Hello,
As you may also see in another mail (thread) I have started (for bayes
db migration), we have an installation with
postfix/amavis/clamav/spamassassin on CentOS 6 using (legacy?) rpmforge
packages (for amavis/clamav).
The setup includes scamp 5.6
(https://sourceforge.net/projects/scam
Nikolaos Milas writes:
> Oct 15 09:32:25 mailgw3 clamd[6612]:
> /var/amavis/tmp/amavis-20201015T092702-28341-iVNTHGzi/parts/p004:
> winnow.malware.test.eicar.com.UNOFFICIAL FOUND
I am not sure, but I see that Eicar was detected by an unofficial
signature. Do you have a different rules for offi
On 15/10/2020 11:57 π.μ., Olivier wrote:
I am not sure, but I see that Eicar was detected by an unofficial
signature. Do you have a different rules for official and unofficial?
Thank you Olivier for your reply.
Frankly, I am not aware of the exact technical details of our setup.
This setup w
On Thu, 15 Oct 2020 at 09:52, Nikolaos Milas wrote:
>
> Hello,
>
> As you may also see in another mail (thread) I have started (for bayes
> db migration), we have an installation with
> postfix/amavis/clamav/spamassassin on CentOS 6 using (legacy?) rpmforge
> packages (for amavis/clamav).
>
> The
I recently started using the 'clamav-unofficial-sigs' script
(https://github.com/extremeshok/clamav-unofficial-sigs/) and noticed,
that some 'unofficial' detections are blocked properly, while others are
just '/turned into a spam report/'.
Here's a part of the log for one that's blocked:
(07385-
> And here's a part of the log for one that's merely converted to a spam
> report:
> (20911-18) run_av (ClamAV-clamd):
> /var/spool/amavis/tmp/amavis-20201015T110518-20911-6Oyb0AUP/parts INFECTED:
> Sanesecurity.Badmacro.Doc.ArrWind1.UNOFFICIAL,
> Sanesecurity.Badmacro.Doc.ArrWind1.UNOFFICIAL
>
On 15/10/2020 12:52 μ.μ., Dominic Raferd wrote:
start with something like this to check your amavis virus settings:
...
There are other possible explanations too e.g. is amavis calling
clamav for incoming mails or is clamav being called directly by the
MTA? have you got clamav and amavis user pe
On Thu, 15 Oct 2020 at 12:15, Nikolaos Milas wrote:
>
> On 15/10/2020 12:52 μ.μ., Dominic Raferd wrote:
>
> > start with something like this to check your amavis virus settings:
> > ...
> > There are other possible explanations too e.g. is amavis calling
> > clamav for incoming mails or is clamav
On 15/10/2020 2:48 μ.μ., Dominic Raferd wrote:
It is unlikely that clamav is not reading its official databases, but
it is very rare for viruses to be found through the official
databases, so the hits you will see in the real world will come from
the unofficial databases (which need to be update
On 15/10/2020 3:26 μ.μ., Nikolaos Milas wrote:
This doesn't seem to be the problem, because the infected attachments
are simply found CLEAN;
For your reference, here is a verbose log of the AV check on a message
which should have been found INFECTED, but it is rather judged CLEAN:
On 15/10/2020 11:57 π.μ., Olivier wrote:
I am not sure, but I see that Eicar was detected by an unofficial
signature. Do you have a different rules for official and unofficial?
On 15.10.20 12:46, Nikolaos Milas wrote:
Thank you Olivier for your reply.
Frankly, I am not aware of the exact tech
Hi Niko,
Try this:
https://github.com/extremeshok/clamav-unofficial-sigs
This has worked wonderfully for us.
-Original Message-
From: amavis-users
On Behalf Of
Nikolaos Milas
Sent: Thursday, October 15, 2020 8:41 AM
To: amavis-users@amavis.org
Subject: Re: clamav (under amavis) not
On 15/10/2020 3:48 μ.μ., Dino Edwards wrote:
https://github.com/extremeshok/clamav-unofficial-sigs
This has worked wonderfully for us.
Sounds great.
Should I first remove the stale databases installed by the legacy scamp
script?
If so, is it sufficient to delete the undesired / stale dat
I would make a backup of the /var/clamav directory first and then I would
delete the stale databases and then ensure clamav starts up and see if it's
complaining about anything.
-Original Message-
From: amavis-users
On Behalf Of
Nikolaos Milas
Sent: Thursday, October 15, 2020 9:20 AM
On 2020-10-15 08:48, Dino Edwards wrote:
> Hi Niko,
>
> Try this:
>
> https://github.com/extremeshok/clamav-unofficial-sigs
>
> This has worked wonderfully for us.
>
That script comes packed with silly root exploits. You'll be safer with
fangfrisch:
https://github.com/rseichter/fangfrisch
On 2020-10-15 08:11, Matus UHLAR - fantomas wrote:
>
> on debian, you need to add user clamav in amavis group and restart clamd, so
> clamd can
> scan files unpacked by amavis.
>
I suggest using the "clamdscan --fdpass" entry instead of mucking with
the system users/groups. This is now the upst
On 15/10/2020 4:19 μ.μ., Nikolaos Milas wrote:
On 15/10/2020 3:48 μ.μ., Dino Edwards wrote:
https://github.com/extremeshok/clamav-unofficial-sigs
This has worked wonderfully for us.
Sounds great.
Hi dear friends,
I managed to install extremeshok on the server and that was quite a succes
I have never heard of that. Do you have any info to substantiate your claim?
From: Michael Orlitzky
Sent: Thursday, October 15, 2020 9:35 AM
To: amavis-users@amavis.org
Subject: Re: clamav (under amavis) not filtering out viruses!
On 2020-10-15 08:48, Dino Edwar
* Danilo Godec:
> I recently started using the 'clamav-unofficial-sigs' script
> (https://github.com/extremeshok/clamav-unofficial-sigs/)
Unsurprisingly, I recommend https://github.com/rseichter/fangfrisch
instead, because it is more secure, robust and easier to configure.
-Ralph
On 10/15/20 10:45 PM, Andrey Lelikov wrote:
On 10/14/20 7:21 PM, Dominic Raferd wrote:
The X-Original-To header is normally added by the postfix delivery
agent (local, smtp, virtual etc). Are you sure it isn't being stripped
by something bespoke in your system?
Ok, I should have made myself
20 matches
Mail list logo
