Mailing List Archive

1 2  View All
Re: [clamav-users] ClamAVPlugin [ In reply to ]
Hi there,

On Mon, 22 Feb 2021, Joe Acquisto-j4 wrote:

> myhost:~ # cp eicar.txt /etc/
>
> then this worked::
>
> myhost:~ # clamdscan /etc/eicar.txt
> /etc/eicar.txt: Eicar-Signature FOUND

You have clamd working. :)

So you just need to get clamav-milter to talk to clamd, and Postfix to
talk to clamav-milter, and everything will be peachy. Well, not really
peachy - then you'll be starting on your assessment of how it performs
with your particular profile of unwanted mail, which will be different
from the profiles seen by everyone else. Feedback will be useful.

--

73,
Ged.

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: [clamav-users] ClamAVPlugin [ In reply to ]
> Hi there,
>
> On Mon, 22 Feb 2021, Joe Acquisto-j4 wrote:
>
>> myhost:~ # cp eicar.txt /etc/
>>
>> then this worked::
>>
>> myhost:~ # clamdscan /etc/eicar.txt
>> /etc/eicar.txt: Eicar-Signature FOUND
>
> You have clamd working. :)
>
> So you just need to get clamav-milter to talk to clamd, and Postfix to
> talk to clamav-milter,

Easier said than done. <g?

> and everything will be peachy. Well, not really
> peachy - then you'll be starting on your assessment of how it performs
> with your particular profile of unwanted mail, which will be different
> from the profiles seen by everyone else. Feedback will be useful.
>
> --
>
> 73,
> Ged.
>

However, in the end it appears it's working.
At least as far a getting an email header line that states:

"X-Virus-Status: Clean
X-Virus-Scanned: clamav-milter 0.103.0 at auxilary"

In summary, knowing what logs are where, paying attention to
what the message mean, assuring you have *exactly* the same
path in the appropriate config files, assigning proper rights/ownership
of files, goes a long way toward achieving success.

Thanks for the patience and guidance.

More needs to be done, of course. but this is a boost.

joe a.





_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: [clamav-users] ClamAVPlugin [ In reply to ]
Greetings

Seems time to address this
. . .
6. What happens if you mail to yourself something containing the
>>> EICAR test file? Check all your log files as well as looking
>>> for mail headers etc.
>>
>> That has proven difficult as every place I have an email client out in
>> the great wilderness, has strict checking and blocks EICAR ...
>
> Can you not simply use your own mail server to send yourself mail??
>

Sending mail via the local postfix host bypasses spamassassin (spamd)
and clamav (clamd/clamav-milter).

It gets passed on virtually untouched. Currently posted on postfix users
list hoping for an answer. but maybe some one here knows what might be
wrong with my postfix config?

>
> 73,
> Ged.
>

joe a


_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: [clamav-users] ClamAVPlugin [ In reply to ]
> Greetings
>
> Seems time to address this
> . . .
> 6. What happens if you mail to yourself something containing the
>>>> EICAR test file? Check all your log files as well as looking
>>>> for mail headers etc.
>>>
>>> That has proven difficult as every place I have an email client out in
>>> the great wilderness, has strict checking and blocks EICAR ...
>>
>> Can you not simply use your own mail server to send yourself mail??
>>
>
> Sending mail via the local postfix host bypasses spamassassin (spamd)
> and clamav (clamd/clamav-milter).
>
> It gets passed on virtually untouched. Currently posted on postfix users
> list hoping for an answer. but maybe some one here knows what might be
> wrong with my postfix config?
>
>>
>> 73,
>> Ged.
>>
>
> joe a
>

The clamd local scanning was resolved by setting up non_smptd_milter to
the same socket as smtpd_milter. Simple, obvious.

/var/log/mail/ showed EICAR detected, but the received (locally sent) email
did not have a flag in the header to show that.

In any event, I now need to do something with, or to, the "infected" email, which
could be a simple as adding something to the subject line. However, how to do
that, or if it is even possible, is not obvious to me.

joe a.


_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: [clamav-users] ClamAVPlugin [ In reply to ]
Hi there,

On Mon, 22 Feb 2021, Joe Acquisto-j4 wrote:

> ... I now need to do something with, or to, the "infected" email, which
> could be a simple as adding something to the subject line. However, how to do
> that, or if it is even possible, is not obvious to me.

You need to do some work. I've given you links to the documentation.

--

73,
Ged.

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

1 2  View All