Received-SPF: pass (Last token {+mx} (res=PASS)) client-ip=70.35.205.71; envelope-from=<lyle@lcrcomputer.info>; x-ip-name=ns3.lcrcomputer.net;
X-Received: from ns3.lcrcomputer.net (ns3.lcrcomputer.net [70.35.205.71])
by netwin.co.nz (SurgeMail 7.7j) with ESMTP (TLS) id 12166249-1391920
for <surgemail-list@netwinsite.com>; Tue, 26 Dec 2023 01:36:12 +0000
X-Return-Path: lyle
X-Default-Received-SPF: pass (skip=loggedin (res=PASS)) x-ip-name=67.175.209.228; envelope-from=<lyle@lcrcomputer.info>;
X-Received: from mail3.lcrcomputer.net (unverified [67.175.209.228])
by ns3.lcrcomputer.net (SurgeMail 7.7i) with ESMTP (TLS) id 585026-1235687
for <surgemail-list@netwinsite.com>; Tue, 26 Dec 2023 01:36:07 +0000
X-Return-Path: lyle
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lcrcomputer.info;
s=default; t=1703554567;
bh=30DPoxm0tSsF08Dc857v/h2h/njD09FB7LKZavzColQ=;
h=Date:To:From:Subject;
b=cLHTlNwWocxK6/Sk9xN4A270++YRztk+umaesZmKUDm3ptXdjMtrtXc5qHi+P5hVp
TfQen727YzACU5MteghMjTPx5WxqY/l/TCDp/Y7jHiXn/654biVZWKVILm5yN9Fr1f
9jdFFjPWhGBjDo/KNFvOzmN2usMf6fkM3KVDmZbE=
X-Default-Received-SPF: pass (skip=forwardok (res=PASS)) x-ip-name=192.168.250.160; envelope-from=<lyle@lcrcomputer.info>;
X-Received: from [192.168.250.160] (unverified [192.168.250.160])
by mail3.lcrcomputer.net (SurgeMail 7.7i) with ESMTP (TLS) id 304764-1794114
for <surgemail-list@netwinsite.com>; Mon, 25 Dec 2023 19:36:06 -0600
X-Return-Path: lyle
Message-ID: <aaa8c0e9-dbaf-44a6-9af0-f85dcb967cef@lcrcomputer.info>
Date: Mon, 25 Dec 2023 19:36:06 -0600
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Content-Language: en-US
To: surgemail-list@netwinsite.com
From: Lyle Giese
Subject: [SurgeMail List] using ClamAV with Surgemail
X-X-Authenticated-User: lyle@lcrcomputer.com
X-X-Qnum: 585026
X-X-Authenticated-User: auth_admin@ns3.lcrcomputer.net
X-Originating-IP: 70.35.205.71
X-Country: code=US country="United States" ip=70.35.205.71
X-Qnum: 12166249
X-ORBS-Accept: dnswl_none
X-Rcpt-To: <surgemail-list@netwinsite.com>
X-SpamDetect: ***: 3.3 sd=3.3 lv=6.75 nok=18/6 m=17 nf=5 Exact 0.04(X-myrbl:Color=white) 0.90(X-Phrase:isspam) 0.37(X-Verify-Helo:+OK) 0.39(X-NotAscii:utf) 0.49(X-LangGuess:English) Sval 3.3 bsan 6.8 Moved 6.8->3.3 Sval 3.3
X-NotAscii: charset=utf-8
X-LangGuess: English
X-Phrase: IsSpam score=1.00
X-Verify-Helo: +OK ns3.lcrcomputer.net
X-Dmarc: from=lyle@lcrcomputer.info dkim=Good known=True spf=True policy=none
Authentication-Results: netwin.co.nz header.from=lcrcomputer.info; dkim=pass (good signature)
X-Encryption: SSL encrypted
X-MyRbl: Color=White Age=115 Spam=0 Notspam=0 Stars=0 Good=3 Friend=2 Surbl=0 Catch=0 r=0 ip=70.35.205.71
X-IP-stats: Incoming Outgoing Last 31, First 1076, in=904, out=113, spam=0 Known=true ip=70.35.205.71
List-Unsubscribe: <mailto:surgemail-list-leave@netwin.co.nz?subject=unsubscribe>
X-Mailing-List: surgemail-list@netwin.co.nz
List-ID: <surgemail-list@netwin.co.nz>
Precedence: bulk
Reply-To: surgemail-list@netwin.co.nz
Content-Transfer-Encoding: 7bit
Content-Transfer-Encoding: 7bit
Running:
Version: Linux_64 7.7i-1 Oct 5 2023 12:03:19 (Special pre-release version installed)
I have had ClamAV installed with extra definations for a long time. I can not use AVAST due to the port 80 restrictions locally here in my home network.
I noticed recently(not sure how long) only a few messages were being scanned by ClamAV. Previously when I had checked all messages were run through ClamAV. Dug
around in the docs and commands and found 'g_virus_cmd_email' and set that to true and all messages seem to be scanned again.
I noticed two issues.
1) messages were being bounced. previously they were dropped. I found 'g_virus_cmd_drop' and played with setting that to TRUE or 1 with no change in behavior.
I find bouncing to not be the desired result, but dropping the message is required for long term use of this system.
2) Special admin messages coming from 'root@ns3.lcrcomputer.net' are being tagged. Because they are log messages from my smart host, they may contain stuff that
ClamAV would object to(expected behavior). I found g_virus_simple_skip' but that has not had any effect. I put the from address in here to no change in behavior.
3) I also noted that the current Surgemail implementation uses 'clamdscan'. I have the ClamAV daemon loaded with a usable unix socket and previously that was how
messages were passed to ClamAV. Plus as the postmaster, I had buttons to twist to fine tune behavior and even exempt special admin messages that can trip
ClamAV.
Any advice here? Am I missing/overlooking some internal Surgemail commands?
Lyle Giese