On 10/11/2012 09:54 AM, Angus McIntyre wrote:
Mike Tirpak wrote:
On 04/10/2012 14:19, Mike Tirpak wrote:
I upgraded clamav a couple of days ago and everything went fine.
Clamav would catch everything with a virus attached inside a zip
file. Over the past two days, I've gotten two emails that have zip
files with viruses inside them. Is there a tweek I should do with the
new version of clam?
Clamav will catch many viruses, but is not guaranteed to catch everything.
Make sure that freshclam is able to download the latest definitions from
ClamAv.net. Check your freshclam logs in:
/var/log/clamav
to ensure that freshclam is running regularly and successfully downloading
the new definitions.
If you find a viral payload that ClamAV didn't catch, you can submit it at:
http://www.clamav.net/lang/en/sendvirus/
Another strange issue is spamassassin is marking mail as spam when it
should not be. An example is I have received emails from a person
last week that was not spam and it went through just fine. Today, the
same type of email from the same person got marked as spam. I know
that there are a lot of ways to configure spamassassin. What can I do
to prevent this from happening?
Take a look at the logs in:
/var/log/qmail/spamd
Find the message ID for the wrongly-matched message, then grep through the
logs in that directory for that message. For example, if your message ID
was '1...@foo.com', you might do:
cat `ls -t | head -10` | grep -C 2 "1...@foo.com"
(that stuff with 'ls -t' and 'head -10' is just a trick to search only the
most recent log files; change the '10' to something else if you want to
look further back.
The output should include something like:
@40000000507611f819ccb6a4 [16130] info: spamd: result: Y 33 -
BAYES_99,FORGED_IMS_HTML,FORGED_MSGID_YAHOO,FORGED_MUA_IMS,FROM_LOCAL_NOVOWEL,HTML_IMAGE_ONLY_12,HTML_MESSAGE,HTML_SHORT_LINK_IMG_2,HTTP_ESCAPED_HOST,HTTP_EXCESSIVE_ESCAPES,MIME_BASE64_TEXT
scantime=0.7,size=3046,user=clamav,uid=89,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=43925,mid=<ctlyeozacxavauuhqc...@yahoo.com>,bayes=1.000000,autolearn=spam
which lists the names of all the SpamAssassin rules that matched. You can
find your SpamAssassin rulesets in:
/etc/mail/spamassassin
Search the .cf files in that directories for the rules that matched. This
will give you an idea of why the message was considered spam. If you think
that one of the rules is likely to yield false positives, you can edit the
definition to disable it or reduce the weight.
You can also manually whitelist users to ensure that their mail always
arrives. See:
http://wiki.apache.org/spamassassin/ManualWhitelist
Be aware, however, that whitelisting opens the door to any spammer who
forges that particular sender's email address.
Angus
---------------------------------------------------------------------
Thanks for the help, Angus.
Just thought you might want to know that qmlog has some nice searching
capability built in. For instance, you can
# qmlog -lc "123@foo\.com"
to search all the logs for a particular address, or any other string
matching a regex. There are date parameters you can include too to
narrow the search.
FWIW.
--
-Eric 'shubes'
---------------------------------------------------------------------
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
