---------- Original Message ----------------------------------
From: Noel Jones <njo...@megan.vbhcs.org>
Reply-To: ClamAV users ML <clamav-users@lists.clamav.net>
Date: Wed, 08 Aug 2012 09:13:20 -0500
>On 8/8/2012 9:02 AM, Len Conrad wrote:
>> ---------- Original Message ----------------------------------
>> From: Rick Macdougall <ri...@ummm-beer.com>
>> Reply-To: ClamAV users ML <clamav-users@lists.clamav.net>
>> Date: Wed, 08 Aug 2012 09:20:18 -0400
>>
>>> On 08/08/2012 9:17 AM, Len Conrad wrote:
>>>> postfix + clamsmtpd + clam
>>>>
>>>> Received a bad sig from MBL.
>>>>
>>>> stef the clamsmtpd guy says it was clam that quarantined, not his software.
>>>>
>>>> I installed amavisd to try to use amavisd-release, but it's not working.
>>>>
>>>> Is there any clam tool to release from quarantine?
>>>>
>>>
>>> Hi,
>>>
>>> Clamav does not do any quarantining. Maybe ask on the clamsmtpd mailing
>>> list.
>>
>> Stef of clamsmtpd said it would take custom software to release quarantine
>> msgs.
>>
>> amavis-release doesn't like it:
>>
>> #amavisd-release virus.dyFYrx
>>
>> Invalid quarantine ID: virus.dyFYrx
>>
>> amavisd-release version 1.51
>> Usage: $ amavisd-release mail_file [secret_id [alt_recip1 alt_recip2 ...]]
>> or to read request lines from stdin: $ amavisd-release -
>>
>> Len
>
>
>What software put the mail in quarantine? What's in the mail log?
Aug 7 08:13:22 mx1.hctc.net/mx1.hctc.net clamd[60202]:
/var/virus/clamsmtpd.qIdg8l: MBL_303159.UNOFFICIAL FOUND
Aug 7 08:13:22 mx1.hctc.net/mx1.hctc.net clamsmtpd: 3EA221:
from=bounce-tjmhmbzlppwckzzhcljkpcrdpjjmllrjbhsppztjsplchbptz...@email.carepackages.com,
to=x...@xxx.net, status=VIRUS:MBL_303159.UNOFFICIAL
which file the msg is quarantined as is not logged.
the quarantined msgs are stored to
/var/virus/
and the filenames are like:
-rwxrwxrwx 1 vscan vscan 12180 Aug 7 13:58 virus.Ywa18d
-rwxrwxrwx 1 vscan vscan 14021 Aug 7 13:58 virus.6kExcB
-rwxrwxrwx 1 vscan vscan 35554 Aug 7 13:58 virus.bhGcDz
-rwxrwxrwx 1 vscan vscan 18245 Aug 7 13:58 virus.6AGMaP
-rwxrwxrwx 1 vscan vscan 6759 Aug 7 13:58 virus.Ki5mSG
-rwxrwxrwx 1 vscan vscan 9688 Aug 7 13:58 virus.DTOlT1
-rwxrwxrwx 1 vscan vscan 10608 Aug 7 13:58 virus.NoTzGF
-rwxrwxrwx 1 vscan vscan 74853 Aug 7 13:58 virus.IaJbkv
-rwxrwxrwx 1 vscan vscan 2346 Aug 7 13:58 virus.33y2uG
-rwxrwxrwx 1 vscan vscan 10147 Aug 7 13:58 virus.ePW2g2
-rwxrwxrwx 1 vscan vscan 12675 Aug 7 13:58 virus.vXs0k3
-rwxrwxrwx 1 vscan vscan 57334 Aug 7 13:58 virus.bDZwAB
-rwxrwxrwx 1 vscan vscan 9262 Aug 7 13:58 virus.jJGgkI
-rwxrwxrwx 1 vscan vscan 17457 Aug 7 13:58 virus.ad8lZW
in trying to get amavisd-release to work, I changed permissions and
owner:group, brutally.
in amavisd-release, there is a file name filtering which rejects:
sub release_file($$$@) {
my($sock,$mail_file,$secret_id,@alt_recips) = @_;
my($fn_path,$fn_prefix,$mail_id,$fn_suffix,$part_tag); local($1,$2,$3,$4);
$part_tag = $1 if $mail_file =~ s/ \[ ( [^\]]* ) \] \z//xs;
if ($mail_file =~ m{^ ([^/].*/)? ([A-Z0-9][A-Z0-9._-]*[_-])?
([A-Z0-9][A-Z0-9_+-]{10,14}[A-Z0-9]) (\.gz)? \z}xsi) {
($fn_path,$fn_prefix,$mail_id,$fn_suffix) = ($1,$2,$3,$4);
} elsif ($mail_file =~ m{^ ([^/].*/)? () ([A-Za-z0-9$._=+-]+?) (\.gz)?\z}xs){
($fn_path,$fn_prefix,$mail_id,$fn_suffix) = ($1,$2,$3,$4); # old style
} else {
usage("Invalid quarantine ID: $mail_file");
}
eg:
amavisd-release virus.dyFYrx
Invalid quarantine ID: virus.dyFYrx
Len
Len
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
