clamav antivirus configuration no match

[Stan]

Hi,

My clamav antivirus configuration no match when i send eicar test --> there is no action on the mail and i don't know why!

My configuration file is modules.d/antivirus.conf (my file is not in local.d directory)


antivirus {
  clamav {
    action = "reject";
    attachments_only = true;
    symbol = "CLAM_VIRUS";
    type = "clamav";
    servers = "127.0.0.1:3310";
    whitelist = "/etc/rspamd/antivirus.wl";
  }


  .include(try=true,priority=5) "${DBDIR}/dynamic/antivirus.conf"
  .include(try=true,priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/antivirus.conf"
  .include(try=true,priority=10) "$LOCAL_CONFDIR/override.d/antivirus.conf"
}


clamd is ok on 3310

# netstat -aptn | grep 3310
tcp        0      0 127.0.0.1:3310          0.0.0.0:*               LISTEN      987/clamd


Do you have an idea?
regards

[Andrew Lewis]

Hi,

> My clamav antivirus configuration no match when i send eicar test --> there
> is no action on the mail and i don't know why!

Is CLAM_VIRUS in fact yielded but `action` is not set?- or is this
symbol absent? (ie. no detection)

> My configuration file is modules.d/antivirus.conf (my file is not in
> local.d directory)

It's best to avoid modifying the stock configuration directly.

Use `rspamadm configdump antivirus` to show effective configuration.

`attachments_only = true;` is likely reason why testing may fail if
you haven't a suitable message sample, you could try setting it `false`.

Best,
-AL.

[Stan]

Thanks a lot Andrew

with `attachments_only = false;` it's ok

regards


Logs
.
554 5.7.1 clamav: virus found: \"Eicar-Test-Signature\"