On 03/08/17 10:23, Thomas Plant wrote:
> Hello,
>
> I am testing rspamd as a incoming mailgateway for our mailserver.
> I went through the quickstart guide and so far it works.
>
> Now I wanted to test the antivirus module by sending an eicar file
> through, but it does not get recognized. If I scan the file manually on
> the gateway Clamav identifies it as Eicar signature.
>
> In the rspamd.log I see the following:
>
> |
> 2017-08-0311:15:46#3261(rspamd_proxy) <deeebb>; lua; antivirus.lua:466:
> CLAM_VIRUS [clamav]: message is clean
> |
>
> local.d/antivirus.conf contains:
> |
> clamav {
> attachments_only = true;
> action = "reject";
> symbol = "CLAM_VIRUS";
> type = "clamav";
> log_clean = true;
> servers = "
127.0.0.1:3301";
> whitelist = "/etc/rspamd/antivirus.wl";
> }
Is eicar signature in the attachment? In your configuration, you check
messages with attachments only.