[Rspamd-Users] [ext] Re: New to rspamd
Ralf Hildebrandt
Ralf.Hildebrandt at charite.de
Wed Feb 6 09:29:04 UTC 2019
* Ian Springett <ian.springett at giacom.com>:
> Clamav integration is documented but doesn't work as advertised.
...
> To wit:
>
> where is the clamav integration covered? I have looked at:
>
> https://rspamd.com/doc/modules/antivirus.html
All I did in /etc/rspamd/local.d/antivirus.conf was:
first {
action = "reject";
scan_mime_parts = true;
scan_text_mime = true;
scan_image_mime = true;
symbol = "CLAM_VIRUS";
type = "clamav";
log_clean = false;
timeout = 30.0;
retransmits = 4;
servers = "127.0.0.1:3310";
patterns = [{SANE_MAL = 'Sanesecurity\.Malware\.*'}, {CLAM_UNOFFICIAL = 'UNOFFICIAL$'}, {CLAM_OLE2_VBA_MACRO = '^Heuristics\.OLE2\.ContainsMacros$'}];
whitelist = "/etc/rspamd/antivirus.wl";
}
The section is called "first", since I have a second scanner.
I use patterns to transform the "unoffical" clamav signatures into
symbols.
I had to make clamd listen on a TCP socket:
# netstat -tulpen |fgrep 3310
tcp 0 0 127.0.0.1:3310 0.0.0.0:* LISTEN 106 712192245 35943/clamd
clamd.conf:
...
LocalSocket /var/run/clamav/clamd.ctl
TCPAddr localhost
TCPSocket 3310
FixStaleSocket true
...
Can't help you with SELinux, though.
--
Ralf Hildebrandt Charite Universitätsmedizin Berlin
ralf.hildebrandt at charite.de Campus Benjamin Franklin
https://www.charite.de Hindenburgdamm 30, 12203 Berlin
Geschäftsbereich IT, Abt. Netzwerk fon: +49-30-450.570.155
More information about the Users
mailing list