Date: Wed, 3 Aug 2005 20:41:53 -0500 (CDT) From: Denny White <dennyboy@cableone.net> To: Martin Welk <mw@theatre.sax.de> Cc: NKoch@demig.de, freebsd-questions@freebsd.org Subject: Re: antivir-milter question Message-ID: <20050803203002.B709@dualman.cableone.net> In-Reply-To: <20050803211223.GB97146@theatre.sax.de> References: <20050803085535.N85321@dualman.cableone.net> <20050803211223.GB97146@theatre.sax.de>
next in thread | previous in thread | raw e-mail | index | archive | help
Today Martin Welk had this to say: > On Wed, Aug 03, 2005 at 09:01:51AM -0500, Denny White wrote: > >> I've read the docs on antivir-milter, installed it, >> set it up to verify downloaded updates with gpg, >> tested it to see if it's checking mail with eicar, >> & everything's working fine. Only thing is, I'd >> like it to show in my messages that they've been >> checked for viruses & I can't seem to get it do >> that. I know that the AddXHeader setting only works >> in commercial version, but it says if you set the >> ModifySubject to YES that it'll show up, as I >> understand it, appended to the subject. I did that >> & restarted it but still no notice. Any ideas/help >> appreciated. >> Denny White > > Hm, I'm using the personal version of antivir-milter, installed it just a > few days ago - and for every checked mail, it puts a header like this in: > X-AntiVirus: checked by AntiVir Milter (version: 1.1.0-7; AVE: 6.31.1.0; > VDF: 6.31.1.54; host: theatre.sax.de) > > I suspect that something else is wrong. Does your sendmail delegate the > mail to antivir-milter? Is it running? It should write some message into > your /var/log/mailog, here's an example. > > Startup: > > ug 3 17:20:05 theatre avmilter[16541]: listening on: inet:3333@localhost > Aug 3 17:20:06 theatre avmilter[16541]: engine version: 6.31.1.0 > Aug 3 17:20:06 theatre avmilter[16541]: vdf version: 6.31.1.54 > Aug 3 17:20:06 theatre avmilter[16541]: addressfilter not active > Aug 3 17:20:06 theatre avmilter[16541]: extension blocking is disabled > Aug 3 17:20:06 theatre avmilter[16541]: running in private mode > Aug 3 17:20:40 theatre sendmail[16570]: j73FKeek016570: > > Later: > > Aug 3 17:20:41 theatre sm-mta[16579]: j73FKfm7016579: Milter add: header: > X-AntiVirus: checked by AntiVir Milter (version: 1.1.0-7; AVE: 6.31 > .1.0; VDF: 6.31.1.54; host: theatre.sax.de) > > I didn't do anything except following the installation instructions, that > means, I've put the required m4 macro string into my mc file and rebuilt > the sendmail.cf. From that on, it was working instantly like a charm > > Oh yes, and with the EICAR test signature it generates an alert mail to the > postmaster and puts the file into the rejected files directory (for my > installation, /var/spool/avmilter/rejected). The only thing I had to change > was the path to sendmail, in /etc/avmilter.conf it isn't set and the > default points to /usr/lib/sendmail - on FreeBSD that's /usr/sbin/sendmail. > > Regards, > Martin > > -- > ,,Oh, there's a lot of opportunities, if you're knowing to take them, > you know, there's a lot of opportunities, if there aren't > you can make them, make or break them!'' (Tennant/Lowe) > I had read where I needed to edit sendmail.mc but couldn't find it. Then read the equivalent mc file for freebsd I needed to edit was /etc/mail/freebsd.mc to which I added: INPUT_MAIL_FILTER( `antivir-milter', `S=unix:/var/spool/avmilter/avmilter.sock, F=T, T=S:10m;R:10m;E:10m' )dnl Then I did a `make install' to rebuild, what I thought, was sendmail.cf, but it's looking like I was way off beam. Here's what's in /var/mail/maillog: Aug 3 01:54:15 dualman avmilter[80193]: listening on: local:/var/spool/avmilter/avmilter.sock Aug 3 01:54:19 dualman avmilter[80193]: engine version: 6.31.1.0 Aug 3 01:54:19 dualman avmilter[80193]: vdf version: 6.31.1.46 Aug 3 01:54:19 dualman avmilter[80193]: addressfilter not active Aug 3 01:54:19 dualman avmilter[80193]: extension blocking is disabled Aug 3 01:54:19 dualman avmilter[80193]: running in private mode Aug 3 19:44:45 dualman avmilter[497]: listening on: local:/var/spool/avmilter/avmilter.sock Aug 3 19:44:50 dualman avmilter[497]: engine version: 6.31.1.0 Aug 3 19:44:50 dualman avmilter[497]: vdf version: 6.31.1.50 Aug 3 19:44:50 dualman avmilter[497]: addressfilter not active Aug 3 19:44:50 dualman avmilter[497]: extension blocking is disabled Aug 3 19:44:50 dualman avmilter[497]: running in private mode It's listening on local:/var/spool/avmilter/avmilter.sock, so apparently I've botched things up. Can you clear up for me about the sendmail.cf? I googled around & read in the fbsd mailing list. The best I could come up with was what I stated earlier, that the file I needed to edit was freebsd.mc Denny White GnuPG key : 0x1644E79A | http://wwwkeys.nl.pgp.net Fingerprint: D0A9 AD44 1F10 E09E 0E67 EC25 CB44 F2E5 1644 E79A
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050803203002.B709>