Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. SpamAssassin>
  3. users
Spamassassin 4 and ClamAVMultipleScores.
skeffling at gmail
Nov 2, 2023, 2:05 PM
Post #1 of 4 (167 views)
Permalink
Hello,

We're using clam, some extra signatures, and the plugin/config as described
on
https://cwiki.apache.org/confluence/display/SPAMASSASSIN/ClamAVMultipleScores
to give different signature families different scores.

Since moving to v4, I don't think it's working...

The only rule that is matched now, is the generic CLAMAV_VIRUS rule.
The rules for the various other signatures are no longer matched.
Could this be due to the change in priorities for meta rules, and now these
meta rules are running before they get to see the results from clam?

I can send my config examples and debug output if that's helpful.

Thanks!
Re: Spamassassin 4 and ClamAVMultipleScores. [ In reply to ]
thanadon at gmail
Nov 2, 2023, 7:14 PM
Post #2 of 4 (163 views)
Permalink
The X-Spam-Virus could be absent from the email header.

You can consider adding the following line:

add_header spam Virus _VIRUSRESULT_

If this doesn't work, the ClamAV plugin might need to include
"put_metadata('X-Spam-Virus')" when it detects a virus.

Jimmy


On Fri, Nov 3, 2023 at 4:06?AM Andrew Hearn <skeffling@gmail.com> wrote:

> Hello,
>
> We're using clam, some extra signatures, and the plugin/config as
> described on
> https://cwiki.apache.org/confluence/display/SPAMASSASSIN/ClamAVMultipleScores
> to give different signature families different scores.
>
> Since moving to v4, I don't think it's working...
>
> The only rule that is matched now, is the generic CLAMAV_VIRUS rule.
> The rules for the various other signatures are no longer matched.
> Could this be due to the change in priorities for meta rules, and now
> these meta rules are running before they get to see the results from clam?
>
> I can send my config examples and debug output if that's helpful.
>
> Thanks!
>
Re: Spamassassin 4 and ClamAVMultipleScores. [ In reply to ]
users at spamassassin
Nov 2, 2023, 8:04 PM
Post #3 of 4 (163 views)
Permalink
That page had it all wrong from the beginning. Adjusting priority only for
subrules but not the metas (yes metas don't use priorities in 4.0 but
relative priorities are still adjusted for backwards compatibility,
__CLAMAV* end up as priority 0 like everything else).

The logical way to handle this is to simply run CLAMAV earlier, ditch all
the other priority settings. Fixed the wiki.


On Thu, Nov 02, 2023 at 09:05:49PM +0000, Andrew Hearn wrote:
> Hello,
>
> We're using clam, some extra signatures, and the plugin/config as described on
> https://cwiki.apache.org/confluence/display/SPAMASSASSIN/ClamAVMultipleScores
> to give different signature families different scores.
>
> Since moving to v4, I don't think it's working...
>
> The only rule that is matched now, is the generic CLAMAV_VIRUS rule.
> The rules for the various other signatures are no longer matched.
> Could this be due to the change in priorities for meta rules, and now these
> meta rules are running before they get to see the results from clam?
>
> I can send my config examples and debug output if that's helpful.
>
> Thanks!
Re: Spamassassin 4 and ClamAVMultipleScores. [ In reply to ]
skeffling at gmail
Nov 3, 2023, 3:14 AM
Post #4 of 4 (161 views)
Permalink
Thanks for the reply Jimmy.

After playing some more - with priorities in clamav.cf, I got it working,
and was just about to explain a fix, when I noticed Henrik has updated the
ClamAVMultipleScores page to have a similar (actually better!) fix that I
was going to suggest!

# Run CLAMAV early so all the rules here will see the results
priority CLAMAV -10

and removal of all the individual priorities

Thanks Henrik!

Andrew.

On Fri, 3 Nov 2023 at 02:15, Jimmy <thanadon@gmail.com> wrote:

>
> The X-Spam-Virus could be absent from the email header.
>
> You can consider adding the following line:
>
> add_header spam Virus _VIRUSRESULT_
>
> If this doesn't work, the ClamAV plugin might need to include
> "put_metadata('X-Spam-Virus')" when it detects a virus.
>
> Jimmy
>
>
> On Fri, Nov 3, 2023 at 4:06?AM Andrew Hearn <skeffling@gmail.com> wrote:
>
>> Hello,
>>
>> We're using clam, some extra signatures, and the plugin/config as
>> described on
>> https://cwiki.apache.org/confluence/display/SPAMASSASSIN/ClamAVMultipleScores
>> to give different signature families different scores.
>>
>> Since moving to v4, I don't think it's working...
>>
>> The only rule that is matched now, is the generic CLAMAV_VIRUS rule.
>> The rules for the various other signatures are no longer matched.
>> Could this be due to the change in priorities for meta rules, and now
>> these meta rules are running before they get to see the results from clam?
>>
>> I can send my config examples and debug output if that's helpful.
>>
>> Thanks!
>>
>

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal