Inbound doesn't catch SaneSecurity signature, Outbound does

Jim Knuth jk at jkart.de
Sat Nov 3 19:40:45 CET 2012


am 03.11.12 18:03 schrieb Noel Jones <njones at megan.vbhcs.org>:

> On 11/2/2012 1:12 PM, francis picabia wrote:
>>
>> Last night one user's account was over quota and the exchange server
>> tried to bounce back the phishing through our smtp gateway.  It caught 10
>> emails which were not caught on inbound by amavis.  I only see these
>> small examples.  I'm afraid our inbound is letting hundreds of phishing in.
>> Is the only solution to install Debian and configure with the config files
>> from our SMTP gateway which has been good at blocking phishing?
>>
>
>
> I can guarantee you that this isn't a Redhat vs. Debian issue.
>
> This is definitely a config issue.  Debugging this will require
> time, patience, and careful attention to detail.  There's just one
> little thing wrong, and you've been overlooking it for weeks now.
>
> Most of the phishing signatures are clamav type 4 signatures. For
> those to work, clamav must recognize the text as an email message.
> Maybe your mail program is adding some header that clamav doesn't
> recognize, preventing clamav type 4 signatures from working properly.
>
> http://www.freelists.org/post/sanesecurity/Purpose-of-sanesecurityftm-file,1
>
> http://www.clamav.net/doc/latest/signatures.pdf
>
> Maybe your sanesecurity.ftm file is missing, or your MTA is adding
> some other header that clamav doesn't recognize.  If you're adding
> some local header, you can create your own "local.ftm" file using
> the clamav documentation.

I have observed the same for a long time with myself.
The sanesecurity.ftm and daily.ftm is fine with
daily updates.

>
> Maybe your amavisd-new is not configured to pass the full email
> message to clamav, just passing decoded parts instead -- many of the
> signatures only work on the whole email.

What do you mean  with that?

>
> Good luck.
>
>
>
>    -- Noel Jones
>


-- 
Mit freundlichen Grüßen,
with kind regards,
Jim Knuth
---------
Wenn man in die falsche Richtung läuft, hat es
keinen Zweck, das Tempo zu erhöhen.
(Birgit Breuel)


More information about the amavis-users mailing list