On 11/27/2011 07:56 PM, sean darcy wrote: > On 11/27/2011 06:00 PM, Tom Hendrikx wrote: >> On 27-11-11 20:58, sean darcy wrote: >>> I'm trying to set up postfix> dspam& clamav> dovecot. >>> >>> Mail gets through. postfix call dspam, and the mail ends up at dovecot. >>> >>> The dspam and clamav logs show they're up, but nothing else. >>> >>> I've sent a test virus from http://www.eicar.org/86-0-Intended-use.html. >>> I would have expected it to be marked as spam, but it wasn't. >>> >>> Here's how I've configured dspam for clamav: >>> >>> grep Clam dspam.conf >>> Preference "optOutClamAV=off" # { on | off } -> default:off >>> AllowOverride optOutClamAV >> >> According to these settings, ClamAV checking is disabled for all users >> by default. Are you sure you enabled it for the test user? >> >> Dspam does not log anything, but it the message has X-DSPAM headers, it >> was processed. Depending on above cofig, it was or wasn't sent to ClamAV >> for inspections. ClamAV should log something when it was consulted. >> >> -- >> Tom >> > > Thanks for your response. > > optOutClamAV { on | off } > Opts out of ClamAV virus scanning > I think this is a negative - that is, "on" means NOT to use clamav. But > I did try "off" : no joy. > > > FWIW, clamav is enabled: > > dspam --version | grep clam > Configuration parameters: '--host=i686-pc-linux-gnu' > '--build=i686-pc-linux-gnu' '--program-prefix=' '--prefix=/usr' > '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' > '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib' > '--libexecdir=/usr/libexec' '--localstatedir=/var' > '--sharedstatedir=/var/lib' '--mandir=/usr/share/man' > '--infodir=/usr/share/info' '--enable-long-usernames' '--enable-syslog' > '--enable-large-scale' '--disable-domain-scale' '--disable-homedir' > '--enable-virtual-users' '--enable-preferences-extension' > '--enable-daemon' '--enable-external-lookup' > '--with-storage-driver=hash_drv,sqlite3_drv' > '--with-dspam-home=/var/lib/dspam' '--with-dspam-owner=dspam' > '--with-dspam-group=mail' '--with-dspam-home-group=mail' > '--with-dspam-mode=2511' '--with-logdir=/var/log/dspam' > '--sysconfdir=/etc' '--enable-clamav' 'build_alias=i686-pc-linux-gnu' > 'host_alias=i686-pc-linux-gnu' 'CFLAGS=-O2 -g -march=i386 -mtune=i686' > > Also, if I use clamscan, it picks up the virus in the email in the inbox. > > As far as I can see, dspam just isn't sending the email to clamav. I've > set the clamav logging to verbose. Nothing shows up. > > Here are the dspam headers: > Content-Type: multipart/alternative; boundary=14dae9340dc129b8d504b2c0b9d3 > X-DSPAM-Result: Whitelisted > X-DSPAM-Processed: Sun Nov 27 19:38:38 2011 > X-DSPAM-Confidence: 0.9899 > X-DSPAM-Probability: 0.0000 > X-DSPAM-Signature: 4ed2d80e31948649266362 > > --14dae9340dc129b8d504b2c0b9d3 > Content-Type: text/plain; charset=ISO-8859-1 > > X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H* > > Is dspam not sending the email to clamav because it's "Whitelisted"? > > sean >
Oops. I meant I did try "optOutClamAV on" , without success. sean ------------------------------------------------------------------------------ All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-novd2d _______________________________________________ Dspam-user mailing list Dspam-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspam-user
