Настройка cgpav

От: Камалетдинов С.Э. <CGatePro_at_mx_ru>
Дата: Wed 20 Dec 2006 - 20:37:34 MSK

Доброго всем!

Наткнулся на странное поведение cgpav в свзяке с clamav. FreeBSD 6.1 p-11
CGate last
Clamav 0.88.7
cgpav last

Конфиги cgpav и clamd см в конце.

Лог CGate:
00:32:58.292 2 SMTPI-000004(f23.mail.ru) [210008] received, 1936 bytes 00:32:58.292 2 QUEUE([210008]) from <***@inbox.ru>, 1936 bytes (<E1GwlcQ-0002Ll-00.***-inbox-ru@f23.mail.ru>)

00:32:58.292 1 SYSTEM EXTFILTER 'McAfee' is not found
00:32:58.292 2 QUEUE([210008]) enqueued
00:32:58.295 2 MAILBOX(kamaletdinov/INBOX) {17} appended @0: 56+1790(0) bytes
00:32:58.295 2 MAILBOX(kamaletdinov/INBOX) [210008] stored as 17
00:32:58.295 2 ACCOUNT(kamaletdinov) [210008] delivered

Было послано письмо с @inbox.ru с вложенным eicar.com

Где грабель?

# $Id: cgpav.conf, v 1.4 2005/07/01 12:00:00 farit Exp $ cgpro_home = /var/CommuniGate
cgpro_submitted = /var/CommuniGate/Submitted

tmp_dir = /tmp
max_childs = 10
max_errors = 20

av_timeout = 120
log_facility = local0
infected_action = discard
infected_header = X-Virus-Flag: Yes
add_not_infected_header = false
not_infected_header = X-Virus-Scanned: by cgpav # infected_action = discard
antivirus_email = antivirus
sender_notification = true

recipients_notification = true
postmaster_notification = true
postmaster_account = postmaster
virtual_postmaster_notification = false
virtual_domains =

virtual_domains =
virtual_postmaster_account = postmaster

local_notification = false
local_networks = 127.0.0.1, 192.168.0.0/24
local_networks = 
local_domains =
local_domains =
virus_name_notification = false

fake_virus_strings = Worm.
fake_virus_strings =
charset = koi8-r
sender_subject = VIRUS in your message
recipient_subject = VIRUS in message to you original_message_headers = false
own_text =
russian = true
german = false
french = false
spanish = false
italian = false
tatar = true
latvian = false
ukrainian = false
dutch = false
clamd_socket = /var/run/clamav/clamd

#avpctl_filename = /var/run/aveserver
#sophos_socket = /var/run/sophie
#trophie_socket = /var/run/trophie
#drwebd_socket = /var/run/drwebd.socket

infected_extensions = .pif, .lnk, .scr, .bat, .vbs, .vbe, .js, .com infected_extensions =

virus_quarantine = false
virus_quarantine_dir =
virus_collection = false
virus_collection_dir =

restrictions = false

scan_domains =
scan_domains =
not_scan_domains =
not_scan_domains =

##
## Example config file for the Clam AV daemon
## Please read the clamd.conf(5) manual before editing this file.
##
#Example

LogFile /var/log/clamav/clamd.log

#LogFileUnlock
#LogFileMaxSize 2M
#LogTime
#LogClean
#LogSyslog
#LogFacility LOG_MAIL
#LogVerbose

PidFile /var/run/clamav/clamd.pid
#TemporaryDirectory /var/tmp
DatabaseDirectory /var/db/clamav
LocalSocket /var/run/clamav/clamd
FixStaleSocket

#TCPSocket 3310
#TCPAddr 127.0.0.1
#MaxConnectionQueueLength 30
#StreamMaxLength 20M
#StreamMinPort 30000
#StreamMaxPort 32000
#MaxThreads 20
#ReadTimeout 300
#IdleTimeout 60
#MaxDirectoryRecursion 20
#FollowDirectorySymlinks
#FollowFileSymlinks
#SelfCheck 600
#VirusEvent /usr/local/bin/send_sms 123456789 "VIRUS ALERT: %v"

User root
AllowSupplementaryGroups

#ExitOnOOM
#Foreground
#Debug
#LeaveTemporaryFiles
#DisableDefaultScanOptions
#ScanPE
#DetectBrokenExecutables
#ScanOLE2

ScanMail

#MailFollowURLs
#MailMaxRecursion 128
#ScanHTML
#ScanArchive
#ScanRAR
#ArchiveMaxFileSize 15M
#ArchiveMaxRecursion 9
#ArchiveMaxFiles 1500
#ArchiveMaxCompressionRatio 300
#ArchiveLimitMemoryUsage
#ArchiveBlockEncrypted
#ArchiveBlockMax
#ClamukoScanOnAccess
#ClamukoScanOnOpen
#ClamukoScanOnClose
#ClamukoScanOnExec
#ClamukoIncludePath /home
#ClamukoIncludePath /students
#ClamukoExcludePath /home/guru
#ClamukoMaxFileSize 10M

-- 
С уважением,
 Камалетдинов                          mailto:kamaletdinov@esc-kazan.ru

Получено Wed Dec 20 17:37:55 2006