--- /dev/null
+use strict;
+
+# a minimalistic configuration file for amavisd-new with all necessary settings
+#
+# see amavisd.conf-default for a list of all variables with their defaults;
+# see amavisd.conf-sample for a traditional-style commented file;
+# for more details see documentation in INSTALL, README_FILES/*
+# and at http://www.ijs.si/software/amavisd/amavisd-new-docs.html
+
+
+# COMMONLY ADJUSTED SETTINGS:
+
+# @bypass_virus_checks_maps = (1); # controls running of anti-virus code
+# @bypass_spam_checks_maps = (1); # controls running of anti-spam code
+# $bypass_decode_parts = 1; # controls running of decoders&dearchivers
+
+$max_servers = 2; # num of pre-forked children (2..15 is common), -m
+$daemon_user = 'amavis'; # (no default; customary: vscan or amavis), -u
+$daemon_group = 'amavis'; # (no default; customary: vscan or amavis), -g
+
+$mydomain = 'example.com'; # a convenient default for other settings
+
+# $MYHOME = '/var/amavis'; # a convenient default for other settings, -H
+$TEMPBASE = "$MYHOME/tmp"; # working directory, needs to exist, -T
+$ENV{TMPDIR} = $TEMPBASE; # environment variable TMPDIR, used by SA, etc.
+$QUARANTINEDIR = '/var/virusmails'; # -Q
+# $quarantine_subdir_levels = 1; # add level of subdirs to disperse quarantine
+
+# $daemon_chroot_dir = $MYHOME; # chroot directory or undef, -R
+
+# $db_home = "$MYHOME/db"; # dir for bdb nanny/cache/snmp databases, -D
+# $helpers_home = "$MYHOME/var"; # working directory for SpamAssassin, -S
+# $lock_file = "$MYHOME/var/amavisd.lock"; # -L
+# $pid_file = "$MYHOME/var/amavisd.pid"; # -P
+#NOTE: create directories $MYHOME/tmp, $MYHOME/var, $MYHOME/db manually
+
+$log_level = 0; # verbosity 0..5, -d
+$log_recip_templ = undef; # disable by-recipient level-0 log entries
+$DO_SYSLOG = 1; # log via syslogd (preferred)
+$syslog_facility = 'mail'; # Syslog facility as a string
+ # e.g.: mail, daemon, user, local0, ... local7
+$syslog_priority = 'debug'; # Syslog base (minimal) priority as a string,
+ # choose from: emerg, alert, crit, err, warning, notice, info, debug
+
+$enable_db = 1; # enable use of BerkeleyDB/libdb (SNMP and nanny)
+$enable_global_cache = 1; # enable use of libdb-based cache if $enable_db=1
+$nanny_details_level = 2; # nanny verbosity: 1: traditional, 2: detailed
+
+@local_domains_maps = ( [".$mydomain"] ); # list of all local domains
+
+@mynetworks = qw( 127.0.0.0/8 [::1] [FE80::]/10 [FEC0::]/10
+ 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 );
+
+$unix_socketname = "$MYHOME/amavisd.sock"; # amavisd-release or amavis-milter
+ # option(s) -p overrides $inet_socket_port and $unix_socketname
+
+$inet_socket_port = 10024; # listen on this local TCP port(s)
+# $inet_socket_port = [10024,10026]; # listen on multiple TCP ports
+
+$policy_bank{'MYNETS'} = { # mail originating from @mynetworks
+ originating => 1, # is true in MYNETS by default, but let's make it explicit
+ os_fingerprint_method => undef, # don't query p0f for internal clients
+};
+
+# it is up to MTA to re-route mail from authenticated roaming users or
+# from internal hosts to a dedicated TCP port (such as 10026) for filtering
+$interface_policy{'10026'} = 'ORIGINATING';
+
+$policy_bank{'ORIGINATING'} = { # mail supposedly originating from our users
+ originating => 1, # declare that mail was submitted by our smtp client
+ allow_disclaimers => 1, # enables disclaimer insertion if available
+ # notify administrator of locally originating malware
+ virus_admin_maps => ["virusalert\@$mydomain"],
+ spam_admin_maps => ["virusalert\@$mydomain"],
+ warnbadhsender => 1,
+ # forward to a smtpd service providing DKIM signing service
+ forward_method => 'smtp:[127.0.0.1]:10027',
+ # force MTA conversion to 7-bit (e.g. before DKIM signing)
+ smtpd_discard_ehlo_keywords => ['8BITMIME'],
+ bypass_banned_checks_maps => [1], # allow sending any file names and types
+ terminate_dsn_on_notify_success => 0, # don't remove NOTIFY=SUCCESS option
+};
+
+$interface_policy{'SOCK'} = 'AM.PDP-SOCK'; # only applies with $unix_socketname
+
+# Use with amavis-release over a socket or with Petr Rehor's amavis-milter.c
+# (with amavis-milter.c from this package or old amavis.c client use 'AM.CL'):
+$policy_bank{'AM.PDP-SOCK'} = {
+ protocol => 'AM.PDP',
+ auth_required_release => 0, # do not require secret_id for amavisd-release
+};
+
+$sa_tag_level_deflt = 2.0; # add spam info headers if at, or above that level
+$sa_tag2_level_deflt = 6.2; # add 'spam detected' headers at that level
+$sa_kill_level_deflt = 6.9; # triggers spam evasive actions (e.g. blocks mail)
+$sa_dsn_cutoff_level = 10; # spam level beyond which a DSN is not sent
+# $sa_quarantine_cutoff_level = 25; # spam level beyond which quarantine is off
+$penpals_bonus_score = 8; # (no effect without a @storage_sql_dsn database)
+$penpals_threshold_high = $sa_kill_level_deflt; # don't waste time on hi spam
+
+$sa_mail_body_size_limit = 400*1024; # don't waste time on SA if mail is larger
+$sa_local_tests_only = 0; # only tests which do not require internet access?
+
+# @lookup_sql_dsn =
+# ( ['DBI:mysql:database=mail;host=127.0.0.1;port=3306', 'user1', 'passwd1'],
+# ['DBI:mysql:database=mail;host=host2', 'username2', 'password2'],
+# ["DBI:SQLite:dbname=$MYHOME/sql/mail_prefs.sqlite", '', ''] );
+# @storage_sql_dsn = @lookup_sql_dsn; # none, same, or separate database
+
+# $timestamp_fmt_mysql = 1; # if using MySQL *and* msgs.time_iso is TIMESTAMP;
+# defaults to 0, which is good for non-MySQL or if msgs.time_iso is CHAR(16)
+
+$virus_admin = "virusalert\@$mydomain"; # notifications recip.
+
+$mailfrom_notify_admin = "virusalert\@$mydomain"; # notifications sender
+$mailfrom_notify_recip = "virusalert\@$mydomain"; # notifications sender
+$mailfrom_notify_spamadmin = "spam.police\@$mydomain"; # notifications sender
+$mailfrom_to_quarantine = ''; # null return path; uses original sender if undef
+
+@addr_extension_virus_maps = ('virus');
+@addr_extension_banned_maps = ('banned');
+@addr_extension_spam_maps = ('spam');
+@addr_extension_bad_header_maps = ('badh');
+# $recipient_delimiter = '+'; # undef disables address extensions altogether
+# when enabling addr extensions do also Postfix/main.cf: recipient_delimiter=+
+
+$path = '/usr/local/sbin:/usr/local/bin:/usr/sbin:/sbin:/usr/bin:/bin';
+# $dspam = 'dspam';
+
+$MAXLEVELS = 14;
+$MAXFILES = 1500;
+$MIN_EXPANSION_QUOTA = 100*1024; # bytes (default undef, not enforced)
+$MAX_EXPANSION_QUOTA = 300*1024*1024; # bytes (default undef, not enforced)
+
+$sa_spam_subject_tag = '***SPAM*** ';
+$defang_virus = 1; # MIME-wrap passed infected mail
+$defang_banned = 1; # MIME-wrap passed mail containing banned name
+# for defanging bad headers only turn on certain minor contents categories:
+$defang_by_ccat{+CC_BADH.",3"} = 1; # NUL or CR character in header
+$defang_by_ccat{+CC_BADH.",5"} = 1; # header line longer than 998 characters
+$defang_by_ccat{+CC_BADH.",6"} = 1; # header field syntax error
+
+
+# OTHER MORE COMMON SETTINGS (defaults may suffice):
+
+$myhostname = 'ipfire.localdomain'; # must be a fully-qualified domain name!
+
+# $notify_method = 'smtp:[127.0.0.1]:10025';
+# $forward_method = 'smtp:[127.0.0.1]:10025'; # set to undef with milter!
+
+# $final_virus_destiny = D_DISCARD;
+# $final_banned_destiny = D_BOUNCE;
+# $final_spam_destiny = D_BOUNCE;
+# $final_bad_header_destiny = D_PASS;
+
+# $os_fingerprint_method = 'p0f:127.0.0.1:2345'; # to query p0f-analyzer.pl
+
+## hierarchy by which a final setting is chosen:
+## policy bank (based on port or IP address) -> *_by_ccat
+## *_by_ccat (based on mail contents) -> *_maps
+## *_maps (based on recipient address) -> final configuration value
+
+
+# SOME OTHER VARIABLES WORTH CONSIDERING (see amavisd.conf-default for all)
+
+# $warnbadhsender,
+# $warnvirusrecip, $warnbannedrecip, $warnbadhrecip, (or @warn*recip_maps)
+#
+# @bypass_virus_checks_maps, @bypass_spam_checks_maps,
+# @bypass_banned_checks_maps, @bypass_header_checks_maps,
+#
+# @virus_lovers_maps, @spam_lovers_maps,
+# @banned_files_lovers_maps, @bad_header_lovers_maps,
+#
+# @blacklist_sender_maps, @score_sender_maps,
+#
+# $clean_quarantine_method, $virus_quarantine_to, $banned_quarantine_to,
+# $bad_header_quarantine_to, $spam_quarantine_to,
+#
+# $defang_bad_header, $defang_undecipherable, $defang_spam
+
+
+# REMAINING IMPORTANT VARIABLES ARE LISTED HERE BECAUSE OF LONGER ASSIGNMENTS
+
+@keep_decoded_original_maps = (new_RE(
+# qr'^MAIL$', # retain full original message for virus checking (can be slow)
+ qr'^MAIL-UNDECIPHERABLE$', # recheck full mail if it contains undecipherables
+ qr'^(ASCII(?! cpio)|text|uuencoded|xxencoded|binhex)'i,
+# qr'^Zip archive data', # don't trust Archive::Zip
+));
+
+
+# for $banned_namepath_re (a new-style of banned table) see amavisd.conf-sample
+
+$banned_filename_re = new_RE(
+
+### BLOCKED ANYWHERE
+# qr'^UNDECIPHERABLE$', # is or contains any undecipherable components
+ qr'^\.(exe-ms|dll)$', # banned file(1) types, rudimentary
+# qr'^\.(exe|lha|tnef|cab|dll)$', # banned file(1) types
+
+### BLOCK THE FOLLOWING, EXCEPT WITHIN UNIX ARCHIVES:
+# [ qr'^\.(gz|bz2)$' => 0 ], # allow any in gzip or bzip2
+ [ qr'^\.(rpm|cpio|tar)$' => 0 ], # allow any in Unix-type archives
+
+ qr'.\.(pif|scr)$'i, # banned extensions - rudimentary
+# qr'^\.zip$', # block zip type
+
+### BLOCK THE FOLLOWING, EXCEPT WITHIN ARCHIVES:
+# [ qr'^\.(zip|rar|arc|arj|zoo)$'=> 0 ], # allow any within these archives
+
+ qr'^application/x-msdownload$'i, # block these MIME types
+ qr'^application/x-msdos-program$'i,
+ qr'^application/hta$'i,
+
+# qr'^message/partial$'i, # rfc2046 MIME type
+# qr'^message/external-body$'i, # rfc2046 MIME type
+
+# qr'^(application/x-msmetafile|image/x-wmf)$'i, # Windows Metafile MIME type
+# qr'^\.wmf$', # Windows Metafile file(1) type
+
+ # block certain double extensions in filenames
+ qr'\.[^./]*[A-Za-z][^./]*\.\s*(exe|vbs|pif|scr|bat|cmd|com|cpl|dll)[.\s]*$'i,
+
+# qr'\{[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12}\}?'i, # Class ID CLSID, strict
+# qr'\{[0-9a-z]{4,}(-[0-9a-z]{4,}){0,7}\}?'i, # Class ID extension CLSID, loose
+
+ qr'.\.(exe|vbs|pif|scr|cpl)$'i, # banned extension - basic
+# qr'.\.(exe|vbs|pif|scr|cpl|bat|cmd|com)$'i, # banned extension - basic+cmd
+# qr'.\.(ade|adp|app|bas|bat|chm|cmd|com|cpl|crt|emf|exe|fxp|grp|hlp|hta|
+# inf|ins|isp|js|jse|lnk|mda|mdb|mde|mdw|mdt|mdz|msc|msi|msp|mst|
+# ops|pcd|pif|prg|reg|scr|sct|shb|shs|vb|vbe|vbs|
+# wmf|wsc|wsf|wsh)$'ix, # banned ext - long
+# qr'.\.(ani|cur|ico)$'i, # banned cursors and icons filename
+# qr'^\.ani$', # banned animated cursor file(1) type
+
+# qr'.\.(mim|b64|bhx|hqx|xxe|uu|uue)$'i, # banned extension - WinZip vulnerab.
+);
+# See http://support.microsoft.com/default.aspx?scid=kb;EN-US;q262631
+# and http://www.cknow.com/vtutor/vtextensions.htm
+
+
+# ENVELOPE SENDER SOFT-WHITELISTING / SOFT-BLACKLISTING
+
+@score_sender_maps = ({ # a by-recipient hash lookup table,
+ # results from all matching recipient tables are summed
+
+# ## per-recipient personal tables (NOTE: positive: black, negative: white)
+# 'user1@example.com' => [{'bla-mobile.press@example.com' => 10.0}],
+# 'user3@example.com' => [{'.ebay.com' => -3.0}],
+# 'user4@example.com' => [{'cleargreen@cleargreen.com' => -7.0,
+# '.cleargreen.com' => -5.0}],
+
+ ## site-wide opinions about senders (the '.' matches any recipient)
+ '.' => [ # the _first_ matching sender determines the score boost
+
+ new_RE( # regexp-type lookup table, just happens to be all soft-blacklist
+ [qr'^(bulkmail|offers|cheapbenefits|earnmoney|foryou)@'i => 5.0],
+ [qr'^(greatcasino|investments|lose_weight_today|market\.alert)@'i=> 5.0],
+ [qr'^(money2you|MyGreenCard|new\.tld\.registry|opt-out|opt-in)@'i=> 5.0],
+ [qr'^(optin|saveonlsmoking2002k|specialoffer|specialoffers)@'i => 5.0],
+ [qr'^(stockalert|stopsnoring|wantsome|workathome|yesitsfree)@'i => 5.0],
+ [qr'^(your_friend|greatoffers)@'i => 5.0],
+ [qr'^(inkjetplanet|marketopt|MakeMoney)\d*@'i => 5.0],
+ ),
+
+# read_hash("/var/amavis/sender_scores_sitewide"),
+
+ { # a hash-type lookup table (associative array)
+ 'nobody@cert.org' => -3.0,
+ 'cert-advisory@us-cert.gov' => -3.0,
+ 'owner-alert@iss.net' => -3.0,
+ 'slashdot@slashdot.org' => -3.0,
+ 'securityfocus.com' => -3.0,
+ 'ntbugtraq@listserv.ntbugtraq.com' => -3.0,
+ 'security-alerts@linuxsecurity.com' => -3.0,
+ 'mailman-announce-admin@python.org' => -3.0,
+ 'amavis-user-admin@lists.sourceforge.net'=> -3.0,
+ 'amavis-user-bounces@lists.sourceforge.net' => -3.0,
+ 'spamassassin.apache.org' => -3.0,
+ 'notification-return@lists.sophos.com' => -3.0,
+ 'owner-postfix-users@postfix.org' => -3.0,
+ 'owner-postfix-announce@postfix.org' => -3.0,
+ 'owner-sendmail-announce@lists.sendmail.org' => -3.0,
+ 'sendmail-announce-request@lists.sendmail.org' => -3.0,
+ 'donotreply@sendmail.org' => -3.0,
+ 'ca+envelope@sendmail.org' => -3.0,
+ 'noreply@freshmeat.net' => -3.0,
+ 'owner-technews@postel.acm.org' => -3.0,
+ 'ietf-123-owner@loki.ietf.org' => -3.0,
+ 'cvs-commits-list-admin@gnome.org' => -3.0,
+ 'rt-users-admin@lists.fsck.com' => -3.0,
+ 'clp-request@comp.nus.edu.sg' => -3.0,
+ 'surveys-errors@lists.nua.ie' => -3.0,
+ 'emailnews@genomeweb.com' => -5.0,
+ 'yahoo-dev-null@yahoo-inc.com' => -3.0,
+ 'returns.groups.yahoo.com' => -3.0,
+ 'clusternews@linuxnetworx.com' => -3.0,
+ lc('lvs-users-admin@LinuxVirtualServer.org') => -3.0,
+ lc('owner-textbreakingnews@CNNIMAIL12.CNN.COM') => -5.0,
+
+ # soft-blacklisting (positive score)
+ 'sender@example.net' => 3.0,
+ '.example.net' => 1.0,
+
+ },
+ ], # end of site-wide tables
+});
+
+
+@decoders = (
+ ['mail', \&do_mime_decode],
+ ['asc', \&do_ascii],
+ ['uue', \&do_ascii],
+ ['hqx', \&do_ascii],
+ ['ync', \&do_ascii],
+ ['F', \&do_uncompress, ['unfreeze','freeze -d','melt','fcat'] ],
+ ['Z', \&do_uncompress, ['uncompress','gzip -d','zcat'] ],
+ ['gz', \&do_uncompress, 'gzip -d'],
+ ['gz', \&do_gunzip],
+ ['bz2', \&do_uncompress, 'bzip2 -d'],
+ ['lzo', \&do_uncompress, 'lzop -d'],
+ ['rpm', \&do_uncompress, ['rpm2cpio.pl','rpm2cpio'] ],
+ ['cpio', \&do_pax_cpio, ['pax','gcpio','cpio'] ],
+ ['tar', \&do_pax_cpio, ['pax','gcpio','cpio'] ],
+ ['deb', \&do_ar, 'ar'],
+# ['a', \&do_ar, 'ar'], # unpacking .a seems an overkill
+ ['zip', \&do_unzip],
+ ['7z', \&do_7zip, ['7zr','7za','7z'] ],
+ ['rar', \&do_unrar, ['rar','unrar'] ],
+ ['arj', \&do_unarj, ['arj','unarj'] ],
+ ['arc', \&do_arc, ['nomarch','arc'] ],
+ ['zoo', \&do_zoo, ['zoo','unzoo'] ],
+ ['lha', \&do_lha, 'lha'],
+# ['doc', \&do_ole, 'ripole'],
+ ['cab', \&do_cabextract, 'cabextract'],
+ ['tnef', \&do_tnef_ext, 'tnef'],
+ ['tnef', \&do_tnef],
+# ['sit', \&do_unstuff, 'unstuff'], # broken/unsafe decoder
+ ['exe', \&do_executable, ['rar','unrar'], 'lha', ['arj','unarj'] ],
+);
+
+
+@av_scanners = (
+
+# ### http://www.clanfield.info/sophie/ (http://www.vanja.com/tools/sophie/)
+# ['Sophie',
+# \&ask_daemon, ["{}/\n", '/var/run/sophie'],
+# qr/(?x)^ 0+ ( : | [\000\r\n]* $)/, qr/(?x)^ 1 ( : | [\000\r\n]* $)/,
+# qr/(?x)^ [-+]? \d+ : (.*?) [\000\r\n]* $/ ],
+
+# ### http://www.csupomona.edu/~henson/www/projects/SAVI-Perl/
+# ['Sophos SAVI', \&sophos_savi ],
+
+# ### http://www.clamav.net/
+# ['ClamAV-clamd',
+# \&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd"],
+# qr/\bOK$/, qr/\bFOUND$/,
+# qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
+# # NOTE: run clamd under the same user as amavisd, or run it under its own
+# # uid such as clamav, add user clamav to the amavis group, and then add
+# # AllowSupplementaryGroups to clamd.conf;
+# # NOTE: match socket name (LocalSocket) in clamav.conf to the socket name in
+# # this entry; when running chrooted one may prefer socket "$MYHOME/clamd".
+
+# ### http://www.clamav.net/ and CPAN (memory-hungry! clamd is preferred)
+# # note that Mail::ClamAV requires perl to be build with threading!
+# ['Mail::ClamAV', \&ask_clamav, "*", [0], [1], qr/^INFECTED: (.+)/],
+
+# ### http://www.openantivirus.org/
+# ['OpenAntiVirus ScannerDaemon (OAV)',
+# \&ask_daemon, ["SCAN {}\n", '127.0.0.1:8127'],
+# qr/^OK/, qr/^FOUND: /, qr/^FOUND: (.+)/ ],
+
+# ### http://www.vanja.com/tools/trophie/
+# ['Trophie',
+# \&ask_daemon, ["{}/\n", '/var/run/trophie'],
+# qr/(?x)^ 0+ ( : | [\000\r\n]* $)/, qr/(?x)^ 1 ( : | [\000\r\n]* $)/,
+# qr/(?x)^ [-+]? \d+ : (.*?) [\000\r\n]* $/ ],
+
+# ### http://www.grisoft.com/
+# ['AVG Anti-Virus',
+# \&ask_daemon, ["SCAN {}\n", '127.0.0.1:55555'],
+# qr/^200/, qr/^403/, qr/^403 .*?: ([^\r\n]+)/ ],
+
+# ### http://www.f-prot.com/
+# ['FRISK F-Prot Daemon',
+# \&ask_daemon,
+# ["GET {}/*?-dumb%20-archive%20-packed HTTP/1.0\r\n\r\n",
+# ['127.0.0.1:10200','127.0.0.1:10201','127.0.0.1:10202',
+# '127.0.0.1:10203','127.0.0.1:10204'] ],
+# qr/(?i)<summary[^>]*>clean<\/summary>/,
+# qr/(?i)<summary[^>]*>infected<\/summary>/,
+# qr/(?i)<name>(.+)<\/name>/ ],
+
+# ### http://www.sald.com/, http://www.dials.ru/english/, http://www.drweb.ru/
+# ['DrWebD', \&ask_daemon, # DrWebD 4.31 or later
+# [pack('N',1). # DRWEBD_SCAN_CMD
+# pack('N',0x00280001). # DONT_CHANGEMAIL, IS_MAIL, RETURN_VIRUSES
+# pack('N', # path length
+# length("$TEMPBASE/amavis-yyyymmddTHHMMSS-xxxxx/parts/pxxx")).
+# '{}/*'. # path
+# pack('N',0). # content size
+# pack('N',0),
+# '/var/drweb/run/drwebd.sock',
+# # '/var/amavis/var/run/drwebd.sock', # suitable for chroot
+# # '/usr/local/drweb/run/drwebd.sock', # FreeBSD drweb ports default
+# # '127.0.0.1:3000', # or over an inet socket
+# ],
+# qr/\A\x00[\x10\x11][\x00\x10]\x00/s, # IS_CLEAN,EVAL_KEY; SKIPPED
+# qr/\A\x00[\x00\x01][\x00\x10][\x20\x40\x80]/s, # KNOWN_V,UNKNOWN_V,V._MODIF
+# qr/\A.{12}(?:infected with )?([^\x00]+)\x00/s,
+# ],
+# # NOTE: If using amavis-milter, change length to:
+# # length("$TEMPBASE/amavis-milter-xxxxxxxxxxxxxx/parts/pxxx").
+
+ ### http://www.kaspersky.com/ (kav4mailservers)
+ ['KasperskyLab AVP - aveclient',
+ ['/usr/local/kav/bin/aveclient','/usr/local/share/kav/bin/aveclient',
+ '/opt/kav/5.5/kav4mailservers/bin/aveclient','aveclient'],
+ '-p /var/run/aveserver -s {}/*',
+ [0,3,6,8], qr/\b(INFECTED|SUSPICION|SUSPICIOUS)\b/,
+ qr/(?:INFECTED|WARNING|SUSPICION|SUSPICIOUS) (.+)/,
+ ],
+ # NOTE: one may prefer [0],[2,3,4,5], depending on how suspicious,
+ # currupted or protected archives are to be handled
+
+ ### http://www.kaspersky.com/
+ ['KasperskyLab AntiViral Toolkit Pro (AVP)', ['avp'],
+ '-* -P -B -Y -O- {}', [0,3,6,8], [2,4], # any use for -A -K ?
+ qr/infected: (.+)/,
+ sub {chdir('/opt/AVP') or die "Can't chdir to AVP: $!"},
+ sub {chdir($TEMPBASE) or die "Can't chdir back to $TEMPBASE $!"},
+ ],
+
+ ### The kavdaemon and AVPDaemonClient have been removed from Kasperky
+ ### products and replaced by aveserver and aveclient
+ ['KasperskyLab AVPDaemonClient',
+ [ '/opt/AVP/kavdaemon', 'kavdaemon',
+ '/opt/AVP/AvpDaemonClient', 'AvpDaemonClient',
+ '/opt/AVP/AvpTeamDream', 'AvpTeamDream',
+ '/opt/AVP/avpdc', 'avpdc' ],
+ "-f=$TEMPBASE {}", [0,8], [3,4,5,6], qr/infected: ([^\r\n]+)/ ],
+ # change the startup-script in /etc/init.d/kavd to:
+ # DPARMS="-* -Y -dl -f=/var/amavis /var/amavis"
+ # (or perhaps: DPARMS="-I0 -Y -* /var/amavis" )
+ # adjusting /var/amavis above to match your $TEMPBASE.
+ # The '-f=/var/amavis' is needed if not running it as root, so it
+ # can find, read, and write its pid file, etc., see 'man kavdaemon'.
+ # defUnix.prf: there must be an entry "*/var/amavis" (or whatever
+ # directory $TEMPBASE specifies) in the 'Names=' section.
+ # cd /opt/AVP/DaemonClients; configure; cd Sample; make
+ # cp AvpDaemonClient /opt/AVP/
+ # su - vscan -c "${PREFIX}/kavdaemon ${DPARMS}"
+
+ ### http://www.centralcommand.com/
+ ['CentralCommand Vexira (new) vascan',
+ ['vascan','/usr/lib/Vexira/vascan'],
+ "-a s --timeout=60 --temp=$TEMPBASE -y $QUARANTINEDIR ".
