Re: [clamav-users] Howto quarantine emails? "ERROR: VirusEvent: fork failed."

2017-01-06 Thread Mathieu D. 
Le mardi 3 janvier 2017, 05:14:52 CET Gene Heskett a écrit :
> > ERROR: VirusEvent: fork failed.
> 
> I've no clue, never tried that. What I do for quaranteen is with a
> procmail script. Lemme see if I can find it.  Yup, here are snippets.

I'm more interested in fixing this worrying "fork failed" than anything else. 
But thanks anyway Gene.

Kind regards,
-- 
Mathieu

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Howto quarantine emails? "ERROR: VirusEvent: fork failed."

2017-01-03 Thread Gene Heskett 
On Tuesday 03 January 2017 04:25:54 Mathieu D. wrote:

> Hello,
>
> I would like to keep emails detected as virus by ClamAV on the
> filesystem, in order to be able to retrieve false-positive when users
> asks for them. After a few days, a simple cronjob would remove them.
>
> So I though that "VirusEvent" could be an appropriate way to do it.
> (Is there any better way?)
>
> I set the "VirusEvent" in the configuration file to :
>   VirusEvent /bin/run-parts --lsbsysinit /etc/clamav/virusevent.d/
>
> While I am only debugging for the moment, the script `/etc/clamav/
> virusevent.d/test.sh` (chmod'ed +s) contains this:
>   #!/bin/bash
>   echo "$(date) ClamAV found $CLAM_VIRUSEVENT_VIRUSNAME into
> $CLAM_VIRUSEVENT_FILENAME" >> /tmp/clamav-found_virus.log
>
> I also tried directly with this:
>   VirusEvent echo "%v" >> /tmp/clamav-found_virus.log
>
> But all my tests fails. The /tmp.clamav-found_virus.log doesn't get
> anything, while the logs only tells:
>
> ```
> /var/spool/exim4/scan/1cO7Nt-0005Y4-A5/1cO7Nt-0005Y4-A5.eml:
> Heuristics.Phishing.Email.SSL-Spoof(6ed8d5db7b0e9651be9a6d42befc69cb:4
>6580) FOUND
> ERROR: VirusEvent: fork failed.
> ```
>
> Do you have any idea why it doesn't work?
>
> Best regards,

I've no clue, never tried that. What I do for quaranteen is with a 
procmail script. Lemme see if I can find it.  Yup, here are snippets.
At top of file.
#
# Necessary generic definitions
#
# needs in fetchmailrc 'defaults mda "/usr/bin/procmail -d gene"'
DROPPRIVS=yes
VERBOSE=no
COMSAT=no
NULLBOX = "/dev/null"
SPAMBOX = "/home/gene/Mail/spam/new"
VIRIBOX = "/var/spool/mail/virii"
[...]
VERBOSE=YES

# Scan for viruses
:0
VIRUS=|clamdscan --stdout -

:0w
* VIRUS ?? ^.*: \/.* FOUND
$VIRIBOX

VERBOSE=NO


But don't expect a lot of activity. The last time that virii file was 
updated, was June 6th of last (2016) year.

It appears they either are not sending viri by email very often, or 
clamdscan isn't catching them. And I haven't been attacked, and I don't 
click on spammy looking links. Ever.

Cheers, Gene Heskett
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page 
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Howto quarantine emails? "ERROR: VirusEvent: fork failed."

2017-01-03 Thread Mathieu D. 
Le mardi 3 janvier 2017, 10:31:51 CET Vladislav Kurz a écrit :
> > So I though that "VirusEvent" could be an appropriate way to do it. (Is
> > there any better way?)
> 
> try using amavis together with your SMTP server. It has options to put
> mail into quarantine and to notify recipients, that something has been
> quarantined.

Thank you. Yes, I will consider this when refactoring the mail system. But for 
the time being, I have to do without touching too much what's working. ;)

-- 
Mathieu
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Howto quarantine emails? "ERROR: VirusEvent: fork failed."

2017-01-03 Thread Vladislav Kurz 
On 01/03/17 10:25, Mathieu D. wrote:
> Hello,
> 
> I would like to keep emails detected as virus by ClamAV on the filesystem, in 
> order to be able to retrieve false-positive when users asks for them. After a 
> few days, a simple cronjob would remove them.
> 
> So I though that "VirusEvent" could be an appropriate way to do it. (Is there 
> any better way?)

Hello,

try using amavis together with your SMTP server. It has options to put
mail into quarantine and to notify recipients, that something has been
quarantined.


-- 
S pozdravem
Vladislav Kurz

Centrála: Celní 17/5, 63900 Brno, CZ
Web: http://www.webstep.net
E-Mail: podp...@webstep.net
Tel: 840 840 700, +420 548 214 711
Obchodní podmínky: https://zkrat.to/op
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml