Re: Amavis header and Spamassassin

[Phil Daws via amavis-users]

Hmm, my understanding was that if its it the map then its passed through via an 
invisible header of X-Amavis-AV-Status to SpamAssasssin for scoring. Thanks.
----- Original Message -----
From: "Steve Scotter via amavis-users" <amavis-users@amavis.org>
To: amavis-users@amavis.org
Sent: Wednesday, 15 January, 2014 10:14:11 PM
Subject: Re: Amavis header and Spamassassin



Hi,

I may be wrong but I think you need to remove or comment out the...

 [ qr'Sanesecurity'    => 0 ],

The end result should look like...

@virus_name_to_spam_score_maps =
  (new_RE( [ qr'MSRBL'           => 0 ],
           [ qr'SecuriteInfo'    => 0 ],
           [ qr'MBL'             => 0 ],
           [ qr'winnow'          => 0 ],
           [ qr'INetMsg'         => 0 ],
           [ qr'Safebrowsing'    => 0 ],
           [ qr'ScamNailer'      => 0 ],
           [ qr'Email'           => 0 ],
           [ qr'HTML'            => 0 ],
           [ qr'JS.Redirect-2'   => 0 ],
  ));

--
http://www.ijs.si/software/amavisd/release-notes.txt states...

- make it possible for a virus scanner to derate an infection report
  to a spam report, contributing to spam score and to spam report/status.
  A new configuration variable @virus_name_to_spam_score_maps
  (also member of policy banks) can turn a reported virus name
  into a spam score. Its default setting is:

Steve

-------- Original Message --------
Subject: Amavis header and Spamassassin (15-Jan-2014 17:25)
From:    Phil Daws via amavis-users <amavis-users@amavis.org>
To:      amavis-us...@spectrumcs.net

Hello all,

have just noticed an issue where emails are not being scored correctly when 
ClamAV is being used in conjunction with Amavisd-new and Spamassassin.  In my 
amavisd.conf I have set:

@keep_decoded_original_maps = (new_RE(
  qr'^MAIL$',                # let virus scanner see full original message
  qr'^MAIL-UNDECIPHERABLE$', # same as ^MAIL$ if mail is undecipherable
  qr'^(ASCII(?! cpio)|text|uuencoded|xxencoded|binhex)'i,
  qr'^Zip archive data',     # don't trust Archive::Zip
));

@virus_name_to_spam_score_maps =
  (new_RE( [ qr'Sanesecurity'    => 0 ],
           [ qr'MSRBL'           => 0 ],
           [ qr'SecuriteInfo'    => 0 ],
           [ qr'MBL'             => 0 ],
           [ qr'winnow'          => 0 ],
           [ qr'INetMsg'         => 0 ],
           [ qr'Safebrowsing'    => 0 ],
           [ qr'ScamNailer'      => 0 ],
           [ qr'Email'           => 0 ],
           [ qr'HTML'            => 0 ],
           [ qr'JS.Redirect-2'   => 0 ],
  ));

and within a local_site.cf under /etc/mail/spamassassin I have:

################################################################################
# SaneSecurity & MSRBL Signatures
################################################################################
header CLAM_SS     X-Amavis-AV-Status =~ m{Sanesecurity}
header CLAM_MSRBL  X-Amavis-AV-Status =~ m{MSRBL}
header CLAM_MBL    X-Amavis-AV-Status =~ m{MBL}
header CLAM_SI     X-Amavis-AV-Status =~ m{SecuriteInfo}
header CLAM_WN     X-Amavis-AV-Status =~ m{winnow}
header CLAM_IM     X-Amavis-AV-Status =~ m{INetMsg}
header CLAM_SB     X-Amavis-AV-Status =~ m{Safebrowsing}
header CLAM_SN     X-Amavis-AV-Status =~ m{ScamNailer}
header CLAM_CAV    X-Amavis-AV-Status =~ m{Email|HTML|JS.Redirect}
header CLAM_DS     X-Amavis-AV-Status =~ m{Doppelstern}

score  CLAM_SS     2.5
score  CLAM_MSRBL  1.5
score  CLAM_MBL    1.5
score  CLAM_SI     2.0
score  CLAM_WN     2.0
score  CLAM_IM     2.0
score  CLAM_SB     2.5
score  CLAM_SN     2.5
score  CLAM_CAV    1.0
score  CLAM_DS     1.0

but when I check my maillog mails which are hitting the Sanesecurity rules are 
not being converted to a score ?

Jan 15 15:42:20 mx amavis[19918]: (19918-07) run_av (ClamAV-clamd): 
/var/amavis/tmp/amavis-20140115T120108-19918-H3u_539H/parts INFECTED: 
Sanesecurity.Spam.11344.Dom.UNOFFICIAL
Jan 15 15:42:20 mx amavis[19918]: (19918-07) Turning AV infection into a spam 
report: score=0, AV:Sanesecurity.Spam.11344.Dom.UNOFFICIAL=0

The software revisions am running are:

amavisd-new-2.8.1-1.el6.x86_64
spamassassin-3.3.1-3.el6.x86_64
clamav-db-0.98-2.el6.x86_64
clamav-0.98-2.el6.x86_64
clamd-0.98-2.el6.x86_64

Any ideas please ? Thanks.





To: amavis-users@amavis.org


DISCLAIMER
This email is for the use of the intended recipient(s) only. If you have 
received this email in error, please notify the sender immediately and then 
delete it. 
If you are not the intended recipient, you must not keep, use, disclose, copy 
or distribute this email without the author’s prior permission. 
We have taken precautions to minimise the risk of transmitting software 
viruses, but we advise you to carry out your own virus checks on any attachment 
to this message.
We cannot accept liability for any loss or damage caused by software viruses.
The information contained in this communication may be confidential and may be 
subject to the attorney-client privilege. 
If you are the intended recipient and you do not wish to receive similar 
electronic messages from us in future then please respond to the sender to this 
effect.