+ "--log=/var/log/vascan.log {}",
+ [0,3], [1,2,5],
+ qr/(?x)^\s* (?:virus|iworm|macro|mutant|sequence|trojan)\ found:\ ( [^\]\s']+ )\ \.\.\.\ / ],
+ # Adjust the path of the binary and the virus database as needed.
+ # 'vascan' does not allow to have the temp directory to be the same as
+ # the quarantine directory, and the quarantine option can not be disabled.
+ # If $QUARANTINEDIR is not used, then another directory must be specified
+ # to appease 'vascan'. Move status 3 to the second list if password
+ # protected files are to be considered infected.
+
+ ### http://www.avira.com/
+ ### Avira AntiVir (formerly H+BEDV) or (old) CentralCommand Vexira Antivirus
+ ['Avira AntiVir', ['antivir','vexira'],
+ '--allfiles -noboot -nombr -rs -s -z {}', [0], qr/ALERT:|VIRUS:/,
+ qr/(?x)^\s* (?: ALERT: \s* (?: \[ | [^']* ' ) |
+ (?i) VIRUS:\ .*?\ virus\ '?) ( [^\]\s']+ )/ ],
+ # NOTE: if you only have a demo version, remove -z and add 214, as in:
+ # '--allfiles -noboot -nombr -rs -s {}', [0,214], qr/ALERT:|VIRUS:/,
+
+ ### http://www.commandsoftware.com/
+ ['Command AntiVirus for Linux', 'csav',
+ '-all -archive -packed {}', [50], [51,52,53],
+ qr/Infection: (.+)/ ],
+
+ ### http://www.symantec.com/
+ ['Symantec CarrierScan via Symantec CommandLineScanner',
+ 'cscmdline', '-a scan -i 1 -v -s 127.0.0.1:7777 {}',
+ qr/^Files Infected:\s+0$/, qr/^Infected\b/,
+ qr/^(?:Info|Virus Name):\s+(.+)/ ],
+
+ ### http://www.symantec.com/
+ ['Symantec AntiVirus Scan Engine',
+ 'savsecls', '-server 127.0.0.1:7777 -mode scanrepair -details -verbose {}',
+ [0], qr/^Infected\b/,
+ qr/^(?:Info|Virus Name):\s+(.+)/ ],
+ # NOTE: check options and patterns to see which entry better applies
+
+# ### http://www.f-secure.com/products/anti-virus/ version 4.65
+# ['F-Secure Antivirus for Linux servers',
+# ['/opt/f-secure/fsav/bin/fsav', 'fsav'],
+# '--delete=no --disinf=no --rename=no --archive=yes --auto=yes '.
+# '--dumb=yes --list=no --mime=yes {}', [0], [3,6,8],
+# qr/(?:infection|Infected|Suspected): (.+)/ ],
+
+ ### http://www.f-secure.com/products/anti-virus/ version 5.52
+ ['F-Secure Antivirus for Linux servers',
+ ['/opt/f-secure/fsav/bin/fsav', 'fsav'],
+ '--virus-action1=report --archive=yes --auto=yes '.
+ '--dumb=yes --list=no --mime=yes {}', [0], [3,4,6,8],
+ qr/(?:infection|Infected|Suspected|Riskware): (.+)/ ],
+ # NOTE: internal archive handling may be switched off by '--archive=no'
+ # to prevent fsav from exiting with status 9 on broken archives
+
+# ### http://www.avast.com/
+# ['avast! Antivirus daemon',
+# \&ask_daemon, # greets with 220, terminate with QUIT
+# ["SCAN {}\015\012QUIT\015\012", '/var/run/avast4/mailscanner.sock'],
+# qr/\t\[\+\]/, qr/\t\[L\]\t/, qr/\t\[L\]\t([^[ \t\015\012]+)/ ],
+
+# ### http://www.avast.com/
+# ['avast! Antivirus - Client/Server Version', 'avastlite',
+# '-a /var/run/avast4/mailscanner.sock -n {}', [0], [1],
+# qr/\t\[L\]\t([^[ \t\015\012]+)/ ],
+
+ ['CAI InoculateIT', 'inocucmd', # retired product
+ '-sec -nex {}', [0], [100],
+ qr/was infected by virus (.+)/ ],
+ # see: http://www.flatmtn.com/computer/Linux-Antivirus_CAI.html
+
+ ### http://www3.ca.com/Solutions/Product.asp?ID=156 (ex InoculateIT)
+ ['CAI eTrust Antivirus', 'etrust-wrapper',
+ '-arc -nex -spm h {}', [0], [101],
+ qr/is infected by virus: (.+)/ ],
+ # NOTE: requires suid wrapper around inocmd32; consider flag: -mod reviewer
+ # see http://marc.theaimsgroup.com/?l=amavis-user&m=109229779912783
+
+ ### http://mks.com.pl/english.html
+ ['MkS_Vir for Linux (beta)', ['mks32','mks'],
+ '-s {}/*', [0], [1,2],
+ qr/--[ \t]*(.+)/ ],
+
+ ### http://mks.com.pl/english.html
+ ['MkS_Vir daemon', 'mksscan',
+ '-s -q {}', [0], [1..7],
+ qr/^... (\S+)/ ],
+
+# ### http://www.nod32.com/, version v2.52 and above
+# ['ESET NOD32 for Linux Mail servers',
+# ['/opt/eset/nod32/bin/nod32cli', 'nod32cli'],
+# '--subdir --files -z --sfx --rtp --adware --unsafe --pattern --heur '.
+# '-w -a --action-on-infected=accept --action-on-uncleanable=accept '.
+# '--action-on-notscanned=accept {}',
+# [0,3], [1,2], qr/virus="([^"]+)"/ ],
+
+ ### http://www.eset.com/, version v2.7
+ ['ESET NOD32 Linux Mail Server - command line interface',
+ ['/usr/bin/nod32cli', '/opt/eset/nod32/bin/nod32cli', 'nod32cli'],
+ '--subdir {}', [0,3], [1,2], qr/virus="([^"]+)"/ ],
+
+ ## http://www.nod32.com/, NOD32LFS version 2.5 and above
+ ['ESET NOD32 for Linux File servers',
+ ['/opt/eset/nod32/sbin/nod32','nod32'],
+ '--files -z --mail --sfx --rtp --adware --unsafe --pattern --heur '.
+ '-w -a --action=1 -b {}',
+ [0], [1,10], qr/^object=.*, virus="(.*?)",/ ],
+
+# Experimental, based on posting from Rado Dibarbora (Dibo) on 2002-05-31
+# ['ESET Software NOD32 Client/Server (NOD32SS)',
+# \&ask_daemon2, # greets with 200, persistent, terminate with QUIT
+# ["SCAN {}/*\r\n", '127.0.0.1:8448' ],
+# qr/^200 File OK/, qr/^201 /, qr/^201 (.+)/ ],
+
+ ### http://www.norman.com/products_nvc.shtml
+ ['Norman Virus Control v5 / Linux', 'nvcc',
+ '-c -l:0 -s -u -temp:$TEMPBASE {}', [0,10,11], [1,2,14],
+ qr/(?i).* virus in .* -> \'(.+)\'/ ],
+
+ ### http://www.pandasoftware.com/
+ ['Panda CommandLineSecure 9 for Linux',
+ ['/opt/pavcl/usr/bin/pavcl','pavcl'],
+ '-auto -aex -heu -cmp -nbr -nor -nos -eng -nob {}',
+ qr/Number of files infected[ .]*: 0+(?!\d)/,
+ qr/Number of files infected[ .]*: 0*[1-9]/,
+ qr/Found virus :\s*(\S+)/ ],
+ # NOTE: for efficiency, start the Panda in resident mode with 'pavcl -tsr'
+ # before starting amavisd - the bases are then loaded only once at startup.
+ # To reload bases in a signature update script:
+ # /opt/pavcl/usr/bin/pavcl -tsr -ulr; /opt/pavcl/usr/bin/pavcl -tsr
+ # Please review other options of pavcl, for example:
+ # -nomalw, -nojoke, -nodial, -nohackt, -nospyw, -nocookies
+
+# ### http://www.pandasoftware.com/
+# ['Panda Antivirus for Linux', ['pavcl'],
+# '-TSR -aut -aex -heu -cmp -nbr -nor -nso -eng {}',
+# [0], [0x10, 0x30, 0x50, 0x70, 0x90, 0xB0, 0xD0, 0xF0],
+# qr/Found virus :\s*(\S+)/ ],
+
+# GeCAD AV technology is acquired by Microsoft; RAV has been discontinued.
+# Check your RAV license terms before fiddling with the following two lines!
+# ['GeCAD RAV AntiVirus 8', 'ravav',
+# '--all --archive --mail {}', [1], [2,3,4,5], qr/Infected: (.+)/ ],
+# # NOTE: the command line switches changed with scan engine 8.5 !
+# # (btw, assigning stdin to /dev/null causes RAV to fail)
+
+ ### http://www.nai.com/
+ ['NAI McAfee AntiVirus (uvscan)', 'uvscan',
+ '--secure -rv --mime --summary --noboot - {}', [0], [13],
+ qr/(?x) Found (?:
+ \ the\ (.+)\ (?:virus|trojan) |
+ \ (?:virus|trojan)\ or\ variant\ ([^ ]+) |
+ :\ (.+)\ NOT\ a\ virus)/,
+ # sub {$ENV{LD_PRELOAD}='/lib/libc.so.6'},
+ # sub {delete $ENV{LD_PRELOAD}},
+ ],
+ # NOTE1: with RH9: force the dynamic linker to look at /lib/libc.so.6 before
+ # anything else by setting environment variable LD_PRELOAD=/lib/libc.so.6
+ # and then clear it when finished to avoid confusing anything else.
+ # NOTE2: to treat encrypted files as viruses replace the [13] with:
+ # qr/^\s{5,}(Found|is password-protected|.*(virus|trojan))/
+
+ ### http://www.virusbuster.hu/en/
+ ['VirusBuster', ['vbuster', 'vbengcl'],
+ "{} -ss -i '*' -log=$MYHOME/vbuster.log", [0], [1],
+ qr/: '(.*)' - Virus/ ],
+ # VirusBuster Ltd. does not support the daemon version for the workstation
+ # engine (vbuster-eng-1.12-linux-i386-libc6.tgz) any longer. The names of
+ # binaries, some parameters AND return codes have changed (from 3 to 1).
+ # See also the new Vexira entry 'vascan' which is possibly related.
+
+# ### http://www.virusbuster.hu/en/
+# ['VirusBuster (Client + Daemon)', 'vbengd',
+# '-f -log scandir {}', [0], [3],
+# qr/Virus found = (.*);/ ],
+# # HINT: for an infected file it always returns 3,
+# # although the man-page tells a different story
+
+ ### http://www.cyber.com/
+ ['CyberSoft VFind', 'vfind',
+ '--vexit {}/*', [0], [23], qr/##==>>>> VIRUS ID: CVDL (.+)/,
+ # sub {$ENV{VSTK_HOME}='/usr/lib/vstk'},
+ ],
+
+ ### http://www.avast.com/
+ ['avast! Antivirus', ['/usr/bin/avastcmd','avastcmd'],
+ '-a -i -n -t=A {}', [0], [1], qr/\binfected by:\s+([^ \t\n\[\]]+)/ ],
+
+ ### http://www.ikarus-software.com/
+ ['Ikarus AntiVirus for Linux', 'ikarus',
+ '{}', [0], [40], qr/Signature (.+) found/ ],
+
+ ### http://www.bitdefender.com/
+ ['BitDefender', 'bdc',
+ '--arc --mail {}', qr/^Infected files *:0+(?!\d)/,
+ qr/^(?:Infected files|Identified viruses|Suspect files) *:0*[1-9]/,
+ qr/(?:suspected|infected): (.*)(?:\033|$)/ ],
+ # consider also: --all --nowarn --alev=15 --flev=15. The --all argument may
+ # not apply to your version of bdc, check documentation and see 'bdc --help'
+
+ ### ArcaVir for Linux and Unix http://www.arcabit.pl/
+ ['ArcaVir for Linux', ['arcacmd','arcacmd.static'],
+ '-v 1 -summary 0 -s {}', [0], [1,2],
+ qr/(?:VIR|WIR):[ \t]*(.+)/ ],
+
+# ['File::Scan', sub {Amavis::AV::ask_av(sub{
+# use File::Scan; my($fn)=@_;
+# my($f)=File::Scan->new(max_txt_size=>0, max_bin_size=>0);
+# my($vname) = $f->scan($fn);
+# $f->error ? (2,"Error: ".$f->error)
+# : ($vname ne '') ? (1,"$vname FOUND") : (0,"Clean")}, @_) },
+# ["{}/*"], [0], [1], qr/^(.*) FOUND$/ ],
+
+# ### fully-fledged checker for JPEG marker segments of invalid length
+# ['check-jpeg',
+# sub { use JpegTester (); Amavis::AV::ask_av(\&JpegTester::test_jpeg, @_) },
+# ["{}/*"], undef, [1], qr/^(bad jpeg: .*)$/ ],
+# # NOTE: place file JpegTester.pm somewhere where Perl can find it,
+# # for example in /usr/local/lib/perl5/site_perl
+
+);
+
+
+@av_scanners_backup = (
+
+ ### http://www.clamav.net/ - backs up clamd or Mail::ClamAV
+ ['ClamAV-clamscan', 'clamscan',
+ "--stdout --no-summary -r --tempdir=$TEMPBASE {}",
+ [0], qr/:.*\sFOUND$/, qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
+
+ ### http://www.f-prot.com/ - backs up F-Prot Daemon
+ ['FRISK F-Prot Antivirus', ['f-prot','f-prot.sh'],
+ '-dumb -archive -packed {}', [0,8], [3,6], # or: [0], [3,6,8],
+ qr/(?:Infection:|security risk named) (.+)|\s+contains\s+(.+)$/ ],
+
+ ### http://www.trendmicro.com/ - backs up Trophie
+ ['Trend Micro FileScanner', ['/etc/iscan/vscan','vscan'],
+ '-za -a {}', [0], qr/Found virus/, qr/Found virus (.+) in/ ],
+
+ ### http://www.sald.com/, http://drweb.imshop.de/ - backs up DrWebD
+ ['drweb - DrWeb Antivirus', # security LHA hole in Dr.Web 4.33 and earlier
+ ['/usr/local/drweb/drweb', '/opt/drweb/drweb', 'drweb'],
+ '-path={} -al -go -ot -cn -upn -ok-',
+ [0,32], [1,9,33], qr' infected (?:with|by)(?: virus)? (.*)$'],
+
+ ### http://www.kaspersky.com/
+ ['Kaspersky Antivirus v5.5',
+ ['/opt/kaspersky/kav4fs/bin/kav4fs-kavscanner',
+ '/opt/kav/5.5/kav4unix/bin/kavscanner',
+ '/opt/kav/5.5/kav4mailservers/bin/kavscanner', 'kavscanner'],
+ '-i0 -xn -xp -mn -R -ePASBME {}/*', [0,10,15], [5,20,21,25],
+ qr/(?:INFECTED|WARNING|SUSPICION|SUSPICIOUS) (.*)/ ,
+# sub {chdir('/opt/kav/bin') or die "Can't chdir to kav: $!"},
+# sub {chdir($TEMPBASE) or die "Can't chdir back to $TEMPBASE $!"},
+ ],
+
+# Commented out because the name 'sweep' clashes with Debian and FreeBSD
+# package/port of an audio editor. Make sure the correct 'sweep' is found
+# in the path when enabling.
+#
+# ### http://www.sophos.com/ - backs up Sophie or SAVI-Perl
+# ['Sophos Anti Virus (sweep)', 'sweep',
+# '-nb -f -all -rec -ss -sc -archive -cab -mime -oe -tnef '.
+# '--no-reset-atime {}',
+# [0,2], qr/Virus .*? found/,
+# qr/^>>> Virus(?: fragment)? '?(.*?)'? found/,
+# ],
+# # other options to consider: -idedir=/usr/local/sav
+
+# always succeeds (uncomment to consider mail clean if all other scanners fail)
+# ['always-clean', sub {0}],
+
+);
+
+
+1; # insure a defined return
# This file can be distributed under either the GNU General Public License
# (version 2 or higher) or the 3-clause BSD License.
#
-# Daily snapshot on Sat 2007-09-29 01:05:01
+# Daily snapshot on Sat 2007-11-03 02:05:01
#
# Vendors, devices and subsystems. Please keep sorted.
1703 ISDN Adapter (PCI Bus, DV, W)
1704 ISDN Adapter (PCI Bus, D, C)
067b Prolific Technology, Inc.
- 2303 PL-2303 USB-to-Serial Converter
3507 PL-3507 Hi-Speed USB & IEEE 1394 Combo to IDE Bridge Controller
069d Hughes Network Systems (HNS)
0721 Sapphire, Inc.
07ca AVerMedia Technologies Inc.
+ a301 AVerTV 301
b808 AVerTV DVB-T Volar (USB 2.0)
07e2 ELMEG Communication Systems GmbH
0842 NPG, Personal Grand Technology
15ab Bluesteel Networks Inc
15ac North Atlantic Instruments
15ad VMware Inc
- 0405 [VMware SVGA II] PCI Display Adapter
- 0710 Virtual SVGA
- 0720 VMware High-Speed Virtual NIC [vmxnet]
+ 0405 Abstract SVGA II Adapter
+ 0710 Abstract SVGA Adapter
+ 0720 Abstract Ethernet Controller
+ 0740 Virtual Machine Communication Interface
+ 0770 Abstract USB2 EHCI Controller
+ 0801 Virtual Machine Interface
+ 15ad 0800 Hypervisor ROM Interface
15ae Amersham Pharmacia Biotech
15b0 Zoltrix International Ltd
15b1 Source Technology Inc
0002 NXB-10GCX4 10 Gigabit Ethernet PCIe Adapter with CX4 copper interface
0003 NXB-4GCU Quad Gigabit Ethernet PCIe Adapter with 1000-BASE-T interface
0004 BladeCenter-H 10 Gigabit Ethernet High Speed Daughter Card
+ 0005 NetXen Dual Port 10GbE Multifunction Adapter for c-Class
+ 0024 XG Mgmt
+ 0025 XG Mgmt
4143 Digital Equipment Corp
4144 Alpha Data
0044 ADM-XRCIIPro
1014 026a PRO/1000 MT Network Connection
1028 002e Optiplex GX260
1028 0134 PowerEdge 600SC
- 1028 0151 PRO/1000 MT Network Connection
+ 1028 0151 Optiplex GX270
107b 8920 PRO/1000 MT Desktop Adapter
8086 001e PRO/1000 MT Desktop Adapter
8086 002e PRO/1000 MT Desktop Adapter
100f 82545EM Gigabit Ethernet Controller (Copper)
1014 0269 iSeries 1000/100/10 Ethernet Adapter
1014 028e PRO/1000 MT Network Connection
+ 15ad 0750 Abstract PRO/1000 MT Single Port Adapter
8086 1000 PRO/1000 MT Network Connection
8086 1001 PRO/1000 MT Server Adapter
1010 82546EB Gigabit Ethernet Controller (Copper)
0e11 00db NC7170 Gigabit Server Adapter
1014 027c PRO/1000 MT Dual Port Network Adapter
+ 15ad 0760 Abstract PRO/1000 MT Dual Port Adapter
18fb 7872 RESlink-X
1fc1 0026 Niagara 2260 Bypass Card
4c53 1080 CT8 mainboard
104c 82562V 10/100 Network Connection
104d 82566MC Gigabit Network Connection
1050 82562EZ 10/100 Ethernet Controller
+ 1028 019d Dimension 3000
1462 728c 865PE Neo2 (MS-6728)
1462 758c MS-6758 (875P Neo)
8086 3020 D865PERL mainboard
8086 1075 PRO/1000 CT Network Connection
1076 82541GI Gigabit Ethernet Controller
1028 0165 PowerEdge 750
+ 1028 016d PowerEdge 1850
1028 019a PowerEdge SC1425
+ 1028 106d PowerEdge 1850
8086 0076 PRO/1000 MT Network Connection
8086 1076 PRO/1000 MT Network Connection
8086 1176 PRO/1000 MT Desktop Adapter
8086 544e DeskTop Board D945GTP
27c4 82801GBM/GHM (ICH7 Family) SATA IDE Controller
1025 006c 9814 WKMI
+ 17aa 200e Thinkpad T60 model 2007
27c5 82801GBM/GHM (ICH7 Family) SATA AHCI Controller
103c 30a3 Compaq nw8440
17aa 200d Thinkpad R60e model 0657
17aa 2010 ThinkPad T60/R60 series
17aa 3802 Lenovo 3000 C200 audio [Realtek ALC861VD]
8086 1112 DeskTop Board D945GTP
+ 8086 27d8 Lenovo 3000 N100 Audio (Intel HDA)
27da 82801G (ICH7 Family) SMBus Controller
1025 006c 9814 WKMI
10f7 8338 Panasonic CF-Y5 laptop
2912 82801IH (ICH9DH) LPC Interface Controller
2914 82801IO (ICH9DO) LPC Interface Controller
2916 82801IR (ICH9R) LPC Interface Controller
- 2917 Mobile LPC Controller
+ 2917 Mobile LPC Interface Controller
2918 82801IB (ICH9) LPC Interface Controller
- 2919 Mobile LPC Controller
+ 2919 Mobile LPC Interface Controller
2920 82801IR/IO/IH (ICH9R/DO/DH) 4 port SATA IDE Controller
2921 82801IB (ICH9) 2 port SATA IDE Controller
2922 82801IR/IO/IH (ICH9R/DO/DH) 6 port SATA AHCI Controller
29d5 82Q33 Express MEI Controller
29d6 82Q33 Express PT IDER Controller
29d7 82Q33 Express Serial KT Controller
- 29e0 DRAM Controller
- 29e1 Host-Primary PCI Express Bridge
- 29e4 MEI Controller
- 29e5 MEI Controller
- 29e6 PT IDER Controller
- 29e7 Serial KT Controller
- 29e9 Host-Secondary PCI Express Bridge
+ 29e0 82X38 Express DRAM Controller
+ 29e1 82X38 Express Host-Primary PCI Express Bridge
+ 29e4 82X38 Express MEI Controller
+ 29e5 82X38 Express MEI Controller
+ 29e6 82X38 Express PT IDER Controller
+ 29e7 82X38 Express Serial KT Controller
+ 29e9 82X38 Express Host-Secondary PCI Express Bridge
29f0 Server DRAM Controller
29f1 Server Host-Primary PCI Express Bridge
29f4 Server MEI Controller
2a51 Mobile MEI Controller
2a52 Mobile PT IDER Controller
2a53 Mobile AMT SOL Redirection
+ 2c01 QuickPath Architecture System Address Decoder
+ 2c10 QuickPath Interconnect Link 0
+ 2c11 QuickPath Interconnect Physical 0
+ 2c14 QuickPath Interconnect Link 1
+ 2c18 QuickPath Memory Controller
+ 2c19 QuickPath Memory Controller Target Address Decoder
+ 2c1a QuickPath Memory Controller RAS Registers
+ 2c1c QuickPath Memory Controller Test Registers
+ 2c20 QuickPath Memory Controller Channel 0 Control Registers
+ 2c21 QuickPath Memory Controller Channel 0 Address Registers
+ 2c22 QuickPath Memory Controller Channel 0 Rank Registers
+ 2c23 QuickPath Memory Controller Channel 0 Thermal Control Registers
+ 2c28 QuickPath Memory Controller Channel 1 Control Registers
+ 2c29 QuickPath Memory Controller Channel 1 Address Registers
+ 2c2a QuickPath Memory Controller Channel 1 Rank Registers
+ 2c2b QuickPath Memory Controller Channel 1 Thermal Control Registers
+ 2c30 QuickPath Memory Controller Channel 2 Control Registers
+ 2c31 QuickPath Memory Controller Channel 2 Address Registers
+ 2c32 QuickPath Memory Controller Channel 2 Rank Registers
+ 2c33 QuickPath Memory Controller Channel 2 Thermal Control Registers
+ 2c40 QuickPath Architecture Generic Non-Core Registers
3200 GD31244 PCI-X SATA HBA
1775 c200 C2K onboard SATA host bus adapter
3313 IOP348 I/O Processor (SL8e) in IOC Mode SAS/SATA
3363 IOC340 I/O Controller in IOC Mode SAS/SATA
33c3 IOP348 I/O Processor (SL8De) in IOC Mode SAS/SATA
33cb IOP348 I/O Processor (SL8Dx) in IOC Mode SAS/SATA
+ 3400 QuickPath Architecture I/O Hub to ESI Port
+ 3401 QuickPath Architecture I/O Hub to ESI Port
+ 3402 QuickPath Architecture I/O Hub to ESI Port
+ 3403 QuickPath Architecture I/O Hub to ESI Port
+ 3404 QuickPath Architecture I/O Hub to ESI Port
+ 3405 QuickPath Architecture I/O Hub to ESI Port
+ 3406 QuickPath Architecture I/O Hub to ESI Port
+ 3407 QuickPath Architecture I/O Hub to ESI Port
+ 3408 QuickPath Architecture I/O Hub PCI Express Root Port 1
+ 3409 QuickPath Architecture I/O Hub PCI Express Root Port 2
+ 340a QuickPath Architecture I/O Hub PCI Express Root Port 3
+ 340b QuickPath Architecture I/O Hub PCI Express Root Port 4
+ 340c QuickPath Architecture I/O Hub PCI Express Root Port 5
+ 340d QuickPath Architecture I/O Hub PCI Express Root Port 6
+ 340e QuickPath Architecture I/O Hub PCI Express Root Port 7
+ 340f QuickPath Architecture I/O Hub PCI Express Root Port 8
+ 3410 QuickPath Architecture I/O Hub PCI Express Root Port 9
+ 3411 QuickPath Architecture I/O Hub PCI Express Root Port 10
+ 3418 Quickpath Interconnect Physical Layer Port 0
+ 3419 Quickpath Interconnect Physical Layer Port 1
+ 3420 QuickPath Architecture I/O Hub PCI Express Root Port 0
+ 3421 QuickPath Architecture I/O Hub PCI Express Root Port 0
+ 3422 QuickPath Architecture I/O Hub GPIO and Scratch Pad Registers
+ 3423 QuickPath Architecture I/O Hub Control Status and RAS Registers
+ 3425 QuickPath Interconnect Physical and Link Layer Registers – Port 0
+ 3426 QuickPath Interconnect Routing and Protocol Layer Registers – Port 0
+ 3427 QuickPath Interconnect Physical and Link Layer Registers - Port 1
+ 3428 QuickPath Interconnect Routing & Protocol Layer Register – Port 1
+ 3429 DMA Engine
+ 342a DMA Engine
+ 342b DMA Engine
+ 342c DMA Engine
+ 342d QuickPath Architecture I/O Hub I/OxAPIC Interrupt Controller
+ 342e QuickPath Architecture I/O Hub System Management Registers
+ 342f Trusted Execution Technology Registers
+ 3430 DMA Engine
+ 3431 DMA Engine
+ 3432 DMA Engine
+ 3433 DMA Engine
+ 3438 QuickPath Architecture I/O Hub Throttle Registers
3500 6311ESB/6321ESB PCI Express Upstream Port
3501 6310ESB PCI Express Upstream Port
3504 6311ESB/6321ESB I/OxAPIC Interrupt Controller
4000 Memory Controller Hub
4001 Memory Controller Hub
4003 Memory Controller Hub
- 4008 Memory Controller Hub
- 4010 Memory Controller Hub
4021 PCI Express Port 1
4022 PCI Express Port 2
4023 PCI Express Port 3
402e IBIST Registers
402f DMA/DCA Engine
4030 FSB Registers
+ 4031 CE/SF Registers
4032 I/OxAPIC
4035 FBD Registers
4036 FBD Registers
7051 PB 642365-003 (Business Video Conferencing Card)
7100 430TX - 82439TX MTXC
7110 82371AB/EB/MB PIIX4 ISA
- 15ad 1976 virtualHW v3
+ 15ad 1976 Virtual Machine Chipset
7111 82371AB/EB/MB PIIX4 IDE
- 15ad 1976 virtualHW v3
+ 15ad 1976 Virtual Machine Chipset
7112 82371AB/EB/MB PIIX4 USB
- 15ad 1976 virtualHW v3
+ 15ad 1976 Virtual Machine Chipset
7113 82371AB/EB/MB PIIX4 ACPI
- 15ad 1976 virtualHW v3
+ 15ad 1976 Virtual Machine Chipset
7120 82810 GMCH (Graphics Memory Controller Hub)
4c53 1040 CL7 mainboard
4c53 1060 PC7 mainboard
0e11 0500 Armada 1750 Laptop System Chipset
0e11 b110 Armada M700/E500
1028 008e PowerEdge 1300 mainboard
+ 1043 803b CUBX-L/E Mainboard
1179 0001 Toshiba Tecra 8100 Laptop System Chipset
- 15ad 1976 virtualHW v3
+ 15ad 1976 Virtual Machine Chipset
4c53 1050 CT7 mainboard
4c53 1051 CE7 mainboard
7191 440BX/ZX/DX - 82443BX/ZX/DX AGP bridge
04 RAID bus controller
05 ATA controller
20 ADMA single stepping
- 40 ADMA continuous operation
+ 30 ADMA continuous operation
06 SATA controller
00 Vendor specific
01 AHCI 1.0
02 FDDI network controller
03 ATM network controller
04 ISDN controller
+ 05 WorldFip controller
+ 06 PICMG controller
80 Network controller
C 03 Display controller
00 VGA compatible controller
- 00 VGA
- 01 8514
+ 00 VGA controller
+ 01 8514 controller
01 XGA compatible controller
02 3D controller
80 Display controller
02 Hayes/16550
03 Hayes/16650
04 Hayes/16750
+ 04 GPIB controller
+ 05 Smard Card controller
80 Communication controller
C 08 Generic system peripheral
00 PIC
00 Generic
01 ISA RTC
04 PCI Hot-plug controller
+ 05 SD Host controller
80 System peripheral
C 09 Input device controller
00 Keyboard controller
04 Fibre Channel
05 SMBus
06 InfiniBand
+ 07 IPMI SMIC interface
+ 08 SERCOS interface
+ 09 CANBUS
C 0d Wireless controller
00 IRDA controller
01 Consumer IR controller
10 RF controller
+ 11 Bluetooth
+ 12 Broadband
+ 20 802.1a controller
+ 21 802.1b controller
80 Wireless controller
C 0e Intelligent controller
00 I2O
C 0f Satellite communications controller
- 00 Satellite TV controller
- 01 Satellite audio communication controller
+ 01 Satellite TV controller
+ 02 Satellite audio communication controller
03 Satellite voice communication controller
04 Satellite data communication controller
C 10 Encryption controller
00 DPIO module
01 Performance counters
10 Communication synchronizer
+ 20 Signal processing management
80 Signal processing controller
# The latest version can be obtained from
# http://www.linux-usb.org/usb.ids
#
-# $Id: usb.ids,v 1.273 2007/09/26 08:47:42 gowdy Exp $
+# $Id: usb.ids,v 1.286 2007/10/27 07:15:22 gowdy Exp $
#
# Vendors, devices and interfaces. Please keep sorted.
0204 Chipsbank Microelectronics Co., Ltd
6025 CBM2080 Flash drive controller
6026 CBM1180 Flash drive controller
+02ad HUMAX Co., Ltd.
+ 138c PVR Mass Storage
0386 LTS
0001 PSX for USB Converter
03e8 EndPoints, Inc.
4402 PhotoSmart 935 (ptp)
4502 PhotoSmart 945 (PTP mode)
5004 DeskJet 995c
+ 5611 PhotoSmart C3180
+ 5911 PhotoSmart C6180
6004 DeskJet 5550
6104 DeskJet 5650c
6202 PhotoSmart 215
5637 M5637 IDE Controller
0403 Future Technology Devices International, Ltd
0000 H4SMK 7 Port Hub
- 6001 FT232R USB-Serial (UART) IC
+ 6001 FT232 USB-Serial (UART) IC
6010 FT2232C Dual USB-UART/FIFO IC
8040 4 Port Hub
8070 7 Port Hub
4123 Zen Portable Media Center
4126 Dell DJ (2nd gen)
4127 Dell DJ
+ 4128 NOMAD Jukebox Zen Xtra (mtp)
412b MuVo N200 with FM radio
4130 Zen Micro (mtp)
4131 Zen Touch (mtp)
4137 Zen Sleek (mtp)
4139 Zen Nano Plus
413c Zen MicroPhoto
+ 4151 Zen Vision:M (mtp)
041f LCS Telegraphics
0420 Chips and Technologies
0421 Nokia Mobile Phones
0418 E-70 (PC-Suite mode)
041a 9500 GSM Communicator (RNDIS)
041b 9300 GSM Smartphone (RNDIS)
- 041e Nokia 6680
+ 041e 6680
0428 6230i Modem
0429 6230i MultiMedia Card
0431 770 Internet Tablet
0435 E-70 (IP Passthrough/RNDIS mode)
- 043a Nokia N70 USB Phone Parent
+ 043a N70 USB Phone Parent
+ 046e 6110 Navigator
+ 04c3 N800 Internet Tablet
+ 04f9 Nokia 6300 (PC-Suite mode)
0800 Connectivity Cable DKU-5
0422 ADI Systems, Inc.
0423 Computer Access Technology Corp.
1237 Andromeda Hub
0424 Standard Microsystems Corp.
20fc 6-in-1 Card Reader
+ 2228 9-in-2 Card Reader
223a 8-in-1 Card Reader
+ 2503 USB 2.0 Hub
+ 2504 USB 2.0 Hub
2524 USB MultiSwitch Hub
0425 Motorola Semiconductors HK, Ltd
0101 G-Tech Wireless Mouse & Keyboard
000e VideoCAM Web
001a Genius WebScroll+
004c Slimstar Pro Keyboard
+ 0056 Ergo 300 Mouse
0100 EasyPen Tablet
0101 CueCat
1003 Genius VideoCam
08b3 QuickCam Zoom
08b4 QuickCam Zoom
08b5 QuickCam Sphere
+ 08ce QuickCam Pro 5000
08d9 QuickCam Connect
08da QuickCam Messanger
08f0 QuickCam Messenger
c030 iFeel Mouse
c032 MouseMan iFeel
c03e Premium Optical Wheel Mouse
+ c03f UltraX Optical Mouse
c202 WingMan Formula
c207 WingMan Extreme Digital 3D
c208 WingMan Gamepad Extreme
c517 LX710 Cordless Desktop Laser
c518 MX610 Laser Cordless Mouse
c521 MX620 Laser Cordless Mouse
+ c626 3DConnexion Space Navigator 3D Mouse
+ c627 3DConnexion Space Explorer 3D Mouse
+ c703 Elite Keyboard Y-RP20 + Mouse MX900 (Bluetooth)
c709 BT Mini-Receiver (HCI mode)
c70b BT Mini-Receiver (HID proxy mode)
c70c BT Mini-Receiver (HID proxy mode)
1005 TurboBall
1009 Orbit TrackBall for Mac
101f PocketMouse Pro
+ 1020 Expert Mouse Trackball
2010 Wireless Presentation Remote
4005 Gravis Eliminator GamePad Pro
4006 Gravis Eliminator AfterShock
1001 USS720 Parallel Port
f101 Atlas Modem
047f Plantronics, Inc.
+ 0ca1 USB DSP v4 Audio Interface
0480 Toshiba America Info. Systems, Inc.
0481 Zenith Data Systems
0482 Kyocera Corp.
040a D50 (ptp)
040c D2Hs
040e DSC D70s (ptp)
+ 0413 D40 (mass storage mode)
4000 Coolscan LS 40 ED
04b1 Pan International
04b3 IBM Corp.
