From c9eea4899bbc037a064ae20a1cd2c9459a49afa8 Mon Sep 17 00:00:00 2001 From: Valentin Vidic Date: Fri, 30 Sep 2011 13:07:45 +0200 Subject: [PATCH] Update restore files. --- files/etc/amavis/conf.d/15-av_scanners.expect | 342 ++++++++++++++++++++++++ files/etc/amavis/conf.d/15-av_scanners.restore | 342 ++++++++++++++++++++++++ files/etc/console-tools/config.expect | 78 ++++++ files/etc/console-tools/config.restore | 72 +++++ files/etc/cron.daily/amavisd-new.expect | 2 +- files/etc/cron.daily/amavisd-new.restore | 2 +- files/etc/init.d/amavisd-cn.expect | 139 ++++++++++ files/etc/init.d/amavisd-cn.restore | 167 ++++++++++++ files/etc/spamassassin/v310.pre.expect | 80 ++++++ files/etc/spamassassin/v310.pre.restore | 80 ++++++ files/etc/squirrelmail/apache.conf.expect | 66 +++++ files/etc/squirrelmail/apache.conf.restore | 44 +++ files/etc/vsftpd.conf.expect | 137 ++++++++++ files/etc/vsftpd.conf.restore | 137 ++++++++++ 14 files changed, 1686 insertions(+), 2 deletions(-) create mode 100644 files/etc/amavis/conf.d/15-av_scanners.expect create mode 100644 files/etc/amavis/conf.d/15-av_scanners.restore create mode 100644 files/etc/console-tools/config.expect create mode 100644 files/etc/console-tools/config.restore mode change 100644 => 100755 files/etc/cron.daily/amavisd-new.expect mode change 100644 => 100755 files/etc/cron.daily/amavisd-new.restore create mode 100755 files/etc/init.d/amavisd-cn.expect create mode 100755 files/etc/init.d/amavisd-cn.restore create mode 100644 files/etc/spamassassin/v310.pre.expect create mode 100644 files/etc/spamassassin/v310.pre.restore create mode 100644 files/etc/squirrelmail/apache.conf.expect create mode 100644 files/etc/squirrelmail/apache.conf.restore create mode 100644 files/etc/vsftpd.conf.expect create mode 100644 files/etc/vsftpd.conf.restore diff --git a/files/etc/amavis/conf.d/15-av_scanners.expect b/files/etc/amavis/conf.d/15-av_scanners.expect new file mode 100644 index 0000000..e2751eb --- /dev/null +++ b/files/etc/amavis/conf.d/15-av_scanners.expect @@ -0,0 +1,342 @@ +use strict; + +## +## AV Scanners (Debian version) +## + +@av_scanners = ( + +# ### http://www.vanja.com/tools/sophie/ +# ['Sophie', +# \&ask_daemon, ["{}/\n", '/var/run/sophie'], +# qr/(?x)^ 0+ ( : | [\000\r\n]* $)/, qr/(?x)^ 1 ( : | [\000\r\n]* $)/, +# qr/(?x)^ [-+]? \d+ : (.*?) [\000\r\n]* $/ ], + +# ### http://www.csupomona.edu/~henson/www/projects/SAVI-Perl/ +# ['Sophos SAVI', \&sophos_savi ], + + ### http://www.clamav.net/ + ['ClamAV-clamd', + \&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd.ctl"], + qr/\bOK$/, qr/\bFOUND$/, + qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ], + # NOTE: remember to add the clamav user to the amavis group, and + # to properly set clamd to init supplementary groups + # When running chrooted one may prefer: ["CONTSCAN {}\n","$MYHOME/clamd"], + +# ### http://www.clamav.net/ and CPAN (memory-hungry! clamd is preferred) +# ['Mail::ClamAV', \&ask_clamav, "*", [0], [1], qr/^INFECTED: (.+)/], + +# ### http://www.openantivirus.org/ +# ['OpenAntiVirus ScannerDaemon (OAV)', +# \&ask_daemon, ["SCAN {}\n", '127.0.0.1:8127'], +# qr/^OK/, qr/^FOUND: /, qr/^FOUND: (.+)/ ], + +# ### http://www.vanja.com/tools/trophie/ +# ['Trophie', +# \&ask_daemon, ["{}/\n", '/var/run/trophie'], +# qr/(?x)^ 0+ ( : | [\000\r\n]* $)/, qr/(?x)^ 1 ( : | [\000\r\n]* $)/, +# qr/(?x)^ [-+]? \d+ : (.*?) [\000\r\n]* $/ ], + +# ### http://www.grisoft.com/ +# ['AVG Anti-Virus', +# \&ask_daemon, ["SCAN {}\n", '127.0.0.1:55555'], +# qr/^200/, qr/^403/, qr/^403 .*?: ([^\r\n]+)/ ], + +# ### http://www.f-prot.com/ +# ['FRISK F-Prot Daemon', +# \&ask_daemon, +# ["GET {}/*?-dumb%20-archive%20-packed HTTP/1.0\r\n\r\n", +# ['127.0.0.1:10200','127.0.0.1:10201','127.0.0.1:10202', +# '127.0.0.1:10203','127.0.0.1:10204'] ], +# qr/(?i)]*>clean<\/summary>/, +# qr/(?i)]*>infected<\/summary>/, +# qr/(?i)(.+)<\/name>/ ], + +# ### http://www.sald.com/, http://www.dials.ru/english/, http://www.drweb.ru/ +# ['DrWebD', \&ask_daemon, # DrWebD 4.31 or later +# [pack('N',1). # DRWEBD_SCAN_CMD +# pack('N',0x00280001). # DONT_CHANGEMAIL, IS_MAIL, RETURN_VIRUSES +# pack('N', # path length +# length("$TEMPBASE/amavis-yyyymmddTHHMMSS-xxxxx/parts/pxxx")). +# '{}/*'. # path +# pack('N',0). # content size +# pack('N',0), +# '/var/drweb/run/drwebd.sock', +# # '/var/amavis/var/run/drwebd.sock', # suitable for chroot +# # '/usr/local/drweb/run/drwebd.sock', # FreeBSD drweb ports default +# # '127.0.0.1:3000', # or over an inet socket +# ], +# qr/\A\x00[\x10\x11][\x00\x10]\x00/s, # IS_CLEAN,EVAL_KEY; SKIPPED +# qr/\A\x00[\x00\x01][\x00\x10][\x20\x40\x80]/s, # KNOWN_V,UNKNOWN_V,V._MODIF +# qr/\A.{12}(?:infected with )?([^\x00]+)\x00/s, +# ], +# # NOTE: If using amavis-milter, change length to: +# # length("$TEMPBASE/amavis-milter-xxxxxxxxxxxxxx/parts/pxxx"). + + ### http://www.kaspersky.com/ (kav4mailservers) + ['KasperskyLab AVP - aveclient', + ['/usr/local/kav/bin/aveclient','/usr/local/share/kav/bin/aveclient', + '/opt/kav/bin/aveclient','aveclient'], + '-p /var/run/aveserver -s {}/*', [0,3,6,8], qr/\b(INFECTED|SUSPICION)\b/, + qr/(?:INFECTED|SUSPICION) (.+)/, + ], + + ### http://www.kaspersky.com/ + ['KasperskyLab AntiViral Toolkit Pro (AVP)', ['avp'], + '-* -P -B -Y -O- {}', [0,3,6,8], [2,4], # any use for -A -K ? + qr/infected: (.+)/, + sub {chdir('/opt/AVP') or die "Can't chdir to AVP: $!"}, + sub {chdir($TEMPBASE) or die "Can't chdir back to $TEMPBASE $!"}, + ], + + ### The kavdaemon and AVPDaemonClient have been removed from Kasperky + ### products and replaced by aveserver and aveclient + ['KasperskyLab AVPDaemonClient', + [ '/opt/AVP/kavdaemon', 'kavdaemon', + '/opt/AVP/AvpDaemonClient', 'AvpDaemonClient', + '/opt/AVP/AvpTeamDream', 'AvpTeamDream', + '/opt/AVP/avpdc', 'avpdc' ], + "-f=$TEMPBASE {}", [0,8], [3,4,5,6], qr/infected: ([^\r\n]+)/ ], + # change the startup-script in /etc/init.d/kavd to: + # DPARMS="-* -Y -dl -f=/var/amavis /var/amavis" + # (or perhaps: DPARMS="-I0 -Y -* /var/amavis" ) + # adjusting /var/amavis above to match your $TEMPBASE. + # The '-f=/var/amavis' is needed if not running it as root, so it + # can find, read, and write its pid file, etc., see 'man kavdaemon'. + # defUnix.prf: there must be an entry "*/var/amavis" (or whatever + # directory $TEMPBASE specifies) in the 'Names=' section. + # cd /opt/AVP/DaemonClients; configure; cd Sample; make + # cp AvpDaemonClient /opt/AVP/ + # su - vscan -c "${PREFIX}/kavdaemon ${DPARMS}" + + ### http://www.hbedv.com/ or http://www.centralcommand.com/ + ['H+BEDV AntiVir or CentralCommand Vexira Antivirus', + ['antivir','vexira'], + '--allfiles -noboot -nombr -rs -s -z {}', [0], qr/ALERT:|VIRUS:/, + qr/(?x)^\s* (?: ALERT: \s* (?: \[ | [^']* ' ) | + (?i) VIRUS:\ .*?\ virus\ '?) ( [^\]\s']+ )/ ], + # NOTE: if you only have a demo version, remove -z and add 214, as in: + # '--allfiles -noboot -nombr -rs -s {}', [0,214], qr/ALERT:|VIRUS:/, + # According to the documentations, the new version of Vexira has + # reasonable defaults, one may consider: "--timeout=60 --temp=$TEMPBASE {}" + + ### http://www.commandsoftware.com/ + ['Command AntiVirus for Linux', 'csav', + '-all -archive -packed {}', [50], [51,52,53], + qr/Infection: (.+)/ ], + + ### http://www.symantec.com/ + ['Symantec CarrierScan via Symantec CommandLineScanner', + 'cscmdline', '-a scan -i 1 -v -s 127.0.0.1:7777 {}', + qr/^Files Infected:\s+0$/, qr/^Infected\b/, + qr/^(?:Info|Virus Name):\s+(.+)/ ], + + ### http://www.symantec.com/ + ['Symantec AntiVirus Scan Engine', + 'savsecls', '-server 127.0.0.1:7777 -mode scanrepair -details -verbose {}', + [0], qr/^Infected\b/, + qr/^(?:Info|Virus Name):\s+(.+)/ ], + # NOTE: check options and patterns to see which entry better applies + + ### http://www.f-secure.com/products/anti-virus/ + ['F-Secure Antivirus', 'fsav', + '--dumb --mime --archive {}', [0], [3,8], + qr/(?:infection|Infected|Suspected): (.+)/ ], + +# ### http://www.avast.com/ +# ['avast! Antivirus daemon', +# \&ask_daemon, # greets with 220, terminate with QUIT +# ["SCAN {}\015\012QUIT\015\012", '/var/run/avast4/mailscanner.sock'], +# qr/\t\[\+\]/, qr/\t\[L\]\t/, qr/\t\[L\]\t([^[ \t\015\012]+)/ ], + +# ### http://www.avast.com/ +# ['avast! Antivirus - Client/Server Version', 'avastlite', +# '-a /var/run/avast4/mailscanner.sock -n {}', [0], [1], +# qr/\t\[L\]\t([^[ \t\015\012]+)/ ], + + ['CAI InoculateIT', 'inocucmd', # retired product + '-sec -nex {}', [0], [100], + qr/was infected by virus (.+)/ ], + # see: http://www.flatmtn.com/computer/Linux-Antivirus_CAI.html + + ### http://www3.ca.com/Solutions/Product.asp?ID=156 (ex InoculateIT) + ['CAI eTrust Antivirus', 'etrust-wrapper', + '-arc -nex -spm h {}', [0], [101], + qr/is infected by virus: (.+)/ ], + # NOTE: requires suid wrapper around inocmd32; consider flag: -mod reviewer + # see http://marc.theaimsgroup.com/?l=amavis-user&m=109229779912783 + + ### http://mks.com.pl/english.html + ['MkS_Vir for Linux (beta)', ['mks32','mks'], + '-s {}/*', [0], [1,2], + qr/--[ \t]*(.+)/ ], + + ### http://mks.com.pl/english.html + ['MkS_Vir daemon', 'mksscan', + '-s -q {}', [0], [1..7], + qr/^... (\S+)/ ], + + ### http://www.nod32.com/ + ['ESET Software NOD32 Command Line Interface v 2.51', 'nod32cli', + '--subdir {}', [0,3], [1,2], qr/virus="([^"]+)"/ ], + +# ### http://www.nod32.com/ old +# ['ESET Software NOD32 - Client/Server Version', 'nod32cli', +# '-a -r -d recurse --heur standard {}', [0], [10,11], +# qr/^\S+\s+infected:\s+(.+)/ ], + +# ### http://www.nod32.com/ old +# ['ESET Software NOD32', 'nod32', +# '--arch --mail {}', [0], [1,10], qr/^object=.*, virus="(.*?)",/ ], + +# Experimental, based on posting from Rado Dibarbora (Dibo) on 2002-05-31 +# ['ESET Software NOD32 Client/Server (NOD32SS)', +# \&ask_daemon2, # greets with 200, persistent, terminate with QUIT +# ["SCAN {}/*\r\n", '127.0.0.1:8448' ], +# qr/^200 File OK/, qr/^201 /, qr/^201 (.+)/ ], + + ### http://www.norman.com/products_nvc.shtml + ['Norman Virus Control v5 / Linux', 'nvcc', + '-c -l:0 -s -u -temp:$TEMPBASE {}', [0,10,11], [1,2,14], + qr/(?i).* virus in .* -> \'(.+)\'/ ], + + ### http://www.pandasoftware.com/ + ['Panda Antivirus for Linux', ['pavcl'], + '-aut -aex -heu -cmp -nbr -nor -nso -eng {}', + qr/Number of files infected[ .]*: 0+(?!\d)/, + qr/Number of files infected[ .]*: 0*[1-9]/, + qr/Found virus :\s*(\S+)/ ], + +# ### http://www.pandasoftware.com/ +# ['Panda Antivirus for Linux', ['pavcl'], +# '-TSR -aut -aex -heu -cmp -nbr -nor -nso -eng {}', +# [0], [0x10, 0x30, 0x50, 0x70, 0x90, 0xB0, 0xD0, 0xF0], +# qr/Found virus :\s*(\S+)/ ], + +# GeCAD AV technology is acquired by Microsoft; RAV has been discontinued. +# Check your RAV license terms before fiddling with the following two lines! +# ['GeCAD RAV AntiVirus 8', 'ravav', +# '--all --archive --mail {}', [1], [2,3,4,5], qr/Infected: (.+)/ ], +# # NOTE: the command line switches changed with scan engine 8.5 ! +# # (btw, assigning stdin to /dev/null causes RAV to fail) + + ### http://www.nai.com/ + ['NAI McAfee AntiVirus (uvscan)', 'uvscan', + '--secure -rv --mime --summary --noboot - {}', [0], [13], + qr/(?x) Found (?: + \ the\ (.+)\ (?:virus|trojan) | + \ (?:virus|trojan)\ or\ variant\ (.+?)\s*! | + :\ (.+)\ NOT\ a\ virus)/, + # sub {$ENV{LD_PRELOAD}='/lib/libc.so.6'}, + # sub {delete $ENV{LD_PRELOAD}}, + ], + # NOTE1: with RH9: force the dynamic linker to look at /lib/libc.so.6 before + # anything else by setting environment variable LD_PRELOAD=/lib/libc.so.6 + # and then clear it when finished to avoid confusing anything else. + # NOTE2: to treat encrypted files as viruses replace the [13] with: + # qr/^\s{5,}(Found|is password-protected|.*(virus|trojan))/ + + ### http://www.virusbuster.hu/en/ + ['VirusBuster', ['vbuster', 'vbengcl'], + # VirusBuster Ltd. does not support the daemon version for the workstation + # engine (vbuster-eng-1.12-linux-i386-libc6.tgz) any longer. The names of + # binaries, some parameters AND return codes have changed (from 3 to 1). + "{} -ss -i '*' -log=$MYHOME/vbuster.log", [0], [1], + qr/: '(.*)' - Virus/ ], + +# ### http://www.virusbuster.hu/en/ +# ['VirusBuster (Client + Daemon)', 'vbengd', +# # HINT: for an infected file it always returns 3, +# # although the man-page tells a different story +# '-f -log scandir {}', [0], [3], +# qr/Virus found = (.*);/ ], + + ### http://www.cyber.com/ + ['CyberSoft VFind', 'vfind', + '--vexit {}/*', [0], [23], qr/##==>>>> VIRUS ID: CVDL (.+)/, + # sub {$ENV{VSTK_HOME}='/usr/lib/vstk'}, + ], + + ### http://www.avast.com/ + ['avast! Antivirus', ['/usr/bin/avastcmd','avastcmd'], + '-a -i -n -t=A {}', [0], [1], qr/\binfected by:\s+([^ \t\n\[\]]+)/ ], + + ### http://www.ikarus-software.com/ + ['Ikarus AntiVirus for Linux', 'ikarus', + '{}', [0], [40], qr/Signature (.+) found/ ], + + ### http://www.bitdefender.com/ + ['BitDefender', 'bdc', + '--arc --mail {}', qr/^Infected files *:0+(?!\d)/, + qr/^(?:Infected files|Identified viruses|Suspect files) *:0*[1-9]/, + qr/(?:suspected|infected): (.*)(?:\033|$)/ ], + # consider also: --all --nowarn --alev=15 --flev=15. The --all argument may + # not apply to your version of bdc, check documentation and see 'bdc --help' + +# ['File::Scan', sub {Amavis::AV::ask_av(sub{ +# use File::Scan; my($fn)=@_; +# my($f)=File::Scan->new(max_txt_size=>0, max_bin_size=>0); +# my($vname) = $f->scan($fn); +# $f->error ? (2,"Error: ".$f->error) +# : ($vname ne '') ? (1,"$vname FOUND") : (0,"Clean")}, @_) }, +# ["{}/*"], [0], [1], qr/^(.*) FOUND$/ ], + + ### example: fully-fledged checker for JPEG marker segments of invalid length + ['check-jpeg', + sub { use JpegTester (); Amavis::AV::ask_av(\&JpegTester::test_jpeg, @_) }, + ["{}/*"], undef, [1], qr/^(bad jpeg: .*)$/ ], + # NOTE: place file JpegTester.pm somewhere where Perl can find it, + # for example in /usr/local/lib/perl5/site_perl + +); + + +@av_scanners_backup = ( + + ### http://www.clamav.net/ - backs up clamd or Mail::ClamAV + ['ClamAV-clamscan', 'clamscan', + "--stdout --no-summary -r --tempdir=$TEMPBASE {}", + [0], qr/:.*\sFOUND$/, qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ], + + ### http://www.f-prot.com/ - backs up F-Prot Daemon + ['FRISK F-Prot Antivirus', ['f-prot','f-prot.sh'], + '-dumb -archive -packed {}', [0,8], [3,6], + qr/Infection: (.+)/ ], + + ### http://www.trendmicro.com/ - backs up Trophie + ['Trend Micro FileScanner', ['/etc/iscan/vscan','vscan'], + '-za -a {}', [0], qr/Found virus/, qr/Found virus (.+) in/ ], + + ### http://www.sald.com/, http://drweb.imshop.de/ - backs up DrWebD + ['drweb - DrWeb Antivirus', + ['/usr/local/drweb/drweb', '/opt/drweb/drweb', 'drweb'], + '-path={} -al -go -ot -cn -upn -ok-', + [0,32], [1,9,33], qr' infected (?:with|by)(?: virus)? (.*)$'], + + ['KasperskyLab kavscanner', ['/opt/kav/bin/kavscanner','kavscanner'], + '-i1 -xp {}', [0,10,15], [5,20,21,25], + qr/(?:CURED|INFECTED|CUREFAILED|WARNING|SUSPICION) (.*)/ , + sub {chdir('/opt/kav/bin') or die "Can't chdir to kav: $!"}, + sub {chdir($TEMPBASE) or die "Can't chdir back to $TEMPBASE $!"}, + ], + +# Commented out because the name 'sweep' clashes with Debian and FreeBSD +# package/port of an audio editor. Make sure the correct 'sweep' is found +# in the path when enabling. +# +# ### http://www.sophos.com/ - backs up Sophie or SAVI-Perl +# ['Sophos Anti Virus (sweep)', 'sweep', +# '-nb -f -all -rec -ss -sc -archive -cab -tnef --no-reset-atime {}', +# [0,2], qr/Virus .*? found/, +# qr/^>>> Virus(?: fragment)? '?(.*?)'? found/, +# ], +# # other options to consider: -mime -oe -idedir=/usr/local/sav + +# always succeeds (uncomment to consider mail clean if all other scanners fail) +# ['always-clean', sub {0}], + +); + + +1; # ensure a defined return diff --git a/files/etc/amavis/conf.d/15-av_scanners.restore b/files/etc/amavis/conf.d/15-av_scanners.restore new file mode 100644 index 0000000..c5df2f4 --- /dev/null +++ b/files/etc/amavis/conf.d/15-av_scanners.restore @@ -0,0 +1,342 @@ +use strict; + +## +## AV Scanners (Debian version) +## + +@av_scanners = ( + +# ### http://www.vanja.com/tools/sophie/ +# ['Sophie', +# \&ask_daemon, ["{}/\n", '/var/run/sophie'], +# qr/(?x)^ 0+ ( : | [\000\r\n]* $)/, qr/(?x)^ 1 ( : | [\000\r\n]* $)/, +# qr/(?x)^ [-+]? \d+ : (.*?) [\000\r\n]* $/ ], + +# ### http://www.csupomona.edu/~henson/www/projects/SAVI-Perl/ +# ['Sophos SAVI', \&sophos_savi ], + + ### http://www.clamav.net/ + ['ClamAV-clamd', + \&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd.ctl"], + qr/\bOK$/, qr/\bFOUND$/, + qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ], + # NOTE: remember to add the clamav user to the amavis group, and + # to properly set clamd to init supplementary groups + # When running chrooted one may prefer: ["CONTSCAN {}\n","$MYHOME/clamd"], + +# ### http://www.clamav.net/ and CPAN (memory-hungry! clamd is preferred) +# ['Mail::ClamAV', \&ask_clamav, "*", [0], [1], qr/^INFECTED: (.+)/], + +# ### http://www.openantivirus.org/ +# ['OpenAntiVirus ScannerDaemon (OAV)', +# \&ask_daemon, ["SCAN {}\n", '127.0.0.1:8127'], +# qr/^OK/, qr/^FOUND: /, qr/^FOUND: (.+)/ ], + +# ### http://www.vanja.com/tools/trophie/ +# ['Trophie', +# \&ask_daemon, ["{}/\n", '/var/run/trophie'], +# qr/(?x)^ 0+ ( : | [\000\r\n]* $)/, qr/(?x)^ 1 ( : | [\000\r\n]* $)/, +# qr/(?x)^ [-+]? \d+ : (.*?) [\000\r\n]* $/ ], + +# ### http://www.grisoft.com/ +# ['AVG Anti-Virus', +# \&ask_daemon, ["SCAN {}\n", '127.0.0.1:55555'], +# qr/^200/, qr/^403/, qr/^403 .*?: ([^\r\n]+)/ ], + +# ### http://www.f-prot.com/ +# ['FRISK F-Prot Daemon', +# \&ask_daemon, +# ["GET {}/*?-dumb%20-archive%20-packed HTTP/1.0\r\n\r\n", +# ['127.0.0.1:10200','127.0.0.1:10201','127.0.0.1:10202', +# '127.0.0.1:10203','127.0.0.1:10204'] ], +# qr/(?i)]*>clean<\/summary>/, +# qr/(?i)]*>infected<\/summary>/, +# qr/(?i)(.+)<\/name>/ ], + +# ### http://www.sald.com/, http://www.dials.ru/english/, http://www.drweb.ru/ +# ['DrWebD', \&ask_daemon, # DrWebD 4.31 or later +# [pack('N',1). # DRWEBD_SCAN_CMD +# pack('N',0x00280001). # DONT_CHANGEMAIL, IS_MAIL, RETURN_VIRUSES +# pack('N', # path length +# length("$TEMPBASE/amavis-yyyymmddTHHMMSS-xxxxx/parts/pxxx")). +# '{}/*'. # path +# pack('N',0). # content size +# pack('N',0), +# '/var/drweb/run/drwebd.sock', +# # '/var/amavis/var/run/drwebd.sock', # suitable for chroot +# # '/usr/local/drweb/run/drwebd.sock', # FreeBSD drweb ports default +# # '127.0.0.1:3000', # or over an inet socket +# ], +# qr/\A\x00[\x10\x11][\x00\x10]\x00/s, # IS_CLEAN,EVAL_KEY; SKIPPED +# qr/\A\x00[\x00\x01][\x00\x10][\x20\x40\x80]/s, # KNOWN_V,UNKNOWN_V,V._MODIF +# qr/\A.{12}(?:infected with )?([^\x00]+)\x00/s, +# ], +# # NOTE: If using amavis-milter, change length to: +# # length("$TEMPBASE/amavis-milter-xxxxxxxxxxxxxx/parts/pxxx"). + + ### http://www.kaspersky.com/ (kav4mailservers) + ['KasperskyLab AVP - aveclient', + ['/usr/local/kav/bin/aveclient','/usr/local/share/kav/bin/aveclient', + '/opt/kav/bin/aveclient','aveclient'], + '-p /var/run/aveserver -s {}/*', [0,3,6,8], qr/\b(INFECTED|SUSPICION)\b/, + qr/(?:INFECTED|SUSPICION) (.+)/, + ], + + ### http://www.kaspersky.com/ + ['KasperskyLab AntiViral Toolkit Pro (AVP)', ['avp'], + '-* -P -B -Y -O- {}', [0,3,6,8], [2,4], # any use for -A -K ? + qr/infected: (.+)/, + sub {chdir('/opt/AVP') or die "Can't chdir to AVP: $!"}, + sub {chdir($TEMPBASE) or die "Can't chdir back to $TEMPBASE $!"}, + ], + + ### The kavdaemon and AVPDaemonClient have been removed from Kasperky + ### products and replaced by aveserver and aveclient + ['KasperskyLab AVPDaemonClient', + [ '/opt/AVP/kavdaemon', 'kavdaemon', + '/opt/AVP/AvpDaemonClient', 'AvpDaemonClient', + '/opt/AVP/AvpTeamDream', 'AvpTeamDream', + '/opt/AVP/avpdc', 'avpdc' ], + "-f=$TEMPBASE {}", [0,8], [3,4,5,6], qr/infected: ([^\r\n]+)/ ], + # change the startup-script in /etc/init.d/kavd to: + # DPARMS="-* -Y -dl -f=/var/amavis /var/amavis" + # (or perhaps: DPARMS="-I0 -Y -* /var/amavis" ) + # adjusting /var/amavis above to match your $TEMPBASE. + # The '-f=/var/amavis' is needed if not running it as root, so it + # can find, read, and write its pid file, etc., see 'man kavdaemon'. + # defUnix.prf: there must be an entry "*/var/amavis" (or whatever + # directory $TEMPBASE specifies) in the 'Names=' section. + # cd /opt/AVP/DaemonClients; configure; cd Sample; make + # cp AvpDaemonClient /opt/AVP/ + # su - vscan -c "${PREFIX}/kavdaemon ${DPARMS}" + + ### http://www.hbedv.com/ or http://www.centralcommand.com/ + ['H+BEDV AntiVir or CentralCommand Vexira Antivirus', + ['antivir','vexira'], + '--allfiles -noboot -nombr -rs -s -z {}', [0], qr/ALERT:|VIRUS:/, + qr/(?x)^\s* (?: ALERT: \s* (?: \[ | [^']* ' ) | + (?i) VIRUS:\ .*?\ virus\ '?) ( [^\]\s']+ )/ ], + # NOTE: if you only have a demo version, remove -z and add 214, as in: + # '--allfiles -noboot -nombr -rs -s {}', [0,214], qr/ALERT:|VIRUS:/, + # According to the documentations, the new version of Vexira has + # reasonable defaults, one may consider: "--timeout=60 --temp=$TEMPBASE {}" + + ### http://www.commandsoftware.com/ + ['Command AntiVirus for Linux', 'csav', + '-all -archive -packed {}', [50], [51,52,53], + qr/Infection: (.+)/ ], + + ### http://www.symantec.com/ + ['Symantec CarrierScan via Symantec CommandLineScanner', + 'cscmdline', '-a scan -i 1 -v -s 127.0.0.1:7777 {}', + qr/^Files Infected:\s+0$/, qr/^Infected\b/, + qr/^(?:Info|Virus Name):\s+(.+)/ ], + + ### http://www.symantec.com/ + ['Symantec AntiVirus Scan Engine', + 'savsecls', '-server 127.0.0.1:7777 -mode scanrepair -details -verbose {}', + [0], qr/^Infected\b/, + qr/^(?:Info|Virus Name):\s+(.+)/ ], + # NOTE: check options and patterns to see which entry better applies + + ### http://www.f-secure.com/products/anti-virus/ + ['F-Secure Antivirus', 'fsav', + '--dumb --mime --archive {}', [0], [3,8], + qr/(?:infection|Infected|Suspected): (.+)/ ], + +# ### http://www.avast.com/ +# ['avast! Antivirus daemon', +# \&ask_daemon, # greets with 220, terminate with QUIT +# ["SCAN {}\015\012QUIT\015\012", '/var/run/avast4/mailscanner.sock'], +# qr/\t\[\+\]/, qr/\t\[L\]\t/, qr/\t\[L\]\t([^[ \t\015\012]+)/ ], + +# ### http://www.avast.com/ +# ['avast! Antivirus - Client/Server Version', 'avastlite', +# '-a /var/run/avast4/mailscanner.sock -n {}', [0], [1], +# qr/\t\[L\]\t([^[ \t\015\012]+)/ ], + + ['CAI InoculateIT', 'inocucmd', # retired product + '-sec -nex {}', [0], [100], + qr/was infected by virus (.+)/ ], + # see: http://www.flatmtn.com/computer/Linux-Antivirus_CAI.html + + ### http://www3.ca.com/Solutions/Product.asp?ID=156 (ex InoculateIT) + ['CAI eTrust Antivirus', 'etrust-wrapper', + '-arc -nex -spm h {}', [0], [101], + qr/is infected by virus: (.+)/ ], + # NOTE: requires suid wrapper around inocmd32; consider flag: -mod reviewer + # see http://marc.theaimsgroup.com/?l=amavis-user&m=109229779912783 + + ### http://mks.com.pl/english.html + ['MkS_Vir for Linux (beta)', ['mks32','mks'], + '-s {}/*', [0], [1,2], + qr/--[ \t]*(.+)/ ], + + ### http://mks.com.pl/english.html + ['MkS_Vir daemon', 'mksscan', + '-s -q {}', [0], [1..7], + qr/^... (\S+)/ ], + + ### http://www.nod32.com/ + ['ESET Software NOD32 Command Line Interface v 2.51', 'nod32cli', + '--subdir {}', [0,3], [1,2], qr/virus="([^"]+)"/ ], + +# ### http://www.nod32.com/ old +# ['ESET Software NOD32 - Client/Server Version', 'nod32cli', +# '-a -r -d recurse --heur standard {}', [0], [10,11], +# qr/^\S+\s+infected:\s+(.+)/ ], + +# ### http://www.nod32.com/ old +# ['ESET Software NOD32', 'nod32', +# '--arch --mail {}', [0], [1,10], qr/^object=.*, virus="(.*?)",/ ], + +# Experimental, based on posting from Rado Dibarbora (Dibo) on 2002-05-31 +# ['ESET Software NOD32 Client/Server (NOD32SS)', +# \&ask_daemon2, # greets with 200, persistent, terminate with QUIT +# ["SCAN {}/*\r\n", '127.0.0.1:8448' ], +# qr/^200 File OK/, qr/^201 /, qr/^201 (.+)/ ], + + ### http://www.norman.com/products_nvc.shtml + ['Norman Virus Control v5 / Linux', 'nvcc', + '-c -l:0 -s -u -temp:$TEMPBASE {}', [0,10,11], [1,2,14], + qr/(?i).* virus in .* -> \'(.+)\'/ ], + + ### http://www.pandasoftware.com/ + ['Panda Antivirus for Linux', ['pavcl'], + '-aut -aex -heu -cmp -nbr -nor -nso -eng {}', + qr/Number of files infected[ .]*: 0+(?!\d)/, + qr/Number of files infected[ .]*: 0*[1-9]/, + qr/Found virus :\s*(\S+)/ ], + +# ### http://www.pandasoftware.com/ +# ['Panda Antivirus for Linux', ['pavcl'], +# '-TSR -aut -aex -heu -cmp -nbr -nor -nso -eng {}', +# [0], [0x10, 0x30, 0x50, 0x70, 0x90, 0xB0, 0xD0, 0xF0], +# qr/Found virus :\s*(\S+)/ ], + +# GeCAD AV technology is acquired by Microsoft; RAV has been discontinued. +# Check your RAV license terms before fiddling with the following two lines! +# ['GeCAD RAV AntiVirus 8', 'ravav', +# '--all --archive --mail {}', [1], [2,3,4,5], qr/Infected: (.+)/ ], +# # NOTE: the command line switches changed with scan engine 8.5 ! +# # (btw, assigning stdin to /dev/null causes RAV to fail) + + ### http://www.nai.com/ + ['NAI McAfee AntiVirus (uvscan)', 'uvscan', + '--secure -rv --mime --summary --noboot - {}', [0], [13], + qr/(?x) Found (?: + \ the\ (.+)\ (?:virus|trojan) | + \ (?:virus|trojan)\ or\ variant\ (.+?)\s*! | + :\ (.+)\ NOT\ a\ virus)/, + # sub {$ENV{LD_PRELOAD}='/lib/libc.so.6'}, + # sub {delete $ENV{LD_PRELOAD}}, + ], + # NOTE1: with RH9: force the dynamic linker to look at /lib/libc.so.6 before + # anything else by setting environment variable LD_PRELOAD=/lib/libc.so.6 + # and then clear it when finished to avoid confusing anything else. + # NOTE2: to treat encrypted files as viruses replace the [13] with: + # qr/^\s{5,}(Found|is password-protected|.*(virus|trojan))/ + + ### http://www.virusbuster.hu/en/ + ['VirusBuster', ['vbuster', 'vbengcl'], + # VirusBuster Ltd. does not support the daemon version for the workstation + # engine (vbuster-eng-1.12-linux-i386-libc6.tgz) any longer. The names of + # binaries, some parameters AND return codes have changed (from 3 to 1). + "{} -ss -i '*' -log=$MYHOME/vbuster.log", [0], [1], + qr/: '(.*)' - Virus/ ], + +# ### http://www.virusbuster.hu/en/ +# ['VirusBuster (Client + Daemon)', 'vbengd', +# # HINT: for an infected file it always returns 3, +# # although the man-page tells a different story +# '-f -log scandir {}', [0], [3], +# qr/Virus found = (.*);/ ], + + ### http://www.cyber.com/ + ['CyberSoft VFind', 'vfind', + '--vexit {}/*', [0], [23], qr/##==>>>> VIRUS ID: CVDL (.+)/, + # sub {$ENV{VSTK_HOME}='/usr/lib/vstk'}, + ], + + ### http://www.avast.com/ + ['avast! Antivirus', ['/usr/bin/avastcmd','avastcmd'], + '-a -i -n -t=A {}', [0], [1], qr/\binfected by:\s+([^ \t\n\[\]]+)/ ], + + ### http://www.ikarus-software.com/ + ['Ikarus AntiVirus for Linux', 'ikarus', + '{}', [0], [40], qr/Signature (.+) found/ ], + + ### http://www.bitdefender.com/ + ['BitDefender', 'bdc', + '--arc --mail {}', qr/^Infected files *:0+(?!\d)/, + qr/^(?:Infected files|Identified viruses|Suspect files) *:0*[1-9]/, + qr/(?:suspected|infected): (.*)(?:\033|$)/ ], + # consider also: --all --nowarn --alev=15 --flev=15. The --all argument may + # not apply to your version of bdc, check documentation and see 'bdc --help' + +# ['File::Scan', sub {Amavis::AV::ask_av(sub{ +# use File::Scan; my($fn)=@_; +# my($f)=File::Scan->new(max_txt_size=>0, max_bin_size=>0); +# my($vname) = $f->scan($fn); +# $f->error ? (2,"Error: ".$f->error) +# : ($vname ne '') ? (1,"$vname FOUND") : (0,"Clean")}, @_) }, +# ["{}/*"], [0], [1], qr/^(.*) FOUND$/ ], + + ### example: fully-fledged checker for JPEG marker segments of invalid length + ['check-jpeg', + sub { use JpegTester (); Amavis::AV::ask_av(\&JpegTester::test_jpeg, @_) }, + ["{}/*"], undef, [1], qr/^(bad jpeg: .*)$/ ], + # NOTE: place file JpegTester.pm somewhere where Perl can find it, + # for example in /usr/local/lib/perl5/site_perl + +); + + +@av_scanners_backup = ( + + ### http://www.clamav.net/ - backs up clamd or Mail::ClamAV + ['ClamAV-clamscan', 'clamscan', + "--stdout --disable-summary -r --tempdir=$TEMPBASE {}", + [0], qr/:.*\sFOUND$/, qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ], + + ### http://www.f-prot.com/ - backs up F-Prot Daemon + ['FRISK F-Prot Antivirus', ['f-prot','f-prot.sh'], + '-dumb -archive -packed {}', [0,8], [3,6], + qr/Infection: (.+)/ ], + + ### http://www.trendmicro.com/ - backs up Trophie + ['Trend Micro FileScanner', ['/etc/iscan/vscan','vscan'], + '-za -a {}', [0], qr/Found virus/, qr/Found virus (.+) in/ ], + + ### http://www.sald.com/, http://drweb.imshop.de/ - backs up DrWebD + ['drweb - DrWeb Antivirus', + ['/usr/local/drweb/drweb', '/opt/drweb/drweb', 'drweb'], + '-path={} -al -go -ot -cn -upn -ok-', + [0,32], [1,9,33], qr' infected (?:with|by)(?: virus)? (.*)$'], + + ['KasperskyLab kavscanner', ['/opt/kav/bin/kavscanner','kavscanner'], + '-i1 -xp {}', [0,10,15], [5,20,21,25], + qr/(?:CURED|INFECTED|CUREFAILED|WARNING|SUSPICION) (.*)/ , + sub {chdir('/opt/kav/bin') or die "Can't chdir to kav: $!"}, + sub {chdir($TEMPBASE) or die "Can't chdir back to $TEMPBASE $!"}, + ], + +# Commented out because the name 'sweep' clashes with Debian and FreeBSD +# package/port of an audio editor. Make sure the correct 'sweep' is found +# in the path when enabling. +# +# ### http://www.sophos.com/ - backs up Sophie or SAVI-Perl +# ['Sophos Anti Virus (sweep)', 'sweep', +# '-nb -f -all -rec -ss -sc -archive -cab -tnef --no-reset-atime {}', +# [0,2], qr/Virus .*? found/, +# qr/^>>> Virus(?: fragment)? '?(.*?)'? found/, +# ], +# # other options to consider: -mime -oe -idedir=/usr/local/sav + +# always succeeds (uncomment to consider mail clean if all other scanners fail) +# ['always-clean', sub {0}], + +); + + +1; # ensure a defined return diff --git a/files/etc/console-tools/config.expect b/files/etc/console-tools/config.expect new file mode 100644 index 0000000..e5384f1 --- /dev/null +++ b/files/etc/console-tools/config.expect @@ -0,0 +1,78 @@ +# +# This files tells the console-tools package: +# +# - whether to load a specific font and boot (and maybe a screen-font map, +# but you should avoid that if possible). +# - whether to setup an Application-Charset Map other than the default CP437. +# - whether to start "vcstime" to have time on all text VC'S. +# +# You can also specify per-VC settings by suffixing variable names as in +# the examples below. This only works on framebuffer devices. +# +# CAVEATS: +# +# - When using the new framebuffer devices, the "global setting" for a font +# only affects the current console (ie., at boot-time, the first one) +# - ACM setting involves 2 steps (maybe loading a user ACM, and activating +# it on a given charset slot - see charset(1) for details), the 1st of which +# affects the entire system, but the 2nd of which only affects the current +# VC (ie., at boot-time, the first one). So that if you want to use the same +# ACM on all VCs, you have to specify "APP_CHARSET_MAP_vc=user" for all +# relevant values of . +# +# Example: +# +#SCREEN_FONT=iso01.f16 +#SCREEN_FONT_vc2=LatArCyrHeb-16 +# +#APP_CHARSET_MAP=iso05 +#APP_CHARSET_MAP_vc2=user +# +# Set the following - more euro-friendly default than kernel font. +# SCREEN_FONT=latcyrheb-sun16.psf + +#DO_VCSTIME=yes +# +# Forget this one unless you _know_ it is necessary for your font: +#SCREEN_FONT_MAP=iso01 + +# **** screen saver/DPMS settings: all VCs **** +# These settings are commented by default to avoid the chance of damage to +# very old monitors that don't support DPMS signalling. + +# screen blanking timeout. monitor remains on, but the screen is cleared to +# range: 0-60 min (0==never) kernels I've looked at default to 10 minutes. +# (see linux/drivers/char/console.c) +BLANK_TIME=30 + +# blanking method (VESA DPMS mode to use after BLANK_TIME, before powerdown): +# on: the default, no DPMS signalling. near instant powerup, no power saving +# vsync: DPMS Standby mode. nearly instant recovery, uses 110/120W (17" screen) +# hsync: DPMS Suspend mode. typically 3s recovery, uses 15/120W (17" screen) +# powerdown,off: DPMS Off mode, typ. 10s recovery, uses 5/120W (17" screen) + +# Those values are for my 17" Mag, but some monitors do suspend the same as +# standby. xset dpms force {off|standby|suspend|on} is useful for this, if X +# supports DPMS on your video card. Set X's DPMS screensaver with xset dpms +# or use option power_saver in XF86Config +# +# DPMS set by default to on, because hsync can cause problems on certain +# hardware, such as Armada E500 laptops +BLANK_DPMS=off + +# Powerdown time. The console will go to DPMS Off mode POWERDOWN_TIME +# minutes _after_ blanking. (POWERDOWN_TIME + BLANK_TIME after the last input) +POWERDOWN_TIME=30 + +# rate and delay can get only specific values, consult kbdrate(1) for help +#KEYBOARD_RATE="30" +#KEYBOARD_DELAY="250" + +# Turn on numlock by default +#LEDS=+num +SCREEN_FONT=lat0-sun16 +SCREEN_FONT_vc2=lat0-sun16 +SCREEN_FONT_vc3=lat0-sun16 +SCREEN_FONT_vc4=lat0-sun16 +SCREEN_FONT_vc5=lat0-sun16 +SCREEN_FONT_vc6=lat0-sun16 diff --git a/files/etc/console-tools/config.restore b/files/etc/console-tools/config.restore new file mode 100644 index 0000000..cc27661 --- /dev/null +++ b/files/etc/console-tools/config.restore @@ -0,0 +1,72 @@ +# +# This files tells the console-tools package: +# +# - whether to load a specific font and boot (and maybe a screen-font map, +# but you should avoid that if possible). +# - whether to setup an Application-Charset Map other than the default CP437. +# - whether to start "vcstime" to have time on all text VC'S. +# +# You can also specify per-VC settings by suffixing variable names as in +# the examples below. This only works on framebuffer devices. +# +# CAVEATS: +# +# - When using the new framebuffer devices, the "global setting" for a font +# only affects the current console (ie., at boot-time, the first one) +# - ACM setting involves 2 steps (maybe loading a user ACM, and activating +# it on a given charset slot - see charset(1) for details), the 1st of which +# affects the entire system, but the 2nd of which only affects the current +# VC (ie., at boot-time, the first one). So that if you want to use the same +# ACM on all VCs, you have to specify "APP_CHARSET_MAP_vc=user" for all +# relevant values of . +# +# Example: +# +#SCREEN_FONT=iso01.f16 +#SCREEN_FONT_vc2=LatArCyrHeb-16 +# +#APP_CHARSET_MAP=iso05 +#APP_CHARSET_MAP_vc2=user +# +# Set the following - more euro-friendly default than kernel font. +# SCREEN_FONT=latcyrheb-sun16.psf + +#DO_VCSTIME=yes +# +# Forget this one unless you _know_ it is necessary for your font: +#SCREEN_FONT_MAP=iso01 + +# **** screen saver/DPMS settings: all VCs **** +# These settings are commented by default to avoid the chance of damage to +# very old monitors that don't support DPMS signalling. + +# screen blanking timeout. monitor remains on, but the screen is cleared to +# range: 0-60 min (0==never) kernels I've looked at default to 10 minutes. +# (see linux/drivers/char/console.c) +BLANK_TIME=30 + +# blanking method (VESA DPMS mode to use after BLANK_TIME, before powerdown): +# on: the default, no DPMS signalling. near instant powerup, no power saving +# vsync: DPMS Standby mode. nearly instant recovery, uses 110/120W (17" screen) +# hsync: DPMS Suspend mode. typically 3s recovery, uses 15/120W (17" screen) +# powerdown,off: DPMS Off mode, typ. 10s recovery, uses 5/120W (17" screen) + +# Those values are for my 17" Mag, but some monitors do suspend the same as +# standby. xset dpms force {off|standby|suspend|on} is useful for this, if X +# supports DPMS on your video card. Set X's DPMS screensaver with xset dpms +# or use option power_saver in XF86Config +# +# DPMS set by default to on, because hsync can cause problems on certain +# hardware, such as Armada E500 laptops +BLANK_DPMS=off + +# Powerdown time. The console will go to DPMS Off mode POWERDOWN_TIME +# minutes _after_ blanking. (POWERDOWN_TIME + BLANK_TIME after the last input) +POWERDOWN_TIME=30 + +# rate and delay can get only specific values, consult kbdrate(1) for help +#KEYBOARD_RATE="30" +#KEYBOARD_DELAY="250" + +# Turn on numlock by default +#LEDS=+num diff --git a/files/etc/cron.daily/amavisd-new.expect b/files/etc/cron.daily/amavisd-new.expect old mode 100644 new mode 100755 index e5b7659..d15c4da --- a/files/etc/cron.daily/amavisd-new.expect +++ b/files/etc/cron.daily/amavisd-new.expect @@ -1,6 +1,6 @@ #!/bin/sh # # Daily maintenance for amavisd-new -# $Id: amavisd-new.cron.daily,v 1.8 2006/08/10 13:38:45 hmh Exp $ +# $Id: amavisd-new.cron.daily 930 2006-08-10 13:38:45Z hmh $ # test -e /usr/sbin/amavisd-new-cronjob && exec /usr/sbin/amavisd-new-cronjob sa-clean 1>/dev/null 2>&1 diff --git a/files/etc/cron.daily/amavisd-new.restore b/files/etc/cron.daily/amavisd-new.restore old mode 100644 new mode 100755 index ee9240a..8fc0199 --- a/files/etc/cron.daily/amavisd-new.restore +++ b/files/etc/cron.daily/amavisd-new.restore @@ -1,6 +1,6 @@ #!/bin/sh # # Daily maintenance for amavisd-new -# $Id: amavisd-new.cron.daily,v 1.8 2006/08/10 13:38:45 hmh Exp $ +# $Id: amavisd-new.cron.daily 930 2006-08-10 13:38:45Z hmh $ # test -e /usr/sbin/amavisd-new-cronjob && exec /usr/sbin/amavisd-new-cronjob sa-clean diff --git a/files/etc/init.d/amavisd-cn.expect b/files/etc/init.d/amavisd-cn.expect new file mode 100755 index 0000000..5ca8c67 --- /dev/null +++ b/files/etc/init.d/amavisd-cn.expect @@ -0,0 +1,139 @@ +#!/bin/sh + +set -e + +# options for daemons: +# name init.d/script user ps name for pgrep -f pidfile, relative to /var/run num-fds last-fd-name +options=' +clamd clamav-daemon clamav /usr/sbin/clamd clamav/clamd.pid 5 clamav.log +amavis amavis.amavisd-new amavis amavisd \\(master\\) amavis/amavisd.pid 5 socket +' +# note: pgrep -f takes a regexp, and this is shell expanded once, hence \\ + +start () { + local daemon IFSOLD name script user psname pidfile num fdname + daemon="$1" + IFSOLD="$IFS" + IFS=" " # tab + read name script user psname pidfile num fdname <<-EOPTS + $(echo "$options" | sed 's/ */ /g' | grep ^$daemon) + EOPTS + IFS="$IFSOLD" + /etc/init.d/$script start + wait_for_fds "$daemon" +} + +stop () { + local daemon IFSOLD name script user psname pidfile num fdname + daemon="$1" + n=10 + IFSOLD="$IFS" + IFS=" " # tab + read name script user psname pidfile num fdname <<-EOPTS + $(echo "$options" | sed 's/ */ /g' | grep ^$daemon) + EOPTS + IFS="$IFSOLD" + /etc/init.d/$script stop + pkill -u $user -f "$psname" > /dev/null || true + while pgrep -u $user -f "$psname" > /dev/null && [ "$n" -gt 0 ] + do + sleep 1 + n=$(($n-1)) + done + pkill -9 -u $user -f "$psname" > /dev/null || true + #pkill -9 -u $user -x "$daemon" + if pgrep -u $user -f "$psname" > /dev/null; then # still there? + return 1 + fi +} + +wait_for_fds () { + # wait until process shows some I/O readiness :) + local name IFSOLD num sleep maxtry script user psname pidfile fdname + name="$1" + [ -z "$name" ] && return 1 + IFSOLD="$IFS" + IFS=" " # tab + read name script user psname pidfile num fdname <<-EOPTS + $(echo "$options" | sed 's/ */ /g' | grep ^$name) + EOPTS + IFS="$IFSOLD" + num=${num:-4} + sleep=${sleep:-1} + maxtry=${maxtry:-90} + if [ -n "$pidfile" ]; then + pidfile=/var/run/$pidfile + findpid="[ -f $pidfile ] && cat $pidfile || true" + else + findpid="pgrep -u $user -f \"$psname\" -P 1 | head -1" + fi + + # loop the loop the loop + try=1 + while /bin/true + do + sleep $sleep # 1st, give it a chance to run + pid=`eval $findpid` # 2nd: find it + if [ ! -z "$pid" ]; then + count=`ls -1 /proc/$pid/fd 2>/dev/null| wc -l` # 3rd: count all it's worth + [ "$count" -ge "$num" ] && ls -l /proc/$pid/fd | grep -q $fdname \ + && return # success -- release + fi + try=$(($try+1)) + [ "0$try" -ge "0$maxtry" ] && return 1 # no luck this time + done +} + +# if we're called as amavisd-cn or amavis with start argument, +# act like one; otherwise, pass the call down +case "$(basename $0)" in + amavisd-cn) + arg="i$1" + ;; + amavis) + if [ "$1" = start ]; then + arg="i$1" + else + arg="$1" + fi + ;; + *) + arg="$1" + ;; +esac + +# If there's no diversion, play possum +[ -x /etc/init.d/amavis.amavisd-new ] || exit 0 + +mta=postfix + +case "$arg" in + start|stop|restart|reload|force-reload|debug) + /etc/init.d/amavis.amavisd-new "$arg" + ;; + + istart) + start clamd + start amavis + /etc/init.d/$mta start + ;; + + istop) + /etc/init.d/$mta stop + stop amavis + stop clamd + ;; + + irestart|ireload|iforce-reload) + $0 stop + sleep 2 + $0 start + ;; + + *) + echo "Usage: $0 {start|stop|restart|reload|force-reload}" >&2 + exit 1 + ;; +esac + +exit 0 diff --git a/files/etc/init.d/amavisd-cn.restore b/files/etc/init.d/amavisd-cn.restore new file mode 100755 index 0000000..3f1b26a --- /dev/null +++ b/files/etc/init.d/amavisd-cn.restore @@ -0,0 +1,167 @@ +#!/bin/sh + +# amavisd-cn /etc/init.d/ initscript wrapper for CARNetized amavisd-new +# +# Start and stop Amavis, ClamAV and Postfix/Sendmail + +### BEGIN INIT INFO +# Provides: amavisd-cn +# Required-Start: $local_fs $remote_fs $syslog $named $network $time +# Required-Stop: $local_fs $remote_fs $syslog $named $network +# Should-Start: +# Should-Stop: +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: start and stop Amavis, ClamAV and Postfix/Sendmail +# Description: wrapper for starting/stopping MTA and related services +### END INIT INFO + +set -e + +# options for daemons: +# name init.d/script user ps name for pgrep -f pidfile, relative to /var/run num-fds last-fd-name +options=' +clamd clamav-daemon clamav /usr/sbin/clamd clamav/clamd.pid 5 clamav.log +amavis amavis.amavisd-new amavis amavisd \\(master\\) amavis/amavisd.pid 5 socket +' +# note: pgrep -f takes a regexp, and this is shell expanded once, hence \\ + +start () { + local daemon IFSOLD name script user psname pidfile num fdname + daemon="$1" + IFSOLD="$IFS" + IFS=" " # tab + read name script user psname pidfile num fdname <<-EOPTS + $(echo "$options" | sed 's/ */ /g' | grep ^$daemon) + EOPTS + IFS="$IFSOLD" + /etc/init.d/$script start + wait_for_fds "$daemon" +} + +stop () { + local daemon IFSOLD name script user psname pidfile num fdname + daemon="$1" + n=10 + IFSOLD="$IFS" + IFS=" " # tab + read name script user psname pidfile num fdname <<-EOPTS + $(echo "$options" | sed 's/ */ /g' | grep ^$daemon) + EOPTS + IFS="$IFSOLD" + /etc/init.d/$script stop + pkill -u $user -f "$psname" > /dev/null || true + while pgrep -u $user -f "$psname" > /dev/null && [ "$n" -gt 0 ] + do + sleep 1 + n=$(($n-1)) + done + pkill -9 -u $user -f "$psname" > /dev/null || true + #pkill -9 -u $user -x "$daemon" + if pgrep -u $user -f "$psname" > /dev/null; then # still there? + return 1 + fi +} + +wait_for_fds () { + # wait until process shows some I/O readiness :) + local name IFSOLD num sleep maxtry script user psname pidfile fdname + name="$1" + [ -z "$name" ] && return 1 + IFSOLD="$IFS" + IFS=" " # tab + read name script user psname pidfile num fdname <<-EOPTS + $(echo "$options" | sed 's/ */ /g' | grep ^$name) + EOPTS + IFS="$IFSOLD" + num=${num:-4} + sleep=${sleep:-1} + maxtry=${maxtry:-90} + if [ -n "$pidfile" ]; then + pidfile=/var/run/$pidfile + findpid="[ -f $pidfile ] && cat $pidfile || true" + else + findpid="pgrep -u $user -f \"$psname\" -P 1 | head -1" + fi + + # loop the loop the loop + try=1 + while /bin/true + do + sleep $sleep # 1st, give it a chance to run + pid=`eval $findpid` # 2nd: find it + if [ ! -z "$pid" ]; then + count=`ls -1 /proc/$pid/fd 2>/dev/null| wc -l` # 3rd: count all it's worth + [ "$count" -ge "$num" ] && ls -l /proc/$pid/fd | grep -q $fdname \ + && return # success -- release + fi + try=$(($try+1)) + [ "0$try" -ge "0$maxtry" ] && return 1 # no luck this time + done +} + +# if we're called as amavisd-cn or amavis with start argument, +# act like one; otherwise, pass the call down +case "$(basename $0)" in + amavisd-cn) + arg="i$1" + ;; + amavis) + if [ "$1" = start ]; then + arg="i$1" + else + arg="$1" + fi + ;; + *) + arg="$1" + ;; +esac + +# If there's no diversion, play possum +[ -x /etc/init.d/amavis.amavisd-new ] || exit 0 + +mta=postfix + +case "$arg" in + start|stop|restart|reload|force-reload|debug) + /etc/init.d/amavis.amavisd-new "$arg" + ;; + + istart) + start clamd + start amavis + if [ -x "/etc/init.d/$mta" ]; then + if [ -x "`which invoke-rc.d 2>/dev/null`" ]; then + invoke-rc.d $mta start + else + /etc/init.d/$mta start + fi + fi + ;; + + istop) + if [ -x "/etc/init.d/$mta" ]; then + if [ -x "`which invoke-rc.d 2>/dev/null`" ]; then + invoke-rc.d $mta stop + else + /etc/init.d/$mta stop + fi + fi + stop amavis + stop clamd + ;; + + irestart|ireload|iforce-reload) + $0 stop + sleep 2 + $0 start + ;; + + *) + echo "Usage: $0 {start|stop|restart|reload|force-reload}" >&2 + exit 1 + ;; +esac + +exit 0 diff --git a/files/etc/spamassassin/v310.pre.expect b/files/etc/spamassassin/v310.pre.expect new file mode 100644 index 0000000..c626972 --- /dev/null +++ b/files/etc/spamassassin/v310.pre.expect @@ -0,0 +1,80 @@ +# This is the right place to customize your installation of SpamAssassin. +# +# See 'perldoc Mail::SpamAssassin::Conf' for details of what can be +# tweaked. +# +# This file was installed during the installation of SpamAssassin 3.1.0, +# and contains plugin loading commands for the new plugins added in that +# release. It will not be overwritten during future SpamAssassin installs, +# so you can modify it to enable some disabled-by-default plugins below, +# if you so wish. +# +# There are now multiple files read to enable plugins in the +# /etc/mail/spamassassin directory; previously only one, "init.pre" was +# read. Now both "init.pre", "v310.pre", and any other files ending in +# ".pre" will be read. As future releases are made, new plugins will be +# added to new files, named according to the release they're added in. +########################################################################### + +# DCC - perform DCC message checks. +# +# DCC is disabled here because it is not open source. See the DCC +# license for more details. +# +#loadplugin Mail::SpamAssassin::Plugin::DCC + +# Pyzor - perform Pyzor message checks. +# +#loadplugin Mail::SpamAssassin::Plugin::Pyzor + +# Razor2 - perform Razor2 message checks. +# +loadplugin Mail::SpamAssassin::Plugin::Razor2 + +# SpamCop - perform SpamCop message reporting +# +loadplugin Mail::SpamAssassin::Plugin::SpamCop + +# AntiVirus - some simple anti-virus checks, this is not a replacement +# for an anti-virus filter like Clam AntiVirus +# +#loadplugin Mail::SpamAssassin::Plugin::AntiVirus + +# AWL - do auto-whitelist checks +# +loadplugin Mail::SpamAssassin::Plugin::AWL + +# AutoLearnThreshold - threshold-based discriminator for Bayes auto-learning +# +loadplugin Mail::SpamAssassin::Plugin::AutoLearnThreshold + +# TextCat - language guesser +# +#loadplugin Mail::SpamAssassin::Plugin::TextCat + +# AccessDB - lookup from-addresses in access database +# +#loadplugin Mail::SpamAssassin::Plugin::AccessDB + +# WhitelistSubject - Whitelist/Blacklist certain subject regular expressions +# +loadplugin Mail::SpamAssassin::Plugin::WhiteListSubject + +########################################################################### +# experimental plugins + +# DomainKeys - perform DomainKeys verification +# +# External modules required for use, see INSTALL for more information. +# Note that this may be redundant if you also plan to use the DKIM plugin. +# +#loadplugin Mail::SpamAssassin::Plugin::DomainKeys + +# MIMEHeader - apply regexp rules against MIME headers in the message +# +loadplugin Mail::SpamAssassin::Plugin::MIMEHeader + +# ReplaceTags +# +loadplugin Mail::SpamAssassin::Plugin::ReplaceTags + diff --git a/files/etc/spamassassin/v310.pre.restore b/files/etc/spamassassin/v310.pre.restore new file mode 100644 index 0000000..b74f9ef --- /dev/null +++ b/files/etc/spamassassin/v310.pre.restore @@ -0,0 +1,80 @@ +# This is the right place to customize your installation of SpamAssassin. +# +# See 'perldoc Mail::SpamAssassin::Conf' for details of what can be +# tweaked. +# +# This file was installed during the installation of SpamAssassin 3.1.0, +# and contains plugin loading commands for the new plugins added in that +# release. It will not be overwritten during future SpamAssassin installs, +# so you can modify it to enable some disabled-by-default plugins below, +# if you so wish. +# +# There are now multiple files read to enable plugins in the +# /etc/mail/spamassassin directory; previously only one, "init.pre" was +# read. Now both "init.pre", "v310.pre", and any other files ending in +# ".pre" will be read. As future releases are made, new plugins will be +# added to new files, named according to the release they're added in. +########################################################################### + +# DCC - perform DCC message checks. +# +# DCC is disabled here because it is not open source. See the DCC +# license for more details. +# +#loadplugin Mail::SpamAssassin::Plugin::DCC + +# Pyzor - perform Pyzor message checks. +# +loadplugin Mail::SpamAssassin::Plugin::Pyzor + +# Razor2 - perform Razor2 message checks. +# +loadplugin Mail::SpamAssassin::Plugin::Razor2 + +# SpamCop - perform SpamCop message reporting +# +loadplugin Mail::SpamAssassin::Plugin::SpamCop + +# AntiVirus - some simple anti-virus checks, this is not a replacement +# for an anti-virus filter like Clam AntiVirus +# +#loadplugin Mail::SpamAssassin::Plugin::AntiVirus + +# AWL - do auto-whitelist checks +# +loadplugin Mail::SpamAssassin::Plugin::AWL + +# AutoLearnThreshold - threshold-based discriminator for Bayes auto-learning +# +loadplugin Mail::SpamAssassin::Plugin::AutoLearnThreshold + +# TextCat - language guesser +# +#loadplugin Mail::SpamAssassin::Plugin::TextCat + +# AccessDB - lookup from-addresses in access database +# +#loadplugin Mail::SpamAssassin::Plugin::AccessDB + +# WhitelistSubject - Whitelist/Blacklist certain subject regular expressions +# +loadplugin Mail::SpamAssassin::Plugin::WhiteListSubject + +########################################################################### +# experimental plugins + +# DomainKeys - perform DomainKeys verification +# +# External modules required for use, see INSTALL for more information. +# Note that this may be redundant if you also plan to use the DKIM plugin. +# +#loadplugin Mail::SpamAssassin::Plugin::DomainKeys + +# MIMEHeader - apply regexp rules against MIME headers in the message +# +loadplugin Mail::SpamAssassin::Plugin::MIMEHeader + +# ReplaceTags +# +loadplugin Mail::SpamAssassin::Plugin::ReplaceTags + diff --git a/files/etc/squirrelmail/apache.conf.expect b/files/etc/squirrelmail/apache.conf.expect new file mode 100644 index 0000000..79df266 --- /dev/null +++ b/files/etc/squirrelmail/apache.conf.expect @@ -0,0 +1,66 @@ +# Begin update by CARNet package squirrelmail-cn -- DO NOT DELETE THIS LINE! +# Force SSL for /webmail -> you can still use /squirrelmail +Alias /webmail /usr/share/squirrelmail + + + + + RewriteEngine on + RewriteCond %{HTTPS} !=on + RewriteRule . https://%{HTTP_HOST}%{REQUEST_URI} [L] + + + + +# +# WARNING: This file is automatically included in each VirtualHost +# entry you might have. Do not enable the VirtualHost example provided +# in this file, it WILL break your Apache configuration. Copy the +# VirtualHost section to the standard webserver configuration file +# instead. +# +# End update by CARNet package squirrelmail-cn -- DO NOT DELETE THIS LINE! +Alias /squirrelmail /usr/share/squirrelmail + + + Options Indexes FollowSymLinks + + php_flag register_globals off + + + php_flag register_globals off + + + DirectoryIndex index.php + + + # access to configtest is limited by default to prevent information leak + + order deny,allow + deny from all + allow from 127.0.0.1 + + + +# users will prefer a simple URL like http://webmail.example.com +# +# DocumentRoot /usr/share/squirrelmail +# ServerName webmail.example.com +# + +# redirect to https when available (thanks omen@descolada.dartmouth.edu) +# +# Note: There are multiple ways to do this, and which one is suitable for +# your site's configuration depends. Consult the apache documentation if +# you're unsure, as this example might not work everywhere. +# +# +# +# +# RewriteEngine on +# RewriteCond %{HTTPS} !^on$ [NC] +# RewriteRule . https://%{HTTP_HOST}%{REQUEST_URI} [L] +# +# +# + diff --git a/files/etc/squirrelmail/apache.conf.restore b/files/etc/squirrelmail/apache.conf.restore new file mode 100644 index 0000000..d594d27 --- /dev/null +++ b/files/etc/squirrelmail/apache.conf.restore @@ -0,0 +1,44 @@ +Alias /squirrelmail /usr/share/squirrelmail + + + Options Indexes FollowSymLinks + + php_flag register_globals off + + + php_flag register_globals off + + + DirectoryIndex index.php + + + # access to configtest is limited by default to prevent information leak + + order deny,allow + deny from all + allow from 127.0.0.1 + + + +# users will prefer a simple URL like http://webmail.example.com +# +# DocumentRoot /usr/share/squirrelmail +# ServerName webmail.example.com +# + +# redirect to https when available (thanks omen@descolada.dartmouth.edu) +# +# Note: There are multiple ways to do this, and which one is suitable for +# your site's configuration depends. Consult the apache documentation if +# you're unsure, as this example might not work everywhere. +# +# +# +# +# RewriteEngine on +# RewriteCond %{HTTPS} !^on$ [NC] +# RewriteRule . https://%{HTTP_HOST}%{REQUEST_URI} [L] +# +# +# + diff --git a/files/etc/vsftpd.conf.expect b/files/etc/vsftpd.conf.expect new file mode 100644 index 0000000..107c7f4 --- /dev/null +++ b/files/etc/vsftpd.conf.expect @@ -0,0 +1,137 @@ +# Example config file /etc/vsftpd.conf +# +# The default compiled in settings are fairly paranoid. This sample file +# loosens things up a bit, to make the ftp daemon more usable. +# Please see vsftpd.conf.5 for all compiled in defaults. +# +# READ THIS: This example file is NOT an exhaustive list of vsftpd options. +# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's +# capabilities. +# +# +# Run standalone? vsftpd can run either from an inetd or as a standalone +# daemon started from an initscript. +listen=YES +# +# Run standalone with IPv6? +# Like the listen parameter, except vsftpd will listen on an IPv6 socket +# instead of an IPv4 one. This parameter and the listen parameter are mutually +# exclusive. +#listen_ipv6=YES +# +# Allow anonymous FTP? (Beware - allowed by default if you comment this out). +anonymous_enable=NO +# +# Uncomment this to allow local users to log in. +local_enable=YES +# +# Uncomment this to enable any form of FTP write command. +write_enable=YES +# +# Default umask for local users is 077. You may wish to change this to 022, +# if your users expect that (022 is used by most other ftpd's) +local_umask=022 +# +# Uncomment this to allow the anonymous FTP user to upload files. This only +# has an effect if the above global write enable is activated. Also, you will +# obviously need to create a directory writable by the FTP user. +#anon_upload_enable=YES +# +# Uncomment this if you want the anonymous FTP user to be able to create +# new directories. +#anon_mkdir_write_enable=YES +# +# Activate directory messages - messages given to remote users when they +# go into a certain directory. +dirmessage_enable=YES +# +# Activate logging of uploads/downloads. +xferlog_enable=YES +# +# Make sure PORT transfer connections originate from port 20 (ftp-data). +connect_from_port_20=YES +# +# If you want, you can arrange for uploaded anonymous files to be owned by +# a different user. Note! Using "root" for uploaded files is not +# recommended! +#chown_uploads=YES +#chown_username=whoever +# +# You may override where the log file goes if you like. The default is shown +# below. +#xferlog_file=/var/log/vsftpd.log +# +# If you want, you can have your log file in standard ftpd xferlog format +#xferlog_std_format=YES +# +# You may change the default value for timing out an idle session. +#idle_session_timeout=600 +# +# You may change the default value for timing out a data connection. +#data_connection_timeout=120 +# +# It is recommended that you define on your system a