From 816158db7dea0fc3b6653960c2dbc66b50c6320e Mon Sep 17 00:00:00 2001
From: Filip Hajny <filip@hajny.net>
Date: Sat, 28 Sep 2019 09:50:37 +0200
Subject: [PATCH 1/2] Add information on how to whitelist ClamAV signatures

---
 docs/u_e-rspamd.md | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/docs/u_e-rspamd.md b/docs/u_e-rspamd.md
index a565cf8b0..6493b38f8 100644
--- a/docs/u_e-rspamd.md
+++ b/docs/u_e-rspamd.md
@@ -70,3 +70,19 @@ Simply add the line:
 Save the file and then restart the rspamd container.
 
 See [Rspamd documentation](https://rspamd.com/doc/index.html)
+
+## Whitelist specific ClamAV signatures
+
+You may find that legitimate (clean) mail is being blocked by ClamAV (Rspamd will flag the mail with `VIRUS_FOUND`). For instance, interactive PDF form attachments are blocked by default because the embedded Javascript code may be used for nefarious purposes. Confirm by looking at the clamd logs, e.g.:
+
+`docker-compose logs clamd-mailcow | grep FOUND`
+
+This line confirms that such was identified:
+
+`clamd-mailcow_1      | Sat Sep 28 07:43:24 2019 -> instream(local): PUA.Pdf.Trojan.EmbeddedJavaScript-1(e887d2ac324ce90750768b86b63d0749:363325) FOUND`
+
+To whitelist this particular signature (and enable sending this type of file attached), add it to the ClamAV signature whitelist file:
+
+`echo 'PUA.Pdf.Trojan.EmbeddedJavaScript-1' >> data/conf/clamav/whitelist.ign2`
+
+Then restart the clamd-mailcow service.

From 5d7ae40fe7d5b1568761b680afa0c78f09e0d424 Mon Sep 17 00:00:00 2001
From: Filip Hajny <filip@hajny.net>
Date: Sat, 28 Sep 2019 16:10:09 +0200
Subject: [PATCH 2/2] Explain container restart command

---
 docs/u_e-rspamd.md | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/docs/u_e-rspamd.md b/docs/u_e-rspamd.md
index 6493b38f8..c60dd4553 100644
--- a/docs/u_e-rspamd.md
+++ b/docs/u_e-rspamd.md
@@ -85,4 +85,7 @@ To whitelist this particular signature (and enable sending this type of file att
 
 `echo 'PUA.Pdf.Trojan.EmbeddedJavaScript-1' >> data/conf/clamav/whitelist.ign2`
 
-Then restart the clamd-mailcow service.
+Then restart the clamd-mailcow service container in the mailcow UI, or using docker-compose:
+
+`docker-compose restart clamd-mailcow`
+