Does amavis clamav to scan the mail (header + body) or only parts of it? I specified @keep_decoded_original_maps on a Debian 2.10.1 install to "retain full original message for virus checking" like this:
@keep_decoded_original_maps = (new_RE( qr'^MAIL$', # retain full original message for virus checking (can be slow) qr'^MAIL-UNDECIPHERABLE$', # recheck full mail if it contains undecipherables qr'^(ASCII(?! cpio)|text|uuencoded|xxencoded|binhex)'i, )); >From this I would suspect amavis to tell clamav to scan the whole mail, which I assume to be stored in $tempdir/email.txt. But I don't see that, when I look at the communication that takes place between amavis and clamav. >From what I read from the recorded tcpdump session (see below) amavis tells clamd to - CONTSCAN /var/lib/amavis/tmp/amavis-20160216T131521-08377-MZJAqZlB/parts/p004 - CONTSCAN /var/lib/amavis/tmp/amavis-20160216T131521-08377-MZJAqZlB/parts/p002 There's no CONTSCAN /var/lib/amavis/tmp/amavis-20160216T131521-08377-MZJAqZlB/email.txt (allthough it would work as I tested manually). Did I miss something? Is my assumption amavis will let clamav scan the complete message, wrong? Thanks p@rick 13:51:34.667566 IP localhost.localdomain.60081 > localhost.localdomain.3310: Flags [S], seq 4241060098, win 43690, options [mss 65495,sackOK,TS val 2109639026 ecr 0,nop,wscale 7], length 0 E..<.p@[email protected]......... }..r........ 13:51:34.667588 IP localhost.localdomain.3310 > localhost.localdomain.60081: Flags [S.], seq 3782527681, ack 4241060099, win 43690, options [mss 65495,sackOK,TS val 2109639026 ecr 2109639026,nop,wscale 7], length 0 E..<..@.@.<..............t....q......0......... }..r}..r.... 13:51:34.667601 IP localhost.localdomain.60081 > localhost.localdomain.3310: Flags [.], ack 1, win 342, options [nop,nop,TS val 2109639026 ecr 2109639026], length 0 E..4.q@[email protected].(..... }..r}..r 13:51:34.668699 IP localhost.localdomain.60081 > localhost.localdomain.3310: Flags [P.], seq 1:74, ack 1, win 342, options [nop,nop,TS val 2109639026 ecr 2109639026], length 73 E..}.r@[email protected]..... }..r}..rCONTSCAN /var/lib/amavis/tmp/amavis-20160216T131521-08377-MZJAqZlB/parts 13:51:34.668729 IP localhost.localdomain.3310 > localhost.localdomain.60081: Flags [.], ack 74, win 342, options [nop,nop,TS val 2109639026 ecr 2109639026], length 0 E..4C.@[email protected].(..... }..r}..r 13:51:34.671151 IP localhost.localdomain.3310 > localhost.localdomain.60081: Flags [P.], seq 1:98, ack 74, win 342, options [nop,nop,TS val 2109639027 ecr 2109639026], length 97 E...C.@[email protected]....... }..s}..r/var/lib/amavis/tmp/amavis-20160216T131521-08377-MZJAqZlB/parts/p004: VirusDB: FOUND 13:51:34.671176 IP localhost.localdomain.60081 > localhost.localdomain.3310: Flags [.], ack 98, win 342, options [nop,nop,TS val 2109639027 ecr 2109639027], length 0 E..4.s@[email protected].#...V.(..... }..s}..s 13:51:34.671608 IP localhost.localdomain.3310 > localhost.localdomain.60081: Flags [P.], seq 98:195, ack 74, win 342, options [nop,nop,TS val 2109639027 ecr 2109639027], length 97 E...C.@[email protected].#..qL...V....... }..s}..s/var/lib/amavis/tmp/amavis-20160216T131521-08377-MZJAqZlB/parts/p002: VirusDB: FOUND 13:51:34.671624 IP localhost.localdomain.60081 > localhost.localdomain.3310: Flags [.], ack 195, win 342, options [nop,nop,TS val 2109639027 ecr 2109639027], length 0 E..4.t@[email protected].(..... }..s}..s 13:51:34.671743 IP localhost.localdomain.3310 > localhost.localdomain.60081: Flags [F.], seq 195, ack 74, win 342, options [nop,nop,TS val 2109639027 ecr 2109639027], length 0 E..4C.@[email protected].(..... }..s}..s 13:51:34.671917 IP localhost.localdomain.60081 > localhost.localdomain.3310: Flags [F.], seq 74, ack 196, win 342, options [nop,nop,TS val 2109639027 ecr 2109639027], length 0 E..4.u@[email protected].(..... }..s}..s 13:51:34.671938 IP localhost.localdomain.3310 > localhost.localdomain.60081: Flags [.], ack 75, win 342, options [nop,nop,TS val 2109639027 ecr 2109639027], length 0 E..4C.@[email protected].(..... }..s}..s -- [*] sys4 AG https://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein
