New official release (v2) - see Bug 56233 for details; numerous app and ebuild changes

5 files changed, 2042 insertions, 4 deletions

diff --git a/mail-filter/amavisd-new/ChangeLog b/mail-filter/amavisd-new/ChangeLog
index db6d136d34b8..b050f81b16ce 100644
--- a/mail-filter/amavisd-new/ChangeLog
+++ b/mail-filter/amavisd-new/ChangeLog
@@ -1,6 +1,13 @@
 # ChangeLog for mail-filter/amavisd-new
 # Copyright 2000-2004 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/mail-filter/amavisd-new/ChangeLog,v 1.6 2004/07/18 15:40:35 aliz Exp $
+# $Header: /var/cvsroot/gentoo-x86/mail-filter/amavisd-new/ChangeLog,v 1.7 2004/07/28 17:25:36 merlin Exp $
+
+*amavisd-new-20040701 (28 Jul 2004)
+
+  28 Jul 2004; Cory Visi <merlin@gentoo.org> amavisd-new-20040701.ebuild,
+  files/amavisd.conf:
+  New official release (v2) - see Bug 56233 for details; numerous app and ebuild
+  changes
 
   15 Jun 2004; Thomas Raschbacher <lordvan@gentoo.org>
   amavisd-new-20030616_p8.ebuild, amavisd-new-20030616_p9.ebuild:
diff --git a/mail-filter/amavisd-new/Manifest b/mail-filter/amavisd-new/Manifest
index 258421756357..7a61133abc3e 100644
--- a/mail-filter/amavisd-new/Manifest
+++ b/mail-filter/amavisd-new/Manifest
@@ -1,10 +1,13 @@
+MD5 e5c515162199b0cf5873e59450caec3a ChangeLog 5219
 MD5 8f6932db0e432e589c41d9928d4198a0 amavisd-new-20030616_p8.ebuild 2630
 MD5 1417aabd41c7b66e06f012fac0edad91 amavisd-new-20030616_p9.ebuild 2901
-MD5 5d3689ebec909d9446a75835a54d5f06 ChangeLog 4994
 MD5 7e32edfd72887a57b16ecd73f0f7a1a0 metadata.xml 184
-MD5 1f1f4cf9c92f92f966361a8ac08aa543 files/amavisd.rc6 305
-MD5 3256d64018bee64fa34ed62fb93e44af files/sql_timeout.patch 3282
+MD5 28bfd33a76250484c589b19df20e4a89 amavisd-new-20040701.ebuild 3532
 MD5 f45025857b1aaeeb225782bf7f35c5c3 files/addr_extensions_in_sql.patch 10222
+MD5 1f1f4cf9c92f92f966361a8ac08aa543 files/amavisd.rc6 305
 MD5 0c677a1cb17705ea75841cabd5d14634 files/digest-amavisd-new-20030616_p8 75
 MD5 0a2364d819d448c49ea72dfe8c2a109a files/digest-amavisd-new-20030616_p9 75
 MD5 b9ac0b985d0cb7da0ab45fa22ebe38c8 files/lost_connection.patch 567
+MD5 3256d64018bee64fa34ed62fb93e44af files/sql_timeout.patch 3282
+MD5 ca888d0029704c16992a7439a8ee28f1 files/amavisd.conf 85575
+MD5 4b5c8018b70d0e6a8f52d37653996367 files/digest-amavisd-new-20040701 72
diff --git a/mail-filter/amavisd-new/amavisd-new-20040701.ebuild b/mail-filter/amavisd-new/amavisd-new-20040701.ebuild
new file mode 100644
index 000000000000..bb663477afdb
--- /dev/null
+++ b/mail-filter/amavisd-new/amavisd-new-20040701.ebuild
@@ -0,0 +1,139 @@
+# Copyright 1999-2004 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/mail-filter/amavisd-new/amavisd-new-20040701.ebuild,v 1.1 2004/07/28 17:25:36 merlin Exp $
+
+inherit eutils
+
+DESCRIPTION="High-performance interface between the MTA and content checkers."
+HOMEPAGE="http://www.ijs.si/software/amavisd/"
+SRC_URI="http://www.ijs.si/software/amavisd/${PN}-${PV/_/-}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~x86 ~ppc ~amd64 ~sparc"
+IUSE="ldap mysql postgres milter"
+
+DEPEND=">=sys-apps/sed-4
+	>=dev-lang/perl-5.8.2"
+
+RDEPEND="${DEPEND}
+	>=sys-apps/coreutils-5.0-r3
+	app-arch/gzip
+	app-arch/bzip2
+	app-arch/arc
+	app-arch/freeze
+	app-arch/lha
+	app-arch/unarj
+	app-arch/unrar
+	app-arch/zoo
+	dev-perl/Archive-Tar
+	dev-perl/Archive-Zip
+	dev-perl/Compress-Zlib
+	dev-perl/Convert-TNEF
+	dev-perl/Convert-UUlib
+	dev-perl/MIME-Base64
+	>=dev-perl/MIME-tools-6.2
+	>=dev-perl/MailTools-1.58
+	dev-perl/net-server
+	dev-perl/libnet
+	dev-perl/Digest-MD5
+	dev-perl/IO-stringy
+	>=dev-perl/Time-HiRes-1.49
+	dev-perl/Unix-Syslog
+	>=sys-libs/db-3.1
+	dev-perl/BerkeleyDB
+	virtual/mta
+	virtual/antivirus
+	ldap? ( dev-perl/perl-ldap )
+	mysql? ( dev-perl/DBD-mysql )
+	postgres? ( dev-perl/DBD-Pg )
+	milter? ( >=mail-mta/sendmail-8.12 )"
+
+S="${WORKDIR}/${PN}-${PV/_*/}"
+
+AMAVIS_ROOT=/var/amavis
+
+src_compile() {
+	if use milter ; then
+		cd "${S}/helper-progs"
+
+		econf --with-runtime-dir=${AMAVIS_ROOT} \
+			--with-sockname=${AMAVIS_ROOT}/amavisd.sock \
+			--with-user=amavis || die "helper-progs econf failed"
+		emake || die "helper-progs compile problem"
+
+		cd "${S}"
+	fi
+}
+
+src_install() {
+	enewgroup amavis
+	enewuser amavis -1 /bin/false ${AMAVIS_ROOT} amavis
+
+	dosbin amavisd
+
+	insinto /etc
+	doins ${FILESDIR}/amavisd.conf
+	dosed "s:^#\\?\\\$MYHOME[^;]*;:\$MYHOME = '$AMAVIS_ROOT';:" \
+		/etc/amavisd.conf
+	if [ "$(domainname)" = "(none)" ] ; then
+		dosed "s:^#\\?\\\$mydomain[^;]*;:\$mydomain = '$(hostname)';:" \
+			/etc/amavisd.conf
+	else
+		dosed "s:^#\\?\\\$mydomain[^;]*;:\$mydomain = '$(domainname)';:" \
+			/etc/amavisd.conf
+	fi
+
+	exeinto /etc/init.d
+	newexe "${FILESDIR}/amavisd.rc6" amavisd
+	dosed "s:/var/spool/amavis/:$AMAVIS_ROOT/:g" /etc/init.d/amavisd
+
+	keepdir ${AMAVIS_ROOT}
+	fowners amavis:amavis ${AMAVIS_ROOT}
+	fperms 0750 ${AMAVIS_ROOT}
+
+	keepdir ${AMAVIS_ROOT}/db
+	fowners amavis:amavis ${AMAVIS_ROOT}/db
+
+	keepdir ${AMAVIS_ROOT}/quarantine
+	fowners amavis:amavis ${AMAVIS_ROOT}/quarantine
+
+	keepdir ${AMAVIS_ROOT}/tmp
+	fowners amavis:amavis ${AMAVIS_ROOT}/tmp
+	for i in whitelist blacklist spam_lovers; do
+		touch ${D}${AMAVIS_ROOT}/${i}
+		fowners amavis:amavis ${AMAVIS_ROOT}/${i}
+	done
+
+	newdoc test-messages/README README.samples
+	dodoc AAAREADME.first INSTALL LDAP.schema LICENSE MANIFEST RELEASE_NOTES \
+		README_FILES/* test-messages/sample-* amavisd.conf-default amavisd-agent
+
+	if use milter ; then
+		cd "${S}/helper-progs"
+		einstall
+	fi
+}
+
+pkg_postinst() {
+	if `has_version mail-filter/razor` ; then
+		einfo "Setting up initial razor config files..."
+
+		razor-admin -create -home=${ROOT}${AMAVIS_ROOT}/.razor
+		sed -i -e "s:debuglevel\([ ]*\)= .:debuglevel\1= 0:g" \
+			${ROOT}${AMAVIS_ROOT}/.razor/razor-agent.conf
+		chown -R amavis:amavis ${ROOT}${AMAVIS_ROOT}/.razor
+	fi
+
+	echo
+	ewarn
+	ewarn "This version of amavisd-new has a different layout from previous versions"
+	ewarn "available in portage. The socket, pid, and lock file, as well as the"
+	ewarn "temporary, razor, and spamassassin configuration directories have all"
+	ewarn "moved to:"
+	ewarn
+	ewarn "${AMAVIS_ROOT}"
+	ewarn
+	ewarn "It may be necessary to reconfigure any helper applications."
+	ewarn
+}
diff --git a/mail-filter/amavisd-new/files/amavisd.conf b/mail-filter/amavisd-new/files/amavisd.conf
new file mode 100644
index 000000000000..06fc1eda2d74
--- /dev/null
+++ b/mail-filter/amavisd-new/files/amavisd.conf
@@ -0,0 +1,1888 @@
+# Copyright 1999-2004 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/mail-filter/amavisd-new/files/amavisd.conf,v 1.1 2004/07/28 17:25:36 merlin Exp $
+
+# Configuration file for amavisd-new on Gentoo Linux
+# Based on amavisd.conf-sample distributed with software
+#
+# This software is licensed under the GNU General Public License (GPL).
+# See comments at the start of amavisd-new for the whole license text.
+
+
+use strict;
+
+#Sections:
+# Section I    - Essential daemon and MTA settings
+# Section II   - MTA specific
+# Section III  - Logging
+# Section IV   - Notifications/DSN, BOUNCE/REJECT/DROP/PASS destiny, quarantine
+# Section V    - Per-recipient and per-sender handling, whitelisting, etc.
+# Section VI   - Resource limits
+# Section VII  - External programs, virus scanners, SpamAssassin
+# Section VIII - Debugging
+# Section IX   - Policy banks (dynamic policy switching)
+
+#GENERAL NOTES:
+#  This file is a normal Perl code, interpreted by Perl itself.
+#  - make sure this file (or directory where it resides) is NOT WRITABLE
+#    by mere mortals (not even vscan/amavis; best to make it owned by root),
+#    otherwise it represents a severe security risk!
+#  - for values which are interpreted as booleans, it is recommended
+#    to use 1 for true, and 0 or undef or '' for false.
+#    THIS IS DIFFERENT FROM OLD AMAVIS VERSIONS where "no" also meant false,
+#    now it means true, like any nonempty string does!
+#  - Perl syntax applies. Most notably: strings in "" may include variables
+#    (which start with $ or @); to include characters @ and $ in double
+#    quoted strings, precede them by a backslash; in single-quoted strings
+#    the $ and @ lose their special meaning, so it is usually easier to use
+#    single quoted strings (or qw operator) for e-mail addresses.
+#    Still, in both cases a backslash needs to be doubled.
+#  - variables with names starting with a '@' are lists, the values assigned
+#    to them should be lists as well, e.g. ('one@foo', $mydomain, "three");
+#    note the comma-separation and parenthesis. If strings in the list
+#    do not contain spaces nor variables, a Perl operator qw() may be used
+#    as a shorthand to split its argument on whitespace and produce a list
+#    of strings, e.g. qw( one@foo example.com three );  Note that the argument
+#    to qw is quoted implicitly and no variable interpretation is done within
+#    (no '$' variable evaluations). The #-initiated comments can NOT be used
+#    within a string. In other words, $ and # lose their special meaning
+#    within a qw argument, just like within '...' strings.
+#  - all e-mail addresses in this file and as used internally by the daemon
+#    are in their raw (rfc2821-unquoted and non-bracketed) form, i.e. 
+#    Bob "Funny" Dude@example.com, not: "Bob \"Funny\" Dude"@example.com
+#    and not <"Bob \"Funny\" Dude"@example.com>; also: '' and not '<>'.
+#  - the term 'default value' in examples below refers to the value of a
+#    variable pre-assigned to it by the program; any explicit assignment
+#    to a variable in this configuration file overrides the default value;
+
+
+#
+# Section I - Essential daemon and MTA settings
+#
+
+# $MYHOME serves as a quick default for some other configuration settings.
+# More refined control is available with each individual setting further down.
+# $MYHOME is not used directly by the program. No trailing slash!
+#$MYHOME = '/var/lib/amavis';   # (default is '/var/amavis')
+
+# $mydomain serves as a quick default for some other configuration settings.
+# More refined control is available with each individual setting further down.
+# $mydomain is never used directly by the program.
+$mydomain = 'example.com';      # (no useful default)
+
+# $myhostname = 'host.example.com';  # fqdn of this host, default by uname(3)
+
+# Set the user and group to which the daemon will change if started as root
+# (otherwise just keeps the UID unchanged, and these settings have no effect):
+$daemon_user  = 'amavis';	# (no default;  customary: vscan or amavis)
+$daemon_group = 'amavis';	# (no default;  customary: vscan or amavis)
+
+# Runtime working directory (cwd), and a place where
+# temporary directories for unpacking mail are created.
+# (no trailing slash, may be a scratch file system)
+#$TEMPBASE = $MYHOME;	        # (must be set if other config vars use is)
+$TEMPBASE = "$MYHOME/tmp";     # prefer to keep home dir /var/amavis clean?
+
+$db_home = "$MYHOME/db";	# DB databases directory, default "$MYHOME/db"
+
+# $helpers_home sets environment variable HOME, and is passed as option
+# 'home_dir_for_helpers' to Mail::SpamAssassin::new. It should be a directory
+# on a normal persistent file system, not a scratch or temporary file system
+$helpers_home = $MYHOME;	# (defaults to $MYHOME)
+
+# Run the daemon in the specified chroot jail if nonempty:
+#$daemon_chroot_dir = $MYHOME;  # (default is undef, meaning: do not chroot)
+
+#$pid_file  = "$MYHOME/amavisd.pid";  # (default is "$MYHOME/amavisd.pid")
+#$lock_file = "$MYHOME/amavisd.lock"; # (default is "$MYHOME/amavisd.lock")
+
+# set environment variables if you want (no defaults):
+$ENV{TMPDIR} = $TEMPBASE;       # wise to set TMPDIR, but not obligatory
+#...
+
+# MTA SETTINGS, UNCOMMENT AS APPROPRIATE,
+# both $forward_method and $notify_method default to 'smtp:[127.0.0.1]:10025'
+
+# POSTFIX, or SENDMAIL in dual-MTA setup, or EXIM V4
+# (set host and port number as required; host can be specified
+# as an IP address or a DNS name (A or CNAME, but MX is ignored)
+#$forward_method = 'smtp:[127.0.0.1]:10025';  # where to forward checked mail
+#$notify_method = $forward_method;            # where to submit notifications
+
+# To make it possible for several hosts to share one content checking daemon,
+# the IP address and/or the port number in $forward_method and $notify_method
+# may be spacified as an asterisk. An asterisk in the colon-separated
+# second field (host) will be replaced by the SMTP client peer address,
+# An asterisk in the third field (tcp port) will be replaced by the incoming
+# SMTP/LMTP session port number plus one. This obsoletes the previously used
+# less flexible configuration parameter $relayhost_is_client. An example:
+#   $forward_method = 'smtp:*:*'; $notify_method = 'smtp:*:10587';
+
+
+# NOTE: The defaults (above) are good for Postfix or dual-sendmail. You MUST
+#       uncomment the appropriate settings below if using other setups!
+
+# SENDMAIL MILTER, using amavis-milter.c helper program:
+#$forward_method = undef;  # no explicit forwarding, sendmail does it by itself
+# milter; option -odd is needed to avoid deadlocks
+#$notify_method = 'pipe:flags=q argv=/usr/sbin/sendmail -Ac -i -odd -f ${sender} -- ${recipient}';
+# just a thought: can we use use -Am instead of -odd ?
+
+# SENDMAIL (old non-milter setup, as relay):
+#$forward_method = 'pipe:flags=q argv=/usr/sbin/sendmail -C/etc/sendmail.orig.cf -i -f ${sender} -- ${recipient}';
+#$notify_method = $forward_method;
+
+# SENDMAIL (old non-milter setup, amavis.c calls local delivery agent):
+#$forward_method = undef;  # no explicit forwarding, amavis.c will call LDA
+#$notify_method = 'pipe:flags=q argv=/usr/sbin/sendmail -Ac -i -f ${sender} -- ${recipient}';
+
+# EXIM v3 (not recommended with v4 or later, which can use SMTP setup instead):
+#$forward_method = 'pipe:flags=q argv=/usr/sbin/exim -oMr scanned-ok -i -f ${sender} -- ${recipient}';
+#$notify_method = $forward_method;
+
+# prefer to collect mail for forwarding as BSMTP files?
+#$forward_method = "bsmtp:$MYHOME/out-%i-%n.bsmtp";
+#$notify_method = $forward_method;
+
+
+# Net::Server pre-forking settings
+# You may want $max_servers to match the width of your MTA pipe
+# feeding amavisd, e.g. with Postfix the 'Max procs' field in the
+# master.cf file, like the '2' in the:  smtp-amavis unix - - n - 2 smtp
+#
+$max_servers  =  4;   # number of pre-forked children          (default 2)
+$max_requests = 10;   # retire a child after that many accepts (default 10)
+
+$child_timeout=5*60;  # abort child if it does not complete each task in n sec
+                      # (default: 8*60 seconds)
+
+# Check also the settings of @av_scanners at the end if you want to use
+# virus scanners. If not, you may want to delete the whole long assignment
+# to the variable @av_scanners, which will also remove the virus checking
+# code (e.g. if you only want to do spam scanning).
+
+# Here is a QUICK WAY to completely DISABLE some sections of code
+# that WE DO NOT WANT (it won't even be compiled-in).
+# For more refined controls leave the following two lines commented out,
+# and see further down what these two lookup lists really mean.
+#
+# @bypass_virus_checks_maps = (1);  # uncomment to DISABLE anti-virus code
+# @bypass_spam_checks_maps  = (1);  # uncomment to DISABLE anti-spam code
+#
+# Any setting can be changed with a new assignment, so make sure
+# you do not unintentionally override these settings further down!
+
+
+# Lookup list of local domains (see README.lookups for syntax details)
+#
+# @local_domains_maps list of lookup tables are used in deciding whether a
+# recipient is local or not, or in other words, if the message is outgoing
+# or not. This affects inserting spam-related headers for local recipients,
+# limiting recipient virus notifications (if enabled) to local recipients,
+# in deciding if address extension may be appended, and in SQL lookups
+# for non-fqdn addresses. Set it up correctly if you need features
+# that rely on this setting (or just leave empty otherwise).
+#
+# With Postfix (2.0) a quick reminder on what local domains normally are:
+# a union of domains specified in: $mydestination, $virtual_alias_domains,
+# $virtual_mailbox_domains, and $relay_domains.
+
+@local_domains_maps = ( [".$mydomain"] );  # $mydomain and its subdomains
+# @local_domains_maps = (); # default is empty list, no recip. considered local
+# @local_domains_maps =  # using ACL lookup table
+#   ( [ ".$mydomain", '.example.com', 'sub.example.net' ] );
+# @local_domains_maps =  # similar, split list elements on whitespace
+#   ( [qw( .example.com !host.sub.example.net .sub.example.net )] );
+# @local_domains_maps = ( new_RE( qr'[@.]example\.com$'i ) );   # using regexp
+# @local_domains_maps = ( read_hash("$MYHOME/local_domains") ); # using hash
+
+#
+# Section II - MTA specific (defaults should be ok)
+#
+
+#$insert_received_line = 1;       # behave like MTA: insert 'Received:' header
+			          # (does not apply to sendmail/milter)
+			          # (default is true)
+
+# AMAVIS-CLIENT PROTOCOL INPUT SETTINGS (e.g. with sendmail milter)
+#   (used with amavis helper clients like amavis-milter.c and amavis.c,
+#   NOT needed for Postfix or Exim or dual-sendmail - keep it undefined.
+$unix_socketname = "$MYHOME/amavisd.sock"; # amavis helper protocol socket
+#$unix_socketname = undef;        # disable listening on a unix socket
+                                  # (default is undef, i.e. disabled)
+                                  # (usual setting is $MYHOME/amavisd.sock)
+
+# SMTP SERVER (INPUT) PROTOCOL SETTINGS (e.g. with Postfix, Exim v4, ...)
+#   (used when MTA is configured to pass mail to amavisd via SMTP or LMTP)
+$inet_socket_port = 10024;        # accept SMTP on this local TCP port
+                                  # (default is undef, i.e. disabled)
+# multiple ports may be provided: $inet_socket_port = [10024, 10026, 10028];
+
+# SMTP SERVER (INPUT) access control
+# - do not allow free access to the amavisd SMTP port !!!
+#
+# when MTA is at the same host, use the following (one or the other or both):
+#$inet_socket_bind = '127.0.0.1'; # limit socket bind to loopback interface
+                                  # (default is '127.0.0.1')
+@inet_acl = qw( 127.0.0.1 ::1 );  # allow SMTP access only from localhost IP
+                                  # (default is qw(127.0.0.1 ::1) )
+
+# when MTA (one or more) is on a different host, use the following:
+#@inet_acl = qw(127/8 ::1 10.1.0.1 10.1.0.2);  # adjust the list as appropriate
+#$inet_socket_bind = undef;       # bind to all IP interfaces if undef
+
+#
+# Example1:
+# @inet_acl = qw( 127/8 10/8 172.16/12 192.168/16 );
+# permit only SMTP access from loopback and rfc1918 private address space
+#
+# Example2:
+# @inet_acl = qw( !192.168.1.12 172.16.3.3 !172.16.3/255.255.255.0
+#		  127.0.0.1 10/8 172.16/12 192.168/16 );
+# matches loopback and rfc1918 private address space except host 192.168.1.12
+# and net 172.16.3/24 (but host 172.16.3.3 within 172.16.3/24 still matches)
+#
+# Example3:
+# @inet_acl = qw( 127/8
+#		  !172.16.3.0   !172.16.3.127 172.16.3.0/25
+#		  !172.16.3.128 !172.16.3.255 172.16.3.128/25 );
+# matches loopback and both halves of the 172.16.3/24 C-class,
+# split into two subnets, except all four broadcast addresses
+# for these subnets
+
+
+# @mynetworks is an IP access list which determines if the original SMTP client
+# IP address belongs to our internal networks. It is much like the Postfix
+# parameter 'mynetworks' in semantics and similar in syntax, and its value
+# should normally match the Postfix counterpart. It only affects the value
+# of a macro %l (=sender-is-local), and the loading of policy 'MYNETS' if
+# present (see below). Note that '-o smtp_send_xforward_command=yes' (or its
+# lmtp counterpart) must be enabled in the Postfix service that feeds amavisd,
+# otherwise client IP address is not available to amavisd-new.
+#
+# @mynetworks =
+#   qw( 127.0.0.0/8 ::1 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 );  # default
+
+
+# See README.lookups for details on specifying access control lists.
+
+
+#
+# Section III - Logging
+#
+
+# true (e.g. 1) => syslog;  false (e.g. 0) => logging to file
+$DO_SYSLOG = 1;                   # (defaults to false)
+#$SYSLOG_LEVEL = 'user.info';     # (facility.priority, default 'mail.info')
+
+# Log file (if not using syslog)
+$LOGFILE = "$MYHOME/amavis.log";  # (defaults to empty, no log)
+
+#NOTE: levels are not strictly observed and are somewhat arbitrary
+# 0: startup/exit/failure messages, viruses detected
+# 1: args passed from client, some more interesting messages
+# 2: virus scanner output, timing
+# 3: server, client
+# 4: decompose parts
+# 5: more debug details
+$log_level = 0;		  # (defaults to 0)
+
+# Customizable template for the most interesting log file entry (e.g. with
+# $log_level=0) (take care to properly quote Perl special characters like '\')
+# For a list of available macros see README.customize .
+
+# $log_templ = undef;      # disable by-message level-0 log entries
+$log_recip_templ = undef;  # disable by-recipient level-0 log entries
+
+
+# log both infected and noninfected messages (new default):
+#
+# [?%#D||Passed #
+# [? %#V |[? %#F |[? %#X |[? %2 |CLEAN|SPAM]|BAD-HEADER]|BANNED (%F)]|INFECTED (%V)]#
+# , [?%a||\[%a\] ]<%o> -> [%D|,]#
+# [? %q ||, quarantine: %i]#
+# [? %m ||, Message-ID: %m]#
+# [? %r ||, Resent-Message-ID: %r]#
+# , Hits: %c#
+# ]
+# [?%#O||Blocked #
+# [? %#V |[? %#F |[? %#X |[? %2 |CLEAN|SPAM]|BAD-HEADER]|BANNED (%F)]|INFECTED (%V)]#
+# , [?%a||\[%a\] ]<%o> -> [%O|,]#
+# [? %q ||, quarantine: %i]#
+# [? %m ||, Message-ID: %m]#
+# [? %r ||, Resent-Message-ID: %r]#
+# , Hits: %c#
+# ]
+
+
+#
+# Section IV - Notifications/DSN, BOUNCE/REJECT/DROP/PASS destiny, quarantine
+#
+
+# Select notifications text encoding when Unicode-aware Perl is converting
+# text from internal character representation to external encoding (charset
+# in MIME terminology). Used as argument to Perl Encode::encode subroutine.
+#
+#   to be used in RFC 2047-encoded header field bodies, e.g. in Subject:
+#$hdr_encoding = 'iso-8859-1';  # MIME charset (default: 'iso-8859-1')
+#$hdr_encoding_qb = 'Q';        # MIME encoding: quoted-printable (default)
+#$hdr_encoding_qb = 'B';        # MIME encoding: base64
+#
+#   to be used in notification body text: its encoding and Content-type.charset
+#$bdy_encoding = 'iso-8859-1';  # (default: 'iso-8859-1')
+
+# Default template texts for notifications may be overruled by directly
+# assigning new text to template variables, or by reading template text
+# from files. A second argument may be specified in a call to read_text(),
+# specifying character encoding layer to be used when reading from the
+# external file, e.g. 'utf8', 'iso-8859-1', or often just $bdy_encoding.
+# Text will be converted to internal character representation by Perl 5.8.0
+# or later; second argument is ignored otherwise. See PerlIO::encoding,
+# Encode::PerlIO and perluniintro man pages.
+#
+# $notify_sender_templ      = read_text("$MYHOME/notify_sender.txt");
+# $notify_virus_sender_templ= read_text("$MYHOME/notify_virus_sender.txt");
+# $notify_virus_admin_templ = read_text("$MYHOME/notify_virus_admin.txt");
+# $notify_virus_recips_templ= read_text("$MYHOME/notify_virus_recips.txt");
+# $notify_spam_sender_templ = read_text("$MYHOME/notify_spam_sender.txt");
+# $notify_spam_admin_templ  = read_text("$MYHOME/notify_spam_admin.txt");
+
+# If notification template files are collectively available in some directory,
+# use read_l10n_templates which calls read_text for each known template.
+#
+#   read_l10n_templates('/etc/amavis/en_US');
+
+
+# Here is an overall picture (sequence of events) of how pieces fit together
+# (only virus controls are shown, spam controls work the same way):
+#
+#   bypass_virus_checks set for all recipients? ==> PASS
+#   no viruses?   ==> PASS
+#   log virus     if $log_templ is nonempty
+#   quarantine    if $virus_quarantine_to is nonempty
+#   notify admin  if $virus_admin (lookup) nonempty
+#   notify recips if $warnvirusrecip and (recipient is local or $warn_offsite)
+#   add address extensions for local recipients (when enabled)
+#   send (non-)delivery notifications
+#      to sender if DSN needed (BOUNCE or ($warnvirussender and D_PASS))
+#   virus_lovers or final_destiny==D_PASS  ==> PASS
+#   DISCARD (2xx) or REJECT (5xx) (depending on final_*_destiny)
+#
+# Equivalent flow diagram applies for spam checks.
+# If a virus is detected, spam checking is skipped entirely.
+
+# The following symbolic constants can be used in *destiny settings:
+#
+# D_PASS     mail will pass to recipients, regardless of bad contents;
+#
+# D_DISCARD  mail will not be delivered to its recipients, sender will NOT be
+#            notified. Effectively we lose mail (but will be quarantined
+#            unless disabled). Losing mail is not decent for a mailer,
+#            but might be desired.
+#
+# D_BOUNCE   mail will not be delivered to its recipients, a non-delivery
+#            notification (bounce) will be sent to the sender by amavisd-new;
+#            Exception: bounce (DSN) will not be sent if a virus name matches
+#            $viruses_that_fake_sender_re, or to messages from mailing lists
+#            (Precedence: bulk|list|junk);
+#
+# D_REJECT   mail will not be delivered to its recipients, sender should
+#            preferably get a reject, e.g. SMTP permanent reject response
+#            (e.g. with milter), or non-delivery notification from MTA
+#            (e.g. Postfix). If this is not possible (e.g. different recipients
+#            have different tolerances to bad mail contents and not using LMTP)
+#            amavisd-new sends a bounce by itself (same as D_BOUNCE).
+#
+# Notes:
+#   D_REJECT and D_BOUNCE are similar, the difference is in who is responsible
+#            for informing the sender about non-delivery, and how informative
+#            the notification can be (amavisd-new knows more than MTA);
+#   With D_REJECT, MTA may reject original SMTP, or send DSN (delivery status
+#            notification, colloquially called 'bounce') - depending on MTA;
+#            Best suited for sendmail milter, especially for spam.
+#   With D_BOUNCE, amavisd-new (not MTA) sends DSN (can better explain the
+#            reason for mail non-delivery, but unable to reject the original
+#            SMTP session). Best suited to reporting viruses, and for Postfix
+#            and other dual-MTA setups, which can't reject original client SMTP
+#            session, as the mail has already been enqueued.
+
+########
+#
+# Please think about what you are doing when you set these options.
+# If necessary, question your origanization's e-mail policies:
+#
+# D_BOUNCE contributes to the overall spread of virii and spam on the
+# internet. Both the envelope and header from addresses can be forged
+# accurately with no effort.
+#
+# D_DISCARD breaks internet mail specifications. However, with a
+# properly implemented Quaratine system, the concern for breaking the
+# specification is addressed to some extent.
+#
+# D_PASS is the safest way to handle e-mails. You must implement
+# client-side filtering to handle this method.
+#
+# -Cory Visi <merlin@gentoo.org> 07/28/04
+#
+#######
+$final_virus_destiny      = D_DISCARD;  # (defaults to D_DISCARD)
+$final_banned_destiny     = D_DISCARD;  # (defaults to D_BOUNCE)
+$final_spam_destiny       = D_DISCARD;  # (defaults to D_BOUNCE)
+$final_bad_header_destiny = D_PASS;     # (defaults to D_PASS)
+
+# Alternatives to consider for spam:
+# - use D_PASS if clients will do filtering based on inserted mail headers;
+# - use D_DISCARD, if kill_level is set safely high;
+# - use D_BOUNCE instead of D_REJECT if not using milter;
+#
+# D_BOUNCE is preferred for viruses, but consider:
+# - use D_PASS (or virus_lovers) and $warnvirussender=1 to deliver viruses;
+# - use D_REJECT instead of D_BOUNCE if using milter and under heavy
+#   virus storm;
+#
+# Don't bother to set both D_DISCARD and $warn*sender=1, it will get mapped
+# to D_BOUNCE.
+#
+# The separation of *_destiny values into D_BOUNCE, D_REJECT, D_DISCARD
+# and D_PASS made settings $warnvirussender and $warnspamsender only still
+# useful with D_PASS.
+
+# The following $warn*sender settings are ONLY used when mail is
+# actually passed to recipients ($final_*_destiny=D_PASS, or *_lovers*).
+# Bounces or rejects produce non-delivery status notification anyway.
+
+# Notify virus sender?
+#$warnvirussender = 1;	# (defaults to false (undef))
+
+# Notify spam sender?
+#$warnspamsender = 1;	# (defaults to false (undef))
+
+# Notify sender of banned files?
+#$warnbannedsender = 1;	# (defaults to false (undef))
+
+# Notify sender of syntactically invalid header containing non-ASCII characters?
+#$warnbadhsender = 1;	# (defaults to false (undef))
+
+# Notify virus (or banned files or bad headers) RECIPIENT?
+#  (not very useful, but some policies demand it)
+#$warnvirusrecip = 1;	# (defaults to false (undef))
+#$warnbannedrecip = 1;	# (defaults to false (undef))
+#$warnbadhrecip = 1;	# (defaults to false (undef))
+
+# Notify also non-local virus/banned recipients if $warn*recip is true?
+#  (including those not matching local_domains*)
+#$warn_offsite = 1;	# (defaults to false (undef), i.e. only notify locals)
+
+
+# Treat envelope sender address as unreliable and don't send sender
+# notification / bounces if name(s) of detected virus(es) match the list.
+# Note that virus names are supplied by external virus scanner(s) and are
+# not standardized, so virus names may need to be adjusted.
+# See README.lookups for syntax, check also README.policy-on-notifications
+#
+@viruses_that_fake_sender_maps = (new_RE(
+  qr'nimda|hybris|klez|bugbear|yaha|braid|sobig|fizzer|palyh|peido|holar'i,
+  qr'tanatos|lentin|bridex|mimail|trojan\.dropper|dumaru|parite|spaces'i,
+  qr'dloader|galil|gibe|swen|netwatch|bics|sbrowse|sober|rox|val(hal)?la'i,
+  qr'frethem|sircam|be?agle|tanx|mydoom|novarg|shimg|netsky|somefool|moodown'i,
+  qr'@mm|@MM',    # mass mailing viruses as labeled by f-prot and uvscan
+  qr'Worm'i,      # worms as labeled by ClamAV, Kaspersky, etc
+  [qr'^(EICAR|Joke\.|Junk\.)'i         => 0],
+  [qr'^(WM97|OF97|W95/CIH-|JS/Fort)'i  => 0],
+  [qr/.*/ => 1],  # true by default  (remove or comment-out if undesired)
+));
+
+# where to send ADMIN VIRUS NOTIFICATIONS (should be a fully qualified address)
+# - the administrator address may be a simple fixed e-mail address (a scalar),
+#   or may depend on the SENDER address (e.g. its domain), in which case
+#   a ref to a hash table can be specified (specify lower-cased keys,
+#   dot is a catchall, see README.lookups).
+#
+#   Empty or undef lookup disables virus admin notifications.
+
+$virus_admin = "virusalert\@$mydomain";
+# $virus_admin = 'virus-admin@example.com';
+# $virus_admin = undef;   # do not send virus admin notifications (default)
+#
+#@virus_admin_maps = (    # by-sender maps
+#  {'not.example.com'=>'', '.'=>'virusalert@example.com'},
+#  $virus_admin,   # the usual default
+#);
+
+# equivalent to $virus_admin, but for spam admin notifications:
+# $spam_admin = "spamalert\@$mydomain";
+# $spam_admin = undef;    # do not send spam admin notifications (default)
+#@spam_admin_maps = (     # by-sender maps
+#  {'not.example.com'=>'', '.'=>'spamalert@example.com'},
+#  $spam_admin,   # the usual default
+#);
+
+#advanced example, using a hash lookup table and a scalar default:
+#@virus_admin_maps = (    # by-sender maps
+#  { 'baduser@sub1.example.com' => 'HisBoss@sub1.example.com',
+#    '.sub1.example.com'  => 'virusalert@sub1.example.com',
+#    '.sub2.example.com'  => '',               # don't send admin notifications
+#    'a.sub3.example.com' => 'abuse@sub3.example.com',
+#    '.sub3.example.com'  => 'virusalert@sub3.example.com',
+#    '.example.com'       => 'noc@example.com', # default for our virus senders
+#  },
+#  'virusalert@hq.example.com',  # catchall for the rest
+#);
+
+
+# whom notification reports are sent from (ENVELOPE SENDER);
+# may be a null reverse path, or a fully qualified address:
+#   (admin and recip sender addresses default to a null return path)
+#   If using strings in double quotes, don't forget to quote @, i.e. \@
+#
+$mailfrom_notify_admin     = "virusalert\@$mydomain";
+$mailfrom_notify_recip     = "virusalert\@$mydomain";
+$mailfrom_notify_spamadmin = "spam.police\@$mydomain";
+
+# 'From' HEADER FIELD for sender and admin notifications.
+# This should be a replyable address, see rfc1894. Not to be confused
+# with $mailfrom_notify_sender, which is the envelope return address
+# and should be empty (null reverse path) according to rfc2821.
+#
+# The syntax of the 'From' header field is specified in rfc2822, section
+# '3.4. Address Specification'. Note in particular that display-name must be
+# a quoted-string if it contains any special characters like spaces and dots.
+#
+# $hdrfrom_notify_sender = "amavisd-new <postmaster\@$mydomain>";
+# $hdrfrom_notify_sender = 'amavisd-new <postmaster@example.com>';
+# $hdrfrom_notify_sender = '"Content-Filter Master" <postmaster@example.com>';
+# $hdrfrom_notify_admin = $mailfrom_notify_admin;
+# $hdrfrom_notify_spamadmin = $mailfrom_notify_spamadmin;
+#   (all default to: "\"Content-filter at $myhostname\" <postmaster\@$myhostname>")
+
+# whom quarantined messages appear to be sent from (envelope sender);
+# keeps original sender if undef, or set it explicitly, default is undef
+$mailfrom_to_quarantine = '';   # override sender address with null return path
+
+
+# Location to put infected mail into: (applies to 'local:' quarantine method)
+#   empty for not quarantining, may be a file (mailbox),
+#   or a directory (no trailing slash)
+#   (the default value is undef, meaning no quarantine)
+#
+$QUARANTINEDIR = "$MYHOME/quarantine";
+
+#$virus_quarantine_method        = 'local:virus-%i-%n';    # default
+#$spam_quarantine_method         = 'local:spam-%b-%i-%n';  # default
+#$banned_files_quarantine_method = 'local:banned-%i-%n';   # default
+#$bad_header_quarantine_method   = 'local:badh-%i-%n';     # default
+
+# Separate quarantine subdirectories virus, spam, banned and badh within
+# the directory $QUARANTINEDIR may be specified by the following settings
+# (the subdirectories need to exist - must be created manually):
+#$virus_quarantine_method        = 'local:virus/virus-%i-%n';
+#$spam_quarantine_method         = 'local:spam/spam-%b-%i-%n';
+#$banned_files_quarantine_method = 'local:banned/banned-%i-%n';
+#$bad_header_quarantine_method   = 'local:badh/badh-%i-%n';
+
+#
+#use the new 'bsmtp:' method as an alternative to the default 'local:'
+#$virus_quarantine_method = "bsmtp:$QUARANTINEDIR/virus-%i-%n.bsmtp";
+#$spam_quarantine_method  = "bsmtp:$QUARANTINEDIR/spam-%b-%i-%n.bsmtp";
+
+# When using the 'local:' quarantine method (default), the following applies:
+#
+# A finer control of quarantining is available through variable
+# $virus_quarantine_to/$spam_quarantine_to. It may be a simple scalar string,
+# or a ref to a hash lookup table, or a regexp lookup table object,
+# which makes possible to set up per-recipient quarantine addresses.
+#
+# The value of scalar $virus_quarantine_to/$spam_quarantine_to (or a
+# per-recipient lookup result from lookup tables @virus_quarantine_to_maps)
+# is/are interpreted as follows:
+#
+# VARIANT 1:
+#   empty or undef disables quarantine;
+#
+# VARIANT 2:
+#   a string NOT containing an '@';
+# amavisd will behave as a local delivery agent (LDA) and will quarantine
+# viruses to local files according to hash %local_delivery_aliases (pseudo
+# aliases map) - see subroutine mail_to_local_mailbox() for details.
+# Some of the predefined aliases are 'virus-quarantine' and 'spam-quarantine'.
+# Setting $virus_quarantine_to ($spam_quarantine_to) to this string will:
+#
+# * if $QUARANTINEDIR is a directory, each quarantined virus will go
+#   to a separate file in the $QUARANTINEDIR directory (traditional
+#   amavis style, similar to maildir mailbox format);
+#
+# * otherwise $QUARANTINEDIR is treated as a file name of a Unix-style
+#   mailbox. All quarantined messages will be appended to this file.
+#   Amavisd child process must obtain an exclusive lock on the file during
+#   delivery, so this may be less efficient than using individual files
+#   or forwarding to MTA, and it may not work across NFS or other non-local
+#   file systems (but may be handy for pickup of quarantined files via IMAP
+#   for example);
+#
+# VARIANT 3:
+#   any email address (must contain '@').
+# The e-mail messages to be quarantined will be handed to MTA
+# for delivery to the specified address. If a recipient address local to MTA
+# is desired, you may leave the domain part empty, e.g. 'infected@', but the
+# '@' character must nevertheless be included to distinguish it from variant 2.
+#
+# This method enables more refined delivery control made available by MTA
+# (e.g. its aliases file, other local delivery agents, dealing with
+# privileges and file locking when delivering to user's mailbox, nonlocal
+# delivery and forwarding, fan-out lists). Make sure the mail-to-be-quarantined
+# will not be handed back to amavisd for checking, as this will cause a loop
+# (hopefully broken at some stage)! If this can be assured, notifications
+# will benefit too from not being unnecessarily virus-scanned.
+#
+# By default this is safe to do with Postfix and Exim v4 and dual-sendmail
+# setup, but probably not safe with sendmail milter interface without
+# precaution.
+
+# (default values are: virus-quarantine, banned-quarantine, spam-quarantine)
+
+$virus_quarantine_to  = 'virus-quarantine';    # traditional local quarantine
+#$virus_quarantine_to = 'infected@';           # forward to MTA for delivery
+#$virus_quarantine_to = "virus-quarantine\@$mydomain";   # similar
+#$virus_quarantine_to = 'virus-quarantine@example.com';  # similar
+#$virus_quarantine_to = undef;                 # no quarantine
+#
+#@virus_quarantine_to_maps = (   # per-recip multiple quarantines
+#  new_RE( [qr'^user@example\.com$'i => 'infected@'],
+#          [qr'^(.*)@example\.com$'i => 'virus-${1}@example.com'],
+#          [qr'^(.*)(@[^@])?$'i      => 'virus-${1}${2}'] ),
+#  $virus_quarantine_to,  # the usual default
+#);
+
+# similar for banned names and bad headers and spam (set to undef to disable)
+$banned_quarantine_to     = 'banned-quarantine';     # local quarantine
+$bad_header_quarantine_to = 'bad-header-quarantine'; # local quarantine
+$spam_quarantine_to       = 'spam-quarantine';       # local quarantine
+
+# or to a mailbox:
+#$spam_quarantine_to = "spam-quarantine\@$mydomain";
+#
+#@spam_quarantine_to_maps = (    # per-recip multiple quarantines
+#  new_RE( [qr'^(.*)@example\.com$'i => 'spam-${1}@example.com'] ),
+#  $spam_quarantine_to,  # the usual default
+#);
+
+
+# In addition to per-recip quarantine, a by-sender lookup is possible. It is
+# similar to $spam_quarantine_to, but the lookup key is the sender address:
+#$spam_quarantine_bysender_to = undef;   # dflt: no by-sender spam quarantine
+
+
+# Add X-Virus-Scanned header field to mail?
+$X_HEADER_TAG = 'X-Virus-Scanned';	# (default: undef)
+# Leave empty to add no header field	# (default: undef)
+$X_HEADER_LINE = "by amavisd-new at $mydomain";
+
+# a string to prepend to Subject (for local recipients only) if mail could
+# not be decoded or checked entirely, e.g. due to password-protected archives
+$undecipherable_subject_tag = '***UNCHECKED*** ';  # undef disables it
+
+# MIME defanging wraps the entire original mail in a MIME container of type
+# 'Content-type: multipart/mixed', where the first part is a text/plain with
+# a short explanation, and the second part is a complete original mail,
+# enclosed in a 'Content-type: message/rfc822' MIME part.
+# Defanging is only done when enabled (selectively by malware type)
+# and the malware is allowed to pass (*_lovers or *_destiny=D_PASS)
+#
+$defang_virus  = 1;  # default is false: don't modify mail body
+$defang_banned = 1;  # default is false: don't modify mail body
+# $defang_bad_header     = 1;  # default is false: don't modify mail body
+$defang_undecipherable = 1;  # default is false: don't modify mail body
+# $defang_spam = 1;  # default is false: don't modify mail body
+
+$remove_existing_x_scanned_headers = 0; # leave existing X-Virus-Scanned alone
+#$remove_existing_x_scanned_headers= 1; # remove existing headers
+					# (defaults to false)
+#$remove_existing_spam_headers = 0;     # leave existing X-Spam* headers alone
+$remove_existing_spam_headers  = 1;     # remove existing spam headers if
+					# spam scanning is enabled (default)
+
+# set $bypass_decode_parts to true if you only do spam scanning, or if you
+# have a good virus scanner that can deal with compression and recursively
+# unpacking archives by itself, and save amavisd the trouble.
+# Disabling decoding also causes banned_files checking to only see
+# MIME names and MIME content types, not the content classification types
+# as provided by the file(1) utility.
+# It is a double-edged sword, make sure you know what you are doing!
+#
+#$bypass_decode_parts = 1;		# (defaults to false)
+
+# don't trust this file type or corresponding unpacker for this file type,
+# keep both the original and the unpacked file for a virus checker to see
+# (lookup key is what file(1) utility returned):
+#
+@keep_decoded_original_maps = (new_RE(
+# qr'^MAIL$',   # retain full original message for virus checking (can be slow)
+  qr'^MAIL-UNDECIPHERABLE$',  # retain full mail if it contains undecipherables
+  qr'^(ASCII(?! cpio)|text|uuencoded|xxencoded|binhex)'i,
+# qr'^Zip archive data',
+));
+
+
+# Checking for banned MIME types and names. If any mail part matches,
+# the whole mail is rejected, much like the way viruses are handled.
+# Object $banned_filename_re provides a list of Perl regular expressions
+# to be matched against each part's:
+#
+#  * Content-Type value (both declared and effective mime-type),
+#    including the possible security-risk content types
+#    message/partial and message/external-body, as specified in rfc2046;
+#
+#  * declared (recommended) file names as specified by MIME subfields
+#    Content-Disposition.filename and Content-Type.name, both in their
+#    raw (encoded) form and in rfc2047-decoded form if applicable;
+#
+#  * file content type as guessed by 'file(1)' utility, mapped
+#    (by @map_full_type_to_short_type_maps) into short type names such as
+#    .asc, .txt, .html, .doc, .jpg, .pdf, .zip, .exe-ms, ..., which is always
+#    beginning with a dot. These short types are available unless
+#    $bypass_decode_parts is true.
+#
+# All nodes (mail parts) of the fully recursively decoded mail and embedded
+# archives are checked, each node independently from remaining nodes.
+#
+# For each node all its ancestor nodes including itself are checked against
+# $banned_filename_re lookup list, top-down. The search for this node stops
+# at the first match, the right-hand side of the matching key determines
+# the result (true or false, absent right-hand side implies true, as explained
+# in README.lookups).
+#
+# Although repeatedly re-checking ancestor nodes may seem excessive, it gives
+# the opportunity to specify rules which make a particular node hide its
+# descendents, e.g. allow anything witnin a .zip even though .exe files
+# are otherwise not allowed.
+#
+# Leave $banned_filename_re undefined to disable these checks
+# (giving an empty list to new_RE() will also always return false)
+
+$banned_filename_re = new_RE(
+# qr'^UNDECIPHERABLE$',  # is or contains any undecipherable components
+
+  # block certain double extensions anywhere in the base name
+  qr'\.[^./]*\.(exe|vbs|pif|scr|bat|cmd|com|dll)$'i,
+
+# qr'[{}]',      # curly braces in names (serve as Class ID extensions - CLSID)
+
+  qr'^application/x-msdownload$'i,                  # block these MIME types
+  qr'^application/x-msdos-program$'i,
+
+# qr'^message/partial$'i, qr'^message/external-body$'i, # block rfc2046
+
+# [ qr'^\.(Z|gz|bz2)$'           => 0 ],  # allow anything Unix-compressed
+  [ qr'^\.(rpm|cpio|tar)$'       => 0 ],  # allow anything in Unix archives
+# [ qr'^\.(zip|rar|arc|arj|zoo)$'=> 0 ],  # allow anything within such archives
+
+  qr'.\.(exe|vbs|pif|scr|bat|cmd|com)$'i, # banned extension - basic
+# qr'.\.(ade|adp|bas|bat|chm|cmd|com|cpl|crt|exe|hlp|hta|inf|ins|isp|js|
+#        jse|lnk|mdb|mde|msc|msi|msp|mst|pcd|pif|reg|scr|sct|shs|shb|vb|
+#        vbe|vbs|wsc|wsf|wsh)$'ix,        # banned extension - long
+# qr'.\.(mim|b64|bhx|hqx|xxe|uu|uue)$'i,  # banned extension - WinZip vulnerab.
+
+  qr'^\.(exe-ms)$',                       # banned file(1) types
+# qr'^\.(exe|lha|tnef|cab)$',             # banned file(1) types
+);
+# See http://support.microsoft.com/default.aspx?scid=kb;EN-US;q262631
+# and http://www.cknow.com/vtutor/vtextensions.htm
+
+# A little trick: a pattern qr'\.exe$' matches both a short type name '.exe',
+# as well as any file name which happens to end with .exe. If only matching
+# a file name is desired, but not the short name, a pattern qr'.\.exe$'i
+# or similar may be used, which requires that at least one character precedes
+# the '.exe', and so it will never match short file types, which always start
+# with a dot.
+
+
+# the syntax of these Perl regular expressions is a bit awkward if not
+# familiar with them, so please do follow examples and stick to the idioms:
+#   \A        ... at the beginning of the first component
+#   \z        ... at the end of the the last (leaf) component
+#   ^         ... at the beginning of each component in the path
+#   $         ... at the end of each component in the path
+#   (.*\t)?   ... at the beginning of a field
+#   (\t.*)?   ... at the end of a field
+#   \t(.*\t)* ... separating fields
+#   [^\t\n]   ... any single character, but don't escape from this field
+#   (.*\n)+   ... one or more levels down
+
+$banned_namepath_re = new_RE(
+
+  # block these MIME types
+  qr'(?#NO X-MSDOWNLOAD)   ^(.*\t)? M=application/x-msdownload   (\t.*)? $'xmi,
+  qr'(?#NO X-MSDOS-PROGRAM)^(.*\t)? M=application/x-msdos-program(\t.*)? $'xmi,
+
+# # block rfc2046 MIME types
+# qr'(?# BLOCK RFC2046 )
+#    ^ (.*\t)? M=message/(partial|external-body) (\t.*)? $'xmi,
+
+# # within traditional Unix compressions allow any name and type
+# [ qr'(?#rule-3) ^ (.*\t)? T=(Z|gz|bz2)     (\t.*)? $'xmi => 0 ],  # allow
+
+  # within traditional Unix archives allow any name and type
+  [ qr'(?#rule-4) ^ (.*\t)? T=(tar|rpm|cpio) (\t.*)? $'xmi => 0 ],  # allow
+
+# # block anything within a zip
+# qr'(?#rule-5) ^ (.*\t)? T=zip (\t.*)? (.*\n)+ .* $'xmi,
+
+  # block certain double extensions in filenames
+  qr'(?# BLOCK DOUBLE-EXTENSIONS )
+     ^ (.*\t)? N= [^\t\n]* \. [^./\t\n]* \.
