*********************************************************************
AntiVir Virus Alert
*********************************************************************
This version of AntiVir MailGate is licensed for private and non-commercial use.
*********************************************************************
AntiVir found these viruses in the following mail:
Worm/Klez.E
The mail was not delivered.
You may force the delivery without further checking the mail using:
avq --deliver=04347-536A3823
but we would not advise to do so. You should delete it with:
avq --remove=04347-536A3823
For more information, please read the manual page avmailgate(icon_cool.gif.
----------Mail-Info----------
From: winson246 <winson246@sohu.com>
To: webmaster@fruitron.com.cn
Subject: Marginheight
Mail-From: suscono@pub.dgnet.gd.cn
Rcpt: webmaster@fruitron.com.cn
Queue-Id: 04347-536A3823
Status: The mail was not delivered!
-----------------------------
-----------Log-File----------
info: extracting attachment 1 to /var/tmp/av-06051-U43SFi/av-0
(encoding="quoted-printable", name="(no name)", filename="(no name)")
info: extracting attachment 2 to /var/tmp/av-06051-U43SFi/av-1
(encoding="base64", name="Vebnq.pif", filename="(no name)")
info: extracting attachment 3 to /var/tmp/av-06051-U43SFi/av-2
(encoding="base64", name="frame", filename="(no name)")
checking file "/var/tmp/av-06051-U43SFi/av-0"
checking file "/var/tmp/av-06051-U43SFi/av-1"
checking file "/var/tmp/av-06051-U43SFi/av-2"
-----------------------------
*********************************************************************
For more information on AntiVir please visit our web site
http://www.antivir.de or http://www.hbedv.com
mailto: info@antivir.de
AntiVir is a registered trademark of
H+BEDV Datentechnik GmbH
*********************************************************************
二、
*********************************************************************
AntiVir Virus Alert
*********************************************************************
This version of AntiVir MailGate is licensed for private and non-commercial use.
*********************************************************************
AntiVir found these viruses in a mail for you from winson246 <winson246@sohu.com>:
Worm/Klez.E
The mail was not delivered.
AntiVir MailGate prevented a virus delivery. But if you need to
receive further email from winson246 <winson246@sohu.com>,
you should ask him/her to buy a professional antivirus software such
as AntiVir from H+BEDV Datentechnik GmbH. He/She can contact
mailto:sales@hbedv.com for further information.
----------Mail-Info----------
From: winson246 <winson246@sohu.com>
To: webmaster@fruitron.com.cn
Subject: Marginheight
-----------------------------
*********************************************************************
For more information on AntiVir please visit our web site
http://www.antivir.de or http://www.hbedv.com
mailto: info@antivir.de
AntiVir is a registered trademark of
H+BEDV Datentechnik GmbH
*********************************************************************
自动升级病毒库后的报告:
AntiVir has successfully updated itself.
--> /usr/lib/AntiVir/antivir.vdf
Machine: gugonghcs.fruitron.com.cn
Date: 09 May 2002
Time: 10:39:18
-----------------------------
Copyright (C) 1994-2002 by H+BEDV Datentechnik GmbH.
All rights reserved.
# This file lists all the available parameters. Lines beginning with '#'
# are comments and are ignored. When a parameter is not specified, some
# default value is used. The default values are the values shown here,
# unless otherwise indicated.
###################################
# Parameters used by both daemons #
###################################
# ------------------------------------------------------------------------
# Avgated and avgatefwd will switch to this user and group
# as soon as possible. Avgated will do this after opening
# the SMTP port and avgatefwd will do it immediatelly.
# User uucp
# Group uucp
# ------------------------------------------------------------------------
# Who will get errors, virus alerts and information about automatic updates.
Postmaster postmaster
# ------------------------------------------------------------------------
# MyHostName: FQDN of the local host.
# The default value, if not set in configuration file, is that
# obtained by gethostname(2), or if this fails, "localhost".
# MyHostName localhost
# ------------------------------------------------------------------------
# The spooldir must be owned by User:Group (as specified above)
# and must be accessible by only this user (mode = 0700).
# Both programs will yell and refuse to run if something is wrong.
# SpoolDir /var/spool/avmailgate
# ------------------------------------------------------------------------
# AntiVirDir: The antivir 'library' directory, where the VDF,
# the key, and some other files are stored.
# AntiVirDir /usr/lib/AntiVir
# ------------------------------------------------------------------------
# TemporaryDir: Where the temporary files are stored
# (for example, attachments while virus checking them).
# It needs enough space to hold uncompressed attachments
# for each forwarder, and some more.
# Default: "/var/tmp" or else "/tmp".
# TemporaryDir /var/tmp
# ------------------------------------------------------------------------
# You can set this option to RECIPIENT, SENDER or BOTH to allow matching of
# domain name of the recipient and/or sender mail address, to check if it's
# to be considered local.
# If MatchMailAddressForLocal is RECIPIENT, and the recipient address matches
# the domain given in "local:", mail will be accepted.
# If MatchMailAddressForLocal is SENDER, and the sender address matches the
# domain given in "local:", mail will be accepted.
# If MatchMailAdressForLocal is BOTH, and the recipient or the sender adresses
# matches the domain given in "local:" mail will be accepted.
##############################
# Parameters used by avgated #
##############################
# ------------------------------------------------------------------------
# The pid file of the SMTP daemon
PidFile_avgated /var/run/avmailgate_d.pid
# ------------------------------------------------------------------------
# Select the interface, the smtp daemon will listen on.
# The default listen address of 0.0.0.0 means all interfaces.
# IF YOU ARE UNSURE JUST LEAVE IT AS IS!
ListenAddress 0.0.0.0 port 25
# ------------------------------------------------------------------------
# Limit the number of simultanous connections from remote sites.
# A limit of 0 disables this feature.
MaxIncomingConnections 0
# ------------------------------------------------------------------------
# Number of seconds until a timeout occures in SMTP conversation.
# SmtpTimeout 300
# ------------------------------------------------------------------------
# Larger mails will be rejected.
# A limit of 0 means "no limit".
MaxMessageSize 5000000
# ------------------------------------------------------------------------
# Refuse incoming connections if less free blocks are available
# on the filesystem containing the spool directory.
# MinFreeBlocks 100
# ------------------------------------------------------------------------
# So many recipients can be accepted at once.
MaxRecipientsPerMessage 100
# ------------------------------------------------------------------------
# Refuse 'MAIL FROM:<>'.
# Actually, RFC2821, RFC821 and RFC2505 explicitely note that 'MAIL FROM: <>'
# MUST be accepted. It is strongly recommended not to change the
# default setting.
RefuseEmptyMailFrom YES
# ------------------------------------------------------------------------
# When AllowSourceRouting is NO, if source routing is present in the
# given recipient address path, it's removed.
# When AllowSourceRouting is YES, then source routing is honored, and
# the messages is forwared to the first host specified in the route..
# AllowSourceRouting NO
# ------------------------------------------------------------------------
# When InEnvelopAddressesBangIs is REFUSED, the presence of an unquoted
# "!" in the recipient envelop address implies that the message will be
# refused.
# When InEnvelopAddressesBangIs is IGNORED, any unquoted "!" will be
# processed as any other non-special character of the address.
# When InEnvelopAddressesBangIs is INTERPRETED, then the address is
# rewritten in RFC821 standard form. An address such as:
# hostA!hostB!hostC!user
# is rewritten as:
# @hostA,@hostB:user@hostC
# Then, if source routing is allowed, the message is transmited to
# hostA, otherwise it's directly sent to hostC.
# Thus, this rewritting allow us to discover the recipient host, in the
# case where all the UUCP gateways on the route would have interpreted
# the address the same way as us. (If that were not the case, then this
# parameters should be set to IGNORED).
# InEnvelopAddressesBangIs REFUSED
# ------------------------------------------------------------------------
# When InEnvelopAddressesPercentIs is REFUSED, the presence of an
# unquoted "%" in the recipient envelop address implies that the message
# will be refused.
# When InEnvelopAddressesPercentIs is IGNORED, any unquoted "%" will be
# processed as any other non-special character of the address.
# When InEnvelopAddressesPercentIs is INTERPRETED, then the address is
# rewritten in RFC821 standard form. An address such as:
# user%hostC%hostB@hostA
# is rewritten as:
# @hostA,@hostB:user@hostC
# Then, if source routing is allowed, the message is transmited to
# hostA, otherwise it's directly sent to hostC.
# Thus, this rewritting allow us to discover the recipient host, in the
# case where all the gateways on the route would have interpreted the
# address the same way as us. (If that were not the case, then this
# parameters should be set to IGNORED).
# InEnvelopAddressesPercentIs REFUSED
# ------------------------------------------------------------------------
# When AcceptLooseDomainName is NO, if the name of the domain selected
# for delivery (depending on source routing) does not strictly conform
# it the domain name syntax,then it's refused.
# When AcceptLooseDomainName is YES, then no check is done on the domain
# name, apart of interpretting the domain name syntax for numerical IP
# addresses.
# AcceptLooseDomainName NO
################################
# Parameters used by avgatefwd #
################################
# ------------------------------------------------------------------------
# The pid file of the forwarder
PidFile_avgatefwd /var/run/avmailgate_fwd.pid
# ------------------------------------------------------------------------
# Number of forwarders running simultanously.
# (All the forwarders are of the same class, as specified by
# the following option).
# MaxForwarders 10
# ------------------------------------------------------------------------
# Select how mail should be forwarded.
# Send mail by piping it thru sendmail (this is the default):
# ForwardTo /usr/lib/sendmail -oem -oi
# Or if you want the mail to be sent by SMTP:
ForwardTo SMTP: localhost port 825
# ------------------------------------------------------------------------
# Stop delivery of suspicious MIME mails, that is
# a MIME nesting level > 20 or more than 100 attachments.
BlockSuspiciousMime YES
# ------------------------------------------------------------------------
# Send virus alerts to receipients outside your domain if
# the sender is a user local to your domain.
# ExposeAlerts NO
# ------------------------------------------------------------------------
# Send virus alerts to sender if the sender address is not local.
# This option is only available in commercial mode.
# ExposeSenderAlerts NO
# ------------------------------------------------------------------------
# User name of sender of virus alerts, if virus was found in a mail.
VirusAlertsUser AvMailGate
# ------------------------------------------------------------------------
# When AddStatusInBody is NO, no not status notification is inserted in
# the body of the emails.
# When AddStatusInBody is YES:
# For plain rfc822 email (non MIME), just insert the notification
# paragraph in the begining of the body.
# For MIME email, transmit the checked email as a new MIME
# multipart/mixed email, with a first text/plain section containing the
# status notification paragraph, and with a second message/rfc822
# section containgin the whole original message. Most headers from the
# orginal are copied to the transmited message.
# AddStatusInBody NO
# ------------------------------------------------------------------------
# When ForwardAllEmailAsMIME is NO, incoming emails that are not MIME
# emails get out as they came, non-MIME.
# When ForwardAllEmailAsMIME is YES:
# The behaviour does not change for MIME emails.
# However, plain rfc822 emails are encapsulated into a MIME
# message/rfc822 section of a multipart/mixed email that will inherit
# all the headers of the user email. If AddStatusInBody is YES too,
# then our text is added into a text/plain entity inserted before the
# message/rfc822 entity.
# ForwardAllEmailAsMIME NO
# ------------------------------------------------------------------------
# If ScanInArchive is NO, no files in an archive will be scanned.
# If ScanInArchives is YES, all files in archives are going to be extracted
# and scanned, depending on the resctrictions given with
# MaxFilesizeInArchive and MaxRecursionDepthInArchive.
ScanInArchive YES
