Amavis
Most of the config settings for [[Spamassassin]] and [[ClamAV]] are ignored when you use Amavis, but it shouldn’t leave any cruft behind either…
Install
Install amavisd-new
apt-get install amavisd-new
Add the clamav user to the amavis group, and restart both amavis and clamav:
adduser clamav amavis
/etc/init.d/amavis restart
/etc/init.d/clamav-daemon restart
Configure
/etc/amavis/conf.d/50-user:
use strict;
#
# Place your configuration directives here. They will override those in
# earlier files.
#
# See /usr/share/doc/amavisd-new/ for documentation and examples of
# the directives you can use in this file
#
$sa_tag_level_deflt = undef;
@lookup_sql_dsn = ( ['DBI:mysql:database=postfix;host=127.0.0.1;port=3306', 'postfix', 'password'] );
$sql_select_policy = 'SELECT * FROM postfix_transport WHERE CONCAT("@", domain) IN (%k)';
$sql_select_white_black_list = undef;
$final_virus_destiny = D_PASS;
$final_banned_destiny = D_PASS;
$final_spam_destiny = D_PASS;
$final_bad_header_destiny = D_PASS;
$sa_spam_report_header = 1;
#------------ Do not modify anything below this line -------------
1; # ensure a defined return
The first line makes Amavis include the SpamAssassin status headers for all mail. The next three lines handle looking up the list of domains the server handles mail for - the first defines the database connection while the second modifies the DB query that Amavis performs. The third line of the group stops Amavis using the DB to store white/blacklist data.
The next four lines make Amavis pass mail through whatever happens, whether it is marked as containing viruses, spam, banned things (?) or bad headers (?).
Last line makes SpamAssassin include the X-Spam-Report header.
/etc/postfix/main.cf
content_filter = amavis:[127.0.0.1]:10024
receive_override_options = no_address_mappings
/etc/postfix/master.cf
amavis unix - - - - 2 smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
127.0.0.1:10025 inet n - - - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o strict_rfc821_envelopes=yes
-o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
-o smtpd_bind_address=127.0.0.1
/etc/amavis/conf.d/15-content_filter_mode
Make sure the two lines are uncommented:
@bypass_virus_checks_maps = (...); ... @bypass_spam_checks_maps = (...);
Then restart Postfix again.
Maildrop
The virus scanning part adds a different header to messages. If a message has a detected virus, it’ll have X-Amavis-Alert: INFECTED.
The redundant xfilter line should be removed/commented out and the header test changed appropriately:
if (/^X-Amavis-Alert: INFECTED/) { FOLDER="Virus" }
Testing
Spamassassin
If a message contains the following, SA should give it a high enough score for the message to be flagged as spam:
XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X
ClamAV
To test, any message containing the string
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
should be flagged as a virus.