Amavis header and Spamassassin
Phil Daws via amavis-users
amavis-users at amavis.org
Thu Jan 16 11:29:36 CET 2014
Actually am not sure if this is a problem. On checking the log file for when ClamAV hit with a SaneSecurity signature I see:
Jan 16 10:03:40 mx amavis[5238]: (05238-04) Turning AV infection into a spam report: score=0, AV:Sanesecurity.Jurlbl.15421.UNOFFICIAL=0
Jan 16 10:03:42 mx amavis[5238]: (05238-04) do_notify_and_quarantine: spam level exceeds quarantine cutoff level 15
so believe it is more to do with a change in how AmaViS is logging. Previously, IIRC, if the cutoff level was exceeded it would still log the spam-tag result. It does not appear to do that anymore unless need to enable another setting ? Thanks.
----- Original Message -----
From: "Phil Daws via amavis-users" <amavis-users at amavis.org>
To: "Steve Scotter" <amavis-users at spectrumcs.net>
Cc: amavis-users at amavis.org
Sent: Wednesday, 15 January, 2014 11:19:52 PM
Subject: Re: Amavis header and Spamassassin
Hmm, my understanding was that if its it the map then its passed through via an invisible header of X-Amavis-AV-Status to SpamAssasssin for scoring. Thanks.
----- Original Message -----
From: "Steve Scotter via amavis-users" <amavis-users at amavis.org>
To: amavis-users at amavis.org
Sent: Wednesday, 15 January, 2014 10:14:11 PM
Subject: Re: Amavis header and Spamassassin
Hi,
I may be wrong but I think you need to remove or comment out the...
[ qr'Sanesecurity' => 0 ],
The end result should look like...
@virus_name_to_spam_score_maps =
(new_RE( [ qr'MSRBL' => 0 ],
[ qr'SecuriteInfo' => 0 ],
[ qr'MBL' => 0 ],
[ qr'winnow' => 0 ],
[ qr'INetMsg' => 0 ],
[ qr'Safebrowsing' => 0 ],
[ qr'ScamNailer' => 0 ],
[ qr'Email' => 0 ],
[ qr'HTML' => 0 ],
[ qr'JS.Redirect-2' => 0 ],
));
--
http://www.ijs.si/software/amavisd/release-notes.txt states...
- make it possible for a virus scanner to derate an infection report
to a spam report, contributing to spam score and to spam report/status.
A new configuration variable @virus_name_to_spam_score_maps
(also member of policy banks) can turn a reported virus name
into a spam score. Its default setting is:
Steve
-------- Original Message --------
Subject: Amavis header and Spamassassin (15-Jan-2014 17:25)
From: Phil Daws via amavis-users <amavis-users at amavis.org>
To: amavis-users at spectrumcs.net
Hello all,
have just noticed an issue where emails are not being scored correctly when ClamAV is being used in conjunction with Amavisd-new and Spamassassin. In my amavisd.conf I have set:
@keep_decoded_original_maps = (new_RE(
qr'^MAIL$', # let virus scanner see full original message
qr'^MAIL-UNDECIPHERABLE$', # same as ^MAIL$ if mail is undecipherable
qr'^(ASCII(?! cpio)|text|uuencoded|xxencoded|binhex)'i,
qr'^Zip archive data', # don't trust Archive::Zip
));
@virus_name_to_spam_score_maps =
(new_RE( [ qr'Sanesecurity' => 0 ],
[ qr'MSRBL' => 0 ],
[ qr'SecuriteInfo' => 0 ],
[ qr'MBL' => 0 ],
[ qr'winnow' => 0 ],
[ qr'INetMsg' => 0 ],
[ qr'Safebrowsing' => 0 ],
[ qr'ScamNailer' => 0 ],
[ qr'Email' => 0 ],
[ qr'HTML' => 0 ],
[ qr'JS.Redirect-2' => 0 ],
));
and within a local_site.cf under /etc/mail/spamassassin I have:
################################################################################
# SaneSecurity & MSRBL Signatures
################################################################################
header CLAM_SS X-Amavis-AV-Status =~ m{Sanesecurity}
header CLAM_MSRBL X-Amavis-AV-Status =~ m{MSRBL}
header CLAM_MBL X-Amavis-AV-Status =~ m{MBL}
header CLAM_SI X-Amavis-AV-Status =~ m{SecuriteInfo}
header CLAM_WN X-Amavis-AV-Status =~ m{winnow}
header CLAM_IM X-Amavis-AV-Status =~ m{INetMsg}
header CLAM_SB X-Amavis-AV-Status =~ m{Safebrowsing}
header CLAM_SN X-Amavis-AV-Status =~ m{ScamNailer}
header CLAM_CAV X-Amavis-AV-Status =~ m{Email|HTML|JS.Redirect}
header CLAM_DS X-Amavis-AV-Status =~ m{Doppelstern}
score CLAM_SS 2.5
score CLAM_MSRBL 1.5
score CLAM_MBL 1.5
score CLAM_SI 2.0
score CLAM_WN 2.0
score CLAM_IM 2.0
score CLAM_SB 2.5
score CLAM_SN 2.5
score CLAM_CAV 1.0
score CLAM_DS 1.0
but when I check my maillog mails which are hitting the Sanesecurity rules are not being converted to a score ?
Jan 15 15:42:20 mx amavis[19918]: (19918-07) run_av (ClamAV-clamd): /var/amavis/tmp/amavis-20140115T120108-19918-H3u_539H/parts INFECTED: Sanesecurity.Spam.11344.Dom.UNOFFICIAL
Jan 15 15:42:20 mx amavis[19918]: (19918-07) Turning AV infection into a spam report: score=0, AV:Sanesecurity.Spam.11344.Dom.UNOFFICIAL=0
The software revisions am running are:
amavisd-new-2.8.1-1.el6.x86_64
spamassassin-3.3.1-3.el6.x86_64
clamav-db-0.98-2.el6.x86_64
clamav-0.98-2.el6.x86_64
clamd-0.98-2.el6.x86_64
Any ideas please ? Thanks.
To: amavis-users at amavis.org
DISCLAIMER
This email is for the use of the intended recipient(s) only. If you have received this email in error, please notify the sender immediately and then delete it.
If you are not the intended recipient, you must not keep, use, disclose, copy or distribute this email without the author’s prior permission.
We have taken precautions to minimise the risk of transmitting software viruses, but we advise you to carry out your own virus checks on any attachment to this message.
We cannot accept liability for any loss or damage caused by software viruses.
The information contained in this communication may be confidential and may be subject to the attorney-client privilege.
If you are the intended recipient and you do not wish to receive similar electronic messages from us in future then please respond to the sender to this effect.
More information about the amavis-users
mailing list