16
22.7 Legacy Series / Re: postfix rspamd clamav not working, test with eicar pattern
« on: December 08, 2022, 09:28:16 am »
pls. see attachment. In Lobby, clamd service is marked with green triangle.
root@gatersv:/usr/local/etc/rspamd # sockstat -n | grep clam
106 clamd 76606 4 tcp4 127.0.0.1:3310 *:*
106 clamd 76606 5 stream /var/run/clamav/clamd.sock
/usr/local/etc/rspamd/local.d/antivirus.conf:
clamav {
action = "reject";
scan_mime_parts = true;
# If `max_size` is set, messages > n bytes in size are not scanned
max_size = 20000000;
symbol = "CLAM_VIRUS";
type = "clamav";
#log_clean = true;
servers = "/var/run/clamav/clamd.sock";
whitelist = "/usr/local/etc/rspamd/local.d/antivirus.wl";
}
cat /var/log/clamav/clamd.log
...
Thu Dec 8 09:04:59 2022 -> +++ Started at Thu Dec 8 09:04:59 2022
Thu Dec 8 09:04:59 2022 -> Received 0 file descriptor(s) from systemd.
Thu Dec 8 09:04:59 2022 -> clamd daemon 1.0.0 (OS: FreeBSD, ARCH: amd64, CPU: amd64)
Thu Dec 8 09:04:59 2022 -> Log file size limited to 1048576 bytes.
Thu Dec 8 09:04:59 2022 -> Reading databases from /var/db/clamav
Thu Dec 8 09:04:59 2022 -> Not loading PUA signatures.
Thu Dec 8 09:04:59 2022 -> Bytecode: Security mode set to "TrustSigned".
Thu Dec 8 09:05:19 2022 -> Loaded 8650696 signatures.
Thu Dec 8 09:05:23 2022 -> TCP: Bound to [127.0.0.1]:3310
Thu Dec 8 09:05:23 2022 -> TCP: Setting connection queue length to 200
Thu Dec 8 09:05:23 2022 -> LOCAL: Unix socket file /var/run/clamav/clamd.sock
Thu Dec 8 09:05:23 2022 -> LOCAL: Setting connection queue length to 200
Thu Dec 8 09:05:23 2022 -> Limits: Global time limit set to 120000 milliseconds.
Thu Dec 8 09:05:23 2022 -> Limits: Global size limit set to 104857600 bytes.
Thu Dec 8 09:05:23 2022 -> Limits: File size limit set to 26214400 bytes.
Thu Dec 8 09:05:23 2022 -> Limits: Recursion level limit set to 16.
Thu Dec 8 09:05:23 2022 -> Limits: Files limit set to 10000.
Thu Dec 8 09:05:23 2022 -> Limits: MaxEmbeddedPE limit set to 41943040 bytes.
Thu Dec 8 09:05:23 2022 -> Limits: MaxHTMLNormalize limit set to 41943040 bytes.
Thu Dec 8 09:05:23 2022 -> Limits: MaxHTMLNoTags limit set to 8388608 bytes.
Thu Dec 8 09:05:23 2022 -> Limits: MaxScriptNormalize limit set to 20971520 bytes.
Thu Dec 8 09:05:23 2022 -> Limits: MaxZipTypeRcg limit set to 1048576 bytes.
Thu Dec 8 09:05:23 2022 -> Limits: MaxPartitions limit set to 50.
Thu Dec 8 09:05:23 2022 -> Limits: MaxIconsPE limit set to 100.
Thu Dec 8 09:05:23 2022 -> Limits: MaxRecHWP3 limit set to 16.
Thu Dec 8 09:05:23 2022 -> Limits: PCREMatchLimit limit set to 100000.
Thu Dec 8 09:05:23 2022 -> Limits: PCRERecMatchLimit limit set to 2000.
Thu Dec 8 09:05:23 2022 -> Limits: PCREMaxFileSize limit set to 104857600.
Thu Dec 8 09:05:23 2022 -> Archive support enabled.
Thu Dec 8 09:05:23 2022 -> AlertExceedsMax heuristic detection disabled.
Thu Dec 8 09:05:23 2022 -> Heuristic alerts enabled.
Thu Dec 8 09:05:23 2022 -> Portable Executable support enabled.
Thu Dec 8 09:05:23 2022 -> ELF support enabled.
Thu Dec 8 09:05:23 2022 -> Mail files support enabled.
Thu Dec 8 09:05:23 2022 -> OLE2 support enabled.
Thu Dec 8 09:05:23 2022 -> PDF support enabled.
Thu Dec 8 09:05:23 2022 -> SWF support enabled.
Thu Dec 8 09:05:23 2022 -> HTML support enabled.
Thu Dec 8 09:05:23 2022 -> XMLDOCS support enabled.
Thu Dec 8 09:05:23 2022 -> HWP3 support enabled.
Thu Dec 8 09:05:23 2022 -> Self checking every 600 seconds.
Thu Dec 8 09:05:23 2022 -> Set stacksize to 2162688
Thu Dec 8 09:15:23 2022 -> SelfCheck: Database status OK.
Thu Dec 8 09:25:23 2022 -> SelfCheck: Database status OK.
Thu Dec 8 09:35:23 2022 -> SelfCheck: Database status OK.
Thu Dec 8 09:45:23 2022 -> SelfCheck: Database status OK.
root@gatersv:/usr/local/etc/rspamd # sockstat -n | grep clam
106 clamd 76606 4 tcp4 127.0.0.1:3310 *:*
106 clamd 76606 5 stream /var/run/clamav/clamd.sock
/usr/local/etc/rspamd/local.d/antivirus.conf:
clamav {
action = "reject";
scan_mime_parts = true;
# If `max_size` is set, messages > n bytes in size are not scanned
max_size = 20000000;
symbol = "CLAM_VIRUS";
type = "clamav";
#log_clean = true;
servers = "/var/run/clamav/clamd.sock";
whitelist = "/usr/local/etc/rspamd/local.d/antivirus.wl";
}
cat /var/log/clamav/clamd.log
...
Thu Dec 8 09:04:59 2022 -> +++ Started at Thu Dec 8 09:04:59 2022
Thu Dec 8 09:04:59 2022 -> Received 0 file descriptor(s) from systemd.
Thu Dec 8 09:04:59 2022 -> clamd daemon 1.0.0 (OS: FreeBSD, ARCH: amd64, CPU: amd64)
Thu Dec 8 09:04:59 2022 -> Log file size limited to 1048576 bytes.
Thu Dec 8 09:04:59 2022 -> Reading databases from /var/db/clamav
Thu Dec 8 09:04:59 2022 -> Not loading PUA signatures.
Thu Dec 8 09:04:59 2022 -> Bytecode: Security mode set to "TrustSigned".
Thu Dec 8 09:05:19 2022 -> Loaded 8650696 signatures.
Thu Dec 8 09:05:23 2022 -> TCP: Bound to [127.0.0.1]:3310
Thu Dec 8 09:05:23 2022 -> TCP: Setting connection queue length to 200
Thu Dec 8 09:05:23 2022 -> LOCAL: Unix socket file /var/run/clamav/clamd.sock
Thu Dec 8 09:05:23 2022 -> LOCAL: Setting connection queue length to 200
Thu Dec 8 09:05:23 2022 -> Limits: Global time limit set to 120000 milliseconds.
Thu Dec 8 09:05:23 2022 -> Limits: Global size limit set to 104857600 bytes.
Thu Dec 8 09:05:23 2022 -> Limits: File size limit set to 26214400 bytes.
Thu Dec 8 09:05:23 2022 -> Limits: Recursion level limit set to 16.
Thu Dec 8 09:05:23 2022 -> Limits: Files limit set to 10000.
Thu Dec 8 09:05:23 2022 -> Limits: MaxEmbeddedPE limit set to 41943040 bytes.
Thu Dec 8 09:05:23 2022 -> Limits: MaxHTMLNormalize limit set to 41943040 bytes.
Thu Dec 8 09:05:23 2022 -> Limits: MaxHTMLNoTags limit set to 8388608 bytes.
Thu Dec 8 09:05:23 2022 -> Limits: MaxScriptNormalize limit set to 20971520 bytes.
Thu Dec 8 09:05:23 2022 -> Limits: MaxZipTypeRcg limit set to 1048576 bytes.
Thu Dec 8 09:05:23 2022 -> Limits: MaxPartitions limit set to 50.
Thu Dec 8 09:05:23 2022 -> Limits: MaxIconsPE limit set to 100.
Thu Dec 8 09:05:23 2022 -> Limits: MaxRecHWP3 limit set to 16.
Thu Dec 8 09:05:23 2022 -> Limits: PCREMatchLimit limit set to 100000.
Thu Dec 8 09:05:23 2022 -> Limits: PCRERecMatchLimit limit set to 2000.
Thu Dec 8 09:05:23 2022 -> Limits: PCREMaxFileSize limit set to 104857600.
Thu Dec 8 09:05:23 2022 -> Archive support enabled.
Thu Dec 8 09:05:23 2022 -> AlertExceedsMax heuristic detection disabled.
Thu Dec 8 09:05:23 2022 -> Heuristic alerts enabled.
Thu Dec 8 09:05:23 2022 -> Portable Executable support enabled.
Thu Dec 8 09:05:23 2022 -> ELF support enabled.
Thu Dec 8 09:05:23 2022 -> Mail files support enabled.
Thu Dec 8 09:05:23 2022 -> OLE2 support enabled.
Thu Dec 8 09:05:23 2022 -> PDF support enabled.
Thu Dec 8 09:05:23 2022 -> SWF support enabled.
Thu Dec 8 09:05:23 2022 -> HTML support enabled.
Thu Dec 8 09:05:23 2022 -> XMLDOCS support enabled.
Thu Dec 8 09:05:23 2022 -> HWP3 support enabled.
Thu Dec 8 09:05:23 2022 -> Self checking every 600 seconds.
Thu Dec 8 09:05:23 2022 -> Set stacksize to 2162688
Thu Dec 8 09:15:23 2022 -> SelfCheck: Database status OK.
Thu Dec 8 09:25:23 2022 -> SelfCheck: Database status OK.
Thu Dec 8 09:35:23 2022 -> SelfCheck: Database status OK.
Thu Dec 8 09:45:23 2022 -> SelfCheck: Database status OK.