Loading ...
Sorry, an error occurred while loading the content.
 

Re: add-on Sanesecurity anti-spam signatures

Expand Messages
  • Noel Jones
    ... Does clamsmtpd not have any whitelisting mechanism? Seems a recipient whitelist would be a pretty basic feature, and the easiest fix for this problem. One
    Message 1 of 8 , Feb 6, 2013
      On 2/5/2013 10:22 PM, Doug Sampson wrote:
      > After implementing the add-on Sanesecurity anti-spam signatures in
      > response to a recent posting on the mailing list (thanks Noel!), I
      > am now faced with a small issue. One of my daily Postscreen summary
      > reports and a Postfix summary report are being flagged by the jurlbl
      > database and discarded.
      >
      >
      >
      > Question is- how can I exclude these two reports from the clamsmtpd
      > scanning? I’ve reviewed the man pages for clamsmtpd and clamav-clamd
      > and am unable to devise a method to skip these two reports. I also
      > looked at the Postfix main.cf and again am unable to figure out a
      > method for doing so.
      >
      >
      >
      > Has anyone implemented a way of doing so? If it would help matters,
      > I would be happy to have any email addressed to root be skipped as well.
      >
      >
      >
      > ~Doug
      >


      Does clamsmtpd not have any whitelisting mechanism? Seems a
      recipient whitelist would be a pretty basic feature, and the easiest
      fix for this problem.

      One option is to not filter "local" mail submitted with the
      sendmail(1) interface. This is a good option if the machine has no
      local users. This is what I do on most servers.
      # master.cf
      pickup ... pickup
      -o content_filter=

      Another option is to use the mini_sendmail or similar program to
      send your reports to an "unfiltered" port (such as the after-filter
      reinjection port) instead of through port 25. I do this on a couple
      machines to send reports around the filters.
      Instead of typical
      some_command | mail
      I use
      some_command | mini_sendmail -p 10025


      -- Noel Jones
    • Benny Pedersen
      ... maybe send a sample msg to sanesecurity and see if it can be redone sigs for this hits, well i will in comming days try to read on how to make the
      Message 2 of 8 , Feb 6, 2013
        Doug Sampson skrev den 2013-02-06 15:13:

        > Unfortunately I am not using clamav-milter, only clamsmtpd. This
        > doesn't exclude clamav-milter as a potential solution though.

        maybe send a sample msg to sanesecurity and see if it can be redone
        sigs for this hits, well i will in comming days try to read on how to
        make the whitelist sigs more closely, if it really can be used to
        disable virus scanning in a safe way then i would use it myself atleast,
        kind of how dspam does it in body

        if it turns out as succes i will post here a how to make such signature
      • Robert Schetterer
        ... sanesecurity signatures are added to the clamd signature base so using clamsmtpd should be ok, no need for milter, however you better only choose sources
        Message 3 of 8 , Feb 6, 2013
          Am 07.02.2013 02:11, schrieb Benny Pedersen:
          > Doug Sampson skrev den 2013-02-06 15:13:
          >
          >> Unfortunately I am not using clamav-milter, only clamsmtpd. This
          >> doesn't exclude clamav-milter as a potential solution though.

          sanesecurity signatures are added to the clamd signature base
          so using clamsmtpd should be ok, no need for milter, however
          you better only choose sources in the sanesecurity download script which
          are not known to produce to much false positives

          >
          > maybe send a sample msg to sanesecurity and see if it can be redone sigs
          > for this hits, well i will in comming days try to read on how to make
          > the whitelist sigs more closely, if it really can be used to disable
          > virus scanning in a safe way then i would use it myself atleast, kind of
          > how dspam does it in body
          >
          > if it turns out as succes i will post here a how to make such signature
          >



          Best Regards
          MfG Robert Schetterer

          --
          [*] sys4 AG

          http://sys4.de, +49 (89) 30 90 46 64
          Franziskanerstraße 15, 81669 München

          Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
          Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer
          Aufsichtsratsvorsitzender: Joerg Heidrich
        • Benny Pedersen
          ... only using phishtank sigs here to limit ram usage, not becurse sigs are bad, my mailserver have litle mem so i need to limit usage this way, but i am in
          Message 4 of 8 , Feb 7, 2013
            Robert Schetterer skrev den 2013-02-07 08:39:

            > sanesecurity signatures are added to the clamd signature base
            > so using clamsmtpd should be ok, no need for milter, however
            > you better only choose sources in the sanesecurity download script
            > which
            > are not known to produce to much false positives

            only using phishtank sigs here to limit ram usage, not becurse sigs are
            bad, my mailserver have litle mem so i need to limit usage this way, but
            i am in progress with a new server with more ram, also to get dovecot
            2.x stable, have mailboxes on dovecot 1.x with is stable, 2.x is like
            flying pigs atm :)
          • Len Conrad
            ... The huge weakness of clamsmtpd is that the developer says there is now way to release false positives. Len
            Message 5 of 8 , Feb 7, 2013
              >
              >Unfortunately I am not using clamav-milter, only clamsmtpd. This doesn't exclude clamav-milter as a potential solution though.

              The huge weakness of clamsmtpd is that the developer says there is now way to release false positives.

              Len
            Your message has been successfully submitted and would be delivered to recipients shortly.