Re: [clamav-users] ClamAVPlugin

2021-02-23 Thread G.W. Haywood via clamav-users

Hi there,

On Mon, 22 Feb 2021, Joe Acquisto-j4 wrote:


... I now need to do something with, or to, the "infected" email, which
could be a simple as adding something to the subject line.  However, how to do
that, or if it is even possible, is not obvious to me.


You need to do some work.  I've given you links to the documentation.

--

73,
Ged.

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml


Re: [clamav-users] ClamAVPlugin

2021-02-22 Thread Joe Acquisto-j4


> Greetings
> 
> Seems time to address this
> . . .
> 6. What happens if you mail to yourself something containing the
 EICAR test file?  Check all your log files as well as looking
 for mail headers etc.
>>>
>>> That has proven difficult as every place I have an email client out in
>>> the great wilderness, has strict checking and blocks EICAR ...
>> 
>> Can you not simply use your own mail server to send yourself mail??
>> 
> 
> Sending mail via the local postfix host bypasses spamassassin (spamd)
> and clamav (clamd/clamav-milter). 
> 
> It gets passed on virtually untouched.  Currently posted on postfix users
> list hoping for an answer. but maybe some one here knows what might be
> wrong with my postfix config?
> 
>> 
>> 73,
>> Ged.
>> 
> 
> joe a
>

The clamd local scanning was resolved by setting up non_smptd_milter to 
the same socket as smtpd_milter.  Simple, obvious.

/var/log/mail/ showed EICAR detected, but the received (locally sent) email
did not have a flag in the header to show that.  

In any event, I now need to do something with, or to, the "infected" email, 
which
could be a simple as adding something to the subject line.  However, how to do
that, or if it is even possible, is not obvious to me.   

joe a.


___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml


Re: [clamav-users] ClamAVPlugin

2021-02-22 Thread Joe Acquisto-j4
Greetings

Seems time to address this
. . .
6. What happens if you mail to yourself something containing the
>>> EICAR test file?  Check all your log files as well as looking
>>> for mail headers etc.
>>
>> That has proven difficult as every place I have an email client out in
>> the great wilderness, has strict checking and blocks EICAR ...
> 
> Can you not simply use your own mail server to send yourself mail??
> 

Sending mail via the local postfix host bypasses spamassassin (spamd)
and clamav (clamd/clamav-milter). 

It gets passed on virtually untouched.  Currently posted on postfix users
list hoping for an answer. but maybe some one here knows what might be
wrong with my postfix config?

> 
> 73,
> Ged.
> 

joe a


___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml


Re: [clamav-users] ClamAVPlugin

2021-02-22 Thread Joe Acquisto-j4


> Hi there,
> 
> On Mon, 22 Feb 2021, Joe Acquisto-j4 wrote:
> 
>> myhost:~ # cp eicar.txt /etc/
>>
>> then this worked::
>>
>> myhost:~ # clamdscan /etc/eicar.txt
>> /etc/eicar.txt: Eicar-Signature FOUND
> 
> You have clamd working. :)
> 
> So you just need to get clamav-milter to talk to clamd, and Postfix to
> talk to clamav-milter,

Easier said than done.  and everything will be peachy.  Well, not really
> peachy - then you'll be starting on your assessment of how it performs
> with your particular profile of unwanted mail, which will be different
> from the profiles seen by everyone else.  Feedback will be useful.
> 
> -- 
> 
> 73,
> Ged.
> 

However, in the end it appears it's working.
At least as far a getting an email header line that states:

"X-Virus-Status: Clean
X-Virus-Scanned: clamav-milter 0.103.0 at auxilary"

In summary, knowing what logs are where, paying attention to
what the message mean, assuring  you have *exactly* the same 
path in the appropriate config files, assigning proper rights/ownership 
of files, goes a long way toward achieving success.

Thanks for the patience and guidance.

More needs to be done, of course. but this is a boost.

joe a.





___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml


Re: [clamav-users] ClamAVPlugin

2021-02-22 Thread G.W. Haywood via clamav-users

Hi there,

On Mon, 22 Feb 2021, Joe Acquisto-j4 wrote:


myhost:~ # cp eicar.txt /etc/

then this worked::

myhost:~ # clamdscan /etc/eicar.txt
/etc/eicar.txt: Eicar-Signature FOUND


You have clamd working. :)

So you just need to get clamav-milter to talk to clamd, and Postfix to
talk to clamav-milter, and everything will be peachy.  Well, not really
peachy - then you'll be starting on your assessment of how it performs
with your particular profile of unwanted mail, which will be different
from the profiles seen by everyone else.  Feedback will be useful.

--

73,
Ged.

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml


Re: [clamav-users] ClamAVPlugin

2021-02-22 Thread Joe Acquisto-j4
 . . 
>> 3. Can you scan things with the 'clamdscan' command?  Note the 'd' in
>> 'clamdscan'.  Don't use 'clamscan', because that doesn't use clamd.
> 
> myhost:~ # clamdscan eicar.txt
> /root/eicar.txt: lstat() failed: Permission denied. ERROR
> 
>>

Well an obvious issue, rights.  I had the test file in root
which the clamd service could not access (yet ?)

After doing this as a quick test

myhost:~ # cp eicar.txt /etc/

then this worked::

myhost:~ # clamdscan /etc/eicar.txt
/etc/eicar.txt: Eicar-Signature FOUND

--- SCAN SUMMARY ---
Infected files: 1
Time: 0.637 sec (0 m 0 s)
Start Date: 2021:02:21 23:32:56
End Date:   2021:02:21 23:32:57

Tune out tomorrow as more of the same twaddle is likely
to post.

joe a.


___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml


Re: [clamav-users] ClamAVPlugin

2021-02-22 Thread Gary R. Schmidt

On 22/02/2021 21:59, G.W. Haywood via clamav-users wrote:
[SNIP]


If you're going to run your own mail server, ALL this stuff needs to
be at your fingertips.  If it isn't, you're just going to be getting
in your own way (and in everyone else's way).


Also wondering in main.cf (postfix) is the only place I need to add
Clamav directives.  master.cf has a spot for Spamassassin as a
"filter" and commented out stuff for amavis.


https://www.oreilly.com/library/view/postfix-the-definitive/0596002122/ch04s05.html 



Don't forget that I don't use Postfix, so check everything I've said
is right for your installation.  There may well be little quirks with
Postfix that I don't know about.  It's all very similar with the MTA
that I do use (Sendmail) but I can't be quite so sure with Postfix as
I can with Sendmail.

Fundamentally you need Postfix to know how to talk to clamav-milter,
clamav-milter to know how to talk to clamd, and the same in the other
direction; clamd needs to know how to talk to clamav-milter, and the
milter needs to know how to talk to Postfix.  That's more or less all
there is to it as far as the communications between the processes is
concerned, but then you have to configure it all to do what you want
it to do of course.  I see that you've started on that already with
things like detecting PUAs.



The canonical information on how to use milters in Postfix is in the 
Postfix source tree: README_FILES/MILTER_README.  There's also an HTML 
version.


And I would also second the Dove book Ged links to above, if you are 
about to start fiddling with Postfix configuration.  It's old, but it's 
probably the most complete, and of course, when in doubt look at the 
source,  has a lot of resources.


Cheers,
GaryB-)

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml


Re: [clamav-users] ClamAVPlugin

2021-02-22 Thread G.W. Haywood via clamav-users

Hi there,

On Sun, 21 Feb 2021, Joe Acquisto-j4 wrote:


clamd is running.  I thought I read it does not have to be as
clamav-milter is capable of running mail scans without.  But I could
be mistaken.


If you did read that, whoever wrote it is mistaken.  If you imagined
it, please try not to do that because it isn't helpful.  Note that
it's called clamav-milter (I've taken the liberty correcting your
text) and it's more or less just an interface between an MTA and the
clamd daemon - although it is quite capable, for example it can offer
fault tolerance by handling clamd multiple daemons on multiple servers.

Its configuration and the configuration of the MTA are the first thing
we need to get right - they need to agree with each other, because the
configuration of the MTA tells the MTA how to talk to the milter, and
milter configuration tells the milter how to talk back to the MTA.  So:


Logging is enabled ...


That's good.


myhost:~ # clamd zPING
Sun Feb 21 18:34:45 2021 -> !TCP: Cannot bind to [127.0.0.1]:3310: Address 
already in use
Sun Feb 21 18:34:45 2021 -> !LOCAL: Socket file /var/run/clamav/clamd-socket is 
in use by another process.
Sun Feb 21 18:34:45 2021 -> *Closing the main socket.


This is confusing.  What you've written there looks like you've given
the result on the screen of a command-line command.  First off that
command line command is nonsense (read the 'man' page for clamd) and
secondly what comes after it is taken from the log.  You need to be
clear about what you're doing.  I was clear in my example PING that I
connected to the daemon by using 'telnet'.  You should do the same, or
(as you discovered later) by piping through something like netcat,
socat, or whatever.  The error message in the log from the clamd which
you tried to start at the command line with your 'clamd zPING' command
is simply the new clamd that you're trying to start trying to open the
port that's configured in clamd.conf and finding that there's already
something using that port.  The something already using that port is
of course the running clamd daemon.  I asked you to talk to the daemon,
not to try to start another one.  You *can* start more clamd daemons,
but they each need to have their own unique communication channel, so
they each would need to have a separate file like clamd.conf - when I
run multiple daemons on the same box I have clamd1.conf, clamd2.conf,
and so on, with each daemon using a different port from the default.
You don't need multiplpe clamd daemons at this stage.  Probably never.


3. Can you scan things with the 'clamdscan' command?  Note the 'd' in
'clamdscan'.  Don't use 'clamscan', because that doesn't use clamd.


myhost:~ # clamdscan eicar.txt
/root/eicar.txt: lstat() failed: Permission denied. ERROR


This is a kind of progress.  Put the eicar.txt file in /tmp instead of
/root, with world read permissions, and try again.


5. Anything interesting in the Postfix logs?  Can you increase the
logging verbosity?


Nothing "new" far as I can tell.


We'll look at the log verbosity later.


6. What happens if you mail to yourself something containing the
EICAR test file?  Check all your log files as well as looking
for mail headers etc.


That has proven difficult as every place I have an email client out in
the great wilderness, has strict checking and blocks EICAR ...


Can you not simply use your own mail server to send yourself mail??


I've resorted to a site that purports to send EICAR test email
"as a public service" sort of thing, in the past.


So did you try it?  What happened?


7. Please also let us have the output of

clamconf -n


Unfortunately your configuration is rather a mess.


Config file: clamd.conf
---
...
PidFile = "/var/run/clamav/clamd.pid"
LocalSocket = "/var/run/clamav/clamd-socket"


In passing I note the PID file is under /var/run/.  We'll come back to
that later.  Because clamd is supposed to be talking to clamav-milter,
the local socket above needs to be exactly the same in clamd.conf as
it is in clamav-milter.conf (er, you might say, obviously).  It isn't.


TCPSocket = "3310"
TCPAddr = "127.0.0.1"


If everything is on the same machine, all the processes can use local
(Unix-type) sockets to talk to each other.  That means you don't need
TCP sockets, which use a completely different communication technology
(in fact the same TCP/IP which you use for email, browsing etc. etc.).
So the TCPxxx settings might not be needed, but they're useful (they
have already been useful to us) e.g. for testing and investigation.

Anyway (1) you need to tell the different processes consistent things,
so that they aren't talking to a brick wall; (2) just because you have
a process listening on a port, doesn't necessarily mean that you have
to be using that port; and (3) open TCP ports that you aren't using
can be a security issue.  So if you use clamd carelessly, you might be
a bigger threat to your system than the Bad Guys are because you

Re: [clamav-users] ClamAVPlugin

2021-02-21 Thread Joe Acquisto-j4



>> Hi there,
>> 
>> On Sun, 21 Feb 2021, Joe Acquisto-j4 wrote:
. . .
> 
>> 2. Can you get clamd to reply to a PING?  Here's my laptop talking to my
>> clamd server, you might want to use a Unix socket, or IP 127.0.0.1
>> and port 3310 depending on your configuration:
>> 
> 
> Seems quite leisurely, but it does come back, eventually.
> 
> myhost:~ # clamd zPING
> Sun Feb 21 18:34:45 2021 -> !TCP: Cannot bind to [127.0.0.1]:3310: Address 
> already in use
> Sun Feb 21 18:34:45 2021 -> !LOCAL: Socket file /var/run/clamav/clamd-socket 
> is 
> in use by another process.
> Sun Feb 21 18:34:45 2021 -> *Closing the main socket.
> 
> I am a bit perplexed by this as I am pretty sure I had the port set 
> correctly a while back.  Well, gotta fix that
> at least.

Turns out that is normal for the way I was trying to do it.

the "correct" way, one that works anyway is this:

"echo nPING | nc 127.0.0.1 3310 
PONG"

>> 73,
>> Ged.
>> 
> 

joe a


___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml


Re: [clamav-users] ClamAVPlugin

2021-02-21 Thread Joe Acquisto-j4


> Hi there,
> 
> On Sun, 21 Feb 2021, Joe Acquisto-j4 wrote:
> 
>> As it happens Suse Leap 15.2 has clamAV and ClamAV-milter provided
>> as was suggested earlier.
>>
>> I think I followed and have stuff running.  Working is another question.
> 
> A few simple checks:
> 
> 1. Do you have the clamd daemon running?  Is its logging configured?

clamd is running.  I thought I read id does not have to be as calmd-milter is
capable of running mail scans without.  But I could be mistaken.

Logging is enabled and is shows results of the PING test similar to below:

> 2. Can you get clamd to reply to a PING?  Here's my laptop talking to my
> clamd server, you might want to use a Unix socket, or IP 127.0.0.1
> and port 3310 depending on your configuration:
> 

Seems quite leisurely, but it does come back, eventually.

myhost:~ # clamd zPING
Sun Feb 21 18:34:45 2021 -> !TCP: Cannot bind to [127.0.0.1]:3310: Address 
already in use
Sun Feb 21 18:34:45 2021 -> !LOCAL: Socket file /var/run/clamav/clamd-socket is 
in use by another process.
Sun Feb 21 18:34:45 2021 -> *Closing the main socket.

I am a bit perplexed by this as I am pretty sure I had the port set correctly a 
while back.  Well, gotta fix that
at least.

> 
> 3. Can you scan things with the 'clamdscan' command?  Note the 'd' in
> 'clamdscan'.  Don't use 'clamscan', because that doesn't use clamd.

myhost:~ # clamdscan eicar.txt
/root/eicar.txt: lstat() failed: Permission denied. ERROR

> 
> 4. Is clamd logging anything?  If you've set up logging in clamd.conf
> it should log things when you scan with clamdscan,

If you mean clamd.log, see above.
If you mean clamavmilter.log it only logs that it started.
 
> 5. Anything interesting in the Postfix logs?  Can you increase the
> logging verbosity?

Nothing "new" far as I can tell.

> 6. What happens if you mail to yourself something containing the
> EICAR test file?  Check all your log files as well as looking
> for mail headers etc.

That has proven difficult as every place I have an email client out in
the great wilderness, has strict checking and blocks EICAR when
I try.  Even ssh and telnet are blocked in the terminal sessions.
I have a pretty good relationship with one of them and they 
will humor me from time to time, but, don't want to wear it out.

I've resorted to a site that purports to send EICAR test email
"as a public service" sort of thing, in the past.
. 
> 7. Please also let us have the output of
> 
> clamconf -n
> 
> which with luck will be fewer than a hundred lines.
> 

Checking configuration files in /etc

Config file: clamd.conf
---
LogFile = "/var/log/clamd.log"
LogTime = "yes"
LogClean = "yes"
LogSyslog = "yes"
LogFacility = "LOG_MAIL"
LogVerbose = "yes"
PidFile = "/var/run/clamav/clamd.pid"
LocalSocket = "/var/run/clamav/clamd-socket"
TCPSocket = "3310"
TCPAddr = "127.0.0.1"
User = "vscan"
DetectPUA = "yes"
HeuristicScanPrecedence = "yes"

Config file: freshclam.conf
---
LogTime = "yes"
LogSyslog = "yes"
LogFacility = "LOG_MAIL"
LogVerbose = "yes"
PidFile = "/var/run/clamav/freshclam.pid"
UpdateLogFile = "/var/log/freshclam.log"
DatabaseMirror = "database.clamav.net"

Config file: clamav-milter.conf
---
LogFile = "/var/log/clamav-milter.log"
LogSyslog = "yes"
LogFacility = "LOG_MAIL"
PidFile = "/run/clamav/clamav-milter.pid"
ClamdSocket = "unix:/run/clamav/clamd-socket"
MilterSocket = "/run/clamav/clamav-milter-socket"
AddHeader = "Add"
LogClean = "Basic"

Software settings
-
Version: 0.103.0
Optional features supported: MEMPOOL IPv6 AUTOIT_EA06 BZIP2 LIBXML2 PCRE2 ICONV 
JSON RAR

Database information

Database directory: /var/lib/clamav
main.cvd: version 59, sigs: 4564902, built on Mon Nov 25 08:56:15 2019
bytecode.cld: version 332, sigs: 93, built on Wed Feb 17 16:06:23 2021
daily.cld: version 26087, sigs: 4008904, built on Sun Feb 21 07:10:19 2021
Total number of signatures: 8573899

Platform information

uname: Linux 5.3.18-lp152.63-default #1 SMP Mon Feb 1 17:31:55 UTC 2021 
(98caa86) x86_64
OS: linux-gnu, ARCH: x86_64, CPU: x86_64
zlib version: 1.2.11 (1.2.11), compile flags: a9
platform id: 0x0a21797908070500

Build information
-
GNU C: 7.5.0 (7.5.0)
CPPFLAGS:
CFLAGS: -fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 
-fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables 
-fstack-clash-protection -g -fstack-protector -fPIE -fno-strict-aliasing 
-DFP_64BIT  -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64
CXXFLAGS: -fmessage-length=0 -grecord-gcc-switches -O2 -Wall 
-D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables 
-fasynchronous-unwind-tables -fstack-clash-protection -g -fstack-protector 
-fPIE -fno-strict-aliasing -std=gnu++98
LDFLAGS: -pie
Configure: '--host=x86_64-suse-linux-gnu' '--build=x86_64-suse-linux-gnu' 
'--program-prefix=' '--prefix=/

Re: [clamav-users] ClamAVPlugin

2021-02-21 Thread G.W. Haywood via clamav-users

Hi there,

On Sun, 21 Feb 2021, Joe Acquisto-j4 wrote:


As it happens Suse Leap 15.2 has clamAV and ClamAV-milter provided
as was suggested earlier.

I think I followed and have stuff running.  Working is another question.


A few simple checks:

1. Do you have the clamd daemon running?  Is its logging configured?

2. Can you get clamd to reply to a PING?  Here's my laptop talking to my
   clamd server, you might want to use a Unix socket, or IP 127.0.0.1
   and port 3310 depending on your configuration:

laptop3:~$ telnet 192.168.44.7 3313
Trying 192.168.44.7...
Connected to 192.168.44.7.
Escape character is '^]'.
PING
PONG
Connection closed by foreign host.
laptop3:~$

3. Can you scan things with the 'clamdscan' command?  Note the 'd' in
'clamdscan'.  Don't use 'clamscan', because that doesn't use clamd.

