Notes
for various mail filters
amavisd-new
Use key 'MAIL' in @keep_decoded_original_maps, e.g.:
@keep_decoded_original_maps
= (new_RE(
qr'^MAIL$', # retain full original message for virus
checking
qr'^MAIL-UNDECIPHERABLE$', # recheck full mail if it contains undecipherables
qr'^(ASCII(?! cpio)|text|uuencoded|xxencoded|binhex)'i,
));
You
may find that you already have a '^MAIL$' token in there, but
commented out by default. Uncomment it, restart amavisd-maia,
and the full, undecoded body of the email will be scanned in
addition to the attachments.
For
more information on the above, see
this thread
Mail Scanner
Make sure the entire message is being scanned (MailScanner.conf)
ClamAV Full Message Scan = yes
Also
make sure the clamd.conf line, contains the default line:
ScanMail yes
and you may also need the following patch (which will be included
in the next version of MailScanner:
---
/root/v4/NEWSTABLE/mailscanner/bin/MailScanner/SweepViruses.pm
2009-01-11 19:27:02.000000000 +0000
+++ SweepViruses.pm 2009-01-25 16:24:33.000000000 +0000
@@ -2724,6 +2724,8 @@
$file =~ s/^(.\/)?$BaseDir\/?//;
$file =~ s/^\.\///;
my ($id,$part) = split /\//, $file, 2;
+ # JKF 20090125 Full message check.
+ $part = "" if $id =~ s/\.(message|header)$//; # Only log the
whole message if no attachment has been logged
MailScanner::Log::InfoLog("%s", $logline) |
Qmail-Scanner
You need to make sure the "--redundant yes" option is enabled
- which makes Qmail-Scanner pass the entire message to AVs for scanning.
mimedefang-filter
Only the body is scanned by default, unless you call md_copy_orig_msg_to_work_dir()
just before the call to message_contains_virus().
|