unique user which the +# ftp server can use as a totally isolated and unprivileged user. +#nopriv_user=ftpsecure +# +# Enable this and the server will recognise asynchronous ABOR requests. Not +# recommended for security (the code is non-trivial). Not enabling it, +# however, may confuse older FTP clients. +#async_abor_enable=YES +# +# By default the server will pretend to allow ASCII mode but in fact ignore +# the request. Turn on the below options to have the server actually do ASCII +# mangling on files when in ASCII mode. +# Beware that on some FTP servers, ASCII support allows a denial of service +# attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd +# predicted this attack and has always been safe, reporting the size of the +# raw file. +# ASCII mangling is a horrible feature of the protocol. +#ascii_upload_enable=YES +#ascii_download_enable=YES +# +# You may fully customise the login banner string: +#ftpd_banner=Welcome to blah FTP service. +# +# You may specify a file of disallowed anonymous e-mail addresses. Apparently +# useful for combatting certain DoS attacks. +#deny_email_enable=YES +# (default follows) +#banned_email_file=/etc/vsftpd.banned_emails +# +# You may restrict local users to their home directories. See the FAQ for +# the possible risks in this before using chroot_local_user or +# chroot_list_enable below. +#chroot_local_user=YES +# +# You may specify an explicit list of local users to chroot() to their home +# directory. If chroot_local_user is YES, then this list becomes a list of +# users to NOT chroot(). +#chroot_list_enable=YES +# (default follows) +#chroot_list_file=/etc/vsftpd.chroot_list +# +# You may activate the "-R" option to the builtin ls. This is disabled by +# default to avoid remote users being able to cause excessive I/O on large +# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume +# the presence of the "-R" option, so there is a strong case for enabling it. +#ls_recurse_enable=YES +# +# +# Debian customization +# +# Some of vsftpd's settings don't fit the Debian filesystem layout by +# default. These settings are more Debian-friendly. +# +# This option should be the name of a directory which is empty. Also, the +# directory should not be writable by the ftp user. This directory is used +# as a secure chroot() jail at times vsftpd does not require filesystem +# access. +secure_chroot_dir=/var/run/vsftpd +# +# This string is the name of the PAM service vsftpd will use. +pam_service_name=vsftpd +# +# This option specifies the location of the RSA certificate to use for SSL +# encrypted connections. +rsa_cert_file=/etc/ssl/certs/vsftpd.pem diff --git a/files/etc/vsftpd.conf.restore b/files/etc/vsftpd.conf.restore new file mode 100644 index 0000000..b39aef2 --- /dev/null +++ b/files/etc/vsftpd.conf.restore @@ -0,0 +1,137 @@ +# Example config file /etc/vsftpd.conf +# +# The default compiled in settings are fairly paranoid. This sample file +# loosens things up a bit, to make the ftp daemon more usable. +# Please see vsftpd.conf.5 for all compiled in defaults. +# +# READ THIS: This example file is NOT an exhaustive list of vsftpd options. +# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's +# capabilities. +# +# +# Run standalone? vsftpd can run either from an inetd or as a standalone +# daemon started from an initscript. +listen=YES +# +# Run standalone with IPv6? +# Like the listen parameter, except vsftpd will listen on an IPv6 socket +# instead of an IPv4 one. This parameter and the listen parameter are mutually +# exclusive. +#listen_ipv6=YES +# +# Allow anonymous FTP? (Beware - allowed by default if you comment this out). +anonymous_enable=YES +# +# Uncomment this to allow local users to log in. +#local_enable=YES +# +# Uncomment this to enable any form of FTP write command. +#write_enable=YES +# +# Default umask for local users is 077. You may wish to change this to 022, +# if your users expect that (022 is used by most other ftpd's) +#local_umask=022 +# +# Uncomment this to allow the anonymous FTP user to upload files. This only +# has an effect if the above global write enable is activated. Also, you will +# obviously need to create a directory writable by the FTP user. +#anon_upload_enable=YES +# +# Uncomment this if you want the anonymous FTP user to be able to create +# new directories. +#anon_mkdir_write_enable=YES +# +# Activate directory messages - messages given to remote users when they +# go into a certain directory. +dirmessage_enable=YES +# +# Activate logging of uploads/downloads. +xferlog_enable=YES +# +# Make sure PORT transfer connections originate from port 20 (ftp-data). +connect_from_port_20=YES +# +# If you want, you can arrange for uploaded anonymous files to be owned by +# a different user. Note! Using "root" for uploaded files is not +# recommended! +#chown_uploads=YES +#chown_username=whoever +# +# You may override where the log file goes if you like. The default is shown +# below. +#xferlog_file=/var/log/vsftpd.log +# +# If you want, you can have your log file in standard ftpd xferlog format +#xferlog_std_format=YES +# +# You may change the default value for timing out an idle session. +#idle_session_timeout=600 +# +# You may change the default value for timing out a data connection. +#data_connection_timeout=120 +# +# It is recommended that you define on your system a unique user which the +# ftp server can use as a totally isolated and unprivileged user. +#nopriv_user=ftpsecure +# +# Enable this and the server will recognise asynchronous ABOR requests. Not +# recommended for security (the code is non-trivial). Not enabling it, +# however, may confuse older FTP clients. +#async_abor_enable=YES +# +# By default the server will pretend to allow ASCII mode but in fact ignore +# the request. Turn on the below options to have the server actually do ASCII +# mangling on files when in ASCII mode. +# Beware that on some FTP servers, ASCII support allows a denial of service +# attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd +# predicted this attack and has always been safe, reporting the size of the +# raw file. +# ASCII mangling is a horrible feature of the protocol. +#ascii_upload_enable=YES +#ascii_download_enable=YES +# +# You may fully customise the login banner string: +#ftpd_banner=Welcome to blah FTP service. +# +# You may specify a file of disallowed anonymous e-mail addresses. Apparently +# useful for combatting certain DoS attacks. +#deny_email_enable=YES +# (default follows) +#banned_email_file=/etc/vsftpd.banned_emails +# +# You may restrict local users to their home directories. See the FAQ for +# the possible risks in this before using chroot_local_user or +# chroot_list_enable below. +#chroot_local_user=YES +# +# You may specify an explicit list of local users to chroot() to their home +# directory. If chroot_local_user is YES, then this list becomes a list of +# users to NOT chroot(). +#chroot_list_enable=YES +# (default follows) +#chroot_list_file=/etc/vsftpd.chroot_list +# +# You may activate the "-R" option to the builtin ls. This is disabled by +# default to avoid remote users being able to cause excessive I/O on large +# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume +# the presence of the "-R" option, so there is a strong case for enabling it. +#ls_recurse_enable=YES +# +# +# Debian customization +# +# Some of vsftpd's settings don't fit the Debian filesystem layout by +# default. These settings are more Debian-friendly. +# +# This option should be the name of a directory which is empty. Also, the +# directory should not be writable by the ftp user. This directory is used +# as a secure chroot() jail at times vsftpd does not require filesystem +# access. +secure_chroot_dir=/var/run/vsftpd +# +# This string is the name of the PAM service vsftpd will use. +pam_service_name=vsftpd +# +# This option specifies the location of the RSA certificate to use for SSL +# encrypted connections. +rsa_cert_file=/etc/ssl/certs/vsftpd.pem -- 1.7.10.4