Add information on how to whitelist ClamAV signatures
Dieser Commit ist enthalten in:
Ursprung
8a8c59274b
Commit
816158db7d
1 geänderte Dateien mit 16 neuen und 0 gelöschten Zeilen
|
@ -70,3 +70,19 @@ Simply add the line:
|
|||
Save the file and then restart the rspamd container.
|
||||
|
||||
See [Rspamd documentation](https://rspamd.com/doc/index.html)
|
||||
|
||||
## Whitelist specific ClamAV signatures
|
||||
|
||||
You may find that legitimate (clean) mail is being blocked by ClamAV (Rspamd will flag the mail with `VIRUS_FOUND`). For instance, interactive PDF form attachments are blocked by default because the embedded Javascript code may be used for nefarious purposes. Confirm by looking at the clamd logs, e.g.:
|
||||
|
||||
`docker-compose logs clamd-mailcow | grep FOUND`
|
||||
|
||||
This line confirms that such was identified:
|
||||
|
||||
`clamd-mailcow_1 | Sat Sep 28 07:43:24 2019 -> instream(local): PUA.Pdf.Trojan.EmbeddedJavaScript-1(e887d2ac324ce90750768b86b63d0749:363325) FOUND`
|
||||
|
||||
To whitelist this particular signature (and enable sending this type of file attached), add it to the ClamAV signature whitelist file:
|
||||
|
||||
`echo 'PUA.Pdf.Trojan.EmbeddedJavaScript-1' >> data/conf/clamav/whitelist.ign2`
|
||||
|
||||
Then restart the clamd-mailcow service.
|
||||
|
|
Laden …
In neuem Issue referenzieren