Re: [Clamav-users] Easiest way to set up a whitelist?
On Tue, 2006-02-07 at 20:28, IT Purchases wrote: Hello, I'm constructing a SPAM / AV mechanism to reduce the incoming debris. I'm using Postfix with amavisd-new, Clam-AV and SpamAssassin. What is the easiest way to setup a whitelist for Clam-AV? Why would you ever want to whitelist viruses? ___ http://lurker.clamav.net/list/clamav-users.html
RE: [Clamav-users] Report infected mail to the user
On Thu, 2006-01-05 at 16:08, Shayne Lebrun wrote: You have no idea where the report is going. You certainly have no reason to believe it is going to the sender. You should disable this feature. Sounds like he wants to inform the recipient, not the sender. Hi, you got a mail from so and so, but it had a virus, so I deleted it. If you're actually expecting mail from so-and-so, please give them a call and let them know that they might have a virus. Otherwise, go about your day. Still probably bad form, as you'd be spamming the living daylights out of the poor recipient. I use amavisd-new/clamav as the virus scanner and it is configured to send a message back to the sender only if the virus is known to be a type that does not forge the sender information. ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Virus Tests from www.testvirus.org
On Thu, 2004-11-25 at 13:00, Gareth Blades wrote: I am running Suse Openexchange - Amavis (clamd) - Postfix. Mine lets through 24, 25, 27. Number 8 was blocked by file type but not detected by a virus. For 24 25 as they are not a virus I need to look at the amavis configuration I guess. But why is 27 getting through? I got the following announcement from Suse. After installing the upgrade test 27 is now blocked. Release: 20041109 Obsoletes: none Indications Everyone using amavis for virus scanning should update. Problem description Mail virus scanners like amavis use perl-Archive-Zip to scan ZIP archives. A bug in the handling of files with manipulated size entires has been fixed that could leave malicious code in such files undetected. ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Virus Tests from www.testvirus.org
On Thu, 2004-11-25 at 12:35, Meni Shapiro wrote: Philip Ershler wrote: I am running the .80 release. Tonight I ran the current set of tests from www.testvirus.org. Tests 4,5,7,8,17, and 19 got through. Any idea what's going on. The last I'm running v 0.80 and made the test which let through: 5,8,22,23,25 did i miss any thing? my server is: rh-sendmail-mimedefang-clamd I am running Suse Openexchange - Amavis (clamd) - Postfix. Mine lets through 24, 25, 27. Number 8 was blocked by file type but not detected by a virus. For 24 25 as they are not a virus I need to look at the amavis configuration I guess. But why is 27 getting through? ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
[Clamav-users] configuring clamav with amavisd
I am running Suse Openexchange 4.1. I have installed amavisd-postfix-20020531-31 and by default it is configured to use 'H+BEDV AntiVir' for virus checking. I have installed clamav-0.73 from source and compiled and installed it and it is working. I have started clamd and edited /etc/amavisd.conf and made the following changes :- # H+BEDV AntiVir #$antivir = /usr/bin/antivir;commented out # ClamAV added these 3 lines $clamscan = /usr/local/bin/clamscan; $clamd = /usr/local/sbin/clamd; I started amavisd and went into the openexchange web interface and enabled virus scanning. However the virus scan is failing with the following errors:- Jun 29 12:01:39 oetest postfix/qmgr[22406]: 3381D16127: from=[EMAIL PROTECTED], size=580, nrcpt=1 (queue active) Jun 29 12:01:39 oetest amavis[26808]: All virus scanners failed - mail requeued (message-id=[EMAIL PROTECTED]) Jun 29 12:01:39 oetest amavis[26808]: do_exit: - ending execution with 75 Jun 29 12:01:39 oetest postfix/pipe[26806]: 3381D16127: to=[EMAIL PROTECTED], relay=vscan, delay=1494, status=deferred (temporary failure) Any ideas? --- This SF.Net email sponsored by Black Hat Briefings Training. Attend Black Hat Briefings Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Re: configuring clamav with amavisd
On Tue, 2004-06-29 at 13:54, Graham Dodd wrote: Hello Gareth, Tuesday, June 29, 2004, 1:52:57 PM, you wrote: GB I am running Suse Openexchange 4.1. I have installed GB amavisd-postfix-20020531-31 and by default it is configured to use GB 'H+BEDV AntiVir' for virus checking. Just a question (or 2) on OpenExchange as I looked at this before going to Exim Is it easy to maintain and how well does it interface with Outlook It is very good and combines postfix, spamassasin and cyrus. You can do virtually everything from the web interface but it does have a few quirks. You can't simply redirect an email for one address to an outside address unless you edit the system aliases file. You can create shared folders but can only edit permissions on the top filder and not sub folders from the web interface. You have to run cyradm manually to do this. There is a plugin so Outlook 2002/2003 can use it like exchange and store contacts and tasks on the server etc... but I haven't tested this yet. GB I have installed clamav-0.73 from source and compiled and installed it GB and it is working. I have started clamd and edited /etc/amavisd.conf and GB made the following changes :- GB # H+BEDV AntiVir GB #$antivir = /usr/bin/antivir;commented out GB # ClamAV added these 3 GB lines GB $clamscan = /usr/local/bin/clamscan; GB $clamd = /usr/local/sbin/clamd; You don't need clamd (the ClamAv daemon) as clamscan is the commandline scanner just like antivir I would guess that OpenExchange is trying to use clamd It would help if I knew what amavisd-postfix actually was. There seems to be amavisd, amavisd-new and amavis-ng but I don't know what amavisd-postfix is basically the same as with respect to configuration files. The config file looked to be similar to amavisd-new so I tried adding the following to the conf by it did not help:- @av_scanners = ( ['Clam Antivirus-clamd', \ask_daemon, [CONTSCAN {}\n, '/tmp/clamd'], qr/\bOK$/, qr/\bFOUND$/, qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ], ); @av_scanners_backup = ( # http://www.clamav.net/ ['Clam Antivirus - clamscan', 'clamscan', '--stdout --disable-summary -r {}', [0], [1], qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ], ); I turned up the logging in amavis and get the following still :- Jun 29 14:07:54 oetest postfix/qmgr[9707]: 3381D16127: from=[EMAIL PROTECTED], size=580, nrcpt=1 (queue active) Jun 29 14:07:54 oetest amavis[7156]: enter accept loop Jun 29 14:07:54 oetest amavis[9740]: forked off -- child running... Jun 29 14:07:54 oetest amavis[9740]: /var/spool/vscan/amavis/amavis-XXrikBpT: from=[EMAIL PROTECTED], to=[EMAIL PROTECTED] Jun 29 14:07:54 oetest amavis[9740]: Extracting mime components Jun 29 14:07:54 oetest amavis[9740]: Level: 1, parts: 1 Jun 29 14:07:54 oetest amavis[9740]: Archive nesting depth: 0 Jun 29 14:07:54 oetest amavis[9740]: File-type of msg-9740-1.txt: ASCII text Jun 29 14:07:54 oetest amavis[9740]: msg-9740-1.txt is atomic Jun 29 14:07:54 oetest amavis[9740]: All virus scanners failed - mail requeued (message-id=[EMAIL PROTECTED]) Jun 29 14:07:54 oetest amavis[9740]: do_exit: - ending execution with 75 Jun 29 14:07:54 oetest amavis[9740]: socket shut down Jun 29 14:07:54 oetest postfix/pipe[9712]: 3381D16127: to=[EMAIL PROTECTED], relay=vscan, delay=9069, status=deferred (temporary failure) --- This SF.Net email sponsored by Black Hat Briefings Training. Attend Black Hat Briefings Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] configuring clamav with amavisd
On Tue, 2004-06-29 at 14:32, Gareth Blades wrote: On Tue, 2004-06-29 at 13:47, Lionel Bouton wrote: Gareth Blades wrote the following on 06/29/2004 01:52 PM : I am running Suse Openexchange 4.1. I have installed amavisd-postfix-20020531-31 and by default it is configured to use 'H+BEDV AntiVir' for virus checking. I have installed clamav-0.73 from source and compiled and installed it and it is working. I have started clamd and edited /etc/amavisd.conf and made the following changes :- # H+BEDV AntiVir #$antivir = /usr/bin/antivir;commented out # ClamAV added these 3 lines $clamscan = /usr/local/bin/clamscan; $clamd = /usr/local/sbin/clamd; I don't know amavisd but how is it supposed to use the $clamscan and $clamd vars ? If you added the 2 vars yourself I don't think it will ever use them. In this case, you should search for an Amavisd+clamav howto. I thought of that and tried adding some extra lines from a amavisd-new configuration I found. I posted these in the other reply I sent a few minutes ago. amavisd-postfix is written in perl and contains :- # Av scanners and related vars use vars qw ( $antivir $avp $avpdc $AVPDIR $csav $drweb $fprot $fprotd $fsav $inocucmd $mks $nod32 $nod32cli $norman $oav $panda $rav $sophos $sophos_ide_path $cscmdline $scs_host $scs_port $uvscan $vbengcl $vexira $vfind $vscan $sophie_sockname $trophie_sockname $requeue_on_scanner_errors ); It looks to me as though it only supports these specific virus scanners. --- This SF.Net email sponsored by Black Hat Briefings Training. Attend Black Hat Briefings Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users