[Rspamd-Users] Doubt on Antivirus settings

Thomas Plant thomas at plant.systems
Fri Nov 9 15:44:03 UTC 2018


We do have installed the unofficial Signatures from Sanesecurity.

So, setting 'scan_mime_parts = false;' and having "ScanMail=yes' in 
Clamav Daemon would scan the entire mail and use the Sanesecurity 
Signatures.?

It is the same as setting:
scan_mime_parts = true;
     scan_text_mime = true;
     scan_image_mime = true;

But not doing three calls to the clamav daemon? Or am i completely 
misguided?


Am 09.11.2018 um 15:38 schrieb Carsten Rosenberg:
> Every mail is being scanned, when there is no cached result.
>
> The only question is, will the complete mail or only parts (maybe
> attachments like .exe, .docx, .iso)..
>
>
> Set
>
> scan_mime_parts = false;
>
> or scan just non-text, non-image parts
>
>>> scan_mime_parts = true;
>>> scan_text_mime = false;
>>> scan_image_mime = false;
> when you have a default ClamAV, Sophos or Avira. This setting would also
> scan your .iso
>
>
>
> Currently the only benefit for enabling all options
>
>> scan_mime_parts = true;
>> scan_text_mime = true;
>> scan_image_mime = true;
> is when you use additional unofficial ClamAV sigs like Sanesecurity or
> SecuriteInfo
>
> Carsten
>
>
>
> On 09.11.18 15:31, Thomas Plant via Users wrote:
>> Thanks, for the answer.
>>
>> So, for a better understanding, if I set:
>>
>> scan_mime_parts = true;
>> scan_text_mime = true;
>> scan_image_mime = true;
>>
>> also all incoming mails are scanned?
>>
>>
>> Am 09.11.2018 um 15:12 schrieb Carsten Rosenberg:
>>> With scan_mime_parts = false; you tell rspamd to scan the complete mail.
>>>
>>> scan_text_mime = true; -> this setting is unused when scanning the
>>> complete mail.
>>>
>>> -- 
>>>
>>> Some examples:
>>>
>>> scan_mime_parts = true;
>>> scan_text_mime = false;
>>> scan_image_mime = false;
>>>
>>> -> Scan mime parts separately, but so not scan Text or Image Parts.
>>>
>>> -- 
>>>
>>> scan_mime_parts = true;
>>> scan_text_mime = true;
>>> scan_image_mime = true;
>>>
>>> -> Scan mime parts separately and also scan Text and Image parts.
>>>
>>> -- 
>>>
>>> So your mail should have been scanned with your settings.
>>>
>>> Carsten
>>>
>>>
>>> On 09.11.18 14:32, Thomas Plant via Users wrote:
>>>> Hello,
>>>>
>>>> maybe it is because it's friday and my mind is a litte tired but I have
>>>> a problem of understanding these settings:
>>>>
>>>>     scan_mime_parts = false;
>>>>     scan_text_mime = true;
>>>>
>>>> made this way, will cause every mail to be scanned by the antivirus? Or
>>>> do exist other criteria when to scan an incoming mail?
>>>>
>>>> This is because I had a mail with an '.iso' file attached which has not
>>>> been scanned by the antivirus. And it did not match the max_size setting
>>>> in AV-module, it was way less than the 10 Mbytes I had setted as a
>>>> limit.
>>>>
>>>> Sincerely,
>>>> Thomas



More information about the Users mailing list