Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Disable spamd / clamav rule for outgoing spamcheck

Discussion in 'E-mail Discussion' started by MichaelLoungeIT, May 21, 2019.

  1. MichaelLoungeIT

    MichaelLoungeIT Registered

    Joined:
    May 21, 2019
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Switzerland
    cPanel Access Level:
    DataCenter Provider
    Hi there,

    I have the following problem.
    A client tries to send an html mail and it fails with this error message:

    SMTP Fehler: [550] This message contains a virus or other harmful content
    (example.com.Spam-3504.UNOFFICIAL)


    I tried to whitelist this entry:
    example.com
    in clamav to /var/lib/clamav/whitelist.ign2

    didnt help.
    Then I tried to add to whitelist the domain in /etc/mail/spamassassin/local.cf
    -> also no success

    last try I created a /etc/skiprbldomains file with the domain added in there..
    restartet all services.. still no success ;(

    I have no further ideas.
    How can I make sure, that my client can send out the html mail and surpasses somehow the outgoing check or atleast whitelists that special case.. but i cannot find out how.
     
    #1 MichaelLoungeIT, May 21, 2019
    Last edited by a moderator: May 21, 2019
  2. cPanelLauren

    cPanelLauren Forums Analyst II Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    6,124
    Likes Received:
    474
    Trophy Points:
    233
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Hi @MichaelLoungeIT


    If you're trying to whitelist the user (you can't do the domain) you'd do it in the clamd.conf located at /usr/local/cpanel/3rdparty/etc/clamd.conf.

    You'd change the option/s as follows:

    Code:
    # With this option you can whitelist the root UID (0). Processes run under
    # root with be able to access all files without triggering scans or
    # permission denied events.
    # Note that if clamd cannot check the uid of the process that generated an
    # on-access scan event (e.g., because OnAccessPrevention was not enabled, and
    # the process already exited), clamd will perform a scan.  Thus, setting
    # OnAccessExcludeRootUID is not *guaranteed* to prevent every access by the
    # root user from triggering a scan (unless OnAccessPrevention is enabled).
    # Default: no
    #OnAccessExcludeRootUID no

    Code:
    # With this option you can whitelist specific UIDs. Processes with these UIDs
    # will be able to access all files without triggering scans or permission
    # denied events.
    # This option can be used multiple times (one per line).
    # Using a value of 0 on any line will disable this option entirely.
    # To whitelist the root UID (0) please enable the OnAccessExcludeRootUID
    # option.
    # Also note that if clamd cannot check the uid of the process that generated an
    # on-access scan event (e.g., because OnAccessPrevention was not enabled, and
    # the process already exited), clamd will perform a scan.  Thus, setting
    # OnAccessExcludeUID is not *guaranteed* to prevent every access by the
    # specified uid from triggering a scan (unless OnAccessPrevention is enabled).
    # Default: disabled
    #OnAccessExcludeUID -1

    If you're trying to whitelist a signature that's the portioin you'd do in the whitelist.ign

    You'd want to run clamscan against the file:
    Code:
    /usr/local/cpanel/3rdparty/bin/clamscan -i /users/file.ext
    Which should return the specific signature

    Then add the signature found to the whitelist you created

    Once it's added restart clamd:

    Code:
    /scripts/restartsrv_clamd
    Then run

    Code:
    /usr/local/cpanel/3rdparty/bin/clamscan -i /users/file.ext
    against the file again

    Thanks!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. MichaelLoungeIT

    MichaelLoungeIT Registered

    Joined:
    May 21, 2019
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Switzerland
    cPanel Access Level:
    DataCenter Provider
    the problem is.. It is an email, that somebody tries to send. So there is no File i can run against clam to get a correct signature.
    All i have, is that error message thrown by webmail when trying to send the email.
     
  4. Infopro

    Infopro cPanel Sr. Product Evangelist Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,877
    Likes Received:
    482
    Trophy Points:
    583
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Wouldn't it be easier to try and figure out what's in that email that's being flagged as "virus or other harmful content"? Even if you get it to send from your server, other servers are most likely going to block it as well.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice