[Rspamd-Users] [ext] Re: New to rspamd
Robert Moskowitz
rgm at htt-consult.com
Wed Feb 6 13:33:49 UTC 2019
I thank you all for your responses.
I have thought about this overnight and decided that my mailserver
upgrade is long overdue. I am going to implement spamassasin etal with
all the new underpinnings and things I want to add and get the basic
like moving from Redsleeve6 (CentOS6 spin for armhfp) to CentOS7-armhfp.
Then I will come back to this in about a month, after a bunch of
reading, and spend the time to get it right. I am changing enough as is.
I still want to know about SELinux integration. I did not see any
reference to SELinux.
On 2/6/19 4:29 AM, Ralf Hildebrandt wrote:
> * Ian Springett <ian.springett at giacom.com>:
>
>> Clamav integration is documented but doesn't work as advertised.
> ...
>
>> To wit:
>>
>> where is the clamav integration covered? I have looked at:
>>
>> https://rspamd.com/doc/modules/antivirus.html
> All I did in /etc/rspamd/local.d/antivirus.conf was:
>
> first {
> action = "reject";
>
> scan_mime_parts = true;
> scan_text_mime = true;
> scan_image_mime = true;
>
> symbol = "CLAM_VIRUS";
> type = "clamav";
> log_clean = false;
> timeout = 30.0;
> retransmits = 4;
> servers = "127.0.0.1:3310";
> patterns = [{SANE_MAL = 'Sanesecurity\.Malware\.*'}, {CLAM_UNOFFICIAL = 'UNOFFICIAL$'}, {CLAM_OLE2_VBA_MACRO = '^Heuristics\.OLE2\.ContainsMacros$'}];
> whitelist = "/etc/rspamd/antivirus.wl";
> }
>
> The section is called "first", since I have a second scanner.
> I use patterns to transform the "unoffical" clamav signatures into
> symbols.
>
> I had to make clamd listen on a TCP socket:
>
> # netstat -tulpen |fgrep 3310
> tcp 0 0 127.0.0.1:3310 0.0.0.0:* LISTEN 106 712192245 35943/clamd
>
> clamd.conf:
>
> ...
> LocalSocket /var/run/clamav/clamd.ctl
> TCPAddr localhost
> TCPSocket 3310
> FixStaleSocket true
> ...
>
> Can't help you with SELinux, though.
>
More information about the Users
mailing list