# spamassassin and amavisd new

## gab74

i've successfully installed amavisd-new on my gentoo running postfix and clamav

Now i want to enable spamassassin from amavisd

when i start amavisd in the log i find 

ANTI SPAM CODE NOT LOADED and i do not find the Mail::SpamAssassin module

How can install this module to enable spamassassin from amavisd

Thanks ! Gabriele

----------

## langthang

check that you don't have

```
@bypass_spam_checks_maps = (1);
```

 in /etc/amavisd.conf. You should read through that configure file.

----------

## magic919

Use CPAN.  Run install Mail::SpamAssassin.

----------

## gab74

ok i've installed mail::spamassasin module,

then i've to unistall and reinstall  amavisd  to enable the module using emerge ?

----------

## magic919

Okay.  Amavisd-new generally grabs and uses any resource it finds available.  Running amavisd debug will show you what it finds.  If it is still not using SpamAssassin (SA) then you'll need to work through that horrid amavisd conf file.  It's a huge thing and stacks of comments.  There are a couple of references to allowing SA if I recall correctly.

----------

## gab74

on amavisd.conf there are little settings for spamassassin..and all is enabled to use spamassassin

now i've installed MAIL::SPAMASSASSIN module but 

when i start amavisd it say

NO SPAM CODE LOADED and there is no reference to Mail::spamassassin module.......

----------

## magic919

Can you post output to amavisd debug?

----------

## gab74

OK ! Thank YOU VERY MUCH for your help

this is the 

AMAVISD.CONF

[code]

use strict;

# Sample configuration file for amavisd-new (traditional style, chatty,

# you may prefer to start with the more concise supplied amavisd.conf)

#

# See amavisd.conf-default for a list of all variables with their defaults;

# for more details see documentation in INSTALL, README_FILES/*

# and at http://www.ijs.si/software/amavisd/amavisd-new-docs.html

# This software is licensed under the GNU General Public License (GPL).

# See comments at the start of amavisd-new for the whole license text.

#Sections:

# Section I    - Essential daemon and MTA settings

# Section II   - MTA specific

# Section III  - Logging

# Section IV   - Notifications/DSN, bounce/reject/discard/pass, quarantine

# Section V    - Per-recipient and per-sender handling, whitelisting, etc.

# Section VI   - Resource limits

# Section VII  - External programs, virus scanners, SpamAssassin

# Section VIII - Debugging

# Section IX   - Policy banks (dynamic policy switching)

#GENERAL NOTES:

#  This file is a normal Perl code, interpreted by Perl itself.

#  - make sure this file (or directory where it resides) is NOT WRITABLE

#    by mere mortals (not even vscan/amavis; best to make it owned by root),

#    otherwise it can represent a severe security risk!

#  - for values which are interpreted as booleans, it is recommended

#    to use 1 for true, and 0 or undef or '' for false.

#    THIS IS DIFFERENT FROM OLD AMAVIS VERSIONS where "no" also meant false,

#    now it means true, like any nonempty string does!

#  - Perl syntax applies. Most notably: strings in "" may include variables

#    (which start with $ or @); to include characters $ and @ and \ in double

#    quoted strings precede them by a backslash; in single-quoted strings

#    the $ and @ lose their special meaning, so it is usually easier to use

#    single quoted strings (or qw operator) for e-mail addresses.

#    In both types of quoting a backslash should to be doubled.

#  - variables with names starting with a '@' are lists, the values assigned

#    to them should be lists too, e.g. ('one@foo', $mydomain, "three");

#    note the comma-separation and parenthesis. If strings in the list

#    do not contain spaces nor variables, a Perl operator qw() may be used

#    as a shorthand to split its argument on whitespace and produce a list

#    of strings, e.g. qw( one@foo example.com three );  Note that the argument

#    to qw is quoted implicitly and no variable interpretation is done within

#    (no '$' variable evaluations). The #-initiated comments can NOT be used

#    within a string. In other words, $ and # lose their special meaning

#    within a qw argument, just like within '...' strings.

#  - all e-mail addresses in this file and as used internally by the daemon

#    are in their raw (rfc2821-unquoted and non-bracketed) form, i.e.

#    Bob "Funny" Dude@example.com, not: "Bob \"Funny\" Dude"@example.com

#    and not <"Bob \"Funny\" Dude"@example.com>; also: '' and not '<>'.

#  - the term 'default value' in examples below refers to the value of a

#    variable pre-assigned to it by the program; any explicit assignment

#    to a variable in this configuration file overrides the default value;

#

# Section I - Essential daemon and MTA settings

#

# $MYHOME serves as a quick default for some other configuration settings.

# More refined control is available with each individual setting further down.

# $MYHOME is not used directly by the program. No trailing slash!

$MYHOME = '/var/amavis';   # (default is '/var/amavis')

# $mydomain serves as a quick default for some other configuration settings.

# More refined control is available with each individual setting further down.

# $mydomain is never used directly by the program.

$mydomain = 'figoli.it';      # (no useful default)

# $myhostname = 'host.example.com';  # fqdn of this host, default by uname(3)

# Set the user and group to which the daemon will change if started as root

# (otherwise just keeps the UID unchanged, and these settings have no effect):

$daemon_user  = 'clamav';   # (no default;  customary: vscan or amavis)

$daemon_group = 'clamav';   # (no default;  customary: vscan or amavis or sweep)

# Runtime working directory (cwd), and a place where

# temporary directories for unpacking mail are created.

# (no trailing slash, may be a scratch file system)

#$TEMPBASE = $MYHOME;	        # (must be set if other config vars use is)

$TEMPBASE = "$MYHOME/tmp";      # prefer to keep home dir /var/amavis clean?

$db_home = "$MYHOME/db";	# DB databases directory, default "$MYHOME/db"

# $helpers_home sets environment variable HOME, and is passed as option

# 'home_dir_for_helpers' to Mail::SpamAssassin::new. It should be a directory

# on a normal persistent file system, not a scratch or temporary file system

$helpers_home = $MYHOME;	# (defaults to $MYHOME)

# Run the daemon in the specified chroot jail if nonempty:

#$daemon_chroot_dir = $MYHOME;  # (default is undef, meaning: do not chroot)

#$pid_file  = "$MYHOME/amavisd.pid";  # (default is "$MYHOME/amavisd.pid")

#$lock_file = "$MYHOME/amavisd.lock"; # (default is "$MYHOME/amavisd.lock")

# set environment variables if you want (no defaults):

$ENV{TMPDIR} = $TEMPBASE;       # wise to set TMPDIR, but not obligatory

#...

$enable_db = 1;              # enable use of BerkeleyDB/libdb (SNMP and nanny)

$enable_global_cache = 1;    # enable use of libdb-based cache if $enable_db=1

# MTA SETTINGS, UNCOMMENT AS APPROPRIATE,

# both $forward_method and $notify_method default to 'smtp:[127.0.0.1]:10025'

# POSTFIX, or SENDMAIL in dual-MTA setup, or EXIM V4

# (set host and port number as required; host can be specified

# as an IP address or a DNS name (A or CNAME, but MX is ignored)

$forward_method = 'smtp:[127.0.0.1]:10026';  # where to forward checked mail

#$notify_method = $forward_method;            # where to submit notifications

$notify_method = 'smtp:[127.0.0.1]:10026';  # where to submit notification

# To make it possible for several hosts to share one content checking daemon,

# the IP address and/or the port number in $forward_method and $notify_method

# may be spacified as an asterisk. An asterisk in the colon-separated

# second field (host) will be replaced by the SMTP client peer address,

# An asterisk in the third field (tcp port) will be replaced by the incoming

# SMTP/LMTP session port number plus one. This obsoletes the previously used

# less flexible configuration parameter $relayhost_is_client. An example:

#   $forward_method = 'smtp:*:*'; $notify_method = 'smtp:*:10587';

# NOTE: The defaults (above) are good for Postfix or dual-sendmail. You MUST

#       uncomment the appropriate settings below if using other setups!

# SENDMAIL MILTER, using amavis-milter.c helper program:

#$forward_method = undef;  # no explicit forwarding, sendmail does it by itself

# milter; option -odd is needed to avoid deadlocks

#$notify_method = 'pipe:flags=q argv=/usr/sbin/sendmail -Ac -i -odd -f ${sender} -- ${recipient}';

# just a thought: can we use use -Am instead of -odd ?

# SENDMAIL (old non-milter setup, as relay, deprecated):

#$forward_method = 'pipe:flags=q argv=/usr/sbin/sendmail -C/etc/sendmail.orig.cf -i -f ${sender} -- ${recipient}';

#$notify_method = $forward_method;

# SENDMAIL (old non-milter setup, amavis.c calls local delivery agent, deprecated):

#$forward_method = undef;  # no explicit forwarding, amavis.c will call LDA

#$notify_method = 'pipe:flags=q argv=/usr/sbin/sendmail -Ac -i -f ${sender} -- ${recipient}';

# EXIM v3 (not recommended with v4 or later, which can use SMTP setup instead):

#$forward_method = 'pipe:flags=q argv=/usr/sbin/exim -oMr scanned-ok -i -f ${sender} -- ${recipient}';

#$notify_method = $forward_method;

# prefer to collect mail for forwarding as BSMTP files?

#$forward_method = "bsmtp:$MYHOME/out-%i-%n.bsmtp";

#$notify_method = $forward_method;

# Net::Server pre-forking settings

# The $max_servers should match the width of your MTA pipe

# feeding amavisd, e.g. with Postfix the 'Max procs' field in the

# master.cf file, like the '2' in the:  smtp-amavis unix - - n - 2 smtp

#

$max_servers  =  4;   # number of pre-forked children          (default 2)

$max_requests = 20;   # retire a child after that many accepts (default 10)

$child_timeout=5*60;  # abort child if it does not complete each task in

                      # approximately n sec (default: 8*60 seconds)

# Here is a QUICK WAY to completely DISABLE some sections of code

# that WE DO NOT WANT (it won't even be compiled-in).

# For more refined controls leave the following two lines commented out,

# and see further down what these two lookup lists really mean.

#

# @bypass_virus_checks_maps = (1);  # uncomment to DISABLE anti-virus code

# @bypass_spam_checks_maps = (1);  # uncomment to DISABLE anti-spam code

#

# Any setting can be changed with a new assignment, so make sure

# you do not unintentionally override these settings further down!

# Check also the settings of @av_scanners at the end if you want to use

# virus scanners. If not, you may want to delete the whole long assignment

# to the variable @av_scanners and @av_scanners_backup, which will also

# remove the virus checking code (e.g. if you only want to do spam scanning).

# Lookup list of local domains (see README.lookups for syntax details)

#

# @local_domains_maps list of lookup tables are used in deciding whether a

# recipient is local or not, or in other words, if the message is outgoing

# or not. This affects inserting spam-related headers for local recipients,

# limiting recipient virus notifications (if enabled) to local recipients,

# in deciding if address extension may be appended, and in SQL lookups

# for non-fqdn addresses. Set it up correctly if you need features

# that rely on this setting (or just leave empty otherwise).

#

# With Postfix (2.0) a quick hint on what local domains normally are:

# a union of domains specified in: mydestination, virtual_alias_domains,

# virtual_mailbox_domains, and relay_domains.

@local_domains_maps = ( [".$mydomain"] );  # $mydomain and its subdomains

# @local_domains_maps = (); # default is empty list, no recip. considered local

# @local_domains_maps =  # using ACL lookup table

#   ( [ ".$mydomain", 'sub.example.net', '.example.com' ] );

# @local_domains_maps =  # similar, split list elements on whitespace

#   ( [qw( .example.com !host.sub.example.net .sub.example.net )] );

# @local_domains_maps = ( new_RE( qr'[@.]example\.com$'i ) );   # using regexp

# @local_domains_maps = ( read_hash("$MYHOME/local_domains") ); # using hash

#   perhaps combined with Postfix: mydestination = /var/amavis/local_domains

# for debugging purposes: dump_hash($local_domains_maps[0]);

#

# Section II - MTA specific (defaults should be ok)

#

#$insert_received_line = 1;       # behave like MTA: insert 'Received:' header

			          # (does not apply to sendmail/milter)

			          # (default is true)

# AMAVIS-CLIENT PROTOCOL INPUT SETTINGS (e.g. with sendmail milter)

#   (used with amavis helper clients like amavis-milter.c and amavis.c,

#   NOT needed for Postfix or Exim or dual-sendmail - keep it undefined.

$unix_socketname = "$MYHOME/amavisd.sock"; # amavis helper protocol socket

#$unix_socketname = undef;        # disable listening on a unix socket

                                  # (default is undef, i.e. disabled)

                                  # (usual setting is $MYHOME/amavisd.sock)

# SMTP SERVER (INPUT) PROTOCOL SETTINGS (e.g. with Postfix, Exim v4, ...)

#   (used when MTA is configured to pass mail to amavisd via SMTP or LMTP)

$inet_socket_port = 10024;        # accept SMTP on this local TCP port

                                  # (default is undef, i.e. disabled)

# multiple ports may be provided: $inet_socket_port = [10024, 10026, 10028];

# SMTP SERVER (INPUT) access control

# - do not allow free access to the amavisd SMTP port !!!

#

# when MTA is at the same host, use the following (one or the other or both):

#$inet_socket_bind = '127.0.0.1'; # limit socket bind to loopback interface

                                  # (default is '127.0.0.1')

@inet_acl = qw(127.0.0.1 [::1]);  # allow SMTP access only from localhost IP

                                  # (default is qw(127.0.0.1 [::1]) )

# when MTA (one or more) is on a different host, use the following:

#@inet_acl = qw(127.0.0.0/8 [::1] 10.1.0.1 10.1.0.2);  # adjust list as needed

#$inet_socket_bind = undef;       # bind to all IP interfaces if undef

#

# Example1:

# @inet_acl = qw( 127/8 10/8 172.16/12 192.168/16 );

# permit only SMTP access from loopback and rfc1918 private address space

#

# Example2:

# @inet_acl = qw( !192.168.1.12 172.16.3.3 !172.16.3/255.255.255.0

#		  127.0.0.1 10/8 172.16/12 192.168/16 );

# matches loopback and rfc1918 private address space except host 192.168.1.12

# and net 172.16.3/24 (but host 172.16.3.3 within 172.16.3/24 still matches)

#

# Example3:

# @inet_acl = qw( 127/8

#		  !172.16.3.0   !172.16.3.127 172.16.3.0/25

#		  !172.16.3.128 !172.16.3.255 172.16.3.128/25 );

# matches loopback and both halves of the 172.16.3/24 C-class,

# split into two subnets, except all four broadcast addresses

# for these subnets

# @mynetworks is an IP access list which determines if the original SMTP client

# IP address belongs to our internal networks, i.e. mail is coming from inside.

# It is much like the Postfix parameter 'mynetworks' in semantics and similar

# in syntax, and its value should normally match the Postfix counterpart.

# It only affects the value of a macro %l (=sender-is-local),

# and the loading of policy 'MYNETS' if present (see below).

# Note that '-o smtp_send_xforward_command=yes' (or its lmtp counterpart)

# must be enabled in the Postfix service that feeds amavisd, otherwise

# client IP address is not available to amavisd-new.

#

# @mynetworks = qw( 127.0.0.0/8 [::1] [FE80::]/10 [FEC0::]/10

#                   10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 );  # default

#

# A list of networks can also be read from a file, either as an IP acl in

# CIDR notation, one address per line (comments and empty lines are allowed):

#   @mynetworks_maps = (read_array('/etc/amavisd-mynetworks'), \@mynetworks);

#

# or less flexibly (but provides faster lookups for large lists) by reading

# into a hash lookup table, which only allows for full addresses or classful

# IPv4 subnets with truncated octets, such as 127, 10, 192.168, 10.11.12.13,

# one address per line (comments and empty lines are allowed):

#   @mynetworks_maps = (read_hash('/etc/amavisd-mynetworks'), \@mynetworks);

# See README.lookups for details on specifying access control lists.

#

# Section III - Logging

#

# true (e.g. 1) => syslog;  false (e.g. 0) => logging to file

$DO_SYSLOG = 0;                   # (defaults to 0)

#$SYSLOG_LEVEL = 'user.info';     # (facility.priority, default 'mail.info')

# Log file (if not using syslog)

$LOGFILE = "$MYHOME/amavis.log";  # (defaults to empty, no log)

#NOTE: levels are not strictly observed and are somewhat arbitrary

# 0: startup/exit/failure messages, viruses detected

# 1: args passed from client, some more interesting messages

# 2: virus scanner output, timing

# 3: server, client

# 4: decompose parts

# 5: more debug details

$log_level = 0;		  # (defaults to 0)

# Customizable template for the most interesting log file entry (e.g. with

# $log_level=0) (take care to properly quote Perl special characters like '\')

# For a list of available macros see README.customize .

# $log_templ = undef;      # undef disables by-message level-0 log entries

$log_recip_templ = undef;  # undef disables by-recipient level-0 log entries

# log both infected and noninfected messages (new default):

# (remove the leading '#' and a space in the following lines to activate)

# $log_templ = '

# [?%#D|#|Passed #

# [? [?%#V|1] |INFECTED (%V)|#

# [? [?%#F|1] |BANNED (%F)|#

# [? [? %2|1] |SPAM|#

# [? [?%#X|1] |BAD-HEADER|CLEAN]]]]#

# , [? %p ||%p ][?%a||[?%l||LOCAL ]\[%a\] ][?%e||\[%e\] ]<%o> -> [%D|,]#

# [? %q ||, quarantine: %q]#

# [? %Q ||, Queue-ID: %Q]#

# [? %m ||, Message-ID: %m]#

# [? %r ||, Resent-Message-ID: %r]#

# , mail_id: %i#

# , Hits: %c#

# #, size: %z#

# #[? %j ||, Subject: "%j"]#

# #[? %#T ||, Tests: \[[%T|,]]\]#

# , %y ms#

# ]

# [?%#O|#|Blocked #

# [? [?%#V|1] |INFECTED (%V)|#

# [? [?%#F|1] |BANNED (%F)|#

# [? [? %2|1] |SPAM|#

# [? [?%#X|1] |BAD-HEADER|CLEAN]]]]#

# , [? %p ||%p ][?%a||[?%l||LOCAL ]\[%a\] ][?%e||\[%e\] ]<%o> -> [%O|,]#

# [? %q ||, quarantine: %q]#

# [? %Q ||, Queue-ID: %Q]#

# [? %m ||, Message-ID: %m]#

# [? %r ||, Resent-Message-ID: %r]#

# , mail_id: %i#

# , Hits: %c#

# #, size: %z#

# #[? %j ||, Subject: "%j"]#

# #[? %#T ||, Tests: \[[%T|,]]\]#

# , %y ms#

# ]';

# log template compatible with amavisd-new-20030616-p10:

# $log_recip_templ = undef;

# $log_templ = '

# [? %#V |[? %#F |[?%#D|Not-Delivered|Passed]|BANNED name/type (%F)]|INFECTED (%V)], #

# <%o> -> [<%R>|,][? %q ||, quarantine %q], Message-ID: %m, Hits: %c';

#

# Section IV - Notifications/DSN, bounce/reject/discard/pass, quarantine

#

# Select notifications text encoding when Unicode-aware Perl is converting

# text from internal character representation to external encoding (charset

# in MIME terminology). Used as argument to Perl Encode::encode subroutine.

#

#   to be used in RFC 2047-encoded header field bodies, e.g. in Subject:

#$hdr_encoding = 'iso-8859-1';  # MIME charset (default: 'iso-8859-1')

#$hdr_encoding_qb = 'Q';        # MIME encoding: quoted-printable (default)

#$hdr_encoding_qb = 'B';        # MIME encoding: base64

#

#   to be used in notification body text: its encoding and Content-type.charset

#$bdy_encoding = 'iso-8859-1';  # (default: 'iso-8859-1')

# Default template texts for notifications may be overruled by directly

# assigning new text to template variables, or by reading template text

# from files. A second argument may be specified in a call to read_text(),

# specifying character encoding layer to be used when reading from the

# external file, e.g. 'utf8', 'iso-8859-1', or often just $bdy_encoding.

# Text will be converted to internal character representation by Perl 5.8.0

# or later; second argument is ignored otherwise. See PerlIO::encoding,

# Encode::PerlIO and perluniintro man pages.

#

# $notify_sender_templ      = read_text("$MYHOME/notify_sender.txt");

# $notify_virus_sender_templ= read_text("$MYHOME/notify_virus_sender.txt");

# $notify_virus_admin_templ = read_text("$MYHOME/notify_virus_admin.txt");

# $notify_virus_recips_templ= read_text("$MYHOME/notify_virus_recips.txt");

# $notify_spam_sender_templ = read_text("$MYHOME/notify_spam_sender.txt");

# $notify_spam_admin_templ  = read_text("$MYHOME/notify_spam_admin.txt");

# If notification template files are collectively available in some directory,

# one may call read_l10n_templates which invokes read_text for each known

# template. This is primarily a Debian-specific feature, but was incorporated

# into base code to facilitate porting.

#

#   read_l10n_templates('/etc/amavis/en_US');

#

# If read_l10n_templates is called, a localization template directory must

# contain the following files:

#   charset                       this file should contain a one-line name

#                                 of the character set used in the template

#                                 files (e.g. utf8, iso-8859-2, ...) and is

#                                 passed as the second argument to read_text;

#   template-dsn.txt              content fills the $notify_sender_templ

#   template-virus-sender.txt     content fills the $notify_virus_sender_templ

#   template-virus-admin.txt      content fills the $notify_virus_admin_templ

#   template-virus-recipient.txt  content fills the $notify_virus_recips_templ

#   template-spam-sender.txt      content fills the $notify_spam_sender_templ

#   template-spam-admin.txt       content fills the $notify_spam_admin_templ

# Here is an overall picture (sequence of events) of how pieces fit together

#

#   bypass_virus_checks set for all recipients? ==> PASS

#   no viruses?   ==> PASS

#   log virus     if $log_templ is nonempty

#   quarantine    if $virus_quarantine_to is nonempty

#   notify admin  if $virus_admin (lookup) nonempty

#   notify recips if $warnvirusrecip and (recipient is local or $warn_offsite)

#   add address extensions for local recipients (when enabled)

#   send (non-)delivery notifications

#      to sender if DSN needed (BOUNCE or ($warnvirussender and D_PASS))

#   virus_lovers or final_destiny==D_PASS  ==> PASS

#   DISCARD (2xx) or REJECT (5xx) (depending on final_*_destiny)

#

# Equivalent flow diagram applies for spam checks.

# If a virus is detected, spam checking is skipped entirely.

# The following symbolic constants can be used in *_destiny settings:

#

# D_PASS     mail will pass to recipients, regardless of bad contents;

#

# D_DISCARD  mail will not be delivered to its recipients, sender will NOT be

#            notified. Effectively we lose mail (but will be quarantined

#            unless disabled). Losing mail is not decent for a mailer,

#            but might be desired.

#

# D_BOUNCE   mail will not be delivered to its recipients, a non-delivery

#            notification (bounce) will be sent to the sender by amavisd-new;

#            Exception: bounce (DSN) will not be sent if a virus name matches

#            $viruses_that_fake_sender_re, or to messages from mailing lists

#            (Precedence: bulk|list|junk), or for spam level that exceeds

#            the $sa_dsn_cutoff_level.

#

# D_REJECT   mail will not be delivered to its recipients, sender should

#            preferably get a reject, e.g. SMTP permanent reject response

#            (e.g. with milter), or non-delivery notification from MTA

#            (e.g. Postfix). If this is not possible (e.g. different recipients

#            have different tolerances to bad mail contents and not using LMTP)

#            amavisd-new sends a bounce by itself (same as D_BOUNCE).

#            Not to be used with Postfix or dual-MTA setups!

#

# Notes:

#   D_REJECT and D_BOUNCE are similar, the difference is in who is responsible

#            for informing the sender about non-delivery, and how informative

#            the notification can be (amavisd-new knows more than MTA);

#   With D_REJECT, MTA may reject original SMTP, or send DSN (delivery status

#            notification, colloquially called 'bounce') - depending on MTA;

#            Best suited for sendmail milter, especially for spam.

#   With D_BOUNCE, amavisd-new (not MTA) sends DSN (can better explain the

#            reason for mail non-delivery or even suppress DSN, but unable

#            to reject the original SMTP session). Best suited to reporting

#            viruses, and for Postfix and other dual-MTA setups, which can't

#            reject original client SMTP session, as the mail has already

#            been enqueued.

########

#

# Please think about what you are doing when you set these options.

# If necessary, question your origanization's e-mail policies:

#

# D_BOUNCE contributes to the overall spread of virii and spam on the

# internet. Both the envelope and header from addresses can be forged

# accurately with no effort.

# 

# D_DISCARD breaks internet mail specifications. However, with a

# properly implemented Quaratine system, the concern for breaking the

# specification is addressed to some extent.

#

# D_PASS is the safest way to handle e-mails. You must implement

# client-side filtering to handle this method.

#

# -Cory Visi <merlin@gentoo.org> 07/28/04

#

#######

$final_virus_destiny      = D_DISCARD;  # (defaults to D_DISCARD)

$final_banned_destiny     = D_DISCARD;  # (defaults to D_BOUNCE)

$final_spam_destiny       = D_DISCARD;  # (defaults to D_BOUNCE)

$final_bad_header_destiny = D_PASS;  # (defaults to D_PASS), D_BOUNCE suggested

# Alternatives to consider for spam:

# - use D_PASS if clients will do filtering based on inserted

#   mail headers or added address extensions ('plus-addressing');

# - use D_DISCARD, if kill_level is set comfortably high;

#

# D_BOUNCE is preferred for viruses, but consider:

# - use D_PASS (or virus_lovers) to deliver viruses;

# - use D_REJECT instead of D_BOUNCE if using milter and under heavy

#   virus storm;

#

# Don't bother to set both D_DISCARD and $warn*sender=1, it will get mapped

# to D_BOUNCE.

#

# The separation of *_destiny values into D_BOUNCE, D_REJECT, D_DISCARD

# and D_PASS made settings $warnvirussender and $warnspamsender only still

# marginally useful with D_PASS.

# The following $warn*sender settings are ONLY used when mail is

# actually passed to recipients ($final_*_destiny=D_PASS, or *_lovers*).

# Bounces or rejects produce non-delivery status notification regardless.

# Notify virus sender?

#$warnvirussender = 1;	# (defaults to false (undef))

# Notify spam sender?

#$warnspamsender = 1;	# (defaults to false (undef))

# Notify sender of banned files?

#$warnbannedsender = 1;	# (defaults to false (undef))

# Notify sender of syntactically invalid header containing non-ASCII characters?

#$warnbadhsender = 1;	# (defaults to false (undef))

# Notify virus (or banned files or bad headers) RECIPIENT?

#  (not very useful, but some policies demand it)

#$warnvirusrecip = 1;	# (defaults to false (undef))

#$warnbannedrecip = 1;	# (defaults to false (undef))

#$warnbadhrecip = 1;	# (defaults to false (undef))

# Notify also non-local virus/banned recipients if $warn*recip is true?

#  (including those not matching local_domains*)

#$warn_offsite = 1;	# (defaults to false (undef), i.e. only notify locals)

# Treat envelope sender address as unreliable and don't send sender

# notification / bounces if name(s) of detected virus(es) match the list.

# Note that virus names are supplied by external virus scanner(s) and are

# not standardized, so virus names may need to be adjusted.

# See README.lookups for syntax, check also README.policy-on-notifications.

# If the intention is to treat all viruses as faking the sender address, it

# is equivalent but more efficient to just set $final_virus_destiny=D_DISCARD;

#

@viruses_that_fake_sender_maps = (new_RE(

  qr'nimda|hybris|klez|bugbear|yaha|braid|sobig|fizzer|palyh|peido|holar'i,

  qr'tanatos|lentin|bridex|mimail|trojan\.dropper|dumaru|parite|spaces'i,

  qr'dloader|galil|gibe|swen|netwatch|bics|sbrowse|sober|rox|val(hal)?la'i,

  qr'frethem|sircam|be?agle|tanx|mydoom|novarg|shimg|netsky|somefool|moodown'i,

  qr'@mm|@MM',    # mass mailing viruses as labeled by f-prot and uvscan

  qr'Worm'i,      # worms as labeled by ClamAV, Kaspersky, etc

# [qr'^(EICAR|Joke\.|Junk\.)'i         => 0],

# [qr'^(WM97|OF97|W95/CIH-|JS/Fort)'i  => 0],

  [qr/^/ => 1],   # true by default  (remove or comment-out if undesired)

));

# where to send ADMIN VIRUS NOTIFICATIONS (should be a fully qualified address)

# - the administrator envelope address may be a simple fixed e-mail address

#   (a scalar), or may depend on the RECIPIENT address (e.g. its domain).

#

#   Empty or undef lookup disables virus admin notifications.

$virus_admin = "virus\@$mydomain";

# $virus_admin = 'virus-admin@example.com';

# $virus_admin = undef;   # do not send virus admin notifications (default)

#

#@virus_admin_maps = (    # by-recipient maps

#  {'not.example.com' => '',

#   '.' => 'virusalert@example.com'},

#  $virus_admin,   # the usual default

#);

# equivalent to $virus_admin, but for spam admin notifications:

# $spam_admin = "spamalert\@$mydomain";

# $spam_admin = undef;    # do not send spam admin notifications (default)

#@spam_admin_maps = (     # by-recipient maps

#  {'not.example.com' => '',

#   '.' => 'spamalert@example.com'},

#  $spam_admin,   # the usual default

#);

#advanced example, using a hash lookup table and a scalar default,

#lookup key is a recipient envelope address:

#@virus_admin_maps = (    # by-recipient maps

#  { 'baduser@sub1.example.com' => 'HisBoss@sub1.example.com',

#    '.sub1.example.com'  => 'virusalert@sub1.example.com',

#    '.sub2.example.com'  => '',               # don't send admin notifications

#    'a.sub3.example.com' => 'abuse@sub3.example.com',

#    '.sub3.example.com'  => 'virusalert@sub3.example.com',

#    '.example.com'       => 'noc@example.com', # default for our virus senders

#  },

#  'virusalert@hq.example.com',  # catchall for the rest

#);

# sender envelope address, from which notification reports are sent from;

# may be a null reverse path, or a fully qualified address:

#   (admin and recip sender addresses default to a null return path).

#   If using strings in double quotes, don't forget to quote @, i.e. \@

#

$mailfrom_notify_admin     = "virusalert\@$mydomain";

$mailfrom_notify_recip     = "virusalert\@$mydomain";

$mailfrom_notify_spamadmin = "spam.police\@$mydomain";

# 'From' HEADER FIELD for sender and admin notifications.

# This should be a replyable address, see rfc1894. Not to be confused

# with $mailfrom_notify_sender, which is the envelope return address

# and can be empty (null reverse path) according to rfc2821.

#

# The syntax of the 'From' header field is specified in rfc2822, section

# '3.4. Address Specification'. Note in particular that display-name must be

# a quoted-string if it contains any special characters like spaces and dots.

#

# $hdrfrom_notify_sender = "amavisd-new <postmaster\@$mydomain>";

# $hdrfrom_notify_sender = 'amavisd-new <postmaster@example.com>';

# $hdrfrom_notify_sender = '"Content-Filter Master" <postmaster@example.com>';

# $hdrfrom_notify_admin = $mailfrom_notify_admin;

# $hdrfrom_notify_spamadmin = $mailfrom_notify_spamadmin;

#   (default: "\"Content-filter at $myhostname\" <postmaster\@$myhostname>")

# whom quarantined messages appear to be sent from (envelope sender);

# keeps original sender if undef, or set it explicitly, default is undef

$mailfrom_to_quarantine = '';   # override sender address with null return path

# Location to put infected mail into: (applies to 'local:' quarantine method)

#   empty for not quarantining, may be a file (Unix-style mailbox),

#   or a directory (no trailing slash)

#   (the default value is undef, meaning no quarantine)

#

$QUARANTINEDIR = "/var/bademails";

#$quarantine_subdir_levels = 1;  # add level of subdirs to disperse quarantine

#$virus_quarantine_method          = 'local:virus-%m';     # default

#$spam_quarantine_method           = 'local:spam-%m.gz';   # default

#$banned_files_quarantine_method   = 'local:banned-%m';    # default

#$bad_header_quarantine_method     = 'local:badh-%m';      # default

# Separate quarantine subdirectories virus, spam, banned and badh within

# the directory $QUARANTINEDIR may be specified by the following settings

# (the subdirectories need to exist - must be created manually):

$virus_quarantine_method          = 'local:virus/virus-%m';

$spam_quarantine_method           = 'local:spam/spam-%m.gz';

#$banned_files_quarantine_method   = 'local:banned/banned-%m';

#$bad_header_quarantine_method     = 'local:badh/badh-%m';

#

#use the 'bsmtp:' method as an alternative to the default 'local:'

#$virus_quarantine_method = "bsmtp:$QUARANTINEDIR/virus-%m.bsmtp";

