Sample Header Ad - 728x90

amavis: [virus_name_to_spam_score] is empty when using certain clam database

0 votes
1 answer
113 views
linux ubuntu email clamav amavis
I have a weird behavior regarding virus_name_to_spam_score. I’m using 2 custom Clamav DB. Here are the logs when using SaneSecurity where we can see that everything is working fine: Jun 12 10:57:53 prd-mail-1 amavis: (04428-01) run_av (ClamAV-clamd) result: /var/lib/amavis/tmp/amavis-20170612T105753-04428-qozS1fmk/parts/p004: Sanesecurity.TestSig_Type4_Hdr.2.UNOFFICIAL FOUND\n Jun 12 10:57:53 prd-mail-1 amavis: (04428-01) run_av (ClamAV-clamd): /var/lib/amavis/tmp/amavis-20170612T105753-04428-qozS1fmk/parts INFECTED: Sanesecurity.TestSig_Type4_Hdr.2.UNOFFICIAL Jun 12 10:57:53 prd-mail-1 amavis: (04428-01) lookup_re("Sanesecurity.TestSig_Type4_Hdr.2.UNOFFICIAL") matches key "(?^:^Sanesecurity\\.TestSig_)", result=undef Jun 12 10:57:53 prd-mail-1 amavis: (04428-01) lookup [virus_name_to_spam_score] => undef, "Sanesecurity.TestSig_Type4_Hdr.2.UNOFFICIAL" does not match Jun 12 10:57:53 prd-mail-1 amavis: (04428-01) virus_scan: (Sanesecurity.TestSig_Type4_Hdr.2.UNOFFICIAL), detected by 1 scanners: ClamAV-clamd Jun 12 10:57:53 prd-mail-1 amavis: (04428-01) lookup_re("Sanesecurity.TestSig_Type4_Hdr.2.UNOFFICIAL") matches key "(?^:.*)", result="1" Jun 12 10:57:53 prd-mail-1 amavis: (04428-01) lookup [viruses_that_fake_sender] => true, "Sanesecurity.TestSig_Type4_Hdr.2.UNOFFICIAL" matches, result="1", matching_key="(?^:.*)" Jun 12 10:57:53 prd-mail-1 amavis: (04428-01) Virus Sanesecurity.TestSig_Type4_Hdr.2.UNOFFICIAL matches (?^:.*), sender addr ignored Now when using SecurityInfo.com I can see that the first run the virus is detected but then the virus_name_to_spam_score is empty. What I’m trying to do is use @virus_name_to_spam_score_maps to set the emails coming from this list be marked as spam but since the check is empty unfed is returned and they are always marked as viruses. Here are the logs: Jun 12 09:25:32 prd-mail-1 amavis: (18890-02) prolong_timer run_av_3: timer 288, was 288, deadline in 479.8 s Jun 12 09:25:32 prd-mail-1 amavis: (18890-02) run_av (ClamAV-clamd) result: /var/lib/amavis/tmp/amavis-20170612T092354-18890-TNOnpS50/parts/p013: SecuriteInfo.com.Spam-4703.UNOFFICIAL FOUND\n/var/lib/amavis/tmp/amavis-20170612T092354-18890-TNOnpS50/parts/p009: SecuriteInfo.com.Spam-4703.UNOFFICIAL FOUND\n Jun 12 09:25:32 prd-mail-1 amavis: (18890-02) run_av (ClamAV-clamd): /var/lib/amavis/tmp/amavis-20170612T092354-18890-TNOnpS50/parts INFECTED: Jun 12 09:25:32 prd-mail-1 amavis: (18890-02) lookup_re(""), no matches Jun 12 09:25:32 prd-mail-1 amavis: (18890-02) lookup [virus_name_to_spam_score] => undef, "" does not match Jun 12 09:25:32 prd-mail-1 amavis: (18890-02) virus_scan: (), detected by 1 scanners: ClamAV-clamd Jun 12 09:25:32 prd-mail-1 amavis: (18890-02) lookup_re("") matches key "(?^:.*)", result="1" Jun 12 09:25:32 prd-mail-1 amavis: (18890-02) lookup [viruses_that_fake_sender] => true, "" matches, result="1", matching_key="(?^:.*)" Jun 12 09:25:32 prd-mail-1 amavis: (18890-02) Virus matches (?^:.*), sender addr ignored Jun 12 09:25:32 prd-mail-1 amavis: (18890-02) lookup_sql_field(virus_lover) rec=0, "email@domain.com" result: undef Any idea what might cause this ?
Asked by ca_maer (1 rep)
Jun 14, 2017, 03:54 PM
Last activity: Jun 20, 2017, 07:26 PM
Sidebar Ad - 300x250
Related Questions

Browse more questions from Unix & Linux Stack Exchange

More questions tagged "linux"
More questions tagged "ubuntu"
More questions tagged "email"
Footer Ad - 728x90