[Maia-users] Pass mail with virus
Salvatore Basso
sasab at pixteam.com
Wed Sep 20 06:33:47 PDT 2006
Hi, I use mailguard 1.0.1 with amavisd and clam but I have a problem with
virus.
When start my mail server I have in log file:
Sep 20 15:12:42 localhost amavis[2455]: starting. /usr/sbin/amavisd at
mail.mydomain.biz amavisd-new-
.2.1 (20041222) + Maia Mailguard 1.0.1, Unicode aware, LANG=it_IT.UTF-8
Sep 20 15:12:43 localhost amavis[2456]: ANTI-VIRUS code loaded
Sep 20 15:12:43 localhost amavis[2456]: Using internal av scanner code for
(primary) ClamAV-clamd
Sep 20 15:12:43 localhost amavis[2456]: Found secondary av scanner
ClamAV-clamscan at /usr/local/bin/clamscan
and....
[root at mail postfix]# ps -ax|grep clam
Warning: bad syntax, perhaps a bogus '-'? See
/usr/share/doc/procps-3.2.6/FAQ
1589 ? Ss 0:00 /usr/local/bin/freshclam -d
1715 ? Ss 0:00 /usr/local/sbin/clamd
5150 pts/5 S+ 0:00 grep clam
..when arrived mail with virus (gfi test) I have:
Sep 20 13:46:32 localhost postfix/qmgr[4133]: 298F7ED0517:
from=<emailtesting at gfi.com>, size=6650, nrcpt=1 (queue active)
Sep 20 13:46:32 localhost postfix/smtpd[4940]: disconnect from
gfiservers.gfi.com[69.20.55.130]
Sep 20 13:46:32 localhost postfix/smtpd[4949]: connect from
localhost.localdomain[127.0.0.1]
Sep 20 13:46:32 localhost postfix/smtpd[4949]: 9B8F3ED0518:
client=localhost.localdomain[127.0.0.1]
Sep 20 13:46:32 localhost postfix/cleanup[5000]: 9B8F3ED0518:
message-id=<S44374H4sPWuc2gKJHx00001942 at S44374>
Sep 20 13:46:32 localhost postfix/qmgr[4133]: 9B8F3ED0518:
from=<emailtesting at gfi.com>, size=7045, nrcpt=1 (queue active)
Sep 20 13:46:32 localhost postfix/smtpd[4949]: disconnect from
localhost.localdomain[127.0.0.1]
Sep 20 13:46:32 localhost amavis[4996]: (04996-03) Passed CLEAN,
[69.20.55.130] [69.20.55.130] <emailtesting at gfi.com> ->
<test2 at mydomain.biz>, Message-ID: <S44374H4sPWuc2gKJHx00001942 at S44374>,
Hits: -, 272 ms
Sep 20 13:46:32 localhost postfix/smtp[4945]: 298F7ED0517:
to=<test2 at mydomain.biz>, relay=127.0.0.1[127.0.0.1], delay=0, status=sent
(250 2.6.0 Ok, id=04996-03, from MTA: 250 Ok: queued as 9B8F3ED0518)
Sep 20 13:46:32 localhost postfix/qmgr[4133]: 298F7ED0517: removed
Sep 20 13:46:32 localhost postfix/local[4950]: 9B8F3ED0518:
to=<test2 at mydomain.biz>, relay=local, delay=0, status=sent (delivered to
mailbox)
Sep 20 13:46:32 localhost postfix/qmgr[4133]: 9B8F3ED0518: removed
my amavid.conf is:
$virus_admin = undef; # notifications recip.
$mailfrom_notify_admin = "virusalert\@$mydomain"; # notifications
sender
$mailfrom_notify_recip = "virusalert\@$mydomain"; # notifications
sender
$mailfrom_notify_spamadmin = "spam.police\@$mydomain"; # notifications
sender
$mailfrom_to_quarantine = ''; # null return path; uses original sender if
undef
$final_virus_destiny = D_DISCARD
### http://www.clamav.net/
['ClamAV-clamd',
\&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd.sock"],
qr/\bOK$/, qr/\bFOUND$/,
qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
# NOTE: run clamd under the same user as amavisd; match the socket
# name (LocalSocket) in clamav.conf to the socket name in this entry
# When running chrooted one may prefer: ["CONTSCAN {}\n","$MYHOME/clamd"],
);
# See https://secure.renaissoft.com/maia/wiki/VirusScannerConfig
# for more virus scanner definitions.
@av_scanners_backup = (
### http://www.clamav.net/ - backs up clamd or Mail::ClamAV
['ClamAV-clamscan', 'clamscan',
"--stdout --disable-summary -r --tempdir=$TEMPBASE {}", [0], [1],
qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
);
thanks.
------
Salvatore.
---
[This E-mail scanned for viruses by Declude Virus]
More information about the Maia-users
mailing list