For those running MailScanner - Important Information

[chirpy]

Simplest way:

Code:

wget http://www.configserver.com/free/msinstall.tar.gz
tar -xzf msinstall.tar.gz
cd msinstall/
sh install.sh

Select the Upgrade option.

[gflamerich]

So long as you have the domains configured to be scanned and have the appropriate actions set (i.e. presumably to delete the spam) in the ruleset files, MailScanner will scan all email (unlike the inbuild SpamAssassin method). Those ruleset files are in:

/usr/mailscanner/etc/rules/spam.scanning.rules

/usr/mailscanner/etc/rules/spam.action.rules
/usr/mailscanner/etc/rules/spamhigh.action.rules

Remember that in those last two files, if you set the action to deliver then spam will still be forwarded, but tagged. If you don't want it forwarded, change deliver to delete then restart MailScanner.

Chirpy, thanks for your answer, but just don't understand why we should change the spam rules?. We are not scanning for spam for all domains, but we do for viruses.
Our virus.scanning.rules is set FromOrTo: default yes

Here is what we saw at our logs:
2005-06-19 07:05:20 1Djxby-00065p-Nz ** ####@cantv.net <####@#####.com> R=lookuphost T=remote_smtp: SMTP error from remote mailer after end of data: host relay.cantv.net [200.44.32.36]: 554 5.7.1 virus HTML.Phishing.Bank-1 detected by ClamAV - http://www.clamav.net

[chirpy]

but just don't understand why we should change the spam rules?

Because I didn't read your question closely enough, sorry

I would guess that from the message given from the bounce:

1. Are you running the latest version of MailScanner enabled with the anti-phishing settings enabled in MailScanner.conf

2. Do you have the latest version of ClamAV installed, currently v0.85.1?
http://www.configserver.com/free/clamav.html

3. Do you have the latest Mail::ClamAV installed if you're using the clamavmodule, currently v0.17?

[gflamerich]

Because I didn't read your question closely enough, sorry

I would guess that from the message given from the bounce:

1. Are you running the latest version of MailScanner enabled with the anti-phishing settings enabled in MailScanner.conf

2. Do you have the latest version of ClamAV installed, currently v0.85.1?
http://www.configserver.com/free/clamav.html

3. Do you have the latest Mail::ClamAV installed if you're using the clamavmodule, currently v0.17?

Thanks Chirpy
Yes to 2 and 3.
We are not using the anti-phishing from MailScanner, because we are not completily agree with that test. Maybe you can tell us how it really worsk, because if only cheks visible link to the real link, many people uses that with no bad intention. We didn't find any detail info at mailscanner site.

On the other hand, what we have reported from that ISP is that CalmAV had found a virus, not a phising itself, when seting the anti-phising, the report is from ClamAV, like the one we receive from the ISP?
Thanks again Chirpy
Gustavo

[kmsd]

Simplest way:

Code:

wget http://www.configserver.com/free/msinstall.tar.gz
tar -xzf msinstall.tar.gz
cd msinstall/
sh install.sh

Select the Upgrade option.

Thanks Chirpy; I'm going to do this over the weekend. I downloaded and read the script; great work!

One more question; my current install is from your service with the custom MailWatch setup. I noticed that Mailwatch will be retained; thanks .

Question; is this usr and sysconfdir prefix correct for your install?

1. wget http://unc.dl.sourceforge.net/source.../clamav.tar.gz
2. tar xfzv clamav.tar.gz
3. cd clamav
4. ./configure --prefix=/usr --sysconfdir=/etc
5. make
6. make install

[spiff06]

kmsd wrote:

Question; is this usr and sysconfdir prefix correct for your install?

As mentioned earlier in this thread, using these two parameters in the ./configure call gave me trouble. I say use a plain call.

[chirpy]

Yup, just do a standard install:
http://www.configserver.com/free/clamav.html

[kmsd]

I just updated ClamAV without the options and ran the amazing script Chirpy provides. Everthing went flawlessly. Thanks!

[rqsweat]

All,

I just wanted to let you know that after a recenr CP Update this weekend, my email broke completely and CHirpy's instructions above fixed it.