Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

ClamAV on mdbox instead of maildir

Discussion in 'Security' started by Hedloff, Aug 7, 2018.

  1. Hedloff

    Hedloff Well-Known Member

    Jun 7, 2004
    Likes Received:
    Trophy Points:
    Up north!
    cPanel Access Level:
    DataCenter Provider

    How does clamav scan work on mdbox? On maildir it will remove a email that is infected in the same folder when running command:
    clamscan -ri --remove

    But in mdbox the emails are compressed togheter in same file, how will that work?
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Apr 11, 2011
    Likes Received:
    Trophy Points:
    cPanel Access Level:
    Root Administrator
    Hello @Hedloff,

    I don't recommend using the "--remove" flag with the clamscan command when the mdbox mailbox format is enabled because it can remove legitimate messages. For instance, let's say clamscan finds a virus in an email that's stored on an account using the mdbox format. The output will look like this:

    /home/username/mail/ Eicar-Test-Signature FOUND
    If you were to add the "--remove" flag to the clamscan command, it would remove the entire /home/username/mail/ storage file and thus remove all emails stored in that file.

    The better approach is to use clamscan to find the infected files, and then use the doveadm command to further search for and remove the individual email. Here's some information on this topic from our Configure ClamAV Scanner document:

    Thank you.
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice