Hosting Provided By

[AMaViS-user] Amavisd ignoring AV reports from clamav

From: James Cloos <cloos(at)jhcloos.com>
Date: Sat Dec 29 2007 - 15:02:46 EST

I've noticed that amavisd on my MX no longer blocks stuff flagged by clamav.

The only difference in the logs for a message which clamav's log shows as having FOUND something and one which is CLEAN is that in the latter case amavis logs 'Hits: -' and in the FOUND case it logs 'Hits: 0.1'.

The logs show that it is sending everthing to clamav, just PASSing mail which should be DISCARDed and quarantined.

I can't find any reason why.

My /etc/amavis/conf.d/50-user just sets:

@local_domains_acl to a list of my local domains, $forward_method and $notify_method to the delivery smtpd, $myhostname to the correct fqdn, and:

@bypass_virus_checks_maps = (); # to check everthing
$final_virus_destiny      = D_DISCARD;
$final_banned_destiny     = D_DISCARD;

The quarantine had a couple of recent badh- files, but no virusor banned- files for the last several months.

An example of the logging:

Do you need help?

>From mail.log:

Dec 29 18:33:03 mx amavis[8696]: (08696-11) Passed CLEAN, [74.238.54.136]

                         -> ,
    Message-ID: ,
     mail_id: Ainpxge0xIwH, Hits: 0.1, size: 3648, queued_as: 585E494093, 771 ms

and the corresponding entry from clamav.log:

Sat Dec 29 18:33:03 2007 ->

        /var/lib/amavis/tmp/amavis-20071229T183012-08696/parts/p001:
        HTML.Phishing.Pay-172 FOUND

-JimC

-- 
James Cloos          OpenPGP: 1024D/ED7DAEA6

-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:
http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:
http://www.amavis.org/howto/

Received on Sat Dec 29 15:03:10 2007

This message: [ Message body ]
Next message: Noel Jones: "Re: [AMaViS-user] Amavisd ignoring AV reports from clamav"
Previous message: Jim Knuth: "Re: [AMaViS-user] Attachment limit size"
Next in thread: Noel Jones: "Re: [AMaViS-user] Amavisd ignoring AV reports from clamav"
Reply: Noel Jones: "Re: [AMaViS-user] Amavisd ignoring AV reports from clamav"
Reply: Gary V: "Re: [AMaViS-user] Amavisd ignoring AV reports from clamav"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Tue Jul 15 2008 - 13:02:50 EDT