Skip to main content

Disable spamd / clamav rule for outgoing spamcheck

MichaelLoungeIT
Hi there, I have the following problem. A client tries to send an html mail and it fails with this error message: SMTP Fehler: [550] This message contains a virus or other harmful content (example.com.Spam-3504.UNOFFICIAL) I tried to whitelist this entry: example.com in clamav to /var/lib/clamav/whitelist.ign2 didnt help. Then I tried to add to whitelist the domain in /etc/mail/spamassassin/local.cf -> also no success last try I created a /etc/skiprbldomains file with the domain added in there.. restartet all services.. still no success ;( I have no further ideas. How can I make sure, that my client can send out the html mail and surpasses somehow the outgoing check or atleast whitelists that special case.. but i cannot find out how.

Comments

4 comments

Date Votes
  • cPanelLauren
    Hi @MichaelLoungeIT If you're trying to whitelist the user (you can't do the domain) you'd do it in the clamd.conf located at /usr/local/cpanel/3rdparty/etc/clamd.conf. You'd change the option/s as follows: # With this option you can whitelist the root UID (0). Processes run under # root with be able to access all files without triggering scans or # permission denied events. # Note that if clamd cannot check the uid of the process that generated an # on-access scan event (e.g., because OnAccessPrevention was not enabled, and # the process already exited), clamd will perform a scan. Thus, setting # OnAccessExcludeRootUID is not *guaranteed* to prevent every access by the # root user from triggering a scan (unless OnAccessPrevention is enabled). # Default: no #OnAccessExcludeRootUID no
    # With this option you can whitelist specific UIDs. Processes with these UIDs # will be able to access all files without triggering scans or permission # denied events. # This option can be used multiple times (one per line). # Using a value of 0 on any line will disable this option entirely. # To whitelist the root UID (0) please enable the OnAccessExcludeRootUID # option. # Also note that if clamd cannot check the uid of the process that generated an # on-access scan event (e.g., because OnAccessPrevention was not enabled, and # the process already exited), clamd will perform a scan. Thus, setting # OnAccessExcludeUID is not *guaranteed* to prevent every access by the # specified uid from triggering a scan (unless OnAccessPrevention is enabled). # Default: disabled #OnAccessExcludeUID -1
    If you're trying to whitelist a signature that's the portioin you'd do in the whitelist.ign You'd want to run clamscan against the file: /usr/local/cpanel/3rdparty/bin/clamscan -i /users/file.ext
    Which should return the specific signature Then add the signature found to the whitelist you created Once it's added restart clamd: /scripts/restartsrv_clamd
    Then run /usr/local/cpanel/3rdparty/bin/clamscan -i /users/file.ext
    against the file again Thanks!
    0
  • MichaelLoungeIT
    the problem is.. It is an email, that somebody tries to send. So there is no File i can run against clam to get a correct signature. All i have, is that error message thrown by webmail when trying to send the email.
    0
  • Infopro
    Wouldn't it be easier to try and figure out what's in that email that's being flagged as "virus or other harmful content"? Even if you get it to send from your server, other servers are most likely going to block it as well.
    0
  • sneader
    For anyone that is using this thread as a guide for how to whitelist a false-positive ClamAV rule that is blocking incoming file attachment emails, the CORRECT directory to put your whitelist rule is in: /usr/local/cpanel/3rdparty/share/clamav/ The original post says /var/lib/clamav/, and many online references also mention this directory, but in the cPanel environment, it will not work to put the whitelist.ign2 file there. - Scott
    0

Please sign in to leave a comment.

Didn't find what you were looking for?

New post