Comments on Filtering PDF-/XLS-/Image-Spam With ClamAV (And ISPConfig) On Debian/Ubuntu
Filtering PDF-/XLS-/Image-Spam With ClamAV (And ISPConfig) On Debian/Ubuntu There is currently a lot of spam where the spam "information" is attached as .pdf or .xls files, sometime also hidden inside a .zip file. While these spam mails are not easy to catch with e.g. SpamAssassin or a Bayes filter, the ClamAV virus scanner can catch them easily when it is fed with the correct signatures as ClamAV is built to scan mail attachments.
4 Comment(s)
Comments
Hi and thanks for this howto.
I would just like to know how to test this new functionality with ISPConfig.
I sent the 'Phish Test' message I found on the author's web site:
<html>
<SaneSecurity>dr1aYlariaDiax!_!leBr_aWOEWIehi5s1oapro8yL#chlAC7iUtOezoUqluviUd</SaneSecurity>
</html>
and it failed to come into my Inbox, but I'd like to be able to see it in a log somewhere.
Any suggestions?
Thanks again,
G
Hi,
Another question... Would this procedure need to be modified if you adjust ISPConfig to use clamd instead of clamscan?
Thanks again,
G
I have an answer to my own comment...I have recently learned a lot about clamav...
I am running ISPConfig on a Centos 5 box. I wanted to use clamd for better performance.
I temporararily enabled the rpmforge repo and installed clamd with 'yum install clamd'. It sets up logging for you and and a lot of other stuff.
I edited the /usr/bin/sanesecurity_update.sh script at these lines:
clamscan="/usr/bin/clamdscan"
clam_sigs="/var/clamav"
clam_user="clamav"
Now I tail the correct logs:
This is great! Thanks again,tail /var/log/clamav/clamd.log
tail /var/log/clamav/freshclam.log
G
I'm not using ISPConfig on my server - here are some additional changes that are required to sanesecurity_update.sh on a Debian 3.1 box:
clamd="/usr/sbin/clamd" clamscan="/usr/bin/clamscan" curl="/usr/bin/curl"
The service program doesn't exist on Debian/Ubuntu, but can be ignored as FreshClam will handle this.
Sonia,
Multisite CVS Drupal Installation on Ubuntu