From owner-freebsd-questions@FreeBSD.ORG Thu Aug 4 01:42:40 2005 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2589A16A41F for ; Thu, 4 Aug 2005 01:42:40 +0000 (GMT) (envelope-from dennyboy@cableone.net) Received: from S1.cableone.net (s1.cableone.net [24.116.0.227]) by mx1.FreeBSD.org (Postfix) with ESMTP id AFDBA43D45 for ; Thu, 4 Aug 2005 01:42:24 +0000 (GMT) (envelope-from dennyboy@cableone.net) Received: from dualman.cableone.net (unverified [24.119.190.179]) by S1.cableone.net (CableOne SMTP Service S1) with ESMTP id 27428802 for multiple; Wed, 03 Aug 2005 18:42:06 -0700 Date: Wed, 3 Aug 2005 20:41:53 -0500 (CDT) From: Denny White To: Martin Welk In-Reply-To: <20050803211223.GB97146@theatre.sax.de> Message-ID: <20050803203002.B709@dualman.cableone.net> References: <20050803085535.N85321@dualman.cableone.net> <20050803211223.GB97146@theatre.sax.de> X-GPG-PUBLIC_KEY: http://wwwkeys.nl.pgp.net X-GPG-FINGERPRINT: D0A9 AD44 1F10 E09E OE67 EC25 CB44 F2E5 1644 E79A MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed X-IP-stats: Incoming Last 1, First 90, in=57, out=0, spam=0 X-External-IP: 24.119.190.179 X-Abuse-Info: Send abuse complaints to abuse@cableone.net Cc: NKoch@demig.de, freebsd-questions@freebsd.org Subject: Re: antivir-milter question X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 04 Aug 2005 01:42:40 -0000 Today Martin Welk had this to say: > On Wed, Aug 03, 2005 at 09:01:51AM -0500, Denny White wrote: > >> I've read the docs on antivir-milter, installed it, >> set it up to verify downloaded updates with gpg, >> tested it to see if it's checking mail with eicar, >> & everything's working fine. Only thing is, I'd >> like it to show in my messages that they've been >> checked for viruses & I can't seem to get it do >> that. I know that the AddXHeader setting only works >> in commercial version, but it says if you set the >> ModifySubject to YES that it'll show up, as I >> understand it, appended to the subject. I did that >> & restarted it but still no notice. Any ideas/help >> appreciated. >> Denny White > > Hm, I'm using the personal version of antivir-milter, installed it just a > few days ago - and for every checked mail, it puts a header like this in: > X-AntiVirus: checked by AntiVir Milter (version: 1.1.0-7; AVE: 6.31.1.0; > VDF: 6.31.1.54; host: theatre.sax.de) > > I suspect that something else is wrong. Does your sendmail delegate the > mail to antivir-milter? Is it running? It should write some message into > your /var/log/mailog, here's an example. > > Startup: > > ug 3 17:20:05 theatre avmilter[16541]: listening on: inet:3333@localhost > Aug 3 17:20:06 theatre avmilter[16541]: engine version: 6.31.1.0 > Aug 3 17:20:06 theatre avmilter[16541]: vdf version: 6.31.1.54 > Aug 3 17:20:06 theatre avmilter[16541]: addressfilter not active > Aug 3 17:20:06 theatre avmilter[16541]: extension blocking is disabled > Aug 3 17:20:06 theatre avmilter[16541]: running in private mode > Aug 3 17:20:40 theatre sendmail[16570]: j73FKeek016570: > > Later: > > Aug 3 17:20:41 theatre sm-mta[16579]: j73FKfm7016579: Milter add: header: > X-AntiVirus: checked by AntiVir Milter (version: 1.1.0-7; AVE: 6.31 > .1.0; VDF: 6.31.1.54; host: theatre.sax.de) > > I didn't do anything except following the installation instructions, that > means, I've put the required m4 macro string into my mc file and rebuilt > the sendmail.cf. From that on, it was working instantly like a charm > > Oh yes, and with the EICAR test signature it generates an alert mail to the > postmaster and puts the file into the rejected files directory (for my > installation, /var/spool/avmilter/rejected). The only thing I had to change > was the path to sendmail, in /etc/avmilter.conf it isn't set and the > default points to /usr/lib/sendmail - on FreeBSD that's /usr/sbin/sendmail. > > Regards, > Martin > > -- > ,,Oh, there's a lot of opportunities, if you're knowing to take them, > you know, there's a lot of opportunities, if there aren't > you can make them, make or break them!'' (Tennant/Lowe) > I had read where I needed to edit sendmail.mc but couldn't find it. Then read the equivalent mc file for freebsd I needed to edit was /etc/mail/freebsd.mc to which I added: INPUT_MAIL_FILTER( `antivir-milter', `S=unix:/var/spool/avmilter/avmilter.sock, F=T, T=S:10m;R:10m;E:10m' )dnl Then I did a `make install' to rebuild, what I thought, was sendmail.cf, but it's looking like I was way off beam. Here's what's in /var/mail/maillog: Aug 3 01:54:15 dualman avmilter[80193]: listening on: local:/var/spool/avmilter/avmilter.sock Aug 3 01:54:19 dualman avmilter[80193]: engine version: 6.31.1.0 Aug 3 01:54:19 dualman avmilter[80193]: vdf version: 6.31.1.46 Aug 3 01:54:19 dualman avmilter[80193]: addressfilter not active Aug 3 01:54:19 dualman avmilter[80193]: extension blocking is disabled Aug 3 01:54:19 dualman avmilter[80193]: running in private mode Aug 3 19:44:45 dualman avmilter[497]: listening on: local:/var/spool/avmilter/avmilter.sock Aug 3 19:44:50 dualman avmilter[497]: engine version: 6.31.1.0 Aug 3 19:44:50 dualman avmilter[497]: vdf version: 6.31.1.50 Aug 3 19:44:50 dualman avmilter[497]: addressfilter not active Aug 3 19:44:50 dualman avmilter[497]: extension blocking is disabled Aug 3 19:44:50 dualman avmilter[497]: running in private mode It's listening on local:/var/spool/avmilter/avmilter.sock, so apparently I've botched things up. Can you clear up for me about the sendmail.cf? I googled around & read in the fbsd mailing list. The best I could come up with was what I stated earlier, that the file I needed to edit was freebsd.mc Denny White GnuPG key : 0x1644E79A | http://wwwkeys.nl.pgp.net Fingerprint: D0A9 AD44 1F10 E09E 0E67 EC25 CB44 F2E5 1644 E79A