+                  (exe|vbs|pif|scr|bat|cmd|com|dll) (\t.*)? $'xmi,
+
+# # block curly braces (used in Class ID (CLSID) extensions) in filenames
+# qr'(?# BLOCK CLSID-EXTENSIONS )
+#    ^ (.*\t)? N= [^\t\n]* [{}] [^\t\n]* (\t.*)? $'xmi,
+
+# # banned declared names with three or more consecutive spaces
+# qr'(?# BLOCK NAMES WITH SPACES )
+#    ^ (.*\t)? N= [^\t\n]*  [ ]{3,} 'xmi,
+
+# # within PC archives allow any types or names nested to any level
+# [ qr'(?#rule-7) ^ (.*\t)? T=(zip|rar|arc|arj|zoo) (\t.*)? $'xmi => 0 ],  # ok
+
+# # within certain archives allow leaf members nested to any depth if crypted
+# [ qr'(?# ALLOW ENCRYPTED )
+#      ^ (.*\t)? T=(zip|rar|arj) (.*\n)+ (.*\t)? A=C (\t.*)? \z'xmi => 0 ],
+
+# # allow crypted leaf members regardless of their name or type
+# [ qr'(?# ALLOW IF ENCRYPTED )    ^ (.*\t)? A=C (\t.*)? \z'xmi => 0 ],
+
+# # block if any component can not be decoded (e.g. is encrypted)
+# qr'(?# BLOCK IF UNDECIPHERABLE ) ^ (.*\t)? A=U (\t.*)? \z'xmi,
+
+# [ qr'(?#rule-11)
+#      \A (.*\t)? T=(rpm|cpio|tar|zip|rar|arc|arj|zoo|Z|gz|bz2)
+#         \t(.*\t)* N=example\d+[^\t\n]*
+#         (\t.*)? $'xmi => 0 ],
+
+  # banned filename extensions (in declared names) anywhere - basic
+  qr'(?# BLOCK COMMON NAME EXENSIONS )
+     ^ (.*\t)? N= [^\t\n]* \. (exe|vbs|pif|scr|bat|com) (\t.*)? $'xmi,
+
+# # banned filename extensions (in declared names) anywhere - long
+# qr'(?# BLOCK MORE NAME EXTENSIONS )
+#    ^ (.*\t)? N= [^\t\n]* \. (
+#    ade|adp|bas|bat|chm|cmd|com|cpl|crt|exe|hlp|hta|inf|ins|isp|js|
+#    jse|lnk|mdb|mde|msc|msi|msp|mst|pcd|pif|reg|scr|sct|shs|shb|vb|
+#    vbe|vbs|wsc|wsf|wsh) (\t.*)? $'xmi,
+
+# # banned filename extensions anywhere - WinZip vulnerability (pre-V9)
+# qr'(?# BLOCK WinZip VULNERABILITY EXENSIONS )
+#    ^ (.*\t)? N= [^\t\n]* \. (mim|b64|bhx|hqx|xxe|uu|uue) (\t.*)? $'xmi,
+
+  qr'(?# BLOCK Microsoft EXECUTABLES )
+     ^ (.*\t)? T=(exe-ms) (\t.*)? $'xm,            # banned file(1) type
+
+# qr'(?# BLOCK ANY EXECUTABLE )
+#    ^ (.*\t)? T=exe (\t.*)? $'xm,                 # banned file(1) type
+
+# qr'(?# BLOCK THESE TYPES )
+#    ^ (.*\t)? T=(exe|lha|tnef|cab) (\t.*)? $'xm,  # banned file(1) type
+
+);
+
+# old or new style, or both?
+#
+  $banned_filename_re = undef;
+# $banned_namepath_re = undef;  # !!!
+
+#
+# Section V - Per-recipient and per-sender handling, whitelisting, etc.
+#
+
+# @virus_lovers_maps list of lookup tables:
+#   (this should be considered a policy option, is does not disable checks,
+#   see bypass*checks for that!)
+#
+# Exclude certain RECIPIENTS from virus filtering by adding their (lower-cased)
+# envelope e-mail address (or domain only) to one of the lookup tables in
+# the @virus_lovers_maps list - see README.lookups and examples.
+# Make sure the appropriate form (e.g. external/internal) of address
+# is used in case of virtual domains, or when mapping external to internal
+# addresses, etc. - this is MTA-specific.
+#
+# Notifications would still be generated however (see the overall
+# picture above), and infected mail (if passed) gets additional header:
+#   X-AMaViS-Alert: INFECTED, message contains virus: ...
+# (header not inserted with milter interface!)
+#
+# NOTE (milter interface only): in case of multiple recipients,
+# it is only possible to drop or accept the message in its entirety - for all
+# recipients. If all of them are virus lovers, we'll accept mail, but if
+# at least one recipient is not a virus lover, we'll discard the message.
+
+
+# @bypass_virus_checks_maps list of lookup tables:
+#   (this is mainly a time-saving option, unlike virus_lovers* !)
+#
+# Similar in concept to @virus_lovers_maps, a @bypass_virus_checks_maps
+# is used to skip entirely the decoding, unpacking and virus checking,
+# but only if ALL recipients match the lookup.
+#
+# @bypass_virus_checks_maps does NOT GUARANTEE the message will NOT be checked
+# for viruses - this may still happen when there is more than one recipient
+# for a message, and not all of them match these lookup tables. To guarantee
+# virus delivery, a recipient must also match @virus_lovers_maps lookups
+# (but see milter limitations above),
+
+# NOTE: it would not be clever to base virus checks on SENDER address,
+# since there are no guarantees that it is genuine. Many viruses
+# and spam messages fake sender address. To achieve selective filtering
+# based on the source of the mail (e.g. IP address, MTA port number, ...),
+# use mechanisms provided by MTA if available.
+
+
+# Similar to lists of lookup tables controlling virus checking, there are
+# counterparts for spam scanning, banned names/types, and headers_checks
+# control:
+#   @spam_lovers_maps,
+#   @banned_files_lovers_maps,
+#   @bad_header_lovers_maps
+# and:
+#   @bypass_spam_checks_maps,
+#   @bypass_banned_checks_maps,
+#   @bypass_header_checks_maps
+
+# Example:
+#   @bypass_header_checks_maps = ( [qw( user@example.com )] );
+#   @bad_header_lovers_maps    = ( [qw( user@example.com )] );
+
+# The following example disables spam checking altogether,
+# since it matches any recipient e-mail address (any address
+# is a subdomain of the top-level root DNS domain):
+#   @bypass_spam_checks_maps = (1);
+
+
+# See README.lookups for further detail, and examples below.
+
+# In the following example a list of lookup tables @virus_lovers_maps
+# contains three elements, the first is a reference to an ACL lookup
+# table (brackets in Perl indicate a ref to a list), the second is a
+# reference to a hash lookup table (braces in Perl indicate a ref to a hash),
+# the third is a regexp lookup table, indicated by the type of the object:
+#
+#@virus_lovers_maps = (
+# [ qw( me@lab.xxx.com !lab.xxx.com .xxx.com yyy.org ) ],
+# { "postmaster\@$mydomain" => 1, # double quotes permit variable evaluation
+#   'postmaster@example.com'=> 1, # in single quotes the '@' need not be quoted
+#   'abuse@example.com'=> 1,
+#   'some.user@'       => 1,  # this recipient, regardless of domain
+#   'boss@example.com' => 0,  # never, even if domain matches
+#   'example.com'      => 1,  # this domain, but not its subdomains
+#   '.example.com'     => 1,  # this domain, including its subdomains
+# },
+# new_RE( qr'^(helpdesk|postmaster)@example\.com$'i ),
+#);
+
+#@spam_lovers_maps = (
+# ["postmaster\@$mydomain", 'postmaster@example.com', 'abuse@example.com'],
+#);
+
+#@bad_header_lovers_maps = (
+# ["postmaster\@", "abuse\@$mydomain"],
+#);
+
+# to save some typing of quotes and commas, a Perl operator qw can be used
+# to split its argument on whitespace and to quote resulting elements:
+#@bypass_spam_checks_maps = (
+#  [ qw( some.ddd !butnot.example.com .example.com ) ],
+#);
+
+
+# don't run spam check for these RECIPIENT domains:
+#   @bypass_spam_checks_maps = ( [qw( d1.com .d2.com a.d3.com )] );
+# or the other way around (bypass check for all BUT these):
+#   @bypass_spam_checks_maps = ( [qw( !d1.com !.d2.com !a.d3.com . )] );
+# a practical application: don't check outgoing mail for spam:
+#   @bypass_spam_checks_maps = ( [ "!.$mydomain", "." ] );
+# (a downside of which is that such mail will not count as ham in SA bayes db)
+
+
+# Where to find SQL server(s) and database to support SQL lookups?
+# A list of triples: (dsn,user,passw).   (dsn = data source name)
+# More than one entry may be specified for multiple (backup) SQL servers.
+# See 'man DBI', 'man DBD::mysql', 'man DBD::Pg', ... for details.
+# When chroot-ed, accessing SQL server over inet socket may be more convenient.
+#
+# @lookup_sql_dsn =
+#   ( ['DBI:mysql:database=mail;host=127.0.0.1;port=3306', 'user1', 'passwd1'],
+#     ['DBI:mysql:database=mail;host=host2', 'username2', 'password2'] );
+#
+# ('mail' in the example is the database name, choose what you like)
+# With PostgreSQL the dsn (first element of the triple) may look like:
+#      'DBI:Pg:host=host1;dbname=mail'
+
+# The SQL select clause to fetch per-recipient policy settings.
+# The %k will be replaced by a comma-separated list of query addresses
+# (e.g. full address, domain only, catchall).  Use ORDER, if there
+# is a chance that multiple records will match - the first match wins.
+# If field names are not unique (e.g. 'id'), the later field overwrites the
+# earlier in a hash returned by lookup, which is why we use '*,users.id'.
+# No need to uncomment the following assignment if the default is ok.
+#   $sql_select_policy = 'SELECT *,users.id FROM users,policy'.
+#     ' WHERE (users.policy_id=policy.id) AND (users.email IN (%k))'.
+#     ' ORDER BY users.priority DESC';
+#
+# The SQL select clause to check sender in per-recipient whitelist/blacklist
+# The first SELECT argument '?' will be users.id from recipient SQL lookup,
+# the %k will be sender addresses (e.g. full address, domain only, catchall).
+# The default value is:
+#   $sql_select_white_black_list = 'SELECT wb FROM wblist,mailaddr'.
+#     ' WHERE (wblist.rid=?) AND (wblist.sid=mailaddr.id)'.
+#     '   AND (mailaddr.email IN (%k))'.
+#     ' ORDER BY mailaddr.priority DESC';
+#
+# To disable SQL white/black list, set to undef (otherwise comment-out
+# the following statement, leaving it at the default value):
+$sql_select_white_black_list = undef;  # undef disables SQL white/blacklisting
+
+
+# If passing malware to certain recipients ($final_*_destiny=D_PASS or
+# *_lovers), the recipient-based lookup tables @addr_extension_*_maps may
+# return a string, which (if nonempty) will be added as an address extension
+# to the local-part of the recipient's address. This extension may be used
+# by the final local delivery agent (LDA) to place such mail into different
+# subfolders (the extension is usually interpreted as a folder name).
+# This is sometimes known as the 'plus addressing'. Appending address
+# extensions is prevented when:
+# - recipient does not match lookup tables @local_domains_maps;
+# - lookup into corresponding @addr_extension_*_maps results
+#   in an empty string or undef;
+# - $recipient_delimiter is empty (see below)
+# LDAs usually default to stripping away address extension if no special
+# handling is specified, so adding address extensions normally does no harm
+# even if such subfolders do not exist in user's mailboxes.
+
+# @addr_extension_virus_maps  = ('virus');     # defaults to empty
+# @addr_extension_spam_maps   = ('spam');      # defaults to empty
+# @addr_extension_banned_maps = ('banned');    # defaults to empty
+# @addr_extension_bad_header_maps = ('badh');  # defaults to empty
+#
+# A more complex example:
+# @addr_extension_virus_maps = (
+#   {'sub.example.com'=>'infected', '.example.com'=>'filtered'}, 'virus' );
+
+# Delimiter between local part of the recipient address and address extension
+# (which can optionally be added, see @addr_extension_*_maps. E.g. recipient
+# address <user@example.com> gets changed to <user+virus@example.com>.
+#
+# Delimiter must match the equivalent (final) MTA delimiter setting.
+# (e.g. for Postfix add 'recipient_delimiter = +' to main.cf)
+# Setting it to an empty string or to undef disables adding extensions
+# regardless of $addr_extension_*_maps.
+
+$recipient_delimiter = '+';		# (default is '+')
+
+# true: replace extension;  false: append extension
+# $replace_existing_extension = 1;	# (default is false)
+
+# Affects matching of localpart of e-mail addresses (left of '@')
+# in lookups: true = case sensitive, false = case insensitive
+$localpart_is_case_sensitive = 0;	# (default is false)
+
+
+# ENVELOPE SENDER SOFT-WHITELISTING / SOFT-BLACKLISTING
+
+# Instead of strongly black- or whitelisting, a softer approach is to add
+# score points (penalties) to the SA score for mail from certain senders.
+# Positive points lean towards blacklisting, negative towards whitelisting.
+# This is much like adding SA rules or using its white/blacklisting, except
+# that here only envelope sender addresses are considered (not addresses
+# in a mail header), and that score points can be assigned per-recipient
+# (or globally), and the assigned penalties are customarily much lower
+# that the default SA white/blacklisting score.
+#
+# The table structure is similar to $per_recip_whitelist_sender_lookup_tables
+# i.e. the first level key is recipient, pointing to by-sender lookup tables.
+# The essential difference is that scores from _all_ by-recipient lookups
+# (not just the first that matches) are summed to give the final score boost.
