On 11/27/2011 09:02 PM, sean darcy wrote: > On 11/27/2011 07:56 PM, sean darcy wrote: >> On 11/27/2011 06:00 PM, Tom Hendrikx wrote: >>> On 27-11-11 20:58, sean darcy wrote: >>>> I'm trying to set up postfix> dspam& clamav> dovecot. >>>> >>>> Mail gets through. postfix call dspam, and the mail ends up at dovecot. >>>> >>>> The dspam and clamav logs show they're up, but nothing else. >>>> >>>> I've sent a test virus from http://www.eicar.org/86-0-Intended-use.html. >>>> I would have expected it to be marked as spam, but it wasn't. >>>> >>>> Here's how I've configured dspam for clamav: >>>> >>>> grep Clam dspam.conf >>>> Preference "optOutClamAV=off" # { on | off } -> default:off >>>> AllowOverride optOutClamAV >>> >>> According to these settings, ClamAV checking is disabled for all users >>> by default. Are you sure you enabled it for the test user? >>> >>> Dspam does not log anything, but it the message has X-DSPAM headers, it >>> was processed. Depending on above cofig, it was or wasn't sent to ClamAV >>> for inspections. ClamAV should log something when it was consulted. >>> >>> -- >>> Tom >>> >> >> Thanks for your response. >> >> optOutClamAV { on | off } >> Opts out of ClamAV virus scanning >> I think this is a negative - that is, "on" means NOT to use clamav. But >> I did try "off" : no joy. >> >> >> FWIW, clamav is enabled: >> >> dspam --version | grep clam >> Configuration parameters: '--host=i686-pc-linux-gnu' >> '--build=i686-pc-linux-gnu' '--program-prefix=' '--prefix=/usr' >> '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' >> '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib' >> '--libexecdir=/usr/libexec' '--localstatedir=/var' >> '--sharedstatedir=/var/lib' '--mandir=/usr/share/man' >> '--infodir=/usr/share/info' '--enable-long-usernames' '--enable-syslog' >> '--enable-large-scale' '--disable-domain-scale' '--disable-homedir' >> '--enable-virtual-users' '--enable-preferences-extension' >> '--enable-daemon' '--enable-external-lookup' >> '--with-storage-driver=hash_drv,sqlite3_drv' >> '--with-dspam-home=/var/lib/dspam' '--with-dspam-owner=dspam' >> '--with-dspam-group=mail' '--with-dspam-home-group=mail' >> '--with-dspam-mode=2511' '--with-logdir=/var/log/dspam' >> '--sysconfdir=/etc' '--enable-clamav' 'build_alias=i686-pc-linux-gnu' >> 'host_alias=i686-pc-linux-gnu' 'CFLAGS=-O2 -g -march=i386 -mtune=i686' >> >> Also, if I use clamscan, it picks up the virus in the email in the inbox. >> >> As far as I can see, dspam just isn't sending the email to clamav. I've >> set the clamav logging to verbose. Nothing shows up. >> >> Here are the dspam headers: >> Content-Type: multipart/alternative; boundary=14dae9340dc129b8d504b2c0b9d3 >> X-DSPAM-Result: Whitelisted >> X-DSPAM-Processed: Sun Nov 27 19:38:38 2011 >> X-DSPAM-Confidence: 0.9899 >> X-DSPAM-Probability: 0.0000 >> X-DSPAM-Signature: 4ed2d80e31948649266362 >> >> --14dae9340dc129b8d504b2c0b9d3 >> Content-Type: text/plain; charset=ISO-8859-1 >> >> X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H* >> >> Is dspam not sending the email to clamav because it's "Whitelisted"? >> >> sean >> > > Oops. I meant I did try "optOutClamAV on" , without success. > > sean > Well, it's not whitelisting. Turned off whitelisting. Didn't make a difference.
sean ------------------------------------------------------------------------------ All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-novd2d _______________________________________________ Dspam-user mailing list Dspam-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspam-user
