http://www.vanja.com/tools/trophie/
    # ['Trophie',
    #   \_daemon, ["{}/\n", '/var/run/trophie'],
    #   qr/(?x)^ 0+ ( : | [\000\r\n]* $)/,  qr/(?x)^ 1 ( : | [\000\r\n]* $)/,
    #   qr/(?x)^ [-+]? \d+ : (.*?) [\000\r\n]* $/ ],
    
    # ### http://www.grisoft.com/
    # ['AVG Anti-Virus',
    #   \_daemon, ["SCAN {}\n", '127.0.0.1:55555'],
    #   qr/^200/, qr/^403/, qr/^403 .*?: (.+)/ ],
    
    # ### http://www.f-prot.com/
    # ['FRISK F-Prot Daemon',
    #   \_daemon,
    #   ["GET {}/*?-dumb%20-archive%20-packed HTTP/1.0\r\n\r\n",
    #     ['127.0.0.1:10200','127.0.0.1:10201','127.0.0.1:10202',
    #      '127.0.0.1:10203','127.0.0.1:10204'] ],
    #   qr/(?i)^>]*>clean<\/summary>/,
    #   qr/(?i)^>]*>infected<\/summary>/,
    #   qr/(?i)(.+)<\/name>/ ],
    
      ['KasperskyLab AVP - aveclient',
        ['/usr/local/kav/bin/aveclient','/usr/local/share/kav/bin/aveclient',
         '/opt/kav/bin/aveclient','aveclient'],
        '-p /var/run/aveserver -s {}/*', [0,3,6,8], qr/\b(INFECTED|SUSPICION)\b/,
        qr/(?:INFECTED|SUSPICION) (.+)/,
      ],
    
      ['KasperskyLab AntiViral Toolkit Pro (AVP)', ['avp'],
        '-* -P -B -Y -O- {}', [0,8,16,24], [2,3,4,5,6, 18,19,20,21,22],
        qr/infected: (.+)/,
        sub {chdir('/opt/AVP') or die "Can't chdir to AVP: $!"},
        sub {chdir($TEMPBASE) or die "Can't chdir back to $TEMPBASE $!"},
      ],
    
      ### The kavdaemon and AVPDaemonClient have been removed from Kasperky
      ### products and replaced by aveserver and aveclient
      ['KasperskyLab AVPDaemonClient',
        [ '/opt/AVP/kavdaemon',       'kavdaemon',
          '/opt/AVP/AvpDaemonClient', 'AvpDaemonClient',
          '/opt/AVP/AvpTeamDream',    'AvpTeamDream',
          '/opt/AVP/avpdc', 'avpdc' ],
        "-f=$TEMPBASE {}", [0,8,16,24], [2,3,4,5,6, 18,19,20,21,22],
        qr/infected: ([^\r\n]+)/ ],
        # change the startup-script in /etc/init.d/kavd to:
        #   DPARMS="-* -Y -dl -f=/var/amavis /var/amavis"
        #   (or perhaps:   DPARMS="-I0 -Y -* /var/amavis" )
        # adjusting /var/amavis above to match your $TEMPBASE.
        # The '-f=/var/amavis' is needed if not running it as root, so it
        # can find, read, and write its pid file, etc., see 'man kavdaemon'.
        # defUnix.prf: there must be an entry "*/var/amavis" (or whatever
        #   directory $TEMPBASE specifies) in the 'Names=' section.
        # cd /opt/AVP/DaemonClients; configure; cd Sample; make
        # cp AvpDaemonClient /opt/AVP/
        # su - vscan -c "${PREFIX}/kavdaemon ${DPARMS}"
    
      ### http://www.hbedv.com/ or http://www.centralcommand.com/
      ['H+BEDV AntiVir or CentralCommand Vexira Antivirus',
        ['antivir','vexira'],
        '--allfiles -noboot -nombr -rs -s -z {}', [0], qr/ALERT:|VIRUS:/,
        qr/(?x)^\s* (?: ALERT: \s* (?: \[ | [^']* ' ) |
             (?i) VIRUS:\ .*?\ virus\ '?) ( [^\]\s']+ )/ ],
        # NOTE: if you only have a demo version, remove -z and add 214, as in:
        #  '--allfiles -noboot -nombr -rs -s {}', [0,214], qr/ALERT:|VIRUS:/,
    
      ### http://www.commandsoftware.com/
      ['Command AntiVirus for Linux', 'csav',
        '-all -archive -packed {}', [50], [51,52,53],
        qr/Infection: (.+)/ ],
    
      ### http://www.symantec.com/
      ['Symantec CarrierScan via Symantec CommandLineScanner',
        'cscmdline', '-a scan -i 1 -v -s 127.0.0.1:7777 {}',
        qr/^Files Infected:\s+0$/, qr/^Infected\b/,
        qr/^(?:Info|Virus Name):\s+(.+)/ ],
    
      ### http://www.symantec.com/
      ['Symantec AntiVirus Scan Engine',
        'savsecls', '-server 127.0.0.1:7777 -mode scanrepair -details -verbose {}',
        [0], qr/^Infected\b/,
        qr/^(?:Info|Virus Name):\s+(.+)/ ],
        # NOTE: check options and patterns to see which entry better applies
    
      ### http://www.sald.com/, http://drweb.imshop.de/
      ['drweb - DrWeb Antivirus',
        ['/usr/local/drweb/drweb', '/opt/drweb/drweb', 'drweb'],
        '-path={} -al -go -ot -cn -upn -ok-',
        [0,32], [1,33], qr' infected (?:with|by)(?: virus)? (.*)$'],
    
    # ### http://www.sald.com/, http://www.dials.ru/english/, http://www.drweb.ru/
    # ['DrWebD', \_daemon,   # DrWebD 4.31 or later
    #   [pack('N',1).  # DRWEBD_SCAN_CMD
    #    pack('N',0x00280001).   # DONT_CHANGEMAIL, IS_MAIL, RETURN_VIRUSES
    #    pack('N',     # path length
    #      length("$TEMPBASE/amavis-yyyymmddTHHMMSS-xxxxx/parts/part-xxxxx")).
    #    '{}/*'.       # path
    #    pack('N',0).  # content size
    #    pack('N',0),
    #    '/var/drweb/run/drwebd.sock',
    #  # '/var/amavis/var/run/drwebd.sock',   # suitable for chroot
    #  # '/usr/local/drweb/run/drwebd.sock',  # FreeBSD drweb ports default
    #  # '127.0.0.1:3000',                    # or over an inet socket
    #   ],
    #   qr/\A\x00(\x10|\x11)\x00\x00/s,              # IS_CLEAN, EVAL_KEY
    #   qr/\A\x00(\x00|\x01)\x00(\x20|\x40|\x80)/s,  # KNOWN_V, UNKNOWN_V, V._MODIF
    #   qr/\A.{12}(?:infected with )?([^\x00]+)\x00/s,
    # ],
    # # NOTE: If you are using amavis-milter, change length to:
    # # length("$TEMPBASE/amavis-milter-xxxxxxxxxxxxxx/parts/part-xxxxx").
    
      ### http://www.f-secure.com/products/anti-virus/
      ['F-Secure Antivirus', 'fsav',
       '--dumb --mime --archive {}', [0], [3,8],
       qr/(?:infection|Infected|Suspected): (.+)/ ],
    
      ['CAI InoculateIT', 'inocucmd',
        '-sec -nex {}', [0], [100],
        qr/was infected by virus (.+)/ ],
    
      ['MkS_Vir for Linux (beta)', ['mks32','mks'],
        '-s {}/*', [0], [1,2],    # any use for options: -a -c  ?
        qr/--[ \t]*(.+)/ ], 
    
      ### http://www.nod32.com/
      ['ESET Software NOD32', 'nod32',
        '-all -subdir+ {}', [0], [1,2],
        qr/^.+? - (.+?)\s*(?:backdoor|joke|trojan|virus|worm)/ ],
    
      ### http://www.nod32.com/
      ['ESET Software NOD32 - Client/Server Version', 'nod32cli',
        '-a -r -d recurse --heur standard {}', [0], [10,11],
        qr/^\S+\s+infected:\s+(.+)/ ],
    
      ### http://www.norman.com/products_nvc.shtml
      ['Norman Virus Control v5 / Linux', 'nvcc',
        '-c -l:0 -s -u {}', [0], [1],
        qr/(?i).* virus in .* -> \'(.+)\'/ ],
    
      ### http://www.pandasoftware.com/
      ['Panda Antivirus for Linux', ['pavcl'],
        '-aut -aex -heu -cmp -nbr -nor -nso -eng {}',
        qr/Number of files infected[ .]*: 0(?!\d)/,
        qr/Number of files infected[ .]*: 0*[1-9]/,
        qr/Found virus :\s*(\S+)/ ],
    
    # GeCAD AV technology is acquired by Microsoft; RAV has been discontinued.
    # Check your RAV license terms before fiddling with the following two lines!
    # ['GeCAD RAV AntiVirus 8', 'ravav',
    #   '--all --archive --mail {}', [1], [2,3,4,5], qr/Infected: (.+)/ ],
    # # NOTE: the command line switches changed with scan engine 8.5 !
    # # (btw, assigning stdin to /dev/null causes RAV to fail)
    
      ### http://www.nai.com/
      ['NAI McAfee AntiVirus (uvscan)', 'uvscan',
        '--secure -rv --mime --summary --noboot - {}', [0], [13],
        qr/(?x) Found (?:
            \ the\ (.+)\ (?:virus|trojan)  |
            \ (?:virus|trojan)\ or\ variant\ ([^ ]+)  |
            :\ (.+)\ NOT\ a\ virus)/,
      # sub {$ENV{LD_PRELOAD}='/lib/libc.so.6'},
      # sub {delete $ENV{LD_PRELOAD}},
      ],
      # NOTE1: with RH9: force the dynamic linker to look at /lib/libc.so.6 before
      # anything else by setting environment variable LD_PRELOAD=/lib/libc.so.6
      # and then clear it when finished to avoid confusing anything else.
      # NOTE2: to treat encrypted files as viruses replace the [13] with:
      #  qr/^\s{5,}(Found|is password-protected|.*(virus|trojan))/
    
      ### http://www.virusbuster.hu/en/
      ['VirusBuster', ['vbuster', 'vbengcl'],
        # VirusBuster Ltd. does not support the daemon version for the workstation 
        # engine (vbuster-eng-1.12-linux-i386-libc6.tgz) any longer. The names of
        # binaries, some parameters AND return codes (from 3 to 1) changed.
        "{} -ss -i '*' -log=$MYHOME/vbuster.log", [0], [1],
        qr/: '(.*)' - Virus/ ],
    
    # ### http://www.virusbuster.hu/en/
    # ['VirusBuster (Client + Daemon)', 'vbengd',
    #   # HINT: for an infected file it returns always 3,
    #   # although the man-page tells a different story
    #   '-f -log scandir {}', [0], [3],
    #   qr/Virus found = (.*);/ ],
    
      ### http://www.cyber.com/
      ['CyberSoft VFind', 'vfind',
        '--vexit {}/*', [0], [23], qr/##==>>>> VIRUS ID: CVDL (.+)/,
      # sub {$ENV{VSTK_HOME}='/usr/lib/vstk'},
      ],
    
      ### http://www.ikarus-software.com/
      ['Ikarus AntiVirus for Linux', 'ikarus',
        '{}', [0], [40], qr/Signature (.+) found/ ],
    
      ### http://www.bitdefender.com/
      ['BitDefender', 'bdc',
        '--all --arc --mail {}', qr/^Infected files *:0(?!\d)/,
        qr/^(?:Infected files|Identified viruses|Suspect files) *:0*[1-9]/,
        qr/(?:suspected|infected): (.*)(?:\033|$)/ ],
    );
    
    # If no virus scanners from the @av_scanners list produce 'clean' nor
    # 'infected' status (e.g. they all fail to run or the list is empty),
    # then _all_ scanners from the @av_scanners_backup list are tried.
    # When there are both daemonized and command-line scanners available,
    # it is customary to place slower command-line scanners in the
    # @av_scanners_backup list. The default choice is somewhat arbitrary,
    # move entries from one list to another as desired.
    
    @av_scanners_backup = (
    
      ### http://www.clamav.net/
      ['Clam Antivirus - clamscan', 'clamscan',
        "--stdout --no-summary -r --tempdir=$TEMPBASE {}", [0], [1],
        qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
    
      ### http://www.f-prot.com/
      ['FRISK F-Prot Antivirus', ['f-prot','f-prot.sh'],
        '-dumb -archive -packed {}', [0,8], [3,6],
        qr/Infection: (.+)/ ],
    
      ### http://www.trendmicro.com/
      ['Trend Micro FileScanner', ['/etc/iscan/vscan','vscan'],
        '-za -a {}', [0], qr/Found virus/, qr/Found virus (.+) in/ ],
    
      ['KasperskyLab kavscanner', ['/opt/kav/bin/kavscanner','kavscanner'],
        '-i1 -xp {}', [0,10,15], [5,20,21,25],
        qr/(?:CURED|INFECTED|CUREFAILED|WARNING|SUSPICION) (.*)/ ,
        sub {chdir('/opt/kav/bin') or die "Can't chdir to kav: $!"},
        sub {chdir($TEMPBASE) or die "Can't chdir back to $TEMPBASE $!"},
      ],
    
    # Commented out because the name 'sweep' clashes with the Debian package of
    # the same name. Make sure the correct sweep is found in the path when enabling
    #
    # ### http://www.sophos.com/
    # ['Sophos Anti Virus (sweep)', 'sweep',
    #   '-nb -f -all -rec -ss -sc -archive -cab -tnef --no-reset-atime {}',
    #   [0,2], qr/Virus .*? found/,
    #   qr/^>>> Virus(?: fragment)? '?(.*?)'? found/,
    # ],
    # # other options to consider: -mime -oe -idedir=/usr/local/sav
    
    # always succeeds (uncomment to consider mail clean if all other scanners fail)
    # ['always-clean', sub {0}],
    
    );
    
    
    #
    # Section VIII - Debugging
    #
    
    # The most useful debugging tool is to run amavisd-new non-detached
    # from a terminal window:
    # amavisd debug
    
    # Some more refined approaches:
    
    # If sender matches ACL, turn log level fully up, just for this one message,
    # and preserve temporary directory
    #@debug_sender_acl = ( "test-sender\@$mydomain" );
    #@debug_sender_acl = qw( [email protected] );
    
    # May be useful along with @debug_sender_acl:
    # Prevent all decoded originals being deleted (replaced by decoded part)
    #$keep_decoded_original_re = new_RE( qr/.*/ );
    
    # Turn on SpamAssassin debugging (output to STDERR, use with 'amavisd debug')
    #$sa_debug = 1;            # defaults to false
    
    #-------------
    1;  # insure a defined return
    
    			
  4. clamav

    根据需要修改clamav.conf,freshclam.conf文件

    debian:~# cd /etc/clamav/
    debian:/etc/clamav# ls
    clamav.conf  freshclam.conf
    			
  5. spamassassin

    debian:~# cd /etc/spamassassin
    debian:/etc/spamassassin# vi /etc/default/spamassassin
    # /etc/default/spamd.conf
    # Duncan Findlay
    
    # WARNING read README.spamd before using.  THERE ARE SECURITY RISKS!
    
    # Change to one to enable spamd
    #ENABLED=0 
    ENABLED=1 #值改为大于"0"的数字
    
    # Options
    # See man spamd for possible options. The -d option is automatically added.
    OPTIONS="-c -m 10 -a -H"
    
    # Set nice level of spamd
    #NICE="--nicelevel 15"
    
    debian:/etc/spamassassin# /etc/init.d/spamassassin start
    Starting SpamAssassin spamd.
    debian:/etc/spamassassin# ps ax|grep spamd
    15487 ?        Ss     0:01 /usr/sbin/spamd -c -m 10 -a -H -d --pidfile=/var/run/spamd.pid
    debian:/etc/spamassassin#
    		
  6. reload

    debian:~# /etc/init.d/postfix reload
    debian:~# /etc/init.d/amavis reload