On 11/27/2011 09:02 PM, sean darcy wrote:
> On 11/27/2011 07:56 PM, sean darcy wrote:
>> On 11/27/2011 06:00 PM, Tom Hendrikx wrote:
>>> On 27-11-11 20:58, sean darcy wrote:
>>>> I'm trying to set up postfix>    dspam&    clamav>    dovecot.
>>>>
>>>> Mail gets through. postfix call dspam, and the mail ends up at dovecot.
>>>>
>>>> The dspam and clamav logs show they're up, but nothing else.
>>>>
>>>> I've sent a test virus from http://www.eicar.org/86-0-Intended-use.html.
>>>> I would have expected it to be marked as spam, but it wasn't.
>>>>
>>>> Here's  how I've configured dspam for clamav:
>>>>
>>>> grep Clam dspam.conf
>>>> Preference "optOutClamAV=off"              # { on | off } ->    default:off
>>>> AllowOverride optOutClamAV
>>>
>>> According to these settings, ClamAV checking is disabled for all users
>>> by default. Are you sure you enabled it for the test user?
>>>
>>> Dspam does not log anything, but it the message has X-DSPAM headers, it
>>> was processed. Depending on above cofig, it was or wasn't sent to ClamAV
>>> for inspections. ClamAV should log something when it was consulted.
>>>
>>> --
>>> Tom
>>>
>>
>> Thanks for your response.
>>
>> optOutClamAV { on | off }
>>        Opts out of ClamAV virus scanning
>> I think this is a negative - that is, "on" means NOT to use clamav. But
>> I did try "off" : no joy.
>>
>>
>> FWIW, clamav is enabled:
>>
>> dspam --version | grep clam
>> Configuration parameters:  '--host=i686-pc-linux-gnu'
>> '--build=i686-pc-linux-gnu' '--program-prefix=' '--prefix=/usr'
>> '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin'
>> '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib'
>> '--libexecdir=/usr/libexec' '--localstatedir=/var'
>> '--sharedstatedir=/var/lib' '--mandir=/usr/share/man'
>> '--infodir=/usr/share/info' '--enable-long-usernames' '--enable-syslog'
>> '--enable-large-scale' '--disable-domain-scale' '--disable-homedir'
>> '--enable-virtual-users' '--enable-preferences-extension'
>> '--enable-daemon' '--enable-external-lookup'
>> '--with-storage-driver=hash_drv,sqlite3_drv'
>> '--with-dspam-home=/var/lib/dspam' '--with-dspam-owner=dspam'
>> '--with-dspam-group=mail' '--with-dspam-home-group=mail'
>> '--with-dspam-mode=2511' '--with-logdir=/var/log/dspam'
>> '--sysconfdir=/etc' '--enable-clamav' 'build_alias=i686-pc-linux-gnu'
>> 'host_alias=i686-pc-linux-gnu' 'CFLAGS=-O2 -g -march=i386 -mtune=i686'
>>
>> Also, if I use clamscan, it picks up the virus in the email in the inbox.
>>
>> As far as I can see, dspam just isn't sending the email to clamav. I've
>> set the clamav logging to verbose. Nothing shows up.
>>
>> Here are the dspam headers:
>> Content-Type: multipart/alternative; boundary=14dae9340dc129b8d504b2c0b9d3
>> X-DSPAM-Result: Whitelisted
>> X-DSPAM-Processed: Sun Nov 27 19:38:38 2011
>> X-DSPAM-Confidence: 0.9899
>> X-DSPAM-Probability: 0.0000
>> X-DSPAM-Signature: 4ed2d80e31948649266362
>>
>> --14dae9340dc129b8d504b2c0b9d3
>> Content-Type: text/plain; charset=ISO-8859-1
>>
>> X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
>>
>> Is dspam not sending the email to clamav because it's "Whitelisted"?
>>
>> sean
>>
>
> Oops. I meant I did try "optOutClamAV  on" , without success.
>
> sean
>
Well, it's not whitelisting. Turned off whitelisting. Didn't make a 
difference.

sean


------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure 
contains a definitive record of customers, application performance, 
security threats, fraudulent activity, and more. Splunk takes this 
data and makes sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-novd2d
_______________________________________________
Dspam-user mailing list
Dspam-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspam-user

Reply via email to