Hi there, On Sat, 14 Apr 2012, James B. Byrnewrote:
I have several MX servers running ClamAV in conjunction with MailScanner and Sendmail or Amavisd-new and Postfix. These machines forward logwatch reports to a central email address on a daily basis. The delivery hub also has clamd running. ... certain reports are being categorized as phishing messages by clamd and thus the report never arrives.
Could you disable the phishing checks on the hub?
I have looked at the MailScanner rules and removed the report delivery address from virus_scanning.
It sounds reasonable, although I'd have said that in principle it would be better to whitelist a sender address, one which you only use internally and so will probably never be forged. That way you can change where you send the reports without changing your mail server's other configuration. However I've never used MailScanner and I can't claim to know.
Is there a way to avoid this for either one delivery address or one senders address?
To do this you need to work on the mail server configuration, not on clamd's configuration.
I have no desire to change things on a system-wide basis. Is clamd actually scanning the same files twice
Well it does sound like you're scanning both on the mail exchangers and on the mail hub, which seems like a waste, but I don't think that's your question.
... once when passed by MailScanner and then again simply because the file is on disk?
No, clamd only scans what it's told to scan by other software. By itself it does absolutely nothing except consume resources, by loading a database and sitting around as a process waiting for connections. -- 73, Ged. _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
