I've noticed that amavisd on my MX no longer blocks stuff flagged by
clamav.
The only difference in the logs for a message which clamav's log shows
as having FOUND something and one which is CLEAN is that in the latter
case amavis logs 'Hits: -' and in the FOUND case it logs 'Hits: 0.1'.
The logs show that it is sending everthing to clamav, just PASSing mail
which should be DISCARDed and quarantined.
I can't find any reason why.
My /etc/amavis/conf.d/50-user just sets:
@local_domains_acl to a list of my local domains,
$forward_method and $notify_method to the delivery smtpd,
$myhostname to the correct fqdn, and:
@bypass_virus_checks_maps = (); # to check everthing
$final_virus_destiny = D_DISCARD;
$final_banned_destiny = D_DISCARD;
The quarantine had a couple of recent badh- files, but no virus-
or banned- files for the last several months.
An example of the logging:
>From mail.log:
Dec 29 18:33:03 mx amavis[8696]: (08696-11) Passed CLEAN, [74.238.54.136]
<[EMAIL PROTECTED]> -> <[EMAIL PROTECTED]>,
Message-ID: <[EMAIL PROTECTED]>,
mail_id: Ainpxge0xIwH, Hits: 0.1, size: 3648, queued_as: 585E494093, 771 ms
and the corresponding entry from clamav.log:
Sat Dec 29 18:33:03 2007 ->
/var/lib/amavis/tmp/amavis-20071229T183012-08696/parts/p001:
HTML.Phishing.Pay-172 FOUND
-JimC
--
James Cloos <[EMAIL PROTECTED]> OpenPGP: 1024D/ED7DAEA6
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
