The following wrapper prog solves two problems:
(amavis-perl-11, qmail 1.03)

- it avoids having mails scanned multiple times,
thus greatly reducing load on your server.
Like qmail-queue it checks the real uid
to determine wether mail was from "network" (qmaild),
alias or other.
Depending on your server setup you may want to
scan only from qmaild or all but from alias.
Making the decision in a c-wrapper is of course
much faster than in amavis-perl.

- like previously seen c-wrappers, it avoids the
problems with suidperl. Make shure that the amavis
perl script itself is NOT setuid; else perl runs
suidperl, finds the uid that should be set,
concludes, that the kernel honored the setuid bit,
and complains
("YOU HAVEN'T DISABLED SET-ID SCRIPTS IN THE KERNEL YET!")
cf. the Milkov posting
http://marc.theaimsgroup.com/?l=amavis-user&m=99169919700553&w=2


save in some dir next to qmail-1.03,
gcc amavis-wrap.c -o /var/qmail/bin/amavis-wrap
or
gcc amavis-wrap.c -DSCAN_NOTALIAS -o /var/qmail/bin/amavis-wrap
strip /var/qmail/bin/amavis-wrap
chown qmailq.qmail /var/qmail/bin/amavis-wrap
chmod 4711 /var/qmail/bin/amavis-wrap
chmod u-s /var/qmail/bin/amavis
(NOTE: I have amavis in the qmail/bin dir)


----- snip %< -----

/* make -C ../qmail-1.03 auto_uids.c */
#include "../qmail-1.03/auto_uids.c"

extern int getuid(void);

/*
  * wrapper for amavis under qmail
  * instead of using amavis itself as a replacement for qmail-queue,
  * use this wrapper to run amavis only under certain circumstances.
  *
  * for a typical no-login standalone mailserver, suspicios mail
  * can enter the queue only via smtpd.
  *
  * on a user system, you may want to at least exclude alias mails
  * from being scanned again. (-DSCAN_NOTALIAS)
  *
  * assume we're started from qmail-smtpd, qmail-inject or some by qmail.c
  * which chdirs to the /var/qmail or whatever directory
  *
  * assume amavis is installed in qmail/bin instead of usr/sbin
  * and is NOT setuid (else suidperl will complain about your kernel)
  */

int main () {
   int ruid = getuid();
   char *args[2] = {
     ruid
#ifdef SCAN_NOTALIAS
       != auto_uida /* scan everything not from alias */
#else
       == auto_uidd /* scan only from (network) daemon */
#endif
     ? "bin/amavis"
     : "bin/qmail-queue-real"
     ,
     0
   };
   execv( *args, args );
   return 0;
}