4. Is clamd logging anything?  If you've set up logging in clamd.conf
it should log things when you scan with clamdscan,

5. Anything interesting in the Postfix logs?  Can you increase the
   logging verbosity?

6. What happens if you mail to yourself something containing the
   EICAR test file?  Check all your log files as well as looking
   for mail headers etc.

7. Please also let us have the output of

clamconf -n

which with luck will be fewer than a hundred lines.

--

73,
Ged.

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml


Re: [clamav-users] ClamAVPlugin

2021-02-21 Thread Joe Acquisto-j4



>> Hi there,
>> 
>> On Sun, 21 Feb 2021, Joe Acquisto-j4 wrote:
>>> On Fri, 19 Feb 2021, G.W. Haywood wrote:
>>>
 https://wiki.linuxquestions.org/wiki/Postfix_with_clamav-milter 
>>> 
>>> I used the same search text and did not turn up that link via google or
>>> duckduckgo.  Did it just now to be sure.
>>>
>>> Perhaps geographic region has something to so with SE results?
>> 
>> Perhaps there's something in your browser that you don't know about?
>> One of the things most valuable to the Bad Guys is misdirecting your
>> searches to something that they control.
>> 
>>> (or perhaps, the AI's are messing with me, as revenge for all those
>>> nasty things I've said about them?)
>> 
>> Well I've probably said very similar things about them, but I normally
>> use 'startpage.com' which is basically just a wrapper around Google's
>> search, purely to stop (some of the?) tracking.  Just now I asked my
>> wife to do exactly the same search because she normally uses the duck,
>> and the first hit on her screen was the exact same link.
>> 
>> Anyway - did any of this help?
>> 
>> -- 
>> 
>> 73,
>> Ged.
> 
> Well, anything is possible.  I could try another browser, I suppose,
> but simply based on the search results I did get, none seem 
> malicious.  On the surface at least.
> 
> The most reasonable thing, IMO, is the geographic bias the 
> search engines may have, intentional or not, seeing as you are in
> UK and I in the US.  Also possible is some SEO-ish thing going 
> on, in one form or another biasing results on past search patterns.
> 
> With regard original issue, I have gained some insight from all the 
> comments.  Current thought is to pursue the clamav-milter route as,
> at least, it seems current and likely to be maintained.
> 
> I won't be able give it much more attention till later today.
> 
> joe a.
> 

As it happens Suse Leap 15.2 has clamAV and ClamAV-milter provided
as was suggested earlier.

I think I followed and have stuff running.  Working is another question.

While it seems to take noticeably longer for mail to flow though my stuff,
there is no other indication anything happened.   

Nothing seems "new" in /var/log/mail and nothing is in 
/var/log/clamav-milter.log,
which I enabled, other than "started" each time I start, or restart, 
clamav-milter.service
(also provided by Suse).

Message headers give no indication mail was scanned either, despite having 
enabled
Addheader Add, in clamav-milter.conf.

"top" shows no increase in CPU usage by clamav-milter when mail is being 
provessed
while spamd does increase.

joe a.





___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml


Re: [clamav-users] ClamAVPlugin

2021-02-21 Thread Joe Acquisto-j4


> Hi there,
> 
> On Sun, 21 Feb 2021, Joe Acquisto-j4 wrote:
>> On Fri, 19 Feb 2021, G.W. Haywood wrote:
>>
>>> https://wiki.linuxquestions.org/wiki/Postfix_with_clamav-milter 
>> 
>> I used the same search text and did not turn up that link via google or
>> duckduckgo.  Did it just now to be sure.
>>
>> Perhaps geographic region has something to so with SE results?
> 
> Perhaps there's something in your browser that you don't know about?
> One of the things most valuable to the Bad Guys is misdirecting your
> searches to something that they control.
> 
>> (or perhaps, the AI's are messing with me, as revenge for all those
>> nasty things I've said about them?)
> 
> Well I've probably said very similar things about them, but I normally
> use 'startpage.com' which is basically just a wrapper around Google's
> search, purely to stop (some of the?) tracking.  Just now I asked my
> wife to do exactly the same search because she normally uses the duck,
> and the first hit on her screen was the exact same link.
> 
> Anyway - did any of this help?
> 
> -- 
> 
> 73,
> Ged.

Well, anything is possible.  I could try another browser, I suppose,
but simply based on the search results I did get, none seem 
malicious.  On the surface at least.

The most reasonable thing, IMO, is the geographic bias the 
search engines may have, intentional or not, seeing as you are in
UK and I in the US.  Also possible is some SEO-ish thing going 
on, in one form or another biasing results on past search patterns.

With regard original issue, I have gained some insight from all the 
comments.  Current thought is to pursue the clamav-milter route as,
at least, it seems current and likely to be maintained.

I won't be able give it much more attention till later today.

joe a.


___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml


Re: [clamav-users] ClamAVPlugin

2021-02-21 Thread G.W. Haywood via clamav-users

Hi there,

On Sun, 21 Feb 2021, Joe Acquisto-j4 wrote:

On Fri, 19 Feb 2021, G.W. Haywood wrote:


https://wiki.linuxquestions.org/wiki/Postfix_with_clamav-milter


I used the same search text and did not turn up that link via google or
duckduckgo.  Did it just now to be sure.

Perhaps geographic region has something to so with SE results?


Perhaps there's something in your browser that you don't know about?
One of the things most valuable to the Bad Guys is misdirecting your
searches to something that they control.


(or perhaps, the AI's are messing with me, as revenge for all those
nasty things I've said about them?)


Well I've probably said very similar things about them, but I normally
use 'startpage.com' which is basically just a wrapper around Google's
search, purely to stop (some of the?) tracking.  Just now I asked my
wife to do exactly the same search because she normally uses the duck,
and the first hit on her screen was the exact same link.

Anyway - did any of this help?

--

73,
Ged.

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml


Re: [clamav-users] ClamAVPlugin

2021-02-21 Thread Joe Acquisto-j4
. . .
>> It all looks good from here: 
>> , which is where I got it 
>> (and where it comes from).  All the links work, and match my memory of 
>> things.
>> 
>> Just cleaned and re-built it - I'm on Solaris - and it works fine.
>> 
>>  ./configure CC=cc --prefix=/opt/local
>> 
>> I don't have a SuSE box to hand, but on Centos 7...  No problem, 
>> configure runs cleanly, make throws a handful of warnings, it Just 
>> Works(TM).
>> 
>>  Cheers,
>>  GaryB-)
>> 
> 
> The link you provided worked for me as well, where I got the package.
> Bit the links in the packaged README failed, taking me to godaddy
> stuff.
> 
> In a flash of insight I modified the provide URLs to match 
> "http:/thewalter.net/stef/:"
> and. found the garden . . . of information.
> 
> we shall see how the day progresses.
> 
> joe 
> 
> 

Well, shucks folks.  

Regardless of how simple this is supposed to be
I rather think my time would be better invested in using a package that
is currently being maintained.  I was not deterred so much by no updates
in years, but even the mailing list has had no messages for . . . years.  
Most recent appears to be spam/phish. Most recent before that a group
that were "blocked from view" by administrator.  

joe a.




___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml


Re: [clamav-users] ClamAVPlugin

2021-02-21 Thread Joe Acquisto-j4


> Hi there,
> 
> On Sat, 20 Feb 2021, Joe Acquisto-j4 wrote:
>>> On Fri, 19 Feb 2021, G.W. Haywood wrote:
>>>
>>>  Postfix can use milters, so clamav-milter which comes with ClamAV
>>> might make sense.  . . . .
>>
>> This is the approach I would like to attempt.
>> ...
>> ... clamav and clamav-milter seem to be runing but are not tied in
>> to mail flow yet, due to my own lack of knowledge.
>> 
>> For whatever reasons, I am finding it difficult to tease out how to 
> correctly
>> insert clamav-milter into postfix.  ...
>> turn up stuff that is suggestive, yet, not confidence inspiring.
> 
> Does this help?  Last modified around 2008 so it seems to have stood
> the test of time:
> 
> https://wiki.linuxquestions.org/wiki/Postfix_with_clamav-milter 
> 
>> I am not certain, for example, where to place the "call" to
>> clamav-milter.  ...
> 
> I don't use OpenSUSE nor Postfix, but I use Sendmail and the Postfix
> milter facility is based on that used by Sendmail.  To use milters
> like clamav-milter which are written in C and assume the availability
> of the Sendmail milter library, you need to have Sendmail's libmilter
> library installed.  (This is not built by default if you get Sendmail
> from the original source.)  If you use Postfix on OpenSUSE I believe
> that you can install the Sendmail libmilter library from a package.
> Apart from making sure that you have the libmilter library installed,
> I believe that all you need to do for Postfix is to tell it to use the
> milter in main.cf or whichever appropriate configuration file.  The
> fancy startup script on the page shouldn't be necessary if you already
> have Postfix, clamd and clamav-milter all started.  The bit that tells
> Postfix to use the milter is basically this one single line in main.cf
> 
> smtpd_milters = unix:/var/run/clamav/clamav-milter
> 
> but you see on that page that there's an option to e.g. accept mail if
> the milter fails for some reason, which is just good self-defence and
> not essential to normal operation.  You need to restart Postfix after
> putting the milter line in main.cf or wherever.  Obviously the path to
> your milter socket might not be quite what is given in the line above,
> you may need to tweak it for whatever clamd has in its configuration.
> 
> There's a link on that page to the original Postfix documentation but
> it seems to me that it's not written for a newcomer to the sport.  It
> might make things clearer if I tell you that from what I've learned
> from you about your setup you're looking at an SMTP-only milter, which
> means you're filtering mail which comes from the Postfix mail server.
> The Postfix documentation covers other (non-SMTP) uses.  In case it's
> not obvious, SMTP means "Simple Mail Transfer Protocol" and is what is
> used to exchange mail between various installations.  The RFCs are the
> ultimate source of definitive detail about SMTP (and about most other
> protocols), RFC821 kicked off SMTP but it's long since been superseded
> by (many) more modern RFCs like RFC5321, which is one of the many RFC
> tabs permanently open in my browser:
> 
> https://tools.ietf.org/html/rfc5321#section-3.1 
> 
>> At this stage I would rather ask than hack away.
> 
> Fair enough, but you will need to do quite a bit of reading.
> 
> It took me ten seconds to find the page I linked to.  The search was
> 
> postfix clamav-milter
> 
> and it was the first hit.
> 
> -- 
> 
> 73,
> Ged.

I used the same search text and did not turn up that link via google or
duckduckgo.  Did it just now to be sure.

Perhaps geographic region has something to so with SE results?
(or perhaps, the AI's are messing with me, as revenge for all those
nasty things I've said about them?)

joe a.



___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml


Re: [clamav-users] ClamAVPlugin

2021-02-21 Thread Joe Acquisto-j4


> On 21/02/2021 15:25, Joe Acquisto-j4 wrote:
> [SNIP]
>> 
>> I guess I missed how "simple" clamsmtp is to use, as I got the impression
>> it had to be compiled.  When it gave me errors on make, I put it aside. My
>> admittedly limited search skill must be deteriorating further as I did not 
> find
>> much helpful in the way of documentation.
>> 
>> For instance, the links in the README supplied with the package such as
>> those below seem defunct:
>> 
>> http://memberwebs.com/swalter/software/clamsmtp/postfix.html 
>> 
>> http://memberwebs.com/swalter/software/clamsmtp/transparent.html 
>> 
>> So, I simply sighed deeply and mournfully  and moved on yet again.
>> 
>> If you have some good links, and docs please feel free to let me know.
>> 
> It all looks good from here: 
> , which is where I got it 
> (and where it comes from).  All the links work, and match my memory of 
> things.
> 
> Just cleaned and re-built it - I'm on Solaris - and it works fine.
> 
>   ./configure CC=cc --prefix=/opt/local
> 
> I don't have a SuSE box to hand, but on Centos 7...  No problem, 
> configure runs cleanly, make throws a handful of warnings, it Just 
> Works(TM).
> 
>   Cheers,
>   GaryB-)
> 

The link you provided worked for me as well, where I got the package.
Bit the links in the packaged README failed, taking me to godaddy
stuff.

In a flash of insight I modified the provide URLs to match 
"http:/thewalter.net/stef/:"
and. found the garden . . . of information.

we shall see how the day progresses.

joe 


___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml


Re: [clamav-users] ClamAVPlugin

2021-02-21 Thread G.W. Haywood via clamav-users

Hi there,

On Sat, 20 Feb 2021, Joe Acquisto-j4 wrote:

On Fri, 19 Feb 2021, G.W. Haywood wrote:

 Postfix can use milters, so clamav-milter which comes with ClamAV
might make sense.  . . . .


