Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

ClamAV whitelist e-mail address

Discussion in 'E-mail Discussion' started by Bdzzld, Sep 10, 2018.

  1. Bdzzld

    Bdzzld Well-Known Member

    Joined:
    Apr 3, 2004
    Messages:
    391
    Likes Received:
    4
    Trophy Points:
    168
    Hi,

    ClamAV sometimes blocks e-mails sent from my installed firewall (CSF/LFD) due to :

    Code:
    hostmaster@mydomain.ext
        (generated from root@servername.mydomain.ext)
        host mydomain.ext [xx.xx.xx.xxx]
        SMTP error from remote mail server after end of data:
        550-This message contains a virus or other harmful content
        550 (YARA.eval_post.UNOFFICIAL)
    

    I was wondering if it's possible to whitelist (or another sort of bypass) e-mail addresses (to or from) so such e-mails are not being scanned by ClamAV and are delivered normally.

    Thanks.
     
  2. cPanelLauren

    cPanelLauren Forums Analyst II
    Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    3,524
    Likes Received:
    251
    Trophy Points:
    193
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. rpvw

    rpvw Well-Known Member

    Joined:
    Jul 18, 2013
    Messages:
    911
    Likes Received:
    351
    Trophy Points:
    113
    Location:
    Spain
    cPanel Access Level:
    Root Administrator
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    cPanelLauren likes this.
  4. Bdzzld

    Bdzzld Well-Known Member

    Joined:
    Apr 3, 2004
    Messages:
    391
    Likes Received:
    4
    Trophy Points:
    168
    Well,

    I think it's fixed by going to:

    Code:
    WHM >> Plugins >> Configure ClamAV >> User Configuration >> Configure Individual Scan Preferences
    
    and then deselecting "Scan Mail" for the hostmaster@mydomain.ext cPanel user.

    Will see if that works... Luckily we occasionally receive such an e-mail from the firewall.
     
  5. rpvw

    rpvw Well-Known Member

    Joined:
    Jul 18, 2013
    Messages:
    911
    Likes Received:
    351
    Trophy Points:
    113
    Location:
    Spain
    cPanel Access Level:
    Root Administrator
    I'm not sure it is exactly fixed ! You are just treating the symptom, and not the issue, by NOT scanning any mail for any account under that user.

    Whilst this should stop the mails that may well be false positives, it will have consequences of NOT protecting any of the mail boxes for that user from ANY malware payloads.

    Personally, I would put up with an occasional mail about a false positive, to ensure I didn't miss something that might prove to be entirely more destructive.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    cPanelLauren likes this.
  6. Bdzzld

    Bdzzld Well-Known Member

    Joined:
    Apr 3, 2004
    Messages:
    391
    Likes Received:
    4
    Trophy Points:
    168
    @rpvw: I understand what you mean. However, e-mail is not only scanned by ClamAV before it's actually downloaded. We also use MailWasher Pro before and ESET Smart Security during download. So this may not be a suitable option for the majority, but it is for us now.
     
  7. cPanelLauren

    cPanelLauren Forums Analyst II
    Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    3,524
    Likes Received:
    251
    Trophy Points:
    193
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Hi @Bdzzld

    While I do agree with @rpvw's sentiments on this issue I am happy you were able to employ a solution that worked for you. Thank you for letting us know!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice