From 14254db80419a51765153b6167ebb94f9024a96c Mon Sep 17 00:00:00 2001 From: Dmitriy Alekseev <1865999+dragoangel@users.noreply.github.com> Date: Thu, 7 Apr 2022 19:53:14 +0300 Subject: [PATCH] Add ClamAV Documentation --- docs/manual-guides/Rspamd/u_e-rspamd.en.md | 34 ---------------------- 1 file changed, 34 deletions(-) diff --git a/docs/manual-guides/Rspamd/u_e-rspamd.en.md b/docs/manual-guides/Rspamd/u_e-rspamd.en.md index 5070eb884..db42333ca 100644 --- a/docs/manual-guides/Rspamd/u_e-rspamd.en.md +++ b/docs/manual-guides/Rspamd/u_e-rspamd.en.md @@ -149,40 +149,6 @@ GLOBAL_RCPT_BL { 3. Save the file and restart Rspamd: `docker-compose restart rspamd-mailcow`. -## Whitelist specific ClamAV signatures - -You may find that legitimate (clean) mail is being blocked by ClamAV (Rspamd will flag the mail with `VIRUS_FOUND`). For instance, interactive PDF form attachments are blocked by default because the embedded Javascript code may be used for nefarious purposes. Confirm by looking at the clamd logs, e.g.: - -```bash -docker-compose logs clamd-mailcow | grep "FOUND" -``` - -This line confirms that such was identified: - -```text -clamd-mailcow_1 | Sat Sep 28 07:43:24 2019 -> instream(local): PUA.Pdf.Trojan.EmbeddedJavaScript-1(e887d2ac324ce90750768b86b63d0749:363325) FOUND -``` - -To whitelist this particular signature (and enable sending this type of file attached), add it to the ClamAV signature whitelist file: - -```bash -echo 'PUA.Pdf.Trojan.EmbeddedJavaScript-1' >> data/conf/clamav/whitelist.ign2 -``` - -Then restart the clamd-mailcow service container in the mailcow UI or using docker-compose: - -```bash -docker-compose restart clamd-mailcow -``` - -Cleanup cached ClamAV results in Redis: - -``` -# docker-compose exec redis-mailcow /bin/sh -/data # redis-cli KEYS rs_cl* | xargs redis-cli DEL -/data # exit -``` - ## Discard instead of reject If you want to silently drop a message, create or edit the file `data/conf/rspamd/override.d/worker-proxy.custom.inc` and add the following content: