[pmg-devel] Spam scanning after virus is found
Davide Bozzelli
davide.bozzelli at gmail.com
Tue Apr 17 11:55:28 CEST 2018
No, it's just a simple test with one receiver.
I've read the code of Spam.pm (analyze_spam sub)
if (my $hit = $queue->{clamav_heuristic} ) {
my $score = $queue->{clamav_heuristic_score};
my $descr = "ClamAV heuristic test: $hit";
my $rule = 'ClamAVHeuristics';
$sa_score += $score;
$list .= $list ? ",$rule" : $rule;
push @$sa_scores, { score => $score, rule => $rule, desc => $descr
};
}
my ($csec, $usec) = gettimeofday ();
my $spamtest = $queue->{sa};
# only run SA in testmode or when clamav_heuristic did not confirm spam
(score < 5)
if ($msginfo->{testmode} || ($sa_score < 5)) {
Seems that the sa scan is not triggered ony if clamav heuristic is in place.
I've added something like just before the if :
if ( $queue->{vinfo_avast} ) {
my $score = 5 ;
my $descr = "Avast Virus: 1";
my $rule = 'AvastVirusFound';
$sa_score += $score;
$list .= $list ? ",$rule" : $rule;
push @$sa_scores, { score => $score, rule => $rule, desc => $descr
};
}
And in this way when avast found eicar the spam scan is not triggered and
the only rule found is AvastVirusFound.
On Tue, Apr 17, 2018 at 11:40 AM, Dietmar Maurer <dietmar at proxmox.com>
wrote:
> Maybe that mail has more than one receiver, and you only block one of them?
>
> > On April 17, 2018 at 11:30 AM Davide Bozzelli <davide.bozzelli at gmail.com
> >
> > wrote:
> >
> >
> > This is the email i've receive to admin when eicar.com triggers avast:
> >
> > Proxmox Notification:
> >
> > Sender: xxx
> > Receiver: xxx
> > Targets: x <buzzz at zartech.it>xxx
> >
> > Subject: Automatic greetings virus
> >
> >
> > Matching Rule: IN - Quarantine Viruses & Alert
> >
> > Rule: IN - Quarantine Viruses & Alert
> > Receiver: xxx
> > Action: Move to quarantine.
> > Action: notify xxx
> > Action: notify __RECEIVERS__
> >
> >
> > Virus Info: EICAR Test-NOT virus!!! (avast)
> >
> > Spam detection results: 4
> > ALL_TRUSTED -1 Passed through trusted hosts only via SMTP
> > BAYES_50 0.8 Bayes spam probability is 40 to 60%
> > DCC_CHECK 1.1 Detected as bulk mail by DCC (
> dcc-servers.net)
> > DIGEST_MULTIPLE 0.293 Message hits more than one network digest
> check
> > KAM_LAZY_DOMAIN_SECURITY 1 Sending domain does not have any
> > anti-forgery methods
> > MISSING_MID 0.497 Missing Message-Id: header
> > PYZOR_CHECK 1.392 Listed in Pyzor (http://pyzor.sf.net/)
> > TVD_SPACE_RATIO 0.001 -
> >
> >
> >
> > As you can see ALL the spam rules are triggered.
> >
> >
> > On Tue, Apr 17, 2018 at 11:24 AM, Dietmar Maurer <dietmar at proxmox.com>
> > wrote:
> >
> > >
> > > > I've notice that event if a virus is found a spam scanning is
> performed.
> > >
> > > Not really. If you block the virus, the SPAM analysis should not be
> called
> > > at
> > > all.
> > >
> > > _______________________________________________
> > > pmg-devel mailing list
> > > pmg-devel at pve.proxmox.com
> > > https://pve.proxmox.com/cgi-bin/mailman/listinfo/pmg-devel
> > >
> >
> >
> >
> > --
> > Got problems with Windows? - ReBooT
> > Got problems with Linux? - Be RooT
>
> _______________________________________________
> pmg-devel mailing list
> pmg-devel at pve.proxmox.com
> https://pve.proxmox.com/cgi-bin/mailman/listinfo/pmg-devel
>
--
Got problems with Windows? - ReBooT
Got problems with Linux? - Be RooT
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://pve.proxmox.com/pipermail/pmg-devel/attachments/20180417/283f9924/attachment-0001.html>
More information about the pmg-devel
mailing list