Put clamav and amavis togther, fix spam filtering

2016-03-02 22:31:44 +01:00
parent e9ae250d7d
commit f51180415c
10 changed files with 16 additions and 33 deletions
--- a/amavis/conf/amavisd.conf
+++ b/amavis/conf/amavisd.conf
@@ -17,14 +17,15 @@ $TEMPBASE = "$MYHOME/tmp";
 $ENV{TMPDIR} = $TEMPBASE;
 $QUARANTINEDIR = '/var/amavis/quarantine';

-$log_level = 2;
+$log_level = 1;
 $do_syslog = 1;

 $enable_db = 1;
 $nanny_details_level = 2;
 $enable_dkim_verification = 1;

-@local_domains_maps = ( [".$mydomain"] );
+@local_domains_maps = ( ["."] );
+@local_domains_acl = ( "." );

@mynetworks = qw( 127.0.0.0/8 [::1] [FE80::]/10 [FEC0::]/10
                  10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 );
@@ -33,7 +34,7 @@ $enable_dkim_verification = 1;
 $unix_socketname = "$MYHOME/amavisd.sock";
 $inet_socket_port = 2525;
 $inet_socket_bind = undef;
-$forward_method = 'lmtp:lmtp:25';
+$forward_method = 'lmtp:lmtp:2525';

 ###############
 # Policies
@@ -63,7 +64,7 @@ $recipient_delimiter = '+';
 # Antispam
 ###############

-$sa_tag_level_deflt  = 2.0;  # add spam info headers if at, or above that level
+$sa_tag_level_deflt  = -9999;  # add spam info headers if at, or above that level
 $sa_tag2_level_deflt = 6.2;  # add 'spam detected' headers at that level
 $sa_kill_level_deflt = 6.9;  # triggers spam evasive actions (e.g. blocks mail)
 $sa_dsn_cutoff_level = 10;   # spam level beyond which a DSN is not sent
@@ -92,7 +93,7 @@ $defang_by_ccat{CC_BADH.",6"} = 1;  # header field syntax error

@av_scanners = (
 ['ClamAV-clamd',
-   \&ask_daemon, ["CONTSCAN {}\n", inet_ntoa(inet_aton("clamav")).":3310"],
+   \&ask_daemon, ["CONTSCAN {}\n", "/tmp/clamd.sock"],
   qr/\bOK$/m, qr/\bFOUND$/m,
   qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ],
 );
--- a/amavis/conf/clamav/clamd.conf
+++ b/amavis/conf/clamav/clamd.conf
@@ -0,0 +1,54 @@
+###############
+# General
+###############
+
+DatabaseDirectory /data
+LogSyslog yes
+LogTime yes
+PidFile /run/clamav/clamd.pid
+LocalSocket /tmp/clamd.sock
+
+###############
+# Results
+###############
+
+DetectPUA yes
+ExcludePUA NetTool
+ExcludePUA PWTool
+AlgorithmicDetection yes
+Bytecode yes
+
+###############
+# Scan
+###############
+
+ScanPE yes
+DisableCertCheck yes
+ScanELF yes
+DetectBrokenExecutables yes
+ScanOLE2 yes
+ScanPDF yes
+ScanSWF yes
+ScanMail yes
+PhishingSignatures yes
+PhishingScanURLs yes
+ScanHTML yes
+ScanArchive yes
+
+###############
+# Scan
+###############
+
+MaxScanSize 150M
+MaxFileSize 30M
+MaxRecursion 10
+MaxFiles 15000
+MaxEmbeddedPE 10M
+MaxHTMLNormalize 10M
+MaxHTMLNoTags 2M
+MaxScriptNormalize 5M
+MaxZipTypeRcg 1M
+MaxPartitions 128
+MaxIconsPE 200
+PCREMatchLimit 10000
+PCRERecMatchLimit 10000
--- a/amavis/conf/clamav/freshclam.conf
+++ b/amavis/conf/clamav/freshclam.conf
@@ -0,0 +1,19 @@
+###############
+# General
+###############
+
+DatabaseDirectory /data
+LogSyslog yes
+LogTime yes
+PidFile /run/clamav/freshclam.pid
+DatabaseOwner root
+
+###############
+# Updates
+###############
+
+DatabaseMirror database.clamav.net
+ScriptedUpdates yes
+NotifyClamd /etc/clamav/clamd.conf
+SafeBrowsing yes
+Bytecode yes