[Rspamd-Users] ICAP still not working

Carsten Rosenberg cr at ncxs.de
Wed Aug 17 10:54:34 UTC 2022


Hey,


On 17.08.22 08:18, lutz.niederer at gmx.net wrote:
> Hi.
> 
> I started all over again with a fresh and clean install.
> 
> I am on jammy (22.04), did install the libs from focal (libicu66 & libssl1.1), downloaded & installed the rspamd experimental deb package for focal (3.3-0).  I did enable very verbose operation and let it run.
> 
> The ICAP server is waiting for connections.  I did verify that the ICAP server really works with c-icap-client and an eicar file.  Everything is fine.
> 
> Now I sent an email with eicar as body.  The ICAP server was not triggered in any way by rspamd.  It means that the ICAP server was not even tried to be contacted by rspamd.
> 
> Here comes the config:
> 
> # local.d/external_services.conf
> icap {
>    enabled = true;  #dont't know if this is needed
>    servers = "127.0.0.1:1344";
>    user_agent = "agent_coulson";
>    scheme = "respmod";
>    x_client_header = true,
>    x_rcpt_header = true,
>    x_from_header = true,
>    symbol = "ICAP_VIRUS";
>    type = "icap";
>    scan_mime_parts = true;
>    scan_text_mime = true;
>    scan_image_mime = true;
>    action = "reject";
>    log_clean = true;
>    patterns {
>      # symbol_name = "pattern";
>      JUST_EICAR = '^Eicar-Test-Signature$';
>    }
> }
> ...
> I set the ICAP server to 130.0.0.1 and expected some sort of error, but the output was the same (except server=130.0.0.1).
> I did also install the latest stable version for focal (3.2.1), samesame.
> So I see that with the latest & experimental versions it does not work.  Because some things seem to load I am unsure if there may be an error in my configuration.
> Am I right that only adding that snippet to external_services.conf should enable ICAP?  Did I forget something?  Is anything else needed?
> 
> I thank you very much for any help!
> -lutzn
> 
> 

your config looks good so far. Please set logging to normal, but 
activate debug logging for the icap module:

#local.d/logging.inc:
debug_modules=['icap'];

If you use the Eicar string in just in a simple Mail, none of the scan 
options below will be maybe triggered. Try use scan_mime_parts = false 
or use and eicar file as attachment.

Please send us the complete logs of the scan.


--
Carsten


More information about the Users mailing list