I am running clamav version 0.100.1 on a FreeBSD 11.2 / amd64 machine. I also have the clamav-milter installed. My problem is that even though I am trying to whitelist some addresses, they get marked as Spam.
This is an example of one such address: ☀ Puritan's Pride <[email protected]> I entered this into the white list file: From:[email protected] I then restarted the milter. Unfortunately, the email is still marked as Spam. I thought that clamav-milter would simply ignore the file. X-Virus-Status: Infected (SecuriteInfo.com.Spam-4701.UNOFFICIAL) X-Virus-Scanned: clamav-milter 0.100.1 at scorpio.seibercom.net This is the output from "clamconf" Checking configuration files in /usr/local/etc Config file: clamd.conf ----------------------- BlockMax disabled PreludeEnable disabled PreludeAnalyzerName disabled LogFile = "/var/log/clamav/clamd.log" LogFileUnlock disabled LogFileMaxSize = "1048576" LogTime disabled LogClean disabled LogSyslog disabled LogFacility = "LOG_LOCAL6" LogVerbose disabled LogRotate = "yes" ExtendedDetectionInfo disabled PidFile = "/var/run/clamav/clamd.pid" TemporaryDirectory disabled DatabaseDirectory = "/var/db/clamav" OfficialDatabaseOnly disabled LocalSocket = "/var/run/clamav/clamd.sock" LocalSocketGroup disabled LocalSocketMode disabled FixStaleSocket = "yes" TCPSocket disabled TCPAddr disabled MaxConnectionQueueLength = "200" StreamMaxLength = "26214400" StreamMinPort = "1024" StreamMaxPort = "2048" MaxThreads = "10" ReadTimeout = "120" CommandReadTimeout = "5" SendBufTimeout = "500" MaxQueue = "100" IdleTimeout = "30" ExcludePath disabled MaxDirectoryRecursion = "15" FollowDirectorySymlinks disabled FollowFileSymlinks disabled CrossFilesystems = "yes" SelfCheck = "600" DisableCache disabled VirusEvent disabled ExitOnOOM disabled AllowAllMatchScan = "yes" Foreground disabled Debug disabled LeaveTemporaryFiles disabled User = "clamav" Bytecode = "yes" BytecodeSecurity = "TrustSigned" BytecodeTimeout = "5000" BytecodeUnsigned disabled BytecodeMode = "Auto" DetectPUA disabled ExcludePUA disabled IncludePUA disabled AlgorithmicDetection = "yes" ScanPE = "yes" ScanELF = "yes" DetectBrokenExecutables disabled ScanMail = "yes" ScanPartialMessages disabled PhishingSignatures = "yes" PhishingScanURLs = "yes" PhishingAlwaysBlockCloak disabled PhishingAlwaysBlockSSLMismatch disabled PartitionIntersection disabled HeuristicScanPrecedence disabled StructuredDataDetection disabled StructuredMinCreditCardCount = "3" StructuredMinSSNCount = "3" StructuredSSNFormatNormal = "yes" StructuredSSNFormatStripped disabled ScanHTML = "yes" ScanOLE2 = "yes" OLE2BlockMacros disabled ScanPDF = "yes" ScanSWF = "yes" ScanXMLDOCS = "yes" ScanHWP3 = "yes" ScanArchive = "yes" ArchiveBlockEncrypted disabled ForceToDisk disabled MaxScanSize = "104857600" MaxFileSize = "26214400" MaxRecursion = "16" MaxFiles = "10000" MaxEmbeddedPE = "10485760" MaxHTMLNormalize = "10485760" MaxHTMLNoTags = "2097152" MaxScriptNormalize = "5242880" MaxZipTypeRcg = "1048576" MaxPartitions = "50" MaxIconsPE = "100" MaxRecHWP3 = "16" PCREMatchLimit = "100000" PCRERecMatchLimit = "5000" PCREMaxFileSize = "26214400" ScanOnAccess disabled OnAccessMountPath disabled OnAccessIncludePath disabled OnAccessExcludePath disabled OnAccessExcludeRootUID disabled OnAccessExcludeUID disabled OnAccessMaxFileSize = "5242880" OnAccessDisableDDD disabled OnAccessPrevention disabled OnAccessExtraScanning disabled DevACOnly disabled DevACDepth disabled DevPerformance disabled DevLiblog disabled DisableCertCheck disabled Config file: freshclam.conf --------------------------- LogFileMaxSize = "2097152" LogTime disabled LogSyslog disabled LogFacility = "LOG_LOCAL6" LogVerbose disabled LogRotate = "yes" PidFile = "/var/run/clamav/freshclam.pid" DatabaseDirectory = "/var/db/clamav" Foreground disabled Debug disabled UpdateLogFile = "/var/log/clamav/freshclam.log" DatabaseOwner = "clamav" Checks = "24" DNSDatabaseInfo = "current.cvd.clamav.net" DatabaseMirror = "db.US.clamav.net", "database.clamav.net" PrivateMirror disabled MaxAttempts = "3" ScriptedUpdates = "yes" TestDatabases = "yes" CompressLocalDatabase disabled ExtraDatabase disabled DatabaseCustomURL disabled HTTPProxyServer disabled HTTPProxyPort disabled HTTPProxyUsername disabled HTTPProxyPassword disabled HTTPUserAgent disabled NotifyClamd = "/usr/local/etc/clamd.conf" OnUpdateExecute disabled OnErrorExecute disabled OnOutdatedExecute disabled LocalIPAddress disabled ConnectTimeout = "30" ReceiveTimeout = "30" SafeBrowsing = "yes" Bytecode = "yes" Config file: clamav-milter.conf ------------------------------- LogFile = "/var/log/clamav/clamav-milter.log" LogFileUnlock disabled LogFileMaxSize = "2097152" LogTime = "yes" LogSyslog disabled LogFacility = "LOG_LOCAL6" LogVerbose disabled LogRotate = "yes" PidFile = "/var/run/clamav/clamav-milter.pid" TemporaryDirectory disabled FixStaleSocket = "yes" MaxThreads = "10" ReadTimeout = "120" Foreground disabled User = "clamav" MaxFileSize = "26214400" ClamdSocket = "unix:/var/run/clamav/clamd.sock" MilterSocket = "/var/run/clamav/clmilter.sock" MilterSocketGroup disabled MilterSocketMode disabled LocalNet = "192.168.0.101/32", "192.168.0.192/32" OnClean = "Accept" OnInfected = "Accept" OnFail = "Defer" RejectMsg disabled AddHeader = "Add" ReportHostname disabled VirusAction disabled Chroot disabled Whitelist = "/usr/local/etc/whitelisted_addresses.txt" SkipAuthenticated = "file:/usr/local/etc/clamav_exclusions.txt" LogInfected = "basic" LogClean disabled SupportMultipleRecipients = "yes" Software settings ----------------- Version: 0.100.1 Optional features supported: MEMPOOL IPv6 BIGSTACK AUTOIT_EA06 BZIP2 LIBXML2 PCRE JSON RAR Database information -------------------- Database directory: /var/db/clamav [3rd Party] EK_Zeus.yar: 28 sigs [3rd Party] foxhole_mail.cdb: 23 sigs [3rd Party] securiteinfopdf.hdb: 3367 sigs [3rd Party] foxhole_generic.cdb: 211 sigs [3rd Party] EK_Crimepack.yar: 49 sigs [3rd Party] CVE-2010-1297.yar: 15 sigs [3rd Party] spearl.ndb: 150 sigs [3rd Party] foxhole_all.cdb: 145 sigs [3rd Party] spamimg.hdb: 184 sigs daily.cld: version 24983, sigs: 2100133, built on Tue Sep 25 22:39:15 2018 [3rd Party] spear.ndb: 15009 sigs [3rd Party] spamattach.hdb: 14 sigs [3rd Party] winnow.attachments.hdb: 182 sigs [3rd Party] Maldoc_Hidden_PE_file.yar: 23 sigs [3rd Party] malware.expert.hdb: 388 sigs [3rd Party] winnow.complex.patterns.ldb: 3 sigs [3rd Party] porcupine.ndb: 4012 sigs [3rd Party] winnow_phish_complete.ndb: 9320 sigs [3rd Party] phishtank.ndb: 27161 sigs [3rd Party] scam.ndb: 12501 sigs [3rd Party] EK_ZeroAcces.yar: 211 sigs [3rd Party] foxhole_js.ndb: 4 sigs [3rd Party] securiteinfohtml.hdb: 54089 sigs [3rd Party] MiscreantPunch099-INFO-Low.ldb: 21 sigs [3rd Party] jurlbl.ndb: 17854 sigs [3rd Party] lott.ndb: 2335 sigs [3rd Party] rfxn.hdb: 12674 sigs [3rd Party] EK_Fragus.yar: 210 sigs main.cvd: version 58, sigs: 4566249, built on Wed Jun 7 17:38:10 2017 [3rd Party] winnow_spam_complete.ndb: 931 sigs [3rd Party] phish.ndb: 27425 sigs [3rd Party] winnow_malware_links.ndb: 4623 sigs [3rd Party] CVE-2013-0074.yar: 17 sigs [3rd Party] sanesecurity.ftm: 170 sigs [3rd Party] securiteinfoold.hdb: 2213713 sigs [3rd Party] jurlbla.ndb: 1682 sigs [3rd Party] CVE-2010-0887.yar: 21 sigs [3rd Party] foxhole_filename.cdb: 1971 sigs [3rd Party] EK_Blackhole.yar: 453 sigs [3rd Party] EK_Phoenix.yar: 483 sigs [3rd Party] spam_marketing.ndb: 23032 sigs [3rd