[Rspamd-Users] Rspamd does not reject virus mails

Florian Piekert floppy at floppy.org
Thu Apr 10 14:18:01 UTC 2025 

Hello,

I use the metadata_exporter.conf approach for this purpose. Rejected and soft rejected end up in /var/spool/mail/quarantine/reject or soft_reject.

8<-----------8<---------
#
# local.d/metadata_exporter.conf
#
# script zum Abspeichern von rejected emails in eine quarantine
#
# Define custom selector(s)
#
   custom_select {
     mine = <<EOD
return function(task)
   local action = task:get_metric_action('default')
   return (action == 'reject' or action == 'soft reject')
end
EOD;
   }
   custom_push {
     mine = <<EOD
return function (task, data, rule)
   folder = task:get_metric_action('default')
   folder = folder.gsub(folder, ' ', '_')
   local rspamd_logger = require "rspamd_logger"
   rspamd_logger.infox(task, 'METATEST %s', folder)
   local rspamd_util = require "rspamd_util"
   rspamd_util.mkdir('/var/spool/mail/quarantine/' .. folder)
   file = io.open('/var/spool/mail/quarantine/' .. folder .. '/' .. task:get_queue_id(), "w")
   file:write(tostring(data))
   file:close()
end
EOD;
   }

   rules {

     quarantine {
       selector = "mine";
       formatter = "default";
       backend = "mine";
     }
   }
8<-----------8<---------

and in worker-proxy.inc I have
8<-----------8<---------
...
discard_on_reject = false;    # Discard message instead of rejection
#
quarantine_on_reject = false; # Tell MTA to quarantine rejected messages
...
8<-----------8<---------

Maybe this is what you are looking for?

Am 10.04.2025 um 16:09 schrieb Ralf Kania via Users:
> Hello Danjel,
> 
> when you set the option
> quarantine_on_reject = true;
> Than the spam mails will not rejected. They will be moved to the postfix hold queue.
> Afterwards you can move it via a script to /var/quarantine as example to check false positives.
> 
> Regards
> Ralf
> 
> -----Ursprüngliche Nachricht-----
> Von: Users <users-bounces at lists.rspamd.com> Im Auftrag von Danjel Jungersen via Users
> Gesendet: Donnerstag, 10. April 2025 14:05
> An: users at lists.rspamd.com
> Cc: Danjel Jungersen <danjel at jungersen.dk>
> Betreff: Re: [Rspamd-Users] Rspamd does not reject virus mails
> 
>> Is it possible to move spam mails to hold queue and reject virus mails?
> 
> I don't know about the hold part.
> 
> I put spam in a junk folder in the users mailbox.
> 
> But I reject virus using rspamd and clamav.
> 
> In:
> /etc/rspamd/local.d/antivirus.conf
> 
> I have:
> clamav {
>    attachments_only = false;
>    symbol = "CLAM_VIRUS";
>    type = "clamav";
>    action = "reject";
>    servers = "/var/run/clamav/clamd.ctl";
>    retransmits = 5;
>    timeout = 60;
> }

More information about the Users mailing list