#$spam_quarantine_method  = "bsmtp:$QUARANTINEDIR/spam-%m.bsmtp";

#

#using the 'pipe:' method might be useful for some special purpose:

#$mailfrom_to_quarantine = undef;  # pass on the original sender address

#$spam_quarantine_method = 'pipe:argv=/usr/bin/myscript.sh spam-%b ${sender}';

#

#using the 'sql:' method to store quarantined message to a SQL database:

#$virus_quarantine_method = $spam_quarantine_method =

#  $banned_files_quarantine_method = $bad_header_quarantine_method = 'sql:';

# When using the 'local:' quarantine method (default), the following applies:

#

# A finer control of quarantining is available through

# variables $virus_quarantine_method/$spam_quarantine_method/

# $banned_files_quarantine_method/$bad_header_quarantine_method.

#

# The value of scalar $virus_quarantine_to/$spam_quarantine_to (or a

# per-recipient lookup result from lookup tables @virus_quarantine_to_maps)

# is/are interpreted as follows:

#

# VARIANT 1:

#   empty or undef disables quarantine;

#

# VARIANT 2:

#   a string NOT containing an '@';

# amavisd will behave as a local delivery agent (LDA) and will quarantine

# viruses to local files according to hash %local_delivery_aliases (pseudo

# aliases map) - see subroutine mail_to_local_mailbox() for details.

# Some of the predefined aliases are 'virus-quarantine' and 'spam-quarantine'.

# Setting $virus_quarantine_to ($spam_quarantine_to) to this string will:

#

# * if $QUARANTINEDIR is a directory, each quarantined virus will go

#   to a separate file in the $QUARANTINEDIR directory (traditional

#   amavis style, similar to maildir mailbox format);

#

# * otherwise $QUARANTINEDIR is treated as a file name of a Unix-style

#   mailbox. All quarantined messages will be appended to this file.

#   Amavisd child process must obtain an exclusive lock on the file during

#   delivery, so this may be less efficient than using individual files

#   or forwarding to MTA, and it may not work across NFS or other non-local

#   file systems (but may be handy for pickup of quarantined files via IMAP

#   for example);

#

# VARIANT 3:

#   any email address (must contain '@').

# The e-mail messages to be quarantined will be handed to MTA

# for delivery to the specified address. If a recipient address local to MTA

# is desired, you may leave the domain part empty, e.g. 'infected@', but the

# '@' character must nevertheless be included to distinguish it from variant 2.

#

# This variant enables more refined delivery control made available by MTA

# (e.g. its aliases file, other local delivery agents, dealing with

# privileges and file locking when delivering to user's mailbox, nonlocal

# delivery and forwarding, fan-out lists). Make sure the mail-to-be-quarantined

# will not be handed back to amavisd for checking, as this will cause a loop

# (hopefully broken at some stage)! If this can be assured, notifications

# will benefit too from not being unnecessarily virus-scanned.

#

# By default this is safe to do with Postfix and Exim v4 and dual-sendmail

# setup, but probably not safe with sendmail milter interface without tricks.

# (default values are: virus-quarantine, banned-quarantine, spam-quarantine)

$virus_quarantine_to  = 'virus-quarantine';    # traditional local quarantine

#$virus_quarantine_to = 'infected@';           # forward to MTA for delivery

#$virus_quarantine_to = "virus-quarantine\@$mydomain";   # similar

#$virus_quarantine_to = 'virus-quarantine@example.com';  # similar

#$virus_quarantine_to = undef;                 # no quarantine

#

# lookup key is envelope recipient address:

#@virus_quarantine_to_maps = (   # per-recip multiple quarantines

#  new_RE( [qr'^user@example\.com$'i => 'infected@'],

#          [qr'^(.*)@example\.com$'i => 'virus-${1}@example.com'],

#          [qr'^(.*)(@[^@])?$'i      => 'virus-${1}${2}'] ),

#  $virus_quarantine_to,  # the usual default

#);

# similar for banned names and bad headers and spam (set to undef to disable)

$banned_quarantine_to     = 'banned-quarantine';     # local quarantine

$bad_header_quarantine_to = 'bad-header-quarantine'; # local quarantine

$spam_quarantine_to       = 'spam-quarantine';       # local quarantine

# or to a mailbox:

#$spam_quarantine_to = "spam-quarantine\@$mydomain";

#

#@spam_quarantine_to_maps = (    # per-recip multiple quarantines

#  new_RE( [qr'^(.*)@example\.com$'i => 'spam-${1}@example.com'] ),

#  $spam_quarantine_to,  # the usual default

#);

# In addition to per-recip quarantine, a by-sender lookup is possible.

# It is similar to $spam_quarantine_to, but the lookup key is the

# envelope sender address:

#$spam_quarantine_bysender_to = undef;   # dflt: no by-sender spam quarantine

# Add X-Virus-Scanned header field to mail?

$X_HEADER_TAG = 'X-Virus-Scanned';	# (default: 'X-Virus-Scanned')

# Set to empty to add no header field	# (dflt "$myproduct_name at $mydomain")

# $X_HEADER_LINE = "$myproduct_name at $mydomain";

# $X_HEADER_LINE = "by $myproduct_name using ClamAV at $mydomain";

# $X_HEADER_LINE = "$myproduct_name $myversion_id ($myversion_date) at $mydomain";

# a string to prepend to Subject (for local recipients only) if mail could

# not be decoded or checked entirely, e.g. due to password-protected archives

$undecipherable_subject_tag = '***UNCHECKED*** ';  # undef disables it

# MIME defanging wraps the entire original mail in a MIME container of type

# 'Content-type: multipart/mixed', where the first part is a text/plain with

# a short explanation, and the second part is a complete original mail,

# enclosed in a 'Content-type: message/rfc822' MIME part.

# Defanging is only done when enabled (selectively by malware type),

# and mail is considered malware (virus/spam/...), and the malware is allowed

# to pass (*_lovers or *_destiny=D_PASS)

#

$defang_virus  = 1;  # default is false: don't modify mail body

$defang_banned = 1;  # default is false: don't modify mail body

# $defang_bad_header     = 1;  # default is false: don't modify mail body

$defang_undecipherable = 1;  # default is false: don't modify mail body

# $defang_spam = 1;  # default is false: don't modify mail body

$remove_existing_x_scanned_headers = 0; # leave existing X-Virus-Scanned alone

#$remove_existing_x_scanned_headers= 1; # remove existing headers

					# (defaults to false)

#$remove_existing_spam_headers = 0;     # leave existing X-Spam* headers alone

$remove_existing_spam_headers  = 1;     # remove existing spam headers if

					# spam scanning is enabled (default)

# set $bypass_decode_parts to true if you only do spam scanning, or if you

# have a good virus scanner that can deal with compression and recursively

# unpacking archives by itself, and save amavisd the trouble.

# Disabling decoding also causes banned_files checking to only see

# MIME names and MIME content types, not the content classification types

# as provided by the file(1) utility.

# It is a double-edged sword, make sure you know what you are doing!

#

#$bypass_decode_parts = 1;		# (defaults to false)

# don't trust this file type or corresponding unpacker for this file type,

# keep both the original and the unpacked file for a virus checker to see

# (lookup key is what file(1) utility returned):

#

@keep_decoded_original_maps = (new_RE(

# qr'^MAIL$',   # retain full original message for virus checking (can be slow)

  qr'^MAIL-UNDECIPHERABLE$',  # retain full mail if it contains undecipherables

  qr'^(ASCII(?! cpio)|text|uuencoded|xxencoded|binhex)'i,

# qr'^Zip archive data',      # don't trust Archive::Zip

));

# Checking for banned MIME types and names. If any mail part matches,

# the whole mail is rejected. Object $banned_filename_re provides a list

# of Perl regular expressions to be matched against each part's:

#

#  * Content-Type value (both declared and effective mime-type),

#    such as the possible security-risk content types

#    'message/partial' and 'message/external-body', as specified in rfc2046

#    or 'application/x-msdownload' and 'application/x-msdos-program';

#

#  * declared (recommended) file names as specified by MIME subfields

#    Content-Disposition.filename and Content-Type.name, both in their

#    raw (encoded) form and in rfc2047-decoded form if applicable

#    as well as (recommended) file names specified in archives;

#

#  * file content type as guessed by 'file(1)' utility, mapped

#    (by @map_full_type_to_short_type_maps) into short type names such as

#    .asc, .txt, .html, .doc, .jpg, .pdf, .zip, .exe-ms, ..., which always

#    starts with a dot. These short types are available unless

#    $bypass_decode_parts is true.

#

# All nodes (mail parts) of the fully recursively decoded mail and embedded

# archives are checked, each node independently from remaining nodes.

#

# For each node all its ancestor nodes including itself are checked against

# $banned_filename_re lookup list, top-down. The search for a node stops

# at the first match, the right-hand side of the matching key determines

# the result (true or false, absent right-hand side implies true, as explained

# in README.lookups).

#

# Although repeatedly re-checking ancestor nodes may seem excessive, it gives

# the opportunity to specify rules which make a particular node hide its

# descendents, e.g. allow any name or file type within a .zip, even though

# .exe files may otherwise not be allowed.

#

# Leave $banned_filename_re undefined to disable these checks

# (giving an empty list to new_RE() will also always return false)

$banned_filename_re = new_RE(

# qr'^UNDECIPHERABLE$',  # is or contains any undecipherable components

  # block certain double extensions anywhere in the base name

  qr'\.[^./]*[A-Za-z][^./]*\.(exe|vbs|pif|scr|bat|cmd|com|cpl|dll)\.?$'i,

# qr'\{[0-9a-z]{4,}(-[0-9a-z]{4,}){0,7}\}?'i,  # Class ID extensions - CLSID

  qr'^application/x-msdownload$'i,                  # block these MIME types

  qr'^application/x-msdos-program$'i,

  qr'^application/hta$'i,

# qr'^message/partial$'i,                           # rfc2046 MIME type

# qr'^message/external-body$'i,                     # rfc2046 MIME type

#    (btw, note that allowing 'message/external-body' is probably no worse

#    than allowing mail with HTML and/or allowing a user to browse the web)

# [ qr'^\.(Z|gz|bz2)$'           => 0 ],  # allow any in Unix-compressed

  [ qr'^\.(rpm|cpio|tar)$'       => 0 ],  # allow any in Unix-type archives

# [ qr'^\.(zip|rar|arc|arj|zoo)$'=> 0 ],  # allow any within such archives

  qr'.\.(exe|vbs|pif|scr|bat|cmd|com|cpl)$'i, # banned extension - basic

# qr'.\.(ade|adp|app|bas|bat|chm|cmd|com|cpl|crt|emf|exe|fxp|grp|hlp|hta|

#        inf|ins|isp|js|jse|lnk|mda|mdb|mde|mdw|mdt|mdz|msc|msi|msp|mst|

#        ops|pcd|pif|prg|reg|scr|sct|shb|shs|vb|vbe|vbs|

#        wmf|wsc|wsf|wsh)$'ix,  # banned ext - long

# qr'.\.(mim|b64|bhx|hqx|xxe|uu|uue)$'i,  # banned extension - WinZip vulnerab.

  qr'^\.(exe-ms)$',                       # banned file(1) types

# qr'^\.(exe|lha|tnef|cab|dll)$',         # banned file(1) types

);

# See http://support.microsoft.com/default.aspx?scid=kb;EN-US;q262631

# and http://www.cknow.com/vtutor/vtextensions.htm

# A little trick: a pattern qr'\.exe$' matches both a short type name '.exe',

# as well as any file name which happens to end with .exe. If only matching

# a file name is desired, but not the short type, a pattern qr'.\.exe$'i

# or similar may be used, which requires that at least one character precedes

# the '.exe', and so it will never match short file types which always start

# with a dot.

# the syntax of these Perl regular expressions is a bit awkward if not

# familiar with them, so please do follow examples and stick to the idioms:

#   \A        ... at the beginning of the first component

#   \z        ... at the end of the the last (leaf) component

#   ^         ... at the beginning of each component in the path

#   $         ... at the end of each component in the path

#   (.*\t)?   ... at the beginning of a field

#   (\t.*)?   ... at the end of a field

#   \t(.*\t)* ... separating fields

#   [^\t\n]   ... any single character, but don't escape from this field

#   (.*\n)+   ... one or more levels down

#   (?#...)   ... a comment within a regexp

# new-style of banned lookup table

$banned_namepath_re = new_RE(

  # block these MIME types

  qr'(?#NO X-MSDOWNLOAD)   ^(.*\t)? M=application/x-msdownload   (\t.*)? $'xmi,

  qr'(?#NO X-MSDOS-PROGRAM)^(.*\t)? M=application/x-msdos-program(\t.*)? $'xmi,

  qr'(?#NO HTA)            ^(.*\t)? M=application/hta            (\t.*)? $'xmi,

# # block rfc2046 MIME types

# qr'(?# BLOCK RFC2046 ) ^ (.*\t)? M=message/partial       (\t.*)? $'xmi,

# qr'(?# BLOCK RFC2046 ) ^ (.*\t)? M=message/external-body (\t.*)? $'xmi,

# # within traditional Unix compressions allow any name and type

# [ qr'(?#rule-3) ^ (.*\t)? T=(Z|gz|bz2)     (\t.*)? $'xmi => 0 ],  # allow

  # within traditional Unix archives allow any name and type

  [ qr'(?#rule-4) ^ (.*\t)? T=(tar|rpm|cpio) (\t.*)? $'xmi => 0 ],  # allow

# # block anything within a zip

# qr'(?#rule-5) ^ (.*\t)? T=zip (\t.*)? (.*\n)+ .* $'xmi,

  # block certain double extensions in filenames

  qr'(?# BLOCK DOUBLE-EXTENSIONS )

     ^ (.*\t)? N= [^\t\n]* \. [^./\t\n]* [A-Za-z] [^./\t\n]* \.

                  (exe|vbs|pif|scr|bat|cmd|com|cpl|dll) \.? (\t.*)? $'xmi,

# # block Class ID (CLSID) extensions in filenames

# qr'(?# BLOCK CLSID-EXTENSIONS )

#    ^ (.*\t)? N= [^\t\n]* \{[0-9a-z]{4,}(-[0-9a-z]{4,}){0,7}\}? [^\t\n]* (\t.*)? $'xmi,

# # banned declared names with three or more consecutive spaces

# qr'(?# BLOCK NAMES WITH SPACES )

#    ^ (.*\t)? N= [^\t\n]*  [ ]{3,} 'xmi,

# # within PC archives allow any types or names at any depth

# [ qr'(?#rule-7) ^ (.*\t)? T=(zip|rar|arc|arj|zoo) (\t.*)? $'xmi => 0 ],  # ok

# # within certain archives allow leaf members at any depth if crypted

# [ qr'(?# ALLOW ENCRYPTED )

#      ^ (.*\t)? T=(zip|rar|arj) (.*\n)+ (.*\t)? A=C (\t.*)? \z'xmi => 0 ],

# # allow crypted leaf members regardless of their name or type

# [ qr'(?# ALLOW IF ENCRYPTED )    ^ (.*\t)? A=C (\t.*)? \z'xmi => 0 ],

# # block if any component can not be decoded (is encrypted or bad archive)

# qr'(?# BLOCK IF UNDECIPHERABLE ) ^ (.*\t)? A=U (\t.*)? \z'xmi,

# [ qr'(?# SPECIAL ALLOWANCES - MAGIC NAMES)

#      \A (.*\t)? T=(rpm|cpio|tar|zip|rar|arc|arj|zoo|Z|gz|bz2)

#         \t(.*\t)* N=example\d+[^\t\n]*

#         (\t.*)? $'xmi => 0 ],

  # banned filename extensions (in declared names) anywhere - basic

  qr'(?# BLOCK COMMON NAME EXENSIONS )

     ^ (.*\t)? N= [^\t\n]* \. (exe|vbs|pif|scr|bat|com|cpl) (\t.*)? $'xmi,

# # banned filename extensions (in declared names) anywhere - long

# qr'(?# BLOCK MORE NAME EXTENSIONS )

#    ^ (.*\t)? N= [^\t\n]* \. (

#    ade|adp|app|bas|bat|chm|cmd|com|cpl|crt|emf|exe|fxp|grp|hlp|hta|

#    inf|ins|isp|js|jse|lnk|mda|mdb|mde|mdw|mdt|mdz|msc|msi|msp|mst|

#    ops|pcd|pif|prg|reg|scr|sct|shb|shs|vb|vbe|vbs|

#    wmf|wsc|wsf|wsh) (\t.*)? $'xmi,

# # banned filename extensions anywhere - WinZip vulnerability (pre-V9)

# qr'(?# BLOCK WinZip VULNERABILITY EXENSIONS )

#    ^ (.*\t)? N= [^\t\n]* \. (mim|b64|bhx|hqx|xxe|uu|uue) (\t.*)? $'xmi,

  [ qr'(?# BLOCK EMPTY MIME PART APPLICATION/OCTET-STREAM )

       ^ (.*\t)? M=application/octet-stream \t(.*\t)* T=empty (\t.*)? $'xmi

    => 'DISCARD' ],

# [ qr'(?# BLOCK EMPTY MIME PARTS )

#      ^ (.*\t)? M= [^\t\n]+ \t(.*\t)* T=empty (\t.*)? $'xmi => 'DISCARD' ],

  qr'(?# BLOCK Microsoft EXECUTABLES )

     ^ (.*\t)? T=exe-ms (\t.*)? $'xm,              # banned file(1) type

# qr'(?# BLOCK ANY EXECUTABLE )

#    ^ (.*\t)? T=exe (\t.*)? $'xm,                 # banned file(1) type

# qr'(?# BLOCK THESE TYPES )

#    ^ (.*\t)? T=(exe|lha|tnef|cab|dll) (\t.*)? $'xm,  # banned file(1) types

);

# use old or new style of banned lookup table; not both to avoid confusion

#

# @banned_filename_maps = ();   # to disable old-style

  $banned_namepath_re = undef;  # to disable new-style

#

# Section V - Per-recipient and per-sender handling, whitelisting, etc.

#

# @virus_lovers_maps list of lookup tables:

#   (this should be considered a policy option, is does not disable checks,

#   see bypass*checks for that!)

#

# Exclude certain RECIPIENTS from virus filtering by adding their (lower-cased)

# envelope e-mail address (or domain only) to one of the lookup tables in

# the @virus_lovers_maps list - see README.lookups and examples.

# Make sure the appropriate form (e.g. external/internal) of address

# is used in case of virtual domains, or when mapping external to internal

# addresses, etc. - this is MTA-specific.

#

# Notifications would still be generated however (see the overall

# picture above), and infected mail (if passed) gets additional header:

#   X-AMaViS-Alert: INFECTED, message contains virus: ...

# (header not inserted with milter interface!)

#

# NOTE (milter interface only): in case of multiple recipients,

# it is only possible to drop or accept the message in its entirety - for all

# recipients. If all of them are virus lovers, we'll accept mail, but if

# at least one recipient is not a virus lover, we'll discard the message.

# @bypass_virus_checks_maps list of lookup tables:

#   (this is mainly a time-saving option, unlike virus_lovers* !)

#

# Similar in concept to @virus_lovers_maps, a @bypass_virus_checks_maps

# is used to skip entirely the decoding, unpacking and virus checking,

# but only if ALL recipients match the lookup.

#

# @bypass_virus_checks_maps does NOT GUARANTEE the message will NOT be checked

# for viruses - this may still happen when there is more than one recipient

# for a message and not all of them match these lookup tables, or when

# check result was cached (i.e. the same contents was recently sent to other

# recipients). To guarantee virus delivery, a recipient must also match

# @virus_lovers_maps lookups (but see milter limitations above),

# NOTE: it would not be clever to base enabling of virus checks on SENDER

# address, since there are no guarantees that it is genuine. Many viruses

# and spam messages fake sender address. To achieve selective filtering

# based on the source of the mail (e.g. IP address, MTA port number, ...),

# use mechanisms provided by MTA if available, possibly combined with policy

# banks feature.

# Similar to lists of lookup tables controlling virus checking, there are

# counterparts for spam scanning, banned names/types, and headers_checks

# control:

#   @spam_lovers_maps,

#   @banned_files_lovers_maps,

#   @bad_header_lovers_maps

# and:

#   @bypass_spam_checks_maps,

#   @bypass_banned_checks_maps,

#   @bypass_header_checks_maps

# Example:

#   @bypass_header_checks_maps = ( [qw( user@example.com )] );

#   @bad_header_lovers_maps    = ( [qw( user@example.com )] );

# The following example disables spam checking altogether,

# since it matches any recipient e-mail address.

@bypass_spam_checks_maps = (1);

# See README.lookups for further detail, and examples below.

# In the following example a list of lookup tables @virus_lovers_maps

# contains three elements, the first is a reference to an ACL lookup table

# (brackets in Perl indicate a ref to a list), the second is a reference

# to a hash lookup table (curly braces in Perl indicate a ref to a hash),

# the third is a regexp lookup table, indicated by the type of object

# created by new_RE() :

#

#@virus_lovers_maps = (

# [ qw( me@lab.xxx.com !lab.xxx.com .xxx.com yyy.org ) ],

# { "postmaster\@$mydomain" => 1, # double quotes permit variable evaluation

#   'postmaster@example.com'=> 1, # in single quotes the '@' need not be quoted

#   'abuse@example.com'=> 1,

#   'some.user@'       => 1,  # this recipient, regardless of domain

#   'boss@example.com' => 0,  # never, even if domain matches

#   'example.com'      => 1,  # this domain, but not its subdomains

#   '.example.com'     => 1,  # this domain, including its subdomains

# },

# new_RE( qr'^(helpdesk|postmaster)@example\.com$'i ),

#);

#@spam_lovers_maps = (

# ["postmaster\@$mydomain", 'postmaster@example.com', 'abuse@example.com'],

#);

#@bad_header_lovers_maps = (

# ["postmaster\@", "abuse\@$mydomain"],

#);

# to save some typing of quotes and commas, a Perl operator qw can be used

# to split its argument on whitespace and to quote resulting elements:

#@bypass_spam_checks_maps = (

#  [ qw( some.ddd !butnot.example.com .example.com ) ],

#);

# don't run spam check for these RECIPIENT domains:

#   @bypass_spam_checks_maps = ( [qw( d1.com .d2.com a.d3.com )] );

# or the other way around (bypass check for all BUT these):

#   @bypass_spam_checks_maps = ( [qw( !d1.com !.d2.com !a.d3.com . )] );

# a practical application: don't check outgoing mail for spam:

#   @bypass_spam_checks_maps = ( [ "!.$mydomain", "." ] );

# or calculated (negated) from the %local_domains:

#   @bypass_spam_checks_maps =

#     ( {map {$_ => !$local_domains{$_}} keys %local_domains}, 1);

# (a downside of which is that such mail will not count as ham in SA bayes db)

#

# Note that 'outgoing' is not the same as 'originating from inside'.

# The internal-to-internal mail is not outgoing, but is originating from

# inside. To base rules on 'originating from inside', the use of policy bank

# MYNETS is needed, in conjunction with XFORWARD Postfix extension to SMTP.

# Where to find SQL server(s) and database to support SQL lookups?

# A list of triples: (dsn,user,passw).   (dsn = data source name)

# More than one entry may be specified for multiple (backup) SQL servers.

# See 'man DBI', 'man DBD::mysql', 'man DBD::Pg', ... for details.

# When chroot-ed, accessing SQL server over inet socket may be more convenient.

#

# @lookup_sql_dsn =

#   ( ['DBI:mysql:database=mail;host=127.0.0.1;port=3306', 'user1', 'passwd1'],

#     ['DBI:mysql:database=mail;host=host2', 'username2', 'password2'],

#     ["DBI:SQLite:dbname=$MYHOME/sql/mail_prefs.sqlite", '', ''] );

# @storage_sql_dsn = @lookup_sql_dsn;  # none, same, or separate database

#

# ('mail' in the example is the database name, choose what you like)

# With PostgreSQL the dsn (first element of the triple) may look like:

#      'DBI:Pg:host=host1;dbname=mail'

# The SQL select clause to fetch per-recipient policy settings.

# The %k will be replaced by a comma-separated list of query addresses

# (e.g. full address, domain only (stripped level by level), and a catchall).

# Use ORDER if there is a chance that multiple records will match - the first

# match wins. If field names are not unique (e.g. 'id'), the later field

# overwrites the earlier in a hash returned by lookup, which is why we use

# '*,users.id' instead of just '*'. No need to uncomment the following

# assignment if the default is ok.

#   $sql_select_policy = 'SELECT *,users.id FROM users,policy'.

#     ' WHERE (users.policy_id=policy.id) AND (users.email IN (%k))'.

#     ' ORDER BY users.priority DESC';

#

# The SQL select clause to check sender in per-recipient whitelist/blacklist

# The first SELECT argument '?' will be users.id from recipient SQL lookup,

# the %k will be sender addresses (e.g. full address, domain only, catchall).

# The default value is:

#   $sql_select_white_black_list = 'SELECT wb FROM wblist,mailaddr'.

#     ' WHERE (wblist.rid=?) AND (wblist.sid=mailaddr.id)'.

#     '   AND (mailaddr.email IN (%k))'.

#     ' ORDER BY mailaddr.priority DESC';

#

# To disable SQL white/black list, set to undef (otherwise comment-out

# the following statement, leaving it at the default value):

$sql_select_white_black_list = undef;  # undef disables SQL white/blacklisting

# If passing malware to certain recipients ($final_*_destiny=D_PASS or

# *_lovers), the recipient-based lookup tables @addr_extension_*_maps may

# return a string, which (if nonempty) will be added as an address extension

# to the local-part of the recipient's address. This extension may be used

# by the final local delivery agent (LDA) to place such mail into different

# subfolders (the extension is usually interpreted as a folder name).

# This is sometimes known as the 'plus addressing'. Appending address

# extensions is prevented when:

# - recipient does not match lookup tables @local_domains_maps;

# - lookup into corresponding @addr_extension_*_maps results

#   in an empty string or undef;

# - $recipient_delimiter is empty (see below)

# LDAs usually default to stripping away address extension if no special

# handling is specified or if a named subfolder or alias does not exist,

# so adding address extensions normally does no harm.

# @addr_extension_virus_maps  = ('virus');     # defaults to empty

# @addr_extension_spam_maps   = ('spam');      # defaults to empty

# @addr_extension_banned_maps = ('banned');    # defaults to empty

# @addr_extension_bad_header_maps = ('badh');  # defaults to empty

#

# A more complex example:

# @addr_extension_virus_maps = (

#   {'sub.example.com'=>'infected', '.example.com'=>'filtered'}, 'virus' );

# Delimiter between local part of the envelope recipient address and address

# extension (which can optionally be added, see @addr_extension_*_maps. E.g.

# recipient address <user@example.com> is changed to <user+virus@example.com>.

#

# Delimiter must match the equivalent (final) MTA delimiter setting.

# (e.g. for Postfix add 'recipient_delimiter = +' to main.cf)

# Setting it to an empty string or to undef disables adding extensions

# regardless of $addr_extension_*_maps.

# $recipient_delimiter = '+';		# (default is undef, i.e. disabled)

# true: replace extension;  false: append extension

# $replace_existing_extension = 1;	# (default is true)

# Affects matching of localpart of e-mail addresses (left of '@')

# in lookups: true = case sensitive, false = case insensitive

$localpart_is_case_sensitive = 0;	# (default is false)

# ENVELOPE SENDER SOFT-WHITELISTING / SOFT-BLACKLISTING

# Instead of hard black- or whitelisting, a softer approach is to add

# score points (penalties) to the SA score for mail from certain senders.

# Positive points lean towards blacklisting, negative towards whitelisting.

# This is much like adding SA rules or using its white/blacklisting, except

# that here only envelope sender addresses are considered (not addresses

# in a mail header), and that score points can be assigned per-recipient

# (or globally), and the assigned penalties are customarily much lower

# than the default SA white/blacklisting score.

#

# The table structure is similar to $per_recip_blacklist_sender_lookup_tables

# i.e. the first level key is recipient, pointing to by-sender lookup tables.

# The essential difference is that scores from _all_ matching by-recipient

# lookups (not just the first that matches) are summed to give the final

# score boost. That means that both the site and domain administrators,

# as well as the recipient can have a say on the final score.

#

# NOTE: keep hash keys in lowercase, either manually or by using function lc

@score_sender_maps = ({  # a by-recipient hash lookup table

# # per-recipient personal tables  (NOTE: positive: black, negative: white)

# 'user1@example.com'  => [{'bla-mobile.press@example.com' => 10.0}],

# 'user3@example.com'  => [{'.ebay.com'                 => -3.0}],

# 'user4@example.com'  => [{'cleargreen@cleargreen.com' => -7.0,

#                           '.cleargreen.com'           => -5.0}],

  # site-wide opinions about senders (the '.' matches any recipient)

  '.' => [  # the _first_ matching sender determines the score boost

   new_RE(  # regexp-type lookup table, just happens to be all soft-blacklist

    [qr'^(bulkmail|offers|cheapbenefits|earnmoney|foryou)@'i         => 5.0],

    [qr'^(greatcasino|investments|lose_weight_today|market\.alert)@'i=> 5.0],

    [qr'^(money2you|MyGreenCard|new\.tld\.registry|opt-out|opt-in)@'i=> 5.0],

    [qr'^(optin|saveonlsmoking2002k|specialoffer|specialoffers)@'i   => 5.0],

    [qr'^(stockalert|stopsnoring|wantsome|workathome|yesitsfree)@'i  => 5.0],

    [qr'^(your_friend|greatoffers)@'i                                => 5.0],

    [qr'^(inkjetplanet|marketopt|MakeMoney)\d*@'i                    => 5.0],

   ),

#  read_hash("/var/amavis/sender_scores_sitewide"),

   { # a hash-type lookup table (associative array)

     'nobody@cert.org'                        => -3.0,

     'cert-advisory@us-cert.gov'              => -3.0,

     'owner-alert@iss.net'                    => -3.0,

     'slashdot@slashdot.org'                  => -3.0,

     'bugtraq@securityfocus.com'              => -3.0,

     'ntbugtraq@listserv.ntbugtraq.com'       => -3.0,

     'security-alerts@linuxsecurity.com'      => -3.0,

     'mailman-announce-admin@python.org'      => -3.0,

     'amavis-user-admin@lists.sourceforge.net'=> -3.0,

     'notification-return@lists.sophos.com'   => -3.0,

     'owner-postfix-users@postfix.org'        => -3.0,

     'owner-postfix-announce@postfix.org'     => -3.0,

     'owner-sendmail-announce@lists.sendmail.org'   => -3.0,

     'sendmail-announce-request@lists.sendmail.org' => -3.0,

     'donotreply@sendmail.org'                => -3.0,

     'ca+envelope@sendmail.org'               => -3.0,

     'noreply@freshmeat.net'                  => -3.0,

     'owner-technews@postel.acm.org'          => -3.0,

     'ietf-123-owner@loki.ietf.org'           => -3.0,

     'cvs-commits-list-admin@gnome.org'       => -3.0,

     'rt-users-admin@lists.fsck.com'          => -3.0,

     'clp-request@comp.nus.edu.sg'            => -3.0,

     'surveys-errors@lists.nua.ie'            => -3.0,

     'emailnews@genomeweb.com'                => -5.0,

     'yahoo-dev-null@yahoo-inc.com'           => -3.0,

     'returns.groups.yahoo.com'               => -3.0,

     'clusternews@linuxnetworx.com'           => -3.0,

     lc('lvs-users-admin@LinuxVirtualServer.org')    => -3.0,

     lc('owner-textbreakingnews@CNNIMAIL12.CNN.COM') => -5.0,

     # soft-blacklisting (positive score)

     'sender@example.net'                     =>  3.0,

     '.example.net'                           =>  1.0,

   },

  ],  # end of site-wide tables

});

# ENVELOPE SENDER WHITELISTING / BLACKLISTING  - GLOBAL (RECIPIENT-INDEPENDENT)

# (affects spam checking only, has no effect on virus and other checks)

# WHITELISTING: use ENVELOPE SENDER lookups to ENSURE DELIVERY from whitelisted

# senders even if the message would be recognized as spam. Effectively, for

# the specified senders, message recipients temporarily become 'spam_lovers'.

# To avoid surprises, whitelisted sender also suppresses inserting/editing

# the tag2-level header fields (X-Spam-*, Subject), appending spam address

# extension, and quarantining.

#

# BLACKLISTING: messages from specified SENDERS are DECLARED SPAM.

# Effectively, for messages from blacklisted envelope sender addresses, spam

# level is artificially pushed high, and the normal spam processing applies,

# resulting in 'X-Spam-Flag: YES', high 'X-Spam-Level' bar and other usual

# reactions to spam, including possible rejection. If the message nevertheless

# still passes (e.g. for spam loving recipients), it is tagged as BLACKLISTED

# in the 'X-Spam-Status' header field, but the reported spam value and

# set of tests in this report header field (if available from SpamAssassin,

# which may or may not have been called) is not adjusted.

#

# A sender may be both white- and blacklisted at the same time, settings

# are independent. For example, being both white- and blacklisted, message

# is delivered to recipients, but is not tagged as spam (X-Spam-Flag: No;

# X-Spam-Status: No, ...), but the reported spam level (if computed) may

# still indicate high spam score.

#

# If ALL recipients of the message either white- or blacklist the sender,

# spam scanning (calling the SpamAssassin) is bypassed, saving on time.

#

# The following variables (lists of lookup tables) are available,

# with the semantics and syntax as specified in README.lookups:

# @whitelist_sender_maps, @blacklist_sender_maps

# SOME EXAMPLES:

#

#ACL:

