[Rspamd-Users] Antivirus problem

Carsten Rosenberg cr at ncxs.de
Wed Apr 22 09:30:27 UTC 2020 

Hi

Am 22.04.20 um 11:25 schrieb Thomas Plant via Users:
> Here are missing lines from the rspamd log, it is from the same message
> above, but from a retry later on:
> 
> 2020-04-22 11:15:32 #31706(rspamd_proxy) <ef4d8f>; lua; clamav.lua:132:
> clamav: message or mime_part is clean
> 2020-04-22 11:15:32 #31706(rspamd_proxy) <ef4d8f>; lua; clamav.lua:132:
> clamav: message or mime_part is clean
> 2020-04-22 11:15:32 #31706(rspamd_proxy) <ef4d8f>; lua; clamav.lua:144:
> clamav: ClamAV Found an OLE2 Office Macro
> 2020-04-22 11:15:32 #31706(rspamd_proxy) <ef4d8f>; lua; common.lua:107:
> clamav: result - Scan has returned that input contains macros:
> "Heuristics.OLE2.ContainsMacros - score: 1"
> 2020-04-22 11:15:35 #31706(rspamd_proxy) <ef4d8f>; proxy;
> rspamd_symcache_finalize_item: slow rule: DCC_CHECK(233): 3107.59 ms;
> enable slow timer delay
> 2020-04-22 11:15:47 #31706(rspamd_proxy) <ef4d8f>; lua; clamav.lua:119:
> clamav: failed to scan, maximum retransmits exceed
> 2020-04-22 11:15:47 #31706(rspamd_proxy) <ef4d8f>; lua; common.lua:107:
> clamav: result - FAILED with error: "failed to scan and retransmits
> exceed - score: 0"
> 2020-04-22 11:15:47 #31706(rspamd_proxy) <ef4d8f>; lua; clamav.lua:119:
> clamav: failed to scan, maximum retransmits exceed
> 2020-04-22 11:15:47 #31706(rspamd_proxy) <ef4d8f>; lua; common.lua:107:
> clamav: result - FAILED with error: "failed to scan and retransmits
> exceed - score: 0"
> 2020-04-22 11:15:47 #31706(rspamd_proxy) <ef4d8f>; proxy;
> rspamd_symcache_finalize_item: slow rule: CLAM_VIRUS(229): 15053.12 ms;
> enable slow timer delay
> 2020-04-22 11:16:32 #31706(rspamd_proxy) <ef4d8f>; lua;
> oletools.lua:126: oletools: failed to scan, maximum retransmits exceed -
> err: IO timeout
> 2020-04-22 11:16:32 #31706(rspamd_proxy) <ef4d8f>; lua; common.lua:107:
> oletools: result - FAILED with error: "failed to scan, maximum
> retransmits exceed - err: IO timeout - score: 0"
> 2020-04-22 11:16:32 #31706(rspamd_proxy) <ef4d8f>; proxy;
> rspamd_symcache_finalize_item: slow rule: OLETOOLS(236): 45006.98 ms;
> enable slow timer delay
> 2020-04-22 11:16:32 #31706(rspamd_proxy) <ef4d8f>; lua;
> greylist.lua:416: greylisted until "Wed, 22 Apr 2020 09:21:32 GMT", new
> record

Please enable debug for the antivirus module. You have scan_text_mime
and scan_image_mime active. So you will have more than 1 scan per mail
w/ attachment.

The second scan failed. So Rspamd seems to be correct here.

--

Carsten

More information about the Users mailing list