[sanesecurity] postfix+amavisd-new+sanesecurity anomaly

From: Tom Kinghorn <thomas.kinghorn@xxxxxxxxx>
To: sanesecurity@xxxxxxxxxxxxx
Date: Fri, 22 Oct 2010 10:34:12 +0200

ood morning List.

I apologize profusely for posting this question here but I do not know where to turn for assistance.

I have inherited a cluster of postfix servers running amavisd-new.

The older 4 (using sles 10) run the singantures fine and the SaneSecuirty test signatures get detected (in clamd.log) and the mail gets discarded (as it should) in /var/log/mail.

On the newer servers (sles 11), the test signatures get detected (shows in clamd.log) but the messages get delivered.

The amavisd-new config file hse been chenaged as per http://www.sanesecurity.co.uk/sigtests.htm

amavisd-new

Use key 'MAIL' in @keep_decoded_original_maps, e.g.:

@keep_decoded_original_maps = (new_RE(
qr'^MAIL$', # retain full original message for virus checking
qr'^MAIL-UNDECIPHERABLE$', # recheck full mail if it contains undecipherables
qr'^(ASCII(?! cpio)|text|uuencoded|xxencoded|binhex)'i,
));

You may find that you already have a '^MAIL$' token in there, but commented out by default. Uncomment it, restart amavisd-maia, and the full, undecoded body of the email will be scanned in addition to the attachments.

Any idea's as to why the older servers work and the newer ones do not pick up the test signatures?

Thanks

Tom

Follow-Ups:
- [sanesecurity] Re: postfix+amavisd-new+sanesecurity anomaly
  - From: Gerard Seibert
- [sanesecurity] Re: postfix+amavisd-new+sanesecurity anomaly
  - From: Daniel McDonald

[sanesecurity] postfix+amavisd-new+sanesecurity anomaly

Other related posts: