Amavis header and Spamassassin

Phil Daws via amavis-users amavis-users at amavis.org
Wed Jan 15 18:15:35 CET 2014 

Hello all,

have just noticed an issue where emails are not being scored correctly when ClamAV is being used in conjunction with Amavisd-new and Spamassassin.  In my amavisd.conf I have set:

@keep_decoded_original_maps = (new_RE(
  qr'^MAIL$',                # let virus scanner see full original message
  qr'^MAIL-UNDECIPHERABLE$', # same as ^MAIL$ if mail is undecipherable
  qr'^(ASCII(?! cpio)|text|uuencoded|xxencoded|binhex)'i,
  qr'^Zip archive data',     # don't trust Archive::Zip
));

@virus_name_to_spam_score_maps =
  (new_RE( [ qr'Sanesecurity'    => 0 ],
           [ qr'MSRBL'           => 0 ],
           [ qr'SecuriteInfo'    => 0 ],
           [ qr'MBL'             => 0 ],
           [ qr'winnow'          => 0 ],
           [ qr'INetMsg'         => 0 ],
           [ qr'Safebrowsing'    => 0 ],
           [ qr'ScamNailer'      => 0 ],
           [ qr'Email'           => 0 ],
           [ qr'HTML'            => 0 ],
           [ qr'JS.Redirect-2'   => 0 ],
  ));

and within a local_site.cf under /etc/mail/spamassassin I have:

################################################################################
# SaneSecurity & MSRBL Signatures
################################################################################
header CLAM_SS     X-Amavis-AV-Status =~ m{Sanesecurity}
header CLAM_MSRBL  X-Amavis-AV-Status =~ m{MSRBL}
header CLAM_MBL    X-Amavis-AV-Status =~ m{MBL}
header CLAM_SI     X-Amavis-AV-Status =~ m{SecuriteInfo}
header CLAM_WN     X-Amavis-AV-Status =~ m{winnow}
header CLAM_IM     X-Amavis-AV-Status =~ m{INetMsg}
header CLAM_SB     X-Amavis-AV-Status =~ m{Safebrowsing}
header CLAM_SN     X-Amavis-AV-Status =~ m{ScamNailer}
header CLAM_CAV    X-Amavis-AV-Status =~ m{Email|HTML|JS.Redirect}
header CLAM_DS     X-Amavis-AV-Status =~ m{Doppelstern}

score  CLAM_SS     2.5
score  CLAM_MSRBL  1.5
score  CLAM_MBL    1.5
score  CLAM_SI     2.0
score  CLAM_WN     2.0
score  CLAM_IM     2.0
score  CLAM_SB     2.5
score  CLAM_SN     2.5
score  CLAM_CAV    1.0
score  CLAM_DS     1.0

but when I check my maillog mails which are hitting the Sanesecurity rules are not being converted to a score ?

Jan 15 15:42:20 mx amavis[19918]: (19918-07) run_av (ClamAV-clamd): /var/amavis/tmp/amavis-20140115T120108-19918-H3u_539H/parts INFECTED: Sanesecurity.Spam.11344.Dom.UNOFFICIAL
Jan 15 15:42:20 mx amavis[19918]: (19918-07) Turning AV infection into a spam report: score=0, AV:Sanesecurity.Spam.11344.Dom.UNOFFICIAL=0

The software revisions am running are:

amavisd-new-2.8.1-1.el6.x86_64
spamassassin-3.3.1-3.el6.x86_64
clamav-db-0.98-2.el6.x86_64
clamav-0.98-2.el6.x86_64
clamd-0.98-2.el6.x86_64

Any ideas please ? Thanks.

More information about the amavis-users mailing list