Re: [rspamd] Clamav Antivirus identifies eicar.com file as clean?
375 views
Skip to first unread message
Vsevolod Stakhov
Aug 3, 2017, 1:57:30 PM8/3/17
to Thomas Plant, rspamd
On 03/08/17 10:23, Thomas Plant wrote:
> Hello,
>
> I am testing rspamd as a incoming mailgateway for our mailserver.
> I went through the quickstart guide and so far it works.
>
> Now I wanted to test the antivirus module by sending an eicar file
> through, but it does not get recognized. If I scan the file manually on
> the gateway Clamav identifies it as Eicar signature.
>
> In the rspamd.log I see the following:
>
> |
> 2017-08-0311:15:46#3261(rspamd_proxy) <deeebb>; lua; antivirus.lua:466:
> CLAM_VIRUS [clamav]: message is clean
> |
>
> local.d/antivirus.conf contains:
> |
> clamav {
> attachments_only = true;
> action = "reject";
> symbol = "CLAM_VIRUS";
> type = "clamav";
> log_clean = true;
> servers = "127.0.0.1:3301";
> whitelist = "/etc/rspamd/antivirus.wl";
> }
Is eicar signature in the attachment? In your configuration, you check
messages with attachments only.
> Hello,
>
> I am testing rspamd as a incoming mailgateway for our mailserver.
> I went through the quickstart guide and so far it works.
>
> Now I wanted to test the antivirus module by sending an eicar file
> through, but it does not get recognized. If I scan the file manually on
> the gateway Clamav identifies it as Eicar signature.
>
> In the rspamd.log I see the following:
>
> |
> 2017-08-0311:15:46#3261(rspamd_proxy) <deeebb>; lua; antivirus.lua:466:
> CLAM_VIRUS [clamav]: message is clean
> |
>
> local.d/antivirus.conf contains:
> |
> clamav {
> attachments_only = true;
> action = "reject";
> symbol = "CLAM_VIRUS";
> type = "clamav";
> log_clean = true;
> servers = "127.0.0.1:3301";
> whitelist = "/etc/rspamd/antivirus.wl";
> }
Is eicar signature in the attachment? In your configuration, you check
messages with attachments only.
Thomas Plant
Aug 4, 2017, 5:13:10 AM8/4/17
to rspamd, blues...@gmail.com
Hello,
Was a stupid error on my side. It was not the fault of rspamd.
I forgot the set in the clamd.conf 'ScanMail' to 'true'. It worked immediatly when I corrected that.
Sorry for the disturbance,
and thanks for the reply.
Thomas
Was a stupid error on my side. It was not the fault of rspamd.
I forgot the set in the clamd.conf 'ScanMail' to 'true'. It worked immediatly when I corrected that.
Sorry for the disturbance,
and thanks for the reply.
Thomas
Reply all
Reply to author
Forward
0 new messages