+#
+# NOTE: keep hash keys in lowercase, either manually or by using function lc
+
+@score_sender_maps = ({  # a by-recipient hash lookup table
+
+# # per-recipient personal tables  (NOTE: positive: black, negative: white)
+# 'user1@example.com'  => [{'bla-mobile.press@example.com' => 10.0}],
+# 'user3@example.com'  => [{'.ebay.com'                 => -3.0}],
+# 'user4@example.com'  => [{'cleargreen@cleargreen.com' => -7.0,
+#                           '.cleargreen.com'           => -5.0}],
+
+  # site-wide opinions about senders (the '.' matches any recipient)
+  '.' => [  # the _first_ matching sender determines the score boost
+
+   new_RE(  # regexp-type lookup table, just happens to be all soft-blacklist
+    [qr'^(bulkmail|offers|cheapbenefits|earnmoney|foryou)@'i         => 5.0],
+    [qr'^(greatcasino|investments|lose_weight_today|market\.alert)@'i=> 5.0],
+    [qr'^(money2you|MyGreenCard|new\.tld\.registry|opt-out|opt-in)@'i=> 5.0],
+    [qr'^(optin|saveonlsmoking2002k|specialoffer|specialoffers)@'i   => 5.0],
+    [qr'^(stockalert|stopsnoring|wantsome|workathome|yesitsfree)@'i  => 5.0],
+    [qr'^(your_friend|greatoffers)@'i                                => 5.0],
+    [qr'^(inkjetplanet|marketopt|MakeMoney)\d*@'i                    => 5.0],
+   ),
+
+   { # a hash-type lookup table (associative array)
+     'nobody@cert.org'                        => -3.0,
+     'cert-advisory@us-cert.gov'              => -3.0,
+     'owner-alert@iss.net'                    => -3.0,
+     'slashdot@slashdot.org'                  => -3.0,
+     'bugtraq@securityfocus.com'              => -3.0,
+     'ntbugtraq@listserv.ntbugtraq.com'       => -3.0,
+     'security-alerts@linuxsecurity.com'      => -3.0,
+     'mailman-announce-admin@python.org'      => -3.0,
+     'amavis-user-admin@lists.sourceforge.net'=> -3.0,
+     'notification-return@lists.sophos.com'   => -3.0,
+     'owner-postfix-users@postfix.org'        => -3.0,
+     'owner-postfix-announce@postfix.org'     => -3.0,
+     'owner-sendmail-announce@lists.sendmail.org'   => -3.0,
+     'sendmail-announce-request@lists.sendmail.org' => -3.0,
+     'donotreply@sendmail.org'                => -3.0,
+     'ca+envelope@sendmail.org'               => -3.0,
+     'noreply@freshmeat.net'                  => -3.0,
+     'owner-technews@postel.acm.org'          => -3.0,
+     'ietf-123-owner@loki.ietf.org'           => -3.0,
+     'cvs-commits-list-admin@gnome.org'       => -3.0,
+     'rt-users-admin@lists.fsck.com'          => -3.0,
+     'clp-request@comp.nus.edu.sg'            => -3.0,
+     'surveys-errors@lists.nua.ie'            => -3.0,
+     'emailnews@genomeweb.com'                => -5.0,
+     'yahoo-dev-null@yahoo-inc.com'           => -3.0,
+     'returns.groups.yahoo.com'               => -3.0,
+     'clusternews@linuxnetworx.com'           => -3.0,
+     lc('lvs-users-admin@LinuxVirtualServer.org')    => -3.0,
+     lc('owner-textbreakingnews@CNNIMAIL12.CNN.COM') => -5.0,
+
+     # soft-blacklisting (positive score)
+     'sender@example.net'                     =>  3.0,
+     '.example.net'                           =>  1.0,
+
+   },
+  ],  # end of site-wide tables
+});
+
+
+# ENVELOPE SENDER WHITELISTING / BLACKLISTING  - GLOBAL (RECIPIENT-INDEPENDENT)
+# (affects spam checking only, has no effect on virus and other checks)
+
+# WHITELISTING: use ENVELOPE SENDER lookups to ENSURE DELIVERY from whitelisted
+# senders even if the message would be recognized as spam. Effectively, for
+# the specified senders, message recipients temporarily become 'spam_lovers'.
+# To avoid surprises, whitelisted sender also suppresses inserting/editing
+# the tag2-level header fields (X-Spam-*, Subject), appending spam address
+# extension, and quarantining.
+#
+# BLACKLISTING: messages from specified SENDERS are DECLARED SPAM.
+# Effectively, for messages from blacklisted senders, spam level
+# is artificially pushed high, and the normal spam processing applies,
+# resulting in 'X-Spam-Flag: YES', high 'X-Spam-Level' bar and other usual
+# reactions to spam, including possible rejection. If the message nevertheless
+# still passes (e.g. for spam loving recipients), it is tagged as BLACKLISTED
+# in the 'X-Spam-Status' header field, but the reported spam value and
+# set of tests in this report header field (if available from SpamAssassin,
+# which may have not been called) is not adjusted.
+#
+# A sender may be both white- and blacklisted at the same time, settings
+# are independent. For example, being both white- and blacklisted, message
+# is delivered to recipients, but is not tagged as spam (X-Spam-Flag: No;
+# X-Spam-Status: No, ...), but the reported spam level (if computed) may
+# still indicate high spam score.
+#
+# If ALL recipients of the message either white- or blacklist the sender,
+# spam scanning (calling the SpamAssassin) is bypassed, saving on time.
+#
+# The following variables (lists of lookup tables) are available,
+# with the semantics and syntax as specified in README.lookups:
+# @whitelist_sender_maps, @blacklist_sender_maps
+
+# SOME EXAMPLES:
+#
+#ACL:
+# @whitelist_sender_maps = ( ['.example.org', '.example.net'] );
+# @whitelist_sender_maps = ( [qw(.example.org  .example.net)] );  # same thing
+#
+# @whitelist_sender_maps = ( [".$mydomain"] );  # $mydomain and its subdomains
+# NOTE: This is not a reliable way of turning off spam checks for
+#       locally-originating mail, as sender address can easily be faked.
+#       To reliably avoid spam-scanning outgoing mail,
+#       use @bypass_spam_checks_maps .
+
+#with regexps:
+# @whitelist_sender_maps = ( new_RE(
+#   qr'^postmaster@.*\bexample\.com$'i,
+#   qr'^owner-[^@]*@'i,  qr'-request@'i,
+#   qr'\.example\.com$'i
+# ));
+
+
+# illustrates the use of regexp lookup table:
+
+@blacklist_sender_maps = ( new_RE(
+    qr'^(bulkmail|offers|cheapbenefits|earnmoney|foryou|greatcasino)@'i,
+    qr'^(investments|lose_weight_today|market\.alert|money2you|MyGreenCard)@'i,
+    qr'^(new\.tld\.registry|opt-out|opt-in|optin|saveonlsmoking2002k)@'i,
+    qr'^(specialoffer|specialoffers|stockalert|stopsnoring|wantsome)@'i,
+    qr'^(workathome|yesitsfree|your_friend|greatoffers)@'i,
+    qr'^(inkjetplanet|marketopt|MakeMoney)\d*@'i,
+));
+
+
+# NOTE: whitelisting is becoming deprecated,
+#       use @score_sender_maps for soft-whitelisting!
+#
+# Illustrates the use of several lookup tables:
+#
+# @whitelist_sender_maps = (
+#
+# # read_hash("$MYHOME/whitelist_sender"),  # a hash table read from a file
+#
+#   # and another hash lookup table constructed in-line, with keys lowercased:
+#   { map {lc $_ => 1} qw(
+#     nobody@cert.org
+#     cert-advisory@us-cert.gov
+#     owner-alert@iss.net
+#     slashdot@slashdot.org
+#     bugtraq@securityfocus.com
+#     NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
+#     security-alerts@linuxsecurity.com
+#     amavis-user-admin@lists.sourceforge.net
+#     notification-return@lists.sophos.com
+#     mailman-announce-admin@python.org
+#     owner-postfix-users@postfix.org
+#     owner-postfix-announce@postfix.org
+#     owner-sendmail-announce@lists.sendmail.org
+#     sendmail-announce-request@lists.sendmail.org
+#     owner-technews@postel.ACM.ORG
+#     lvs-users-admin@LinuxVirtualServer.org
+#     ietf-123-owner@loki.ietf.org
+#     cvs-commits-list-admin@gnome.org
+#     rt-users-admin@lists.fsck.com
+#     clp-request@comp.nus.edu.sg
+#     surveys-errors@lists.nua.ie
+#     emailNews@genomeweb.com
+#     owner-textbreakingnews@CNNIMAIL12.CNN.COM
+#     yahoo-dev-null@yahoo-inc.com
+#     returns.groups.yahoo.com
+#   )},
+# 
+# # { '' => 1 },  # and another one, containing just an empty reverse path (DSN)
+#
+# );
+
+
+# ENVELOPE SENDER WHITELISTING / BLACKLISTING - PER-RECIPIENT
+
+# The same semantics as for global white/blacklisting applies, but this
+# time each recipient (or its domain, or subdomain, ...) can be given
+# an individual lookup table for matching senders. The per-recipient lookups
+# override the global lookups, which serve as a fallback default.
+
+# Specify a two-level lookup table: the key for the outer table is recipient,
+# and the result should be an inner lookup table (hash or ACL or RE),
+# where the key used will be the sender.
+#
+#$per_recip_blacklist_sender_lookup_tables = {
+# 'user1@my.example.com'=>new_RE(qr'^(inkjetplanet|marketopt|MakeMoney)\d*@'i),
+# 'user2@my.example.com'=>[qw( spammer@d1.example,org .d2.example,org )],
+#};
+#$per_recip_whitelist_sender_lookup_tables = {
+# 'user@my.example.com' => [qw( friend@example.org .other.example.org )],
+# '.my1.example.com'    => [qw( !foe.other.example,org .other.example,org )],
+# '.my2.example.com'    => read_hash("$MYHOME/my2-wl.dat"),
+# 'abuse@' => { 'postmaster@'=>1,
+#               'cert-advisory-owner@cert.org'=>1, 'owner-alert@iss.net'=>1 },
+#};
+
+
+#
+# Section VI - Resource limits
+#
+
+# Sanity limit to the number of allowed recipients per SMTP transaction
+# $smtpd_recipient_limit = 1000;  # (default is 1000)
+
+# Resource limits to protect unpackers, decompressors and virus scanners
+# against mail bombs (e.g. 42.zip)
+
+
+# Maximum recursion level for extraction/decoding (0 or undef disables limit)
+$MAXLEVELS = 14;		# (default is undef, no limit)
+
+# Maximum number of extracted files (0 or undef disables the limit)
+$MAXFILES = 1500;		# (default is undef, no limit)
+
+# For the cumulative total of all decoded mail parts we set max storage size
+# to defend against mail bombs. Even though parts may be deleted (replaced
+# by decoded text) during decoding, the size they occupied is _not_ returned
+# to the quota pool.
+#
+# Parameters to storage quota formula for unpacking/decoding/decompressing
+#   Formula:
+#     quota = max($MIN_EXPANSION_QUOTA,
+#                 $mail_size*$MIN_EXPANSION_FACTOR,
+#                 min($MAX_EXPANSION_QUOTA, $mail_size*$MAX_EXPANSION_FACTOR))
+#   In plain words (later condition overrules previous ones):
+#     allow MAX_EXPANSION_FACTOR times initial mail size,
+#     but not more than MAX_EXPANSION_QUOTA,
+#     but not less than MIN_EXPANSION_FACTOR times initial mail size,
+#     but never less than MIN_EXPANSION_QUOTA
+#
+$MIN_EXPANSION_QUOTA =      100*1024;  # bytes  (default undef, not enforced)
+$MAX_EXPANSION_QUOTA = 300*1024*1024;  # bytes  (default undef, not enforced)
+$MIN_EXPANSION_FACTOR =   5;  # times original mail size  (must be specified)
+$MAX_EXPANSION_FACTOR = 500;  # times original mail size  (must be specified)
+
+# expiration time of cached results: time to live in seconds
+#   (how long the result of a virus/spam test remains valid)
+$virus_check_negative_ttl=  3*60; # time to remember that mail was not infected
+$virus_check_positive_ttl= 30*60; # time to remember that mail was infected
+$spam_check_negative_ttl = 30*60; # time to remember that mail was not spam
+$spam_check_positive_ttl = 30*60; # time to remember that mail was spam
+#
+# NOTE:
+#   Cache size will be determined by the largest of the $*_ttl values.
+#   Depending on the mail rate, the cache database may grow quite large.
+#   Reasonable compromise for the max value is 15 minutes to 2 hours.
+
+#
+# Section VII - External programs, virus scanners
+#
+
+# Specify a path string, which is a colon-separated string of directories
+# (no trailing slashes!) to be assigned to the environment variable PATH
+# and to serve for locating external programs below.
+
+# NOTE: if $daemon_chroot_dir is nonempty, the directories will be
+#       relative to the chroot directory specified;
+
+$path = '/usr/local/sbin:/usr/local/bin:/usr/sbin:/sbin:/usr/bin:/bin:/opt/bin';
+
+# Specify one string or a search list of strings (first match wins).
+# The string (or: each string in a list) may be an absolute path,
+# or just a program name, to be located via $path;
+# Empty string or undef (=default) disables the use of that external program.
+# Optionally command arguments may be specified - only the first substring
+# up to the whitespace is used for file searching.
+
+$file   = 'file';   # file(1) utility; use 3.41 or later to avoid vulnerability
+
+$gzip   = 'gzip';
+$bzip2  = 'bzip2';
+$lzop   = 'lzop';
+$rpm2cpio   = ['rpm2cpio.pl','rpm2cpio'];
+$cabextract = 'cabextract';
+$uncompress = ['uncompress', 'gzip -d', 'zcat'];
+$unfreeze   = ['unfreeze', 'freeze -d', 'melt', 'fcat'];
+$arc        = ['nomarch', 'arc'];
+$unarj      = ['arj', 'unarj'];  # both can extract, arj is recommended
+$unrar      = ['rar', 'unrar'];  # both can extract, same options
+$zoo    = 'zoo';
+$lha    = 'lha';
+$cpio   = ['gcpio','cpio']; # gcpio is a GNU cpio on OpenBSD, which supports
+                            # the options needed; the rest of us use cpio
+$dspam  = 'dspam';
+
+# SpamAssassin settings
+
+# $sa_local_tests_only is passed to Mail::SpamAssassin::new as a value
+# of the option local_tests_only. See Mail::SpamAssassin man page.
+# If set to 1, no tests that require internet access will be performed.
+#
+$sa_local_tests_only = 0;   # (default: false)
+#$sa_auto_whitelist = 1;    # turn on AWL (default: false)
+
+$sa_mail_body_size_limit = 200*1024; # don't waste time on SA if mail is larger
+			    # (less than 1% of spam is > 64k)
+			    # default: undef, no limitations
+
+# default values, customarily used in the @spam_*_level_maps as the last entry
+$sa_tag_level_deflt  = 2.0; # add spam info headers if at, or above that level;
+			    # undef is interpreted as lower than any spam level
+$sa_tag2_level_deflt = 6.31; # add 'spam detected' headers at that level
+$sa_kill_level_deflt = $sa_tag2_level_deflt; # triggers spam evasive actions
+			    # at or above that level: bounce/reject/drop,
+			    # quarantine, and adding mail address extension
+$sa_dsn_cutoff_level = 10;  # spam level beyond which a DSN is not sent,
+                            # effectively turning D_BOUNCE into D_DISCARD;
+                            # undef disables this feature and is a default;
+
+# advanced example specifying per-recipient values using a hash lookup:
+#@spam_tag_level_maps  = (\$sa_tag_level_deflt);  # this is a default
+#@spam_tag2_level_maps = (
+#  { 'user1@example.com' => 8.0, '.example.com' => 6.0 },
+#  \$sa_tag2_level_deflt,   # catchall default
+#);
+#@spam_kill_level_maps = (
+#  { 'user1@example.com' => 8.0, '.example.com' => 6.0 },
+#  \$sa_kill_level_deflt,   # catchall default
+#);
+#@spam_dsn_cutoff_level_maps = (
+#  { 'user1@example.com' => 10, '.example.com' => 15 },
+#  \$sa_dsn_cutoff_level,   # catchall default
+#);
+
+# a quick reference:
+#   tag_level  controls adding the X-Spam-Status and X-Spam-Level headers,
+#   tag2_level controls adding 'X-Spam-Flag: YES', and editing Subject,
+#   kill_level controls 'evasive actions' (reject, quarantine, extensions);
+# it only makes sense to maintain the relationship:
+# tag_level <= tag2_level <= kill_level < dsn_cutoff_level
+
+# string to prepend to Subject header field when message exceeds tag2 level
+#$sa_spam_subject_tag = '***SPAM*** ';	# (defaults to undef, disabled)
+			     # (only seen when spam is not to be rejected
+			     # and recipient is in local_domains*)
+
+#$sa_spam_modifies_subj = 1; # may be a ref to a lookup table, default is true
+
+# Example: modify Subject for all local recipients except user@example.com
+#$sa_spam_modifies_subj = [qw( !user@example.com . )];
+
+#$sa_spam_level_char = '*';  # char for X-Spam-Level bar, defaults to '*';
+			     # undef disables inserting X-Spam-Level header
+#$sa_spam_report_header = 0; # insert X-Spam-Report header field? default false
+
+# stop anti-virus scanning when the first scanner detects a virus?
+$first_infected_stops_scan = 1;  # default is false, all scanners are called
+
+# @av_scanners is a list of n-tuples, where fields semantics is:
+#  1. av scanner plain name, to be used in log and reports;
+#  2. scanner program name; this string will be submitted to subroutine
+#     find_external_programs(), which will try to find the full program
+#     path name; if program is not found, this scanner is disabled.
+w#     Besides a simple string (full program path name or just the basename
+#     to be looked for in PATH), this may be an array ref of alternative
+#     program names or full paths - the first match in the list will be used;
+#     As a special case for more complex scanners, this field may be
+#     a subroutine reference, and the whole n-tuple is passed to it as args.
+#  3. command arguments to be given to the scanner program;
+#     a substring {} will be replaced by the directory name to be scanned,
+#     i.e. "$tempdir/parts", a "*" will be replaced by file names of parts;
+#  4. an array ref of av scanner exit status values, or a regexp (to be
+#     matched against scanner output), indicating NO VIRUSES found;
+#  5. an array ref of av scanner exit status values, or a regexp (to be
+#     matched against scanner output), indicating VIRUSES WERE FOUND;
+#     Note: the virus match prevails over a 'not found' match, so it is safe
+#     even if the no. 4. matches for viruses too;
+#  6. a regexp (to be matched against scanner output), returning a list
+#     of virus names found.
+#  7. and 8.: (optional) subroutines to be executed before and after scanner
+#     (e.g. to set environment or current directory);
+#     see examples for these at KasperskyLab AVP and Sophos sweep.
+
+# NOTES:
+#
+# - NOT DEFINING @av_scanners (e.g. setting it to empty list, or deleting the
+#   whole assignment) TURNS OFF LOADING AND COMPILING OF THE ANTIVIRUS CODE
+#   (which can be handy if all you want to do is spam scanning);
+#
+# - the order matters: although _all_ available entries from the list are
+#   always tried regardless of their verdict, scanners are run in the order
+#   specified: the report from the first one detecting a virus will be used
+#   (providing virus names and scanner output); REARRANGE THE ORDER TO WILL;
+#
+# - it doesn't hurt to keep an unused command line scanner entry in the list
+#   if the program can not be found; the path search is only performed once
+#   during the program startup;
+#
+#   COROLLARY: to disable a scanner that _does_ exist on your system,
+#   comment out its entry or use undef or '' as its program name/path
+#   (second parameter). An example where this is almost a must: disable
+#   Sophos 'sweep' if you have its daemonized version Sophie or SAVI-Perl
+#   (same for Trophie/vscan, and clamd/clamscan), or if another unrelated
+#   program happens to have a name matching one of the entries ('sweep'
+#   again comes to mind);
+#
+# - it DOES HURT to keep unwanted entries which use INTERNAL SUBROUTINES
+#   for interfacing (where the second parameter starts with \&).
+#   Keeping such entry and not having a corresponding virus scanner daemon
+#   causes an unnecessary connection attempt (which eventually times out,
+#   but it wastes precious time). For this reason the daemonized entries
+#   are commented in the distribution - just remove the '#' where needed.
+#
+# CERT list of av resources: http://www.cert.org/other_sources/viruses.html
+
+@av_scanners = (
+
+# ### http://www.vanja.com/tools/sophie/
+# ['Sophie',
+#   \&ask_daemon, ["{}/\n", '/var/run/sophie'],
+#   qr/(?x)^ 0+ ( : | [\000\r\n]* $)/,  qr/(?x)^ 1 ( : | [\000\r\n]* $)/,
+#   qr/(?x)^ [-+]? \d+ : (.*?) [\000\r\n]* $/ ],
+
+# ### http://www.csupomona.edu/~henson/www/projects/SAVI-Perl/
+# ['Sophos SAVI', \&sophos_savi ],
+
+# ### http://www.clamav.net/
+# ['ClamAV-clamd',
+#   \&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd"],
+#   qr/\bOK$/, qr/\bFOUND$/,
+#   qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
+# # NOTE: run clamd under the same user as amavisd;  match the socket
+# # name (LocalSocket) in clamav.conf to the socket name in this entry
+# # When running chrooted one may prefer: ["CONTSCAN {}\n","$MYHOME/clamd"],
+
+# ### http://www.clamav.net/ and CPAN (Perl modules)
+# ['Mail::ClamAV', \&ask_clamav, "*", [0], [1], qr/^INFECTED: (.+)/],
+
+# ### http://www.openantivirus.org/
+# ['OpenAntiVirus ScannerDaemon (OAV)',
+#   \&ask_daemon, ["SCAN {}\n", '127.0.0.1:8127'],
+#   qr/^OK/, qr/^FOUND: /, qr/^FOUND: (.+)/ ],
+
+# ### http://www.vanja.com/tools/trophie/
+# ['Trophie',
+#   \&ask_daemon, ["{}/\n", '/var/run/trophie'],
+#   qr/(?x)^ 0+ ( : | [\000\r\n]* $)/,  qr/(?x)^ 1 ( : | [\000\r\n]* $)/,
+#   qr/(?x)^ [-+]? \d+ : (.*?) [\000\r\n]* $/ ],
+
+# ### http://www.grisoft.com/
+# ['AVG Anti-Virus',
+#   \&ask_daemon, ["SCAN {}\n", '127.0.0.1:55555'],
+#   qr/^200/, qr/^403/, qr/^403 .*?: (.+)/ ],
+
+# ### http://www.f-prot.com/
+# ['FRISK F-Prot Daemon',
+#   \&ask_daemon,
+#   ["GET {}/*?-dumb%20-archive%20-packed HTTP/1.0\r\n\r\n",
+#     ['127.0.0.1:10200','127.0.0.1:10201','127.0.0.1:10202',
+#      '127.0.0.1:10203','127.0.0.1:10204'] ],
+#   qr/(?i)<summary[^>]*>clean<\/summary>/,
+#   qr/(?i)<summary[^>]*>infected<\/summary>/,
+#   qr/(?i)<name>(.+)<\/name>/ ],
+
+  ['KasperskyLab AVP - aveclient',
+    ['/usr/local/kav/bin/aveclient','/usr/local/share/kav/bin/aveclient',
+     '/opt/kav/bin/aveclient','aveclient'],
+    '-p /var/run/aveserver -s {}/*', [0,3,6,8], qr/\b(INFECTED|SUSPICION)\b/,
+    qr/(?:INFECTED|SUSPICION) (.+)/,
+  ],
+
+  ['KasperskyLab AntiViral Toolkit Pro (AVP)', ['avp'],
+    '-* -P -B -Y -O- {}', [0,3,6,8], [2,4],    # any use for -A -K   ?
+    qr/infected: (.+)/,
+    sub {chdir('/opt/AVP') or die "Can't chdir to AVP: $!"},
+    sub {chdir($TEMPBASE) or die "Can't chdir back to $TEMPBASE $!"},
+  ],
+
+  ### The kavdaemon and AVPDaemonClient have been removed from Kasperky
+  ### products and replaced by aveserver and aveclient
+  ['KasperskyLab AVPDaemonClient',
+    [ '/opt/AVP/kavdaemon',       'kavdaemon',
+      '/opt/AVP/AvpDaemonClient', 'AvpDaemonClient',
+      '/opt/AVP/AvpTeamDream',    'AvpTeamDream',
+      '/opt/AVP/avpdc', 'avpdc' ],
+    "-f=$TEMPBASE {}", [0,8], [3,4,5,6], qr/infected: ([^\r\n]+)/ ],
+    # change the startup-script in /etc/init.d/kavd to:
+    #   DPARMS="-* -Y -dl -f=/var/amavis /var/amavis"
+    #   (or perhaps:   DPARMS="-I0 -Y -* /var/amavis" )
+    # adjusting /var/amavis above to match your $TEMPBASE.
+    # The '-f=/var/amavis' is needed if not running it as root, so it
+    # can find, read, and write its pid file, etc., see 'man kavdaemon'.
+    # defUnix.prf: there must be an entry "*/var/amavis" (or whatever
+    #   directory $TEMPBASE specifies) in the 'Names=' section.
+    # cd /opt/AVP/DaemonClients; configure; cd Sample; make
+    # cp AvpDaemonClient /opt/AVP/
+    # su - vscan -c "${PREFIX}/kavdaemon ${DPARMS}"
+
+  ### http://www.hbedv.com/ or http://www.centralcommand.com/
+  ['H+BEDV AntiVir or CentralCommand Vexira Antivirus',
+    ['antivir','vexira'],
+    '--allfiles -noboot -nombr -rs -s -z {}', [0], qr/ALERT:|VIRUS:/,
+    qr/(?x)^\s* (?: ALERT: \s* (?: \[ | [^']* ' ) |
+         (?i) VIRUS:\ .*?\ virus\ '?) ( [^\]\s']+ )/ ],
+    # NOTE: if you only have a demo version, remove -z and add 214, as in:
+    #  '--allfiles -noboot -nombr -rs -s {}', [0,214], qr/ALERT:|VIRUS:/,
+
+  ### http://www.commandsoftware.com/
+  ['Command AntiVirus for Linux', 'csav',
+    '-all -archive -packed {}', [50], [51,52,53],
+    qr/Infection: (.+)/ ],
+
+  ### http://www.symantec.com/
+  ['Symantec CarrierScan via Symantec CommandLineScanner',
+    'cscmdline', '-a scan -i 1 -v -s 127.0.0.1:7777 {}',
+    qr/^Files Infected:\s+0$/, qr/^Infected\b/,
+    qr/^(?:Info|Virus Name):\s+(.+)/ ],
+
+  ### http://www.symantec.com/
+  ['Symantec AntiVirus Scan Engine',
+    'savsecls', '-server 127.0.0.1:7777 -mode scanrepair -details -verbose {}',
+    [0], qr/^Infected\b/,
+    qr/^(?:Info|Virus Name):\s+(.+)/ ],
+    # NOTE: check options and patterns to see which entry better applies
+
+  ### http://www.sald.com/, http://drweb.imshop.de/
+  ['drweb - DrWeb Antivirus',
+    ['/usr/local/drweb/drweb', '/opt/drweb/drweb', 'drweb'],
+    '-path={} -al -go -ot -cn -upn -ok-',
+    [0,32], [1,33], qr' infected (?:with|by)(?: virus)? (.*)$'],
+
+# ### http://www.sald.com/, http://www.dials.ru/english/, http://www.drweb.ru/
+# ['DrWebD', \&ask_daemon,   # DrWebD 4.31 or later
+#   [pack('N',1).  # DRWEBD_SCAN_CMD
+#    pack('N',0x00280001).   # DONT_CHANGEMAIL, IS_MAIL, RETURN_VIRUSES
+#    pack('N',     # path length
+#      length("$TEMPBASE/amavis-yyyymmddTHHMMSS-xxxxx/parts/pxxx")).
+#    '{}/*'.       # path
+#    pack('N',0).  # content size
+#    pack('N',0),
+#    '/var/drweb/run/drwebd.sock',
+#  # '/var/amavis/var/run/drwebd.sock',   # suitable for chroot
+#  # '/usr/local/drweb/run/drwebd.sock',  # FreeBSD drweb ports default
+#  # '127.0.0.1:3000',                    # or over an inet socket
+#   ],
+#   qr/\A\x00(\x10|\x11)\x00\x00/s,              # IS_CLEAN, EVAL_KEY
+#   qr/\A\x00(\x00|\x01)\x00(\x20|\x40|\x80)/s,  # KNOWN_V, UNKNOWN_V, V._MODIF
+#   qr/\A.{12}(?:infected with )?([^\x00]+)\x00/s,
+# ],
+# # NOTE: If you are using amavis-milter, change length to:
+# # length("$TEMPBASE/amavis-milter-xxxxxxxxxxxxxx/parts/pxxx").
+
+  ### http://www.f-secure.com/products/anti-virus/
+  ['F-Secure Antivirus', 'fsav',
+    '--dumb --mime --archive {}', [0], [3,8],
+    qr/(?:infection|Infected|Suspected): (.+)/ ],
+
+  ['CAI InoculateIT', 'inocucmd',
+    '-sec -nex {}', [0], [100],
+    qr/was infected by virus (.+)/ ],
+
+  ['MkS_Vir for Linux (beta)', ['mks32','mks'],
+    '-s {}/*', [0], [1,2],
+    qr/--[ \t]*(.+)/ ], 
+
+  ['MkS_Vir daemon',
+    'mksscan', '-s -q {}', [0], [1..7],
+    qr/^... (\S+)/ ],
+
+  ### http://www.nod32.com/
+  ['ESET Software NOD32', 'nod32',
+    '-all -subdir+ {}', [0], [1,2],
+    qr/^.+? - (.+?)\s*(?:backdoor|joke|trojan|virus|worm)/ ],
+
+  ### http://www.nod32.com/
+  ['ESET Software NOD32 - Client/Server Version', 'nod32cli',
+    '-a -r -d recurse --heur standard {}', [0], [10,11],
+    qr/^\S+\s+infected:\s+(.+)/ ],
+
+# Experimental, based on posting from Rado Dibarbora (Dibo) on 2002-05-31
+# ['ESET Software NOD32 Client/Server (NOD32SS)',
+#   \&ask_daemon2,    # greets with 200, persistent, terminate with QUIT
+#   ["SCAN {}/*\r\n", '127.0.0.1:8448' ],
+#   qr/^200 File OK/, qr/^201 /, qr/^201 (.+)/ ],
+
+  ### http://www.norman.com/products_nvc.shtml
+  ['Norman Virus Control v5 / Linux', 'nvcc',
+    '-c -l:0 -s -u {}', [0], [1],
+    qr/(?i).* virus in .* -> \'(.+)\'/ ],
+
+  ### http://www.pandasoftware.com/
+  ['Panda Antivirus for Linux', ['pavcl'],
+    '-aut -aex -heu -cmp -nbr -nor -nso -eng {}',
+    qr/Number of files infected[ .]*: 0(?!\d)/,
+    qr/Number of files infected[ .]*: 0*[1-9]/,
+    qr/Found virus :\s*(\S+)/ ],
+
+# ### http://www.pandasoftware.com/
+# ['Panda Antivirus for Linux', ['pavcl'],
+#   '-TSR -aut -aex -heu -cmp -nbr -nor -nso -eng {}',
+#   [0], [0x10, 0x30, 0x50, 0x70, 0x90, 0xB0, 0xD0, 0xF0],
+#   qr/Found virus :\s*(\S+)/ ],
+
+# GeCAD AV technology is acquired by Microsoft; RAV has been discontinued.
+# Check your RAV license terms before fiddling with the following two lines!
+# ['GeCAD RAV AntiVirus 8', 'ravav',
+#   '--all --archive --mail {}', [1], [2,3,4,5], qr/Infected: (.+)/ ],
+# # NOTE: the command line switches changed with scan engine 8.5 !
+# # (btw, assigning stdin to /dev/null causes RAV to fail)
+
+  ### http://www.nai.com/
+  ['NAI McAfee AntiVirus (uvscan)', 'uvscan',
+    '--secure --mime --program --mailbox -rv --summary --noboot --timeout 180 - {}', [0], [13],
+    qr/(?x) Found (?:
+        \ the\ (.+)\ (?:virus|trojan)  |
+        \ (?:virus|trojan)\ or\ variant\ ([^ ]+)  |
+        :\ (.+)\ NOT\ a\ virus)/,
+  # sub {$ENV{LD_PRELOAD}='/lib/libc.so.6'},
+  # sub {delete $ENV{LD_PRELOAD}},
+  ],
+  # NOTE1: with RH9: force the dynamic linker to look at /lib/libc.so.6 before
+  # anything else by setting environment variable LD_PRELOAD=/lib/libc.so.6
+  # and then clear it when finished to avoid confusing anything else.
+  # NOTE2: to treat encrypted files as viruses replace the [13] with:
+  #  qr/^\s{5,}(Found|is password-protected|.*(virus|trojan))/
+
+  ### http://www.virusbuster.hu/en/
+  ['VirusBuster', ['vbuster', 'vbengcl'],
+    # VirusBuster Ltd. does not support the daemon version for the workstation 
+    # engine (vbuster-eng-1.12-linux-i386-libc6.tgz) any longer. The names of
+    # binaries, some parameters AND return codes (from 3 to 1) changed.
+    "{} -ss -i '*' -log=$MYHOME/vbuster.log", [0], [1],
+    qr/: '(.*)' - Virus/ ],
+
+# ### http://www.virusbuster.hu/en/
+# ['VirusBuster (Client + Daemon)', 'vbengd',
+#   # HINT: for an infected file it returns always 3,
+#   # although the man-page tells a different story
+#   '-f -log scandir {}', [0], [3],
+#   qr/Virus found = (.*);/ ],
+
+  ### http://www.cyber.com/
+  ['CyberSoft VFind', 'vfind',
+    '--vexit {}/*', [0], [23], qr/##==>>>> VIRUS ID: CVDL (.+)/,
+  # sub {$ENV{VSTK_HOME}='/usr/lib/vstk'},
+  ],
+
+  ### http://www.ikarus-software.com/
+  ['Ikarus AntiVirus for Linux', 'ikarus',
+    '{}', [0], [40], qr/Signature (.+) found/ ],
+
+  ### http://www.bitdefender.com/
+  ['BitDefender', 'bdc',
+    '--all --arc --mail {}', qr/^Infected files *:0(?!\d)/,
+    qr/^(?:Infected files|Identified viruses|Suspect files) *:0*[1-9]/,
+    qr/(?:suspected|infected): (.*)(?:\033|$)/ ],
+
+);
+
+# If no virus scanners from the @av_scanners list produce 'clean' nor
+# 'infected' status (e.g. they all fail to run or the list is empty),
+# then _all_ scanners from the @av_scanners_backup list are tried.
+# When there are both daemonized and command-line scanners available,
+# it is customary to place slower command-line scanners in the
+# @av_scanners_backup list. The default choice is somewhat arbitrary,
+# move entries from one list to another as desired.
+
+@av_scanners_backup = (
+
+  ### http://www.clamav.net/
+  ['ClamAV-clamscan', 'clamscan',
+    "--stdout --disable-summary -r --tempdir=$TEMPBASE {}", [0], [1],
+    qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
+
+  ### http://www.f-prot.com/
+  ['FRISK F-Prot Antivirus', ['f-prot','f-prot.sh'],
+    '-dumb -ai -packed -server {}', [0,8], [3,6],
+    qr/Infection: (.+)/ ],
+
+  ### http://www.trendmicro.com/
+  ['Trend Micro FileScanner', ['/etc/iscan/vscan','vscan'],
+    '-za -a {}', [0], qr/Found virus/, qr/Found virus (.+) in/ ],
+
+  ['KasperskyLab kavscanner', ['/opt/kav/bin/kavscanner','kavscanner'],
+    '-i1 -xp {}', [0,10,15], [5,20,21,25],
+    qr/(?:CURED|INFECTED|CUREFAILED|WARNING|SUSPICION) (.*)/ ,
+    sub {chdir('/opt/kav/bin') or die "Can't chdir to kav: $!"},
+    sub {chdir($TEMPBASE) or die "Can't chdir back to $TEMPBASE $!"},
+  ],
+
+# Commented out because the name 'sweep' clashes with the Debian package of
+# the same name. Make sure the correct sweep is found in the path when enabling
+#
+# ### http://www.sophos.com/
+# ['Sophos Anti Virus (sweep)', 'sweep',
+#   '-nb -f -all -rec -ss -sc -archive -cab -tnef --no-reset-atime {}',
+#   [0,2], qr/Virus .*? found/,
+#   qr/^>>> Virus(?: fragment)? '?(.*?)'? found/,
+# ],
+# # other options to consider: -mime -oe -idedir=/usr/local/sav
+
+# always succeeds (uncomment to consider mail clean if all other scanners fail)
+# ['always-clean', sub {0}],
+
+);
+
+
+#
+# Section VIII - Debugging
+#
+
+# The most useful debugging tool is to run amavisd-new non-detached
+# from a terminal window:  # amavisd debug
+
+# Some more refined approaches:
+
+# If sender matches ACL, turn debugging fully up, just for this one message
+#@debug_sender_acl = ( "test-sender\@$mydomain" );
+#@debug_sender_acl = qw( debug@example.com );
+
+# May be useful along with @debug_sender_acl:
+# Prevent all decoded originals being deleted (replaced by decoded part)
+#$keep_decoded_original_re = new_RE( qr/.*/ );
+
+# Turn on SpamAssassin debugging (output to STDERR, use with 'amavisd debug')
+#$sa_debug = 1;            # defaults to false
+
+
+#
+# Section IX - Policy banks (dynamic policy switching)
+#
+
+## Define some policy banks (sets of settings) and give them
+## arbitrary names (the '' and 'MYNETS' have special meaning):
+#
+# $policy_bank{'ALT'} = {
+#   log_level => 3,
+#   inet_acl => [qw( 10.0.1.14 )],
+#   final_spam_destiny => D_PASS, final_bad_header_destiny => D_PASS,
+#   forward_method => 'smtp:*:*',
+#   notify_method  => 'smtp:[127.0.0.1]:10025',
+#   virus_admin_maps => "abuse\@$mydomain",
+#   spam_lovers_maps => [@spam_lovers_maps, [qw( abuse@example.com )]],
+#   spam_tag_level_maps  => 2.1,
+#   spam_tag2_level_maps => 6.32,
+#   spam_kill_level_maps => 6.72,
+#   spam_dsn_cutoff_level_maps => 9,
+#   defang_spam => 1,
+#   localhost_name => 'amavis.example.com',
+#   smtpd_greeting_banner =>
+#     '${helo-name} ${protocol} amavisd-new TEST service ready',
+#   auth_required_inp  => 0,
+#   auth_supported_out => 1,
+#   auth_mech_avail => [qw(PLAIN LOGIN)],
+#   av_scanners => [  # give them only 'free' scanners
+#     ['ClamAV-clamd',
+#       \&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd"],
+#       qr/\bOK$/, qr/\bFOUND$/,
+#       qr/^.*?: (?!Infected Archive)(.*) FOUND$/,
+#     ],
+#   ],
+#   av_scanners_backup => [
+#     ['ClamAV-clamscan', 'clamscan',
+#       "--stdout --disable-summary -r --tempdir=$TEMPBASE {}", [0], [1],
+#       qr/^.*?: (?!Infected Archive)(.*) FOUND$/,
+#     ],
+#   ],
+# };
+#
+# $policy_bank{'AM.PDP'} = {
+#   log_level => 3,
+#   protocol=>'AM.PDP', # Amavis policy delegation protocol (new milter helper)
+# };
+
+## the name 'MYNETS' has special semantics: this policy bank gets loaded
+## whenever MTA supplies a SMTP client IP address (Postfix XFORWARD extension
+## or a new AM.PDP protocol) and that address matches the @mynetworks list.
+#
+# $policy_bank{'MYNETS'} = {  # mail originating from @mynetworks
+#   spam_kill_level_maps => 6.9,
+#   spam_admin_maps => ["spamalert\@$mydomain"],
+# };
+
+
+## Now we can assign policy banks to amavisd tcp port numbers listed in
+## $inet_socket_port. Whenever the connection from MTA is received, first
+## a built-in policy bank $policy_bank{''} gets loaded, which bringings-in
+## all the global/legacy settings, then it gets overlaid by the bank
+## named in the $interface_policy{$port} if any, and finally the bank
+## 'MYNETS' is overlaid if it exists and the SMTP client IP address
+## is known (by XFORWARD command from MTA) and it matches @mynetworks.
+
+# $interface_policy{'10026'} = 'ALT';
+# $interface_policy{'9998'} = 'AM.PDP';
+
+
+#-------------
+1;  # insure a defined return
diff --git a/mail-filter/amavisd-new/files/digest-amavisd-new-20040701 b/mail-filter/amavisd-new/files/digest-amavisd-new-20040701
new file mode 100644
index 000000000000..20f1e9e20af4
--- /dev/null
+++ b/mail-filter/amavisd-new/files/digest-amavisd-new-20040701
@@ -0,0 +1 @@
+MD5 d5566eeaf1e47b6c856f4e676e93d584 amavisd-new-20040701.tar.gz 451622