antivirus + force_action configuration...
Frédéric Goudal
*** Section antivirus *** |
clamav { |
attachments_only = false; |
log_clean = true; |
patterns { |
JUST_EICAR = "^Eicar-Test-Signature$"; |
} |
symbol = "CLAM_VIRUS"; |
type = "clamav"; |
whitelist = "/etc/rspamd/antivirus.wl"; |
}
And
*** Section force_actions *** |
rules { |
clamav { |
expressions = "CLAM_VIRUS"; |
action = "reject"; |
message = "virus found in mail"; |
} |
}
What I see is that :
1) the file are scanned by clamav, I can check in the logs.
2) some viruses are found.
3) it appears in the rspamd log :
2018-04-05 13:20:47 #4255(normal) <e39830>; antivirus; antivirus.lua:484: CLAM_VIRUS [clamav]: got reply: stream: SecuriteInfo.com.Spam-6346.UNOFFICIAL FOUND
2018-04-05 13:20:47 #4255(normal) <e39830>; task; insert_metric_result: symbol CLAM_VIRUS, score 0.00, factor: 0.000000
2018-04-05 13:20:47 #4255(normal) <e39830>; lua; antivirus.lua:97: clamav: virus found: "SecuriteInfo.com.Spam-6346.UNOFFICIAL"
3) I have seen a message that had some header added ;
CLAM_VIRUS(0)[SecuriteInfo.com.Spam-6346.UNOFFICIAL]
But the message was transmitted clean to the user... I guess I have a problem with force_actions ?
Thanks in advance.
Andrew Lewis
Hi,
> expressions = "CLAM_VIRUS";
You wanted "expression", singular.
Best,
-AL.
Frédéric Goudal
f.g.
> You received this message because you are subscribed to the Google Groups "rspamd" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to rspamd+un...@googlegroups.com.
> Visit this group at https://groups.google.com/group/rspamd.
—
Frédéric Goudal Ingénieur Système
gou...@enseirb-matmeca.fr