The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

MailScanner + ClamAV: It is not flawless!!!

Discussion in 'E-mail Discussions' started by SuperBaby, Jan 2, 2004.

  1. SuperBaby

    SuperBaby Well-Known Member

    Joined:
    Nov 27, 2003
    Messages:
    331
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Thailand
    cPanel Access Level:
    Website Owner
    Twitter:
    Do not scan attachments for single domain/address
    http://www.sng.ecs.soton.ac.uk/mailscanner/serve/cache/244.html

    Controlling filename-based filtering per domain
    http://www.sng.ecs.soton.ac.uk/mailscanner/serve/cache/97.html

    Dont Check Virus in some Fromto:
    http://www.sng.ecs.soton.ac.uk/mailscanner/serve/cache/173.html

    I am using: RedHat 9/CPanel/ClamAV/MailScanner.

    I have spent hours testing all the 3 configurations above. None of them is working. Whether I specified to have certain domains included in virus scan or attachment scan, they are ALL scanned. There is no way to tell MailScanner "Don't scan emails from/to domain1.com".

    The only difference I observed is that:
    If a domain is so-called "excluded" from the scan, the sender will receive a "Mail Delivery Failure" (mentioning that the email has viruses or contains banned file types) if the email contains viruses or banned file types. The receipient received NOTHING.

    If a domain is "included" in the scan, the sender will receive a "Warning: E-Mail viruses detected" notification (mentioning that the mail has viruses or contains banned file types) if the email contains viruses or banned file types. The receipient WILL receive a cleaned email with a special warning TAG.

    You see, there is no way to bypass the scanning. So the "Attach Signature to Unscanned Email" in MailScanner.conf will never work.

    Have a nice day !
     
  2. goodmove

    goodmove Well-Known Member

    Joined:
    May 12, 2003
    Messages:
    624
    Likes Received:
    0
    Trophy Points:
    16
    That must be why Nick does not officially support Mailscanner + Clamav.
     
  3. rs-freddo

    rs-freddo Well-Known Member

    Joined:
    May 13, 2003
    Messages:
    832
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Australia
    cPanel Access Level:
    Root Administrator
    If a domain is so-called "excluded" from the scan, the sender will receive a "Mail Delivery Failure" (mentioning that the email has viruses or contains banned file types) if the email contains viruses or banned file types. The receipient received NOTHING.

    This is because you forgot to disable antivirus.exim. It has nothing to do with mailscanner.
     
  4. damainman

    damainman Well-Known Member

    Joined:
    Nov 13, 2003
    Messages:
    515
    Likes Received:
    0
    Trophy Points:
    16
    If we're using the layer1 package we need to disabled antivirus.exim from WHM?
     
  5. rs-freddo

    rs-freddo Well-Known Member

    Joined:
    May 13, 2003
    Messages:
    832
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Australia
    cPanel Access Level:
    Root Administrator
    You don't have to. But why would you want a clean .exe file sent back to the recipient saying "zip it"? If it's clean it can go through - that's why you installed mailscanner and clamav.;)
     
  6. SuperBaby

    SuperBaby Well-Known Member

    Joined:
    Nov 27, 2003
    Messages:
    331
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Thailand
    cPanel Access Level:
    Website Owner
    Twitter:
    How do you configure MailScanner or ClamAV so that it passes through clean *.exe files?
     
  7. Bima

    Bima Member

    Joined:
    Jan 2, 2002
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    1
    You need to edit /etc/MailScanner/filetype.rules.conf and /etc/MailScanner/filename.rules.conf.

    Marek
     
  8. SuperBaby

    SuperBaby Well-Known Member

    Joined:
    Nov 27, 2003
    Messages:
    331
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Thailand
    cPanel Access Level:
    Website Owner
    Twitter:
    If I allow 'executable' files, what will happen to infected executable files?

    - MailScanner removes the virus from the executable file and sends the cleaned executable file in email.

    - MailScanner removes the infected executable file and sends the email without any file.

    - MailScanner does not send the email at all.

    I know what to edit in filetype.rules.conf but I am not sure what to do with filename.rules.conf
     
  9. perlchild

    perlchild Well-Known Member

    Joined:
    Sep 1, 2002
    Messages:
    279
    Likes Received:
    0
    Trophy Points:
    16
    The exact behaviour would also depend on your config, as mailscanner has options to "deliver" or "Quarantine" even infected files, you might want to ask on the mailscanner.info forum for a more in-depth explanation, I found the people there knowledgeable and even tempered(although reading the docs, and posting sanitized configs do help)
     
Loading...

Share This Page