ClamAV whitelist e-mail address

Bdzzld

Well-Known Member
Apr 3, 2004
410
5
168
Hi,

ClamAV sometimes blocks e-mails sent from my installed firewall (CSF/LFD) due to :

Code:
[email protected]
    (generated from [email protected])
    host mydomain.ext [xx.xx.xx.xxx]
    SMTP error from remote mail server after end of data:
    550-This message contains a virus or other harmful content
    550 (YARA.eval_post.UNOFFICIAL)

I was wondering if it's possible to whitelist (or another sort of bypass) e-mail addresses (to or from) so such e-mails are not being scanned by ClamAV and are delivered normally.

Thanks.
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,296
1,266
313
Houston

Bdzzld

Well-Known Member
Apr 3, 2004
410
5
168
Well,

I think it's fixed by going to:

Code:
WHM >> Plugins >> Configure ClamAV >> User Configuration >> Configure Individual Scan Preferences
and then deselecting "Scan Mail" for the [email protected] cPanel user.

Will see if that works... Luckily we occasionally receive such an e-mail from the firewall.
 

rpvw

Well-Known Member
Jul 18, 2013
1,101
459
113
UK
cPanel Access Level
Root Administrator
I think it's fixed
I'm not sure it is exactly fixed ! You are just treating the symptom, and not the issue, by NOT scanning any mail for any account under that user.

Whilst this should stop the mails that may well be false positives, it will have consequences of NOT protecting any of the mail boxes for that user from ANY malware payloads.

Personally, I would put up with an occasional mail about a false positive, to ensure I didn't miss something that might prove to be entirely more destructive.
 
  • Like
Reactions: cPanelLauren

Bdzzld

Well-Known Member
Apr 3, 2004
410
5
168
@rpvw: I understand what you mean. However, e-mail is not only scanned by ClamAV before it's actually downloaded. We also use MailWasher Pro before and ESET Smart Security during download. So this may not be a suitable option for the majority, but it is for us now.