Hosting Provided By

Re: [AMaViS-user] Amavisd ignoring AV reports from clamav

From: Gary V <mr88talent(at)gmail.com>
Date: Sat Dec 29 2007 - 15:33:28 EST

On 12/29/07, James Cloos wrote:
> I've noticed that amavisd on my MX no longer blocks stuff flagged by
> clamav.

Probably now using amavisd-new 2.5.x. This new behavior is explained in RELEASE_NOTES.

http://www.mail-archive.com/amavis-user@lists.sourceforge.net/msg09452.html

I placed this sample in a file you can grab:

cd /etc/spamassassin
wget http://www200.pair.com/mecham/spam/amavis-sanesecurity.cf spamassassin --lint
amavisd-new reload

>
> The only difference in the logs for a message which clamav's log shows
> as having FOUND something and one which is CLEAN is that in the latter
> case amavis logs 'Hits: -' and in the FOUND case it logs 'Hits: 0.1'.
>
> The logs show that it is sending everthing to clamav, just PASSing mail
> which should be DISCARDed and quarantined.
>
> I can't find any reason why.
>
> My /etc/amavis/conf.d/50-user just sets:
>
> @local_domains_acl to a list of my local domains,
> $forward_method and $notify_method to the delivery smtpd,
> $myhostname to the correct fqdn, and:
>
> @bypass_virus_checks_maps = (); # to check everthing
> $final_virus_destiny = D_DISCARD;
> $final_banned_destiny = D_DISCARD;
>
> The quarantine had a couple of recent badh- files, but no virus-
> or banned- files for the last several months.
>
> An example of the logging:
>
> >From mail.log:
>
> Dec 29 18:33:03 mx amavis[8696]: (08696-11) Passed CLEAN, [74.238.54.136]
> <service@intl.paypal.com> -> <cloos@jhcloos.com>,
> Message-ID: <MAILFkuutSgcOrBLSAQ00000025@paullawtonconstruction.com>,
> mail_id: Ainpxge0xIwH, Hits: 0.1, size: 3648, queued_as: 585E494093, 771 ms
>
> and the corresponding entry from clamav.log:
>
> Sat Dec 29 18:33:03 2007 ->
> /var/lib/amavis/tmp/amavis-20071229T183012-08696/parts/p001:
> HTML.Phishing.Pay-172 FOUND
>
> -JimC

-- 
Gary V

-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:
http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:
http://www.amavis.org/howto/

Received on Sat Dec 29 15:36:59 2007

This message: [ Message body ]
Next message: James Cloos: "Re: [AMaViS-user] Amavisd ignoring AV reports from clamav"
Previous message: Noel Jones: "Re: [AMaViS-user] Amavisd ignoring AV reports from clamav"
In reply to: James Cloos: "[AMaViS-user] Amavisd ignoring AV reports from clamav"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Tue Jul 15 2008 - 14:02:41 EDT