020d Apple Pro Keyboard [Mitsumi, A1048/JIS layout]
020e Apple Internal Keyboard/Trackpad
020f Apple Internal Keyboard/Trackpad
+ 0220 Apple Aluminum Keyboard
0301 Apple USB Mouse [Mitsumi, M4848]
0302 Apple Optical Mouse [Fujitsu]
0304 Apple Optical USB Mouse [Mitsumi]
1001 Apple Keyboard Hub [ALPS]
1002 Apple Extended Keyboard Hub [Mitsumi]
1003 Hub in Apple Pro Keyboard [Mitsumi, A1048]
+ 1006 Hub in Apple Aluminum Keyboard
1101 Speakers
1201 3G iPod
1203 Apple iPod 4.Gen Grayscale 40G
1204 iPod [Photo]
+ 1205 iPod Mini 1.Gen/2.Gen
+ 1209 iPod Video
120A iPod Nano
+ 1260 iPod Nano 2.Gen
1300 iPod Shuffle
8202 HCF V.90 Data/Fax Modem
8203 Bluetooth HCI
8206 Bluetooth USB Host Controller
8240 IR Receiver [build-in]
8501 Built-in iSight [Micron]
+ 912f Hub in Apple 30" Cinema Display
+ 9221 Apple 30" Cinema Display
05ad Y.C. Cable U.S.A., Inc.
05ae Synopsys, Inc.
05af Jing-Mold Enterprise Co., Ltd
0200 SDDR-09 (SSFDC) ImageMate SmartMedia Reader [eusb]
0400 SecureMate SD/MMC Reader
0621 SDDR-86 Imagemate 6-in-1 Reader
+ 0720 Sansa C200 series in recovery mode
+ 0729 Sansa E200 series in recovery mode
0810 SDDR-75 ImageMate CF-SM Reader
0830 ImageMate CF/MMC/SD Reader
5150 SDCZ2 Cruzer Mini Flash Drive (thin)
5151 Cruzer Micro 256/512MB Flash Drive
+ 5406 Cruzer Micro 4GB Flash Drive
7104 Cruzer Micro Mini 256MB Flash Drive
7112 Cruzer Micro 128MB Flash Drive
7113 Cruzer Micro 256MB Flash Drive
+ 7420 Sansa E200 series (mtp)
+ 7421 Sansa E200 series
+ 7450 Sansa C250
+ 7451 Sansa C240
8185 SDCZ2 Cruzer Mini Flash Drive (older, thick)
8889 SDDR-88 Imagemate 8-in-1 Reader
8989 ImageMate 12-in-1 Reader
092a Toshiba Information & Industrial Sys. And Services
092b Sena Technologies, Inc.
0930 Toshiba Corp.
- 0009 Toshiba Gigabeat (HDD audio player)
+ 0009 Gigabeat F/X (HDD audio player)
+ 000C Gigabeat F (mtp)
+ 0010 Gigabeat S (mtp)
6519 Kingston DataTraveler 2.0 USB Stick
6533 512M USB Stick
653c Kingston DataTraveler 2.0 USB Stick (512M)
0a22 Century Semiconductor USA, Inc.
0a2c AK-Modul-Bus Computer GmbH
0008 GPIO Ports
+0a34 TG3 Electronics, Inc.
+ 0110 Deck 82-key backlit keyboard
0a39 Gilat Satellite Networks, Ltd
0a3a PentaMedia Co., Ltd
0a3c NTT DoCoMo, Inc.
0b6a Maxim Integrated Products
0b6f Nagano Japan Radio Co., Ltd
0b70 PortalPlayer, Inc.
+ 00ba iRiver H10 20GB
0b71 SHIN-EI Sangyo Co., Ltd
0b72 Embedded Wireless Technology Co., Ltd
0b73 Computone Corp.
00ce mmO2 XDA GSM/GPRS Pocket PC
00cf SPV C500 Smart Phone
0a02 Himalaya GSM/GPRS Pocket PC
+ 0a07 Magician PocketPC SmartPhone / O2 XDA
0a51 SPV C400 / T-Mobile SDA GSM/GPRS Pocket PC
0bb5 Murata Manufacturing Co., Ltd
0bb6 Network Alchemy
e007 OnlyDisk U222 Pendrive
0dd9 HighSpeed Surfing
0dda Integrated Circuit Solution, Inc.
+ 2005 Datalux DLX-1611 16in1 Card Reader
2026 USB2.0 Card Reader
2027 USB 2.0 Card Reader
0ddb Tamarack, Inc.
0e21 Cowon Systems, Inc.
0300 iAudio CW200
0510 iAudio X5
+ 0513 iAudio X5, side USB port
+ 0520 iAudio M5
0700 iAudio U3
0e23 Liou Yuane Enterprise Co., Ltd
0e25 VinChip Systems, Inc.
1005 Apacer Technology, Inc.
b113 Handy Steno 2.0 (256MB)
1006 iRiver, Ltd.
- 3002 iHP-100/120/140 MP3 Player
+ 3001 iHP-100
+ 3002 iHP-120/140 MP3 Player
+ 3003 H320/H340
+ 3004 H340 (mtp)
1009 Emuzed, Inc.
100a AV Chaseway, Ltd
100b Chou Chin Industrial Co., Ltd
124b Nyko (Honey Bee)
4d01 Airflo EX Joystick
1267 Logic3 / SpectraVideo plc
+ 0103 G-720 Keyboard
0201 A4Tech SWOP-3 Mouse
a001 JP260 PC Game Pad
126e Strobe Data, Inc.
3201 VisionDTV USB-Ter/HAMA USB DVB-T device cold
3202 VisionDTV USB-Ter/HAMA USB DVB-T device warm
13fe Kingston Technology Company Inc.
+ 1a00 512MB/1GB Flash Drive
1a23 512MB Flash Drive
- 1d00 DataTraveler 2.0 1GB Flash Drive
+ 1d00 DataTraveler 2.0 1GB/4GB Flash Drive
1453 Radio Shack
4026 26-183 Serial Cable
1462 Micro Star International
1706 BlueView Technologies, Inc.
1733 Cellink Technology Co., Ltd
0101 RF Wireless Optical Mouse OP-701
-1781 MetaGeek
- 083e Wi-Spy
+1781 Multiple Vendors
+ 083e MetaGeek Wi-Spy
+ 0938 Iguanaworks USB IR Transceiver
17b3 Grey Innovation
0004 Linux-USB Midi Gadget
+17e9 Newnham Research
+ 0051 USB VGA Adaptor
17eb Cornice, Inc.
+17ef ChipsBnk
+ 3815 2GB USB Stick
1822 Twinhan
3201 VisionDTV USB-Ter/HAMA USB DVB-T device cold
3202 VisionDTV USB-Ter/HAMA USB DVB-T device warm
5641 TSAM-004 Presentation Remote
18d9 Kaba
01xy LEGIC advant desktop reader
+18ea Matrox Graphics, Inc.
+ 0002 DualHead2Go [Analog Edition]
+ 0004 TripleHead2Go [Digital Edition]
1977 T-Logic
0111 TL203 MP3 Player and Voice Recorder
1995 Trillium Technology Pty. Ltd.
0001 TrackerPod Camera Stand
3176 Whanam Electronics Co., Ltd
3340 Yakumo
+ 043a Mio A701 DigiWalker PPCPhone
0e3a Pocket PC 300 GPS SL / Typhoon MyGuide 3500
a0a3 deltaX 5 BT (D) PDA
3504 Micro Star
1113 T10 (alternate)
1117 T10
1119 T30 series mp3/ogg/wma player
+ 2002 H10 6GB
+ 2101 H10 20GB (mtp)
+ 2102 H10 5GB (mtp)
+ 2105 H10 5/6GB (mtp)
413c Dell Computer Corp.
1002 Keyboard Hub
2002 SK-8125 Keyboard
0fa1 Grandtec USB1.1 DVB-T (warm)
5041 Linksys (?)
2234 WUSB54G 802.11g Adapter
+5345 Owon
+ 1234 PDS6062T Oscilloscope
544d Transmeta Corp.
5543 UC-Logic Technology Corp.
0002 SuperPen WP3325U Tablet
1234 ATAPI Bridge
a103 Sandisk SDDR-55 SmartMedia Card Reader
b012 Mitsumi FA402M 8-in-2 Card Reader
+6253 TwinHan Technology Co., Ltd
+ 0100 Ir reciver f. remote control
636c CoreLogic, Inc.
6666 Prototype product Vendor ID
0667 Smart Joy PSX, PS-PC Smart JoyPad
0b OBEX
0c Ethernet Emulation
07 Ethernet Emulation (EEM)
-C 03 Human Interface Devices
+C 03 Human Interface Device
00 No Subclass
00 None
01 Keyboard
00 None
01 Keyboard
02 Mouse
+C 05 Physical Interface Device
C 06 Imaging
01 Still Image Capture
01 Picture Transfer Protocol (PIMA 15470)
01 ?
01 Microsoft ActiveSync
02 Palm Sync
- 02 Common Class
+ 02 ?
01 Interface Association
02 Wire Adapter Multifunction Peripheral
03 ?