On Wed, 2 Dec 2020, Joe Acquisto-j4 wrote:
Hacking away, seem to have it working?, Using CLAMAVPlugin. At least mail
does not appear "broken".
But EICAR is not detected. I "think" it is being scanned as I see this:
*********************************
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on auxilary
X-Spam-Level: *
X-Spam-Status: No, score=1.0 required=5.0 tests=BAYES_00,FREEMAIL_FROM,
HTML_MESSAGE,SPOOFED_FREEMAIL_NO_RDNS,TVD_SPACE_RATIO autolearn=no
autolearn_force=no version=3.4.2
X-Spam-Virus: _CLAMAVRESULT
X-Spam-Report:
* -1.5 BAYES_00 BODY: Bayes spam probability is 0 to 1%
* [score: 0.0000]
* 1.0 FREEMAIL_FROM Sender email is commonly abused enduser mail
* provider (joe.acquisto[at]gmail.com)
* 0.0 HTML_MESSAGE BODY: HTML included in message
* 0.0 TVD_SPACE_RATIO No description available.
* 1.5 SPOOFED_FREEMAIL_NO_RDNS From SPOOFED_FREEMAIL and no rDNS
*************************
Is that proof it is being scanned and the non detection issue lies elsewhere?
joe a.
What, specifically, is the config you're using to invoke CLAMAVPlugin?
You need to have at least two things set up in your spamassassin config files:
1) load the plugin in a "v*.pre"
2) invoke the check_clamav() procedure
EG:
in v320.pre
# AntiVirus - some simple anti-virus checks, this is not a replacement
# for an anti-virus filter like Clam AntiVirus
#
#loadplugin Mail::SpamAssassin::Plugin::AntiVirus
#
loadplugin ClamAV /usr/local/etc/mail/spamassassin/plugins/clamav.pm
Note that line depends on the path to where you've installed the plugin
In a ".cf" rules file (I call mine clamav.cf ):
#
# config file for using the ClamAV plugin "clamav.pm"
#
full L_CLAMAV eval:check_clamav()
describe L_CLAMAV Clam AntiVirus detected a virus
score L_CLAMAV 5
#
header T__MY_CLAMAV X-Spam-Virus =~ /Yes/i
header T__MY_CLAMAV_SANE X-Spam-Virus =~ /Yes.{1,50}Sanesecurity/i
#
--
Dave Funk University of Iowa
<dbfunk (at) engineering.uiowa.edu> College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center, 103 S Capitol St.
Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527
#include <std_disclaimer.h>
Better is not better, 'standard' is better. B{
