[Rspamd-Users] Clamav Rspamd not reject virus
Emanuel Gonzalez
emanuel_gonzalez at live.com.ar
Fri Jan 11 13:51:33 UTC 2019
Good morning to everybody, i use exim with rspamd and clamav.
when sending an email with a virus, it is not automatically discarded by rspamd
2019-01-11 10:45:51 #5552(normal) <020f61>; task; rspamd_task_write_log: id: <3ebd3b84-c6d7-8af1-a8ba-b217796cb9e3 at x.com>, qid: <1ghx88-0000e7-Nd>, ip: 200.58.109.74, from: <emanuel.gonzalez at x.com>, (default: T (reject): [0.87/nan] [IP_SCORE(-3.53){ip: (-9.39), ipnet: 200.58.109.0/24(-4.66), asn: 27823(-3.56), country: AR(-0.05);},MIME_BAD_EXTENSION(2.00){exe;},MIME_BAD_ATTACHMENT(1.60){exe;},HTML_SHORT_LINK_IMG_2(1.00){},R_SPF_ALLOW(-0.20){+ip4:200.58.96.0/20;},MIME_GOOD(-0.10){multipart/mixed;multipart/alternative;text/plain;},MIME_UNKNOWN(0.10){application/x-msdos-program;},ARC_NA(0.00){},ASN(0.00){asn:27823, ipnet:200.58.109.0/24, country:AR;},DMARC_NA(0.00){x.com;},FROM_EQ_ENVFROM(0.00){},FROM_HAS_DN(0.00){},HAS_ATTACHMENT(0.00){},HAS_X_ANTIABUSE(0.00){},JUST_EICAR(0.00){Eicar-Test-Signature;},MID_RHS_MATCH_FROM(0.00){},MIME_TRACE(0.00){0:+;1:+;2:+;4:-;4:~;},MX_GOOD(0.00){cached: mx1.x.com;},RCPT_COUNT_ONE(0.00){1;},RCVD_COUNT_TWO(0.00){2;},RCVD_IN_DNSWL_NONE(0.00){74.109.58.200.list.dnswl.org : 127.0.5.0;},RCVD_TLS_ALL(0.00){},RCVD_VIA_SMTP_AUTH(0.00){},R_DKIM_NA(0.00){},TO_DN_NONE(0.00){},TO_MATCH_ENVRCPT_ALL(0.00){}]), len: 9670, time: 831.345ms real, 10.011ms virtual, dns req: 43, digest: <88311d5681415f7345c8ecbdad01759b>, rcpts: <bid.bid at x.tk>, mime_rcpts: <bid.bid at x.tk>, forced: reject "clamav: virus found: "Eicar-Test-Signature""; score=nan (set by antivirus)
clamav log:
ELF support enabled.
Mail files support enabled.
OLE2 support enabled.
PDF support enabled.
SWF support enabled.
HTML support enabled.
XMLDOCS support enabled.
HWP3 support enabled.
Self checking every 600 seconds.
instream(127.0.0.1 at 57908): Eicar-Test-Signature FOUND
####
antivirus.conf
clamav {
attachments_only = true;
symbol = "CLAM_VIRUS";
message = "${SCANNER}: virus found: \"${VIRUS}\"";
log_clean = true;
patterns {
JUST_EICAR = "^Eicar-Test-Signature$";
}
max_size = 20000000;
type = "clamav";
whitelist = "/etc/rspamd/antivirus.wl";
servers = "127.0.0.1:3310";
action = "reject";
}
the virus is detected in the attachment but I receive it in my inbox
any ideas.?
More information about the Users
mailing list