This is the approach I would like to attempt.
...
... clamav and clamav-milter seem to be runing but are not tied in
to mail flow yet, due to my own lack of knowledge.

For whatever reasons, I am finding it difficult to tease out how to correctly
insert clamav-milter into postfix.  ...
turn up stuff that is suggestive, yet, not confidence inspiring.


Does this help?  Last modified around 2008 so it seems to have stood
the test of time:

https://wiki.linuxquestions.org/wiki/Postfix_with_clamav-milter


I am not certain, for example, where to place the "call" to
clamav-milter.  ...


I don't use OpenSUSE nor Postfix, but I use Sendmail and the Postfix
milter facility is based on that used by Sendmail.  To use milters
like clamav-milter which are written in C and assume the availability
of the Sendmail milter library, you need to have Sendmail's libmilter
library installed.  (This is not built by default if you get Sendmail
from the original source.)  If you use Postfix on OpenSUSE I believe
that you can install the Sendmail libmilter library from a package.
Apart from making sure that you have the libmilter library installed,
I believe that all you need to do for Postfix is to tell it to use the
milter in main.cf or whichever appropriate configuration file.  The
fancy startup script on the page shouldn't be necessary if you already
have Postfix, clamd and clamav-milter all started.  The bit that tells
Postfix to use the milter is basically this one single line in main.cf

smtpd_milters = unix:/var/run/clamav/clamav-milter

but you see on that page that there's an option to e.g. accept mail if
the milter fails for some reason, which is just good self-defence and
not essential to normal operation.  You need to restart Postfix after
putting the milter line in main.cf or wherever.  Obviously the path to
your milter socket might not be quite what is given in the line above,
you may need to tweak it for whatever clamd has in its configuration.

There's a link on that page to the original Postfix documentation but
it seems to me that it's not written for a newcomer to the sport.  It
might make things clearer if I tell you that from what I've learned
from you about your setup you're looking at an SMTP-only milter, which
means you're filtering mail which comes from the Postfix mail server.
The Postfix documentation covers other (non-SMTP) uses.  In case it's
not obvious, SMTP means "Simple Mail Transfer Protocol" and is what is
used to exchange mail between various installations.  The RFCs are the
ultimate source of definitive detail about SMTP (and about most other
protocols), RFC821 kicked off SMTP but it's long since been superseded
by (many) more modern RFCs like RFC5321, which is one of the many RFC
tabs permanently open in my browser:

https://tools.ietf.org/html/rfc5321#section-3.1


At this stage I would rather ask than hack away.


Fair enough, but you will need to do quite a bit of reading.

It took me ten seconds to find the page I linked to.  The search was

postfix clamav-milter

and it was the first hit.

--

73,
Ged.

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml


Re: [clamav-users] ClamAVPlugin

2021-02-20 Thread Gary R. Schmidt

On 21/02/2021 15:25, Joe Acquisto-j4 wrote:
[SNIP]


I guess I missed how "simple" clamsmtp is to use, as I got the impression
it had to be compiled.  When it gave me errors on make, I put it aside. My
admittedly limited search skill must be deteriorating further as I did not find
much helpful in the way of documentation.

For instance, the links in the README supplied with the package such as
those below seem defunct:

http://memberwebs.com/swalter/software/clamsmtp/postfix.html

http://memberwebs.com/swalter/software/clamsmtp/transparent.html

So, I simply sighed deeply and mournfully  and moved on yet again.

If you have some good links, and docs please feel free to let me know.

It all looks good from here: 
, which is where I got it 
(and where it comes from).  All the links work, and match my memory of 
things.


Just cleaned and re-built it - I'm on Solaris - and it works fine.

./configure CC=cc --prefix=/opt/local

I don't have a SuSE box to hand, but on Centos 7...  No problem, 
configure runs cleanly, make throws a handful of warnings, it Just 
Works(TM).


Cheers,
GaryB-)


___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml


Re: [clamav-users] ClamAVPlugin

2021-02-20 Thread Joe Acquisto-j4


> On 21/02/2021 11:49, Joe Acquisto-j4 wrote:
> [SNIP]
>> 
>> For whatever reasons, I am finding it difficult to tease out how to 
> correctly
>> insert clamav-milter into postfix.  Seems all my internet searches so far
>> turn up stuff that is suggestive, yet, not confidence inspiring.
>> 
>> I am not certain, for example, where to place the "call" to clamav-milter.  
>> I 
> can
>> see examples of syntax in the Postfix docs on milters, but . . .
>> 
> This is why I went with clamsmtp, just a simple init script to start it 
> up, and a couple of well-documented changes to master.cf and it all worked.
> 
> I suspect I would still be faffing around with learning about milters now!
> 
>   Cheers,
>   GaryB-)
> 

I guess I missed how "simple" clamsmtp is to use, as I got the impression
it had to be compiled.  When it gave me errors on make, I put it aside. My
admittedly limited search skill must be deteriorating further as I did not find
much helpful in the way of documentation.

For instance, the links in the README supplied with the package such as
those below seem defunct:

http://memberwebs.com/swalter/software/clamsmtp/postfix.html 

http://memberwebs.com/swalter/software/clamsmtp/transparent.html 

So, I simply sighed deeply and mournfully  and moved on yet again.

If you have some good links, and docs please feel free to let me know.

joe a.  







___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml


Re: [clamav-users] ClamAVPlugin

2021-02-20 Thread Gary R. Schmidt

On 21/02/2021 11:49, Joe Acquisto-j4 wrote:
[SNIP]


For whatever reasons, I am finding it difficult to tease out how to correctly
insert clamav-milter into postfix.  Seems all my internet searches so far
turn up stuff that is suggestive, yet, not confidence inspiring.

I am not certain, for example, where to place the "call" to clamav-milter.  I 
can
see examples of syntax in the Postfix docs on milters, but . . .

This is why I went with clamsmtp, just a simple init script to start it 
up, and a couple of well-documented changes to master.cf and it all worked.


I suspect I would still be faffing around with learning about milters now!

Cheers,
GaryB-)

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml


Re: [clamav-users] ClamAVPlugin

2021-02-20 Thread Joe Acquisto-j4


> Hi there,
> 
> On Fri, 19 Feb 2021, Joe Acquisto-j4 wrote:
>>> On Thu, 18 Feb 2021, Joe Acquisto-j4 wrote:
>>>
 Any pointers for using the ClamAVPlugin?
>>>
>>> Could you flesh that out a bit?
>>
>> Sorry I did not think to explain properly.  Using Postfix and Spamassassinm
>> on an OpenSuse version ...
> 
> If you're using Postfix and SpamAssassin you have choices.  Postfix
> can use milters, so clamav-milter which comes with ClamAV might make
> sense.  . . . .

This is the approach I would like to attempt.   

>> So basically, just want to tie ClavAV (using clamd) into PF/SA to scan and
>> flag incoming email.  In a way that does not require I learn, or relearn
> 
> That last part bothers me a bit.  

Sorry. No witty comments come to mind. 

> 73,
> Ged.
> 

Where I am at the moment.  Upgraded OS to Leap 15.2.  That was easy.  I even
took a snapshot of the VM before proceeding.  I can be taught.

Postfix and SA are still functional. clamav and clamav-milter seem to be runing
but are not tied in to mail flow yet, due to my own lack of knowledge.  

For whatever reasons, I am finding it difficult to tease out how to correctly
insert clamav-milter into postfix.  Seems all my internet searches so far
turn up stuff that is suggestive, yet, not confidence inspiring.  

I am not certain, for example, where to place the "call" to clamav-milter.  I 
can
see examples of syntax in the Postfix docs on milters, but . . . 

At this stage I would rather ask than hack away.  

joe a.



___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml


Re: [clamav-users] ClamAVPlugin

2021-02-20 Thread G.W. Haywood via clamav-users

Hi there,

On Fri, 19 Feb 2021, Joe Acquisto-j4 wrote:

On Thu, 18 Feb 2021, Joe Acquisto-j4 wrote:


Any pointers for using the ClamAVPlugin?


Could you flesh that out a bit?


Sorry I did not think to explain properly.  Using Postfix and Spamassassinm
on an OpenSuse version ...


If you're using Postfix and SpamAssassin you have choices.  Postfix
can use milters, so clamav-milter which comes with ClamAV might make
sense.  There are similar approaches which can tie the MTA directly to
the scanner without using clamav-milter.  In these cases, SpamAssassin
wouldn't need to be involved at all.  But I believe SpamAssassin can
also filter mail via ClamAV, so that the MTA (Postfix) wouldn't even
know that ClamAV was involved and the SpamAssassin configuration could
decide what to do with the mail on the basis of the scan results.  One
benefit of using SpamAssassin this way is that you can bring the virus
scanning into the SpamAssassin scoring system.  (One drawback is that
you will then have virus scanning in the SpamAssassin scoring system.
It's a very long time since I used SpamAssassin, but others here will
probably have fresher recollections.)


Decided on ClamAV and after some fumbling had it working through use of
the ClamAVPlugin.  At lesat an EICAR test email was flagged properly.

Now, it does not appear to work any longer ...
So basically, just want to tie ClavAV (using clamd) into PF/SA to scan and
flag incoming email.  In a way that does not require I learn, or relearn


That last part bothers me a bit.  I view my life with computers as a
state of continual learning.  I can never get enough of it.  I believe
in particular that if you're the only thing betwen your systems and
the Bad Guys and you stop learning, then you're heading for trouble
because the Bad Guys _never_ stop learning.


Aside, I did notice the "security issue" but, thought it minor, in my rather
isolated environment.  Perhaps you feel it is a serious issue?


It depends on whether or not you think that not knowing that your mail
hasn't been scanned is a serious issue.  All mail here is carefully
vetted, and we run no Windows boxes, so we use ClamAV mainly for spam
detection and reporting; we don't rely on ClamAV for security, so even
if mail didn't get scanned it probably wouldn't be a big deal.  If you
have many and careless users, who rely on your mail server to protect
them from millions of Windows viruses, you may take a different view.

--

73,
Ged.

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml


Re: [clamav-users] ClamAVPlugin

2021-02-19 Thread Joe Acquisto-j4


> Citeren Joe Acquisto-j4 :
> 
>> Sorry I did not think to explain properly.  Using Postfix and Spamassassinm
>> on an OpenSuse version of Linux (15.1 or something) wanting to add AV
>> scanning to incoming mail.   Started attempting Sophos for Linux (savd ?)
>> but they have or soon will abandon the product.
> 
> If you're still using openSUSE 15.1, that version was recently  
> obsoleted (see  
> https://en.opensuse.org/Lifetime#Discontinued_distributions) and you  
> really shouln't be using that on a production system anymore.
> 
>> Decided on ClamAV and after some fumbling had it working through use of
>> the ClamAVPlugin.  At lesat an EICAR test email was flagged properly.
> 
> ClamAV in openSUSE comes with clamav-milter which allows an  
> integration through the
> smtpd_milters directive in Postfix.
> 

Thanks for all the replies.

Yes, SUSE took me by surprise the other day when I attempted to add
a package and it said I was a naughty boy.   Updating to 15.2 will be 
my first step.

After that I will check out the milter (always a first time) if, for no other 
reason, clamsmtp failed to "make" properly.   Not going to delve into
why at this point.   I'll stop by again after I mung up the update and
milter . . . I think that's a joke . . .

joe a.




___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml


Re: [clamav-users] ClamAVPlugin

2021-02-19 Thread Gary R. Schmidt

On 20/02/2021 00:52, Rick Cooper wrote:
[SNIP]


I don't run postfix and connecting clamd to exim is trivial requiring
nothing but a functioning clamd daemon.
However I did look at options that might be better at connecting to the
clamd daemon and were it me I would look at clamsmtpd for integration. Looks
pretty straight forward to  me:

http://thewalter.net/stef/software/clamsmtp/

I've been using ClamSMTP with Postfix since 2011, it was trivial to 
configure, and just works.


Cheers,
GaryB-)


___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml


Re: [clamav-users] ClamAVPlugin

2021-02-19 Thread Arjen de Korte via clamav-users

Citeren Joe Acquisto-j4 :


Sorry I did not think to explain properly.  Using Postfix and Spamassassinm
on an OpenSuse version of Linux (15.1 or something) wanting to add AV
scanning to incoming mail.   Started attempting Sophos for Linux (savd ?)
but they have or soon will abandon the product.


If you're still using openSUSE 15.1, that version was recently  
obsoleted (see  
https://en.opensuse.org/Lifetime#Discontinued_distributions) and you  
really shouln't be using that on a production system anymore.



Decided on ClamAV and after some fumbling had it working through use of
the ClamAVPlugin.  At lesat an EICAR test email was flagged properly.


ClamAV in openSUSE comes with clamav-milter which allows an  
integration through the

smtpd_milters directive in Postfix.



___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml


Re: [clamav-users] ClamAVPlugin

2021-02-19 Thread Rick Cooper
Joe Acquisto-j4 wrote:
>> Hi there,
>> 
>> On Thu, 18 Feb 2021, Joe Acquisto-j4 wrote:
>> 
>>> Any pointers for using the ClamAVPlugin?
>> 
>> Could you flesh that out a bit?
>> . . .
>> One of the things I do is scan stuff using my own Perl milter, but it
>> never occurred to me that I needed a Perl module to do it with, since
>> the clamd API is very straightforward and you can just send stuff to
>> clamd from Perl by the ordinary IPC means available in Perl.  Before
>> you spend a lot of time on this, perhaps you can tell us more about
>> what you want to achieve.
> 
> Thanks for the reply.
> 
> Sorry I did not think to explain properly.  Using Postfix and
> Spamassassinm on an OpenSuse version of Linux (15.1 or something)
> wanting to add AV scanning to incoming mail.   Started attempting
> Sophos for Linux (savd ?) but they have or soon will abandon the
> product. 
> 
> Decided on ClamAV and after some fumbling had it working through use
> of 
> the ClamAVPlugin.  At lesat an EICAR test email was flagged properly.
> 
> Now, it does not appear to work any longer and am attempting to
> retrace my steps and coming up short.  As usual, I made few written
> notes and am slow to admit my "total recall" may no longer bet
> exactly "total". 
> 
> So basically, just want to tie ClavAV (using clamd) into PF/SA to
> scan and flag incoming email.  In a way that does not require I
> learn, or relearn 
> 
> Aside, I did notice the "security issue" but, thought it minor, in my
> rather isolated environment.  Perhaps you feel it is a serious issue?
> 
> joe a

I don't run postfix and connecting clamd to exim is trivial requiring
nothing but a functioning clamd daemon.
However I did look at options that might be better at connecting to the
clamd daemon and were it me I would look at clamsmtpd for integration. Looks
pretty straight forward to  me:

http://thewalter.net/stef/software/clamsmtp/

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml


Re: [clamav-users] ClamAVPlugin

2021-02-19 Thread Joe Acquisto-j4


> Hi there,
> 
> On Thu, 18 Feb 2021, Joe Acquisto-j4 wrote:
> 
>> Any pointers for using the ClamAVPlugin?
> 
> Could you flesh that out a bit?
>. . .  
> One of the things I do is scan stuff using my own Perl milter, but it
> never occurred to me that I needed a Perl module to do it with, since
> the clamd API is very straightforward and you can just send stuff to
> clamd from Perl by the ordinary IPC means available in Perl.  Before
> you spend a lot of time on this, perhaps you can tell us more about
> what you want to achieve.

Thanks for the reply.  

Sorry I did not think to explain properly.  Using Postfix and Spamassassinm
on an OpenSuse version of Linux (15.1 or something) wanting to add AV
scanning to incoming mail.   Started attempting Sophos for Linux (savd ?)
but they have or soon will abandon the product.

Decided on ClamAV and after some fumbling had it working through use of
the ClamAVPlugin.  At lesat an EICAR test email was flagged properly.

Now, it does not appear to work any longer and am attempting to retrace my
steps and coming up short.  As usual, I made few written notes and am slow
to admit my "total recall" may no longer bet exactly "total".

So basically, just want to tie ClavAV (using clamd) into PF/SA to scan and
flag incoming email.  In a way that does not require I learn, or relearn

Aside, I did notice the "security issue" but, thought it minor, in my rather 
isolated environment.  Perhaps you feel it is a serious issue?

joe a


-- 



___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml


Re: [clamav-users] ClamAVPlugin

2021-02-19 Thread G.W. Haywood via clamav-users

Hi there,

On Thu, 18 Feb 2021, Joe Acquisto-j4 wrote:


Any pointers for using the ClamAVPlugin?


Could you flesh that out a bit?


States one needs to install "File::Scan::ClamAV" which I find,


I found it too.  I found this, for example:

https://rt.cpan.org/Public/Bug/Display.html?id=131538

What bothers me is not so much that there's an issue, but that it's
allegedly a serious security issue and there seems to have been no
resonse to it for a year.  Incidentally the link to the module on the
ClamAV Website's download page takes you to a version 1.06 of the
package from 2004.  Micah?  The version on Github is

# $Id: ClamAV.pm,v 1.91 2009/02/07 12:43:13 jamtur Exp $

and there's a version 1.95 (dated 2016) on CPAN.  All in all it looks
like a shambles to me.


It appears this must be complied and should "magically work".


It's a Perl module.  Most of the time installing Perl modules is just
copying files.  Perl is an interpreted language, and most of the time
runs from Perl scripts which are just text files although I'm very
fond of typing one-liners at the command line:

perl -e 'print "Hello, world!\n";'

You can install Perl modules in several different ways, but first and
foremost of course you need the Perl interpreter.  That's almost
certainly on your system already.  If not, look around on the Web for
something called 'Linux' and download it.  It's true that some Perl
modules will need some compilation, but it isn't the rule.  Once a
module is on your system you can just 'use' it (I choose my words
carefully).

But first...


Instructions seem written for someone that knows how it works.


... you need to explain what you want to do with it.  Generally you
will only want to install Perl modules if either you're writing code
in Perl or you're using some tool which uses Perl to get things done.


I guess I need a tutorial on using perl as well.


Beyond the scope of this list.  There are many tutorials around, but
you really need to read the Camel book.  That's quite a tall order,
but if ever you want to do Linux plumbing then Perl is a very useful
tool to have at your disposal.  I do that sort of thing all the time,
and I don't know what I'd do without Perl.

One of the things I do is scan stuff using my own Perl milter, but it
never occurred to me that I needed a Perl module to do it with, since
the clamd API is very straightforward and you can just send stuff to
clamd from Perl by the ordinary IPC means available in Perl.  Before
you spend a lot of time on this, perhaps you can tell us more about
what you want to achieve.

--

73,
Ged.

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml


[clamav-users] ClamAVPlugin

2021-02-18 Thread Joe Acquisto-j4
Any pointers for using the ClamAVPlugin?   States one needs to install 
"File::Scan::ClamAV" which I find,  It appears this must be complied and should 
"magically work".  Instructions seem written for someone that knows how it 
works.  I guess I need a tutorial on using perl as well.




___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml