Yes, many think dropping a message is not a good idea. But a message that is a virus needs to be dropped.
They can be construed as malicious and can damage sender reputation. I am quit aware of the plus and minus of dropping vs bouncing and
want to drop anything ClamAV doesn't like. Plus many of these don't have a valid return address on them...
With 'g_virus_skip', how would I add a second or third email address to be skipped, if needed?
Thanks!
Lyle
On 26/12/2023 2:36 pm, Lyle Giese wrote: Running: Version: Linux_64 7.7i-1 Oct 5 2023 12:03:19 (Special pre-release version installed) I have had ClamAV installed with extra definations for a long time. I can not use AVAST due to the port 80 restrictions locally here in my home network. I noticed recently(not sure how long) only a few messages were being scanned by ClamAV. Previously when I had checked all messages were run through ClamAV. Dug around in the docs and commands and found 'g_virus_cmd_email' and set that to true and all messages seem to be scanned again. I noticed two issues. 1) messages were being bounced. previously they were dropped. I found 'g_virus_cmd_drop' and played with setting that to TRUE or 1 with no change in behavior. I find bouncing to not be the desired result, but dropping the message is required for long term use of this system. Why? dropping a message is almost never a good idea. 2) Special admin messages coming from 'root@ns3.lcrcomputer.net' are being tagged. Because they are log messages from my smart host, they may contain stuff that ClamAV would object to(expected behavior). I found g_virus_simple_skip' but that has not had any effect. I put the from address in here to no change in behavior Use g_virus_skip "root@ns3.lcrcomputer.net" 3) I also noted that the current Surgemail implementation uses 'clamdscan'. I have the ClamAV daemon loaded with a usable unix socket and previously that was how messages were passed to ClamAV. Plus as the postmaster, I had buttons to twist to fine tune behavior and even exempt special admin messages that can trip ClamAV. Any advice here? Am I missing/overlooking some internal Surgemail commands? You can set it to use any command you like, but clamdscan is the one that uses the port to send files to clamav to be scanned. ChrisP. Lyle Giese
Running: Version: Linux_64 7.7i-1 Oct 5 2023 12:03:19 (Special pre-release version installed) I have had ClamAV installed with extra definations for a long time. I can not use AVAST due to the port 80 restrictions locally here in my home network. I noticed recently(not sure how long) only a few messages were being scanned by ClamAV. Previously when I had checked all messages were run through ClamAV. Dug around in the docs and commands and found 'g_virus_cmd_email' and set that to true and all messages seem to be scanned again. I noticed two issues. 1) messages were being bounced. previously they were dropped. I found 'g_virus_cmd_drop' and played with setting that to TRUE or 1 with no change in behavior. I find bouncing to not be the desired result, but dropping the message is required for long term use of this system.
Running:
Version: Linux_64 7.7i-1 Oct 5 2023 12:03:19 (Special pre-release version installed) I have had ClamAV installed with extra definations for a long time. I can not use AVAST due to the port 80 restrictions locally here in my home network. I noticed recently(not sure how long) only a few messages were being scanned by ClamAV. Previously when I had checked all messages were run through ClamAV. Dug around in the docs and commands and found 'g_virus_cmd_email' and set that to true and all messages seem to be scanned again. I noticed two issues. 1) messages were being bounced. previously they were dropped. I found 'g_virus_cmd_drop' and played with setting that to TRUE or 1 with no change in behavior. I find bouncing to not be the desired result, but dropping the message is required for long term use of this system.
Why? dropping a message is almost never a good idea.
2) Special admin messages coming from 'root@ns3.lcrcomputer.net' are being tagged. Because they are log messages from my smart host, they may contain stuff that ClamAV would object to(expected behavior). I found g_virus_simple_skip' but that has not had any effect. I put the from address in here to no change in behavior
Use
g_virus_skip "root@ns3.lcrcomputer.net"
3) I also noted that the current Surgemail implementation uses 'clamdscan'. I have the ClamAV daemon loaded with a usable unix socket and previously that was how messages were passed to ClamAV. Plus as the postmaster, I had buttons to twist to fine tune behavior and even exempt special admin messages that can trip ClamAV. Any advice here? Am I missing/overlooking some internal Surgemail commands?
You can set it to use any command you like, but clamdscan is the one that uses the port to send files to clamav to be scanned.
ChrisP.
Lyle Giese
Last Message | Next Message