Sample /etc/maia/maiad.conf file:
# Sample maiad.conf file for Maia Mailguard 1.0.3
use strict;
$max_servers = 2; # number of pre-forked children (2..15 is common)
$daemon_user = 'maia'; # (no default; customary: maia, vscan or amavis)
$daemon_group = 'maia'; # (no default; customary: maia, vscan or amavis)
$sa_timeout = 60; # give SpamAssassin time (in seconds) to do its work
$mydomain = 'yourdomain.tld'; # a convenient default for other settings
$MYHOME = '/var/lib/maia'; # a convenient default for other settings
$TEMPBASE = "$MYHOME/tmp"; # working directory, needs to be created manually
$ENV{TMPDIR} = $TEMPBASE; # environment variable TMPDIR
$QUARANTINEDIR = '/var/virusmails';
# Blowfish encryption key file (optional)
# NOTE: leave this commented out to disable encryption features
# DEPRECATED!!! Unless you *really* need this, keep it undefined!
# It does little for security, as an attacker could just look here for the key!
# We may remove this option completely!
# $key_file = "$MYHOME/maia.key";
# $daemon_chroot_dir = $MYHOME; # chroot directory or undef
# $db_home = "$MYHOME/db";
# $helpers_home = "$MYHOME/var"; # prefer $MYHOME clean and owned by root?
$pid_file = "/var/run/maia/maiad.pid";
$lock_file = "/var/lock/maia/maiad.lock";
#NOTE: create these directories manually if necessary
# NOTE: most _maps variables are deprecated in Maia, and may not work, since this
# should be defined in the web interface
#@local_domains_maps = ( [".$mydomain"] );
# @mynetworks = qw( 127.0.0.0/8 );
# Access control list - restricts the hosts allowed to connect to maiad
# NOTE: this setting is unnecessary for most installations, as maiad's
# defaults are usually adequate.
# @inet_acl = qw( 127.0.0.1 );
$log_level = 0; # verbosity 0..5
$log_recip_templ = undef; # disable by-recipient level-0 log entries
$LOGFILE = "/var/log/maia/maiad.log";
$DO_SYSLOG = 0; # log via syslogd (preferred)
$SYSLOG_LEVEL = 'mail.debug';
$enable_db = 1; # enable use of BerkeleyDB/libdb (SNMP and nanny)
$enable_global_cache = 1; # enable use of libdb-based cache if $enable_db=1
$inet_socket_port = 10024; # listen on this local TCP port(s) (see $protocol)
$sa_tag_level_deflt = -999; # add spam info headers if at, or above that level
$sa_tag2_level_deflt = 5.0; # add 'spam detected' headers at that level
$sa_kill_level_deflt = 5.0; # triggers spam evasive actions
$sa_dsn_cutoff_level = 10; # spam level beyond which a DSN is not sent
$sa_mail_body_size_limit = 512*1024; # don't waste time on SA if mail is larger
$sa_local_tests_only = 0; # only tests which do not require internet access?
$sa_auto_whitelist = 0; # turn on AWL in SA 2.63 or older (irrelevant
# for SA 3.0, cf option is 'use_auto_whitelist')
# Database connection string
@lookup_sql_dsn = ( ['DBI:mysql:maia:localhost', 'maia', 'password'] );
$virus_admin = undef; # notifications recip.
$mailfrom_notify_admin = "virusalert\@$mydomain"; # notifications sender
$mailfrom_notify_recip = "virusalert\@$mydomain"; # notifications sender
$mailfrom_notify_spamadmin = "spam.police\@$mydomain"; # notifications sender
$mailfrom_to_quarantine = ''; # null return path; uses original sender if undef
@addr_extension_virus_maps = ('virus');
@addr_extension_spam_maps = ('spam');
@addr_extension_banned_maps = ('banned');
@addr_extension_bad_header_maps = ('badh');
# $recipient_delimiter = '+'; # undef disables address extensions altogether
# when enabling addr extensions do also Postfix/main.cf: recipient_delimiter=+
$recipient_delimiter = undef;
$path = '/usr/local/sbin:/usr/local/bin:/usr/sbin:/sbin:/usr/bin:/bin';
$file = '/usr/bin/file'; # file(1) utility; use recent versions
$gzip = 'gzip';
$bzip2 = 'bzip2';
$lzop = 'lzop';
$rpm2cpio = ['rpm2cpio.pl','rpm2cpio'];
$cabextract = 'cabextract';
$uncompress = ['uncompress', 'gzip -d', 'zcat'];
$unfreeze = ['unfreeze', 'freeze -d', 'melt', 'fcat'];
$arc = ['nomarch', 'arc'];
$unarj = ['arj', 'unarj'];
#$unrar = ['rar', 'unrar'];
$zoo = 'zoo';
$lha = 'lha';
$cpio = ['gcpio','cpio'];
$ar = 'ar';
$dspam = 'dspam';
$pax = 'pax';
$ripole = 'ripole';
$MAXLEVELS = 14;
$MAXFILES = 1500;
$MIN_EXPANSION_QUOTA = 100*1024; # bytes (default undef, not enforced)
$MAX_EXPANSION_QUOTA = 300*1024*1024; # bytes (default undef, not enforced)
$sa_spam_subject_tag = '***SPAM*** ';
$defang_virus = 1; # MIME-wrap passed infected mail
$defang_banned = 1; # MIME-wrap passed mail containing banned name
$myhostname = 'host.domain.tld'; # must be a fully-qualified domain name!
$notify_method = 'smtp:[127.0.0.1]:10025';
$forward_method = 'smtp:[127.0.0.1]:10025';
$final_virus_destiny = D_DISCARD;
$final_banned_destiny = D_DISCARD;
$final_spam_destiny = D_DISCARD;
$final_bad_header_destiny = D_DISCARD;
$X_HEADER_TAG = 'X-Virus-Scanned';
$X_HEADER_LINE = "Maia Mailguard 1.0.3";
@viruses_that_fake_sender_maps = (new_RE(
[qr'\bEICAR\b'i => 0], # av test pattern name
[qr'^(WM97|OF97|Joke\.)'i => 0], # adjust names to match your AV scanner
[qr/.*/ => 1], # true for everything else
));
@keep_decoded_original_maps = (new_RE(
# qr'^MAIL$', # retain full original message for virus checking (can be slow)
qr'^MAIL-UNDECIPHERABLE$', # recheck full mail if it contains undecipherables
qr'^(ASCII(?! cpio)|text|uuencoded|xxencoded|binhex)'i,
# qr'^Zip archive data', # don't trust Archive::Zip
));
# Some virus scanners use signatures to detect spam, scams and phishing
# attempts, which are not malware in the traditional sense (i.e. they
# do not contain a dangerous executable payload). Listing the names
# and/or name patterns for such non-malware "viruses" here will prevent
# these signatures from causing an email to be treated as a virus, and
# will instead treat it as a spam rule hit (using an associated *.cf
# file, e.g. sanesecurity.cf, msrbl.cf, clamav.cf).
@non_malware_viruses_maps = (new_RE(
# ClamAV: main.cld, daily.cld
qr'^(Email|E-Mail)\.(Ecard|Faketube|FreeGame|PornTeaser)',
qr'^(Email|E-Mail)\.(Hoax|Phishing)\.',
qr'^(HTML|Heuristics)\.Phishing\.',
# Sanesecurity: junk.ndb
qr'^Sanesecurity\.Junk\.',
# Sanesecurity: jurlbl.ndb
qr'^Sanesecurity\.Jurlbl\.',
# Sanesecurity: jurlbla.ndb
qr'^Sanesecurity\.Jurlbl\.Auto\.',
# Sanesecurity: lott.ndb
qr'^Sanesecurity\.Lott\.',