Party] securiteinfoandroid.hdb: 99086 sigs [3rd Party] bofhland_malware_attach.hdb: 1835 sigs [3rd Party] Sanesecurity_spam.yara: 46 sigs [3rd Party] winnow_extended_malware_links.ndb: 1 sig bytecode.cvd: version 327, sigs: 91, built on Wed Aug 8 20:43:48 2018 [3rd Party] winnow_malware.hdb: 293 sigs [3rd Party] CVE-2015-5119.yar: 22 sigs [3rd Party] malwarepatrol.ndb: 0 sig [3rd Party] EK_BleedingLife.yar: 112 sigs [3rd Party] foxhole_js.cdb: 48 sigs [3rd Party] malware.expert.ndb: 855 sigs [3rd Party] winnow_extended_malware.hdb: 245 sigs [3rd Party] spam.ldb: 2 sigs [3rd Party] porcupine.hsb: 873 sigs [3rd Party] maldoc_somerules.yar: 283 sigs [3rd Party] securiteinfo.hdb: 1377783 sigs [3rd Party] rfxn.ndb: 2034 sigs [3rd Party] foxhole_all.ndb: 101 sigs [3rd Party] EK_Eleonore.yar: 165 sigs [3rd Party] scamnailer.ndb: 50995 sigs [3rd Party] shelter.ldb: 15 sigs [3rd Party] blurl.ndb: 108974 sigs [3rd Party] CVE-2013-0422.yar: 21 sigs [3rd Party] javascript.ndb: 44092 sigs [3rd Party] securiteinfoascii.hdb: 98180 sigs [3rd Party] rogue.hdb: 6761 sigs [3rd Party] malwarehash.hsb: 771 sigs [3rd Party] malware.expert.ldb: 142 sigs [3rd Party] MiscreantPunch099-Low.ldb: 1208 sigs [3rd Party] EK_Angler.yar: 283 sigs [3rd Party] Javascript_exploit_and_obfuscation.yar: 59 sigs safebrowsing.cld: version 47916, sigs: 2840247, built on Wed Sep 26 00:56:14 2018 [3rd Party] bofhland_cracked_URL.ndb: 24 sigs [3rd Party] Sanesecurity_sigtest.yara: 54 sigs [3rd Party] badmacro.ndb: 501 sigs [3rd Party] bofhland_phishing_URL.ndb: 186 sigs [3rd Party] winnow_bad_cw.hdb: 1 sig [3rd Party] bofhland_malware_URL.ndb: 60 sigs [3rd Party] CVE-2010-0805.yar: 14 sigs [3rd Party] hackingteam.hsb: 435 sigs [3rd Party] EK_Sakura.yar: 62 sigs [3rd Party] crypto.yar: 1 sig [3rd Party] malware.expert.fp: 42 sigs [3rd Party] EK_Zerox88.yar: 55 sigs Total number of signatures: 13738144 Platform information -------------------- uname: FreeBSD 11.2-RELEASE-p3 FreeBSD 11.2-RELEASE-p3 #0: Thu Sep 6 07:14:16 UTC 2018 roo amd64 OS: freebsd11.2, ARCH: amd64, CPU: amd64 zlib version: 1.2.11 (1.2.11), compile flags: a9 platform id: 0x03235c5c0800000000040201 Build information ----------------- Clang: 4.2.1 Compatible FreeBSD Clang 6.0.0 (tags/RELEASE_600/final 326565) (4.2.1) CPPFLAGS: -I/usr/local/include CFLAGS: -O2 -pipe -march=core2 -fstack-protector -fno-strict-aliasing -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 CXXFLAGS: -O2 -pipe -march=core2 -fstack-protector -fno-strict-aliasing LDFLAGS: -lthr -L/usr/local/lib -Wl,-rpath,/usr/local/lib -fstack-protector Configure: '--libdir=/usr/local/lib' '--with-dbdir=/var/db/clamav' '--with-zlib=/usr' '--disable-clamuko' '--disable-clamav' '--enable-bigstack' '--enable-readdir_r' '--enable-gethostbyname_r' '--disable-dependency-tracking' '--disable-zlib-vcheck' '--enable-clamdtop' '--enable-xml' '--disable-experimental' '--without-iconv' '--enable-ipv6' '--with-libjson' '--enable-milter' '--with-pcre' '--disable-check' '--enable-unrar' '--with-sendmail=/usr/sbin/sendmail' '--prefix=/usr/local' '--localstatedir=/var' '--mandir=/usr/local/man' '--disable-silent-rules' '--infodir=/usr/local/info/' '--build=amd64-portbld-freebsd11.2' 'build_alias=amd64-portbld-freebsd11.2' 'CC=cc' 'CFLAGS=-O2 -pipe -march=core2 -fstack-protector -fno-strict-aliasing ' 'LDFLAGS= -lthr -L/usr/local/lib -Wl,-rpath,/usr/local/lib -fstack-protector ' 'LIBS=' 'CPPFLAGS=-I/usr/local/include' 'CPP=cpp' sizeof(void*) = 8 Engine flevel: 92, dconf: 92 If some one could tell me what I am doing incorrectly, I would appreciate it. -- Jerry _______________________________________________ clamav-users mailing list [email protected] http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