# @whitelist_sender_maps = ( ['.example.org', '.example.net'] );

# @whitelist_sender_maps = ( [qw(.example.org  .example.net)] );  # same thing

#

# @whitelist_sender_maps = ( [".$mydomain"] );  # $mydomain and its subdomains

# NOTE: This is not a reliable way of turning off spam checks for

#   locally-originating mail, as sender address can easily be faked.

----------

## gab74

THIS IS THE AMAVIS.LOG

Jan 20 11:11:25 mail.figoli.it /usr/sbin/amavisd[20021]: starting.  /usr/sbin/amavisd at mail.figoli.it amavisd-new-2.3.3 (20050822), Unicode aware

Jan 20 11:11:25 mail.figoli.it /usr/sbin/amavisd[20021]: user=, EUID: 0 (0);  group=, EGID: 0 0 (0 0)

Jan 20 11:11:25 mail.figoli.it /usr/sbin/amavisd[20021]: Perl version               5.008005

Jan 20 11:11:26 mail.figoli.it /usr/sbin/amavisd[20031]: Net::Server: Process Backgrounded

Jan 20 11:11:26 mail.figoli.it /usr/sbin/amavisd[20031]: Net::Server: 2006/01/20-11:11:26 Amavis (type Net::Server::PreForkSimple) starting! pid(20031)

Jan 20 11:11:26 mail.figoli.it /usr/sbin/amavisd[20031]: Net::Server: Binding to UNIX socket file /var/amavis/amavisd.sock using SOCK_STREAM

Jan 20 11:11:26 mail.figoli.it /usr/sbin/amavisd[20031]: Net::Server: Binding to TCP port 10024 on host 127.0.0.1

Jan 20 11:11:26 mail.figoli.it /usr/sbin/amavisd[20031]: Net::Server: Setting gid to "1006 1006"

Jan 20 11:11:26 mail.figoli.it /usr/sbin/amavisd[20031]: Net::Server: Setting uid to "101"

Jan 20 11:11:26 mail.figoli.it /usr/sbin/amavisd[20031]: Module Amavis::Conf        2.043

Jan 20 11:11:26 mail.figoli.it /usr/sbin/amavisd[20031]: Module Archive::Tar        1.23

Jan 20 11:11:26 mail.figoli.it /usr/sbin/amavisd[20031]: Module Archive::Zip        1.14

Jan 20 11:11:26 mail.figoli.it /usr/sbin/amavisd[20031]: Module BerkeleyDB          0.26

Jan 20 11:11:26 mail.figoli.it /usr/sbin/amavisd[20031]: Module Compress::Zlib      1.35

Jan 20 11:11:26 mail.figoli.it /usr/sbin/amavisd[20031]: Module Convert::TNEF       0.17

Jan 20 11:11:26 mail.figoli.it /usr/sbin/amavisd[20031]: Module Convert::UUlib      1.051

Jan 20 11:11:26 mail.figoli.it /usr/sbin/amavisd[20031]: Module MIME::Entity        5.415

Jan 20 11:11:26 mail.figoli.it /usr/sbin/amavisd[20031]: Module MIME::Parser        5.415

Jan 20 11:11:26 mail.figoli.it /usr/sbin/amavisd[20031]: Module MIME::Tools         5.415

Jan 20 11:11:26 mail.figoli.it /usr/sbin/amavisd[20031]: Module Mail::Header        1.65

Jan 20 11:11:26 mail.figoli.it /usr/sbin/amavisd[20031]: Module Mail::Internet      1.65

Jan 20 11:11:26 mail.figoli.it /usr/sbin/amavisd[20031]: Module Net::Cmd            2.26

Jan 20 11:11:26 mail.figoli.it /usr/sbin/amavisd[20031]: Module Net::SMTP           2.29

Jan 20 11:11:26 mail.figoli.it /usr/sbin/amavisd[20031]: Module Net::Server         0.87

Jan 20 11:11:26 mail.figoli.it /usr/sbin/amavisd[20031]: Module Time::HiRes         1.66

Jan 20 11:11:26 mail.figoli.it /usr/sbin/amavisd[20031]: Module Unix::Syslog        0.100

Jan 20 11:11:26 mail.figoli.it /usr/sbin/amavisd[20031]: Amavis::DB code    loaded

Jan 20 11:11:26 mail.figoli.it /usr/sbin/amavisd[20031]: Amavis::Cache code loaded

Jan 20 11:11:26 mail.figoli.it /usr/sbin/amavisd[20031]: SQL base code      NOT loaded

Jan 20 11:11:26 mail.figoli.it /usr/sbin/amavisd[20031]: SQL::Log code      NOT loaded

Jan 20 11:11:26 mail.figoli.it /usr/sbin/amavisd[20031]: SQL::Quarantine    NOT loaded

Jan 20 11:11:26 mail.figoli.it /usr/sbin/amavisd[20031]: Lookup::SQL  code  NOT loaded

Jan 20 11:11:26 mail.figoli.it /usr/sbin/amavisd[20031]: Lookup::LDAP code  NOT loaded

Jan 20 11:11:26 mail.figoli.it /usr/sbin/amavisd[20031]: AM.PDP prot  code  loaded

Jan 20 11:11:26 mail.figoli.it /usr/sbin/amavisd[20031]: SMTP-in prot code  loaded

Jan 20 11:11:26 mail.figoli.it /usr/sbin/amavisd[20031]: ANTI-VIRUS code    loaded

Jan 20 11:11:26 mail.figoli.it /usr/sbin/amavisd[20031]: ANTI-SPAM  code    NOT loaded

Jan 20 11:11:26 mail.figoli.it /usr/sbin/amavisd[20031]: Unpackers  code    loaded

Jan 20 11:11:26 mail.figoli.it /usr/sbin/amavisd[20031]: Found $file            at /usr/bin/file

Jan 20 11:11:26 mail.figoli.it /usr/sbin/amavisd[20031]: No $dspam,             not using it

Jan 20 11:11:26 mail.figoli.it /usr/sbin/amavisd[20031]: Internal decoder for .mail

Jan 20 11:11:26 mail.figoli.it /usr/sbin/amavisd[20031]: Internal decoder for .asc 

Jan 20 11:11:26 mail.figoli.it /usr/sbin/amavisd[20031]: Internal decoder for .uue 

Jan 20 11:11:26 mail.figoli.it /usr/sbin/amavisd[20031]: Internal decoder for .hqx 

Jan 20 11:11:26 mail.figoli.it /usr/sbin/amavisd[20031]: Internal decoder for .ync 

Jan 20 11:11:26 mail.figoli.it /usr/sbin/amavisd[20031]: Found decoder for    .F    at /usr/bin/unfreeze

Jan 20 11:11:26 mail.figoli.it /usr/sbin/amavisd[20031]: Found decoder for    .Z    at /usr/bin/uncompress

Jan 20 11:11:26 mail.figoli.it /usr/sbin/amavisd[20031]: Internal decoder for .gz  

Jan 20 11:11:26 mail.figoli.it /usr/sbin/amavisd[20031]: Found decoder for    .gz   at /bin/gzip -d (backup, not used)

Jan 20 11:11:26 mail.figoli.it /usr/sbin/amavisd[20031]: Found decoder for    .bz2  at /bin/bzip2 -d

Jan 20 11:11:26 mail.figoli.it /usr/sbin/amavisd[20031]: No decoder for       .lzo  tried: lzop -d

Jan 20 11:11:26 mail.figoli.it /usr/sbin/amavisd[20031]: No decoder for       .rpm  tried: rpm2cpio.pl, rpm2cpio

Jan 20 11:11:26 mail.figoli.it /usr/sbin/amavisd[20031]: Found decoder for    .cpio at /bin/cpio

Jan 20 11:11:26 mail.figoli.it /usr/sbin/amavisd[20031]: Found decoder for    .tar  at /bin/cpio

Jan 20 11:11:26 mail.figoli.it /usr/sbin/amavisd[20031]: Internal decoder for .tar  (backup, not used)

Jan 20 11:11:26 mail.figoli.it /usr/sbin/amavisd[20031]: Found decoder for    .deb  at /usr/bin/ar

Jan 20 11:11:26 mail.figoli.it /usr/sbin/amavisd[20031]: Internal decoder for .zip 

Jan 20 11:11:26 mail.figoli.it /usr/sbin/amavisd[20031]: Found decoder for    .rar  at /usr/bin/unrar

Jan 20 11:11:26 mail.figoli.it /usr/sbin/amavisd[20031]: Found decoder for    .arj  at /usr/bin/unarj

Jan 20 11:11:26 mail.figoli.it /usr/sbin/amavisd[20031]: Found decoder for    .arc  at /usr/bin/arc

Jan 20 11:11:26 mail.figoli.it /usr/sbin/amavisd[20031]: Found decoder for    .zoo  at /usr/bin/zoo

Jan 20 11:11:26 mail.figoli.it /usr/sbin/amavisd[20031]: Found decoder for    .lha  at /usr/bin/lha

Jan 20 11:11:26 mail.figoli.it /usr/sbin/amavisd[20031]: Found decoder for    .cab  at /usr/bin/cabextract

Jan 20 11:11:26 mail.figoli.it /usr/sbin/amavisd[20031]: No decoder for       .tnef tried: tnef

Jan 20 11:11:26 mail.figoli.it /usr/sbin/amavisd[20031]: Internal decoder for .tnef

Jan 20 11:11:26 mail.figoli.it /usr/sbin/amavisd[20031]: Found decoder for    .exe  at /usr/bin/unrar; /usr/bin/lha; /usr/bin/unarj

Jan 20 11:11:26 mail.figoli.it /usr/sbin/amavisd[20031]: Using internal av scanner code for (primary) ClamAV-clamd

Jan 20 11:11:26 mail.figoli.it /usr/sbin/amavisd[20031]: No primary av scanner: KasperskyLab AVP - aveclient

Jan 20 11:11:26 mail.figoli.it /usr/sbin/amavisd[20031]: No primary av scanner: KasperskyLab AntiViral Toolkit Pro (AVP)

Jan 20 11:11:26 mail.figoli.it /usr/sbin/amavisd[20031]: No primary av scanner: KasperskyLab AVPDaemonClient

Jan 20 11:11:26 mail.figoli.it /usr/sbin/amavisd[20031]: No primary av scanner: CentralCommand Vexira (new) vascan

Jan 20 11:11:26 mail.figoli.it /usr/sbin/amavisd[20031]: No primary av scanner: H+BEDV AntiVir or the (old) CentralCommand Vexira Antivirus

Jan 20 11:11:26 mail.figoli.it /usr/sbin/amavisd[20031]: No primary av scanner: Command AntiVirus for Linux

Jan 20 11:11:26 mail.figoli.it /usr/sbin/amavisd[20031]: No primary av scanner: Symantec CarrierScan via Symantec CommandLineScanner

Jan 20 11:11:26 mail.figoli.it /usr/sbin/amavisd[20031]: No primary av scanner: Symantec AntiVirus Scan Engine

Jan 20 11:11:26 mail.figoli.it /usr/sbin/amavisd[20031]: No primary av scanner: F-Secure Antivirus

Jan 20 11:11:26 mail.figoli.it /usr/sbin/amavisd[20031]: No primary av scanner: CAI InoculateIT

Jan 20 11:11:26 mail.figoli.it /usr/sbin/amavisd[20031]: No primary av scanner: CAI eTrust Antivirus

Jan 20 11:11:26 mail.figoli.it /usr/sbin/amavisd[20031]: No primary av scanner: MkS_Vir for Linux (beta)

Jan 20 11:11:26 mail.figoli.it /usr/sbin/amavisd[20031]: No primary av scanner: MkS_Vir daemon

Jan 20 11:11:26 mail.figoli.it /usr/sbin/amavisd[20031]: No primary av scanner: ESET Software NOD32

Jan 20 11:11:26 mail.figoli.it /usr/sbin/amavisd[20031]: No primary av scanner: ESET Software NOD32 - Client/Server Version

Jan 20 11:11:26 mail.figoli.it /usr/sbin/amavisd[20031]: No primary av scanner: Norman Virus Control v5 / Linux

Jan 20 11:11:26 mail.figoli.it /usr/sbin/amavisd[20031]: No primary av scanner: Panda Antivirus for Linux

Jan 20 11:11:26 mail.figoli.it /usr/sbin/amavisd[20031]: No primary av scanner: NAI McAfee AntiVirus (uvscan)

Jan 20 11:11:26 mail.figoli.it /usr/sbin/amavisd[20031]: No primary av scanner: VirusBuster

Jan 20 11:11:26 mail.figoli.it /usr/sbin/amavisd[20031]: No primary av scanner: CyberSoft VFind

Jan 20 11:11:26 mail.figoli.it /usr/sbin/amavisd[20031]: No primary av scanner: Ikarus AntiVirus for Linux

Jan 20 11:11:26 mail.figoli.it /usr/sbin/amavisd[20031]: No primary av scanner: BitDefender

Jan 20 11:11:26 mail.figoli.it /usr/sbin/amavisd[20031]: Found secondary av scanner ClamAV-clamscan at /usr/bin/clamscan

Jan 20 11:11:26 mail.figoli.it /usr/sbin/amavisd[20031]: No secondary av scanner: FRISK F-Prot Antivirus

Jan 20 11:11:26 mail.figoli.it /usr/sbin/amavisd[20031]: No secondary av scanner: Trend Micro FileScanner

Jan 20 11:11:26 mail.figoli.it /usr/sbin/amavisd[20031]: No secondary av scanner: drweb - DrWeb Antivirus

Jan 20 11:11:26 mail.figoli.it /usr/sbin/amavisd[20031]: No secondary av scanner: KasperskyLab kavscanner

Jan 20 11:11:26 mail.figoli.it /usr/sbin/amavisd[20031]: Creating db in /var/amavis/db/; BerkeleyDB 0.26, libdb 4.1

Jan 20 11:11:26 mail.figoli.it /usr/sbin/amavisd[20039]: TIMING [total 11 ms] - bdb-open: 11 (100%)100, rundown: 0 (0%)100

Jan 20 11:11:26 mail.figoli.it /usr/sbin/amavisd[20040]: TIMING [total 11 ms] - bdb-open: 11 (100%)100, rundown: 0 (0%)100

Jan 20 11:11:26 mail.figoli.it /usr/sbin/amavisd[20038]: TIMING [total 65 ms] - bdb-open: 65 (100%)100, rundown: 0 (0%)100

Jan 20 11:11:26 mail.figoli.it /usr/sbin/amavisd[20041]: TIMING [total 24 ms] - bdb-open: 24 (100%)100, rundown: 0 (0%)100

Jan 20 11:11:29 mail.figoli.it /usr/sbin/amavisd[20039]: loaded base policy bank

Jan 20 11:11:29 mail.figoli.it /usr/sbin/amavisd[20039]: lookup_ip_acl (inet_acl): key="127.0.0.1" matches "127.0.0.1", result=1

Jan 20 11:11:29 mail.figoli.it /usr/sbin/amavisd[20039]: prolong_timer after new request - timer reset: remaining time = 300 s

Jan 20 11:11:29 mail.figoli.it /usr/sbin/amavisd[20039]: process_request: suggested_protocol="" on TCP

Jan 20 11:11:29 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) SMTP> 220 [127.0.0.1] ESMTP amavisd-new service ready

Jan 20 11:11:29 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) idle_proc, 4: was busy, 12.9 ms, total idle 0.000 s, busy 0.013 s

Jan 20 11:11:29 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) idle_proc, 5: was idle, 0.7 ms, total idle 0.001 s, busy 0.013 s

Jan 20 11:11:29 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) prolong_timer after reading SMTP command: remaining time = 300 s

Jan 20 11:11:29 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) SMTP< LHLO mail.figoli.it\r\n

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) LMTP> 250-[127.0.0.1]

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) LMTP> 250-PIPELINING

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) LMTP> 250-SIZE

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) LMTP> 250-8BITMIME

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) LMTP> 250-ENHANCEDSTATUSCODES

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) LMTP> 250 XFORWARD NAME ADDR PROTO HELO

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) idle_proc, 6: was busy, 3.9 ms, total idle 0.001 s, busy 0.017 s

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) idle_proc, 5: was idle, 0.6 ms, total idle 0.001 s, busy 0.017 s

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) prolong_timer after reading SMTP command: remaining time = 300 s

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) LMTP< MAIL FROM:<conegliano@dolomitiracing.it> SIZE=184357\r\n

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) prolong_timer after MAIL FROM received - timer reset: remaining time = 300 s

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) check_mail_begin_task: task_count=1

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) prepare_tempdir: creating directory /var/amavis/tmp/amavis-20060120T111130-20039

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) prepare_tempdir: creating file /var/amavis/tmp/amavis-20060120T111130-20039/email.txt

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) lookup (debug_sender) => undef, "conegliano@dolomitiracing.it" does not match

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) LMTP> 250 2.1.0 Sender conegliano@dolomitiracing.it OK

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) idle_proc, 6: was busy, 7.5 ms, total idle 0.001 s, busy 0.024 s

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) idle_proc, 5: was idle, 0.5 ms, total idle 0.002 s, busy 0.024 s

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) prolong_timer after reading SMTP command: remaining time = 300 s

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) LMTP< RCPT TO:<info@teamgallina.com>\r\n

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) LMTP> 250 2.1.5 Recipient info@teamgallina.com OK

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) idle_proc, 6: was busy, 2.1 ms, total idle 0.002 s, busy 0.026 s

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) idle_proc, 5: was idle, 0.5 ms, total idle 0.002 s, busy 0.026 s

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) prolong_timer after reading SMTP command: remaining time = 300 s

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) LMTP< DATA\r\n

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) prolong_timer after DATA received - timer reset: remaining time = 300 s

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) LMTP::10024 /var/amavis/tmp/amavis-20060120T111130-20039: <conegliano@dolomitiracing.it> -> <info@teamgallina.com> Received: SIZE=184357 from mail.figoli.it ([127.0.0.1]) by localhost (mail.figoli.it [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 20039-01 for <info@teamgallina.com>; Fri, 20 Jan 2006 11:11:30 +0100 (CET)

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) LMTP> 354 End data with <CR><LF>.<CR><LF>

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) LMTP< .\r\n

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) setting body type: 7BIT (0,0)

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) body hash: 8316af069916ed19c0698e3c23ab8912

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) Original mail size: 184357; quota set to: 92178500 bytes

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) Checking: uFPgkpIXU0Fr <conegliano@dolomitiracing.it> -> <info@teamgallina.com>

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) query_keys: info@teamgallina.com, info@, teamgallina.com, .teamgallina.com, .com, .

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) lookup_hash(info@teamgallina.com), no matches

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) lookup (bypass_virus_checks) => undef, "info@teamgallina.com" does not match

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) Extracting mime components

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) Issued a new file name: p001

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) Issued a new file name: p002

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) mime_decode_preamble: 2 lines

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) Issued a new pseudo part: p003

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) p003 1 Content-Type: multipart/mixed

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) Charging 62 bytes to remaining quota 92178500 (out of 92178500, (0%)) - by mime_decode

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) p001 1/1 Content-Type: text/plain, size: 62 B, name: 

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) reparenting p001 from p000 to p003

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) Charging 134043 bytes to remaining quota 92178438 (out of 92178500, (0%)) - by mime_decode

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) p002 1/2 Content-Type: application/x-msdownload, size: 134043 B, name: Word_Document.uu

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) reparenting p002 from p000 to p003

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) prolong_timer after mime_decode-1: remaining time = 300 s

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) decode_parts: level=1, #parts=3 : p001, p002, p003

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) run_command: [20044] /usr/bin/file p001 p002 </dev/null 2>&1

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) result line from file(1): p001: ASCII text

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) lookup_re("ASCII text") matches key "(?i-xsm:^(ASCII|text)\b)", result="asc"

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) lookup (map_full_type_to_short_type) => true,  "ASCII text" matches, result="asc", matching_key="(?i-xsm:^(ASCII|text)\\b)"

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) File-type of p001: ASCII text; (asc)

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) result line from file(1): p002: uuencoded or xxencoded text

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) lookup_re("uuencoded or xxencoded text") matches key "(?i-xsm:^(uuencoded|xxencoded)\b)", result="uue"

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) lookup (map_full_type_to_short_type) => true,  "uuencoded or xxencoded text" matches, result="uue", matching_key="(?i-xsm:^(uuencoded|xxencoded)\\b)"

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) File-type of p002: uuencoded or xxencoded text; (uue)

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) do_ascii: Decoding part p001

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) do_ascii: Decoding part p001 (0 items), uulib V0.5pl20

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) decompose_part: p001 - atomic

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) do_ascii: Decoding part p002

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) do_ascii: Decoding part p002 (1 items), uulib V0.5pl20

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) do_ascii(0): state=0x10, enc=uuencode, est.size=97290, name=Word XP.zip                                       .sCR

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) Issued a new file name: p004

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) Charging 95690 bytes to remaining quota 92044395 (out of 92178500, (0%)) - by do_ascii

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) lookup_re("uuencoded or xxencoded text") matches key "(?i-xsm:^(ASCII(?! cpio)|text|uuencoded|xxencoded|binhex))", result="1"

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) lookup (keep_decoded_original) => true,  "uuencoded or xxencoded text" matches, result="1", matching_key="(?i-xsm:^(ASCII(?! cpio)|text|uuencoded|xxencoded|binhex))"

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) file type is uuencoded or xxencoded text, retain original p002

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) decompose_part: p002 - source retained

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) decode_parts: level=2, #parts=1 : p004

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) run_command: [20045] /usr/bin/file p004 </dev/null 2>&1

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) result line from file(1): p004: MS-DOS executable (EXE), OS/2 or MS Windows

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) lookup_re("MS-DOS executable (EXE), OS/2 or MS Windows") matches key "(?-xism:^MS-DOS\b.*\bexecutable\b)", result=["exe","exe-ms"]

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) lookup (map_full_type_to_short_type) => true,  "MS-DOS executable (EXE), OS/2 or MS Windows" matches, result=["exe","exe-ms"], matching_key="(?-xism:^MS-DOS\\b.*\\bexecutable\\b)"

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) File-type of p004: MS-DOS executable (EXE), OS/2 or MS Windows; (exe, exe-ms)

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) Check whether p004 is a self-extracting archive

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) Unzipping p004

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) do_unzip: not a zip: AZ_FORMAT_ERROR (3)

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) Attempting to expand RAR archive p004

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) Expanding RAR archive p004

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) run_command: [20047] /usr/bin/unrar v -c- -p- -av- -idp -- /var/amavis/tmp/amavis-20060120T111130-20039/parts/p004 </dev/null 2>&1

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) do_unrar: /var/amavis/tmp/amavis-20060120T111130-20039/parts/p004 is not RAR archive\n

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) Attempting to expand LHA archive p004

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) run_command: [20048] /usr/bin/lha lq /var/amavis/tmp/amavis-20060120T111130-20039/parts/p004.exe </dev/null 2>&1

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) do_lha: not a LHA archive() ? exit 1

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) decompose_part: p004 - atomic

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) prolong_timer after parts_decode: remaining time = 300 s

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) query_keys: info@teamgallina.com, info@, teamgallina.com, .teamgallina.com, .com, .

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) lookup_hash(info@teamgallina.com), no matches

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) lookup (bypass_header_checks) => undef, "info@teamgallina.com" does not match

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) check_header: OK

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) Checking for banned types and filenames

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) query_keys: info@teamgallina.com, info@, teamgallina.com, .teamgallina.com, .com, .

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) lookup_hash(info@teamgallina.com), no matches

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) lookup (bypass_banned_checks) => undef, "info@teamgallina.com" does not match

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) lookup: (scalar) matches, result="DEFAULT"

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) lookup (banned_filename), 1 matches for "info@teamgallina.com", results: "(constant:DEFAULT)"=>"DEFAULT"

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) collect banned table[0]: info@teamgallina.com, tables: DEFAULT=>Amavis::Lookup::RE=ARRAY(0x8a922b8)

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) starting banned checks - traversing message structure tree

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) check_for_banned (p003,p001) multipart/mixed | text/plain,.asc

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) doing banned check for info@teamgallina.com on multipart/mixed | text/plain,.asc

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) lookup_re(["multipart/mixed","text/plain",".asc"]), no matches

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) lookup (check_bann:info@teamgallina.com) => undef, ["multipart/mixed","text/plain",".asc"] does not match

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) p.path info@teamgallina.com: "P=p003,L=1,M=multipart/mixed | P=p001,L=1/1,M=text/plain,T=asc"

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) check_for_banned (p003,p002,p004) multipart/mixed | application/x-msdownload,.uue,Word_Document.uu | .exe,.exe-ms,Word XP.zip                                       .sCR

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) doing banned check for info@teamgallina.com on multipart/mixed | application/x-msdownload,.uue,Word_Document.uu | .exe,.exe-ms,Word XP.zip                                       .sCR

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) lookup_re(["multipart/mixed","application/x-msdownload",".uue","Word_Document.uu",".exe",".exe-ms","Word XP.zip                                       .sCR"]) matches key "(?i-xsm:.[^./]*[A-Za-z][^./]*.(exe|vbs|pif|scr|bat|cmd|com|cpl|dll).?$)", result="1"

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) lookup (check_bann:info@teamgallina.com) => true,  ["multipart/mixed","application/x-msdownload",".uue","Word_Document.uu",".exe",".exe-ms","Word XP.zip                                       .sCR"] matches, result="1", matching_key="(?i-xsm:\\.[^./]*[A-Za-z][^./]*\\.(exe|vbs|pif|scr|bat|cmd|com|cpl|dll)\\.?$)"

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) p.path BANNED:1 info@teamgallina.com: "P=p003,L=1,M=multipart/mixed | P=p002,L=1/2,M=application/x-msdownload,T=uue,N=Word_Document.uu | P=p004,L=1/2/1,T=exe,T=exe-ms,N=Word XP.zip                                       .sCR", matching_key="(?i-xsm:\\.[^./]*[A-Za-z][^./]*\\.(exe|vbs|pif|scr|bat|cmd|com|cpl|dll)\\.?$)"

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) banned check: any=1, all=Y (1)

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) lookup_re("MAIL"), no matches

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) lookup (keep_decoded_original) => undef, "MAIL" does not match

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) Using ClamAV-clamd: (built-in interface)

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) ask_av (ClamAV-clamd): query template1: CONTSCAN {}\n

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) Using (ClamAV-clamd) on dir: CONTSCAN /var/amavis/tmp/amavis-20060120T111130-20039/parts\n

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) ClamAV-clamd: Connecting to socket  /var/run/clamav/clamd

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) ClamAV-clamd: Sending CONTSCAN /var/amavis/tmp/amavis-20060120T111130-20039/parts\n to UNIX socket /var/run/clamav/clamd

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) ask_av (ClamAV-clamd) result: /var/amavis/tmp/amavis-20060120T111130-20039/parts/p002: Worm.VB-9 FOUND\n/var/amavis/tmp/amavis-20060120T111130-20039/parts/p004: Worm.VB-8 FOUND\n

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) ask_av (ClamAV-clamd): /var/amavis/tmp/amavis-20060120T111130-20039/parts INFECTED: Worm.VB-9, Worm.VB-8

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) virus_scan: (Worm.VB-9, Worm.VB-8), detected by 1 scanners: ClamAV-clamd

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) prolong_timer after virus_scan: remaining time = 300 s

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) query_keys: info@teamgallina.com, info@, teamgallina.com, .teamgallina.com, .com, .

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) lookup_hash(info@teamgallina.com), no matches

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) lookup (bypass_virus_checks) => undef, "info@teamgallina.com" does not match

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) lookup_re("Worm.VB-9") matches key "(?i-xsm:Worm)", result="1"

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) lookup (viruses_that_fake_sender) => true,  "Worm.VB-9" matches, result="1", matching_key="(?i-xsm:Worm)"

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) Virus Worm.VB-9 matches (?i-xsm:Worm), sender addr ignored

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) parse_received: from = TOMMASO (host98-90.pool8542.interbusiness.it [85.4.../TOMMASO/host98-90.pool8542.interbusiness.it/85.42.90.98

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) parse_received: by = mail.figoli.it /mail.figoli.it//

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) parse_received: with = SMTP /SMTP //

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) parse_received: id = 556EA1B1D5\t/556EA1B1D5\t//

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) parse_received: for = <info@teamgallina.com>/<info@teamgallina.com>//

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) parse_received: ; = Fri, 20 Jan 2006 11:11:22 +0100 (CET)/Fri, 20 Jan 2006 11:11:22 +0100 (CET)//

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) fish_out_ip_from_received: 85.42.90.98, TOMMASO (host98-90.pool8542.interbusiness.it [85.42.90.98])\t

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) lookup_ip_acl (publicnetworks): key="85.42.90.98" matches "[::FFFF:0:0]/96", result=1

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) best_try_originator_ip: 85.42.90.98

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) ip_addr_to_name: DNS reverse-resolving: 85.42.90.98

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) ip_addr_to_name: DNS forward-resolving: host98-90.pool8542.interbusiness.it

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) ip_addr_to_name: returning: host98-90.pool8542.interbusiness.it

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) no anti-spam code loaded, skipping spam_scan

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) query_keys: info@teamgallina.com, info@, teamgallina.com, .teamgallina.com, .com, .

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) lookup_hash(info@teamgallina.com), no matches

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) lookup (virus_lovers) => undef, "info@teamgallina.com" does not match

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) do_virus: looking for per-recipient quarantine and admins

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) lookup: (scalar) matches, result="virus-quarantine"

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) lookup (virus_quarantine_to) => true,  "info@teamgallina.com" matches, result="virus-quarantine", matching_key="(constant:virus-quarantine)"

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) query_keys: info@teamgallina.com, info@, teamgallina.com, .teamgallina.com, .com, .

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) lookup_hash(info@teamgallina.com), no matches

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) lookup: (scalar) matches, result="virus@figoli.it"

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) lookup (virus_admin) => true,  "info@teamgallina.com" matches, result="virus@figoli.it", matching_key="(constant:virus@figoli.it)"

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) lookup (newvirus_admin) => undef, "info@teamgallina.com" does not match

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) header: X-Amavis-Alert: INFECTED, message contains virus: Worm.VB-9, Worm.VB-8\n

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) header: X-Amavis-Alert: BANNED, message contains part:\n multipart/mixed | application/x-msdownload,.uue,Word_Document.uu | .exe,.exe-ms,Word XP.zip ... .sCR\n

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) header: X-Quarantine-Id: <uFPgkpIXU0Fr>\n

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) header: X-Envelope-To: <info@teamgallina.com>\n

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) header: X-Envelope-From: <conegliano@dolomitiracing.it>\n

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) DO_QUARANTINE, sender: 

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) local delivery: <> -> <virus-quarantine>, mbx=/var/bademails/virus/virus-uFPgkpIXU0Fr

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) header: Delivered-To: virus-quarantine\n

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) header: Return-Path: <>\n

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) write_header: 0, IO::File=GLOB(0x8ff7f94)

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) one_response_for_all <>: success, r=0,b=0,d=0, dsn_needed=0, '250 2.6.0 Ok, delivered to /var/bademails/virus/virus-uFPgkpIXU0Fr, id=20039-01'

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) DO_QUARANTINE done

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) DO_VIRUS - NOTIFICATIONS to <virus@figoli.it>; sender: conegliano@dolomitiracing.it

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) lookup_acl(?@host98-90.pool8542.interbusiness.it), no match

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) lookup (local_domains) => undef, "?@host98-90.pool8542.interbusiness.it" does not match

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) parse_received: from = TOMMASO (host98-90.pool8542.interbusiness.it [85.4.../TOMMASO/host98-90.pool8542.interbusiness.it/85.42.90.98

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) parse_received: by = mail.figoli.it /mail.figoli.it//

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) parse_received: with = SMTP /SMTP //

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) parse_received: id = 556EA1B1D5\t/556EA1B1D5\t//

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) parse_received: for = <info@teamgallina.com>/<info@teamgallina.com>//

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) parse_received: ; = Fri, 20 Jan 2006 11:11:22 +0100 (CET)/Fri, 20 Jan 2006 11:11:22 +0100 (CET)//

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) first_received_from: TOMMASO (host98-90.pool8542.interbusiness.it [85.42.90.98])

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) parse_received: from = TOMMASO (host98-90.pool8542.interbusiness.it [85.4.../TOMMASO/host98-90.pool8542.interbusiness.it/85.42.90.98

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) parse_received: by = mail.figoli.it /mail.figoli.it//

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) parse_received: with = SMTP /SMTP //

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) parse_received: id = 556EA1B1D5\t/556EA1B1D5\t//

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) parse_received: for = <info@teamgallina.com>/<info@teamgallina.com>//

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) parse_received: ; = Fri, 20 Jan 2006 11:11:22 +0100 (CET)/Fri, 20 Jan 2006 11:11:22 +0100 (CET)//

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) fish_out_ip_from_received: 85.42.90.98, TOMMASO (host98-90.pool8542.interbusiness.it [85.42.90.98])\t

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) lookup_ip_acl (publicnetworks): key="85.42.90.98" matches "[::FFFF:0:0]/96", result=1

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) best_try_originator_ip: 85.42.90.98

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) string_to_mime_entity Date: Fri, 20 Jan 2006 11:11:30 +0100 (CET)

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) string_to_mime_entity From: "Content-filter at mail.figoli.it" <virusalert@figoli.it>

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) string_to_mime_entity Subject: VIRUS (Worm.VB-9, Worm.VB-8) FROM <?@host98-90.pool8542.interbusiness.it>

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) string_to_mime_entity To: <virus@figoli.it>

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) string_to_mime_entity Message-ID: <VAuFPgkpIXU0Fr@mail>

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) (about to connect to [127.0.0.1]:10026) SEND via SMTP: <virusalert@figoli.it> -> <virus@figoli.it>

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) Remote host presents itself as: mail.figoli.it

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) prolong_timer after fwd-connect: remaining time = 300 s

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) AUTH not needed, user='', MTA offers 'LOGIN PLAIN'

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) prolong_timer after fwd-mail-from: remaining time = 300 s

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) response to RCPT TO for <virus@figoli.it>: "250 Ok"

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) prolong_timer after fwd-rcpt-to: remaining time = 300 s

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) response to DATA: "354 End data with <CR><LF>.<CR><LF>"

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) write_header: 1, Amavis::Out=HASH(0x9001628)

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) prolong_timer after fwd-data: remaining time = 300 s

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) prolong_timer after fwd-data-end: remaining time = 300 s

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) response to data end: "250 Ok: queued as CA0471BE92"

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) prolong_timer after fwd-rundown-1: remaining time = 300 s

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) SEND via SMTP: <virusalert@figoli.it> -> <virus@figoli.it>, 250 2.6.0 Ok, id=20039-01, from MTA([127.0.0.1]:10026): 250 Ok: queued as CA0471BE92

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) one_response_for_all <virusalert@figoli.it>: success, r=0,b=0,d=0, dsn_needed=0, '250 2.6.0 Ok, id=20039-01, from MTA([127.0.0.1]:10026): 250 Ok: queued as CA0471BE92'

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) lookup_acl(info@teamgallina.com), no match

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) lookup (local_domains) => undef, "info@teamgallina.com" does not match

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) DO_VIRUS - DONE

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) prolong_timer after checking_sender_ip: remaining time = 300 s

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) one_response_for_all <conegliano@dolomitiracing.it>: all DISCARD, '250 2.7.1 Ok, discarded, id=20039-01 - VIRUS: Worm.VB-9, Worm.VB-8'

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) warnsender_with_pass=0 (,,,), dsn_needed=, cnt=, exit=0, 250 2.7.1 Ok, discarded, id=20039-01 - VIRUS: Worm.VB-9, Worm.VB-8

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) prolong_timer after delivery-notification: remaining time = 300 s

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) parse_received: from = TOMMASO (host98-90.pool8542.interbusiness.it [85.4.../TOMMASO/host98-90.pool8542.interbusiness.it/85.42.90.98

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) parse_received: by = mail.figoli.it /mail.figoli.it//

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) parse_received: with = SMTP /SMTP //

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) parse_received: id = 556EA1B1D5\t/556EA1B1D5\t//

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) parse_received: for = <info@teamgallina.com>/<info@teamgallina.com>//

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) parse_received: ; = Fri, 20 Jan 2006 11:11:22 +0100 (CET)/Fri, 20 Jan 2006 11:11:22 +0100 (CET)//

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) fish_out_ip_from_received: 85.42.90.98, TOMMASO (host98-90.pool8542.interbusiness.it [85.42.90.98])\t

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) lookup_ip_acl (publicnetworks): key="85.42.90.98" matches "[::FFFF:0:0]/96", result=1

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) best_try_originator_ip: 85.42.90.98

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) Blocked INFECTED (Worm.VB-9, Worm.VB-8), [85.42.90.98] <?@host98-90.pool8542.interbusiness.it> -> <info@teamgallina.com>, quarantine: virus/virus-uFPgkpIXU0Fr, Message-ID: <20060120101122.556EA1B1D5@mail.figoli.it>, mail_id: uFPgkpIXU0Fr, Hits: -, 987 ms

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) updating snmp variables

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) sending LMTP response for <info@teamgallina.com>: "250 2.7.1 Ok, discarded, id=20039-01 - VIRUS: Worm.VB-9, Worm.VB-8"

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) timer stopped after DATA end

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) strip_tempdir: /var/amavis/tmp/amavis-20060120T111130-20039

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) rmdir_recursively: /var/amavis/tmp/amavis-20060120T111130-20039/parts, excl=1

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) TIMING [total 997 ms] - SMTP LHLO: 15 (2%)2, SMTP pre-MAIL: 4 (0%)2, mkdir tempdir: 2 (0%)2, create email.txt: 1 (0%)2, SMTP pre-DATA-flush: 11 (1%)3, SMTP DATA: 81 (8%)11, body_digest: 11 (1%)13, gen_mail_id: 2 (0%)13, mkdir parts: 1 (0%)13, mime_decode: 90 (9%)22, get-file-type2: 26 (3%)25, decompose_part: 3 (0%)25, decompose_part: 206 (21%)46, get-file-type1: 19 (2%)47, decompose_part: 73 (7%)55, parts_decode: 0 (0%)55, AV-scan-1: 178 (18%)73, read_snmp_variables: 2 (0%)73, best_try_originator: 20 (2%)75, update_cache: 3 (0%)75, write-header: 19 (2%)77, save-to-local-mailbox: 4 (0%)77, fwd-connect: 65 (7%)84, fwd-mail-from: 2 (0%)84, fwd-rcpt-to: 8 (1%)85, write-header: 5 (0%)86, fwd-data: 9 (1%)86, fwd-data-end: 86 (9%)95, fwd-rundown: 6 (1%)96, main_log_entry: 34 (3%)99, update_snmp: 4 (0%)100, unlink-3-files: 4 (0%)100, rundown: 1 (0%)100

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) LMTP> 250 2.7.1 Ok, discarded, id=20039-01 - VIRUS: Worm.VB-9, Worm.VB-8

Jan 20 11:11:30 mail.figoli.it /usr/sbin/amavisd[20039]: (20039-01) idle_proc, 6: was busy, 970.2 ms, total idle 0.002 s, busy 0.997 s

Jan 20 11:11:47 mail.figoli.it /usr/sbin/amavisd[20040]: loaded base policy bank

Jan 20 11:11:47 mail.figoli.it /usr/sbin/amavisd[20040]: lookup_ip_acl (inet_acl): key="127.0.0.1" matches "127.0.0.1", result=1

Jan 20 11:11:47 mail.figoli.it /usr/sbin/amavisd[20040]: prolong_timer after new request - timer reset: remaining time = 300 s

Jan 20 11:11:47 mail.figoli.it /usr/sbin/amavisd[20040]: process_request: suggested_protocol="" on TCP

Jan 20 11:11:47 mail.figoli.it /usr/sbin/amavisd[20040]: (20040-01) SMTP> 220 [127.0.0.1] ESMTP amavisd-new service ready

Jan 20 11:11:47 mail.figoli.it /usr/sbin/amavisd[20040]: (20040-01) idle_proc, 4: was busy, 13.7 ms, total idle 0.000 s, busy 0.014 s

Jan 20 11:11:47 mail.figoli.it /usr/sbin/amavisd[20040]: (20040-01) idle_proc, 5: was idle, 2.2 ms, total idle 0.002 s, busy 0.014 s

Jan 20 11:11:47 mail.figoli.it /usr/sbin/amavisd[20040]: (20040-01) prolong_timer after reading SMTP command: remaining time = 300 s

Jan 20 11:11:47 mail.figoli.it /usr/sbin/amavisd[20040]: (20040-01) SMTP< LHLO mail.figoli.it\r\n

Jan 20 11:11:47 mail.figoli.it /usr/sbin/amavisd[20040]: (20040-01) LMTP> 250-[127.0.0.1]

Jan 20 11:11:47 mail.figoli.it /usr/sbin/amavisd[20040]: (20040-01) LMTP> 250-PIPELINING

Jan 20 11:11:47 mail.figoli.it /usr/sbin/amavisd[20040]: (20040-01) LMTP> 250-SIZE

Jan 20 11:11:47 mail.figoli.it /usr/sbin/amavisd[20040]: (20040-01) LMTP> 250-8BITMIME

Jan 20 11:11:47 mail.figoli.it /usr/sbin/amavisd[20040]: (20040-01) LMTP> 250-ENHANCEDSTATUSCODES

Jan 20 11:11:47 mail.figoli.it /usr/sbin/amavisd[20040]: (20040-01) LMTP> 250 XFORWARD NAME ADDR PROTO HELO

Jan 20 11:11:47 mail.figoli.it /usr/sbin/amavisd[20040]: (20040-01) idle_proc, 6: was busy, 4.3 ms, total idle 0.002 s, busy 0.018 s

Jan 20 11:11:47 mail.figoli.it /usr/sbin/amavisd[20040]: (20040-01) idle_proc, 5: was idle, 0.6 ms, total idle 0.003 s, busy 0.018 s

Jan 20 11:11:47 mail.figoli.it /usr/sbin/amavisd[20040]: (20040-01) prolong_timer after reading SMTP command: remaining time = 300 s

Jan 20 11:11:47 mail.figoli.it /usr/sbin/amavisd[20040]: (20040-01) LMTP< MAIL FROM:<mtfiore@rai.it> SIZE=31670\r\n

Jan 20 11:11:47 mail.figoli.it /usr/sbin/amavisd[20040]: (20040-01) prolong_timer after MAIL FROM received - timer reset: remaining time = 300 s

Jan 20 11:11:47 mail.figoli.it /usr/sbin/amavisd[20040]: (20040-01) check_mail_begin_task: task_count=1

Jan 20 11:11:47 mail.figoli.it /usr/sbin/amavisd[20040]: (20040-01) prepare_tempdir: creating directory /var/amavis/tmp/amavis-20060120T111147-20040

Jan 20 11:11:47 mail.figoli.it /usr/sbin/amavisd[20040]: (20040-01) prepare_tempdir: creating file /var/amavis/tmp/amavis-20060120T111147-20040/email.txt

Jan 20 11:11:47 mail.figoli.it /usr/sbin/amavisd[20040]: (20040-01) lookup (debug_sender) => undef, "mtfiore@rai.it" does not match

Jan 20 11:11:47 mail.figoli.it /usr/sbin/amavisd[20040]: (20040-01) LMTP> 250 2.1.0 Sender mtfiore@rai.it OK

Jan 20 11:11:47 mail.figoli.it /usr/sbin/amavisd[20040]: (20040-01) idle_proc, 6: was busy, 7.4 ms, total idle 0.003 s, busy 0.025 s

Jan 20 11:11:47 mail.figoli.it /usr/sbin/amavisd[20040]: (20040-01) idle_proc, 5: was idle, 0.5 ms, total idle 0.003 s, busy 0.025 s

Jan 20 11:11:47 mail.figoli.it /usr/sbin/amavisd[20040]: (20040-01) prolong_timer after reading SMTP command: remaining time = 300 s

Jan 20 11:11:47 mail.figoli.it /usr/sbin/amavisd[20040]: (20040-01) LMTP< RCPT TO:<programmi@antenna3.tv>\r\n

Jan 20 11:11:47 mail.figoli.it /usr/sbin/amavisd[20040]: (20040-01) LMTP> 250 2.1.5 Recipient programmi@antenna3.tv OK

Jan 20 11:11:47 mail.figoli.it /usr/sbin/amavisd[20040]: (20040-01) idle_proc, 6: was busy, 2.2 ms, total idle 0.003 s, busy 0.028 s

Jan 20 11:11:47 mail.figoli.it /usr/sbin/amavisd[20040]: (20040-01) idle_proc, 5: was idle, 0.5 ms, total idle 0.004 s, busy 0.028 s

Jan 20 11:11:47 mail.figoli.it /usr/sbin/amavisd[20040]: (20040-01) prolong_timer after reading SMTP command: remaining time = 300 s

Jan 20 11:11:47 mail.figoli.it /usr/sbin/amavisd[20040]: (20040-01) LMTP< DATA\r\n

Jan 20 11:11:47 mail.figoli.it /usr/sbin/amavisd[20040]: (20040-01) prolong_timer after DATA received - timer reset: remaining time = 300 s

Jan 20 11:11:47 mail.figoli.it /usr/sbin/amavisd[20040]: (20040-01) LMTP::10024 /var/amavis/tmp/amavis-20060120T111147-20040: <mtfiore@rai.it> -> <programmi@antenna3.tv> Received: SIZE=31670 from mail.figoli.it ([127.0.0.1]) by localhost (mail.figoli.it [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 20040-01 for <programmi@antenna3.tv>; Fri, 20 Jan 2006 11:11:47 +0100 (CET)

Jan 20 11:11:47 mail.figoli.it /usr/sbin/amavisd[20040]: (20040-01) LMTP> 354 End data with <CR><LF>.<CR><LF>

Jan 20 11:11:47 mail.figoli.it /usr/sbin/amavisd[20040]: (20040-01) LMTP< .\r\n

Jan 20 11:11:47 mail.figoli.it /usr/sbin/amavisd[20040]: (20040-01) setting body type: 7BIT (0,0)

Jan 20 11:11:47 mail.figoli.it /usr/sbin/amavisd[20040]: (20040-01) body hash: ceb491a2cc2c16c7238d89a4e0d210d1

Jan 20 11:11:47 mail.figoli.it /usr/sbin/amavisd[20040]: (20040-01) Original mail size: 31670; quota set to: 15835000 bytes

Jan 20 11:11:47 mail.figoli.it /usr/sbin/amavisd[20040]: (20040-01) Checking: Rc9nHMDXvvai <mtfiore@rai.it> -> <programmi@antenna3.tv>

Jan 20 11:11:47 mail.figoli.it /usr/sbin/amavisd[20040]: (20040-01) query_keys: programmi@antenna3.tv, programmi@, antenna3.tv, .antenna3.tv, .tv, .

Jan 20 11:11:47 mail.figoli.it /usr/sbin/amavisd[20040]: (20040-01) lookup_hash(programmi@antenna3.tv), no matches

Jan 20 11:11:47 mail.figoli.it /usr/sbin/amavisd[20040]: (20040-01) lookup (bypass_virus_checks) => undef, "programmi@antenna3.tv" does not match

Jan 20 11:11:47 mail.figoli.it /usr/sbin/amavisd[20040]: (20040-01) Extracting mime components

Jan 20 11:11:47 mail.figoli.it /usr/sbin/amavisd[20040]: (20040-01) Issued a new file name: p001

Jan 20 11:11:47 mail.figoli.it /usr/sbin/amavisd[20040]: (20040-01) Issued a new file name: p002

Jan 20 11:11:47 mail.figoli.it /usr/sbin/amavisd[20040]: (20040-01) mime_decode_preamble: 2 lines

Jan 20 11:11:47 mail.figoli.it /usr/sbin/amavisd[20040]: (20040-01) Issued a new pseudo part: p003

Jan 20 11:11:47 mail.figoli.it /usr/sbin/amavisd[20040]: (20040-01) p003 1 Content-Type: multipart/mixed

Jan 20 11:11:47 mail.figoli.it /usr/sbin/amavisd[20040]: (20040-01) mime_decode_epilogue: 2 lines

Jan 20 11:11:47 mail.figoli.it /usr/sbin/amavisd[20040]: (20040-01) Charging 21 bytes to remaining quota 15835000 (out of 15835000, (0%)) - by mime_decode

Jan 20 11:11:47 mail.figoli.it /usr/sbin/amavisd[20040]: (20040-01) p001 1/1 Content-Type: text/plain, size: 21 B, name: 

Jan 20 11:11:47 mail.figoli.it /usr/sbin/amavisd[20040]: (20040-01) reparenting p001 from p000 to p003

Jan 20 11:11:47 mail.figoli.it /usr/sbin/amavisd[20040]: (20040-01) Charging 22412 bytes to remaining quota 15834979 (out of 15835000, (0%)) - by mime_decode

Jan 20 11:11:47 mail.figoli.it /usr/sbin/amavisd[20040]: (20040-01) p002 1/2 Content-Type: application/octet-stream, size: 22412 B, name: Textfile.zip

Jan 20 11:11:47 mail.figoli.it /usr/sbin/amavisd[20040]: (20040-01) reparenting p002 from p000 to p003

Jan 20 11:11:47 mail.figoli.it /usr/sbin/amavisd[20040]: (20040-01) prolong_timer after mime_decode-1: remaining time = 300 s

Jan 20 11:11:47 mail.figoli.it /usr/sbin/amavisd[20040]: (20040-01) decode_parts: level=1, #parts=3 : p001, p002, p003

Jan 20 11:11:47 mail.figoli.it /usr/sbin/amavisd[20040]: (20040-01) run_command: [20070] /usr/bin/file p001 p002 </dev/null 2>&1

Jan 20 11:11:47 mail.figoli.it /usr/sbin/amavisd[20040]: (20040-01) result line from file(1): p001: ASCII text

Jan 20 11:11:47 mail.figoli.it /usr/sbin/amavisd[20040]: (20040-01) lookup_re("ASCII text") matches key "(?i-xsm:^(ASCII|text)\b)", result="asc"

Jan 20 11:11:47 mail.figoli.it /usr/sbin/amavisd[20040]: (20040-01) lookup (map_full_type_to_short_type) => true,  "ASCII text" matches, result="asc", matching_key="(?i-xsm:^(ASCII|text)\\b)"

Jan 20 11:11:47 mail.figoli.it /usr/sbin/amavisd[20040]: (20040-01) File-type of p001: ASCII text; (asc)

Jan 20 11:11:47 mail.figoli.it /usr/sbin/amavisd[20040]: (20040-01) result line from file(1): p002: Zip archive data, at least v1.0 to extract

Jan 20 11:11:47 mail.figoli.it /usr/sbin/amavisd[20040]: (20040-01) lookup_re("Zip archive data, at least v1.0 to extract") matches key "(?i-xsm:^Zip archive\b)", result="zip"

Jan 20 11:11:47 mail.figoli.it /usr/sbin/amavisd[20040]: (20040-01) lookup (map_full_type_to_short_type) => true,  "Zip archive data, at least v1.0 to extract" matches, result="zip", matching_key="(?i-xsm:^Zip archive\\b)"

Jan 20 11:11:47 mail.figoli.it /usr/sbin/amavisd[20040]: (20040-01) File-type of p002: Zip archive data, at least v1.0 to extract; (zip)

Jan 20 11:11:47 mail.figoli.it /usr/sbin/amavisd[20040]: (20040-01) do_ascii: Decoding part p001

Jan 20 11:11:47 mail.figoli.it /usr/sbin/amavisd[20040]: (20040-01) do_ascii: Decoding part p001 (0 items), uulib V0.5pl20

Jan 20 11:11:47 mail.figoli.it /usr/sbin/amavisd[20040]: (20040-01) decompose_part: p001 - atomic

Jan 20 11:11:47 mail.figoli.it /usr/sbin/amavisd[20040]: (20040-01) Unzipping p002

Jan 20 11:11:47 mail.figoli.it /usr/sbin/amavisd[20040]: (20040-01) Issued a new file name: p004

Jan 20 11:11:47 mail.figoli.it /usr/sbin/amavisd[20040]: (20040-01) Charging 22016 bytes to remaining quota 15812567 (out of 15835000, (0%)) - by do_unzip

Jan 20 11:11:47 mail.figoli.it /usr/sbin/amavisd[20040]: (20040-01) lookup_re("Zip archive data, at least v1.0 to extract"), no matches

Jan 20 11:11:47 mail.figoli.it /usr/sbin/amavisd[20040]: (20040-01) lookup (keep_decoded_original) => undef, "Zip archive data, at least v1.0 to extract" does not match

Jan 20 11:11:47 mail.figoli.it /usr/sbin/amavisd[20040]: (20040-01) decompose_part: deleting /var/amavis/tmp/amavis-20060120T111147-20040/parts/p002

Jan 20 11:11:47 mail.figoli.it /usr/sbin/amavisd[20040]: (20040-01) decompose_part: p002 - archive, unpacked

Jan 20 11:11:47 mail.figoli.it /usr/sbin/amavisd[20040]: (20040-01) decode_parts: level=2, #parts=1 : p004

Jan 20 11:11:47 mail.figoli.it /usr/sbin/amavisd[20040]: (20040-01) run_command: [20071] /usr/bin/file p004 </dev/null 2>&1

Jan 20 11:11:47 mail.figoli.it /usr/sbin/amavisd[20040]: (20040-01) result line from file(1): p004: MS-DOS executable (EXE), OS/2 or MS Windows

Jan 20 11:11:47 mail.figoli.it /usr/sbin/amavisd[20040]: (20040-01) lookup_re("MS-DOS executable (EXE), OS/2 or MS Windows") matches key "(?-xism:^MS-DOS\b.*\bexecutable\b)", result=["exe","exe-ms"]

Jan 20 11:11:47 mail.figoli.it /usr/sbin/amavisd[20040]: (20040-01) lookup (map_full_type_to_short_type) => true,  "MS-DOS executable (EXE), OS/2 or MS Windows" matches, result=["exe","exe-ms"], matching_key="(?-xism:^MS-DOS\\b.*\\bexecutable\\b)"

Jan 20 11:11:47 mail.figoli.it /usr/sbin/amavisd[20040]: (20040-01) File-type of p004: MS-DOS executable (EXE), OS/2 or MS Windows; (exe, exe-ms)

Jan 20 11:11:47 mail.figoli.it /usr/sbin/amavisd[20040]: (20040-01) Check whether p004 is a self-extracting archive

Jan 20 11:11:47 mail.figoli.it /usr/sbin/amavisd[20040]: (20040-01) Unzipping p004

Jan 20 11:11:47 mail.figoli.it /usr/sbin/amavisd[20040]: (20040-01) do_unzip: not a zip: AZ_FORMAT_ERROR (3)

Jan 20 11:11:47 mail.figoli.it /usr/sbin/amavisd[20040]: (20040-01) Attempting to expand RAR archive p004

Jan 20 11:11:47 mail.figoli.it /usr/sbin/amavisd[20040]: (20040-01) Expanding RAR archive p004

Jan 20 11:11:47 mail.figoli.it /usr/sbin/amavisd[20040]: (20040-01) run_command: [20073] /usr/bin/unrar v -c- -p- -av- -idp -- /var/amavis/tmp/amavis-20060120T111147-20040/parts/p004 </dev/null 2>&1

Jan 20 11:11:47 mail.figoli.it /usr/sbin/amavisd[20040]: (20040-01) do_unrar: /var/amavis/tmp/amavis-20060120T111147-20040/parts/p004 is not RAR archive\n

Jan 20 11:11:47 mail.figoli.it /usr/sbin/amavisd[20040]: (20040-01) Attempting to expand LHA archive p004

Jan 20 11:11:47 mail.figoli.it /usr/sbin/amavisd[20040]: (20040-01) run_command: [20074] /usr/bin/lha lq /var/amavis/tmp/amavis-20060120T111147-20040/parts/p004.exe </dev/null 2>&1

Jan 20 11:11:47 mail.figoli.it /usr/sbin/amavisd[20040]: (20040-01) do_lha: not a LHA archive() ? exit 1

Jan 20 11:11:47 mail.figoli.it /usr/sbin/amavisd[20040]: (20040-01) decompose_part: p004 - atomic

Jan 20 11:11:47 mail.figoli.it /usr/sbin/amavisd[20040]: (20040-01) prolong_timer after parts_decode: remaining time = 300 s

Jan 20 11:11:47 mail.figoli.it /usr/sbin/amavisd[20040]: (20040-01) query_keys: programmi@antenna3.tv, programmi@, antenna3.tv, .antenna3.tv, .tv, .

Jan 20 11:11:47 mail.figoli.it /usr/sbin/amavisd[20040]: (20040-01) lookup_hash(programmi@antenna3.tv), no matches

Jan 20 11:11:47 mail.figoli.it /usr/sbin/amavisd[20040]: (20040-01) lookup (bypass_header_checks) => undef, "programmi@antenna3.tv" does not match

Jan 20 11:11:47 mail.figoli.it /usr/sbin/amavisd[20040]: (20040-01) check_header: OK

Jan 20 11:11:47 mail.figoli.it /usr/sbin/amavisd[20040]: (20040-01) Checking for banned types and filenames

Jan 20 11:11:47 mail.figoli.it /usr/sbin/amavisd[20040]: (20040-01) query_keys: programmi@antenna3.tv, programmi@, antenna3.tv, .antenna3.tv, .tv, .

Jan 20 11:11:47 mail.figoli.it /usr/sbin/amavisd[20040]: (20040-01) lookup_hash(programmi@antenna3.tv), no matches

Jan 20 11:11:47 mail.figoli.it /usr/sbin/amavisd[20040]: (20040-01) lookup (bypass_banned_checks) => undef, "programmi@antenna3.tv" does not match

Jan 20 11:11:47 mail.figoli.it /usr/sbin/amavisd[20040]: (20040-01) lookup: (scalar) matches, result="DEFAULT"

Jan 20 11:11:47 mail.figoli.it /usr/sbin/amavisd[20040]: (20040-01) lookup (banned_filename), 1 matches for "programmi@antenna3.tv", results: "(constant:DEFAULT)"=>"DEFAULT"

Jan 20 11:11:47 mail.figoli.it /usr/sbin/amavisd[20040]: (20040-01) collect banned table[0]: programmi@antenna3.tv, tables: DEFAULT=>Amavis::Lookup::RE=ARRAY(0x8a922b8)

Jan 20 11:11:47 mail.figoli.it /usr/sbin/amavisd[20040]: (20040-01) starting banned checks - traversing message structure tree

Jan 20 11:11:47 mail.figoli.it /usr/sbin/amavisd[20040]: (20040-01) check_for_banned (p003,p001) multipart/mixed | text/plain,.asc

Jan 20 11:11:47 mail.figoli.it /usr/sbin/amavisd[20040]: (20040-01) doing banned check for programmi@antenna3.tv on multipart/mixed | text/plain,.asc

Jan 20 11:11:47 mail.figoli.it /usr/sbin/amavisd[20040]: (20040-01) lookup_re(["multipart/mixed","text/plain",".asc"]), no matches

Jan 20 11:11:47 mail.figoli.it /usr/sbin/amavisd[20040]: (20040-01) lookup (check_bann:programmi@antenna3.tv) => undef, ["multipart/mixed","text/plain",".asc"] does not match

Jan 20 11:11:47 mail.figoli.it /usr/sbin/amavisd[20040]: (20040-01) p.path programmi@antenna3.tv: "P=p003,L=1,M=multipart/mixed | P=p001,L=1/1,M=text/plain,T=asc"

Jan 20 11:11:47 mail.figoli.it /usr/sbin/amavisd[20040]: (20040-01) check_for_banned (p003,p002,p004) multipart/mixed | application/octet-stream,.zip,Textfile.zip | .exe,.exe-ms,Textfile.txt                                                                                                                                     .exe

Jan 20 11:11:47 mail.figoli.it /usr/sbin/amavisd[20040]: (20040-01) doing banned check for programmi@antenna3.tv on multipart/mixed | application/octet-stream,.zip,Textfile.zip | .exe,.exe-ms,Textfile.txt                                                                                                                                     .exe

Jan 20 11:11:47 mail.figoli.it /usr/sbin/amavisd[20040]: (20040-01) lookup_re(["multipart/mixed","application/octet-stream",".zip","Textfile.zip",".exe",".exe-ms","Textfile.txt                                                                                                                                     .exe"]) matches key "(?i-xsm:.[^./]*[A-Za-z][^./]*.(exe|vbs|pif|scr|bat|cmd|com|cpl|dll).?$)", result="1"

Jan 20 11:11:47 mail.figoli.it /usr/sbin/amavisd[20040]: (20040-01) lookup (check_bann:programmi@antenna3.tv) => true,  ["multipart/mixed","application/octet-stream",".zip","Textfile.zip",".exe",".exe-ms","Textfile.txt                                                                                                                                     .exe"] matches, result="1", matching_key="(?i-xsm:\\.[^./]*[A-Za-z][^./]*\\.(exe|vbs|pif|scr|bat|cmd|com|cpl|dll)\\.?$)"

Jan 20 11:11:47 mail.figoli.it /usr/sbin/amavisd[20040]: (20040-01) p.path BANNED:1 programmi@antenna3.tv: "P=p003,L=1,M=multipart/mixed | P=p002,L=1/2,M=application/octet-stream,T=zip,N=Textfile.zip | P=p004,L=1/2/1,T=exe,T=exe-ms,N=Textfile.txt                                                                                                                                     .exe", matching_key="(?i-xsm:\\.[^./]*[A-Za-z][^./]*\\.(exe|vbs|pif|scr|bat|cmd|com|cpl|dll)\\.?$)"

Jan 20 11:11:47 mail.figoli.it /usr/sbin/amavisd[20040]: (20040-01) banned check: any=1, all=Y (1)

Jan 20 11:11:47 mail.figoli.it /usr/sbin/amavisd[20040]: (20040-01) lookup_re("MAIL"), no matches

Jan 20 11:11:47 mail.figoli.it /usr/sbin/amavisd[20040]: (20040-01) lookup (keep_decoded_original) => undef, "MAIL" does not match

Jan 20 11:11:47 mail.figoli.it /usr/sbin/amavisd[20040]: (20040-01) files_to_scan: info: part p002 (zip) no longer present

Jan 20 11:11:47 mail.figoli.it /usr/sbin/amavisd[20040]: (20040-01) Using ClamAV-clamd: (built-in interface)

Jan 20 11:11:47 mail.figoli.it /usr/sbin/amavisd[20040]: (20040-01) ask_av (ClamAV-clamd): query template1: CONTSCAN {}\n

Jan 20 11:11:47 mail.figoli.it /usr/sbin/amavisd[20040]: (20040-01) Using (ClamAV-clamd) on dir: CONTSCAN /var/amavis/tmp/amavis-20060120T111147-20040/parts\n

Jan 20 11:11:47 mail.figoli.it /usr/sbin/amavisd[20040]: (20040-01) ClamAV-clamd: Connecting to socket  /var/run/clamav/clamd

Jan 20 11:11:47 mail.figoli.it /usr/sbin/amavisd[20040]: (20040-01) ClamAV-clamd: Sending CONTSCAN /var/amavis/tmp/amavis-20060120T111147-20040/parts\n to UNIX socket /var/run/clamav/clamd

Jan 20 11:11:47 mail.figoli.it /usr/sbin/amavisd[20040]: (20040-01) ask_av (ClamAV-clamd) result: /var/amavis/tmp/amavis-20060120T111147-20040/parts/p004: Worm.SomeFool.Z FOUND\n

Jan 20 11:11:47 mail.figoli.it /usr/sbin/amavisd[20040]: (20040-01) ask_av (ClamAV-clamd): /var/amavis/tmp/amavis-20060120T111147-20040/parts INFECTED: Worm.SomeFool.Z

Jan 20 11:11:47 mail.figoli.it /usr/sbin/amavisd[20040]: (20040-01) virus_scan: (Worm.SomeFool.Z), detected by 1 scanners: ClamAV-clamd

Jan 20 11:11:47 mail.figoli.it /usr/sbin/amavisd[20040]: (20040-01) prolong_timer after virus_scan: remaining time = 300 s

Jan 20 11:11:47 mail.figoli.it /usr/sbin/amavisd[20040]: (20040-01) query_keys: programmi@antenna3.tv, programmi@, antenna3.tv, .antenna3.tv, .tv, .

Jan 20 11:11:47 mail.figoli.it /usr/sbin/amavisd[20040]: (20040-01) lookup_hash

----------

## magic919

Found this in your amavisd config

```
# The following example disables spam checking altogether,

# since it matches any recipient e-mail address.

@bypass_spam_checks_maps = (1);

```

----------

## gab74

Thankyou very much !!!

yes there was another line to comment !!!

Many tanks again !!!

----------

## magic919

This was the key part of my post

 *Quote:*   

> There are a couple of references to allowing SA if I recall correctly.

 

Gets them every time.

Glad you got it sorted.

----------