# ------------------------------------------------------------------------
# If MaxFilesizeInArchive is 0, all files in an archive will be extracted,
# don't care of their unpacked size.
# If MaxFilesizeInArchive is >0, all files up to the adjusted size will be
# extracted.
# MaxFilesizeInArchive 0
# ------------------------------------------------------------------------
# If MaxRecursionDepthInArchive is 0, recursive archives are going to be
# unpacked with an unlimited recursion depth.
# If MaxRecursionDepthInArchive is >0, recursive archives are going to be
# unpacked up to the adjusted recursion depth.
# MaxRecursionDepthInArchive 5
# ------------------------------------------------------------------------
# If BlockSuspiciousArchive is NO, don't stop delivery of mails
# containing archives with a suspicious recursion depth.
# If BlockSuspiciousArchive is YES, stop delivery of mails
# containing archives if MaxRecursionDepthInArchive has been reached.
# BlockSuspiciousArchive NO
# ------------------------------------------------------------------------
# If BlockEncryptedArchive is NO, don't stop delivery of mails
# containing encrypted files in archives.
# If BlockEncryptedArchive is YES, stop delivery of mails
# containing encrypted files in an archive.
# If AddXHeaderInfo is YES, information about scanning status is added
# to the header of checked mail. E.g.: "X-AntiVirus: Checked by ..."
# This option is only available in commercial mode.
# Call external program or script if virus was found. The argument is the id of
# rejected message.
# ExternalProgram /dir/my_own_script
#########################
## That's all folks! ##
#########################
[/php]
avmailgate.acl
[php]
# Access lists for AvMailGate
# These hosts and/or domains are local.
local: localhost
local: fruitron.com.cn mail.fruitron.com.cn
# These hosts and networks are allowed to relay.
relay: 127.0.0.1/8 192.168.0.0/24 211.148.130.128/28
[/php]
sendmail.cf
[php]
#
# Copyright (c) 1998-2001 Sendmail, Inc. and its suppliers.
# All rights reserved.
# Copyright (c) 1983, 1995 Eric P. Allman. All rights reserved.
# Copyright (c) 1988, 1993
# The Regents of the University of California. All rights reserved.
#
# By using this file, you agree to the terms and conditions set
# forth in the LICENSE file which can be found at the top level of
# the sendmail distribution.
#
#
# override file safeties - setting this option compromises system security,
# addressing the actual file configuration problem is preferred
# need to set this before any file actions are encountered in the cf file
#O DontBlameSendmail=safe
# default LDAP map specification
# need to set this now before any LDAP maps are defined
#O LDAPDefaultSpec=-h localhost
##################
# local info #
##################
Cwlocalhost
# file containing names of hosts for which we receive email
Fw/etc/mail/local-host-names
# my official domain name
# ... define this only if sendmail cannot automatically determine your domain
#Dj$w.Foo.COM
# operators that cannot be in local usernames (i.e., network indicators)
CO @ % !
# a class with just dot (for identifying canonical names)
C..
# a class with just a left bracket (for identifying domain literals)
C[[
# access_db acceptance class
C{Accept}OK RELAY
# Hosts for which relaying is permitted ($=R)
FR-o /etc/mail/relay-domains
# arithmetic map
Karith arith
# possible values for tls_connect in access map
C{tls}VERIFY ENCR
# who I send unqualified names to (null means deliver locally)
#DR
# -_-_-_-_-_-_-_-_-_-_-_-_-_-_-_- gugong -_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-
DRmail.fruitron.com.cn
# -_-_-_-_-_-_-_-_-_-_-_-_-_-_-_- gugong -_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-
# who gets all local email traffic ($R has precedence for unqualified names)
#DH
# -_-_-_-_-_-_-_-_-_-_-_-_-_-_-_- gugong -_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-
DHmail.fruitron.com.cn
# -_-_-_-_-_-_-_-_-_-_-_-_-_-_-_- gugong -_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-
# dequoting map
Kdequote dequote
# class E: names that should be exposed as from this host, even if we masquerade
# class L: names that should be delivered locally, even if we have a relay
# class M: domains that should be converted to $M
# class N: domains that should not be converted to $M
#CL root
C{E}root
# who I masquerade as (null for no masquerading) (see also $=M)
#DM
# -_-_-_-_-_-_-_-_-_-_-_-_-_-_-_- gugong -_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-
DMfruitron.com.cn
# -_-_-_-_-_-_-_-_-_-_-_-_-_-_-_- gugong -_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-
# strip message body to 7 bits on input?
O SevenBitInput=False
# 8-bit data handling
#O EightBitMode=pass8
# wait for alias file rebuild (default units: minutes)
O AliasWait=10
# location of alias file
O AliasFile=/etc/aliases
# minimum number of free blocks on filesystem
O MinFreeBlocks=100
# maximum message size
#O MaxMessageSize=1000000
# -_-_-_-_-_-_-_-_-_-_-_-_-_-_-_- gugong -_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-
O MaxMessageSize=5000000
# -_-_-_-_-_-_-_-_-_-_-_-_-_-_-_- gugong -_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-
# substitution for space (blank) characters
O BlankSub=.
# avoid connecting to "expensive" mailers on initial submission?
O HoldExpensive=False
# checkpoint queue runs after every N successful deliveries
#O CheckpointInterval=10
# default delivery mode
O DeliveryMode=background
# automatically rebuild the alias database?
# NOTE: There is a potential for a denial of service attack if this is set.
# This option is deprecated and will be removed from a future version.
O AutoRebuildAliases
设为主页
收藏本站
相关文章: