On Tue, 2009-03-17 at 14:08 +0000, Steve Basford wrote: > > Is there a test string I can use to see if the SafeBrowsing code is > > working properly? I've just set up 0.95RC2 with SafeBrowsing enabled. > > I've sent an EICAR and detected that, and scanned > > the /usr/share/doc/clamav-0.95/test/ directory to find ClamAV-Test-File, > > but I would like to see a SafeBrowsing hit.... > > Does this email work?... (the site in the url is down but still in the list) > > http://pastebin.com/m13232c54
Nope. It was killed as spam, but clamd didn't burble... Mar 17 09:33:36 foo amavis[5475]: (05475-17) SPAM, <d...@example.com> -> <dan.mcdon...@austinenergy.com>, Yes, score=6.319 tag=-99 tag2=4.5 kill=6.31 tests=[BOTNET_SOHO=-0.1, DATE_IN_PAST_06_12=1.854, HTML_MESSAGE=0.001, HTML_MIME_NO_HTML_TAG=1.052, L_P0F_UNKN=0.8, MIME_HTML_ONLY=1.672, RCVD_IN_DNSWL_MED=-4, RELAY_US=0.01, SPF_PASS=-0.001, TVD_SPACE_RATIO=2.899, URIBL_OB_SURBL=2.132], autolearn=disabled, quarantine bs0Q4dhJN1Kl (spam-quarantine) clamd appears to be working: Tue Mar 17 09:29:11 2009 -> /var/lib/amavis/tmp/amavis-20090317T042204-05469/parts/p002: Sanesecurity.Junk.11642.UNOFFICIAL FOUND I replaced the URL with one from the stopbadware.org topten that showed up on http://www.google.com/safebrowsing/diagnostic?site=http://.... That e-mail was passed through to my mailbox. I have the safebrowsing cld file: $ sudo ls -l /var/lib/clamav/ [...] -rw-r--r-- 1 clamav clamav 22798848 Mar 17 09:46 safebrowsing.cld and it is enabled properly in freshclam.conf: $ grep Safe /etc/freshclam.conf # This option enables support for Google Safe Browsing. When activated for SafeBrowsing yes I seem to have a reasonable number of signatures: Tue Mar 17 09:46:20 2009 -> Database correctly reloaded (1128241 signatures) Any suggestions? Platform is amavisd-new 2.6.1 on Mandriva Corporate Server 4.0. I should be passing the raw messages, based on: @keep_decoded_original_maps = (new_RE( qr'^MAIL$', # retain full original message for virus checking (can be slow) qr'^MAIL-UNDECIPHERABLE$', # recheck full mail if it contains undecipherables qr'^(ASCII(?! cpio)|text|uuencoded|xxencoded|binhex)'i, # qr'^Zip archive data', # don't trust Archive::Zip )); -- Daniel J McDonald, CCIE #2495, CISSP #78281, CNX Austin Energy http://www.austinenergy.com
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
