[Dspam-user] test virus file not caught

Sun, 27 Nov 2011 12:04:11 -0800 

I'm trying to set up postfix > dspam & clamav > dovecot.

Mail gets through. postfix call dspam, and the mail ends up at dovecot.

The dspam and clamav logs show they're up, but nothing else.

I've sent a test virus from http://www.eicar.org/86-0-Intended-use.html. 
I would have expected it to be marked as spam, but it wasn't.

Here's how I've configured dspam for clamav:

grep Clam dspam.conf
Preference "optOutClamAV=off"           # { on | off } -> default:off
AllowOverride optOutClamAV
# --- ClamAV ---
# ClamAVResponse: reject (reject or drop the message with a permanent 
failure)
ClamAVPort              3310
ClamAVHost              127.0.0.1
ClamAVResponse          spam

Here's the full dspam.conf:
egrep -v '(^#|^$)' dspam.conf
Home /var/lib/dspam
StorageDriver /usr/lib/dspam/libhash_drv.so
DeliveryHost            127.0.0.1
DeliveryPort            24
DeliveryIdent           localhost
DeliveryProto           LMTP
OnFail error
Trust root
Trust dspam
Trust apache
Trust mail
Trust mailnull
Trust smmsp
Trust daemon
Trust postfix
Trust vmail
Debug *
TrainingMode teft
TestConditionalTraining on
Feature whitelist
Algorithm graham burton
Tokenizer osb
PValue bcr
WebStats on
Preference "trainingMode=TEFT"          # { TOE | TUM | TEFT | NOTRAIN } -> 
default:teft
Preference "spamAction=deliver"
Preference "spamSubject=[SPAM]"         # { string } -> default:[SPAM]
Preference "statisticalSedation=5"      # { 0 - 10 } -> default:0
Preference "enableBNR=on"               # { on | off } -> default:off
Preference "enableWhitelist=on"         # { on | off } -> default:on
Preference "signatureLocation=message"  # { message | headers } -> 
default:message
Preference "tagSpam=off"                # { on | off }
Preference "tagNonspam=off"             # { on | off }
Preference "showFactors=off"            # { on | off } -> default:off
Preference "optIn=off"                  # { on | off }
Preference "optOut=off"                 # { on | off }
Preference "whitelistThreshold=10"      # { Integer } -> default:10
Preference "makeCorpus=off"             # { on | off } -> default:off
Preference "storeFragments=off"         # { on | off } -> default:off
Preference "localStore="                # { on | off } -> default:username
Preference "processorBias=on"           # { on | off } -> default:on
Preference "fallbackDomain=off"         # { on | off } -> default:off
Preference "trainPristine=off"          # { on | off } -> default:off
Preference "optOutClamAV=off"           # { on | off } -> default:off
Preference "ignoreRBLLookups=off"       # { on | off } -> default:off
Preference "RBLInoculate=off"           # { on | off } -> default:off
Preference "notifications=off"          # { on | off } -> default:off
AllowOverride enableBNR
AllowOverride enableWhitelist
AllowOverride fallbackDomain
AllowOverride ignoreGroups
AllowOverride ignoreRBLLookups
AllowOverride localStore
AllowOverride makeCorpus
AllowOverride optIn
AllowOverride optOut
AllowOverride optOutClamAV
AllowOverride processorBias
AllowOverride RBLInoculate
AllowOverride showFactors
AllowOverride signatureLocation
AllowOverride spamAction
AllowOverride spamSubject
AllowOverride statisticalSedation
AllowOverride storeFragments
AllowOverride tagNonspam
AllowOverride tagSpam
AllowOverride trainPristine
AllowOverride trainingMode
AllowOverride whitelistThreshold
AllowOverride dailyQuarantineSummary
AllowOverride notifications
HashRecMax              98317
HashAutoExtend          on
HashMaxExtents          0
HashExtentSize          49157
HashPctIncrease         10
HashMaxSeek             10
HashConnectionCache     10
                                                        # 'strict' enforces 
both verify and map
                                                        # There are plans to 
support both MySQL and Postgres.
                                                        # an executable lookup 
program and its arguments.
                                                        # and ExtLookupMode 
'map' or 'strict'
Notifications   off
PurgeSignatures 14      # Stale signatures
PurgeNeutral    90      # Tokens with neutralish probabilities
PurgeUnused     90      # Unused tokens
PurgeHapaxes    30      # Tokens with less than 5 hits (hapaxes)
PurgeHits1S     15      # Tokens with only 1 spam hit
PurgeHits1I     15      # Tokens with only 1 innocent hit
LocalMX 127.0.0.1
SystemLog       on
UserLog         on
Opt out
ParseToHeaders on
ChangeModeOnParse off
ChangeUserOnParse full
ClamAVPort              3310
ClamAVHost              127.0.0.1
ClamAVResponse          spam
ServerHost              127.0.0.1
ServerPort              2424
ServerMode              auto
ServerPass.client       "password"
ClientHost              127.0.0.1
ClientPort              2424
   #
   # matches ServerPass.client     "password"
   #
ClientIdent             "password@client"
ServerParameters        "--deliver=innocent -d %u"
ServerIdent             "mail.mailserver"
ProcessorURLContext on
ProcessorBias on
StripRcptDomain off


and clamav configured :

TCPSocket 3310
TCPAddr 127.0.0.1

netstat -an | grep 3310
tcp        0      0 127.0.0.1:3310              0.0.0.0:* 
     LISTEN

Any help appreciated.

sean


------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure 
contains a definitive record of customers, application performance, 
security threats, fraudulent activity, and more. Splunk takes this 
data and makes sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-novd2d
_______________________________________________
Dspam-user mailing list
Dspam-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspam-user

Reply via email to