# Sanesecurity: phish.ndb
qr'^Sanesecurity\.(Auction|Casino|Doc|Phishing)\.',
qr'^Sanesecurity\.(PhishingTestSig|TestSig_Type3_Bdy|TestSig_Type4_Bdy|TestSig_Type4_Hdr)',
# Sanesecurity: scam.ndb
qr'^Sanesecurity\.(Casino|Cred|Dipl|Hdr|Img|Img0|Job|Loan|Porn|Scam|Scam4|ScamL|Spam|Spam4|SpamL|Stk)\.',
qr'^Sanesecurity\.TestSig',
# Sanesecurity: spam.ldb
qr'^Sanesecurity\.Spam\.',
# Sanesecurity: spamattach.hdb
qr'^Sanesecurity\.SpamAttach\.',
# Sanesecurity: spamimg.hdb
qr'^Sanesecurity\.SpamImg\.',
# Sanesecurity: spear.ndb
qr'^Sanesecurity\.Spear\.',
# Sanesecurity: spearl.ndb
qr'^Sanesecurity\.SpearL\.',
# MSRBL: MSRBL-Images.hdb
qr'^MSRBL-Images\.[0-5,S]-',
qr'^MSRBL-Images.Test-',
# MSRBL: MSRBL-SPAM.hdb
qr'^MSRBL-SPAM\.',
# SecuriteInfo: securiteinfo.hdb
qr'^Email\.Spam\d+-SecuriteInfo\.com',
# Doppelstern: doppelstern.hdb
qr'^Doppelstern\.Attachment\.',
# Winnow: winnow_phish_complete_url.ndb
qr'^winnow\.(phish|scam)\.',
));
$banned_filename_re = new_RE(
# qr'^UNDECIPHERABLE$', # is or contains any undecipherable components
# block certain double extensions anywhere in the base name
qr'\.[^./]*\.(exe|vbs|pif|scr|bat|cmd|com|cpl|dll)\.?$'i,
# qr'[{}]', # curly braces in names (serve as Class ID extensions - CLSID)
qr'^application/x-msdownload$'i, # block these MIME types
qr'^application/x-msdos-program$'i,
qr'^application/hta$'i,
qr'^message/partial$'i, qr'^message/external-body$'i, # rfc2046 MIME types
# [ qr'^\.(Z|gz|bz2)$' => 0 ], # allow any type in Unix-compressed
# [ qr'^\.(rpm|cpio|tar)$' => 0 ], # allow any type in Unix archives
# [ qr'^\.(zip|rar|arc|arj|zoo)$'=> 0 ], # allow any type within such archives
# qr'.\.(exe|vbs|pif|scr|bat|cmd|com|cpl)$'i, # banned extension - basic
qr'.\.(ade|adp|app|bas|bat|chm|cmd|com|cpl|crt|exe|fxp|hlp|hta|inf|ins|isp|
js|jse|lnk|mda|mdb|mde|mdw|mdt|mdz|msc|msi|msp|mst|ops|pcd|pif|prg|
reg|scr|sct|shb|shs|vb|vbe|vbs|wsc|wsf|wsh)$'ix, # banned ext - long
# qr'.\.(mim|b64|bhx|hqx|xxe|uu|uue)$'i, # banned extension - WinZip vulnerab.
qr'^\.(exe-ms)$', # banned file(1) types
qr'^\.(exe|lha|cab|dll)$', # banned file(1) types
);
@score_sender_maps = ({}); # should be empty if using Maia Mailguard
# See http://www.maiamailguard.com/maia/wiki/VirusScannerConfig
# for more virus scanner definitions.
@av_scanners = (
### http://www.clamav.net/
['ClamAV-clamd',
\&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd.ctl"],
qr/\bOK$/m, qr/\bFOUND$/m,
qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ],
# NOTE: run clamd under the same user as maiad, or run it under its own
# uid such as clamav, add user clamav to the maia group, and then
# add AllowSupplementaryGroups to clamd.conf;
# NOTE: match the socket name (LocalSocket) in clamd.conf to the socket
# name in this entry;
# NOTE: when running chrooted one may prefer socket "$MYHOME/clamd".
);
# See http://www.maiamailguard.com/maia/wiki/VirusScannerConfig
# for more virus scanner definitions.
@av_scanners_backup = (
### http://www.clamav.net/ - backs up clamd or Mail::ClamAV
['ClamAV-clamscan', 'clamscan',
"--stdout --no-summary -r --tempdir=$TEMPBASE {}",
[0], qr/:.*\sFOUND$/m, qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ],
);
1; # ensure a defined return
NOTE: You can find more virus scanner definitions to add to the @av_scanners and @av_scanners_backup settings here.
