Re: adding AV scanning to working Postfix/SA system

Wed, 02 Dec 2020 07:18:37 -0800 

>>  Am 23.11.20 um 17:37 schrieb Joe Acquisto-j4:
So, beyond "experiences" any leads on generic "how to" guides that actually 
>> work in
>>> practice?   I've found a few, rather than chase geese, I'm sure some here 
>> have done
>>> similar things, even if with other AV scanners
>> 
>> http://www.postfix.org/MILTER_README.html 
>> https://sanesecurity.com/ 
>> 
>  . . .
> 
> I decided to pursue CLAMAV as it seems to be well maintained and lots of 
> "links for dummies" turned up.
> 
> After installing CLAMAV, as supplied in the openSuse distribution, updating 
> virus sigs I attempted to begin
> configuring per some of the how to's.
> 
> Most are years old, have links that lead nowhere, call out config files that 
> do not exist (as installed above), 
> or refer to "clamd sockets" that cannot be found.
> 
> I feel sure this is old hat to more experienced souls, but, for me, this has 
> been far more frustrating than I
> anticipated.   
> 
> At this point, not even sure what I actually need as, as noted, there seem 
> to be myriad ways to approach a 
> solution. Obviously prefer the simplest method.
> 
> Subscribed just now to CLAMAV users list and should probably pursue this 
> over there.  But any tutoring and
> or "there there" pats on the head would not be snarled at.

Hacking away, seem to have it working?,   Using CLAMAVPlugin. At least mail
does not appear "broken".  

But EICAR is not detected.  I "think" it is being scanned as I see this:

*********************************
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on auxilary
X-Spam-Level: *
X-Spam-Status: No, score=1.0 required=5.0 tests=BAYES_00,FREEMAIL_FROM,
        HTML_MESSAGE,SPOOFED_FREEMAIL_NO_RDNS,TVD_SPACE_RATIO autolearn=no
        autolearn_force=no version=3.4.2
X-Spam-Virus: _CLAMAVRESULT
X-Spam-Report: 
        * -1.5 BAYES_00 BODY: Bayes spam probability is 0 to 1%
        *      [score: 0.0000]
        *  1.0 FREEMAIL_FROM Sender email is commonly abused enduser mail
        *      provider (joe.acquisto[at]gmail.com)
        *  0.0 HTML_MESSAGE BODY: HTML included in message
        *  0.0 TVD_SPACE_RATIO No description available.
        *  1.5 SPOOFED_FREEMAIL_NO_RDNS From SPOOFED_FREEMAIL and no rDNS
*************************

Is that proof it is being scanned and the non detection issue lies elsewhere?

joe a.

Reply via email to