I am confused by your original question. Let me see if I can help by explaining how Anti-virus (CLAM) and Anti-Spam (SpamAssassin) work.
/var/qmail/control/simcontrol contains the setting for if they are enabled and at which point they Reject an incoming email. Your were: :clam=yes,spam=yes,spam_hits=12,attach=.mp3:.src:.bat:.pif etisbew.com:clam=yes,spam=yes,spam_hits=12,attach=.mp3:.src:.bat:.pif First of all, if you wanted different settings for etisbew.com, you should put that line before the other line. However, the settings are the same, so you may just want to remove it (as Eric pointed out). clam=yes means that it will do a virus scan and reject any messages that have a virus. The uses will not get anything. spam=yes means that it will do a scan for spam. If the score is higher than spam_hits (12) then the message will be rejected. attach= means that attachments with that end in .mp3, .src, .bat, and .pif will not be allowed. I am not sure if it rejects the whole message or just the attachment. Now, the sample header you gave us has a spam score of 21.4 which tells us that spam=yes worked because it WAS scanned. It should have been rejected, and not allowed to be sent, because the score is higher than spam_hits=12. Did this email make it through, or was it rejected correctly? If so, what is it that you want to do? See response above; Atul Paralikar wrote: > > Hey Jake, the anti-virus on the systems were deleting these mails automatically that's why I was not able to send you the header. > > Now I have one header of email which was caught by the Anti-Virus but not > by > CLAMD. I took it from the webmail. > > ============================ > X-Spam-Flag: YES > X-Spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on > mail.providio.com > X-Spam-Level: ********************* > X-Spam-Status: Yes, score=21.4 required=4.0 > tests=BASE64_LENGTH_78_79,BAYES_50, > > FORGED_OUTLOOK_TAGS,HELO_DYNAMIC_IPADDR2,HELO_DYNAMIC_SPLIT_IP,HTML_MESSAGE, > > MIME_BASE64_TEXT,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_PBL,RCVD_IN_SORBS_DUL, > RCVD_IN_XBL,RCVD_NUMERIC_HELO,RDNS_DYNAMIC autolearn=spam > Version=3.2.4 > X-Spam-Report: > * 2.0 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in > bl.spamcop.net > * [Blocked - see > <http://www.spamcop.net/bl.shtml?211.14.220.25>] > * 4.4 HELO_DYNAMIC_IPADDR2 Relay HELO'd using suspicious hostname > (IP addr > * 2) > * 3.5 HELO_DYNAMIC_SPLIT_IP Relay HELO'd using suspicious hostname > (Split > * IP) > * 2.1 RCVD_NUMERIC_HELO Received: contains an IP address used for > HELO > * 2.8 BASE64_LENGTH_78_79 BODY: BASE64_LENGTH_78_79 > * 0.0 HTML_MESSAGE BODY: HTML included in message > * 0.0 BAYES_50 BODY: Bayesian spam probability is 40 to 60% > * [score: 0.5847] > * 1.8 MIME_BASE64_TEXT RAW: Message text disguised using base64 > encoding > * 0.9 RCVD_IN_PBL RBL: Received via a relay in Spamhaus PBL > * [211.14.220.25 listed in zen.spamhaus.org] > * 3.0 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL > * 0.9 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP > address > * [211.14.220.25 listed in dnsbl.sorbs.net] > * 0.0 FORGED_OUTLOOK_TAGS Outlook can't send HTML in this format * 0.1 RDNS_DYNAMIC Delivered to trusted network by host with > * dynamic-looking rDNS > Received: (qmail 9874 invoked from network); 30 Sep 2009 04:01:53 -0500 Received: from 211.14.220.25.eo.eaccess.ne.jp (211.14.220.25) > by mail.etisbew.com with SMTP; 30 Sep 2009 04:01:52 -0500 > Received-SPF: none (mail.etisbew.com: domain at ras-publishing.com does not > designate permitted sender hosts) > Received: from 211.14.220.25 by service46.mimecast.com; Wed, 30 Sep 2009 18:01:41 +0900 > Message-ID: <000d01ca41ac$a0442000$6400a...@masticatekl698> > From: "Floyd Heath" <a...@etisbew.com> > To: <a...@etisbew.com> > Subject: *****SPAM***** =?utf-8?Q?Spam=3A=3A?= > Thank you for setting the order No.475456 > Date: Wed, 30 Sep 2009 18:01:41 +0900 > MIME-Version: 1.0 > Content-Type: multipart/mixed; > boundary="----=_NxtPrt_ftshd_1254301313" > X-Priority: 3 > X-MSMail-Priority: Normal > X-Mailer: Microsoft Outlook Express 6.00.2900.2180 > X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 > X-Spam-Prev-Subject: =?utf-8?Q?Spam=3A=3A?= > > > ============================ > > > -----Original Message----- > From: Jake Vickers [mailto:j...@qmailtoaster.com] > Sent: Wednesday, September 30, 2009 8:22 PM > To: qmailtoaster-list@qmailtoaster.com > Subject: Re: [qmailtoaster] RE: Mails not being scanned / filtered by SA server > > Atul Paralikar wrote: >> Actually I read in the forum / wiki, to add a line for the domain which we >> need to allow emails. This will allow us to set other parameters which > will >> be effective only for this particular domain. >> More over I added that line, thinking it could be another reason for SPAMD/CLAMD not scanning our domain emails. >> Jake, >> - If the SPAMD/CLAMD are working fine then some of the virus messages are >> getting delivered to the employees. Why is that so? Is there anything else >> in it, which I might be missing? >> - How do I fix the ISOLOG to detect the SPAMD/CALMD logs? > > Remove the log files for spamd and clamd. This will reset the log files and isoqlog should start with the new data. You will lose all the history on these daemon though. > You have only shown us a "spam" message that was correctly marked as spam (at a score of 4.0 like you defined in your local.cf) but was correctly delivered because it did not exceed the score you defined in simcontrol. You have shown us nothing about viruses, nor any logs to back anything up. Without log files we can only make guesses and hope you are able to fix it. > > > ---------------------------------------------------------------------------- ----- > Qmailtoaster is sponsored by Vickers Consulting Group > (www.vickersconsulting.com) > Vickers Consulting Group offers Qmailtoaster support and > installations. > If you need professional help with your setup, contact them today! > ---------------------------------------------------------------------------- ----- > Please visit qmailtoaster.com for the latest news, updates, and > packages. > > To unsubscribe, e-mail: > qmailtoaster-list-unsubscr...@qmailtoaster.com > For additional commands, e-mail: > qmailtoaster-list-h...@qmailtoaster.com > > > > > > --------------------------------------------------------------------------------- Qmailtoaster is sponsored by Vickers Consulting Group > (www.vickersconsulting.com) > Vickers Consulting Group offers Qmailtoaster support and > installations. > If you need professional help with your setup, contact them today! > --------------------------------------------------------------------------------- > Please visit qmailtoaster.com for the latest news, updates, and > packages. > > To unsubscribe, e-mail: > qmailtoaster-list-unsubscr...@qmailtoaster.com > For additional commands, e-mail: > qmailtoaster-list-h...@qmailtoaster.com > > > Kent Busbee Director of Technology Northlake Christian School --------------------------------------------------------------------------------- Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! --------------------------------------------------------------------------------- Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
