anyone gotten amavisd to work with virustotal somehow?

Olivier Olivier.Nicole at cs.ait.ac.th
Thu Aug 22 03:53:22 CEST 2019


jason at monsterjam.org writes:

> I think ive been using amavis and clamscan on my email server for MANY years now and I cant remember clamscan catching a 
> single bad attachment.

I just had a check, I am using only ClamAV and I catched 157 messages
during the last month. Either you are very lucky or your installation of
ClamAV has a problem (virus file not uptodate or something).

>I was looking to get amavis to work with  https://www.virustotal.com/gui/home/upload
> and I found 
> https://github.com/ercpe/amavisvt
> but the docs are horrible at best and I cant seem to get it to work.. The only other thing that Ive found 
> that looks promising is 
> https://github.com/prahladyeri/vtscan 
> which seems to work pretty well, but I dont know how to make it work with amavis since its not really a daemon. 
> Anyone have any thoughts on how to get this to work?

While that may work, that means every mail has to be sent through the
network for testing, that may be slow, and a third party has full access
to your email, that is a big privacy issue.

To call a scanner that is not running as a daemon, look at the section
in amavisd.conf that deal with @av_scanners_backup; there are several
example to call the command line version of various anti virus,
including a call to clamav-scan. The only tricky part being the end of
each definition that describes what is being returned by the anti virus
and how to notice that a virus has been detected. You will have to read
some documentation and do some testing for that part.

Best regards,

Olivier

-- 


More information about the amavis-users mailing list