Hi Andreas:
Thanks. However we did some testing yesterday and found that a 1.2MB
email with a PDF attachment was not getting scanned for viruses or spam
whereas a 219KB email with a doc attachment was. I'm thinking there must
be some other setting controlling what simscan scans or doesn't.
Jeff
On 9/17/2020 5:41 AM, Andreas Galatis wrote:
Hi Jeff,
the setting is in clamd.conf
# Files larger than this limit won't be scanned. Affects the input
file itself
# as well as files contained inside it (when the input file is an
archive, a
# document or some other kind of container).
# Value of 0 disables the limit.
# Note: disabling this limit or setting it too high may result in
severe damage
# to the system.
# Default: 25M
#MaxFileSize 30M
Andreas
Am 16.09.20 um 23:24 schrieb Jeff Koch:
Hi Eric:
One thing I've noticed is that there's a message size limit on what
simscan/spamd/clamd will check. Messages over several megabytes are
skipped. Is there a config file somewhere controlling that?
Jeff
On 9/16/2020 2:07 PM, Eric Broch wrote:
Hi Jeff,
I'm not sure why ClamAV would miss a virus. Maybe they'd have a
better ideal on the ClamAV mailing list.
I've never really depended on ClamAV or Spamassassin, though I'd
like to, but when killing spam was absolutely necessary I used a
third party spam gateway.
Eric
On 9/16/2020 9:43 AM, Jeff Koch wrote:
We think we're having a problem with one of our mailservers whereby
user's PC's are getting hit with viruses. All mailservers have had
ClamAV recently updated to version 0.102.4. The logs at
/var/log/qmail/smtp and /var/log/qmail/submission show that ClamAV
is indeed analyzing emails and attachments so we're trying to
figure out how these viruses are getting through. We do see that
most 'Virus Drops' are due to spoofed domains. Very, very few are
noted as Trojans or actual viruses.
Can anyone share the results of:
grep simscan /var/log/qmail/smtp/current|tai64nlocal |less
showing that clamav is finding actual viruses?
Any thoughts or suggestions would be appreciated.
Jeff