Skip to main content

ClamAV whitelist e-mail address

Bdzzld
Hi, ClamAV sometimes blocks e-mails sent from my installed firewall (CSF/LFD) due to : hostmaster@mydomain.ext (generated from root@servername.mydomain.ext) host mydomain.ext [xx.xx.xx.xxx] SMTP error from remote mail server after end of data: 550-This message contains a virus or other harmful content 550 (YARA.eval_post.UNOFFICIAL)
I was wondering if it's possible to whitelist (or another sort of bypass) e-mail addresses (to or from) so such e-mails are not being scanned by ClamAV and are delivered normally. Thanks.

Comments

6 comments

Date Votes
  • cPanelLauren
    Hi @Bdzzld Whitelisting in the way you're referencing isn't possible - you'd need to disable the rule that is causing the issue. You can read about configuring ClamAV here: Configure ClamAV Scanner - Version 74 Documentation - cPanel Documentation If you have the full ClamAV product installed it may be possible to whitelist specific email addresses though I would suggest reading their documentation on this: ClamavNet Thanks!
    0
  • rpvw
    Not exactly the same, but it's another YARA issue, you might like to reference the following thread
    0
  • Bdzzld
    Well, I think it's fixed by going to: WHM >> Plugins >> Configure ClamAV >> User Configuration >> Configure Individual Scan Preferences
    and then deselecting "Scan Mail" for the hostmaster@mydomain.ext cPanel user. Will see if that works... Luckily we occasionally receive such an e-mail from the firewall.
    0
  • rpvw
    I think it's fixed

    I'm not sure it is exactly fixed ! You are just treating the symptom, and not the issue, by NOT scanning any mail for any account under that user. Whilst this should stop the mails that may well be false positives, it will have consequences of NOT protecting any of the mail boxes for that user from ANY malware payloads. Personally, I would put up with an occasional mail about a false positive, to ensure I didn't miss something that might prove to be entirely more destructive.
    0
  • Bdzzld
    @rpvw: I understand what you mean. However, e-mail is not only scanned by ClamAV before it's actually downloaded. We also use MailWasher Pro before and ESET Smart Security during download. So this may not be a suitable option for the majority, but it is for us now.
    0
  • cPanelLauren
    Hi @Bdzzld While I do agree with @rpvw's sentiments on this issue I am happy you were able to employ a solution that worked for you. Thank you for letting us know!
    0

Please sign in to leave a comment.

Didn't find what you were looking for?

New post